自由自在0 - 2007-7-27 14:17:00
[CODE]
2007-07-27,13:57:14
System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)
Windows XP Home Edition (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe> [(Verified)Microsoft Windows XP Publisher]
<MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background> [Microsoft Corporation]
<MsnMsgr><"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background> [Microsoft Corporation]
<KernelFailCheck><\ITMP.exe> [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows XP Publisher]
<PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows XP Publisher]
<PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows XP Publisher]
<SoundMan><SOUNDMAN.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<ATIModeChange><Ati2mdxx.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<ATIPTA><C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe> [ATI Technologies, Inc.]
<YDTMain.exe><C:\PROGRA~1\YDT\YDTMain.exe> [N/A]
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<QuickTime Task><"F:\qt\qttask.exe" -atboottime> [Apple Computer, Inc.]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
<KernelFaultCheck><%systemroot%\system32\dumprep 0 -k> [N/A]
<runeip><"C:\Program Files\Rising\AntiSpyware\runiep.exe" /startup> [Beijing Rising Technology Co., Ltd.]
<WebThunder><C:\Program Files\Thunder Network\WebThunder\WebThunder.exe> [N/A]
<SmCtrlDrv><C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\cdnprh.dll Start> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<KKDelay><C:\Program Files\Rising\AntiSpyware\RunOnce.exe> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows XP Publisher]
<Userinit><C:\WINDOWS\System32\UserInit.exe,> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
<{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\System32\shlhook.dll> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{11716107-A10D-11cf-64CD-11115FE1CF41}]
<N/A><C:\WINDOWS\System32\nwizzhuxians.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger><rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\msmsgs.inf,BLC.Install.PerUser> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5FF01121-F04D-30cf-64CD-74FF5FE1CF1C}]
<N/A><C:\WINDOWS\System32\nwizdh.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{63202121-F04D-11cf-64CD-33FF5FE1CF20}]
<N/A><C:\WINDOWS\System32\nwizAsktao.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Address Book 5><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{81716107-A10D-11cf-64CD-11115FE1CF41}]
<N/A><C:\WINDOWS\System32\nwizzhuxians.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{95192103-834D-71CF-64CD-51E15112AF20}]
<N/A><C:\WINDOWS\System32\nwizhx2.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
<CRLUpdate><%SystemRoot%\System32\updcrl.exe -e -u %SystemRoot%\System32\verisignpub1.crl> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{BA312103-F04D-31cf-64CD-21EF5011CF20}]
<N/A><C:\WINDOWS\System32\nwizqjsj.exe> [N/A]
自由自在0 - 2007-7-27 14:17:00
==================================
启动文件夹
N/A
==================================
服务
[Application Management / AppMgmt][Stopped/Manual Start]
<C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
<C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Windows hvok RunThem / hvok][Running/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\PROGRA~1\cqjf\matp.dll>< >
[IMAPI CD-Burning COM Service / ImapiService][Stopped/Manual Start]
<C:\WINDOWS\System32\imapi.exe><Microsoft Corporation>
[Macromedia Licensing Service / Macromedia Licensing Service][Stopped/Manual Start]
<"C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"><>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
<c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
<"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Ulead Burning Helper / UleadBurningHelper][Running/Auto Start]
<C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe><Ulead Systems, Inc.>
==================================
驱动程序
[Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]
<system32\drivers\ALCXSENS.SYS><Sensaura Ltd>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[ati2mtag / ati2mtag][Running/Manual Start]
<System32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[ExpScaner / ExpScaner][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[usb Card Device / ft2kEnum][Running/Manual Start]
<System32\DRIVERS\ic2kenum.sys><OEM Corporation>
[HookCont / HookCont][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
<\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[kmsinput / kmsinput][Stopped/Manual Start]
<\??\C:\WINDOWS\System32\drivers\kmsinput.sys><N/A>
[MEMSCAN / MEMSCAN][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs][Running/Auto Start]
<\??\c:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[npkcrypt / npkcrypt][Stopped/Auto Start]
<\??\F:\qqip\npkcrypt.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[SmartCard Reader Device / Reader_Device][Running/Manual Start]
<System32\DRIVERS\usbic2k.sys><OEM>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
<\SystemRoot\System32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
[RsFwDrv / RsFwDrv][Running/Auto Start]
<\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\System32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
<System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[USB SDVC05 / SDVC05][Stopped/Manual Start]
<System32\Drivers\SDVC05.sys><HaSoInTech>
[Secdrv / Secdrv][Stopped/Manual Start]
<System32\DRIVERS\secdrv.sys><N/A>
[SiS AGP Filter / SISAGP][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\SISAGPX.sys><Silicon Integrated Systems Corporation>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
<System32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[usb token Device Driver / token][Stopped/Manual Start]
<System32\DRIVERS\eps2kt1.sys><>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
<System32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
自由自在0 - 2007-7-27 14:18:00
==================================
浏览器加载项
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\System32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[ThunderAtOnce Class]
{01443AEC-0FD1-40fd-9C87-E93D1494C233} <F:\迅雷\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <F:\迅雷\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[手机短信]
{00000000-0000-0001-0001-596BAEDD1289} <http://sms.3721.com/ie/index.htm?pid=U_3721_assist, N/A>
[启动迅雷5]
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <F:\迅雷\Thunder.exe, Thunder Networking Technologies,LTD>
[电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[CEnroll Class]
{127698E4-E730-4E5C-A2B1-21490A70C8A1} <C:\WINDOWS\system32\xenroll.dll, Microsoft Corporation>
[EditCtrl Class]
{488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\System32\aliedit\aliedit.dll, >
[UImageUploader Class]
{5F099AD3-0EC8-4ED9-B9E1-E443DF429A94} <C:\WINDOWS\Downloaded Program Files\UImageUploader.dll, Universal soft of ShangHai China>
[InfoSecNetSign Class]
{62B938C4-4190-4F37-8CF0-A92B0A91CC77} <C:\WINDOWS\DOWNLO~1\NetSign.dll, Infosec Technologies Co., Ltd.>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\System32\wuweb.dll, Microsoft Corporation>
[AxInputControl Class]
{73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, >
[Filetran Control]
{88734439-46D0-42C0-A13F-7E881EE550CF} <F:\BLUESK~1\filetran.ocx, Bluesky Studio(http://www.bluesky.cn)>
[AxSubmitControl Class]
{8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\DOWNLO~1\SUBMIT~1.DLL, >
[VqqSpeedDlProxy Class]
{9ADACAA6-533E-4383-AFA7-F0A66650B6D8} <C:\WINDOWS\vqqsdl10.dll, Tencent Technology (Shenzhen) Company Limited>
[MsnMessengerSetupDownloadControl Class]
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} <C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[AxUSBKey Class]
{DA215190-98B2-47DE-AE24-DA95481DFFBA} <C:\WINDOWS\DOWNLO~1\USBKey.dll, >
[PasswordEditCtrl Class]
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\System32\qqedit\qqedit.dll, 腾讯科技(深圳)有限公司>
[pcVerify.ucVerify]
{EBD84F58-8D2B-4C66-85F1-73BC8125709D} <C:\WINDOWS\Downloaded Program Files\pcVerify.ocx, Junnet>
[Recorder Control]
{2423AB16-9F42-457B-A337-FE3B11964DB0} <F:\BLUESK~1\recorder.ocx, Bluesky Studio (http://www.bluesky.cn)>
[BlueskyVideo Control]
{2EA6D939-4445-43F1-A12B-8CB3DDA8B855} <F:\BLUESK~1\v2.ocx, 蓝天工作室(http://www.bluesky.cn)>
[Ppd Control]
{2F2BA87D-385E-4922-B41C-06E190B06AA9} <F:\BLUESK~1\ppd.ocx, Bluesky Studio(http://www.bluesky.cn)>
[Share Control]
{3072B1F1-0C4D-4E76-A7C6-FBAF129DBCC9} <F:\BLUESK~1\share.ocx, Bluesky Studio(http://www.bluesky.cn)>
[Thunder Agent Class]
{485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <F:\迅雷\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[Traceppd Control]
{5910C66C-F9BA-4306-8175-C098B7F0ED62} <F:\BLUESK~1\traceppd.ocx, BlueskyStudio(http://www.bluesky.cn)>
[PP Control]
{616DACC1-C5E6-4646-B36A-3FA4FC726BAD} <F:\BLUESK~1\ppc.ocx, Bluesky Studio (http://www.bluesky.cn)>
[WangWangObj Class]
{6E213FC7-DD5A-4115-B7E6-D4C7838C361E} <F:\淘宝网\淘宝旺旺\WangWangX4.dll, 阿里软件(中国)有限公司>
[Videohelp Control]
{75B75D86-D88B-4BEA-BC59-BFD9D7300518} <F:\BLUESK~1\VIDEOH~1.OCX, Bluesky Studio(http://www.bluesky.cn)>
[Filetran Control]
{88734439-46D0-42C0-A13F-7E881EE550CF} <F:\BLUESK~1\filetran.ocx, Bluesky Studio(http://www.bluesky.cn)>
[Chat Control]
{94EFE58C-E678-4808-AD65-24CE4B94C1FE} <F:\BLUESK~1\chat.ocx, Bluesky Studio(http://www.bluesky.cn)>
[Blueskyvoice Control]
{991481A7-4669-4e15-8C24-100404E1F5CB} <F:\BLUESK~1\BLUESK~2.OCX, 蓝天工作室(http://www.bluesky.cn)>
[Display Control]
{A1D97DB3-E564-4743-B2E7-6F5182CBF406} <F:\BLUESK~1\display.ocx, Bluesky Studio (http://www.bluesky.cn)>
[Tracechat Control]
{A40335C4-D3D1-4E7B-9130-039CDA5B603C} <F:\BLUESK~1\TRACEC~1.OCX, Bluesky Studio(http://www.bluesky.cn)>
[PPChat Control]
{AFB97F16-B7E8-4EB1-8133-FBD5AA2EBB3B} <F:\BLUESK~1\ppchat.ocx, Bluesky Studio(http://www.bluesky.cn)>
[Blueskyvoice Control]
{BA0F088C-72C1-475a-92F8-42391DEF6961} <F:\BLUESK~1\BLUESK~1.OCX, 蓝天工作室(http://www.bluesky.cn)>
[Client Control]
{C7B0C764-5D4E-433E-A854-591F28520577} <F:\BLUESK~1\client.ocx, >
[Play Control]
{CC20DDA1-9A21-4DEC-B5BE-E61E0351FCA9} <F:\BLUESK~1\play.ocx, Bluesky Studio (http://www.bluesky.cn)>
[Vod Class]
{EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <F:\迅雷\Components\DownAndPlay\DapPlayer1.0.0.41.dll, XunLei>
[使用迅雷下载]
<F:\迅雷\Program\GetUrl.htm, N/A>
[使用迅雷下载全部链接]
<F:\迅雷\Program\GetAllUrl.htm, N/A>
[添加到QQ表情]
<F:\QQ\AddEmotion.htm, N/A>
自由自在0 - 2007-7-27 14:22:00
==================================
正在运行的进程
[PID: 456 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 524 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 548 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[c:\progra~1\cqjf\pdws.dll] [, 5, 0, 0, 7]
[c:\progra~1\cqjf\uibx.dll] [ , 5, 0, 0, 7]
[PID: 596 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 608 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 784 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 852 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[c:\windows\system32\WINHTTP.dll] [Microsoft Corporation, 5.1.2600.1557 (xpsp2_gdr.040517-1325)]
[C:\WINDOWS\System32\wups.dll] [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
[PID: 992 / NETWORK SERVICE][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1020 / LOCAL SERVICE][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1232 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[PID: 1320 / SYSTEM][C:\Program Files\Rising\Rav\RavStub.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 1552 / s][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[C:\WINDOWS\System32\shlhook.dll] [Beijing Rising Technology Co., Ltd., 4.0.0.7]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[c:\progra~1\cqjf\pdws.dll] [, 5, 0, 0, 7]
[c:\progra~1\cqjf\uibx.dll] [ , 5, 0, 0, 7]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\WINDOWS\System32\xunleibho_v14.dll] [Thunder Networking Technologies,LTD, 4, 6, 0, 62]
[F:\迅雷\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.2.9]
[F:\迅雷\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 3, 11]
[F:\迅雷\Components\ResWorker\DsBho_00.dll] [, 1, 0, 0, 4]
[F:\迅雷\Components\ResWorker\DataProcessor_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 6]
[C:\WINDOWS\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1612 / s][c:\program files\rising\rfw\RfwMain.exe] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 72]
[c:\program files\rising\rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
[c:\program files\rising\rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[c:\program files\rising\rfw\RfwCtrl.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
[c:\program files\rising\rfw\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
[c:\program files\rising\rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[c:\progra~1\cqjf\pdws.dll] [, 5, 0, 0, 7]
[c:\progra~1\cqjf\uibx.dll] [ , 5, 0, 0, 7]
[PID: 1716 / s][C:\WINDOWS\SOUNDMAN.EXE] [Realtek Semiconductor Corp., 5.1.0.22]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[c:\progra~1\cqjf\pdws.dll] [, 5, 0, 0, 7]
[c:\progra~1\cqjf\uibx.dll] [ , 5, 0, 0, 7]
[PID: 1736 / s][C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe] [ATI Technologies, Inc., 6.14.10.5021]
[C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.CHS] [ATI Technologies, Inc., 6.14.10.5021]
[C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll] [ATI Technologies, Inc., 6.14.10.5021]
[C:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll] [ATI Technologies, Inc., 6.14.10.5021]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[c:\progra~1\cqjf\pdws.dll] [, 5, 0, 0, 7]
[c:\progra~1\cqjf\uibx.dll] [ , 5, 0, 0, 7]
[PID: 1756 / s][F:\qt\qttask.exe] [Apple Computer, Inc., 6.5]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[c:\progra~1\cqjf\pdws.dll] [, 5, 0, 0, 7]
[c:\progra~1\cqjf\uibx.dll] [ , 5, 0, 0, 7]
[PID: 1780 / s][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3427]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[c:\progra~1\cqjf\pdws.dll] [, 5, 0, 0, 7]
[c:\progra~1\cqjf\uibx.dll] [ , 5, 0, 0, 7]
[PID: 1812 / s][C:\Program Files\Rising\AntiSpyware\runiep.exe] [Beijing Rising Technology Co., Ltd., 4.0.0.15]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[c:\progra~1\cqjf\pdws.dll] [, 5, 0, 0, 7]
[c:\progra~1\cqjf\uibx.dll] [ , 5, 0, 0, 7]
[PID: 1852 / s][C:\WINDOWS\System32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[c:\progra~1\cqjf\pdws.dll] [, 5, 0, 0, 7]
[c:\progra~1\cqjf\uibx.dll] [ , 5, 0, 0, 7]
[PID: 980 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1108 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[c:\progra~1\cqjf\matp.dll] [ , 5, 0, 0, 7]
[c:\progra~1\cqjf\pdws.dll] [, 5, 0, 0, 7]
[c:\progra~1\cqjf\uibx.dll] [ , 5, 0, 0, 7]
[c:\progra~1\cqjf\rfyu.dll] [ , 5, 0, 0, 7]
[c:\progra~1\cqjf\iwpl.dll] [, 5, 0, 0, 7]
[PID: 1400 / LOCAL SERVICE][C:\WINDOWS\System32\SCardSvr.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1408 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1532 / SYSTEM][C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe] [Ulead Systems, Inc., 1, 0, 0, 3]
[PID: 1412 / LOCAL SERVICE][C:\WINDOWS\System32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: DNSRV(bld4act)]
[PID: 2964 / s][C:\Program Files\Rising\Rav\RsAgent.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 12]
[c:\progra~1\cqjf\pdws.dll] [, 5, 0, 0, 7]
[c:\progra~1\cqjf\uibx.dll] [ , 5, 0, 0, 7]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2984 / s][C:\WINDOWS\msagent\AgentSvr.exe] [Microsoft Corporation, 2.00.0.3422]
[c:\progra~1\cqjf\pdws.dll] [, 5, 0, 0, 7]
[c:\progra~1\cqjf\uibx.dll] [ , 5, 0, 0, 7]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\WINDOWS\system32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 3928 / s][F:\中信万通\hexin.exe] [上海核新软件技术有限公司, 2005, 11, 24, 1]
[c:\progra~1\cqjf\pdws.dll] [, 5, 0, 0, 7]
[c:\progra~1\cqjf\uibx.dll] [ , 5, 0, 0, 7]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\WINDOWS\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 660 / s][F:\中信万通\LiveUpdate.exe] [上海核新软件技术有限公司, 2005, 12, 3, 0]
[c:\progra~1\cqjf\pdws.dll] [, 5, 0, 0, 7]
[c:\progra~1\cqjf\uibx.dll] [ , 5, 0, 0, 7]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
自由自在0 - 2007-7-27 14:22:00
[PID: 3848 / s][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
[c:\progra~1\cqjf\pdws.dll] [, 5, 0, 0, 7]
[c:\progra~1\cqjf\uibx.dll] [ , 5, 0, 0, 7]
[C:\WINDOWS\System32\xunleibho_v14.dll] [Thunder Networking Technologies,LTD, 4, 6, 0, 62]
[F:\迅雷\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.2.9]
[F:\迅雷\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 3, 11]
[F:\迅雷\Components\ResWorker\DsBho_00.dll] [, 1, 0, 0, 4]
[F:\迅雷\Components\ResWorker\DataProcessor_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 6]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[C:\WINDOWS\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 396 / s][C:\WINDOWS\system32\cmd.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 2316 / s][C:\WINDOWS\System32\conime.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[c:\progra~1\cqjf\pdws.dll] [, 5, 0, 0, 7]
[c:\progra~1\cqjf\uibx.dll] [ , 5, 0, 0, 7]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1100 / s][C:\Program Files\Rising\AntiSpyware\Ras.exe] [Beijing Rising Technology Co., Ltd., 4.0.0.52]
[c:\progra~1\cqjf\pdws.dll] [, 5, 0, 0, 7]
[c:\progra~1\cqjf\uibx.dll] [ , 5, 0, 0, 7]
[C:\Program Files\Rising\AntiSpyware\RasGui.dll] [Beijing Rising Technology Co., Ltd., 2, 0, 0, 11]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1940 / s][C:\Program Files\WinRAR\WinRAR.exe] [N/A, ]
[c:\progra~1\cqjf\pdws.dll] [, 5, 0, 0, 7]
[c:\progra~1\cqjf\uibx.dll] [ , 5, 0, 0, 7]
[C:\WINDOWS\System32\Audiodev.dll] [Microsoft Corporation, 5.2.3790.3646 built by: DNSRV(bld4act)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 3208 / s][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
[c:\progra~1\cqjf\pdws.dll] [, 5, 0, 0, 7]
[c:\progra~1\cqjf\uibx.dll] [ , 5, 0, 0, 7]
[C:\WINDOWS\System32\xunleibho_v14.dll] [Thunder Networking Technologies,LTD, 4, 6, 0, 62]
[F:\迅雷\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.2.9]
[F:\迅雷\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 3, 11]
[F:\迅雷\Components\ResWorker\DsBho_00.dll] [, 1, 0, 0, 4]
[F:\迅雷\Components\ResWorker\DataProcessor_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 6]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\WINDOWS\System32\Audiodev.dll] [Microsoft Corporation, 5.2.3790.3646 built by: DNSRV(bld4act)]
[C:\WINDOWS\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[PID: 3688 / s][C:\DOCUME~1\s\LOCALS~1\Temp\Rar$EX34.782\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[c:\progra~1\cqjf\pdws.dll] [, 5, 0, 0, 7]
[c:\progra~1\cqjf\uibx.dll] [ , 5, 0, 0, 7]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\DOCUME~1\s\LOCALS~1\Temp\Rar$EX34.782\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. ["hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
N/A
==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 548, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1736, C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1756, F:\QT\QTTASK.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1780, C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1812, C:\PROGRAM FILES\RISING\ANTISPYWARE\RUNIEP.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2964, C:\PROGRAM FILES\RISING\RAV\RSAGENT.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3928, F:\中信万通\HEXIN.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 660, F:\中信万通\LIVEUPDATE.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 1100, C:\PROGRAM FILES\RISING\ANTISPYWARE\RAS.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1100, C:\PROGRAM FILES\RISING\ANTISPYWARE\RAS.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1940, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]
==================================
API HOOK
N/A
==================================
隐藏进程
[1904] C:\Documents and Settings\s\桌面\usrinit.exe
==================================
[/CODE]
© 2000 - 2026 Rising Corp. Ltd.