[CODE]

2008-11-15,17:49:00

System Repair Engineer 2.7.0.1210
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描
    计划任务
    API HOOK
    隐藏进程


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <360Safetray><F:\3600\360safe\safemon\360tray.exe /start>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <RfwMain><"F:\新建文件夹 (2)\墙\Rising\Rfw\rfwmain.exe" -Startup>  [(Verified)Beijing Rising Information Technology Corporation Limited]
    <RavTask><"F:\新建文件夹 (2)\杀软\Rising\Rav\RavTask.exe" -system>  [(Verified)Beijing Rising Information Technology Corporation Limited]
    <runeip><"F:\kaka\rstray.exe" /startup>  [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><kmon.dll>  [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <WebCheck><%SystemRoot%\system32\webcheck.dll>  [(Verified)Microsoft Windows Publisher]
    <SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
    <浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe>  [(Verified)Microsoft Windows Publisher]

==================================
启动文件夹
[QQ游戏启动加速程序]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> E:\qq\新建文~2\QQGAME\Accel.exe [深圳市腾讯计算机系统有限公司]><N>

==================================
服务
[DCOM Server Process Launcher / DcomLaunch][Running/Auto Start]
  <C:\WINDOWS\system32\svchost -k DcomLaunch-->%SystemRoot%\system32\rpcss.dll><Microsoft Corporation>
[DHCP Client / Dhcp][Running/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\dhcpcsvc.dll><Microsoft Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Server / lanmanserver][Running/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\srvsvc.dll><Microsoft Corporation>
[Windows Installer / MSIServer][Stopped/Manual Start]
  <C:\WINDOWS\system32\msiexec.exe /V><Microsoft Corporation>
[Network Connections / Netman][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\netman.dll><Microsoft Corporation>
[Remote Access Connection Manager / RasMan][Running/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\rasmans.dll><Microsoft Corporation>
[Rising Proxy  Service / RfwProxySrv][Running/Auto Start]
  <F:\新建文件夹 (2)\墙\Rising\Rfw\rfwProxy.exe><Beijing Rising Information Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
  <F:\新建文件夹 (2)\墙\Rising\Rfw\rfwsrv.exe><Beijing Rising Information Technology Co., Ltd.>
[Remote Procedure Call (RPC) / RpcSs][Running/Auto Start]
  <C:\WINDOWS\system32\svchost -k rpcss-->%SystemRoot%\system32\rpcss.dll><Microsoft Corporation>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"F:\新建文件夹 (2)\杀软\Rising\Rav\CCenter.exe"><Beijing Rising Information Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
  <"F:\新建文件夹 (2)\杀软\RISING\RAV\Ravmond.exe"><Beijing Rising Information Technology Co., Ltd.>
[Print Spooler / Spooler][Running/Auto Start]
  <C:\WINDOWS\system32\spoolsv.exe><Microsoft Corporation>
[Telephony / TapiSrv][Running/Manual Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\tapisrv.dll><Microsoft Corporation>
[WebClient / WebClient][Running/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k LocalService-->%SystemRoot%\System32\webclnt.dll><Microsoft Corporation>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\mspmsnsv.dll><Microsoft Corporation>

==================================
驱动程序
[Microsoft Kernel Acoustic Echo Canceller / aec][Stopped/Manual Start]
  <system32\drivers\aec.sys><Microsoft Corporation>
[FltMgr / FltMgr][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\fltMgr.sys><Microsoft Corporation>
[HookCont / HookCont][Running/System Start]
  <\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Information Technology Co., Ltd.>
[HookNtos / HookNtos][Running/System Start]
  <\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Information Technology Co., Ltd.>
[HookReg / HookReg][Running/System Start]
  <\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Information Technology Co., Ltd.>
[HookSys / HookSys][Running/System Start]
  <\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Information Technology Co., Ltd.>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\F:\新建文件夹 (2)\墙\Rising\Rfw\HookUrl.sys><Beijing Rising Information Technology Co., Ltd.>
[HTTP / HTTP][Running/Manual Start]
  <System32\Drivers\HTTP.sys><Microsoft Corporation>
[IP Network Address Translator / IpNat][Running/Manual Start]
  <system32\DRIVERS\ipnat.sys><Microsoft Corporation>
[Microsoft Kernel Wave Audio Mixer / kmixer][Running/Manual Start]
  <system32\drivers\kmixer.sys><Microsoft Corporation>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Rdbss / Rdbss][Running/System Start]
  <system32\DRIVERS\rdbss.sys><Microsoft Corporation>
[Rising  Rfwbase Driver / RfwBase][Running/Auto Start]
  <System32\DRIVERS\rfwbase.SYS><Beijing Rising Information Technology Co., Ltd.>
[RsFwDrv / RsFwDrv][Running/System Start]
  <\??\F:\新建文件夹 (2)\墙\Rising\Rfw\RsFwDrv.sys><Beijing Rising Information Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Information Technology Co., Ltd.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[Microsoft Kernel Audio Splitter / splitter][Stopped/Manual Start]
  <system32\drivers\splitter.sys><Microsoft Corporation>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[Microcode Update Driver / Update][Running/Manual Start]
  <system32\DRIVERS\update.sys><Microsoft Corporation>
[USB2 Enabled Hub / usbhub][Running/Manual Start]
  <system32\DRIVERS\usbhub.sys><Microsoft Corporation>
[Microsoft USB Universal Host Controller Miniport Driver / usbuhci][Running/Manual Start]
  <system32\DRIVERS\usbuhci.sys><Microsoft Corporation>
[VIA AC'97 Audio Controller (WDM) / VIAudio][Running/Manual Start]
  <system32\drivers\ac97via.sys><VIA Technologies, Inc.>
[Microsoft WINMM WDM Audio Compatibility Driver / wdmaud][Running/Manual Start]
  <system32\drivers\wdmaud.sys><Microsoft Corporation>

==================================
浏览器加载项
[QQCycloneHelper Class]
  {00000000-12C9-4305-82F9-43058F20E8D2} <E:\qq\新建文件夹 (3)\QQIEHelper02.dll, (Signed) 腾讯公司>
[卡卡上网安全助手]
  {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} <C:\WINDOWS\system32\UrlFilter.dll, (Signed) Beijing Rising Information Technology Co., Ltd.>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <F:\3600\360safe\safemon\safemon.dll, (Signed) 360.CN>
[]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <, >
[雨林木风]
  {575201F6-B957-4860-BD5C-625BB7629CE4} <http://www.ylmf.com, N/A>
[QQCycloneHelper Class]
  {00000000-12C9-4305-82F9-43058F20E8D2} <E:\qq\新建文件夹 (3)\QQIEHelper02.dll, (Signed) 腾讯公司>
[]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <, >
[]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <, >
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <C:\新建文件夹\ComDlls\ThunderAgent_Now.dll, N/A>
[]
  {575201F6-B957-4860-BD5C-625BB7629CE4} <, >
[XMP Class]
  {6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
[XDRM]
  {693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[]
  {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <, >
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <F:\3600\360safe\live.dll, (Signed) 360.cn>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, (Signed) Microsoft Corporation>
[]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <, >
[卡卡上网安全助手]
  {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} <C:\WINDOWS\system32\UrlFilter.dll, (Signed) Beijing Rising Information Technology Co., Ltd.>
[RMGetLicense Class]
  {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <F:\3600\360safe\safemon\safemon.dll, (Signed) 360.CN>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, (Signed) Adobe Systems, Inc.>
[]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <, >
[]
  {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <, >
[XPPlayer Class]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\pplayer.dll_1_work, (Signed) Thunder>
[&使用超级旋风下载]
  <E:\qq\新建文件夹 (3)\geturl.htm, N/A>
[&使用超级旋风下载全部链接]
  <E:\qq\新建文件夹 (3)\getAllurl.htm, N/A>
[添加到QQ表情]
  <E:\qq\新建文件夹\AddEmotion.htm, N/A>

==================================
正在运行的进程
[PID: 368 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 440 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\sxs.dll]  [Microsoft Corporation, 5.1.2600.3019 (xpsp.061019-0442)]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\ijt_base.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
    [C:\WINDOWS\system32\comctl32.dll]  [Microsoft Corporation, 5.82 (xpsp.060825-0040)]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\olemon.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 464 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\AUTHZ.dll]  [Microsoft Corporation, 5.1.2600.2622 (xpsp.050301-1521)]
    [C:\WINDOWS\system32\COMCTL32.dll]  [Microsoft Corporation, 5.82 (xpsp.060825-0040)]
    [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll]  [Microsoft Corporation, 6.0 (xpsp.060825-0040)]
    [C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\ole32.dll]  [Microsoft Corporation, 5.1.2600.2846 (xpsp.060213-1526)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
    [C:\WINDOWS\system32\iphlpapi.dll]  [Microsoft Corporation, 5.1.2600.2912 (xpsp.060519-0015)]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\ijt_base.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\olemon.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
    [C:\WINDOWS\system32\CLBCATQ.DLL]  [Microsoft Corporation, 2001.12.4414.310]
[PID: 508 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\AUTHZ.dll]  [Microsoft Corporation, 5.1.2600.2622 (xpsp.050301-1521)]
    [C:\WINDOWS\system32\umpnpmgr.dll]  [Microsoft Corporation, 5.1.2600.2744 (xpsp.050822-1649)]
    [C:\WINDOWS\system32\ole32.dll]  [Microsoft Corporation, 5.1.2600.2846 (xpsp.060213-1526)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
    [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll]  [Microsoft Corporation, 6.0 (xpsp.060825-0040)]
    [C:\WINDOWS\system32\comctl32.dll]  [Microsoft Corporation, 5.82 (xpsp.060825-0040)]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\ijt_base.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\olemon.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 520 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\ole32.dll]  [Microsoft Corporation, 5.1.2600.2846 (xpsp.060213-1526)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
    [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll]  [Microsoft Corporation, 6.0 (xpsp.060825-0040)]
    [C:\WINDOWS\system32\comctl32.dll]  [Microsoft Corporation, 5.82 (xpsp.060825-0040)]
    [C:\WINDOWS\system32\kerberos.dll]  [Microsoft Corporation, 5.1.2600.2698 (xpsp.050614-1527)]
    [C:\WINDOWS\system32\iphlpapi.dll]  [Microsoft Corporation, 5.1.2600.2912 (xpsp.060519-0015)]
    [C:\WINDOWS\system32\wdigest.dll]  [Microsoft Corporation, 5.1.2600.2874 (xpsp.060323-1528)]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\ijt_base.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\olemon.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
    [C:\WINDOWS\system32\AUTHZ.dll]  [Microsoft Corporation, 5.1.2600.2622 (xpsp.050301-1521)]
[PID: 672 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\ole32.dll]  [Microsoft Corporation, 5.1.2600.2846 (xpsp.060213-1526)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
    [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll]  [Microsoft Corporation, 6.0 (xpsp.060825-0040)]
    [C:\WINDOWS\system32\comctl32.dll]  [Microsoft Corporation, 5.82 (xpsp.060825-0040)]
    [c:\windows\system32\rpcss.dll]  [Microsoft Corporation, 5.1.2600.2846 (xpsp.060213-1526)]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\ijt_base.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\olemon.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
    [C:\WINDOWS\system32\CLBCATQ.DLL]  [Microsoft Corporation, 2001.12.4414.310]
    [c:\windows\system32\AUTHZ.dll]  [Microsoft Corporation, 5.1.2600.2622 (xpsp.050301-1521)]
[PID: 736 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\ole32.dll]  [Microsoft Corporation, 5.1.2600.2846 (xpsp.060213-1526)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
    [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll]  [Microsoft Corporation, 6.0 (xpsp.060825-0040)]
    [C:\WINDOWS\system32\comctl32.dll]  [Microsoft Corporation, 5.82 (xpsp.060825-0040)]
    [c:\windows\system32\rpcss.dll]  [Microsoft Corporation, 5.1.2600.2846 (xpsp.060213-1526)]
    [C:\WINDOWS\system32\iphlpapi.dll]  [Microsoft Corporation, 5.1.2600.2912 (xpsp.060519-0015)]
    [C:\WINDOWS\system32\rasadhlp.dll]  [Microsoft Corporation, 5.1.2600.2938 (xpsp.060626-0041)]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\ijt_base.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\olemon.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
    [C:\WINDOWS\system32\CLBCATQ.DLL]  [Microsoft Corporation, 2001.12.4414.310]
[PID: 776 / SYSTEM][F:\新建文件夹 (2)\杀软\Rising\Rav\CCenter.exe]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.33]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\ijt_base.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
    [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll]  [Microsoft Corporation, 6.0 (xpsp.060825-0040)]
    [C:\WINDOWS\system32\comctl32.dll]  [Microsoft Corporation, 5.82 (xpsp.060825-0040)]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\olemon.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
[PID: 792 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\ole32.dll]  [Microsoft Corporation, 5.1.2600.2846 (xpsp.060213-1526)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
    [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll]  [Microsoft Corporation, 6.0 (xpsp.060825-0040)]
    [C:\WINDOWS\system32\comctl32.dll]  [Microsoft Corporation, 5.82 (xpsp.060825-0040)]
    [c:\windows\system32\dhcpcsvc.dll]  [Microsoft Corporation, 5.1.2600.2912 (xpsp.060519-0015)]
    [c:\windows\system32\iphlpapi.dll]  [Microsoft Corporation, 5.1.2600.2912 (xpsp.060519-0015)]
    [c:\windows\system32\ESENT.dll]  [Microsoft Corporation, 5.1.2468.0 (Lab03_N(jliem).010306-1456)]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\ijt_base.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\olemon.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
    [C:\WINDOWS\System32\CLBCATQ.DLL]  [Microsoft Corporation, 2001.12.4414.310]
    [c:\windows\system32\srvsvc.dll]  [Microsoft Corporation, 5.1.2600.2577 (xpsp.041130-1728)]
    [c:\windows\system32\netman.dll]  [Microsoft Corporation, 5.1.2600.2743 (xpsp.050819-1528)]
    [C:\WINDOWS\System32\SXS.DLL]  [Microsoft Corporation, 5.1.2600.3019 (xpsp.061019-0442)]
    [C:\WINDOWS\system32\comsvcs.dll]  [Microsoft Corporation, 2001.12.4414.310]
    [C:\WINDOWS\system32\colbact.DLL]  [Microsoft Corporation, 2001.12.4414.310]
    [C:\WINDOWS\system32\MTXCLU.DLL]  [Microsoft Corporation, 2001.12.4414.311]
    [c:\windows\system32\AUTHZ.dll]  [Microsoft Corporation, 5.1.2600.2622 (xpsp.050301-1521)]
    [C:\WINDOWS\System32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\rasadhlp.dll]  [Microsoft Corporation, 5.1.2600.2938 (xpsp.060626-0041)]
    [C:\WINDOWS\System32\rasmans.dll]  [Microsoft Corporation, 5.1.2600.2936 (xpsp.060621-2356)]
    [c:\windows\system32\tapisrv.dll]  [Microsoft Corporation, 5.1.2600.2716 (xpsp.050707-1657)]
    [C:\WINDOWS\system32\kerberos.dll]  [Microsoft Corporation, 5.1.2600.2698 (xpsp.050614-1527)]
[PID: 876 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\ole32.dll]  [Microsoft Corporation, 5.1.2600.2846 (xpsp.060213-1526)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
    [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll]  [Microsoft Corporation, 6.0 (xpsp.060825-0040)]
    [C:\WINDOWS\system32\comctl32.dll]  [Microsoft Corporation, 5.82 (xpsp.060825-0040)]
    [c:\windows\system32\iphlpapi.dll]  [Microsoft Corporation, 5.1.2600.2912 (xpsp.060519-0015)]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\ijt_base.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\olemon.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 908 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\ole32.dll]  [Microsoft Corporation, 5.1.2600.2846 (xpsp.060213-1526)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
    [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll]  [Microsoft Corporation, 6.0 (xpsp.060825-0040)]
    [C:\WINDOWS\system32\comctl32.dll]  [Microsoft Corporation, 5.82 (xpsp.060825-0040)]
    [c:\windows\system32\iphlpapi.dll]  [Microsoft Corporation, 5.1.2600.2912 (xpsp.060519-0015)]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\ijt_base.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\olemon.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
    [c:\windows\system32\webclnt.dll]  [Microsoft Corporation, 5.1.2600.2821 (xpsp.060103-1543)]
    [C:\WINDOWS\system32\CLBCATQ.DLL]  [Microsoft Corporation, 2001.12.4414.310]
[PID: 968 / SYSTEM][F:\新建文件夹 (2)\杀软\RISING\RAV\ravmond.exe]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.80]
    [F:\新建文件夹 (2)\杀软\RISING\RAV\BWList.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.5]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\ole32.dll]  [Microsoft Corporation, 5.1.2600.2846 (xpsp.060213-1526)]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll]  [Microsoft Corporation, 6.0 (xpsp.060825-0040)]
    [C:\WINDOWS\system32\comctl32.dll]  [Microsoft Corporation, 5.82 (xpsp.060825-0040)]
    [F:\新建文件夹 (2)\杀软\RISING\RAV\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.1]
    [F:\新建文件夹 (2)\杀软\RISING\RAV\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.19]
    [F:\新建文件夹 (2)\杀软\RISING\RAV\RsLog.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.36]
    [F:\新建文件夹 (2)\杀软\RISING\RAV\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [F:\新建文件夹 (2)\杀软\RISING\RAV\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [F:\新建文件夹 (2)\杀软\RISING\RAV\MonRule.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.29]
    [F:\新建文件夹 (2)\杀软\RISING\RAV\Hooksys.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 12]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\ijt_base.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\olemon.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
    [F:\新建文件夹 (2)\杀软\RISING\RAV\HookReg.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6]
    [F:\新建文件夹 (2)\杀软\RISING\RAV\HookNtos.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5]
    [F:\新建文件夹 (2)\杀软\RISING\RAV\rswalmon.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 24]
    [F:\新建文件夹 (2)\杀软\RISING\RAV\recomp.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 41]
    [F:\新建文件夹 (2)\杀软\RISING\RAV\refs.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18]
    [F:\新建文件夹 (2)\杀软\RISING\RAV\ffr.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
    [C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [F:\新建文件夹 (2)\杀软\Rising\Rav\RsStore.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.9]
    [F:\新建文件夹 (2)\杀软\RISING\RAV\HookCont.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3]
    [F:\新建文件夹 (2)\杀软\Rising\Rav\fakescan.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.14]
    [F:\新建文件夹 (2)\杀软\Rising\Rav\Scanner.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.39]
    [F:\新建文件夹 (2)\杀软\RISING\RAV\viruslib.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27]
    [F:\新建文件夹 (2)\杀软\RISING\RAV\relibldr.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
    [F:\新建文件夹 (2)\杀软\RISING\RAV\HookWeb.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.3]
    [C:\WINDOWS\system32\CLBCATQ.DLL]  [Microsoft Corporation, 2001.12.4414.310]
    [F:\新建文件夹 (2)\杀软\RISING\RAV\nvfile.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 7]
    [F:\新建文件夹 (2)\杀软\RISING\RAV\extfile.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 32]
    [F:\新建文件夹 (2)\杀软\RISING\RAV\pearc.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 8]
    [F:\新建文件夹 (2)\杀软\RISING\RAV\scanexec.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 22]
    [F:\新建文件夹 (2)\杀软\RISING\RAV\unexe.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 6]
    [F:\新建文件夹 (2)\杀软\RISING\RAV\scanex.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 98]
    [F:\新建文件夹 (2)\杀软\RISING\RAV\scanpack.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10]
    [F:\新建文件夹 (2)\杀软\RISING\RAV\revm.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 11]
    [F:\新建文件夹 (2)\杀软\RISING\RAV\urutils.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 7]
    [F:\新建文件夹 (2)\杀软\RISING\RAV\ur000.dat]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 22]
    [F:\新建文件夹 (2)\杀软\RISING\RAV\extole.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 13]
    [F:\新建文件夹 (2)\杀软\RISING\RAV\scansct.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 11]
    [F:\新建文件夹 (2)\杀软\RISING\RAV\scriptci.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 4]
    [F:\新建文件夹 (2)\杀软\RISING\RAV\ur001.dat]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5]
    [F:\新建文件夹 (2)\杀软\RISING\RAV\extmail.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10]
[PID: 984 / SYSTEM][F:\新建文件夹 (2)\墙\Rising\Rfw\rfwsrv.exe]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.77]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\ole32.dll]  [Microsoft Corporation, 5.1.2600.2846 (xpsp.060213-1526)]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll]  [Microsoft Corporation, 6.0 (xpsp.060825-0040)]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.1]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.19]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\RfwRule.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.17]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\rfwlog.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.16]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\Rfwdrv.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.50]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\ijt_ctrl.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.0]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\ijt_base.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\olemon.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\unvdet.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.8]
    [C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Iphlpapi.dll]  [Microsoft Corporation, 5.1.2600.2912 (xpsp.060519-0015)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\mPorts.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.6]
    [C:\WINDOWS\system32\CLBCATQ.DLL]  [Microsoft Corporation, 2001.12.4414.310]
[PID: 1028 / SYSTEM][F:\新建文件夹 (2)\墙\Rising\Rfw\rfwProxy.exe]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.37]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\ole32.dll]  [Microsoft Corporation, 5.1.2600.2846 (xpsp.060213-1526)]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll]  [Microsoft Corporation, 6.0 (xpsp.060825-0040)]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\RfwRule.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.17]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\urlrule.dll]  [Beijing Rising Information Technology Co., Ltd., 1.0.0.15]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\ijt_base.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\olemon.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\MonMid.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.6]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
[PID: 1192 / SYSTEM][F:\新建文件夹 (2)\墙\Rising\Rfw\rfwstub.exe]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.12]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll]  [Microsoft Corporation, 6.0 (xpsp.060825-0040)]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\WINDOWS\system32\ole32.dll]  [Microsoft Corporation, 5.1.2600.2846 (xpsp.060213-1526)]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\RSCOMMON.DLL]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\ijt_base.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\olemon.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 1404 / SYSTEM][F:\新建文件夹 (2)\杀软\RISING\RAV\RavStub.exe]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.10]
    [C:\WINDOWS\system32\COMCTL32.dll]  [Microsoft Corporation, 5.82 (xpsp.060825-0040)]
    [F:\新建文件夹 (2)\杀软\RISING\RAV\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [F:\新建文件夹 (2)\杀软\RISING\RAV\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [F:\新建文件夹 (2)\杀软\RISING\RAV\RSCOMMON.DLL]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\ijt_base.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
    [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll]  [Microsoft Corporation, 6.0 (xpsp.060825-0040)]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\olemon.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 1484 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp.050610-1527)]
    [C:\WINDOWS\system32\ole32.dll]  [Microsoft Corporation, 5.1.2600.2846 (xpsp.060213-1526)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
    [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll]  [Microsoft Corporation, 6.0 (xpsp.060825-0040)]
    [C:\WINDOWS\system32\comctl32.dll]  [Microsoft Corporation, 5.82 (xpsp.060825-0040)]
    [C:\WINDOWS\system32\iphlpapi.dll]  [Microsoft Corporation, 5.1.2600.2912 (xpsp.060519-0015)]
    [C:\WINDOWS\system32\rasadhlp.dll]  [Microsoft Corporation, 5.1.2600.2938 (xpsp.060626-0041)]
    [C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\CLBCATQ.DLL]  [Microsoft Corporation, 2001.12.4414.310]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\ijt_base.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\olemon.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 1828 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\ole32.dll]  [Microsoft Corporation, 5.1.2600.2846 (xpsp.060213-1526)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
    [C:\WINDOWS\System32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll]  [Microsoft Corporation, 6.0 (xpsp.060825-0040)]
    [C:\WINDOWS\system32\comctl32.dll]  [Microsoft Corporation, 5.82 (xpsp.060825-0040)]
    [C:\WINDOWS\System32\CLBCATQ.DLL]  [Microsoft Corporation, 2001.12.4414.310]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\ijt_base.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\olemon.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 1924 / Administrator][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
    [C:\WINDOWS\system32\ole32.dll]  [Microsoft Corporation, 5.1.2600.2846 (xpsp.060213-1526)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll]  [Microsoft Corporation, 6.0 (xpsp.060825-0040)]
    [C:\WINDOWS\system32\comctl32.dll]  [Microsoft Corporation, 5.82 (xpsp.060825-0040)]
    [C:\WINDOWS\system32\CLBCATQ.DLL]  [Microsoft Corporation, 2001.12.4414.310]
    [C:\WINDOWS\system32\LINKINFO.dll]  [Microsoft Corporation, 5.1.2600.2751 (xpsp.050831-1531)]
    [C:\WINDOWS\system32\iphlpapi.dll]  [Microsoft Corporation, 5.1.2600.2912 (xpsp.060519-0015)]
    [F:\3600\360safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\ijt_base.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\olemon.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
    [C:\WINDOWS\system32\SXS.DLL]  [Microsoft Corporation, 5.1.2600.3019 (xpsp.061019-0442)]
    [C:\WINDOWS\system32\MLANG.dll]  [Microsoft Corporation, 6.00.2900.2530 (xpsp.040919-1030)]
    [C:\WINDOWS\system32\netman.dll]  [Microsoft Corporation, 5.1.2600.2743 (xpsp.050819-1528)]
    [C:\WINDOWS\system32\DHCPCSVC.DLL]  [Microsoft Corporation, 5.1.2600.2912 (xpsp.060519-0015)]
    [C:\WINDOWS\system32\ESENT.dll]  [Microsoft Corporation, 5.1.2468.0 (Lab03_N(jliem).010306-1456)]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.18]
    [F:\新建文件夹 (2)\杀软\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
[PID: 1952 / Administrator][C:\WINDOWS\system32\wscntfy.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll]  [Microsoft Corporation, 6.0 (xpsp.060825-0040)]
    [C:\WINDOWS\system32\ole32.dll]  [Microsoft Corporation, 5.1.2600.2846 (xpsp.060213-1526)]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\ijt_base.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\olemon.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
[PID: 1972 / Administrator][F:\新建文件夹 (2)\杀软\RISING\RAV\RavMon.exe]  [Beijing Rising Information Technology Co., Ltd., 20.0.01.27]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll]  [Microsoft Corporation, 6.0 (xpsp.060825-0040)]
    [C:\WINDOWS\system32\ole32.dll]  [Microsoft Corporation, 5.1.2600.2846 (xpsp.060213-1526)]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [F:\新建文件夹 (2)\杀软\RISING\RAV\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [F:\新建文件夹 (2)\杀软\RISING\RAV\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [F:\新建文件夹 (2)\杀软\RISING\RAV\RSCOMMON.DLL]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
    [F:\新建文件夹 (2)\杀软\RISING\RAV\recomp.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 41]
    [F:\新建文件夹 (2)\杀软\RISING\RAV\refs.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18]
    [F:\新建文件夹 (2)\杀软\RISING\RAV\viruslib.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27]
    [F:\新建文件夹 (2)\杀软\RISING\RAV\relibldr.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
    [F:\新建文件夹 (2)\杀软\RISING\RAV\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.1]
    [F:\新建文件夹 (2)\杀软\RISING\RAV\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.19]
    [F:\新建文件夹 (2)\杀软\RISING\RAV\MonRule.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.29]
    [F:\新建文件夹 (2)\杀软\RISING\RAV\PngDll.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
    [F:\新建文件夹 (2)\杀软\RISING\RAV\Rsguilib.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 90]
    [F:\新建文件夹 (2)\杀软\RISING\RAV\RsXML.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\ijt_base.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\olemon.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 172 / Administrator][F:\3600\360safe\safemon\360tray.exe]  [奇虎网, 5, 0, 0, 1002]
    [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll]  [Microsoft Corporation, 6.0 (xpsp.060825-0040)]
    [C:\WINDOWS\system32\ole32.dll]  [Microsoft Corporation, 5.1.2600.2846 (xpsp.060213-1526)]
    [C:\WINDOWS\system32\iphlpapi.dll]  [Microsoft Corporation, 5.1.2600.2912 (xpsp.060519-0015)]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
    [F:\3600\360safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [F:\3600\360safe\safemon\SafeKrnl.dll]  [奇虎网, 4, 3, 0, 1003]
    [F:\3600\360safe\AntiAdwa.dll]  [360Safe.com, 4, 2, 0, 1001]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\ijt_base.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\olemon.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
    [F:\3600\360safe\live.dll]  [360.cn, 1, 0, 1, 1028]
    [C:\WINDOWS\system32\mlang.dll]  [Microsoft Corporation, 6.00.2900.2530 (xpsp.040919-1030)]
    [C:\WINDOWS\system32\rasadhlp.dll]  [Microsoft Corporation, 5.1.2600.2938 (xpsp.060626-0041)]
[PID: 1756 / Administrator][F:\新建文件夹 (2)\杀软\Rising\Rav\RavTask.exe]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.24]
    [C:\WINDOWS\system32\COMCTL32.dll]  [Microsoft Corporation, 5.82 (xpsp.060825-0040)]
    [C:\WINDOWS\system32\ole32.dll]  [Microsoft Corporation, 5.1.2600.2846 (xpsp.060213-1526)]
    [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll]  [Microsoft Corporation, 6.0 (xpsp.060825-0040)]
    [F:\新建文件夹 (2)\杀软\Rising\Rav\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [F:\新建文件夹 (2)\杀软\Rising\Rav\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [F:\新建文件夹 (2)\杀软\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
    [F:\新建文件夹 (2)\杀软\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.1]
    [F:\新建文件夹 (2)\杀软\Rising\Rav\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.19]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\ijt_base.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\olemon.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 188 / Administrator][F:\kaka\rstray.exe]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.16]
    [C:\WINDOWS\system32\ole32.dll]  [Microsoft Corporation, 5.1.2600.2846 (xpsp.060213-1526)]
    [C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll]  [Microsoft Corporation, 6.0 (xpsp.060825-0040)]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [F:\kaka\rsmginfo.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 8]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
    [F:\kaka\RsXML.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2]
    [F:\kaka\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [F:\kaka\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [F:\3600\360safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [F:\kaka\ComServ.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.31]
    [F:\kaka\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [F:\kaka\rscommon.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.1.1]
    [F:\kaka\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [F:\kaka\pngdll.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\ijt_base.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\olemon.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
    [F:\kaka\runiep.dll]  [Beijing Rising Information Technology Co., Ltd., 6.0.0.41]
    [F:\kaka\NComm.dll]  [Beijing Rising Information Technology Co., Ltd., 6.0.0.6]
    [F:\新建文件夹 (2)\杀软\Rising\Rav\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [F:\kaka\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\WINDOWS\system32\iphlpapi.dll]  [Microsoft Corporation, 5.1.2600.2912 (xpsp.060519-0015)]
    [C:\WINDOWS\system32\rasadhlp.dll]  [Microsoft Corporation, 5.1.2600.2938 (xpsp.060626-0041)]
    [C:\WINDOWS\system32\CLBCATQ.DLL]  [Microsoft Corporation, 2001.12.4414.310]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.18]
[PID: 184 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\ole32.dll]  [Microsoft Corporation, 5.1.2600.2846 (xpsp.060213-1526)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll]  [Microsoft Corporation, 6.0 (xpsp.060825-0040)]
    [F:\3600\360safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\ijt_base.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\olemon.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 2748 / Administrator][F:\新建文件夹 (2)\墙\Rising\Rfw\rfwmain.exe]  [Beijing Rising Information Technology Co., Ltd., 7.0.1.70]
    [C:\WINDOWS\system32\ole32.dll]  [Microsoft Corporation, 5.1.2600.2846 (xpsp.060213-1526)]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll]  [Microsoft Corporation, 6.0 (xpsp.060825-0040)]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\RsGuiLib.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 90]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.1]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.19]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\RSCOMMON.DLL]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\RfwCtrl.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\RsXML.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\PngDll.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\ijt_base.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\olemon.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\RfwRule.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.17]
[PID: 3156 / Administrator][C:\Documents and Settings\Administrator\桌面\新建文件夹\SREngLdr.EXE]  [Smallfrogs Studio, 2.7.0.1210]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\ijt_base.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll]  [Microsoft Corporation, 6.0 (xpsp.060825-0040)]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\olemon.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 3204 / Administrator][C:\Documents and Settings\Administrator\桌面\新建文件夹\SRE78d1019b.EXE]  [Smallfrogs Studio, 2.7.0.1210]
    [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll]  [Microsoft Corporation, 6.0 (xpsp.060825-0040)]
    [C:\WINDOWS\system32\ole32.dll]  [Microsoft Corporation, 5.1.2600.2846 (xpsp.060213-1526)]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [F:\kaka\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [F:\kaka\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\ijt_base.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
    [F:\新建文件夹 (2)\墙\Rising\Rfw\olemon.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2845 (xpsp.060210-1526)]
    [F:\3600\360safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Documents and Settings\Administrator\桌面\新建文件夹\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
    [C:\WINDOWS\system32\iphlpapi.dll]  [Microsoft Corporation, 5.1.2600.2912 (xpsp.060519-0015)]
    [C:\WINDOWS\system32\rasadhlp.dll]  [Microsoft Corporation, 5.1.2600.2938 (xpsp.060626-0041)]
    [C:\WINDOWS\system32\CLBCATQ.DLL]  [Microsoft Corporation, 2001.12.4414.310]
    [C:\WINDOWS\system32\LINKINFO.dll]  [Microsoft Corporation, 5.1.2600.2751 (xpsp.050831-1531)]

==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1       localhost
127.0.0.1  yu.8s7.net
127.0.0.1  1.jopanqc.com
127.0.0.1  2.joppnqq.com
127.0.0.1  wg.47255.com
127.0.0.1  1.joppnqq.com
127.0.0.1  xxx.m111.biz
127.0.0.1  1.jopenqc.com
127.0.0.1  1.jopenkk.com
127.0.0.1  xxx.vh7.biz
127.0.0.1  xxx.j41m.com
127.0.0.1  3.joppnqq.com
127.0.0.1  d.93se.com
127.0.0.1  www.868wg.com
127.0.0.1  xxx.mmma.biz
127.0.0.1  ilove.com
127.0.0.1  tp.shpzhan.cn
127.0.0.1  www.tomwg.com
127.0.0.1  www.cike007.cn
127.0.0.1  www.22aaa.com
127.0.0.1  xx.exiao01.com
127.0.0.1  www.exiao01.com
127.0.0.1  www.exiao01.com
127.0.0.1  new.749571.com
127.0.0.1  xtx.kv8.info
127.0.0.1  cao.kv8.info
127.0.0.1  1.jopmmqq.com
127.0.0.1  171817.171817.com
127.0.0.1  d2.llsging.com
127.0.0.1  down.malasc.cn
127.0.0.1  llboss.com
127.0.0.1  nx.51ylb.cn
127.0.0.1  my.531jx.cn
127.0.0.1  qqq.dzydhx.com
127.0.0.1  qqq.hao1658.com
127.0.0.1  www.333292.com
127.0.0.1  down.18dd.net
127.0.0.1  up.22x44.com
127.0.0.1  aaa.faba01.com
127.0.0.1  bad.tqdlt.cn
127.0.0.1  1.chsipo.com
127.0.0.1  c3.aishangai.net
127.0.0.1  c2.aishangai.net
127.0.0.1  xxx.188dm.com
127.0.0.1  x2.1a2b3c1.com
127.0.0.1  d1.163500.net
127.0.0.1  down.google-serv.cn

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 1484, C:\WINDOWS\SYSTEM32\SPOOLSV.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 3156, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹\SRENGLDR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3156, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\新建文件夹\SRENGLDR.EXE]

==================================
计划任务
N/A

==================================
API HOOK
入口点错误：NtCreateFile (危险等级: 高,  被下面模块所HOOK: 0x003D56DD)
入口点错误：NtCreateKey (危险等级: 高,  被下面模块所HOOK: 0x003D587D)
入口点错误：NtLoadDriver (危险等级: 高,  被下面模块所HOOK: 0x003D5FCD)
入口点错误：NtSetValueKey (危险等级: 高,  被下面模块所HOOK: 0x003D594D)
入口点错误：NtWriteFile (危险等级: 高,  被下面模块所HOOK: 0x003D57AD)
入口点错误：ZwCreateFile (危险等级: 高,  被下面模块所HOOK: 0x003D56DD)
入口点错误：ZwCreateKey (危险等级: 高,  被下面模块所HOOK: 0x003D587D)
入口点错误：ZwSetValueKey (危险等级: 高,  被下面模块所HOOK: 0x003D594D)
入口点错误：ZwWriteFile (危险等级: 高,  被下面模块所HOOK: 0x003D57AD)
入口点错误：CreateServiceA (危险等级: 高,  被下面模块所HOOK: 0x003D5C8D)
入口点错误：CreateServiceW (危险等级: 高,  被下面模块所HOOK: 0x003D5D5D)
入口点错误：LoadLibraryA (危险等级: 高,  被下面模块所HOOK: 0x003D698D)
入口点错误：LoadLibraryExW (危险等级: 高,  被下面模块所HOOK: 0x003D5575)
入口点错误：CreateFileW (危险等级: 高,  被下面模块所HOOK: 0x003D64AD)
入口点错误：CreateProcessA (危险等级: 高,  被下面模块所HOOK: 0x003D68BD)
入口点错误：CreateProcessW (危险等级: 高,  被下面模块所HOOK: 0x003D671D)

==================================
隐藏进程
N/A

==================================


[/CODE]