载入中…

 | 网站首页 | 文章中心 | 下载中心 | 图片中心 | 反木马论坛 |日志分析|样本上传|求助| | 

您现在的位置: 反木马在线 >> 文章中心 >> 木马查杀 >> 文章正文
"Trojan.DL.Agent.mwn"删除手记
作者:佚名    文章来源:本站原创    点击数:    更新时间:2008-4-2

样本扫描报告:

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <DAEMON Tools Pro Agent><"C:\Program Files\DAEMON Tools Pro\DTProAgent.exe">  [(Verified)DAEMON Tools Code Signing Services]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
    <CnsMin><Rundll32.exe C:\WINDOWS\DOWNLO~1\CONFLICT.6\CnsMin.dll,Rundll32>  [(Verified)"INTER CHINA NETWORK SOFTWARE (BEIJING) CO., LTD"]
    <helper.dll><C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32>  [(Verified)"INTER CHINA NETWORK SOFTWARE (BEIJING) CO., LTD"]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [NVIDIA Corporation]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [(Verified)"RealNetworks, Inc."]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
    <{D157330A-9EF3-49F8-9A67-4141AC41ADD4}><C:\WINDOWS\DOWNLO~1\CONFLICT.6\CnsHook.dll>  [(Verified)"INTER CHINA NETWORK SOFTWARE (BEIJING) CO., LTD"]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
    <IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608}]
    <Fax><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser>  [(Verified)Microsoft Windows Publisher]

==================================
启动文件夹
[内存扫把]
  <C:\Documents and Settings\HP_Owner\「开始」菜单\程序\启动\内存扫把.lnk --> C:\PROGRA~1\内存扫把\ram.exe [jfzlnyf]><N>

==================================
服务
[Application Management / AppMgmt][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
  <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Ati HotKey Poller / Ati HotKey Poller][Stopped/Auto Start]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[CyberLink Background Capture Service (CBCS) / CLCapSvc][Running/Auto Start]
  <"C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe"><>
[CyberLink Task Scheduler (CTS) / CLSched][Running/Auto Start]
  <"C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe"><>
[CyberLink Media Library Service / CyberLink Media Library Service][Running/Auto Start]
  <"C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe"><Cyberlink>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Norton AntiVirus 自动防护服务 / navapsvc][Stopped/Auto Start]
  <><N/A>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Pml Driver HPZ12 / Pml Driver HPZ12][Stopped/Boot Start]
  <\SystemRoot\C:\WINDOWS\system32\HPZipm12.exe><N/A>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
  <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Symantec Core LC / Symantec Core LC][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"><Symantec Corporation>

==================================
驱动程序
[ati2mtag / ati2mtag][Stopped/Manual Start]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[CnsMinKP / CnsMinKP][Running/Boot Start]
  <\SystemRoot\system32\drivers\CnsMinKP.sys><国风因特软件(北京)有限公司>
[Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HookCont / HookCont][Running/System Start]
  <\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Technology Co., Ltd>
[HookNtos / HookNtos][Running/System Start]
  <\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Technology Co., Ltd>
[HookReg / HookReg][Running/System Start]
  <\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Technology Co., Ltd>
[HookSys / HookSys][Running/System Start]
  <\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Technology Co., Ltd>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
  <system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[kakeoinin / kakeoinin][Running/Boot Start]
  <2 - 系统找不到指定的文件。
><N/A>
[LT Modem Driver / ltmodem5][Stopped/Manual Start]
  <system32\DRIVERS\ltmdmnt.sys><LT>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Ps2 / Ps2][Running/Manual Start]
  <system32\DRIVERS\PS2.sys><Hewlett-Packard Company>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp][Stopped/Manual Start]
  <system32\DRIVERS\Rtnicxp.sys><Realtek Semiconductor Corporation>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[sptd / sptd][Running/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[symlcbrd / symlcbrd][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\symlcbrd.sys><Symantec Corporation>
[ViaIde / ViaIde][Stopped/Boot Start]
  <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[WINIO / WINIO][Stopped/Manual Start]
  <\??\E:\winio.sys><N/A>
[R2A / R2A][Stopped/Disabled]
  <\??\C:\WINDOWS\system32a2.sys><N/A>
[meraqelb / meraqelb][Running/Boot Start]
  <\SystemRoot\\SystemRoot\System32\drivers\meraqelb.sys><N/A>

==================================
浏览器加载项
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[BitComet Helper]
  {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll, BitComet>
[NXIECatcher Class]
  {83B80A9C-D91A-4F22-8DCF-EA7204039F79} <C:\Program Files\Xi\NetXfer\NXIEHelper.dll, Xi>
[CnsHook Class]
  {D157330A-9EF3-49F8-9A67-4141AC41ADD4} <C:\WINDOWS\DOWNLO~1\CONFLICT.6\CnsHook.dll, 国风因特软件(北京)有限公司>
[Java Plug-in 1.5.0_05]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll, Sun Microsystems, Inc.>
[Yahoo 3.5G电邮]
  {507F9113-CD77-4866-BA92-0E86DA3D0B97} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail, N/A>
[名品折扣]
  {59BC54A2-56B3-44a0-93E5-432D58746E26} <http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=http://www.taobao.com/vertical/mall/pro.php?allyesPara=816, N/A>
[雅虎助手]
  {5D73EE86-05F1-49ed-B850-E423120EC338} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist, N/A>
[雅虎WIDGET]
  {6354ABE6-05F1-49ed-B850-E423120EC338} <http://cn.widget.yahoo.com/index.htm?source=Cns, N/A>
[BitComet]
  {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} <, N/A>
[连接帮助]
  {E2D4D26B-0180-43a4-B05F-462D6D54C789} <, N/A>
[情景聊天]
  {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg, N/A>
[]
  {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair, N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[]
  {FD00D911-7529-4084-9946-A29F1BDF4FE5} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean, N/A>
[NetXfer]
  {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} <C:\Program Files\Xi\NetXfer\NXToolBar.dll, Xi>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Java Plug-in 1.5.0_05]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_05]
  {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll, Sun Microsystems, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation>
[InformationCardSigninHelper Class]
  {19916E01-B44E-4E31-94A4-4696DF46157B} <C:\WINDOWS\system32\icardie.dll, Microsoft Corporation>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[XML DOM Document]
  {2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\system32\msxml3.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[BitComet Helper]
  {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll, BitComet>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Active Desktop Mover]
  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[AutoLive]
  {7CA83CF1-3AEA-42D0-A4E3-1594FC6E48B2} <C:\PROGRA~1\3721\autolive.dll, 国风因特软件(北京)有限公司>
[Peer Adapter]
  {80E18282-3716-48CA-B50C-F7B7F6A32791} <, N/A>
[NXIECatcher Class]
  {83B80A9C-D91A-4F22-8DCF-EA7204039F79} <C:\Program Files\Xi\NetXfer\NXIEHelper.dll, Xi>
[Microsoft Web Browser]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[3721]
  {B83FC273-3522-4CC6-92EC-75CC86678DA4} <C:\WINDOWS\Downloaded Program Files\CONFLICT.6\CnsMin.dll, 国风因特软件(北京)有限公司>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Helper Class]
  {BF0118D4-63FF-4138-9327-F3028FB1A578} <C:\WINDOWS\web\wallpaper\welcome\AWhelper.dll, >
[NetXfer]
  {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} <C:\Program Files\Xi\NetXfer\NXToolBar.dll, Xi>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[CnsHook Class]
  {D157330A-9EF3-49F8-9A67-4141AC41ADD4} <C:\WINDOWS\DOWNLO~1\CONFLICT.6\CnsHook.dll, 国风因特软件(北京)有限公司>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>
[XML HTTP Request]
  {ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\system32\msxml3.dll, N/A>
[Runclose Control]
  {F31D1897-7EFD-4647-8687-E05894E382AB} <C:\WINDOWS\system32\runclose.ocx, Hewlett-Packard Company>
[XML DOM Document]
  {F6D90F11-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A>
[IERPCtl Class]
  {FDC7A535-4070-4B92-A0EA-D9994BCC0DC5} <C:\Program Files\Real\RealPlayer\rpplugins\ierpplug.dll, RealNetworks, Inc.>
[&使用BitComet下载]
  <res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm, N/A>
[&使用BitComet下载全部链接]
  <res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm, N/A>
[&使用BitComet下载本页视频]
  <res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm, N/A>
[使用网络传送带下载]
  <C:\Program Files\Xi\NetXfer\NXAddLink.html, N/A>

==================================
正在运行的进程
[PID: 544 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 656 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 680 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4119]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 724 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 736 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 900 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 968 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1036 / SYSTEM][C:\Program Files\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.28]
[PID: 1052 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16608 (vista_gdr.071204-1500)]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
[PID: 1136 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1180 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16608 (vista_gdr.071204-1500)]
[PID: 1216 / SYSTEM][C:\PROGRAM FILES\RISING\RAV\ravmond.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.75]
    [C:\PROGRAM FILES\RISING\RAV\BWList.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.4]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [C:\PROGRAM FILES\RISING\RAV\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.16]
    [C:\PROGRAM FILES\RISING\RAV\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.34]
    [C:\PROGRAM FILES\RISING\RAV\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\PROGRAM FILES\RISING\RAV\MonRule.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.29]
    [C:\PROGRAM FILES\RISING\RAV\Hooksys.dll]  [Beijing Rising Technology Co., Ltd, 22, 0, 0, 9]
    [C:\PROGRAM FILES\RISING\RAV\HookReg.dll]  [Beijing Rising Technology Co., Ltd, 22, 0, 0, 4]
    [C:\PROGRAM FILES\RISING\RAV\HookNtos.dll]  [Beijing Rising Technology Co., Ltd, 22, 0, 0, 2]
    [C:\PROGRAM FILES\RISING\RAV\rswalmon.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 22]
    [C:\PROGRAM FILES\RISING\RAV\recomp.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 34]
    [C:\PROGRAM FILES\RISING\RAV\refs.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 15]
    [C:\PROGRAM FILES\RISING\RAV\ffr.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 10]
    [C:\Program Files\Rising\Rav\RsStore.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.8]
    [C:\PROGRAM FILES\RISING\RAV\HookCont.dll]  [Beijing Rising Technology Co., Ltd, 22, 0, 0, 1]
    [C:\Program Files\Rising\Rav\fakescan.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.13]
    [C:\Program Files\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.36]
    [C:\PROGRAM FILES\RISING\RAV\viruslib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 21]
    [C:\PROGRAM FILES\RISING\RAV\relibldr.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 13]
    [C:\PROGRAM FILES\RISING\RAV\HookWeb.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.2]
    [C:\PROGRAM FILES\RISING\RAV\extfile.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 29]
    [C:\PROGRAM FILES\RISING\RAV\pearc.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 5]
    [C:\PROGRAM FILES\RISING\RAV\nvfile.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [C:\PROGRAM FILES\RISING\RAV\scanexec.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 15]
    [C:\PROGRAM FILES\RISING\RAV\unexe.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4]
    [C:\PROGRAM FILES\RISING\RAV\scanex.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 55]
    [C:\PROGRAM FILES\RISING\RAV\scanpack.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9]
    [C:\PROGRAM FILES\RISING\RAV\revm.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 8]
    [C:\PROGRAM FILES\RISING\RAV\urutils.dll]  [, 20, 0, 0, 4]
    [C:\PROGRAM FILES\RISING\RAV\ur000.dat]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [C:\PROGRAM FILES\RISING\RAV\scriptci.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [C:\PROGRAM FILES\RISING\RAV\ur001.dat]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [C:\PROGRAM FILES\RISING\RAV\uroutine.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26]
    [C:\PROGRAM FILES\RISING\RAV\ur010.dat]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 1]
    [C:\PROGRAM FILES\RISING\RAV\ur021.dat]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 1]
    [C:\PROGRAM FILES\RISING\RAV\scansct.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 8]
    [C:\PROGRAM FILES\RISING\RAV\extmail.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9]
[PID: 1436 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\HpTcpMon.dll]  [Hewlett Packard, 5.01.00.011]
    [C:\WINDOWS\system32\hpzjrd01.dll]  [Hewlett Packard, 2.01.00.001]
    [C:\WINDOWS\system32\HPTcpMUI.dll]  [Microsoft Corporation, 5.01.00.011]
    [C:\WINDOWS\system32\hptcpmib.dll]  [Hewlett Packard, 5.01.00.011]
[PID: 1612 / SYSTEM][C:\PROGRAM FILES\RISING\RAV\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.9]
    [C:\PROGRAM FILES\RISING\RAV\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[PID: 1816 / HP_Owner][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16608 (vista_gdr.071204-1500)]
    [C:\WINDOWS\system32\ieframe.dll]  [Microsoft Corporation, 7.00.6000.16608 (vista_gdr.071204-1500)]
    [C:\WINDOWS\DOWNLO~1\CONFLICT.6\CnsMin.dll]  [国风因特软件(北京)有限公司, 2.5.1.6]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\PROGRA~1\3721\helper.dll]  [国风因特软件(北京)有限公司, 2.5.5.1008]
    [C:\PROGRA~1\3721\alrex.dll]  [国风因特软件(北京)有限公司, 2.5.2.1004]
    [C:\WINDOWS\DOWNLO~1\CONFLICT.6\CnsHook.dll]  [国风因特软件(北京)有限公司, 2.5.1.9]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
    [C:\WINDOWS\system32\nvcpl.dll]  [NVIDIA Corporation, 6.14.11.5819]
    [C:\WINDOWS\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.11.5819]
    [C:\WINDOWS\system32\nvapi.dll]  [NVIDIA Corporation, 6.14.11.5819]
    [C:\WINDOWS\system32\nvshell.dll]  [, ]
    [C:\PROGRA~1\3721\autolive.dll]  [国风因特软件(北京)有限公司, 2.6.0.1016]
    [C:\PROGRA~1\3721\alLiveEx.dll]  [国风因特软件(北京)有限公司, 1.0.4.1007]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.0.2004121400]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [C:\WINDOWS\system32\mpg2splt.ax]  [, ]
    [C:\Program Files\CyberLink\PowerCinema\Kernel\TV\PCMRM2Splter.ax]  [CyberLink Corp., 2.2.2114  ]
    [C:\Program Files\CyberLink\PowerCinema\Kernel\TV\PCMBM2Splter.ax]  [CyberLink Corp., 2.2.1919  ]
    [C:\Program Files\CyberLink\PowerCinema\Kernel\TV\PCMBM1Splter.ax]  [CyberLink Corp., 2.2.1919  ]
    [C:\Program Files\CyberLink\PowerCinema\Kernel\Video\CLM2Splter.ax]  [CyberLink Corp., 2.2.3128  ]
    [C:\Program Files\CyberLink\PowerCinema\Kernel\Video\CLM1Splter.ax]  [CyberLink Corp., 2.2.3128  ]
    [C:\Program Files\CyberLink\PowerCinema\Kernel\VideoProcessor\MDTLM2Splter.ax]  [CyberLink Corp., 2.2.2213  ]
    [C:\Program Files\CyberLink\PowerCinema\Kernel\VideoProcessor\MDTLM1Splter.ax]  [CyberLink Corp., 2.2.2213  ]
    [C:\Program Files\CyberLink\PowerCinema\Kernel\Movie\CLDemuxer.ax]  [CyberLink Corp., 1.0.2728        ]
[PID: 1952 / HP_Owner][C:\WINDOWS\system32\Rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\DOWNLO~1\CONFLICT.6\CnsMin.dll]  [国风因特软件(北京)有限公司, 2.5.1.6]
    [C:\WINDOWS\DOWNLO~1\CONFLICT.6\CnsMinIO.dll]  [国风因特软件(北京)有限公司, 2.5.0.8]
    [C:\WINDOWS\DOWNLO~1\CONFLICT.6\cnsio.dll]  [国风因特软件(北京)有限公司, 2.5.0.6]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16608 (vista_gdr.071204-1500)]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\PROGRA~1\3721\helper.dll]  [国风因特软件(北京)有限公司, 2.5.5.1008]
    [C:\WINDOWS\DOWNLO~1\CONFLICT.6\CnsMinEx.dll]  [国风因特软件(北京)有限公司, 2.5.0.6]
[PID: 848 / SYSTEM][C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe]  [, 4.05.1409]
    [C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapEngine.dll]  [, 4.05.1409]
    [C:\Program Files\CyberLink\PowerCinema\Kernel\TV\PCMRRec4.dll]  [CyberLink Corp., 4.01.2609]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvcps.dll]  [N/A, ]
[PID: 892 / SYSTEM][C:\Program Files\CyberLink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe]  [Cyberlink, 2, 1, 0, 2301]
[PID: 1076 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.11.5819]
    [C:\WINDOWS\system32\nvapi.dll]  [NVIDIA Corporation, 6.14.11.5819]
[PID: 1396 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: DNSRV(bld4act)]
[PID: 1724 / SYSTEM][C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe]  [, 4.05.1409]
    [C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvcps.dll]  [N/A, ]
    [C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSchMgr.dll]  [, 4.05.1409]
    [C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLMLClient.dll]  [Cyberlink, 2, 1, 0, 2301]
[PID: 2204 / HP_Owner][C:\PROGRAM FILES\RISING\RAV\RavMon.exe]  [Beijing Rising Technology Co., Ltd., 20.0.01.14]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\PROGRAM FILES\RISING\RAV\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [C:\PROGRAM FILES\RISING\RAV\recomp.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 34]
    [C:\PROGRAM FILES\RISING\RAV\refs.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 15]
    [C:\PROGRAM FILES\RISING\RAV\viruslib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 21]
    [C:\PROGRAM FILES\RISING\RAV\relibldr.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 13]
    [C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [C:\PROGRAM FILES\RISING\RAV\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.16]
    [C:\PROGRAM FILES\RISING\RAV\MonRule.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.29]
    [C:\PROGRAM FILES\RISING\RAV\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4]
    [C:\PROGRAM FILES\RISING\RAV\Rsguilib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 88]
    [C:\PROGRAM FILES\RISING\RAV\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0]
    [C:\PROGRA~1\3721\helper.dll]  [国风因特软件(北京)有限公司, 2.5.5.1008]
[PID: 2292 / HP_Owner][C:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.22]
    [C:\Program Files\Rising\Rav\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\Program Files\Rising\Rav\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.16]
[PID: 2344 / HP_Owner][C:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRA~1\3721\helper.dll]  [国风因特软件(北京)有限公司, 2.5.5.1008]
    [C:\WINDOWS\DOWNLO~1\CONFLICT.6\CnsMin.dll]  [国风因特软件(北京)有限公司, 2.5.1.6]
    [C:\PROGRA~1\3721\autolive.dll]  [国风因特软件(北京)有限公司, 2.6.0.1016]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16608 (vista_gdr.071204-1500)]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\PROGRA~1\3721\notifier.dll]  [国风因特软件(北京)有限公司, 2.5.2.1004]
    [C:\PROGRA~1\3721\alLiveEx.dll]  [国风因特软件(北京)有限公司, 1.0.4.1007]
[PID: 2560 / HP_Owner][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.1.45]
    [C:\WINDOWS\DOWNLO~1\CONFLICT.6\CnsMin.dll]  [国风因特软件(北京)有限公司, 2.5.1.6]
[PID: 2692 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2752 / HP_Owner][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\DOWNLO~1\CONFLICT.6\CnsMin.dll]  [国风因特软件(北京)有限公司, 2.5.1.6]
[PID: 2928 / HP_Owner][C:\Program Files\内存扫把\ram.exe]  [jfzlnyf, 1.09.0005]
    [C:\WINDOWS\system32\MSVBVM60.DLL]  [Microsoft Corporation, 6.00.9690]
    [C:\PROGRA~1\3721\helper.dll]  [国风因特软件(北京)有限公司, 2.5.5.1008]
    [C:\WINDOWS\DOWNLO~1\CONFLICT.6\CnsMin.dll]  [国风因特软件(北京)有限公司, 2.5.1.6]
    [C:\Program Files\内存扫把\Command.ocx]  [随想软件工作室 Capricciososoft, 3.00.0915]
    [C:\Program Files\内存扫把\MSCOMCTL.OCX]  [Microsoft Corporation, 6.00.8862]
    [C:\Program Files\内存扫把\TrayForm.ocx]  [Eduardo Morcillo, 1.03.0007]
[PID: 3200 / HP_Owner][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRA~1\3721\helper.dll]  [国风因特软件(北京)有限公司, 2.5.5.1008]
    [C:\WINDOWS\DOWNLO~1\CONFLICT.6\CnsMin.dll]  [国风因特软件(北京)有限公司, 2.5.1.6]
[PID: 3980 / HP_Owner][C:\网络游戏\三国群英传OL\Online.dat]  [N/A, ]
    [C:\PROGRA~1\3721\helper.dll]  [国风因特软件(北京)有限公司, 2.5.5.1008]
    [C:\WINDOWS\DOWNLO~1\CONFLICT.6\CnsMin.dll]  [国风因特软件(北京)有限公司, 2.5.1.6]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 2200 / HP_Owner][C:\网络游戏\三国群英传OL\Online.dat]  [N/A, ]
    [C:\PROGRA~1\3721\helper.dll]  [国风因特软件(北京)有限公司, 2.5.5.1008]
    [C:\WINDOWS\DOWNLO~1\CONFLICT.6\CnsMin.dll]  [国风因特软件(北京)有限公司, 2.5.1.6]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 3372 / HP_Owner][C:\网络游戏\三国群英传OL\Online.dat]  [N/A, ]
    [C:\PROGRA~1\3721\helper.dll]  [国风因特软件(北京)有限公司, 2.5.5.1008]
    [C:\WINDOWS\DOWNLO~1\CONFLICT.6\CnsMin.dll]  [国风因特软件(北京)有限公司, 2.5.1.6]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 228 / HP_Owner][C:\网络游戏\三国群英传OL\Online.dat]  [N/A, ]
    [C:\PROGRA~1\3721\helper.dll]  [国风因特软件(北京)有限公司, 2.5.5.1008]
    [C:\WINDOWS\DOWNLO~1\CONFLICT.6\CnsMin.dll]  [国风因特软件(北京)有限公司, 2.5.1.6]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 3132 / HP_Owner][C:\dzh\internet\hypwise.exe]  [大智慧, 1, 0, 0, 1]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16608 (vista_gdr.071204-1500)]
    [C:\dzh\internet\MFC42.DLL]  [Microsoft Corporation, 6.00.8447.0]
    [C:\PROGRA~1\3721\helper.dll]  [国风因特软件(北京)有限公司, 2.5.5.1008]
    [C:\WINDOWS\DOWNLO~1\CONFLICT.6\CnsMin.dll]  [国风因特软件(北京)有限公司, 2.5.1.6]
[PID: 1492 / HP_Owner][C:\网络游戏\三国群英传OL\Online.dat]  [N/A, ]
    [C:\PROGRA~1\3721\helper.dll]  [国风因特软件(北京)有限公司, 2.5.5.1008]
    [C:\WINDOWS\DOWNLO~1\CONFLICT.6\CnsMin.dll]  [国风因特软件(北京)有限公司, 2.5.1.6]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 2108 / HP_Owner][C:\Program Files\GridService\peeradapter.exe]  [Mercury, 2, 0, 10, 7348]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16608 (vista_gdr.071204-1500)]
    [C:\PROGRA~1\3721\helper.dll]  [国风因特软件(北京)有限公司, 2.5.5.1008]
    [C:\WINDOWS\DOWNLO~1\CONFLICT.6\CnsMin.dll]  [国风因特软件(北京)有限公司, 2.5.1.6]
[PID: 4088 / HP_Owner][C:\Program Files\GridService\peer.exe]  [Mercury, 2, 0, 10, 7348]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16608 (vista_gdr.071204-1500)]
    [C:\PROGRA~1\3721\helper.dll]  [国风因特软件(北京)有限公司, 2.5.5.1008]
    [C:\WINDOWS\DOWNLO~1\CONFLICT.6\CnsMin.dll]  [国风因特软件(北京)有限公司, 2.5.1.6]
[PID: 5448 / HP_Owner][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 7.00.6000.16608 (vista_gdr.071204-1500)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16608 (vista_gdr.071204-1500)]
    [C:\WINDOWS\system32\IEFRAME.dll]  [Microsoft Corporation, 7.00.6000.16608 (vista_gdr.071204-1500)]
    [C:\PROGRA~1\3721\helper.dll]  [国风因特软件(北京)有限公司, 2.5.5.1008]
    [C:\PROGRA~1\3721\alrex.dll]  [国风因特软件(北京)有限公司, 2.5.2.1004]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\DOWNLO~1\CONFLICT.6\CnsMin.dll]  [国风因特软件(北京)有限公司, 2.5.1.6]
    [C:\WINDOWS\DOWNLO~1\CONFLICT.6\CnsHint.dll]  [国风因特软件(北京)有限公司, 2.5.0.7]
    [C:\PROGRA~1\3721\autolive.dll]  [国风因特软件(北京)有限公司, 2.6.0.1016]
    [C:\PROGRA~1\3721\alLiveEx.dll]  [国风因特软件(北京)有限公司, 1.0.4.1007]
    [C:\WINDOWS\system32\IEUI.dll]  [Microsoft Corporation, 7.00.5730.13 (longhorn(wmbla).070711-1130)]
    [C:\WINDOWS\DOWNLO~1\CONFLICT.6\cnsplus.dll]  [国风因特软件(北京)有限公司, 2.5.0.4]
    [C:\WINDOWS\system32\xmllite.dll]  [Microsoft Corporation, 1.00.1018.0]
    [C:\Program Files\Internet Explorer\ieproxy.dll]  [Microsoft Corporation, 7.00.5730.13 (longhorn(wmbla).070711-1130)]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.0.2004121400]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll]  [BitComet, 20080116]
    [C:\Program Files\Xi\NetXfer\NXIEHelper.dll]  [Xi, 2.22.310]
    [C:\WINDOWS\DOWNLO~1\CONFLICT.6\CnsHook.dll]  [国风因特软件(北京)有限公司, 2.5.1.9]
    [C:\WINDOWS\system32\ieapfltr.dll]  [Microsoft Corporation, 7.0.6000.16461]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx]  [Adobe Systems, Inc., 9,0,115,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 4568 / HP_Owner][C:\WINDOWS\sreng2\123.com.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16608 (vista_gdr.071204-1500)]
    [C:\PROGRA~1\3721\helper.dll]  [国风因特软件(北京)有限公司, 2.5.5.1008]
    [C:\WINDOWS\DOWNLO~1\CONFLICT.6\CnsMin.dll]  [国风因特软件(北京)有限公司, 2.5.1.6]
    [C:\WINDOWS\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

解决方案:

1.建议使用XDelBox删除以下文件:([url=http://www.dodudou.com/down/index.php]XDelBox1.3下载[/url])
使用说明:删除时复制所有要删除文件的路径,在待删除文件列表里点击右键选择从剪贴板导入,导入后在要删除文件上点击右键,选择立刻重启删除,电脑会重启进入DOS界面进行删除操作。运行xdelbox前最好卸载所有可移动存储介质(包括U盘,MP3,手机存储卡等)。

c:\progra~1\3721\helper.dll
c:\progra~1\3721\autolive.dll
c:\progra~1\3721\alrex.dll
c:\progra~1\3721\alliveex.dll
c:\windows\downlo~1\conflict.6\cnsio.dll
c:\windows\downlo~1\conflict.6\cnsmin.dll
c:\windows\downlo~1\conflict.6\cnsminex.dll
c:\windows\downlo~1\conflict.6\cnsminio.dll
c:\windows\downlo~1\conflict.6\cnshint.dll
c:\windows\downlo~1\conflict.6\cnshook.dll
c:\windows\downlo~1\conflict.6\cnsplus.dll
c:\windows\system32\rundll32.exe c:\progra~1\3721\helper.dll,rundll32
c:\windows\system32\drivers\cnsminkp.sys
e:\winio.sys
c:\windows\system32a2.sys
c:\windows\\systemroot\system32\drivers\meraqelb.sys
c:\windows\downloaded program files\conflict.6\cnsmin.dll

2.删除重启后使用SREng修复下面各项:

启动项目 -- 注册表之如下项删除:
[helper.dll] <C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32>

启动项目 -- 服务-- 驱动程序之如下项禁用:
[CnsMinKP / CnsMinKP] <\SystemRoot\system32\drivers\CnsMinKP.sys>
[WINIO / WINIO] <\??\E:\winio.sys>
[R2A / R2A] <\??\C:\WINDOWS\system32a2.sys>
[meraqelb / meraqelb] <\SystemRoot\\SystemRoot\System32\drivers\meraqelb.sys>

系统修复-- 浏览器加载项之如下项删除:
[CnsHook Class] <C:\WINDOWS\DOWNLO~1\CONFLICT.6\CnsHook.dll>
[CnsHook Class] <C:\WINDOWS\DOWNLO~1\CONFLICT.6\CnsHook.dll>
[3721] <C:\WINDOWS\Downloaded Program Files\CONFLICT.6\CnsMin.dll>
[AutoLive] <C:\PROGRA~1\3721\autolive.dll>


下载windows清理助手清理恶意软件
http://www.arswp.com/download.html

下载临时文件清理工具
http://www.dodudou.com/down/ATF-Cleaner-cn.exe
发表评论】【加入收藏】【告诉好友】【打印此文】【关闭窗口
 
  • 上一篇文章:

  • 下一篇文章:
    • 相关新闻
    警惕VBS下载者下载恶意软件木马
    巧用组策略防范MSDOS.BAT感染型下载者木
    木马下载器43801(下载者)
    预警:循环瘫痪下载器(下载者)
    新型下载者(Win32.TrojDownloader.Guup
    安全破坏下载者
    点型中了下载者木马的电脑日志
    SVCH0ST.exe下载者木马
    Gameservet.exe木马下载者
    下载者木马wniapsvr.exe
    论坛新帖
    新 闻 TOP 10
  • 没有热点文章
    		•
    点击申请点击申请点击申请点击申请点击申请点击申请点击申请
    点击申请点击申请点击申请点击申请点击申请点击申请点击申请点击申请
    文字链接: 热门下说网
    Copyright © 2008 FanMuMa.com All Rights Reserved
    客服邮箱:fanmuma#126.com(将#换为@) 站长:Fisco 联系电话:15802671439 联系QQ:337803 
    捍卫属于个人的一切--