[CODE] 2008-08-15,09:27:45 System Repair Engineer 2.6.12.1018 Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能 以下内容被选中: 所有的启动项目(包括注册表、启动文件夹、服务等) 浏览器加载项 正在运行的进程(包括进程模块信息) 文件关联 Winsock 提供者 Autorun.inf HOSTS 文件 进程特权扫描 启动项目 注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] [(Verified)Microsoft Windows Publisher] <"e:\Program Files\Tencent\QQLive\MiniQQLive.exe"> [Tencent] <; E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog> [Time Information Services Ltd.] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <360Safetray> [(Verified)Qizhi Software (beijing) Co. Ltd] [CIDC] <"C:\Program Files\Rising\Rav\RavTask.exe" -system> [(Verified)Beijing Rising Information Technology Corporation Limited] <360Safebox><; "C:\Program Files\360Safebox\safeboxTray.exe" /r> [(Verified)Qizhi Software (beijing) Co. Ltd] <%systemroot%\system32\dumprep 0 -k> [File is missing] <360Antiarp><; C:\Program Files\360safe\antiarp\antiarp.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd] <"C:\Program Files\Rising\AntiSpyware\rstray.exe" /startup> [(Verified)Beijing Rising Information Technology Corporation Limited] <; "E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"> [Adobe Systems Incorporated] <; E:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup> [Nokia] <; "D:\Program Files\Thunder Network\Thunder\Thunder.exe" /s> [Thunder Networking Technologies,LTD] <; "D:\歌曲\WangWang\WangWang.EXE"> [(Verified)"Alibaba Software(Shanghai)Co,. Ltd"] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Component Publisher] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] [(Verified)Beijing Rising Information Technology Corporation Limited] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{32CD708B-60A7-4C00-9377-D73EAA495F0F}> [(Verified)Beijing Rising Information Technology Corporation Limited] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] <%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] [Microsoft Corporation] ================================== 启动文件夹 N/A ================================== 服务 [ASP.NET State Service / aspnet_state][Stopped/Manual Start] [Contrl Center of Storm Media / ccosm][Running/Auto Start] <北京暴风网际科技有限公司> [HD_CertService / HD_CertService][Running/Auto Start] <> [Human Interface Device Access / HidServ][Stopped/Disabled] %SystemRoot%\System32\hidserv.dll> [Rising Process Communication Center / RsCCenter][Running/Auto Start] <"C:\Program Files\Rising\Rav\CCenter.exe"> [Rising RealTime Monitor / RsRavMon][Stopped/Auto Start] <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"> [ServiceLayer / ServiceLayer][Stopped/Manual Start] <"C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe"> [World Wide Web Publishing Serv / World Wide Web Publishing Serv][Stopped/Auto Start] [World Wide Web Publishing Service / World Wide Web Publishing ServicWorld Wide Web Publishing Service][Stopped/Auto Start] ================================== 驱动程序 [17hu7rg / 17hu7rg4][Stopped/Boot Start] <\SystemRoot\System32\DRIVERS\17hu7rg4.sys> [360AntiArp / 360AntiArp][Running/System Start] <\??\C:\WINDOWS\system32\drivers\360AntiArp.sys><360安全中心> [Aero-Info PCI JScard / AIPCI_Device][Running/Manual Start] [Service for Avance AC97 Audio (WDM) / ALCXWDM][Running/Manual Start] [biicti8e / biicti8e][Stopped/Auto Start] <\??\C:\WINDOWS\system32\drivers\biicti8e.sys> [中国华大智能密码钥匙驱动程序 / CIDCUSB][Stopped/Manual Start] [HookCont / HookCont][Running/System Start] <\SystemRoot\system32\drivers\HookCont.sys> [HookNtos / HookNtos][Running/System Start] <\SystemRoot\system32\drivers\HookNtos.sys> [HookReg / HookReg][Running/System Start] <\SystemRoot\system32\drivers\HookReg.sys> [HookSys / HookSys][Running/System Start] <\SystemRoot\system32\drivers\HookSys.sys> [HSFHWBS2 / HSFHWBS2][Running/Manual Start] [HSF_DP / HSF_DP][Running/Manual Start] [mdmxsdk / mdmxsdk][Running/Auto Start] [Nokia USB Generic / Nokia USB Generic][Stopped/Manual Start] [Nokia USB Modem / Nokia USB Modem][Stopped/Manual Start] [Nokia USB Phone Parent / Nokia USB Phone Parent][Stopped/Manual Start] [npkcrypt / npkcrypt][Stopped/Manual Start] <\??\C:\WINDOWS\system32\npkcrypt.sys> [npkycryp / npkycryp][Stopped/Manual Start] <\??\C:\WINDOWS\system32\npkycryp.sys> [nv / nv][Running/Manual Start] [DDK PACKET Protocol / Packet][Running/Manual Start] <360安全中心> [Direct Parallel Link Driver / Ptilink][Running/Manual Start] [RsNTGDI / RsNTGDI][Running/Boot Start] <\SystemRoot\system32\Drivers\RsNTGdi.sys> [Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start] [SafeBoxKrnl / SafeBoxKrnl][Running/System Start] <\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心> [Secdrv / Secdrv][Stopped/Manual Start] [Sense3 / Sense3][Running/Auto Start] [Sentinel / Sentinel][Running/Auto Start] <\SystemRoot\System32\Drivers\SENTINEL.SYS> [SIS AGP Bus Filter / sisagp][Running/Boot Start] <\SystemRoot\system32\DRIVERS\sisagp.sys> [Superk53 / Superk53][Running/Auto Start] <\SystemRoot\System32\drivers\superk53.sys> [TAX20002 SMART KEY DRIVER / TAX20002][Stopped/Manual Start] [usbmouseb / usbmouseb][Running/Manual Start] <\??\C:\WINDOWS\SYSTEM32\drivers\gwm.sys> [winachsf / winachsf][Running/Manual Start] ================================== 浏览器加载项 [ThunderAtOnce Class] {01443AEC-0FD1-40fd-9C87-E93D1494C233} [Flashget Catch Url Class] {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} [卡卡上网安全助手] {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} [SafeMon Class] {B69F34DD-F0F9-42DC-9EDD-957187DA688D} [gFlash Class] {F156768E-81EF-470C-9057-481BA8380DBA} [启动迅雷5] {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} [番茄花园] {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} [快车] {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [快车(FlashGet)] {E0E899AB-F487-11D5-8D29-0050BA6940E3} [MMCPlayer Class] {05C1004E-2596-48E5-8E26-39362985EEB9} [MeadCo ScriptX] {1663ed61-23eb-11d2-b92f-008048fdd814} [Windows Genuine Advantage Validation Tool] {17492023-C23A-453E-A040-C7C580BBF700} [InstallHelper Class] {1DABF8D5-8430-4985-9B7F-A30E53D709B3} [iTrusPTA Class] {1E0DFFCF-27FF-4574-849B-55007349FEDA} [PhotoDraw Class] {2375BEE5-F175-4F1C-81EC-8E4E2E72E2DD} [Snapfish Activia] {406B5949-7190-4245-91A9-30A17DE16AD0} [GDPACtrl Class] {49FE0D13-6E3D-4208-8FCA-2D587667825B} [Koal SignX Control 1.0] {57A1AA83-D974-4A12-8475-DAAEE04D237C} [Filetran Control] {88734439-46D0-42C0-A13F-7E881EE550CF} [RavOnline Class] {9FAFB576-6933-4CCC-AB3D-B988EC43D04E} [Submit Class] {A3CD7F74-93C9-4BC4-B892-CCDF1514F714} [Settings Class] {A996E48C-D3DC-4244-89F7-AFA33EC60679} [Tencent Safety Online Base Module] {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} [QQChatInstallerHelper Class] {C4DC211B-EDED-4EE1-9821-48E807DAF121} > [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [Rising Web Scan Object] {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} [PasswordEditCtrl Class] {E787FD25-8D7C-4693-AE67-9406BC6E22DF} [] {00000AAA-A363-466E-BEF5-9BB68697AA7F} <, > [ThunderAtOnce Class] {01443AEC-0FD1-40FD-9C87-E93D1494C233} [WebThunder Class] {03507A1A-E0C5-4404-AA26-205385C0892D} <, > [MMCPlayer Class] {05C1004E-2596-48E5-8E26-39362985EEB9} [] {06849E9E-C8D7-4D59-B87D-784B7D6BE0B3} <, > [] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <, > [Web Browser Applet Control] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [] {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <, > [GerneralPeerID Class] {0A47E819-F82E-4D5D-B806-6A9EA94D68CD} [CEnroll Class] {127698E4-E730-4E5C-A2B1-21490A70C8A1} [MeadCo ScriptX] {1663ED61-23EB-11D2-B92F-008048FDD814} [MeadCo Extended HTML Printing] {1663ED6A-23EB-11D2-B92F-008048FDD814} [Windows Genuine Advantage Validation Tool] {17492023-C23A-453E-A040-C7C580BBF700} [EWA Control] {18226BF8-DC0B-4D81-80E9-A41AE37BB73A} [InstallHelper Class] {1DABF8D5-8430-4985-9B7F-A30E53D709B3} [iTrusPTA Class] {1E0DFFCF-27FF-4574-849B-55007349FEDA} [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} [Recorder Control] {2423AB16-9F42-457B-A337-FE3B11964DB0} [HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\Mshtml.dll, (Signed) N/A> [ctl4RA Class] {27984DB8-C851-439E-B625-81740482BE7C} [DHTML Edit Control Safe for Scripting for IE5] {2D360201-FFF5-11D1-8D03-00A0C959BC0A} [BlueskyVideo Control] {2EA6D939-4445-43F1-A12B-8CB3DDA8B855} [Ppd Control] {2F2BA87D-385E-4922-B41C-06E190B06AA9} [Flashget Catch Url Class] {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} [Share Control] {3072B1F1-0C4D-4E76-A7C6-FBAF129DBCC9} [Tabular Data Control] {333C7BC4-460F-11D0-BC04-0080C7055A83} [] {38938D4F-8A48-44C2-945F-D2F23F771410} <, > [] {38938D50-8A48-44C2-945F-D2F23F771410} <, > [Snapfish Activia] {406B5949-7190-4245-91A9-30A17DE16AD0} [Thunder Agent Class] {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} [EditCtrl Class] {488A4255-3236-44B3-8F27-FA1AECAA8844} [GDPACtrl Class] {49FE0D13-6E3D-4208-8FCA-2D587667825B} [HHCtrl Object] {52A2AAAE-085D-4187-97EA-8C30DB990436} [Shell Name Space] {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A> [Koal SignX Control 1.0] {57A1AA83-D974-4A12-8475-DAAEE04D237C} [Traceppd Control] {5910C66C-F9BA-4306-8175-C098B7F0ED62} [] {5F35B79B-CDA0-456F-B3A3-B4DE806E8634} <, > [EyeOnIE Class] {5F35B79C-CDA0-456F-B3A3-B4DE806E8634} [] {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <, > [PP Control] {616DACC1-C5E6-4646-B36A-3FA4FC726BAD} [InfoSecNetSign Class] {62B938C4-4190-4F37-8CF0-A92B0A91CC77} [WUWebControl Class] {6414512B-B978-451D-A0D8-FCFDF33E833C} [] {6451F285-9E41-4D8C-813D-794CA7BFEAB4} <, > [XMP Class] {6483F145-A768-4C41-AACC-52D4D7845851} [XDRM] {693571CB-54A3-4E90-9D52-EEAE1334E2D3} [StormPlayer Object] {6BE52E1D-E586-474F-A6E2-1A85A9B4D9FB} [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} [CCtInf Class] {6DBB2904-082D-4DB0-944A-21C22BA121F4} [WangWangObj Class] {6E213FC7-DD5A-4115-B7E6-D4C7838C361E} [] {7005341F-8E42-47E3-987B-3DBE6288048C} <, > [Active Desktop Mover] {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, (Signed) N/A> [Videohelp Control] {75B75D86-D88B-4BEA-BC59-BFD9D7300518} [MediaComm Class] {7670648D-461B-42AF-BDFE-46D26AF5EFF2} [] {78B2F60E-AFA5-4D3D-A49E-2BFF013D9D23} <, > [] {7E853D72-626A-48EC-A868-BA8D5E23E045} <, > [360SafeLive] {87515F61-A66C-4319-A0E0-D416CB8059E3} [] {8819C261-5B61-4628-908C-9BE795EABEC3} <, > [Microsoft Web 浏览器] {8856F961-340A-11D0-A96B-00C04FD705A2} [Filetran Control] {88734439-46D0-42C0-A13F-7E881EE550CF} [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} [SopCore Control] {8FEFF364-6A5F-4966-A917-A3AC28411659} [LiveMediaOcx Control] {9242BB35-0DB0-43AC-8DFC-8EA07E63B92A} [Chat Control] {94EFE58C-E678-4808-AD65-24CE4B94C1FE} [] {962EFB8E-2683-42D4-AC74-AAA4C759B9C6} <, > [卡卡上网安全助手] {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} [Blueskyvoice Control] {991481A7-4669-4e15-8C24-100404E1F5CB} [Display Control] {A1D97DB3-E564-4743-B2E7-6F5182CBF406} [Submit Class] {A3CD7F74-93C9-4BC4-B892-CCDF1514F714} [Tracechat Control] {A40335C4-D3D1-4E7B-9130-039CDA5B603C} [Settings Class] {A996E48C-D3DC-4244-89F7-AFA33EC60679} [RMGetLicense Class] {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} [Imgsend Control] {AA1561BF-D290-4060-919B-499849629205} [DapCtrl Class] {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} [Microsoft Scriptlet Component] {AE24FDAE-03C6-11D1-8B76-0080C744F389} [PPChat Control] {AFB97F16-B7E8-4EB1-8133-FBD5AA2EBB3B} [] {B158A0B2-2996-4ED6-874A-1677B3F1F631} <, > [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A> [SafeMon Class] {B69F34DD-F0F9-42DC-9EDD-957187DA688D} [Blueskyvoice Control] {BA0F088C-72C1-475a-92F8-42391DEF6961} [RDS.DataSpace] {BD96C556-65A3-11D0-983A-00C04FC29E36} [] {C07405FD-84D1-4A25-94E8-68609EA8335B} <, > [Tencent Safety Online Base Module] {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} [Client Control] {C7B0C764-5D4E-433E-A854-591F28520577} [] {C86488AF-13D5-4FEF-9DDF-9FB88698CFC1} <, > [Play Control] {CC20DDA1-9A21-4DEC-B5BE-E61E0351FCA9} [AUDIO__MID Moniker Class] {CD3AFA74-B84F-48F0-9393-7EDC34128127} [AUDIO__MP3 Moniker Class] {CD3AFA76-B84F-48F0-9393-7EDC34128127} [AUDIO__X_MS_WMA Moniker Class] {CD3AFA84-B84F-48F0-9393-7EDC34128127} [VIDEO__X_MS_WMV Moniker Class] {CD3AFA94-B84F-48F0-9393-7EDC34128127} [RealPlayer G2 Control] {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [] {D6E814A0-E0C5-11D4-8D29-0050BA6940E3} <, > [快车(FlashGet)] {E0E899AB-F487-11D5-8D29-0050BA6940E3} [PasswordEditCtrl Class] {E787FD25-8D7C-4693-AE67-9406BC6E22DF} [ReportEngine Control] {EA8E5DF3-7E85-4286-B07A-11650AE4ED5E} [safeInput Class] {ECCBA953-80E5-11D3-9285-0080ADB811C5} [safeInput Class] {ECCBA956-80E5-11D3-9285-0080ADB811C9} [] {EE60714F-AC17-427E-861A-FD60CBDF119A} <, > [Thunder DapPlayer] {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} [gFlash Class] {F156768E-81EF-470C-9057-481BA8380DBA} [XPPlayer Class] {F3E70CEA-956E-49CC-B444-73AFE593AD7F} [] {F90D830D-C175-4bbe-82C7-FF94669A4C42} <, > [JetCarNetscape Class] {FB5DA724-162B-11D3-8B9B-AA70B4B0B524} [] {FE3FCAE7-0A37-4506-8A7D-3CC9A04D2CA8} <, > [] {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} <, > [使用迅雷下载] [使用迅雷下载全部链接] [在Foxmail中添加该RSS频道/频道组] [添加到QQ表情] ================================== 正在运行的进程 [PID: 504 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 576 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 600 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 644 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 664 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\SYSTEM32\gwm.dll] [Microsoft Corporation, 5, 0, 2195, 3649] [PID: 812 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 872 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 952 / SYSTEM][C:\Program Files\Rising\Rav\CCenter.exe] [Beijing Rising Information Technology Co., Ltd., 20.0.0.33] [PID: 972 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1024 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1124 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1184 / SYSTEM][C:\PROGRAM FILES\RISING\RAV\ravmond.exe] [Beijing Rising Information Technology Co., Ltd., 20.0.0.80] [C:\PROGRAM FILES\RISING\RAV\BWList.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.5] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.1] [C:\PROGRAM FILES\RISING\RAV\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.19] [C:\PROGRAM FILES\RISING\RAV\RsLog.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.36] [C:\PROGRAM FILES\RISING\RAV\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [C:\PROGRAM FILES\RISING\RAV\MonRule.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.29] [C:\PROGRAM FILES\RISING\RAV\Hooksys.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 12] [C:\PROGRAM FILES\RISING\RAV\HookReg.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6] [C:\PROGRAM FILES\RISING\RAV\HookNtos.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5] [C:\PROGRAM FILES\RISING\RAV\rswalmon.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 24] [C:\PROGRAM FILES\RISING\RAV\recomp.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 40] [C:\PROGRAM FILES\RISING\RAV\refs.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18] [C:\PROGRAM FILES\RISING\RAV\ffr.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 16] [C:\Program Files\Rising\Rav\RsStore.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.9] [C:\PROGRAM FILES\RISING\RAV\HookCont.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3] [C:\Program Files\Rising\Rav\fakescan.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.14] [C:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.39] [C:\PROGRAM FILES\RISING\RAV\viruslib.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27] [C:\PROGRAM FILES\RISING\RAV\relibldr.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17] [C:\PROGRAM FILES\RISING\RAV\HookWeb.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.3] [C:\PROGRAM FILES\RISING\RAV\nvfile.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 7] [C:\PROGRAM FILES\RISING\RAV\scanexec.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [C:\PROGRAM FILES\RISING\RAV\unexe.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 6] [C:\PROGRAM FILES\RISING\RAV\scanex.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 87] [C:\PROGRAM FILES\RISING\RAV\pearc.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 8] [C:\PROGRAM FILES\RISING\RAV\extfile.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 32] [C:\PROGRAM FILES\RISING\RAV\scanpack.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10] [C:\PROGRAM FILES\RISING\RAV\revm.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 11] [C:\PROGRAM FILES\RISING\RAV\urutils.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 7] [C:\PROGRAM FILES\RISING\RAV\ur000.dat] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 19] [C:\PROGRAM FILES\RISING\RAV\scriptci.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 4] [C:\PROGRAM FILES\RISING\RAV\uroutine.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27] [C:\PROGRAM FILES\RISING\RAV\ur001.dat] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 4] [C:\PROGRAM FILES\RISING\RAV\scansct.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10] [C:\PROGRAM FILES\RISING\RAV\ur023.dat] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 3] [C:\PROGRAM FILES\RISING\RAV\extmail.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10] [PID: 1252 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)] [PID: 1316 / LOCAL SERVICE][C:\WINDOWS\System32\SCardSvr.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\System32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 24] [PID: 1480 / SYSTEM][C:\PROGRAM FILES\RISING\RAV\RavStub.exe] [Beijing Rising Information Technology Co., Ltd., 20.0.0.10] [C:\PROGRAM FILES\RISING\RAV\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17] [PID: 1588 / SYSTEM][d:\Program Files\StormII\stormliv.exe] [北京暴风网际科技有限公司, 3, 8, 3, 15] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 24] [PID: 1612 / SYSTEM][C:\Program Files\95599 Certificate Tools\CIDC\HD_CertService.exe] [, 1, 0, 0, 4] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 24] [PID: 920 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 24] [c:\documents and settings\administrator\application data\ppstream\bin\1.0.0.2\vodrc.dll] [ppstream.com, 1.0.0.2] [E:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll] [Nokia, 6, 81, 46, 1] [E:\Program Files\Nokia\Nokia PC Suite 6\PCSCM.dll] [Nokia, 6, 81, 68, 0] [C:\WINDOWS\system32\ConnAPI.DLL] [Nokia., 6, 81, 62, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [E:\Program Files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_chi-sc.nlr] [Nokia, 6, 81, 29, 0] [E:\Program Files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr] [Nokia, 6, 81, 11, 0] [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001] [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0] [C:\WINDOWS\SYSTEM32\gwm.dll] [Microsoft Corporation, 5, 0, 2195, 3649] [d:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.5.29] [C:\PROGRA~1\FLASHGET\jccatch.dll] [www.flashget.com, 1, 8, 0, 1003] [D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 96] [D:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 20] [D:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 16] [C:\PROGRA~1\FLASHGET\fgmgr.dll] [www.flashget.com, 1, 8, 0, 1001] [C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.18] [C:\Program Files\WinRAR\rarext.dll] [N/A, ] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17] [PID: 1000 / Administrator][C:\Program Files\95599 Certificate Tools\CIDC\RegCertTool.exe] [CIDC, 1, 0, 0, 12] [C:\WINDOWS\system32\HDIFD20B.dll] [CIDC., 1, 0, 17, 29] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 24] [PID: 1656 / Administrator][C:\Program Files\Rising\Rav\RavTask.exe] [Beijing Rising Information Technology Co., Ltd., 20.0.0.24] [C:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [C:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17] [C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Information Technology Co., Ltd., 20.0.0.1] [C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.19] [PID: 1672 / Administrator][C:\Program Files\Rising\Rav\Ravmon.exe] [Beijing Rising Information Technology Co., Ltd., 20.0.01.24] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [C:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17] [C:\Program Files\Rising\Rav\recomp.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 40] [C:\Program Files\Rising\Rav\refs.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18] [C:\Program Files\Rising\Rav\viruslib.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27] [C:\Program Files\Rising\Rav\relibldr.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17] [C:\Program Files\Rising\Rav\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.1] [C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.19] [C:\Program Files\Rising\Rav\MonRule.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.29] [C:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5] [C:\Program Files\Rising\Rav\Rsguilib.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 90] [C:\Program Files\Rising\Rav\RsXML.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2] [PID: 1752 / Administrator][C:\Program Files\360safe\antiarp\antiarp.exe] [360安全中心, 2, 0, 0, 1008] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 24] [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001] [PID: 1776 / Administrator][C:\Program Files\Rising\AntiSpyware\rstray.exe] [Beijing Rising Information Technology Co., Ltd., 21.0.0.15] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 24] [C:\Program Files\Rising\AntiSpyware\rsmginfo.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 8] [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001] [C:\Program Files\Rising\AntiSpyware\RsXML.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2] [C:\Program Files\Rising\AntiSpyware\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Rising\AntiSpyware\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Rising\AntiSpyware\ComServ.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.31] [C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [C:\Program Files\Rising\AntiSpyware\rscommon.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.1.1] [C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.24] [C:\Program Files\Rising\AntiSpyware\pngdll.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5] [C:\Program Files\Rising\AntiSpyware\runiep.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.32] [C:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [C:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.18] [PID: 1640 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 24] [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001] [C:\PROGRA~1\FLASHGET\fgmgr.dll] [www.flashget.com, 1, 8, 0, 1001] [PID: 1720 / Administrator][E:\Program Files\Tencent\QQLive\MiniQQLive.exe] [Tencent, 6.10.3612.6] [E:\Program Files\Tencent\QQLive\LiveUtlt.dll] [Tencent, 6.10.3612.6] [E:\Program Files\Tencent\QQLive\log.dll] [N/A, ] [E:\Program Files\Tencent\QQLive\MSVCP80.dll] [Microsoft Corporation, 8.00.50727.762] [E:\Program Files\Tencent\QQLive\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762] [E:\Program Files\Tencent\QQLive\MFC80U.DLL] [Microsoft Corporation, 8.00.50727.762] [E:\Program Files\Tencent\QQLive\XMLParser.dll] [Tencent, 6.10.3612.6] [E:\Program Files\Tencent\QQLive\ExceptCatch.dll] [Tencent, 6.10.3612.6] [E:\Program Files\Tencent\QQLive\Skin.dll] [Tencent, 6.10.3612.6] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 24] [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001] [e:\Program Files\Tencent\QQLive\ADManage.dll] [Tencent, 6.10.3612.6] [e:\Program Files\Tencent\QQLive\proxy.dll] [N/A, ] [e:\Program Files\Tencent\QQLive\Encrypt.dll] [N/A, ] [e:\Program Files\Tencent\QQLive\ATL80.DLL] [Microsoft Corporation, 8.00.50727.762] [e:\Program Files\Tencent\QQLive\P2PDownload.dll] [Tencent, 6.10.3612.6] [e:\Program Files\Tencent\QQLive\vqqsdl.dll] [Tencent Technology (Shenzhen) Company Limited, 2, 0, 107, 10] [C:\PROGRA~1\FLASHGET\fgmgr.dll] [www.flashget.com, 1, 8, 0, 1001] [PID: 2180 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\System32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 24] [C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.24] [C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [PID: 2852 / Administrator][C:\Program Files\Rising\Rav\Rav.exe] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 72] [C:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [C:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [C:\Program Files\Rising\Rav\Rsguilib.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 90] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Rising\Rav\RsXML.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2] [C:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5] [C:\Program Files\Rising\Rav\RsCommon.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17] [C:\Program Files\Rising\Rav\ravpagem.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 1, 8] [C:\Program Files\Rising\Rav\htmllib.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.17] [C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.18] [C:\Program Files\Rising\Rav\ravpagew.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 89] [C:\Program Files\Rising\Rav\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.1] [C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.19] [c:\documents and settings\administrator\application data\ppstream\bin\1.0.0.2\vodrc.dll] [ppstream.com, 1.0.0.2] [C:\Program Files\Rising\Rav\fakescan.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.14] [C:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.39] [C:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.5] [C:\Program Files\Rising\Rav\SysMail.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.11] [C:\Program Files\Rising\Rav\recomp.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 40] [C:\Program Files\Rising\Rav\refs.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18] [C:\Program Files\Rising\Rav\viruslib.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27] [C:\Program Files\Rising\Rav\relibldr.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17] [C:\Program Files\Rising\Rav\mvengine.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17] [C:\Program Files\Rising\Rav\posttrt.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 24] [C:\Program Files\Rising\Rav\ffr.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 16] [C:\Program Files\Rising\Rav\nvfile.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 7] [C:\Program Files\Rising\Rav\scanexec.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [C:\Program Files\Rising\Rav\unexe.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 6] [C:\Program Files\Rising\Rav\scanex.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 87] [C:\Program Files\Rising\Rav\pearc.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 8] [C:\Program Files\Rising\Rav\extfile.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 32] [C:\Program Files\Rising\Rav\RsLog.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.36] [C:\Program Files\Rising\Rav\scanpack.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10] [C:\Program Files\Rising\Rav\revm.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 11] [C:\Program Files\Rising\Rav\urutils.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 7] [C:\Program Files\Rising\Rav\ur000.dat] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 19] [C:\Program Files\Rising\Rav\extole.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 13] [C:\Program Files\Rising\Rav\scansct.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10] [C:\Program Files\Rising\Rav\extmail.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10] [C:\Program Files\Rising\Rav\scriptci.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 4] [C:\Program Files\Rising\Rav\uroutine.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27] [C:\Program Files\Rising\Rav\ur001.dat] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 4] [C:\Program Files\Rising\Rav\ur023.dat] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 3] [C:\Program Files\Rising\Rav\scanmac.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10] [C:\Program Files\Rising\Rav\ur004.dat] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5] [PID: 3696 / Administrator][C:\WINDOWS\system32\WgaTray.exe] [Microsoft Corporation, 1.7.0018.5] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 24] [C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.24] [C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001] [C:\WINDOWS\system32\NpOpenStore.dll] [N/A, ] [C:\WINDOWS\system32\NPCard.dll] [N/A, ] [C:\WINDOWS\system32\RsaFun.dll] [N/A, ] [C:\WINDOWS\system32\GPKPCSC.dll] [N/A, ] [PID: 2972 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 24] [C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.24] [C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [C:\PROGRA~1\FLASHGET\fgmgr.dll] [www.flashget.com, 1, 8, 0, 1001] [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001] [c:\documents and settings\administrator\application data\ppstream\bin\1.0.0.2\vodrc.dll] [ppstream.com, 1.0.0.2] [d:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.5.29] [C:\PROGRA~1\FLASHGET\jccatch.dll] [www.flashget.com, 1, 8, 0, 1003] [D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 96] [D:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 20] [D:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 16] [C:\WINDOWS\system32\UrlFilter.dll] [Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 15] [C:\Program Files\Rising\AntiSpyware\UrlRule.dll] [Beijing Rising Information Technology Co., Ltd., 1.0.0.15] [C:\Program Files\FlashGet\getflash.dll] [, 1, 0, 0, 1] [C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5] [C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx] [Adobe Systems, Inc., 9,0,124,0] [C:\WINDOWS\system32\JPWB.IME] [常诚研制, 4.00.950] [D:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 4, 23] [C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.18] [PID: 3148 / Administrator][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 24] [C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.24] [C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [C:\PROGRA~1\FLASHGET\fgmgr.dll] [www.flashget.com, 1, 8, 0, 1001] [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001] [PID: 2500 / Administrator][C:\WINDOWS\123.com] [Smallfrogs Studio, 2.6.12.1018] [PID: 3360 / Administrator][C:\WINDOWS\SREe29657e2.EXE] [Smallfrogs Studio, 2.6.12.1018] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 24] [C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.24] [C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [C:\PROGRA~1\FLASHGET\fgmgr.dll] [www.flashget.com, 1, 8, 0, 1001] [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001] [C:\WINDOWS\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15] [C:\WINDOWS\system32\NpOpenStore.dll] [N/A, ] [C:\WINDOWS\system32\NPCard.dll] [N/A, ] [C:\WINDOWS\system32\RsaFun.dll] [N/A, ] [C:\WINDOWS\system32\GPKPCSC.dll] [N/A, ] [c:\documents and settings\administrator\application data\ppstream\bin\1.0.0.2\vodrc.dll] [ppstream.com, 1.0.0.2] ================================== 文件关联 .TXT Error. [C:\WINDOWS\notepad.exe %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM Error. ["hh.exe" %1] .HLP Error. [C:\WINDOWS\winhlp32.exe %1] .INI Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1] .INF Error. [C:\WINDOWS\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 N/A ================================== Autorun.inf N/A ================================== HOSTS 文件 127.0.0.1 localhost 127.0.0.1 c0mo.com 127.0.0.1 gxgxy.net 127.0.0.1 444.gmwo07.com 127.0.0.1 333.gmwo07.com 127.0.0.1 222.gmwo07.com 127.0.0.1 111.gmwo07.com 127.0.0.1 haha.yaoyao09.com 127.0.0.1 www.noseqing.cn 127.0.0.1 fg.pvs360.com 127.0.0.1 cw.pvs360.com 127.0.0.1 ta.pvs360.com 127.0.0.1 dl.pvs360.com 127.0.0.1 ok.sl8cjs.cn 127.0.0.1 nc.mskess.com 127.0.0.1 idc.windowsupdeta.cn 127.0.0.1 pvs360.com 127.0.0.1 sl8cjs.cn 127.0.0.1 windowsupdeta.cn 127.0.0.1 up.22x44.com 127.0.0.1 my.531jx.cn 127.0.0.1 nx.51ylb.cn 127.0.0.1 llboss.com 127.0.0.1 down.malasc.cn 127.0.0.1 d2.llsging.com 127.0.0.1 171817.171817.com 127.0.0.1 wg.47255.com 127.0.0.1 www.tomwg.com 127.0.0.1 tp.shpzhan.cn 127.0.0.1 1.joppnqq.com 127.0.0.1 xx.exiao01.com 127.0.0.1 www.22aaa.com 127.0.0.1 ilove.com 127.0.0.1 xxx.mmma.biz 127.0.0.1 www.868wg.com 127.0.0.1 2.joppnqq.com 127.0.0.1 1.jopanqc.com 127.0.0.1 yu.8s7.net 127.0.0.1 1.jopmmqq.com 127.0.0.1 cao.kv8.info 127.0.0.1 xtx.kv8.info 127.0.0.1 new.749571.com 127.0.0.1 xxx.vh7.biz 127.0.0.1 1.jopenkk.com 127.0.0.1 d.93se.com 127.0.0.1 3.joppnqq.com 127.0.0.1 xxx.j41m.com 127.0.0.1 1.jopenqc.com 127.0.0.1 xxx.m111.biz 127.0.0.1 down.18dd.net 127.0.0.1 www.333292.com 127.0.0.1 qqq.hao1658.com 127.0.0.1 qqq.dzydhx.com 127.0.0.1 www.exiao01.com 127.0.0.1 www.cike007.cn ================================== 进程特权扫描 特殊特权被允许: SeLoadDriverPrivilege [PID = 1000, C:\PROGRAM FILES\95599 CERTIFICATE TOOLS\CIDC\REGCERTTOOL.EXE] 特殊特权被允许: SeLoadDriverPrivilege [PID = 1720, E:\PROGRAM FILES\TENCENT\QQLIVE\MINIQQLIVE.EXE] 特殊特权被允许: SeLoadDriverPrivilege [PID = 2500, C:\WINDOWS\123.COM] ================================== API HOOK 入口点错误:NtCreateFile (危险等级: 高, 被下面模块所HOOK: 0x003C55BD) 入口点错误:NtCreateKey (危险等级: 高, 被下面模块所HOOK: 0x003C575D) 入口点错误:NtLoadDriver (危险等级: 高, 被下面模块所HOOK: 0x003C5EAD) 入口点错误:NtSetValueKey (危险等级: 高, 被下面模块所HOOK: 0x003C582D) 入口点错误:NtWriteFile (危险等级: 高, 被下面模块所HOOK: 0x003C568D) 入口点错误:ZwCreateFile (危险等级: 高, 被下面模块所HOOK: 0x003C55BD) 入口点错误:ZwCreateKey (危险等级: 高, 被下面模块所HOOK: 0x003C575D) 入口点错误:ZwSetValueKey (危险等级: 高, 被下面模块所HOOK: 0x003C582D) 入口点错误:ZwWriteFile (危险等级: 高, 被下面模块所HOOK: 0x003C568D) 入口点错误:CreateServiceA (危险等级: 高, 被下面模块所HOOK: 0x003C5B6D) 入口点错误:CreateServiceW (危险等级: 高, 被下面模块所HOOK: 0x003C5C3D) 入口点错误:LoadLibraryA (危险等级: 高, 被下面模块所HOOK: 0x003C686D) 入口点错误:CreateFileW (危险等级: 高, 被下面模块所HOOK: 0x003C638D) 入口点错误:CreateProcessA (危险等级: 高, 被下面模块所HOOK: 0x003C679D) 入口点错误:CreateProcessW (危险等级: 高, 被下面模块所HOOK: 0x003C65FD) ================================== 隐藏进程 N/A ================================== [/CODE]