[CODE] 2008-07-21,10:34:08 System Repair Engineer 2..4 Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 3 (Build 2600) - 管理权限用户 - 完整功能以下内容被选中：所有的启动项目（包括注册表、启动文件夹、服务等）浏览器加载项正在运行的进程（包括进程模块信息）文件关联 Winsock 提供者 Autorun.inf HOSTS 文件启动项目注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background> [(Verified)Microsoft Corporation] <; C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Component Publisher] <; D:\tool\提醒软件\Sticker\sticker.exe> [] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <"C:\Program Files\Rising\AntiSpyware\runiep.exe" /startup> [Beijing Rising Technology Co., Ltd.] <"C:\Program Files\Rising\Rav\RavTask.exe" -system> [(Verified)Beijing Rising Science and Technology Corporation Limited] <"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [(Verified)BEIJING RISING SCIENCE AND TECHNOLOGY CORPORATION LIMITED] <; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [(Verified)Microsoft Windows Hardware Compatibility Publisher] <; "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"> [Adobe Systems Inc.] <; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Publisher] <; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit> [(Verified)Microsoft Windows Component Publisher] <; nwiz.exe /install> [] <; C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe> [Hewlett-Packard] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] [Beijing Rising Technology Co., Ltd.] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Component Publisher] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] [Beijing Rising Technology Co., Ltd.] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{32CD708B-60A7-4C00-9377-D73EAA495F0F}> [(Verified)Beijing Rising Science and Technology Corporation Limited] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] [(Verified)Microsoft Corporation] ================================== 启动文件夹 [腾讯TM] C:\PROGRA~1\Tencent\QQ\TMShell.exe [腾讯公司]> ================================== 服务 [Cmb WebProtect Support / CMBWPS][Running/Auto Start] [Human Interface Device Access / HidServ][Stopped/Disabled] %SystemRoot%\System32\hidserv.dll> [NVIDIA Display Driver Service / NVSvc][Running/Auto Start] [P4P Service / P4P Service][Running/Auto Start] [Rising Proxy Service / RfwProxySrv][Running/Auto Start] [Rising Personal Firewall Service / RfwService][Running/Auto Start] [Rising Process Communication Center / RsCCenter][Running/Auto Start] <"C:\Program Files\Rising\Rav\CCenter.exe"> [Rising RealTime Monitor / RsRavMon][Stopped/Auto Start] <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"> [Virtual COM Port To Ethernet / VCom2EthSvc][Running/Auto Start] [WIND0WSINS / WIND0WSINS][Running/Auto Start] ================================== 驱动程序 [AMD Processor Driver / AmdK8][Running/System Start] [Broadcom 440x 10/100 Integrated Controller XP Driver / bcm4sbxp][Running/Manual Start] [USB Serial Converter Driver / FTDIBUS][Stopped/Manual Start] [USB Serial Port Driver / FTSER2K][Stopped/Manual Start] [Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start] [HookCont / HookCont][Running/System Start] <\SystemRoot\system32\drivers\HookCont.sys> [HookNtos / HookNtos][Running/System Start] <\SystemRoot\system32\drivers\HookNtos.sys> [HookReg / HookReg][Running/System Start] <\SystemRoot\system32\drivers\HookReg.sys> [HookSys / HookSys][Running/System Start] <\SystemRoot\system32\drivers\HookSys.sys> [HookUrl / HookUrl][Running/Auto Start] <\??\C:\Program Files\Rising\Rfw\HookUrl.sys> [nv / nv][Running/Manual Start] [Direct Parallel Link Driver / Ptilink][Running/Manual Start] [Rising Rfwbase Driver / RfwBase][Running/Auto Start] [RsAntiSpyware / RsAntiSpyware][Running/Boot Start] <\SystemRoot\system32\drivers\RsBoot.sys> [RsFwDrv / RsFwDrv][Running/System Start] <\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys> [RsNTGDI / RsNTGDI][Running/Boot Start] <\SystemRoot\system32\Drivers\RsNTGdi.sys> [Secdrv / Secdrv][Stopped/Manual Start] [Prolific Serial port driver / Ser2pl][Stopped/Manual Start] [SigmaTel High Definition Audio CODEC / STHDA][Running/Manual Start] [Virtual COM / VCom2Eth][Running/Manual Start] [WinDriver6 / WinDriver6][Running/Manual Start] ================================== 浏览器加载项 [Thunder Browser Helper] {06849E9E-C8D7-4D59-B87D-784B7D6BE0B3} <, N/A> [AcroIEHlprObj Class] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <, N/A> [FG2CatchUrl] {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} [WebProtect] {53763D1D-9CA8-4C7C-9756-A8E6B8FC063B} [Adobe PDF Conversion Toolbar Helper] {AE7CD045-E861-484f-8273-0445EE161910} [信息检索(&R)] {92780B25-18CC-41C8-B9BE-3C9C571A8263} [] {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A> [Messenger] {FB5F1910-F110-11d2-BB9E-00C04F795683} [Adobe PDF] {47833539-D0C5-4125-9FA8-0819E2EAAC93} [卡卡上网安全助手] {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} [MMCPlayer Class] {05C1004E-2596-48E5-8E26-39362985EEB9} [Office Genuine Advantage Validation Tool] {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} [Edit Class] {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} [Shockwave ActiveX Control] {166B1BCA-3F9C-11CF-8075-444553540000} [Windows Genuine Advantage Validation Tool] {17492023-C23A-453E-A040-C7C580BBF700} [WUWebControl Class] {6414512B-B978-451D-A0D8-FCFDF33E833C} [PicUploadCtrl Class] {BF8C499A-AC6E-4F58-82EA-9E5FCC41C34B} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [Thunder Browser Helper] {06849E9E-C8D7-4D59-B87D-784B7D6BE0B3} <, N/A> [AcroIEHlprObj Class] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <, N/A> [Web Browser Applet Control] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [Edit Class] {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} [FG2CatchUrl] {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} [HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A> [DHTML Edit Control Safe for Scripting for IE5] {2D360201-FFF5-11D1-8D03-00A0C959BC0A} [Adobe PDF] {47833539-D0C5-4125-9FA8-0819E2EAAC93} [XML Document] {48123BC4-99D9-11D1-A6B3-00C04FD91555} [Microsoft Terminal Services Client Control (redist)] {4eb89ff4-7f78-4a0f-8b8d-2bf02e94e4b2} <%systemroot%\system32\mstscax.dll, N/A> [Microsoft Terminal Services Client Control (redist)] {4EDCB26C-D24C-4e72-AF07-B576699AC0DE} <%systemroot%\system32\mstscax.dll, N/A> [HHCtrl Object] {52A2AAAE-085D-4187-97EA-8C30DB990436} [WebProtect] {53763D1D-9CA8-4C7C-9756-A8E6B8FC063B} [Shell Name Space] {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A> [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} [Microsoft Terminal Services Client Control (redist)] {7390f3d8-0439-4c05-91e3-cf5cb290c3d0} <%systemroot%\system32\mstscax.dll, N/A> [Microsoft Terminal Services Client Control (redist)] {7584c670-2274-4efb-b00b-d6aaba6d3850} <%systemroot%\system32\mstscax.dll, N/A> [Microsoft Web 浏览器] {8856F961-340A-11D0-A96B-00C04FD705A2} [Microsoft Terminal Services Client Control (redist)] {9059f30f-4eb1-4bd2-9fdc-36f43a218f4a} <%systemroot%\system32\mstscax.dll, N/A> [Adobe PDF Conversion Toolbar Helper] {AE7CD045-E861-484F-8273-0445EE161910} [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A> [] {B69003B3-C55E-4B48-836C-BC5946FC3B28} [RDS.DataSpace] {BD96C556-65A3-11D0-983A-00C04FC29E36} [AUDIO__MP3 Moniker Class] {CD3AFA76-B84F-48F0-9393-7EDC34128127} [AUDIO__X_MS_WMA Moniker Class] {CD3AFA84-B84F-48F0-9393-7EDC34128127} [VIDEO__X_MS_WMV Moniker Class] {CD3AFA94-B84F-48F0-9393-7EDC34128127} [RealPlayer G2 Control] {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [Invoke Class] {D44A7C31-7D76-4CCE-AB9E-7C0DEE5B8D04} [卡卡上网安全助手] {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} [FG2CatchUrl] {FB5DA724-162B-11D3-8B9B-AA70B4B0B525} [使用快车(Flas&hGet)下载] [使用快车(Flash&Get)下载全部链接] [使用迅雷下载] <, N/A> [使用迅雷下载全部链接] <, N/A> [导出到 Microsoft Office Excel(&X)] [添加到QQ表情] [转换为 Adobe PDF] [转换为现有 PDF] [转换选定的链接为 Adobe PDF] [转换选定的链接为现有 PDF] [转换选项为 Adobe PDF] [转换选项为现有 PDF] [转换链接目标为 Adobe PDF] [转换链接目标为现有 PDF] ================================== 正在运行的进程 [PID: 532][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [PID: 612][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.19] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.7] [PID: 636][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 19] [C:\WINDOWS\system32\WgaLogon.dll] [Microsoft Corporation, 1.7.0018.7] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.19] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.7] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 1868][c:\program files\rising\rfw\rfwstub.exe] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 19] [c:\program files\rising\rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.19] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.7] [PID: 168][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 19] [C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.17] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.19] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.7] [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0] [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.CHS] [Adobe Systems, Inc., 7.0.0.0] [C:\WINDOWS\system32\nvcpl.dll] [NVIDIA Corporation, 6.14.10.9148] [C:\WINDOWS\system32\NVRSZHC.DLL] [NVIDIA Corporation, 6.14.10.9148] [C:\WINDOWS\system32\nvapi.dll] [N/A, ] [C:\WINDOWS\system32\nvshell.dll] [, ] [C:\Program Files\WinRAR\rarext.dll] [N/A, ] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll] [Adobe Systems Inc., 7.0.7.2006011200\0] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.chs] [Adobe Systems Inc., 7.0.0.2004121400\0] [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510] [C:\WINDOWS\system32\msdmo.dll] [, ] [C:\Program Files\MYMPC\codecs\ffdshow.ax] [, 1.0.2.2605] [C:\Program Files\MYMPC\codecs\VSFilter.dll] [Gabest, 1, 0, 1, 2] [C:\Program Files\MYMPC\codecs\TTL2DecodeFilter.dll] [N/A, ] [C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3] [C:\WINDOWS\system32\dfshim.dll] [Microsoft Corporation, 2.0.50727.1433 (REDBITS.050727-1400)] [C:\WINDOWS\system32\mscoree.dll] [Microsoft Corporation, 2.0.50727.1433 (REDBITS.050727-1400)] [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll] [Microsoft Corporation, 2.0.50727.1433 (REDBITS.050727-1400)] [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Shfusion.dll] [Microsoft Corporation, 2.0.50727.1433 (REDBITS.050727-1400)] [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Fusion.dll] [Microsoft Corporation, 2.0.50727.1433 (REDBITS.050727-1400)] [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\culture.dll] [Microsoft Corporation, 2.0.50727.1433 (REDBITS.050727-1400)] [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll] [Microsoft Corporation, 2.0.50727.1433 (REDBITS.050727-1400)] [C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll] [Microsoft Corporation, 8.1.0178.00] [C:\WINDOWS\system32\msadp32.acm] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0845)] [PID: 244][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 19] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.19] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.7] [PID: 408][c:\program files\rising\rfw\RfwMain.exe] [Beijing Rising Technology Co., Ltd., 7.0.1.67] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [c:\program files\rising\rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 88] [C:\WINDOWS\system32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Rising\Rfw\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [c:\program files\rising\rfw\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [c:\program files\rising\rfw\RSAPPMGR.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.0] [c:\program files\rising\rfw\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.18] [c:\program files\rising\rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [c:\program files\rising\rfw\RfwCtrl.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.7] [c:\program files\rising\rfw\RsXML.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0] [c:\program files\rising\rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.19] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.7] [c:\program files\rising\rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.13] [c:\program files\rising\rfw\PSAPI.DLL] [Microsoft Corporation, 4.00] [PID: 1460][C:\Program Files\Rising\AntiSpyware\runiep.exe] [Beijing Rising Technology Co., Ltd., 5.0.0.16] [C:\Program Files\Rising\AntiSpyware\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Rising\AntiSpyware\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 19] [C:\WINDOWS\system32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.17] [PID: 1724][C:\Program Files\Rising\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.23] [C:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 20.0.0.0] [C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.18] [PID: 1600][C:\Program Files\Rising\Rav\Ravmon.exe] [Beijing Rising Technology Co., Ltd., 20.0.01.20] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [C:\Program Files\Rising\Rav\recomp.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 39] [C:\Program Files\Rising\Rav\refs.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 17] [C:\Program Files\Rising\Rav\viruslib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26] [C:\Program Files\Rising\Rav\relibldr.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [C:\Program Files\Rising\Rav\RSAPPMGR.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.0] [C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.18] [C:\Program Files\Rising\Rav\MonRule.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.29] [C:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4] [C:\Program Files\Rising\Rav\Rsguilib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 89] [C:\Program Files\Rising\Rav\RsXML.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0] [PID: 2304][C:\Program Files\Tencent\QQ\TMDlls\TM.exe] [腾讯公司, 0, 0, 0, 0] [C:\Program Files\Tencent\QQ\TMDlls\BasicCtrlDll.dll] [Tencent, 6, 0, 200, 320] [C:\Program Files\Tencent\QQ\TMDlls\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0] [C:\Program Files\Tencent\QQ\TMDlls\QQHelperDll.dll] [, 1, 0, 0, 1] [C:\Program Files\Tencent\QQ\TMDlls\BaseUIClass.dll] [, 1, 0, 0, 1] [C:\Program Files\Tencent\QQ\TMDlls\BaseCtrlClass.dll] [, 1, 0, 0, 1] [C:\Program Files\Tencent\QQ\TMDlls\QQBaseClassInDll.dll] [, 1, 0, 0, 1] [C:\Program Files\Tencent\QQ\TMDlls\gdiplus.dll] [Microsoft Corporation, 5.1.3102.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Tencent\QQ\TMDlls\QQZip.dll] [tencent, 0, 3, 2, 4] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 19] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.19] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.7] [C:\Program Files\Tencent\QQ\TMDlls\ImageOle.dll] [TODO: , 1.0.0.1] [C:\Program Files\Tencent\QQ\TMDlls\RICHED20.DLL] [Microsoft Corporation, 5.31.23.1218] [C:\Program Files\Tencent\QQ\TMDlls\RICHED32.DLL] [Microsoft Corporation, 5.00.2134.1] [C:\Program Files\Tencent\QQ\TMDlls\QQAPI.dll] [, 1, 0, 0, 1] [C:\Program Files\Tencent\QQ\TMDlls\TIMProxy.dll] [tencent, 0, 3, 2, 4] [C:\Program Files\Tencent\QQ\TMDlls\CQQApplication.dll] [N/A, ] [C:\Program Files\Tencent\QQ\TMDlls\QQRes.dll] [N/A, ] [C:\Program Files\Tencent\QQ\TMDlls\WizardCtrl.dll] [Tencent, 1, 0, 0, 1] [C:\Program Files\Tencent\QQ\TMDlls\HostingMgr.dll] [, 1, 0, 0, 1] [C:\Program Files\Tencent\QQ\TMDlls\QQMainFrame.dll] [TENCENT, 1, 0, 0, 1] [C:\WINDOWS\system32\msdmo.dll] [, ] [C:\Program Files\Tencent\QQ\TMDlls\NewSkin.dll] [, 1, 0, 0, 1] [C:\Program Files\Tencent\QQ\TMDlls\MailSummary.dll] [, 1, 0, 0, 1] [C:\Program Files\Tencent\QQ\TMDlls\FrameBar.dll] [, 1, 0, 0, 1] [C:\Program Files\Tencent\QQ\TMDlls\QQConfigPlugin.dll] [, 1, 0, 0, 1] [C:\Program Files\Tencent\QQ\TMDlls\CameraDll.dll] [, 1, 0, 0, 1] [C:\Program Files\Tencent\QQ\TMDlls\UserRelationWeight.dll] [, 1, 0, 0, 1] [C:\Program Files\Tencent\QQ\TMDlls\vbscript.dll] [Microsoft Corporation, 5.6.0.7426] [C:\Program Files\Tencent\QQ\TMDlls\CommercesMng.dll] [, 1, 0, 0, 1] [C:\Program Files\Tencent\QQ\TMDlls\QQGroupMng.dll] [, 1, 0, 0, 1] [C:\Program Files\Tencent\QQ\TMDlls\MiscCtrl.dll] [, 1, 0, 0, 1] [C:\Program Files\Tencent\QQ\TMDlls\InstantSession.dll] [, 1, 0, 0, 1] [C:\Program Files\Tencent\QQ\TMDlls\LongConnection.dll] [tencent, 5, 0, 200, 160] [C:\Program Files\Tencent\QQ\TMDlls\QQSpace.dll] [, 1, 0, 0, 1] [C:\Program Files\Tencent\QQ\TMDlls\QQAddr.dll] [深圳市腾讯计算机系统有限公司, 0, 3, 0, 44] [C:\Program Files\Tencent\QQ\TMDlls\CustomFace.dll] [, 1, 0, 0, 1] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\msadp32.acm] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0845)] [C:\Program Files\Tencent\QQ\TMDlls\GroupConnection.dll] [Tencent, 0, 3, 3, 5] [PID: 3336][C:\Program Files\Tencent\QQ\TMDlls\TIMPlatform.exe] [tencent, 0, 3, 1, 8] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 19] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.19] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.7] [C:\Program Files\Tencent\QQ\TMDlls\TIMProxy.dll] [tencent, 0, 3, 2, 4] [PID: 1676][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 19] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.19] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.7] [C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll] [Adobe Systems Incorporated, 7.0.9.2006121800] [C:\WINDOWS\system32\ATL71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.CHS] [Adobe Systems Incorporated, 7.0.0.0] [C:\Program Files\FlashGet Network\Flashget\ComDlls\bhoCATCH.dll] [FlashGet, 2, 0, 2, 1011] [C:\Program Files\CMBCHINA\WebProtect\WebProtect.dll] [China Merchants Bank, 1, 0, 0, 1] [C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3] [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510] [C:\WINDOWS\system32\UNISPIM.IME] [北京清华紫光软件股份有限公司, 3.0.0.3045] [C:\WINDOWS\system32\upengine.dll] [北京清华紫光软件股份有限公司, 3.0.0.3045] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx] [Adobe Systems, Inc., 9,0,124,0] [C:\WINDOWS\system32\Macromed\Common\SwSupport.dll] [Adobe Systems, Inc., 10.2r23] [PID: 584][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 19] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.19] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.7] [C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll] [Adobe Systems Incorporated, 7.0.9.2006121800] [C:\WINDOWS\system32\ATL71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.CHS] [Adobe Systems Incorporated, 7.0.0.0] [C:\Program Files\FlashGet Network\Flashget\ComDlls\bhoCATCH.dll] [FlashGet, 2, 0, 2, 1011] [C:\Program Files\CMBCHINA\WebProtect\WebProtect.dll] [China Merchants Bank, 1, 0, 0, 1] [C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3] [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx] [Adobe Systems, Inc., 9,0,124,0] [C:\WINDOWS\system32\UNISPIM.IME] [北京清华紫光软件股份有限公司, 3.0.0.3045] [C:\WINDOWS\system32\upengine.dll] [北京清华紫光软件股份有限公司, 3.0.0.3045] [C:\WINDOWS\system32\mscoree.dll] [Microsoft Corporation, 2.0.50727.1433 (REDBITS.050727-1400)] [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll] [Microsoft Corporation, 2.0.50727.1433 (REDBITS.050727-1400)] [C:\WINDOWS\system32\Macromed\Common\SwSupport.dll] [Adobe Systems, Inc., 10.2r23] [PID: 2004][C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE] [Microsoft Corporation, 11.0.8134] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 19] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.19] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.7] [C:\Program Files\Common Files\Microsoft Shared\office11\mso.dll] [Microsoft Corporation, 11.0.8132] [C:\Program Files\Microsoft Office\OFFICE11\GdiPlus.DLL] [Microsoft Corporation, 6.0.3275.0] [C:\PROGRA~1\MICROS~2\OFFICE11\ADDINS\SYMINPUT.DLL] [Microsoft Corporation, 1.02] [C:\WINDOWS\system32\MSVBVM60.DLL] [Microsoft Corporation, 6.00.9802] [C:\Program Files\Common Files\Microsoft Shared\office11\riched20.dll] [Microsoft Corporation, 5.50.99.2010] [C:\Program Files\Adobe\Acrobat 7.0\PDFMaker\Office\PDFMOfficeAddin.dll] [Adobe Systems Incorporated, 7.1.0.0] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Adobe\Acrobat 7.0\PDFMaker\Office\PDFMOfficeAddin.CHS] [Adobe Systems Incorporated, 7, 0, 0, 0] [C:\Program Files\Adobe\Acrobat 7.0\PDFMaker\Common\AdobePDFMakerX.dll] [, ] [C:\Program Files\Adobe\Acrobat 7.0\PDFMaker\Common\AdobePDFMakerX.CHS] [, ] [C:\Program Files\Rising\Rav\RsPlugIn.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.19] [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\SDNT5UI.DLL] [Zenographics, Inc., 5.60.709.0] [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\SDDM32.DLL] [Zenographics, Inc., 5, 60, 2629, 0] [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ZSPOOL.dll] [Zenographics, Inc., 5, 51, 709, 0] [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ZGDI32.dll] [Zenographics, Inc., 5, 60, 709, 0] [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ZTAG32.dll] [Zenographics, Inc., 5, 60, 1210, 0] [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\SDDMUI.DLL] [Zenographics, Inc., 5, 60, 2209, 0] [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\SR32.dll] [Zenographics, Inc., 6, 0, 909, 0] [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\IMFNT5.DLL] [Zenographics, Inc., 0, 3, 2827, 1] [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\Imf32.dll] [Zenographics, Inc., 5, 60, 1204, 0] [C:\Program Files\Microsoft Office\OFFICE11\msostyle.dll] [Microsoft Corporation, 11.0.5510] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 3972][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 19] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.19] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.7] [C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll] [Adobe Systems Incorporated, 7.0.9.2006121800] [C:\WINDOWS\system32\ATL71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.CHS] [Adobe Systems Incorporated, 7.0.0.0] [C:\Program Files\FlashGet Network\Flashget\ComDlls\bhoCATCH.dll] [FlashGet, 2, 0, 2, 1011] [C:\Program Files\CMBCHINA\WebProtect\WebProtect.dll] [China Merchants Bank, 1, 0, 0, 1] [C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3] [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx] [Adobe Systems, Inc., 9,0,124,0] [C:\WINDOWS\system32\Macromed\Common\SwSupport.dll] [Adobe Systems, Inc., 10.2r23] [C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL] [Microsoft Corporation, 11.0.5510] [PID: 1680][C:\WINDOWS\regedit.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 19] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.19] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.7] [PID: 3052][D:\tool\SRE9d2c65c3\修改的2.4版SREng.EXE] [1111, 2..4] [C:\WINDOWS\system32\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 19] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.19] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.7] ================================== 文件关联 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\system32\winhlp32.exe %1] .INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 N/A ================================== Autorun.inf N/A ================================== HOSTS 文件 127.0.0.1 localhost ================================== API HOOK 入口点错误：NtCreateFile (危险等级: 高, 被下面模块所HOOK: Dest Addr: 0x003F42ED) 入口点错误：NtWriteFile (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0x003F438D) 入口点错误：ZwCreateFile (危险等级: 高, 被下面模块所HOOK: Dest Addr: 0x003F42ED) 入口点错误：ZwWriteFile (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0x003F438D) 入口点错误：CreateProcessA (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0x00E91FFD) 入口点错误：CreateProcessW (危险等级: 一般, 被下面模块所HOOK: Dest Addr: 0x00E920E5) ================================== 隐藏进程 N/A ================================== [/CODE]