BBYR Achieve
返回信息流
这是一条镜像帖。来源:北邮人论坛 / security / #18256同步于 2008/6/23
Security机器人发帖

[合集] [求助]trojan win32杀完还有,永远不死,咋办?

flyingkisser
2008/6/23镜像同步0 回复
☆─────────────────────────────────────☆ q27024641 (果丹皮) 于 (Sun Jun 15 16:54:58 2008) 提到: 那位强人帮忙看看,我电脑中招了 这是360安全卫士的查杀结果:trojan win32; 这是木马清道夫的: 《Windows木马清道夫》- 木马病毒列表导出于[2008-6-15|下午 01:48:51] C:\Documents and Settings\jzg\Local Settings\Temp\tmp28A.tmp C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8P23GHI7\root[2].gif C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8P23GHI7\root[1].gif C:\WINDOWS\AppPatch\AcSpecf.dll C:\WINDOWS\AppPatch\AcPlugin.dll C:\WINDOWS\system32\drivers\cdralw.sys C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\tmp28B.tmp C:\WINDOWS\system32\ghwxattb.exe C:\WINDOWS\system32\oswxdttb.dll C:\WINDOWS\system32\onjzalit.exe C:\WINDOWS\system32\axmsawin.exe C:\WINDOWS\system32\zxcsahlp.exe C:\WINDOWS\system32\siwdaapi.exe C:\WINDOWS\system32\yxcschlp.dll C:\WINDOWS\system32\pldhadwd.exe C:\WINDOWS\system32\lojxadwd.exe C:\WINDOWS\system32\pjjxedwd.dll C:\WINDOWS\system32\mpwddapi.dll C:\WINDOWS\system32\lkssaplo.exe C:\WINDOWS\system32\isdsasrv.exe C:\WINDOWS\system32\mndsgsrv.dll C:\WINDOWS\system32\spjhahlp.exe C:\WINDOWS\system32\simyaapi.exe C:\WINDOWS\system32\mndhfdwd.dll C:\WINDOWS\system32\lassaplo.dll C:\WINDOWS\system32\dfqnabib.exe C:\WINDOWS\system32\zsdjabmp.exe C:\WINDOWS\system32\tjfyabyt.exe C:\WINDOWS\system32\etshabty.exe C:\WINDOWS\system32\aitlasys.exe C:\WINDOWS\system32\zaztamsn.exe C:\WINDOWS\system32\sfsxachu.exe C:\WINDOWS\system32\stjxakin.exe C:\WINDOWS\system32\lpmxajkl.exe C:\WINDOWS\system32\zxfhajpg.exe C:\WINDOWS\system32\lpsgajba.exe C:\WINDOWS\system32\posqatyu.exe C:\WINDOWS\system32\ismhasrv.exe C:\WINDOWS\linkinfo.dll 下面的是瑞星的: 病毒名称 处理结果 查杀方式 路径 文件 病毒来源 Trojan.PSW.Win32.GameOL.GEN 重新启动计算机后删除文件手动查杀 C:\WINDOWS\system32 mnmhgsrv.dll 本机 Trojan.PSW.Win32.GameOL.nuj 删除成功 手动查杀 C:\WINDOWS\system32 zdesfx.dll 本机 Trojan.PSW.Win32.GameOL.GEN 重新启动计算机后删除文件手动查杀 C:\WINDOWS\system32 ypdjgbmp.dll 本机 Trojan.PSW.Win32.GameOL.nyo 删除成功 手动查杀 C:\WINDOWS\system32 ukrth.dll 本机 Trojan.PSW.Win32.GameOL.nyo 删除成功 手动查杀 C:\WINDOWS\system32 hjmh.dll 本机 Trojan.PSW.Win32.GameOL.nyo 删除成功 手动查杀 C:\WINDOWS\system32 jkjkll.dll 本机 Trojan.PSW.Win32.GameOL.nyo 删除成功 手动查杀 C:\WINDOWS\system32 ghjyer.dll 本机 Trojan.PSW.Win32.GameOL.GEN 重新启动计算机后删除文件手动查杀 C:\WINDOWS\system32 lijzclit.dll 本机 Trojan.Win32.Undef.hag 删除成功 手动查杀 C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\H56KQIJ2 update[1].gif 本机 Trojan.Win32.Undef.hag 删除成功 手动查杀 C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\H56KQIJ2 update[2].gif 本机 Trojan.Win32.Undef.hag 删除成功 手动查杀 C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\H56KQIJ2 update[3].gif 本机 Trojan.PSW.Win32.GameOL.nzf 删除成功 手动查杀 C:\Documents and Settings\jzg\Local Settings\Temp ~f278.tmp 本机 我无语了,杀完还有,屡杀不绝 [em9][em9]求达人出手相救 ☆─────────────────────────────────────☆ q27024641 (果丹皮) 于 (Sun Jun 15 17:25:22 2008) 提到: [CODE] 2008-06-15,17:19:32 System Repair Engineer 2.5.16.900 Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能 以下内容被选中: 所有的启动项目(包括注册表、启动文件夹、服务等) 浏览器加载项 正在运行的进程(包括进程模块信息) 文件关联 Winsock 提供者 Autorun.inf HOSTS 文件 进程特权扫描 启动项目 注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher] <Foxmail><"C:\Program Files\Foxmail\Foxmail.exe" -min> [(Verified)Tencent Technology(Shenzhen) Company Limited] <MsnMsgr><; "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background> [(Verified)Microsoft Corporation] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [(Verified)BEIJING RISING SCIENCE AND TECHNOLOGY CORPORATION LIMITED] <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [(Verified)Beijing Rising Science and Technology Corporation Limited] <Windows木马防火墙><E:\tools\ftc木马清道夫(破解)\ftc\Trojanwall.exe> [风云谷] <KernelFaultCheck><; %systemroot%\system32\dumprep 0 -k> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [(Verified)Microsoft Windows Publisher] <Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><hmsdvf.dll,asfjthj.dll,asefry.dll,sdvj.dll,asfhjy.dll,hjukrt.dll,dhdhvv.dll,fgjderg.dll,swegfuj.dll,mhgdfg.dll,sdvfrr.dll,vhsdfg.dll,dger.dll,hjdrg.dll,kergt.dll,gfcfg.dll,reger.dll,hrergh.dll,frntrn.dll,qrhhb.dll,drghszd.dll,fngn.dll,gnfctt.dll,xgnfn.dll,xfgnhcgfm.dll,serger.dll,bnxnb.dll,fxgnfx.dll,jzijj.dll,xfgnfx.dll,serghjm.dll,thsddh.dll,xbcvxb.dll,zfdzb.dll,xdndn.dll,xdfntt.dll,hgfhk.dll,dnteh.dll,xfng.dll,njritc.dll,chmfcmh.dll,jwlah.dll,gmnait.dll,hfjg.dll,thurh.dll,mgmgmm.dll,oqrthc.dll,sdrfh.dll,jyjlt.dll,ijatnaw.dll,sehhter.dll,fhjfg.dll,zdbdb.dll,ydgn.dll,dbfb.dll,fjnbv.dll,jrhhh.dll,setrhes.dll,cdxbfxdb.dll,xfgnxfn.dll,gjkhj.dll,xdhdg.dll,rhs.dll,mrjhtjd.dll,zdbfbd.dll,fjyjy.dll,fxnfnh.dll,bjrvm.dll,ektvm.dll,ghthhh.dll,yjrfe.dll,dscef.dll,crugd.dll,lariytrz.dll,hjaiq.dll,kduy.dll,hkfgh.dll,awef.dll,dfhsh.dll,ethsh.dll,stehs.dll,sthth.dll,wfhyt.dll,rgghjj.dll,ghjkdr.dll,hfther.dll,> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [(Verified)Beijing Rising Science and Technology Corporation Limited] <{1DB3C525-5271-46F7-887A-D4E1ADAA7632}><> [N/A] <{91954FAC-1023-154F-895A-1458258AD819}><C:\WINDOWS\system32\ypdjgbmp.dll> [N/A] <{3C954872-1230-6541-9548-6541025884C3}><C:\WINDOWS\system32\lijzclit.dll> [N/A] <{7C8D1401-A58D-A81C-CD24-A5915C4517C7}><C:\WINDOWS\system32\mnmhgsrv.dll> [N/A] <{4629FF4F-ACDB-5C90-A098-FACB3456A264}><> [N/A] <{528DF602-9541-A985-210A-984A698C6F25}><> [N/A] <{6A041F13-A111-12A3-B0CF-F99818AA68A6}><> [N/A] <{13FD5987-65D2-C58D-D87E-987451F12531}><> [N/A] <{18093456-9012-4568-9076-908765467181}><> [N/A] <{22596546-2036-9451-6058-658402589722}><> [N/A] <{25FD6584-698F-BCD2-602C-698745210352}><> [N/A] <{32023698-6984-8541-9654-698745012523}><> [N/A] <{37AC9076-C898-B098-D098-A18319080973}><> [N/A] <{50940F85-F015-14F1-A05F-F69858AC6D05}><> [N/A] <{5FD45A54-9875-698F-E56E-65102358FDF5}><> [N/A] <{5A069845-2036-6084-9054-6087502480A5}><> [N/A] <{83BA45AF-FAAA-CDDD-BEEE-BCDE1234AB38}><> [N/A] <{9490415F-65F8-B5C5-D8BA-9405FB120549}><> [N/A] <{2B69874A-C58C-458D-69F0-698F874E41B2}><> [N/A] <{35671234-7890-ABCD-CDEF-567801237653}><> [N/A] <{43512378-9874-5641-1025-985420368734}><> [N/A] <{54FAE856-AD58-20CB-A025-CD4895FA6E45}><> [N/A] <{45694105-5108-9405-3695-954187462154}><> [N/A] <{6C648541-1025-9650-9057-6541258720C6}><> [N/A] <{77FD640A-158F-48AC-FD14-1597F14A9777}><> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Windows Component Publisher] <JavaView><> [N/A] <ThunderAdvise><C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll> [Thunder Networking Technologies,LTD] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] <WinlogonNotify: WgaLogon><WgaLogon.dll> [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub> [(Verified)Beijing Rising Science and Technology Corporation Limited] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A] ================================== 启动文件夹 N/A ================================== 服务 [Human Interface Device Access / HidServ][Stopped/Disabled] <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A> [Rising Proxy Service / RfwProxySrv][Running/Auto Start] <c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.> [Rising Personal Firewall Service / RfwService][Running/Auto Start] <c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.> [Rising Process Communication Center / RsCCenter][Running/Auto Start] <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.> [Rising RealTime Monitor / RsRavMon][Stopped/Auto Start] <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.> [Windows Live Setup Service / WLSetupSvc][Stopped/Manual Start] <"C:\Program Files\Windows Live\installer\WLSetupSvc.exe"><Microsoft Corporation> ================================== 驱动程序 [Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start] <system32\drivers\ac97intc.sys><Intel Corporation> [Rising TDI Base Driver / BaseTDI][Running/Auto Start] <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.> [NVIDIA Compatible Windows Miniport Driver / cdralw][Stopped/Auto Start] <system32\DRIVERS\nvmini.sys><N/A> [eth8023 / eth8023][Stopped/Manual Start] <\SystemRoot\system32\drivers\eth8023.sys><N/A> [HookCont / HookCont][Running/System Start] <\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Technology Co., Ltd> [HookNtos / HookNtos][Running/System Start] <\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Technology Co., Ltd> [HookReg / HookReg][Running/System Start] <\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Technology Co., Ltd> [HookSys / HookSys][Running/System Start] <\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Technology Co., Ltd> [HookUrl / HookUrl][Running/Auto Start] <\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.> [IR Enumerator Service / IRENUM][Stopped/Manual Start] <system32\DRIVERS\irenum.sys><N/A> [npkcrypt / npkcrypt][Running/Auto Start] <\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.> [Direct Parallel Link Driver / Ptilink][Running/Manual Start] <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.> [Rising Rfwbase Driver / RfwBase][Running/Auto Start] <System32\DRIVERS\rfwbase.SYS><Beijing Rising Technology Co., Ltd.> [RsFwDrv / RsFwDrv][Running/System Start] <\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.> [RsNTGDI / RsNTGDI][Running/Boot Start] <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.> [Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start] <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation> [Secdrv / Secdrv][Stopped/Manual Start] <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.> [SiS300i / SiS300i][Running/Manual Start] <system32\DRIVERS\sis300ip.sys><Silicon Integrated Systems Corporation> [Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start] <system32\DRIVERS\SONYPVU1.SYS><Sony Corporation> [sptd / sptd][Running/Boot Start] <\SystemRoot\System32\Drivers\sptd.sys><N/A> ================================== 浏览器加载项 [SnagIt Toolbar Loader] {00C6482D-C502-44C8-8409-FCE54AD9C208} <C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll, TechSmith Corporation> [Flashget Catch Url Class] {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <C:\Program Files\FlashGet\jccatch.dll, www.flashget.com> [IEHandle Class] {31EBA2E2-58B2-4980-9C41-F12F5F1422C5} <C:\Program Files\Common Files\Collegesoft\Share Components\TPHANDLE.dll, 江苏科建教育软件有限责任公司> [] {3C954872-1230-6541-9548-6541025884C3} <C:\WINDOWS\system32\lijzclit.dll, N/A> [] {7C8D1401-A58D-A81C-CD24-A5915C4517C7} <C:\WINDOWS\system32\mnmhgsrv.dll, N/A> [Windows Live 登录帮助程序] {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation> [] {91954FAC-1023-154F-895A-1458258AD819} <C:\WINDOWS\system32\ypdjgbmp.dll, N/A> [ThunderHlpObj Class] {97421D0D-E07F-40DF-8F07-99597B9585AD} <C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll, Thunder Networking Technologies,LTD> [Windows Live Toolbar Helper] {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation> [FlashGet GetFlash Class] {F156768E-81EF-470C-9057-481BA8380DBA} <C:\Program Files\FlashGet\getflash.dll, www.flashget.com> [浩方对战平台] {0A155D3C-68E2-4215-A47A-E800A446447A} <C:\Program Files\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司> [打开记事本] {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <%windir%\system32\Notepad.exe, N/A> [快车] {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\Program Files\FlashGet\FlashGet.exe, FlashGet.com> [快车(FlashGet)] {E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\Program Files\FlashGet\fgiebar.dll, Amaze Soft> [SnagIt] {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} <C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll, TechSmith Corporation> [Windows Live Toolbar] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation> [MMCPlayer Class] {05C1004E-2596-48E5-8E26-39362985EEB9} <C:\WINDOWS\Downloaded Program Files\MMCShell.dll, Sohu.com Inc.> [Edit Class] {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\system32\CMBEdit.dll, > [iTrusPTA Class] {1E0DFFCF-27FF-4574-849B-55007349FEDA} <C:\WINDOWS\system32\aliedit\pta.dll, > [PhotoDraw Class] {2375BEE5-F175-4F1C-81EC-8E4E2E72E2DD} <C:\WINDOWS\system32\QQPhotoDraw.dll, TENCENT> [InputPassWd Class] {3A4C8311-C151-4462-BDE9-F777ABEE0063} <C:\WINDOWS\Downloaded Program Files\WebDll.dll, > [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.> [PasswordEditCtrl Class] {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技(深圳)有限公司> [SnagIt Toolbar Loader] {00C6482D-C502-44C8-8409-FCE54AD9C208} <C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll, TechSmith Corporation> [Flashget Catch Url Class] {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <C:\Program Files\FlashGet\jccatch.dll, www.flashget.com> [IEHandle Class] {31EBA2E2-58B2-4980-9C41-F12F5F1422C5} <C:\Program Files\Common Files\Collegesoft\Share Components\TPHANDLE.dll, 江苏科建教育软件有限责任公司> [] {3C954872-1230-6541-9548-6541025884C3} <C:\WINDOWS\system32\lijzclit.dll, N/A> [] {7C8D1401-A58D-A81C-CD24-A5915C4517C7} <C:\WINDOWS\system32\mnmhgsrv.dll, N/A> [Windows Live 登录帮助程序] {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation> [] {91954FAC-1023-154F-895A-1458258AD819} <C:\WINDOWS\system32\ypdjgbmp.dll, N/A> [ThunderHlpObj Class] {97421D0D-E07F-40DF-8F07-99597B9585AD} <C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll, Thunder Networking Technologies,LTD> [Windows Live Toolbar] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation> [Windows Live Toolbar Helper] {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.> [FlashGet GetFlash Class] {F156768E-81EF-470C-9057-481BA8380DBA} <C:\Program Files\FlashGet\getflash.dll, www.flashget.com> [&Windows Live Search] <res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm, N/A> [&使用快车(FlashGet)下载] <C:\Program Files\FlashGet\jc_link.htm, N/A> [&使用快车(FlashGet)下载全部链接] <C:\Program Files\FlashGet\jc_all.htm, N/A> [Add to Windows &Live Favorites] <http://favorites.live.com/quickadd.aspx, N/A> [在Foxmail中添加该RSS频道/频道组] <res://C:\WINDOWS\system32\fmrsslink.dll/201, N/A> [添加到QQ表情] <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A> [用比特精灵下载(&B)] <C:\Program Files\BitSpirit\bsurl.htm, N/A> ================================== 正在运行的进程 [PID: 452 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 520 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [PID: 544 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\hmsdvf.dll] [N/A, ] [C:\WINDOWS\system32\asfjthj.dll] [N/A, ] [C:\WINDOWS\system32\WgaLogon.dll] [Microsoft Corporation, 1.7.0018.7] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 596 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [PID: 608 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [PID: 756 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [PID: 820 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [PID: 880 / SYSTEM][C:\Program Files\Rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.28] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [PID: 900 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)] [PID: 1000 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [PID: 1088 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [PID: 1140 / SYSTEM][C:\PROGRAM FILES\RISING\RAV\ravmond.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.76] [C:\PROGRAM FILES\RISING\RAV\BWList.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.4] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.0] [C:\PROGRAM FILES\RISING\RAV\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.16] [C:\PROGRAM FILES\RISING\RAV\RsLog.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.34] [C:\PROGRAM FILES\RISING\RAV\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\PROGRAM FILES\RISING\RAV\MonRule.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.29] [C:\PROGRAM FILES\RISING\RAV\Hooksys.dll] [Beijing Rising Technology Co., Ltd, 22, 0, 0, 9] [C:\PROGRAM FILES\RISING\RAV\HookReg.dll] [Beijing Rising Technology Co., Ltd, 22, 0, 0, 4] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [C:\PROGRAM FILES\RISING\RAV\HookNtos.dll] [Beijing Rising Technology Co., Ltd, 22, 0, 0, 2] [C:\PROGRAM FILES\RISING\RAV\rswalmon.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 22] [C:\PROGRAM FILES\RISING\RAV\recomp.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 39] [C:\PROGRAM FILES\RISING\RAV\refs.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 17] [C:\PROGRAM FILES\RISING\RAV\ffr.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 15] [C:\Program Files\Rising\Rav\RsStore.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.8] [C:\PROGRAM FILES\RISING\RAV\HookCont.dll] [Beijing Rising Technology Co., Ltd, 22, 0, 0, 1] [C:\PROGRAM FILES\RISING\RAV\extfile.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 29] [C:\Program Files\Rising\Rav\fakescan.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.13] [C:\PROGRAM FILES\RISING\RAV\pearc.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 5] [C:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.36] [C:\PROGRAM FILES\RISING\RAV\viruslib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26] [C:\PROGRAM FILES\RISING\RAV\relibldr.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [C:\PROGRAM FILES\RISING\RAV\HookWeb.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.2] [C:\PROGRAM FILES\RISING\RAV\nvfile.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 6] [C:\PROGRAM FILES\RISING\RAV\scanexec.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\PROGRAM FILES\RISING\RAV\unexe.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 5] [C:\PROGRAM FILES\RISING\RAV\scanex.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 77] [C:\PROGRAM FILES\RISING\RAV\scanpack.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9] [C:\PROGRAM FILES\RISING\RAV\revm.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 8] [C:\PROGRAM FILES\RISING\RAV\urutils.dll] [, 20, 0, 0, 6] [C:\PROGRAM FILES\RISING\RAV\ur000.dat] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 18] [C:\PROGRAM FILES\RISING\RAV\scriptci.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3] [C:\PROGRAM FILES\RISING\RAV\uroutine.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26] [C:\PROGRAM FILES\RISING\RAV\ur023.dat] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 1] [C:\PROGRAM FILES\RISING\RAV\extmail.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9] [C:\PROGRAM FILES\RISING\RAV\ur001.dat] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3] [C:\PROGRAM FILES\RISING\RAV\scansct.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9] [PID: 1132 / SYSTEM][c:\program files\rising\rfw\rfwsrv.exe] [Beijing Rising Technology Co., Ltd., 7.0.0.68] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\hmsdvf.dll] [N/A, ] [C:\WINDOWS\system32\asfjthj.dll] [N/A, ] [C:\Program Files\Rising\Rfw\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [c:\program files\rising\rfw\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [c:\program files\rising\rfw\RSAPPMGR.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.0] [c:\program files\rising\rfw\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.16] [c:\program files\rising\rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.13] [c:\program files\rising\rfw\rfwlog.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.12] [c:\program files\rising\rfw\Rfwdrv.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.41] [c:\program files\rising\rfw\psapi.dll] [Microsoft Corporation, 4.00] [c:\program files\rising\rfw\ijt_ctrl.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.0] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [c:\program files\rising\rfw\unvdet.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.5] [c:\program files\rising\rfw\mPorts.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.3] [PID: 1276 / SYSTEM][c:\program files\rising\rfw\rfwproxy.exe] [Beijing Rising Technology Co., Ltd., 7.0.0.33] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\hmsdvf.dll] [N/A, ] [C:\WINDOWS\system32\asfjthj.dll] [N/A, ] [c:\program files\rising\rfw\psapi.dll] [Microsoft Corporation, 4.00] [C:\Program Files\Rising\Rfw\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [c:\program files\rising\rfw\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [c:\program files\rising\rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.13] [c:\program files\rising\rfw\urlrule.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 9] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [c:\program files\rising\rfw\MonMid.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4] [PID: 1520 / SYSTEM][c:\program files\rising\rfw\rfwstub.exe] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\hmsdvf.dll] [N/A, ] [C:\WINDOWS\system32\asfjthj.dll] [N/A, ] [c:\program files\rising\rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [PID: 1692 / jzg][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)] [C:\WINDOWS\system32\hmsdvf.dll] [N/A, ] [C:\WINDOWS\system32\asfjthj.dll] [N/A, ] [C:\WINDOWS\system32\WPDShServiceObj.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 74] [C:\WINDOWS\system32\PortableDeviceTypes.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\Program Files\WinRAR\rarext.dll] [N/A, ] [C:\Program Files\TechSmith\SnagIt 8\SnagItShellExt.dll] [TechSmith Corporation, 8.2.3.14] [C:\Program Files\TechSmith\SnagIt 8\MFC80.DLL] [Microsoft Corporation, 8.00.50727.42] [C:\Program Files\TechSmith\SnagIt 8\MFC80CHS.DLL] [Microsoft Corporation, 8.00.50727.42] [C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.17] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [E:\tools\FTC木~1\ftc\Commenu.dll] [Fygsoft and Microsoft, 2.0.0.0] [C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll] [Microsoft Corporation, 8.5.1302.1018] [C:\WINDOWS\system32\wpdshext.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\Audiodev.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\l3codeca.acm] [Fraunhofer Institut Integrierte Schaltungen IIS, 1, 9, 0, 0305] [PID: 1808 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)] [C:\WINDOWS\system32\hmsdvf.dll] [N/A, ] [C:\WINDOWS\system32\asfjthj.dll] [N/A, ] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [E:\tools\ftc木马清道夫(破解)\ftc\ProcessHook.dll] [Fygsoft and Microsoft, 1.0.0.33] [E:\tools\ftc木马清道夫(破解)\ftc\PassProtect.dll] [Fygsoft and Microsoft, 2.0.0.92] [E:\tools\ftc木马清道夫(破解)\ftc\Filehook.dll] [Fygsoft and Microsoft, 2.0.0.0] [E:\tools\ftc木马清道夫(破解)\ftc\SocketMon.dll] [Fygsoft and Microsoft, 1.1.0.0] [PID: 1992 / SYSTEM][C:\PROGRAM FILES\RISING\RAV\RavStub.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.9] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [C:\PROGRAM FILES\RISING\RAV\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [PID: 2020 / jzg][c:\program files\rising\rfw\RfwMain.exe] [Beijing Rising Technology Co., Ltd., 7.0.1.65] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [c:\program files\rising\rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 88] [C:\Program Files\Rising\Rfw\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [c:\program files\rising\rfw\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [c:\program files\rising\rfw\RSAPPMGR.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.0] [c:\program files\rising\rfw\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.16] [c:\program files\rising\rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [c:\program files\rising\rfw\RfwCtrl.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.7] [c:\program files\rising\rfw\RsXML.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0] [c:\program files\rising\rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [c:\program files\rising\rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.13] [PID: 1480 / jzg][C:\Program Files\Rising\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.23] [C:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 20.0.0.0] [C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.16] [PID: 1500 / jzg][C:\Program Files\Rising\Rav\Ravmon.exe] [Beijing Rising Technology Co., Ltd., 20.0.01.19] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [C:\Program Files\Rising\Rav\recomp.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 39] [C:\Program Files\Rising\Rav\refs.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 17] [C:\Program Files\Rising\Rav\viruslib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26] [C:\Program Files\Rising\Rav\relibldr.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [C:\Program Files\Rising\Rav\RSAPPMGR.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.0] [C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.16] [C:\Program Files\Rising\Rav\MonRule.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.29] [C:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4] [C:\Program Files\Rising\Rav\Rsguilib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 88] [C:\Program Files\Rising\Rav\RsXML.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0] [PID: 2360 / jzg][E:\tools\ftc木马清道夫(破解)\ftc\Trojanwall.exe] [风云谷, 4.7.0.1405] [C:\WINDOWS\system32\hmsdvf.dll] [N/A, ] [C:\WINDOWS\system32\asfjthj.dll] [N/A, ] [E:\tools\ftc木马清道夫(破解)\ftc\ftcapi.dll] [fygsoft, 1.0.0.0] [E:\tools\ftc木马清道夫(破解)\ftc\ProcessHook.dll] [Fygsoft and Microsoft, 1.0.0.33] [E:\tools\ftc木马清道夫(破解)\ftc\PassProtect.dll] [Fygsoft and Microsoft, 2.0.0.92] [E:\tools\ftc木马清道夫(破解)\ftc\Filehook.dll] [Fygsoft and Microsoft, 2.0.0.0] [E:\tools\ftc木马清道夫(破解)\ftc\SocketMon.dll] [Fygsoft and Microsoft, 1.1.0.0] [E:\tools\ftc木马清道夫(破解)\ftc\PSAPI.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 2368 / jzg][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\hmsdvf.dll] [N/A, ] [C:\WINDOWS\system32\asfjthj.dll] [N/A, ] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [E:\tools\ftc木马清道夫(破解)\ftc\ProcessHook.dll] [Fygsoft and Microsoft, 1.0.0.33] [E:\tools\ftc木马清道夫(破解)\ftc\PassProtect.dll] [Fygsoft and Microsoft, 2.0.0.92] [E:\tools\ftc木马清道夫(破解)\ftc\Filehook.dll] [Fygsoft and Microsoft, 2.0.0.0] [E:\tools\ftc木马清道夫(破解)\ftc\SocketMon.dll] [Fygsoft and Microsoft, 1.1.0.0] [PID: 2772 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\System32\hmsdvf.dll] [N/A, ] [C:\WINDOWS\System32\asfjthj.dll] [N/A, ] [E:\tools\ftc木马清道夫(破解)\ftc\ProcessHook.dll] [Fygsoft and Microsoft, 1.0.0.33] [E:\tools\ftc木马清道夫(破解)\ftc\PassProtect.dll] [Fygsoft and Microsoft, 2.0.0.92] [E:\tools\ftc木马清道夫(破解)\ftc\Filehook.dll] [Fygsoft and Microsoft, 2.0.0.0] [E:\tools\ftc木马清道夫(破解)\ftc\SocketMon.dll] [Fygsoft and Microsoft, 1.1.0.0] [PID: 3172 / jzg][C:\Program Files\Foxmail\Foxmail.exe] [Tencent Inc., 6, 10, 201, 20] [C:\WINDOWS\system32\hmsdvf.dll] [N/A, ] [C:\WINDOWS\system32\asfjthj.dll] [N/A, ] [E:\tools\ftc木马清道夫(破解)\ftc\ProcessHook.dll] [Fygsoft and Microsoft, 1.0.0.33] [E:\tools\ftc木马清道夫(破解)\ftc\PassProtect.dll] [Fygsoft and Microsoft, 2.0.0.92] [C:\WINDOWS\system32\MAPI32.DLL] [Microsoft Corporation, 1.0.2536.0 (XPClient.010817-1148)] [C:\Program Files\Foxmail\FoxAntiSpam.dll] [N/A, ] [C:\Program Files\Foxmail\pcre.dll] [N/A, ] [C:\Program Files\Foxmail\3rdParty\punylib.dll] [CNNIC, 1, 0, 0, 3] [E:\tools\ftc木马清道夫(破解)\ftc\Filehook.dll] [Fygsoft and Microsoft, 2.0.0.0] [E:\tools\ftc木马清道夫(破解)\ftc\SocketMon.dll] [Fygsoft and Microsoft, 1.1.0.0] [PID: 3964 / jzg][C:\WINDOWS\system32\taskmgr.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\hmsdvf.dll] [N/A, ] [C:\WINDOWS\system32\asfjthj.dll] [N/A, ] [PID: 1128 / jzg][E:\tools\sreng2\sreng2\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900] [C:\WINDOWS\system32\hmsdvf.dll] [N/A, ] [C:\WINDOWS\system32\asfjthj.dll] [N/A, ] [E:\tools\ftc木马清道夫(破解)\ftc\ProcessHook.dll] [Fygsoft and Microsoft, 1.0.0.33] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [E:\tools\ftc木马清道夫(破解)\ftc\PassProtect.dll] [Fygsoft and Microsoft, 2.0.0.92] [E:\tools\ftc木马清道夫(破解)\ftc\Filehook.dll] [Fygsoft and Microsoft, 2.0.0.0] [E:\tools\ftc木马清道夫(破解)\ftc\SocketMon.dll] [Fygsoft and Microsoft, 1.1.0.0] [E:\tools\sreng2\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15] ================================== 文件关联 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM Error. ["hh.exe" %1] .HLP Error. [winhlp32.exe %1] .INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 N/A ================================== Autorun.inf N/A ================================== HOSTS 文件 N/A ================================== 进程特权扫描 特殊特权被允许: SeSystemtimePrivilege [PID = 2360, E:\TOOLS\FTC木马清道夫(破解)\FTC\TROJANWALL.EXE] 特殊特权被允许: SeDebugPrivilege [PID = 2360, E:\TOOLS\FTC木马清道夫(破解)\FTC\TROJANWALL.EXE] 特殊特权被允许: SeLoadDriverPrivilege [PID = 2360, E:\TOOLS\FTC木马清道夫(破解)\FTC\TROJANWALL.EXE] ================================== API HOOK CreateProcessA (危险等级: 一般, 被下面模块所HOOK: ) CreateProcessW (危险等级: 一般, 被下面模块所HOOK: ) 入口点错误:FreeLibrary (危险等级: 高, 被下面模块所HOOK: 0x5F00002D) ================================== 隐藏进程 N/A ================================== [/CODE] 这是用sreng2扫描完的报告,供楼主以及诸达人鉴 ☆─────────────────────────────────────☆ rebirthatsix (茫犭者-算法盲) 于 (Sun Jun 15 19:47:18 2008) 提到: 1: 这里是启动项,必须清除,不过估计你改了之后又会写回去[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><hmsdvf.dll,asfjthj.dll,asefry.dll,sdvj.dll,asfhjy.dll,hjukrt.dll,dhdhvv.dll,fgjderg.dll,swegfuj.dll,mhgdfg.dll,sdvfrr.dll,vhsdfg.dll,dger.dll,hjdrg.dll,kergt.dll,gfcfg.dll,reger.dll,hrergh.dll,frntrn.dll,qrhhb.dll,drghszd.dll,fngn.dll,gnfctt.dll,xgnfn.dll,xfgnhcgfm.dll,serger.dll,bnxnb.dll,fxgnfx.dll,jzijj.dll,xfgnfx.dll,serghjm.dll,thsddh.dll,xbcvxb.dll,zfdzb.dll,xdndn.dll,xdfntt.dll,hgfhk.dll,dnteh.dll,xfng.dll,njritc.dll,chmfcmh.dll,jwlah.dll,gmnait.dll,hfjg.dll,thurh.dll,mgmgmm.dll,oqrthc.dll,sdrfh.dll,jyjlt.dll,ijatnaw.dll,sehhter.dll,fhjfg.dll,zdbdb.dll,ydgn.dll,dbfb.dll,fjnbv.dll,jrhhh.dll,setrhes.dll,cdxbfxdb.dll,xfgnxfn.dll,gjkhj.dll,xdhdg.dll,rhs.dll,mrjhtjd.dll,zdbfbd.dll,fjyjy.dll,fxnfnh.dll,bjrvm.dll,ektvm.dll,ghthhh.dll,yjrfe.dll,dscef.dll,crugd.dll,lariytrz.dll,hjaiq.dll,kduy.dll,hkfgh.dll,awef.dll,dfhsh.dll,ethsh.dll,stehs.dll,sthth.dll,wfhyt.dll,rgghjj.dll,ghjkdr.dll,hfther.dll,> [] 2:[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{1DB3C525-5271-46F7-887A-D4E1ADAA7632}><> [N/A] <{91954FAC-1023-154F-895A-1458258AD819}><C:\WINDOWS\system32\ypdjgbmp.dll> [N/A] <{3C954872-1230-6541-9548-6541025884C3}><C:\WINDOWS\system32\lijzclit.dll> [N/A] <{7C8D1401-A58D-A81C-CD24-A5915C4517C7}><C:\WINDOWS\system32\mnmhgsrv.dll> [N/A] <{4629FF4F-ACDB-5C90-A098-FACB3456A264}><> [N/A] <{528DF602-9541-A985-210A-984A698C6F25}><> [N/A] <{6A041F13-A111-12A3-B0CF-F99818AA68A6}><> [N/A] <{13FD5987-65D2-C58D-D87E-987451F12531}><> [N/A] <{18093456-9012-4568-9076-908765467181}><> [N/A] <{22596546-2036-9451-6058-658402589722}><> [N/A] <{25FD6584-698F-BCD2-602C-698745210352}><> [N/A] <{32023698-6984-8541-9654-698745012523}><> [N/A] <{37AC9076-C898-B098-D098-A18319080973}><> [N/A] <{50940F85-F015-14F1-A05F-F69858AC6D05}><> [N/A] <{5FD45A54-9875-698F-E56E-65102358FDF5}><> [N/A] <{5A069845-2036-6084-9054-6087502480A5}><> [N/A] <{83BA45AF-FAAA-CDDD-BEEE-BCDE1234AB38}><> [N/A] <{9490415F-65F8-B5C5-D8BA-9405FB120549}><> [N/A] <{2B69874A-C58C-458D-69F0-698F874E41B2}><> [N/A] <{35671234-7890-ABCD-CDEF-567801237653}><> [N/A] <{43512378-9874-5641-1025-985420368734}><> [N/A] <{54FAE856-AD58-20CB-A025-CD4895FA6E45}><> [N/A] <{45694105-5108-9405-3695-954187462154}><> [N/A] <{6C648541-1025-9650-9057-6541258720C6}><> [N/A] <{77FD640A-158F-48AC-FD14-1597F14A9777}><> [N/A] 同样需要全部删除了 3: 浏览器加载项 [] {3C954872-1230-6541-9548-6541025884C3} <C:\WINDOWS\system32\lijzclit.dll, N/A> [] {7C8D1401-A58D-A81C-CD24-A5915C4517C7} <C:\WINDOWS\system32\mnmhgsrv.dll, N/A>也是 嗯,说一句,你中的这个很可能会强制回写注册表,一般不会lock注册表的用户肯定搞不定,建议你找一张erd commander或者深山红叶winxp pe的盘进去系统把这些注册表项都删除了 否则你删了它应该立刻会写回去,如果不怕麻烦,你可以找个工具挨个结束它们在各个进程里的线程,不过么,它也同样有可能回插 ☆─────────────────────────────────────☆ hardy616 (猴子帮帮主) 于 (Sun Jun 15 20:50:33 2008) 提到: 嗯把病毒文件上传来看看吧~ ☆─────────────────────────────────────☆ q27024641 (果丹皮) 于 (Sun Jun 15 21:39:59 2008) 提到: 我听着有点乱,怎么找到病毒文件呢?如果找不到,不久没办法上传了么?但是如果我能找到,我不就直接删了么 ☆─────────────────────────────────────☆ q27024641 (果丹皮) 于 (Sun Jun 15 21:46:32 2008) 提到: 楼主大人,哪里能找到erd commander或者深山红叶winxp pe? ☆─────────────────────────────────────☆ q27024641 (果丹皮) 于 (Sun Jun 15 21:54:47 2008) 提到: 楼主说的删除,到注册表里,把这些键值都删了么?还有,怎样锁注册表呢? 【 在 rebirthatsix 的大作中提到: 】 : 1: : 这里是启动项,必须清除,不过估计你改了之后又会写回去[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] : <AppInit_DLLs><hmsdvf.dll,asfjthj.dll,asefry.dll,sdvj.dll,asfhjy.dll,hjukrt.dll,dhdhvv.dll,fgjderg.dll,swegfuj.dll,mhgdfg.dll,sdvfrr.dll,vhsdfg.dll,dger.dll,hjdrg.dll,kergt.dll,gfcfg.dll,reger.dll,hrergh.dll,frntrn.dll,qrhhb.dll,drghszd.dll,fngn.dll,gnfctt.dll,xgnfn.dll,xfgnhcgfm.dll,serger.dll,bnxnb.dll,fxgnfx.dll,jzijj.dll,xfgnfx.dll,serghjm.dll,thsddh.dll,xbcvxb.dll,zfdzb.dll,xdndn.dll,xdfntt.dll,hgfhk.dll,dnteh.dll,xfng.dll,njritc.dll,chmfcmh.dll,jwlah.dll,gmnait.dll,hfjg.dll,thurh.dll,: ................... ☆─────────────────────────────────────☆ q27024641 (果丹皮) 于 (Sun Jun 15 21:59:54 2008) 提到: 进入注册表,依次进入 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Policies\System] ,把“DisableRegistryTools"的值改为1就行, 改为0就是解除锁定 我在百度上搜索出来的,楼主大人,是这样锁定么? 但是同样的问题,我如果锁了注册表,那我还能删除你说的那些应该删除的键值么? 如果我先进行删除,同样是会被病毒回插回去的。来不及锁阿 ☆─────────────────────────────────────☆ rebirthatsix (茫犭者-算法盲) 于 (Sun Jun 15 22:12:46 2008) 提到: 【 在 q27024641 的大作中提到: 】 : 进入注册表,依次进入 : HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ : Policies\System] ,把“DisableRegistryTools"的值改为1就行, : ................... ....我说的锁是自己写程序锁,不是你找得这个 你这个最好的解决方法就是去找erd command等pe系统进去删注册表值,software的ftp应该有erd ☆─────────────────────────────────────☆ rebirthatsix (茫犭者-算法盲) 于 (Sun Jun 15 22:13:38 2008) 提到: 还有,楼主是你自己。。。 ☆─────────────────────────────────────☆ q27024641 (果丹皮) 于 (Sun Jun 15 22:38:47 2008) 提到: 呵呵,慌了。该称呼你斑竹才对 ☆─────────────────────────────────────☆ q27024641 (果丹皮) 于 (Sun Jun 15 22:44:30 2008) 提到: 斑竹说的锁注册表的程序,能共享一个么? ☆─────────────────────────────────────☆ q27024641 (果丹皮) 于 (Sun Jun 15 23:03:00 2008) 提到: 这是我按照斑竹说的,手动删除了提示1和提示2的内容后,用sreng2监测的结果 请问斑竹,提示3怎么做啊?难道也是在注册表里找么?找不到阿 [CODE] 2008-06-15,22:59:59 System Repair Engineer 2.5.16.900 Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能 以下内容被选中: 所有的启动项目(包括注册表、启动文件夹、服务等) 浏览器加载项 正在运行的进程(包括进程模块信息) 文件关联 Winsock 提供者 Autorun.inf HOSTS 文件 进程特权扫描 启动项目 注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher] <Foxmail><"C:\Program Files\Foxmail\Foxmail.exe" -min> [(Verified)Tencent Technology(Shenzhen) Company Limited] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [(Verified)BEIJING RISING SCIENCE AND TECHNOLOGY CORPORATION LIMITED] <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [(Verified)Beijing Rising Science and Technology Corporation Limited] <Windows木马防火墙><E:\tools\ftc木马清道夫(破解)\ftc\Trojanwall.exe> [风云谷] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [(Verified)Microsoft Windows Publisher] <Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><hmsdvf.dll,asfjthj.dll,asefry.dll,sdvj.dll,asfhjy.dll,hjukrt.dll,dhdhvv.dll,fgjderg.dll,swegfuj.dll,mhgdfg.dll,sdvfrr.dll,vhsdfg.dll,dger.dll,hjdrg.dll,kergt.dll,gfcfg.dll,reger.dll,hrergh.dll,frntrn.dll,qrhhb.dll,drghszd.dll,fngn.dll,gnfctt.dll,xgnfn.dll,xfgnhcgfm.dll,serger.dll,bnxnb.dll,fxgnfx.dll,jzijj.dll,xfgnfx.dll,serghjm.dll,thsddh.dll,xbcvxb.dll,zfdzb.dll,xdndn.dll,xdfntt.dll,hgfhk.dll,dnteh.dll,xfng.dll,njritc.dll,chmfcmh.dll,jwlah.dll,gmnait.dll,hfjg.dll,thurh.dll,mgmgmm.dll,oqrthc.dll,sdrfh.dll,jyjlt.dll,ijatnaw.dll,sehhter.dll,fhjfg.dll,zdbdb.dll,ydgn.dll,dbfb.dll,fjnbv.dll,jrhhh.dll,setrhes.dll,cdxbfxdb.dll,xfgnxfn.dll,gjkhj.dll,xdhdg.dll,rhs.dll,mrjhtjd.dll,zdbfbd.dll,fjyjy.dll,fxnfnh.dll,bjrvm.dll,ektvm.dll,ghthhh.dll,yjrfe.dll,dscef.dll,crugd.dll,lariytrz.dll,hjaiq.dll,kduy.dll,hkfgh.dll,awef.dll,dfhsh.dll,ethsh.dll,stehs.dll,sthth.dll,wfhyt.dll,rgghjj.dll,ghjkdr.dll,hfther.dll,> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [(Verified)Beijing Rising Science and Technology Corporation Limited] <{2B69874A-C58C-458D-69F0-698F874E41B2}><> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)BEIJING RISING SCIENCE AND TECHNOLOGY CORPORATION LIMITED] <JavaView><C:\WINDOWS\AppPatch\Jview.dll> [N/A] <ThunderAdvise><C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll> [Thunder Networking Technologies,LTD] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] <WinlogonNotify: WgaLogon><WgaLogon.dll> [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub> [(Verified)Tencent Technology(Shenzhen) Company Limited] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A] ================================== 启动文件夹 N/A ================================== 服务 [Human Interface Device Access / HidServ][Stopped/Disabled] <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A> [Rising Proxy Service / RfwProxySrv][Running/Auto Start] <c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.> [Rising Personal Firewall Service / RfwService][Running/Auto Start] <c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.> [Rising Process Communication Center / RsCCenter][Running/Auto Start] <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.> [Rising RealTime Monitor / RsRavMon][Stopped/Auto Start] <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.> [Windows Live Setup Service / WLSetupSvc][Stopped/Manual Start] <"C:\Program Files\Windows Live\installer\WLSetupSvc.exe"><Microsoft Corporation> ================================== 驱动程序 [Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start] <system32\drivers\ac97intc.sys><Intel Corporation> [Rising TDI Base Driver / BaseTDI][Running/Auto Start] <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.> [NVIDIA Compatible Windows Miniport Driver / cdralw][Stopped/Auto Start] <system32\DRIVERS\nvmini.sys><N/A> [eth8023 / eth8023][Stopped/Manual Start] <\SystemRoot\system32\drivers\eth8023.sys><N/A> [HookCont / HookCont][Running/System Start] <\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Technology Co., Ltd> [HookNtos / HookNtos][Running/System Start] <\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Technology Co., Ltd> [HookReg / HookReg][Running/System Start] <\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Technology Co., Ltd> [HookSys / HookSys][Running/System Start] <\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Technology Co., Ltd> [HookUrl / HookUrl][Running/Auto Start] <\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.> [IR Enumerator Service / IRENUM][Stopped/Manual Start] <system32\DRIVERS\irenum.sys><N/A> [npkcrypt / npkcrypt][Running/Auto Start] <\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.> [Direct Parallel Link Driver / Ptilink][Running/Manual Start] <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.> [Rising Rfwbase Driver / RfwBase][Running/Auto Start] <System32\DRIVERS\rfwbase.SYS><Beijing Rising Technology Co., Ltd.> [RsFwDrv / RsFwDrv][Running/System Start] <\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.> [RsNTGDI / RsNTGDI][Running/Boot Start] <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.> [Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start] <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation> [Secdrv / Secdrv][Stopped/Manual Start] <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.> [SiS300i / SiS300i][Running/Manual Start] <system32\DRIVERS\sis300ip.sys><Silicon Integrated Systems Corporation> [Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start] <system32\DRIVERS\SONYPVU1.SYS><Sony Corporation> [sptd / sptd][Running/Boot Start] <\SystemRoot\System32\Drivers\sptd.sys><N/A> ================================== 浏览器加载项 [SnagIt Toolbar Loader] {00C6482D-C502-44C8-8409-FCE54AD9C208} <C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll, TechSmith Corporation> [Flashget Catch Url Class] {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <C:\Program Files\FlashGet\jccatch.dll, www.flashget.com> [IEHandle Class] {31EBA2E2-58B2-4980-9C41-F12F5F1422C5} <C:\Program Files\Common Files\Collegesoft\Share Components\TPHANDLE.dll, 江苏科建教育软件有限责任公司> [] {3C954872-1230-6541-9548-6541025884C3} <C:\WINDOWS\system32\lijzclit.dll, N/A> [] {7C8D1401-A58D-A81C-CD24-A5915C4517C7} <C:\WINDOWS\system32\mnmhgsrv.dll, N/A> [Windows Live 登录帮助程序] {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation> [] {91954FAC-1023-154F-895A-1458258AD819} <C:\WINDOWS\system32\ypdjgbmp.dll, N/A> [ThunderHlpObj Class] {97421D0D-E07F-40DF-8F07-99597B9585AD} <C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll, Thunder Networking Technologies,LTD> [Windows Live Toolbar Helper] {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation> [FlashGet GetFlash Class] {F156768E-81EF-470C-9057-481BA8380DBA} <C:\Program Files\FlashGet\getflash.dll, www.flashget.com> [浩方对战平台] {0A155D3C-68E2-4215-A47A-E800A446447A} <C:\Program Files\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司> [打开记事本] {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <%windir%\system32\Notepad.exe, N/A> [快车] {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\Program Files\FlashGet\FlashGet.exe, FlashGet.com> [快车(FlashGet)] {E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\Program Files\FlashGet\fgiebar.dll, Amaze Soft> [SnagIt] {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} <C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll, TechSmith Corporation> [Windows Live Toolbar] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation> [MMCPlayer Class] {05C1004E-2596-48E5-8E26-39362985EEB9} <C:\WINDOWS\Downloaded Program Files\MMCShell.dll, Sohu.com Inc.> [Edit Class] {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\system32\CMBEdit.dll, > [iTrusPTA Class] {1E0DFFCF-27FF-4574-849B-55007349FEDA} <C:\WINDOWS\system32\aliedit\pta.dll, > [PhotoDraw Class] {2375BEE5-F175-4F1C-81EC-8E4E2E72E2DD} <C:\WINDOWS\system32\QQPhotoDraw.dll, TENCENT> [InputPassWd Class] {3A4C8311-C151-4462-BDE9-F777ABEE0063} <C:\WINDOWS\Downloaded Program Files\WebDll.dll, > [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.> [PasswordEditCtrl Class] {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技(深圳)有限公司> [SnagIt Toolbar Loader] {00C6482D-C502-44C8-8409-FCE54AD9C208} <C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll, TechSmith Corporation> [Flashget Catch Url Class] {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <C:\Program Files\FlashGet\jccatch.dll, www.flashget.com> [IEHandle Class] {31EBA2E2-58B2-4980-9C41-F12F5F1422C5} <C:\Program Files\Common Files\Collegesoft\Share Components\TPHANDLE.dll, 江苏科建教育软件有限责任公司> [] {3C954872-1230-6541-9548-6541025884C3} <C:\WINDOWS\system32\lijzclit.dll, N/A> [XML Document] {48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation> [] {7C8D1401-A58D-A81C-CD24-A5915C4517C7} <C:\WINDOWS\system32\mnmhgsrv.dll, N/A> [SnagIt] {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} <C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll, TechSmith Corporation> [Windows Live 登录帮助程序] {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation> [] {91954FAC-1023-154F-895A-1458258AD819} <C:\WINDOWS\system32\ypdjgbmp.dll, N/A> [ThunderHlpObj Class] {97421D0D-E07F-40DF-8F07-99597B9585AD} <C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll, Thunder Networking Technologies,LTD> [Windows Live Toolbar] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation> [Windows Live Toolbar Helper] {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation> [AUDIO__X_MS_WMA Moniker Class] {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.> [快车(FlashGet)] {E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\Program Files\FlashGet\fgiebar.dll, Amaze Soft> [FlashGet GetFlash Class] {F156768E-81EF-470C-9057-481BA8380DBA} <C:\Program Files\FlashGet\getflash.dll, www.flashget.com> [&Windows Live Search] <res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm, N/A> [&使用快车(FlashGet)下载] <C:\Program Files\FlashGet\jc_link.htm, N/A> [&使用快车(FlashGet)下载全部链接] <C:\Program Files\FlashGet\jc_all.htm, N/A> [Add to Windows &Live Favorites] <http://favorites.live.com/quickadd.aspx, N/A> [在Foxmail中添加该RSS频道/频道组] <res://C:\WINDOWS\system32\fmrsslink.dll/201, N/A> [添加到QQ表情] <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A> [用比特精灵下载(&B)] <C:\Program Files\BitSpirit\bsurl.htm, N/A> ================================== 正在运行的进程 [PID: 452 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 520 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [PID: 544 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\hmsdvf.dll] [N/A, ] [C:\WINDOWS\system32\asfjthj.dll] [N/A, ] [C:\WINDOWS\system32\WgaLogon.dll] [Microsoft Corporation, 1.7.0018.7] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 596 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [PID: 608 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [PID: 756 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [PID: 820 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [PID: 880 / SYSTEM][C:\Program Files\Rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.28] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [PID: 900 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)] [C:\WINDOWS\TEMP\wmsetup.dll] [N/A, ] [PID: 1000 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [PID: 1088 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [PID: 1140 / SYSTEM][C:\PROGRAM FILES\RISING\RAV\ravmond.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.76] [C:\PROGRAM FILES\RISING\RAV\BWList.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.4] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.0] [C:\PROGRAM FILES\RISING\RAV\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.16] [C:\PROGRAM FILES\RISING\RAV\RsLog.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.34] [C:\PROGRAM FILES\RISING\RAV\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\PROGRAM FILES\RISING\RAV\MonRule.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.29] [C:\PROGRAM FILES\RISING\RAV\Hooksys.dll] [Beijing Rising Technology Co., Ltd, 22, 0, 0, 9] [C:\PROGRAM FILES\RISING\RAV\HookReg.dll] [Beijing Rising Technology Co., Ltd, 22, 0, 0, 4] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [C:\PROGRAM FILES\RISING\RAV\HookNtos.dll] [Beijing Rising Technology Co., Ltd, 22, 0, 0, 2] [C:\PROGRAM FILES\RISING\RAV\rswalmon.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 22] [C:\PROGRAM FILES\RISING\RAV\recomp.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 39] [C:\PROGRAM FILES\RISING\RAV\refs.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 17] [C:\PROGRAM FILES\RISING\RAV\ffr.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 15] [C:\Program Files\Rising\Rav\RsStore.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.8] [C:\PROGRAM FILES\RISING\RAV\HookCont.dll] [Beijing Rising Technology Co., Ltd, 22, 0, 0, 1] [C:\PROGRAM FILES\RISING\RAV\extfile.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 29] [C:\Program Files\Rising\Rav\fakescan.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.13] [C:\PROGRAM FILES\RISING\RAV\pearc.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 5] [C:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.36] [C:\PROGRAM FILES\RISING\RAV\viruslib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26] [C:\PROGRAM FILES\RISING\RAV\relibldr.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [C:\PROGRAM FILES\RISING\RAV\HookWeb.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.2] [C:\PROGRAM FILES\RISING\RAV\nvfile.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 6] [C:\PROGRAM FILES\RISING\RAV\scanexec.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\PROGRAM FILES\RISING\RAV\unexe.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 5] [C:\PROGRAM FILES\RISING\RAV\scanex.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 77] [C:\PROGRAM FILES\RISING\RAV\scanpack.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9] [C:\PROGRAM FILES\RISING\RAV\revm.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 8] [C:\PROGRAM FILES\RISING\RAV\urutils.dll] [, 20, 0, 0, 6] [C:\PROGRAM FILES\RISING\RAV\ur000.dat] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 18] [C:\PROGRAM FILES\RISING\RAV\scriptci.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3] [C:\PROGRAM FILES\RISING\RAV\uroutine.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26] [C:\PROGRAM FILES\RISING\RAV\ur023.dat] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 1] [C:\PROGRAM FILES\RISING\RAV\extmail.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9] [C:\PROGRAM FILES\RISING\RAV\ur001.dat] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3] [C:\PROGRAM FILES\RISING\RAV\scansct.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9] [C:\PROGRAM FILES\RISING\RAV\posttrt.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 21] [PID: 1132 / SYSTEM][c:\program files\rising\rfw\rfwsrv.exe] [Beijing Rising Technology Co., Ltd., 7.0.0.68] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\hmsdvf.dll] [N/A, ] [C:\WINDOWS\system32\asfjthj.dll] [N/A, ] [C:\Program Files\Rising\Rfw\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [c:\program files\rising\rfw\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [c:\program files\rising\rfw\RSAPPMGR.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.0] [c:\program files\rising\rfw\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.16] [c:\program files\rising\rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.13] [c:\program files\rising\rfw\rfwlog.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.12] [c:\program files\rising\rfw\Rfwdrv.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.41] [c:\program files\rising\rfw\psapi.dll] [Microsoft Corporation, 4.00] [c:\program files\rising\rfw\ijt_ctrl.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.0] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [c:\program files\rising\rfw\unvdet.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.5] [c:\program files\rising\rfw\mPorts.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.3] [PID: 1276 / SYSTEM][c:\program files\rising\rfw\rfwproxy.exe] [Beijing Rising Technology Co., Ltd., 7.0.0.33] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\hmsdvf.dll] [N/A, ] [C:\WINDOWS\system32\asfjthj.dll] [N/A, ] [c:\program files\rising\rfw\psapi.dll] [Microsoft Corporation, 4.00] [C:\Program Files\Rising\Rfw\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [c:\program files\rising\rfw\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [c:\program files\rising\rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.13] [c:\program files\rising\rfw\urlrule.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 9] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [c:\program files\rising\rfw\MonMid.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4] [PID: 1520 / SYSTEM][c:\program files\rising\rfw\rfwstub.exe] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\hmsdvf.dll] [N/A, ] [C:\WINDOWS\system32\asfjthj.dll] [N/A, ] [c:\program files\rising\rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [PID: 1692 / jzg][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)] [C:\WINDOWS\system32\hmsdvf.dll] [N/A, ] [C:\WINDOWS\system32\asfjthj.dll] [N/A, ] [C:\WINDOWS\system32\WPDShServiceObj.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 74] [C:\WINDOWS\system32\PortableDeviceTypes.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\Program Files\WinRAR\rarext.dll] [N/A, ] [C:\Program Files\TechSmith\SnagIt 8\SnagItShellExt.dll] [TechSmith Corporation, 8.2.3.14] [C:\Program Files\TechSmith\SnagIt 8\MFC80.DLL] [Microsoft Corporation, 8.00.50727.42] [C:\Program Files\TechSmith\SnagIt 8\MFC80CHS.DLL] [Microsoft Corporation, 8.00.50727.42] [C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.17] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [E:\tools\FTC木~1\ftc\Commenu.dll] [Fygsoft and Microsoft, 2.0.0.0] [C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll] [Microsoft Corporation, 8.5.1302.1018] [C:\WINDOWS\system32\wpdshext.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\Audiodev.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\l3codeca.acm] [Fraunhofer Institut Integrierte Schaltungen IIS, 1, 9, 0, 0305] [C:\WINDOWS\system32\msdmo.dll] [, ] [C:\WINDOWS\system32\icm32.dll] [Microsoft Corporation, 5.1.2600.2709 (xpsp_sp2_gdr.050628-1518)] [PID: 1808 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)] [C:\WINDOWS\system32\hmsdvf.dll] [N/A, ] [C:\WINDOWS\system32\asfjthj.dll] [N/A, ] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [E:\tools\ftc木马清道夫(破解)\ftc\ProcessHook.dll] [Fygsoft and Microsoft, 1.0.0.33] [E:\tools\ftc木马清道夫(破解)\ftc\PassProtect.dll] [Fygsoft and Microsoft, 2.0.0.92] [E:\tools\ftc木马清道夫(破解)\ftc\Filehook.dll] [Fygsoft and Microsoft, 2.0.0.0] [E:\tools\ftc木马清道夫(破解)\ftc\SocketMon.dll] [Fygsoft and Microsoft, 1.1.0.0] [PID: 1992 / SYSTEM][C:\PROGRAM FILES\RISING\RAV\RavStub.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.9] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [C:\PROGRAM FILES\RISING\RAV\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [PID: 2020 / jzg][c:\program files\rising\rfw\RfwMain.exe] [Beijing Rising Technology Co., Ltd., 7.0.1.65] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [c:\program files\rising\rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 88] [C:\Program Files\Rising\Rfw\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [c:\program files\rising\rfw\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [c:\program files\rising\rfw\RSAPPMGR.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.0] [c:\program files\rising\rfw\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.16] [c:\program files\rising\rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [c:\program files\rising\rfw\RfwCtrl.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.7] [c:\program files\rising\rfw\RsXML.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0] [c:\program files\rising\rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [c:\program files\rising\rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.13] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 1480 / jzg][C:\Program Files\Rising\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.23] [C:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 20.0.0.0] [C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.16] [PID: 1500 / jzg][C:\Program Files\Rising\Rav\Ravmon.exe] [Beijing Rising Technology Co., Ltd., 20.0.01.19] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [C:\Program Files\Rising\Rav\recomp.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 39] [C:\Program Files\Rising\Rav\refs.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 17] [C:\Program Files\Rising\Rav\viruslib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26] [C:\Program Files\Rising\Rav\relibldr.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [C:\Program Files\Rising\Rav\RSAPPMGR.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.0] [C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.16] [C:\Program Files\Rising\Rav\MonRule.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.29] [C:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4] [C:\Program Files\Rising\Rav\Rsguilib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 88] [C:\Program Files\Rising\Rav\RsXML.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0] [PID: 2360 / jzg][E:\tools\ftc木马清道夫(破解)\ftc\Trojanwall.exe] [风云谷, 4.7.0.1405] [C:\WINDOWS\system32\hmsdvf.dll] [N/A, ] [C:\WINDOWS\system32\asfjthj.dll] [N/A, ] [E:\tools\ftc木马清道夫(破解)\ftc\ftcapi.dll] [fygsoft, 1.0.0.0] [E:\tools\ftc木马清道夫(破解)\ftc\ProcessHook.dll] [Fygsoft and Microsoft, 1.0.0.33] [E:\tools\ftc木马清道夫(破解)\ftc\PassProtect.dll] [Fygsoft and Microsoft, 2.0.0.92] [E:\tools\ftc木马清道夫(破解)\ftc\Filehook.dll] [Fygsoft and Microsoft, 2.0.0.0] [E:\tools\ftc木马清道夫(破解)\ftc\SocketMon.dll] [Fygsoft and Microsoft, 1.1.0.0] [E:\tools\ftc木马清道夫(破解)\ftc\PSAPI.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 2368 / jzg][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\hmsdvf.dll] [N/A, ] [C:\WINDOWS\system32\asfjthj.dll] [N/A, ] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [E:\tools\ftc木马清道夫(破解)\ftc\ProcessHook.dll] [Fygsoft and Microsoft, 1.0.0.33] [E:\tools\ftc木马清道夫(破解)\ftc\PassProtect.dll] [Fygsoft and Microsoft, 2.0.0.92] [E:\tools\ftc木马清道夫(破解)\ftc\Filehook.dll] [Fygsoft and Microsoft, 2.0.0.0] [E:\tools\ftc木马清道夫(破解)\ftc\SocketMon.dll] [Fygsoft and Microsoft, 1.1.0.0] [PID: 2772 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\System32\hmsdvf.dll] [N/A, ] [C:\WINDOWS\System32\asfjthj.dll] [N/A, ] [E:\tools\ftc木马清道夫(破解)\ftc\ProcessHook.dll] [Fygsoft and Microsoft, 1.0.0.33] [E:\tools\ftc木马清道夫(破解)\ftc\PassProtect.dll] [Fygsoft and Microsoft, 2.0.0.92] [E:\tools\ftc木马清道夫(破解)\ftc\Filehook.dll] [Fygsoft and Microsoft, 2.0.0.0] [E:\tools\ftc木马清道夫(破解)\ftc\SocketMon.dll] [Fygsoft and Microsoft, 1.1.0.0] [PID: 3172 / jzg][C:\Program Files\Foxmail\Foxmail.exe] [Tencent Inc., 6, 10, 201, 20] [C:\WINDOWS\system32\hmsdvf.dll] [N/A, ] [C:\WINDOWS\system32\asfjthj.dll] [N/A, ] [E:\tools\ftc木马清道夫(破解)\ftc\ProcessHook.dll] [Fygsoft and Microsoft, 1.0.0.33] [E:\tools\ftc木马清道夫(破解)\ftc\PassProtect.dll] [Fygsoft and Microsoft, 2.0.0.92] [C:\WINDOWS\system32\MAPI32.DLL] [Microsoft Corporation, 1.0.2536.0 (XPClient.010817-1148)] [C:\Program Files\Foxmail\FoxAntiSpam.dll] [N/A, ] [C:\Program Files\Foxmail\pcre.dll] [N/A, ] [C:\Program Files\Foxmail\3rdParty\punylib.dll] [CNNIC, 1, 0, 0, 3] [E:\tools\ftc木马清道夫(破解)\ftc\Filehook.dll] [Fygsoft and Microsoft, 2.0.0.0] [E:\tools\ftc木马清道夫(破解)\ftc\SocketMon.dll] [Fygsoft and Microsoft, 1.1.0.0] [PID: 1504 / SYSTEM][C:\WINDOWS\system32\rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\hmsdvf.dll] [N/A, ] [C:\WINDOWS\system32\asfjthj.dll] [N/A, ] [E:\tools\ftc木马清道夫(破解)\ftc\ProcessHook.dll] [Fygsoft and Microsoft, 1.0.0.33] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [E:\tools\ftc木马清道夫(破解)\ftc\PassProtect.dll] [Fygsoft and Microsoft, 2.0.0.92] [E:\tools\ftc木马清道夫(破解)\ftc\Filehook.dll] [Fygsoft and Microsoft, 2.0.0.0] [E:\tools\ftc木马清道夫(破解)\ftc\SocketMon.dll] [Fygsoft and Microsoft, 1.1.0.0] [PID: 968 / jzg][C:\WINDOWS\system32\taskmgr.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\hmsdvf.dll] [N/A, ] [C:\WINDOWS\system32\asfjthj.dll] [N/A, ] [E:\tools\ftc木马清道夫(破解)\ftc\ProcessHook.dll] [Fygsoft and Microsoft, 1.0.0.33] [E:\tools\ftc木马清道夫(破解)\ftc\PassProtect.dll] [Fygsoft and Microsoft, 2.0.0.92] [E:\tools\ftc木马清道夫(破解)\ftc\Filehook.dll] [Fygsoft and Microsoft, 2.0.0.0] [E:\tools\ftc木马清道夫(破解)\ftc\SocketMon.dll] [Fygsoft and Microsoft, 1.1.0.0] [PID: 352 / jzg][C:\Program Files\BitSpirit\BitSpirit.exe] [LANSPIRIT.NET, 3.0.1.90] [C:\WINDOWS\system32\hmsdvf.dll] [N/A, ] [C:\WINDOWS\system32\asfjthj.dll] [N/A, ] [E:\tools\ftc木马清道夫(破解)\ftc\ProcessHook.dll] [Fygsoft and Microsoft, 1.0.0.33] [E:\tools\ftc木马清道夫(破解)\ftc\PassProtect.dll] [Fygsoft and Microsoft, 2.0.0.92] [E:\tools\ftc木马清道夫(破解)\ftc\Filehook.dll] [Fygsoft and Microsoft, 2.0.0.0] [E:\tools\ftc木马清道夫(破解)\ftc\SocketMon.dll] [Fygsoft and Microsoft, 1.1.0.0] [C:\Program Files\BitSpirit\plugin\peerid.dll] [N/A, ] [C:\Program Files\BitSpirit\plugin\tracker.dll] [N/A, ] [PID: 2496 / jzg][C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe] [Microsoft Corporation, 4.200.520.1] [C:\WINDOWS\system32\hmsdvf.dll] [N/A, ] [C:\WINDOWS\system32\asfjthj.dll] [N/A, ] [E:\tools\ftc木马清道夫(破解)\ftc\ProcessHook.dll] [Fygsoft and Microsoft, 1.0.0.33] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [E:\tools\ftc木马清道夫(破解)\ftc\PassProtect.dll] [Fygsoft and Microsoft, 2.0.0.92] [E:\tools\ftc木马清道夫(破解)\ftc\Filehook.dll] [Fygsoft and Microsoft, 2.0.0.0] [C:\Program Files\Common Files\Microsoft Shared\Windows Live\msidcrl40.dll] [Microsoft Corporation, 4.200.520.1] [E:\tools\ftc木马清道夫(破解)\ftc\SocketMon.dll] [Fygsoft and Microsoft, 1.1.0.0] [PID: 3356 / jzg][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\hmsdvf.dll] [N/A, ] [C:\WINDOWS\system32\asfjthj.dll] [N/A, ] [E:\tools\ftc木马清道夫(破解)\ftc\ProcessHook.dll] [Fygsoft and Microsoft, 1.0.0.33] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [E:\tools\ftc木马清道夫(破解)\ftc\PassProtect.dll] [Fygsoft and Microsoft, 2.0.0.92] [E:\tools\ftc木马清道夫(破解)\ftc\Filehook.dll] [Fygsoft and Microsoft, 2.0.0.0] [E:\tools\ftc木马清道夫(破解)\ftc\SocketMon.dll] [Fygsoft and Microsoft, 1.1.0.0] [C:\Program Files\Windows Live Toolbar\msntb.dll] [Microsoft Corporation, 03.01.0000.0146] [C:\Program Files\Windows Live Toolbar\zh-cn\mtbres.dll.mui] [Microsoft Corporation, 03.00.0001.2012] [C:\Program Files\Windows Live Toolbar\mtbres.dll] [Microsoft Corporation, 03.01.0000.0146] [C:\Program Files\Windows Live Toolbar\Tem.dll] [Microsoft Corporation, 03.01.0000.0146] [C:\Program Files\Windows Live Toolbar\zh-cn\searchboxRes.dll.mui] [Microsoft Corporation, 03.00.0001.2012] [C:\Program Files\Windows Live Toolbar\searchboxRes.dll] [Microsoft Corporation, 03.01.0000.0146] [C:\Program Files\Windows Live Toolbar\Components\zh-cn\hvres.dll.mui] [Microsoft Corporation, 03.00.0001.2012] [C:\Program Files\Windows Live Toolbar\Components\hvres.dll] [Microsoft Corporation, 03.01.0000.0146] [C:\Program Files\Windows Live Toolbar\zh-cn\CMRes.dll.mui] [Microsoft Corporation, 03.00.0001.2032] [C:\Program Files\Windows Live Toolbar\CMRes.dll] [Microsoft Corporation, 03.01.0000.0146] [C:\Program Files\Windows Live Favorites\wlfext.dll] [Microsoft Corporation, 03.01.0000.0146] [C:\Program Files\Windows Live Toolbar\zh-cn\msn_slrs.DLL.mui] [Microsoft Corporation, 03.00.0001.2012] [C:\Program Files\Windows Live Toolbar\msn_slrs.DLL] [Microsoft Corporation, 03.01.0000.0146] [C:\Program Files\Windows Live Toolbar\Components\zh-cn\MSNExtensionRes.dll.mui] [Microsoft Corporation, 03.00.0001.2012] [C:\Program Files\Windows Live Toolbar\Components\MSNExtensionRes.dll] [Microsoft Corporation, 03.01.0000.0146] [C:\Program Files\Windows Live Toolbar\Components\zh-cn\SmaMenRes.dll.mui] [Microsoft Corporation。, 03.00.0001.2012] [C:\Program Files\Windows Live Toolbar\Components\SmaMenRes.dll] [Microsoft Corporation., 03.01.0000.0146] [C:\Program Files\Windows Live Toolbar\zh-cn\CBRes.dll.mui] [Microsoft Corporation, 03.01.0000.0146] [C:\Program Files\Windows Live Toolbar\CBRes.dll] [Microsoft Corporation, 03.01.0000.0146] [C:\Program Files\Windows Live Toolbar\Components\msnHiliteViewer.dll] [Microsoft Corporation, 03.01.0000.0146] [C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll] [TechSmith Corporation, 8.2.3.14] [C:\Program Files\FlashGet\jccatch.dll] [www.flashget.com, 1, 8, 1, 1005] [C:\Program Files\Common Files\Collegesoft\Share Components\TPHANDLE.dll] [江苏科建教育软件有限责任公司, 5, 1, 8, 1] [C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll] [Microsoft Corporation, 4.200.520.1] [C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 74] [C:\Program Files\Common Files\Microsoft Shared\Windows Live\msidcrl40.dll] [Microsoft Corporation, 4.200.520.1] [C:\Program Files\Windows Live Toolbar\searchbox.dll] [Microsoft Corporation, 03.01.0000.0146] [C:\Program Files\Windows Live Toolbar\stmain.dll] [Microsoft Corporation, 03.01.0000.0146] [C:\Program Files\Windows Live Toolbar\cm.dll] [Microsoft Corporation, 03.01.0000.0146] [C:\Program Files\Windows Live Toolbar\msn_slps.dll] [Microsoft Corporation, 03.01.0000.0146] [C:\Program Files\Windows Live Toolbar\Components\WLExtension.dll] [Microsoft Corporation, 03.01.0000.0146] [C:\Program Files\Windows Live Toolbar\Components\smamen.dll] [Microsoft Corporation., 03.01.0000.0146] [C:\Program Files\Windows Live Toolbar\CB.dll] [Microsoft Corporation, 03.01.0000.0146] [C:\Program Files\Windows Live Favorites\WLFExtRes.dll] [Microsoft Corporation, 03.00.0001.2012] [C:\Program Files\Windows Live Favorites\TBIDCRL.dll] [Microsoft Corporation, 03.01.0000.0146] [C:\Program Files\FlashGet\getflash.dll] [www.flashget.com, 1, 8, 1, 1002] [C:\Program Files\Windows Live Toolbar\Components\COMCRF\COMCRF.dll] [Microsoft Corporation., 03.01.0000.0146] [C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3] [C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx] [Adobe Systems, Inc., 9,0,115,0] [PID: 1416 / jzg][C:\WINDOWS\notepad.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\hmsdvf.dll] [N/A, ] [C:\WINDOWS\system32\asfjthj.dll] [N/A, ] [E:\tools\ftc木马清道夫(破解)\ftc\ProcessHook.dll] [Fygsoft and Microsoft, 1.0.0.33] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [E:\tools\ftc木马清道夫(破解)\ftc\PassProtect.dll] [Fygsoft and Microsoft, 2.0.0.92] [E:\tools\ftc木马清道夫(破解)\ftc\Filehook.dll] [Fygsoft and Microsoft, 2.0.0.0] [E:\tools\ftc木马清道夫(破解)\ftc\SocketMon.dll] [Fygsoft and Microsoft, 1.1.0.0] [PID: 4072 / jzg][E:\tools\sreng2\sreng2\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900] [C:\WINDOWS\system32\hmsdvf.dll] [N/A, ] [C:\WINDOWS\system32\asfjthj.dll] [N/A, ] [E:\tools\ftc木马清道夫(破解)\ftc\ProcessHook.dll] [Fygsoft and Microsoft, 1.0.0.33] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [E:\tools\ftc木马清道夫(破解)\ftc\PassProtect.dll] [Fygsoft and Microsoft, 2.0.0.92] [E:\tools\ftc木马清道夫(破解)\ftc\Filehook.dll] [Fygsoft and Microsoft, 2.0.0.0] [E:\tools\ftc木马清道夫(破解)\ftc\SocketMon.dll] [Fygsoft and Microsoft, 1.1.0.0] [E:\tools\sreng2\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15] ================================== 文件关联 .TXT Error. [C:\WINDOWS\notepad.exe %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM Error. ["hh.exe" %1] .HLP Error. [winhlp32.exe %1] .INI Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 N/A ================================== Autorun.inf N/A ================================== HOSTS 文件 N/A ================================== 进程特权扫描 特殊特权被允许: SeSystemtimePrivilege [PID = 2360, E:\TOOLS\FTC木马清道夫(破解)\FTC\TROJANWALL.EXE] 特殊特权被允许: SeDebugPrivilege [PID = 2360, E:\TOOLS\FTC木马清道夫(破解)\FTC\TROJANWALL.EXE] 特殊特权被允许: SeLoadDriverPrivilege [PID = 2360, E:\TOOLS\FTC木马清道夫(破解)\FTC\TROJANWALL.EXE] 特殊特权被允许: SeSystemtimePrivilege [PID = 352, C:\PROGRAM FILES\BITSPIRIT\BITSPIRIT.EXE] 特殊特权被允许: SeDebugPrivilege [PID = 352, C:\PROGRAM FILES\BITSPIRIT\BITSPIRIT.EXE] 特殊特权被允许: SeLoadDriverPrivilege [PID = 352, C:\PROGRAM FILES\BITSPIRIT\BITSPIRIT.EXE] 特殊特权被允许: SeSystemtimePrivilege [PID = 1416, C:\WINDOWS\NOTEPAD.EXE] 特殊特权被允许: SeDebugPrivilege [PID = 1416, C:\WINDOWS\NOTEPAD.EXE] 特殊特权被允许: SeLoadDriverPrivilege [PID = 1416, C:\WINDOWS\NOTEPAD.EXE] ================================== API HOOK CreateProcessA (危险等级: 一般, 被下面模块所HOOK: ) CreateProcessW (危险等级: 一般, 被下面模块所HOOK: ) 入口点错误:FreeLibrary (危险等级: 高, 被下面模块所HOOK: 0x5F00002D) ================================== 隐藏进程 N/A ================================== [/CODE] ☆─────────────────────────────────────☆ rebirthatsix (茫犭者-算法盲) 于 (Sun Jun 15 23:43:03 2008) 提到: 额,用sreng2就可以删除,你找找浏览器加载项那里,能找到对应的 ☆─────────────────────────────────────☆ kissblue (断情) 于 (Mon Jun 16 00:37:15 2008) 提到: ls头像很暴力... ☆─────────────────────────────────────☆ q27024641 (果丹皮) 于 (Mon Jun 16 08:43:23 2008) 提到: 斑竹大人,我按照这种方法试着改了一下注册表,结果发现:这种锁的方法,不是锁住注册表不让人修改,而是把regedit.exe注册表修改工具给禁用了。怎么改回来啊?瘸子还没治好,又被我给治瞎了,555555555555 【 在 q27024641 的大作中提到: 】 : 进入注册表,依次进入 : HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ : Policies\System] ,把“DisableRegistryTools"的值改为1就行, : ................... [em9] ☆─────────────────────────────────────☆ rebirthatsix (茫犭者-算法盲) 于 (Mon Jun 16 08:50:53 2008) 提到: 【 在 q27024641 的大作中提到: 】 : 斑竹大人,我按照这种方法试着改了一下注册表,结果发现:这种锁的方法,不是锁住注册表不让人修改,而是把regedit.exe注册表修改工具给禁用了。怎么改回来啊?瘸子还没治好,又被我给治瞎了,555555555555 : [em9] .....跟你说了不是用这种方法锁,应该可以恢复 我给你传一个试试吧 ☆─────────────────────────────────────☆ rebirthatsix (茫犭者-算法盲) 于 (Mon Jun 16 09:11:18 2008) 提到: 【 在 rebirthatsix 的大作中提到: 】 : .....跟你说了不是用这种方法锁,应该可以恢复 : 我给你传一个试试吧 用这个 [upload=1][/upload] ☆─────────────────────────────────────☆ q27024641 (果丹皮) 于 (Mon Jun 16 11:48:22 2008) 提到: 谢谢斑竹,regedit.exe终于又能打开了。 ☆─────────────────────────────────────☆ q27024641 (果丹皮) 于 (Mon Jun 16 17:46:35 2008) 提到: 但是还是同样的问题,我开机后,没动什么,cpu就冲到100%了 我用sreng2扫描的结果发现,之前删除的东西已经没有了。麻烦斑竹帮忙看看,是不是有漏网之鱼,还是别的什么问题 [CODE] 2008-06-16,17:41:03 System Repair Engineer 2.5.16.900 Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能 以下内容被选中: 所有的启动项目(包括注册表、启动文件夹、服务等) 浏览器加载项 正在运行的进程(包括进程模块信息) 文件关联 Winsock 提供者 Autorun.inf HOSTS 文件 进程特权扫描 启动项目 注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher] <Foxmail><"C:\Program Files\Foxmail\Foxmail.exe" -min> [(Verified)Tencent Technology(Shenzhen) Company Limited] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [(Verified)BEIJING RISING SCIENCE AND TECHNOLOGY CORPORATION LIMITED] <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [(Verified)Beijing Rising Science and Technology Corporation Limited] <Windows木马防火墙><E:\tools\ftc木马清道夫(破解)\ftc\Trojanwall.exe> [风云谷] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [(Verified)Microsoft Windows Publisher] <Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><hmsdvf.dll,asfjthj.dll,asefry.dll,sdvj.dll,asfhjy.dll,hjukrt.dll,dhdhvv.dll,fgjderg.dll,swegfuj.dll,mhgdfg.dll,sdvfrr.dll,vhsdfg.dll,dger.dll,hjdrg.dll,kergt.dll,gfcfg.dll,reger.dll,hrergh.dll,frntrn.dll,qrhhb.dll,drghszd.dll,fngn.dll,gnfctt.dll,xgnfn.dll,xfgnhcgfm.dll,serger.dll,bnxnb.dll,fxgnfx.dll,jzijj.dll,xfgnfx.dll,serghjm.dll,thsddh.dll,xbcvxb.dll,zfdzb.dll,xdndn.dll,xdfntt.dll,hgfhk.dll,dnteh.dll,xfng.dll,njritc.dll,chmfcmh.dll,jwlah.dll,gmnait.dll,hfjg.dll,thurh.dll,mgmgmm.dll,oqrthc.dll,sdrfh.dll,jyjlt.dll,ijatnaw.dll,sehhter.dll,fhjfg.dll,zdbdb.dll,ydgn.dll,dbfb.dll,fjnbv.dll,jrhhh.dll,setrhes.dll,cdxbfxdb.dll,xfgnxfn.dll,gjkhj.dll,xdhdg.dll,rhs.dll,mrjhtjd.dll,zdbfbd.dll,fjyjy.dll,fxnfnh.dll,bjrvm.dll,ektvm.dll,ghthhh.dll,yjrfe.dll,dscef.dll,crugd.dll,lariytrz.dll,hjaiq.dll,kduy.dll,hkfgh.dll,awef.dll,dfhsh.dll,ethsh.dll,stehs.dll,sthth.dll,wfhyt.dll,rgghjj.dll,ghjkdr.dll,hfther.dll,> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [(Verified)Beijing Rising Science and Technology Corporation Limited] <{2B69874A-C58C-458D-69F0-698F874E41B2}><C:\WINDOWS\system32\lassaplo.dll> [N/A] <{45AADFAA-DD36-42AB-83AD-0521BBF58C24}><C:\WINDOWS\system32\zdesfx.dll> [N/A] <{25FD6584-698F-BCD2-602C-698745210352}><C:\WINDOWS\system32\rijxbkin.dll> [N/A] <{9490415F-65F8-B5C5-D8BA-9405FB120549}><C:\WINDOWS\system32\yzztimsn.dll> [N/A] <{50940F85-F015-14F1-A05F-F69858AC6D05}><C:\WINDOWS\system32\zptlcsys.dll> [N/A] <{4C69034A-F45F-D34D-A33A-C33C4D324FC4}><C:\WINDOWS\system32\arjrbler.dll> [N/A] <{5E907A48-400E-4EA8-9792-FFAE052D59E9}><C:\WINDOWS\system32\pedadt.dll> [N/A] <{1E51C0FD-EE36-434B-AD2A-FD1FF3731C38}><C:\WINDOWS\system32\wyrsdj.dll> [N/A] <{32023698-6984-8541-9654-698745012523}><C:\WINDOWS\system32\skqncbib.dll> [N/A] <{91954FAC-1023-154F-895A-1458258AD819}><C:\WINDOWS\system32\ypdjgbmp.dll> [N/A] <{4D165A2A-4BC1-4CA8-8299-08E05AAAB5A4}><C:\WINDOWS\system32\tdggrz.dll> [N/A] <{EA5D4B0E-B8CE-4761-8C7E-5D26369F0EC6}><C:\WINDOWS\system32\fsrgeb.dll> [N/A] <{875E07B1-0614-43D9-A76E-D76A28AB3D7B}><C:\WINDOWS\system32\tfsdmz.dll> [N/A] <{54FAE856-AD58-20CB-A025-CD4895FA6E45}><C:\WINDOWS\system32\pjjxedwd.dll> [N/A] <{17DFD111-BF3A-4CB4-ADB0-88FCBFE69821}><C:\WINDOWS\system32\hhrdxd.dll> [] <{45694105-5108-9405-3695-954187462154}><C:\WINDOWS\system32\mpwddapi.dll> [N/A] <{35671234-7890-ABCD-CDEF-567801237653}><C:\WINDOWS\system32\yxcschlp.dll> [N/A] <{43512378-9874-5641-1025-985420368734}><C:\WINDOWS\system32\oswxdttb.dll> [N/A] <{37AC9076-C898-B098-D098-A18319080973}><C:\WINDOWS\system32\nhmxcjkl.dll> [N/A] <{528DF602-9541-A985-210A-984A698C6F25}><C:\WINDOWS\system32\ptjhehlp.dll> [N/A] <{6FD45A54-9875-698F-E56E-65102358FDF6}><C:\WINDOWS\system32\apsgfjba.dll> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Windows Publisher] <JavaView><C:\WINDOWS\AppPatch\Jview.dll> [N/A] <ThunderAdvise><C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll> [Thunder Networking Technologies,LTD] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] <WinlogonNotify: WgaLogon><WgaLogon.dll> [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A] ================================== 启动文件夹 N/A ================================== 服务 [Human Interface Device Access / HidServ][Stopped/Disabled] <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A> [Rising Proxy Service / RfwProxySrv][Running/Auto Start] <c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.> [Rising Personal Firewall Service / RfwService][Running/Auto Start] <c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.> [Rising Process Communication Center / RsCCenter][Running/Auto Start] <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.> [Rising RealTime Monitor / RsRavMon][Stopped/Auto Start] <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.> [Windows Live Setup Service / WLSetupSvc][Stopped/Manual Start] <"C:\Program Files\Windows Live\installer\WLSetupSvc.exe"><Microsoft Corporation> ================================== 驱动程序 [Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start] <system32\drivers\ac97intc.sys><Intel Corporation> [Rising TDI Base Driver / BaseTDI][Running/Auto Start] <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.> [NVIDIA Compatible Windows Miniport Driver / cdralw][Stopped/Auto Start] <system32\DRIVERS\nvmini.sys><N/A> [eth8023 / eth8023][Stopped/Manual Start] <\SystemRoot\system32\drivers\eth8023.sys><N/A> [HookCont / HookCont][Running/System Start] <\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Technology Co., Ltd> [HookNtos / HookNtos][Running/System Start] <\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Technology Co., Ltd> [HookReg / HookReg][Running/System Start] <\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Technology Co., Ltd> [HookSys / HookSys][Running/System Start] <\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Technology Co., Ltd> [HookUrl / HookUrl][Running/Auto Start] <\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.> [IR Enumerator Service / IRENUM][Stopped/Manual Start] <system32\DRIVERS\irenum.sys><N/A> [killrs / killrs][Stopped/Manual Start] <\??\C:\DOCUME~1\jzg\LOCALS~1\Temp\killrs.sys><N/A> [npkcrypt / npkcrypt][Running/Auto Start] <\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.> [Direct Parallel Link Driver / Ptilink][Running/Manual Start] <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.> [Rising Rfwbase Driver / RfwBase][Running/Auto Start] <System32\DRIVERS\rfwbase.SYS><Beijing Rising Technology Co., Ltd.> [RsFwDrv / RsFwDrv][Running/System Start] <\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.> [RsNTGDI / RsNTGDI][Running/Boot Start] <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.> [Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start] <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation> [Secdrv / Secdrv][Stopped/Manual Start] <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.> [SiS300i / SiS300i][Running/Manual Start] <system32\DRIVERS\sis300ip.sys><Silicon Integrated Systems Corporation> [Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start] <system32\DRIVERS\SONYPVU1.SYS><Sony Corporation> [sptd / sptd][Running/Boot Start] <\SystemRoot\System32\Drivers\sptd.sys><N/A> ================================== 浏览器加载项 [SnagIt Toolbar Loader] {00C6482D-C502-44C8-8409-FCE54AD9C208} <C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll, TechSmith Corporation> [] {18093456-9012-4568-9076-908765467181} <C:\WINDOWS\system32\tisqatyu.dll, N/A> [] {22596546-2036-9451-6058-658402589722} <C:\WINDOWS\system32\opshbbty.dll, N/A> [] {25FD6584-698F-BCD2-602C-698745210352} <C:\WINDOWS\system32\rijxbkin.dll, N/A> [] {2B69874A-C58C-458D-69F0-698F874E41B2} <C:\WINDOWS\system32\lassaplo.dll, N/A> [Flashget Catch Url Class] {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <C:\Program Files\FlashGet\jccatch.dll, www.flashget.com> [IEHandle Class] {31EBA2E2-58B2-4980-9C41-F12F5F1422C5} <C:\Program Files\Common Files\Collegesoft\Share Components\TPHANDLE.dll, 江苏科建教育软件有限责任公司> [] {32023698-6984-8541-9654-698745012523} <C:\WINDOWS\system32\skqncbib.dll, N/A> [] {35671234-7890-ABCD-CDEF-567801237653} <C:\WINDOWS\system32\yxcschlp.dll, N/A> [] {37AC9076-C898-B098-D098-A18319080973} <C:\WINDOWS\system32\nhmxcjkl.dll, N/A> [] {43512378-9874-5641-1025-985420368734} <C:\WINDOWS\system32\oswxdttb.dll, N/A> [] {45694105-5108-9405-3695-954187462154} <C:\WINDOWS\system32\mpwddapi.dll, N/A> [] {4C69034A-F45F-D34D-A33A-C33C4D324FC4} <C:\WINDOWS\system32\arjrbler.dll, N/A> [] {50940F85-F015-14F1-A05F-F69858AC6D05} <C:\WINDOWS\system32\zptlcsys.dll, N/A> [] {528DF602-9541-A985-210A-984A698C6F25} <C:\WINDOWS\system32\ptjhehlp.dll, N/A> [] {54FAE856-AD58-20CB-A025-CD4895FA6E45} <C:\WINDOWS\system32\pjjxedwd.dll, N/A> [] {5A069845-2036-6084-9054-6087502480A5} <C:\WINDOWS\system32\ozfyebyt.dll, N/A> [] {6A041F13-A111-12A3-B0CF-F99818AA68A6} <C:\WINDOWS\system32\zxmscwin.dll, N/A> [] {6FD45A54-9875-698F-E56E-65102358FDF6} <C:\WINDOWS\system32\apsgfjba.dll, N/A> [] {77FD640A-158F-48AC-FD14-1597F14A9777} <C:\WINDOWS\system32\mndsgsrv.dll, N/A> [] {7C8D1401-A58D-A81C-CD24-A5915C4517C7} <C:\WINDOWS\system32\mnmhgsrv.dll, N/A> [] {83BA45AF-FAAA-CDDD-BEEE-BCDE1234AB38} <C:\WINDOWS\system32\yxfhcjpg.dll, N/A> [Windows Live 登录帮助程序] {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation> [] {91954FAC-1023-154F-895A-1458258AD819} <C:\WINDOWS\system32\ypdjgbmp.dll, N/A> [] {9490415F-65F8-B5C5-D8BA-9405FB120549} <C:\WINDOWS\system32\yzztimsn.dll, N/A> [ThunderHlpObj Class] {97421D0D-E07F-40DF-8F07-99597B9585AD} <C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll, Thunder Networking Technologies,LTD> [Windows Live Toolbar Helper] {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation> [FlashGet GetFlash Class] {F156768E-81EF-470C-9057-481BA8380DBA} <C:\Program Files\FlashGet\getflash.dll, www.flashget.com> [浩方对战平台] {0A155D3C-68E2-4215-A47A-E800A446447A} <C:\Program Files\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司> [打开记事本] {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <%windir%\system32\Notepad.exe, N/A> [快车] {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\Program Files\FlashGet\FlashGet.exe, FlashGet.com> [快车(FlashGet)] {E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\Program Files\FlashGet\fgiebar.dll, Amaze Soft> [SnagIt] {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} <C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll, TechSmith Corporation> [Windows Live Toolbar] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation> [MMCPlayer Class] {05C1004E-2596-48E5-8E26-39362985EEB9} <C:\WINDOWS\Downloaded Program Files\MMCShell.dll, Sohu.com Inc.> [Edit Class] {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\system32\CMBEdit.dll, > [iTrusPTA Class] {1E0DFFCF-27FF-4574-849B-55007349FEDA} <C:\WINDOWS\system32\aliedit\pta.dll, > [PhotoDraw Class] {2375BEE5-F175-4F1C-81EC-8E4E2E72E2DD} <C:\WINDOWS\system32\QQPhotoDraw.dll, TENCENT> [InputPassWd Class] {3A4C8311-C151-4462-BDE9-F777ABEE0063} <C:\WINDOWS\Downloaded Program Files\WebDll.dll, > [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.> [PasswordEditCtrl Class] {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技(深圳)有限公司> [SnagIt Toolbar Loader] {00C6482D-C502-44C8-8409-FCE54AD9C208} <C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll, TechSmith Corporation> [] {18093456-9012-4568-9076-908765467181} <C:\WINDOWS\system32\tisqatyu.dll, N/A> [] {22596546-2036-9451-6058-658402589722} <C:\WINDOWS\system32\opshbbty.dll, N/A> [] {25FD6584-698F-BCD2-602C-698745210352} <C:\WINDOWS\system32\rijxbkin.dll, N/A> [] {2B69874A-C58C-458D-69F0-698F874E41B2} <C:\WINDOWS\system32\lassaplo.dll, N/A> [Flashget Catch Url Class] {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <C:\Program Files\FlashGet\jccatch.dll, www.flashget.com> [IEHandle Class] {31EBA2E2-58B2-4980-9C41-F12F5F1422C5} <C:\Program Files\Common Files\Collegesoft\Share Components\TPHANDLE.dll, 江苏科建教育软件有限责任公司> [] {32023698-6984-8541-9654-698745012523} <C:\WINDOWS\system32\skqncbib.dll, N/A> [] {35671234-7890-ABCD-CDEF-567801237653} <C:\WINDOWS\system32\yxcschlp.dll, N/A> [] {37AC9076-C898-B098-D098-A18319080973} <C:\WINDOWS\system32\nhmxcjkl.dll, N/A> [] {3C954872-1230-6541-9548-6541025884C3} <C:\WINDOWS\system32\lijzclit.dll, N/A> [] {43512378-9874-5641-1025-985420368734} <C:\WINDOWS\system32\oswxdttb.dll, N/A> [] {45694105-5108-9405-3695-954187462154} <C:\WINDOWS\system32\mpwddapi.dll, N/A> [XML Document] {48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation> [] {4C69034A-F45F-D34D-A33A-C33C4D324FC4} <C:\WINDOWS\system32\arjrbler.dll, N/A> [] {50940F85-F015-14F1-A05F-F69858AC6D05} <C:\WINDOWS\system32\zptlcsys.dll, N/A> [] {528DF602-9541-A985-210A-984A698C6F25} <C:\WINDOWS\system32\ptjhehlp.dll, N/A> [] {54FAE856-AD58-20CB-A025-CD4895FA6E45} <C:\WINDOWS\system32\pjjxedwd.dll, N/A> [] {5A069845-2036-6084-9054-6087502480A5} <C:\WINDOWS\system32\ozfyebyt.dll, N/A> [] {6A041F13-A111-12A3-B0CF-F99818AA68A6} <C:\WINDOWS\system32\zxmscwin.dll, N/A> [] {6FD45A54-9875-698F-E56E-65102358FDF6} <C:\WINDOWS\system32\apsgfjba.dll, N/A> [] {77FD640A-158F-48AC-FD14-1597F14A9777} <C:\WINDOWS\system32\mndsgsrv.dll, N/A> [] {7C8D1401-A58D-A81C-CD24-A5915C4517C7} <C:\WINDOWS\system32\mnmhgsrv.dll, N/A> [] {83BA45AF-FAAA-CDDD-BEEE-BCDE1234AB38} <C:\WINDOWS\system32\yxfhcjpg.dll, N/A> [Microsoft Web 浏览器] {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation> [SnagIt] {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} <C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll, TechSmith Corporation> [Windows Live 登录帮助程序] {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation> [] {91954FAC-1023-154F-895A-1458258AD819} <C:\WINDOWS\system32\ypdjgbmp.dll, N/A> [] {9490415F-65F8-B5C5-D8BA-9405FB120549} <C:\WINDOWS\system32\yzztimsn.dll, N/A> [ThunderHlpObj Class] {97421D0D-E07F-40DF-8F07-99597B9585AD} <C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll, Thunder Networking Technologies,LTD> [Windows Live Toolbar] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation> [Windows Live Toolbar Helper] {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation> [AUDIO__X_MS_WMA Moniker Class] {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.> [快车(FlashGet)] {E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\Program Files\FlashGet\fgiebar.dll, Amaze Soft> [FlashGet GetFlash Class] {F156768E-81EF-470C-9057-481BA8380DBA} <C:\Program Files\FlashGet\getflash.dll, www.flashget.com> [&Windows Live Search] <res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm, N/A> [&使用快车(FlashGet)下载] <C:\Program Files\FlashGet\jc_link.htm, N/A> [&使用快车(FlashGet)下载全部链接] <C:\Program Files\FlashGet\jc_all.htm, N/A> [Add to Windows &Live Favorites] <http://favorites.live.com/quickadd.aspx, N/A> [在Foxmail中添加该RSS频道/频道组] <res://C:\WINDOWS\system32\fmrsslink.dll/201, N/A> [添加到QQ表情] <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A> [用比特精灵下载(&B)] <C:\Program Files\BitSpirit\bsurl.htm, N/A> ================================== 正在运行的进程 [PID: 452 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 512 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [PID: 536 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\hmsdvf.dll] [N/A, ] [C:\WINDOWS\system32\asfjthj.dll] [N/A, ] [C:\WINDOWS\system32\xfgnfx.dll] [N/A, ] [C:\WINDOWS\system32\hgfhk.dll] [N/A, ] [C:\WINDOWS\system32\njritc.dll] [N/A, ] [C:\WINDOWS\system32\oqrthc.dll] [N/A, ] [C:\WINDOWS\system32\zdbdb.dll] [N/A, ] [C:\WINDOWS\system32\xfgnxfn.dll] [N/A, ] [C:\WINDOWS\system32\lariytrz.dll] [N/A, ] [C:\WINDOWS\system32\kduy.dll] [N/A, ] [C:\WINDOWS\system32\WgaLogon.dll] [Microsoft Corporation, 1.7.0018.7] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 588 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [PID: 600 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [PID: 748 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [PID: 812 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [PID: 876 / SYSTEM][C:\Program Files\Rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.28] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [PID: 892 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)] [PID: 996 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [PID: 1080 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [PID: 1124 / SYSTEM][C:\PROGRAM FILES\RISING\RAV\ravmond.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.76] [C:\PROGRAM FILES\RISING\RAV\BWList.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.4] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.0] [C:\PROGRAM FILES\RISING\RAV\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.16] [C:\PROGRAM FILES\RISING\RAV\RsLog.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.34] [C:\PROGRAM FILES\RISING\RAV\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\PROGRAM FILES\RISING\RAV\MonRule.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.29] [C:\PROGRAM FILES\RISING\RAV\Hooksys.dll] [Beijing Rising Technology Co., Ltd, 22, 0, 0, 9] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [C:\PROGRAM FILES\RISING\RAV\HookReg.dll] [Beijing Rising Technology Co., Ltd, 22, 0, 0, 4] [C:\PROGRAM FILES\RISING\RAV\HookNtos.dll] [Beijing Rising Technology Co., Ltd, 22, 0, 0, 2] [C:\PROGRAM FILES\RISING\RAV\rswalmon.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 22] [C:\PROGRAM FILES\RISING\RAV\recomp.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 39] [C:\PROGRAM FILES\RISING\RAV\refs.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 17] [C:\PROGRAM FILES\RISING\RAV\ffr.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 15] [C:\Program Files\Rising\Rav\RsStore.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.8] [C:\PROGRAM FILES\RISING\RAV\HookCont.dll] [Beijing Rising Technology Co., Ltd, 22, 0, 0, 1] [C:\Program Files\Rising\Rav\fakescan.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.13] [C:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.36] [C:\PROGRAM FILES\RISING\RAV\viruslib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26] [C:\PROGRAM FILES\RISING\RAV\relibldr.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [C:\PROGRAM FILES\RISING\RAV\HookWeb.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.2] [C:\PROGRAM FILES\RISING\RAV\nvfile.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 6] [C:\PROGRAM FILES\RISING\RAV\scanexec.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\PROGRAM FILES\RISING\RAV\unexe.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 5] [C:\PROGRAM FILES\RISING\RAV\scanex.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 77] [C:\PROGRAM FILES\RISING\RAV\extfile.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 29] [C:\PROGRAM FILES\RISING\RAV\pearc.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 5] [C:\PROGRAM FILES\RISING\RAV\posttrt.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 21] [C:\PROGRAM FILES\RISING\RAV\scanpack.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9] [C:\PROGRAM FILES\RISING\RAV\revm.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 8] [C:\PROGRAM FILES\RISING\RAV\urutils.dll] [, 20, 0, 0, 6] [C:\PROGRAM FILES\RISING\RAV\ur000.dat] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 18] [C:\PROGRAM FILES\RISING\RAV\scriptci.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3] [C:\PROGRAM FILES\RISING\RAV\uroutine.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26] [C:\PROGRAM FILES\RISING\RAV\scansct.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9] [C:\PROGRAM FILES\RISING\RAV\ur001.dat] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3] [C:\PROGRAM FILES\RISING\RAV\ur023.dat] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 1] [PID: 1136 / SYSTEM][c:\program files\rising\rfw\rfwsrv.exe] [Beijing Rising Technology Co., Ltd., 7.0.0.68] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\hmsdvf.dll] [N/A, ] [C:\WINDOWS\system32\asfjthj.dll] [N/A, ] [C:\WINDOWS\system32\xfgnfx.dll] [N/A, ] [C:\WINDOWS\system32\hgfhk.dll] [N/A, ] [C:\WINDOWS\system32\njritc.dll] [N/A, ] [C:\WINDOWS\system32\oqrthc.dll] [N/A, ] [C:\WINDOWS\system32\zdbdb.dll] [N/A, ] [C:\WINDOWS\system32\xfgnxfn.dll] [N/A, ] [C:\WINDOWS\system32\lariytrz.dll] [N/A, ] [C:\WINDOWS\system32\kduy.dll] [N/A, ] [C:\Program Files\Rising\Rfw\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [c:\program files\rising\rfw\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [c:\program files\rising\rfw\RSAPPMGR.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.0] [c:\program files\rising\rfw\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.16] [c:\program files\rising\rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.13] [c:\program files\rising\rfw\rfwlog.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.12] [c:\program files\rising\rfw\Rfwdrv.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.41] [c:\program files\rising\rfw\psapi.dll] [Microsoft Corporation, 4.00] [c:\program files\rising\rfw\ijt_ctrl.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.0] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [c:\program files\rising\rfw\unvdet.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.5] [c:\program files\rising\rfw\mPorts.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.3] [PID: 1248 / SYSTEM][c:\program files\rising\rfw\rfwproxy.exe] [Beijing Rising Technology Co., Ltd., 7.0.0.33] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\hmsdvf.dll] [N/A, ] [C:\WINDOWS\system32\asfjthj.dll] [N/A, ] [C:\WINDOWS\system32\xfgnfx.dll] [N/A, ] [C:\WINDOWS\system32\hgfhk.dll] [N/A, ] [C:\WINDOWS\system32\njritc.dll] [N/A, ] [C:\WINDOWS\system32\oqrthc.dll] [N/A, ] [C:\WINDOWS\system32\zdbdb.dll] [N/A, ] [C:\WINDOWS\system32\xfgnxfn.dll] [N/A, ] [C:\WINDOWS\system32\lariytrz.dll] [N/A, ] [C:\WINDOWS\system32\kduy.dll] [N/A, ] [c:\program files\rising\rfw\psapi.dll] [Microsoft Corporation, 4.00] [C:\Program Files\Rising\Rfw\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [c:\program files\rising\rfw\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [c:\program files\rising\rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.13] [c:\program files\rising\rfw\urlrule.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 9] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [c:\program files\rising\rfw\MonMid.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4] [PID: 1440 / SYSTEM][c:\program files\rising\rfw\rfwstub.exe] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\hmsdvf.dll] [N/A, ] [C:\WINDOWS\system32\asfjthj.dll] [N/A, ] [C:\WINDOWS\system32\xfgnfx.dll] [N/A, ] [C:\WINDOWS\system32\hgfhk.dll] [N/A, ] [C:\WINDOWS\system32\njritc.dll] [N/A, ] [C:\WINDOWS\system32\zdbdb.dll] [N/A, ] [C:\WINDOWS\system32\xfgnxfn.dll] [N/A, ] [C:\WINDOWS\system32\lariytrz.dll] [N/A, ] [C:\WINDOWS\system32\kduy.dll] [N/A, ] [C:\WINDOWS\system32\oqrthc.dll] [N/A, ] [c:\program files\rising\rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [PID: 1664 / SYSTEM][C:\PROGRAM FILES\RISING\RAV\RavStub.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.9] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [C:\PROGRAM FILES\RISING\RAV\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [PID: 1892 / jzg][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)] [C:\WINDOWS\system32\hmsdvf.dll] [N/A, ] [C:\WINDOWS\system32\asfjthj.dll] [N/A, ] [C:\WINDOWS\system32\xfgnfx.dll] [N/A, ] [C:\WINDOWS\system32\njritc.dll] [N/A, ] [C:\WINDOWS\system32\xfgnxfn.dll] [N/A, ] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [C:\WINDOWS\system32\ujkwet.dll] [N/A, ] [C:\WINDOWS\system32\tuker.dll] [N/A, ] [C:\WINDOWS\system32\WPDShServiceObj.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\apsgfjba.dll] [N/A, ] [C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 74] [C:\WINDOWS\system32\nhmxcjkl.dll] [N/A, ] [C:\WINDOWS\system32\ptjhehlp.dll] [N/A, ] [C:\WINDOWS\system32\PortableDeviceTypes.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\hhrdxd.dll] [N/A, ] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.17] [C:\WINDOWS\system32\l3codeca.acm] [Fraunhofer Institut Integrierte Schaltungen IIS, 1, 9, 0, 0305] [C:\Program Files\WinRAR\rarext.dll] [N/A, ] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [E:\tools\FTC木~1\ftc\Commenu.dll] [Fygsoft and Microsoft, 2.0.0.0] [PID: 1916 / jzg][c:\program files\rising\rfw\RfwMain.exe] [Beijing Rising Technology Co., Ltd., 7.0.1.65] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [c:\program files\rising\rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 88] [C:\Program Files\Rising\Rfw\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [c:\program files\rising\rfw\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [c:\program files\rising\rfw\RSAPPMGR.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.0] [c:\program files\rising\rfw\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.16] [c:\program files\rising\rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [c:\program files\rising\rfw\RfwCtrl.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.7] [c:\program files\rising\rfw\RsXML.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0] [c:\program files\rising\rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [c:\program files\rising\rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.13] [PID: 1924 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)] [C:\WINDOWS\system32\hmsdvf.dll] [N/A, ] [C:\WINDOWS\system32\asfjthj.dll] [N/A, ] [C:\WINDOWS\system32\xfgnfx.dll] [N/A, ] [C:\WINDOWS\system32\hgfhk.dll] [N/A, ] [C:\WINDOWS\system32\njritc.dll] [N/A, ] [C:\WINDOWS\system32\oqrthc.dll] [N/A, ] [C:\WINDOWS\system32\zdbdb.dll] [N/A, ] [C:\WINDOWS\system32\xfgnxfn.dll] [N/A, ] [C:\WINDOWS\system32\lariytrz.dll] [N/A, ] [C:\WINDOWS\system32\kduy.dll] [N/A, ] [C:\WINDOWS\system32\gjbhr.dll] [N/A, ] [C:\WINDOWS\system32\ghjyer.dll] [N/A, ] [C:\WINDOWS\system32\ergfwe.dll] [N/A, ] [C:\WINDOWS\system32\jkjkll.dll] [N/A, ] [C:\WINDOWS\system32\tuker.dll] [N/A, ] [C:\WINDOWS\system32\ujkwet.dll] [N/A, ] [C:\WINDOWS\system32\hjk.dll] [N/A, ] [C:\WINDOWS\system32\sergy.dll] [N/A, ] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [E:\tools\ftc木马清道夫(破解)\ftc\ProcessHook.dll] [Fygsoft and Microsoft, 1.0.0.33] [E:\tools\ftc木马清道夫(破解)\ftc\PassProtect.dll] [Fygsoft and Microsoft, 2.0.0.92] [E:\tools\ftc木马清道夫(破解)\ftc\Filehook.dll] [Fygsoft and Microsoft, 2.0.0.0] [E:\tools\ftc木马清道夫(破解)\ftc\SocketMon.dll] [Fygsoft and Microsoft, 1.1.0.0] [PID: 2328 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\System32\hmsdvf.dll] [N/A, ] [C:\WINDOWS\System32\asfjthj.dll] [N/A, ] [C:\WINDOWS\System32\xfgnfx.dll] [N/A, ] [C:\WINDOWS\System32\njritc.dll] [N/A, ] [C:\WINDOWS\System32\xfgnxfn.dll] [N/A, ] [E:\tools\ftc木马清道夫(破解)\ftc\ProcessHook.dll] [Fygsoft and Microsoft, 1.0.0.33] [E:\tools\ftc木马清道夫(破解)\ftc\PassProtect.dll] [Fygsoft and Microsoft, 2.0.0.92] [E:\tools\ftc木马清道夫(破解)\ftc\Filehook.dll] [Fygsoft and Microsoft, 2.0.0.0] [E:\tools\ftc木马清道夫(破解)\ftc\SocketMon.dll] [Fygsoft and Microsoft, 1.1.0.0] [PID: 2868 / jzg][C:\Program Files\Rising\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.23] [C:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 20.0.0.0] [C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.16] [PID: 2884 / jzg][C:\Program Files\Rising\Rav\Ravmon.exe] [Beijing Rising Technology Co., Ltd., 20.0.01.19] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [C:\Program Files\Rising\Rav\recomp.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 39] [C:\Program Files\Rising\Rav\refs.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 17] [C:\Program Files\Rising\Rav\viruslib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26] [C:\Program Files\Rising\Rav\relibldr.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [C:\Program Files\Rising\Rav\RSAPPMGR.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.0] [C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.16] [C:\Program Files\Rising\Rav\MonRule.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.29] [C:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4] [C:\Program Files\Rising\Rav\Rsguilib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 88] [C:\Program Files\Rising\Rav\RsXML.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0] [PID: 2900 / jzg][E:\tools\ftc木马清道夫(破解)\ftc\Trojanwall.exe] [风云谷, 4.7.0.1405] [C:\WINDOWS\system32\hmsdvf.dll] [N/A, ] [C:\WINDOWS\system32\asfjthj.dll] [N/A, ] [C:\WINDOWS\system32\xfgnfx.dll] [N/A, ] [C:\WINDOWS\system32\njritc.dll] [N/A, ] [C:\WINDOWS\system32\xfgnxfn.dll] [N/A, ] [E:\tools\ftc木马清道夫(破解)\ftc\psapi.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)] [E:\tools\ftc木马清道夫(破解)\ftc\ftcapi.dll] [fygsoft, 1.0.0.0] [C:\WINDOWS\system32\tuker.dll] [N/A, ] [C:\WINDOWS\system32\ujkwet.dll] [N/A, ] [E:\tools\ftc木马清道夫(破解)\ftc\ProcessHook.dll] [Fygsoft and Microsoft, 1.0.0.33] [E:\tools\ftc木马清道夫(破解)\ftc\PassProtect.dll] [Fygsoft and Microsoft, 2.0.0.92] [E:\tools\ftc木马清道夫(破解)\ftc\Filehook.dll] [Fygsoft and Microsoft, 2.0.0.0] [E:\tools\ftc木马清道夫(破解)\ftc\SocketMon.dll] [Fygsoft and Microsoft, 1.1.0.0] [C:\WINDOWS\system32\hhrdxd.dll] [N/A, ] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 2948 / jzg][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\hmsdvf.dll] [N/A, ] [C:\WINDOWS\system32\asfjthj.dll] [N/A, ] [C:\WINDOWS\system32\xfgnfx.dll] [N/A, ] [C:\WINDOWS\system32\njritc.dll] [N/A, ] [C:\WINDOWS\system32\xfgnxfn.dll] [N/A, ] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [C:\WINDOWS\system32\tuker.dll] [N/A, ] [C:\WINDOWS\system32\ujkwet.dll] [N/A, ] [C:\WINDOWS\system32\hhrdxd.dll] [N/A, ] [E:\tools\ftc木马清道夫(破解)\ftc\ProcessHook.dll] [Fygsoft and Microsoft, 1.0.0.33] [E:\tools\ftc木马清道夫(破解)\ftc\PassProtect.dll] [Fygsoft and Microsoft, 2.0.0.92] [E:\tools\ftc木马清道夫(破解)\ftc\Filehook.dll] [Fygsoft and Microsoft, 2.0.0.0] [E:\tools\ftc木马清道夫(破解)\ftc\SocketMon.dll] [Fygsoft and Microsoft, 1.1.0.0] [PID: 3808 / jzg][C:\Program Files\Foxmail\Foxmail.exe] [Tencent Inc., 6, 10, 201, 20] [C:\WINDOWS\system32\hmsdvf.dll] [N/A, ] [C:\WINDOWS\system32\asfjthj.dll] [N/A, ] [C:\WINDOWS\system32\xfgnfx.dll] [N/A, ] [C:\WINDOWS\system32\njritc.dll] [N/A, ] [C:\WINDOWS\system32\xfgnxfn.dll] [N/A, ] [E:\tools\ftc木马清道夫(破解)\ftc\ProcessHook.dll] [Fygsoft and Microsoft, 1.0.0.33] [E:\tools\ftc木马清道夫(破解)\ftc\PassProtect.dll] [Fygsoft and Microsoft, 2.0.0.92] [C:\WINDOWS\system32\tuker.dll] [N/A, ] [C:\WINDOWS\system32\ujkwet.dll] [N/A, ] [C:\WINDOWS\system32\MAPI32.DLL] [Microsoft Corporation, 1.0.2536.0 (XPClient.010817-1148)] [C:\Program Files\Foxmail\FoxAntiSpam.dll] [N/A, ] [C:\Program Files\Foxmail\pcre.dll] [N/A, ] [C:\WINDOWS\system32\hhrdxd.dll] [N/A, ] [C:\Program Files\Foxmail\3rdParty\punylib.dll] [CNNIC, 1, 0, 0, 3] [E:\tools\ftc木马清道夫(破解)\ftc\Filehook.dll] [Fygsoft and Microsoft, 2.0.0.0] [E:\tools\ftc木马清道夫(破解)\ftc\SocketMon.dll] [Fygsoft and Microsoft, 1.1.0.0] [PID: 1784 / jzg][C:\WINDOWS\system32\taskmgr.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\hmsdvf.dll] [N/A, ] [C:\WINDOWS\system32\asfjthj.dll] [N/A, ] [C:\WINDOWS\system32\xfgnfx.dll] [N/A, ] [C:\WINDOWS\system32\njritc.dll] [N/A, ] [C:\WINDOWS\system32\xfgnxfn.dll] [N/A, ] [E:\tools\ftc木马清道夫(破解)\ftc\ProcessHook.dll] [Fygsoft and Microsoft, 1.0.0.33] [E:\tools\ftc木马清道夫(破解)\ftc\PassProtect.dll] [Fygsoft and Microsoft, 2.0.0.92] [C:\WINDOWS\system32\tuker.dll] [N/A, ] [C:\WINDOWS\system32\ujkwet.dll] [N/A, ] [C:\WINDOWS\system32\hhrdxd.dll] [N/A, ] [E:\tools\ftc木马清道夫(破解)\ftc\Filehook.dll] [Fygsoft and Microsoft, 2.0.0.0] [E:\tools\ftc木马清道夫(破解)\ftc\SocketMon.dll] [Fygsoft and Microsoft, 1.1.0.0] [PID: 4060 / jzg][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\hmsdvf.dll] [N/A, ] [C:\WINDOWS\system32\asfjthj.dll] [N/A, ] [C:\WINDOWS\system32\xfgnfx.dll] [N/A, ] [C:\WINDOWS\system32\njritc.dll] [N/A, ] [C:\WINDOWS\system32\xfgnxfn.dll] [N/A, ] [E:\tools\ftc木马清道夫(破解)\ftc\ProcessHook.dll] [Fygsoft and Microsoft, 1.0.0.33] [E:\tools\ftc木马清道夫(破解)\ftc\PassProtect.dll] [Fygsoft and Microsoft, 2.0.0.92] [E:\tools\ftc木马清道夫(破解)\ftc\Filehook.dll] [Fygsoft and Microsoft, 2.0.0.0] [E:\tools\ftc木马清道夫(破解)\ftc\SocketMon.dll] [Fygsoft and Microsoft, 1.1.0.0] [C:\WINDOWS\system32\tuker.dll] [N/A, ] [C:\WINDOWS\system32\ujkwet.dll] [N/A, ] [C:\WINDOWS\system32\hhrdxd.dll] [N/A, ] [PID: 1324 / jzg][C:\Program Files\Tencent\QQ\TXPlatform.exe] [Tencent, 1, 0, 170, 0] [C:\WINDOWS\system32\hmsdvf.dll] [N/A, ] [C:\WINDOWS\system32\asfjthj.dll] [N/A, ] [C:\WINDOWS\system32\xfgnfx.dll] [N/A, ] [C:\WINDOWS\system32\njritc.dll] [N/A, ] [C:\WINDOWS\system32\xfgnxfn.dll] [N/A, ] [E:\tools\ftc木马清道夫(破解)\ftc\ProcessHook.dll] [Fygsoft and Microsoft, 1.0.0.33] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [E:\tools\ftc木马清道夫(破解)\ftc\PassProtect.dll] [Fygsoft and Microsoft, 2.0.0.92] [E:\tools\ftc木马清道夫(破解)\ftc\Filehook.dll] [Fygsoft and Microsoft, 2.0.0.0] [E:\tools\ftc木马清道夫(破解)\ftc\SocketMon.dll] [Fygsoft and Microsoft, 1.1.0.0] [C:\WINDOWS\system32\tuker.dll] [N/A, ] [C:\WINDOWS\system32\ujkwet.dll] [N/A, ] [C:\WINDOWS\system32\hhrdxd.dll] [N/A, ] [PID: 3232 / jzg][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\hmsdvf.dll] [N/A, ] [C:\WINDOWS\system32\asfjthj.dll] [N/A, ] [C:\WINDOWS\system32\xfgnfx.dll] [N/A, ] [C:\WINDOWS\system32\njritc.dll] [N/A, ] [C:\WINDOWS\system32\xfgnxfn.dll] [N/A, ] [E:\tools\ftc木马清道夫(破解)\ftc\ProcessHook.dll] [Fygsoft and Microsoft, 1.0.0.33] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [E:\tools\ftc木马清道夫(破解)\ftc\PassProtect.dll] [Fygsoft and Microsoft, 2.0.0.92] [E:\tools\ftc木马清道夫(破解)\ftc\Filehook.dll] [Fygsoft and Microsoft, 2.0.0.0] [E:\tools\ftc木马清道夫(破解)\ftc\SocketMon.dll] [Fygsoft and Microsoft, 1.1.0.0] [C:\WINDOWS\system32\tuker.dll] [N/A, ] [C:\WINDOWS\system32\ujkwet.dll] [N/A, ] [C:\Program Files\Windows Live Toolbar\msntb.dll] [Microsoft Corporation, 03.01.0000.0146] [C:\Program Files\Windows Live Toolbar\zh-cn\mtbres.dll.mui] [Microsoft Corporation, 03.00.0001.2012] [C:\Program Files\Windows Live Toolbar\mtbres.dll] [Microsoft Corporation, 03.01.0000.0146] [C:\Program Files\Windows Live Toolbar\Tem.dll] [Microsoft Corporation, 03.01.0000.0146] [C:\Program Files\Windows Live Toolbar\zh-cn\searchboxRes.dll.mui] [Microsoft Corporation, 03.00.0001.2012] [C:\Program Files\Windows Live Toolbar\searchboxRes.dll] [Microsoft Corporation, 03.01.0000.0146] [C:\Program Files\Windows Live Toolbar\Components\zh-cn\hvres.dll.mui] [Microsoft Corporation, 03.00.0001.2012] [C:\Program Files\Windows Live Toolbar\Components\hvres.dll] [Microsoft Corporation, 03.01.0000.0146] [C:\Program Files\Windows Live Toolbar\zh-cn\CMRes.dll.mui] [Microsoft Corporation, 03.00.0001.2032] [C:\Program Files\Windows Live Toolbar\CMRes.dll] [Microsoft Corporation, 03.01.0000.0146] [C:\Program Files\Windows Live Favorites\wlfext.dll] [Microsoft Corporation, 03.01.0000.0146] [C:\Program Files\Windows Live Toolbar\zh-cn\msn_slrs.DLL.mui] [Microsoft Corporation, 03.00.0001.2012] [C:\Program Files\Windows Live Toolbar\msn_slrs.DLL] [Microsoft Corporation, 03.01.0000.0146] [C:\Program Files\Windows Live Toolbar\Components\zh-cn\MSNExtensionRes.dll.mui] [Microsoft Corporation, 03.00.0001.2012] [C:\Program Files\Windows Live Toolbar\Components\MSNExtensionRes.dll] [Microsoft Corporation, 03.01.0000.0146] [C:\Program Files\Windows Live Toolbar\Components\zh-cn\SmaMenRes.dll.mui] [Microsoft Corporation。, 03.00.0001.2012] [C:\Program Files\Windows Live Toolbar\Components\SmaMenRes.dll] [Microsoft Corporation., 03.01.0000.0146] [C:\Program Files\Windows Live Toolbar\zh-cn\CBRes.dll.mui] [Microsoft Corporation, 03.01.0000.0146] [C:\Program Files\Windows Live Toolbar\CBRes.dll] [Microsoft Corporation, 03.01.0000.0146] [C:\Program Files\Windows Live Toolbar\Components\msnHiliteViewer.dll] [Microsoft Corporation, 03.01.0000.0146] [C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll] [TechSmith Corporation, 8.2.3.14] [C:\Program Files\FlashGet\jccatch.dll] [www.flashget.com, 1, 8, 1, 1005] [C:\Program Files\Common Files\Collegesoft\Share Components\TPHANDLE.dll] [江苏科建教育软件有限责任公司, 5, 1, 8, 1] [C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll] [Microsoft Corporation, 4.200.520.1] [C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 74] [C:\Program Files\Common Files\Microsoft Shared\Windows Live\msidcrl40.dll] [Microsoft Corporation, 4.200.520.1] [C:\Program Files\Windows Live Toolbar\searchbox.dll] [Microsoft Corporation, 03.01.0000.0146] [C:\Program Files\Windows Live Toolbar\stmain.dll] [Microsoft Corporation, 03.01.0000.0146] [C:\Program Files\Windows Live Toolbar\cm.dll] [Microsoft Corporation, 03.01.0000.0146] [C:\Program Files\Windows Live Toolbar\msn_slps.dll] [Microsoft Corporation, 03.01.0000.0146] [C:\Program Files\Windows Live Toolbar\Components\WLExtension.dll] [Microsoft Corporation, 03.01.0000.0146] [C:\Program Files\Windows Live Toolbar\Components\smamen.dll] [Microsoft Corporation., 03.01.0000.0146] [C:\Program Files\Windows Live Toolbar\CB.dll] [Microsoft Corporation, 03.01.0000.0146] [C:\WINDOWS\system32\hhrdxd.dll] [N/A, ] [C:\Program Files\Windows Live Favorites\WLFExtRes.dll] [Microsoft Corporation, 03.00.0001.2012] [C:\Program Files\Windows Live Favorites\TBIDCRL.dll] [Microsoft Corporation, 03.01.0000.0146] [C:\Program Files\FlashGet\getflash.dll] [www.flashget.com, 1, 8, 1, 1002] [C:\Program Files\Windows Live Toolbar\Components\COMCRF\COMCRF.dll] [Microsoft Corporation., 03.01.0000.0146] [C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3] [C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx] [Adobe Systems, Inc., 9,0,115,0] [PID: 2908 / jzg][C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe] [Microsoft Corporation, 4.200.520.1] [C:\WINDOWS\system32\hmsdvf.dll] [N/A, ] [C:\WINDOWS\system32\asfjthj.dll] [N/A, ] [C:\WINDOWS\system32\xfgnfx.dll] [N/A, ] [C:\WINDOWS\system32\njritc.dll] [N/A, ] [C:\WINDOWS\system32\xfgnxfn.dll] [N/A, ] [E:\tools\ftc木马清道夫(破解)\ftc\ProcessHook.dll] [Fygsoft and Microsoft, 1.0.0.33] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [E:\tools\ftc木马清道夫(破解)\ftc\PassProtect.dll] [Fygsoft and Microsoft, 2.0.0.92] [E:\tools\ftc木马清道夫(破解)\ftc\Filehook.dll] [Fygsoft and Microsoft, 2.0.0.0] [E:\tools\ftc木马清道夫(破解)\ftc\SocketMon.dll] [Fygsoft and Microsoft, 1.1.0.0] [C:\WINDOWS\system32\tuker.dll] [N/A, ] [C:\WINDOWS\system32\ujkwet.dll] [N/A, ] [C:\Program Files\Common Files\Microsoft Shared\Windows Live\msidcrl40.dll] [Microsoft Corporation, 4.200.520.1] [C:\WINDOWS\system32\hhrdxd.dll] [N/A, ] [PID: 1816 / jzg][E:\tools\sreng2\sreng2\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900] [C:\WINDOWS\system32\hmsdvf.dll] [N/A, ] [C:\WINDOWS\system32\asfjthj.dll] [N/A, ] [C:\WINDOWS\system32\xfgnfx.dll] [N/A, ] [C:\WINDOWS\system32\njritc.dll] [N/A, ] [C:\WINDOWS\system32\xfgnxfn.dll] [N/A, ] [E:\tools\ftc木马清道夫(破解)\ftc\ProcessHook.dll] [Fygsoft and Microsoft, 1.0.0.33] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [E:\tools\ftc木马清道夫(破解)\ftc\PassProtect.dll] [Fygsoft and Microsoft, 2.0.0.92] [E:\tools\ftc木马清道夫(破解)\ftc\Filehook.dll] [Fygsoft and Microsoft, 2.0.0.0] [E:\tools\ftc木马清道夫(破解)\ftc\SocketMon.dll] [Fygsoft and Microsoft, 1.1.0.0] [C:\WINDOWS\system32\tuker.dll] [N/A, ] [C:\WINDOWS\system32\ujkwet.dll] [N/A, ] [C:\WINDOWS\system32\hhrdxd.dll] [N/A, ] [E:\tools\sreng2\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15] ================================== 文件关联 .TXT Error. [C:\WINDOWS\notepad.exe %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM Error. ["hh.exe" %1] .HLP Error. [winhlp32.exe %1] .INI Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 N/A ================================== Autorun.inf N/A ================================== HOSTS 文件 N/A ================================== 进程特权扫描 特殊特权被允许: SeSystemtimePrivilege [PID = 2900, E:\TOOLS\FTC木马清道夫(破解)\FTC\TROJANWALL.EXE] 特殊特权被允许: SeDebugPrivilege [PID = 2900, E:\TOOLS\FTC木马清道夫(破解)\FTC\TROJANWALL.EXE] 特殊特权被允许: SeLoadDriverPrivilege [PID = 2900, E:\TOOLS\FTC木马清道夫(破解)\FTC\TROJANWALL.EXE] ================================== API HOOK CreateProcessA (危险等级: 一般, 被下面模块所HOOK: ) CreateProcessW (危险等级: 一般, 被下面模块所HOOK: ) 入口点错误:FreeLibrary (危险等级: 高, 被下面模块所HOOK: 0x5F00002D) ================================== 隐藏进程 N/A ================================== [/CODE] ☆─────────────────────────────────────☆ rebirthatsix (茫犭者-算法盲) 于 (Mon Jun 16 20:06:29 2008) 提到: 你自己看看,是没有了么。。。。一个都没少,全在那呢,跟你说了,你这边改完立刻就会被改回去,用erd commander或者其他用光盘载入的操作系统 ☆─────────────────────────────────────☆ rebirthatsix (茫犭者-算法盲) 于 (Mon Jun 16 20:20:57 2008) 提到: 【 在 kissblue 的大作中提到: 】 : ls头像很暴力... 。。。。。。还行,没有猫哥的暴力 ☆─────────────────────────────────────☆ q27024641 (果丹皮) 于 (Tue Jun 17 11:37:07 2008) 提到: Trojan.WoWar7168.d 怎么杀啊?另外,我订的深山红叶明天上午就能到货。我要跟这个病毒死磕到底 伟大的斑竹,请赐予我力量吧~~~~当当当当当当当当.....(背景音乐为西曼主题曲) 额,西曼是个动画片,就是光着膀子耍大刀的那个 ☆─────────────────────────────────────☆ rebirthatsix (茫犭者-算法盲) 于 (Tue Jun 17 12:49:29 2008) 提到: 【 在 q27024641 的大作中提到: 】 : Trojan.WoWar7168.d : 怎么杀啊?另外,我订的深山红叶明天上午就能到货。我要跟这个病毒死磕到底 : 伟大的斑竹,请赐予我力量吧~~~~当当当当当当当当.....(背景音乐为西曼主题曲) : ................... 订的。。。。网上有下阿
订阅后,新回复会通过你的通知中心匿名送达。
0 条回复
暂无回复 · 你可以订阅本帖等待新回复。