光辉末裔 - 2007-2-15 22:20:00
==================================
启动文件夹
N/A
==================================
服务
[卡巴斯基反病毒6.0 / AVP][Stopped/Auto Start]
<E:\avp.exe -r><Kaspersky Lab>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[PsShutdown / PsShutdownSvc][Stopped/Manual Start]
<C:\WINDOWS\System32\PSSDNSVC.EXE><N/A>
[Rising Proxy Service / RfwProxySrv][Stopped/Manual Start]
<d:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Stopped/Auto Start]
<d:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"D:\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
<"D:\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\System32\mspmsnsv.dll><Microsoft Corporation>
==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]
<system32\drivers\ac97intc.sys><Intel Corporation>
[Rising TDI Base Driver / BaseTDI][Stopped/Auto Start]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[bootdrv / bootdrv][Running/Disabled]
<System32\Drivers\bootdrv.sys><N/A>
[ExpScaner / ExpScaner][Stopped/Auto Start]
<\??\D:\Rising\Rav\ExpScan.sys><>
[HookCont / HookCont][Stopped/Auto Start]
<\??\D:\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Stopped/Auto Start]
<\??\D:\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Stopped/Auto Start]
<\??\D:\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
<\??\D:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[kl1 / kl1][Running/Boot Start]
<\SystemRoot\System32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif][Stopped/System Start]
<\??\C:\WINDOWS\System32\drivers\klif.sys><N/A>
[KRegEx / KRegEx][Stopped/System Start]
<\??\D:\PROGRA~1\KV2006\KRegEx.sys><N/A>
[KvMemon / KvMemon][Stopped/Manual Start]
<\??\D:\PROGRA~1\KV2006\KvMemon.sys><N/A>
[MEMSCAN / MEMSCAN][Stopped/Auto Start]
<\??\D:\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[nv / nv][Running/Manual Start]
<System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Pnpnt / Pnpnt][Running/Boot Start]
<\SystemRoot\System32\Drivers\pnpnt.sys><N/A>
[PProtect / PProtect][Stopped/System Start]
<\??\D:\PROGRA~1\KV2006\PProtect.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Stopped/Disabled]
<\SystemRoot\System32\drivers\RsBoot.sys><Beijing Rising>
[RsFwDrv / RsFwDrv][Stopped/Auto Start]
<\??\D:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\System32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Stopped/Auto Start]
<\??\D:\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
<System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[SCatch / SCatch][Running/Auto Start]
<System32\DRIVERS\SCatch.sys><Windows (R) 2000 DDK provider>
[Secdrv / Secdrv][Stopped/Manual Start]
<System32\DRIVERS\secdrv.sys><N/A>
[TSP / TSP][Stopped/Manual Start]
<\??\C:\WINDOWS\System32\drivers\klif.sys><N/A>
==================================
光辉末裔 - 2007-2-15 22:21:00
浏览器加载项
[FGCatchUrl]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <D:\网际快车\jccatch.dll, www.flashget.com>
[FlashGet GetFlash Class]
{F156768E-81EF-470C-9057-481BA8380DBA} <D:\网际快车\getflash.dll, www.flashget.com>
[Web反病毒保护]
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <E:\scieplugin.dll, Kaspersky Lab>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[快车]
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <D:\网际快车\FlashGet.exe, FlashGet.com>
[电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[快车(FlashGet)]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <D:\网际士快斐车礬\fgiebar.dll, N/A>
[CKAVWebScan Object]
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\WINDOWS\System32\Kaspersky Lab\Kaspersky Online Scanner Pro\kavwebscan.dll, Kaspersky Lab>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[Rising Web Scan Object]
{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[KvScanOnline Control]
{EF6205C1-3F17-4829-BCB5-1336ED89E356} <C:\WINDOWS\System32\KvDown.ocx, dreamersoft>
[FGCatchUrl]
{FB5DA724-162B-11D3-8B9B-AA70B4B0B524} <D:\网际快车\jccatch.dll, www.flashget.com>
[&使用快车(FlashGet)下载]
<D:\网际快车\jc_link.htm, N/A>
[&使用快车(FlashGet)下载全部链接]
<D:\网际快车\jc_all.htm, N/A>
==================================
正在运行的进程
[PID: 452][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 524][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 548][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\klogon.dll] [Kaspersky Lab, 6.0.0.299]
[PID: 592][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 604][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 760][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 804][D:\Rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 832][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 900][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 916][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 992][D:\Rising\Rav\Ravmond.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 43]
[D:\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[D:\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[D:\Rising\Rav\rfwctrl.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
[D:\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[D:\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[D:\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[D:\Rising\Rav\RsLog.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
[D:\Rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 12]
[D:\Rising\Rav\libload.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
[D:\Rising\Rav\VirusLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[D:\Rising\Rav\HookWeb.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
[D:\Rising\Rav\SpamEng.dll] [N/A, 18, 0, 0, 6]
[D:\Rising\Rav\engine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 26]
[PID: 1156][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[D:\kaka\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[D:\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 1260][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[PID: 1608][D:\kaka\runiep.exe] [Beijing Rising Technology Co., Ltd., 1, 0, 1, 6]
[D:\kaka\iep_ctrl.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
[D:\kaka\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 1640][D:\Rising\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
[D:\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[D:\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[D:\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[D:\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[D:\kaka\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 1724][D:\Rising\Rav\Ravmon.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 45]
[D:\Rising\Rav\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
[D:\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[D:\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[D:\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[D:\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[D:\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[D:\Rising\Rav\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
[D:\Rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[D:\kaka\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 2116][D:\Rising\Rav\RavStub.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
[D:\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[D:\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 2236][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[D:\网际快车\jccatch.dll] [www.flashget.com, 1, 8, 1, 1006]
[D:\网际快车\getflash.dll] [www.flashget.com, 1, 8, 1, 1002]
[D:\kaka\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[E:\scr_ch_pg.dll] [Kaspersky Lab, 1.0.6.299]
[E:\klscav.dll] [Kaspersky Lab, 6.0.0.299]
[E:\pr_remote.dll] [Kaspersky Lab, 6.0.0.299]
[E:\prloader.dll] [Kaspersky Lab, 6.0.0.299]
[E:\prkernel.ppl] [Kaspersky Lab, 6.0.0.299]
[e:\params.ppl] [Kaspersky Lab, 6.0.0.299]
[e:\pxstub.ppl] [Kaspersky Lab, 6.0.0.299]
[e:\tempfile.ppl] [Kaspersky Lab, 6.0.0.299]
[C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx] [Adobe Systems, Inc., 9,0,16,0]
[e:\nfio.ppl] [Kaspersky Lab, 6.0.0.299]
[e:\fsdrvplgn.ppl] [Kaspersky Lab, 6.0.0.299]
[PID: 2372][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[D:\网际快车\jccatch.dll] [www.flashget.com, 1, 8, 1, 1006]
[D:\网际快车\getflash.dll] [www.flashget.com, 1, 8, 1, 1002]
[D:\kaka\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[E:\scr_ch_pg.dll] [Kaspersky Lab, 1.0.6.299]
[E:\klscav.dll] [Kaspersky Lab, 6.0.0.299]
[E:\pr_remote.dll] [Kaspersky Lab, 6.0.0.299]
[E:\prloader.dll] [Kaspersky Lab, 6.0.0.299]
[E:\prkernel.ppl] [Kaspersky Lab, 6.0.0.299]
[e:\params.ppl] [Kaspersky Lab, 6.0.0.299]
[e:\pxstub.ppl] [Kaspersky Lab, 6.0.0.299]
[e:\tempfile.ppl] [Kaspersky Lab, 6.0.0.299]
[e:\nfio.ppl] [Kaspersky Lab, 6.0.0.299]
[e:\fsdrvplgn.ppl] [Kaspersky Lab, 6.0.0.299]
[C:\WINDOWS\Downloaded Program Files\OL2005.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 7]
[C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx] [Adobe Systems, Inc., 9,0,16,0]
[PID: 2056][C:\WINDOWS\system32\NOTEPAD.EXE] [N/A, N/A]
[D:\kaka\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[C:\WINDOWS\System32\UNISPIM5.IME] [北京紫光华宇软件股份有限公司, 5.0.0.5076]
[PID: 2900][D:\网际快车\flashget.exe] [FlashGet.com, 1, 8, 1, 1002]
[D:\网际快车\FGBTCORE.dll] [N/A, 1, 0, 0, 36]
[D:\网际快车\fgupdate.dll] [www.flashget.com, 1, 8, 1, 1002]
[D:\kaka\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[E:\scr_ch_pg.dll] [Kaspersky Lab, 1.0.6.299]
[E:\klscav.dll] [Kaspersky Lab, 6.0.0.299]
[PID: 4052][D:\winrar\WinRAR.exe] [N/A, N/A]
[D:\kaka\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 3252][C:\DOCUME~1\spider\LOCALS~1\Temp\Rar$EX00.791\SREng.EXE] [Smallfrogs Studio, 2.3.13.690]
[D:\kaka\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
N/A
==================================
API HOOK
N/A
==================================
[/CODE]
© 2000 - 2026 Rising Corp. Ltd.