2000-07-29,09:16:57
System Repair Engineer 2.6.11.992
Smallfrogs (http://www.KZTechs.com)
Windows 2000 Professional Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能
Follow item(s) have been selected:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Running Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Process Privileges Scan
Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
(MsnMsgr)("C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background) [Microsoft Corporation]
(ctfmon.exe)(ctfmon.exe) [N/A]
(internat.exe)(internat.exe) [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
(Synchronization Manager)(mobsync.exe /logon) [(Verified)Microsoft Windows 2000 Publisher]
(RavTask)("C:\Program Files\Rising\Rav\RavTask.exe" -system) [(Verified)Beijing Rising Information Technology Corporation Limited]
(RfwMain)("C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup) [(Verified)Beijing Rising Information Technology Corporation Limited]
(SoundMan)(SOUNDMAN.EXE) [(Verified)Microsoft Windows Hardware Compatibility Publisher]
(runeip)("E:\Program Files\Rising\AntiSpyware\runiep.exe" /startup) [File is missing]
(MsIMMs32)(C:\WINNT\MsIMMs32.exe) [File is missing]
(CNRN)(C:\PROGRA~1\CNRN\RNMain.exe C:\PROGRA~1\CNRN\CNRN.dll,Rundll32) [国风因特软件(北京)有限公司]
(CNRNRNHelper.dll)(C:\PROGRA~1\CNRN\RNMain.exe C:\PROGRA~1\CNRN\RNHelper.dll,Rundll32) [国风因特软件(北京)有限公司]
(IMSCMig)(C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload) [(Verified)Microsoft Corporation]
(HBService)(Rundll32.exe HBmhly.dll,StartService) []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(shell)(Explorer.exe) [(Verified)Microsoft Windows 2000 Publisher]
(Userinit)(C:\WINNT\system32\userinit.exe,) [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
(AppInit_DLLs)(HBmhly.dll) []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
({AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A})() [N/A]
({383D0D27-789F-4543-9760-D4E199623476})() [N/A]
({5A1247C1-53DA-FF43-ABD3-345F323A48D5})(C:\WINNT\system32\avwgemn.dll) [File is missing]
({09F8A0EB-ED61-4714-B0AD-7EAFF5361A8B})(C:\WINNT\system32\zhjtrx.dll) [File is missing]
({B0E4D1E9-3CE5-48A1-8DF0-6463E046E7EF})(C:\WINNT\system32\ucjsyflqwc.dll) [File is missing]
({5859245F-345D-BC13-AC4F-145D47DA34F5})(C:\WINNT\system32\avzxemn.dll) [File is missing]
({32CD708B-60A7-4C00-9377-D73EAA495F0F})(C:\WINNT\system32\RavExt.dll) [(Verified)Beijing Rising Information Technology Corporation Limited]
({D7B21266-AA85-44b8-B516-3B1A69827400})(C:\PROGRA~1\CNRN\RNEvent.dll) [国风因特软件(北京)有限公司]
({DC3D30AE-0380-4151-8934-EE98A34B0370})(C:\WINNT\system32\mfdesy.dll) [File is missing]
({28EB3777-3E23-4E72-8449-A992D09D24C3})(C:\WINNT\system32\zefdst.dll) [File is missing]
({28766E1C-74B0-4417-8C75-F12AE309EF35})(C:\WINNT\system32\wzcfsw.dll) [File is missing]
({18e64250-19a8-4d10-828f-30e101a22291})(C:\WINNT\system32\MMBAIKOK1092.dll) [File is missing]
({461D2AB4-29A5-45C2-9134-D52272D3DE38})(C:\WINNT\system32\rfdswc.dll) [File is missing]
({8c3dd05d-a6a1-4cb5-a714-94be3c3b4cd0})(C:\WINNT\system32\MMHADPQG1091.dll) [File is missing]
({8AD0F1B1-990D-4F52-A33D-2837E43CEF58})(C:\Program Files\Internet Explorer\PLUGINS\DosSys08.Sys) [File is missing]
({d592daa6-9b5e-416d-973a-d76c53183e7e})(C:\WINNT\system32\MMMHXGGD1062.dll) [File is missing]
({E8A3B193-77E3-4FB3-986D-F4FA4828BAFC})(C:\WINNT\system32\wklsdd.dll) [File is missing]
({6E6CA8A1-81BC-4707-A54C-F4903DD70BAD})(C:\WINNT\system32\zgxfdx.dll) [File is missing]
({84143967-B645-4BFF-B873-DA1DC886E9A7})(C:\WINNT\system32\cedafb.dll) [File is missing]
({F99DEFDD-200B-4410-B572-E90883D527D2})(C:\WINNT\system32\wrqszl.dll) [File is missing]
({011DB9B9-44B4-44D9-B17E-BC7608F2E549})(C:\WINNT\system32\cdwqfs.dll) [File is missing]
({841529CB-7F77-4B99-A895-B5441E0D302F})(C:\WINNT\system32\jfrwdh.dll) [File is missing]
({17DFD111-BF3A-4CB4-ADB0-88FCBFE69821})(C:\WINNT\system32\hhrdxd.dll) [File is missing]
({4D165A2A-4BC1-4CA8-8299-08E05AAAB5A4})(C:\WINNT\system32\tdggrz.dll) [File is missing]
({189F087F-4378-405F-85FA-37D955AD7A8C})(C:\WINNT\system32\mtewdh.dll) [File is missing]
({8C41B7F7-3168-400D-A702-0E7EFE0BA304})(C:\WINNT\system32\sgdewg.dll) [File is missing]
({81AF1CF6-D1C9-4C6A-AC01-EDE54E71945B})(C:\WINNT\system32\jfdses.dll) [File is missing]
({C362D1C3-313C-41C8-A0C7-45458CD8D9A9})(C:\WINNT\system32\mghefy.dll) [File is missing]
({C0595A7E-2E2F-4B34-A83A-019270A0A464})(C:\WINNT\system32\tdffdl.dll) [File is missing]
({A9895933-6636-4281-BC58-EE6DE2AF96E3})(C:\WINNT\system32\ddserh.dll) [File is missing]
({0B846B26-BFE6-4E8E-A948-1DB17B77B483})(C:\WINNT\system32\tdfhex.dll) [File is missing]
({EA5D4B0E-B8CE-4761-8C7E-5D26369F0EC6})(C:\WINNT\system32\fsrgeb.dll) [File is missing]
({45AADFAA-DD36-42AB-83AD-0521BBF58C24})(C:\WINNT\system32\zycdex.dll) [File is missing]
({50A8A8C4-EDC9-4ABD-A0A2-2E2418982189})(C:\WINNT\system32\kgfghd.dll) [File is missing]
({259BF3CF-194D-4FE6-9ADB-DE6544B098B6})(C:\WINNT\system32\dndsaf.dll) [File is missing]
({5E907A48-400E-4EA8-9792-FFAE052D59E9})(C:\WINNT\system32\pedadt.dll) [File is missing]
({0086DD39-EB8E-4504-A085-AC8A433E34D0})(C:\WINNT\system32\ydggsx.dll) [File is missing]
({73AE86E6-7F03-4C3B-8980-FB1DA157D3C7})(C:\WINNT\system32\fmcvxy.dll) [File is missing]
({00070007-0007-0007-0007-00070007BB15})(C:\WINNT\system32\dpvvoxmh.dll) [File is missing]
({74381DEC-D78B-43E4-BA5D-5244F669EBE4})(C:\Program Files\Internet Explorer\PLUGINS\UnixSys08.Sys) [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
(kbdswjr)(C:\WINNT\system32\kbdswjr.dll) [File is missing]
(adsntzt)(C:\WINNT\system32\adsntzt.dll) [File is missing]
(cliconfgzx)(C:\WINNT\system32\cliconfgzx.dll) [File is missing]
(rasmanqn3)(C:\WINNT\system32\rasmanqn3.dll) [File is missing]
(dpvvoxmh.dll)(C:\WINNT\system32\dpvvoxmh.dll) [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\){26923b43-4d38-484f-9b9e-de460746276c}]
(Internet Explorer 访问)("C:\WINNT\system32\shmgrate.exe" OCInstallUserConfigIE) [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\){881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
(Outlook Express 访问)("C:\WINNT\system32\shmgrate.exe" OCInstallUserConfigOE) [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
(Microsoft Outlook Express 6)("%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install) [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
(NetMeeting 3.01)(rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT) [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
(MSN Messenger 4.6)(rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\msmsgs.inf,BLC.Remove.PerUser) [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
(Microsoft Windows Media Player)(rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\wmp.inf,PerUserStub) []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
(Address Book 5)("%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install) [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
(N/A)(C:\WINNT\system32\Rundll32.exe C:\WINNT\system32\mscories.dll,Install) [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
(CRLUpdate)(%SystemRoot%\system32\updcrl.exe -e -u %SystemRoot%\system32\verisignpub1.crl) [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe]
(IFEO[360rpt.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safe.exe]
(IFEO[360safe.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safebox.exe]
(IFEO[360safebox.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe]
(IFEO[360tray.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adam.exe]
(IFEO[adam.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AgentSvr.exe]
(IFEO[AgentSvr.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiArp.exe]
(IFEO[AntiArp.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AppSvc32.exe]
(IFEO[AppSvc32.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe]
(IFEO[autoruns.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe]
(IFEO[avconsol.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe]
(IFEO[avgrssvc.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe]
(IFEO[AvMonitor.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com]
(IFEO[avp.com])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe]
(IFEO[avp.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe]
(IFEO[ccSvcHst.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DrvAnti.exe]
(IFEO[DrvAnti.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwadins.exe]
(IFEO[drwadins.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebscd.exe]
(IFEO[drwebscd.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe]
(IFEO[drwebupw.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EGHOST.exe]
(IFEO[EGHOST.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\filemon.exe]
(IFEO[filemon.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FTCleanerShell.exe]
(IFEO[FTCleanerShell.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FYFireWall.exe]
(IFEO[FYFireWall.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFRing3.exe]
(IFEO[GFRing3.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFUpd.exe]
(IFEO[GFUpd.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GuardField.exe]
(IFEO[GuardField.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe]
(IFEO[HijackThis.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IceSword.exe]
(IFEO[IceSword.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmo.exe]
(IFEO[iparmo.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.exe]
(IFEO[Iparmor.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\isPwdSvc.exe]
(IFEO[isPwdSvc.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kabaload.exe]
(IFEO[kabaload.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KaScrScn.SCR]
(IFEO[KaScrScn.SCR])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe]
(IFEO[KASMain.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe]
(IFEO[KASTask.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe]
(IFEO[KAV32.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe]
(IFEO[KAVDX.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPF.exe]
(IFEO[KAVPF.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.exe]
(IFEO[KAVPFW.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVSetup.exe]
(IFEO[KAVSetup.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe]
(IFEO[KAVStart.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KISLnchr.exe]
(IFEO[KISLnchr.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMailMon.exe]
(IFEO[KMailMon.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMFilter.exe]
(IFEO[KMFilter.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe]
(IFEO[KPFW32.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe]
(IFEO[KPFW32X.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPfwSvc.exe]
(IFEO[KPfwSvc.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPPMain.exe]
(IFEO[KPPMain.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRegEx.exe]
(IFEO[KRegEx.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRepair.com]
(IFEO[KRepair.com])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KsLoader.exe]
(IFEO[KsLoader.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVCenter.kxp]
(IFEO[KVCenter.kxp])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvDetect.exe]
(IFEO[KvDetect.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvfwMcl.exe]
(IFEO[KvfwMcl.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.kxp]
(IFEO[KVMonXP.kxp])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP_1.kxp]
(IFEO[KVMonXP_1.kxp])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvol.exe]
(IFEO[kvol.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvolself.exe]
(IFEO[kvolself.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvReport.kxp]
(IFEO[KvReport.kxp])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVScan.kxp]
(IFEO[KVScan.kxp])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.exe]
(IFEO[KVSrvXP.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVStub.kxp]
(IFEO[KVStub.kxp])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvupload.exe]
(IFEO[kvupload.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvwsc.exe]
(IFEO[kvwsc.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP.kxp]
(IFEO[KvXP.kxp])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP_1.kxp]
(IFEO[KvXP_1.kxp])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch.exe]
(IFEO[KWatch.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch9x.exe]
(IFEO[KWatch9x.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatchX.exe]
(IFEO[KWatchX.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MagicSet.exe]
(IFEO[MagicSet.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcconsol.exe]
(IFEO[mcconsol.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmqczj.exe]
(IFEO[mmqczj.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmsk.exe]
(IFEO[mmsk.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe]
(IFEO[Navapsvc.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.exe]
(IFEO[Navapw32.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe]
(IFEO[nod32.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe]
(IFEO[nod32krn.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32kui.exe]
(IFEO[nod32kui.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPFMntor.exe]
(IFEO[NPFMntor.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OllyDBG.EXE]
(IFEO[OllyDBG.EXE])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OllyICE.EXE]
(IFEO[OllyICE.EXE])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFW.exe]
(IFEO[PFW.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFWLiveUpdate.exe]
(IFEO[PFWLiveUpdate.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe]
(IFEO[procexp.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QHSET.exe]
(IFEO[QHSET.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctor.exe]
(IFEO[QQDoctor.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctorMain.exe]
(IFEO[QQDoctorMain.exe])(TASKMAN.EXE) [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQKav.exe]
(IFEO[QQKav.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavXP.exe]
(IFEO[RavXP.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RawCopy.exe]
(IFEO[RawCopy.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regmon.exe]
(IFEO[regmon.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegTool.exe]
(IFEO[RegTool.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwProxy.exe]
(IFEO[rfwProxy.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwstub.exe]
(IFEO[rfwstub.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeboxTray.exe]
(IFEO[safeboxTray.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safelive.exe]
(IFEO[safelive.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe]
(IFEO[scan32.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SelfUpdate.exe]
(IFEO[SelfUpdate.exe])(TASKMAN.EXE) [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shcfg32.exe]
(IFEO[shcfg32.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spiderml.exe]
(IFEO[spiderml.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spidernt.exe]
(IFEO[spidernt.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spiderui.exe]
(IFEO[spiderui.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spml_set.exe]
(IFEO[spml_set.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SREng.EXE]
(IFEO[SREng.EXE])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvc.exe]
(IFEO[symlcsvc.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SysSafe.exe]
(IFEO[SysSafe.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe]
(IFEO[taskmgr.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tqat.exe]
(IFEO[tqat.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojanDetector.exe]
(IFEO[TrojanDetector.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Trojanwall.exe]
(IFEO[Trojanwall.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojDie.kxp]
(IFEO[TrojDie.kxp])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UIHost.exe]
(IFEO[UIHost.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAgent.exe]
(IFEO[UmxAgent.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAttachment.exe]
(IFEO[UmxAttachment.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxCfg.exe]
(IFEO[UmxCfg.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxFwHlp.exe]
(IFEO[UmxFwHlp.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxPol.exe]
(IFEO[UmxPol.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UpLive.exe]
(IFEO[UpLive.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsstat.exe]
(IFEO[vsstat.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webscanx.exe]
(IFEO[webscanx.exe])(ntsd -d) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WoptiClean.exe]
(IFEO[WoptiClean.exe])(ntsd -d) [N/A]
[HKEY_CURRENT_USER\Control Panel\Desktop]
(SCRNSAVE.EXE)(C:\WINNT\system32\Coopen.scr) [File is missing]
Startup Folders
[启动 Outlook Express]
(C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\启动 Outlook Express.lnk --) C:\PROGRA~1\OUTLOO~1\MSIMN.EXE [Microsoft Corporation])(H)
Services
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
(C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe)(Microsoft Corporation)
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
(C:\WINNT\System32\dmadmin.exe /com)(VERITAS Software Corp.)
[E2379CDF / E2379CDF][Stopped/Auto Start]
(C:\WINNT\system32\53D6D4B2.EXE -d)((File is missing))
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
("C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe")(Macrovision Corporation)
[Rising Proxy Service / RfwProxySrv][Stopped/Auto Start]
(c:\program files\rising\rfw\rfwproxy.exe)(Beijing Rising Technology Co., Ltd.)
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
(c:\program files\rising\rfw\rfwsrv.exe)(Beijing Rising Information Technology Co., Ltd.)
[Remote Packet Capture Protocol v.0 (experimental) / rpcapd][Stopped/Manual Start]
("C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini")(N/A)
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
("C:\Program Files\Rising\Rav\CCenter.exe")(Beijing Rising Information Technology Co., Ltd.)
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
("C:\PROGRAM FILES\RISING\RAV\Ravmond.exe")(Beijing Rising Information Technology Co., Ltd.)
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
(C:\WINNT\System32\svchost.exe -k netsvcs--)C:\WINNT\system32\mspmsnsv.dll)(Microsoft Corporation)
Drivers
[360AntiArp / 360AntiArp][Running/System Start]
(\??\C:\WINNT\system32\drivers\360AntiArp.sys)(奇虎网)
[adaadb8095287398 / adaadb8095287398][Stopped/Manual Start]
(\??\C:\adaadb8095287398.dat)(N/A)
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
(system32\drivers\ALCXWDM.SYS)(Realtek Semiconductor Corp.)
[cehaciei / cehaciei][Running/Boot Start]
(\SystemRoot\System32\DRIVERS\cehaciei.sys)(Yahoo! China Corporation)
[CNRNDV / CNRNDV][Running/Boot Start]
(\SystemRoot\system32\drivers\CNRNDV.sys)(国风因特软件(北京)有限公司)
[dmboot / dmboot][Stopped/Disabled]
(System32\drivers\dmboot.sys)(VERITAS Software Corp.)
[Logical Disk Manager Driver / dmio][Running/Boot Start]
(\SystemRoot\System32\drivers\dmio.sys)(VERITAS Software Corp.)
[dmload / dmload][Running/Boot Start]
(\SystemRoot\System32\drivers\dmload.sys)(VERITAS Software Corp.)
[dohs / dohs][Stopped/Auto Start]
(\??\E:\Temp\tmp609.tmp)(N/A)
[EzSkinDriver / EzSkinDriver][Stopped/Manual Start]
(\??\C:\WINNT\system32\DRIVERS\WINFLASH.sys)(N/A)
[HBKernel Driver / HBKernel][Running/Boot Start]
(\SystemRoot\system32\DRIVERS\HBKernel.sys)()
[Hdv32 / Hdv32][Stopped/Manual Start]
(\??\C:\WINNT\system32\drivers\Hdv32_c.sys)(N/A)
[HookCont / HookCont][Running/System Start]
(\SystemRoot\system32\drivers\HookCont.sys)(Beijing Rising Information Technology Co., Ltd.)
[HookNtos / HookNtos][Running/System Start]
(\SystemRoot\system32\drivers\HookNtos.sys)(Beijing Rising Information Technology Co., Ltd.)
[HookReg / HookReg][Running/System Start]
(\SystemRoot\system32\drivers\HookReg.sys)(Beijing Rising Information Technology Co., Ltd.)
[HookSys / HookSys][Running/System Start]
(\SystemRoot\system32\drivers\HookSys.sys)(Beijing Rising Information Technology Co., Ltd.)
[HookUrl / HookUrl][Running/Auto Start]
(\??\C:\Program Files\Rising\Rfw\HookUrl.sys)(Beijing Rising Technology Co., Ltd.)
[ialm / ialm][Running/Manual Start]
(system32\DRIVERS\ialmnt5.sys)(Intel Corporation)
[kgdab / kgdab][Stopped/Manual Start]
(\??\E:\Temp\_tmp.bat)(N/A)
[lc49 / lc498][Running/Boot Start]
(\SystemRoot\System32\DRIVERS\lc498.sys)(N/A)
[mnsf / mnsf][Stopped/Auto Start]
(\??\E:\Temp\tmp619.tmp)(N/A)
[NetGroup Packet Filter Driver / NPF][Stopped/Manual Start]
(system32\drivers\npf.sys)(CACE Technologies)
[npkcrypt / npkcrypt][Stopped/Auto Start]
(\??\D:\burg\software\QQ\npkcrypt.sys)(N/A)
[pqnkg / pqnkg][Stopped/Manual Start]
(\??\E:\Temp\_tmp.bat)(N/A)
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
(system32\DRIVERS\ptilink.sys)(Parallel Technologies, Inc.)
[Rising Rfwbase Driver / RfwBase][Running/Auto Start]
(System32\DRIVERS\rfwbase.SYS)(Beijing Rising Technology Co., Ltd.)
[RsFwDrv / RsFwDrv][Running/System Start]
(\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys)(Beijing Rising Technology Co., Ltd.)
[RsNTGDI / RsNTGDI][Running/Boot Start]
(\SystemRoot\system32\Drivers\RsNTGdi.sys)(Beijing Rising Information Technology Co., Ltd.)
[Realtek RTL8139-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
(system32\DRIVERS\RTL8139.SYS)(Realtek Semiconductor Corporation)
[tqnkl / tqnkl][Stopped/Manual Start]
(\??\E:\Temp\_tmp.bat)(N/A)
[Wordcraft Parallel Driver / WILPAR][Running/Auto Start]
(\SystemRoot\System32\Drivers\WILPAR.SYS)(Wordcraft International Ltd.)
[WinDMI / WinDMI][Stopped/Manual Start]
(\??\C:\Program Files\AOpen\WinDMI\windmidrv.SYS)(N/A)
[zctp / zctp][Stopped/Auto Start]
(\??\E:\Temp\tmp629.tmp)(N/A)
[Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Running/System Start]
(system32\drivers\ialmsbw.sys)(Intel Corporation)
[Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Running/Manual Start]
(system32\drivers\ialmkchw.sys)(Intel Corporation)
[R2A / R2A][Stopped/Disabled]
(\??\C:\WINNT\system32a2.sys)(N/A)
Browser Add-ons
[ThunderAtOnce Class]
{01443AEC-0FD1-40fd-9C87-E93D1494C233} (D:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD)
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated)
[Yahoo!Photo]
{33BBE430-0E42-4f12-B075-8D21ACB10DCB} (C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll, Yahoo! China)
[AntiFish Class]
{38928D50-8A48-44C2-945F-D2F23F771410} (C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll, yahoo! china)
[DragSearch BHO]
{62EED7C6-9F02-42f9-B634-98E2899E147B} (C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, yahoo! china)
[]
{74381DEC-D78B-43E4-BA5D-5244F669EBE4} (C:\Program Files\Internet Explorer\PLUGINS\UnixSys08.Sys, N/A)
[]
{7C8D1401-A58D-A81C-CD24-A5915C4517C7} (C:\WINNT\system32\mnmhgsrv.dll, N/A)
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} (D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD)
[]
{8AD0F1B1-990D-4F52-A33D-2837E43CEF58} (C:\Program Files\Internet Explorer\PLUGINS\DosSys08.Sys, N/A)
[AcroIEToolbarHelper Class]
{AE7CD045-E861-484f-8273-0445EE161910} (C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated)
[SafeMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} (D:\Program Files\360safe\safemon\safemon.dll, 奇虎网)
[]
{D7B21266-AA85-44b8-B516-3B1A69827400} (C:\PROGRA~1\CNRN\RNEvent.dll, 国风因特软件(北京)有限公司)
[yFlashDl Class]
{F166BC04-3C84-44cc-A6E9-2315EC4844B9} (C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yflashdl.dll, Yahoo! China)
[assist]
{FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} (C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yassist.dll, Yahoo! China)
[启动迅雷5]
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} (D:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD)
[]
{110F6354-E9E3-4f8c-95DD-8487ED86C73D} (http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean, N/A)
[名品 折扣]
{30778C27-54C7-437e-946A-F04CBB8C460F} (http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=http://www.taobao.com/vertical/mall/pro.php?allyesPara=816, N/A)
[Yahoo 3.5G 电邮]
{4C4A96EA-D26D-4ab1-9D7C-BEA7D3312B6F} (http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail, N/A)
[]
{4D985980-695A-4b42-8B11-34D8D3385676} (http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair, N/A)
[雅虎助手]
{5D73EE86-05F1-49ed-B850-E423120EC338} (http://cn.zs.yahoo.com/start.htm?source=yzs_icon&btn=yassistnew, N/A)
[雅虎 WIDGET]
{6C32C266-E0C3-447c-B1A1-650640D550D0} (http://cn.widget.yahoo.com/index.htm?source=Cns, N/A)
[情景 聊天]
{7035F492-7EAE-4213-A159-7C4E1E216C12} (http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg, N/A)
[一起来音乐社区]
{7DBC6ADB-5788-4FB9-AEC3-B40A58AC11DF} (http://www.yiqilai.com, N/A)
[信息检索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} (C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation)
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} (, N/A)
[@msdxmLC.dll,-1@2052,电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} (C:\WINNT\system32\msdxm.ocx, Microsoft Corporation)
[Adobe PDF]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} (C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated)
[MSN 工具栏]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (C:\Program Files\MSN Toolbar\01.01.2607.0\zh-cn\msntb.dll, N/A)
[雅虎助手]
{406F94F0-504F-4A40-8DFD-58B0666ABEBD} (C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, yahoo! china)
[MMCPlayer Class]
{05C1004E-2596-48E5-8E26-39362985EEB9} (C:\WINNT\Downloaded Program Files\MMCShell.dll, Sohu.com Inc.)
[Auto Control]
{174DF291-FC74-4B8F-AFF9-A1617956ACDF} (C:\WINNT\Auto.ocx, www.autoinfo.gov.cn)
[EditCtrl Class]
{488A4255-3236-44B3-8F27-FA1AECAA8844} (C:\WINNT\system32\aliedit\aliedit.dll, )
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} (C:\WINNT\system32\wuweb.dll, Microsoft Corporation)
[PicUploadCtrl Class]
{BF8C499A-AC6E-4F58-82EA-9E5FCC41C34B} (C:\WINNT\Downloaded Program Files\PPUpload.dll, PP.Sohu.com Inc.)
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} (C:\WINNT\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.)
[Thunder Agent Class]
{485463B7-8FB2-4B3B-B29B-8B919B0EACCE} (D:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD)
[XMP Class]
{6483F145-A768-4C41-AACC-52D4D7845851} (C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, )
[XDRM]
{693571CB-54A3-4E90-9D52-EEAE1334E2D3} (C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, )
[MediaComm Class]
{7670648D-461B-42AF-BDFE-46D26AF5EFF2} (D:\Program Files\Thunder Network\Thunder\Components\InMedia\MediaAddin14.dll, Thunder Networking Technologies,LTD)
[360SafeLive]
{87515F61-A66C-4319-A0E0-D416CB8059E3} (D:\Program Files\360safe\live.dll, 360safe.com)
[RMGetLicense Class]
{A9FC132B-096D-460B-B7D5-1DB0FAE0C062} (C:\WINNT\system32\msnetobj.dll, Microsoft Corporation)
[Thunder DapCtrl]
{ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} (D:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DapCtrl1.2.11.14.851.dll, ShenZhen Thunder Networking Technologies Ltd.)
[]
{E24B9E23-58CF-4938-B383-49C6D744D728} (C:\PROGRA~1\CNRN\CNRN.dll, 国风因特软件(北京)有限公司)
[Thunder DapPlayer]
{EEDD6FF9-13DE-496B-9A1C-D78B3215E266} (D:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DapPlayer3.0.40.64.851.dll, ShenZhen Thunder Networking Technologies Ltd.)
[XPPlayer Class]
{F3E70CEA-956E-49CC-B444-73AFE593AD7F} (C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\pplayer.dll_1_work, Thunder)
[使用迅雷下载]
(D:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A)
[使用迅雷下载全部链接]
(D:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A)
[导出到 Microsoft Office Excel(&X)]
(res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A)
[添加到QQ表情]
(E:\Program Files\Tencent\QQ\AddEmotion.htm, N/A)
[添加到雅虎订阅(&Y)]
(res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrss.dll/YRSSMENUEXT, N/A)
[转换为 Adobe PDF]
(res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A)
[转换为现有 PDF]
(res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A)
[转换选定的链接为 Adobe PDF]
(res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html, N/A)
[转换选定的链接为现有 PDF]
(res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html, N/A)
[转换选项为 Adobe PDF]
(res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A)
[转换选项为现有 PDF]
(res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A)
[转换链接目标为 Adobe PDF]
(res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A)
[转换链接目标为现有 PDF]
(res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A)
[雅虎搜索]
(res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/203, N/A)
Running Processes
[PID: 160][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.00.2195.6601]
[PID: 192][\??\C:\WINNT\system32\csrss.exe] [Microsoft Corporation, 5.00.2195.6601]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 212][\??\C:\WINNT\system32\winlogon.exe] [Microsoft Corporation, 5.00.2195.6997]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\WINNT\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2195.6673]
[C:\WINNT\system32\msacm32.drv] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system32\WINWB.IME] [Microsoft, 4.00.950]
[PID: 240][C:\WINNT\system32\services.exe] [Microsoft Corporation, 5.00.2195.7035]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\WINNT\system32\dmserver.dll] [VERITAS Software Corp., 2195.6605.297.3]
[PID: 252][C:\WINNT\system32\lsass.exe] [Microsoft Corporation, 5.00.2195.7011]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 672][C:\PROGRAM FILES\RISING\RAV\RavStub.exe] [Beijing Rising Information Technology Co., Ltd., 20.0.0.10]
[C:\PROGRAM FILES\RISING\RAV\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 768][C:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.00.2134.1]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 800][C:\WINNT\system32\spoolsv.exe] [Microsoft Corporation, 5.00.2195.7059]
[C:\WINNT\system32\HBmhly.dll] [N/A, ]
[C:\WINNT\system32\WILPAR32.DLL] [N/A, ]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\WINNT\system32\AdobePDF.dll] [Adobe Systems Incorporated., 7.0.0.00]
[C:\WINNT\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Adobe\Acrobat 7.0\Distillr\AdistRes.CHS] [, ]
[C:\WINNT\system32\mdimon.dll] [Microsoft Corporation, 11.3.1897.0]
[C:\WINNT\system32\WILCOM32.DLL] [N/A, ]
[C:\WINNT\system32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.1897.0]
[PID: 836][C:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system32\unimdm.tsp] [Microsoft Corporation, 5.00.2195.6601]
[C:\WINNT\system32\kmddsp.tsp] [Microsoft Corporation, 5.00.2150.1]
[C:\WINNT\system32\ndptsp.tsp] [Microsoft Corporation, 5.00.2143.1]
[C:\WINNT\system32\ipconf.tsp] [Microsoft Corporation, 5.00.2143.1]
[C:\WINNT\system32\h323.tsp] [Microsoft Corporation, 5.00.2195.6901]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 864][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE] [Microsoft Corporation, 7.00.9466]
[C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\2052\mdmui.dll] [Microsoft Corporation, 7.00.9466]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MSDBG2.DLL] [Microsoft Corporation, 7.00.9466]
[PID: 936][C:\WINNT\system32\regsvc.exe] [Microsoft Corporation, 5.00.2195.6701]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 968][C:\WINNT\system32\MSTask.exe] [Microsoft Corporation, 4.71.2195.6972]
[C:\WINNT\system32\HBmhly.dll] [N/A, ]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 1032][C:\WINNT\System32\WBEM\WinMgmt.exe] [Microsoft Corporation, 1.50.1085.0100]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 1092][C:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.00.2134.1]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 1044][C:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.00.2134.1]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 1248][C:\WINNT\Explorer.EXE] [Microsoft Corporation, 5.00.3700.6690]
[C:\WINNT\AppPatch\AcLayers.DLL] [Microsoft Corporation, 5.00.2195.6717]
[C:\WINNT\system32\WINWB.IME] [Microsoft, 4.00.950]
[C:\PROGRA~1\CNRN\RNHelper.dll] [国风因特软件(北京)有限公司, 2.0.3.1020]
[C:\PROGRA~1\CNRN\CNRN.dll] [国风因特软件(北京)有限公司, 2.1.0.1048]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\WINNT\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2195.6673]
[C:\WINNT\system32\msacm32.drv] [Microsoft Corporation, 5.00.2134.1]
[C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\PDM.DLL] [Microsoft Corporation, 7.00.9466]
[C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\2052\mdmui.dll] [Microsoft Corporation, 7.00.9466]
[C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MSDBG2.DLL] [Microsoft Corporation, 7.00.9466]
[C:\WINNT\system32\msimtf.dll] [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
[C:\WINNT\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
[C:\WINNT\system32\HBmhly.dll] [N/A, ]
[C:\WINNT\system32\RavExt.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.18]
[C:\PROGRA~1\CNRN\RNEvent.dll] [国风因特软件(北京)有限公司, 2.0.3.1018]
[C:\PROGRA~1\CNRN\RNLive.dll] [国风因特软件(北京)有限公司, 2.0.3.1021]
[C:\PROGRA~1\CNRN\RNAxtF.dll] [国风因特软件(北京)有限公司, 2.0.1.1016]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 7.0.0.2004121400]
[C:\WINNT\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[D:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll] [, 1, 0, 0, 12]
[C:\WINNT\system32\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0]
[D:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 13]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
[C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.chs] [Adobe Systems Inc., 7.0.0.2004121400\0]
[PID: 1316][C:\PROGRA~1\CNRN\RNMain.exe] [国风因特软件(北京)有限公司, 2.0.3.1018]
[C:\PROGRA~1\CNRN\CNRN.dll] [国风因特软件(北京)有限公司, 2.1.0.1048]
[C:\PROGRA~1\CNRN\RNHelper.dll] [国风因特软件(北京)有限公司, 2.0.3.1020]
[C:\PROGRA~1\CNRN\RNList.dll] [国风因特软件(北京)有限公司, 2.0.6.1026]
[C:\WINNT\system32\WINWB.IME] [Microsoft, 4.00.950]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 1324][C:\PROGRA~1\CNRN\RNMain.exe] [国风因特软件(北京)有限公司, 2.0.3.1018]
[C:\PROGRA~1\CNRN\RNHelper.dll] [国风因特软件(北京)有限公司, 2.0.3.1020]
[C:\WINNT\system32\WINWB.IME] [Microsoft, 4.00.950]
[C:\PROGRA~1\CNRN\RNLive.dll] [国风因特软件(北京)有限公司, 2.0.3.1021]
[C:\PROGRA~1\CNRN\RNAxtF.dll] [国风因特软件(北京)有限公司, 2.0.1.1016]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\PROGRA~1\CNRN\CNRN.dll] [国风因特软件(北京)有限公司, 2.1.0.1048]
[C:\PROGRA~1\CNRN\RNNtfy.dll] [国风因特软件(北京)有限公司, 2.0.1.1016]
[PID: 1556][C:\Program Files\Rising\Rav\RavTask.exe] [Beijing Rising Information Technology Co., Ltd., 20.0.0.24]
[C:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[C:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Information Technology Co., Ltd., 20.0.0.1]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.19]
[C:\WINNT\system32\WINWB.IME] [Microsoft, 4.00.950]
[PID: 1584][C:\WINNT\SOUNDMAN.EXE] [Realtek Semiconductor Corp., 5.0.12]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\PROGRA~1\CNRN\CNRN.dll] [国风因特软件(北京)有限公司, 2.1.0.1048]
[C:\PROGRA~1\CNRN\RNHelper.dll] [国风因特软件(北京)有限公司, 2.0.3.1020]
[C:\WINNT\system32\WINWB.IME] [Microsoft, 4.00.950]
[C:\WINNT\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2195.6673]
[C:\WINNT\system32\msacm32.drv] [Microsoft Corporation, 5.00.2134.1]
[PID: 1284][C:\WINNT\system32\Rundll32.exe] [Microsoft Corporation, 5.00.2134.1]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\WINNT\system32\HBmhly.dll] [N/A, ]
[C:\PROGRA~1\CNRN\CNRN.dll] [国风因特软件(北京)有限公司, 2.1.0.1048]
[C:\PROGRA~1\CNRN\RNHelper.dll] [国风因特软件(北京)有限公司, 2.0.3.1020]
[C:\WINNT\system32\WINWB.IME] [Microsoft, 4.00.950]
[PID: 1768][C:\Program Files\MSN Messenger\MsnMsgr.Exe] [Microsoft Corporation, 7.0.0820]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\PROGRA~1\CNRN\CNRN.dll] [国风因特软件(北京)有限公司, 2.1.0.1048]
[C:\PROGRA~1\CNRN\RNHelper.dll] [国风因特软件(北京)有限公司, 2.0.3.1020]
[C:\Program Files\MSN Messenger\MSGSLANG.DLL] [Microsoft Corporation, 7.0.0820]
[C:\Program Files\MSN Messenger\custsat.dll] [Microsoft Corporation, 8.50.0015.0500]
[C:\WINNT\system32\WINWB.IME] [Microsoft, 4.00.950]
[C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\PDM.DLL] [Microsoft Corporation, 7.00.9466]
[C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\2052\mdmui.dll] [Microsoft Corporation, 7.00.9466]
[C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MSDBG2.DLL] [Microsoft Corporation, 7.00.9466]
[C:\WINNT\system32\HBmhly.dll] [N/A, ]
[C:\WINNT\system32\devenum.dll] [, ]
[C:\WINNT\system32\msdmo.dll] [, ]
[C:\WINNT\system32\dpnhupnp.dll] [Microsoft Corporation, 5.1.2600.881 built by: Lab06_N(mmbuild) ]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5]
[C:\WINNT\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2195.6673]
[C:\WINNT\system32\msacm32.drv] [Microsoft Corporation, 5.00.2134.1]
[PID: 1760][C:\WINNT\system32\internat.exe] [Microsoft Corporation, 5.00.2920.0000]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\PROGRA~1\CNRN\CNRN.dll] [国风因特软件(北京)有限公司, 2.1.0.1048]
[C:\PROGRA~1\CNRN\RNHelper.dll] [国风因特软件(北京)有限公司, 2.0.3.1020]
[C:\WINNT\system32\WINWB.IME] [Microsoft, 4.00.950]
[PID: 1152][D:\Liyan\private\document\SREngLdr.EXE] [Smallfrogs Studio, 2.6.11.992]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 2296][D:\Liyan\private\document\SRE89842aa3.EXE] [Smallfrogs Studio, 2.6.11.992]
[C:\WINNT\system32\HBmhly.dll] [N/A, ]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\PROGRA~1\CNRN\CNRN.dll] [国风因特软件(北京)有限公司, 2.1.0.1048]
[C:\PROGRA~1\CNRN\RNHelper.dll] [国风因特软件(北京)有限公司, 2.0.3.1020]
[C:\WINNT\system32\WINWB.IME] [Microsoft, 4.00.950]
[D:\Liyan\private\document\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
[C:\WINNT\system32\MSISIP.DLL] [Microsoft Corporation, 3.1.4000.1823]
[C:\WINNT\system32\wshCHS.DLL] [Microsoft Corporation, 5.6.0.6626]
[C:\PROGRA~1\MICROS~2\OFFICE11\MCPS.DLL] [Microsoft Corporation, 11.0.5510]
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. ["hh.exe" %1]
.HLP Error. [winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
Winsock Provider
N/A
Autorun.Inf
N/A
HOSTS File
127.0.0.1 localhost
Process Privileges Scan
Special Privileges Enabled: SeDebugPrivilege [PID = 1316, C:\PROGRA~1\CNRN\RNMAIN.EXE]
Special Privileges Enabled: SeDebugPrivilege [PID = 1324, C:\PROGRA~1\CNRN\RNMAIN.EXE]
Special Privileges Enabled: SeDebugPrivilege [PID = 1768, C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1768, C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE]
Special Privileges Enabled: SeDebugPrivilege [PID = 1152, D:\LIYAN\PRIVATE\DOCUMENT\SRENGLDR.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1152, D:\LIYAN\PRIVATE\DOCUMENT\SRENGLDR.EXE]
API HOOK
Entrypoint Error: CreateProcessA (Dangerous Level: High, Hooked by Module: 0x01273845)
Entrypoint Error: CreateProcessW (Dangerous Level: High, Hooked by Module: 0x0127392D)
Hidden Process
N/A