eyata2287 - 2007-3-30 11:20:00
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
(jiajiasr)(C:\Program Files\jj4\jiajiasr.exe) [加加工作组]
(ctfmon.exe)(C:\WINDOWS\system32\ctfmon.exe) [(Verified)Microsoft Windows Publisher]
(System Boot Check)(C:\WINDOWS\system32\sysload3.exe) []
(dwb2ji8xu490)(C:\DOCUME~1\LIYING~1\LOCALS~1\Temp\iexpl0re.exe) [N/A]
(l927rcw)(C:\DOCUME~1\LIYING~1\LOCALS~1\Temp\crasos.exe) [N/A]
(vrw2g9wkhycf843)(C:\DOCUME~1\LIYING~1\LOCALS~1\Temp\rundl132.exe) []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
(load)() [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
(CnxDslTaskBar)("C:\Program Files\ADSL\AccessRunner ADSL\CnxDslTb.exe") [Conexant Systems Inc.]
(RavTask)("C:\Program Files\Rising\Rav\RavTask.exe" -system) [Beijing Rising Technology Co., Ltd.]
(TkBellExe)("C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot) [RealNetworks, Inc.]
(RfwMain)("C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup) [Beijing Rising Technology Co., Ltd.]
(Soltek)(C:\WINDOWS\system32\autorun.exe) []
(ATIPTA)(C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe) [ATI Technologies, Inc.]
(mppds)(C:\WINDOWS\mppds.exe) []
(winform)(C:\WINDOWS\winform.exe) [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
(RavStub)("C:\PROGRAM FILES\RISING\RAV\ravstub.exe" /RUNONCE) [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(shell)(Explorer.exe) [(Verified)Microsoft Windows Publisher]
(Userinit)(C:\WINDOWS\system32\UserInit.exe,) [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
(AppInit_DLLs)(235780M.BMP) []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(UIHost)(logonui.exe) [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
({32CD708B-60A7-4C00-9377-D73EAA495F0F})(C:\WINDOWS\system32\RavExt.dll) [Beijing Rising Technology Co., Ltd.]
({A6011F8F-A7F8-49AA-9ADA-49127D43138F})(C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.rxk) []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
(Load)(; ? ?粒?粒�粒?
�? ?�? �?粓?) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
(POP)(; C:\DOCUME~1\LIYING~1\LOCALS~1\Temp\1638.exe) []
(upxdnd)(; C:\DOCUME~1\LIYING~1\LOCALS~1\Temp\1634.exe) [N/A]
启动文件夹
-------------------------------------------------------------------------------
服务
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
(C:\WINDOWS\system32\Ati2evxx.exe)()
[ATI Smart / ATI Smart][Stopped/Auto Start]
(C:\WINDOWS\system32\ati2sgag.exe)()
[Human Interface Device Access / HidServ][Stopped/Disabled]
(C:\WINDOWS\System32\svchost.exe -k netsvcs--)%SystemRoot%\System32\hidserv.dll)(N/A)
[Rising Proxy Service / RfwProxySrv][Stopped/Manual Start]
(c:\program files\rising\rfw\rfwproxy.exe)(Beijing Rising Technology Co., Ltd.)
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
(C:\Program Files\Rising\Rfw\rfwsrv.exe)(Beijing Rising Technology Co., Ltd.)
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
("C:\Program Files\Rising\Rav\CCenter.exe")(Beijing Rising Technology Co., Ltd.)
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
("C:\PROGRAM FILES\RISING\RAV\Ravmond.exe")(Beijing Rising Technology Co., Ltd.)
[TomDemoService / TomDemoService][Running/Auto Start]
(C:\CONFIG.EXE)(N/A)
--------------------------------------------------------------------------------
驱动程序
[Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]
(system32\drivers\ALCXSENS.SYS)(Sensaura Ltd)
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
(system32\drivers\ALCXWDM.SYS)(Realtek Semiconductor Corp.)
[ati2mtag / ati2mtag][Running/Manual Start]
(system32\DRIVERS\ati2mtag.sys)(ATI Technologies Inc.)
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
(System32\DRIVERS\BaseTDI.SYS)(Beijing Rising Technology Co., Ltd.)
[AccessRunner USB ADSL WAN Adapter Filter Driver / CnxEtP][Running/Manual Start]
(system32\DRIVERS\CnxEtP.sys)(Conexant)
[USB ADSL 设备驱动 / CnxEtU][Running/Manual Start]
(system32\DRIVERS\CnxEtU.sys)(Conexant)
[AccessRunner USB ADSL WAN Adapter Driver / CnxTgN][Running/Manual Start]
(system32\DRIVERS\CnxTgN.sys)(Conexant Systems Inc.)
[ExpScaner / ExpScaner][Running/Auto Start]
(\??\C:\PROGRAM FILES\RISING\RAV\ExpScan.sys)()
[HookCont / HookCont][Running/Auto Start]
(\??\C:\PROGRAM FILES\RISING\RAV\HOOKCONT.sys)(Rising)
[HookReg / HookReg][Running/Auto Start]
(\??\C:\PROGRAM FILES\RISING\RAV\HookReg.sys)()
[HookSys / HookSys][Running/Auto Start]
(\??\C:\PROGRAM FILES\RISING\RAV\HookSys.sys)(Rising)
[HookUrl / HookUrl][Running/Auto Start]
(\??\C:\Program Files\Rising\Rfw\HookUrl.sys)(Beijing Rising Technology Co., Ltd.)
[MEMSCAN / MEMSCAN][Running/Auto Start]
(\??\C:\PROGRAM FILES\RISING\RAV\MEMSCAN.sys)(瑞星软件有限公司)
[mProcRs / mProcRs][Running/Auto Start]
(\??\c:\program files\rising\rfw\mProcRs.sys)(Beijing Rising Technology Co., Ltd.)
[npkcrypt / npkcrypt][Stopped/Auto Start]
(\??\F:\新建文件夹 (3)\QQ\npkcrypt.sys)(N/A)
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
(system32\DRIVERS\ptilink.sys)(Parallel Technologies, Inc.)
[RsAntiSpyware / RsAntiSpyware][Stopped/Disabled]
(\SystemRoot\system32\drivers\RsBoot.sys)(Beijing Rising)
[RsFwDrv / RsFwDrv][Running/Auto Start]
(\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys)(Beijing Rising Technology Co., Ltd.)
[RsNTGDI / RsNTGDI][Running/Boot Start]
(\SystemRoot\system32\Drivers\RsNTGdi.sys)(Beijing Rising Technology Co., Ltd.)
[RSPPSYS / RSPPSYS][Running/Auto Start]
(\??\C:\PROGRAM FILES\RISING\RAV\RSPPSYS.sys)(Rising)
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
(system32\DRIVERS\RTL8139.SYS)(Realtek Semiconductor Corporation)
[Secdrv / Secdrv][Stopped/Manual Start]
(system32\DRIVERS\secdrv.sys)(N/A)
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
(system32\DRIVERS\WSTCODEC.SYS)(Microsoft Corporation)
[ZSMC USB PC Camera / ZSMC301b][Running/Manual Start]
(System32\Drivers\usbVM31b.sys)(VM)
浏览器加载项
[FGCatchUrl]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} (F:\Program Files\FlashGet\jccatch.dll, www.flashget.com)
[FlashGet GetFlash Class]
{F156768E-81EF-470C-9057-481BA8380DBA} (F:\Program Files\FlashGet\getflash.dll, www.flashget.com)
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} (D:\qq\QQ.EXE, TENCENT)
[快车]
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} (F:\Program Files\FlashGet\FlashGet.exe, FlashGet.com)
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} (C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation)
[FGCatchUrl]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} (F:\Program Files\FlashGet\jccatch.dll, www.flashget.com)
[FlashGet GetFlash Class]
{F156768E-81EF-470C-9057-481BA8380DBA} (F:\Program Files\FlashGet\getflash.dll, www.flashget.com)
[FGCatchUrl]
{FB5DA724-162B-11D3-8B9B-AA70B4B0B524} (F:\Program Files\FlashGet\jccatch.dll, www.flashget.com)
[&使用快车(FlashGet)下载]
(F:\Program Files\FlashGet\jc_link.htm, N/A)
[&使用快车(FlashGet)下载全部链接]
(F:\Program Files\FlashGet\jc_all.htm, N/A)
[上传到QQ网络硬盘]
(D:\qq\AddToNetDisk.htm, N/A)
[导出到 Microsoft Office Excel(&X)]
(res://F:\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A)
[添加到QQ自定义面板]
(D:\qq\AddPanel.htm, N/A)
[添加到QQ表情]
(D:\qq\AddEmotion.htm, N/A)
[用QQ彩信发送该图片]
(D:\qq\SendMMS.htm, N/A)
正在运行的进程
[PID: 444][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 400][C:\Program Files\Rising\Rfw\RfwMain.exe] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 70]
[C:\Program Files\Rising\Rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
[C:\WINDOWS\235780M.BMP] [N/A, ]
[C:\Program Files\Rising\Rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\Program Files\Rising\Rfw\RfwCtrl.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
[C:\Program Files\Rising\Rfw\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
[C:\Program Files\Rising\Rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[PID: 1540][C:\Program Files\ADSL\AccessRunner ADSL\CnxDslTb.exe] [Conexant Systems Inc., 2.099.085.000]
[C:\WINDOWS\235780M.BMP] [N/A, ]
[C:\Program Files\ADSL\AccessRunner ADSL\CnxDslWz.dll] [Conexant Systems Inc., 2.099.085.000]
[C:\WINDOWS\system32\CnxHwIo.dll] [Conexant Systems Inc., 2.099.085.000]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1752][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.1622]
[C:\WINDOWS\235780M.BMP] [N/A, ]
[PID: 2108][C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe] [ATI Technologies, Inc., 6.14.10.5090]
[C:\WINDOWS\235780M.BMP] [N/A, ]
[C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll] [ATI Technologies, Inc., 6.14.10.5090]
[C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.CHS] [ATI Technologies, Inc., 6.14.10.5090]
[C:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll] [ATI Technologies, Inc., 6.14.10.5090]
[PID: 2256][C:\DOCUME~1\LIYING~1\LOCALS~1\Temp\1632.exe] [N/A, ]
[C:\WINDOWS\235780M.BMP] [N/A, ]
[PID: 2480][C:\DOCUME~1\LIYING~1\LOCALS~1\Temp\1638.exe] [N/A, ]
[C:\WINDOWS\235780M.BMP] [N/A, ]
[PID: 2648][C:\Program Files\jj4\jiajiasr.exe] [加加工作组, 4, 1, 0, 47]
[C:\WINDOWS\235780M.BMP] [N/A, ]
[PID: 2708][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\235780M.BMP] [N/A, ]
[PID: 2848][C:\program files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\235780M.BMP] [N/A, ]
[F:\Program Files\FlashGet\jccatch.dll] [www.flashget.com, 1, 8, 1, 1006]
[F:\Program Files\FlashGet\getflash.dll] [www.flashget.com, 1, 8, 1, 1002]
[F:\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 3084][C:\WINDOWS\system32\notepad.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\235780M.BMP] [N/A, ]
[PID: 1804][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\235780M.BMP] [N/A, ]
[PID: 2776][C:\WINDOWS\system32\ntvdm.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\235780M.BMP] [N/A, ]
[PID: 3684][C:\WINDOWS\explorer.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\235780M.BMP] [N/A, ]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.rxk] [N/A, ]
[PID: 4060][C:\DOCUME~1\LIYING~1\LOCALS~1\Temp\Rar$EX00.031\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]
[C:\WINDOWS\235780M.BMP] [N/A, ]
© 2000 - 2026 Rising Corp. Ltd.