[CODE] 2008-08-10,21:52:04 System Repair Engineer 2.6.12.1018 Smallfrogs (http://www.KZTechs.com) Windows 2000 Professional Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能以下内容被选中：所有的启动项目（包括注册表、启动文件夹、服务等）浏览器加载项正在运行的进程（包括进程模块信息）文件关联 Winsock 提供者 Autorun.inf HOSTS 文件进程特权扫描启动项目注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] [(Verified)Microsoft Windows 2000 Publisher] [File is missing] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] [(Verified)Microsoft Windows 2000 Publisher] <; nwiz.exe /install> [NVIDIA Corporation] [(Verified)Microsoft Windows Hardware Compatibility Publisher] [Ahead Software Gmbh] [Gemplus] [] [] [CIDC] <"C:\Program Files\Rising\Rav\RavTask.exe" -system> [(Verified)Beijing Rising Information Technology Corporation Limited] <"C:\Program Files\Rising\AntiSpyware\rstray.exe" /startup> [(Verified)Beijing Rising Information Technology Corporation Limited] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] <"C:\Program Files\Super Rabbit\MagicSet\srck.exe" /autokill:336> [Super Rabbit Soft] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows 2000 Publisher] [(Verified)Microsoft Windows 2000 Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] [(Verified)Beijing Rising Information Technology Corporation Limited] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] <> [N/A] <> [N/A] <> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ImpsSensor] [China Mobile] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] <"%SystemRoot%\system32\shmgrate.exe" OCInstallUserConfigIE> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] <"%SystemRoot%\system32\shmgrate.exe" OCInstallUserConfigOE> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] [(Verified)Microsoft Windows 2000 Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]

<"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] <%SystemRoot%\system32\updcrl.exe -e -u %SystemRoot%\system32\verisignpub1.crl> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgar.exe] [N/A] [HKEY_CURRENT_USER\Control Panel\Desktop] [(Verified)Microsoft Windows 2000 Publisher] ================================== 启动文件夹 [Adobe Gamma Loader] C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.]> [QQ游戏启动加速程序] C:\PROGRA~1\Tencent\QQGame\Accel.exe [深圳市腾讯计算机系统有限公司]> ================================== 服务 [Autodesk Licensing Service / Autodesk Licensing Service][Stopped/Manual Start] <"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"> [Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start] [NVIDIA Display Driver Service / NVSvc][Running/Auto Start] [Pml Driver HPZ12 / Pml Driver HPZ12][Stopped/Manual Start] [Transaction Provisioni Service / Provisionin][Stopped/Auto Start] <(File is missing)> [Windows pvsc RunThem / pvsc][Others/Auto Start] C:\PROGRA~1\kqnx\uaxh.dll> [Rising Proxy Service / RfwProxySrv][Running/Auto Start] [Rising Personal Firewall Service / RfwService][Running/Auto Start] [Rising Process Communication Center / RsCCenter][Running/Auto Start] <"C:\Program Files\Rising\Rav\CCenter.exe"> [Rising RealTime Monitor / RsRavMon][Stopped/Auto Start] <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"> [SyGateService / SaService][Running/Auto Start] [SoundMAX Agent Service / SoundMAX Agent Service (default)][Running/Auto Start] [Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start] C:\WINNT\system32\mspmsnsv.dll> ================================== 驱动程序 [aeaudio / aeaudio][Running/Manual Start] [Rising TDI Base Driver / BaseTDI][Running/Auto Start] [Beep / Beep][Stopped/] <2 - 系统找不到指定的文件。 > [dmboot / dmboot][Stopped/Disabled] [Logical Disk Manager Driver / dmio][Running/Boot Start] <\SystemRoot\System32\drivers\dmio.sys> [dmload / dmload][Running/Boot Start] <\SystemRoot\System32\drivers\dmload.sys> [EagleNT / EagleNT][Stopped/Manual Start] <\??\C:\WINNT\system32\drivers\EagleNT.sys> [GKeyUSB / GKeyUSB][Stopped/Manual Start] [Hev32 / Hev32][Stopped/Manual Start] <\??\C:\WINNT\system32\drivers\Hev32_c.sys> [HOOKAPI / HOOKAPI][Stopped/Manual Start] <\??\C:\PROGRAM FILES\RISING\RAV\HOOKAPI.SYS> [HookCont / HookCont][Running/System Start] <\SystemRoot\system32\drivers\HookCont.sys> [HookNtos / HookNtos][Running/System Start] <\SystemRoot\system32\drivers\HookNtos.sys> [HookReg / HookReg][Running/System Start] <\SystemRoot\system32\drivers\HookReg.sys> [HookSys / HookSys][Running/System Start] <\SystemRoot\system32\drivers\HookSys.sys> [HookUrl / HookUrl][Running/Auto Start] <\??\C:\Program Files\Rising\Rfw\HookUrl.sys> [IEEE-1284.4 Driver HPZid412 / HPZid412][Stopped/Manual Start] [Print Class Driver for IEEE-1284.4 HPZipr12 / HPZipr12][Stopped/Manual Start] [USB to IEEE-1284.4 Translation Driver HPZius12 / HPZius12][Stopped/Manual Start] [IdeBusDr / IdeBusDr][Running/Boot Start] <\SystemRoot\system32\DRIVERS\IdeBusDr.sys> [Intel(R) Ultra ATA Controller / IdeChnDr][Running/Boot Start] <\SystemRoot\system32\DRIVERS\IdeChnDr.sys> [Microsoft IntelliPoint Features driver / IPFilter][Stopped/Manual Start] [JiaoCap, WDM Video Capture for VCDCut / JiaoCap][Stopped/Auto Start] [kmsinput / kmsinput][Stopped/Manual Start] <\??\C:\WINNT\system32\drivers\kmsinput.sys> [msiffei / msiffei][Stopped/] <2 - 系统找不到指定的文件。 > [Netgroup Packet Filter / NPF][Stopped/Manual Start] [npkcrypt / npkcrypt][Running/Auto Start] <\??\C:\Program Files\Tencent\QQ\npkcrypt.sys> [nv / nv][Running/Manual Start] [pcxbyqp / pcxbyqp][Stopped/Manual Start] <\??\C:\WINNT\system32\drivers\pcxbyqp.sys> [pmnge / pmnge][Stopped/Manual Start] <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_tmp.bat> [Direct Parallel Link Driver / Ptilink][Running/Manual Start] [PxHelp20 / PxHelp20][Running/Boot Start] <\SystemRoot\System32\Drivers\PxHelp20.sys> [qnkhe / qnkhe][Stopped/Manual Start] <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\_tmp.bat> [Rising Rfwbase Driver / RfwBase][Running/Auto Start] [WAN 微型端口 (PPP over Ethernet 协议) / RMSPPPOE][Running/Manual Start] [RsFwDrv / RsFwDrv][Running/System Start] <\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys> [RsNTGDI / RsNTGDI][Running/Boot Start] <\SystemRoot\system32\Drivers\RsNTGdi.sys> [Realtek RTL8139-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start] [smwdm / smwdm][Running/Manual Start] [TesSafe / TesSafe][Stopped/Manual Start] <\??\C:\WINNT\system32\TesSafe.sys> [SyGate for NT, WG1N / WG1N][Running/Auto Start] <\SystemRoot\SYSTEM32\Drivers\WG1N.sys> [SyGate for NT, WG2N / WG2N][Running/Auto Start] <\SystemRoot\SYSTEM32\Drivers\WG2N.sys> [SyGate for NT, wg4n / wg4n][Running/Auto Start] <\SystemRoot\SYSTEM32\Drivers\wg4n.sys> [SyGate for NT, wg5n / wg5n][Running/Auto Start] <\SystemRoot\SYSTEM32\Drivers\wg5n.sys> [SyGate for NT, wg6n / wg6n][Running/Auto Start] <\SystemRoot\SYSTEM32\Drivers\wg6n.sys> [SyGate for NT, Wsdrv / Wsdrv][Running/Boot Start] <\SystemRoot\\SystemRoot\SYSTEM32\Drivers\Wsdrv.sys> [USB PC Camera 301P / ZSMC301b][Stopped/Manual Start] ================================== 浏览器加载项 [QQCycloneHelper Class] {00000000-12C9-4305-82F9-43058F20E8D2} [超级兔子上网精灵] {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} [浩方对战平台] {0A155D3C-68E2-4215-A47A-E800A446447A} [新浪UC] {2253922F-1B26-4C74-8B57-E3AEE748DBB8} [@shdoclc.dll,-866] {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, > [QQIEFloatBarCfgCmd Class] {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} [@msdxmLC.dll,-1@2052,电台(&R)] {8E718888-423F-11D2-876E-00A0C9082467} [金山快译(&K)] {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} [] {E0E899AB-F487-11D5-8D29-0050BA6940E3} <, > [淘宝工具条] {78B2F60E-AFA5-4d3d-A49E-2BFF013D9D23} [超级兔子上网精灵] {43869BB3-22FD-4F15-9B46-238106BA2F4E} [] {00000055-9980-0010-8000-00AA00389B71} <, > [InfoSecNetSign Class] {5CB840B5-A94E-4AD9-B785-4866E3B04476} [] {6AE02E1C-8859-4F57-9097-5A55A56A4CAF} <, > [QCommon Control] {772EF14E-57B5-4AB3-B5AB-379858193588} [ICBCOCX Public Key Check] {7AEA10C5-B38F-4D72-A8F0-ED2D43D2A59E} [Submit Class] {A3CD7F74-93C9-4BC4-B892-CCDF1514F714} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [] {03507A1A-E0C5-4404-AA26-205385C0892D} <, > [] {2EEDA47E-8D5C-4d7e-B4B6-E16E19218555} <, > [XMP Class] {6483F145-A768-4C41-AACC-52D4D7845851} [XDRM] {693571CB-54A3-4E90-9D52-EEAE1334E2D3} [WangWangObj Class] {6E213FC7-DD5A-4115-B7E6-D4C7838C361E} [RMGetLicense Class] {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} [] {B7BBD0D6-5E3A-4BC3-935E-B5AD0B1D1380} <, > [] {EF1EA76E-5428-4e40-85A1-D4DD2893183A} <, > [XPPlayer Class] {F3E70CEA-956E-49CC-B444-73AFE593AD7F} [] {F90D830D-C175-4bbe-82C7-FF94669A4C42} <, > [] {FB5DA724-162B-11D3-8B9B-AA70B4B0B524} <, > [&使用超级旋风下载] [&使用超级旋风下载全部链接] [添加到QQ表情] ================================== 正在运行的进程 [PID: 172][\??\C:\WINNT\system32\csrss.exe] [Microsoft Corporation, 5.00.2195.6601] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.19] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [PID: 192][\??\C:\WINNT\system32\winlogon.exe] [Microsoft Corporation, 5.00.2195.6970] [C:\WINNT\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.19] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [C:\WINNT\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2195.6673] [C:\WINNT\system32\msacm32.drv] [Microsoft Corporation, 5.00.2134.1] [PID: 220][C:\WINNT\system32\services.exe] [Microsoft Corporation, 5.00.2195.6700] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.19] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [C:\WINNT\system32\dmserver.dll] [VERITAS Software Corp., 2195.6605.297.3] [PID: 232][C:\WINNT\system32\lsass.exe] [Microsoft Corporation, 5.00.2195.6902] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.19] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [PID: 372][C:\WINNT\System32\SCardSvr.exe] [Microsoft Corporation, 5.00.2195.6609] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.19] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [PID: 744][C:\PROGRAM FILES\RISING\RAV\RavStub.exe] [Beijing Rising Information Technology Co., Ltd., 20.0.0.10] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.19] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [C:\PROGRAM FILES\RISING\RAV\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17] [PID: 812][C:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.00.2134.1] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.19] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [PID: 880][C:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.00.2134.1] [C:\WINNT\system32\unimdm.tsp] [Microsoft Corporation, 5.00.2195.6601] [C:\WINNT\system32\kmddsp.tsp] [Microsoft Corporation, 5.00.2150.1] [C:\WINNT\system32\ndptsp.tsp] [Microsoft Corporation, 5.00.2143.1] [C:\WINNT\system32\ipconf.tsp] [Microsoft Corporation, 5.00.2143.1] [C:\WINNT\system32\h323.tsp] [Microsoft Corporation, 5.00.2195.6901] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.19] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [PID: 908][C:\WINNT\system32\nvsvc32.exe] [NVIDIA Corporation, 6.14.10.5672] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.19] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [PID: 948][C:\WINNT\System32\svchost.exe] [Microsoft Corporation, 5.00.2134.1] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.19] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [PID: 996][C:\WINNT\system32\MSTask.exe] [Microsoft Corporation, 4.71.2195.6920] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.19] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [PID: 1104][C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe] [Analog Devices, Inc., 3, 2, 6, 0] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.19] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [PID: 1148][C:\WINNT\system32\stisvc.exe] [Microsoft Corporation, 5.00.2195.6656] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.19] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [PID: 1180][C:\WINNT\System32\WBEM\WinMgmt.exe] [Microsoft Corporation, 1.50.1085.0100] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.19] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [PID: 1308][C:\Program Files\SyGate\SHN\sgserv.exe] [Sygate technologies Inc., 4.0.0.1] [C:\Program Files\SyGate\SHN\salic.dll] [N/A, ] [C:\Program Files\SyGate\SHN\sasrv.dll] [N/A, ] [C:\Program Files\SyGate\SHN\Netport.dll] [N/A, ] [C:\Program Files\SyGate\SHN\wsman.dll] [SyberGen Networks, Inc., 2, 3, 3114, 0] [C:\Program Files\SyGate\SHN\wgman.dll] [SyberGen Networks, Inc., 1.01.1221] [C:\Program Files\SyGate\SHN\natsrv.dll] [N/A, ] [C:\Program Files\SyGate\SHN\DhcpSrv.dll] [N/A, ] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.19] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [PID: 1380][C:\WINNT\Explorer.EXE] [Microsoft Corporation, 5.00.3700.6690] [C:\WINNT\AppPatch\AcLayers.DLL] [Microsoft Corporation, 5.00.2195.6717] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.19] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [C:\WINNT\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3] [C:\WINNT\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2195.6673] [C:\WINNT\system32\msacm32.drv] [Microsoft Corporation, 5.00.2134.1] [C:\WINNT\system32\msxml3.dll] [Microsoft Corporation, 8.70.1113.0] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17] [C:\WINNT\system32\nvshell.dll] [NVIDIA Corporation, 6.14.10.5672] [C:\WINNT\system32\NVWRSZHC.DLL] [NVIDIA Corporation, 6.14.10.5672] [C:\Program Files\WinRAR\rarext.dll] [N/A, ] [C:\WINNT\system32\RavExt.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.18] [PID: 1648][C:\Program Files\95599 Certificate Tools\CIDC\RegCertTool.exe] [CIDC, 1, 0, 0, 10] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.19] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [PID: 1636][C:\Program Files\Rising\Rav\RavTask.exe] [Beijing Rising Information Technology Co., Ltd., 20.0.0.24] [C:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [C:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17] [C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Information Technology Co., Ltd., 20.0.0.1] [C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.19] [PID: 1588][C:\Program Files\Rising\AntiSpyware\rstray.exe] [Beijing Rising Information Technology Co., Ltd., 21.0.0.15] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.19] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [C:\Program Files\Rising\AntiSpyware\rsmginfo.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 8] [C:\Program Files\Rising\AntiSpyware\RsXML.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2] [C:\Program Files\Rising\AntiSpyware\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Rising\AntiSpyware\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Rising\AntiSpyware\ComServ.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.31] [C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [C:\Program Files\Rising\AntiSpyware\rscommon.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.1.1] [C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.24] [C:\Program Files\Rising\AntiSpyware\pngdll.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5] [C:\Program Files\Rising\AntiSpyware\runiep.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.32] [C:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [C:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [PID: 1656][C:\WINNT\system32\internat.exe] [Microsoft Corporation, 5.00.2920.0000] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.19] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [PID: 1676][C:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.00.2134.1] [PID: 1780][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2800.1106] [C:\WINNT\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 21] [C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.24] [C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.19] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll] [Xiang Feng Technology, 3, 5, 0, 1660] [C:\Program Files\Super Rabbit\MagicSet\gdiplus.dll] [Microsoft Corporation, 5.1.3097.0 (xpclient.010817-1148)] [C:\WINNT\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3] [C:\WINNT\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2195.6673] [C:\WINNT\system32\msxml3.dll] [Microsoft Corporation, 8.70.1113.0] [C:\WINNT\system32\PINTLGNT.IME] [Microsoft Corporation, 4.2.32] [C:\WINNT\system32\winpy.ime] [Microsoft Corporation, 5.00.2195.6601] [C:\WINNT\system32\winzm.ime] [Microsoft Corporation, 5.00.2195.6601] [C:\WINNT\system32\winabc.ime] [Microsoft Corporation, 5.00.2195.6601] [C:\WINNT\system32\msdmo.dll] [, ] [F:\肖娜\房地产\BitSpirit\Codec\FLVSplitter.ax] [Gabest, 1, 0, 0, 1] [C:\Program Files\BitSpirit\Codec\RealMediaSplitter.ax] [Gabest, 1, 0, 1, 1] [C:\WINNT\system32\msacm32.drv] [Microsoft Corporation, 5.00.2134.1] [PID: 864][C:\Program Files\Rising\AntiSpyware\knownsvr.exe] [Beijing Rising Information Technology Co., Ltd., 6.0.0.11] [C:\Program Files\Rising\AntiSpyware\NComm.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.6] [C:\WINNT\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 21] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.19] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.24] [C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [PID: 2332][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2800.1106] [C:\WINNT\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 21] [C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.24] [C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll] [Xiang Feng Technology, 3, 5, 0, 1660] [C:\Program Files\Super Rabbit\MagicSet\gdiplus.dll] [Microsoft Corporation, 5.1.3097.0 (xpclient.010817-1148)] [C:\WINNT\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3] [C:\Program Files\Tencent\QQDownload\QQIEHelper02.dll] [腾讯公司, 1, 1, 0, 5] [C:\WINNT\system32\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0] [C:\WINNT\system32\Macromed\Flash\Flash9f.ocx] [Adobe Systems, Inc., 9,0,124,0] [C:\WINNT\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2195.6673] [C:\WINNT\system32\msacm32.drv] [Microsoft Corporation, 5.00.2134.1] [C:\WINNT\system32\msxml3.dll] [Microsoft Corporation, 8.70.1113.0] [PID: 1976][C:\Documents and Settings\Administrator\桌面\sreng2\SREngLdr.EXE] [Smallfrogs Studio, 2.6.12.1018] [C:\WINNT\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 21] [PID: 1580][C:\Documents and Settings\Administrator\桌面\sreng2\SRE7ecaa4f3.EXE] [Smallfrogs Studio, 2.6.12.1018] [C:\WINNT\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 21] [C:\WINNT\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3] [C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.24] [C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [C:\Documents and Settings\Administrator\桌面\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15] [C:\WINNT\system32\MSISIP.DLL] [Microsoft Corporation, 2.0.2600.1183] [C:\WINNT\system32\wshCHS.DLL] [Microsoft Corporation, 5.6.0.6626] ================================== 文件关联 .TXT Error. [C:\WINNT\notepad.exe %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM Error. ["hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI Error. [C:\WINNT\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 N/A ================================== Autorun.inf N/A ================================== HOSTS 文件 N/A ================================== 进程特权扫描特殊特权被允许： SeLoadDriverPrivilege [PID = 1104, C:\PROGRAM FILES\ANALOG DEVICES\SOUNDMAX\SMAGENT.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 1308, C:\PROGRAM FILES\SYGATE\SHN\SGSERV.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 1648, C:\PROGRAM FILES\95599 CERTIFICATE TOOLS\CIDC\REGCERTTOOL.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 1648, C:\PROGRAM FILES\95599 CERTIFICATE TOOLS\CIDC\REGCERTTOOL.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 1976, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\SRENG2\SRENGLDR.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 1976, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\SRENG2\SRENGLDR.EXE] ================================== API HOOK 入口点错误：NtCreateFile (危险等级: 高, 被下面模块所HOOK: 0x00C655F5) 入口点错误：NtCreateKey (危险等级: 高, 被下面模块所HOOK: 0x00C65795) 入口点错误：NtLoadDriver (危险等级: 高, 被下面模块所HOOK: 0x00C65EE5) 入口点错误：NtSetValueKey (危险等级: 高, 被下面模块所HOOK: 0x00C65865) 入口点错误：NtWriteFile (危险等级: 高, 被下面模块所HOOK: 0x00C656C5) 入口点错误：ZwCreateFile (危险等级: 高, 被下面模块所HOOK: 0x00C655F5) 入口点错误：ZwCreateKey (危险等级: 高, 被下面模块所HOOK: 0x00C65795) 入口点错误：ZwSetValueKey (危险等级: 高, 被下面模块所HOOK: 0x00C65865) 入口点错误：ZwWriteFile (危险等级: 高, 被下面模块所HOOK: 0x00C656C5) 入口点错误：CreateServiceA (危险等级: 高, 被下面模块所HOOK: 0x00C65BA5) 入口点错误：CreateServiceW (危险等级: 高, 被下面模块所HOOK: 0x00C65C75) 入口点错误：LoadLibraryA (危险等级: 高, 被下面模块所HOOK: 0x00C668D5) 入口点错误：CreateFileA (危险等级: 高, 被下面模块所HOOK: 0x00C667D5) 入口点错误：CreateFileW (危险等级: 高, 被下面模块所HOOK: 0x00C663C5) 入口点错误：CreateProcessA (危险等级: 高, 被下面模块所HOOK: 0x00C65935) 入口点错误：CreateProcessW (危险等级: 高, 被下面模块所HOOK: 0x00C65A05) ================================== 隐藏进程 N/A ================================== [/CODE]