[CODE] 2010-09-15,12:46:36 System Repair Engineer 2.8.2.1321 Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能 以下内容被选中: 所有的启动项目(包括注册表、启动文件夹、服务等) 浏览器加载项 正在运行的进程(包括进程模块信息) 文件关联 Winsock 提供者 Autorun.inf HOSTS 文件 进程特权扫描 计划任务 Windows 安全更新检查 API HOOK 隐藏进程 启动项目 注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] [Microsoft Corporation] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <> [N/A] <> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] [(Verified)Microsoft Windows Hardware Compatibility Publisher] <"C:\Program Files\Rising\Rav\RsTray.exe" -system> [(Verified)Beijing Rising Information Technology Corporation Limited] <; SkyTel.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher] <; C:\Program Files\Realtek\InstallShield\AzMixerSel.exe> [Realtek Semiconductor Corp.] < QQPCTray><"d:\Program Files\Tencent\QQPCMgr\QQPCTray.exe" /regrun> [(Verified)Tencent Technology(Shenzhen) Company Limited] [(Verified)Microsoft Windows Hardware Compatibility Publisher] <; ALCMTR.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher] <; "C:\Program Files\Rising\AntiSpyware\rstray.exe" /startup> [(Verified)Beijing Rising Information Technology Corporation Limited] <360Install><; > [N/A] <; "C:\Program Files\Atheros\ACU.exe" -nogui> [Atheros Communications, Inc.] <; AGRSMMSG.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher] <; "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay> [File is missing] <; Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32> [File is missing] <; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Publisher] <; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows Publisher] <; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows Publisher] <; RTHDCPL.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher] <; > [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Component Publisher] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{AEB6717E-7E19-11d0-97EE-00C04FD91972}> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] <%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher] <%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher] [(Verified)Microsoft Windows Component Publisher] [(Verified)Microsoft Windows Publisher] [(Verified)Microsoft Windows Component Publisher] <> [N/A] <> [N/A] <> [N/A] <> [N/A] <> [N/A] <> [N/A] <> [N/A] <> [N/A] <> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher] <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] [Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] <浏览器自定义组件> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{9A21033C-BAD4-46D4-9A3D-45B62DBC66A3}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] <%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] [Microsoft Corporation] ================================== 启动文件夹 N/A ================================== 服务 [Atheros 配置服务 / ACS][Running/Auto Start] [ASP.NET State Service / aspnet_state][Stopped/Manual Start] [Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start] [Contrl Center of Storm Media / ccosm][Running/Auto Start] <北京暴风网际科技有限公司> [Cmb WebProtect Support / CMBWPS][Running/Auto Start] [Google Updater Service / gusvc][Stopped/Manual Start] <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><(File is missing)> [Human Interface Device Access / HidServ][Stopped/Disabled] %SystemRoot%\System32\hidserv.dll> [PfServer / PfService][Running/Auto Start] <> [QQPCMgr RTP Service / QQPCRTP][Running/Auto Start] [Rav Service / RsRavMon][Running/Auto Start] <"C:\Program Files\Rising\Rav\RavMonD.exe"> [RFW Service / RsRFWMon][Running/Auto Start] <"D:\Program Files\Rising\Rfw\RavMonD.exe"> [ServiceLayer / ServiceLayer][Running/Manual Start] <"C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"> [Tencent Software Update Service / TSUSVC][Stopped/Auto Start] <"d:\Program Files\Tencent\QQSoftMgr\1.0.375.203\TencentUpdateSvc.exe" -run> [WatchData ccb V3.2 / WDMonitorCCB][Running/Auto Start] ================================== 驱动程序 [17ffe04cd95a4548 / 17ffe04cd95a4548][Stopped/Manual Start] <\??\C:\17ffe04cd95a4548.dat> [1d7ceab4fa7803ad / 1d7ceab4fa7803ad][Stopped/Manual Start] <\??\C:\1d7ceab4fa7803ad.dat> [2310_00 / 2310_00][Stopped/Boot Start] <\SystemRoot\System32\BIRD\2310_00.sys> [3WAREDRV / 3WAREDRV][Stopped/Boot Start] <\SystemRoot\System32\BIRD\3WAREDRV.SYS> [3WAREGSM / 3WAREGSM][Stopped/Boot Start] <\SystemRoot\System32\BIRD\3waregsm.sys> [3WDRV100 / 3WDRV100][Stopped/Boot Start] <\SystemRoot\System32\BIRD\3WDRV100.SYS> [A320RAID / A320RAID][Stopped/Boot Start] <\SystemRoot\System32\BIRD\a320raid.sys> [AAC / AAC][Stopped/Boot Start] <\SystemRoot\System32\BIRD\aac.sys> [AACSAS / AACSAS][Stopped/Boot Start] <\SystemRoot\System32\BIRD\aacsas.sys> [AAR81XX / AAR81XX][Stopped/Boot Start] <\SystemRoot\System32\BIRD\aar81xx.sys> [AARSI3X / AARSI3X][Stopped/Boot Start] <\SystemRoot\System32\BIRD\aarsi3x.sys> [ADP94XX / ADP94XX][Stopped/Boot Start] <\SystemRoot\System32\BIRD\adp94xx.sys> [ADPU320 / ADPU320][Stopped/Boot Start] <\SystemRoot\System32\BIRD\adpu320.sys> [AEC6260 / AEC6260][Stopped/Boot Start] <\SystemRoot\System32\BIRD\aec6260.sys> [AEC6280 / AEC6280][Stopped/Boot Start] <\SystemRoot\System32\BIRD\aec6280.sys> [AEC67160 / AEC67160][Stopped/Boot Start] <\SystemRoot\System32\BIRD\aec67160.sys> [AEC67162 / AEC67162][Stopped/Boot Start] <\SystemRoot\System32\BIRD\aec67162.sys> [AEC671X / AEC671X][Stopped/Boot Start] <\SystemRoot\System32\BIRD\AEC671X.sys> [AEC6880 / AEC6880][Stopped/Boot Start] <\SystemRoot\System32\BIRD\AEC6880.sys> [AEC6897 / AEC6897][Stopped/Boot Start] <\SystemRoot\System32\BIRD\aec6897.sys> [AEC68X5 / AEC68X5][Stopped/Boot Start] <\SystemRoot\System32\BIRD\aec68x5.sys> [AEGIS Protocol (IEEE 802.1x) v3.4.10.0 / AegisP][Running/Auto Start] [Agere Systems Soft Modem / AgereSoftModem][Running/Manual Start] [AlcwDrv / AlcwDrv][Stopped/Manual Start] <\??\C:\Program Files\Super Rabbit\MagicSet\killvirus\AlcwDrv.sys> [aliimz / aliimz][Stopped/Manual Start] [AMD Processor Driver / AmdK8][Running/System Start] [Atheros Wireless Network Adapter Service / AR5211][Stopped/Manual Start] [Atheros AR5008 Wireless Network Adapter Service / AR5416][Running/Manual Start] [ARCM_X86 / ARCM_X86][Stopped/Boot Start] <\SystemRoot\System32\BIRD\arcm_x86.sys> [ati2mtag / ati2mtag][Running/Manual Start] [BCHTSW32 / BCHTSW32][Stopped/Boot Start] <\SystemRoot\System32\BIRD\bchtsw32.sys> [BCRAID / BCRAID][Stopped/Boot Start] <\SystemRoot\System32\BIRD\BCRAID.sys> [BenQ QEye / Cam5603D][Running/Manual Start] [CDA1000 / CDA1000][Stopped/Boot Start] <\SystemRoot\System32\BIRD\cda1000.sys> [CMB8100 / CMB8100][Running/Auto Start] <\??\C:\WINDOWS\system32\Drivers\CertClient.dat> [CMBProtector / CMBProtector][Running/Auto Start] <\??\C:\WINDOWS\system32\Drivers\CMBProtector.dat> [CPQARRY2 / CPQARRY2][Stopped/Boot Start] <\SystemRoot\System32\BIRD\cpqarry2.sys> [CPQCISSM / CPQCISSM][Stopped/Boot Start] <\SystemRoot\System32\BIRD\cpqcissm.sys> [cpuz134 / cpuz134][Stopped/Manual Start] <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cpuz134_x32.sys> [CSB6IDE / CSB6IDE][Running/Boot Start] <\SystemRoot\System32\BIRD\csb6ide.sys> [dac2w2k / dac2w2k][Running/Boot Start] <\SystemRoot\System32\BIRD\dac2w2k.sys> [ebqk / ebqki][Stopped/Boot Start] <\SystemRoot\system32\drivers\ebqki.sys> [FASTSX / FASTSX][Running/Boot Start] <\SystemRoot\System32\BIRD\fastsx.sys> [FASTTRAK / FASTTRAK][Running/Boot Start] <\SystemRoot\System32\BIRD\fasttrak.sys> [FASTTX2K / FASTTX2K][Running/Boot Start] <\SystemRoot\System32\BIRD\fasttx2k.sys> [usb Card Device / ft2kEnum][Running/Manual Start] [FT8300 / FT8300][Running/Boot Start] <\SystemRoot\System32\BIRD\ft8300.sys> [FTSATA2 / FTSATA2][Running/Boot Start] <\SystemRoot\System32\BIRD\ftsata2.sys> [GD31244 / GD31244][Stopped/Boot Start] <\SystemRoot\System32\BIRD\gd31244.sys> [USB Chip Holder Service / GDBaseSmc][Running/Manual Start] [USB Chip Service / GD_USB][Stopped/Manual Start] <> [Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start] [hookcont / hookcont][Running/System Start] [hooksys / hooksys][Running/System Start] [HPCISSS2 / HPCISSS2][Stopped/Boot Start] <\SystemRoot\System32\BIRD\hpcisss2.sys> [HPT371 / HPT371][Stopped/Boot Start] <\SystemRoot\System32\BIRD\HPT371.sys> [HPT374 / HPT374][Stopped/Boot Start] <\SystemRoot\System32\BIRD\hpt374.sys> [HPT3XX / HPT3XX][Stopped/Boot Start] <\SystemRoot\System32\BIRD\hpt3xx.sys> [IASTOR / IASTOR][Running/Boot Start] <\SystemRoot\System32\BIRD\iaStor.sys> [IFT2000 / IFT2000][Stopped/Boot Start] <\SystemRoot\System32\BIRD\ift2000.sys> [INIA100 / INIA100][Stopped/Boot Start] <\SystemRoot\System32\BIRD\INIA100.sys> [Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start] [IPSRAIDN / IPSRAIDN][Stopped/Boot Start] <\SystemRoot\System32\BIRD\ipsraidn.sys> [ITERAID / ITERAID][Stopped/Boot Start] <\SystemRoot\System32\BIRD\iteraid.sys> [JRAID / JRAID][Running/Boot Start] <\SystemRoot\System32\BIRD\JRAID.SYS> [M5228 / M5228][Stopped/Boot Start] <\SystemRoot\System32\BIRD\m5228.sys> [M5281 / M5281][Running/Boot Start] <\SystemRoot\System32\BIRD\m5281.sys> [M5287 / M5287][Stopped/Boot Start] <\SystemRoot\System32\BIRD\m5287.sys> [M5288 / M5288][Stopped/Boot Start] <\SystemRoot\System32\BIRD\m5288.sys> [M5289 / M5289][Running/Boot Start] <\SystemRoot\System32\BIRD\m5289.sys> [MEGAIDE / MEGAIDE][Running/Boot Start] <\SystemRoot\System32\BIRD\MegaIDE.sys> [mraid35x / mraid35x][Running/Boot Start] <\SystemRoot\System32\BIRD\mraid35x.sys> [NFRD960 / NFRD960][Stopped/Boot Start] <\SystemRoot\System32\BIRD\nfrd960.sys> [Nokia USB Phone Parent / nmwcd][Stopped/Manual Start] [Nokia USB Generic / nmwcdc][Stopped/Manual Start] [Nokia USB Port / nmwcdcj][Stopped/Manual Start] [Nokia USB Modem / nmwcdcm][Stopped/Manual Start] [npkcrypt / npkcrypt][Stopped/Manual Start] <\??\C:\WINDOWS\system32\npkcrypt.sys> [npkycryp / npkycryp][Stopped/Manual Start] <\??\C:\WINDOWS\system32\npkycryp.sys> [nv / nv][Stopped/Manual Start] [NVATABUS / NVATABUS][Running/Boot Start] <\SystemRoot\System32\BIRD\NVATABUS.SYS> [NVRAID / NVRAID][Stopped/Boot Start] <\SystemRoot\System32\BIRD\NVRAID.SYS> [perc2 / perc2][Running/Boot Start] <\SystemRoot\System32\BIRD\perc2.sys> [PNP649R / PNP649R][Stopped/Boot Start] <\SystemRoot\System32\BIRD\pnp649r.sys> [PNP680 / PNP680][Stopped/Boot Start] <\SystemRoot\System32\BIRD\pnp680.sys> [PNP680R / PNP680R][Stopped/Boot Start] <\SystemRoot\System32\BIRD\pnp680r.sys> [Protector / Protector][Running/System Start] [ProtectorA / ProtectorA][Running/System Start] <\??\C:\WINDOWS\system32\drivers\ProtectorA.sys> [Direct Parallel Link Driver / Ptilink][Running/Manual Start] [PxHelp20 / PxHelp20][Running/Boot Start] <\SystemRoot\system32\Drivers\PxHelp20.sys> [ql1080 / ql1080][Running/Boot Start] <\SystemRoot\System32\BIRD\ql1080.sys> [ql12160 / ql12160][Running/Boot Start] <\SystemRoot\System32\BIRD\ql12160.sys> [ql1280 / ql1280][Running/Boot Start] <\SystemRoot\System32\BIRD\ql1280.sys> [RAIDSRC / RAIDSRC][Stopped/Boot Start] <\SystemRoot\System32\BIRD\raidsrc.sys> [SmartCard Reader Device / Reader_Device][Running/Manual Start] [Rising RfwARP Driver / RFWARP][Running/Auto Start] [Rising RfwBase Driver / RfwBase9][Running/Manual Start] [rfwtdi / rfwtdi][Running/Auto Start] <\??\D:\Program Files\Rising\Rfw\rfwtdi.sys> [RR232X / RR232X][Stopped/Boot Start] <\SystemRoot\System32\BIRD\rr232x.sys> [rsassist / rsassist][Running/Auto Start] [rsfwdrv / rsfwdrv][Running/System Start] <\??\D:\Program Files\Rising\Rfw\rsfwdrv.sys> [RsNTGDI / RsNTGDI][Running/Boot Start] <\SystemRoot\system32\Drivers\RsNTGdi.sys> [Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp][Stopped/Manual Start] [Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start] [Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver / RTLE8023xp][Running/Manual Start] [S150SX8 / S150SX8][Running/Boot Start] <\SystemRoot\System32\BIRD\S150sx8.sys> [Secdrv / Secdrv][Stopped/Manual Start] [SI3112 / SI3112][Stopped/Boot Start] <\SystemRoot\System32\BIRD\SI3112.sys> [SI3112R / SI3112R][Stopped/Boot Start] <\SystemRoot\System32\BIRD\SI3112r.sys> [SI3114 / SI3114][Stopped/Boot Start] <\SystemRoot\System32\BIRD\SI3114.sys> [SI3114R / SI3114R][Stopped/Boot Start] <\SystemRoot\SYSTEM32\BIRD\SI3114R.sys> [SI3114R5 / SI3114R5][Stopped/Boot Start] <\SystemRoot\System32\BIRD\Si3114r5.sys> [SI3124 / SI3124][Stopped/Boot Start] <\SystemRoot\SYSTEM32\BIRD\SI3124.sys> [SI3124R / SI3124R][Stopped/Boot Start] <\SystemRoot\SYSTEM32\BIRD\SI3124R.sys> [SI3124R5 / SI3124R5][Stopped/Boot Start] <\SystemRoot\SYSTEM32\BIRD\Si3124r5.sys> [SI3132 / SI3132][Stopped/Boot Start] <\SystemRoot\System32\BIRD\SI3132.sys> [SI3132R5 / SI3132R5][Stopped/Boot Start] <\SystemRoot\System32\BIRD\Si3132r5.sys> [SIS AGP Bus Filter / sisagp][Running/Boot Start] <\SystemRoot\system32\DRIVERS\sisagp.sys> [SISRAID / SISRAID][Stopped/Boot Start] <\SystemRoot\System32\BIRD\SiSRaid.sys> [SISRAID2 / SISRAID2][Stopped/Boot Start] <\SystemRoot\System32\BIRD\SiSRaid2.sys> [SISRAID4 / SISRAID4][Stopped/Boot Start] <\SystemRoot\System32\BIRD\SiSRaid4.sys> [Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start] [SPTRAK / SPTRAK][Running/Boot Start] <\SystemRoot\System32\BIRD\sptrak.sys> [ST8350 / ST8350][Running/Boot Start] <\SystemRoot\System32\BIRD\st8350.sys> [SYMMPI / SYMMPI][Stopped/Boot Start] <\SystemRoot\System32\BIRD\symmpi.sys> [sym_hi / sym_hi][Running/Boot Start] <\SystemRoot\System32\BIRD\sym_hi.sys> [sym_u3 / sym_u3][Running/Boot Start] <\SystemRoot\System32\BIRD\sym_u3.sys> [Synaptics TouchPad Driver / SynTP][Running/Manual Start] [TCP/IP Protocol Driver / Tcpip][Running/System Start] [TesDrvPt / TesDrvPt][Stopped/Manual Start] <\??\C:\WINDOWS\system32\TesDrvPt.sys> [TesSafe / TesSafe][Stopped/Manual Start] <\??\C:\WINDOWS\system32\TesSafe.sys> [ti21sony / ti21sony][Running/Manual Start] [tifm21 / tifm21][Stopped/Manual Start] [TSKSP / TSKSP][Running/System Start] <\??\d:\Program Files\Tencent\QQPCMgr\TSKSP.sys> [TwoTrack Compatible Device / TwoTrack][Stopped/Manual Start] [ULSATA / ULSATA][Running/Boot Start] <\SystemRoot\System32\BIRD\ulsata.sys> [ULSATA2 / ULSATA2][Running/Boot Start] <\SystemRoot\System32\BIRD\ulsata2.sys> [ULTIMA / ULTIMA][Stopped/Boot Start] <\SystemRoot\System32\BIRD\Ultima.sys> [ULTIMARX / ULTIMARX][Stopped/Boot Start] <\SystemRoot\System32\BIRD\UltimaRX.sys> [ultra / ultra][Running/Boot Start] <\SystemRoot\System32\BIRD\ultra.sys> [VIAMRAID / VIAMRAID][Stopped/Boot Start] <\SystemRoot\System32\BIRD\viamraid.sys> [vmscsi / vmscsi][Stopped/Boot Start] <\SystemRoot\System32\bird\vmscsi.sys> [vnccom / vnccom][Running/Auto Start] [vncdrv / vncdrv][Running/Manual Start] [W2KADV / W2KADV][Stopped/Boot Start] <\SystemRoot\System32\BIRD\w2kadv.sys> ================================== 浏览器加载项 [MMCPlayer Class] {05C1004E-2596-48E5-8E26-39362985EEB9} [Edit Class] {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} [iTrusPTA Class] {1E0DFFCF-27FF-4574-849B-55007349FEDA} [EditCtrl Class] {488A4255-3236-44B3-8F27-FA1AECAA8844} [GLAvatar Control] {61238DE1-3317-4322-89AC-AC844831380D} [WUWebControl Class] {6414512B-B978-451D-A0D8-FCFDF33E833C} [DLoader Class] {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} [CertEnroll Class] {7978461C-CC22-48F2-BC69-02220D3E101D} [AxSubmitControl Class] {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} [Submit Class] {A3CD7F74-93C9-4BC4-B892-CCDF1514F714} [CCTVUpdateInstall] {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} [PowerCommit Control] {BEEE2807-1709-4184-A05D-1B2DE01EE4CF} [] {E2883E8F-472F-4FB0-9522-AC9BF37916A7} <, > [PasswordEditCtrl Class] {E787FD25-8D7C-4693-AE67-9406BC6E22DF} [AxInputControl Class] {F2AF4FB7-CC87-49C9-B147-E1BAAC82BCDD} [] {00000000-12C9-4305-82F9-43058F20E8D2} <, > [ADODB.Recordset] {00000535-0000-0010-8000-00AA006D2EA4} [] {00B03C7D-93A4-4814-98A9-66351ADEDF84} <, > [ThunderAtOnce Class] {01443AEC-0FD1-40FD-9C87-E93D1494C233} <, > [] {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <, > [ULiveCtrl Control] {070CA17A-4BD2-4612-83B4-32B1B9159B47} [] {070CA17A-4BD2-4612-83B4-32B1B9159B48} <, > [Web Browser Applet Control] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [] {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <, > [] {0A0DDBD3-6641-40B9-873F-BBDD26D6C14E} <, > [] {0C7C23EF-A848-485B-873C-0ED954731014} <, > [Edit Class] {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} [InfosecCertInstall Class] {0EB487C8-E9AC-43A6-8C4C-083999B0622F} [PeerDraw Class] {10072CEC-8CC1-11D1-986E-00A0C955B42E} [Player Class] {11F2A418-94B2-4e16-9B0C-B00C0435F903} [CEnroll Class] {127698E4-E730-4E5C-A2B1-21490A70C8A1} [Fade] {16B280C5-EE70-11D1-9066-00C04FD9189D} [] {1A3440C6-F123-4CAB-84EE-C814E1AE0D8F} <, > [InstallHelper Class] {1DABF8D5-8430-4985-9B7F-A30E53D709B3} [iTrusPTA Class] {1E0DFFCF-27FF-4574-849B-55007349FEDA} [UploadFilePartition Class] {2030B925-DF6E-4535-AB9A-C2787F2FEB53} [] {20909876-4567-3908-4056-909834565102} <, > [ClientUpdator Object] {22B1335E-F6E7-440F-AC26-9C96699D9360} [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} [] {2318C2B1-4965-11D4-9B18-009027A5CD4F} <, > [HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} [XML DOM Document] {2933BF90-7B36-11D2-B20E-00C04F983E60} [Detecter Class] {2C48F48F-01A6-4593-A678-C7DA83C55719} [] {2CACD7BB-1C59-4BBB-8E81-6E83F82C813B} <, > [DHTML Edit Control Safe for Scripting for IE5] {2D360201-FFF5-11D1-8D03-00A0C959BC0A} [] {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <, > [RealPlayer RAM Download Handler] {2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} [] {32D72994-45B9-42B5-8980-FB561D1BE2D0} <, > [Tabular Data Control] {333C7BC4-460F-11D0-BC04-0080C7055A83} [IETag Factory] {38481807-CA0E-42D2-BF39-B33AF135CC4D} [Init_Tool Control] {399C2756-84D4-4AC5-9E86-288340334FB1} [] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <, > [GDGetTokenInfo Class] {3AA9CF07-DF20-48FF-98BE-DED276E40146} [] {4063BE15-3B08-470D-A0D5-B37161CFFD69} <, > [] {43869BB3-22FD-4F15-9B46-238106BA2F4E} <, > [] {461CC20B-FB6E-4F16-8FE8-C29359DB100E} <, > [XML Document] {48123BC4-99D9-11D1-A6B3-00C04FD91555} [Thunder Agent Class] {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} [EditCtrl Class] {488A4255-3236-44B3-8F27-FA1AECAA8844} [] {4990272A-0655-4D80-90A7-C18D0FF7A4A9} <, > [] {528DF602-9541-A985-210A-984A698C6F25} <, > [HHCtrl Object] {52A2AAAE-085D-4187-97EA-8C30DB990436} [WebProtect] {53763D1D-9CA8-4C7C-9756-A8E6B8FC063B} <, > [QvodExtend] {53AC8551-0DE0-4606-8A1E-A51AF20ADD60} [Shell Name Space] {55136805-B2DE-11D1-B9F2-00A0C98BC547} [] {5852F5ED-8BF4-11D4-A245-0080C6F74284} <, > [InfoSecNetSign Class] {5CB840B5-A94E-4AD9-B785-4866E3B04476} [WangWangX Class] {5D09DD40-CDC4-4C56-B615-0D1E3B357C2B} [] {5F849109-11DF-48AB-898A-6674CA8F56C6} <, > [GLAvatar Control] {61238DE1-3317-4322-89AC-AC844831380D} [PowerPassword Control] {614E58F9-74D0-4D7B-90E3-64A0F2AA73B4} [WUWebControl Class] {6414512B-B978-451D-A0D8-FCFDF33E833C} [XMP Class] {6483F145-A768-4C41-AACC-52D4D7845851} [中文搜索] {69248E74-4015-4EE8-BB78-7247AE9CC7F9} <, > [XDRM] {693571CB-54A3-4E90-9D52-EEAE1334E2D3} [QQLiveFile Class] {6B232760-90F1-41c3-9902-C8552C1D8A72} [StormPlayer Object] {6BE52E1D-E586-474F-A6E2-1A85A9B4D9FB} [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} [] {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} <, > [Windows Script Host Shell Object] {72C24DD5-D70A-438B-8A42-98424B88AFB8} [] {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <, > [AxInputControl Class] {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} [] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <, > [MediaComm Class] {7670648D-461B-42AF-BDFE-46D26AF5EFF2} [] {77FEF28E-EB96-44FF-B511-3185DEA48697} <, > [DLoader Class] {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} [CertEnroll Class] {7978461C-CC22-48F2-BC69-02220D3E101D} [] {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} <, > [] {7C8D1401-A58D-A81C-CD24-A5915C4517C7} <, > [] {7E853D72-626A-48EC-A868-BA8D5E23E045} <, > [XDownloaddManager Class] {802F530B-A8F6-4631-AE49-6BACAAC6373E} <, > [] {81310BFF-F6FA-42BD-872A-51CEBD9D2FE6} <, > [] {82D9671E-0B56-4285-92CD-15BC08B883BB} <, > [Microsoft Web Browser] {8856F961-340A-11D0-A96B-00C04FD705A2} [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} <, > [XML DOM Document 4.0] {88D969C0-F192-11D4-A65F-0040963251E5} <%SystemRoot%\system32\msxml4.dll, (Signed) N/A> [XML HTTP 4.0] {88D969C5-F192-11D4-A65F-0040963251E5} <%SystemRoot%\system32\msxml4.dll, (Signed) N/A> [XML DOM 文档 5.0] {88D969E5-F192-11D4-A65F-0040963251E5} [XML HTTP 5.0] {88D969EA-F192-11D4-A65F-0040963251E5} [] {8AD9C840-044E-11D1-B3E9-00805F499D93} <, > [Uploader Class] {8B054DFE-79A3-4A6A-9F46-CD2A2F601129} [AxSubmitControl Class] {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} [] {95B3F550-91C4-4627-BCC4-521288C52977} <, > [OFrameObject Class] {9701758C-4373-482E-B13C-776C048EC890} <, > [] {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} <, > [ServerRouter Object] {9C27183F-5087-46CE-B27F-5F899CFC00BC} [HKbar Class] {9D9E8E93-78DE-4C43-9951-571BE86D5060} <, > [VersionDetector Class] {9EFF1953-9694-47B1-AEF6-B2A3FE8BFE9B} [RavOnline Class] {9FAFB576-6933-4CCC-AB3D-B988EC43D04E} [] {A0867FD1-79E7-456C-8B41-165A2504FD86} <, > [Submit Class] {A3CD7F74-93C9-4BC4-B892-CCDF1514F714} [UploadFilePartition Class] {A877BA28-1F7E-4876-B299-50B3199A1A5D} [WMEncProfileManager Class] {A8D3AD02-7508-4004-B2E9-AD33F087F43C} [DownloadManager Class] {A8DC7D60-AD8F-491E-9A84-8FF901E7556E} <, > [APlayer Control] {A9322148-C691-4B9D-91FC-B9C461DBE9DD} [RMGetLicense Class] {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} [Microsoft Scriptlet Component] {AE24FDAE-03C6-11D1-8B76-0080C744F389} [Google Toolbar Notifier BHO] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <, > [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A> [] {B490415F-65F8-B5C5-D8BA-9405FB12054B} <, > [] {B580CF65-E151-49C3-B73F-70B13FCA8E86} <, > [] {B69003B3-C55E-4B48-836C-BC5946FC3B28} [RDS.DataSpace] {BD96C556-65A3-11D0-983A-00C04FC29E36} [PowerCommit Control] {BEEE2807-1709-4184-A05D-1B2DE01EE4CF} [ScreenCapture Class] {BFB79EE1-04AE-4D4A-B85E-27EE5F30C095} [CSetLET Class] {C35D7AE1-0865-4A30-BF07-29FA29324155} [KooPlayer Control] {C728DAB8-FDF5-4CD7-89DD-879D25794C77} [] {C8CBC109-B04A-4DDA-956E-BFFE0360DADD} <, > [BitComet Agent] {C8FF2A06-638A-4913-8403-50294CFF6608} [CITICS Edit Class] {CAB6E271-C9B9-4A85-96A0-1B3A19A4E6DE} [] {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} <, > [] {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} <, > [] {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} <, > [] {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} <, > [] {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <, > [QQPlayerCtrl Class] {CD108273-D434-43E6-AA90-1469F97EB398} [AUDIO__MP3 Moniker Class] {CD3AFA76-B84F-48F0-9393-7EDC34128127} [AUDIO__WAV Moniker Class] {CD3AFA7B-B84F-48F0-9393-7EDC34128127} [AUDIO__X_MS_WMA Moniker Class] {CD3AFA84-B84F-48F0-9393-7EDC34128127} [VIDEO__MPEG Moniker Class] {CD3AFA89-B84F-48F0-9393-7EDC34128127} [VIDEO__X_MS_ASF Moniker Class] {CD3AFA8F-B84F-48F0-9393-7EDC34128127} [VIDEO__X_MS_WMV Moniker Class] {CD3AFA94-B84F-48F0-9393-7EDC34128127} [WDCCBCtrl Class] {CE0460F5-48BD-4DC1-A046-0BDCB5A06CEB} [Microsoft Url Search Hook] {CFBFAE00-17A6-11D0-99CB-00C04FD64497} [RealPlayer G2 Control] {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} [] {D18A0B52-D63C-4ED0-AFC6-C1E3DC1AF43A} <, > [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [] {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} <, > [QQLive Class] {D9EBCF5D-3F8F-4b6a-89BA-70577BE73C62} [] {DBC80044-A445-435B-BC74-9C25C1C588A9} <, > [QuickTimeCheck Class] {DE4AF3B0-F4D4-11D3-B41A-0050DA2E6C21} [Microsoft(R) Windows Media Player] {DF5EF25D-0814-1403-B63D-62D18AA7996B} <, > [Microsoft Silverlight] {DFEAF541-F3E1-4C24-ACAC-99C30715084A} [PlayerCtrl Class] {E05BC2A3-9A46-4A32-80C9-023A473F5B23} [] {E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} <, > [] {E2E2DD38-D088-4134-82B7-F2BA38496583} <, > [RevealTrans] {E31E87C4-86EA-4940-9B8A-5BD5D179A737} [AxUSBKey Class] {E4BFF825-2E50-4BCC-8497-6EFDFB6C9B3D} [PasswordEditCtrl Class] {E787FD25-8D7C-4693-AE67-9406BC6E22DF} [JQSIEStartDetectorImpl Class] {E7E6F031-17CE-4C07-BC86-EABFE594F69C} <, > [] {ECCBA953-80E5-11D3-9285-0080ADB811C5} <, > [safeInput Class] {ECCBA956-80E5-11D3-9285-0080ADB811C9} [TimwpDll.TimwpCheck] {ED4CA2E5-0EEA-44C1-AD7E-74A07A7507A4} [XML HTTP Request] {ED8C108E-4349-11D2-91A4-00C04F7969E8} [Thunder DapPlayer] {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} [PBActiveX40 Control] {F2EB8999-766E-4BF6-AAAD-188D398C0D0B} [] {F3D0D36F-23F8-4682-A195-74C92B03D4AF} <, > [XML DOM Document 3.0] {F5078F32-C551-11D3-89B9-0000F81FE221} [Free Threaded XML DOM Document 3.0] {F5078F33-C551-11D3-89B9-0000F81FE221} [XML HTTP 3.0] {F5078F35-C551-11D3-89B9-0000F81FE221} [XSL Template 3.0] {F5078F36-C551-11D3-89B9-0000F81FE221} [XML DOM Document] {F6D90F11-9C73-11D3-B32E-00C04F990BB4} [XML HTTP] {F6D90F16-9C73-11D3-B32E-00C04F990BB4} [Init_Tool Control] {F7465932-3C3D-4DA2-8541-406E07C369A9} [] {F90D830D-C175-4bbe-82C7-FF94669A4C42} <, > [] {FB5DA724-162B-11D3-8B9B-AA70B4B0B524} <, > [SEInterface Class] {FDAEAB93-6DC0-4A63-81C6-95C88ED36F6A} [webmod Class] {FEE3C8C5-9BEA-4079-AB36-63ECABFC7392} [&使用BitComet下载] ================================== 正在运行的进程 [PID: 1040 / SYSTEM][\SystemRoot\System32\smss.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1096 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1128 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1176 / SYSTEM][C:\WINDOWS\system32\services.exe] [(Verified) Microsoft Corporation, 5.1.2600.3520 (xpsp_sp2_qfe.090206-1239)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1188 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1340 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4132] [C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2500] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1352 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1420 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1508 / SYSTEM][C:\Program Files\Rising\Rav\RavMonD.exe] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2] [C:\Program Files\Rising\Rav\combase.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 17] [C:\Program Files\Rising\Rav\cnt09.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5] [C:\Program Files\Rising\Rav\moncomm.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 9] [C:\Program Files\Rising\Rav\MonBase.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3] [C:\Program Files\Rising\Rav\Rslog.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.41] [C:\Program Files\Rising\Rav\mondrv.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6] [C:\Program Files\Rising\Rav\defmon.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 46] [C:\Program Files\Rising\Rav\moncom08.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1] [C:\Program Files\Rising\Rav\MonRule.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 10] [C:\Program Files\Rising\Rav\FileMon.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 29] [C:\Program Files\Rising\Rav\MailMon.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 22] [C:\Program Files\Rising\Rav\HookWeb.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 12] [C:\Program Files\Rising\Rav\rsindent.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 11] [C:\Program Files\Rising\Rav\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [C:\Program Files\Rising\Rav\taskplug.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 10] [C:\Program Files\Rising\Rav\scansrvp.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.7] [C:\Program Files\Rising\Rav\cnt08.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Rising\Rav\proccomm.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4] [C:\Program Files\Rising\Rav\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.0] [C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.0] [C:\Program Files\Rising\Rav\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [C:\Program Files\Rising\Rav\Hooksys.dll] [Beijing Rising Information Technology Co., Ltd., 24, 0, 0, 3] [C:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [C:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [C:\Program Files\Rising\Rav\HookCont.dll] [Beijing Rising Information Technology Co., Ltd., 24, 0, 0, 1] [C:\Program Files\Rising\Rav\BACore.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 39] [C:\Program Files\Rising\Rav\recomp.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6] [C:\Program Files\Rising\Rav\refs.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3] [C:\Program Files\Rising\Rav\viruslib.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3] [C:\Program Files\Rising\Rav\relibldr.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3] [C:\Program Files\Rising\Rav\rsnetsvr.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3] [C:\Program Files\Rising\Rav\bawhite.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3] [C:\Program Files\Rising\Rav\RSStore.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6] [C:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.22] [C:\Program Files\Rising\Rav\ScanAdd.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.4] [C:\Program Files\Rising\Rav\rstask.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5] [C:\Program Files\Rising\Rav\rsstub.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1] [C:\Program Files\Rising\Rav\ScanSrv.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.3] [C:\Program Files\Rising\Rav\scanpe.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 10] [C:\Program Files\Rising\Rav\pearc.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2] [C:\Program Files\Rising\Rav\ur000.dat] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4] [C:\Program Files\Rising\Rav\urutils.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1] [C:\Program Files\Rising\Rav\ffr.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4] [C:\Program Files\Rising\Rav\nvfile.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1] [C:\Program Files\Rising\Rav\scanexec.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2] [C:\Program Files\Rising\Rav\unexe.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2] [C:\Program Files\Rising\Rav\scanex.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 87] [C:\Program Files\Rising\Rav\scantj.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4] [C:\Program Files\Rising\Rav\methodex.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3] [C:\Program Files\Rising\Rav\revm.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6] [C:\Program Files\Rising\Rav\heurex.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 17] [C:\Program Files\Rising\Rav\pecompd.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5] [C:\Program Files\Rising\Rav\ur001.dat] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2] [C:\Program Files\Rising\Rav\scansct.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4] [C:\Program Files\Rising\Rav\extsfx.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4] [C:\Program Files\Rising\Rav\extmail.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5] [C:\Program Files\Rising\Rav\ur023.dat] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1] [C:\Program Files\Rising\Rav\scriptci.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1] [C:\Program Files\Rising\Rav\uroutine.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1] [PID: 1532 / SYSTEM][D:\Program Files\Rising\Rfw\RavMonD.exe] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2] [D:\Program Files\Rising\Rfw\combase.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 17] [D:\Program Files\Rising\Rfw\cnt09.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5] [D:\Program Files\Rising\Rfw\MonBase.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3] [D:\Program Files\Rising\Rfw\MonComm.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 9] [D:\Program Files\Rising\Rfw\rfwlog.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.14] [D:\Program Files\Rising\Rfw\rfwrule.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.1] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.6030.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.6030.0] [D:\Program Files\Rising\Rfw\rfwsrv.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.2] [D:\Program Files\Rising\Rfw\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [D:\Program Files\Rising\Rfw\mPorts.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.0] [D:\Program Files\Rising\Rfw\rfwdrvc.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.1] [D:\Program Files\Rising\Rfw\Rfwdrv.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.5] [D:\Program Files\Rising\Rfw\rsnetsvr.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3] [D:\Program Files\Rising\Rfw\RfwArp.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.5] [D:\Program Files\Rising\Rfw\urlrule.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.1] [D:\Program Files\Rising\Rfw\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [D:\Program Files\Rising\Rfw\recomp.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6] [D:\Program Files\Rising\Rfw\refs.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3] [D:\Program Files\Rising\Rfw\viruslib.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3] [D:\Program Files\Rising\Rfw\relibldr.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3] [D:\Program Files\Rising\Rfw\rfwproxy.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 67] [D:\Program Files\Rising\Rfw\rslang.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1] [D:\Program Files\Rising\Rfw\rsindent.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 11] [D:\Program Files\Rising\Rfw\taskplug.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 10] [D:\Program Files\Rising\Rfw\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.0] [D:\Program Files\Rising\Rfw\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.0] [D:\Program Files\Rising\Rfw\proccomm.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4] [D:\Program Files\Rising\Rfw\NComm2.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3] [D:\Program Files\Rising\Rfw\rstask.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5] [D:\Program Files\Rising\Rfw\rsstub.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [D:\Program Files\Rising\Rfw\urllib.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1] [PID: 1552 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [c:\windows\system32\msi.dll] [Microsoft Corporation, 4.5.6001.22159] [PID: 1592 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1796 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1924 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 364 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [(Verified) Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 400 / LOCAL SERVICE][C:\WINDOWS\System32\SCardSvr.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 432 / SYSTEM][C:\WINDOWS\system32\acs.exe] [Atheros, 4.2.0.377] [C:\WINDOWS\system32\AegisE5.dll] [Meetinghouse Data Communications, 3, 2, 12, 0] [C:\WINDOWS\system32\athcfg20U.dll] [Atheros, 4.2.0.377] [C:\WINDOWS\system32\athcfg20ResU.dll] [Atheros Communications, Inc., 4.2.0.377] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\athcfg11resloc.dll] [Atheros Communications, Inc., 4.2.0.377] [PID: 664 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 716 / SYSTEM][C:\Program Files\StormII\stormliv.exe] [北京暴风网际科技有限公司, 3, 8, 10, 29] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\StormII\bfoptdll.dll] [北京暴风网际科技有限公司, 3, 8, 7, 16] [PID: 1084 / SYSTEM][C:\Program Files\CMBCHINA\WebProtect\WPService.exe] [China Merchants Bank, 1, 0, 0, 1] [C:\Program Files\CMBCHINA\WebProtect\WebProtectPlus.dll] [China Merchants Bank, 1, 0, 0, 1] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1228 / SYSTEM][C:\Program Files\Pf\PfServer.exe] [, 1.0.0.0] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1708 / SYSTEM][d:\Program Files\Tencent\QQPCMgr\QQPCRTP.exe] [Tencent, 4.0.173.201] [d:\Program Files\Tencent\QQPCMgr\plugins\QMHipsEngine.dll] [, 1, 0, 0, 1] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80U.DLL] [Microsoft Corporation, 8.00.50727.4053] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.DLL] [Microsoft Corporation, 8.00.50727.4053] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\MFC80CHS.DLL] [Microsoft Corporation, 8.00.50727.4053] [d:\Program Files\Tencent\QQPCMgr\Common.dll] [Tencent, 1, 45, 1530, 0] [d:\Program Files\Tencent\QQPCMgr\TSFSEngine.dat] [Tencent, 2009, 3, 11, 7] [d:\Program Files\Tencent\QQPCMgr\TSFileFilter.dat] [tencent, 2007, 12, 5, 01] [d:\Program Files\Tencent\QQPCMgr\dr.dll] [Tencent, 1, 0, 0, 1] [d:\Program Files\Tencent\QQPCMgr\plugins\QMHips.dll] [, 1, 0, 0, 1] [PID: 1936 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 544 / SYSTEM][C:\WINDOWS\system32\WatchData\Watchdata CCB CSP v3.2\WDKeyMonitorCCB.exe] [ Beijing WatchData System Co., Ltd., 3, 2, 0, 0] [C:\WINDOWS\system32\WatchData\Watchdata CCB CSP v3.2\TokenMgr.dll] [ Beijing WatchData System Co., Ltd., 3, 6, 3, 2] [C:\WINDOWS\system32\WatchData\Watchdata CCB CSP v3.2\WDAlg.DLL] [ Beijing WatchData System C0., Ltd., 3, 5, 12, 20] [C:\WINDOWS\system32\WatchData\Watchdata CCB CSP v3.2\wdkmgr.dll] [Watchdata, 1, 0, 0, 39] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 2148 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 3196 / biliquan][C:\WINDOWS\Explorer.EXE] [(Verified) Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\Ku6Kss.dll] [酷6网(北京)信息技术有限公司, 2, 0, 0, 1] [C:\WINDOWS\system32\msi.dll] [Microsoft Corporation, 4.5.6001.22159] [C:\Documents and Settings\All Users\Application Data\Tencent\TSVulFw\TSVulFW.DAT] [Tencent, 2010, 4, 22, 1] [C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.12.13 07Jan05] [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 8.1.0.0] [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.CHS] [Adobe Systems, Inc., 8.0.0.0] [C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll] [, 1, 0, 0, 1] [D:\Program Files\WinZip\wzshlstb.dll] [WinZip Computing, S.L., 4.1 (32-bit)] [PID: 3348 / biliquan][C:\WINDOWS\system32\rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\Ku6Kss.dll] [酷6网(北京)信息技术有限公司, 2, 0, 0, 1] [C:\WINDOWS\system32\Macromed\Flash\Flash10h.ocx] [Adobe Systems, Inc., 10,1,53,64] [C:\WINDOWS\system32\mscoree.dll] [Microsoft Corporation, 2.0.50727.253 (QFE.050727-2500)] [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll] [Microsoft Corporation, 1.1.4322.2463] [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Documents and Settings\All Users\Application Data\Tencent\TSVulFw\TSVulFW.DAT] [Tencent, 2010, 4, 22, 1] [PID: 3548 / biliquan][C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] [Synaptics, Inc., 7.12.13 07Jan05] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\SynCOM.dll] [Synaptics, Inc., 7.12.13 07Jan05] [C:\WINDOWS\system32\SynTPAPI.dll] [Synaptics, Inc., 7.12.13 07Jan05] [C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.12.13 07Jan05] [C:\Documents and Settings\All Users\Application Data\Tencent\TSVulFw\TSVulFW.DAT] [Tencent, 2010, 4, 22, 1] [PID: 3572 / biliquan][C:\Program Files\Rising\Rav\RsTray.exe] [Beijing Rising Information Technology Co., Ltd., 22.0.0.11] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Rising\Rav\comserv.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.15] [C:\Program Files\Rising\Rav\rslang.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1] [C:\Program Files\Rising\Rav\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [C:\Program Files\Rising\Rav\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [C:\Program Files\Rising\Rav\ProcComm.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4] [C:\Program Files\Rising\Rav\rsxml.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2] [C:\Program Files\Rising\Rav\MonState.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2] [C:\Program Files\Rising\Rav\ScanEvnt.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.3] [C:\Program Files\Rising\Rav\rsguilib.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 57] [C:\Program Files\Rising\Rav\rsconf.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.1] [C:\Program Files\Rising\Rav\rspalvd.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.7] [C:\Program Files\Rising\Rav\ravbintl.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 22] [C:\Program Files\Rising\Rav\mruleui.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 7] [C:\Program Files\Rising\Rav\MonTray.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.74] [C:\Program Files\Rising\Rav\RavITray.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6] [C:\Program Files\Rising\Rav\rsmginfo.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4] [C:\Program Files\Rising\Rav\scanleak.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6] [C:\Program Files\Rising\Rav\ravppops.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 21] [C:\Program Files\Rising\Rav\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.0] [C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.0] [C:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [C:\Program Files\Rising\Rav\ScanPrxy.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.4] [PID: 3816 / biliquan][D:\Program Files\Tencent\QQPCMgr\QQPCTray.exe] [Tencent, 1.0.103.201] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80U.DLL] [Microsoft Corporation, 8.00.50727.4053] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.DLL] [Microsoft Corporation, 8.00.50727.4053] [D:\Program Files\Tencent\QQPCMgr\Common.dll] [Tencent, 1, 45, 1530, 0] [D:\Program Files\Tencent\QQPCMgr\GF.dll] [Tencent, 1, 45, 1530, 0] [D:\Program Files\Tencent\QQPCMgr\xGraphic32.dll] [Tencent, 1, 45, 1530, 0] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\MFC80CHS.DLL] [Microsoft Corporation, 8.00.50727.4053] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [D:\Program Files\Tencent\QQPCMgr\dr.dll] [Tencent, 1, 0, 0, 1] [D:\Program Files\Tencent\QQPCMgr\plugins\QMWebFW.dll] [, 1, 0, 0, 1] [PID: 3852 / biliquan][C:\Program Files\Synaptics\SynTP\SynTPLpr.exe] [Synaptics, Inc., 7.12.13 07Jan05] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\SynCOM.dll] [Synaptics, Inc., 7.12.13 07Jan05] [C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.12.13 07Jan05] [C:\Documents and Settings\All Users\Application Data\Tencent\TSVulFw\TSVulFW.DAT] [Tencent, 2010, 4, 22, 1] [PID: 3912 / biliquan][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.12.13 07Jan05] [C:\Documents and Settings\All Users\Application Data\Tencent\TSVulFw\TSVulFW.DAT] [Tencent, 2010, 4, 22, 1] [PID: 468 / biliquan][C:\Documents and Settings\All Users\Application Data\Tencent\TSVulFw\TSVulFWMan.exe] [Tencent, 2009, 8, 3, 2] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.12.13 07Jan05] [C:\Documents and Settings\All Users\Application Data\Tencent\TSVulFw\TSVulFW.DAT] [Tencent, 2010, 4, 22, 1] [PID: 2400 / biliquan][d:\Program Files\KWMUSIC\EncodeBnd.exe] [N/A, ] [PID: 148 / biliquan][C:\WINDOWS\system32\conime.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.12.13 07Jan05] [C:\Documents and Settings\All Users\Application Data\Tencent\TSVulFw\TSVulFW.DAT] [Tencent, 2010, 4, 22, 1] [PID: 3784 / SYSTEM][C:\Program Files\PC Connectivity Solution\ServiceLayer.exe] [Nokia., 6, 84, 83, 3] [C:\Program Files\PC Connectivity Solution\NclTools.dll] [Nokia, 6, 84, 33, 0] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\PC Connectivity Solution\Transports\NCLIrDAMM.dll] [Nokia Corp., 6, 84, 33, 0] [C:\Program Files\PC Connectivity Solution\Transports\NCLRSMM.dll] [Nokia Corp., 6, 84, 41, 0] [C:\Program Files\PC Connectivity Solution\Transports\NCLUSBMM.dll] [Nokia Corp., 6, 84, 55, 1] [C:\Program Files\PC Connectivity Solution\Transports\NclMSBTMM.dll] [Nokia Corp., 6, 84, 55, 0] [PID: 2692 / biliquan][C:\Program Files\SogouExplorer\SogouExplorer.exe] [, ] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.12.13 07Jan05] [C:\Documents and Settings\All Users\Application Data\Tencent\TSVulFw\TSVulFW.DAT] [Tencent, 2010, 4, 22, 1] [C:\Program Files\SogouExplorer\sogounet.dll] [Sogou.com Inc., 1.0.3.35] [C:\Program Files\SogouExplorer\video_acc.dll] [Sogou.com Inc, 1, 0, 2, 44] [C:\Program Files\SogouExplorer\pxpnet.dll] [Sohu.com Inc., 1, 0, 0, 31] [C:\Program Files\SogouExplorer\ShareClient.dll] [Sogou.com Inc., 1.0.0.34] [C:\Program Files\SogouExplorer\SoDaLib.dll] [Sohu.com Inc., 1, 3, 0, 13] [C:\Program Files\SogouExplorer\p4pshare.dll] [Sohu.com Inc., 1, 0, 0, 27] [PID: 3948 / biliquan][C:\Program Files\SogouExplorer\SogouExplorer.exe] [, ] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.12.13 07Jan05] [C:\Documents and Settings\All Users\Application Data\Tencent\TSVulFw\TSVulFW.DAT] [Tencent, 2010, 4, 22, 1] [C:\Program Files\SogouExplorer\WebkitCore.dll] [Sogou.com, 2, 0, 0, 85] [PID: 3944 / biliquan][C:\Program Files\SogouExplorer\SogouExplorer.exe] [, ] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.12.13 07Jan05] [C:\Documents and Settings\All Users\Application Data\Tencent\TSVulFw\TSVulFW.DAT] [Tencent, 2010, 4, 22, 1] [C:\Program Files\SogouExplorer\WebkitCore.dll] [Sogou.com, 2, 0, 0, 85] [C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 5.0.1.4324] [PID: 3244 / biliquan][C:\Program Files\SogouExplorer\SogouExplorer.exe] [, ] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.12.13 07Jan05] [C:\Documents and Settings\All Users\Application Data\Tencent\TSVulFw\TSVulFW.DAT] [Tencent, 2010, 4, 22, 1] [C:\Program Files\SogouExplorer\TridentCore.dll] [, ] [C:\Program Files\SogouExplorer\seacc.dll] [, 1, 0, 0, 27] [C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 5.0.1.4324] [C:\WINDOWS\system32\Macromed\Flash\Flash10h.ocx] [Adobe Systems, Inc., 10,1,53,64] [PID: 2084 / biliquan][D:\Program Files\WinZip\WINZIP32.EXE] [WinZip Computing, S.L., 25.0 (32-bit)] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.12.13 07Jan05] [C:\Documents and Settings\All Users\Application Data\Tencent\TSVulFw\TSVulFW.DAT] [Tencent, 2010, 4, 22, 1] [D:\PROGRA~1\WINZIP\WZEAY32.DLL] [WinZip Computing, S.L., 0.9.7j (32-bit)] [D:\PROGRA~1\WINZIP\WZCKTREE.DLL] [WinZip Computing, S.L., 1.1 (32-bit)] [D:\PROGRA~1\WINZIP\WZSMTP.DLL] [WinZip Computing, S.L., 1, 0, 8246, 0] [D:\PROGRA~1\WINZIP\WZVINFO.DLL] [WinZip Computing, S.L., 1.1 (32-bit)] [D:\PROGRA~1\WINZIP\WZGDIP32.DLL] [WinZip Computing, S.L., 1.1 (32-bit)] [D:\PROGRA~1\WINZIP\WZCAB3.DLL] [WinZip Computing, S.L., 3.1 (32-bit)] [D:\PROGRA~1\WINZIP\wz32.dll] [WinZip Computing, S.L., 25.0 (32-bit)] [D:\PROGRA~1\WINZIP\UNRAR.DLL] [N/A, ] [D:\PROGRA~1\WINZIP\lha.dll] [N/A, ] [D:\PROGRA~1\WINZIP\7zxa.dll] [Igor Pavlov, 4.65] [D:\PROGRA~1\WINZIP\LDCdBldr.dll] [Corel Inc., 1, 2, 7, 105] [D:\PROGRA~1\WINZIP\VirtCDRDrv.dll] [Corel Inc., 2, 0, 4, 20] [C:\WINDOWS\system32\Ku6Kss.dll] [酷6网(北京)信息技术有限公司, 2, 0, 0, 1] [PID: 2976 / biliquan][C:\Documents and Settings\Administrator\Local Settings\Temp\wz9098\SREngLdr.EXE] [Smallfrogs Studio, 2.8.2.1321] [PID: 3116 / biliquan][C:\Documents and Settings\Administrator\Local Settings\Temp\wz9098\SRE4752864b.EXE] [Smallfrogs Studio, 2.8.2.1321] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.12.13 07Jan05] [C:\Documents and Settings\All Users\Application Data\Tencent\TSVulFw\TSVulFW.DAT] [Tencent, 2010, 4, 22, 1] ================================== 文件关联 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 N/A ================================== Autorun.inf N/A ================================== HOSTS 文件 127.0.0.1 localhost ================================== 进程特权扫描 特殊特权被允许: SeLoadDriverPrivilege [PID = 432, C:\WINDOWS\SYSTEM32\ACS.EXE] 特殊特权被允许: SeLoadDriverPrivilege [PID = 544, C:\WINDOWS\SYSTEM32\WATCHDATA\WATCHDATA CCB CSP V3.2\WDKEYMONITORCCB.EXE] 特殊特权被允许: SeLoadDriverPrivilege [PID = 3912, C:\WINDOWS\SYSTEM32\CTFMON.EXE] 特殊特权被允许: SeLoadDriverPrivilege [PID = 3784, C:\PROGRAM FILES\PC CONNECTIVITY SOLUTION\SERVICELAYER.EXE] ================================== 计划任务 [已启用] SogouImeMgr.job C:\PROGRA~1\SOGOUI~1\501~1.432\SGTool.exe ================================== Windows 安全更新检查 N/A ================================== API HOOK 入口点错误:LoadLibraryExW (危险等级: 一般, 被下面模块所HOOK: C:\Documents and Settings\All Users\Application Data\Tencent\TSVulFw\TSVulFW.DAT) ================================== 隐藏进程 N/A ================================== [/CODE]