[CODE] 2008-06-06,10:04:37 System Repair Engineer 2.6.8.980 Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能 以下内容被选中: 所有的启动项目(包括注册表、启动文件夹、服务等) 浏览器加载项 正在运行的进程(包括进程模块信息) 文件关联 Winsock 提供者 Autorun.inf HOSTS 文件 进程特权扫描 启动项目 注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] [Hewlett-Packard Co.] <"C:\Program Files\Rising\Rav\RavTask.exe" -system> [(Verified)Beijing Rising Science and Technology Corporation Limited] <; C:\WINDOWS\system32\hkcmd.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher] <; C:\WINDOWS\system32\igfxtray.exe> [(Verified)Microsoft Windows Component Publisher] <; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Publisher] <; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [File is missing] <; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [File is missing] <; "C:\Program Files\Rising\AntiSpyware\runiep.exe" /startup> [Beijing Rising Technology Co., Ltd.] <; SOUNDMAN.EXE> [Realtek Semiconductor Corp.] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Component Publisher] [(Verified)Microsoft Windows Publisher] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}> [Beijing Rising Technology Co., Ltd.] <{32CD708B-60A7-4C00-9377-D73EAA495F0F}> [(Verified)Beijing Rising Science and Technology Corporation Limited] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] <%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] [Microsoft Corporation] ================================== 启动文件夹 [HP Digital Imaging Monitor] C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [Hewlett-Packard Co.]> [HP Image Zone 快速启动 ] C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [Hewlett-Packard Co.]> [QQ游戏启动加速程序] C:\PROGRA~1\Tencent\QQGAME\Accel.exe [深圳市腾讯计算机系统有限公司]> ================================== 服务 [Adobe LM Service / Adobe LM Service][Stopped/Manual Start] <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"> [ASP.NET State Service / aspnet_state][Stopped/Manual Start] [Human Interface Device Access / HidServ][Stopped/Disabled] %SystemRoot%\System32\hidserv.dll> [Pml Driver HPZ12 / Pml Driver HPZ12][Stopped/Auto Start] [Rising Process Communication Center / RsCCenter][Running/Auto Start] <"C:\Program Files\Rising\Rav\CCenter.exe"> [Rising RealTime Monitor / RsRavMon][Stopped/Auto Start] <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"> [System Restore Service / srservice][Stopped/Disabled] C:\WINDOWS\system32\srsvc.dll> ================================== 驱动程序 [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start] [HookCont / HookCont][Running/System Start] <\SystemRoot\system32\drivers\HookCont.sys> [HookNtos / HookNtos][Running/System Start] <\SystemRoot\system32\drivers\HookNtos.sys> [HookReg / HookReg][Running/System Start] <\SystemRoot\system32\drivers\HookReg.sys> [HookSys / HookSys][Running/System Start] <\SystemRoot\system32\drivers\HookSys.sys> [IEEE-1284.4 Driver HPZid412 / HPZid412][Stopped/Manual Start] [Print Class Driver for IEEE-1284.4 HPZipr12 / HPZipr12][Stopped/Manual Start] [USB to IEEE-1284.4 Translation Driver HPZius12 / HPZius12][Stopped/Manual Start] [ialm / ialm][Running/Manual Start] [JMicron Hot-Plug Driver / JGOGO][Stopped/Manual Start] [NVIDIA nForce RAID Driver / nvrd32][Stopped/Manual Start] [Direct Parallel Link Driver / Ptilink][Running/Manual Start] [PxHelp20 / PxHelp20][Running/Boot Start] <\SystemRoot\System32\Drivers\PxHelp20.sys> [RsAntiSpyware / RsAntiSpyware][Running/Boot Start] <\SystemRoot\system32\drivers\RsBoot.sys> [RsNTGDI / RsNTGDI][Running/Boot Start] <\SystemRoot\system32\Drivers\RsNTGdi.sys> [Realtek 10/100/1000 PCI NIC Family NDIS XP Driver / RTL8023xp][Running/Manual Start] [Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start] [Secdrv / Secdrv][Stopped/Manual Start] [SATALink driver accelerator / SiFilter][Stopped/Manual Start] [System Restore Filter Driver / sr][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\sr.sys> ================================== 浏览器加载项 [ThunderAtOnce Class] {01443AEC-0FD1-40fd-9C87-E93D1494C233} [FGCatchUrl] {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} [FlashGet GetFlash Class] {F156768E-81EF-470C-9057-481BA8380DBA} [雨林木风] {ED9A935A-321A-406E-8978-E278B0B6B3DC} [ThunderAtOnce Class] {01443AEC-0FD1-40FD-9C87-E93D1494C233} [DHTML Edit Control Safe for Scripting for IE5] {2D360201-FFF5-11D1-8D03-00A0C959BC0A} [FGCatchUrl] {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} [HtmlDlgSafeHelper Class] {3050F819-98B5-11CF-BB82-00AA00BDCE0B} [Thunder Agent Class] {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} [XMP Class] {6483F145-A768-4C41-AACC-52D4D7845851} [XDRM] {693571CB-54A3-4E90-9D52-EEAE1334E2D3} [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} [360SafeLive] {87515F61-A66C-4319-A0E0-D416CB8059E3} [Microsoft Web 浏览器] {8856F961-340A-11D0-A96B-00C04FD705A2} [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} [RMGetLicense Class] {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} [Thunder DapCtrl] {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A> [RDS.DataSpace] {BD96C556-65A3-11D0-983A-00C04FC29E36} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [FlashGet GetFlash Class] {F156768E-81EF-470C-9057-481BA8380DBA} [XPPlayer Class] {F3E70CEA-956E-49CC-B444-73AFE593AD7F} [FGAutoLive] {F90D830D-C175-4bbe-82C7-FF94669A4C42} [FGCatchUrl] {FB5DA724-162B-11D3-8B9B-AA70B4B0B524} [&使用快车(FlashGet)下载] [&使用快车(FlashGet)下载全部链接] [使用迅雷下载] [使用迅雷下载全部链接] [导出到 Microsoft Office Excel(&X)] ================================== 正在运行的进程 [PID: 556][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 636][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 660][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 704][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 716][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 868][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 964][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1064][C:\Program Files\Rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.28] [PID: 1080][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1144][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1336][C:\PROGRAM FILES\RISING\RAV\ravmond.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.76] [C:\PROGRAM FILES\RISING\RAV\BWList.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.4] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.0] [C:\PROGRAM FILES\RISING\RAV\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.16] [C:\PROGRAM FILES\RISING\RAV\RsLog.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.34] [C:\PROGRAM FILES\RISING\RAV\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\PROGRAM FILES\RISING\RAV\MonRule.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.29] [C:\PROGRAM FILES\RISING\RAV\Hooksys.dll] [Beijing Rising Technology Co., Ltd, 22, 0, 0, 9] [C:\PROGRAM FILES\RISING\RAV\HookReg.dll] [Beijing Rising Technology Co., Ltd, 22, 0, 0, 4] [C:\PROGRAM FILES\RISING\RAV\HookNtos.dll] [Beijing Rising Technology Co., Ltd, 22, 0, 0, 2] [C:\PROGRAM FILES\RISING\RAV\rswalmon.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 22] [C:\PROGRAM FILES\RISING\RAV\recomp.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 39] [C:\PROGRAM FILES\RISING\RAV\refs.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 17] [C:\PROGRAM FILES\RISING\RAV\ffr.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 14] [C:\Program Files\Rising\Rav\RsStore.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.8] [C:\PROGRAM FILES\RISING\RAV\HookCont.dll] [Beijing Rising Technology Co., Ltd, 22, 0, 0, 1] [C:\Program Files\Rising\Rav\fakescan.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.13] [C:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.36] [C:\PROGRAM FILES\RISING\RAV\viruslib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26] [C:\PROGRAM FILES\RISING\RAV\relibldr.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [C:\PROGRAM FILES\RISING\RAV\HookWeb.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.2] [C:\PROGRAM FILES\RISING\RAV\nvfile.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 6] [C:\PROGRAM FILES\RISING\RAV\extfile.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 29] [C:\PROGRAM FILES\RISING\RAV\pearc.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 5] [C:\PROGRAM FILES\RISING\RAV\scanexec.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 17] [C:\PROGRAM FILES\RISING\RAV\unexe.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 5] [C:\PROGRAM FILES\RISING\RAV\scanex.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 75] [C:\PROGRAM FILES\RISING\RAV\scanpack.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9] [C:\PROGRAM FILES\RISING\RAV\revm.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 8] [C:\PROGRAM FILES\RISING\RAV\urutils.dll] [, 20, 0, 0, 6] [C:\PROGRAM FILES\RISING\RAV\ur000.dat] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 18] [C:\PROGRAM FILES\RISING\RAV\scriptci.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3] [C:\PROGRAM FILES\RISING\RAV\uroutine.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26] [C:\PROGRAM FILES\RISING\RAV\scansct.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9] [C:\PROGRAM FILES\RISING\RAV\extmail.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9] [PID: 1448][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)] [C:\WINDOWS\system32\HpTcpMon.dll] [Hewlett Packard, 5.01.00.011] [C:\WINDOWS\system32\hpzjrd01.dll] [Hewlett Packard, 2.01.00.001] [C:\WINDOWS\system32\HPTcpMUI.dll] [Microsoft Corporation, 5.01.00.011] [C:\WINDOWS\system32\hptcpmib.dll] [Hewlett Packard, 5.01.00.011] [C:\WINDOWS\system32\hpz3l3xu.dll] [Hewlett-Packard Company, 60.051.644.00] [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\hpzpp3xu.dll] [Hewlett-Packard Corporation, 60.051.644.00] [PID: 1632][C:\PROGRAM FILES\RISING\RAV\RavStub.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.9] [C:\PROGRAM FILES\RISING\RAV\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [PID: 1696][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1780][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 216][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)] [C:\Program Files\WinRAR\rarext.dll] [N/A, ] [D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 96] [D:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll] [, 1, 0, 0, 17] [D:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 16] [PID: 388][C:\Program Files\HP\HP Software Update\HPWuSchd2.exe] [Hewlett-Packard Co., 53.0.13.000] [PID: 396][C:\Program Files\Rising\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.23] [C:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 20.0.0.0] [C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.16] [PID: 408][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 420][C:\Program Files\Rising\Rav\Ravmon.exe] [Beijing Rising Technology Co., Ltd., 20.0.01.19] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [C:\Program Files\Rising\Rav\recomp.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 39] [C:\Program Files\Rising\Rav\refs.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 17] [C:\Program Files\Rising\Rav\viruslib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26] [C:\Program Files\Rising\Rav\relibldr.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [C:\Program Files\Rising\Rav\RSAPPMGR.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.0] [C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.16] [C:\Program Files\Rising\Rav\MonRule.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.29] [C:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4] [C:\Program Files\Rising\Rav\Rsguilib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 89] [C:\Program Files\Rising\Rav\RsXML.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0] [PID: 484][C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe] [Hewlett-Packard Co., 53.0.13.000] [C:\Program Files\HP\Digital Imaging\bin\hpqcxm08.dll] [Hewlett-Packard Co., 53.0.13.000] [C:\Program Files\HP\Digital Imaging\bin\hpquio08.dll] [Hewlett-Packard Co., 53.0.13.000] [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.rsc] [Hewlett-Packard Co., 53.0.13.000] [C:\Program Files\HP\Digital Imaging\bin\hpqtao08.dll] [Hewlett-Packard Co., 53.0.13.000] [C:\Program Files\HP\Digital Imaging\bin\hpotra08.dll] [Hewlett-Packard Co., 50.0.214.000] [C:\Program Files\HP\Digital Imaging\bin\hpotra08.rsc] [Hewlett-Packard Co., 50.0.214.000] [C:\Program Files\HP\Digital Imaging\bin\hpodio08.dll] [Hewlett-Packard Co., 53.0.13.000] [C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll] [Hewlett-Packard Co., 53.0.13.000] [C:\Program Files\HP\Digital Imaging\bin\hpotradd.dll] [Hewlett-Packard Co., 53.0.13.000] [C:\Program Files\HP\Digital Imaging\bin\hpqrif08.dll] [Hewlett-Packard Co., 53.0.13.000] [C:\Program Files\HP\Digital Imaging\bin\hpqmif08.dll] [Hewlett-Packard Co., 53.0.13.000] [C:\Program Files\HP\Digital Imaging\bin\hpodvd09.dll] [Hewlett-Packard Co., 53.0.13.000] [C:\Program Files\HP\Digital Imaging\bin\hpoddcomm09.dll] [Hewlett-Packard Co., 53.0.13.000] [C:\WINDOWS\system32\hpzidr12.dll] [HP, 9, 0, 0, 0] [C:\WINDOWS\system32\hpzipr12.dll] [HP, 9, 0, 0, 0] [C:\Program Files\HP\Digital Imaging\bin\hpqusg.dll] [Hewlett-Packard Co., 53.0.13.000] [PID: 1268][C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe] [Hewlett-Packard Co., 053.000.013.000] [C:\WINDOWS\system32\mscoree.dll] [Microsoft Corporation, 1.1.4322.573] [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll] [Microsoft Corporation, 1.1.4322.573] [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll] [Microsoft Corporation, 1.1.4322.573] [c:\windows\microsoft.net\framework\v1.1.4322\mscorlib.dll] [Microsoft Corporation, 1.1.4322.573] [c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_d15c3ad7\mscorlib.dll] [N/A, ] [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll] [Microsoft Corporation, 1.1.4322.573] [c:\windows\assembly\gac\hpqiface\4.0.0.0__a53cf5803f4c3827\hpqiface.dll] [Hewlett-Packard Co., 053.000.013.000] [c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll] [Microsoft Corporation, 1.1.4322.573] [c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_bd3aa373\system.windows.forms.dll] [N/A, ] [c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll] [Microsoft Corporation, 1.1.4322.573] [c:\windows\assembly\gac\mscorlib.resources\1.0.5000.0_zh-chs_b77a5c561934e089\mscorlib.resources.dll] [Microsoft Corporation, 1.1.4322.573] [c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_78f91ded\system.drawing.dll] [N/A, ] [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSCORJIT.DLL] [Microsoft Corporation, 1.1.4322.573] [c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll] [Microsoft Corporation, 1.1.4322.573] [c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_0fab4c31\system.dll] [N/A, ] [c:\windows\assembly\gac\hpqcc2\3.0.0.0__a53cf5803f4c3827\hpqcc2.dll] [Hewlett-Packard Co., 053.000.013.000] [c:\windows\assembly\gac\hpqutils\4.0.0.0__a53cf5803f4c3827\hpqutils.dll] [Hewlett-Packard Co., 053.000.013.000] [c:\windows\assembly\gac\hpqfmrsc\4.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll] [Hewlett-Packard Co., 053.000.013.000] [c:\windows\assembly\gac\hpqtray\4.0.0.0__a53cf5803f4c3827\hpqtray.dll] [Hewlett-Packard Co., 053.000.013.000] [c:\windows\assembly\gac\hpqovskn\3.0.0.0__a53cf5803f4c3827\hpqovskn.dll] [Hewlett-Packard Co., 053.000.013.000] [c:\windows\assembly\gac\hpqimvlt\3.0.0.0__a53cf5803f4c3827\hpqimvlt.dll] [Hewlett-Packard Co., 053.000.013.000] [c:\windows\assembly\gac\hpqimgrc\4.0.0.0__a53cf5803f4c3827\hpqimgrc.dll] [Hewlett-Packard Co., 053.000.013.000] [c:\program files\hp\digital imaging\bin\zh-chs\hpqimzone.resources.dll] [ , 50.0.120.0] [c:\windows\assembly\gac\hpqntrop\4.0.0.0__a53cf5803f4c3827\hpqntrop.dll] [Hewlett-Packard Co., 053.000.013.000] [c:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll] [Hewlett-Packard Co., 53.0.13.000] [C:\Program Files\HP\Digital Imaging\bin\hpqcxm08.dll] [Hewlett-Packard Co., 53.0.13.000] [c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll] [Microsoft Corporation, 1.1.4322.573] [c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_c99025fa\system.xml.dll] [N/A, ] [c:\windows\assembly\gac\lead\13.0.0.113__9cf889f53ea9b907\lead.dll] [LEAD Technologies, Inc., 13.0.0.113] [c:\windows\assembly\gac\lead.wrapper\13.0.0.113__9cf889f53ea9b907\lead.wrapper.dll] [LEAD Technologies, Inc., 13.0.0.113] [C:\Program Files\HP\Digital Imaging\bin\ltkrn13n.dll] [LEAD Technologies, Inc., 13.0.0.098] [c:\windows\assembly\gac\hpqtray.resources\4.0.0.0_zh-chs_a53cf5803f4c3827\hpqtray.resources.dll] [ , 50.0.120.0] [c:\windows\assembly\gac\hpqfmrsc.resources\4.0.0.0_zh-chs_a53cf5803f4c3827\hpqfmrsc.resources.dll] [ , 50.0.120.0] [c:\windows\assembly\gac\lead.windows.forms\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.dll] [LEAD Technologies, Inc., 13.0.0.113] [c:\windows\assembly\gac\lead.drawing\13.0.0.113__9cf889f53ea9b907\lead.drawing.dll] [LEAD Technologies, Inc., 13.0.0.113] [c:\windows\assembly\gac\interop.hpqimgr\3.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll] [Hewlett-Packard Co., 53.0.13.000] [C:\Program Files\HP\Digital Imaging\Bin\hpqimgr.dll] [Hewlett-Packard Co., 53.0.13.000] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\ATL71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\HP\Digital Imaging\Bin\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0] [c:\windows\assembly\gac\hpqasset\4.0.0.0__a53cf5803f4c3827\hpqasset.dll] [Hewlett-Packard Co., 053.000.013.000] [c:\program files\hp\digital imaging\bin\hpqmirsc.dll] [Hewlett-Packard Co., 053.000.013.000] [c:\program files\hp\digital imaging\bin\zh-chs\hpqmirsc.resources.dll] [ , 50.0.120.0] [c:\windows\assembly\gac\hpqedit\3.0.0.0__a53cf5803f4c3827\hpqedit.dll] [Hewlett-Packard Co., 053.000.013.000] [c:\windows\assembly\gac\hpqvideo\3.0.0.0__a53cf5803f4c3827\hpqvideo.dll] [Hewlett-Packard Co., 053.000.013.000] [c:\windows\assembly\gac\lead.windows.forms.drawingcontainer\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.drawingcontainer.dll] [LEAD Technologies, Inc., 13.0.0.113] [c:\windows\assembly\gac\hpqmdmr\4.0.0.0__a53cf5803f4c3827\hpqmdmr.dll] [Hewlett-Packard Co., 053.000.013.000] [c:\windows\assembly\gac\lead.drawing.imaging.imageprocessing\13.0.0.113__9cf889f53ea9b907\lead.drawing.imaging.imageprocessing.dll] [LEAD Technologies, Inc., 13.0.0.113] [c:\windows\assembly\gac\hpqimlib\3.0.0.0__a53cf5803f4c3827\hpqimlib.dll] [Hewlett-Packard Co., 053.000.013.000] [c:\windows\assembly\gac\hpqedit.resources\3.0.0.0_zh-chs_a53cf5803f4c3827\hpqedit.resources.dll] [ , 50.0.131.0] [c:\windows\assembly\gac\hpqglutl\4.0.0.0__a53cf5803f4c3827\hpqglutl.dll] [Hewlett-Packard Co., 053.000.013.000] [c:\windows\assembly\gac\hpqcc2.resources\3.0.0.0_zh-chs_a53cf5803f4c3827\hpqcc2.resources.dll] [ , 50.0.120.0] [c:\program files\hp\digital imaging\bin\zh-chs\hpqvideo.resources.dll] [ , 50.0.127.0] [c:\windows\assembly\gac\interop.hpqvideo\3.0.0.0__a53cf5803f4c3827\interop.hpqvideo.dll] [Hewlett-Packard Co., 53.0.13.000] [C:\Program Files\HP\Digital Imaging\bin\hpqvdcom.dll] [Hewlett-Packard Co., 53.0.13.000] [c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll] [Microsoft Corporation, 1.1.4322.573] [c:\windows\assembly\gac\hpqprrsc\4.0.0.0__a53cf5803f4c3827\hpqprrsc.dll] [Hewlett-Packard Co., 053.000.013.000] [c:\windows\assembly\gac\hpqprrsc.resources\4.0.0.0_zh-chs_a53cf5803f4c3827\hpqprrsc.resources.dll] [ , 53.0.6.0] [c:\windows\assembly\gac\interop.hprblog\3.0.0.0__a53cf5803f4c3827\interop.hprblog.dll] [ , 3.0.0.0] [c:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll] [Hewlett-Packard Co., 053.000.013.000] [c:\windows\assembly\gac\hpqcprsc.resources\3.0.0.0_zh-chs_a53cf5803f4c3827\hpqcprsc.resources.dll] [Hewlett-Packard Co., 50.0.145.0] [c:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll] [Hewlett-Packard Co., 053.000.013.000] [c:\windows\assembly\gac\hpqisrtb.resources\4.0.0.0_zh-chs_a53cf5803f4c3827\hpqisrtb.resources.dll] [Hewlett-Packard Co., 53.0.13.0] [c:\windows\assembly\gac\hpqbakup\3.0.0.0__a53cf5803f4c3827\hpqbakup.dll] [Hewlett-Packard Co., 053.000.013.000] [c:\windows\assembly\gac\hpqbakup.resources\3.0.0.0_zh-chs_a53cf5803f4c3827\hpqbakup.resources.dll] [ , 50.0.154.0] [c:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll] [Hewlett-Packard Co., 053.000.013.000] [PID: 1432][C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe] [Hewlett-Packard Co., 53.0.13.000] [C:\Program Files\HP\Digital Imaging\bin\hpqmfc09.dll] [Hewlett-Packard Co., 53.0.13.000] [C:\Program Files\HP\Digital Imaging\bin\hpqtap08.dll] [Hewlett-Packard Co., 53.0.13.000] [C:\Program Files\HP\Digital Imaging\bin\hpqcxm08.dll] [Hewlett-Packard Co., 53.0.13.000] [C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.rsc] [Hewlett-Packard Co., 53.0.13.000] [C:\Program Files\HP\Digital Imaging\bin\hpqsti08.dll] [Hewlett-Packard Co., 53.0.13.000] [C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll] [Hewlett-Packard Co., 53.0.13.000] [C:\Program Files\HP\Digital Imaging\bin\hpqstp08.dll] [Hewlett-Packard Co., 53.0.13.000] [C:\Program Files\HP\Digital Imaging\bin\hpodio08.dll] [Hewlett-Packard Co., 53.0.13.000] [C:\Program Files\HP\Digital Imaging\bin\hpocxi08.dll] [Hewlett-Packard Co., 53.0.13.000] [C:\WINDOWS\system32\hpzipr12.dll] [HP, 9, 0, 0, 0] [C:\WINDOWS\system32\hpzidr12.dll] [HP, 9, 0, 0, 0] [C:\Program Files\HP\Digital Imaging\bin\hpqsem08.rsc] [Hewlett-Packard Co., 53.0.13.000] [PID: 1948][C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe] [Hewlett-Packard Co., 53.0.13.000] [C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprbutil.dll] [Hewlett-Packard Co., 53.0.13.000] [PID: 188][C:\WINDOWS\system32\wuauclt.exe] [Microsoft Corporation, 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1356][D:\软件\新建文件夹\sreng980\我爱新郎.com] [Smallfrogs Studio, 2.6.8.980] [PID: 1284][D:\软件\新建文件夹\sreng980\SRE796940c0.EXE] [Smallfrogs Studio, 2.6.8.980] ================================== 文件关联 .TXT Error. [C:\WINDOWS\notepad.exe %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM Error. ["hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 N/A ================================== Autorun.inf N/A ================================== HOSTS 文件 127.0.0.1 localhost 127.0.0.1 gxgxy.net 127.0.0.1 cw.pvs360.com 127.0.0.1 dl.pvs360.com 127.0.0.1 nc.mskess.com 127.0.0.1 pvs360.com 127.0.0.1 windowsupdeta.cn 127.0.0.1 my.531jx.cn 127.0.0.1 llboss.com 127.0.0.1 d2.llsging.com 127.0.0.1 wg.47255.com 127.0.0.1 tp.shpzhan.cn 127.0.0.1 xx.exiao01.com 127.0.0.1 ilove.com 127.0.0.1 www.868wg.com 127.0.0.1 1.jopanqc.com 127.0.0.1 1.jopmmqq.com 127.0.0.1 xtx.kv8.info 127.0.0.1 xxx.vh7.biz 127.0.0.1 d.93se.com 127.0.0.1 xxx.j41m.com 127.0.0.1 xxx.m111.biz 127.0.0.1 www.333292.com 127.0.0.1 qqq.dzydhx.com 127.0.0.1 www.cike007.cn ================================== 进程特权扫描 特殊特权被允许: SeLoadDriverPrivilege [PID = 484, C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE] 特殊特权被允许: SeLoadDriverPrivilege [PID = 1268, C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQIMZONE.EXE] 特殊特权被允许: SeLoadDriverPrivilege [PID = 1432, C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQSTE08.EXE] 特殊特权被允许: SeLoadDriverPrivilege [PID = 1356, D:\软件\新建文件夹\SRENG980\我爱新郎.COM] ================================== API HOOK N/A ================================== 隐藏进程 N/A ================================== [/CODE]