[CODE] 2008-08-13,21:58:42 System Repair Engineer 2.6.12.1018 Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能 以下内容被选中: 所有的启动项目(包括注册表、启动文件夹、服务等) 浏览器加载项 正在运行的进程(包括进程模块信息) 文件关联 Winsock 提供者 Autorun.inf HOSTS 文件 进程特权扫描 启动项目 注册表 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] [(Verified)Microsoft Windows Hardware Compatibility Publisher] [(Verified)Microsoft Windows Hardware Compatibility Publisher] [(Verified)Microsoft Windows Hardware Compatibility Publisher] <"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Publisher] <"C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless> [Intel Corporation] <"C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"> [Intel Corporation] <"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [(Verified)Beijing Rising Information Technology Corporation Limited] [SigmaTel, Inc.] <"C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"> [(Verified)"Sun Microsystems, Inc."] [(Verified)Microsoft Windows Hardware Compatibility Publisher] [Sonic Solutions] <"C:\Program Files\Rising\Rav\RavTask.exe" -system> [(Verified)Beijing Rising Science and Technology Corporation Limited] [Tencent] <"C:\Program Files\Rising\AntiSpyware\rstray.exe" /startup> [(Verified)Beijing Rising Information Technology Corporation Limited] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] [(Verified)Beijing Rising Information Technology Corporation Limited] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Component Publisher] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] [(Verified)Beijing Rising Information Technology Corporation Limited] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{32CD708B-60A7-4C00-9377-D73EAA495F0F}> [(Verified)Beijing Rising Science and Technology Corporation Limited] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] [Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] <%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] [Microsoft Corporation] ================================== 启动文件夹 N/A ================================== 服务 [Autodesk Licensing Service / Autodesk Licensing Service][Stopped/Manual Start] <"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"> [Contrl Center of Storm Media / ccosm][Running/Auto Start] <北京暴风网际科技有限公司> [Intel(R) PROSet/Wireless Event Log / EvtEng][Running/Auto Start] [FLEXnet Licensing Service / FLEXnet Licensing Service][Stopped/Manual Start] <"C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"> [Human Interface Device Access / HidServ][Stopped/Disabled] %SystemRoot%\System32\hidserv.dll> [MSSQLSERVER / MSSQLSERVER][Stopped/Manual Start] [MSSQLServerADHelper / MSSQLServerADHelper][Stopped/Manual Start] [NICCONFIGSVC / NICCONFIGSVC][Running/Auto Start] [Intel(R) PROSet/Wireless Registry Service / RegSrvc][Running/Auto Start] [Rising Proxy Service / RfwProxySrv][Running/Auto Start] [Rising Personal Firewall Service / RfwService][Running/Auto Start] [Rising Process Communication Center / RsCCenter][Running/Auto Start] <"C:\Program Files\Rising\Rav\CCenter.exe"> [Rising RealTime Monitor / RsRavMon][Running/Auto Start] <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"> [Intel(R) PROSet/Wireless Service / S24EventMonitor][Running/Auto Start] [ScadaRtdbServ / ScadaRtdbServ][Stopped/Manual Start] [ServiceLayer / ServiceLayer][Stopped/Manual Start] <"C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe"> [SQLSERVERAGENT / SQLSERVERAGENT][Stopped/Manual Start] [STI Simulator / STI Simulator][Stopped/Auto Start] <><(File is missing)> [Ulead Burning Helper / UleadBurningHelper][Running/Auto Start] [Intel(R) PROSet/Wireless SSO Service / WLANKEEPER][Running/Auto Start] [Windows Media Connect Service / WMConnectCDS][Stopped/Manual Start] [Windows Driver Foundation - User-mode Driver Framework / WudfSvc][Running/Auto Start] %SystemRoot%\System32\WUDFSvc.dll> ================================== 驱动程序 [AEGIS Protocol (IEEE 802.1x) v3.4.9.0 / AegisP][Running/Auto Start] [APPDRV / APPDRV][Running/System Start] <\SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS> [Broadcom 440x 10/100 Integrated Controller XP Driver / bcm4sbxp][Running/Manual Start] [bootdrv / bootdrv][Stopped/Boot Start] <\SystemRoot\System32\Drivers\bootdrv.sys> [DLABOIOM / DLABOIOM][Running/Auto Start] [DLACDBHM / DLACDBHM][Running/System Start] [DLADResN / DLADResN][Running/Auto Start] [DLAIFS_M / DLAIFS_M][Running/Auto Start] [DLAOPIOM / DLAOPIOM][Running/Auto Start] [DLAPoolM / DLAPoolM][Running/Auto Start] [DLARTL_N / DLARTL_N][Running/System Start] [DLAUDFAM / DLAUDFAM][Running/Auto Start] [DLAUDF_M / DLAUDF_M][Running/Auto Start] [DRVMCDB / DRVMCDB][Running/Boot Start] <\SystemRoot\System32\Drivers\DRVMCDB.SYS> [DRVNDDM / DRVNDDM][Running/Auto Start] [ENTECH / ENTECH][Stopped/Manual Start] <\??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys> [fcdabus / fcdabus][Running/Manual Start] [FTCProtect / FTCProtect][Stopped/Manual Start] [FTCProTime / FTCProTime][Stopped/Manual Start] [FVDSCSI / FVDSCSI][Running/Manual Start] [Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start] [HookCont / HookCont][Running/System Start] <\SystemRoot\system32\drivers\HookCont.sys> [HookNtos / HookNtos][Running/System Start] <\SystemRoot\system32\drivers\HookNtos.sys> [HookReg / HookReg][Running/System Start] <\SystemRoot\system32\drivers\HookReg.sys> [HookSys / HookSys][Running/System Start] <\SystemRoot\system32\drivers\HookSys.sys> [HookUrl / HookUrl][Running/Auto Start] <\??\C:\Program Files\Rising\Rfw\HookUrl.sys> [HOSTNT / HOSTNT][Running/Auto Start] <\??\C:\WINDOWS\system32\drivers\hostnt.sys> [HSF_DPV / HSF_DPV][Running/Manual Start] [HSXHWAZL / HSXHWAZL][Running/Manual Start] [ialm / ialm][Running/Manual Start] [mdmxsdk / mdmxsdk][Running/Auto Start] [MHDRV / MHDRV][Stopped/Auto Start] <\??\C:\WINDOWS\system32\drivers\mhdrv.sys> [Nokia USB Generic / Nokia USB Generic][Stopped/Manual Start] [Nokia USB Modem / Nokia USB Modem][Stopped/Manual Start] [Nokia USB Phone Parent / Nokia USB Phone Parent][Stopped/Manual Start] [Nokia USB Port / Nokia USB Port][Stopped/Manual Start] [npkcrypt / npkcrypt][Stopped/Manual Start] <\??\C:\WINDOWS\system32\npkcrypt.sys> [npkycryp / npkycryp][Stopped/Manual Start] <\??\C:\WINDOWS\system32\npkycryp.sys> [PLEOMAX PWC-2000 / PAC7311][Stopped/Manual Start] [Padus ASPI Shell / pfc][Running/Manual Start] [Direct Parallel Link Driver / Ptilink][Running/Manual Start] [PxHelp20 / PxHelp20][Running/Boot Start] <\SystemRoot\System32\Drivers\PxHelp20.sys> [RCMHDOG / RCMHDOG][Stopped/Auto Start] <\??\C:\WINDOWS\system32\drivers\rcmhdog.sys> [Rising Rfwbase Driver / RfwBase][Running/Auto Start] [rimmptsk / rimmptsk][Running/Manual Start] [rimsptsk / rimsptsk][Running/Manual Start] [Ricoh xD-Picture Card Driver / rismxdp][Running/Manual Start] [RsAntiSpyware / RsAntiSpyware][Running/Boot Start] <\SystemRoot\system32\drivers\RsBoot.sys> [RsFwDrv / RsFwDrv][Running/System Start] <\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys> [RsNTGDI / RsNTGDI][Running/Boot Start] <\SystemRoot\system32\Drivers\RsNTGdi.sys> [WLAN 传输 / s24trans][Running/Auto Start] [Secdrv / Secdrv][Stopped/Manual Start] [Prolific2 Serial port driver / Ser2pl][Stopped/Manual Start] [CP2101 USB Composite Device driver (WDM) / slabbus][Running/Manual Start] [CP2101 USB to UART Bridge Controller Drivers / slabser][Running/Manual Start] [SmartCd / SmartCd][Stopped/Manual Start] [SigmaTel High Definition Audio CODEC / STHDA][Running/Manual Start] [Synaptics TouchPad Driver / SynTP][Running/Manual Start] [Conexant Setup API / UIUSys][Stopped/Manual Start] [usbconf / usbconf][Running/System Start] <\??\C:\WINDOWS\system32\drivers\usbconf.sys> [Intel(R) PRO/Wireless 3945ABG Adapter Driver / w39n51][Running/Manual Start] [winachsf / winachsf][Running/Manual Start] [Windows Driver Foundation - User-mode Driver Framework Platform Driver / WudfPf][Running/Boot Start] <\SystemRoot\system32\DRIVERS\WudfPf.sys> [Windows Driver Foundation - User-mode Driver Framework Reflector / WudfRd][Stopped/Manual Start] ================================== 浏览器加载项 [ThunderAtOnce Class] {01443AEC-0FD1-40fd-9C87-E93D1494C233} [Adobe PDF Reader Link Helper] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [SSVHelper Class] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} [卡卡上网安全助手] {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} [Adobe PDF Conversion Toolbar Helper] {AE7CD045-E861-484f-8273-0445EE161910} [Java Plug-in 1.6.0_05] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [启动迅雷5] {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} [信息检索(&R)] {92780B25-18CC-41C8-B9BE-3C9C571A8263} [Adobe PDF] {47833539-D0C5-4125-9FA8-0819E2EAAC93} [快车(FlashGet)] {E0E899AB-F487-11D5-8D29-0050BA6940E3} [Java Plug-in 1.6.0_05] {8AD9C840-044E-11D1-B3E9-00805F499D93} [Java Plug-in 1.6.0_05] {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [Java Plug-in 1.6.0_05] {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [ThunderAtOnce Class] {01443AEC-0FD1-40FD-9C87-E93D1494C233} [ActiveMovieControl Object] {05589FA1-C356-11CE-BF01-00AA0055595A} [Adobe PDF Reader Link Helper] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [Web Browser Applet Control] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [] {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <, > [CEnroll Class] {127698E4-E730-4E5C-A2B1-21490A70C8A1} [FG2CatchUrl] {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} [HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, (Signed) N/A> [DHTML Edit Control Safe for Scripting for IE5] {2D360201-FFF5-11D1-8D03-00A0C959BC0A} [FGCatchUrl] {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} [RealPlayer RAM Download Handler] {2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} [RealPlayer Download and Record Plugin for Internet Explorer] {3049C3E9-B461-4BC5-8870-4C09146192CA} [] {30AF1289-F140-A140-D012-C1458759FC03} <, > [] {367E0A21-8601-4986-9C9A-153BF5ACA118} <, > [] {43869BB3-22FD-4F15-9B46-238106BA2F4E} <, > [Adobe PDF] {47833539-D0C5-4125-9FA8-0819E2EAAC93} [XML Document] {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A> [Thunder Agent Class] {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} [HHCtrl Object] {52A2AAAE-085D-4187-97EA-8C30DB990436} [DriveLetterAccess] {5CA3D70E-1895-11CF-8E15-001234567890} [] {5DA5CC16-90A8-4C78-AB5E-596BAEDD1289} <, > [WUWebControl Class] {6414512B-B978-451D-A0D8-FCFDF33E833C} [XMP Class] {6483F145-A768-4C41-AACC-52D4D7845851} [XDRM] {693571CB-54A3-4E90-9D52-EEAE1334E2D3} [StormPlayer Object] {6BE52E1D-E586-474F-A6E2-1A85A9B4D9FB} [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} [] {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <, > [SSVHelper Class] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [MediaComm Class] {7670648D-461B-42AF-BDFE-46D26AF5EFF2} [] {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} <, > [360SafeLive] {87515F61-A66C-4319-A0E0-D416CB8059E3} [Microsoft Web 浏览器] {8856F961-340A-11D0-A96B-00C04FD705A2} [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} [] {92780B25-18CC-41C8-B9BE-3C9C571A8263} <, > [卡卡上网安全助手] {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} [] {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} <, > [RMGetLicense Class] {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} [DapCtrl Class] {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} [Microsoft Scriptlet Component] {AE24FDAE-03C6-11D1-8B76-0080C744F389} [Adobe PDF Conversion Toolbar Helper] {AE7CD045-E861-484F-8273-0445EE161910} [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A> [RDS.DataSpace] {BD96C556-65A3-11D0-983A-00C04FC29E36} [] {C95FE080-8F5D-11D2-A20B-00AA003C157B} <, > [AUDIO__MP3 Moniker Class] {CD3AFA76-B84F-48F0-9393-7EDC34128127} [AUDIO__WAV Moniker Class] {CD3AFA7B-B84F-48F0-9393-7EDC34128127} [AUDIO__X_MS_WMA Moniker Class] {CD3AFA84-B84F-48F0-9393-7EDC34128127} [VIDEO__X_MS_ASF Moniker Class] {CD3AFA8F-B84F-48F0-9393-7EDC34128127} [RealPlayer G2 Control] {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [] {D6E814A0-E0C5-11D4-8D29-0050BA6940E3} <, > [] {D7489FA7-4F38-DA83-E876-AD56F2E8D761} <, > [] {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <, > [快车(FlashGet)] {E0E899AB-F487-11D5-8D29-0050BA6940E3} [PasswordEditCtrl Class] {E787FD25-8D7C-4693-AE67-9406BC6E22DF} [Thunder DapPlayer] {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} [FlashGet GetFlash Class] {F156768E-81EF-470C-9057-481BA8380DBA} [XPPlayer Class] {F3E70CEA-956E-49CC-B444-73AFE593AD7F} [] {F5CEC604-49EC-4F59-B04F-4048FED9EE13} <, > [XML HTTP] {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A> [FGCatchUrl] {FB5DA724-162B-11D3-8B9B-AA70B4B0B524} [FG2CatchUrl] {FB5DA724-162B-11D3-8B9B-AA70B4B0B525} [] {FB5F1910-F110-11D2-BB9E-00C04F795683} <, > [] {FC87A650-207D-4392-A6A1-82ADBC56FA64} <, > [Append to existing PDF] [Convert link target to Adobe PDF] [Convert link target to existing PDF] [Convert selected links to Adobe PDF] [Convert selected links to existing PDF] [Convert selection to Adobe PDF] [Convert selection to existing PDF] [Convert to Adobe PDF] [使用快车(Flas&hGet)下载] [使用快车(Flash&Get)下载全部链接] [使用迅雷下载] [使用迅雷下载全部链接] [导出到 Microsoft Excel(&X)] [导出到 Microsoft Office Excel(&X)] [添加到QQ表情] ================================== 正在运行的进程 [PID: 832 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 904 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [PID: 928 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 972 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [PID: 984 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [PID: 1180 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [PID: 1248 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [PID: 1288 / SYSTEM][C:\Program Files\Rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 27] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 22] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [PID: 1304 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [PID: 1340 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [c:\windows\system32\wudfsvc.dll] [Microsoft Corporation, 6.0.5348.0 (winmain(wmbla).060411-1339)] [c:\windows\system32\WUDFPlatform.dll] [Microsoft Corporation, 6.0.5348.0 (winmain(wmbla).060411-1339)] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [PID: 1464 / SYSTEM][C:\Program Files\Intel\Wireless\Bin\EvtEng.exe] [Intel Corporation, 10, 1, 0, 1] [C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll] [Intel Corporation, 10, 1, 0, 2] [C:\Program Files\Intel\Wireless\Bin\TraceAPI.DLL] [Intel Corporation, 10, 1, 0, 5] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 22] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [PID: 1496 / SYSTEM][C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe] [Intel Corporation , 10, 1, 0, 33] [C:\Program Files\Intel\Wireless\Bin\TraceAPI.DLL] [Intel Corporation, 10, 1, 0, 5] [C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll] [Intel Corporation, 10, 1, 0, 2] [C:\Program Files\Intel\Wireless\Bin\LIBEAY32.dll] [N/A, ] [C:\Program Files\Intel\Wireless\Bin\IntStngs.dll] [, 10, 1, 0, 3] [C:\Program Files\Intel\Wireless\Bin\IWMSPROV.DLL] [N/A, ] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 22] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [PID: 1516 / SYSTEM][C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe] [Intel(R) Corporation, 10, 1, 0, 27] [C:\Program Files\Intel\Wireless\Bin\PfMgrApi.dll] [Intel Corporation, 10, 1, 0, 46] [C:\Program Files\Intel\Wireless\Bin\TraceAPI.DLL] [Intel Corporation, 10, 1, 0, 5] [C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll] [Intel Corporation, 10, 1, 0, 2] [C:\Program Files\Intel\Wireless\Bin\DbEngine.dll] [Intel Corporation, 10, 1, 0, 13] [C:\Program Files\Intel\Wireless\Bin\LIBEAY32.dll] [N/A, ] [C:\Program Files\Intel\Wireless\Bin\IntStngs.dll] [, 10, 1, 0, 3] [C:\Program Files\Intel\Wireless\Bin\MurocApi.dll] [Intel Corporation, 10, 1, 0, 37] [C:\Program Files\Intel\Wireless\Bin\S24MUDLL.dll] [Intel Corporation, 10, 1, 0, 1] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 22] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [PID: 1636 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [PID: 1672 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [PID: 1688 / SYSTEM][C:\PROGRAM FILES\RISING\RAV\Ravmond.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.60] [C:\PROGRAM FILES\RISING\RAV\BWList.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.4] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 22] [C:\WINDOWS\system32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.1] [C:\PROGRAM FILES\RISING\RAV\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.19] [C:\PROGRAM FILES\RISING\RAV\RsLog.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.27] [C:\PROGRAM FILES\RISING\RAV\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\PROGRAM FILES\RISING\RAV\MonRule.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.24] [C:\PROGRAM FILES\RISING\RAV\Hooksys.dll] [Beijing Rising Technology Co., Ltd, 22, 0, 0, 7] [C:\PROGRAM FILES\RISING\RAV\HookReg.dll] [Beijing Rising Technology Co., Ltd, 22, 0, 0, 2] [C:\PROGRAM FILES\RISING\RAV\HookNtos.dll] [Beijing Rising Technology Co., Ltd, 22, 0, 0, 2] [C:\PROGRAM FILES\RISING\RAV\rswalmon.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 21] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [C:\PROGRAM FILES\RISING\RAV\recomp.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 40] [C:\PROGRAM FILES\RISING\RAV\refs.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18] [C:\PROGRAM FILES\RISING\RAV\ffr.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 16] [C:\PROGRAM FILES\RISING\RAV\extfile.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 32] [C:\Program Files\Rising\Rav\RsStore.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.8] [C:\PROGRAM FILES\RISING\RAV\HookCont.dll] [Beijing Rising Technology Co., Ltd, 22, 0, 0, 1] [C:\Program Files\Rising\Rav\fakescan.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.13] [C:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.34] [C:\PROGRAM FILES\RISING\RAV\viruslib.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27] [C:\PROGRAM FILES\RISING\RAV\relibldr.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17] [C:\PROGRAM FILES\RISING\RAV\HookWeb.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.2] [C:\PROGRAM FILES\RISING\RAV\pearc.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 8] [C:\PROGRAM FILES\RISING\RAV\nvfile.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 7] [C:\PROGRAM FILES\RISING\RAV\scanexec.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [C:\PROGRAM FILES\RISING\RAV\unexe.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 6] [C:\PROGRAM FILES\RISING\RAV\scanex.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 87] [C:\PROGRAM FILES\RISING\RAV\scanpack.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10] [C:\PROGRAM FILES\RISING\RAV\revm.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 11] [C:\PROGRAM FILES\RISING\RAV\urutils.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 7] [C:\PROGRAM FILES\RISING\RAV\ur000.dat] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 19] [C:\PROGRAM FILES\RISING\RAV\extmail.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10] [PID: 1716 / SYSTEM][c:\program files\rising\rfw\rfwsrv.exe] [Beijing Rising Information Technology Co., Ltd., 7.0.0.76] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 22] [C:\WINDOWS\system32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Rising\Rfw\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [c:\program files\rising\rfw\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [c:\program files\rising\rfw\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.1] [c:\program files\rising\rfw\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.19] [c:\program files\rising\rfw\RfwRule.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.17] [c:\program files\rising\rfw\rfwlog.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.16] [c:\program files\rising\rfw\Rfwdrv.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.48] [c:\program files\rising\rfw\psapi.dll] [Microsoft Corporation, 4.00] [c:\program files\rising\rfw\ijt_ctrl.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.0] [c:\program files\rising\rfw\unvdet.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.8] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [c:\program files\rising\rfw\mPorts.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.6] [PID: 1996 / SYSTEM][c:\program files\rising\rfw\rfwproxy.exe] [Beijing Rising Information Technology Co., Ltd., 7.0.0.37] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 22] [C:\WINDOWS\system32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0] [c:\program files\rising\rfw\psapi.dll] [Microsoft Corporation, 4.00] [C:\Program Files\Rising\Rfw\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [c:\program files\rising\rfw\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [c:\program files\rising\rfw\RfwRule.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.17] [c:\program files\rising\rfw\urlrule.dll] [Beijing Rising Information Technology Co., Ltd., 1.0.0.15] [c:\program files\rising\rfw\MonMid.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.6] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [PID: 2032 / SYSTEM][c:\program files\rising\rfw\rfwstub.exe] [Beijing Rising Information Technology Co., Ltd., 7.0.0.12] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 22] [c:\program files\rising\rfw\RSCOMMON.DLL] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [PID: 536 / zywddzyj][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 22] [C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, Inc., 17.1.51.0] [C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.17] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] [Autodesk, Inc., 17.1.51.0] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.5.29] [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 8.0.0.2006102200] [C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 96] [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_01.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 20] [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_01.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 16] [C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll] [Autodesk, 17.1.51.0] [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510] [C:\WINDOWS\system32\mp3infp.dll] [win32lab.com, 2.53.37.0] [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 8.1.0.0] [PID: 780 / zywddzyj][c:\program files\rising\rfw\RfwMain.exe] [Beijing Rising Information Technology Co., Ltd., 7.0.1.70] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [c:\program files\rising\rfw\RsGuiLib.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 90] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 22] [C:\WINDOWS\system32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Rising\Rfw\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [c:\program files\rising\rfw\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [c:\program files\rising\rfw\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.1] [c:\program files\rising\rfw\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.19] [c:\program files\rising\rfw\RSCOMMON.DLL] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17] [c:\program files\rising\rfw\RfwCtrl.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [c:\program files\rising\rfw\RsXML.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2] [c:\program files\rising\rfw\PngDll.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [c:\program files\rising\rfw\RfwRule.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.17] [PID: 1960 / SYSTEM][C:\PROGRAM FILES\RISING\RAV\RavStub.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.9] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 22] [C:\PROGRAM FILES\RISING\RAV\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [PID: 240 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)] [C:\WINDOWS\system32\AdobePDF.dll] [Adobe Systems Incorporated., 8.0.0.00] [C:\Program Files\Adobe\Acrobat 8.0\Acrobat\adistres.dll] [Adobe Systems Incorporated., 8.1.2.2008011100] [C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.1897.0] [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.1897.0] [PID: 448 / SYSTEM][d:\Program Files\StormII\stormliv.exe] [北京暴风网际科技有限公司, 3, 8, 6, 20] [d:\Program Files\StormII\MSVCP60.dll] [Microsoft Corporation, 6.02.3104.0] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 22] [C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL] [Microsoft Corporation, 11.0.5510] [PID: 636 / SYSTEM][C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe] [Dell Inc., 7, 0, 7, 0] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 22] [PID: 720 / SYSTEM][C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe] [Intel Corporation, 10, 1, 0, 1] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 22] [PID: 1200 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1232 / SYSTEM][C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe] [Ulead Systems, Inc., 1, 0, 0, 4] [PID: 2248 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\System32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 22] [PID: 2328 / SYSTEM][C:\WINDOWS\system32\wbem\wmiprvse.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 22] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [PID: 2624 / SYSTEM][C:\WINDOWS\system32\wuauclt.exe] [Microsoft Corporation, 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 22] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [PID: 2836 / zywddzyj][C:\WINDOWS\system32\hkcmd.exe] [Intel Corporation, 3.0.0.4446] [C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3.0.0.4446] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 22] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.4446] [C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 3.0.0.4446] [PID: 2844 / zywddzyj][C:\WINDOWS\system32\igfxpers.exe] [Intel Corporation, 3.0.0.4446] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 22] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.4446] [PID: 2876 / zywddzyj][C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe] [Intel Corporation, 10, 1, 0, 17] [C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll] [Intel Corporation, 10, 1, 0, 2] [C:\Program Files\Intel\Wireless\Bin\LIBEAY32.dll] [N/A, ] [C:\Program Files\Intel\Wireless\Bin\IntStngs.dll] [, 10, 1, 0, 3] [C:\Program Files\Intel\Wireless\Bin\TraceAPI.DLL] [Intel Corporation, 10, 1, 0, 5] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 22] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [C:\Program Files\Intel\Wireless\Bin\FrWrkCHS.dll] [Intel Corporation, 10, 1, 0, 17] [C:\Program Files\Intel\Wireless\Bin\FrameworkPlugins\ConnMgr.dll] [Intel Corporation, 10, 1, 1, 162] [C:\Program Files\Intel\Wireless\Bin\MurocApi.dll] [Intel Corporation, 10, 1, 0, 37] [C:\Program Files\Intel\Wireless\Bin\S24MUDLL.dll] [Intel Corporation, 10, 1, 0, 1] [C:\Program Files\Intel\Wireless\Bin\PfMgrApi.dll] [Intel Corporation, 10, 1, 0, 46] [C:\Program Files\Intel\Wireless\Bin\DbEngine.dll] [Intel Corporation, 10, 1, 0, 13] [C:\Program Files\Intel\Wireless\Bin\IntWACHS.dll] [Intel Corporation, 10, 1, 1, 162] [PID: 2900 / zywddzyj][C:\WINDOWS\system32\igfxsrvc.exe] [Intel Corporation, 3.0.0.4446] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 22] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.4446] [C:\WINDOWS\system32\igfxdev.dll] [Intel Corporation, 3.0.0.4446] [PID: 2912 / zywddzyj][C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe] [Intel Corporation, 10, 1, 0, 42] [C:\Program Files\Intel\Wireless\bin\PfMgrApi.dll] [Intel Corporation, 10, 1, 0, 46] [C:\Program Files\Intel\Wireless\bin\TraceAPI.DLL] [Intel Corporation, 10, 1, 0, 5] [C:\Program Files\Intel\Wireless\bin\PsRegApi.dll] [Intel Corporation, 10, 1, 0, 2] [C:\Program Files\Intel\Wireless\bin\DbEngine.dll] [Intel Corporation, 10, 1, 0, 13] [C:\Program Files\Intel\Wireless\bin\LIBEAY32.dll] [N/A, ] [C:\Program Files\Intel\Wireless\bin\IntStngs.dll] [, 10, 1, 0, 3] [C:\Program Files\Intel\Wireless\bin\MurocApi.dll] [Intel Corporation, 10, 1, 0, 37] [C:\Program Files\Intel\Wireless\bin\S24MUDLL.dll] [Intel Corporation, 10, 1, 0, 1] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 22] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [C:\Program Files\Intel\Wireless\Bin\ZcSvcCHS.dll] [Intel Corporation, 10, 1, 0, 42] [PID: 2936 / zywddzyj][C:\WINDOWS\stsystra.exe] [SigmaTel, Inc., 1.0.4995.1 nd446 cp1] [C:\WINDOWS\system32\STLang.dll] [SigmaTel, Inc., 1.1.4991.0 nd229 cp1] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 22] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [C:\WINDOWS\system32\stacapi.dll] [SigmaTel, Inc., 1.0.4995.1 nd446 cp1] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 2944 / zywddzyj][C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe] [Sun Microsystems, Inc., 6.0.50.13] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 22] [PID: 2952 / zywddzyj][C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] [Synaptics, Inc., 8.2.4.6 08Mar06] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 22] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [C:\WINDOWS\system32\SynCOM.dll] [Synaptics, Inc., 8.2.4.6 08Mar06] [C:\WINDOWS\system32\SynTPAPI.dll] [Synaptics, Inc., 8.2.4.6 08Mar06] [PID: 2964 / zywddzyj][C:\WINDOWS\System32\DLA\DLACTRLW.EXE] [Sonic Solutions, 5.20.08a] [C:\WINDOWS\system32\DLAAPI_W.DLL] [Sonic Solutions, 5.20.08a] [C:\WINDOWS\System32\DLA\DLACResW.dll] [Sonic Solutions, 5.20.08a] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 22] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [C:\WINDOWS\system32\VxBlock.dll] [Sonic Solutions, 1.00.64a] [PID: 3036 / zywddzyj][C:\Program Files\Rising\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.20] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 22] [C:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Information Technology Co., Ltd., 20.0.0.1] [C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.19] [PID: 3220 / zywddzyj][C:\Program Files\Rising\AntiSpyware\rstray.exe] [Beijing Rising Information Technology Co., Ltd., 21.0.0.15] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 22] [C:\Program Files\Rising\AntiSpyware\rsmginfo.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 8] [C:\Program Files\Rising\AntiSpyware\RsXML.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2] [C:\Program Files\Rising\AntiSpyware\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Rising\AntiSpyware\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Rising\AntiSpyware\ComServ.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.31] [C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [C:\Program Files\Rising\AntiSpyware\rscommon.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.1.1] [C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.24] [C:\Program Files\Rising\AntiSpyware\pngdll.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5] [C:\Program Files\Rising\AntiSpyware\runiep.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.32] [C:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [PID: 3336 / zywddzyj][C:\Program Files\Rising\Rav\Ravmon.exe] [Beijing Rising Technology Co., Ltd., 20.0.01.05] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 22] [C:\WINDOWS\system32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [C:\Program Files\Rising\Rav\recomp.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 40] [C:\Program Files\Rising\Rav\refs.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18] [C:\Program Files\Rising\Rav\viruslib.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27] [C:\Program Files\Rising\Rav\relibldr.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17] [C:\Program Files\Rising\Rav\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.1] [C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.19] [C:\Program Files\Rising\Rav\MonRule.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.24] [C:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3] [C:\Program Files\Rising\Rav\Rsguilib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 79] [C:\Program Files\Rising\Rav\RsXML.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0] [PID: 4048 / zywddzyj][C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe] [Intel Corporation, 10, 1, 0, 79] [C:\PROGRA~1\Intel\Wireless\Bin\acAuth.dll] [, 4.0.15.0 2005-11-16 13:05:02] [C:\PROGRA~1\Intel\Wireless\Bin\C1XStngs.dll] [Intel Corporation, 10, 1, 0, 31] [C:\PROGRA~1\Intel\Wireless\Bin\PsRegApi.dll] [Intel Corporation, 10, 1, 0, 2] [C:\PROGRA~1\Intel\Wireless\Bin\IntStngs.dll] [, 10, 1, 0, 3] [C:\PROGRA~1\Intel\Wireless\Bin\TraceAPI.DLL] [Intel Corporation, 10, 1, 0, 5] [C:\PROGRA~1\Intel\Wireless\Bin\IWMSPROV.DLL] [N/A, ] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 22] [C:\Program Files\Intel\Wireless\Bin\C8021CHS.dll] [Intel Corporation, 10, 1, 0, 31] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [C:\PROGRA~1\Intel\Wireless\Bin\LSAWRAPI.dll] [Intel Corporation, 10, 1, 0, 1] [C:\PROGRA~1\Intel\Wireless\Bin\PfMgrApi.dll] [Intel Corporation, 10, 1, 0, 46] [C:\PROGRA~1\Intel\Wireless\Bin\DbEngine.dll] [Intel Corporation, 10, 1, 0, 13] [C:\PROGRA~1\Intel\Wireless\Bin\LIBEAY32.dll] [N/A, ] [PID: 2724 / zywddzyj][C:\Documents and Settings\zywddzyj\桌面\sreng2\SREngLdr.EXE] [Smallfrogs Studio, 2.6.12.1018] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 22] [C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.24] [C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [PID: 2736 / zywddzyj][C:\Documents and Settings\zywddzyj\桌面\sreng2\SREecf0ee3a.EXE] [Smallfrogs Studio, 2.6.12.1018] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [C:\Documents and Settings\zywddzyj\桌面\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15] [C:\WINDOWS\system32\asfsipc.dll] [Microsoft Corporation, 1.1.00.3917] [C:\PROGRA~1\MICROS~2\OFFICE11\MCPS.DLL] [Microsoft Corporation, 11.0.5510] ================================== 文件关联 .TXT Error. [C:\WINDOWS\notepad.exe %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM Error. ["hh.exe" %1] .HLP Error. [C:\WINDOWS\winhlp32.exe %1] .INI Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1] .INF Error. [C:\WINDOWS\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 N/A ================================== Autorun.inf N/A ================================== HOSTS 文件 N/A ================================== 进程特权扫描 特殊特权被允许: SeLoadDriverPrivilege [PID = 1496, C:\PROGRAM FILES\INTEL\WIRELESS\BIN\S24EVMON.EXE] 特殊特权被允许: SeLoadDriverPrivilege [PID = 636, C:\PROGRAM FILES\DELL\QUICKSET\NICCONFIGSVC.EXE] 特殊特权被允许: SeDebugPrivilege [PID = 2876, C:\PROGRAM FILES\INTEL\WIRELESS\BIN\IFRMEWRK.EXE] 特殊特权被允许: SeDebugPrivilege [PID = 2912, C:\PROGRAM FILES\INTEL\WIRELESS\BIN\ZCFGSVC.EXE] 特殊特权被允许: SeDebugPrivilege [PID = 2936, C:\WINDOWS\STSYSTRA.EXE] 特殊特权被允许: SeLoadDriverPrivilege [PID = 2936, C:\WINDOWS\STSYSTRA.EXE] 特殊特权被允许: SeDebugPrivilege [PID = 2964, C:\WINDOWS\SYSTEM32\DLA\DLACTRLW.EXE] 特殊特权被允许: SeLoadDriverPrivilege [PID = 2964, C:\WINDOWS\SYSTEM32\DLA\DLACTRLW.EXE] 特殊特权被允许: SeDebugPrivilege [PID = 4048, C:\PROGRA~1\INTEL\WIRELESS\BIN\DOT1XCFG.EXE] 特殊特权被允许: SeLoadDriverPrivilege [PID = 4048, C:\PROGRA~1\INTEL\WIRELESS\BIN\DOT1XCFG.EXE] 特殊特权被允许: SeDebugPrivilege [PID = 2724, C:\DOCUMENTS AND SETTINGS\ZYWDDZYJ\桌面\SRENG2\SRENGLDR.EXE] 特殊特权被允许: SeLoadDriverPrivilege [PID = 2724, C:\DOCUMENTS AND SETTINGS\ZYWDDZYJ\桌面\SRENG2\SRENGLDR.EXE] ================================== API HOOK 入口点错误:CreateProcessA (危险等级: 高, 被下面模块所HOOK: 0x00EC1FFD) 入口点错误:CreateProcessW (危险等级: 高, 被下面模块所HOOK: 0x00EC20E5) ================================== 隐藏进程 N/A ================================== [/CODE]