木马群(页 1) - 『系统救援』 - 绿色家园还电脑一片纯净 Windows清理助手官方网站

2008-11-22 00:37 cq1985

木马群

任务栏消失、系统键无反应、网页只能打开主页（能搜索，但是打不开新网页，意思就是只能看到几句话，不能进入看到全部内容）SYSTEM32 多了些数字文件比如 32154 等进程也在启动的时候会出现1个或几个，但几秒钟后就不见，
还一奇怪的地方是，在这搜索到木马群的标题后，都无法进入看到里面的内容只能看到标题……其他的能进

安装卡把四几的时候所缺少 WINDOWS INSTALLER 或您在安全模式我汗
360 提示有机器狗但机器狗专杀扫描不到
在多次的点开360 安装
最后杀了一些，现在求助个位……我QQ都不敢开……这木马群基本是专盗QQ和网络游戏帐号密码的

360安全卫士木马查杀历史报告

木马名称：Msdad木马程序
路径：C:\WINDOWS\system32\sh12007.add
查杀时间：2008-11-22 00:07
木马名称：waswtkn恶意程序
路径：C:\WINDOWS\system32\sh23007.add
查杀时间：2008-11-22 00:07
木马名称：Dbi木马程序
路径：C:\PROGRA~1\INTERN~1\VneNt64.Jmp
查杀时间：2008-11-22 00:07
木马名称：GameThief.sidp盗号木马
路径：
查杀时间：2008-11-22 00:07
木马名称：winssco木马群
路径：C:\WINDOWS\system32\HBWOW.dll
查杀时间：2008-11-22 00:07
木马名称：winssco木马群
路径：C:\WINDOWS\system32\HBWOW.dll
查杀时间：2008-11-22 00:07
木马名称：winssco木马群
路径：C:\WINDOWS\system32\HBWOW.dll
查杀时间：2008-11-22 00:07
木马名称：winssco木马群
路径：C:\WINDOWS\system32\HBWOW.dll
查杀时间：2008-11-22 00:07
木马名称：winssco木马群
路径：C:\WINDOWS\system32\HBWOW.dll
查杀时间：2008-11-22 00:05
木马名称：winssco木马群
路径：C:\WINDOWS\system32\HBWOW.dll
查杀时间：2008-11-22 00:05
木马名称：Trojan/Win32.RGD.sdo
路径：C:\WINDOWS\system32\HBTL.dll
查杀时间：2008-11-22 00:05
木马名称：Trojan/Win32.AutoRV.lzu
路径：C:\WINDOWS\system32\HBmhly.dll
查杀时间：2008-11-22 00:05
木马名称：Trojan/Win32.AutoRV.lzs
路径：C:\WINDOWS\system32\HBDNF.dll
查杀时间：2008-11-22 00:05
木马名称：Trojan/Win32.RGD.sdo
路径：C:\WINDOWS\system32\1E.tmp
查杀时间：2008-11-22 00:05
木马名称：Trojan/Win32.AutoRV.lzu
路径：C:\WINDOWS\system32\1C.tmp
查杀时间：2008-11-22 00:05
木马名称：Trojan/Win32.AutoRV.lzs
路径：C:\WINDOWS\system32\1.tmp
查杀时间：2008-11-22 00:05
木马名称：WinFCom木马程序
路径：
查杀时间：2008-11-22 00:05
木马名称：Aliwa木马程序
路径：C:\PROGRA~1\INTERN~1\UnnxeMe.Jmp
查杀时间：2008-11-22 00:05
木马名称：UnxeMe木马程序
路径：
查杀时间：2008-11-22 00:05
木马名称：winssco木马群
路径：C:\WINDOWS\system32\HBWOW.dll
查杀时间：2008-11-22 00:05
木马名称：Trojan/Win32.Juren.aaa
路径：C:\WINDOWS\system32\sh27006.dll
查杀时间：2008-11-22 00:05
木马名称：Trojan/Win32.AutoRV.lzp
路径：C:\WINDOWS\system32\sh23007.dll
查杀时间：2008-11-22 00:05
木马名称：Trojan/Win32.AutoRV.lzs
路径：C:\WINDOWS\system32\sh18022.dll
查杀时间：2008-11-22 00:05
木马名称：Trojan/Win32.AutoRV.lzu
路径：C:\WINDOWS\system32\sh15011.dll
查杀时间：2008-11-22 00:05
木马名称：Trojan/Win32.Juren.aaa
路径：C:\WINDOWS\system32\sh14016.dll
查杀时间：2008-11-22 00:05
木马名称：Infostealer/Win32.Gampass
路径：C:\WINDOWS\system32\sh12007.dll
查杀时间：2008-11-22 00:05
木马名称：Trojan/Win32.AutoRV.lzq
路径：C:\WINDOWS\system32\sh05004.dll
查杀时间：2008-11-22 00:05
木马名称：Trojan/Win32.Juren.aaa
路径：C:\WINDOWS\system32\sh02004.dll
查杀时间：2008-11-22 00:05
木马名称：Trojan/Win32.AutoRV.lzq
路径：C:\WINDOWS\system32\sh01015.dll
查杀时间：2008-11-22 00:05
木马名称：Trojan/Win32.SPK.abu
路径：C:\WINDOWS\system32\rpcss.dll
查杀时间：2008-11-22 00:05
木马名称：Trojan/Win32.RGD.sdo
路径：C:\WINDOWS\system32\HBTL.dll
查杀时间：2008-11-22 00:05
木马名称：Trojan/Win32.AutoRV.lzu
路径：C:\WINDOWS\system32\HBmhly.dll
查杀时间：2008-11-22 00:05
木马名称：Trojan/Win32.AutoRV.lzs
路径：C:\WINDOWS\system32\HBDNF.dll
查杀时间：2008-11-22 00:05
木马名称：Trojan/Win32.SuperKiller.sfa
路径：C:\WINDOWS\system32\de8296f.sys
查杀时间：2008-11-22 00:05
木马名称：Trojan/Win32.IEprot.sfv
路径：C:\WINDOWS\system32\b160485.sys
查杀时间：2008-11-22 00:05
木马名称：Trojan/Win32.RGD.sdo
路径：C:\WINDOWS\system32\1E.tmp
查杀时间：2008-11-22 00:05
木马名称：Trojan/Win32.AutoRV.lzu
路径：C:\WINDOWS\system32\1C.tmp
查杀时间：2008-11-22 00:05
木马名称：Trojan/Win32.AutoRV.lzs
路径：C:\WINDOWS\system32\1.tmp
查杀时间：2008-11-22 00:05

2008-11-22 00:43 西门吹雪

助手没有反应么？

2008-11-22 01:00 cq1985

有反应杀完了重启又发现了问题还是没解决

[2.8.2.8.1115 - 2.8.32.8.1119]
2008-11-22 00:38
[Trojan]
C:\WINDOWS\SYSTEM32\SH01015.DLL
C:\WINDOWS\SYSTEM32\SH02004.DLL
C:\WINDOWS\SYSTEM32\SH05004.DLL
C:\WINDOWS\SYSTEM32\SH12007.DLL
C:\WINDOWS\SYSTEM32\SH23007.DLL
C:\WINDOWS\SYSTEM32\SH27006.DLL
C:\WINDOWS\TEMP\~036989.~~~
C:\WINDOWS\TEMP\~044AE0.~~~
C:\WINDOWS\TEMP\~04DFDD.~~~
C:\WINDOWS\TEMP\~052A44.~~~
C:\WINDOWS\TEMP\~05C02B.~~~
C:\WINDOWS\TEMP\~060AE0.~~~

[2.8.2.8.1115 - 2.8.32.8.1119]
2008-11-22 00:38
[System]
C:\WINDOWS\SYSTEM32\SYSTEM.EXE

[2.8.2.8.1115 - 2.8.32.8.1119]
2008-11-22 00:38
[Trojan.psw.avx]
C:\PROGRAM FILES\INTERNET EXPLORER\58U1NTME.2YS
C:\WINDOWS\SYSTEM32\2EF0D734.DLL
C:\WINDOWS\SYSTEM32\F8E07BB2.DLL
C:\WINDOWS\SYSTEM32\SPCSS.DLL
C:\WINDOWS\TEMP\~0315EA.~~~
C:\WINDOWS\TEMP\~031742.~~~
C:\WINDOWS\TEMP\~03184C.~~~
C:\WINDOWS\TEMP\~0318C9.~~~
C:\WINDOWS\TEMP\~031E47.~~~
C:\WINDOWS\TEMP\~03257B.~~~
C:\WINDOWS\TEMP\~032A5D.~~~
C:\WINDOWS\TEMP\~036746.~~~
C:\WINDOWS\TEMP\~0374F2.~~~
C:\WINDOWS\TEMP\~03B0B3.~~~
C:\WINDOWS\TEMP\~03B612.~~~
C:\WINDOWS\TEMP\~03F53E.~~~
C:\WINDOWS\TEMP\~03F6A6.~~~
C:\WINDOWS\TEMP\~03F83C.~~~
C:\WINDOWS\TEMP\~03F926.~~~
C:\WINDOWS\TEMP\~040098.~~~
C:\WINDOWS\TEMP\~0404DE.~~~
C:\WINDOWS\TEMP\~040CAE.~~~
C:\WINDOWS\TEMP\~045437.~~~
C:\WINDOWS\TEMP\~047329.~~~
C:\WINDOWS\TEMP\~049557.~~~
C:\WINDOWS\TEMP\~056827.~~~
C:\WINDOWS\TEMP\~05749B.~~~
HKEY_CLASSES_ROOT\CLSID\{08223B03-1B38-4A33-A83A-A4D3CC1D6E4E}
HKEY_CLASSES_ROOT\CLSID\{B3721C07-62B3-411A-9DC7-F5F27E3E21FF}
HKEY_CLASSES_ROOT\CLSID\{BA7EDF54-8408-4B21-B351-7B447B344BA4}
HKEY_CLASSES_ROOT\CLSID\{D7C79813-9233-4AE0-832C-99B2E8019673}
HKEY_CLASSES_ROOT\CLSID\{E4814792-EFA3-4C20-93D0-8B130A59F9A8}
HKEY_CLASSES_ROOT\CLSID\{F8E07BB2-7A19-4057-80F1-E14646E630B4}
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{202AEF39-2BFA-4A5F-B526-390FDE0BC675}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{08223B03-1B38-4A33-A83A-A4D3CC1D6E4E}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{B3721C07-62B3-411A-9DC7-F5F27E3E21FF}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{BA7EDF54-8408-4B21-B351-7B447B344BA4}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{D7C79813-9233-4AE0-832C-99B2E8019673}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{E4814792-EFA3-4C20-93D0-8B130A59F9A8}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{F8E07BB2-7A19-4057-80F1-E14646E630B4}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\GFRING3.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{08223B03-1B38-4A33-A83A-A4D3CC1D6E4E}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{B3721C07-62B3-411A-9DC7-F5F27E3E21FF}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{BA7EDF54-8408-4B21-B351-7B447B344BA4}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{D7C79813-9233-4AE0-832C-99B2E8019673}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{E4814792-EFA3-4C20-93D0-8B130A59F9A8}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{F8E07BB2-7A19-4057-80F1-E14646E630B4}
HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\F35EE9E
HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET002\SERVICES\F35EE9E
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\F35EE9E

[2.8.2.8.1115 - 2.8.32.8.1119]
2008-11-22 00:38
[Uncorrect AppInit_DLLs]
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS\APPINIT_DLLS\REG_SZ00

[2.8.2.8.1115 - 2.8.32.8.1119]
2008-11-22 00:38
[Eyiruanjian Canliu]
C:\WINDOWS\SYSTEM32\122B901E.CFG
C:\WINDOWS\SYSTEM32\58FF3024.CFG
C:\WINDOWS\SYSTEM32\8566F82E.CFG
C:\WINDOWS\SYSTEM32\B3721C07.CFG
C:\WINDOWS\SYSTEM32\D7C79813.CFG
C:\WINDOWS\SYSTEM32\DA63E650.CFG
C:\WINDOWS\SYSTEM32\E4814792.CFG

[2.8.2.8.1115 - 2.8.32.8.1119]
2008-11-22 00:38
[Trojan.msosiocp.dosjisn]
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\HBSERVICE32

[2.8.2.8.1115 - 2.8.32.8.1119]
2008-11-22 00:38
[Trojan.xpserve.lsoss]
C:\WINDOWS\SYSTEM32\9CA963CA.CFG

[2.8.2.8.1115 - 2.8.32.8.1119]
2008-11-22 00:38
[Trojan.ytewcxzsw.wrew2ds]
C:\WINDOWS\SYSTEM32\08223B03.CFG
HKEY_CLASSES_ROOT\CLSID\{58FF3024-8A83-4B1A-88E9-302F47646EEE}
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{F6A454AE-156A-415E-9F89-3795677A8A91}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{58FF3024-8A83-4B1A-88E9-302F47646EEE}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{58FF3024-8A83-4B1A-88E9-302F47646EEE}
HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\ALIIMZ
HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET002\SERVICES\ALIIMZ
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ALIIMZ

[2.8.2.8.1115 - 2.8.32.8.1119]
2008-11-22 00:38
[Trojan.bndmss.wmel32]
HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\HBKERNEL32
HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET002\SERVICES\HBKERNEL32
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\HBKERNEL32

[2.8.2.8.1115 - 2.8.32.8.1119]
2008-11-22 00:38
[Trojan.upnpsrv]
HKEY_CLASSES_ROOT\CLSID\{122B901E-493F-4AD9-BC69-7DE8C3E52FCC}
HKEY_CLASSES_ROOT\CLSID\{DA63E650-537C-4042-87BB-9D19D844680B}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{122B901E-493F-4AD9-BC69-7DE8C3E52FCC}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{DA63E650-537C-4042-87BB-9D19D844680B}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{122B901E-493F-4AD9-BC69-7DE8C3E52FCC}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{DA63E650-537C-4042-87BB-9D19D844680B}

[2.8.2.8.1115 - 2.8.32.8.1119]
2008-11-22 00:38
[Torjan.systes.qensng]
C:\WINDOWS\SYSTEM32\R01015.EXE
C:\WINDOWS\SYSTEM32\R02004.EXE
C:\WINDOWS\SYSTEM32\R03004.EXE
C:\WINDOWS\SYSTEM32\R05004.EXE
C:\WINDOWS\SYSTEM32\R14016.EXE
C:\WINDOWS\SYSTEM32\R14017.EXE
C:\WINDOWS\SYSTEM32\R15011.EXE
C:\WINDOWS\SYSTEM32\R18022.EXE
C:\WINDOWS\SYSTEM32\R21015.EXE
C:\WINDOWS\SYSTEM32\R23007.EXE
C:\WINDOWS\SYSTEM32\R27006.EXE

[2.8.2.8.1115 - 2.8.32.8.1119]
2008-11-22 00:38
[TROJAN FILES 3]
HKEY_CLASSES_ROOT\CLSID\{2EF0D734-21FD-4225-A1A2-BCD296182AAF}
HKEY_CLASSES_ROOT\CLSID\{66AFCB56-FAA9-42D2-8C72-2767A46C7FA8}
HKEY_CLASSES_ROOT\CLSID\{DFEC5CB7-E2AA-4B0A-BEB3-D140E59ED53A}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{2EF0D734-21FD-4225-A1A2-BCD296182AAF}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{66AFCB56-FAA9-42D2-8C72-2767A46C7FA8}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{DFEC5CB7-E2AA-4B0A-BEB3-D140E59ED53A}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{2EF0D734-21FD-4225-A1A2-BCD296182AAF}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{66AFCB56-FAA9-42D2-8C72-2767A46C7FA8}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{DFEC5CB7-E2AA-4B0A-BEB3-D140E59ED53A}

[2.8.2.8.1115 - 2.8.32.8.1119]
2008-11-22 00:38
[Unknown Trojan Horse/Virus]
C:\WINDOWS\SYSTEM32\201476D0.DLL
C:\WINDOWS\SYSTEM32\4FBFD5A4.DLL
C:\WINDOWS\SYSTEM32\56BC86C7.DLL
C:\WINDOWS\SYSTEM32\A1A6BC2E.DLL
C:\WINDOWS\SYSTEM32\E1D19FCC.DLL
C:\WINDOWS\SYSTEM32\SH21015.DLL
HKEY_CLASSES_ROOT\CLSID\{201476D0-2B18-462E-AB9F-3E2B0CC8732B}
HKEY_CLASSES_ROOT\CLSID\{A1A6BC2E-C6A1-43C1-8884-A31D772F42B8}
HKEY_CLASSES_ROOT\CLSID\{E1D19FCC-4777-4D71-B863-6A0A5B4E59BC}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{201476D0-2B18-462E-AB9F-3E2B0CC8732B}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{A1A6BC2E-C6A1-43C1-8884-A31D772F42B8}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{E1D19FCC-4777-4D71-B863-6A0A5B4E59BC}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{201476D0-2B18-462E-AB9F-3E2B0CC8732B}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{A1A6BC2E-C6A1-43C1-8884-A31D772F42B8}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{E1D19FCC-4777-4D71-B863-6A0A5B4E59BC}

[2.8.2.8.1115 - 2.8.32.8.1119]
2008-11-22 00:38
[Maybe Useless object]
C:\WINDOWS\SYSTEM32\DRIVERS\HBKERNEL32.SYS

[2.8.2.8.1115 - 2.8.32.8.1119]
2008-11-22 00:38
[Infected System File,Can not Delete!]
System Important File,Can not delete,Try Replace:C:\WINDOWS\SYSTEM32\MMC.EXE
System Important File,Can not delete,Try Replace:C:\WINDOWS\SYSTEM32\RPCSS.DLL
System Important File,Can not delete,Try Replace:C:\WINDOWS\SYSTEM32\USER32.DLL
刚扫描出来的

2008-11-22 01:01 西门吹雪

尝试清理看看！现在有升级，请升级到最新版本再尝试清理看看！

2008-11-22 01:05 西门吹雪

System Important File,Can not delete,Try Replace:C:\WINDOWS\SYSTEM32\MMC.EXE
System Important File,Can not delete,Try Replace:C:\WINDOWS\SYSTEM32\RPCSS.DLL
System Important File,Can not delete,Try Replace:C:\WINDOWS\SYSTEM32\USER32.DLL

这些系统文件需要替换修复

2008-11-23 22:48 cq1985

由于上面的几个文件需要替换,我忍受不了老弹出对话框,直接按重启了,系统进不去了,由于配电脑时没安光驱^^^ 花了15块钱,重装了个系统了，系统键又死了，現在任務栏又死了，估计是瑞星在隔离杀毒病毒这个？？？？？？？
刚系统诊断了下,看不懂的说^^呵呵怎么感觉我的系统进程c:\docume~1\admin~1\locals~1\TEMP\637578触发了API類規則

2008-11-23 22:49 cq1985

[CODE]

2008-11-23,22:16:04

SysLog Scanner 1.0 - build 20080726
Arswp ([url]http://www.arswp.com[/url])

Windows XP Professional Service Pack 3 (build 2600) - Administrators

========================================
注册项

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<amd_dc_opt><C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe>  [AMD, 1, 1, 4, 0, C:2008-07-22 13:53 M:2008-07-22 13:53]
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.24, C:2008-11-23 21:04 M:2008-11-23 21:04]
<runeip><"C:\Program Files\Rising\AntiSpyware\rstray.exe" /startup>  [(Verified)Beijing Rising Information Technology Co., Ltd., 21.0.0.15, C:2008-11-23 21:04 M:2008-11-23 21:04]
<HBService32><System.exe>  [N/A, C:2008-11-23 21:27 M:2008-11-23 21:59]
<AVP><"E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe">  [(Verified)Kaspersky Lab, 7.0.0.125, C:2007-06-28 12:51 M:2007-06-28 12:51]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<Userinit><C:\WINDOWS\system32\userinit.exe,>  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2008-07-13 15:15 M:2008-04-15 02:00]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><kmon.dll,HBDNF.dll,HBJTLQ.dll,HBTL.dll,HBWOW.dll>  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28, C:2008-11-23 21:04 M:2008-11-23 21:04|N/A, C:2008-11-23 21:27 M:2008-11-23 21:59|N/A, C:2008-11-23 21:27 M:2008-11-23 22:12|N/A, C:2008-11-23 21:28 M:2008-11-23 22:13|N/A, C:2008-11-23 21:29 M:2008-11-23 22:13]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-11-23 21:04 M:2008-11-23 21:04]
<{A1A6BC2E-C6A1-43C1-8884-A31D772F42B8}><A1A6BC2E.dll>  [N/A, C:2008-11-23 21:28 M:2008-11-23 21:28]
<{2EF0D734-21FD-4225-A1A2-BCD296182AAF}><2EF0D734.dll>  [N/A, C:2008-11-23 21:28 M:2008-11-23 21:28]
<{F8E07BB2-7A19-4057-80F1-E14646E630B4}><F8E07BB2.dll>  [N/A, C:2008-11-23 21:29 M:2008-11-23 21:29]
<{E1D19FCC-4777-4D71-B863-6A0A5B4E59BC}><E1D19FCC.dll>  [N/A, C:2008-11-23 21:30 M:2008-11-23 21:30]
<{201476D0-2B18-462E-AB9F-3E2B0CC8732B}><201476D0.dll>  [N/A, C:2008-11-23 21:34 M:2008-11-23 21:34]
<{4FBFD5A4-5FE8-4444-8BD9-FD0FAFA64F96}><4FBFD5A4.dll>  [N/A, C:2008-11-23 21:35 M:2008-11-23 21:35]
<{56BC86C7-0692-4F94-A2C1-6CF1DBF8096C}><56BC86C7.dll>  [N/A, C:2008-11-23 21:35 M:2008-11-23 21:35]
<{DA63E650-537C-4042-87BB-9D19D844680B}><DA63E650.dll>  [N/A, C:2008-11-23 21:35 M:2008-11-23 21:35]
<{5934EA2B-B2C4-4BE7-BF7A-FBA781A12E40}><5934EA2B.dll>  [N/A, C:2008-11-23 21:36 M:2008-11-23 21:36]
<{DFB3DAC5-B0B5-4B05-BFCF-FB42737778FA}><DFB3DAC5.dll>  [N/A, C:2008-11-23 21:36 M:2008-11-23 21:36]
<{34A25F04-008D-403E-8EE6-2307BC02FA2E}><34A25F04.dll>  [N/A, C:2008-11-23 21:36 M:2008-11-23 21:36]
<{66AFCB56-FAA9-42D2-8C72-2767A46C7FA8}><66AFCB56.dll>  [N/A, C:2008-11-23 21:37 M:2008-11-23 21:37]
<{08223B03-1B38-4A33-A83A-A4D3CC1D6E4E}><08223B03.dll>  [N/A, C:2008-11-23 21:37 M:2008-11-23 21:37]
<{BA7EDF54-8408-4B21-B351-7B447B344BA4}><BA7EDF54.dll>  [N/A, C:2008-11-23 21:37 M:2008-11-23 21:37]
<{E4814792-EFA3-4C20-93D0-8B130A59F9A8}><E4814792.dll>  [N/A, C:2008-11-23 21:38 M:2008-11-23 21:38]
<{122B901E-493F-4AD9-BC69-7DE8C3E52FCC}><122B901E.dll>  [N/A, C:2008-11-23 21:38 M:2008-11-23 21:38]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\导出到 Microsoft Office Excel(&X)]
<><res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000>  []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\添加到QQ表情]
<><D:\Program Files\Tencent1\QQ\AddEmotion.htm>  [N/A, C:2008-05-14 10:29 M:2008-05-14 10:29]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
<WinlogonNotify: AtiExtEvent><Ati2evxx.dll>  [(Verified)ATI Technologies Inc., 6.14.10.4177, C:2008-11-23 20:57 M:2008-08-21 10:07]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
<WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll>  [(Verified)Kaspersky Lab, 7.0.0.125, C:2007-06-28 12:51 M:2007-06-28 12:51]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105), C:2008-07-13 15:15 M:2008-04-15 02:00|(Verified)Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-07-13 15:14 M:2008-04-15 02:00|N/A, C:2008-07-13 15:15 M:2008-06-12 08:32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105), C:2008-07-13 15:15 M:2008-04-15 02:00|(Verified)Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-07-13 15:14 M:2008-04-15 02:00|(Verified)N/A, C:2008-07-13 15:15 M:2008-04-15 02:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}]
<Web 反病毒统计><E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll>  [(Verified)Kaspersky Lab, 7.0.0.125, C:2007-06-28 12:51 M:2007-06-28 12:51]

========================================
启动项

[腾讯QQ]
<C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\腾讯QQ.lnk --> "D:\Program Files\Tencent1\QQ\QQ.exe"  > [(Verified)TENCENT, 8,0,777,1805, C:2008-05-14 20:40 M:2008-05-14 20:40]

========================================
计划任务

========================================
组件

IE Extension
[Web 反病毒统计]
{85E0B171-04FA-11D1-B7DA-00A0C90348D6}  <E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll>  [(Verified)Kaspersky Lab, 7.0.0.125, C:2007-06-28 12:51 M:2007-06-28 12:51]

ShellExecuteHook
[ShlExecHack Class]
{32CD708B-60A7-4C00-9377-D73EAA495F0F}  <C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-11-23 21:04 M:2008-11-23 21:04]
[]
{A1A6BC2E-C6A1-43C1-8884-A31D772F42B8}  <A1A6BC2E.dll>  [N/A, C:2008-11-23 21:28 M:2008-11-23 21:28]
[]
{2EF0D734-21FD-4225-A1A2-BCD296182AAF}  <2EF0D734.dll>  [N/A, C:2008-11-23 21:28 M:2008-11-23 21:28]
[]
{F8E07BB2-7A19-4057-80F1-E14646E630B4}  <F8E07BB2.dll>  [N/A, C:2008-11-23 21:29 M:2008-11-23 21:29]
[]
{E1D19FCC-4777-4D71-B863-6A0A5B4E59BC}  <E1D19FCC.dll>  [N/A, C:2008-11-23 21:30 M:2008-11-23 21:30]
[]
{201476D0-2B18-462E-AB9F-3E2B0CC8732B}  <201476D0.dll>  [N/A, C:2008-11-23 21:34 M:2008-11-23 21:34]
[]
{4FBFD5A4-5FE8-4444-8BD9-FD0FAFA64F96}  <4FBFD5A4.dll>  [N/A, C:2008-11-23 21:35 M:2008-11-23 21:35]
[]
{56BC86C7-0692-4F94-A2C1-6CF1DBF8096C}  <56BC86C7.dll>  [N/A, C:2008-11-23 21:35 M:2008-11-23 21:35]
[]
{DA63E650-537C-4042-87BB-9D19D844680B}  <DA63E650.dll>  [N/A, C:2008-11-23 21:35 M:2008-11-23 21:35]
[]
{5934EA2B-B2C4-4BE7-BF7A-FBA781A12E40}  <5934EA2B.dll>  [N/A, C:2008-11-23 21:36 M:2008-11-23 21:36]
[]
{DFB3DAC5-B0B5-4B05-BFCF-FB42737778FA}  <DFB3DAC5.dll>  [N/A, C:2008-11-23 21:36 M:2008-11-23 21:36]
[]
{34A25F04-008D-403E-8EE6-2307BC02FA2E}  <34A25F04.dll>  [N/A, C:2008-11-23 21:36 M:2008-11-23 21:36]
[]
{66AFCB56-FAA9-42D2-8C72-2767A46C7FA8}  <66AFCB56.dll>  [N/A, C:2008-11-23 21:37 M:2008-11-23 21:37]
[]
{08223B03-1B38-4A33-A83A-A4D3CC1D6E4E}  <08223B03.dll>  [N/A, C:2008-11-23 21:37 M:2008-11-23 21:37]
[]
{BA7EDF54-8408-4B21-B351-7B447B344BA4}  <BA7EDF54.dll>  [N/A, C:2008-11-23 21:37 M:2008-11-23 21:37]
[]
{E4814792-EFA3-4C20-93D0-8B130A59F9A8}  <E4814792.dll>  [N/A, C:2008-11-23 21:38 M:2008-11-23 21:38]
[]
{122B901E-493F-4AD9-BC69-7DE8C3E52FCC}  <122B901E.dll>  [N/A, C:2008-11-23 21:38 M:2008-11-23 21:38]

Shell Extension
[Display Panning CPL Extension]
{42071714-76d4-11d1-8b24-00a0c9068ff3}  <deskpan.dll>  []
[HyperTerminal Icon Ext]
{88895560-9AA2-1069-930E-00AA0030EBC8}  <C:\WINDOWS\system32\hticons.dll>  [(Verified)Hilgraeve, Inc., 5.1.2600.0, C:2008-07-13 15:22 M:2008-04-15 02:00]
[Microsoft Agent Character Property Sheet Handler]
{143A62C8-C33B-11D1-84FE-00C04FA34A14}  <C:\WINDOWS\msagent\AgentPsh.dll>  [Microsoft Corporation, 2.00.0.2115, C:1998-09-15 17:21 M:1998-09-15 17:21]
[WinRAR shell extension]
{B41DB860-8EE4-11D2-9906-E49FADC173CA}  <C:\Program Files\WinRAR\rarext.dll>  [N/A, C:2008-10-17 19:20 M:2008-09-30 21:14]
[RISING]
{1C7593CB-C1CC-4BA7-BE52-8EEA47F9CB1D}  <C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-11-23 21:04 M:2008-11-23 21:04]
[Web 反病毒统计]
{85E0B171-04FA-11D1-B7DA-00A0C90348D6}  <E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll>  [(Verified)Kaspersky Lab, 7.0.0.125, C:2007-06-28 12:51 M:2007-06-28 12:51]

BrowserHelperObject
[ThunderAtOnce Class]
{01443AEC-0FD1-40fd-9C87-E93D1494C233}  <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll>  [(Verified)Thunder Networking Technologies,LTD, 1.0.5.34, C:2008-11-23 20:59 M:2008-09-06 10:36]
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283}  <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll>  [(Verified)Thunder Networking Technologies,LTD, 5, 0, 8, 120, C:2008-11-23 20:59 M:2008-09-19 16:44]
[卡卡上网安全助手]
{98B7C13A-E9CD-4959-8B46-FBEAB41E42A8}  <C:\WINDOWS\system32\UrlFilter.dll>  [(Verified)Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 15, C:2008-11-23 21:04 M:2008-11-23 21:04]

ActiveX Extension
[ThunderAtOnce Class]
{01443AEC-0FD1-40FD-9C87-E93D1494C233}  <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll>  [(Verified)Thunder Networking Technologies,LTD, 1.0.5.34, C:2008-11-23 20:59 M:2008-09-06 10:36]
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283}  <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll>  [(Verified)Thunder Networking Technologies,LTD, 5, 0, 8, 120, C:2008-11-23 20:59 M:2008-09-19 16:44]
[卡卡上网安全助手]
{98B7C13A-E9CD-4959-8B46-FBEAB41E42A8}  <C:\WINDOWS\system32\UrlFilter.dll>  [(Verified)Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 15, C:2008-11-23 21:04 M:2008-11-23 21:04]

Context Menu
[Kaspersky Anti-Virus]
{dd230880-495a-11d1-b064-008048ec2fc5}  <E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\ShellEx.dll>  [(Verified)Kaspersky Lab, 7.0.0.125, C:2007-06-28 12:51 M:2007-06-28 12:51]
[RisingRavExt]
{1C7593CB-C1CC-4BA7-BE52-8EEA47F9CB1D}  <C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-11-23 21:04 M:2008-11-23 21:04]
[WinRAR]
{B41DB860-8EE4-11D2-9906-E49FADC173CA}  <C:\Program Files\WinRAR\rarext.dll>  [N/A, C:2008-10-17 19:20 M:2008-09-30 21:14]

========================================
服务

[Human Interface Device Access / HidServ][Stopped/Disabled]
<%SystemRoot%\System32\svchost.exe -k netsvcs --> "%SystemRoot%\System32\hidserv.dll">  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-07-13 15:15 M:2008-04-15 02:00]
[NetMeeting Remote Desktop Sharing / mnmsrvc][Stopped/Manual Start]
<C:\WINDOWS\system32\mnmsrvc.exe>  []
[System Restore Service / srservice][Stopped/Disabled]
<%SystemRoot%\system32\svchost.exe -k netsvcs --> "C:\WINDOWS\system32\srsvc.dll">  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-07-13 15:15 M:2008-04-15 02:00]

[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
<%SystemRoot%\system32\Ati2evxx.exe>  [(Verified)ATI Technologies Inc., 6.14.10.4207, C:2008-11-23 20:57 M:2008-08-21 10:05]
[Kaspersky Anti-Virus 7.0 / AVP][Running/Auto Start]
<"E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r>  [(Verified)Kaspersky Lab, 7.0.0.125, C:2007-06-28 12:51 M:2007-06-28 12:51]
[Contrl Center of Storm Media / ccosm][Running/Auto Start]
<C:\Program Files\StormII\stormliv.exe /asservice>  [(Verified)北京暴风网际科技有限公司, 3, 8, 3, 15, C:2008-03-11 14:33 M:2008-03-11 14:33]
[DCOM Server Process Launcher / DcomLaunch][Running/Auto Start]
<%SystemRoot%\system32\svchost -k DcomLaunch --> "%SystemRoot%\system32\rpcss.dll">  [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-07-13 15:15 M:2008-04-15 02:00|N/A, C:2008-07-13 15:15 M:2008-04-15 02:00]
[Remote Procedure Call (RPC) / RpcSs][Running/Auto Start]
<%SystemRoot%\system32\svchost -k rpcss --> "c:\windows\system32\rpcss.dll">  [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-07-13 15:15 M:2008-04-15 02:00|N/A, C:2008-07-13 15:15 M:2008-04-15 02:00]
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"C:\Program Files\Rising\Rav\CCenter.exe">  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.33, C:2008-11-23 21:04 M:2008-11-23 21:04]
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
<"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe">  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.80, C:2008-11-23 21:04 M:2008-11-23 21:04]

========================================
驱动

[aliimz / aliimz][Stopped/Manual Start]
<System32\Drivers\aliimz.sys>  []
[b160485 / b160485][Running/Manual Start]
<\??\C:\WINDOWS\system32\b160485.sys>  [N/A, C:2008-11-23 21:28 M:2008-11-23 21:28]
[d812a079 / d812a079][Running/Manual Start]
<\??\C:\WINDOWS\system32\d812a079.sys>  [N/A, C:2008-11-23 21:28 M:2008-11-23 21:28]
[HBKernel32 Driver / HBKernel32][Stopped/Boot Start]
<system32\drivers\HBKernel32.sys>  [N/A, C:2008-11-23 21:27 M:2008-11-23 22:13]
[Klif / klif][Running/System Start]
<\??\C:\WINDOWS\system32\drivers\klif.sys>  [Kaspersky Lab, 6.12.10.299, C:2007-06-27 17:31 M:2007-06-27 17:31]
[SATALink driver accelerator / SiFilter][Running/Boot Start]
<system32\drivers\SiWinAcc.sys>  [Silicon Image, Inc., 1.0.0.11, C:2006-08-08 22:19 M:2006-08-08 22:19]
[System Restore Filter Driver / sr][Stopped/Disabled]
<\SystemRoot\system32\DRIVERS\sr.sys>  []
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
<system32\DRIVERS\tcpip.sys>  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249), C:2008-07-13 15:15 M:2008-07-13 12:24]

[AMD Processor Driver / AmdK8][Running/System Start]
<system32\DRIVERS\AmdK8.sys>  [(Verified)Advanced Micro Devices, 1.3.2 (dnsrv(wmbla).060701-2226), C:2008-11-23 20:59 M:2006-07-01 22:43]
[AMD Low Level Device Driver / AmdLLD][Running/Manual Start]
<system32\DRIVERS\AmdLLD.sys>  [(Verified)AMD, Inc., 1.0.1.0, C:2008-11-23 20:59 M:2007-06-29 14:47]
[ati2mtag / ati2mtag][Running/Manual Start]
<system32\DRIVERS\ati2mtag.sys>  [(Verified)ATI Technologies Inc., 6.14.10.6860, C:2008-11-23 20:57 M:2008-08-21 12:52]
[Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start]
<system32\DRIVERS\HDAudBus.sys>  [(Verified)Windows (R) Server 2003 DDK provider, 5.10.01.5013 built by: WinDDK, C:2008-04-13 17:36 M:2008-07-13 12:29]
[HookCont / HookCont][Running/System Start]
<\SystemRoot\system32\drivers\HookCont.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 7, C:2008-11-23 21:04 M:2008-11-23 21:04]
[HookNtos / HookNtos][Running/System Start]
<\SystemRoot\system32\drivers\HookNtos.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 50, C:2008-11-23 21:04 M:2008-11-23 21:04]
[HookReg / HookReg][Running/System Start]
<\SystemRoot\system32\drivers\HookReg.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 28, C:2008-11-23 21:04 M:2008-11-23 21:04]
[HookSys / HookSys][Running/System Start]
<\SystemRoot\system32\drivers\HookSys.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 55, C:2008-11-23 21:04 M:2008-11-23 21:04]
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
<system32\drivers\RtkHDAud.sys>  [(Verified)Realtek Semiconductor Corp., 5.10.0.5717 built by: WinDDK, C:2008-11-23 20:57 M:2008-10-13 18:26]
[Kl1 / kl1][Running/Boot Start]
<system32\drivers\kl1.sys>  [(Verified)Kaspersky Lab, 6.1.21.0, C:2007-04-28 16:51 M:2007-04-28 16:51]
[Kaspersky Anti-Virus NDIS Filter / klim5][Running/Manual Start]
<system32\DRIVERS\klim5.sys>  [(Verified)Kaspersky Lab, 6.1.22.0, C:2007-04-04 14:58 M:2007-04-04 14:58]
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys>  [(Verified)Parallel Technologies, Inc., 1.10 (XPClient.010817-1148), C:2008-07-13 15:15 M:2008-04-15 02:00]
[RsNTGDI / RsNTGDI][Running/Boot Start]
<system32\Drivers\RsNTGdi.sys>  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 3, C:2008-11-23 21:04 M:2008-11-23 21:04]
[Service for HDMI / RTHDMIAzAudService][Running/Manual Start]
<system32\drivers\RtHDMI.sys>  [(Verified)Realtek Semiconductor Corp., 5.10.0.5692 built by: WinDDK, C:2008-11-23 20:57 M:2008-08-26 11:28]
[Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver / RTLE8023xp][Running/Manual Start]
<system32\DRIVERS\Rtenicxp.sys>  [(Verified)Realtek Semiconductor Corporation                         , 5.706.0925.2008 built by: WinDDK, C:2008-11-23 20:57 M:2008-09-25 21:51]
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys>  [(Verified)Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., 4.03.086, C:2008-07-13 15:15 M:2008-04-15 02:00]

========================================
进程

[PID: 988 / SYSTEM] \SystemRoot\System32\smss.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-07-13 15:15 M:2008-04-15 02:00]

[PID: 1068 / SYSTEM] \??\C:\WINDOWS\system32\csrss.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-07-13 15:14 M:2008-04-15 02:00]
C:\WINDOWS\system32\csrss.dll  [N/A, C:2008-11-23 21:30 M:2008-04-15 02:00]
C:\WINDOWS\system32\sh01021.dll  [N/A, C:2008-07-13 15:15 M:2008-04-15 02:00]
C:\WINDOWS\system32\sh02004.dll  [N/A, C:2008-07-13 15:15 M:2008-04-15 02:00]
C:\WINDOWS\system32\sh03004.dll  [N/A, C:2008-07-13 15:15 M:2008-04-15 02:00]
C:\WINDOWS\system32\sh05004.dll  [N/A, C:2008-07-13 15:15 M:2008-04-15 02:00]
C:\WINDOWS\system32\sh12010.dll  [N/A, C:2008-07-13 15:15 M:2008-04-15 02:00]
C:\WINDOWS\system32\sh14018.dll  [N/A, C:2008-07-13 15:15 M:2008-04-15 02:00]
C:\WINDOWS\system32\sh15013.dll  [N/A, C:2008-07-13 15:15 M:2008-04-15 02:00]
C:\WINDOWS\system32\sh18025.dll  [N/A, C:2008-07-13 15:15 M:2008-04-15 02:00]
C:\WINDOWS\system32\sh21017.dll  [N/A, C:2008-07-13 15:15 M:2008-04-15 02:00]
C:\WINDOWS\system32\sh23007.dll  [N/A, C:2008-07-13 15:15 M:2008-04-15 02:00]
C:\WINDOWS\system32\sh27006.dll  [N/A, C:2008-07-13 15:15 M:2008-04-15 02:00]

[PID: 1100 / SYSTEM] \??\C:\WINDOWS\system32\winlogon.exe [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113), C:2008-07-13 15:15 M:2008-04-24 06:14]
C:\WINDOWS\system32\HBDNF.dll  [N/A, C:2008-11-23 21:27 M:2008-11-23 21:59]
C:\WINDOWS\system32\HBJTLQ.dll  [N/A, C:2008-11-23 21:27 M:2008-11-23 22:12]
C:\WINDOWS\system32\HBTL.dll  [N/A, C:2008-11-23 21:28 M:2008-11-23 22:13]
C:\WINDOWS\system32\HBWOW.dll  [N/A, C:2008-11-23 21:29 M:2008-11-23 22:13]
C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-07-13 15:15 M:2008-06-12 08:32]
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll  [(Verified)Kaspersky Lab, 7.0.0.125, C:2007-06-28 12:51 M:2007-06-28 12:51]
C:\WINDOWS\system32\Ati2evxx.dll  [(Verified)ATI Technologies Inc., 6.14.10.4177, C:2008-11-23 20:57 M:2008-08-21 10:07]
C:\WINDOWS\system32\klogon.dll  [(Verified)Kaspersky Lab, 7.0.0.125, C:2007-06-28 12:51 M:2007-06-28 12:51]

[PID: 1144 / SYSTEM] C:\WINDOWS\system32\services.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-07-13 15:15 M:2008-04-15 02:00]

[PID: 1156 / SYSTEM] C:\WINDOWS\system32\lsass.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113), C:2008-07-13 15:15 M:2008-04-15 02:00]
C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-07-13 15:15 M:2008-06-12 08:32]
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll  [(Verified)Kaspersky Lab, 7.0.0.125, C:2007-06-28 12:51 M:2007-06-28 12:51]
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll  [(Verified)Kaspersky Lab, 7.0.0.125, C:2007-06-28 12:51 M:2007-06-28 12:51]

[PID: 1340 / SYSTEM] C:\WINDOWS\system32\Ati2evxx.exe [(Verified)ATI Technologies Inc., 6.14.10.4207, C:2008-11-23 20:57 M:2008-08-21 10:05]
C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28, C:2008-11-23 21:04 M:2008-11-23 21:04]
C:\WINDOWS\system32\HBDNF.dll  [N/A, C:2008-11-23 21:27 M:2008-11-23 21:59]
C:\WINDOWS\system32\HBTL.dll  [N/A, C:2008-11-23 21:28 M:2008-11-23 22:13]
C:\WINDOWS\system32\Ati2edxx.dll  [(Verified)ATI Technologies, Inc., 6, 14, 10, 2513, C:2008-11-23 20:57 M:2008-08-21 10:07]
C:\WINDOWS\system32\atipdlxx.dll  [(Verified)ATI Technologies, Inc., 6, 14, 10, 2539, C:2008-11-23 20:57 M:2008-08-21 10:08]
C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-07-13 15:15 M:2008-06-12 08:32]

[PID: 1368 / SYSTEM] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-07-13 15:15 M:2008-04-15 02:00]
C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-07-13 15:15 M:2008-06-12 08:32]
c:\windows\system32\rpcss.dll  [N/A, C:2008-07-13 15:15 M:2008-04-15 02:00]

[PID: 1464 / SYSTEM] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-07-13 15:15 M:2008-04-15 02:00]
C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-07-13 15:15 M:2008-06-12 08:32]
c:\windows\system32\rpcss.dll  [N/A, C:2008-07-13 15:15 M:2008-04-15 02:00]
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll  [(Verified)Kaspersky Lab, 7.0.0.125, C:2007-06-28 12:51 M:2007-06-28 12:51]

[PID: 1604 / SYSTEM] C:\Program Files\Rising\Rav\CCenter.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.33, C:2008-11-23 21:04 M:2008-11-23 21:04]
C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-07-13 15:15 M:2008-06-12 08:32]

[PID: 1620 / SYSTEM] C:\WINDOWS\System32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-07-13 15:15 M:2008-04-15 02:00]
C:\WINDOWS\System32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-07-13 15:15 M:2008-06-12 08:32]
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll  [(Verified)Kaspersky Lab, 7.0.0.125, C:2007-06-28 12:51 M:2007-06-28 12:51]

[PID: 1880 / NETWORK SERVICE] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-07-13 15:15 M:2008-04-15 02:00]
C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-07-13 15:15 M:2008-06-12 08:32]
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll  [(Verified)Kaspersky Lab, 7.0.0.125, C:2007-06-28 12:51 M:2007-06-28 12:51]

[PID: 1916 / LOCAL SERVICE] C:\WINDOWS\system32\svchost.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111), C:2008-07-13 15:15 M:2008-04-15 02:00]
C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-07-13 15:15 M:2008-06-12 08:32]

[PID: 1992 / SYSTEM] C:\WINDOWS\system32\Ati2evxx.exe [(Verified)ATI Technologies Inc., 6.14.10.4207, C:2008-11-23 20:57 M:2008-08-21 10:05]
C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28, C:2008-11-23 21:04 M:2008-11-23 21:04]
C:\WINDOWS\system32\HBDNF.dll  [N/A, C:2008-11-23 21:27 M:2008-11-23 21:59]
C:\WINDOWS\system32\HBTL.dll  [N/A, C:2008-11-23 21:28 M:2008-11-23 22:13]
C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-07-13 15:15 M:2008-06-12 08:32]
C:\WINDOWS\system32\Ati2edxx.dll  [(Verified)ATI Technologies, Inc., 6, 14, 10, 2513, C:2008-11-23 20:57 M:2008-08-21 10:07]
C:\WINDOWS\system32\atipdlxx.dll  [(Verified)ATI Technologies, Inc., 6, 14, 10, 2539, C:2008-11-23 20:57 M:2008-08-21 10:08]
C:\WINDOWS\system32\ati2evxx.dll  [(Verified)ATI Technologies Inc., 6.14.10.4177, C:2008-11-23 20:57 M:2008-08-21 10:07]

[PID: 308 / SYSTEM] C:\PROGRAM FILES\RISING\RAV\ravmond.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.80, C:2008-11-23 21:04 M:2008-11-23 21:04]
C:\PROGRAM FILES\RISING\RAV\BWList.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.5, C:2008-11-23 21:04 M:2008-11-23 21:04]
C:\WINDOWS\system32\MFC71.DLL  [Microsoft Corporation, 7.10.3077.0, C:2003-03-19 05:20 M:2003-03-19 05:20]
C:\WINDOWS\system32\MSVCR71.dll  [Microsoft Corporation, 7.10.3052.4, C:2003-02-21 05:42 M:2003-02-21 05:42]
C:\WINDOWS\system32\MSVCP71.dll  [Microsoft Corporation, 7.10.3077.0, C:2003-03-18 21:14 M:2003-03-18 21:14]
C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.1, C:2008-11-23 21:04 M:2008-11-23 21:04]
C:\PROGRAM FILES\RISING\RAV\CfgDll.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.19, C:2008-11-23 21:04 M:2008-11-23 21:04]
C:\PROGRAM FILES\RISING\RAV\RsLog.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.36, C:2008-11-23 21:04 M:2008-11-23 21:04]
C:\PROGRAM FILES\RISING\RAV\ProcCom.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-11-23 21:04 M:2008-11-23 21:04]
C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-11-23 21:04 M:2008-11-23 21:04]
C:\PROGRAM FILES\RISING\RAV\MonRule.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.29, C:2008-11-23 21:04 M:2008-11-23 21:04]
C:\PROGRAM FILES\RISING\RAV\Hooksys.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 12, C:2008-11-23 21:04 M:2008-11-23 21:04]
C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-07-13 15:15 M:2008-06-12 08:32]
C:\PROGRAM FILES\RISING\RAV\HookReg.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6, C:2008-11-23 21:04 M:2008-11-23 21:04]
C:\PROGRAM FILES\RISING\RAV\HookNtos.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5, C:2008-11-23 21:04 M:2008-11-23 21:04]
C:\PROGRAM FILES\RISING\RAV\rswalmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 24, C:2008-11-23 21:04 M:2008-11-23 21:04]
C:\PROGRAM FILES\RISING\RAV\recomp.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 41, C:2008-11-23 21:04 M:2008-11-23 21:04]
C:\PROGRAM FILES\RISING\RAV\refs.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18, C:2008-11-23 21:04 M:2008-11-23 21:04]
C:\PROGRAM FILES\RISING\RAV\ffr.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 16, C:2008-11-23 21:04 M:2008-11-23 21:04]
C:\Program Files\Rising\Rav\RsStore.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.9, C:2008-11-23 21:04 M:2008-11-23 21:04]
C:\PROGRAM FILES\RISING\RAV\HookCont.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3, C:2008-11-23 21:04 M:2008-11-23 21:04]
C:\Program Files\Rising\Rav\fakescan.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.14, C:2008-11-23 21:04 M:2008-11-23 21:04]
C:\Program Files\Rising\Rav\Scanner.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.39, C:2008-11-23 21:04 M:2008-11-23 21:04]
C:\PROGRAM FILES\RISING\RAV\viruslib.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27, C:2008-11-23 21:04 M:2008-11-23 21:04]
C:\PROGRAM FILES\RISING\RAV\relibldr.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-11-23 21:04 M:2008-11-23 21:04]
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll  [(Verified)Kaspersky Lab, 7.0.0.125, C:2007-06-28 12:51 M:2007-06-28 12:51]
C:\PROGRAM FILES\RISING\RAV\HookWeb.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.3, C:2008-11-23 21:04 M:2008-11-23 21:04]
C:\PROGRAM FILES\RISING\RAV\extfile.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 32, C:2008-11-23 21:04 M:2008-11-23 21:04]
C:\PROGRAM FILES\RISING\RAV\pearc.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 8, C:2008-11-23 21:04 M:2008-11-23 21:04]
C:\PROGRAM FILES\RISING\RAV\nvfile.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 7, C:2008-11-23 21:04 M:2008-11-23 21:04]
C:\PROGRAM FILES\RISING\RAV\scanexec.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 22, C:2008-11-23 21:04 M:2008-11-23 21:04]
C:\PROGRAM FILES\RISING\RAV\unexe.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 6, C:2008-11-23 21:04 M:2008-11-23 21:04]
C:\PROGRAM FILES\RISING\RAV\scanex.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 90, C:2008-11-23 21:04 M:2008-11-23 21:04]
C:\PROGRAM FILES\RISING\RAV\scanpack.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10, C:2008-11-23 21:04 M:2008-11-23 21:04]
C:\PROGRAM FILES\RISING\RAV\revm.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 11, C:2008-11-23 21:04 M:2008-11-23 21:04]
C:\PROGRAM FILES\RISING\RAV\urutils.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 7, C:2008-11-23 21:04 M:2008-11-23 21:04]
C:\PROGRAM FILES\RISING\RAV\ur000.dat  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-11-23 21:04 M:2008-11-23 21:04]
C:\PROGRAM FILES\RISING\RAV\scriptci.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 4, C:2008-11-23 21:04 M:2008-11-23 21:04]
C:\PROGRAM FILES\RISING\RAV\uroutine.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27, C:2008-11-23 21:04 M:2008-11-23 21:04]
C:\PROGRAM FILES\RISING\RAV\ur001.dat  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 4, C:2008-11-23 21:04 M:2008-11-23 21:04]
C:\PROGRAM FILES\RISING\RAV\scansct.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 11, C:2008-11-23 21:04 M:2008-11-23 21:04]
C:\PROGRAM FILES\RISING\RAV\extmail.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10, C:2008-11-23 21:04 M:2008-11-23 21:04]

[PID: 516 / SYSTEM] C:\WINDOWS\system32\spoolsv.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852), C:2008-07-13 15:15 M:2008-04-15 02:00]
C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-07-13 15:15 M:2008-06-12 08:32]
C:\WINDOWS\system32\HBDNF.dll  [N/A, C:2008-11-23 21:27 M:2008-11-23 21:59]
C:\WINDOWS\system32\HBJTLQ.dll  [N/A, C:2008-11-23 21:27 M:2008-11-23 22:12]
C:\WINDOWS\system32\HBTL.dll  [N/A, C:2008-11-23 21:28 M:2008-11-23 22:13]
C:\WINDOWS\system32\HBWOW.dll  [N/A, C:2008-11-23 21:29 M:2008-11-23 22:13]
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll  [(Verified)Kaspersky Lab, 7.0.0.125, C:2007-06-28 12:51 M:2007-06-28 12:51]

[PID: 812 / SYSTEM] C:\PROGRAM FILES\RISING\RAV\RavStub.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.10, C:2008-11-23 21:04 M:2008-11-23 21:04]
C:\PROGRAM FILES\RISING\RAV\ProcCom.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-11-23 21:04 M:2008-11-23 21:04]
C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-11-23 21:04 M:2008-11-23 21:04]
C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-11-23 21:04 M:2008-11-23 21:04]
C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-07-13 15:15 M:2008-06-12 08:32]

[PID: 1032 / Administrator] C:\WINDOWS\system32\userinit.exe [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158), C:2008-07-13 15:15 M:2008-04-15 02:00]
C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-07-13 15:15 M:2008-06-12 08:32]
C:\WINDOWS\system32\HBDNF.dll  [N/A, C:2008-11-23 21:27 M:2008-11-23 21:59]
C:\WINDOWS\system32\HBTL.dll  [N/A, C:2008-11-23 21:28 M:2008-11-23 22:13]
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll  [(Verified)Kaspersky Lab, 7.0.0.125, C:2007-06-28 12:51 M:2007-06-28 12:51]
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll  [(Verified)Kaspersky Lab, 7.0.0.125, C:2007-06-28 12:51 M:2007-06-28 12:51]
C:\WINDOWS\system32\E1D19FCC.dll  [N/A, C:2008-11-23 21:30 M:2008-11-23 21:30]
C:\WINDOWS\system32\F8E07BB2.dll  [N/A, C:2008-11-23 21:29 M:2008-11-23 21:29]
C:\WINDOWS\system32\2EF0D734.dll  [N/A, C:2008-11-23 21:28 M:2008-11-23 21:28]
C:\WINDOWS\system32\A1A6BC2E.dll  [N/A, C:2008-11-23 21:28 M:2008-11-23 21:28]
C:\WINDOWS\system32\201476D0.dll  [N/A, C:2008-11-23 21:34 M:2008-11-23 21:34]
C:\WINDOWS\system32\4FBFD5A4.dll  [N/A, C:2008-11-23 21:35 M:2008-11-23 21:35]
C:\WINDOWS\system32\08223B03.dll  [N/A, C:2008-11-23 21:37 M:2008-11-23 21:37]
C:\WINDOWS\system32\DFB3DAC5.dll  [N/A, C:2008-11-23 21:36 M:2008-11-23 21:36]
C:\WINDOWS\system32\5934EA2B.dll  [N/A, C:2008-11-23 21:36 M:2008-11-23 21:36]
C:\WINDOWS\system32\DA63E650.dll  [N/A, C:2008-11-23 21:35 M:2008-11-23 21:35]
C:\WINDOWS\system32\56BC86C7.dll  [N/A, C:2008-11-23 21:35 M:2008-11-23 21:35]

[PID: 1348 / Administrator] C:\WINDOWS\explorer.exe [(Verified)Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-07-13 15:15 M:2008-04-15 02:00]
C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-07-13 15:15 M:2008-06-12 08:32]
C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28, C:2008-11-23 21:04 M:2008-11-23 21:04]
C:\WINDOWS\system32\HBDNF.dll  [N/A, C:2008-11-23 21:27 M:2008-11-23 21:59]
C:\WINDOWS\system32\HBJTLQ.dll  [N/A, C:2008-11-23 21:27 M:2008-11-23 22:12]
C:\WINDOWS\system32\HBTL.dll  [N/A, C:2008-11-23 21:28 M:2008-11-23 22:13]
C:\WINDOWS\system32\HBWOW.dll  [N/A, C:2008-11-23 21:29 M:2008-11-23 22:13]
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll  [(Verified)Kaspersky Lab, 7.0.0.125, C:2007-06-28 12:51 M:2007-06-28 12:51]
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\scrchpg.dll  [(Verified)Kaspersky Lab, 7.0.0.125, C:2007-06-28 12:51 M:2007-06-28 12:51]
C:\WINDOWS\system32\A1A6BC2E.dll  [N/A, C:2008-11-23 21:28 M:2008-11-23 21:28]
C:\WINDOWS\system32\2EF0D734.dll  [N/A, C:2008-11-23 21:28 M:2008-11-23 21:28]
C:\WINDOWS\system32\F8E07BB2.dll  [N/A, C:2008-11-23 21:29 M:2008-11-23 21:29]
C:\WINDOWS\system32\E1D19FCC.dll  [N/A, C:2008-11-23 21:30 M:2008-11-23 21:30]
C:\WINDOWS\system32\201476D0.dll  [N/A, C:2008-11-23 21:34 M:2008-11-23 21:34]
C:\WINDOWS\system32\4FBFD5A4.dll  [N/A, C:2008-11-23 21:35 M:2008-11-23 21:35]
C:\WINDOWS\system32\56BC86C7.dll  [N/A, C:2008-11-23 21:35 M:2008-11-23 21:35]
C:\WINDOWS\system32\DA63E650.dll  [N/A, C:2008-11-23 21:35 M:2008-11-23 21:35]
C:\WINDOWS\system32\5934EA2B.dll  [N/A, C:2008-11-23 21:36 M:2008-11-23 21:36]
C:\WINDOWS\system32\DFB3DAC5.dll  [N/A, C:2008-11-23 21:36 M:2008-11-23 21:36]
C:\WINDOWS\system32\34A25F04.dll  [N/A, C:2008-11-23 21:36 M:2008-11-23 21:36]
C:\WINDOWS\system32\66AFCB56.dll  [N/A, C:2008-11-23 21:37 M:2008-11-23 21:37]
C:\WINDOWS\system32\08223B03.dll  [N/A, C:2008-11-23 21:37 M:2008-11-23 21:37]
C:\WINDOWS\system32\BA7EDF54.dll  [N/A, C:2008-11-23 21:37 M:2008-11-23 21:37]
C:\WINDOWS\system32\E4814792.dll  [N/A, C:2008-11-23 21:38 M:2008-11-23 21:38]
C:\WINDOWS\system32\122B901E.dll  [N/A, C:2008-11-23 21:38 M:2008-11-23 21:38]
C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll  [(Verified)Thunder Networking Technologies,LTD, 1.0.5.34, C:2008-11-23 20:59 M:2008-09-06 10:36]
C:\WINDOWS\system32\MSVCP71.dll  [Microsoft Corporation, 7.10.3077.0, C:2003-03-18 21:14 M:2003-03-18 21:14]
C:\WINDOWS\system32\MSVCR71.dll  [Microsoft Corporation, 7.10.3052.4, C:2003-02-21 05:42 M:2003-02-21 05:42]
C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll  [(Verified)Thunder Networking Technologies,LTD, 5, 0, 8, 120, C:2008-11-23 20:59 M:2008-09-19 16:44]
C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll  [Thunder Networking Technologies,LTD, 1, 0, 0, 20, C:2008-11-23 20:59 M:2008-09-23 17:39]
C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll  [Thunder Networking Technologies,LTD, 1, 0, 0, 16, C:2008-11-23 20:59 M:2008-09-23 17:39]
C:\WINDOWS\system32\RavExt.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.18, C:2008-11-23 21:04 M:2008-11-23 21:04]

[PID: 444 / LOCAL SERVICE] C:\WINDOWS\System32\alg.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852), C:2008-07-13 15:14 M:2008-04-15 02:00]
C:\WINDOWS\System32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-07-13 15:15 M:2008-06-12 08:32]
C:\WINDOWS\System32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28, C:2008-11-23 21:04 M:2008-11-23 21:04]
C:\WINDOWS\System32\HBDNF.dll  [N/A, C:2008-11-23 21:27 M:2008-11-23 21:59]
C:\WINDOWS\System32\HBTL.dll  [N/A, C:2008-11-23 21:28 M:2008-11-23 22:13]

[PID: 732 / SYSTEM] C:\Program Files\StormII\stormliv.exe [(Verified)北京暴风网际科技有限公司, 3, 8, 3, 15, C:2008-03-11 14:33 M:2008-03-11 14:33]
C:\Program Files\StormII\MSVCP60.dll  [Microsoft Corporation, 6.02.3104.0, C:2007-09-21 19:43 M:2007-09-21 19:43]
C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28, C:2008-11-23 21:04 M:2008-11-23 21:04]
C:\WINDOWS\system32\HBDNF.dll  [N/A, C:2008-11-23 21:27 M:2008-11-23 21:59]
C:\WINDOWS\system32\HBJTLQ.dll  [N/A, C:2008-11-23 21:27 M:2008-11-23 22:12]
C:\WINDOWS\system32\HBTL.dll  [N/A, C:2008-11-23 21:28 M:2008-11-23 22:13]
C:\WINDOWS\system32\HBWOW.dll  [N/A, C:2008-11-23 21:29 M:2008-11-23 22:13]
C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-07-13 15:15 M:2008-06-12 08:32]
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll  [(Verified)Kaspersky Lab, 7.0.0.125, C:2007-06-28 12:51 M:2007-06-28 12:51]
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll  [(Verified)Kaspersky Lab, 7.0.0.125, C:2007-06-28 12:51 M:2007-06-28 12:51]

[PID: 2580 / Administrator] C:\Program Files\Rising\Rav\Ravmon.exe [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.01.27, C:2008-11-23 21:04 M:2008-11-23 21:04]
C:\WINDOWS\system32\MFC71.DLL  [Microsoft Corporation, 7.10.3077.0, C:2003-03-19 05:20 M:2003-03-19 05:20]
C:\WINDOWS\system32\MSVCR71.dll  [Microsoft Corporation, 7.10.3052.4, C:2003-02-21 05:42 M:2003-02-21 05:42]
C:\WINDOWS\system32\MSVCP71.dll  [Microsoft Corporation, 7.10.3077.0, C:2003-03-18 21:14 M:2003-03-18 21:14]
C:\Program Files\Rising\Rav\ProcCom.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-11-23 21:04 M:2008-11-23 21:04]
C:\Program Files\Rising\Rav\RsCommX2.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20, C:2008-11-23 21:04 M:2008-11-23 21:04]
C:\Program Files\Rising\Rav\RSCOMMON.DLL  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-11-23 21:04 M:2008-11-23 21:04]
C:\Program Files\Rising\Rav\recomp.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 41, C:2008-11-23 21:04 M:2008-11-23 21:04]
C:\Program Files\Rising\Rav\refs.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18, C:2008-11-23 21:04 M:2008-11-23 21:04]
C:\Program Files\Rising\Rav\viruslib.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27, C:2008-11-23 21:04 M:2008-11-23 21:04]
C:\Program Files\Rising\Rav\relibldr.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17, C:2008-11-23 21:04 M:2008-11-23 21:04]
C:\Program Files\Rising\Rav\RSAPPMGR.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.1, C:2008-11-23 21:04 M:2008-11-23 21:04]
C:\Program Files\Rising\Rav\CfgDll.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.19, C:2008-11-23 21:04 M:2008-11-23 21:04]
C:\Program Files\Rising\Rav\MonRule.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20.0.0.29, C:2008-11-23 21:04 M:2008-11-23 21:04]
C:\Program Files\Rising\Rav\PngDll.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5, C:2008-11-23 21:04 M:2008-11-23 21:04]
C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-07-13 15:15 M:2008-06-12 08:32]
C:\Program Files\Rising\Rav\Rsguilib.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 90, C:2008-11-23 21:04 M:2008-11-23 21:04]
C:\Program Files\Rising\Rav\RsXML.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2, C:2008-11-23 21:04 M:2008-11-23 21:04]
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll  [(Verified)Kaspersky Lab, 7.0.0.125, C:2007-06-28 12:51 M:2007-06-28 12:51]

[PID: 2608 / Administrator] C:\WINDOWS\system32\System.exe [N/A, C:2008-11-23 21:27 M:2008-11-23 21:59]
C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28, C:2008-11-23 21:04 M:2008-11-23 21:04]
C:\WINDOWS\system32\HBDNF.dll  [N/A, C:2008-11-23 21:27 M:2008-11-23 21:59]
C:\WINDOWS\system32\HBJTLQ.dll  [N/A, C:2008-11-23 21:27 M:2008-11-23 22:12]
C:\WINDOWS\system32\HBTL.dll  [N/A, C:2008-11-23 21:28 M:2008-11-23 22:13]
C:\WINDOWS\system32\HBWOW.dll  [N/A, C:2008-11-23 21:29 M:2008-11-23 22:13]
C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-07-13 15:15 M:2008-06-12 08:32]
C:\WINDOWS\system32\08223B03.dll  [N/A, C:2008-11-23 21:37 M:2008-11-23 21:37]
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll  [(Verified)Kaspersky Lab, 7.0.0.125, C:2007-06-28 12:51 M:2007-06-28 12:51]
C:\WINDOWS\system32\DFB3DAC5.dll  [N/A, C:2008-11-23 21:36 M:2008-11-23 21:36]
C:\WINDOWS\system32\5934EA2B.dll  [N/A, C:2008-11-23 21:36 M:2008-11-23 21:36]
C:\WINDOWS\system32\DA63E650.dll  [N/A, C:2008-11-23 21:35 M:2008-11-23 21:35]
C:\WINDOWS\system32\56BC86C7.dll  [N/A, C:2008-11-23 21:35 M:2008-11-23 21:35]
C:\WINDOWS\system32\4FBFD5A4.dll  [N/A, C:2008-11-23 21:35 M:2008-11-23 21:35]
C:\WINDOWS\system32\201476D0.dll  [N/A, C:2008-11-23 21:34 M:2008-11-23 21:34]
C:\WINDOWS\system32\E1D19FCC.dll  [N/A, C:2008-11-23 21:30 M:2008-11-23 21:30]
C:\WINDOWS\system32\F8E07BB2.dll  [N/A, C:2008-11-23 21:29 M:2008-11-23 21:29]
C:\WINDOWS\system32\2EF0D734.dll  [N/A, C:2008-11-23 21:28 M:2008-11-23 21:28]
C:\WINDOWS\system32\A1A6BC2E.dll  [N/A, C:2008-11-23 21:28 M:2008-11-23 21:28]

[PID: 2684 / Administrator] C:\WINDOWS\system32\ctfmon.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105), C:2008-07-13 15:14 M:2008-04-15 02:00]
C:\WINDOWS\system32\UxTheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-07-13 15:15 M:2008-06-12 08:32]
C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28, C:2008-11-23 21:04 M:2008-11-23 21:04]
C:\WINDOWS\system32\HBDNF.dll  [N/A, C:2008-11-23 21:27 M:2008-11-23 21:59]
C:\WINDOWS\system32\HBJTLQ.dll  [N/A, C:2008-11-23 21:27 M:2008-11-23 22:12]
C:\WINDOWS\system32\HBTL.dll  [N/A, C:2008-11-23 21:28 M:2008-11-23 22:13]
C:\WINDOWS\system32\HBWOW.dll  [N/A, C:2008-11-23 21:29 M:2008-11-23 22:13]
C:\WINDOWS\system32\08223B03.dll  [N/A, C:2008-11-23 21:37 M:2008-11-23 21:37]
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll  [(Verified)Kaspersky Lab, 7.0.0.125, C:2007-06-28 12:51 M:2007-06-28 12:51]
C:\WINDOWS\system32\DFB3DAC5.dll  [N/A, C:2008-11-23 21:36 M:2008-11-23 21:36]
C:\WINDOWS\system32\5934EA2B.dll  [N/A, C:2008-11-23 21:36 M:2008-11-23 21:36]
C:\WINDOWS\system32\DA63E650.dll  [N/A, C:2008-11-23 21:35 M:2008-11-23 21:35]
C:\WINDOWS\system32\56BC86C7.dll  [N/A, C:2008-11-23 21:35 M:2008-11-23 21:35]
C:\WINDOWS\system32\4FBFD5A4.dll  [N/A, C:2008-11-23 21:35 M:2008-11-23 21:35]
C:\WINDOWS\system32\201476D0.dll  [N/A, C:2008-11-23 21:34 M:2008-11-23 21:34]
C:\WINDOWS\system32\E1D19FCC.dll  [N/A, C:2008-11-23 21:30 M:2008-11-23 21:30]
C:\WINDOWS\system32\F8E07BB2.dll  [N/A, C:2008-11-23 21:29 M:2008-11-23 21:29]
C:\WINDOWS\system32\2EF0D734.dll  [N/A, C:2008-11-23 21:28 M:2008-11-23 21:28]
C:\WINDOWS\system32\A1A6BC2E.dll  [N/A, C:2008-11-23 21:28 M:2008-11-23 21:28]

[PID: 2764 / Administrator] D:\Program Files\Tencent1\QQ\QQ.exe [(Verified)TENCENT, 8,0,777,1805, C:2008-05-14 20:40 M:2008-05-14 20:40]
D:\Program Files\Tencent1\QQ\QQBaseClassInDll.dll  [(Verified)TENCENT, 8,0,777,1805, C:2008-05-15 09:20 M:2008-05-15 09:20]
D:\Program Files\Tencent1\QQ\QQHelperDll.dll  [(Verified)TENCENT, 8,0,777,1805, C:2008-05-14 20:42 M:2008-05-14 20:43]
D:\Program Files\Tencent1\QQ\BasicCtrlDll.dll  [(Verified)TENCENT, 8,0,777,1805, C:2008-05-14 20:46 M:2008-05-14 20:46]
C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28, C:2008-11-23 21:04 M:2008-11-23 21:04]
C:\WINDOWS\system32\HBDNF.dll  [N/A, C:2008-11-23 21:27 M:2008-11-23 21:59]
C:\WINDOWS\system32\HBJTLQ.dll  [N/A, C:2008-11-23 21:27 M:2008-11-23 22:12]
C:\WINDOWS\system32\HBTL.dll  [N/A, C:2008-11-23 21:28 M:2008-11-23 22:13]
C:\WINDOWS\system32\HBWOW.dll  [N/A, C:2008-11-23 21:29 M:2008-11-23 22:13]
C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-07-13 15:15 M:2008-06-12 08:32]
D:\Program Files\Tencent1\QQ\QQAPI.dll  [(Verified)TENCENT, 8,0,777,1805, C:2008-05-14 20:40 M:2008-05-14 20:40]
C:\WINDOWS\system32\08223B03.dll  [N/A, C:2008-11-23 21:37 M:2008-11-23 21:37]
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll  [(Verified)Kaspersky Lab, 7.0.0.125, C:2007-06-28 12:51 M:2007-06-28 12:51]
C:\WINDOWS\system32\DFB3DAC5.dll  [N/A, C:2008-11-23 21:36 M:2008-11-23 21:36]
C:\WINDOWS\system32\5934EA2B.dll  [N/A, C:2008-11-23 21:36 M:2008-11-23 21:36]
C:\WINDOWS\system32\DA63E650.dll  [N/A, C:2008-11-23 21:35 M:2008-11-23 21:35]
C:\WINDOWS\system32\56BC86C7.dll  [N/A, C:2008-11-23 21:35 M:2008-11-23 21:35]
C:\WINDOWS\system32\4FBFD5A4.dll  [N/A, C:2008-11-23 21:35 M:2008-11-23 21:35]
C:\WINDOWS\system32\201476D0.dll  [N/A, C:2008-11-23 21:34 M:2008-11-23 21:34]
C:\WINDOWS\system32\E1D19FCC.dll  [N/A, C:2008-11-23 21:30 M:2008-11-23 21:30]
C:\WINDOWS\system32\F8E07BB2.dll  [N/A, C:2008-11-23 21:29 M:2008-11-23 21:29]
C:\WINDOWS\system32\2EF0D734.dll  [N/A, C:2008-11-23 21:28 M:2008-11-23 21:28]
C:\WINDOWS\system32\A1A6BC2E.dll  [N/A, C:2008-11-23 21:28 M:2008-11-23 21:28]
D:\Program Files\Tencent1\QQ\LoginCtrl.dll  [(Verified)TENCENT, 8,0,777,1805, C:2008-05-14 20:39 M:2008-05-14 20:39]
D:\Program Files\Tencent1\QQ\LoginCtrlRes.dll  [(Verified)TENCENT, 8,0,777,1805, C:2008-05-14 20:39 M:2008-05-14 20:39]
D:\Program Files\Tencent1\QQ\QQRes.dll  [(Verified)TENCENT, 8,0,776,1805, C:2008-05-15 10:23 M:2008-05-15 10:23]

[PID: 2916 / Administrator] D:\Program Files\Tencent1\QQ\TXPlatform.exe [(Verified)Tencent, 1, 0, 170, 0, C:2007-11-18 09:53 M:2007-11-18 09:53]
C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28, C:2008-11-23 21:04 M:2008-11-23 21:04]
C:\WINDOWS\system32\HBDNF.dll  [N/A, C:2008-11-23 21:27 M:2008-11-23 21:59]
C:\WINDOWS\system32\HBTL.dll  [N/A, C:2008-11-23 21:28 M:2008-11-23 22:13]
C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-07-13 15:15 M:2008-06-12 08:32]
C:\WINDOWS\system32\08223B03.dll  [N/A, C:2008-11-23 21:37 M:2008-11-23 21:37]
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll  [(Verified)Kaspersky Lab, 7.0.0.125, C:2007-06-28 12:51 M:2007-06-28 12:51]
C:\WINDOWS\system32\DFB3DAC5.dll  [N/A, C:2008-11-23 21:36 M:2008-11-23 21:36]
C:\WINDOWS\system32\5934EA2B.dll  [N/A, C:2008-11-23 21:36 M:2008-11-23 21:36]
C:\WINDOWS\system32\DA63E650.dll  [N/A, C:2008-11-23 21:35 M:2008-11-23 21:35]
C:\WINDOWS\system32\56BC86C7.dll  [N/A, C:2008-11-23 21:35 M:2008-11-23 21:35]
C:\WINDOWS\system32\4FBFD5A4.dll  [N/A, C:2008-11-23 21:35 M:2008-11-23 21:35]
C:\WINDOWS\system32\201476D0.dll  [N/A, C:2008-11-23 21:34 M:2008-11-23 21:34]
C:\WINDOWS\system32\E1D19FCC.dll  [N/A, C:2008-11-23 21:30 M:2008-11-23 21:30]
C:\WINDOWS\system32\F8E07BB2.dll  [N/A, C:2008-11-23 21:29 M:2008-11-23 21:29]
C:\WINDOWS\system32\2EF0D734.dll  [N/A, C:2008-11-23 21:28 M:2008-11-23 21:28]
C:\WINDOWS\system32\A1A6BC2E.dll  [N/A, C:2008-11-23 21:28 M:2008-11-23 21:28]

[PID: 3404 / Administrator] D:\Program Files\arswp\ArSwp.exe [(Verified)ArSwp.com, 2, 8, 2, 1115, C:2008-11-15 11:58 M:2008-11-15 11:58]
C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28, C:2008-11-23 21:04 M:2008-11-23 21:04]
C:\WINDOWS\system32\HBDNF.dll  [N/A, C:2008-11-23 21:27 M:2008-11-23 21:59]
C:\WINDOWS\system32\HBJTLQ.dll  [N/A, C:2008-11-23 21:27 M:2008-11-23 22:12]
C:\WINDOWS\system32\HBTL.dll  [N/A, C:2008-11-23 21:28 M:2008-11-23 22:13]
C:\WINDOWS\system32\HBWOW.dll  [N/A, C:2008-11-23 21:29 M:2008-11-23 22:13]
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll  [(Verified)Kaspersky Lab, 7.0.0.125, C:2007-06-28 12:51 M:2007-06-28 12:51]
C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-07-13 15:15 M:2008-06-12 08:32]
C:\WINDOWS\system32\08223B03.dll  [N/A, C:2008-11-23 21:37 M:2008-11-23 21:37]
C:\WINDOWS\system32\DFB3DAC5.dll  [N/A, C:2008-11-23 21:36 M:2008-11-23 21:36]
C:\WINDOWS\system32\5934EA2B.dll  [N/A, C:2008-11-23 21:36 M:2008-11-23 21:36]
C:\WINDOWS\system32\DA63E650.dll  [N/A, C:2008-11-23 21:35 M:2008-11-23 21:35]
C:\WINDOWS\system32\56BC86C7.dll  [N/A, C:2008-11-23 21:35 M:2008-11-23 21:35]
C:\WINDOWS\system32\4FBFD5A4.dll  [N/A, C:2008-11-23 21:35 M:2008-11-23 21:35]
C:\WINDOWS\system32\201476D0.dll  [N/A, C:2008-11-23 21:34 M:2008-11-23 21:34]
C:\WINDOWS\system32\E1D19FCC.dll  [N/A, C:2008-11-23 21:30 M:2008-11-23 21:30]
C:\WINDOWS\system32\F8E07BB2.dll  [N/A, C:2008-11-23 21:29 M:2008-11-23 21:29]
C:\WINDOWS\system32\2EF0D734.dll  [N/A, C:2008-11-23 21:28 M:2008-11-23 21:28]
C:\WINDOWS\system32\A1A6BC2E.dll  [N/A, C:2008-11-23 21:28 M:2008-11-23 21:28]
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\scrchpg.dll  [(Verified)Kaspersky Lab, 7.0.0.125, C:2007-06-28 12:51 M:2007-06-28 12:51]
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll  [(Verified)Kaspersky Lab, 7.0.0.125, C:2007-06-28 12:51 M:2007-06-28 12:51]
C:\WINDOWS\system32\shdoclc.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2008-07-13 15:15 M:2008-05-05 15:58]
C:\Program Files\Rising\Rav\RavScrCh.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5, C:2008-11-23 21:04 M:2008-11-23 21:04]
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\klscav.dll  [(Verified)Kaspersky Lab, 7.0.0.125, C:2007-06-28 12:51 M:2007-06-28 12:51]
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCR80.dll  [Microsoft Corporation, 8.00.50727.42, C:2005-09-22 23:48 M:2005-09-22 23:48]
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\prremote.dll  [(Verified)Kaspersky Lab, 7.0.0.125, C:2007-06-28 12:51 M:2007-06-28 12:51]
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\prloader.dll  [(Verified)Kaspersky Lab, 7.0.0.125, C:2007-06-28 12:51 M:2007-06-28 12:51]
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\prkernel.ppl  [Kaspersky Lab, 7.0.0.125, C:2007-06-28 12:46 M:2007-06-28 12:46]
e:\program files\kaspersky lab\kaspersky anti-virus 7.0\params.ppl  [Kaspersky Lab, 7.0.0.125, C:2007-06-28 12:46 M:2007-06-28 12:46]
e:\program files\kaspersky lab\kaspersky anti-virus 7.0\pxstub.ppl  [Kaspersky Lab, 7.0.0.125, C:2007-06-28 12:46 M:2007-06-28 12:46]
e:\program files\kaspersky lab\kaspersky anti-virus 7.0\tempfile.ppl  [Kaspersky Lab, 7.0.0.125, C:2007-06-28 12:46 M:2007-06-28 12:46]
C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx  [(Verified)Adobe Systems, Inc., 10,0,12,36, C:2008-10-05 11:16 M:2008-10-05 11:16]
C:\WINDOWS\system32\msdmo.dll  [(Verified)N/A, C:2008-07-13 15:15 M:2008-04-15 02:00]
D:\Program Files\arswp\plugin\ArFix.dll  [(Verified)ArSwp.Com, 2, 5, 0, 0, C:2007-11-28 15:19 M:2007-11-28 15:19]

[PID: 2264 / Administrator] C:\Program Files\TheWorld 2.0\TheWorld.exe [(Verified)Phoenix Studio, 2, 3, 0, 7, C:2008-09-26 16:00 M:2008-09-23 10:44]
C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28, C:2008-11-23 21:04 M:2008-11-23 21:04]
C:\WINDOWS\system32\HBDNF.dll  [N/A, C:2008-11-23 21:27 M:2008-11-23 21:59]
C:\WINDOWS\system32\HBJTLQ.dll  [N/A, C:2008-11-23 21:27 M:2008-11-23 22:12]
C:\WINDOWS\system32\HBTL.dll  [N/A, C:2008-11-23 21:28 M:2008-11-23 22:13]
C:\WINDOWS\system32\HBWOW.dll  [N/A, C:2008-11-23 21:29 M:2008-11-23 22:13]
C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-07-13 15:15 M:2008-06-12 08:32]
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll  [(Verified)Kaspersky Lab, 7.0.0.125, C:2007-06-28 12:51 M:2007-06-28 12:51]
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\scrchpg.dll  [(Verified)Kaspersky Lab, 7.0.0.125, C:2007-06-28 12:51 M:2007-06-28 12:51]
C:\WINDOWS\system32\08223B03.dll  [N/A, C:2008-11-23 21:37 M:2008-11-23 21:37]
C:\WINDOWS\system32\DFB3DAC5.dll  [N/A, C:2008-11-23 21:36 M:2008-11-23 21:36]
C:\WINDOWS\system32\5934EA2B.dll  [N/A, C:2008-11-23 21:36 M:2008-11-23 21:36]
C:\WINDOWS\system32\DA63E650.dll  [N/A, C:2008-11-23 21:35 M:2008-11-23 21:35]
C:\WINDOWS\system32\56BC86C7.dll  [N/A, C:2008-11-23 21:35 M:2008-11-23 21:35]
C:\WINDOWS\system32\4FBFD5A4.dll  [N/A, C:2008-11-23 21:35 M:2008-11-23 21:35]
C:\WINDOWS\system32\201476D0.dll  [N/A, C:2008-11-23 21:34 M:2008-11-23 21:34]
C:\WINDOWS\system32\E1D19FCC.dll  [N/A, C:2008-11-23 21:30 M:2008-11-23 21:30]
C:\WINDOWS\system32\F8E07BB2.dll  [N/A, C:2008-11-23 21:29 M:2008-11-23 21:29]
C:\WINDOWS\system32\2EF0D734.dll  [N/A, C:2008-11-23 21:28 M:2008-11-23 21:28]
C:\WINDOWS\system32\A1A6BC2E.dll  [N/A, C:2008-11-23 21:28 M:2008-11-23 21:28]
C:\WINDOWS\system32\shdoclc.dll  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158), C:2008-07-13 15:15 M:2008-05-05 15:58]
C:\Program Files\Rising\Rav\RavScrCh.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5, C:2008-11-23 21:04 M:2008-11-23 21:04]
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\klscav.dll  [(Verified)Kaspersky Lab, 7.0.0.125, C:2007-06-28 12:51 M:2007-06-28 12:51]
C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\MSVCR80.dll  [Microsoft Corporation, 8.00.50727.42, C:2005-09-22 23:48 M:2005-09-22 23:48]
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\prremote.dll  [(Verified)Kaspersky Lab, 7.0.0.125, C:2007-06-28 12:51 M:2007-06-28 12:51]
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\prloader.dll  [(Verified)Kaspersky Lab, 7.0.0.125, C:2007-06-28 12:51 M:2007-06-28 12:51]
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\prkernel.ppl  [Kaspersky Lab, 7.0.0.125, C:2007-06-28 12:46 M:2007-06-28 12:46]
e:\program files\kaspersky lab\kaspersky anti-virus 7.0\params.ppl  [Kaspersky Lab, 7.0.0.125, C:2007-06-28 12:46 M:2007-06-28 12:46]
e:\program files\kaspersky lab\kaspersky anti-virus 7.0\pxstub.ppl  [Kaspersky Lab, 7.0.0.125, C:2007-06-28 12:46 M:2007-06-28 12:46]
e:\program files\kaspersky lab\kaspersky anti-virus 7.0\tempfile.ppl  [Kaspersky Lab, 7.0.0.125, C:2007-06-28 12:46 M:2007-06-28 12:46]
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll  [(Verified)Kaspersky Lab, 7.0.0.125, C:2007-06-28 12:51 M:2007-06-28 12:51]
C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx  [(Verified)Adobe Systems, Inc., 10,0,12,36, C:2008-10-05 11:16 M:2008-10-05 11:16]
C:\WINDOWS\system32\SOGOUPY.IME  [(Verified)Sogou.com Inc., 3.6.0.1653, C:2008-09-17 10:07 M:2008-09-17 10:07]
C:\WINDOWS\system32\JPWB.IME  [日月科技, 4.00.950, C:2008-10-01 08:48 M:2008-10-01 08:48]

[PID: 2192 / Administrator] C:\Program Files\SogouInput\3.6.0.1653\ImeUtil.exe [(Verified)Sogou.com Inc., 3.6.0.1653, C:2008-09-17 10:07 M:2008-09-17 10:07]
C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28, C:2008-11-23 21:04 M:2008-11-23 21:04]
C:\WINDOWS\system32\HBDNF.dll  [N/A, C:2008-11-23 21:27 M:2008-11-23 21:59]
C:\WINDOWS\system32\HBJTLQ.dll  [N/A, C:2008-11-23 21:27 M:2008-11-23 22:12]
C:\WINDOWS\system32\HBTL.dll  [N/A, C:2008-11-23 21:28 M:2008-11-23 22:13]
C:\WINDOWS\system32\HBWOW.dll  [N/A, C:2008-11-23 21:29 M:2008-11-23 22:13]

[PID: 956 / Administrator] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\289953 [N/A, C:2008-11-23 22:15 M:2008-11-23 22:15]
C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28, C:2008-11-23 21:04 M:2008-11-23 21:04]
C:\WINDOWS\system32\HBDNF.dll  [N/A, C:2008-11-23 21:27 M:2008-11-23 21:59]
C:\WINDOWS\system32\HBJTLQ.dll  [N/A, C:2008-11-23 21:27 M:2008-11-23 22:12]
C:\WINDOWS\system32\HBTL.dll  [N/A, C:2008-11-23 21:28 M:2008-11-23 22:13]
C:\WINDOWS\system32\HBWOW.dll  [N/A, C:2008-11-23 21:29 M:2008-11-23 22:13]
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll  [(Verified)Kaspersky Lab, 7.0.0.125, C:2007-06-28 12:51 M:2007-06-28 12:51]
C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-07-13 15:15 M:2008-06-12 08:32]
C:\WINDOWS\system32\08223B03.dll  [N/A, C:2008-11-23 21:37 M:2008-11-23 21:37]
C:\WINDOWS\system32\DFB3DAC5.dll  [N/A, C:2008-11-23 21:36 M:2008-11-23 21:36]
E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll  [(Verified)Kaspersky Lab, 7.0.0.125, C:2007-06-28 12:51 M:2007-06-28 12:51]
C:\WINDOWS\system32\5934EA2B.dll  [N/A, C:2008-11-23 21:36 M:2008-11-23 21:36]
C:\WINDOWS\system32\DA63E650.dll  [N/A, C:2008-11-23 21:35 M:2008-11-23 21:35]
C:\WINDOWS\system32\56BC86C7.dll  [N/A, C:2008-11-23 21:35 M:2008-11-23 21:35]
C:\WINDOWS\system32\4FBFD5A4.dll  [N/A, C:2008-11-23 21:35 M:2008-11-23 21:35]
C:\WINDOWS\system32\201476D0.dll  [N/A, C:2008-11-23 21:34 M:2008-11-23 21:34]
C:\WINDOWS\system32\E1D19FCC.dll  [N/A, C:2008-11-23 21:30 M:2008-11-23 21:30]
C:\WINDOWS\system32\F8E07BB2.dll  [N/A, C:2008-11-23 21:29 M:2008-11-23 21:29]
C:\WINDOWS\system32\2EF0D734.dll  [N/A, C:2008-11-23 21:28 M:2008-11-23 21:28]
C:\WINDOWS\system32\A1A6BC2E.dll  [N/A, C:2008-11-23 21:28 M:2008-11-23 21:28]

[PID: 1756 / Administrator] C:\WINDOWS\system32\r12010.exe [(Verified)Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105), C:2008-11-23 21:53 M:2008-04-15 02:00]
C:\WINDOWS\system32\kmon.dll  [(Verified)Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28, C:2008-11-23 21:04 M:2008-11-23 21:04]
C:\WINDOWS\system32\HBDNF.dll  [N/A, C:2008-11-23 21:27 M:2008-11-23 21:59]
C:\WINDOWS\system32\HBJTLQ.dll  [N/A, C:2008-11-23 21:27 M:2008-11-23 22:12]
C:\WINDOWS\system32\HBTL.dll  [N/A, C:2008-11-23 21:28 M:2008-11-23 22:13]
C:\WINDOWS\system32\HBWOW.dll  [N/A, C:2008-11-23 21:29 M:2008-11-23 22:13]
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~0477eb.~~~  [N/A, C:2008-11-23 22:15 M:2008-11-23 22:15]
C:\WINDOWS\system32\uxtheme.dll  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105), C:2008-07-13 15:15 M:2008-06-12 08:32]

========================================
文件关联

========================================
AutoRun.INF

========================================
Winsock提供者

========================================
HOSTS

127.0.0.1 v.onondown.com.cn
127.0.0.2 ymsdasdw1.cn
127.0.0.3 h96b.info
127.0.0.0 fuck.zttwp.cn
127.0.0.0 [url]www.hackerbf.cn[/url]
127.0.0.0 geekbyfeng.cn
127.0.0.0 ppp.etimes888.com
127.0.0.0 [url]www.bypk.com[/url]
127.0.0.0 CSC3-2004-crl.verisign.com
127.0.0.1 va9sdhun23.cn
127.0.0.0 udp.hjob123.com
127.0.0.2 bnasnd83nd.cn
127.0.0.0 [url]www.gamehacker.com.cn[/url]
127.0.0.0 gamehacker.com.cn
127.0.0.3 adlaji.cn
127.0.0.1 858656.com
127.1.1.1 bnasnd83nd.cn
127.0.0.1 my123.com
127.0.0.0 user1.12-27.net
127.0.0.1 8749.com
127.0.0.0 fengent.cn
127.0.0.1 4199.com
127.0.0.1 user1.16-22.net
127.0.0.1 7379.com
127.0.0.1 2be37c5f.3f6e2cc5f0b.com
127.0.0.1 7255.com
127.0.0.1 user1.23-12.net
127.0.0.1 3448.com
127.0.0.1 [url]www.guccia.net[/url]
127.0.0.1 7939.com
127.0.0.1 a.o1o1o1.nEt
127.0.0.1 8009.com
127.0.0.1 user1.12-73.cn
127.0.0.1 piaoxue.com
127.0.0.1 3n8nlasd.cn
127.0.0.1 kzdh.com
127.0.0.0 [url]www.sony888.cn[/url]
127.0.0.1 about.blank.la
127.0.0.0 user1.asp-33.cn
127.0.0.1 6781.com
127.0.0.0 [url]www.netkwek.cn[/url]
127.0.0.1 7322.com
127.0.0.0 ymsdkad6.cn
127.0.0.1 localhost
127.0.0.0 [url]www.lkwueir.cn[/url]
127.0.0.1 06.jacai.com
127.0.1.1 user1.23-17.net
127.0.0.1 1.jopenkk.com
127.0.0.0 upa.luzhiai.net
127.0.0.1 1.jopenqc.com
127.0.0.0 [url]www.guccia.net[/url]
127.0.0.1 1.joppnqq.com
127.0.0.0 4m9mnlmi.cn
127.0.0.1 1.xqhgm.com
127.0.0.0 mm119mkssd.cn
127.0.0.1 100.332233.com
127.0.0.0 61.128.171.115:8080
127.0.0.1 121.11.90.79
127.0.0.0 [url]www.1119111.com[/url]
127.0.0.1 121565.net
127.0.0.0 win.nihao69.cn
127.0.0.1 125.90.88.38
127.0.0.1 16888.6to23.com
127.0.0.1 2.joppnqq.com
127.0.0.0 puc.lianxiac.net
127.0.0.1 204.177.92.68
127.0.0.0 pud.lianxiac.net
127.0.0.1 210.74.145.236
127.0.0.0 210.76.0.133
127.0.0.1 219.129.239.220
127.0.0.0 61.166.32.2
127.0.0.1 219.153.40.221
127.0.0.0 218.92.186.27
127.0.0.1 219.153.46.27
127.0.0.0 [url]www.fsfsfag.cn[/url]
127.0.0.1 219.153.52.123
127.0.0.0 ovo.ovovov.cn
127.0.0.1 221.195.42.71
127.0.0.0 dw.com.com
127.0.0.1 222.73.218.115
127.0.0.1 203.110.168.233:80
127.0.0.1 3.joppnqq.com
127.0.0.1 203.110.168.221:80
127.0.0.1 363xx.com
127.0.0.1 www1.ip10086.com.cm
127.0.0.1 4199.com
127.0.0.1 blog.ip10086.com.cn
127.0.0.1 43242.com
127.0.0.1 [url]www.ccji68.cn[/url]
127.0.0.1 5.xqhgm.com
127.0.0.0 t.myblank.cn
127.0.0.1 520.mm5208.com
127.0.0.0 x.myblank.cn
127.0.0.1 59.34.131.54
127.0.0.1 210.51.45.5
127.0.0.1 59.34.198.228
127.0.0.1 [url]www.ew1q.cn[/url]
127.0.0.1 59.34.198.88
127.0.0.1 59.34.198.97
127.0.0.1 60.190.114.101
127.0.0.1 60.190.218.34
127.0.0.0 qq-xing.com.cn
127.0.0.1 60.191.124.252
127.0.0.1 61.145.117.212
127.0.0.1 61.157.109.222
127.0.0.1 75.126.3.216
127.0.0.1 75.126.3.217
127.0.0.1 75.126.3.218
127.0.0.0 59.125.231.177:17777
127.0.0.1 75.126.3.220
127.0.0.1 75.126.3.221
127.0.0.1 75.126.3.222
127.0.0.1 772630.com
127.0.0.1 832823.cn
127.0.0.1 8749.com
127.0.0.1 888.jopenqc.com
127.0.0.1 89382.cn
127.0.0.1 8v8.biz
127.0.0.1 97725.com
127.0.0.1 9gg.biz
127.0.0.1 [url]www.9000music.com[/url]
127.0.0.1 test.591jx.com
127.0.0.1 a.topxxxx.cn
127.0.0.1 picon.chinaren.com
127.0.0.1 [url]www.5566.net[/url]
127.0.0.1 p.qqkx.com
127.0.0.1 news.netandtv.com
127.0.0.1 z.neter888.cn
127.0.0.1 b.myblank.cn
127.0.0.1 wvw.wokutu.com
127.0.0.1 unionch.qyule.com
127.0.0.1 [url]www.qyule.com[/url]
127.0.0.1 it.itjc.cn
127.0.0.1 [url]www.linkwww.com[/url]
127.0.0.1 vod.kaicn.com
127.0.0.1 [url]www.tx8688.com[/url]
127.0.0.1 b.neter888.cn
127.0.0.1 promote.huanqiu.com
127.0.0.1 [url]www.huanqiu.com[/url]
127.0.0.1 [url]www.haokanla.com[/url]
127.0.0.1 play.unionsky.cn
127.0.0.1 [url]www.52v.com[/url]
127.0.0.1 [url]www.gghka.cn[/url]
127.0.0.1 icon.ajiang.net
127.0.0.1 new.ete.cn
127.0.0.1 [url]www.stiae.cn[/url]
127.0.0.1 o.neter888.cn
127.0.0.1 comm.jinti.com
127.0.0.1 [url]www.google-analytics.com[/url]
127.0.0.1 hz.mmstat.com
127.0.0.1 [url]www.game175.cn[/url]
127.0.0.1 x.neter888.cn
127.0.0.1 z.neter888.cn
127.0.0.1 p.etimes888.com
127.0.0.1 hx.etimes888.com
127.0.0.1 abc.qqkx.com
127.0.0.1 dm.popdm.cn
127.0.0.1 [url]www.yl9999.com[/url]
127.0.0.1 [url]www.dajiadoushe.cn[/url]
127.0.0.1 v.onondown.com.cn
127.0.0.1 [url]www.interoo.net[/url]
127.0.0.1 bally1.bally-bally.net
127.0.0.1 [url]www.bao5605509.cn[/url]
127.0.0.1 [url]www.rty456.cn[/url]
127.0.0.1 [url]www.werqwer.cn[/url]
127.0.0.1 1.360-1.cn
127.0.0.1 user1.23-16.net
127.0.0.1 [url]www.guccia.net[/url]
127.0.0.1 [url]www.interoo.net[/url]
127.0.0.1 upa.netsool.net
127.0.0.1 js.users.51.la
127.0.0.1 vip2.51.la
127.0.0.1 web.51.la
127.0.0.1 qq.gong2008.com
127.0.0.1 2008tl.copyip.com
127.0.0.1 tla.laozihuolaile.cn
127.0.0.1 [url]www.tx6868.cn[/url]
127.0.0.1 p001.tiloaiai.com
127.0.0.1 s1.tl8tl.com
127.0.0.1 s1.gong2008.com
127.0.0.1 4b3ce56f9g.3f6e2cc5f0b.com
127.0.0.1 2be37c5f.3f6e2cc5f0b.com

[/CODE]

2008-11-25 09:07 shoo

要替换系统文件的，到这里看一下，有替换工具：

[url]http://bbs.dnwx.com/thread-44758-1-1.html[/url]

2008-11-25 09:57 whzl123

蝗虫病毒
按楼上的做。。用专杀以后。
扫SRE报告上来。。记住断网操作

2008-11-28 22:13 cq1985

感谢大家，tebie特别感谢SHOO，看完你的帖子，觉得很有用，
关键是这毒中的时候，很多关键字都不能显示，所以在中毒的时候不能及时找到大哥的帖子，开发这毒的人，我很佩服他，居然会禁用关键字，估计是BBS管理员从事多年养成的习惯，一些毒啊木马啊蝗虫啊什么的

2008-11-28 22:22 shoo

[quote]原帖由 [i]cq1985[/i] 于 2008-11-28 22:13 发表 [url=http://www.arswp.com/bbs/redirect.php?goto=findpost&pid=168543&ptid=39868][img]http://www.arswp.com/bbs/images/common/back.gif[/img][/url]
感谢大家，tebie特别感谢SHOO，看完你的帖子，觉得很有用，
关键是这毒中的时候，很多关键字都不能显示，所以在中毒的时候不能及时找到大哥的帖子，开发这毒的人，我很佩服他，居然会禁用关键字，估计是BBS管理 ... [/quote]
问题解决了就好，还有，更正一下，你说的搜索不到“关键字”实际上是病毒使用了“映像劫持”导致的，就是所有的跟杀毒相关的软件、字符都被禁用了，杀软也不能运行，以后遇到知道怎么处理就是了。

PS:楼主可以把标题改成已解决了。

页: [1]

查看完整版本: 木马群

※※※※※※