中国最大的反病毒和网络安全技术门户网站
剑盟中国主页 | 扑奔PPT门户 | 安全资讯 | 会员博客 | 会员相册 | 会员商城 | 资源下载 | 反病毒救援
‹‹ 上一主题 | 下一主题 ››
发新话题
打印

[求助] 重启又感染了(附扫描报告)

蓝色风云

共赏四书意

Rank: 3Rank: 3

UID
250634 
积分
150 
活跃度
375  
楼主 发表于 2008-5-18 12:55  只看该作者

重启又感染了(附扫描报告)

刚用windows清理助手和磁碟机专杀处理后 一切正常
重启又感染了,请高手帮忙看看日志

2008-05-18,12:53:59

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <Antispy ARP><C:\Program Files\Kingsoft\Antiarp\KASArp.EXE>  [(Verified)KINGSOFT CORPORATION]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <SoundMAXPnP><C:\Program Files\Analog Devices\Core\smax4pnp.exe>  [(Verified)Microsoft Windows Publisher]
    <SoundMAX><"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray>  [Analog Devices, Inc.]
    <BluetoothAuthenticationAgent><rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent>  [(Verified)Microsoft Windows Publisher]
    <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [(Verified)BEIJING RISING SCIENCE AND TECHNOLOGY CORPORATION LIMITED]
    <AutoGuarder><"E:\软件\Autorun病毒防御者\arvmon.exe" /mini>  [任软工作室]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
    <360Safetray><C:\Program Files\360safe\safemon\360Tray.exe /start>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <spngmdgm><C:\WINDOWS\pgdmybsu.exe>  []
    <fmsiocps><C:\WINDOWS\fmsiocps.exe>  []
    <anistio><C:\WINDOWS\anistio.exE>  []
    <dionpis><C:\WINDOWS\dionpis.exe>  []
    <isndntio><C:\WINDOWS\isndntio.exe>  []
    <mfchlp64><C:\WINDOWS\mfchlp64.exe>  []
    <fmsjhif><C:\WINDOWS\fmsjhif.exe>  []
    <fmsbbqi><C:\WINDOWS\fmsbbqi.exe>  []
    <dbhlp32><C:\WINDOWS\dbhlp32.exe>  []
    <tciocp64><C:\WINDOWS\tciocp64.exe>  []
    <hefcndy><C:\WINDOWS\hefcndy.exe>  []
    <ticisms><C:\WINDOWS\ticisms.exe>  []
    <ptshell><C:\WINDOWS\ptshell.exe>  []
    <huifitc><C:\WINDOWS\huifitc.exe>  []
    <bincdwsa><C:\WINDOWS\bincdwsa.exe>  []
    <fmbiost><C:\WINDOWS\fmbiost.exe>  []
    <dndsioc><C:\WINDOWS\dndsioc.exe>  []
    <cinfonmc><C:\WINDOWS\cinfonmc.exe>  []
    <WINSvr64><C:\WINDOWS\WINSvr64.exe>  []
    <yuiabct><C:\WINDOWS\yuiabct.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><EXPLORER.EXE>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><SysDaJHv.dll,msoscqit00.dll,fmsiocps.dll,msosfmsq00.dll,msosdohs01.dll,nicozftp00.dll,msosmhfp00.dll,msosmnsf00.dll,icampe.dll,msosdrop00.dll,msosptfs01.dll,msosjtio00.dll>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    <WinlogonNotify: WgaLogon><WgaLogon.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]

==================================
启动文件夹
[服务管理器]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\服务管理器.lnk --> C:\PROGRA~1\MI6841~1\80\Tools\Binn\sqlmangr.exe [Microsoft Corporation]><N>

==================================
服务
[40DF3601 / 40DF3601][Stopped/Auto Start]
  <C:\WINDOWS\system32\FB399B38.EXE -d><>
[Contrl Center of Storm Media / ccosm][Running/Auto Start]
  <d:\Program Files\StormII\stormliv.exe /asservice><北京暴风网际科技有限公司>
[MSSQLSERVER / MSSQLSERVER][Running/Auto Start]
  <C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -sMSSQLSERVER><Microsoft Corporation>
[MSSQLServerADHelper / MSSQLServerADHelper][Stopped/Manual Start]
  <C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe><Microsoft Corporation>
[Rising Proxy  Service / RfwProxySrv][Running/Auto Start]
  <c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
  <c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Stopped/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
  <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[SQLSERVERAGENT / SQLSERVERAGENT][Stopped/Manual Start]
  <C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE -i MSSQLSERVER><Microsoft Corporation>

==================================
驱动程序
[ADI UAA Function Driver for High Definition Audio Service / ADIHdAudAddService][Running/Manual Start]
  <system32\drivers\ADIHdAud.sys><Analog Devices, Inc.>
[AE Audio Service / AEAudio][Running/Manual Start]
  <system32\drivers\AEAudio.sys><Andrea Electronics Corporation>
[AMD K8 Processor Driver / AmdK8][Stopped/Manual Start]
  <System32\DRIVERS\amdk8.sys><Advanced Micro Devices>
[Broadcom 440x 10/100 Integrated Controller XP Driver / bcm4sbxp][Running/Manual Start]
  <system32\DRIVERS\bcm4sbxp.sys><Broadcom Corporation>
[cqit / cqit][Stopped/Auto Start]
  <\??\C:\WINDOWS\TEMP\tmp7.tmp><N/A>
[Team MFP Comm Driver / DgiVecp][Running/Auto Start]
  <System32\Drivers\DgiVecp.sys><DeviceGuys, Inc.>
[drop / drop][Stopped/Auto Start]
  <\??\C:\WINDOWS\TEMP\tmp13.tmp><N/A>
[Creative AudioPCI (ES1371,ES1373) (WDM) / es1371][Stopped/Manual Start]
  <system32\drivers\es1371mp.sys><Creative Technology Ltd.>
[fmsq / fmsq][Stopped/Auto Start]
  <\??\C:\WINDOWS\TEMP\tmpB.tmp><N/A>
[Microsoft UAA Function Driver for High Definition Audio Service / HdAudAddService][Stopped/Manual Start]
  <system32\drivers\HdAudio.sys><Windows (R) Server 2003 DDK provider>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HookCont / HookCont][Running/System Start]
  <\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Technology Co., Ltd>
[HookNtos / HookNtos][Running/System Start]
  <\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Technology Co., Ltd>
[HookReg / HookReg][Running/System Start]
  <\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Technology Co., Ltd>
[HookSys / HookSys][Running/System Start]
  <\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Technology Co., Ltd>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[Kingsoft AntiARP NIDS Driver / KAntiarp][Running/Manual Start]
  <system32\DRIVERS\kantiarp.sys><Kingsoft Corporation>
[KAVBootC / KAVBootC][Running/Boot Start]
  <\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>
[KAVSafe / KAVSafe][Stopped/Auto Start]
  <\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys><Kingsoft Corporation>
[AMD PCNET Compatable Adapter Driver / PCnet][Stopped/Manual Start]
  <system32\DRIVERS\pcntpci5.sys><AMD Inc.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Rising  Rfwbase Driver / RfwBase][Running/Auto Start]
  <System32\DRIVERS\rfwbase.SYS><Beijing Rising Technology Co., Ltd.>
[RsFwDrv / RsFwDrv][Running/System Start]
  <\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[S3GIGP / S3GIGP][Running/Manual Start]
  <system32\DRIVERS\S3gIGPm.sys><S3 Graphics Co., Ltd.>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SenFilt Service / SenFiltService][Running/Manual Start]
  <system32\drivers\Senfilt.sys><Sensaura>
[VIA AGP Filter / viaagp1][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\viaagp1.sys><VIA Technologies, Inc.>
[ViaIde / ViaIde][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[vmscsi / vmscsi][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\vmscsi.sys><VMware, Inc.>
[zftp / zftp][Stopped/Disabled]
  <\??\C:\WINDOWS\TEMP\tmp3.tmp><N/A>
[msp2p32 / msp2p32][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\msosmsp2p32.sys><N/A>
[msfpfis64 / msfpfis64][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\msosmsfpfis64.sys><N/A>
[dohs / dohs][Stopped/Auto Start]
  <\??\C:\WINDOWS\TEMP\tmp15.tmp><N/A>
[mnsf / mnsf][Stopped/Auto Start]
  <\??\C:\WINDOWS\TEMP\tmp1B.tmp><N/A>
[ptfs / ptfs][Stopped/Auto Start]
  <\??\C:\WINDOWS\TEMP\tmp22.tmp><N/A>
[jtio / jtio][Stopped/Auto Start]
  <\??\C:\WINDOWS\TEMP\tmp26.tmp><N/A>

==================================
浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <E:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <E:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <, N/A>
[CKAVWebScan Object]
  {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[iReportPlugin Control]
  {99C9F0B9-4397-49ED-AF4A-F98924ADECE6} <C:\WINDOWS\DOWNLO~1\IREPOR~1.OCX, >
[HT2006.HTCard]
  {C63C37C6-E40C-4E90-AC5F-54FC4F0E2E91} <C:\WINDOWS\Downloaded Program Files\HT2006.ocx, 华东软件>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <E:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[CKAVWebScan Object]
  {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[RealPlayer RAM Download Handler]
  {2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Microsoft Office Control]
  {4453D895-F2A1-4A38-A285-1EF9BD3F6D5D} <C:\PROGRA~1\MICROS~2\OFFICE11\AUTHZAX.DLL, Microsoft Corporation>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <E:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[CKAVReportCtrl Object]
  {6117669B-8C2D-41FA-A6D9-9E484B999CF0} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[XMP Class]
  {6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
[XDRM]
  {693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[StormPlayer Object]
  {6BE52E1D-E586-474F-A6E2-1A85A9B4D9FB} <d:\Program Files\StormII\mps.dll, 北京暴风网际科技有限公司>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[MediaComm Class]
  {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <e:\Program Files\Thunder Network\Thunder\Components\InMedia\MediaAddin13.dll, Thunder Networking Technologies,LTD>
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360.cn>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <E:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[iReportPlugin Control]
  {99C9F0B9-4397-49ED-AF4A-F98924ADECE6} <C:\WINDOWS\DOWNLO~1\IREPOR~1.OCX, >
[RMGetLicense Class]
  {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[HT2006.HTCard]
  {C63C37C6-E40C-4E90-AC5F-54FC4F0E2E91} <C:\WINDOWS\Downloaded Program Files\HT2006.ocx, 华东软件>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
[Thunder DapPlayer]
  {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <e:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DapPlayer3.0.36.60.dll, ShenZhen Thunder Networking Technologies Ltd.>
[XPPlayer Class]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\pplayer.dll_1_work, Thunder>
[使用迅雷下载]
  <E:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <E:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
  <e:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>

==================================
正在运行的进程
[PID: 692 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 792 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\WINDOWS\system32\msosdohs00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msoscqit00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosfmsq00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdohs01.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosmnsf00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdrop00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosptfs00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosptfs01.dll]  [N/A, ]
    [C:\WINDOWS\system32\29EAA2A5.DLL]  [, ]
    [C:\WINDOWS\system32\msosjtio00.dll]  [N/A, ]
[PID: 816 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WgaLogon.dll]  [Microsoft Corporation, 1.7.0018.7]
    [C:\WINDOWS\system32\JPWB.IME]  [常诚研制, 4.00.950]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\msosdohs00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msoscqit00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosfmsq00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdohs01.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosmnsf00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdrop00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosptfs00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosptfs01.dll]  [N/A, ]
    [C:\WINDOWS\system32\29EAA2A5.DLL]  [, ]
    [C:\WINDOWS\system32\msosjtio00.dll]  [N/A, ]
[PID: 860 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\WINDOWS\system32\msosdohs00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msoscqit00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosfmsq00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdohs01.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosmnsf00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdrop00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosptfs00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosptfs01.dll]  [N/A, ]
    [C:\WINDOWS\system32\29EAA2A5.DLL]  [, ]
    [C:\WINDOWS\system32\msosjtio00.dll]  [N/A, ]
[PID: 872 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\mfc40u.dll]  [N/A, ]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\WINDOWS\system32\msosdohs00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msoscqit00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosfmsq00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdohs01.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosmnsf00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdrop00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosptfs00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosptfs01.dll]  [N/A, ]
    [C:\WINDOWS\system32\29EAA2A5.DLL]  [, ]
    [C:\WINDOWS\system32\msosjtio00.dll]  [N/A, ]
[PID: 1072 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\WINDOWS\system32\msosdohs00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msoscqit00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosfmsq00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdohs01.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosmnsf00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdrop00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosptfs00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosptfs01.dll]  [N/A, ]
    [C:\WINDOWS\system32\29EAA2A5.DLL]  [, ]
    [C:\WINDOWS\system32\msosjtio00.dll]  [N/A, ]
[PID: 1192 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\WINDOWS\system32\msosdohs00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msoscqit00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosfmsq00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdohs01.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosmnsf00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdrop00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosptfs00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosptfs01.dll]  [N/A, ]
    [C:\WINDOWS\system32\29EAA2A5.DLL]  [, ]
    [C:\WINDOWS\system32\msosjtio00.dll]  [N/A, ]
[PID: 1332 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\WINDOWS\system32\msosdohs00.dll]  [N/A, ]
    [C:\WINDOWS\system32\wups2.dll]  [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
    [C:\WINDOWS\system32\msoscqit00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosfmsq00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdohs01.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosmnsf00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdrop00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosptfs00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosptfs01.dll]  [N/A, ]
    [C:\WINDOWS\system32\29EAA2A5.DLL]  [, ]
    [C:\WINDOWS\system32\msosjtio00.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\Nt_Sys32.Sys]  [N/A, ]
[PID: 1376 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\WINDOWS\system32\msosdohs00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msoscqit00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosfmsq00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdohs01.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosmnsf00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdrop00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosptfs00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosptfs01.dll]  [N/A, ]
    [C:\WINDOWS\system32\29EAA2A5.DLL]  [, ]
    [C:\WINDOWS\system32\msosjtio00.dll]  [N/A, ]
[PID: 1460 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\WINDOWS\system32\msosdohs00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msoscqit00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosfmsq00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdohs01.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosmnsf00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdrop00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosptfs00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosptfs01.dll]  [N/A, ]
    [C:\WINDOWS\system32\29EAA2A5.DLL]  [, ]
    [C:\WINDOWS\system32\msosjtio00.dll]  [N/A, ]
[PID: 1948 / Administrator][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
    [C:\WINDOWS\system32\JPWB.IME]  [常诚研制, 4.00.950]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.17]
    [C:\WINDOWS\system32\SysWoWaVi.dll]  [Microsoft Corporation, 5.1.2600.3099]
    [C:\WINDOWS\system32\msosdohs00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msoscqit00.dll]  [N/A, ]
    [C:\WINDOWS\system32\SysDaJHv.dll]  [Microsoft Corporation, 5.1.2600.3099]
    [C:\WINDOWS\system32\msosfmsq00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdohs01.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosmnsf00.dll]  [N/A, ]
    [C:\WINDOWS\system32\dndsioc.dll]  [N/A, ]
    [C:\WINDOWS\system32\jndddhmb.dll]  [N/A, ]
    [C:\WINDOWS\system32\dionpis.dll]  [N/A, ]
    [C:\WINDOWS\system32\anistio.dll]  [N/A, ]
    [C:\WINDOWS\system32\mfchlp64.dll]  [N/A, ]
    [C:\WINDOWS\system32\isndntio.dll]  [N/A, ]
    [C:\WINDOWS\system32\icampe.dll]  [N/A, ]
    [C:\WINDOWS\system32\fmsjhif.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdrop00.dll]  [N/A, ]
    [C:\WINDOWS\system32\fmsbbqi.dll]  [N/A, ]
    [C:\WINDOWS\system32\dbhlp32.dlL]  [N/A, ]
    [C:\WINDOWS\system32\tciocp64.dll]  [N/A, ]
    [C:\WINDOWS\system32\hefcndy.dll]  [N/A, ]
    [C:\WINDOWS\system32\ticisms.dll]  [N/A, ]
    [C:\WINDOWS\system32\ptshell.dll]  [N/A, ]
    [C:\WINDOWS\system32\bincdwsa.dll]  [N/A, ]
    [C:\WINDOWS\system32\huifitc.dll]  [N/A, ]
    [C:\WINDOWS\system32\fmbiost.dll]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\cinfonmc.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosptfs00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosptfs01.dll]  [N/A, ]
    [C:\WINDOWS\system32\WINSvr64.dll]  [N/A, ]
    [C:\WINDOWS\system32\29EAA2A5.DLL]  [, ]
    [C:\WINDOWS\system32\yuiabct.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosjtio00.dll]  [N/A, ]
    [E:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.16]
    [E:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 42]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\PROGRA~1\MICROS~2\OFFICE11\MCPS.DLL]  [Microsoft Corporation, 11.0.6551]
    [C:\WINDOWS\system32\Audiodev.dll]  [Microsoft Corporation, 5.2.3802.3802 built by: dnsrv(bld4act)]
[PID: 1960 / SYSTEM][c:\program files\rising\rfw\rfwproxy.exe]  [Beijing Rising Technology Co., Ltd., 7.0.0.33]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [c:\program files\rising\rfw\psapi.dll]  [Microsoft Corporation, 4.00]
    [C:\Program Files\Rising\Rfw\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [c:\program files\rising\rfw\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [c:\program files\rising\rfw\RfwRule.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.13]
    [c:\program files\rising\rfw\urlrule.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 9]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [c:\program files\rising\rfw\MonMid.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
    [C:\WINDOWS\system32\msosdohs00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msoscqit00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosfmsq00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdohs01.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosmnsf00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdrop00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosptfs00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosptfs01.dll]  [N/A, ]
    [C:\WINDOWS\system32\29EAA2A5.DLL]  [, ]
    [C:\WINDOWS\system32\msosjtio00.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\Nt_Sys32.Sys]  [N/A, ]
[PID: 1400 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\WINDOWS\system32\mdimon.dll]  [Microsoft Corporation, 11.3.2175.0]
    [C:\WINDOWS\system32\XRXS1LMK.DLL]  [Samsung Electronics., 1.1.2.0]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll]  [Microsoft Corporation, 11.3.2175.0]
    [C:\WINDOWS\system32\msosdohs00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msoscqit00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosfmsq00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdohs01.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosmnsf00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdrop00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosptfs00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosptfs01.dll]  [N/A, ]
    [C:\WINDOWS\system32\29EAA2A5.DLL]  [, ]
    [C:\WINDOWS\system32\msosjtio00.dll]  [N/A, ]
[PID: 1704 / SYSTEM][C:\WINDOWS\system32\wscntfy.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\WINDOWS\system32\msosdohs00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msoscqit00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosfmsq00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdohs01.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosmnsf00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdrop00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosptfs00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosptfs01.dll]  [N/A, ]
    [C:\WINDOWS\system32\29EAA2A5.DLL]  [, ]
    [C:\WINDOWS\system32\msosjtio00.dll]  [N/A, ]
[PID: 360 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msosdohs00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msoscqit00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosfmsq00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdohs01.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosmnsf00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdrop00.dll]  [N/A, ]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\WINDOWS\system32\msosptfs00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosptfs01.dll]  [N/A, ]
    [C:\WINDOWS\system32\29EAA2A5.DLL]  [, ]
    [C:\WINDOWS\system32\msosjtio00.dll]  [N/A, ]
[PID: 1908 / SYSTEM][d:\Program Files\StormII\stormliv.exe]  [北京暴风网际科技有限公司, 3, 8, 3, 15]
    [d:\Program Files\StormII\MSVCP60.dll]  [Microsoft Corporation, 6.02.3104.0]
    [C:\WINDOWS\system32\msosdohs00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msoscqit00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosfmsq00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdohs01.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosmnsf00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdrop00.dll]  [N/A, ]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\WINDOWS\system32\msosptfs00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosptfs01.dll]  [N/A, ]
    [C:\WINDOWS\system32\29EAA2A5.DLL]  [, ]
    [C:\WINDOWS\system32\msosjtio00.dll]  [N/A, ]
[PID: 1096 / SYSTEM][C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe]  [Microsoft Corporation, 2000.080.0818.00]
    [C:\Program Files\Microsoft SQL Server\MSSQL\Binn\OPENDS60.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\MSSQL\Binn\UMS.DLL]  [Microsoft Corporation, 2000.080.0816.00]
    [C:\Program Files\Microsoft SQL Server\MSSQL\Binn\SQLSORT.DLL]  [Microsoft Corporation, 2000.080.0760.00]
    [C:\Program Files\Microsoft SQL Server\MSSQL\Binn\Resources\2052\sqlevn70.RLL]  [Microsoft Corporation, 2000.080.0789.00]
    [C:\Program Files\Microsoft SQL Server\MSSQL\Binn\SSNETLIB.dll]  [Microsoft Corporation, 2000.080.0818.00]
    [C:\Program Files\Microsoft SQL Server\MSSQL\Binn\SSmsLPCn.dll]  [Microsoft Corporation, 2000.080.0818.00]
    [C:\Program Files\Microsoft SQL Server\MSSQL\Binn\SSnmPN70.dll]  [Microsoft Corporation, 2000.080.0818.00]
    [C:\WINDOWS\system32\msosdohs00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msoscqit00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosfmsq00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdohs01.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosmnsf00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdrop00.dll]  [N/A, ]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\WINDOWS\system32\msosptfs00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosptfs01.dll]  [N/A, ]
    [C:\WINDOWS\system32\29EAA2A5.DLL]  [, ]
    [C:\WINDOWS\system32\msosjtio00.dll]  [N/A, ]
[PID: 3576 / NETWORK SERVICE][C:\WINDOWS\system32\wbem\wmiprvse.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SysWoWaVi.dll]  [Microsoft Corporation, 5.1.2600.3099]
    [C:\WINDOWS\system32\fmsiocps.dll]  [N/A, ]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\WINDOWS\system32\msosdohs00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msoscqit00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosfmsq00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdohs01.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosmnsf00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdrop00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosptfs00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosptfs01.dll]  [N/A, ]
    [C:\WINDOWS\system32\29EAA2A5.DLL]  [, ]
    [C:\WINDOWS\system32\msosjtio00.dll]  [N/A, ]
[PID: 3728 / SYSTEM][C:\WINDOWS\system32\wuauclt.exe]  [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
    [C:\WINDOWS\system32\SysWoWaVi.dll]  [Microsoft Corporation, 5.1.2600.3099]
    [C:\WINDOWS\system32\fmsiocps.dll]  [N/A, ]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\WINDOWS\system32\msosdohs00.dll]  [N/A, ]
    [C:\WINDOWS\system32\wups2.dll]  [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
    [C:\WINDOWS\system32\msoscqit00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosfmsq00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdohs01.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosmnsf00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdrop00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosptfs00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosptfs01.dll]  [N/A, ]
    [C:\WINDOWS\system32\29EAA2A5.DLL]  [, ]
    [C:\WINDOWS\system32\msosjtio00.dll]  [N/A, ]
[PID: 3088 / Administrator][C:\Program Files\Analog Devices\Core\smax4pnp.exe]  [Analog Devices, Inc., 6,0,6000,82]
    [C:\Program Files\Analog Devices\Core\SMWDMIF.dll]  [Analog Devices, Inc., 6, 0, 6000, 007]
    [C:\WINDOWS\system32\SysDaJHv.dll]  [Microsoft Corporation, 5.1.2600.3099]
    [C:\WINDOWS\system32\msoscqit00.dll]  [N/A, ]
    [C:\WINDOWS\system32\fmsiocps.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosfmsq00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdohs01.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosmnsf00.dll]  [N/A, ]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\WINDOWS\system32\SysWoWaVi.dll]  [Microsoft Corporation, 5.1.2600.3099]
    [C:\WINDOWS\system32\JPWB.IME]  [常诚研制, 4.00.950]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\msosdrop00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosptfs00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosptfs01.dll]  [N/A, ]
    [C:\WINDOWS\system32\29EAA2A5.DLL]  [, ]
    [C:\WINDOWS\system32\msosjtio00.dll]  [N/A, ]
[PID: 732 / Administrator][C:\Program Files\Analog Devices\SoundMAX\Smax4.exe]  [Analog Devices, Inc., 5, 2, 0, 44]
    [C:\WINDOWS\system32\SysDaJHv.dll]  [Microsoft Corporation, 5.1.2600.3099]
    [C:\WINDOWS\system32\msoscqit00.dll]  [N/A, ]
    [C:\WINDOWS\system32\fmsiocps.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosfmsq00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdohs01.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosmnsf00.dll]  [N/A, ]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\WINDOWS\system32\SysWoWaVi.dll]  [Microsoft Corporation, 5.1.2600.3099]
    [C:\WINDOWS\system32\JPWB.IME]  [常诚研制, 4.00.950]
    [C:\WINDOWS\system32\msosdrop00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosptfs00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosptfs01.dll]  [N/A, ]
    [C:\WINDOWS\system32\29EAA2A5.DLL]  [, ]
    [C:\WINDOWS\system32\msosjtio00.dll]  [N/A, ]
[PID: 3172 / Administrator][C:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SysDaJHv.dll]  [Microsoft Corporation, 5.1.2600.3099]
    [C:\WINDOWS\system32\msoscqit00.dll]  [N/A, ]
    [C:\WINDOWS\system32\fmsiocps.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosfmsq00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdohs01.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosmnsf00.dll]  [N/A, ]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\WINDOWS\system32\SysWoWaVi.dll]  [Microsoft Corporation, 5.1.2600.3099]
    [C:\WINDOWS\system32\JPWB.IME]  [常诚研制, 4.00.950]
    [C:\WINDOWS\system32\msosdrop00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosptfs00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosptfs01.dll]  [N/A, ]
    [C:\WINDOWS\system32\29EAA2A5.DLL]  [, ]
    [C:\WINDOWS\system32\msosjtio00.dll]  [N/A, ]
[PID: 3264 / Administrator][C:\Program Files\Rising\Rfw\rfwmain.exe]  [Beijing Rising Technology Co., Ltd., 7.0.1.65]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Rising\Rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 88]
    [C:\WINDOWS\system32\SysDaJHv.dll]  [Microsoft Corporation, 5.1.2600.3099]
    [C:\WINDOWS\system32\msoscqit00.dll]  [N/A, ]
    [C:\WINDOWS\system32\fmsiocps.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosfmsq00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdohs01.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosmnsf00.dll]  [N/A, ]
    [C:\Program Files\Rising\Rfw\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\Program Files\Rising\Rfw\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\WINDOWS\system32\msosdrop00.dll]  [N/A, ]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\Program Files\Rising\Rfw\RSAPPMGR.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [C:\Program Files\Rising\Rfw\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.16]
    [C:\Program Files\Rising\Rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [C:\Program Files\Rising\Rfw\RfwCtrl.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.7]
    [C:\Program Files\Rising\Rfw\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0]
    [C:\Program Files\Rising\Rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4]
    [C:\WINDOWS\system32\SysWoWaVi.dll]  [Microsoft Corporation, 5.1.2600.3099]
    [C:\Program Files\Rising\Rfw\RfwRule.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.13]
    [C:\WINDOWS\system32\msosptfs00.dll]  [N/A, ]
    [C:\WINDOWS\system32\cinfonmc.dll]  [N/A, ]
    [C:\WINDOWS\system32\fmbiost.dll]  [N/A, ]
    [C:\WINDOWS\system32\ptshell.dll]  [N/A, ]
    [C:\WINDOWS\system32\huifitc.dll]  [N/A, ]
    [C:\WINDOWS\system32\bincdwsa.dll]  [N/A, ]
    [C:\WINDOWS\system32\ticisms.dll]  [N/A, ]
    [C:\WINDOWS\system32\hefcndy.dll]  [N/A, ]
    [C:\WINDOWS\system32\tciocp64.dll]  [N/A, ]
    [C:\WINDOWS\system32\dbhlp32.dlL]  [N/A, ]
    [C:\WINDOWS\system32\fmsbbqi.dll]  [N/A, ]
    [C:\WINDOWS\system32\fmsjhif.dll]  [N/A, ]
    [C:\WINDOWS\system32\icampe.dll]  [N/A, ]
    [C:\WINDOWS\system32\anistio.dll]  [N/A, ]
    [C:\WINDOWS\system32\dionpis.dll]  [N/A, ]
    [C:\WINDOWS\system32\isndntio.dll]  [N/A, ]
    [C:\WINDOWS\system32\mfchlp64.dll]  [N/A, ]
    [C:\WINDOWS\system32\dndsioc.dll]  [N/A, ]
    [C:\WINDOWS\system32\jndddhmb.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosptfs01.dll]  [N/A, ]
    [C:\WINDOWS\system32\29EAA2A5.DLL]  [, ]
    [C:\WINDOWS\system32\msosjtio00.dll]  [N/A, ]
[PID: 1540 / Administrator][E:\软件\Autorun病毒防御者\arvmon.exe]  [任软工作室, 2.2.5.201]
    [C:\WINDOWS\system32\SysDaJHv.dll]  [Microsoft Corporation, 5.1.2600.3099]
    [C:\WINDOWS\system32\msoscqit00.dll]  [N/A, ]
    [C:\WINDOWS\system32\fmsiocps.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosfmsq00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdohs01.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosmnsf00.dll]  [N/A, ]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\WINDOWS\system32\SysWoWaVi.dll]  [Microsoft Corporation, 5.1.2600.3099]
    [C:\WINDOWS\system32\JPWB.IME]  [常诚研制, 4.00.950]
    [E:\软件\Autorun病毒防御者\Vdata.dll]  [任软工作室, 2, 2, 1, 93]
    [C:\WINDOWS\system32\msosdrop00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosptfs00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosptfs01.dll]  [N/A, ]
    [C:\WINDOWS\system32\29EAA2A5.DLL]  [, ]
    [C:\WINDOWS\system32\msosjtio00.dll]  [N/A, ]
[PID: 3664 / Administrator][C:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.23]
    [C:\WINDOWS\system32\SysDaJHv.dll]  [Microsoft Corporation, 5.1.2600.3099]
    [C:\WINDOWS\system32\msoscqit00.dll]  [N/A, ]
    [C:\WINDOWS\system32\fmsiocps.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosfmsq00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdohs01.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosmnsf00.dll]  [N/A, ]
    [C:\Program Files\Rising\Rav\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\Program Files\Rising\Rav\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.16]
    [C:\WINDOWS\system32\msosdrop00.dll]  [N/A, ]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\WINDOWS\system32\SysWoWaVi.dll]  [Microsoft Corporation, 5.1.2600.3099]
    [C:\WINDOWS\system32\JPWB.IME]  [常诚研制, 4.00.950]
    [C:\WINDOWS\system32\msosptfs00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosptfs01.dll]  [N/A, ]
    [C:\WINDOWS\system32\29EAA2A5.DLL]  [, ]
    [C:\WINDOWS\system32\msosjtio00.dll]  [N/A, ]
[PID: 1668 / Administrator][C:\WINDOWS\system32\wuauclt.exe]  [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
    [C:\WINDOWS\system32\SysDaJHv.dll]  [Microsoft Corporation, 5.1.2600.3099]
    [C:\WINDOWS\system32\msoscqit00.dll]  [N/A, ]
    [C:\WINDOWS\system32\fmsiocps.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosfmsq00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdohs01.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosmnsf00.dll]  [N/A, ]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\WINDOWS\system32\SysWoWaVi.dll]  [Microsoft Corporation, 5.1.2600.3099]
    [C:\WINDOWS\system32\wups2.dll]  [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
    [C:\WINDOWS\system32\msosdrop00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosptfs00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosptfs01.dll]  [N/A, ]
    [C:\WINDOWS\system32\29EAA2A5.DLL]  [, ]
    [C:\WINDOWS\system32\msosjtio00.dll]  [N/A, ]
[PID: 1608 / SYSTEM][c:\program files\rising\rfw\rfwsrv.exe]  [Beijing Rising Technology Co., Ltd., 7.0.0.68]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\SysDaJHv.dll]  [Microsoft Corporation, 5.1.2600.3099]
    [C:\WINDOWS\system32\msoscqit00.dll]  [N/A, ]
    [C:\WINDOWS\system32\fmsiocps.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosfmsq00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdohs01.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosmnsf00.dll]  [N/A, ]
    [C:\Program Files\Rising\Rfw\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [c:\program files\rising\rfw\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [c:\program files\rising\rfw\RSAPPMGR.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [c:\program files\rising\rfw\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.16]
    [c:\program files\rising\rfw\RfwRule.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.13]
    [c:\program files\rising\rfw\rfwlog.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.12]
    [c:\program files\rising\rfw\Rfwdrv.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.41]
    [c:\program files\rising\rfw\psapi.dll]  [Microsoft Corporation, 4.00]
    [c:\program files\rising\rfw\ijt_ctrl.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.0]
    [C:\WINDOWS\system32\msosdrop00.dll]  [N/A, ]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [c:\program files\rising\rfw\unvdet.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
    [c:\program files\rising\rfw\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.3]
    [C:\WINDOWS\system32\msosptfs00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosptfs01.dll]  [N/A, ]
    [C:\WINDOWS\system32\29EAA2A5.DLL]  [, ]
    [C:\WINDOWS\system32\msosjtio00.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\Nt_Sys32.Sys]  [N/A, ]
[PID: 1128 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SysDaJHv.dll]  [Microsoft Corporation, 5.1.2600.3099]
    [C:\WINDOWS\system32\msoscqit00.dll]  [N/A, ]
    [C:\WINDOWS\system32\fmsiocps.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosfmsq00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdohs01.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosmnsf00.dll]  [N/A, ]
    [C:\WINDOWS\system32\icampe.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdrop00.dll]  [N/A, ]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\WINDOWS\system32\SysWoWaVi.dll]  [Microsoft Corporation, 5.1.2600.3099]
    [C:\WINDOWS\system32\JPWB.IME]  [常诚研制, 4.00.950]
    [C:\WINDOWS\system32\msosptfs00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosptfs01.dll]  [N/A, ]
    [C:\WINDOWS\system32\29EAA2A5.DLL]  [, ]
    [C:\WINDOWS\system32\msosjtio00.dll]  [N/A, ]
[PID: 1080 / Administrator][C:\Program Files\Kingsoft\Antiarp\KASArp.EXE]  [Kingsoft Corporation, 2008,01,24,160]
    [C:\WINDOWS\system32\SysDaJHv.dll]  [Microsoft Corporation, 5.1.2600.3099]
    [C:\WINDOWS\system32\msoscqit00.dll]  [N/A, ]
    [C:\WINDOWS\system32\fmsiocps.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosfmsq00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdohs01.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosmnsf00.dll]  [N/A, ]
    [C:\WINDOWS\system32\icampe.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdrop00.dll]  [N/A, ]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\WINDOWS\system32\SysWoWaVi.dll]  [Microsoft Corporation, 5.1.2600.3099]
    [C:\Program Files\Kingsoft\Antiarp\kantiarpdevc.dll]  [Kingsoft Corporation, 2007,12,18,123]
    [C:\Program Files\Kingsoft\Antiarp\NetConfig.dll]  [Kingsoft Corporation, 2007,12,18,123]
    [C:\WINDOWS\system32\JPWB.IME]  [常诚研制, 4.00.950]
    [C:\WINDOWS\system32\msosptfs00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosptfs01.dll]  [N/A, ]
    [C:\WINDOWS\system32\29EAA2A5.DLL]  [, ]
    [C:\WINDOWS\system32\msosjtio00.dll]  [N/A, ]
[PID: 2476 / Administrator][C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe]  [Microsoft Corporation, 2000.080.0760.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\W95SCM.dll]  [Microsoft Corporation, 2000.080.0760.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLSVC.dll]  [Microsoft Corporation, 2000.080.0760.00]
    [C:\WINDOWS\system32\odbcbcp.dll]  [Microsoft Corporation, 2000.085.1117.00 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLRESLD.dll]  [Microsoft Corporation, 2000.080.0382.00]
    [C:\WINDOWS\system32\SysDaJHv.dll]  [Microsoft Corporation, 5.1.2600.3099]
    [C:\WINDOWS\system32\msoscqit00.dll]  [N/A, ]
    [C:\WINDOWS\system32\fmsiocps.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosfmsq00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdohs01.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosmnsf00.dll]  [N/A, ]
    [C:\WINDOWS\system32\icampe.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdrop00.dll]  [N/A, ]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\2052\SQLSVC.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\2052\sqlmangr.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\WINDOWS\system32\SysWoWaVi.dll]  [Microsoft Corporation, 5.1.2600.3099]
    [C:\WINDOWS\system32\JPWB.IME]  [常诚研制, 4.00.950]
    [C:\WINDOWS\system32\msosptfs00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosptfs01.dll]  [N/A, ]
    [C:\WINDOWS\system32\29EAA2A5.DLL]  [, ]
    [C:\WINDOWS\system32\msosjtio00.dll]  [N/A, ]
    [C:\WINDOWS\system32\yuiabct.dll]  [N/A, ]
    [C:\WINDOWS\system32\WINSvr64.dll]  [N/A, ]
    [C:\WINDOWS\system32\cinfonmc.dll]  [N/A, ]
    [C:\WINDOWS\system32\fmbiost.dll]  [N/A, ]
    [C:\WINDOWS\system32\ptshell.dll]  [N/A, ]
    [C:\WINDOWS\system32\huifitc.dll]  [N/A, ]
    [C:\WINDOWS\system32\bincdwsa.dll]  [N/A, ]
    [C:\WINDOWS\system32\ticisms.dll]  [N/A, ]
    [C:\WINDOWS\system32\hefcndy.dll]  [N/A, ]
    [C:\WINDOWS\system32\tciocp64.dll]  [N/A, ]
    [C:\WINDOWS\system32\dbhlp32.dlL]  [N/A, ]
    [C:\WINDOWS\system32\fmsbbqi.dll]  [N/A, ]
    [C:\WINDOWS\system32\fmsjhif.dll]  [N/A, ]
    [C:\WINDOWS\system32\anistio.dll]  [N/A, ]
    [C:\WINDOWS\system32\dionpis.dll]  [N/A, ]
    [C:\WINDOWS\system32\isndntio.dll]  [N/A, ]
    [C:\WINDOWS\system32\mfchlp64.dll]  [N/A, ]
    [C:\WINDOWS\system32\dndsioc.dll]  [N/A, ]
    [C:\WINDOWS\system32\jndddhmb.dll]  [N/A, ]
[PID: 208 / SYSTEM][c:\program files\rising\rfw\rfwstub.exe]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\SysDaJHv.dll]  [Microsoft Corporation, 5.1.2600.3099]
    [C:\WINDOWS\system32\msoscqit00.dll]  [N/A, ]
    [C:\WINDOWS\system32\fmsiocps.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosfmsq00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdohs01.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosmnsf00.dll]  [N/A, ]
    [C:\WINDOWS\system32\icampe.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdrop00.dll]  [N/A, ]
    [c:\program files\rising\rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\WINDOWS\system32\msosptfs00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosptfs01.dll]  [N/A, ]
    [C:\WINDOWS\system32\29EAA2A5.DLL]  [, ]
    [C:\WINDOWS\system32\msosjtio00.dll]  [N/A, ]
[PID: 4184 / SYSTEM][C:\WINDOWS\TEMP\_qosec34.msi]  [N/A, ]
    [C:\WINDOWS\system32\SysDaJHv.dll]  [Microsoft Corporation, 5.1.2600.3099]
    [C:\WINDOWS\system32\msoscqit00.dll]  [N/A, ]
    [C:\WINDOWS\system32\fmsiocps.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosfmsq00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdohs01.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosmnsf00.dll]  [N/A, ]
    [C:\WINDOWS\system32\icampe.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdrop00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosptfs01.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosjtio00.dll]  [N/A, ]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\Program Files\Internet Explorer\PLUGINS\Nt_Sys32.Sys]  [N/A, ]
[PID: 5608 / Administrator][E:\软件\rseng2.0\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\WINDOWS\system32\SysDaJHv.dll]  [Microsoft Corporation, 5.1.2600.3099]
    [C:\WINDOWS\system32\msoscqit00.dll]  [N/A, ]
    [C:\WINDOWS\system32\fmsiocps.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosfmsq00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdohs01.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosmnsf00.dll]  [N/A, ]
    [C:\WINDOWS\system32\icampe.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdrop00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosptfs01.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosjtio00.dll]  [N/A, ]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\WINDOWS\system32\SysWoWaVi.dll]  [Microsoft Corporation, 5.1.2600.3099]
    [C:\WINDOWS\system32\JPWB.IME]  [常诚研制, 4.00.950]
    [C:\WINDOWS\system32\yuiabct.dll]  [N/A, ]
    [C:\WINDOWS\system32\WINSvr64.dll]  [N/A, ]
    [C:\WINDOWS\system32\cinfonmc.dll]  [N/A, ]
    [C:\WINDOWS\system32\fmbiost.dll]  [N/A, ]
    [C:\WINDOWS\system32\ptshell.dll]  [N/A, ]
    [C:\WINDOWS\system32\huifitc.dll]  [N/A, ]
    [C:\WINDOWS\system32\bincdwsa.dll]  [N/A, ]
    [C:\WINDOWS\system32\ticisms.dll]  [N/A, ]
    [C:\WINDOWS\system32\hefcndy.dll]  [N/A, ]
    [C:\WINDOWS\system32\tciocp64.dll]  [N/A, ]
    [C:\WINDOWS\system32\dbhlp32.dlL]  [N/A, ]
    [C:\WINDOWS\system32\fmsbbqi.dll]  [N/A, ]
    [C:\WINDOWS\system32\fmsjhif.dll]  [N/A, ]
    [C:\WINDOWS\system32\anistio.dll]  [N/A, ]
    [C:\WINDOWS\system32\dionpis.dll]  [N/A, ]
    [C:\WINDOWS\system32\isndntio.dll]  [N/A, ]
    [C:\WINDOWS\system32\mfchlp64.dll]  [N/A, ]
    [C:\WINDOWS\system32\dndsioc.dll]  [N/A, ]
    [C:\WINDOWS\system32\jndddhmb.dll]  [N/A, ]
    [E:\软件\rseng2.0\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1       localhost
127.0.0.1  yu.8s7.net
127.0.0.1  1.jopanqc.com
127.0.0.1  2.joppnqq.com
127.0.0.1  wg.47255.com
127.0.0.1  1.joppnqq.com
127.0.0.1  xxx.m111.biz
127.0.0.1  1.jopenqc.com
127.0.0.1  1.jopenkk.com
127.0.0.1  xxx.vh7.biz
127.0.0.1  xxx.j41m.com
127.0.0.1  3.joppnqq.com
127.0.0.1  d.93se.com
127.0.0.1  www.868wg.com
127.0.0.1  xxx.mmma.biz
127.0.0.1  ilove.com
127.0.0.1  tp.shpzhan.cn
127.0.0.1  www.tomwg.com
127.0.0.1  www.cike007.cn
127.0.0.1  www.22aaa.com
127.0.0.1  xx.exiao01.com
127.0.0.1  www.exiao01.com
127.0.0.1  www.exiao01.com
127.0.0.1  new.749571.com
127.0.0.1  xtx.kv8.info
127.0.0.1  cao.kv8.info
127.0.0.1  1.jopmmqq.com
127.0.0.1  171817.171817.com
127.0.0.1  d2.llsging.com
127.0.0.1  down.malasc.cn
127.0.0.1  llboss.com
127.0.0.1  nx.51ylb.cn
127.0.0.1  my.531jx.cn
127.0.0.1  qqq.dzydhx.com
127.0.0.1  qqq.hao1658.com
127.0.0.1  www.333292.com
127.0.0.1  down.18dd.net
127.0.0.1  up.22x44.com
127.0.0.1  aaa.faba01.com
127.0.0.1  bad.tqdlt.cn
127.0.0.1  1.chsipo.com
127.0.0.1  c3.aishangai.net
127.0.0.1  c2.aishangai.net
127.0.0.1  xxx.188dm.com
127.0.0.1  x2.1a2b3c1.com
127.0.0.1  d1.163500.net
127.0.0.1  down.google-serv.cn

==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 872, C:\WINDOWS\SYSTEM32\LSASS.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 732, C:\PROGRAM FILES\ANALOG DEVICES\SOUNDMAX\SMAX4.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 732, C:\PROGRAM FILES\ANALOG DEVICES\SOUNDMAX\SMAX4.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 1540, E:\软件\AUTORUN病毒防御者\ARVMON.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1540, E:\软件\AUTORUN病毒防御者\ARVMON.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 2476, C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\SQLMANGR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2476, C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\SQLMANGR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 4184, C:\WINDOWS\TEMP\_QOSEC34.MSI]

==================================
API HOOK
入口点错误:CreateProcessA (危险等级: 高,  被下面模块所HOOK: 0x00EF1FFD)
入口点错误:CreateProcessW (危险等级: 高,  被下面模块所HOOK: 0x00EF20E5)

==================================
隐藏进程
N/A

==================================

TOP

不留名

路过的人

剑盟病毒救援小组

Rank: 10Rank: 10Rank: 10

为什么要路过

UID
242420 
积分
1964 
活跃度
4907  

杰出精英勋章

沙发 发表于 2008-5-18 13:08  只看该作者
http://www.dodudou.com/down/
下载XDelBox删除以下文件

C:\WINDOWS\system32\SysWoWaVi.dll
C:\WINDOWS\system32\msosdohs00.dll
C:\WINDOWS\system32\msoscqit00.dll
C:\WINDOWS\system32\SysDaJHv.dll
C:\WINDOWS\system32\msosfmsq00.dll
C:\WINDOWS\system32\msosdohs01.dll
C:\WINDOWS\system32\msosmnsf00.dll
C:\WINDOWS\system32\dndsioc.dll
C:\WINDOWS\system32\jndddhmb.dll
C:\WINDOWS\system32\dionpis.dll
C:\WINDOWS\system32\anistio.dll
C:\WINDOWS\system32\mfchlp64.dll
C:\WINDOWS\system32\isndntio.dll
C:\WINDOWS\system32\icampe.dll
C:\WINDOWS\system32\fmsjhif.dll
C:\WINDOWS\system32\msosdrop00.dll
C:\WINDOWS\system32\fmsbbqi.dll
C:\WINDOWS\system32\dbhlp32.dlL
C:\WINDOWS\system32\tciocp64.dll
C:\WINDOWS\system32\hefcndy.dll
C:\WINDOWS\system32\ticisms.dll
C:\WINDOWS\system32\ptshell.dll
C:\WINDOWS\system32\bincdwsa.dll
C:\WINDOWS\system32\huifitc.dll
C:\WINDOWS\system32\fmbiost.dll
C:\WINDOWS\system32\cinfonmc.dll
C:\WINDOWS\system32\msosptfs00.dll
C:\WINDOWS\system32\msosptfs01.dll
C:\WINDOWS\system32\WINSvr64.dll
C:\WINDOWS\system32\29EAA2A5.DLL
C:\WINDOWS\system32\yuiabct.dll
C:\WINDOWS\system32\msosjtio00.dll
C:\WINDOWS\system32\icampe.dll
C:\WINDOWS\TEMP\_qosec34.msi
C:\WINDOWS\pgdmybsu.exe
C:\WINDOWS\fmsiocps.exe
C:\WINDOWS\anistio.exE
C:\WINDOWS\dionpis.exe
C:\WINDOWS\isndntio.exe
C:\WINDOWS\mfchlp64.exe
C:\WINDOWS\fmsjhif.exe
C:\WINDOWS\fmsbbqi.exe
C:\WINDOWS\dbhlp32.exe
C:\WINDOWS\tciocp64.exe
C:\WINDOWS\hefcndy.exe
C:\WINDOWS\ticisms.exe
C:\WINDOWS\ptshell.exe
C:\WINDOWS\huifitc.exe
C:\WINDOWS\bincdwsa.exe
C:\WINDOWS\fmbiost.exe
C:\WINDOWS\dndsioc.exe
C:\WINDOWS\cinfonmc.exe
C:\WINDOWS\WINSvr64.exe
C:\WINDOWS\system32\SysDaJHv.dll
C:\WINDOWS\system32\msoscqit00.dll
C:\WINDOWS\system32\fmsiocps.dll
C:\WINDOWS\system32\msosfmsq00.dll
C:\WINDOWS\system32\msosdohs01.dll
C:\WINDOWS\system32\nicozftp00.dll
C:\WINDOWS\system32\msosmhfp00.dll
C:\WINDOWS\system32\msosmnsf00.dll
C:\WINDOWS\system32\icampe.dll
C:\WINDOWS\system32\msosdrop00.dll
C:\WINDOWS\system32\msosptfs01.dll
C:\WINDOWS\system32\msosjtio00.dll
C:\WINDOWS\system32\FB399B38.EXE -d
C:\WINDOWS\TEMP\tmp7.tmp
C:\WINDOWS\TEMP\tmp13.tmp
C:\WINDOWS\TEMP\tmpB.tmp
C:\WINDOWS\TEMP\tmp3.tmp
C:\WINDOWS\system32\drivers\msosmsp2p32.sys
C:\WINDOWS\system32\drivers\msosmsfpfis64.sys
C:\WINDOWS\TEMP\tmp15.tmp
C:\WINDOWS\TEMP\tmp1B.tmp
C:\WINDOWS\TEMP\tmp22.tmp
C:\WINDOWS\TEMP\tmp26.tmp


启动项目--注册表--删除
    <spngmdgm><C:\WINDOWS\pgdmybsu.exe>  []
    <fmsiocps><C:\WINDOWS\fmsiocps.exe>  []
    <anistio><C:\WINDOWS\anistio.exE>  []
    <dionpis><C:\WINDOWS\dionpis.exe>  []
    <isndntio><C:\WINDOWS\isndntio.exe>  []
    <mfchlp64><C:\WINDOWS\mfchlp64.exe>  []
    <fmsjhif><C:\WINDOWS\fmsjhif.exe>  []
    <fmsbbqi><C:\WINDOWS\fmsbbqi.exe>  []
    <dbhlp32><C:\WINDOWS\dbhlp32.exe>  []
    <tciocp64><C:\WINDOWS\tciocp64.exe>  []
    <hefcndy><C:\WINDOWS\hefcndy.exe>  []
    <ticisms><C:\WINDOWS\ticisms.exe>  []
    <ptshell><C:\WINDOWS\ptshell.exe>  []
    <huifitc><C:\WINDOWS\huifitc.exe>  []
    <bincdwsa><C:\WINDOWS\bincdwsa.exe>  []
    <fmbiost><C:\WINDOWS\fmbiost.exe>  []
    <dndsioc><C:\WINDOWS\dndsioc.exe>  []
    <cinfonmc><C:\WINDOWS\cinfonmc.exe>  []
    <WINSvr64><C:\WINDOWS\WINSvr64.exe>  []
    <yuiabct><C:\WINDOWS\yuiabct.exe>  []

编辑<AppInit_DLLs>的值为空
==================================
删除服务
[40DF3601 / 40DF3601][Stopped/Auto Start]
  <C:\WINDOWS\system32\FB399B38.EXE -d><>
==================================
删除驱动程序
[cqit / cqit][Stopped/Auto Start]
  <\??\C:\WINDOWS\TEMP\tmp7.tmp><N/A>
[drop / drop][Stopped/Auto Start]
  <\??\C:\WINDOWS\TEMP\tmp13.tmp><N/A>
[fmsq / fmsq][Stopped/Auto Start]
  <\??\C:\WINDOWS\TEMP\tmpB.tmp><N/A>
[zftp / zftp][Stopped/Disabled]
  <\??\C:\WINDOWS\TEMP\tmp3.tmp><N/A>
[msp2p32 / msp2p32][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\msosmsp2p32.sys><N/A>
[msfpfis64 / msfpfis64][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\msosmsfpfis64.sys><N/A>
[dohs / dohs][Stopped/Auto Start]
  <\??\C:\WINDOWS\TEMP\tmp15.tmp><N/A>
[mnsf / mnsf][Stopped/Auto Start]
  <\??\C:\WINDOWS\TEMP\tmp1B.tmp><N/A>
[ptfs / ptfs][Stopped/Auto Start]
  <\??\C:\WINDOWS\TEMP\tmp22.tmp><N/A>
[jtio / jtio][Stopped/Auto Start]
  <\??\C:\WINDOWS\TEMP\tmp26.tmp><N/A>
==================================
下载arswp(Windows清理助手)清理下
http://www.greendown.cn/soft/4421.html

再扫个日志上来
我是蚊香的马甲

TOP

a1630016900

时空

剑盟病毒救援小组

Rank: 10Rank: 10Rank: 10

UID
226909 
积分
447 
活跃度
1109  

福娃欢欢 我的中国心

板凳 发表于 2008-5-18 13:17  只看该作者
操作完毕后进入安全模式 用磁碟机专杀 瑞星的专杀 金山的AV专杀等。
SREng2.5 常用操作

TOP

蓝色风云

共赏四书意

Rank: 3Rank: 3

UID
250634 
积分
150 
活跃度
375  
地板 发表于 2008-5-18 13:31  只看该作者
按版主的删除操作 直接无法启动了

TOP

蓝色风云

共赏四书意

Rank: 3Rank: 3

UID
250634 
积分
150 
活跃度
375  
5楼 发表于 2008-5-18 13:36  只看该作者
还原后的扫描结果
2008-05-18,13:35:28

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <Antispy ARP><C:\Program Files\Kingsoft\Antiarp\KASArp.EXE>  [(Verified)KINGSOFT CORPORATION]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <SoundMAXPnP><C:\Program Files\Analog Devices\Core\smax4pnp.exe>  [(Verified)Microsoft Windows Publisher]
    <SoundMAX><"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray>  [Analog Devices, Inc.]
    <BluetoothAuthenticationAgent><rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent>  [(Verified)Microsoft Windows Publisher]
    <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [(Verified)BEIJING RISING SCIENCE AND TECHNOLOGY CORPORATION LIMITED]
    <AutoGuarder><"E:\软件\Autorun病毒防御者\arvmon.exe" /mini>  [任软工作室]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
    <360Safetray><C:\Program Files\360safe\safemon\360Tray.exe /start>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <fmsiocps><C:\WINDOWS\fmsiocps.exe>  []
    <anistio><C:\WINDOWS\anistio.exE>  []
    <dionpis><C:\WINDOWS\dionpis.exe>  []
    <spngmdgm><C:\WINDOWS\pgdmybsu.exe>  []
    <dbhlp32><C:\WINDOWS\dbhlp32.exe>  []
    <ticisms><C:\WINDOWS\ticisms.exe>  []
    <ptshell><C:\WINDOWS\ptshell.exe>  []
    <huifitc><C:\WINDOWS\huifitc.exe>  []
    <fmbiost><C:\WINDOWS\fmbiost.exe>  []
    <isndntio><C:\WINDOWS\isndntio.exe>  []
    <mfchlp64><C:\WINDOWS\mfchlp64.exe>  []
    <fmsjhif><C:\WINDOWS\fmsjhif.exe>  []
    <fmsbbqi><C:\WINDOWS\fmsbbqi.exe>  []
    <tciocp64><C:\WINDOWS\tciocp64.exe>  []
    <hefcndy><C:\WINDOWS\hefcndy.exe>  []
    <bincdwsa><C:\WINDOWS\bincdwsa.exe>  []
    <dndsioc><C:\WINDOWS\dndsioc.exe>  []
    <cinfonmc><C:\WINDOWS\cinfonmc.exe>  []
    <WINSvr64><C:\WINDOWS\WINSvr64.exe>  []
    <yuiabct><C:\WINDOWS\yuiabct.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><EXPLORER.EXE>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><msosptfs01.dll,msosdrop00.dll,msosmnsf00.dll,msoscqit00.dll,jmjzdz.dll,fmsiocps.dll,msosjtio01.dll,nicozftp00.dll,msosfmsq00.dll,msosdohs01.dll,msosmhfp00.dll>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    <WinlogonNotify: WgaLogon><WgaLogon.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]

==================================
启动文件夹
[服务管理器]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\服务管理器.lnk --> C:\PROGRA~1\MI6841~1\80\Tools\Binn\sqlmangr.exe [Microsoft Corporation]><N>

==================================
服务
[Contrl Center of Storm Media / ccosm][Running/Auto Start]
  <d:\Program Files\StormII\stormliv.exe /asservice><北京暴风网际科技有限公司>
[MSSQLSERVER / MSSQLSERVER][Running/Auto Start]
  <C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -sMSSQLSERVER><Microsoft Corporation>
[MSSQLServerADHelper / MSSQLServerADHelper][Stopped/Manual Start]
  <C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe><Microsoft Corporation>
[Rising Proxy  Service / RfwProxySrv][Running/Auto Start]
  <c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Stopped/Auto Start]
  <c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Stopped/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
  <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[SQLSERVERAGENT / SQLSERVERAGENT][Stopped/Manual Start]
  <C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE -i MSSQLSERVER><Microsoft Corporation>
[40DF3601 / 40DF3601][Stopped/Auto Start]
  <C:\WINDOWS\system32\FB399B38.EXE -d><>

==================================
驱动程序
[ADI UAA Function Driver for High Definition Audio Service / ADIHdAudAddService][Running/Manual Start]
  <system32\drivers\ADIHdAud.sys><Analog Devices, Inc.>
[AE Audio Service / AEAudio][Running/Manual Start]
  <system32\drivers\AEAudio.sys><Andrea Electronics Corporation>
[AMD K8 Processor Driver / AmdK8][Stopped/Manual Start]
  <System32\DRIVERS\amdk8.sys><Advanced Micro Devices>
[Broadcom 440x 10/100 Integrated Controller XP Driver / bcm4sbxp][Running/Manual Start]
  <system32\DRIVERS\bcm4sbxp.sys><Broadcom Corporation>
[cqit / cqit][Stopped/Auto Start]
  <\??\C:\WINDOWS\TEMP\tmp7.tmp><N/A>
[Team MFP Comm Driver / DgiVecp][Running/Auto Start]
  <System32\Drivers\DgiVecp.sys><DeviceGuys, Inc.>
[Creative AudioPCI (ES1371,ES1373) (WDM) / es1371][Stopped/Manual Start]
  <system32\drivers\es1371mp.sys><Creative Technology Ltd.>
[Microsoft UAA Function Driver for High Definition Audio Service / HdAudAddService][Stopped/Manual Start]
  <system32\drivers\HdAudio.sys><Windows (R) Server 2003 DDK provider>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HookCont / HookCont][Running/System Start]
  <\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Technology Co., Ltd>
[HookNtos / HookNtos][Running/System Start]
  <\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Technology Co., Ltd>
[HookReg / HookReg][Running/System Start]
  <\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Technology Co., Ltd>
[HookSys / HookSys][Running/System Start]
  <\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Technology Co., Ltd>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[Kingsoft AntiARP NIDS Driver / KAntiarp][Running/Manual Start]
  <system32\DRIVERS\kantiarp.sys><Kingsoft Corporation>
[KAVBootC / KAVBootC][Running/Boot Start]
  <\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>
[KAVSafe / KAVSafe][Running/Auto Start]
  <\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys><Kingsoft Corporation>
[msfpfis64 / msfpfis64][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\msosmsfpfis64.sys><N/A>
[AMD PCNET Compatable Adapter Driver / PCnet][Stopped/Manual Start]
  <system32\DRIVERS\pcntpci5.sys><AMD Inc.>
[ptfs / ptfs][Stopped/Auto Start]
  <\??\C:\WINDOWS\TEMP\tmp14.tmp><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Rising  Rfwbase Driver / RfwBase][Running/Auto Start]
  <System32\DRIVERS\rfwbase.SYS><Beijing Rising Technology Co., Ltd.>
[RsFwDrv / RsFwDrv][Running/System Start]
  <\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[S3GIGP / S3GIGP][Running/Manual Start]
  <system32\DRIVERS\S3gIGPm.sys><S3 Graphics Co., Ltd.>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SenFilt Service / SenFiltService][Running/Manual Start]
  <system32\drivers\Senfilt.sys><Sensaura>
[VIA AGP Filter / viaagp1][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\viaagp1.sys><VIA Technologies, Inc.>
[ViaIde / ViaIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[vmscsi / vmscsi][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\vmscsi.sys><VMware, Inc.>
[msp2p32 / msp2p32][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\msosmsp2p32.sys><N/A>
[zftp / zftp][Stopped/Auto Start]
  <\??\C:\WINDOWS\TEMP\tmp5.tmp><N/A>
[dohs / dohs][Stopped/Auto Start]
  <\??\C:\WINDOWS\TEMP\tmp8.tmp><N/A>
[fmsq / fmsq][Stopped/Auto Start]
  <\??\C:\WINDOWS\TEMP\tmpE.tmp><N/A>
[mnsf / mnsf][Stopped/Auto Start]
  <\??\C:\WINDOWS\TEMP\tmp37.tmp><N/A>
[drop / drop][Stopped/Auto Start]
  <\??\C:\WINDOWS\TEMP\tmp39.tmp><N/A>
[jtio / jtio][Stopped/Auto Start]
  <\??\C:\WINDOWS\TEMP\tmp45.tmp><N/A>

==================================
浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <E:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <E:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <, N/A>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[iReportPlugin Control]
  {99C9F0B9-4397-49ED-AF4A-F98924ADECE6} <C:\WINDOWS\DOWNLO~1\IREPOR~1.OCX, >
[HT2006.HTCard]
  {C63C37C6-E40C-4E90-AC5F-54FC4F0E2E91} <C:\WINDOWS\Downloaded Program Files\HT2006.ocx, 华东软件>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <E:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[RealPlayer RAM Download Handler]
  {2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Microsoft Office Control]
  {4453D895-F2A1-4A38-A285-1EF9BD3F6D5D} <C:\PROGRA~1\MICROS~2\OFFICE11\AUTHZAX.DLL, Microsoft Corporation>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <E:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[XMP Class]
  {6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan