2008-08-12,20:11:51 System Repair Engineer 2.6.12.1018 Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能 以下内容被选中: 所有的启动项目(包括注册表、启动文件夹、服务等) 浏览器加载项 正在运行的进程(包括进程模块信息) 文件关联 Winsock 提供者 Autorun.inf HOSTS 文件 进程特权扫描 启动项目 注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] (ctfmon.exe)(C:\WINDOWS\system32\ctfmon.exe) [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] (360Safetray)(D:\Program Files\360safe\safemon\360Tray.exe /start) [(Verified)Qizhi Software (beijing) Co. Ltd] (RfwMain)("d:\Program Files\Rising\Rfw\rfwmain.exe" -Startup) [(Verified)Beijing Rising Information Technology Corporation Limited] (RavTask)("d:\Program Files\Rising\Rav\RavTask.exe" -system) [(Verified)Beijing Rising Information Technology Corporation Limited] (NvCplDaemon)(RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup) [NVIDIA Corporation] (TkBellExe)("C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot) [RealNetworks, Inc.] (runeip)("d:\Program Files\Rising\AntiSpyware\rstray.exe" /startup) [(Verified)Beijing Rising Information Technology Corporation Limited] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] (KKDelay)(D:\Program Files\Rising\AntiSpyware\RunOnce.exe) [(Verified)Beijing Rising Information Technology Corporation Limited] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] (shell)(Explorer.exe) [(Verified)Microsoft Windows Publisher] (Userinit)(C:\WINDOWS\system32\userinit.exe,) [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] (AppInit_DLLs)(kmon.dll) [(Verified)Beijing Rising Information Technology Corporation Limited] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] (UIHost)(logonui.exe) [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] ({32CD708B-60A7-4C00-9377-D73EAA495F0F})(C:\WINDOWS\system32\RavExt.dll) [(Verified)Beijing Rising Information Technology Corporation Limited] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\){26923b43-4d38-484f-9b9e-de460746276c}] (Internet Explorer)(%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE) [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\){881dd1c5-3dcf-431b-b061-f3f88e8be88a}] (Outlook Express)(%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE) [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] (Themes Setup)(%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll) [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] (Microsoft Outlook Express 6)("%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install) [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] (NetMeeting 3.01)(rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT) [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] (Microsoft Windows Media Player)(rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub) [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] (通讯簿 6)("%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install) [File is missing] -------------------------------------------------------------------------------- 启动文件夹 N/A -------------------------------------------------------------------------------- 服务 [ASP.NET State Service / aspnet_state][Stopped/Disabled] (C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe)((File is missing)) [Contrl Center of Storm Media / ccosm][Stopped/Disabled] (D:\Program Files\bofagnqi\StormII\stormliv.exe /asservice)(北京暴风网际科技有限公司) [Human Interface Device Access / HidServ][Stopped/Disabled] (C:\WINDOWS\System32\svchost.exe -k netsvcs--)%SystemRoot%\System32\hidserv.dll)(N/A) [NVIDIA Display Driver Service / NVSvc][Running/Auto Start] (C:\WINDOWS\system32\nvsvc32.exe)(NVIDIA Corporation) [Qvod Terminal / Qvod Terminal][Stopped/Disabled] (d:\Program Files\bofangqi\QvodPlayer\QvodTerminal.exe)(Shenzhen QVOD Technology Co.,Ltd) [Rising Proxy Service / RfwProxySrv][Running/Auto Start] (d:\program files\rising\rfw\rfwproxy.exe)(Beijing Rising Information Technology Co., Ltd.) [Rising Personal Firewall Service / RfwService][Running/Auto Start] (d:\program files\rising\rfw\rfwsrv.exe)(Beijing Rising Information Technology Co., Ltd.) [Rising Process Communication Center / RsCCenter][Running/Auto Start] ("d:\Program Files\Rising\Rav\CCenter.exe")(Beijing Rising Information Technology Co., Ltd.) [Rising RealTime Monitor / RsRavMon][Stopped/Auto Start] ("D:\PROGRAM FILES\RISING\RAV\Ravmond.exe")(Beijing Rising Information Technology Co., Ltd.) [User Profile Hive Cleanup / UPHClean][Running/Auto Start] (C:\Program Files\UPHClean\uphclean.exe)(Microsoft Corporation) -------------------------------------------------------------------------------- 驱动程序 [360AntiArp / 360AntiArp][Running/System Start] (\??\C:\WINDOWS\system32\drivers\360AntiArp.sys)(360安全中心) [Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start] (system32\drivers\ac97intc.sys)(Intel Corporation) [AMD Processor Driver / AmdK8][Running/System Start] (system32\DRIVERS\AmdK8.sys)(Advanced Micro Devices) [Creative SBLive! Gameport / ctljystk][Stopped/Manual Start] (system32\DRIVERS\ctljystk.sys)(Creative Technology Ltd.) [ebahjhaf / ebahjhaf][Stopped/Boot Start] (\SystemRoot\system32\drivers\ebahjhaf.sys)(N/A) [feahaeha / feahaeha][Stopped/Boot Start] (\SystemRoot\system32\drivers\feahaeha.sys)(N/A) [GMSIPCI / GMSIPCI][Stopped/Manual Start] (\??\F:\INSTALL\GMSIPCI.SYS)(N/A) [Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start] (system32\DRIVERS\HDAudBus.sys)(Windows (R) Server 2003 DDK provider) [HookCont / HookCont][Running/System Start] (\SystemRoot\system32\drivers\HookCont.sys)(Beijing Rising Information Technology Co., Ltd.) [HookNtos / HookNtos][Running/System Start] (\SystemRoot\system32\drivers\HookNtos.sys)(Beijing Rising Information Technology Co., Ltd.) [HookReg / HookReg][Running/System Start] (\SystemRoot\system32\drivers\HookReg.sys)(Beijing Rising Information Technology Co., Ltd.) [HookSys / HookSys][Running/System Start] (\SystemRoot\system32\drivers\HookSys.sys)(Beijing Rising Information Technology Co., Ltd.) [HookUrl / HookUrl][Running/Auto Start] (\??\d:\Program Files\Rising\Rfw\HookUrl.sys)(Beijing Rising Information Technology Co., Ltd.) [Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start] (system32\drivers\RtkHDAud.sys)(Realtek Semiconductor Corp.) [Motorola USB CDC ACM Driver / motmodem][Stopped/Manual Start] (system32\DRIVERS\motmodem.sys)(Motorola) [npkcrypt / npkcrypt][Stopped/Auto Start] (\??\D:\Program Files\Tencent\QQ\npkcrypt.sys)(N/A) [nv / nv][Running/Manual Start] (system32\DRIVERS\nv4_mini.sys)(NVIDIA Corporation) [nvata / nvata][Running/Boot Start] (\SystemRoot\system32\DRIVERS\nvata.sys)(NVIDIA Corporation) [NVIDIA nForce Networking Controller Driver / NVENETFD][Running/Manual Start] (system32\DRIVERS\NVENETFD.sys)(NVIDIA Corporation) [NVIDIA Network Bus Enumerator / nvnetbus][Running/Manual Start] (system32\DRIVERS\nvnetbus.sys)(NVIDIA Corporation) [PCANDIS5 NDIS Protocol Driver / PCANDIS5][Running/Manual Start] (\??\C:\WINDOWS\system32\PCANDIS5.SYS)(Printing Communications Assoc., Inc. (PCAUSA)) [Direct Parallel Link Driver / Ptilink][Running/Manual Start] (system32\DRIVERS\ptilink.sys)(Parallel Technologies, Inc.) [Coolpad Mobile Phone Interface (PID 3197) / qcusbmdm][Stopped/Manual Start] (system32\DRIVERS\qcusbmdm.sys)(QUALCOMM Incorporated) [Coolpad Diagnostic Port 3197 / qcusbser][Stopped/Manual Start] (system32\DRIVERS\qcusbser.sys)(QUALCOMM Incorporated) [Rising Rfwbase Driver / RfwBase][Running/Auto Start] (System32\DRIVERS\rfwbase.SYS)(Beijing Rising Information Technology Co., Ltd.) [RsFwDrv / RsFwDrv][Running/System Start] (\??\d:\Program Files\Rising\Rfw\RsFwDrv.sys)(Beijing Rising Information Technology Co., Ltd.) [RsNTGDI / RsNTGDI][Running/Boot Start] (\SystemRoot\system32\Drivers\RsNTGdi.sys)(Beijing Rising Information Technology Co., Ltd.) [Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start] (system32\DRIVERS\RTL8139.SYS)(Realtek Semiconductor Corporation) [Secdrv / Secdrv][Stopped/Manual Start] (system32\DRIVERS\secdrv.sys)(Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Prolific2 Serial port driver / Ser2pl][Stopped/Manual Start] (system32\DRIVERS\ser2pl.sys)(Prolific Technology Inc.) [SlowDownCPU / SlowDownCPU][Stopped/Manual Start] (\??\F:\ChipSet\V2-CPU\NTGLM7X.sys)(N/A) -------------------------------------------------------------------------------- 浏览器加载项 [ThunderAtOnce Class] {01443AEC-0FD1-40fd-9C87-E93D1494C233} (D:\Program Files\downl\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD) [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} (D:\Program Files\downl\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD) [卡卡上网安全助手] {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} (C:\WINDOWS\system32\UrlFilter.dll, (Signed) Beijing Rising Information Technology Co., Ltd.) [SafeMon Class] {B69F34DD-F0F9-42DC-9EDD-957187DA688D} (D:\Program Files\360safe\safemon\safemon.dll, (Signed) 360.CN) [启动迅雷5] {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} (D:\Program Files\downl\Thunder.exe, Thunder Networking Technologies,LTD) [CibaCtrl Class] {8DE0FCD4-5EB5-11D3-AD25-00002100131B} (D:\PROGRA~1\Kingsoft\IEPlugin.dll, N/A) [金山词霸] {9A687CA6-D585-4947-9ED9-BE96071F5CD9} (D:\PROGRA~1\Kingsoft\XDictExB.dll, N/A) [JoyoCtrl Class] {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} (D:\PROGRA~1\Kingsoft\IEPlugin.dll, N/A) [电台(&R)] {8E718888-423F-11D2-876E-00A0C9082467} (C:\msdxm.ocx, N/A) [] {1ED48504-8834-11D5-AC75-0008C73FD642} (, ) [] {33564D57-9980-0010-8000-00AA00389B71} (, ) [EditCtrl Class] {488A4255-3236-44B3-8F27-FA1AECAA8844} (C:\WINDOWS\system32\aliedit\aliedit.dll, (Signed) ) [] {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} (, ) [ThunderAtOnce Class] {01443AEC-0FD1-40FD-9C87-E93D1494C233} (D:\Program Files\downl\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD) [] {03507A1A-E0C5-4404-AA26-205385C0892D} (, ) [ActiveMovieControl Object] {05589FA1-C356-11CE-BF01-00AA0055595A} (C:\AMOVIE.OCX, Microsoft Corporation) [Web Browser Applet Control] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} (C:\WINDOWS\system32\Msjava.dll, Microsoft Corporation) [] {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} (, ) [GerneralPeerID Class] {0A47E819-F82E-4D5D-B806-6A9EA94D68CD} (D:\Program Files\downl\Components\InMedia\peerid.dll, ) [InfosecCertInstall Class] {0EB487C8-E9AC-43A6-8C4C-083999B0622F} (C:\WINDOWS\system32\certInStall.dll, ) [iTrusPTA Class] {1E0DFFCF-27FF-4574-849B-55007349FEDA} (C:\WINDOWS\system32\aliedit\pta.dll, (Signed) ) [] {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} (, ) [HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} (%SystemRoot%\system32\Mshtml.dll, (Signed) N/A) [DHTML Edit Control Safe for Scripting for IE5] {2D360201-FFF5-11D1-8D03-00A0C959BC0A} (C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, (Signed) Microsoft Corporation) [] {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} (, ) [RealPlayer RAM Download Handler] {2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} (D:\Program Files\bofagnqi\StormII\Codec\rmoc3260.dll, (Signed) RealNetworks, Inc.) [XML Document] {48123BC4-99D9-11D1-A6B3-00C04FD91555} (%SystemRoot%\system32\msxml3.dll, (Signed) N/A) [Thunder Agent Class] {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} (D:\Program Files\downl\ComDlls\ThunderAgent_Now.dll, (Signed) Thunder Networking Technologies,LTD) [EditCtrl Class] {488A4255-3236-44B3-8F27-FA1AECAA8844} (C:\WINDOWS\system32\aliedit\aliedit.dll, (Signed) ) [HHCtrl Object] {52A2AAAE-085D-4187-97EA-8C30DB990436} (C:\WINDOWS\system32\hhctrl.ocx, (Signed) Microsoft Corporation) [Shell Name Space] {55136805-B2DE-11D1-B9F2-00A0C98BC547} (%SystemRoot%\system32\shdocvw.dll, (Signed) N/A) [MSIDev Control] {5B693D57-8C39-4FB8-9407-25C481620165} (C:\PROGRA~1\MSI\LIVEUP~1\MSIDev.ocx, ) [WUWebControl Class] {6414512B-B978-451D-A0D8-FCFDF33E833C} (C:\WINDOWS\system32\wuweb.dll, (Signed) Microsoft Corporation) [XMP Class] {6483F145-A768-4C41-AACC-52D4D7845851} (C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, ) [XDRM] {693571CB-54A3-4E90-9D52-EEAE1334E2D3} (C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, ) [StormPlayer Object] {6BE52E1D-E586-474F-A6E2-1A85A9B4D9FB} (D:\Program Files\bofagnqi\StormII\mps.dll, (Signed) 北京暴风网际科技有限公司) [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} (C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation) [WangWangObj Class] {6E213FC7-DD5A-4115-B7E6-D4C7838C361E} (D:\Program Files\Alisoft\WangWang\WangWangX4.dll, 阿里巴巴软件(上海)有限公司) [AxInputControl Class] {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (C:\WINDOWS\system32\INPUTC~1.DLL, ) [MediaComm Class] {7670648D-461B-42AF-BDFE-46D26AF5EFF2} (D:\Program Files\downl\Components\InMedia\MediaAddin17.dll, Thunder Networking Technologies,LTD) [360SafeLive] {87515F61-A66C-4319-A0E0-D416CB8059E3} (D:\Program Files\360safe\live.dll, 360.cn) [Microsoft Web 浏览器] {8856F961-340A-11D0-A96B-00C04FD705A2} (C:\WINDOWS\system32\shdocvw.dll, (Signed) Microsoft Corporation) [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} (D:\Program Files\downl\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD) [TTPlayer ActiveX Control] {89AE5F82-410A-4040-9387-68D1144EFD03} (D:\Program Files\bofagnqi\TTPlayer\ttpctrl.dll, Alen Soft) [AxSubmitControl Class] {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (C:\WINDOWS\system32\SUBMIT~1.DLL, ) [CibaCtrl Class] {8DE0FCD4-5EB5-11D3-AD25-00002100131B} (D:\PROGRA~1\Kingsoft\IEPlugin.dll, N/A) [卡卡上网安全助手] {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} (C:\WINDOWS\system32\UrlFilter.dll, (Signed) Beijing Rising Information Technology Co., Ltd.) [] {9A687CA6-D585-4947-9ED9-BE96071F5CD9} (, ) [RealPlayer Stream Handler] {A1A41E11-91DB-4461-95CD-0C02327FD934} (D:\Program Files\bofagnqi\StormII\Codec\rmoc3260.dll, (Signed) RealNetworks, Inc.) [RMGetLicense Class] {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} (C:\WINDOWS\system32\msnetobj.dll, (Signed) Microsoft Corporation) [WebVGPlayer Class] {AA899B43-24BD-4B6B-BBD0-45557D8D11E0} (C:\PROGRA~1\VIEWGOOD\WEBPLA~1\VGPlayer.dll, ) [DapCtrl Class] {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} (C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.1.5802.54.(709).dll, ShenZhen Thunder Networking Technologies Ltd.) [Microsoft Scriptlet Component] {AE24FDAE-03C6-11D1-8B76-0080C744F389} (C:\WINDOWS\system32\Mshtml.dll, (Signed) Microsoft Corporation) [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} (%SystemRoot%\system32\shdocvw.dll, (Signed) N/A) [] {B69F34DC-F0F9-42DC-9EDD-957187DA688D} (, ) [SafeMon Class] {B69F34DD-F0F9-42DC-9EDD-957187DA688D} (D:\Program Files\360safe\safemon\safemon.dll, (Signed) 360.CN) [RDS.DataSpace] {BD96C556-65A3-11D0-983A-00C04FC29E36} (C:\Program Files\Common Files\System\msadc\msadco.dll, (Signed) Microsoft Corporation) [JoyoCtrl Class] {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} (D:\PROGRA~1\Kingsoft\IEPlugin.dll, N/A) [VIDEO__X_MS_ASF Moniker Class] {CD3AFA8F-B84F-48F0-9393-7EDC34128127} (C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation) [RealPlayer G2 Control] {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} (D:\Program Files\bofagnqi\StormII\Codec\rmoc3260.dll, (Signed) RealNetworks, Inc.) [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} (C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, (Signed) Adobe Systems, Inc.) [] {D3977678-3647-45FA-8E7B-727E9984BAC7} (, ) [] {D6E814A0-E0C5-11D4-8D29-0050BA6940E3} (, ) [PlayerCtrl Class] {E05BC2A3-9A46-4A32-80C9-023A473F5B23} (D:\Program Files\Tencent\QQMusic\QzoneMusic.dll, (Signed) 深圳腾讯科技) [] {E6BD6993-164F-4277-AE97-5EB4BAB56443} (, ) [PasswordEditCtrl Class] {E787FD25-8D7C-4693-AE67-9406BC6E22DF} (C:\WINDOWS\system32\qqedit\qqedit.dll, (Signed) 腾讯科技(深圳)有限公司) [Thunder DapPlayer] {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} (D:\Program Files\downl\Components\DownAndPlay\DapPlayer3.0.5712.71.709.dll, ShenZhen Thunder Networking Technologies Ltd.) [] {F156768E-81EF-470C-9057-481BA8380DBA} (, ) [QvodCtrl Class] {F3D0D36F-23F8-4682-A195-74C92B03D4AF} (d:\Program Files\bofangqi\QvodPlayer\QvodInsert.dll, Shenzhen QVOD Technology Co.,Ltd) [XPPlayer Class] {F3E70CEA-956E-49CC-B444-73AFE593AD7F} (C:\Program Files\Common Files\Thunder Network\KanKan\PPlayer.2.0.0.166.(709).dll, Thunder) [] {F90D830D-C175-4bbe-82C7-FF94669A4C42} (, ) [] {FB5DA724-162B-11D3-8B9B-AA70B4B0B524} (, ) [] {FB5DA724-162B-11D3-8B9B-AA70B4B0B525} (, ) [使用迅雷下载] (D:\Program Files\downl\Program\geturl.htm, N/A) [使用迅雷下载全部链接] (D:\Program Files\downl\Program\getallurl.htm, N/A) [添加到QQ表情] (D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A) -------------------------------------------------------------------------------- 正在运行的进程 [PID: 456][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 512][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [d:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [PID: 536][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [d:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 580][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)] [d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [d:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [PID: 592][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [d:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [PID: 736][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [d:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [PID: 808][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [d:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [PID: 876][d:\Program Files\Rising\Rav\CCenter.exe] [Beijing Rising Information Technology Co., Ltd., 20.0.0.33] [d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [d:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [PID: 892][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [d:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [PID: 992][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [d:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [PID: 1052][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [d:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [PID: 1132][D:\PROGRAM FILES\RISING\RAV\ravmond.exe] [Beijing Rising Information Technology Co., Ltd., 20.0.0.80] [D:\PROGRAM FILES\RISING\RAV\BWList.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.5] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0] [D:\PROGRAM FILES\RISING\RAV\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.1] [D:\PROGRAM FILES\RISING\RAV\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.19] [D:\PROGRAM FILES\RISING\RAV\RsLog.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.36] [D:\PROGRAM FILES\RISING\RAV\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [D:\PROGRAM FILES\RISING\RAV\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [D:\PROGRAM FILES\RISING\RAV\MonRule.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.29] [D:\PROGRAM FILES\RISING\RAV\Hooksys.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 12] [d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [d:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [D:\PROGRAM FILES\RISING\RAV\HookReg.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6] [D:\PROGRAM FILES\RISING\RAV\HookNtos.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5] [D:\PROGRAM FILES\RISING\RAV\rswalmon.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 24] [D:\PROGRAM FILES\RISING\RAV\recomp.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 40] [D:\PROGRAM FILES\RISING\RAV\refs.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18] [D:\PROGRAM FILES\RISING\RAV\ffr.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 16] [d:\Program Files\Rising\Rav\RsStore.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.9] [D:\PROGRAM FILES\RISING\RAV\HookCont.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3] [d:\Program Files\Rising\Rav\fakescan.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.14] [d:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.39] [D:\PROGRAM FILES\RISING\RAV\viruslib.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27] [D:\PROGRAM FILES\RISING\RAV\relibldr.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17] [D:\PROGRAM FILES\RISING\RAV\HookWeb.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.3] [D:\PROGRAM FILES\RISING\RAV\nvfile.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 7] [D:\PROGRAM FILES\RISING\RAV\scanexec.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [D:\PROGRAM FILES\RISING\RAV\unexe.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 6] [D:\PROGRAM FILES\RISING\RAV\scanex.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 87] [D:\PROGRAM FILES\RISING\RAV\pearc.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 8] [D:\PROGRAM FILES\RISING\RAV\extfile.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 32] [D:\PROGRAM FILES\RISING\RAV\scanpack.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10] [D:\PROGRAM FILES\RISING\RAV\revm.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 11] [D:\PROGRAM FILES\RISING\RAV\urutils.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 7] [D:\PROGRAM FILES\RISING\RAV\ur000.dat] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 19] [D:\PROGRAM FILES\RISING\RAV\scriptci.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 4] [D:\PROGRAM FILES\RISING\RAV\uroutine.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27] [D:\PROGRAM FILES\RISING\RAV\ur001.dat] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 4] [D:\PROGRAM FILES\RISING\RAV\scansct.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10] [D:\PROGRAM FILES\RISING\RAV\extole.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 13] [D:\PROGRAM FILES\RISING\RAV\extmail.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10] [PID: 1148][d:\program files\rising\rfw\rfwsrv.exe] [Beijing Rising Information Technology Co., Ltd., 7.0.0.76] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 22] [C:\WINDOWS\system32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0] [d:\Program Files\Rising\Rfw\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [d:\program files\rising\rfw\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [d:\program files\rising\rfw\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.1] [d:\program files\rising\rfw\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.19] [d:\program files\rising\rfw\RfwRule.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.17] [d:\program files\rising\rfw\rfwlog.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.16] [d:\program files\rising\rfw\Rfwdrv.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.48] [d:\program files\rising\rfw\psapi.dll] [Microsoft Corporation, 4.00] [d:\program files\rising\rfw\ijt_ctrl.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.0] [d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [d:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [d:\program files\rising\rfw\unvdet.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.8] [d:\program files\rising\rfw\mPorts.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.6] [PID: 1212][d:\program files\rising\rfw\rfwproxy.exe] [Beijing Rising Information Technology Co., Ltd., 7.0.0.37] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 22] [C:\WINDOWS\system32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0] [d:\program files\rising\rfw\psapi.dll] [Microsoft Corporation, 4.00] [d:\Program Files\Rising\Rfw\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [d:\program files\rising\rfw\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [d:\program files\rising\rfw\RfwRule.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.17] [d:\program files\rising\rfw\urlrule.dll] [Beijing Rising Information Technology Co., Ltd., 1.0.0.15] [d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [d:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [d:\program files\rising\rfw\MonMid.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.6] [PID: 1400][d:\program files\rising\rfw\rfwstub.exe] [Beijing Rising Information Technology Co., Ltd., 7.0.0.12] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 22] [d:\program files\rising\rfw\RSCOMMON.DLL] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17] [d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [d:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [PID: 1608][D:\PROGRAM FILES\RISING\RAV\RavStub.exe] [Beijing Rising Information Technology Co., Ltd., 20.0.0.10] [D:\PROGRAM FILES\RISING\RAV\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [D:\PROGRAM FILES\RISING\RAV\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [D:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17] [d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [d:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [PID: 1780][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)] [d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [d:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [PID: 116][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 22] [d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [d:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.18] [D:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\Program Files\WinRAR\rarext.dll] [N/A, ] [d:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17] [d:\PROGRA~1\Wopti\WOPTIE~1.DLL] [共软网络, 1.0.8.530] [D:\Program Files\downl\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.5.29] [D:\Program Files\downl\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 96] [D:\Program Files\downl\Components\ResWorker\DsBho_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 20] [D:\Program Files\downl\Components\ResWorker\DataProcessor_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 16] [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510] [PID: 276][d:\program files\rising\rfw\RfwMain.exe] [Beijing Rising Information Technology Co., Ltd., 7.0.1.70] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [d:\program files\rising\rfw\RsGuiLib.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 90] [C:\WINDOWS\system32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0] [d:\Program Files\Rising\Rfw\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [d:\program files\rising\rfw\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [d:\program files\rising\rfw\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.1] [d:\program files\rising\rfw\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.19] [d:\program files\rising\rfw\RSCOMMON.DLL] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17] [d:\program files\rising\rfw\RfwCtrl.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [d:\program files\rising\rfw\RsXML.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2] [d:\program files\rising\rfw\PngDll.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5] [d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [d:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [d:\program files\rising\rfw\RfwRule.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.17] [PID: 856][C:\WINDOWS\system32\nvsvc32.exe] [NVIDIA Corporation, 6.14.10.8421] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 22] [d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [d:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [PID: 2012][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 368][C:\Program Files\UPHClean\uphclean.exe] [Microsoft Corporation, 1.5.5.21] [PID: 1372][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\System32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 22] [PID: 940][D:\Program Files\360safe\safemon\360Tray.exe] [奇虎网, 4, 1, 8, 1004] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 22] [d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [d:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [D:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005] [D:\Program Files\360safe\safemon\SafeKrnl.dll] [奇虎网, 4, 2, 0, 1001] [D:\Program Files\360safe\AntiAdwa.dll] [360Safe.com, 4, 2, 0, 1001] [D:\Program Files\360safe\live.dll] [360.cn, 1, 0, 1, 1027] [PID: 1096][D:\Program Files\Rising\Rav\RavTask.exe] [Beijing Rising Information Technology Co., Ltd., 20.0.0.24] [D:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [D:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [D:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17] [D:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Information Technology Co., Ltd., 20.0.0.1] [D:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.19] [PID: 980][D:\Program Files\Rising\Rav\Ravmon.exe] [Beijing Rising Information Technology Co., Ltd., 20.0.01.24] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0] [D:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [D:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [D:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17] [D:\Program Files\Rising\Rav\recomp.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 40] [D:\Program Files\Rising\Rav\refs.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18] [D:\Program Files\Rising\Rav\viruslib.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27] [D:\Program Files\Rising\Rav\relibldr.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17] [D:\Program Files\Rising\Rav\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.1] [D:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.19] [D:\Program Files\Rising\Rav\MonRule.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.29] [D:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5] [D:\Program Files\Rising\Rav\Rsguilib.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 90] [D:\Program Files\Rising\Rav\RsXML.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2] [PID: 1448][D:\Program Files\Rising\AntiSpyware\rstray.exe] [Beijing Rising Information Technology Co., Ltd., 21.0.0.15] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 22] [D:\Program Files\Rising\AntiSpyware\rsmginfo.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 8] [D:\Program Files\Rising\AntiSpyware\RsXML.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2] [D:\Program Files\Rising\AntiSpyware\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [D:\Program Files\Rising\AntiSpyware\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [D:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005] [D:\Program Files\Rising\AntiSpyware\ComServ.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.31] [D:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [D:\Program Files\Rising\AntiSpyware\rscommon.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.1.1] [D:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.24] [D:\Program Files\Rising\AntiSpyware\pngdll.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5] [D:\Program Files\Rising\AntiSpyware\runiep.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.32] [d:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [d:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.18] [PID: 1748][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 22] [d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [d:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [D:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005] [PID: 3780][D:\Program Files\802.1X认证客户端\Dot1XClient.exe] [huawei, 2.00] [C:\WINDOWS\system32\W32N50.dll] [Printing Communications Assoc., Inc. (PCAUSA), 5.03.16.54] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 22] [d:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.24] [d:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [d:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [D:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005] [PID: 1744][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 22] [d:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.24] [d:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [d:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [D:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005] [D:\Program Files\downl\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.5.29] [D:\Program Files\downl\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 96] [D:\Program Files\downl\Components\ResWorker\DsBho_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 20] [D:\Program Files\downl\Components\ResWorker\DataProcessor_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 16] [C:\WINDOWS\system32\UrlFilter.dll] [Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 15] [d:\Program Files\Rising\AntiSpyware\UrlRule.dll] [Beijing Rising Information Technology Co., Ltd., 1.0.0.15] [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510] [d:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5] [C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx] [Adobe Systems, Inc., 9,0,124,0] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 2572][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 22] [d:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.24] [d:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [D:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005] [D:\Program Files\downl\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.5.29] [D:\Program Files\downl\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 96] [D:\Program Files\downl\Components\ResWorker\DsBho_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 20] [D:\Program Files\downl\Components\ResWorker\DataProcessor_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 16] [C:\WINDOWS\system32\UrlFilter.dll] [Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 15] [d:\Program Files\Rising\AntiSpyware\UrlRule.dll] [Beijing Rising Information Technology Co., Ltd., 1.0.0.15] [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510] [d:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5] [C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx] [Adobe Systems, Inc., 9,0,124,0] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [D:\Program Files\downl\ComDlls\ThunderAgent_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 4, 23] [C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.18] [PID: 2956][d:\Program Files\Rising\AntiSpyware\knownsvr.exe] [Beijing Rising Information Technology Co., Ltd., 6.0.0.11] [d:\Program Files\Rising\AntiSpyware\NComm.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.6] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 22] [d:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.24] [d:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [PID: 3224][C:\DOCUME~1\CAPTAI~1\LOCALS~1\Temp\Rar$EX03.156\sreng2\SREngLdr.EXE] [Smallfrogs Studio, 2.6.12.1018] [PID: 3580][C:\DOCUME~1\CAPTAI~1\LOCALS~1\Temp\Rar$EX03.156\sreng2\SRE6131b57e.EXE] [Smallfrogs Studio, 2.6.12.1018] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 22] [d:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.24] [d:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [D:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005] [PID: 2888][C:\Documents and Settings\captain147\桌面\sreng2\sreng2\SREngLdr.EXE] [Smallfrogs Studio, 2.6.12.1018] [d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 22] [d:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.24] [d:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [d:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [PID: 2728][C:\Documents and Settings\captain147\桌面\sreng2\sreng2\SRE6131b57e.EXE] [Smallfrogs Studio, 2.6.12.1018] [d:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [d:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [D:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005] -------------------------------------------------------------------------------- 文件关联 .TXT Error. [C:\WINDOWS\notepad.exe %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM Error. ["hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] -------------------------------------------------------------------------------- Winsock 提供者 N/A -------------------------------------------------------------------------------- Autorun.inf N/A -------------------------------------------------------------------------------- HOSTS 文件 127.0.0.1 localhost 127.0.0.1 yu.8s7.net 127.0.0.1 1.jopanqc.com 127.0.0.1 2.joppnqq.com 127.0.0.1 wg.47255.com 127.0.0.1 1.joppnqq.com 127.0.0.1 xxx.m111.biz 127.0.0.1 1.jopenqc.com 127.0.0.1 1.jopenkk.com 127.0.0.1 xxx.vh7.biz 127.0.0.1 xxx.j41m.com 127.0.0.1 3.joppnqq.com 127.0.0.1 d.93se.com 127.0.0.1 www.868wg.com 127.0.0.1 xxx.mmma.biz 127.0.0.1 ilove.com 127.0.0.1 tp.shpzhan.cn 127.0.0.1 www.tomwg.com 127.0.0.1 www.cike007.cn 127.0.0.1 www.22aaa.com 127.0.0.1 xx.exiao01.com 127.0.0.1 www.exiao01.com 127.0.0.1 www.exiao01.com 127.0.0.1 new.749571.com 127.0.0.1 xtx.kv8.info 127.0.0.1 cao.kv8.info 127.0.0.1 1.jopmmqq.com 127.0.0.1 171817.171817.com 127.0.0.1 d2.llsging.com 127.0.0.1 down.malasc.cn 127.0.0.1 llboss.com 127.0.0.1 nx.51ylb.cn 127.0.0.1 my.531jx.cn 127.0.0.1 qqq.dzydhx.com 127.0.0.1 qqq.hao1658.com 127.0.0.1 www.333292.com 127.0.0.1 down.18dd.net 127.0.0.1 up.22x44.com 127.0.0.1 gxgxy.net -------------------------------------------------------------------------------- 进程特权扫描 特殊特权被允许: SeLoadDriverPrivilege [PID = 856, C:\WINDOWS\SYSTEM32\NVSVC32.EXE] 特殊特权被允许: SeDebugPrivilege [PID = 3780, D:\PROGRAM FILES\802.1X认证客户端\DOT1XCLIENT.EXE] 特殊特权被允许: SeLoadDriverPrivilege [PID = 3780, D:\PROGRAM FILES\802.1X认证客户端\DOT1XCLIENT.EXE] 特殊特权被允许: SeDebugPrivilege [PID = 3224, C:\DOCUME~1\CAPTAI~1\LOCALS~1\TEMP\RAR$EX03.156\SRENG2\SRENGLDR.EXE] 特殊特权被允许: SeLoadDriverPrivilege [PID = 3224, C:\DOCUME~1\CAPTAI~1\LOCALS~1\TEMP\RAR$EX03.156\SRENG2\SRENGLDR.EXE] 特殊特权被允许: SeLoadDriverPrivilege [PID = 3580, C:\DOCUME~1\CAPTAI~1\LOCALS~1\TEMP\RAR$EX03.156\SRENG2\SRE6131B57E.EXE] 特殊特权被允许: SeDebugPrivilege [PID = 2888, C:\DOCUMENTS AND SETTINGS\CAPTAIN147\桌面\SRENG2\SRENG2\SRENGLDR.EXE] 特殊特权被允许: SeLoadDriverPrivilege [PID = 2888, C:\DOCUMENTS AND SETTINGS\CAPTAIN147\桌面\SRENG2\SRENG2\SRENGLDR.EXE] -------------------------------------------------------------------------------- API HOOK 入口点错误:CreateProcessA (危险等级: 高, 被下面模块所HOOK: 0x00E81FFD) 入口点错误:CreateProcessW (危险等级: 高, 被下面模块所HOOK: 0x00E820E5) -------------------------------------------------------------------------------- 隐藏进程 N/A --------------------------------------------------------------------------------