2008-09-10,15:55:04 System Repair Engineer 2.6.12.1018 Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能 以下内容被选中: 所有的启动项目(包括注册表、启动文件夹、服务等) 浏览器加载项 正在运行的进程(包括进程模块信息) 文件关联 Winsock 提供者 Autorun.inf HOSTS 文件 进程特权扫描 启动项目 注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] (ctfmon.exe)(G:\WINDOWS\system32\ctfmon.exe) [(Verified)Microsoft Windows Publisher] (QQDownload)("G:\Program Files\Tencent\QQDownload\QQDownload.exe" autostart) [File is missing] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] (360Safebox)("G:\Program Files\360Safebox\safeboxTray.exe" /r) [(Verified)Qizhi Software (beijing) Co. Ltd] (360Safetask)(G:\WINDOWS\system32\C0NIMEO.EXE) [File is missing] (runeip)("C:\新建文件夹 (2)\rstray.exe" /startup) [(Verified)Beijing Rising Information Technology Corporation Limited] (RavTask)("G:\Program Files\Rising\Rav\RavTask.exe" -system) [(Verified)Beijing Rising Information Technology Corporation Limited] (stup.exe)(Rundll32.exe G:\PROGRA~1\TENCENT\SSPlus\SPlus1.dll,Rundll32 R) [(Verified)Tencent Technology(Shenzhen) Company Limited] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] (shell)(Explorer.exe) [(Verified)Microsoft Windows Component Publisher] (Userinit)(G:\WINDOWS\system32\userinit.exe,) [(Verified)Microsoft Windows Publisher] (UIHost)(logonui.exe) [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] ({32CD708B-60A7-4C00-9377-D73EAA495F0F})(G:\WINDOWS\system32\RavExt.dll) [(Verified)Beijing Rising Information Technology Corporation Limited] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] (WinlogonNotify: WgaLogon)(WgaLogon.dll) [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\){26923b43-4d38-484f-9b9e-de460746276c}] (Internet Explorer)(%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE) [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\){881dd1c5-3dcf-431b-b061-f3f88e8be88a}] (Outlook Express)(%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE) [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] (Themes Setup)(%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll) [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] (Microsoft Outlook Express 6)("%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install) [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] (NetMeeting 3.01)(rundll32.exe advpack.dll,LaunchINFSection G:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT) [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] (Microsoft Windows Media Player)(rundll32.exe advpack.dll,LaunchINFSection G:\WINDOWS\INF\wmp.inf,PerUserStub) [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] (通讯簿 6)("%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install) [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] (N/A)(G:\WINDOWS\system32\Rundll32.exe G:\WINDOWS\system32\mscories.dll,Install) [Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Logo1_.exe] (IFEO[Logo1_.exe])(c:\\MMM.exe) [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Logo_1.exe] (IFEO[Logo_1.exe])(c:\\MMM.exe) [File is missing] -------------------------------------------------------------------------------- 启动文件夹 [QQ游戏启动加速程序] (G:\Documents and Settings\明骏\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --) C:\QQGame\Accel.exe [深圳市腾讯计算机系统有限公司])(N) [腾讯QQ] (G:\Documents and Settings\明骏\「开始」菜单\程序\启动\腾讯QQ.lnk --) G:\PROGRA~1\Tencent\QQ\QQ.exe [TENCENT])(N) -------------------------------------------------------------------------------- 服务 [AVGCenter / AVGCenter][Stopped/Auto Start] (G:\WINDOWS\system32\tcpip.exe)((File is missing)) [Google Updater Service / gusvc][Stopped/Manual Start] ("G:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe")(Google) [Human Interface Device Access / HidServ][Stopped/Disabled] (G:\WINDOWS\System32\svchost.exe -k netsvcs--)%SystemRoot%\System32\hidserv.dll)(N/A) [Rising Process Communication Center / RsCCenter][Running/Auto Start] ("G:\Program Files\Rising\Rav\CCenter.exe")(Beijing Rising Information Technology Co., Ltd.) [Rising RealTime Monitor / RsRavMon][Stopped/Auto Start] ("G:\PROGRAM FILES\RISING\RAV\Ravmond.exe")(Beijing Rising Information Technology Co., Ltd.) [User Profile Hive Cleanup / UPHClean][Running/Auto Start] (G:\Program Files\UPHClean\uphclean.exe)(Microsoft Corporation) -------------------------------------------------------------------------------- 驱动程序 [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start] (system32\drivers\ALCXWDM.SYS)(Realtek Semiconductor Corp.) [HookCont / HookCont][Running/System Start] (\SystemRoot\system32\drivers\HookCont.sys)(Beijing Rising Information Technology Co., Ltd.) [HookNtos / HookNtos][Running/System Start] (\SystemRoot\system32\drivers\HookNtos.sys)(Beijing Rising Information Technology Co., Ltd.) [HookReg / HookReg][Running/System Start] (\SystemRoot\system32\drivers\HookReg.sys)(Beijing Rising Information Technology Co., Ltd.) [HookSys / HookSys][Running/System Start] (\SystemRoot\system32\drivers\HookSys.sys)(Beijing Rising Information Technology Co., Ltd.) [npkcrypt / npkcrypt][Stopped/Manual Start] (\??\G:\WINDOWS\system32\npkcrypt.sys)(N/A) [npkycryp / npkycryp][Stopped/Manual Start] (\??\G:\WINDOWS\system32\npkycryp.sys)(N/A) [Direct Parallel Link Driver / Ptilink][Running/Manual Start] (system32\DRIVERS\ptilink.sys)(Parallel Technologies, Inc.) [rr9 / rr9x][Stopped/Boot Start] (\SystemRoot\System32\DRIVERS\rr9x.sys)(N/A) [RsNTGDI / RsNTGDI][Running/Boot Start] (\SystemRoot\system32\Drivers\RsNTGdi.sys)(Beijing Rising Information Technology Co., Ltd.) [Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start] (system32\DRIVERS\RTL8139.SYS)(Realtek Semiconductor Corporation) [SafeBoxKrnl / SafeBoxKrnl][Running/System Start] (\??\G:\Program Files\360Safebox\SafeBoxKrnl.sys)(360安全中心) [Secdrv / Secdrv][Stopped/Manual Start] (system32\DRIVERS\secdrv.sys)(Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Samsung Mobile USB Device II 1.0 driver (WDM) / ssm_bus][Stopped/Manual Start] (system32\DRIVERS\ssm_bus.sys)(MCCI) [Samsung Mobile USB Modem II 1.0 Filter / ssm_mdfl][Stopped/Manual Start] (system32\DRIVERS\ssm_mdfl.sys)(MCCI) [Samsung Mobile USB Modem II 1.0 Drivers / ssm_mdm][Stopped/Manual Start] (system32\DRIVERS\ssm_mdm.sys)(MCCI) [TesSafe / TesSafe][Stopped/Manual Start] (\??\G:\WINDOWS\system32\TesSafe.sys)(TENCENT) [Sony Ericsson W700 Driver driver (WDM) / W700bus][Stopped/Manual Start] (system32\DRIVERS\W700bus.sys)(MCCI) [Sony Ericsson W700 USB WMC Modem Filter / W700mdfl][Stopped/Manual Start] (system32\DRIVERS\W700mdfl.sys)(MCCI) [Sony Ericsson W700 USB WMC Modem Driver / W700mdm][Stopped/Manual Start] (system32\DRIVERS\W700mdm.sys)(MCCI) [Sony Ericsson W700 USB WMC Device Management Drivers (WDM) / W700mgmt][Stopped/Manual Start] (system32\DRIVERS\W700mgmt.sys)(MCCI) [Sony Ericsson W700 USB WMC OBEX Interface / W700obex][Stopped/Manual Start] (system32\DRIVERS\W700obex.sys)(MCCI) [ZSMC USB PC Camera (ZS211) / ZSMC211][Stopped/Manual Start] (System32\Drivers\ZS211.sys)(ZSMC.Corporation) -------------------------------------------------------------------------------- 浏览器加载项 [QQCycloneHelper Class] {00000000-12C9-4305-82F9-43058F20E8D2} (G:\Program Files\Tencent\QQDownload\QQIEHelper01.dll, (Signed) 腾讯公司) [ThunderAtOnce Class] {01443AEC-0FD1-40fd-9C87-E93D1494C233} (C:\迅雷\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD) [Tencent Browser Helper] {0C7C23EF-A848-485B-873C-0ED954731014} (G:\Program Files\TENCENT\SSPlus\SAddr1.dll, (Signed) Tencent) [QQToolbar] {29CF293A-1E7D-4069-9E11-E39698D0AF95} (G:\Program Files\Tencent\QQToolbar\IEBar.dll, (Signed) TENCENT) [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} (C:\迅雷\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD) [] {951C2E2E-0233-4C10-A4F4-858354DC2EE8} (, ) [卡卡上网安全助手] {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} (G:\WINDOWS\system32\UrlFilter.dll, (Signed) Beijing Rising Information Technology Co., Ltd.) [Google Toolbar Helper] {AA58ED58-01DD-4d91-8333-CF10577473F7} (g:\program files\google\googletoolbar1.dll, (Signed) Google Inc.) [Google Toolbar Notifier BHO] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (G:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, (Signed) Google Inc.) [启动迅雷5] {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} (C:\迅雷\Thunder.exe, Thunder Networking Technologies,LTD) [&Google] {2318C2B1-4965-11d4-9B18-009027A5CD4F} (g:\program files\google\googletoolbar1.dll, (Signed) Google Inc.) [QQToolbar] {29CF293A-1E7D-4069-9E11-E39698D0AF95} (G:\Program Files\Tencent\QQToolbar\IEBar.dll, (Signed) TENCENT) [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} (G:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, (Signed) Adobe Systems, Inc.) [PasswordEditCtrl Class] {E787FD25-8D7C-4693-AE67-9406BC6E22DF} (G:\WINDOWS\system32\qqedit\qqedit.dll, (Signed) 腾讯科技(深圳)有限公司) [QQCycloneHelper Class] {00000000-12C9-4305-82F9-43058F20E8D2} (G:\Program Files\Tencent\QQDownload\QQIEHelper01.dll, (Signed) 腾讯公司) [ThunderAtOnce Class] {01443AEC-0FD1-40FD-9C87-E93D1494C233} (C:\迅雷\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD) [] {03507A1A-E0C5-4404-AA26-205385C0892D} (, ) [] {06926B30-424E-4F1C-8EE3-543CD96573DC} (, ) [] {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} (, ) [Tencent Browser Helper] {0C7C23EF-A848-485B-873C-0ED954731014} (G:\Program Files\TENCENT\SSPlus\SAddr1.dll, (Signed) Tencent) [&Google] {2318C2B1-4965-11D4-9B18-009027A5CD4F} (g:\program files\google\googletoolbar1.dll, (Signed) Google Inc.) [DcciInfo Class] {27BEF713-0690-444D-98F5-2BC45501CBB0} (G:\WINDOWS\system32\ilab.dll, www.i-lab.cn) [QQToolbar] {29CF293A-1E7D-4069-9E11-E39698D0AF95} (G:\Program Files\Tencent\QQToolbar\IEBar.dll, (Signed) TENCENT) [Thunder Agent Class] {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} (C:\迅雷\ComDlls\ThunderAgent_Now.dll, (Signed) Thunder Networking Technologies,LTD) [Microsoft 外壳 UI 帮助程序] {64AB4BB7-111E-11D1-8F79-00C04FC2FBE1} (%SystemRoot%\system32\shdocvw.dll, (Signed) N/A) [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} (G:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation) [Active Desktop Mover] {72267F6A-A6F9-11D0-BC94-00C04FB67863} (%SystemRoot%\system32\SHELL32.dll, (Signed) N/A) [Microsoft Web 浏览器] {8856F961-340A-11D0-A96B-00C04FD705A2} (G:\WINDOWS\system32\shdocvw.dll, (Signed) Microsoft Corporation) [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} (C:\迅雷\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD) [] {951C2E2E-0233-4C10-A4F4-858354DC2EE8} (, ) [卡卡上网安全助手] {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} (G:\WINDOWS\system32\UrlFilter.dll, (Signed) Beijing Rising Information Technology Co., Ltd.) [Google Toolbar Helper] {AA58ED58-01DD-4D91-8333-CF10577473F7} (g:\program files\google\googletoolbar1.dll, (Signed) Google Inc.) [Microsoft Scriptlet Component] {AE24FDAE-03C6-11D1-8B76-0080C744F389} (G:\WINDOWS\system32\mshtml.dll, (Signed) Microsoft Corporation) [Google Toolbar Notifier BHO] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (G:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, (Signed) Google Inc.) [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} (%SystemRoot%\system32\shdocvw.dll, (Signed) N/A) [] {B69F34DD-F0F9-42DC-9EDD-957187DA688D} (, ) [RDS.DataSpace] {BD96C556-65A3-11D0-983A-00C04FC29E36} (G:\Program Files\Common Files\System\msadc\msadco.dll, (Signed) Microsoft Corporation) [] {C74E94A7-B7BD-4891-9328-455395BCC7AD} (, ) [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} (G:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, (Signed) Adobe Systems, Inc.) [PlayerCtrl Class] {E05BC2A3-9A46-4A32-80C9-023A473F5B23} (G:\Program Files\Tencent\QQMusic\QzoneMusic.dll, (Signed) 深圳腾讯科技) [&使用超级旋风下载] (G:\Program Files\Tencent\QQDownload\geturl.htm, N/A) [&使用超级旋风下载全部链接] (G:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A) [使用迅雷下载] (C:\迅雷\Program\geturl.htm, N/A) [使用迅雷下载全部链接] (C:\迅雷\Program\getallurl.htm, N/A) [添加到QQ表情] (G:\Program Files\Tencent\QQ\AddEmotion.htm, N/A) -------------------------------------------------------------------------------- 正在运行的进程 [PID: 312 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 368 / SYSTEM][\??\G:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 392 / SYSTEM][\??\G:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [G:\WINDOWS\system32\WgaLogon.dll] [Microsoft Corporation, 1.7.0018.7] [G:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 436 / SYSTEM][G:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 448 / SYSTEM][G:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 592 / SYSTEM][G:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 640 / NETWORK SERVICE][G:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 680 / SYSTEM][G:\Program Files\Rising\Rav\CCenter.exe] [Beijing Rising Information Technology Co., Ltd., 20.0.0.33] [PID: 708 / SYSTEM][G:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [G:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.2.6001.784 (winmain_oob/wu_wsuswlc(wmbla).080718-1904)] [G:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5] [PID: 752 / NETWORK SERVICE][G:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 820 / LOCAL SERVICE][G:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 972 / SYSTEM][G:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)] [G:\WINDOWS\system32\EBPMON24.DLL] [SEIKO EPSON CORPORATION, 5, 4, 0, 0] [G:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.2175.0] [G:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.2175.0] [PID: 1248 / SYSTEM][G:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1304 / SYSTEM][G:\Program Files\UPHClean\uphclean.exe] [Microsoft Corporation, 1.5.5.21] [PID: 1540 / 明骏][G:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)] [G:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28] [G:\WINDOWS\system32\RavExt.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.18] [G:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [G:\PROGRA~1\TENCENT\SSPlus\SPlus1.dll] [TENCENT, 5, 0, 4, 12] [C:\迅雷\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.5.29] [C:\迅雷\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 96] [C:\迅雷\Components\ResWorker\DsBho_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 20] [C:\迅雷\Components\ResWorker\DataProcessor_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 16] [G:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17] [PID: 1760 / LOCAL SERVICE][G:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [G:\WINDOWS\System32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28] [PID: 1792 / 明骏][G:\WINDOWS\system32\WgaTray.exe] [Microsoft Corporation, 1.7.0018.7] [G:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28] [G:\PROGRA~1\TENCENT\SSPlus\SPlus1.dll] [TENCENT, 5, 0, 4, 12] [PID: 1908 / 明骏][G:\Program Files\Rising\Rav\RavTask.exe] [Beijing Rising Information Technology Co., Ltd., 20.0.0.24] [G:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28] [G:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [G:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [G:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17] [G:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Information Technology Co., Ltd., 20.0.0.1] [G:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.19] [PID: 1368 / 明骏][C:\新建文件夹 (2)\rstray.exe] [Beijing Rising Information Technology Co., Ltd., 21.0.0.15] [G:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28] [C:\新建文件夹 (2)\rsmginfo.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 8] [C:\新建文件夹 (2)\RsXML.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2] [C:\新建文件夹 (2)\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\新建文件夹 (2)\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [G:\PROGRA~1\TENCENT\SSPlus\SPlus1.dll] [TENCENT, 5, 0, 4, 12] [C:\新建文件夹 (2)\ComServ.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.31] [C:\新建文件夹 (2)\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [C:\新建文件夹 (2)\rscommon.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.1.1] [C:\新建文件夹 (2)\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.34] [C:\新建文件夹 (2)\pngdll.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5] [C:\新建文件夹 (2)\runiep.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.33] [G:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [G:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [G:\WINDOWS\system32\RavExt.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.18] [PID: 892 / 明骏][G:\WINDOWS\system32\Rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [G:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28] [G:\PROGRA~1\TENCENT\SSPlus\SPlus1.dll] [TENCENT, 5, 0, 4, 12] [PID: 1688 / 明骏][G:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [G:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28] [G:\PROGRA~1\TENCENT\SSPlus\SPlus1.dll] [TENCENT, 5, 0, 4, 12] [PID: 3076 / 明骏][G:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [G:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28] [C:\新建文件夹 (2)\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.34] [C:\新建文件夹 (2)\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [G:\PROGRA~1\TENCENT\SSPlus\SPlus1.dll] [TENCENT, 5, 0, 4, 12] [PID: 3840 / 明骏][G:\Program Files\Rising\Rav\RAV.EXE] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 72] [G:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28] [G:\PROGRA~1\TENCENT\SSPlus\SPlus1.dll] [TENCENT, 5, 0, 4, 12] [G:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [G:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [G:\Program Files\Rising\Rav\Rsguilib.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 90] [G:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [G:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [G:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [G:\Program Files\Rising\Rav\RsXML.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2] [G:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5] [G:\Program Files\Rising\Rav\RsCommon.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17] [G:\Program Files\Rising\Rav\ravpagem.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 1, 9] [G:\Program Files\Rising\Rav\htmllib.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.17] [G:\WINDOWS\system32\RavExt.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.18] [G:\Program Files\Rising\Rav\ravpagew.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 89] [G:\Program Files\Rising\Rav\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.1] [G:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.19] [G:\Program Files\Rising\Rav\fakescan.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.14] [G:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.39] [G:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.5] [G:\Program Files\Rising\Rav\SysMail.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.11] [G:\Program Files\Rising\Rav\recomp.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 41] [G:\Program Files\Rising\Rav\refs.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18] [G:\Program Files\Rising\Rav\viruslib.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27] [G:\Program Files\Rising\Rav\relibldr.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17] [G:\Program Files\Rising\Rav\mvengine.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18] [G:\Program Files\Rising\Rav\posttrt.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 24] [G:\Program Files\Rising\Rav\ffr.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 16] [G:\Program Files\Rising\Rav\nvfile.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 7] [G:\Program Files\Rising\Rav\scanexec.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 22] [G:\Program Files\Rising\Rav\unexe.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 6] [G:\Program Files\Rising\Rav\scanex.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 90] [G:\Program Files\Rising\Rav\pearc.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 8] [G:\Program Files\Rising\Rav\extfile.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 32] [G:\Program Files\Rising\Rav\scanpack.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10] [G:\Program Files\Rising\Rav\revm.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 11] [G:\Program Files\Rising\Rav\urutils.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 7] [G:\Program Files\Rising\Rav\ur000.dat] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [G:\Program Files\Rising\Rav\RsStore.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.9] [G:\Program Files\Rising\Rav\RsLog.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.36] [G:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [G:\Program Files\Rising\Rav\extole.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 13] [G:\Program Files\Rising\Rav\scansct.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 11] [G:\Program Files\Rising\Rav\extmail.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10] [G:\Program Files\Rising\Rav\scriptci.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 4] [G:\Program Files\Rising\Rav\ur001.dat] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 4] [G:\Program Files\Rising\Rav\ur023.dat] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 3] [G:\Program Files\Rising\Rav\uroutine.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27] [G:\Program Files\Rising\Rav\scanmac.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 11] [G:\Program Files\Rising\Rav\ur004.dat] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5] [PID: 3876 / SYSTEM][G:\PROGRAM FILES\RISING\RAV\ravmond.exe] [Beijing Rising Information Technology Co., Ltd., 20.0.0.80] [G:\PROGRAM FILES\RISING\RAV\BWList.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.5] [G:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [G:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [G:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [G:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28] [G:\PROGRAM FILES\RISING\RAV\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.1] [G:\PROGRAM FILES\RISING\RAV\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.19] [G:\PROGRAM FILES\RISING\RAV\RsLog.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.36] [G:\PROGRAM FILES\RISING\RAV\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [G:\PROGRAM FILES\RISING\RAV\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [G:\PROGRAM FILES\RISING\RAV\MonRule.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.29] [G:\PROGRAM FILES\RISING\RAV\Hooksys.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 12] [G:\PROGRAM FILES\RISING\RAV\HookReg.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6] [G:\PROGRAM FILES\RISING\RAV\HookNtos.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5] [G:\PROGRAM FILES\RISING\RAV\rswalmon.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 24] [G:\PROGRAM FILES\RISING\RAV\recomp.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 41] [G:\PROGRAM FILES\RISING\RAV\refs.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18] [G:\PROGRAM FILES\RISING\RAV\ffr.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 16] [G:\Program Files\Rising\Rav\RsStore.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.9] [G:\PROGRAM FILES\RISING\RAV\HookCont.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3] [G:\Program Files\Rising\Rav\fakescan.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.14] [G:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.39] [G:\PROGRAM FILES\RISING\RAV\viruslib.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27] [G:\PROGRAM FILES\RISING\RAV\relibldr.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17] [G:\PROGRAM FILES\RISING\RAV\HookWeb.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.3] [G:\PROGRAM FILES\RISING\RAV\nvfile.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 7] [G:\PROGRAM FILES\RISING\RAV\scanexec.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 22] [G:\PROGRAM FILES\RISING\RAV\unexe.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 6] [G:\PROGRAM FILES\RISING\RAV\scanex.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 90] [G:\PROGRAM FILES\RISING\RAV\pearc.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 8] [G:\PROGRAM FILES\RISING\RAV\extfile.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 32] [G:\PROGRAM FILES\RISING\RAV\scansct.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 11] [G:\PROGRAM FILES\RISING\RAV\scanpack.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10] [G:\PROGRAM FILES\RISING\RAV\revm.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 11] [G:\PROGRAM FILES\RISING\RAV\urutils.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 7] [G:\PROGRAM FILES\RISING\RAV\ur000.dat] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [G:\PROGRAM FILES\RISING\RAV\extole.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 13] [G:\PROGRAM FILES\RISING\RAV\extmail.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10] [G:\PROGRAM FILES\RISING\RAV\scriptci.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 4] [G:\PROGRAM FILES\RISING\RAV\ur001.dat] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 4] [G:\PROGRAM FILES\RISING\RAV\uroutine.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27] [PID: 3888 / 明骏][G:\Program Files\Rising\Rav\RAVMON.EXE] [Beijing Rising Information Technology Co., Ltd., 20.0.01.27] [G:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [G:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [G:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [G:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28] [G:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [G:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [G:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17] [G:\Program Files\Rising\Rav\recomp.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 41] [G:\Program Files\Rising\Rav\refs.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18] [G:\Program Files\Rising\Rav\viruslib.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27] [G:\Program Files\Rising\Rav\relibldr.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17] [G:\Program Files\Rising\Rav\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.1] [G:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.19] [G:\Program Files\Rising\Rav\MonRule.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.29] [G:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5] [G:\PROGRA~1\TENCENT\SSPlus\SPlus1.dll] [TENCENT, 5, 0, 4, 12] [G:\Program Files\Rising\Rav\Rsguilib.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 90] [G:\Program Files\Rising\Rav\RsXML.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2] [PID: 1504 / SYSTEM][G:\PROGRAM FILES\RISING\RAV\RavStub.exe] [Beijing Rising Information Technology Co., Ltd., 20.0.0.10] [G:\PROGRAM FILES\RISING\RAV\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [G:\PROGRAM FILES\RISING\RAV\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [G:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17] [PID: 3528 / 明骏][G:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [G:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 28] [C:\新建文件夹 (2)\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.34] [C:\新建文件夹 (2)\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [G:\PROGRA~1\TENCENT\SSPlus\SPlus1.dll] [TENCENT, 5, 0, 4, 12] [G:\Program Files\TENCENT\SSPlus\SAddr1.dll] [Tencent, 5, 0, 7, 13] [G:\Program Files\Tencent\QQToolbar\IEBar.dll] [TENCENT, 2, 2, 1, 11] [G:\Documents and Settings\明骏\Application Data\TENCENT\QQToolbar\buttons\Toolbar.dll] [TENCENT, 2, 2, 1, 11] [G:\Program Files\Tencent\QQDownload\QQIEHelper01.dll] [腾讯公司, 1, 2, 86, 86] [C:\迅雷\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.5.29] [C:\迅雷\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 96] [C:\迅雷\Components\ResWorker\DsBho_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 20] [C:\迅雷\Components\ResWorker\DataProcessor_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 16] [G:\WINDOWS\system32\UrlFilter.dll] [Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 15] [C:\新建文件夹 (2)\UrlRule.dll] [Beijing Rising Information Technology Co., Ltd., 1.0.0.15] [g:\program files\google\googletoolbar1.dll] [Google Inc., 4, 0, 1606, 6690] [G:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164] [G:\Documents and Settings\明骏\Application Data\TENCENT\QQToolbar\buttons\QQMail.dll] [TENCENT, 2, 1, 3, 11] [G:\Documents and Settings\明骏\Application Data\TENCENT\QQToolbar\buttons\Shuqian.dll] [TENCENT, 2, 1, 3, 15] [G:\Documents and Settings\明骏\Application Data\TENCENT\QQToolbar\buttons\Wenwen.dll] [TENCENT, 2, 1, 4, 13] [G:\Documents and Settings\明骏\Application Data\TENCENT\QQToolbar\buttons\Weather.dll] [TENCENT, 2, 1, 2, 10] [G:\Documents and Settings\明骏\Application Data\TENCENT\QQToolbar\buttons\Paipai.dll] [TENCENT, 2, 1, 2, 10] [G:\Documents and Settings\明骏\Application Data\TENCENT\QQToolbar\buttons\Qzone.dll] [TENCENT, 2, 1, 1, 10] [G:\Documents and Settings\明骏\Application Data\TENCENT\QQToolbar\buttons\MusicBox.dll] [TENCENT, 2, 1, 1, 10] [G:\WINDOWS\system32\comflt.dll] [, 1, 0, 0, 1] [C:\word\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510] [G:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5] [G:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [G:\Documents and Settings\明骏\Application Data\TENCENT\QQToolbar\buttons\TBAddr.dll] [TENCENT, 1, 0, 2, 13] [G:\Documents and Settings\明骏\Application Data\TENCENT\QQToolbar\buttons\Hot.dll] [TENCENT, 1, 0, 6, 15] [G:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx] [Adobe Systems, Inc., 9,0,124,0] [PID: 300 / 明骏][G:\DOCUME~1\明骏\LOCALS~1\Temp\sreng2.zip 的临时目录 1\SREngLdr.EXE] [Smallfrogs Studio, 2.6.12.1018] [PID: 2492 / 明骏][G:\DOCUME~1\明骏\LOCALS~1\Temp\sreng2.zip 的临时目录 1\SRE46fea03f.EXE] [Smallfrogs Studio, 2.6.12.1018] [G:\PROGRA~1\TENCENT\SSPlus\SPlus1.dll] [TENCENT, 5, 0, 4, 12] -------------------------------------------------------------------------------- 文件关联 .TXT Error. [G:\WINDOWS\notepad.exe %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM Error. ["hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI Error. [G:\WINDOWS\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] -------------------------------------------------------------------------------- Winsock 提供者 N/A -------------------------------------------------------------------------------- Autorun.inf N/A -------------------------------------------------------------------------------- HOSTS 文件 127.0.0.1 www.360.cn 127.0.0.1 www.360safe.cn 127.0.0.1 www.chinakv.com 127.0.0.1 www.rising.com.cn 127.0.0.1 rising.com.cn 127.0.0.1 dl.jiangmin.com 127.0.0.1 jiangmin.com 127.0.0.1 www.jiangmin.com 127.0.0.1 www.duba.net 127.0.0.1 www.eset.com.cn 127.0.0.1 www.nod32.com 127.0.0.1 shadu.duba.net 127.0.0.1 union.kingsoft.com 127.0.0.1 www.kaspersky.com.cn 127.0.0.1 kaspersky.com.cn 127.0.0.1 virustotal.com 127.0.0.1 www.kaspersky.com 127.0.0.1 60.210.176.251 127.0.0.1 www.cnnod32.cn 127.0.0.1 www.lanniao.org 127.0.0.1 www.nod32club.com 127.0.0.1 www.dswlab.com 127.0.0.1 bbs.sucop.com 127.0.0.1 www.virustotal.com 127.0.0.1 tool.ikaka.com 127.0.0.0 360.qihoo.com 127.0.0.1 qihoo.com 127.0.0.1 www.qihoo.com 127.0.0.1 www.qihoo.cn 127.0.0.1 124.40.51.17 127.0.0.1 58.17.236.92 124.238.254.113 5j8dsand.cn 124.238.254.113 1ni8sami.cn -------------------------------------------------------------------------------- 进程特权扫描 特殊特权被允许: SeLoadDriverPrivilege [PID = 300, G:\DOCUME~1\明骏\LOCALS~1\TEMP\SRENG2.ZIP 的临时目录 1\SRENGLDR.EXE] -------------------------------------------------------------------------------- API HOOK N/A -------------------------------------------------------------------------------- 隐藏进程 N/A --------------------------------------------------------------------------------