[CODE]

2008-08-29,11:02:22

System Repair Engineer 2..4
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 3 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <StartCCC><"C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe">  []
    <NWEReboot><>  [N/A]
    <NeroFilterCheck><C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe>  [Nero AG]
    <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [(Verified)Beijing Rising Information Technology Corporation Limited]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [(Verified)Beijing Rising Information Technology Corporation Limited]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [(Verified)Microsoft Windows Component Publisher]
    <RTHDCPL><RTHDCPL.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <Alcmtr><ALCMTR.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <runeip><"C:\Program Files\Rising\AntiSpyware\rstray.exe" /startup>  [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><kmon.dll>  [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
    <IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe>  [Microsoft Corporation]

==================================
启动文件夹
[彩虹QQ显IP]
  <C:\Documents and Settings\L in G\「开始」菜单\程序\启动\彩虹QQ显IP.lnk --> D:\彩虹QQ\CaiHong.exe [N/A]><N>

==================================
服务
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart][Stopped/Auto Start]
  <C:\WINDOWS\system32\ati2sgag.exe><>
[BoBoTurbo / BoBoTurbo][Running/Auto Start]
  <C:\WINDOWS\system32\boboturbo\boboturbo.exe><广州易播信息科技有限公司>
[Help and Support / helpsvc][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><N/A>
[NetMeeting Remote Desktop Sharing / mnmsrvc][Stopped/Manual Start]
  <><N/A>
[Rising Proxy  Service / RfwProxySrv][Running/Auto Start]
  <C:\Program Files\Rising\Rfw\rfwProxy.exe><Beijing Rising Information Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
  <C:\Program Files\Rising\Rfw\rfwsrv.exe><Beijing Rising Information Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Information Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
  <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Information Technology Co., Ltd.>

==================================
驱动程序
[AMD K8 Processor Driver / AmdK8][Stopped/Manual Start]
  <system32\DRIVERS\amdk8.sys><Advanced Micro Devices>
[ati2mtag / ati2mtag][Running/Manual Start]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Creative AudioPCI (ES1371,ES1373) (WDM) / es1371][Stopped/Manual Start]
  <system32\drivers\es1371mp.sys><Creative Technology Ltd.>
[ATI Function Driver for High Definition Audio Service / HdAudAddService][Stopped/Manual Start]
  <system32\drivers\AtiHdAud.sys><ATI Research Inc.>
[Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HookCont / HookCont][Running/System Start]
  <\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Information Technology Co., Ltd.>
[HookNtos / HookNtos][Running/System Start]
  <\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Information Technology Co., Ltd.>
[HookReg / HookReg][Running/System Start]
  <\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Information Technology Co., Ltd.>
[HookSys / HookSys][Running/System Start]
  <\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Information Technology Co., Ltd.>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Information Technology Co., Ltd.>
[hptmv6 / hptmv6][Stopped/Boot Start]
  <\SystemRoot\system32\DRIVERS\hptmv6.sys><HighPoint Technologies, Inc.>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
  <system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[AMD PCNET Compatable Adapter Driver / PCnet][Stopped/Manual Start]
  <system32\DRIVERS\pcntpci5.sys><AMD Inc.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Rising  Rfwbase Driver / RfwBase][Running/Auto Start]
  <System32\DRIVERS\rfwbase.SYS><Beijing Rising Information Technology Co., Ltd.>
[rr172x / rr172x][Stopped/Boot Start]
  <\SystemRoot\system32\DRIVERS\rr172x.sys><HighPoint Technologies, Inc.>
[rr174x / rr174x][Stopped/Boot Start]
  <\SystemRoot\system32\DRIVERS\rr174x.sys><HighPoint Technologies, Inc.>
[rr2340 / rr2340][Stopped/Boot Start]
  <\SystemRoot\system32\DRIVERS\rr2340.sys><HighPoint Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
[RsFwDrv / RsFwDrv][Running/System Start]
  <\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Information Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Information Technology Co., Ltd.>
[Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver / RTLE8023xp][Running/Manual Start]
  <system32\DRIVERS\Rtenicxp.sys><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[WINIO / WINIO][Stopped/Manual Start]
  <\??\H:\winio.sys><N/A>

==================================
浏览器加载项
[QQCycloneHelper Class]
  {00000000-12C9-4305-82F9-43058F20E8D2} <D:\QQDownload\QQIEHelper02.dll, 腾讯公司>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <D:\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx, >
[RealPlayer Download and Record Plugin for Internet Explorer]
  {3049C3E9-B461-4BC5-8870-4C09146192CA} <C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll, RealPlayer>
[BitComet Helper]
  {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <D:\BitComet\tools\BitCometBHO_1.2.2.28.dll, BitComet>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[卡卡上网安全助手]
  {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} <C:\WINDOWS\system32\UrlFilter.dll, Beijing Rising Information Technology Co., Ltd.>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <d:\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[BitComet]
  {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} <, N/A>
[]
  {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[QQCycloneHelper Class]
  {00000000-12C9-4305-82F9-43058F20E8D2} <D:\QQDownload\QQIEHelper02.dll, 腾讯公司>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <D:\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx, >
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation>
[RealPlayer Download and Record Plugin for Internet Explorer]
  {3049C3E9-B461-4BC5-8870-4C09146192CA} <C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll, RealPlayer>
[BitComet Helper]
  {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <D:\BitComet\tools\BitCometBHO_1.2.2.28.dll, BitComet>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <D:\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[XMP Class]
  {6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
[XDRM]
  {693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[MediaComm Class]
  {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <d:\Thunder Network\Thunder\Components\InMedia\MediaAddin17.dll, Thunder Networking Technologies,LTD>
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <G:\360safe\live.dll, N/A>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[卡卡上网安全助手]
  {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} <C:\WINDOWS\system32\UrlFilter.dll, Beijing Rising Information Technology Co., Ltd.>
[DapCtrl Class]
  {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.1.5803.60.(177).dll, ShenZhen Thunder Networking Technologies Ltd.>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
[Thunder DapPlayer]
  {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <d:\Thunder Network\Thunder\Components\DownAndPlay\DapPlayer3.0.5712.71.177.dll, N/A>
[XPPlayer Class]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Program Files\Common Files\Thunder Network\KanKan\PPlayer.2.0.0.181.(177).dll, Xunlei Networking Technologies,LTD>
[&使用BitComet下载]
  <res://D:\BitComet\BitComet.exe/AddLink.htm, N/A>
[&使用BitComet下载全部链接]
  <res://D:\BitComet\BitComet.exe/AddAllLink.htm, N/A>
[&使用BitComet下载本页视频]
  <res://D:\BitComet\BitComet.exe/AddVideo.htm, N/A>
[&使用超级旋风下载]
  <D:\QQDownload\geturl.htm, N/A>
[&使用超级旋风下载全部链接]
  <D:\QQDownload\getAllurl.htm, N/A>
[使用迅雷下载]
  <D:\Thunder Network\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <D:\Thunder Network\Thunder\Program\getallurl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
  <D:\QQ\AddEmotion.htm, N/A>

==================================
正在运行的进程
[PID: 648][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 724][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
    [C:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 1828][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28]
    [C:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
    [C:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
    [D:\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.29]
    [D:\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 96]
    [D:\Thunder Network\Thunder\Components\ResWorker\DsBho_01.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 20]
    [D:\Thunder Network\Thunder\Components\ResWorker\DataProcessor_01.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
[PID: 1880][C:\Program Files\Rising\Rfw\rfwstub.exe]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.12]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28]
    [C:\Program Files\Rising\Rfw\RSCOMMON.DLL]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
    [C:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
    [C:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 460][C:\Program Files\Rising\Rfw\RfwMain.exe]  [Beijing Rising Information Technology Co., Ltd., 7.0.1.70]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Rising\Rfw\RsGuiLib.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 90]
    [C:\Program Files\Rising\Rfw\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\Program Files\Rising\Rfw\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\Program Files\Rising\Rfw\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.1]
    [C:\Program Files\Rising\Rfw\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.19]
    [C:\Program Files\Rising\Rfw\RSCOMMON.DLL]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
    [C:\Program Files\Rising\Rfw\RfwCtrl.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
    [C:\Program Files\Rising\Rfw\RsXML.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2]
    [C:\Program Files\Rising\Rfw\PngDll.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5]
    [C:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
    [C:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
    [C:\Program Files\Rising\Rfw\RfwRule.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.17]
[PID: 2408][C:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.24]
    [C:\Program Files\Rising\Rav\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\Program Files\Rising\Rav\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.1]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.19]
[PID: 2432][C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE]  [Advanced Micro Devices Inc., 2.0.0.0]
    [C:\WINDOWS\system32\mscoree.dll]  [Microsoft Corporation, 2.0.50727.832 (QFE.050727-8300)]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll]  [Microsoft Corporation, 2.0.50727.832 (QFE.050727-8300)]
    [C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7256562a1e6ebe423bc778489977f1a9\mscorlib.ni.dll]  [Microsoft Corporation, 2.0.50727.832 (QFE.050727-8300)]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll]  [Microsoft Corporation, 2.0.50727.832 (QFE.050727-8300)]
    [C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\78989b9438ab14d1c4d36c6f9c78d053\System.ni.dll]  [Microsoft Corporation, 2.0.50727.832 (QFE.050727-8300)]
    [C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\3032582cebe299eea21945827bb51213\System.Drawing.ni.dll]  [Microsoft Corporation, 2.0.50727.832 (QFE.050727-8300)]
    [C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\13261e265874586e625983d24f607dbe\System.Windows.Forms.ni.dll]  [Microsoft Corporation, 2.0.50727.832 (QFE.050727-8300)]
    [C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.2908.17152__90ba9c70f846762e\MOM.Implementation.dll]  [Advanced Micro Devices Inc., 2.0.2908.17152]
    [C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.2886.28801__90ba9c70f846762e\LOG.Foundation.dll]  [Advanced Micro Devices Inc., 2.0.2886.28801]
    [C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2886.28814__90ba9c70f846762e\LOG.Foundation.Private.dll]  [Advanced Micro Devices Inc., 2.0.2886.28814]
    [C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2908.17150__90ba9c70f846762e\LOG.Foundation.Implementation.dll]  [Advanced Micro Devices Inc., 2.0.2908.17150]
    [C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.2886.28829__90ba9c70f846762e\MOM.Foundation.dll]  [Advanced Micro Devices Inc., 2.0.2886.28829]
    [C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2886.28834__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll]  [Advanced Micro Devices Inc., 2.0.2886.28834]
    [C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll]  [Microsoft Corporation, 2.0.50727.832 (QFE.050727-8300)]
    [C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll]  [Microsoft Corporation, 2.0.50727.832 (QFE.050727-8300)]
    [C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.2908.16901__90ba9c70f846762e\AEM.Server.dll]  [Advanced Micro Devices Inc., 2.0.2908.16901]
    [C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2886.28803__90ba9c70f846762e\NEWAEM.Foundation.dll]  [Advanced Micro Devices Inc., 2.0.2886.28803]
[PID: 2440][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.1.45]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28]
    [C:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
    [C:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 2460][C:\WINDOWS\RTHDCPL.EXE]  [Realtek Semiconductor Corp., 2.1.7.7]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28]
[PID: 2480][C:\Program Files\Rising\Rav\Ravmon.exe]  [Beijing Rising Information Technology Co., Ltd., 20.0.01.27]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Rising\Rav\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\Program Files\Rising\Rav\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
    [C:\Program Files\Rising\Rav\recomp.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 41]
    [C:\Program Files\Rising\Rav\refs.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18]
    [C:\Program Files\Rising\Rav\viruslib.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27]
    [C:\Program Files\Rising\Rav\relibldr.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
    [C:\Program Files\Rising\Rav\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.1]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.19]
    [C:\Program Files\Rising\Rav\MonRule.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.29]
    [C:\Program Files\Rising\Rav\PngDll.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5]
    [C:\Program Files\Rising\Rav\Rsguilib.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 90]
    [C:\Program Files\Rising\Rav\RsXML.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2]
[PID: 2496][C:\Program Files\Rising\AntiSpyware\rstray.exe]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.15]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28]
    [C:\Program Files\Rising\AntiSpyware\rsmginfo.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 8]
    [C:\Program Files\Rising\AntiSpyware\RsXML.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2]
    [C:\Program Files\Rising\AntiSpyware\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Rising\AntiSpyware\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Rising\AntiSpyware\ComServ.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.31]
    [C:\Program Files\Rising\AntiSpyware\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [C:\Program Files\Rising\AntiSpyware\rscommon.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.1.1]
    [C:\Program Files\Rising\AntiSpyware\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.34]
    [C:\Program Files\Rising\AntiSpyware\pngdll.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5]
    [C:\Program Files\Rising\AntiSpyware\runiep.dll]  [Beijing Rising Information Technology Co., Ltd., 6.0.0.33]
    [C:\Program Files\Rising\Rav\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\Program Files\Rising\Rav\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.18]
[PID: 2536][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28]
    [C:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
    [C:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 3412][C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe]  [ATI Technologies Inc., 2.0.0.0]
    [C:\WINDOWS\system32\mscoree.dll]  [Microsoft Corporation, 2.0.50727.832 (QFE.050727-8300)]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll]  [Microsoft Corporation, 2.0.50727.832 (QFE.050727-8300)]
    [C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7256562a1e6ebe423bc778489977f1a9\mscorlib.ni.dll]  [Microsoft Corporation, 2.0.50727.832 (QFE.050727-8300)]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll]  [Microsoft Corporation, 2.0.50727.832 (QFE.050727-8300)]
    [C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\78989b9438ab14d1c4d36c6f9c78d053\System.ni.dll]  [Microsoft Corporation, 2.0.50727.832 (QFE.050727-8300)]
    [C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\3032582cebe299eea21945827bb51213\System.Drawing.ni.dll]  [Microsoft Corporation, 2.0.50727.832 (QFE.050727-8300)]
    [C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\13261e265874586e625983d24f607dbe\System.Windows.Forms.ni.dll]  [Microsoft Corporation, 2.0.50727.832 (QFE.050727-8300)]
    [C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.2908.17151__90ba9c70f846762e\CCC.Implementation.dll]  [Advanced Micro Devices Inc., 2.0.2908.17151]
    [C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.2886.28801__90ba9c70f846762e\LOG.Foundation.dll]  [Advanced Micro Devices Inc., 2.0.2886.28801]
    [C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.2886.28829__90ba9c70f846762e\MOM.Foundation.dll]  [Advanced Micro Devices Inc., 2.0.2886.28829]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.2886.28804__90ba9c70f846762e\CLI.Foundation.dll]  [Advanced Micro Devices Inc., 2.0.2886.28804]
    [C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2886.28834__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll]  [Advanced Micro Devices Inc., 2.0.2886.28834]
    [C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2908.17150__90ba9c70f846762e\LOG.Foundation.Implementation.dll]  [Advanced Micro Devices Inc., 2.0.2908.17150]
    [C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll]  [Microsoft Corporation, 2.0.50727.832 (QFE.050727-8300)]
    [C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2886.28814__90ba9c70f846762e\LOG.Foundation.Private.dll]  [Advanced Micro Devices Inc., 2.0.2886.28814]
    [C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.2908.17152__90ba9c70f846762e\MOM.Implementation.dll]  [Advanced Micro Devices Inc., 2.0.2908.17152]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2886.28885__90ba9c70f846762e\CLI.Foundation.XManifest.dll]  [Advanced Micro Devices Inc., 2.0.2886.28885]
    [C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\97db8940937ac815fb7dbb9e3ed94c93\System.Xml.ni.dll]  [Microsoft Corporation, 2.0.50727.832 (QFE.050727-8300)]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2908.16903__90ba9c70f846762e\CLI.Component.Runtime.dll]  [Advanced Micro Devices, Inc., 2.0.2908.16903]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2886.28834__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll]  [Advanced Micro Devices Inc., 2.0.2886.28834]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2886.28809__90ba9c70f846762e\CLI.Foundation.Private.dll]  [Advanced Micro Devices Inc., 2.0.2886.28809]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2886.28819__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll]  [Advanced Micro Devices Inc., 2.0.2886.28819]
    [C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll]  [Advanced Micro Devices Inc., 2.0.0.0]
    [C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.2908.16901__90ba9c70f846762e\AEM.Server.dll]  [Advanced Micro Devices Inc., 2.0.2908.16901]
    [C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2886.28803__90ba9c70f846762e\NEWAEM.Foundation.dll]  [Advanced Micro Devices Inc., 2.0.2886.28803]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2908.16901__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll]  [Advanced Micro Devices Inc., 2.0.2908.16901]
    [C:\WINDOWS\assembly\GAC_MSIL\AEM.Foundation\2.0.2886.28801__90ba9c70f846762e\AEM.Foundation.dll]  [Advanced Micro Devices Inc., 2.0.2886.28801]
    [C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2886.28819__90ba9c70f846762e\AEM.Server.Shared.dll]  [Advanced Micro Devices Inc., 2.0.2886.28819]
    [C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2908.17177__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll]  [Advanced Micro Devices Inc., 2.0.2908.17177]
    [C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2886.28863__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll]  [Advanced Micro Devices Inc., 2.0.2886.28863]
    [C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2886.28819__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll]  [Advanced Micro Devices Inc., 2.0.2886.28819]
    [C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll]  [ATI Technologies Inc., 2.0.2573.17685]
    [C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll]  [ATI Technologies Inc., 2.0.2573.17684]
    [C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.2886.28837__90ba9c70f846762e\DEM.Graphics.dll]  [Advanced Micro Devices Inc., 2.0.2886.28837]
    [C:\WINDOWS\system32\ATIDEMGX.dll]  [Advanced Micro Devices, Inc., 2.0.2908.17842]
    [C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2886.28831__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll]  [Advanced Micro Devices Inc., 2.0.2886.28831]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2908.16911__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll]  [Advanced Mirco Devices, Inc., 2.0.2908.16911]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2886.28823__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll]  [Advanced Mirco Devices, Inc., 2.0.2886.28823]
    [C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll]  [ATI Technologies Inc., 2.0.2573.17685]
    [C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2886.28837__90ba9c70f846762e\DEM.OS.I0602.dll]  [Advanced Micro Devices Inc., 2.0.2886.28837]
    [C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.2886.28836__90ba9c70f846762e\DEM.OS.dll]  [Advanced Micro Devices Inc., 2.0.2886.28836]
    [C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0709.dll]  [Advanced Micro Devices, Inc., 2.0.2743.23304]
    [C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.2908.16903__90ba9c70f846762e\ATIDEMOS.dll]  [Advanced Micro Devices, Inc., 2.0.2908.16903]
    [C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2886.28862__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll]  [Advanced Micro Devices Inc., 2.0.2886.28862]
    [C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2886.28812__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll]  [Advanced Micro Devices Inc., 2.0.2886.28812]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2908.16929__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll]  [Advanced Micro Devices Inc., 2.0.2908.16929]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2886.28839__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll]  [Advanced Micro Devices Inc., 2.0.2886.28839]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2908.17098__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll]  [Advanced Micro Devices Inc., 2.0.2908.17098]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2886.28851__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll]  [Advanced Micro Devices Inc., 2.0.2886.28851]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2886.28849__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll]  [Advanced Micro Devices Inc., 2.0.2886.28849]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2908.17057__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll]  [Advanced Micro Devices, Inc., 2.0.2908.17057]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2886.28832__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll]  [Advanced Micro Devices Inc., 2.0.2886.28832]
    [C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll]  [Advanced Micro Devices, Inc., 2.0.2743.23304]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2886.28830__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll]  [Advanced Micro Devices Inc., 2.0.2886.28830]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2908.17131__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll]  [Advanced Micro Devices Inc., 2.0.2908.17131]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2886.28850__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll]  [Advanced Micro Devices Inc., 2.0.2886.28850]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2908.16982__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll]  [Advanced Micro Devices Inc., 2.0.2908.16982]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2886.28844__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll]  [Advanced Micro Devices Inc., 2.0.2886.28844]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2908.17080__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll]  [Advanced Micro Devices Inc., 2.0.2908.17080]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2886.28848__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll]  [Advanced Micro Devices Inc., 2.0.2886.28848]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2908.17063__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll]  [Advanced Micro Devices Inc., 2.0.2908.17063]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2886.28847__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll]  [Advanced Micro Devices Inc., 2.0.2886.28847]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2908.17091__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll]  [Advanced Micro Devices, Inc., 2.0.2908.17091]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2886.28839__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll]  [Advanced Micro Devices Inc., 2.0.2886.28839]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2908.17057__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll]  [Advanced Micro Devices, Inc., 2.0.2908.17057]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2886.28847__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll]  [Advanced Micro Devices Inc., 2.0.2886.28847]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.2908.16955__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll]  [Advanced Micro Devices Inc., 2.0.2908.16955]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.2886.28844__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll]  [Advanced Micro Devices Inc., 2.0.2886.28844]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.2908.17185__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll]  [Advanced Micro Devices Inc., 2.0.2908.17185]
    [C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll]  [Advanced Micro Devices, Inc., 2.0.2651.18802]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.2886.28852__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll]  [Advanced Micro Devices Inc., 2.0.2886.28852]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2908.17104__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll]  [Advanced Micro Devices Inc., 2.0.2908.17104]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2886.28850__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll]  [Advanced Micro Devices Inc., 2.0.2886.28850]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2908.17064__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll]  [Advanced Micro Devices Inc., 2.0.2908.17064]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2886.28847__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll]  [Advanced Micro Devices Inc., 2.0.2886.28847]
    [C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.2908.16902__90ba9c70f846762e\APM.Server.dll]  [Advanced Micro Devices, Inc., 2.0.2908.16902]
    [C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.2886.28831__90ba9c70f846762e\APM.Foundation.dll]  [Advanced Micro Devices Inc., 2.0.2886.28831]
    [C:\WINDOWS\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll]  [Microsoft Corporation, 2.0.50727.832 (QFE.050727-8300)]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2908.17144__90ba9c70f846762e\CLI.Component.Systemtray.dll]  [Advanced Micro Devices Inc., 2.0.2908.17144]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2886.28825__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll]  [Advanced Micro Devices, Inc., 2.0.2886.28825]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2908.16937__90ba9c70f846762e\CLI.Component.Wizard.dll]  [Advanced Micro Devices, Inc., 2.0.2908.16937]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2886.28813__90ba9c70f846762e\CLI.Component.Client.Shared.dll]  [Advanced Micro Devices Inc., 2.0.2886.28813]
    [C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.2886.28808__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll]  [Advanced Micro Devices, Inc., 2.0.2886.28808]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2886.28825__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll]  [Advanced Micro Devices Inc., 2.0.2886.28825]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2886.28826__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll]  [Advanced Micro Devices Inc., 2.0.2886.28826]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2908.16942__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll]  [Advanced Micro Devices Inc., 2.0.2908.16942]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2886.28844__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll]  [Advanced Micro Devices Inc., 2.0.2886.28844]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2908.17160__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll]  [Advanced Micro Devices Inc., 2.0.2908.17160]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2908.17111__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll]  [Advanced Micro Devices Inc., 2.0.2908.17111]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2908.16950__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll]  [Advanced Micro Devices Inc., 2.0.2908.16950]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2908.16962__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll]  [Advanced Micro Devices Inc., 2.0.2908.16962]
    [C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.2908.17188__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll]  [Advanced Micro Devices, Inc., 2.0.2908.17188]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2886.28860__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll]  [Advanced Micro Devices Inc., 2.0.2886.28860]
    [C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll]  [ , 1.0.0.0]
    [C:\Program Files\Common Files\ATI Technologies\Multimedia\atixcode.dll]  [ATI Technologies, Inc., 9.15.0.20713]
    [C:\Program Files\Common Files\ATI Technologies\Multimedia\atidvcr.dll]  [ATI Technologies, Inc., 9.15.0.20713]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.2908.17144_zh-CHS_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll]  [Advanced Micro Devices Inc., 2.0.2908.17144]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2908.17124__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll]  [Advanced Micro Devices Inc., 2.0.2908.17124]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2908.17139__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll]  [Advanced Micro Devices Inc., 2.0.2908.17139]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.2908.17117__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll]  [Advanced Micro Devices Inc., 2.0.2908.17117]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2908.16918__90ba9c70f846762e\CLI.Component.Dashboard.dll]  [Advanced Micro Devices, Inc., 2.0.2908.16918]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2886.28817__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll]  [Advanced Micro Devices Inc., 2.0.2886.28817]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2886.28832__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll]  [Advanced Micro Devices Inc., 2.0.2886.28832]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2908.16923__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll]  [Advanced Micro Devices Inc., 2.0.2908.16923]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2886.28838__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll]  [Advanced Micro Devices Inc., 2.0.2886.28838]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2908.17167__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll]  [Advanced Mirco Devices, Inc., 2.0.2908.17167]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2908.16969__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll]  [Advanced Micro Devices Inc., 2.0.2908.16969]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2908.16930__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll]  [Advanced Micro Devices Inc., 2.0.2908.16930]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2908.17080__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll]  [Advanced Micro Devices Inc., 2.0.2908.17080]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2908.17059__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll]  [Advanced Micro Devices Inc., 2.0.2908.17059]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.2908.17099__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll]  [Advanced Micro Devices Inc., 2.0.2908.17099]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.2908.17132__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll]  [Advanced Micro Devices Inc., 2.0.2908.17132]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.2908.17051__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll]  [Advanced Micro Devices, Inc., 2.0.2908.17051]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2908.17105__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll]  [Advanced Micro Devices Inc., 2.0.2908.17105]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2908.16976__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll]  [Advanced Micro Devices Inc., 2.0.2908.16976]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2908.17064__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll]  [Advanced Micro Devices Inc., 2.0.2908.17064]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.2908.16956__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll]  [Advanced Micro Devices Inc., 2.0.2908.16956]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.2908.17185__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll]  [Advanced Micro Devices Inc., 2.0.2908.17185]
[PID: 2416][D:\我的文档\SRE9d2c65c3\123.com.EXE]  [1111, 2..4]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28]
    [C:\Program Files\Rising\AntiSpyware\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.34]
    [C:\Program Files\Rising\AntiSpyware\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [C:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
    [C:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1       localhost

==================================
API HOOK
入口点错误：NtCreateFile (危险等级: 高,  被下面模块所HOOK: Dest Addr: 0x00D05715)
入口点错误：NtCreateKey (危险等级: 高,  被下面模块所HOOK: Dest Addr: 0x00D058B5)
入口点错误：NtLoadDriver (危险等级: 高,  被下面模块所HOOK: Dest Addr: 0x00D06005)
入口点错误：NtSetValueKey (危险等级: 高,  被下面模块所HOOK: Dest Addr: 0x00D05985)
入口点错误：NtWriteFile (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0x00D057E5)
入口点错误：ZwCreateFile (危险等级: 高,  被下面模块所HOOK: Dest Addr: 0x00D05715)
入口点错误：ZwCreateKey (危险等级: 高,  被下面模块所HOOK: Dest Addr: 0x00D058B5)
入口点错误：ZwSetValueKey (危险等级: 高,  被下面模块所HOOK: Dest Addr: 0x00D05985)
入口点错误：ZwWriteFile (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0x00D057E5)
入口点错误：CreateServiceA (危险等级: 高,  被下面模块所HOOK: Dest Addr: 0x00D05CC5)
入口点错误：CreateServiceW (危险等级: 高,  被下面模块所HOOK: Dest Addr: 0x00D05D95)
入口点错误：LoadLibraryA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0x00D069C5)
入口点错误：LoadLibraryExW (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0x00D055AD)
入口点错误：CreateFileW (危险等级: 高,  被下面模块所HOOK: Dest Addr: 0x00D064E5)
入口点错误：CreateProcessA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0x00D068F5)
入口点错误：CreateProcessW (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0x00D06755)

==================================
隐藏进程
N/A

==================================


[/CODE]