企业网管论坛 | 网吧网管论坛 | 网管软件下载 | 网管教程 | 网管招聘 | 网管培训 | 网吧游戏 | 网吧系统 | 服务器 | 安全 | 病毒 | 路由交换 | 数据库 | Windows | Linux
游客:  注册 | 登录 | 新手必看 | 网管知识库 | 网管博客 | 搜索 | 帮助 
我是网管首页 » 我是网管论坛 » 【 360病毒木马专区 】 » 加载qledni53.dll,gkddqx46.dll错误提示

新手帮助 | 版主申请 | BST制度 | MST制度 | FST制度到底要不要升级到Windows Server 2008?

 14  1/2 12››
 
 
打印 | 推荐 | 订阅 | 收藏
标题: [病毒讨论] 加载qledni53.dll,gkddqx46.dll错误提示 (查看:744 回复:13)
alie-007
学徒网管




UID 404314
精华 0
积分 44
帖子 272
MST币 474 点    
BST币 44 点    赚取
阅读权限 60
注册 2006-6-30
状态 离线
#1
 
[ 使用道具 ]  
发表于 2008-3-23 14:07  [ 资料 ]  [ 博客 ]  [ 短消息 ]  [ 加为好友
加载qledni53.dll,gkddqx46.dll错误提示
本帖发表在我是网管论坛,帖子地址:http://bbs.54master.com/238332,1,1
开机进入桌面前提示"qledni53.dll"、“gkddqx46.dll”错误,请问各位大虾怎么解决??

[ 点这里复制网址,推荐给你QQ/MSN上的好友们! ]
本站声明:以上内容由网友 alie-007 提供,与54master立场无关!
[ 顶部 ]
xiaoxiami09
学徒网管




UID 546552
精华 0
积分 2
帖子 63
MST币 25 点    
BST币 2 点    赚取
阅读权限 60
注册 2007-7-19
状态 离线
#2
 
[ 使用道具 ]  
发表于 2008-3-23 14:28  [ 资料 ]  [ 博客 ]  [ 短消息 ]  [ 加为好友
首先  你查看一下是不是什么软件没有卸载干净或者损坏了  根据这个dll的名字 应该不是系统文件,是软件或者木马的dll文件加载问题

本站声明:以上内容由网友 xiaoxiami09 提供,与54master立场无关!
[ 顶部 ]
alie-007
学徒网管




UID 404314
精华 0
积分 44
帖子 272
MST币 474 点    
BST币 44 点    赚取
阅读权限 60
注册 2006-6-30
状态 离线
#3
 
[ 使用道具 ]  
发表于 2008-3-23 14:31  [ 资料 ]  [ 博客 ]  [ 短消息 ]  [ 加为好友
之前是是中了木马,但我用SReng2.5把两个给禁用了,也删除了这两个dll文件,但开机还是出现错误提示。

本站声明:以上内容由网友 alie-007 提供,与54master立场无关!
[ 顶部 ]
彦子00
初级网管




UID 360319
精华 0
积分 110
帖子 372
MST币 864 点    
BST币 110 点    赚取
阅读权限 80
注册 2005-5-14
来自 安徽
状态 离线
#4
 
[ 使用道具 ]  
发表于 2008-3-23 14:42  [ 资料 ]  [ 博客 ]  [ 短消息 ]  [ 加为好友
在注册表里搜出来删掉就行了

本站声明:以上内容由网友 彦子00 提供,与54master立场无关!
《我是网管》论坛
来学习的,我是搞机械的,不懂电脑的,http://jlys.ys168.com.
[ 顶部 ]
彦子00
初级网管




UID 360319
精华 0
积分 110
帖子 372
MST币 864 点    
BST币 110 点    赚取
阅读权限 80
注册 2005-5-14
来自 安徽
状态 离线
#5
 
[ 使用道具 ]  
发表于 2008-3-23 14:43  [ 资料 ]  [ 博客 ]  [ 短消息 ]  [ 加为好友
忘了还有启动组里看看

本站声明:以上内容由网友 彦子00 提供,与54master立场无关!
《我是网管》论坛
来学习的,我是搞机械的,不懂电脑的,http://jlys.ys168.com.
[ 顶部 ]
alie-007
学徒网管




UID 404314
精华 0
积分 44
帖子 272
MST币 474 点    
BST币 44 点    赚取
阅读权限 60
注册 2006-6-30
状态 离线
#6
 
[ 使用道具 ]  
发表于 2008-3-23 15:02  [ 资料 ]  [ 博客 ]  [ 短消息 ]  [ 加为好友
注册表删除了,再重启还是出现错误提示。。。所有藏的地方都搜了。。。

本站声明:以上内容由网友 alie-007 提供,与54master立场无关!
[ 顶部 ]
红桃jacker
版主

病毒木马



现役斑竹  
UID 194420
精华 1
积分 1209
帖子 7151
MST币 6344 点    
BST币 1209 点    赚取
阅读权限 180
注册 2004-1-20
状态 在线
#7
 
[ 使用道具 ]  
发表于 2008-3-23 16:33  [ 资料 ]  [ 博客 ]  [ 短消息 ]  [ 加为好友
扫描一个sreng的报告看看,怀疑还有启动没有清理完.

本站声明:以上内容由网友 红桃jacker 提供,与54master立场无关!
《我是网管》论坛
请网友在病毒木马发贴时去掉关键词:跪求/救命/裸求等,请说明操作系统/补丁更新/杀毒软件/病毒库更新情况/病毒名称/用那种软件扫描出来的(每家的名称不一),已经做过啥处理/现在遇到的问题/还有有啥症状。 如果嫌上面说的麻烦,简单的方法:看置顶帖子,用扫描工具扫描一个报告贴出来/一个页面贴不全/分页面贴
[ 顶部 ]
alie-007
学徒网管




UID 404314
精华 0
积分 44
帖子 272
MST币 474 点    
BST币 44 点    赚取
阅读权限 60
注册 2006-6-30
状态 离线
#8
 
[ 使用道具 ]  
发表于 2008-3-23 17:05  [ 资料 ]  [ 博客 ]  [ 短消息 ]  [ 加为好友
2008-03-23,17:03:57

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 1 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <runeip><; C:\Program Files\Rising\AntiSpyware\runiep.exe>  [N/A]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
    <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows XP Publisher]
    <Userinit><C:\WINDOWS\System32\UserInit.exe,>  [(Verified)Microsoft Windows XP Publisher]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger><rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\msmsgs.inf,BLC.Install.PerUser>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]

==================================
启动文件夹
N/A

==================================
服务
[ASP.NET State Service / aspnet_state][Stopped/Disabled]
  <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Background Intelligent Transfer Service / BITS][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\System32\KK.dll><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Norton AntiVirus 自动防护服务 / navapsvc][Stopped/Disabled]
  <C:\Program Files\Norton AntiVirus\navapsvc.exe><N/A>
[Rising Proxy  Service / RfwProxySrv][Running/Auto Start]
  <C:\Program Files\Rising\Rfw\rfwProxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
  <C:\Program Files\Rising\Rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Others/Auto Start]
  <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Secondary Logon / seclogon][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->c:\windows\system32\com\uucktnmonuaw.dll><N/A>
[Symantec Network Drivers Service / SNDSrvc][Stopped/Disabled]
  <C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe><Symantec Corporation>
[Windows System Event / SystemLog][Stopped/Disabled]
  <C:\WINDOWS\TEMP\host.exe><N/A>
[Windows XP SP2 Center / Windows XP SP2 Center][Stopped/Disabled]
  <C:\WINDOWS\System32\server.exe><N/A>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\System32\mspmsnsv.dll><Microsoft Corporation>

==================================
驱动程序
[Service for WDM 3D Audio Driver / ALCXSENS][Stopped/Manual Start]
  <system32\drivers\ALCXSENS.SYS><Sensaura Ltd>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[apcdli / apcdli][Stopped/Disabled]
  <\??\C:\Program Files\Microsoft Office\SYSTEM\apcdli.sys><N/A>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[Creative SBLive! Gameport / ctljystk][Stopped/Manual Start]
  <System32\DRIVERS\ctljystk.sys><Creative Technology Ltd.>
[3Com EtherLink XL 90X Adapter Driver / EL90X][Stopped/Disabled]
  <System32\DRIVERS\el90xnd5.sys><3Com Corporation>
[Creative SB Live! (WDM) / emu10k][Stopped/Manual Start]
  <system32\drivers\emu10k1m.sys><Creative Technology Ltd.>
[Creative Interface Manager Driver (WDM) / emu10k1][Stopped/Manual Start]
  <system32\drivers\ctlfacem.sys><Creative Technology Ltd.>
[HookCont / HookCont][Running/System Start]
  <\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Technology Co., Ltd>
[HookNtos / HookNtos][Running/System Start]
  <\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Technology Co., Ltd>
[HookReg / HookReg][Running/System Start]
  <\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Technology Co., Ltd>
[HookSys / HookSys][Running/System Start]
  <\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Technology Co., Ltd>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[ialm / ialm][Stopped/Manual Start]
  <System32\DRIVERS\ialmnt5.sys><Intel Corporation>
[IdeBusDr / IdeBusDr][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\IdeBusDr.sys><Intel Corporation>
[Intel(R) Ultra ATA Controller / IdeChnDr][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\IdeChnDr.sys><Intel Corporation>
[New0 / New0][Stopped/Disabled]
  <\??\C:\WINDOWS\System32\new.sys><N/A>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
  <System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Logitech QuickCam Pro 3000 (08B0) / PhilCam8116][Stopped/Manual Start]
  <System32\DRIVERS\CamDrO21.sys><Microsoft Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[qledni5 / qledni53][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\qledni53.sys><N/A>
[RESSDT / RESSDT][Stopped/Disabled]
  <\??\C:\WINDOWS\System32\ssdtdt.sys><N/A>
[Rising  Rfwbase Driver / RfwBase][Running/Auto Start]
  <System32\DRIVERS\rfwbase.SYS><Beijing Rising Technology Co., Ltd.>
[RsFwDrv / RsFwDrv][Running/System Start]
  <\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\System32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Sc Manager / Sc Manager][Stopped/Disabled]
  <\??\C:\DOCUME~1\mym\LOCALS~1\Temp\usbcams3.sys><N/A>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[Creative SoundFont Manager Driver (WDM) / sfman][Stopped/Manual Start]
  <system32\drivers\sfmanm.sys><Creative Technology Ltd.>
[SymEvent / SymEvent][Stopped/Disabled]
  <\??\C:\Program Files\Symantec\SYMEVENT.SYS><Symantec Corporation>
[SYMREDRV / SYMREDRV][Stopped/Manual Start]
  <\SystemRoot\System32\Drivers\SYMREDRV.SYS><Symantec Corporation>
[SYMTDI / SYMTDI][Stopped/Disabled]
  <\SystemRoot\System32\Drivers\SYMTDI.SYS><Symantec Corporation>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <System32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Stopped/Manual Start]
  <system32\drivers\ialmsbw.sys><Intel Corporation>
[Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Stopped/Manual Start]
  <system32\drivers\ialmkchw.sys><Intel Corporation>

==================================
浏览器加载项
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[CAdLogic Object]
  {11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\CPUSH\cpush.dll, >
[AddTask Class]
  {24F06550-65E3-4D1C-8CFE-839C296B5530} <C:\Program Files\eREAD6.0\IEeREAD.dll, >
[Info cache]
  {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll, N/A>
[AddTask Class]
  {6A19C29D-ED45-4483-8999-9F939C8161F2} <C:\Program Files\eREAD6.0\WebHook.dll, >
[IeCatch2 Class]
  {A5366673-E8CA-11D3-9CD9-0090271D075B} <C:\PROGRA~1\FLASHGET\jccatch.dll, Amaze Soft>
[一起来音乐社区]
  {7DBC6ADB-5788-4FB9-AEC3-B40A58AC11DF} <http://www.yiqilai.com, N/A>
[金山词霸]
  {9A687CA6-D585-4947-9ED9-BE96071F5CD9} <C:\PROGRA~1\Kingsoft\POWERW~1\XDictExB.dll, 金山软件股份有限公司>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[FlashGet]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\flashget.exe, Amaze Soft>
[易趣购物]
  {EE60714F-AC17-427e-861A-FD60CBDF119A} <http://click2.ad4all.net/url2/urlmanage/url.asp?id=824, N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\MSMSGS.EXE, Microsoft Corporation>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>
[WangWangObj Class]
  {6E213FC7-DD5A-4115-B7E6-D4C7838C361E} <C:\Program Files\Alisoft\Alitalk\WangWangX4.dll, 阿里巴巴软件(上海)有限公司>
[RMGetLicense Class]
  {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\System32\msnetobj.dll, Microsoft Corporation>
[XPPlayer Class]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\pplayer.dll_1_work, Thunder>
[InfoCheck Class]
  {F91BA567-79B9-467E-BC97-5DBA01BBC5EE} <C:\Program Files\Alisoft\Alitalk\Ali_Check.dll, >
[InstallCheck Class]
  {FFB8C97E-39D4-4E8A-9FE4-B451A0D6CA65} <C:\Program Files\Alisoft\Alitalk\Ali_Check.dll, >
[上传到QQ网络硬盘]
  <C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[使用iTudou下载节目]
  <d:\Program Files\Tudou\iTudou\iTudou_Link.HTM, N/A>
[使用网际快车下载]
  <C:\PROGRA~1\FLASHGET\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <C:\PROGRA~1\FLASHGET\jc_all.htm, N/A>
[易趣购物]
  <C:\Program Files\AD4All\link1\eachlink.htm, N/A>
[添加到QQ自定义面板]
  <C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 464][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 528][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [C:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[PID: 552][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [C:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[PID: 596][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [C:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[PID: 608][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [C:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[PID: 768][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [C:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[PID: 828][C:\Program Files\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.28]
    [C:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [C:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[PID: 844][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [C:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[PID: 960 / NETWORK SERVICE][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [C:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[PID: 992 / LOCAL SERVICE][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [C:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[PID: 1040 / SYSTEM][C:\PROGRAM FILES\RISING\RAV\ravmond.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.74]
    [C:\PROGRAM FILES\RISING\RAV\BWList.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.4]
    [C:\WINDOWS\System32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\System32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\System32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [C:\PROGRAM FILES\RISING\RAV\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.10]
    [C:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [C:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
    [C:\PROGRAM FILES\RISING\RAV\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.34]
    [C:\PROGRAM FILES\RISING\RAV\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\PROGRAM FILES\RISING\RAV\MonRule.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.28]
    [C:\PROGRAM FILES\RISING\RAV\Hooksys.dll]  [Beijing Rising Technology Co., Ltd, 22, 0, 0, 8]
    [C:\PROGRAM FILES\RISING\RAV\HookReg.dll]  [Beijing Rising Technology Co., Ltd, 22, 0, 0, 4]
    [C:\PROGRAM FILES\RISING\RAV\HookNtos.dll]  [Beijing Rising Technology Co., Ltd, 22, 0, 0, 2]
    [C:\PROGRAM FILES\RISING\RAV\rswalmon.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 22]
    [C:\PROGRAM FILES\RISING\RAV\recomp.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 32]
    [C:\PROGRAM FILES\RISING\RAV\refs.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 15]
    [C:\PROGRAM FILES\RISING\RAV\ffr.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 10]
    [C:\Program Files\Rising\Rav\RsStore.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.8]
    [C:\PROGRAM FILES\RISING\RAV\HookCont.dll]  [Beijing Rising Technology Co., Ltd, 22, 0, 0, 1]
    [C:\Program Files\Rising\Rav\fakescan.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.13]
    [C:\Program Files\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.36]
    [C:\PROGRAM FILES\RISING\RAV\viruslib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 21]
    [C:\PROGRAM FILES\RISING\RAV\relibldr.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 13]
    [C:\PROGRAM FILES\RISING\RAV\HookWeb.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.2]
    [C:\PROGRAM FILES\RISING\RAV\nvfile.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [C:\PROGRAM FILES\RISING\RAV\extfile.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 29]
    [C:\PROGRAM FILES\RISING\RAV\pearc.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 5]
    [C:\PROGRAM FILES\RISING\RAV\scanexec.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 15]
    [C:\PROGRAM FILES\RISING\RAV\unexe.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4]
    [C:\PROGRAM FILES\RISING\RAV\scanex.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 53]
    [C:\PROGRAM FILES\RISING\RAV\scanpack.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9]
    [C:\PROGRAM FILES\RISING\RAV\revm.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 8]
    [C:\PROGRAM FILES\RISING\RAV\urutils.dll]  [, 20, 0, 0, 4]
    [C:\PROGRAM FILES\RISING\RAV\ur000.dat]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [C:\PROGRAM FILES\RISING\RAV\scriptci.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [C:\PROGRAM FILES\RISING\RAV\uroutine.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26]
[PID: 1056 / SYSTEM][C:\Program Files\Rising\Rfw\rfwsrv.exe]  [Beijing Rising Technology Co., Ltd., 7.0.0.68]
    [C:\WINDOWS\System32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\System32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\System32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Rising\Rfw\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\Program Files\Rising\Rfw\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\Program Files\Rising\Rfw\RSAPPMGR.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [C:\Program Files\Rising\Rfw\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.10]
    [C:\Program Files\Rising\Rfw\RfwRule.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.13]
    [C:\Program Files\Rising\Rfw\rfwlog.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.12]
    [C:\Program Files\Rising\Rfw\Rfwdrv.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.41]
    [C:\Program Files\Rising\Rfw\ijt_ctrl.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.0]
    [C:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [C:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
    [C:\Program Files\Rising\Rfw\unvdet.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
    [C:\Program Files\Rising\Rfw\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.3]
[PID: 1076 / SYSTEM][C:\Program Files\Rising\Rfw\rfwProxy.exe]  [Beijing Rising Technology Co., Ltd., 7.0.0.29]
    [C:\WINDOWS\System32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\System32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Rising\Rfw\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\Program Files\Rising\Rfw\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\Program Files\Rising\Rfw\RfwRule.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.13]
    [C:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [C:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
    [C:\Program Files\Rising\Rfw\MonMid.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 1248 / SYSTEM][C:\Program Files\Rising\Rfw\rfwstub.exe]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [C:\WINDOWS\System32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\System32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Rising\Rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [C:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [C:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[PID: 1556 / SYSTEM][C:\PROGRAM FILES\RISING\RAV\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.9]
    [C:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [C:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
    [C:\PROGRAM FILES\RISING\RAV\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[PID: 1660 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [C:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[PID: 1968 / mym][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2800.1221 (xpsp2.030511-1403)]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.17]
    [C:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [C:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\Unlocker\UnlockerCOM.dll]  [N/A, ]
    [C:\PROGRA~1\FLASHGET\jccatch.dll]  [Amaze Soft, 1, 1, 4, 0]
    [C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 6.0.0.2003051500]
[PID: 2004 / mym][C:\Program Files\Rising\Rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 7.0.1.60]
    [C:\WINDOWS\System32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\System32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\System32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Rising\Rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 88]
    [C:\Program Files\Rising\Rfw\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\Program Files\Rising\Rfw\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\Program Files\Rising\Rfw\RSAPPMGR.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [C:\Program Files\Rising\Rfw\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.10]
    [C:\Program Files\Rising\Rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [C:\Program Files\Rising\Rfw\RfwCtrl.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.7]
    [C:\Program Files\Rising\Rfw\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0]
    [C:\Program Files\Rising\Rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4]
    [C:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [C:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
    [C:\Program Files\Rising\Rfw\RfwRule.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.13]
[PID: 360 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [C:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
    [C:\WINDOWS\System32\Mira6\5000\Scnwia09.dll]  [, 2004, 8, 2, 1]
[PID: 876 / mym][C:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.22]
    [C:\Program Files\Rising\Rav\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\Program Files\Rising\Rav\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.10]
[PID: 924 / mym][C:\Program Files\Rising\Rav\Ravmon.exe]  [Beijing Rising Technology Co., Ltd., 20.0.01.13]
    [C:\WINDOWS\System32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\System32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\System32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Rising\Rav\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\Program Files\Rising\Rav\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [C:\Program Files\Rising\Rav\recomp.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 32]
    [C:\Program Files\Rising\Rav\refs.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 15]
    [C:\Program Files\Rising\Rav\viruslib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 21]
    [C:\Program Files\Rising\Rav\relibldr.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 13]
    [C:\Program Files\Rising\Rav\RSAPPMGR.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.10]
    [C:\Program Files\Rising\Rav\MonRule.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.28]
    [C:\Program Files\Rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4]
    [C:\Program Files\Rising\Rav\Rsguilib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 88]
    [C:\Program Files\Rising\Rav\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0]
[PID: 1316 / mym][C:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [C:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[PID: 2272 / mym][\\192.168.1.23\File Transfer Server\sreng2\SREngPS.EXE]  [N/A, ]
    [C:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [C:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
    [\\192.168.1.23\File Transfer Server\sreng2\Upload\3rdUpd.DLL]  [N/A, ]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
221.130.185.110  survey88.allyes.com
221.130.185.110  adtaobao.allyes.com
221.130.185.110  code.qihoo.com
221.130.185.110  union.mop.com
221.130.185.110  js.kkunion.com
221.130.185.110  v.kkunion.com
221.130.185.110  v.21cn.com
221.130.185.110  iplusms.allyes.com
221.130.185.110  mms.t2t2.com
221.130.185.110  ivr.dobig.net
221.130.185.110  www.u8u.com
221.130.185.110  u.u8u.com
221.130.185.110  img.zhangxiu.com
221.130.185.110  tl.linktone.com
221.130.185.110  channel.e78.com
221.130.185.110  u.7town.com
221.130.185.110  union.95ol.com.cn
221.130.185.110  mms1.95ol.com.cn
221.130.185.110  mfs.95ol.com.cn
221.130.185.110  tl.a8.com
221.130.185.110  ad01.a8.com
221.130.185.110  u2.caiku.com
221.130.185.110  mms.caiku.com
221.130.185.110  code1.caiku.com
221.130.185.110  pub.lele.com
221.130.185.110  u.lele.com
221.130.185.110  7town.com
221.130.185.110  tvsend.7town.com
221.130.185.110  ivrsend.7town.com
221.130.185.110  tlt.7town.com
221.130.185.110  gsend.7town.com
221.130.185.110  smssend.7town.com
221.130.185.110  mmssend.moyu.com
221.130.185.110  91ivr.com
221.130.185.110  myad.91ivr.com
221.130.185.110  u.91ivr.com
221.130.185.110  union.91ivr.com
221.130.185.110  cm.p4p.cn.yahoo.com
221.130.185.110  un.265.com
221.130.185.110  union.qq.com
221.130.185.110  view.aliunion.cn.yahoo.com
221.130.185.110  union.narrowad.com
221.130.185.110  ln.heima8.com
221.130.185.110  www.fboat.cn
221.130.185.110  cpro.baidu.com
221.130.185.110  unstat.baidu.com
221.130.185.110  y.cnxad.com
221.130.185.110  www.ewowo.com
221.130.185.110  template.union.163.com
221.130.185.110  new.is686.com
221.130.185.110  creative.unionsys.bolaa.com
221.130.185.110  www.qyule.com
221.130.185.110  99e.cc
221.130.185.110  www.91ivr.com
221.130.185.110  mg.ukaka.com
221.130.185.110  kooxoo2.ad4all.net
221.130.185.110  www.8fff.com
221.130.185.110  union.pomoho.com
221.130.185.110  202.107.233.211
221.130.185.110  www.end123.com
221.130.185.110  w1.7clink.com
221.130.185.110  w2.7clink.com
221.130.185.110  union01.com
221.130.185.110  click.8le8le.com
221.130.185.110  stbanner.allyes.com
221.130.185.110  mms1.moyu.com
221.130.185.110  u.moyu.com
221.130.185.110  mmsu.moyu.com
221.130.185.110  show.moyu.com
221.130.185.110  ivrsend.moyu.com
221.130.185.110  ivru.moyu.com
221.130.185.110  ivr1.moyu.com
221.130.185.110  corep.dmcast.com
221.130.185.110  m081.dmcast.com
221.130.185.110  dcww.dmcast.com
221.130.185.110  renren.dmcast.com
221.130.185.110  files.henbang.net
221.130.185.110  bannerbox.cn
221.130.185.110  www.bannerbox.cn
221.130.185.110  action.coopen.cn
221.130.185.110  u4.sky99.cn
221.130.185.110  u1.sky99.cn
221.130.185.110  u2.sky99.cn
221.130.185.110  u3.sky99.cn
221.130.185.110  sky99.cn
221.130.185.110  u.sky99.cn
221.130.185.110  u.ete.cn
221.130.185.110  ip.alexaanywhere.com
221.130.185.110  www.365tan.com
221.130.185.110  www.winopen.cn
221.130.185.110  www.tanip.com
221.130.185.110  alexaanywhere.com
221.130.185.110  jssb.alexaanywhere.com
221.130.185.110  ns250.alexaanywhere.com
221.130.185.110  sb.alexaanywhere.com
221.130.185.110  ip.alexaanywhere.com
221.130.185.110  pop.9v.cn
221.130.185.110  xuni.myad.cn
221.130.185.110  iebar.t2t2.com
221.130.185.110  error.newcell.cn
221.130.185.110  auto.search.msn.com
221.130.185.110  cns.3721.com
221.130.185.110  seek.3721.com
221.130.185.110  name.cnnic.cn
221.130.185.110  toolsbar.kuaiso.com
221.130.185.110  www.kuaiso.com
221.130.185.110  kuaiso.com
221.130.185.110  www.copyso.com
221.130.185.110  union.copyso.com
221.130.185.110  auto.search.msn.com
221.130.185.110  ok.mop-hz.com
221.130.185.110  www.ncast.cn
221.130.185.110  www.ads3721.com
221.130.185.110  360.ads3721.com
221.130.185.110  www.maohehe.com
221.130.185.110  www.5566.net
221.130.185.110  5566.net
221.130.185.110  www.gjj.cc
221.130.185.110  gjj.cc
221.130.185.110  www.9495.com
221.130.185.110  9495.com
221.130.185.110  my123.com
221.130.185.110  www.my123.com
221.130.185.110  7b.com.cn
221.130.185.110  www.7b.com.cn
221.130.185.110  www.3567.com
221.130.185.110  3567.com
221.130.185.110  www.37021.com
221.130.185.110  37021.com
221.130.185.110  k369.com
221.130.185.110  www.k369.com
221.130.185.110  www.haourl.com
221.130.185.110  haourl.com
221.130.185.110  www.37021.net
221.130.185.110  37021.net
221.130.185.110  www.4199.com
221.130.185.110  4199.com
221.130.185.110  www.9505.com
221.130.185.110  9505.com
221.130.185.110  7939.com
221.130.185.110  www.7939.com
221.130.185.110  www.3448.com
221.130.185.110  3448.com
221.130.185.110  8925.com
221.130.185.110  www.8925.com
221.130.185.110  www.ttmp3.com
221.130.185.110  ttmp3.com
221.130.185.110  www.3tg.cn
221.130.185.110  3tg.cn
221.130.185.110  www.ttjj.com
221.130.185.110  ttjj.com
221.130.185.110  www.59178.com
221.130.185.110  59178.com
221.130.185.110  www.987654.com
221.130.185.110  987654.com
221.130.185.110  www.zhao123.com
221.130.185.110  zhao123.com
221.130.185.110  123wa.com
221.130.185.110  www.123wa.com
221.130.185.110  www.159.com
221.130.185.110  soft.159.com
221.130.185.110  www.v111.com
221.130.185.110  v111.com
221.130.185.110  www.855.com
221.130.185.110  855.com
221.130.185.110  www.wu123.com
221.130.185.110  wu123.com
221.130.185.110  www.haodx.com
221.130.185.110  haodx.com
221.130.185.110  19ku.com
221.130.185.110  www.19ku.com
221.130.185.110  www.t2t2.com
221.130.185.110  t2t2.com
221.130.185.110  www.ku8.com
221.130.185.110  ku8.com
221.130.185.110  www.v23.com
221.130.185.110  v23.com
221.130.185.110  www.51115.com
221.130.185.110  www.52.com
221.130.185.110  52.com
221.130.185.110  www.qu123.com
221.130.185.110  qu123.com
221.130.185.110  www.haokan123.com
221.130.185.110  haokan123.com
221.130.185.110  www.kan123.com
221.130.185.110  kan123.com
221.130.185.110  hang123.com
221.130.185.110  www.hang123.com
221.130.185.110  3tom.com
221.130.185.110  www.3tom.com
221.130.185.110  www.anyso.com
221.130.185.110  anyso.com
221.130.185.110  59178.com
221.130.185.110  www.59178.com
221.130.185.110  t3j4.com
221.130.185.110  www.t3j4.com
221.130.185.110  www.zh130.com
221.130.185.110  zh130.com
221.130.185.110  www.8757.com
221.130.185.110  8757.com
221.130.185.110  www.7667.com
221.130.185.110  7667.com
221.130.185.110  ie.union123.com
221.130.185.110  www.daohangtu.com
221.130.185.110  daohangtu.com
221.130.185.110  www.ld123.com
221.130.185.110  ld123.com
221.130.185.110  www.369.com
221.130.185.110  369.com
221.130.185.110  91ni.com
221.130.185.110  www.91ni.com
221.130.185.110  www.17995.com
221.130.185.110  17995.com
221.130.185.110  www.sha123.com
221.130.185.110  sha123.com
221.130.185.110  www.lethot.com
221.130.185.110  lethot.com
221.130.185.110  www.8757.com
221.130.185.110  8757.com
221.130.185.110  4533.cn
221.130.185.110  6h.com.cn
221.130.185.110  www.6h.com.cn
221.130.185.110  www.jjol.cn
221.130.185.110  jjol.cn
221.130.185.110  wangzhiku.com
221.130.185.110  www.wangzhiku.com
221.130.185.110  www.1zhan.com
221.130.185.110  1zhan.com
221.130.185.110  www.262.com
221.130.185.110  262.com
221.130.185.110  www.365.com
221.130.185.110  365.com
221.130.185.110  www.4533.cn
221.130.185.110  4533.cn
221.130.185.110  31tg.com
221.130.185.110  www.31tg.com
221.130.185.110  tomatolei.com
221.130.185.110  www.tomatolei.com
221.130.185.110  999cha.com
221.130.185.110  www.999cha.com
127.0.0.1  mmsk.cn
127.0.0.1  ikaka.com
127.0.0.1  safe.qq.com
127.0.0.1  360safe.com
127.0.0.1  bbs.360safe.com
127.0.0.1  www.mmsk.cn
127.0.0.1  www.ikaka.com
127.0.0.1  tool.ikaka.com
127.0.0.1  www.360safe.com
127.0.0.1  zs.kingsoft.com
127.0.0.1  forum.ikaka.com
127.0.0.1  up.rising.com.cn
127.0.0.1  scan.kingsoft.com
127.0.0.1  kvup.jiangmin.com
127.0.0.1  reg.rising.com.cn
127.0.0.1  update.rising.com.cn
127.0.0.1  update7.jiangmin.com
127.0.0.1  download.rising.com.cn
127.0.0.1  dnl-us1.kaspersky-labs.com
127.0.0.1  dnl-us2.kaspersky-labs.com
127.0.0.1  dnl-us3.kaspersky-labs.com
127.0.0.1  dnl-us4.kaspersky-labs.com
127.0.0.1  dnl-us5.kaspersky-labs.com
127.0.0.1  dnl-us6.kaspersky-labs.com
127.0.0.1  dnl-us7.kaspersky-labs.com
127.0.0.1  dnl-us8.kaspersky-labs.com
127.0.0.1  dnl-us9.kaspersky-labs.com
127.0.0.1  dnl-us10.kaspersky-labs.com
127.0.0.1  dnl-eu1.kaspersky-labs.com
127.0.0.1  dnl-eu2.kaspersky-labs.com
127.0.0.1  dnl-eu3.kaspersky-labs.com
127.0.0.1  dnl-eu4.kaspersky-labs.com
127.0.0.1  dnl-eu5.kaspersky-labs.com
127.0.0.1  dnl-eu6.kaspersky-labs.com
127.0.0.1  dnl-eu7.kaspersky-labs.com
127.0.0.1  dnl-eu8.kaspersky-labs.com
127.0.0.1  dnl-eu9.kaspersky-labs.com
127.0.0.1  dnl-eu10.kaspersky-labs.com
221.130.185.110  www.ab365.com
221.130.185.110  ab365.com
221.130.185.110  www.5235.net
221.130.185.110  5235.net
221.130.185.110  www.haol23.net
221.130.185.110  haol23.net
221.130.185.110  www.8009.com
221.130.185.110  8009.com
221.130.185.110  www.3702.com
221.130.185.110  3702.com
221.130.185.110  www.9533.com
221.130.185.110  9533.com
221.130.185.110  www.baxun.com
221.130.185.110  baxun.cn
221.130.185.110  8749.com
221.130.185.110  www.8749.com
221.130.185.110  xrwz.com
221.130.185.110  www.xrwz.com
221.130.185.110  smarttaobao.allyes.com
221.130.185.110  17key.net
221.130.185.110  www.17key.net
127.0.0.1  luosoft.com
127.0.0.1  znmq.com
127.0.0.1  arswp.com
127.0.0.1  pctutu.com
127.0.0.1  tommsoft.com
127.0.0.1  www.luosoft.com
127.0.0.1  www.znmq.com
127.0.0.1  www.arswp.com
127.0.0.1  www.pctutu.com
127.0.0.1  www.tommsoft.com

==================================
进程特权扫描
特殊特权被允许: SeDebugPrivilege [PID = 2272, C:\WINDOWS\\192.168.1.23\FILE TRANSFER SERVER\SRENG2\SRENGPS.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2272, C:\WINDOWS\\192.168.1.23\FILE TRANSFER SERVER\SRENG2\SRENGPS.EXE]

==================================
API HOOK
入口点错误:CreateProcessA (危险等级: 高,  被下面模块所HOOK: 0x00D830AD)
入口点错误:CreateProcessW (危险等级: 高,  被下面模块所HOOK: 0x00D83195)

==================================
隐藏进程
N/A

==================================

本站声明:以上内容由网友 alie-007 提供,与54master立场无关!
[ 顶部 ]
红桃jacker
版主

病毒木马



现役斑竹  
UID 194420
精华 1
积分 1209
帖子 7151
MST币 6344 点    
BST币 1209 点    赚取
阅读权限 180
注册 2004-1-20
状态 在线
#9
 
[ 使用道具 ]  
发表于 2008-3-23 18:21  [ 资料 ]  [ 博客 ]  [ 短消息 ]  [ 加为好友
服务:
Background Intelligent Transfer Service / BITS][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\System32\KK.dll><N/A>
建议摆渡搜索:kk.dll,明显不是好东西,同时建议用kk.dll的时间搜索C:\WINDOWS\System32下面的文件,避免漏网之鱼.

[Windows System Event / SystemLog][Stopped/Disabled]
  <C:\WINDOWS\TEMP\host.exe><N/A>    直接关闭服务,删除文件

[Windows XP SP2 Center / Windows XP SP2 Center][Stopped/Disabled]
  <C:\WINDOWS\System32\server.exe><N/A>
建议摆渡上搜索一下,这个服务可疑

驱动程序:
[apcdli / apcdli][Stopped/Disabled]
  <\??\C:\Program Files\Microsoft Office\SYSTEM\apcdli.sys><N/A>
可疑,建议摆渡派查一下

[New0 / New0][Stopped/Disabled]
  <\??\C:\WINDOWS\System32\new.sys><N/A>

[qledni5 / qledni53][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\qledni53.sys><N/A>
明显不是好东西,摆渡也无资料,它想做什么?

[RESSDT / RESSDT][Stopped/Disabled]
  <\??\C:\WINDOWS\System32\ssdtdt.sys><N/A>
木马,



[Sc Manager / Sc Manager][Stopped/Disabled]
  <\??\C:\DOCUME~1\mym\LOCALS~1\Temp\usbcams3.sys><N/A>
在历史文件夹里面,添加到驱动里面,它的目的是啥? 明显的病毒

本站声明:以上内容由网友 红桃jacker 提供,与54master立场无关!
《我是网管》论坛
请网友在病毒木马发贴时去掉关键词:跪求/救命/裸求等,请说明操作系统/补丁更新/杀毒软件/病毒库更新情况/病毒名称/用那种软件扫描出来的(每家的名称不一),已经做过啥处理/现在遇到的问题/还有有啥症状。 如果嫌上面说的麻烦,简单的方法:看置顶帖子,用扫描工具扫描一个报告贴出来/一个页面贴不全/分页面贴
[ 顶部 ]
红桃jacker
版主

病毒木马



现役斑竹  
UID 194420
精华 1
积分 1209
帖子 7151
MST币 6344 点    
BST币 1209 点    赚取
阅读权限 180
注册 2004-1-20
状态 在线
#10
 
[ 使用道具 ]  
发表于 2008-3-23 18:23  [ 资料 ]  [ 博客 ]  [ 短消息 ]  [ 加为好友
HOSTS 文件
221.130.185.110  survey88.allyes.com
221.130.185.110  adtaobao.allyes.com
221.130.185.110  code.qihoo.com
221.130.185.110  union.mop.com
..
...
都指向上海电信酷站先锋?如果是楼主自己添加的就算了,不是的用sreng清理光.

本站声明:以上内容由网友 红桃jacker 提供,与54master立场无关!
《我是网管》论坛
请网友在病毒木马发贴时去掉关键词:跪求/救命/裸求等,请说明操作系统/补丁更新/杀毒软件/病毒库更新情况/病毒名称/用那种软件扫描出来的(每家的名称不一),已经做过啥处理/现在遇到的问题/还有有啥症状。 如果嫌上面说的麻烦,简单的方法:看置顶帖子,用扫描工具扫描一个报告贴出来/一个页面贴不全/分页面贴
[ 顶部 ]
 14  1/2 12››
  
 



当前时区 GMT+8, 现在时间是 2008-8-22 13:25

Powered by Discuz! 5.5.0  © 2001-2007 Comsenz Inc.
Processed in 0.290148 second(s), 12 queries , Gzip enabled
TOP

清除 Cookies - 关于我是网管 - 联系我是网管 - 广告服务 - 诚聘版主 - 无图版 - WAP -