[CODE]

2008-10-17,21:13:00

System Repair Engineer 2.6.12.1018
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <Synchronization Manager><mobsync.exe /logon>  [(Verified)Microsoft Windows 2000 Publisher]
    <Cmaudio><RunDll32 cmicnfg.cpl,CMICtrlWnd>  [N/A]
    <IMSCMIG40W><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG.EXE /SetPreload /Log>  [Microsoft Corporation]
    <RavTask><"d:\Program Files\Rising\Rav\RavTask.exe" -system>  [(Verified)Beijing Rising Information Technology Corporation Limited]
    <runeip><"d:\Program Files\Rising\AntiSpyware\rstray.exe" /startup>  [(Verified)Beijing Rising Information Technology Corporation Limited]
    <NvCplDaemon><RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup>  [NVIDIA Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><EXPLORER.EXE>  [(Verified)Microsoft Windows 2000 Publisher]
    <Userinit><userinit.exe,>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINNT\system32\RavExt.dll>  [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer 访问><"%SystemRoot%\system32\shmgrate.exe" OCInstallUserConfigIE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express 访问><"%SystemRoot%\system32\shmgrate.exe" OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\wmp.inf,PerUserStub>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <Address Book 5><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
    <CRLUpdate><%SystemRoot%\system32\updcrl.exe -e -u %SystemRoot%\system32\verisignpub1.crl>  [File is missing]

==================================
启动文件夹
N/A

==================================
服务
[C-DillaSrv / C-DillaSrv][Stopped/Manual Start]
  <C:\WINNT\system32\DRIVERS\CDANTSRV.EXE><C-Dilla Ltd>
[Cmb WebProtect Support / CMBWPS][Running/Auto Start]
  <C:\Program Files\CMBCHINA\WebProtect\WPService.exe /start><China Merchants Bank>
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Kingsoft Basic Service / kaccore][Running/Manual Start]
  <"C:\Program Files\Kingsoft\KAC\Service\kaccore.exe"><Kingsoft Corporation>
[LexBce Server / LexBceS][Stopped/Manual Start]
  <C:\WINNT\system32\LEXBCES.EXE><Lexmark International, Inc.>
[Network helper Service / MSDisk][Stopped/Disabled]
  <"C:\WINNT\system32\irdvxc.exe" /service><(File is missing)>
[Microsoft Windows Software Update Service / mswsus][Stopped/Auto Start]
  <C:\WINNT\system32\mswsus.exe><N/A>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINNT\system32\nvsvc32.exe><NVIDIA Corporation>
[pdfFactory Pro 分配器 v2 / pdfFactory Pro 分配器 v2][Stopped/Disabled]
  <"C:\WINNT\system32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /service><FinePrint Software, LLC>
[PPPoE Service / PPPoEService][Running/Auto Start]
  <d:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe><N/A>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"d:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Information Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
  <"D:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Information Technology Co., Ltd.>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
  <C:\WINNT\System32\svchost.exe -k netsvcs-->C:\WINNT\system32\mspmsnsv.dll><Microsoft Corporation>

==================================
驱动程序
[Avance Wave Audio Miniport Driver (WDM) / als4k][Stopped/Manual Start]
  <system32\drivers\als4000.sys><Avance Logic Inc.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[C-Dilla / C-Dilla][Stopped/Disabled]
  <\??\C:\WINNT\system32\drivers\CDANT.SYS><Macrovision>
[CMB8100 / CMB8100][Running/Auto Start]
  <\??\C:\WINNT\system32\Drivers\CertClient.dat><N/A>
[CMBProtector / CMBProtector][Running/Auto Start]
  <\??\C:\WINNT\system32\Drivers\CMBProtector.dat><N/A>
[C-Media WDM Audio Interface / cmuda][Running/Manual Start]
  <system32\drivers\cmuda.sys><C-Media Inc>
[Legend/D-Link DFE-530TX PCI Fast Ethernet Adapter / dlkfet][Running/Manual Start]
  <system32\DRIVERS\dlkfet.sys><Fast Ethernet PCI Adapter Manufacturer>
[dmboot / dmboot][Stopped/Disabled]
  <System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[dtscsi / dtscsi][Stopped/Disabled]
  <\SystemRoot\System32\Drivers\dtscsi.sys><N/A>
[ENIMSR / ENIMSR][Stopped/Manual Start]
  <\??\d:\PROGRA~1\EFFICI~1\ENTERN~1\app\ENIMSR.SYS><Microsoft Corporation>
[ExpScaner / ExpScaner][Stopped/Auto Start]
  <\??\D:\Program Files\rising\Rav\ExpScan.sys><N/A>
[HookCont / HookCont][Running/System Start]
  <\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Information Technology Co., Ltd.>
[HookNtos / HookNtos][Running/System Start]
  <\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Information Technology Co., Ltd.>
[HookReg / HookReg][Running/System Start]
  <\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Information Technology Co., Ltd.>
[HookSys / HookSys][Running/System Start]
  <\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Information Technology Co., Ltd.>
[IdeBusDr / IdeBusDr][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\IdeBusDr.sys><Intel Corporation>
[Intel(R) Ultra ATA Controller / IdeChnDr][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\IdeChnDr.sys><Intel Corporation>
[IPHOOK / IPHOOK][Stopped/Auto Start]
  <\??\d:\Program Files\rising\rfw\iphook.sys><N/A>
[KAVBootC / KAVBootC][Running/Boot Start]
  <\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>
[KAVSafe / KAVSafe][Running/Auto Start]
  <\??\C:\WINNT\system32\Drivers\KAVSafe.sys><Kingsoft Corporation>
[MEMSCAN / MEMSCAN][Stopped/Auto Start]
  <\??\D:\Program Files\rising\Rav\MEMSCAN.sys><N/A>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\D:\Program Files\Tencent\QQ2006\npkcrypt.sys><INCA Internet Co., Ltd.>
[Efficient Networks Enternet P.P.P.o.E LAN  Miniport Driver / NTSPPPOE][Running/Manual Start]
  <system32\DRIVERS\ntspppoe.sys><Microsoft Corporation>
[NTSTAP1 / NTSTAP1][Running/Manual Start]
  <\??\D:\PROGRA~1\EFFICI~1\ENTERN~1\app\NTSTAP1.SYS><Network TeleSystems, Inc.>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[OrangeWare USB 2.0 Root Hub Support / ousb2hub][Running/Manual Start]
  <system32\DRIVERS\ousb2hub.sys><OrangeWare Corporation>
[NEC PCI to USB Enhanced Host Controller / ousbehci][Running/Auto Start]
  <System32\Drivers\ousbehci.sys><OrangeWare Corporation>
[PfModNT / PfModNT][Running/Auto Start]
  <\??\C:\WINNT\system32\PfModNT.sys><Creative Technology Ltd.>
[Protector / Protector][Running/System Start]
  <system32\drivers\Protector.sys><N/A>
[ProtectorA / ProtectorA][Running/System Start]
  <system32\drivers\ProtectorA.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RAWESR / RAWESR][Running/Manual Start]
  <\??\D:\PROGRA~1\EFFICI~1\ENTERN~1\app\RAWESR.SYS><Microsoft Corporation>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Information Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Stopped/Auto Start]
  <\??\D:\Program Files\rising\Rav\RSPPSYS.sys><N/A>
[Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver / RTL8023][Stopped/Manual Start]
  <system32\DRIVERS\Rtlnic5.sys><Realtek Semiconductor Corporation>
[Realtek RTL8139-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Sound Blaster AudioPCI Audio Driver (WDM) / sbpci][Stopped/Manual Start]
  <system32\drivers\sbpci.sys><Creative Technology Ltd.>
[SecDrv / SecDrv][Stopped/Disabled]
  <\??\C:\WINNT\system32\drivers\SECDRV.SYS><Macrovision Europe Ltd>
[SkyProcs / SkyProcs][Stopped/Disabled]
  <\??\C:\PROGRA~1\SkyNet\Firewall\SkyProcs.sys><N/A>
[sptd / sptd][Stopped/Disabled]
  <System32\Drivers\sptd.sys><N/A>
[TAPBIND / TAPBIND][Running/Manual Start]
  <\??\d:\PROGRA~1\EFFICI~1\ENTERN~1\app\TAPBIND1.SYS><Network TeleSystems, Inc.>
[TDIHOOK / TDIHOOK][Stopped/Disabled]
  <\??\d:\Program Files\rising\rfw\tdihook.sys><N/A>
[USB 2.0 Root Hub Support / usbhub20][Stopped/Manual Start]
  <system32\DRIVERS\usbhub20.sys><Microsoft Corporation>
[ZSMC USB PC Camera / ZSMC301b][Stopped/Manual Start]
  <System32\Drivers\usbVM31b.sys><VM>

==================================
浏览器加载项
[BitComet Helper]
  {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll, (Signed) BitComet>
[WebProtect]
  {53763D1D-9CA8-4C7C-9756-A8E6B8FC063B} <C:\Program Files\CMBCHINA\WebProtect\WebProtect.dll, (Signed) China Merchants Bank>
[BOC ProcessProtect Class]
  {776B71E2-B4CC-4C94-BC7C-09103AA690B6} <ProcessProtection.dll, ISRA>
[卡卡上网安全助手]
  {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} <C:\WINNT\system32\UrlFilter.dll, (Signed) Beijing Rising Information Technology Co., Ltd.>
[]
  {D9453DFD-F27B-46D1-80FE-C733C58FB20F} <, >
[]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <, >
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, >
[BitComet]
  {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} <, >
[瑞星卡卡工具条(&R)]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINNT\system32\KakaTool.dll, (Signed) Beijing Rising Information Technology Co., Ltd.>
[]
  {00000002-0000-0010-8000-00AA00389B71} <, >
[]
  {00002000-0000-0010-8000-00AA00389B71} <, >
[Auto Control]
  {174DF291-FC74-4B8F-AFF9-A1617956ACDF} <C:\WINNT\Auto.ocx, (Signed) www.autoinfo.gov.cn>
[]
  {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} <, >
[InstallHelper Class]
  {1DABF8D5-8430-4985-9B7F-A30E53D709B3} <C:\WINNT\system32\QQLiveInstaller.dll, >
[iTrusPTA Class]
  {1E0DFFCF-27FF-4574-849B-55007349FEDA} <C:\WINNT\system32\aliedit\pta.dll, (Signed) >
[]
  {2EA6D939-4445-43F1-A12B-8CB3DDA8B855} <, >
[SetTimeGB Class]
  {306846BB-C377-40C2-B522-F92B17ABC60C} <C:\WINNT\Downloaded Program Files\chinatime.dll, >
[GDGetTokenInfo Class]
  {3AA9CF07-DF20-48FF-98BE-DED276E40146} <C:\WINNT\system32\GDREAD~1.DLL, >
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINNT\system32\aliedit\aliedit.dll, (Signed) >
[]
  {58CDB34C-B4D7-418B-A0FB-C4C8A01C2F0E} <, >
[InfoSecNetSign Class]
  {5CB840B5-A94E-4AD9-B785-4866E3B04476} <C:\WINNT\DOWNLO~1\ICBCNE~1.DLL, (Signed) Infosec Technologies Co., Ltd.>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINNT\system32\wuweb.dll, (Signed) Microsoft Corporation>
[]
  {6AE02E1C-8859-4F57-9097-5A55A56A4CAF} <, >
[]
  {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} <, >
[]
  {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} <, >
[]
  {991481A7-4669-4E15-8C24-100404E1F5CB} <, >
[]
  {9F1C11AA-197B-4942-BA54-47A8489BB47F} <, >
[Tencent Safety Online Base Module]
  {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <C:\WINNT\DOWNLO~1\TSOBase.ocx, (Signed) Tencent Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash9f.ocx, (Signed) Adobe Systems, Inc.>
[PasswordEditCtrl Class]
  {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINNT\system32\qqedit\qqedit.dll, (Signed) 腾讯科技（深圳）有限公司>
[]
  {03507A1A-E0C5-4404-AA26-205385C0892D} <, >
[]
  {2EEDA47E-8D5C-4d7e-B4B6-E16E19218555} <, >
[]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <, >
[XMP Class]
  {6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
[XDRM]
  {693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[MediaComm Class]
  {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <C:\Program Files\Thunder Network\WebThunder\InMedia\MediaAddin13.dll, Thunder Networking Technologies,LTD>
[RMGetLicense Class]
  {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINNT\system32\msnetobj.dll, (Signed) Microsoft Corporation>
[]
  {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <, >
[]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <, >
[&使用BitComet下载]
  <res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm, N/A>
[&使用BitComet下载全部链接]
  <res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm, N/A>
[&使用BitComet下载本页视频]
  <res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm, N/A>
[用维棠下载视频]
  <C:\Program Files\ViDown\vd_link.htm, N/A>

==================================
正在运行的进程
[PID: 148][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 172][\??\C:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 192][\??\C:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.00.2195.6970]
[PID: 220][C:\WINNT\system32\services.exe]  [Microsoft Corporation, 5.00.2195.6700]
    [C:\WINNT\system32\dmserver.dll]  [VERITAS Software Corp., 2195.6605.297.3]
[PID: 232][C:\WINNT\system32\lsass.exe]  [Microsoft Corporation, 5.00.2195.6902]
[PID: 432][C:\Program Files\CMBCHINA\WebProtect\WPService.exe]  [China Merchants Bank, 1, 0, 0, 1]
    [C:\WINNT\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
    [C:\Program Files\CMBCHINA\WebProtect\WebProtectPlus.dll]  [China Merchants Bank, 1, 0, 0, 1]
[PID: 456][C:\WINNT\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.7801]
    [C:\WINNT\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
[PID: 656][d:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe]  [N/A, ]
    [C:\WINNT\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
[PID: 668][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 684][C:\WINNT\system32\stisvc.exe]  [Microsoft Corporation, 5.00.2195.6656]
    [C:\WINNT\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
[PID: 712][C:\WINNT\System32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 736][C:\WINNT\System32\WBEM\WinMgmt.exe]  [Microsoft Corporation, 1.50.1085.0100]
    [C:\WINNT\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
[PID: 988][C:\WINNT\system32\locator.exe]  [Microsoft Corporation, 5.00.2195.6619]
    [C:\WINNT\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
[PID: 772][C:\WINNT\Explorer.EXE]  [Microsoft Corporation, 5.00.3700.6690]
    [C:\WINNT\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
    [C:\WINNT\system32\RavExt.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.18]
    [d:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5]
    [D:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [d:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
    [C:\Program Files\ICQLite\ICQLiteShell.dll]  [, 20, 34, 2423, 0]
    [C:\WINNT\system32\nvshell.dll]  [, ]
[PID: 976][D:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.24]
    [D:\Program Files\Rising\Rav\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [D:\Program Files\Rising\Rav\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [D:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
    [D:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.1]
    [D:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.19]
[PID: 948][D:\Program Files\Rising\AntiSpyware\rstray.exe]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.16]
    [C:\WINNT\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
    [D:\Program Files\Rising\AntiSpyware\rsmginfo.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 8]
    [D:\Program Files\Rising\AntiSpyware\RsXML.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2]
    [D:\Program Files\Rising\AntiSpyware\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [D:\Program Files\Rising\AntiSpyware\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\Program Files\Rising\AntiSpyware\ComServ.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.31]
    [D:\Program Files\Rising\AntiSpyware\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [D:\Program Files\Rising\AntiSpyware\rscommon.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.1.1]
    [D:\Program Files\Rising\AntiSpyware\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [D:\Program Files\Rising\AntiSpyware\pngdll.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5]
    [D:\Program Files\Rising\AntiSpyware\runiep.dll]  [Beijing Rising Information Technology Co., Ltd., 6.0.0.39]
    [D:\Program Files\Rising\AntiSpyware\NComm.dll]  [Beijing Rising Information Technology Co., Ltd., 6.0.0.6]
    [d:\Program Files\Rising\Rav\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [D:\Program Files\Rising\AntiSpyware\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\WINNT\system32\RavExt.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.18]
    [D:\Program Files\Rising\AntiSpyware\pscan.dll]  [Beijing Rising Information Technology Co., Ltd., 6.0.0.57]
    [D:\Program Files\Rising\AntiSpyware\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
[PID: 804][d:\PROGRA~1\EFFICI~1\ENTERN~1\app\EnterNet.exe]  [N/A, ]
    [d:\PROGRA~1\EFFICI~1\ENTERN~1\app\PacketLog.dll]  [Efficient Networks, Inc., 1, 5, 0, 18]
    [d:\PROGRA~1\EFFICI~1\ENTERN~1\app\DSLAPI32.dll]  [Efficient Networks Inc., 1, 5, 0, 18]
    [C:\WINNT\system32\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
    [C:\WINNT\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
    [d:\PROGRA~1\EFFICI~1\ENTERN~1\app\ResMsgENU.dll]  [Efficient Networks, Inc., 1, 5, 0, 17]
    [d:\Program Files\Rising\AntiSpyware\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [d:\Program Files\Rising\AntiSpyware\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [d:\PROGRA~1\EFFICI~1\ENTERN~1\app\ResENU.dll]  [Efficient Networks, Inc., 1, 5, 0, 18]
[PID: 972][C:\Program Files\Kingsoft\KAC\Service\kaccore.exe]  [Kingsoft Corporation, 2008,09,11,261]
    [C:\WINNT\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
    [d:\Program Files\Rising\AntiSpyware\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [d:\Program Files\Rising\AntiSpyware\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [C:\Program Files\Kingsoft\KAC\Service\corehelper.dll]  [Kingsoft Corporation, 2008,09,17,269]
[PID: 504][D:\PROGRAM FILES\RISING\RAV\RavStub.exe]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.10]
    [D:\PROGRAM FILES\RISING\RAV\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [D:\PROGRAM FILES\RISING\RAV\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [D:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
[PID: 844][d:\Program Files\Rising\AntiSpyware\knownsvr.exe]  [Beijing Rising Information Technology Co., Ltd., 6.0.0.11]
    [d:\Program Files\Rising\AntiSpyware\NComm.dll]  [Beijing Rising Information Technology Co., Ltd., 6.0.0.6]
    [C:\WINNT\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
    [d:\Program Files\Rising\AntiSpyware\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [d:\Program Files\Rising\AntiSpyware\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
[PID: 1444][E:\aattiivv\SREngLdr.EXE]  [Smallfrogs Studio, 2.6.12.1018]
[PID: 868][E:\aattiivv\SRE789e8833.EXE]  [Smallfrogs Studio, 2.6.12.1018]
    [E:\aattiivv\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 456, C:\WINNT\SYSTEM32\NVSVC32.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1444, E:\AATTIIVV\SRENGLDR.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]