[CODE] 2008-05-20,15:28:29 System Repair Engineer 2.5.16.900 Smallfrogs (http://www.KZTechs.com) Windows 2000 Server Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能以下内容被选中：所有的启动项目（包括注册表、启动文件夹、服务等）浏览器加载项正在运行的进程（包括进程模块信息）文件关联 Winsock 提供者 Autorun.inf HOSTS 文件进程特权扫描启动项目注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] [(Verified)Microsoft Windows 2000 Publisher] [(Verified)"Alibaba Software(Shanghai)Co,. Ltd"] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <"C:\Program Files\TP-LINK\TWCU\TWCU.exe" -nogui> [TP-LINK TECHNOLOGIES CO., LTD] <"C:\Program Files\Rising\Rav\RavTask.exe" -system> [(Verified)Beijing Rising Science and Technology Corporation Limited] [(Verified)Microsoft Windows Hardware Compatibility Publisher] [] [(Verified)Microsoft Windows Hardware Compatibility Publisher] [N/A] [Nero AG] <"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [(Verified)BEIJING RISING SCIENCE AND TECHNOLOGY CORPORATION LIMITED] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows 2000 Publisher] [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{32CD708B-60A7-4C00-9377-D73EAA495F0F}> [(Verified)Beijing Rising Science and Technology Corporation Limited] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] [(Verified)Microsoft Windows 2000 Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] [(Verified)Microsoft Windows 2000 Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]

<"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] <%SystemRoot%\System32\updcrl.exe -e -u %SystemRoot%\System32\verisignpub1.crl> [N/A] [HKEY_CURRENT_USER\Control Panel\Desktop] <(无)> [N/A] ================================== 启动文件夹 [Microsoft Office] C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [Microsoft Corporation]> ================================== 服务 [TP-LINK 配置服务 / ACS][Running/Auto Start] [Adobe LM Service / Adobe LM Service][Stopped/Manual Start] <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"> [Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start] [LightScribeService Direct Disc Labeling Service / LightScribeService][Running/Auto Start]

[NBService / NBService][Stopped/Manual Start] [NVIDIA Display Driver Service / NVSvc][Running/Auto Start] [Rising Proxy Service / RfwProxySrv][Running/Auto Start] [Rising Personal Firewall Service / RfwService][Running/Auto Start] [Rising Process Communication Center / RsCCenter][Running/Auto Start] <"C:\Program Files\Rising\Rav\CCenter.exe"> [Rising RealTime Monitor / RsRavMon][Stopped/Auto Start] <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"> ================================== 驱动程序 [AEGIS Protocol (IEEE 802.1x) v3.2.0.3 / AegisP][Running/Auto Start] [TP-LINK Wireless Network Adapter Service / AR5211][Running/Manual Start] [Game Port for Creative SB Live! / ctljystk][Running/Manual Start] [dmboot / dmboot][Stopped/Disabled] [Logical Disk Manager Driver / dmio][Running/Boot Start] <\SystemRoot\System32\drivers\dmio.sys> [dmload / dmload][Running/Boot Start] <\SystemRoot\System32\drivers\dmload.sys> [Creative SB Live! Basic (WDM) / emu10k][Running/Manual Start] [HookCont / HookCont][Running/System Start] <\SystemRoot\system32\drivers\HookCont.sys> [HookNtos / HookNtos][Running/System Start] <\SystemRoot\system32\drivers\HookNtos.sys> [HookReg / HookReg][Running/System Start] <\SystemRoot\system32\drivers\HookReg.sys> [HookSys / HookSys][Running/System Start] <\SystemRoot\system32\drivers\HookSys.sys> [HookUrl / HookUrl][Running/Auto Start] <\??\C:\Program Files\Rising\Rfw\HookUrl.sys> [nv / nv][Running/Manual Start] [Direct Parallel Link Driver / Ptilink][Running/Manual Start] [RESSDT / RESSDT][Stopped/Manual Start] <\??\C:\WINNT\System32\ssdtdt.sys> [Rising Rfwbase Driver / RfwBase][Running/Auto Start] [RsFwDrv / RsFwDrv][Running/System Start] <\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys> [RsNTGDI / RsNTGDI][Running/Boot Start] <\SystemRoot\System32\Drivers\RsNTGdi.sys> [World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start] [kavell / kavell][Running/Manual Start] <\??\C:\WINNT\system32\kavell.sys> ================================== 浏览器加载项 [ThunderAtOnce Class] {01443AEC-0FD1-40fd-9C87-E93D1494C233} [HTML Doucment] {1B0A105E-5FB9-4507-835D-68794062C367} [] {398C9B84-4EF7-47B5-9862-DE29543B3C42} [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} [启动迅雷5] {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} [@shdoclc.dll,-866] {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A> [电台(&R)] {8E718888-423F-11D2-876E-00A0C9082467} [InfosecCertInstall Class] {0EB487C8-E9AC-43A6-8C4C-083999B0622F} [WUWebControl Class] {6414512B-B978-451D-A0D8-FCFDF33E833C} [AxSubmitControl Class] {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} [UTPKES Control] {94BE7FE8-CF75-4FD3-8A41-9D5FE7135511} [RavOnline Class] {9FAFB576-6933-4CCC-AB3D-B988EC43D04E} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [Iesign Control] {F3E92562-1B4D-4BFA-B2D4-E9BCABE3B5A1} [GerneralPeerID Class] {0A47E819-F82E-4D5D-B806-6A9EA94D68CD} [Thunder Agent Class] {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} [XMP Class] {6483F145-A768-4C41-AACC-52D4D7845851} [XDRM] {693571CB-54A3-4E90-9D52-EEAE1334E2D3} [WangWangObj Class] {6E213FC7-DD5A-4115-B7E6-D4C7838C361E} [MediaComm Class] {7670648D-461B-42AF-BDFE-46D26AF5EFF2} [RMGetLicense Class] {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} [DapCtrl COM Module] {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} [Thunder DapPlayer] {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} [XPPlayer Class] {F3E70CEA-956E-49CC-B444-73AFE593AD7F} [InfoCheck Class] {F91BA567-79B9-467E-BC97-5DBA01BBC5EE} [InstallCheck Class] {FFB8C97E-39D4-4E8A-9FE4-B451A0D6CA65} [使用迅雷下载] [使用迅雷下载全部链接] [添加到QQ表情] ================================== 正在运行的进程 [PID: 176][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.00.2195.6601] [PID: 200][\??\C:\WINNT\system32\csrss.exe] [Microsoft Corporation, 5.00.2195.6601] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [PID: 220][\??\C:\WINNT\system32\winlogon.exe] [Microsoft Corporation, 5.00.2195.6714] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [C:\WINNT\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2195.6673] [C:\WINNT\system32\msacm32.drv] [Microsoft Corporation, 5.00.2134.1] [PID: 248][C:\WINNT\system32\services.exe] [Microsoft Corporation, 5.00.2195.6700] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [C:\WINNT\system32\dmserver.dll] [VERITAS Software Corp., 2195.6605.297.3] [PID: 260][C:\WINNT\system32\lsass.exe] [Microsoft Corporation, 5.00.2195.6695] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [PID: 564][C:\Program Files\Rising\Rfw\rfwstub.exe] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [C:\WINNT\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINNT\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Rising\Rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [PID: 748][C:\PROGRAM FILES\RISING\RAV\RavStub.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.9] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [C:\PROGRAM FILES\RISING\RAV\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [PID: 796][C:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.00.2134.1] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [PID: 828][C:\WINNT\system32\spoolsv.exe] [Microsoft Corporation, 5.00.2195.6659] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [PID: 856][C:\WINNT\System32\msdtc.exe] [Microsoft Corporation, 1999.9.3421.3] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [PID: 960][C:\WINNT\System32\acs.exe] [N/A, ] [C:\WINNT\System32\athcfg11.dll] [Atheros, 4.1.2.25] [C:\WINNT\System32\athcfg11Res.dll] [Atheros Communications, Inc., 4.1.2.25] [C:\WINNT\System32\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0] [C:\WINNT\system32\athcfg11resloc.dll] [TP-LINK TECHNOLOGIES CO., LTD., 4.1.2.25] [C:\WINNT\System32\AegisE5.dll] [Meetinghouse Data Communications, 3, 0, 16, 0] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [PID: 984][C:\WINNT\System32\svchost.exe] [Microsoft Corporation, 5.00.2134.1] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [PID: 1052][C:\WINNT\System32\llssrv.exe] [Microsoft Corporation, 5.00.2195.6697] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [PID: 1080][C:\Program Files\Common Files\LightScribe\LSSrvc.exe] [Hewlett-Packard Company, 1.4.124.1] [C:\Program Files\Common Files\LightScribe\LSSProxy.dll] [Hewlett-Packard Company, 1.4.124.1] [C:\Program Files\Common Files\LightScribe\LSLog.dll] [Hewlett-Packard Company, 1.4.124.1] [C:\Program Files\Common Files\LightScribe\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.42] [C:\Program Files\Common Files\LightScribe\MSVCP80.dll] [Microsoft Corporation, 8.00.50727.42] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [PID: 1112][C:\WINNT\System32\nvsvc32.exe] [NVIDIA Corporation, 6.14.10.8198] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [PID: 1132][C:\WINNT\system32\regsvc.exe] [Microsoft Corporation, 5.00.2195.6701] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [PID: 1216][C:\WINNT\System32\WBEM\WinMgmt.exe] [Microsoft Corporation, 1.50.1085.0100] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [PID: 1248][C:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.00.2134.1] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [C:\WINNT\System32\msxml3.dll] [Microsoft Corporation, 8.30.9926.0] [PID: 1284][C:\WINNT\system32\Dfssvc.exe] [Microsoft Corporation, 5.00.2195.6664] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [PID: 1308][C:\WINNT\System32\inetsrv\inetinfo.exe] [Microsoft Corporation, 5.00.0984] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [PID: 1328][C:\WINNT\System32\svchost.exe] [Microsoft Corporation, 5.00.2134.1] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [PID: 1516][C:\WINNT\Explorer.EXE] [Microsoft Corporation, 5.00.3700.6690] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [C:\WINNT\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.17] [C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.5.29] [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 18] [C:\WINNT\system32\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0] [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 16] [C:\WINNT\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2195.6673] [C:\WINNT\system32\msacm32.drv] [Microsoft Corporation, 5.00.2134.1] [C:\WINNT\system32\msadp32.acm] [Microsoft Corporation, 5.00.2134.1] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [C:\Program Files\WinRAR\rarext.dll] [N/A, ] [C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll] [Nero AG, 2, 7, 2, 0] [C:\Program Files\Nero\Nero 7\Nero BackItUp\MFC71U.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Nero\Nero 7\Nero BackItUp\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Nero\Nero 7\Nero BackItUp\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 74] [C:\WINNT\System32\nvshell.dll] [, ] [PID: 1716][C:\Program Files\TP-LINK\TWCU\TWCU.exe] [TP-LINK TECHNOLOGIES CO., LTD, 4.1.2.25] [C:\WINNT\system32\wcapi.dll] [Atheros, 4.1.2.25] [C:\WINNT\system32\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0] [C:\WINNT\system32\athcfg11.dll] [Atheros, 4.1.2.25] [C:\WINNT\system32\athcfg11Res.dll] [Atheros Communications, Inc., 4.1.2.25] [C:\WINNT\system32\wgapi.dll] [TP-LINK TECHNOLOGIES CO., LTD, 4.1.2.25] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [C:\WINNT\system32\wgapiloc.dll] [TP-LINK, 4.1.2.25] [C:\Program Files\TP-LINK\TWCU\TWCUloc.dll] [TP-LINK TECHNOLOGIES CO., LTD., 4.1.2.25] [C:\Program Files\TP-LINK\TWCU\oemresloc.dll] [TP-LINK TECHNOLOGIES CO., LTD., 4.1.2.25] [PID: 1724][C:\Program Files\Rising\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.23] [C:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 20.0.0.0] [C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.16] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [PID: 1912][C:\WINNT\system32\internat.exe] [Microsoft Corporation, 5.00.2920.0000] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [PID: 1920][C:\Program Files\Alisoft\WangWang\WangWang.exe] [阿里巴巴软件(上海)有限公司, 5, 7, 0, 5] [C:\Program Files\Alisoft\WangWang\AliViewCtrl.dll] [ 阿里巴巴软件(上海)有限公司, 1, 0, 0, 2] [C:\Program Files\Alisoft\WangWang\VLNetwork.dll] [阿里巴巴软件(上海)有限公司, 1, 0, 0, 6] [C:\Program Files\Alisoft\WangWang\MFC80.DLL] [Microsoft Corporation, 8.00.50727.762] [C:\Program Files\Alisoft\WangWang\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762] [C:\Program Files\Alisoft\WangWang\MSVCP80.dll] [Microsoft Corporation, 8.00.50727.762] [C:\Program Files\Alisoft\WangWang\AliViewMedia.dll] [ 阿里巴巴软件(上海)有限公司, 1, 0, 0, 2] [C:\Program Files\Alisoft\WangWang\VideoCap.dll] [ 阿里巴巴软件(上海)有限公司, 1, 0, 0, 4] [C:\Program Files\Alisoft\WangWang\VLAudio.dll] [ 阿里巴巴软件(上海)有限公司, 1, 0, 0, 5] [C:\Program Files\Alisoft\WangWang\JsmShow.dll] [ 阿里巴巴软件(上海)有限公司, 1, 0, 0, 4] [C:\Program Files\Alisoft\WangWang\AliSkin.dll] [阿里巴巴软件(上海)有限公司, 1.0.0.1] [C:\Program Files\Alisoft\WangWang\PngLib.dll] [阿里巴巴软件（上海）有限公司, 1, 0, 0, 1] [C:\Program Files\Alisoft\WangWang\zlib.dll] [, 1.2.3] [C:\Program Files\Alisoft\WangWang\ww_network.dll] [, 2, 1, 0, 1] [C:\Program Files\Alisoft\WangWang\MFC80CHS.DLL] [Microsoft Corporation, 8.00.50727.762] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [C:\Program Files\Alisoft\WangWang\Ali_Res.DLL] [N/A, ] [C:\WINNT\system32\aliedit\aliedit.dll] [, 1, 1, 0, 3] [C:\Program Files\Alisoft\WangWang\WangWangX6.dll] [阿里巴巴软件(上海)有限公司, 1, 0, 0, 5] [C:\Program Files\Alisoft\WangWang\RICHED32.DLL] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\Program Files\Alisoft\WangWang\RICHED20.dll] [Microsoft Corporation, 5.30.23.1221] [C:\Program Files\Alisoft\WangWang\RichOne.dll] [阿里巴巴软件(上海)有限公司, 1.0.0.1] [C:\Program Files\Alisoft\WangWang\TBProgress.dll] [阿里巴巴软件(上海)有限公司, 1.0.0.1] [C:\Program Files\Alisoft\WangWang\MessageNotify.dll] [, 1, 0, 0, 1] [C:\WINNT\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2195.6673] [C:\WINNT\system32\msacm32.drv] [Microsoft Corporation, 5.00.2134.1] [C:\WINNT\system32\msadp32.acm] [Microsoft Corporation, 5.00.2134.1] [C:\WINNT\system32\msdmo.dll] [, ] [C:\Program Files\Alisoft\WangWang\Scan_Lib\DBUpdate.dll] [N/A, ] [PID: 1956][C:\WINNT\System32\svchost.exe] [Microsoft Corporation, 5.00.2134.1] [C:\WINNT\System32\unimdm.tsp] [Microsoft Corporation, 5.00.2195.6601] [C:\WINNT\System32\kmddsp.tsp] [Microsoft Corporation, 5.00.2150.1] [C:\WINNT\System32\ndptsp.tsp] [Microsoft Corporation, 5.00.2143.1] [C:\WINNT\System32\ipconf.tsp] [Microsoft Corporation, 5.00.2143.1] [C:\WINNT\System32\h323.tsp] [Microsoft Corporation, 5.00.2195.6699] [PID: 2272][C:\Program Files\Tencent\QQ\TXPlatform.exe] [Tencent, 1, 0, 170, 0] [PID: 1196][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2800.1106] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.5.29] [C:\WINNT\System32\mseval.dll] [, 11, 21,1, 1] [C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 74] [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 18] [C:\WINNT\system32\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0] [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 16] [C:\WINNT\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2195.6673] [C:\WINNT\system32\msacm32.drv] [Microsoft Corporation, 5.00.2134.1] [C:\WINNT\system32\msadp32.acm] [Microsoft Corporation, 5.00.2134.1] [C:\WINNT\system32\CHENHU4.IME] [chenhu, 5.8] [C:\WINNT\system32\javacypt.dll] [Microsoft Corporation, 5.00.3229] [C:\WINNT\system32\msjava.dll] [Microsoft Corporation, 5.00.3234] [C:\WINNT\system32\VMHELPER.DLL] [Microsoft Corporation, 5.00.3229] [C:\WINNT\System32\Macromed\Flash\Flash9f.ocx] [Adobe Systems, Inc., 9,0,124,0] [PID: 1652][C:\WINNT\sreng2\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [C:\WINNT\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15] [C:\WINNT\system32\MSISIP.DLL] [Microsoft Corporation, 3.1.4000.1823] [C:\WINNT\System32\wshCHS.DLL] [Microsoft Corporation, 5.6.0.6626] ================================== 文件关联 .TXT Error. [C:\WINNT\notepad.exe %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM Error. ["hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI Error. [C:\WINNT\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 N/A ================================== Autorun.inf N/A ================================== HOSTS 文件 127.0.0.1 localhost ================================== 进程特权扫描特殊特权被允许： SeLoadDriverPrivilege [PID = 960, C:\WINNT\SYSTEM32\ACS.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 1080, C:\PROGRAM FILES\COMMON FILES\LIGHTSCRIBE\LSSRVC.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 1716, C:\PROGRAM FILES\TP-LINK\TWCU\TWCU.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 1716, C:\PROGRAM FILES\TP-LINK\TWCU\TWCU.EXE] ================================== API HOOK 入口点错误：CreateProcessA (危险等级: 高, 被下面模块所HOOK: 0x01111FB5) 入口点错误：CreateProcessW (危险等级: 高, 被下面模块所HOOK: 0x0111209D) ================================== 隐藏进程 N/A ================================== [/CODE]