[CODE]

2008-07-15,09:37:51

System Repair Engineer 2.6.11.992
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><ctfmon.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <Synchronization Manager><mobsync.exe /logon>  [(Verified)Microsoft Windows 2000 Publisher]
    <IgfxTray><C:\WINNT\System32\igfxtray.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <HotKeysCmds><C:\WINNT\System32\hkcmd.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <SoundMan><SOUNDMAN.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
    <RavTray><"C:\Program Files\Rising\Rav\RavTray.exe">  [(Verified)BEIJING RISING SCIENCE AND TECHNOLOGY CORPORATION LIMITED]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
    <360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <runeip><"C:\Program Files\Rising\AntiSpyware\runiep.exe" /startup>  [Beijing Rising Technology Co., Ltd.]
    <StormCodec_Helper><"C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti>  []
    <MINI_BFYY><C:\Program Files\Ringz Studio\Storm Downloader\StormDownloader.exe>  [深圳市三代科技开发有限公司]
    <360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <Adobe Reader Speed Launcher><"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe">  [(Verified)"Adobe Systems, Incorporated"]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows 2000 Publisher]
    <Userinit><C:\WINNT\system32\userinit.exe,>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINNT\system32\shlhook.dll>  [Beijing Rising Technology Co., Ltd.]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINNT\system32\RavExt.dll>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer 访问><"C:\WINNT\system32\shmgrate.exe" OCInstallUserConfigIE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express 访问><"C:\WINNT\system32\shmgrate.exe" OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\wmp.inf,PerUserStub>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <Address Book 5><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
    <CRLUpdate><%SystemRoot%\system32\updcrl.exe -e -u %SystemRoot%\system32\verisignpub1.crl>  [File is missing]

==================================
启动文件夹
N/A

==================================
服务
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[RavService / RavService][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\RavService.exe" /service><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
  <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
  <C:\WINNT\System32\svchost.exe -k netsvcs-->C:\WINNT\system32\mspmsnsv.dll><Microsoft Corporation>

==================================
驱动程序
[Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]
  <system32\drivers\ALCXSENS.SYS><Sensaura Ltd>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[dmboot / dmboot][Stopped/Disabled]
  <System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[VIA Rhine Family Fast Ethernet Adapter Driver Service / FETNDISB][Running/Manual Start]
  <System32\DRIVERS\fetnd5b.sys><VIA Technologies, Inc.>
[GMSIPCI / GMSIPCI][Stopped/Manual Start]
  <\??\G:\INSTALL\GMSIPCI.SYS><N/A>
[HOOKAPI / HOOKAPI][Stopped/Manual Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\HookApi.Sys><N/A>
[HookCont / HookCont][Running/System Start]
  <\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Technology Co., Ltd>
[HookNtos / HookNtos][Running/System Start]
  <\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Technology Co., Ltd>
[HookReg / HookReg][Running/System Start]
  <\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Technology Co., Ltd>
[HookSys / HookSys][Running/System Start]
  <\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Technology Co., Ltd>
[HSFHWBS2 / HSFHWBS2][Running/Manual Start]
  <System32\DRIVERS\HSFHWBS2.sys><Conexant Systems>
[HSF_DP / HSF_DP][Running/Manual Start]
  <System32\DRIVERS\HSF_DP.sys><Conexant Systems>
[ialm / ialm][Running/Manual Start]
  <System32\DRIVERS\ialmnt5.sys><Intel Corporation>
[IdeBusDr / IdeBusDr][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\IdeBusDr.sys><Intel Corporation>
[Intel(R) Ultra ATA Controller / IdeChnDr][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\IdeChnDr.sys><Intel Corporation>
[mdmxsdk / mdmxsdk][Running/Auto Start]
  <System32\DRIVERS\mdmxsdk.sys><Conexant>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[NTACCESS / NTACCESS][Stopped/Manual Start]
  <\??\G:\NTACCESS.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[SetupNTGLM7X / SetupNTGLM7X][Stopped/Manual Start]
  <\??\G:\NTGLM7X.sys><N/A>
[winachsf / winachsf][Running/Manual Start]
  <System32\DRIVERS\HSF_CNXT.sys><Conexant Systems>
[Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Running/Manual Start]
  <system32\drivers\ialmsbw.sys><Intel Corporation>
[Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Running/Manual Start]
  <system32\drivers\ialmkchw.sys><Intel Corporation>
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
  <\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心>

==================================
浏览器加载项
[QQCycloneHelper Class]
  {00000000-12C9-4305-82F9-43058F20E8D2} <C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll, 腾讯公司>
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[FG2CatchUrl]
  {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} <C:\Program Files\FlashGet Network\Flashget\ComDlls\bhoCATCH.dll, FlashGet>
[AVG Safe Search]
  {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} <C:\Program Files\AVG\AVG8\avgssie.dll, N/A>
[AVG Security Toolbar]
  {A057A204-BACC-4D26-9990-79A187E2698E} <C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL, N/A>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[金山词霸]
  {9A687CA6-D585-4947-9ED9-BE96071F5CD9} <C:\PROGRA~1\Kingsoft\POWERW~1\XDictExB.dll, 金山软件股份有限公司>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[访问瑞星网站]
  {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E444} <http://www.rising.com.cn/?u=RSTB, N/A>
[访问卡卡社区]
  {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E445} <http://www.ikaka.com/?u=RSTB, N/A>
[@msdxmLC.dll,-1@2052,电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\System32\msdxm.ocx, Microsoft Corporation>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINNT\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[AVG Security Toolbar]
  {A057A204-BACC-4D26-9990-79A187E2698E} <C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL, N/A>
[MMCPlayer Class]
  {05C1004E-2596-48E5-8E26-39362985EEB9} <C:\WINNT\Downloaded Program Files\CONFLICT.1\MMCShell.dll, Sohu.com Inc.>
[YInstStarter Class]
  {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} <C:\PROGRA~1\Yahoo!\common\yinsthelper.dll, Yahoo! Inc.>
[AxSubmitControl Class]
  {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINNT\DOWNLO~1\SUBMIT~1.DLL, >
[LoaderCore Class]
  {98A62E3F-A8C5-4EF0-8A00-C70CF9D18A89} <C:\WINNT\Downloaded Program Files\DLLoader.dll, sohu.com>
[Submit Class]
  {A3CD7F74-93C9-4BC4-B892-CCDF1514F714} <C:\WINNT\Downloaded Program Files\safeInput4jh.dll, Beijing eChannels Century Technology Co.,Ltd>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360.cn>
[FG2CatchUrl]
  {FB5DA724-162B-11D3-8B9B-AA70B4B0B525} <C:\Program Files\FlashGet Network\Flashget\ComDlls\bhoCATCH.dll, FlashGet>
[&使用暴风下载器下载]
  <C:\Program Files\Ringz Studio\Storm Downloader\geturl.htm, N/A>
[&使用超级旋风下载]
  <C:\Program Files\Tencent\QQDownload\geturl.htm, N/A>
[&使用超级旋风下载全部链接]
  <C:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>
[Download Using &BitSpirit]
  <C:\Program Files\BitSpirit\bsurl.htm, N/A>
[使用快车(Flas&hGet)下载]
  <C:\Program Files\FlashGet Network\Flashget\ComDlls\Bholink.htm, N/A>
[使用快车(Flash&Get)下载全部链接]
  <C:\Program Files\FlashGet Network\Flashget\ComDlls\Bhoall.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
  <D:\新建文件夹\AddEmotion.htm, N/A>
[设为 Messenger Live 头像]
  <C:\Program Files\MSNShell\Bin\SetMSNDP.htm, N/A>

==================================
正在运行的进程
[PID: 144][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 168][\??\C:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 188][\??\C:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.00.2195.6997]
    [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
    [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
[PID: 216][C:\WINNT\system32\services.exe]  [Microsoft Corporation, 5.00.2195.7035]
    [C:\WINNT\system32\dmserver.dll]  [VERITAS Software Corp., 2195.6605.297.3]
[PID: 228][C:\WINNT\system32\lsass.exe]  [Microsoft Corporation, 5.00.2195.7011]
[PID: 444][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 476][C:\WINNT\system32\spoolsv.exe]  [Microsoft Corporation, 5.00.2195.7059]
    [C:\WINNT\system32\mdimon.dll]  [Microsoft Corporation, 11.3.1897.0]
    [C:\WINNT\system32\PSNTMON.DLL]  [Microsoft Corporation, 4.00.950]
    [C:\WINNT\system32\spool\PRTPROCS\W32X86\mdippr.dll]  [Microsoft Corporation, 11.3.1897.0]
[PID: 508][C:\WINNT\System32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\System32\unimdm.tsp]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\System32\kmddsp.tsp]  [Microsoft Corporation, 5.00.2150.1]
    [C:\WINNT\System32\ndptsp.tsp]  [Microsoft Corporation, 5.00.2143.1]
    [C:\WINNT\System32\ipconf.tsp]  [Microsoft Corporation, 5.00.2143.1]
    [C:\WINNT\System32\h323.tsp]  [Microsoft Corporation, 5.00.2195.6901]
[PID: 544][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE]  [Microsoft Corporation, 7.00.9466]
    [C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\2052\mdmui.dll]  [Microsoft Corporation, 7.00.9466]
[PID: 660][C:\WINNT\system32\regsvc.exe]  [Microsoft Corporation, 5.00.2195.6701]
[PID: 700][C:\WINNT\system32\MSTask.exe]  [Microsoft Corporation, 4.71.2195.6972]
[PID: 796][C:\WINNT\System32\WBEM\WinMgmt.exe]  [Microsoft Corporation, 1.50.1085.0100]
[PID: 820][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 1068][C:\PROGRAM FILES\RISING\RAV\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.9]
    [C:\PROGRAM FILES\RISING\RAV\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[PID: 436][C:\WINNT\Explorer.EXE]  [Microsoft Corporation, 5.00.3700.6690]
    [C:\WINNT\AppPatch\AcLayers.DLL]  [Microsoft Corporation, 5.00.2195.6717]
    [C:\WINNT\system32\shlhook.dll]  [Beijing Rising Technology Co., Ltd., 4.0.0.9]
    [C:\WINNT\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.17]
    [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
    [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 5, 1002]
    [C:\WINNT\system32\MSCTF.dll]  [Microsoft Corporation, 1.00.2409.41 built by: Lab06_N]
    [C:\WINNT\System32\msimtf.dll]  [Microsoft Corporation, 1.00.2409.41 built by: Lab06_N]
    [C:\WINNT\mui\fallback\0804\msctf.dll.mui]  [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [C:\WINNT\system32\msadp32.acm]  [Microsoft Corporation, 5.00.2134.1]
[PID: 1188][C:\WINNT\System32\igfxtray.exe]  [Intel Corporation, 3,0,0,2104]
    [C:\WINNT\System32\hccutils.DLL]  [Intel Corporation, 3,0,0,2104]
    [C:\WINNT\System32\igfxdev.dll]  [Intel Corporation, 3,0,0,2104]
    [C:\WINNT\System32\igfxsrvc.dll]  [Intel Corporation, 3,0,0,2104]
    [C:\WINNT\System32\igfxres.dll]  [Intel Corporation, 3,0,0,2104]
    [C:\WINNT\System32\igfxress.dll]  [Intel Corporation, 3,0,0,2104]
    [C:\WINNT\system32\MSCTF.dll]  [Microsoft Corporation, 1.00.2409.41 built by: Lab06_N]
[PID: 1180][C:\WINNT\System32\hkcmd.exe]  [Intel Corporation, 3,0,0,2104]
    [C:\WINNT\System32\hccutils.DLL]  [Intel Corporation, 3,0,0,2104]
    [C:\WINNT\System32\igfxdev.dll]  [Intel Corporation, 3,0,0,2104]
    [C:\WINNT\System32\igfxsrvc.dll]  [Intel Corporation, 3,0,0,2104]
    [C:\WINNT\System32\igfxhk.dll]  [Intel Corporation, 3,0,0,2104]
    [C:\WINNT\System32\igfxres.dll]  [Intel Corporation, 3,0,0,2104]
    [C:\WINNT\system32\MSCTF.dll]  [Microsoft Corporation, 1.00.2409.41 built by: Lab06_N]
[PID: 1160][C:\WINNT\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5.1.14]
    [C:\WINNT\system32\MSCTF.dll]  [Microsoft Corporation, 1.00.2409.41 built by: Lab06_N]
[PID: 1352][C:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.22]
    [C:\Program Files\Rising\Rav\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\Program Files\Rising\Rav\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.18]
    [C:\WINNT\system32\MSCTF.dll]  [Microsoft Corporation, 1.00.2409.41 built by: Lab06_N]
[PID: 1328][C:\Program Files\Rising\AntiSpyware\runiep.exe]  [Beijing Rising Technology Co., Ltd., 5.0.0.16]
    [C:\Program Files\Rising\AntiSpyware\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Rising\AntiSpyware\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINNT\system32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 19]
    [C:\WINNT\system32\MSCTF.dll]  [Microsoft Corporation, 1.00.2409.41 built by: Lab06_N]
[PID: 1380][C:\Program Files\Ringz Studio\Storm Downloader\StormDownloader.exe]  [深圳市三代科技开发有限公司, 1, 1, 0, 4]
    [C:\WINNT\system32\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
    [C:\Program Files\Ringz Studio\Storm Downloader\boost_thread-vc6-mt-1_31.dll]  [N/A, ]
    [C:\WINNT\system32\MSCTF.dll]  [Microsoft Corporation, 1.00.2409.41 built by: Lab06_N]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 5, 1002]
[PID: 1404][C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe]  [Adobe Systems Incorporated, 8.0.0.0]
    [C:\WINNT\system32\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.163]
    [C:\WINNT\system32\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.163]
    [C:\WINNT\system32\MSCTF.dll]  [Microsoft Corporation, 1.00.2409.41 built by: Lab06_N]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 5, 1002]
[PID: 1416][C:\WINNT\system32\ctfmon.exe]  [Microsoft Corporation, 1.00.2409.41 built by: Lab06_N]
    [C:\WINNT\system32\MSCTF.dll]  [Microsoft Corporation, 1.00.2409.41 built by: Lab06_N]
    [C:\WINNT\system32\MSUTB.dll]  [Microsoft Corporation, 1.00.2409.41 built by: Lab06_N]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 5, 1002]
    [C:\WINNT\mui\fallback\0804\msutb.dll.mui]  [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
    [C:\WINNT\mui\fallback\0804\msctf.dll.mui]  [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
[PID: 1620][F:\sreng2\SREngLdr.EXE]  [Smallfrogs Studio, 2.6.11.992]
[PID: 1152][F:\sreng2\SRE8f83c270.EXE]  [Smallfrogs Studio, 2.6.11.992]
    [C:\WINNT\system32\MSCTF.dll]  [Microsoft Corporation, 1.00.2409.41 built by: Lab06_N]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 5, 1002]
    [C:\WINNT\mui\fallback\0804\msctf.dll.mui]  [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
    [F:\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
    [C:\WINNT\system32\MSISIP.DLL]  [Microsoft Corporation, 3.1.4000.1823]
    [C:\WINNT\system32\wshCHS.DLL]  [Microsoft Corporation, 5.6.0.6626]
    [C:\PROGRA~1\MICROS~2\OFFICE11\MCPS.DLL]  [Microsoft Corporation, 11.0.5510]

==================================
文件关联
.TXT  Error. [C:\WINNT\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINNT\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1       localhost
127.0.0.1  yu.8s7.net
127.0.0.1  1.jopanqc.com
127.0.0.1  2.joppnqq.com
127.0.0.1  wg.47255.com
127.0.0.1  1.joppnqq.com
127.0.0.1  xxx.m111.biz
127.0.0.1  1.jopenqc.com
127.0.0.1  1.jopenkk.com
127.0.0.1  xxx.vh7.biz
127.0.0.1  xxx.j41m.com
127.0.0.1  3.joppnqq.com
127.0.0.1  d.93se.com
127.0.0.1  www.868wg.com
127.0.0.1  xxx.mmma.biz
127.0.0.1  ilove.com
127.0.0.1  tp.shpzhan.cn
127.0.0.1  www.tomwg.com
127.0.0.1  www.cike007.cn
127.0.0.1  www.22aaa.com
127.0.0.1  xx.exiao01.com
127.0.0.1  www.exiao01.com
127.0.0.1  www.exiao01.com
127.0.0.1  new.749571.com
127.0.0.1  xtx.kv8.info
127.0.0.1  cao.kv8.info
127.0.0.1  1.jopmmqq.com
127.0.0.1  171817.171817.com
127.0.0.1  d2.llsging.com
127.0.0.1  down.malasc.cn
127.0.0.1  llboss.com
127.0.0.1  nx.51ylb.cn
127.0.0.1  my.531jx.cn
127.0.0.1  qqq.dzydhx.com
127.0.0.1  qqq.hao1658.com
127.0.0.1  www.333292.com
127.0.0.1  down.18dd.net
127.0.0.1  up.22x44.com
127.0.0.1  aaa.faba01.com
127.0.0.1  bad.tqdlt.cn
127.0.0.1  1.chsipo.com
127.0.0.1  c3.aishangai.net
127.0.0.1  c2.aishangai.net
127.0.0.1  xxx.188dm.com
127.0.0.1  x2.1a2b3c1.com
127.0.0.1  d1.163500.net
127.0.0.1  down.google-serv.cn
127.0.0.1  gxgxy.net
127.0.0.1  c0mo.com

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 1328, C:\PROGRAM FILES\RISING\ANTISPYWARE\RUNIEP.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1380, C:\PROGRAM FILES\RINGZ STUDIO\STORM DOWNLOADER\STORMDOWNLOADER.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1416, C:\WINNT\SYSTEM32\CTFMON.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1620, F:\SRENG2\SRENGLDR.EXE]

==================================
API HOOK
入口点错误：CreateProcessW (危险等级: 高,  被下面模块所HOOK: C:\Program Files\360safe\safemon\safemon.dll)

==================================
隐藏进程
N/A

==================================


[/CODE]