[CODE] 2008-07-12,20:31:51 System Repair Engineer 2.6.11.992 Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能以下内容被选中：所有的启动项目（包括注册表、启动文件夹、服务等）浏览器加载项正在运行的进程（包括进程模块信息）文件关联 Winsock 提供者 Autorun.inf HOSTS 文件进程特权扫描启动项目注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] [] [(Verified)Microsoft Windows Hardware Compatibility Publisher] [File is missing] <"C:\Program Files\Rising\Rav\RavTask.exe" -system> [(Verified)Beijing Rising Science and Technology Corporation Limited] <"C:\Program Files\Rising\AntiSpyware\runiep.exe" /startup> [Beijing Rising Technology Co., Ltd.] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] [Beijing Rising Technology Co., Ltd.] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Component Publisher] [(Verified)Microsoft Windows Publisher] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}> [Beijing Rising Technology Co., Ltd.] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] <%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing] ================================== 启动文件夹 [QQ游戏启动加速程序] C:\PROGRA~1\Tencent\QQGAME\Accel.exe [深圳市腾讯计算机系统有限公司]> ================================== 服务 [Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start] [BlueSoleil Hid Service / BlueSoleil Hid Service][Running/Auto Start] [Rising Process Communication Center / RsCCenter][Running/Auto Start] <"C:\Program Files\Rising\Rav\CCenter.exe"> [Rising RealTime Monitor / RsRavMon][Stopped/Auto Start] <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"> ================================== 驱动程序 [Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start] [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start] [AliIde / AliIde][Running/Boot Start] <\SystemRoot\System32\DRIVERS\aliide.sys> [AMD K8 Processor Driver / AmdK8][Stopped/Manual Start] [ati2mtag / ati2mtag][Running/Manual Start] [Bluetooth Audio Service / BlueletAudio][Running/Manual Start] [Bluetooth PAN Network Adapter / BT][Stopped/Manual Start] [Bluetooth USB For Bluetooth Service / Btcsrusb][Stopped/Manual Start] [Bluetooth HID Enumerator / BTHidEnum][Running/Manual Start] [Bluetooth HID Manager Service / BTHidMgr][Running/Boot Start] <\SystemRoot\System32\Drivers\BTHidMgr.sys> [CmdIde / CmdIde][Running/Boot Start] <\SystemRoot\System32\DRIVERS\cmdide.sys> [VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start] [HookCont / HookCont][Running/System Start] <\SystemRoot\system32\drivers\HookCont.sys> [HookNtos / HookNtos][Running/System Start] <\SystemRoot\system32\drivers\HookNtos.sys> [HookReg / HookReg][Running/System Start] <\SystemRoot\system32\drivers\HookReg.sys> [HookSys / HookSys][Running/System Start] <\SystemRoot\system32\drivers\HookSys.sys> [KAVBootC / KAVBootC][Running/Boot Start] <\SystemRoot\system32\Drivers\KAVBootC.sys> [KAVSafe / KAVSafe][Running/Auto Start] <\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys> [npkcrypt / npkcrypt][Stopped/Auto Start] <\??\C:\Program Files\QQ2006\npkcrypt.sys> [nv / nv][Stopped/Manual Start] [NVATABUS / NVATABUS][Running/Boot Start] <\SystemRoot\System32\DRIVERS\NVATABUS.SYS> [NVIDIA nForce Networking Controller Driver / NVENETFD][Running/Manual Start] [NVIDIA Network Bus Enumerator / nvnetbus][Running/Manual Start] [NVIDIA nForce AGP Bus Filter / nv_agp][Running/Boot Start] <\SystemRoot\system32\DRIVERS\nv_agp.sys> [Direct Parallel Link Driver / Ptilink][Running/Manual Start] [RsAntiSpyware / RsAntiSpyware][Running/Boot Start] <\SystemRoot\system32\drivers\RsBoot.sys> [RsNTGDI / RsNTGDI][Running/Boot Start] <\SystemRoot\system32\Drivers\RsNTGdi.sys> [Secdrv / Secdrv][Stopped/Manual Start] [tes2y29 / tes2y29][Stopped/Disabled] <\SystemRoot\system32\drivers\tes2y29.sys> [Virtual Serial port driver / VComm][Running/Manual Start] [Bluetooth VComm Manager Service / VcommMgr][Running/Manual Start] [Vimicro USB PC Camera (ZC0301PL) / ZSMC301b][Running/Manual Start] [zttni / zttnid][Stopped/Disabled] <\SystemRoot\System32\DRIVERS\zttnid.sys> ================================== 浏览器加载项 [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} [kingsoft browser shield] {D963BE1A-6B35-47DB-B002-49FAE71D85CC} [浩方对战平台] {0A155D3C-68E2-4215-A47A-E800A446447A} [IEBuddyExtControl Class] {3AECD3C1-7085-4731-96DC-47B6CF7EF749} [EditCtrl Class] {488A4255-3236-44B3-8F27-FA1AECAA8844} [AxSubmitControl Class] {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} [Tencent Safety Online Base Module] {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} [PasswordEditCtrl Class] {E787FD25-8D7C-4693-AE67-9406BC6E22DF} [iTrusPTA Class] {1E0DFFCF-27FF-4574-849B-55007349FEDA} [RealPlayer RAM Download Handler] {2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} [IEBuddyExtControl Class] {3AECD3C1-7085-4731-96DC-47B6CF7EF749} [EditCtrl Class] {488A4255-3236-44B3-8F27-FA1AECAA8844} [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} [WangWangObj Class] {6E213FC7-DD5A-4115-B7E6-D4C7838C361E} [AxInputControl Class] {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} [Microsoft Web 浏览器] {8856F961-340A-11D0-A96B-00C04FD705A2} [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} [AxSubmitControl Class] {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A> [RDS.DataSpace] {BD96C556-65A3-11D0-983A-00C04FC29E36} [Tencent Safety Online Base Module] {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} [RealPlayer G2 Control] {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [kingsoft browser shield] {D963BE1A-6B35-47DB-B002-49FAE71D85CC} [PasswordEditCtrl Class] {E787FD25-8D7C-4693-AE67-9406BC6E22DF} [使用迅雷下载] [使用迅雷下载全部链接] [导出到 Microsoft Office Excel(&X)] ================================== 正在运行的进程 [PID: 636 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 716 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 744 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 19] [C:\WINDOWS\system32\Ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4146] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 792 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 804 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 960 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4146] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 19] [C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2504] [PID: 976 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1052 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1140 / SYSTEM][C:\Program Files\Rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.28] [PID: 1156 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3] [C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)] [PID: 1252 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4146] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 19] [C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2504] [C:\WINDOWS\system32\ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4146] [PID: 1292 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1332 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1504 / SYSTEM][C:\PROGRAM FILES\RISING\RAV\ravmond.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.76] [C:\PROGRAM FILES\RISING\RAV\BWList.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.4] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.0] [C:\PROGRAM FILES\RISING\RAV\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.18] [C:\PROGRAM FILES\RISING\RAV\RsLog.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.35] [C:\PROGRAM FILES\RISING\RAV\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\PROGRAM FILES\RISING\RAV\MonRule.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.29] [C:\PROGRAM FILES\RISING\RAV\Hooksys.dll] [Beijing Rising Technology Co., Ltd, 22, 0, 0, 9] [C:\PROGRAM FILES\RISING\RAV\HookReg.dll] [Beijing Rising Technology Co., Ltd, 22, 0, 0, 4] [C:\PROGRAM FILES\RISING\RAV\HookNtos.dll] [Beijing Rising Technology Co., Ltd, 22, 0, 0, 2] [C:\PROGRAM FILES\RISING\RAV\rswalmon.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 22] [C:\PROGRAM FILES\RISING\RAV\recomp.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 39] [C:\PROGRAM FILES\RISING\RAV\refs.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 17] [C:\PROGRAM FILES\RISING\RAV\ffr.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 15] [C:\Program Files\Rising\Rav\RsStore.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.8] [C:\PROGRAM FILES\RISING\RAV\HookCont.dll] [Beijing Rising Technology Co., Ltd, 22, 0, 0, 1] [C:\Program Files\Rising\Rav\fakescan.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.13] [C:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.36] [C:\PROGRAM FILES\RISING\RAV\viruslib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26] [C:\PROGRAM FILES\RISING\RAV\relibldr.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [C:\PROGRAM FILES\RISING\RAV\HookWeb.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.2] [C:\PROGRAM FILES\RISING\RAV\nvfile.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 6] [C:\PROGRAM FILES\RISING\RAV\scanexec.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\PROGRAM FILES\RISING\RAV\unexe.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 5] [C:\PROGRAM FILES\RISING\RAV\scanex.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 80] [C:\PROGRAM FILES\RISING\RAV\pearc.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 5] [C:\PROGRAM FILES\RISING\RAV\extfile.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 29] [C:\PROGRAM FILES\RISING\RAV\scanpack.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9] [C:\PROGRAM FILES\RISING\RAV\revm.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 8] [C:\PROGRAM FILES\RISING\RAV\urutils.dll] [, 20, 0, 0, 6] [C:\PROGRAM FILES\RISING\RAV\ur000.dat] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 18] [C:\PROGRAM FILES\RISING\RAV\scriptci.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3] [C:\PROGRAM FILES\RISING\RAV\uroutine.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26] [C:\PROGRAM FILES\RISING\RAV\scansct.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9] [C:\PROGRAM FILES\RISING\RAV\extole.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 12] [C:\PROGRAM FILES\RISING\RAV\ur023.dat] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 1] [C:\PROGRAM FILES\RISING\RAV\extmail.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9] [C:\PROGRAM FILES\RISING\RAV\ur001.dat] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3] [PID: 1684 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 19] [C:\WINDOWS\system32\shlhook.dll] [Beijing Rising Technology Co., Ltd., 4.0.0.9] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\Program Files\Thunder\ComDlls\XunLeiBHO_002.dll] [Thunder Networking Technologies,LTD, 5, 0, 0, 2] [C:\Program Files\WinRAR\rarext.dll] [N/A, ] [C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.17] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510] [PID: 1788 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 19] [PID: 184 / SYSTEM][C:\PROGRAM FILES\RISING\RAV\RavStub.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.9] [C:\PROGRAM FILES\RISING\RAV\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [PID: 356 / SYSTEM][C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe] [N/A, ] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 19] [PID: 516 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 548 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 19] [PID: 260 / Administrator][C:\WINDOWS\SOUNDMAN.EXE] [Realtek Semiconductor Corp., 5, 1, 0, 52] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 19] [PID: 388 / Administrator][C:\WINDOWS\VM_STI.EXE] [Vimicro, 4, 2, 1124, 6] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 19] [C:\WINDOWS\system32\msdmo.dll] [, ] [C:\WINDOWS\system32\VM31bPrp.Ax] [Vimicro, 1.00.01.00] [PID: 688 / Administrator][C:\Program Files\Rising\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.23] [C:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 20.0.0.0] [C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.18] [PID: 692 / Administrator][C:\Program Files\Rising\AntiSpyware\runiep.exe] [Beijing Rising Technology Co., Ltd., 5.0.0.16] [C:\Program Files\Rising\AntiSpyware\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Rising\AntiSpyware\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 19] [PID: 704 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 19] [PID: 768 / Administrator][C:\Program Files\Rising\Rav\Ravmon.exe] [Beijing Rising Technology Co., Ltd., 20.0.01.19] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [C:\Program Files\Rising\Rav\recomp.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 39] [C:\Program Files\Rising\Rav\refs.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 17] [C:\Program Files\Rising\Rav\viruslib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26] [C:\Program Files\Rising\Rav\relibldr.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [C:\Program Files\Rising\Rav\RSAPPMGR.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.0] [C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.18] [C:\Program Files\Rising\Rav\MonRule.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.29] [C:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4] [C:\Program Files\Rising\Rav\Rsguilib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 89] [C:\Program Files\Rising\Rav\RsXML.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0] [PID: 2340 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\System32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 19] [PID: 3020 / Administrator][E:\Program Files\Tencent\TXPlatform.exe] [Tencent, 1, 0, 170, 0] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 19] [PID: 3400 / Administrator][D:\Program Files\WangWang\WangWang.exe] [阿里巴巴软件(上海)有限公司, 5, 7, 0, 4] [D:\Program Files\WangWang\AliViewCtrl.dll] [ 阿里巴巴软件(上海)有限公司, 1, 0, 0, 2] [D:\Program Files\WangWang\VLNetwork.dll] [阿里巴巴软件(上海)有限公司, 1, 0, 0, 6] [D:\Program Files\WangWang\MFC80.DLL] [Microsoft Corporation, 8.00.50727.762] [D:\Program Files\WangWang\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762] [D:\Program Files\WangWang\MSVCP80.dll] [Microsoft Corporation, 8.00.50727.762] [D:\Program Files\WangWang\AliViewMedia.dll] [ 阿里巴巴软件(上海)有限公司, 1, 0, 0, 2] [D:\Program Files\WangWang\VideoCap.dll] [ 阿里巴巴软件(上海)有限公司, 1, 0, 0, 4] [D:\Program Files\WangWang\VLAudio.dll] [ 阿里巴巴软件(上海)有限公司, 1, 0, 0, 5] [D:\Program Files\WangWang\JsmShow.dll] [ 阿里巴巴软件(上海)有限公司, 1, 0, 0, 4] [D:\Program Files\WangWang\AliSkin.dll] [阿里巴巴软件(上海)有限公司, 1.0.0.1] [D:\Program Files\WangWang\PngLib.dll] [阿里巴巴软件（上海）有限公司, 1, 0, 0, 1] [D:\Program Files\WangWang\zlib.dll] [, 1.2.3] [D:\Program Files\WangWang\ww_network.dll] [, 2, 1, 0, 1] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 19] [D:\Program Files\WangWang\MFC80CHS.DLL] [Microsoft Corporation, 8.00.50727.762] [D:\Program Files\WangWang\Ali_Res.DLL] [N/A, ] [C:\WINDOWS\system32\aliedit\aliedit.dll] [, 2, 1, 2, 1] [D:\Program Files\WangWang\WangWangX6.dll] [阿里巴巴软件(上海)有限公司, 1, 0, 0, 5] [D:\Program Files\WangWang\RICHED32.DLL] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [D:\Program Files\WangWang\RICHED20.dll] [Microsoft Corporation, 5.30.23.1221] [D:\Program Files\WangWang\RichOne.dll] [阿里巴巴软件(上海)有限公司, 1.0.0.1] [D:\Program Files\WangWang\TBProgress.dll] [阿里巴巴软件(上海)有限公司, 1.0.0.1] [D:\Program Files\WangWang\MessageNotify.dll] [, 1, 0, 0, 1] [C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\msdmo.dll] [, ] [D:\Program Files\WangWang\Scan_Lib\DBUpdate.dll] [N/A, ] [PID: 2588 / Administrator][D:\Program Files\浩方对战平台\GameClient.exe] [上海浩方在线信息技术有限公司, 4.8.3.530] [D:\Program Files\浩方对战平台\GameShell.dll] [上海浩方在线信息技术有限公司, 4.8.3.0] [D:\Program Files\浩方对战平台\Proxy.dll] [上海浩方在线信息技术有限公司, 4.8.0.0] [D:\Program Files\浩方对战平台\MFC42.DLL] [Microsoft Corporation, 6.02.4131.0] [D:\Program Files\浩方对战平台\MeteorCheck.dll] [N/A, ] [D:\Program Files\浩方对战平台\ComCtrlLib.dll] [上海浩方在线信息技术有限公司, 4.8.1.0] [D:\Program Files\浩方对战平台\SkinPlusPlusDLL.dll] [上海浩方在线信息技术有限公司, 4.8.1.0] [D:\Program Files\浩方对战平台\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0] [D:\Program Files\浩方对战平台\GameData.dll] [上海浩方在线信息技术有限公司, 4.8.1.0] [D:\Program Files\浩方对战平台\UserAvatar.dll] [上海浩方在线信息技术有限公司, 4.8.0.0] [D:\Program Files\浩方对战平台\IShowSocket.dll] [上海浩方在线信息技术有限公司, 4.8.0.0] [D:\Program Files\浩方对战平台\SystemInfo.dll] [N/A, ] [D:\Program Files\浩方对战平台\HFIM.dll] [上海浩方在线信息技术有限公司, 4.8.3.0] [D:\Program Files\浩方对战平台\EzImClientModule.dll] [SNDA, 1.0.0.13] [D:\Program Files\浩方对战平台\UDPStream.dll] [SNDA, 1.0.0.5] [D:\Program Files\浩方对战平台\NetLib.dll] [SNDA, 1.0.0.5] [D:\Program Files\浩方对战平台\UserData.dll] [N/A, ] [D:\Program Files\浩方对战平台\UserList.dll] [N/A, ] [D:\Program Files\浩方对战平台\UserAccount.dll] [N/A, ] [D:\Program Files\浩方对战平台\HFUShell.dll] [上海浩方在线信息技术有限公司, 1.0.0.12] [D:\Program Files\浩方对战平台\SDUCore.dll] [Shanda Networking Co.,Ltd, 1.0.0.11] [D:\Program Files\浩方对战平台\HFWordCheck.dll] [上海浩方在线信息技术有限公司, 1.0.0.4] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 19] [D:\Program Files\浩方对战平台\GameRes.dll] [上海浩方在线信息技术有限公司, 4.8.3.0] [D:\Program Files\浩方对战平台\RICHED32.DLL] [Microsoft Corporation, 5.00.2134.1] [D:\Program Files\浩方对战平台\RICHED20.dll] [Microsoft Corporation, 5.30.23.1205] [D:\Program Files\浩方对战平台\AdsManager.dll] [上海浩方在线信息技术有限公司, 4.8.0.0] [C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [D:\Program Files\浩方对战平台\GHDx8.dll] [, 1, 8, 5, 8] [D:\Program Files\浩方对战平台\d3dx9_37.dll] [Microsoft Corporation, 9.22.949.2248] [D:\Program Files\浩方对战平台\GGWAR3.dll] [, 1, 8, 2, 22] [D:\Program Files\浩方对战平台\FNWar3.dll] [上海浩方在线信息技术有限公司, 4. 8. 3. 0] [PID: 2372 / Administrator][C:\Documents and Settings\Administrator\桌面\魔兽工具\小键盘修改.exe] [N/A, ] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 19] [PID: 1820 / Administrator][D:\Program Files\WangWang\WangWang.exe] [阿里巴巴软件(上海)有限公司, 5, 7, 0, 4] [D:\Program Files\WangWang\AliViewCtrl.dll] [ 阿里巴巴软件(上海)有限公司, 1, 0, 0, 2] [D:\Program Files\WangWang\VLNetwork.dll] [阿里巴巴软件(上海)有限公司, 1, 0, 0, 6] [D:\Program Files\WangWang\MFC80.DLL] [Microsoft Corporation, 8.00.50727.762] [D:\Program Files\WangWang\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762] [D:\Program Files\WangWang\MSVCP80.dll] [Microsoft Corporation, 8.00.50727.762] [D:\Program Files\WangWang\AliViewMedia.dll] [ 阿里巴巴软件(上海)有限公司, 1, 0, 0, 2] [D:\Program Files\WangWang\VideoCap.dll] [ 阿里巴巴软件(上海)有限公司, 1, 0, 0, 4] [D:\Program Files\WangWang\VLAudio.dll] [ 阿里巴巴软件(上海)有限公司, 1, 0, 0, 5] [D:\Program Files\WangWang\JsmShow.dll] [ 阿里巴巴软件(上海)有限公司, 1, 0, 0, 4] [D:\Program Files\WangWang\AliSkin.dll] [阿里巴巴软件(上海)有限公司, 1.0.0.1] [D:\Program Files\WangWang\PngLib.dll] [阿里巴巴软件（上海）有限公司, 1, 0, 0, 1] [D:\Program Files\WangWang\zlib.dll] [, 1.2.3] [D:\Program Files\WangWang\ww_network.dll] [, 2, 1, 0, 1] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 19] [D:\Program Files\WangWang\MFC80CHS.DLL] [Microsoft Corporation, 8.00.50727.762] [D:\Program Files\WangWang\Ali_Res.DLL] [N/A, ] [C:\WINDOWS\system32\aliedit\aliedit.dll] [, 2, 1, 2, 1] [D:\Program Files\WangWang\WangWangX6.dll] [阿里巴巴软件(上海)有限公司, 1, 0, 0, 5] [D:\Program Files\WangWang\RICHED32.DLL] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [D:\Program Files\WangWang\RICHED20.dll] [Microsoft Corporation, 5.30.23.1221] [D:\Program Files\WangWang\RichOne.dll] [阿里巴巴软件(上海)有限公司, 1.0.0.1] [D:\Program Files\WangWang\TBProgress.dll] [阿里巴巴软件(上海)有限公司, 1.0.0.1] [D:\Program Files\WangWang\MessageNotify.dll] [, 1, 0, 0, 1] [C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\msdmo.dll] [, ] [D:\Program Files\WangWang\Scan_Lib\DBUpdate.dll] [N/A, ] [PID: 1008 / Administrator][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 19] [C:\Program Files\Thunder\ComDlls\XunLeiBHO_002.dll] [Thunder Networking Technologies,LTD, 5, 0, 0, 2] [C:\Program Files\Kingsoft Antispy\KASBrowserShield.DLL] [Kingsoft Corporation, 2008,04,15,2] [C:\Program Files\Kingsoft Antispy\IEBuddy.dll] [Kingsoft Corporation, 2008,04,15,2] [C:\Program Files\Kingsoft Antispy\IEBuddyExt.DLL] [Kingsoft Corporation, 2008,06,24,415] [C:\Program Files\Kingsoft Antispy\MFC80U.DLL] [Microsoft Corporation, 8.00.50727.762] [C:\Program Files\Kingsoft Antispy\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762] [C:\Program Files\Kingsoft Antispy\MSVCP80.dll] [Microsoft Corporation, 8.00.50727.762] [C:\Program Files\Kingsoft Antispy\kis.dll] [Kingsoft Corporation, 2008,04,21,362] [C:\Program Files\Kingsoft Antispy\KANTray.dll] [Kingsoft Corporation, 2008,06,24,415] [C:\Program Files\Kingsoft Antispy\KAVAFish.DLL] [Kingsoft Corporation, 2008,06,24,415] [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510] [C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx] [Adobe Systems, Inc., 9,0,124,0] [C:\WINDOWS\system32\JPWB.IME] [常诚研制, 4.00.950] [PID: 3336 / SYSTEM][C:\WINDOWS\system32\wuauclt.exe] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 19] [C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)] [PID: 2604 / Administrator][C:\Documents and Settings\Administrator\桌面\sreng992\SREngLdr.EXE] [Smallfrogs Studio, 2.6.11.992] [PID: 3312 / Administrator][C:\Documents and Settings\Administrator\桌面\sreng992\SRE9b4eb966.EXE] [Smallfrogs Studio, 2.6.11.992] [C:\Documents and Settings\Administrator\桌面\sreng992\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15] ================================== 文件关联 .TXT Error. [C:\WINDOWS\notepad.exe %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM Error. ["hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 N/A ================================== Autorun.inf N/A ================================== HOSTS 文件 127.0.0.1 localhost 0.0.0.0 182838.com 0.0.0.0 204.177.92.68 0.0.0.0 asiafriendfinder.com 0.0.0.0 asqin123.51.net 0.0.0.0 babe520.5188.org 0.0.0.0 music.feifa.com 0.0.0.0 music.v111.com 0.0.0.0 www.jpbeauty.com 0.0.0.0 beautishow.com 0.0.0.0 goodmovies88.com 0.0.0.0 hothack.home.chinaren.com 0.0.0.0 hualiao.net 0.0.0.0 iplus.allyes.com 0.0.0.0 jjkafei.longcity.net 0.0.0.0 kaomm.8m.cn 0.0.0.0 l3iaoliao.com 0.0.0.0 lingaonbvm.myrice.com 0.0.0.0 lovejava.boy.net.cn 0.0.0.0 love7liao.com 0.0.0.0 asqin123.51.net 0.0.0.0 babe520.5188.org 0.0.0.0 music.feifa.com 0.0.0.0 jjkafei.longcity.net 0.0.0.0 kaomm.8m.cn 0.0.0.0 l3iaoliao.com 0.0.0.0 l3iaoliao.com 0.0.0.0 lingaonbvm.myrice.com 0.0.0.0 lovejava.boy.net.cn 0.0.0.0 love7liao.com 0.0.0.0 babe520.5188.org 0.0.0.0 music.feifa.com 0.0.0.0 music.v111.com 0.0.0.0 babe520.5188.org 0.0.0.0 music.feifa.com 0.0.0.0 jjkafei.longcity.net 0.0.0.0 kaomm.8m.cn 0.0.0.0 l3iaoliao.com 0.0.0.0 l3iaoliao.com 0.0.0.0 lingaonbvm.myrice.com 0.0.0.0 lovejava.boy.net.cn 0.0.0.0 love7liao.com 0.0.0.0 babe520.5188.org 0.0.0.0 music.feifa.com 0.0.0.0 music.v111.com 219.153.32.215 auto.search.msn.com ================================== 进程特权扫描特殊特权被允许： SeLoadDriverPrivilege [PID = 356, C:\PROGRAM FILES\IVT CORPORATION\BLUESOLEIL\BTNTSERVICE.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 692, C:\PROGRAM FILES\RISING\ANTISPYWARE\RUNIEP.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 2372, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\魔兽工具\小键盘修改.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 2604, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\SRENG992\SRENGLDR.EXE] ================================== API HOOK N/A ================================== 隐藏进程 N/A ================================== [/CODE]