[CODE] 2009-08-30,23:23:30 System Repair Engineer 2.8.1.1279 Smallfrogs (http://www.KZTechs.com) Windows Vista Ultimate Edition Service Pack 1 (Build 6001) - 管理权限用户 - 完整功能 以下内容被选中: 所有的启动项目(包括注册表、启动文件夹、服务等) 浏览器加载项 正在运行的进程(包括进程模块信息) 文件关联 Winsock 提供者 Autorun.inf HOSTS 文件 进程特权扫描 计划任务 Windows 安全更新检查 API HOOK 隐藏进程 启动项目 注册表 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <"C:\Program Files (x86)\Rising\Ris\RsTray.exe" -system> [(Verified)Beijing Rising Information Technology Corporation Limited] [VMware, Inc.] <"L:\vmw\hqtray.exe"> [VMware, Inc.] <"C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe"> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows] [(Verified)Microsoft Windows] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] [(Verified)Microsoft Windows] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] <%SystemRoot%\system32\unregmp2.exe /ShowWMP> [(Verified)Microsoft Windows] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] [(Verified)Microsoft Windows] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] <"C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP> [(Verified)Microsoft Windows] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] <%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <"%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] <%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI> [(Verified)Microsoft Windows] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] [(Verified)Microsoft Windows] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] [(Verified)Microsoft Windows] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] [(Verified)Microsoft Windows] ================================== 启动文件夹 N/A ================================== 服务 [Application Experience / AeLookupSvc][Running/Auto Start] %SystemRoot%\System32\aelupsvc.dll> [NVIDIA Display Driver Service / nvsvc][Running/Auto Start] [Program Compatibility Assistant Service / PcaSvc][Running/Auto Start] %SystemRoot%\System32\pcasvc.dll> [Plug and Play / PlugPlay][Running/Auto Start] %SystemRoot%\system32\umpnpmgr.dll> [IPsec Policy Agent / PolicyAgent][Running/Auto Start] %SystemRoot%\System32\ipsecsvc.dll> [User Profile Service / ProfSvc][Running/Auto Start] %systemroot%\system32\profsvc.dll> [Ris Process Communication Center / RisCCenter][Stopped/Auto Start] [Rising RisTask Manager / RisTask][Running/Auto Start] <"C:\Program Files (x86)\Rising\Ris\RavTask.exe" RisTask> [Rising RealTime Monitor / RsRavMon][Stopped/Auto Start] [Rising Scan Service / RsScanSrv][Stopped/Auto Start] [ServiceLayer / ServiceLayer][Stopped/Manual Start] <"C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe"> [Internet Connection Sharing (ICS) / SharedAccess][Stopped/Disabled] %SystemRoot%\System32\ipnathlp.dll> [VMware Agent Service / ufad-ws60][Stopped/Manual Start] [VMware Authorization Service / VMAuthdService][Running/Auto Start] [VMware DHCP Service / VMnetDHCP][Running/Auto Start] [VMware Virtual Mount Manager Extended / vmount2][Running/Auto Start] <"C:\Program Files (x86)\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe"> [VMware NAT Service / VMware NAT Service][Running/Auto Start] [Windows Defender / WinDefend][Running/Auto Start] %ProgramFiles%\Windows Defender\mpsvc.dll> [Windows Management Instrumentation / Winmgmt][Running/Auto Start] %SystemRoot%\system32\wbem\WMIsvc.dll> [WLAN AutoConfig / Wlansvc][Stopped/Manual Start] %SystemRoot%\System32\wlansvc.dll> ================================== 驱动程序 [adp94xx / adp94xx][Stopped/Disabled] <\SystemRoot\system32\drivers\adp94xx.sys> [adpahci / adpahci][Stopped/Disabled] <\SystemRoot\system32\drivers\adpahci.sys> [adpu160m / adpu160m][Stopped/Disabled] <\SystemRoot\system32\drivers\adpu160m.sys> [adpu320 / adpu320][Stopped/Disabled] <\SystemRoot\system32\drivers\adpu320.sys> [aic78xx / aic78xx][Stopped/Disabled] <\SystemRoot\system32\drivers\djsvs.sys> [aliide / aliide][Stopped/Disabled] <\SystemRoot\system32\drivers\aliide.sys> [arc / arc][Stopped/Disabled] <\SystemRoot\system32\drivers\arc.sys> [arcsas / arcsas][Stopped/Disabled] <\SystemRoot\system32\drivers\arcsas.sys> [blbdrive / blbdrive][Stopped/Disabled] <\SystemRoot\system32\drivers\blbdrive.sys> [Brother USB Mass-Storage Lower Filter Driver / BrFiltLo][Stopped/Manual Start] <\SystemRoot\system32\drivers\brfiltlo.sys> [Brother USB Mass-Storage Upper Filter Driver / BrFiltUp][Stopped/Manual Start] <\SystemRoot\system32\drivers\brfiltup.sys> [Brother MFC Serial Port Interface Driver (WDM) / Brserid][Stopped/Disabled] <\SystemRoot\system32\drivers\brserid.sys> [Brother WDM Serial driver / BrSerWdm][Stopped/Disabled] <\SystemRoot\system32\drivers\brserwdm.sys> [Brother MFC USB Fax Only Modem / BrUsbMdm][Stopped/Disabled] <\SystemRoot\system32\drivers\brusbmdm.sys> [Brother MFC USB Serial WDM Driver / BrUsbSer][Stopped/Manual Start] <\SystemRoot\system32\drivers\brusbser.sys> [cmdide / cmdide][Stopped/Disabled] <\SystemRoot\system32\drivers\cmdide.sys> [DeathAdder Mouse / DAdderFltr][Running/Manual Start] [Intel(R) PRO/1000 NDIS 6 Adapter Driver / E1G60][Stopped/Manual Start] [elxstor / elxstor][Stopped/Disabled] <\SystemRoot\system32\drivers\elxstor.sys> [gdrv / gdrv][Stopped/Manual Start] <\??\C:\Windows\gdrv.sys> [VMware hcmon / hcmon][Running/Auto Start] <\??\C:\Windows\system32\drivers\hcmon.sys> [hookcont / hookcont][Running/System Start] [hooksys / hooksys][Running/System Start] [HpCISSs / HpCISSs][Stopped/Disabled] <\SystemRoot\system32\drivers\hpcisss.sys> [Intel RAID Controller Vista / iaStorV][Stopped/Disabled] <\SystemRoot\system32\drivers\iastorv.sys> [iirsp / iirsp][Stopped/Disabled] <\SystemRoot\system32\drivers\iirsp.sys> [IP in IP Tunnel Driver / IpInIp][Stopped/Manual Start] [ITEATAPI_Service_Install / iteatapi][Stopped/Disabled] <\SystemRoot\system32\drivers\iteatapi.sys> [ITERAID_Service_Install / iteraid][Stopped/Disabled] <\SystemRoot\system32\drivers\iteraid.sys> [LSI_FC / LSI_FC][Stopped/Disabled] <\SystemRoot\system32\drivers\lsi_fc.sys> [LSI_SAS / LSI_SAS][Stopped/Disabled] <\SystemRoot\system32\drivers\lsi_sas.sys> [LSI_SCSI / LSI_SCSI][Stopped/Disabled] <\SystemRoot\system32\drivers\lsi_scsi.sys> [megasas / megasas][Stopped/Disabled] <\SystemRoot\system32\drivers\megasas.sys> [Mraid35x / Mraid35x][Stopped/Disabled] <\SystemRoot\system32\drivers\mraid35x.sys> [nfrd960 / nfrd960][Stopped/Disabled] <\SystemRoot\system32\drivers\nfrd960.sys> [Nokia USB Generic / nmwcdcx64][Stopped/Manual Start] [Nokia USB Phone Parent / nmwcdx64][Stopped/Manual Start] [nvlddmkm / nvlddmkm][Running/Manual Start] [nvraid / nvraid][Stopped/Disabled] <\SystemRoot\system32\drivers\nvraid.sys> [nvstor / nvstor][Stopped/Disabled] <\SystemRoot\system32\drivers\nvstor.sys> [IPX Traffic Filter Driver / NwlnkFlt][Stopped/Manual Start] [IPX Traffic Forwarder Driver / NwlnkFwd][Stopped/Manual Start] [PCCS Mode Change Filter Driver / pccsmcfd][Stopped/Manual Start] [QLogic Fibre Channel Miniport Driver / ql2300][Stopped/Disabled] <\SystemRoot\system32\drivers\ql2300.sys> [QLogic iSCSI Miniport Driver / ql40xx][Stopped/Disabled] <\SystemRoot\system32\drivers\ql40xx.sys> [Rising RfwBase Driver / RfwBase9][Running/System Start] [rfwtdi / rfwtdi][Running/Auto Start] <\??\C:\Program Files (x86)\Rising\Ris\rfwtdi.sys> [rsfwdrv / rsfwdrv][Running/System Start] <\??\C:\Program Files (x86)\Rising\Ris\rsfwdrv.sys> [Realtek 8169 NT Driver / RTL8169][Running/Manual Start] [SiSRaid2 / SiSRaid2][Stopped/Disabled] <\SystemRoot\system32\drivers\sisraid2.sys> [SiSRaid4 / SiSRaid4][Stopped/Disabled] <\SystemRoot\system32\drivers\sisraid4.sys> [Symc8xx / Symc8xx][Stopped/Disabled] <\SystemRoot\system32\drivers\symc8xx.sys> [Sym_hi / Sym_hi][Stopped/Disabled] <\SystemRoot\system32\drivers\sym_hi.sys> [Sym_u3 / Sym_u3][Stopped/Disabled] <\SystemRoot\system32\drivers\sym_u3.sys> [TesDrvPt / TesDrvPt][Stopped/Manual Start] <\??\C:\Windows\system32\TesDrvPt.sys> [uliahci / uliahci][Stopped/Disabled] <\SystemRoot\system32\drivers\uliahci.sys> [UlSata / UlSata][Stopped/Disabled] <\SystemRoot\system32\drivers\ulsata.sys> [ulsata2 / ulsata2][Stopped/Disabled] <\SystemRoot\system32\drivers\ulsata2.sys> [USB Multi-Channel Audio Device Interface / USBMULCD][Running/Manual Start] [viaide / viaide][Stopped/Disabled] <\SystemRoot\system32\drivers\viaide.sys> [VMware kbd / vmkbd][Running/Manual Start] <\??\C:\Windows\system32\drivers\VMkbd.sys> [VMware Virtual Ethernet Adapter Driver / VMnetAdapter][Running/Manual Start] [VMware Bridge Protocol / VMnetBridge][Running/Auto Start] [VMware Network Application Interface / VMnetuserif][Running/Auto Start] <\??\C:\Windows\system32\drivers\vmnetuserif.sys> [VMware VMparport / VMparport][Running/Auto Start] <\??\C:\Windows\system32\drivers\VMparport.sys> [VMware USB Client Driver / vmusb][Stopped/Manual Start] [VMware vmx86 / vmx86][Running/Auto Start] <\??\C:\Windows\system32\drivers\vmx86.sys> [vsmraid / vsmraid][Stopped/Disabled] <\SystemRoot\system32\drivers\vsmraid.sys> [Vstor2 Virtual Storage Driver / vstor2][Running/Auto Start] <\??\C:\Program Files (x86)\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys> [Vstor2 WS60 Virtual Storage Driver / vstor2-ws60][Running/Auto Start] <\??\L:\vmw\vstor2-ws60.sys> ================================== 浏览器加载项 [ThunderAtOnce Class] {01443AEC-0FD1-40fd-9C87-E93D1494C233} [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} [PhotoDrawEx Class] {05F5F404-7C24-4B39-B5CC-340CEDEB9C0D} [iTrusPTA Class] {1E0DFFCF-27FF-4574-849B-55007349FEDA} [EditCtrl Class] {488A4255-3236-44B3-8F27-FA1AECAA8844} [] {4C833081-D026-4FF8-968F-7EAB660D2FBA} <, > [CertEnroll Class] {7978461C-CC22-48F2-BC69-02220D3E101D} [UploadFilePartition Class] {A877BA28-1F7E-4876-B299-50B3199A1A5D} [] {B2EC6023-6C00-49F9-A8BE-3AAC4E326BA4} <, > [QQCertCtrl Class] {BAEA0695-03A4-43BB-8495-C7025E1A8F42} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [ThunderAtOnce Class] {01443AEC-0FD1-40FD-9C87-E93D1494C233} [PhotoDrawEx Class] {05F5F404-7C24-4B39-B5CC-340CEDEB9C0D} [] {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <, > [iTrusPTA Class] {1E0DFFCF-27FF-4574-849B-55007349FEDA} [HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} [Zyzzyva] {30FA9641-9CFE-4D71-A3AA-DF8B6FA02FCC} <, > [XML Document] {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A> [Thunder Agent Class] {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} [EditCtrl Class] {488A4255-3236-44B3-8F27-FA1AECAA8844} [SkyDrive.Plugin.1] {4990272A-0655-4D80-90A7-C18D0FF7A4A9} [] {4C833081-D026-4FF8-968F-7EAB660D2FBA} <, > [HHCtrl Object] {52A2AAAE-085D-4187-97EA-8C30DB990436} <%SystemRoot%\System32\hhctrl.ocx, (Signed) N/A> [WangWangX Class] {5D09DD40-CDC4-4C56-B615-0D1E3B357C2B} [XMP Class] {6483F145-A768-4C41-AACC-52D4D7845851} [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} <%SystemRoot%\system32\wmp.dll, (Signed) N/A> [MediaComm Class] {7670648D-461B-42AF-BDFE-46D26AF5EFF2} [CertEnroll Class] {7978461C-CC22-48F2-BC69-02220D3E101D} [XDownloaddManager Class] {802F530B-A8F6-4631-AE49-6BACAAC6373E} [Microsoft Web Browser] {8856F961-340A-11D0-A96B-00C04FD705A2} [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} [XML DOM Document 6.0] {88D96A05-F192-11D4-A65F-0040963251E5} <%SystemRoot%\System32\msxml6.dll, (Signed) N/A> [XML HTTP 6.0] {88D96A0A-F192-11D4-A65F-0040963251E5} <%SystemRoot%\System32\msxml6.dll, (Signed) N/A> [OFrameObject Class] {9701758C-4373-482E-B13C-776C048EC890} [VersionDetector Class] {9EFF1953-9694-47B1-AEF6-B2A3FE8BFE9B} [UploadFilePartition Class] {A877BA28-1F7E-4876-B299-50B3199A1A5D} [RMGetLicense Class] {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} [DapCtrl Class] {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} [] {B2EC6023-6C00-49F9-A8BE-3AAC4E326BA4} <, > [QQCertCtrl Class] {BAEA0695-03A4-43BB-8495-C7025E1A8F42} [Microsoft Url Search Hook] {CFBFAE00-17A6-11D0-99CB-00C04FD64497} [RealPlayer G2 Control] {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [] {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} <, > [XML HTTP Request] {ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A> [XPPlayer Class] {F3E70CEA-956E-49CC-B444-73AFE593AD7F} [XML HTTP] {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A> [&U使用米人下载并收藏] [&U使用纳米机器人下载并收藏] [使用迅雷下载] [使用迅雷下载全部链接] [添加到QQ表情] [百度一下所选文字 (&S)] ================================== 正在运行的进程 [PID: 944 / SYSTEM][C:\Program Files (x86)\Rising\Ris\CCENTER.EXE] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2] [C:\Program Files (x86)\Rising\Ris\combase.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11] [C:\Program Files (x86)\Rising\Ris\cnt09.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 37] [C:\Program Files (x86)\Rising\Ris\cnt08.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7] [PID: 1124 / SYSTEM][C:\Program Files (x86)\Rising\Ris\RavTask.exe] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 24] [C:\Program Files (x86)\Rising\Ris\proccomm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46] [C:\Windows\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Windows\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files (x86)\Rising\Ris\rsconf.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [C:\Program Files (x86)\Rising\Ris\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.1] [C:\Program Files (x86)\Rising\Ris\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.20] [C:\Program Files (x86)\Rising\Ris\rstask.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 40] [C:\Program Files (x86)\Rising\Ris\rsstub.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12] [PID: 1236 / SYSTEM][C:\Program Files (x86)\Rising\Ris\RavMonD.exe] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3] [C:\Program Files (x86)\Rising\Ris\combase.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11] [C:\Windows\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Windows\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files (x86)\Rising\Ris\moncomm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13] [C:\Program Files (x86)\Rising\Ris\MonBase.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 6] [C:\Program Files (x86)\Rising\Ris\Rslog.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.41] [C:\Program Files (x86)\Rising\Ris\mondrv.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9] [C:\Program Files (x86)\Rising\Ris\FileMon.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 28] [C:\Program Files (x86)\Rising\Ris\MailMon.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 24] [C:\Program Files (x86)\Rising\Ris\rfwlog.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 14] [C:\Program Files (x86)\Rising\Ris\rfwrule.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.25] [C:\Program Files (x86)\Rising\Ris\rfwsrv.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.89] [C:\Program Files (x86)\Rising\Ris\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [C:\Program Files (x86)\Rising\Ris\mPorts.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.0] [C:\Program Files (x86)\Rising\Ris\rfwdrvc.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.3] [C:\Program Files (x86)\Rising\Ris\Rfwdrv.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.5] [C:\Program Files (x86)\Rising\Ris\urlrule.dll] [Beijing Rising Information Technology Co., Ltd., 1.0.0.18] [C:\Program Files (x86)\Rising\Ris\recomp.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [C:\Program Files (x86)\Rising\Ris\rsnetsvr.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 14] [C:\Program Files (x86)\Rising\Ris\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [C:\Program Files (x86)\Rising\Ris\refs.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5] [C:\Program Files (x86)\Rising\Ris\viruslib.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5] [C:\Program Files (x86)\Rising\Ris\relibldr.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 6] [C:\Program Files (x86)\Rising\Ris\rfwproxy.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.25] [C:\Program Files (x86)\Rising\Ris\proccomm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46] [C:\Program Files (x86)\Rising\Ris\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.1] [C:\Program Files (x86)\Rising\Ris\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.20] [C:\Program Files (x86)\Rising\Ris\Hooksys.dll] [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 18] [C:\Program Files (x86)\Rising\Ris\HookCont.dll] [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 12] [C:\Program Files (x86)\Rising\Ris\ScanAdd.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.19] [C:\Program Files (x86)\Rising\Ris\Scanner.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.39] [C:\Program Files (x86)\Rising\Ris\ffr.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3] [C:\Program Files (x86)\Rising\Ris\nvfile.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3] [C:\Program Files (x86)\Rising\Ris\scanexec.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 6] [C:\Program Files (x86)\Rising\Ris\unexe.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2] [C:\Program Files (x86)\Rising\Ris\scanex.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 60] [C:\Program Files (x86)\Rising\Ris\pearc.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [C:\Program Files (x86)\Rising\Ris\scanpe.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 14] [C:\Program Files (x86)\Rising\Ris\ur000.dat] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 16] [C:\Program Files (x86)\Rising\Ris\urutils.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [C:\Program Files (x86)\Rising\Ris\methodex.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [C:\Program Files (x86)\Rising\Ris\pecompd.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1] [C:\Program Files (x86)\Rising\Ris\heurex.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11] [C:\Program Files (x86)\Rising\Ris\extmail.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5] [C:\Program Files (x86)\Rising\Ris\revm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 8] [C:\Program Files (x86)\Rising\Ris\scansct.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3] [C:\Program Files (x86)\Rising\Ris\urllib.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1] [C:\Program Files (x86)\Rising\Ris\ur025.dat] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1] [C:\Program Files (x86)\Rising\Ris\ur001.dat] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7] [C:\Program Files (x86)\Rising\Ris\extfile.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 15] [PID: 1536 / SYSTEM][C:\Program Files (x86)\Rising\Ris\RsStub.exe] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2] [C:\Program Files (x86)\Rising\Ris\ProcComm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46] [C:\Windows\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Windows\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [PID: 1772 / SYSTEM][C:\Program Files (x86)\Rising\Ris\ScanFrm.exe] [Beijing Rising Information Technology Co., Ltd., 21.0.0.12] [C:\Windows\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Windows\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files (x86)\Rising\Ris\combase.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11] [C:\Program Files (x86)\Rising\Ris\moncomm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13] [C:\Program Files (x86)\Rising\Ris\scansrvp.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.13] [C:\Program Files (x86)\Rising\Ris\proccomm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46] [C:\Program Files (x86)\Rising\Ris\ScanSrv.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.10] [C:\Program Files (x86)\Rising\Ris\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [C:\Program Files (x86)\Rising\Ris\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [C:\Program Files (x86)\Rising\Ris\ScanRavT.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.27] [C:\Program Files (x86)\Rising\Ris\ScanBT.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.50] [C:\Program Files (x86)\Rising\Ris\ScanStub.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.9] [C:\Program Files (x86)\Rising\Ris\RsLog.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.41] [C:\Program Files (x86)\Rising\Ris\ScanAdd.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.19] [C:\Program Files (x86)\Rising\Ris\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.1] [C:\Program Files (x86)\Rising\Ris\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.20] [C:\Program Files (x86)\Rising\Ris\Scanner.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.39] [C:\Program Files (x86)\Rising\Ris\recomp.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [C:\Program Files (x86)\Rising\Ris\refs.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5] [C:\Program Files (x86)\Rising\Ris\viruslib.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5] [C:\Program Files (x86)\Rising\Ris\relibldr.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 6] [C:\Program Files (x86)\Rising\Ris\SysMail.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.5] [C:\Program Files (x86)\Rising\Ris\mvengine.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3] [C:\Program Files (x86)\Rising\Ris\posttrt.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2] [C:\Program Files (x86)\Rising\Ris\ffr.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3] [C:\Program Files (x86)\Rising\Ris\nvfile.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3] [C:\Program Files (x86)\Rising\Ris\scanexec.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 6] [C:\Program Files (x86)\Rising\Ris\unexe.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2] [C:\Program Files (x86)\Rising\Ris\scanex.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 60] [C:\Program Files (x86)\Rising\Ris\pearc.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [C:\Program Files (x86)\Rising\Ris\scanpe.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 14] [C:\Program Files (x86)\Rising\Ris\ur000.dat] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 16] [C:\Program Files (x86)\Rising\Ris\urutils.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [C:\Program Files (x86)\Rising\Ris\methodex.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [C:\Program Files (x86)\Rising\Ris\revm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 8] [C:\Program Files (x86)\Rising\Ris\heurex.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11] [C:\Program Files (x86)\Rising\Ris\pecompd.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1] [C:\Program Files (x86)\Rising\Ris\extfile.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 15] [C:\Program Files (x86)\Rising\Ris\extmail.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5] [C:\Program Files (x86)\Rising\Ris\scansct.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3] [C:\Program Files (x86)\Rising\Ris\extole.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1] [C:\Program Files (x86)\Rising\Ris\ur001.dat] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7] [C:\Program Files (x86)\Rising\Ris\ur025.dat] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1] [C:\Program Files (x86)\Rising\Ris\scanmac.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5] [C:\Program Files (x86)\Rising\Ris\ur004.dat] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1] [C:\Program Files (x86)\Rising\Ris\ur023.dat] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 6] [C:\Program Files (x86)\Rising\Ris\rsstore.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13] [PID: 1064 / SYSTEM][L:\vmw\vmware-authd.exe] [VMware, Inc., 6.0.0 build-45731] [C:\Windows\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [L:\vmw\vmwarebase.DLL] [VMware, Inc., 6.0.0 build-45731] [L:\vmw\vmcryptolib.DLL] [VMware, Inc., 6.0.0 build-43577] [L:\vmw\libxml2.dll] [N/A, ] [L:\vmw\iconv.dll] [Free Software Foundation, 1.9] [L:\vmw\zlib1.dll] [, 1.2.3] [PID: 732 / SYSTEM][C:\Program Files (x86)\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe] [VMware, Inc., 1.5.2 build-42958] [C:\Program Files (x86)\Common Files\VMware\VMware Virtual Image Editing\vmxScsiLib.dll] [VMware, Inc., 1.5.2 build-42958] [C:\Program Files (x86)\Common Files\VMware\VMware Virtual Image Editing\SSLEAY32.dll] [N/A, ] [C:\Program Files (x86)\Common Files\VMware\VMware Virtual Image Editing\LIBEAY32.dll] [N/A, ] [PID: 1044 / SYSTEM][C:\Windows\SysWOW64\vmnat.exe] [VMware, Inc., 6.0.0 build-45731] [PID: 2160 / SYSTEM][C:\Windows\SysWOW64\vmnetdhcp.exe] [VMware, Inc., 6.0.0 build-45731] [C:\Windows\SysWOW64\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [PID: 2352 / SYSTEM][C:\Program Files (x86)\Rising\Ris\rsnetsvr.exe] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 15] [C:\Program Files (x86)\Rising\Ris\NComm.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.12] [C:\Program Files (x86)\Rising\Ris\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [C:\Program Files (x86)\Rising\Ris\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [C:\Program Files (x86)\Rising\Ris\ProcComm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46] [C:\Windows\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Windows\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [PID: 2908 / hzy][C:\Windows\SysWOW64\rundll32.exe] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [C:\Windows\Syswow64\cm106.cpl] [C-Media Corporation, 1.0.48.52] [PID: 1768 / hzy][C:\Program Files (x86)\Rising\Ris\RsTray.exe] [Beijing Rising Information Technology Co., Ltd., 21.0.0.22] [C:\Program Files (x86)\Rising\Ris\ComServ.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.49] [C:\Windows\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Windows\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files (x86)\Rising\Ris\rslang.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 28] [C:\Program Files (x86)\Rising\Ris\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [C:\Program Files (x86)\Rising\Ris\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [C:\Program Files (x86)\Rising\Ris\rsxml.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2] [C:\Program Files (x86)\Rising\Ris\ProcComm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46] [C:\Program Files (x86)\Rising\Ris\MonState.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7] [C:\Program Files (x86)\Rising\Ris\ScanEvnt.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.14] [C:\Program Files (x86)\Rising\Ris\rsguilib.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 75] [C:\Windows\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files (x86)\Rising\Ris\rsconf.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [C:\Program Files (x86)\Rising\Ris\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.1] [C:\Program Files (x86)\Rising\Ris\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.20] [C:\Program Files (x86)\Rising\Ris\rfwrule.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.25] [C:\Program Files (x86)\Rising\Ris\rspalvd.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.26] [C:\Program Files (x86)\Rising\Ris\rsnetsvr.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 14] [C:\Program Files (x86)\Rising\Ris\ravbintl.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 29] [C:\Program Files (x86)\Rising\Ris\MonTray.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.1.4] [C:\Program Files (x86)\Rising\Ris\PngDll.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [C:\Program Files (x86)\Rising\Ris\RavITray.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 23] [C:\Program Files (x86)\Rising\Ris\ScanPrxy.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.17] [C:\Program Files (x86)\Rising\Ris\rfwtray.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 1, 12] [C:\Program Files (x86)\Rising\Ris\rsmginfo.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11] [C:\Program Files (x86)\Rising\Ris\rfwlog.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 14] [PID: 1848 / hzy][L:\vmw\vmware-tray.exe] [VMware, Inc., 6.0.0 build-45731] [C:\Windows\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [L:\vmw\vmwarebase.DLL] [VMware, Inc., 6.0.0 build-45731] [L:\vmw\vmcryptolib.DLL] [VMware, Inc., 6.0.0 build-43577] [L:\vmw\libxml2.dll] [N/A, ] [L:\vmw\iconv.dll] [Free Software Foundation, 1.9] [L:\vmw\zlib1.dll] [, 1.2.3] [L:\vmw\vmcuiutil.dll] [VMware, Inc., 6.0.0 build-45731] [C:\Windows\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [L:\vmw\sigc-2.0.dll] [The libsigc++ development team (see AUTHORS), 2.0.17] [L:\vmw\libeay32.dll] [Eric Young, The OpenSSL Project, VMware Inc., OpenSSL 0.9.7l (VMware build 100)] [L:\vmw\ssleay32.dll] [Eric Young, The OpenSSL Project, VMware Inc., OpenSSL 0.9.7l (VMware build 100)] [L:\vmw\vmnetMgr.dll] [VMware, Inc., 6.0.0 build-45731] [L:\vmw\VNETLIB.dll] [VMware, Inc., 6.0.0 build-45731] [PID: 2064 / hzy][L:\vmw\hqtray.exe] [VMware, Inc., 6.0.0 build-45731] [C:\Windows\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [L:\vmw\vmwarebase.DLL] [VMware, Inc., 6.0.0 build-45731] [L:\vmw\vmcryptolib.DLL] [VMware, Inc., 6.0.0 build-43577] [L:\vmw\libxml2.dll] [N/A, ] [L:\vmw\iconv.dll] [Free Software Foundation, 1.9] [L:\vmw\zlib1.dll] [, 1.2.3] [PID: 2684 / hzy][C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe] [, 1, 0, 0, 1] [PID: 2840 / hzy][C:\Program Files (x86)\Razer\DeathAdder\razertra.exe] [, 1, 0, 0, 1] [C:\Program Files (x86)\Razer\DeathAdder\razerlan.dll] [Razer, Inc., 4, 0, 0, 4] [PID: 2540 / hzy][C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe] [Razer Inc., 4.0.0.4] [PID: 3676 / hzy][N:\QQ\Bin\TXPlatform.exe] [Tencent, 1, 26, 760, 0] [N:\QQ\Bin\TXPFProxy.dll] [N/A, ] [PID: 4236 / hzy][N:\QQ\Bin\QQ.exe] [Tencent, 1, 26, 760, 0] [N:\QQ\Bin\Common.dll] [Tencent, 1, 26, 760, 0] [C:\Windows\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c\ATL80.DLL] [Microsoft Corporation, 8.00.50727.762] [N:\QQ\Bin\KernelUtil.dll] [Tencent, 1, 26, 760, 0] [N:\QQ\Bin\GF.dll] [Tencent, 1, 26, 760, 0] [N:\QQ\Bin\AppUtil.dll] [Tencent, 1, 26, 760, 0] [N:\QQ\Bin\MainFrame.dll] [Tencent, 1, 26, 760, 0] [N:\QQ\Bin\TXPFProxy.dll] [N/A, ] [N:\QQ\Bin\IM.dll] [Tencent, 1, 26, 760, 0] [C:\Program Files (x86)\Common Files\Tencent\TXSSO\Bin\SSOPlatform.dll] [Tencent, 1.1.1.6] [C:\Program Files (x86)\Common Files\Tencent\TXSSO\Bin\SSOCommon.DLL] [Tencent, 1.1.1.3] [N:\QQ\Bin\TaskTray.dll] [Tencent, 1, 26, 760, 0] [N:\QQ\Bin\SkinMgr.dll] [Tencent, 1, 26, 760, 0] [N:\QQ\Plugin\Com.Tencent.QQShow\Bin\FlashAvatarDll.dll] [Tencent, 1.26.1.26] [C:\Windows\SysWow64\Macromed\Flash\Flash10b.ocx] [Adobe Systems, Inc., 10,0,22,87] [N:\QQ\Bin\AppMisc.dll] [Tencent, 1, 26, 760, 0] [N:\QQ\Bin\ChatFrame.dll] [Tencent, 1, 26, 760, 0] [N:\QQ\Bin\AppCtrl.dll] [Tencent, 1, 26, 760, 0] [N:\QQ\Bin\ConfigCenter.dll] [Tencent, 1, 26, 760, 0] [N:\QQ\Bin\CustomFace.dll] [Tencent, 1, 26, 760, 0] [N:\QQ\Bin\KernelMisc.dll] [Tencent, 1, 26, 760, 0] [N:\QQ\Bin\LongCnn.dll] [Tencent, 1, 26, 760, 0] [N:\QQ\Bin\ContactInfoFrame.dll] [Tencent, 1, 26, 760, 0] [N:\QQ\Bin\MsgMgr.dll] [Tencent, 1, 26, 760, 0] [N:\QQ\Bin\QInterLive.dll] [Tencent, 1, 26, 760, 0] [N:\QQ\Bin\SystemMsg.dll] [Tencent, 1, 26, 760, 0] [N:\QQ\Plugin\Com.Tencent.PaiPai\Bin\PaiPai.dll] [Tencent, 1, 26, 760, 0] [N:\QQ\Plugin\Com.Tencent.AudioVideo\Bin\AudioVideo.dll] [Tencent, 1, 26, 760, 0] [N:\QQ\Plugin\Com.Tencent.MMOG\Bin\MMOG.dll] [Tencent, 1, 26, 760, 0] [N:\QQ\Plugin\Com.Tencent.Soso\Bin\Soso.dll] [Tencent, 1, 26, 760, 0] [N:\QQ\Plugin\Com.Tencent.Qzone\Bin\Qzone.dll] [Tencent, 1, 26, 760, 0] [N:\QQ\Plugin\Com.Tencent.Weather\Bin\Weather.dll] [Tencent, 1, 26, 760, 0] [N:\QQ\Plugin\Com.Tencent.SoBar\Bin\SoBar.dll] [Tencent, 1, 26, 760, 0] [N:\QQ\Plugin\Com.Tencent.PaiPaiGift\Bin\PaiPaiGift.dll] [Tencent, 1, 26, 760, 0] [N:\QQ\Plugin\Com.Tencent.QQLive\Bin\QQLive.dll] [Tencent, 1, 26, 760, 0] [N:\QQ\Plugin\Com.Tencent.QQMusic\Bin\QQMusic.dll] [Tencent, 1, 26, 760, 0] [N:\QQ\Plugin\Com.Tencent.taotao\Bin\Taotao.dll] [Tencent, 1, 26, 760, 0] [N:\QQ\Plugin\com.tencent.advertisement\Bin\Advertisement.dll] [Tencent, 1, 26, 760, 0] [N:\QQ\Plugin\com.tencent.snsapp\Bin\SNSApp.dll] [Tencent, 1, 26, 760, 0] [N:\QQ\Plugin\com.tencent.NetBar\Bin\NetBar.dll] [Tencent, 1, 26, 760, 0] [N:\QQ\Plugin\com.tencent.wireless\Bin\Wireless.dll] [Tencent, 1, 26, 760, 0] [N:\QQ\Plugin\com.tencent.qqshow\Bin\QQShow.dll] [Tencent, 1, 26, 760, 0] [N:\QQ\Plugin\com.tencent.crm\Bin\CRM.dll] [Tencent, 1, 26, 760, 0] [N:\QQ\Plugin\com.tencent.wenwen\Bin\WenWen.dll] [Tencent, 1, 26, 760, 0] [N:\QQ\Plugin\com.tencent.qqgame\Bin\QQGame.dll] [Tencent, 1, 26, 760, 0] [N:\QQ\Plugin\com.tencent.mail\Bin\Mail.dll] [Tencent, 1, 26, 760, 0] [N:\QQ\Plugin\com.tencent.paycenter\Bin\PayCenter.dll] [Tencent, 1, 26, 760, 0] [N:\QQ\Plugin\com.tencent.qqring\Bin\QQRing.dll] [Tencent, 1, 26, 760, 0] [N:\QQ\Bin\GroupApp.dll] [Tencent, 1, 26, 760, 0] [N:\QQ\Plugin\com.tencent.qqvip\Bin\QQVip.dll] [Tencent, 1, 26, 760, 0] [N:\QQ\Plugin\com.tencent.qbar\Bin\QBar.dll] [Tencent, 1, 26, 760, 0] [N:\QQ\Bin\InformationBox.dll] [Tencent, 1, 26, 760, 0] [N:\QQ\Plugin\com.tencent.filetransfer\Bin\FileTransfer.dll] [Tencent, 1, 26, 760, 0] [N:\QQ\Plugin\com.tencent.qqpet\Bin\QQPet.dll] [Tencent, 1, 26, 760, 0] [N:\QQ\Plugin\com.tencent.today\Bin\Today.dll] [Tencent, 1, 26, 760, 0] [N:\QQ\Plugin\com.tencent.memo\Bin\Memo.dll] [Tencent, 1, 26, 760, 0] [N:\QQ\Plugin\com.tencent.qqwebsite\Bin\QQWebsite.dll] [Tencent, 1, 26, 760, 0] [N:\QQ\Bin\AddrSearch.dll] [Tencent, 2, 3, 10, 12] [PID: 1396 / hzy][D:\帝国时代3之亚洲王朝简体中文版\必要工具\sreng2\SREngLdr.EXE] [Smallfrogs Studio, 2.8.1.1279] [PID: 1692 / hzy][D:\帝国时代3之亚洲王朝简体中文版\必要工具\sreng2\SREea9d68c8.EXE] [Smallfrogs Studio, 2.8.1.1279] [D:\帝国时代3之亚洲王朝简体中文版\必要工具\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15] ================================== 文件关联 .TXT Error. [C:\Windows\notepad.exe %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["%SystemRoot%\hh.exe" %1] .HLP OK. [%SystemRoot%\winhlp32.exe %1] .INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .VBS OK. ["%SystemRoot%\System32\WScript.exe" "%1" %*] .JS Error. [C:\Windows\SysWOW64\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 N/A ================================== Autorun.inf N/A ================================== HOSTS 文件 127.0.0.1 localhost ::1 localhost ================================== 进程特权扫描 N/A ================================== 计划任务 [已启用] \\RunAsStdUser Task7329 C:\Program Files (x86)\Rising\Ris\rstray.exe [已启用] \\{47642899-C3DD-4821-8B8D-979ED4AF7DDB} C:\Windows\system32\pcalua.exe -a K:\9you\大富翁~1\UNWISE.EXE -c K:\9you\大富翁~1\INSTALL.LOG [已启用] \\{A78E0ED4-3915-4BA0-B8D5-679E1A0DF16C} C:\Windows\system32\pcalua.exe -a K:\mlyzf\CNC3.exe -d K:\mlyzf\ [已禁用] \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated) N/A [已启用] \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual) N/A [已启用] \Microsoft\Windows\Bluetooth\UninstallDeviceTask BthUdTask.exe $(Arg0) [已启用] \Microsoft\Windows\CertificateServicesClient\SystemTask N/A [已启用] \Microsoft\Windows\CertificateServicesClient\UserTask N/A [已启用] \Microsoft\Windows\CertificateServicesClient\UserTask-Roam N/A [已启用] \Microsoft\Windows\Customer Experience Improvement Program\Consolidator %SystemRoot%\System32\wsqmcons.exe [已启用] \Microsoft\Windows\Customer Experience Improvement Program\OptinNotification %SystemRoot%\System32\wsqmcons.exe -n 0x1C577FA2B69CAD0 [已启用] \Microsoft\Windows\Defrag\ManualDefrag %windir%\system32\defrag.exe \\?\Volume{8e115b2c-faa5-11dd-955c-806e6f6e6963}\ [已启用] \Microsoft\Windows\Defrag\ScheduledDefrag %windir%\system32\defrag.exe -c -i [已启用] \Microsoft\Windows\Media Center\ehDRMInit %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [已启用] \Microsoft\Windows\Media Center\mcupdate %SystemRoot%\ehome\mcupdate $(Arg0) -gc [已启用] \Microsoft\Windows\Media Center\OCURActivate %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [已启用] \Microsoft\Windows\Media Center\OCURDiscovery %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery [已启用] \Microsoft\Windows\Media Center\UpdateRecordPath %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [已启用] \Microsoft\Windows\MobilePC\HotStart N/A [已启用] \Microsoft\Windows\MobilePC\TMM N/A [已启用] \Microsoft\Windows\MUI\LPRemove %windir%\system32\lpremove.exe [已启用] \Microsoft\Windows\Multimedia\SystemSoundsService N/A [已启用] \Microsoft\Windows\NetworkAccessProtection\NAPStatus UI N/A [已启用] \Microsoft\Windows\Shell\CrawlStartPages N/A [已禁用] \Microsoft\Windows\SideShow\AutoWake N/A [已启用] \Microsoft\Windows\SideShow\GadgetManager N/A [已禁用] \Microsoft\Windows\SideShow\SessionAgent N/A [已禁用] \Microsoft\Windows\SideShow\SystemDataProviders N/A [已启用] \Microsoft\Windows\SystemRestore\SR %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [已启用] \Microsoft\Windows\Tcpip\IpAddressConflict1 rundll32 ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [已启用] \Microsoft\Windows\Tcpip\IpAddressConflict2 rundll32 ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [已启用] \Microsoft\Windows\UPnP\UPnPHostConfig sc.exe config upnphost start= auto [已启用] \Microsoft\Windows\Windows Error Reporting\QueueReporting %windir%\system32\wermgr.exe -queuereporting [已启用] \Microsoft\Windows\Wired\GatherWiredInfo %windir%\system32\gatherWiredInfo.vbs [已启用] \Microsoft\Windows\Wireless\GatherWirelessInfo %windir%\system32\gatherWirelessInfo.vbs ================================== Windows 安全更新检查 KB932926, BitLocker 和 EFS 增强 KB933713, Windows DreamScene KB954320, Microsoft Tinker 提供的 Ultimate Extras Sounds KB954955, Microsoft Tinker KB971183, 阿拉伯语语言包 KB971183, 保加利亚语语言包 KB971183, 繁体中文语言包 KB971183, 克罗地亚语语言包 KB971183, 捷克语语言包 KB971183, 丹麦语语言包 KB971183, 荷兰语语言包 KB971183, 英语语言包 KB971183, 爱沙尼亚语语言包 KB971183, 芬兰语语言包 KB971183, 法语语言包 KB971183, 德语语言包 KB971183, 希腊语语言包 KB971183, 希伯来语语言包 KB971183, 匈牙利语语言包 KB971183, 意大利语语言包 KB971183, 日语语言包 KB971183, 朝鲜语语言包 KB971183, 拉脱维亚语语言包 KB971183, 立陶宛语语言包 KB971183, 挪威语语言包 KB971183, 波兰语语言包 KB971183, 葡萄牙语(巴西)语言包 KB971183, 葡萄牙语(葡萄牙)语言包 KB971183, 罗马尼亚语语言包 KB971183, 俄语语言包 KB971183, 塞尔维亚语(拉丁语)语言包 KB971183, 斯洛伐克语语言包 KB971183, 斯洛文尼亚语语言包 KB971183, 西班牙语语言包 KB971183, 瑞典语语言包 KB971183, 泰语语言包 KB971183, 土耳其语语言包 KB971183, 乌克兰语语言包 KB948465, 用于基于 x64 的系统的 Windows Vista Service Pack 2 (KB948465) ================================== API HOOK N/A ================================== 隐藏进程 N/A ================================== [/CODE]