2004-11-17,10:14:29

System Repair Engineer 2.7.0.1210
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描
计划任务
API HOOK
隐藏进程


启动项目


注册表

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
(ctfmon.exe)(C:\WINDOWS\system32\ctfmon.exe) [(Verified)Microsoft Windows Publisher]
(msnmsgr)("C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background) [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
(run)() [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
(IMJPMIG8.1)("C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32) [(Verified)Microsoft Windows Publisher]
(PHIME2002ASync)(C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC) [(Verified)Microsoft Windows Publisher]
(RavTask)("C:\Program Files\Rising\Rav\RavTask.exe" -system) [(Verified)Beijing Rising Information Technology Corporation Limited]
(RfwMain)("C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup) [(Verified)Beijing Rising Information Technology Corporation Limited]
(runeip)("C:\Program Files\Rising\AntiSpyware\rstray.exe" /startup) [(Verified)Beijing Rising Information Technology Corporation Limited]
(TkBellExe)("C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot) [RealNetworks, Inc.]
(BigDog303)(C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)) [File is missing]
(360Safebox)("C:\Program Files\360Safebox\safeboxTray.exe" /r) [(Verified)Qizhi Software (beijing) Co. Ltd]
(360Safetray)(C:\Program Files\360safe\safemon\360tray.exe /start) [(Verified)Qizhi Software (beijing) Co. Ltd]
(Windows木马防火墙)(D:\ftc2008\Trojanwall.exe) [风云谷科技]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
(internetnet)(C:\WINDOWS\system32\spoolsv.exe) [(Infected) Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(shell)(Explorer.exe) [(Verified)Microsoft Windows Publisher]
(Userinit)(C:\WINDOWS\system32\userinit.exe,) [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
(AppInit_DLLs)(kmon.dll) [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(UIHost)(logonui.exe) [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
({AEB6717E-7E19-11d0-97EE-00C04FD91972})(shell32.dll) [(Verified)Microsoft Windows XP Publisher]
({32CD708B-60A7-4C00-9377-D73EAA495F0F})(C:\WINDOWS\system32\RavExt.dll) [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
(PostBootReminder)(%SystemRoot%\system32\SHELL32.dll) [(Verified)Microsoft Windows XP Publisher]
(CDBurn)(%SystemRoot%\system32\SHELL32.dll) [(Verified)Microsoft Windows XP Publisher]
(WebCheck)(%SystemRoot%\system32\webcheck.dll) [(Verified)Microsoft Windows Publisher]
(SysTray)(C:\WINDOWS\system32\stobject.dll) [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
(WinlogonNotify: crypt32chain)(crypt32.dll) [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
(WinlogonNotify: cryptnet)(cryptnet.dll) [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
(WinlogonNotify: cscdll)(cscdll.dll) [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
(WinlogonNotify: ScCertProp)(wlnotify.dll) [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
(WinlogonNotify: Schedule)(wlnotify.dll) [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
(WinlogonNotify: sclgntfy)(sclgntfy.dll) [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
(WinlogonNotify: SensLogn)(WlNotify.dll) [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
(WinlogonNotify: termsrv)(wlnotify.dll) [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
(WinlogonNotify: wlballoon)(wlnotify.dll) [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
({438755C2-A8BA-11D1-B96B-00A0C90312E1})(%SystemRoot%\system32\browseui.dll) [(Verified)Microsoft Windows Component Publisher]
({8C7461EF-2B13-11d2-BE35-3078302C2030})(%SystemRoot%\system32\browseui.dll) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\){22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
(Microsoft Windows Media Player)(C:\WINDOWS\inf\unregmp2.exe /ShowWMP) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\){26923b43-4d38-484f-9b9e-de460746276c}]
(Internet Explorer)(%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE) [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\){881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
(Outlook Express)(%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE) [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
(Themes Setup)(%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll) [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
(Microsoft Outlook Express 6)("%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install) [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
(NetMeeting 3.01)(rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT) [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
(Microsoft Windows Media Player)(rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
(通讯簿 6)("%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install) [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
(Windows 桌面更新)(regsvr32.exe /s /n /i:U shell32.dll) [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
(Internet Explorer 6)(%SystemRoot%\system32\ie4uinit.exe) [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
(N/A)(C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install) [Microsoft Corporation]
[HKEY_CURRENT_USER\Control Panel\Desktop]
(SCRNSAVE.EXE)(C:\WINDOWS\system32\regedt32.scr) [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
(bgswitch)(; C:\WINDOWS\system32\bgswitch.exe) []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
(BigDog303)(; C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)) [File is missing]
(Domino)(; C:\WINDOWS\Domino.EXE) [Vimicro]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
(eMuleAutoStart)(; E:\Program Files xp\eMule\emule.exe -AutoStart) [(Verified)"Shanghai Source Networking Technology Co., Ltd"]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
(iSpeak6)(; C:\Program Files\Changetech\iSpeak6.0\iSpeak.exe) [上海勤和互联网技术软件开发有限公司]
(Microsoft Pinyin IME Migration)(; C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL) [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
(MsnMsgr)(; "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background) [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
(NeroFilterCheck)(; C:\WINDOWS\system32\NeroCheck.exe) [Ahead Software Gmbh]
(OrderReminder)(; C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe) [Hewlett-Packard]
(PHIME2002A)(; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName) [(Verified)Microsoft Windows Publisher]
(SoundMan)(; SOUNDMAN.EXE) [(Verified)Microsoft Windows Hardware Compatibility Publisher]
(StormCodec_Helper)(; "E:\Program Files xp\Storm Codec\StormSet.exe" /S /opti) []
(TkBellExe)(; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot) [RealNetworks, Inc.]
(VMSnap3)(; C:\WINDOWS\VMSnap3.EXE) [ZSMCSNAP]




--------------------------------------------------------------------------------



启动文件夹

[服务管理器]
(C:\Documents and Settings\All Users\「开始」菜单\程序\启动\服务管理器.lnk --) C:\PROGRA~1\MICROS~3\80\Tools\Binn\sqlmangr.exe [Microsoft Corporation])(N)



--------------------------------------------------------------------------------



服务

[Ati HotKey Poller / Ati HotKey Poller][Stopped/Auto Start]
(C:\WINDOWS\system32\Ati2evxx.exe)((File is missing))
[Google Update Service (gupdate1c8ea21ce1a4b3b) / gupdate1c8ea21ce1a4b3b][Stopped/Auto Start]
("C:\Program Files\Google\Update\GoogleUpdate.exe" /svc)(Google Inc.)
[Human Interface Device Access / HidServ][Stopped/Disabled]
(C:\WINDOWS\System32\svchost.exe -k netsvcs--)%SystemRoot%\System32\hidserv.dll)(N/A)
[Macromedia Licensing Service / Macromedia Licensing Service][Stopped/Manual Start]
("C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe")(Macromedia)
[MSSQL$MSDE_GSECMS / MSSQL$MSDE_GSECMS][Running/Auto Start]
(e:\全国政府采购执行情况专项检查软件\MSDE_GSECMS\binnMSSQL$MSDE_GSECMS\Binn\sqlservr.exe -sMSDE_GSECMS)(Microsoft Corporation)
[MSSQLSERVER / MSSQLSERVER][Running/Auto Start]
(C:\PROGRA~1\MICROS~3\MSSQL\binn\sqlservr.exe)(Microsoft Corporation)
[Rising Proxy Service / RfwProxySrv][Running/Auto Start]
(c:\program files\rising\rfw\rfwproxy.exe)(Beijing Rising Information Technology Co., Ltd.)
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
(c:\program files\rising\rfw\rfwsrv.exe)(Beijing Rising Information Technology Co., Ltd.)
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
("C:\Program Files\Rising\Rav\CCenter.exe")(Beijing Rising Information Technology Co., Ltd.)
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
("C:\PROGRAM FILES\RISING\RAV\Ravmond.exe")(Beijing Rising Information Technology Co., Ltd.)
[Print Spooler / Spooler][Running/Auto Start]
(C:\WINDOWS\system32\spoolsv.exe)(Microsoft Corporation)
[SQLAgent$MSDE_GSECMS / SQLAgent$MSDE_GSECMS][Stopped/Manual Start]
(e:\全国政府采购执行情况专项检查软件\MSDE_GSECMS\binnMSSQL$MSDE_GSECMS\Binn\sqlagent.EXE -i MSDE_GSECMS)(Microsoft Corporation)
[SQLSERVERAGENT / SQLSERVERAGENT][Stopped/Manual Start]
(C:\PROGRA~1\MICROS~3\MSSQL\binn\sqlagent.exe)(Microsoft Corporation)
[Windows Live Setup Service / WLSetupSvc][Stopped/Manual Start]
("C:\Program Files\Windows Live\installer\WLSetupSvc.exe")(Microsoft Corporation)



--------------------------------------------------------------------------------



驱动程序

[Aladdin HASP Key / akshasp][Stopped/Manual Start]
(system32\DRIVERS\akshasp.sys)(Aladdin Knowledge Systems Ltd.)
[Aladdin USB Key / aksusb][Stopped/Manual Start]
(system32\DRIVERS\aksusb.sys)(Aladdin Knowledge Systems Ltd.)
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
(system32\drivers\ALCXWDM.SYS)(Realtek Semiconductor Corp.)
[ati2mtag / ati2mtag][Running/Manual Start]
(system32\DRIVERS\ati2mtag.sys)(ATI Technologies Inc.)
[FTCkillfile / FTCkillfile][Stopped/Manual Start]
(System32\Drivers\FTCkillfile.sys)(风云谷科技)
[FTCProtect / FTCProtect][Running/Manual Start]
(System32\Drivers\FTCProtect.sys)(风云谷科技)
[Hardlock / Hardlock][Running/Auto Start]
(\??\C:\WINDOWS\system32\drivers\hardlock.sys)(Aladdin Knowledge Systems Ltd.)
[HookCont / HookCont][Running/System Start]
(\SystemRoot\system32\drivers\HookCont.sys)(Beijing Rising Information Technology Co., Ltd.)
[HookNtos / HookNtos][Running/System Start]
(\SystemRoot\system32\drivers\HookNtos.sys)(Beijing Rising Information Technology Co., Ltd.)
[HookReg / HookReg][Running/System Start]
(\SystemRoot\system32\drivers\HookReg.sys)(Beijing Rising Information Technology Co., Ltd.)
[HookSys / HookSys][Running/System Start]
(\SystemRoot\system32\drivers\HookSys.sys)(Beijing Rising Information Technology Co., Ltd.)
[HookUrl / HookUrl][Running/Auto Start]
(\??\C:\Program Files\Rising\Rfw\HookUrl.sys)(Beijing Rising Information Technology Co., Ltd.)
[KAVSafe / KAVSafe][Running/Auto Start]
(\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys)(Kingsoft Corporation)
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
(system32\DRIVERS\ptilink.sys)(Parallel Technologies, Inc.)
[Rising Rfwbase Driver / RfwBase][Running/Auto Start]
(System32\DRIVERS\rfwbase.SYS)(Beijing Rising Information Technology Co., Ltd.)
[RsFwDrv / RsFwDrv][Running/System Start]
(\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys)(Beijing Rising Information Technology Co., Ltd.)
[RsNTGDI / RsNTGDI][Running/Boot Start]
(\SystemRoot\system32\Drivers\RsNTGdi.sys)(Beijing Rising Information Technology Co., Ltd.)
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
(system32\DRIVERS\RTL8139.SYS)(Realtek Semiconductor Corporation)
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
(\??\C:\WINDOWS\system32\drivers\SafeBoxKrnl.sys)(360安全中心)
[Secdrv / Secdrv][Stopped/Manual Start]
(system32\DRIVERS\secdrv.sys)(N/A)
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
(system32\DRIVERS\tcpip.sys)(Microsoft Corporation)
[vmfilter303 / vmfilter303][Stopped/Manual Start]
(system32\drivers\vmfilter303.sys)(Vimicro Corporation)
[不见不散 (Vimicro301 Neptune) / ZSMC303][Stopped/Manual Start]
(System32\Drivers\usbVM303.sys)(Vimicro Corporation)



--------------------------------------------------------------------------------



浏览器加载项

[ThunderAtOnce Class]
{01443AEC-0FD1-40fd-9C87-E93D1494C233} (C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD)
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (e:\program files xp\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx, (Signed) )
[CAdLogic Object]
{11F09AFD-75AD-4E51-AB43-E09E9351CE16} (C:\Program Files\Common Files\PushWare\cpush.dll, )
[]
{7E853D72-626A-48EC-A868-BA8D5E23E045} (, )
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} (C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD)
[Windows Live 登录帮助程序]
{9030D464-4C02-4ABF-8ECC-5164760863C6} (C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, (Signed) Microsoft Corporation)
[卡卡上网安全助手]
{98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} (C:\WINDOWS\system32\urlFilter.dll, (Signed) Beijing Rising Information Technology Co., Ltd.)
[IeCatch2 Class]
{A5366673-E8CA-11D3-9CD9-0090271D075B} (C:\PROGRA~1\FlashGet\jccatch.dll, Amaze Soft)
[SafeMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} (C:\Program Files\360safe\safemon\safemon.dll, (Signed) 360.CN)
[ThunderAtOnce Class]
{ED6A25E8-08F5-4937-948D-3E10C4F47FAA} (C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD)
[启动迅雷5]
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} (C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD)
[番茄花园]
{6096E38F-5AC1-4391-8EC4-75DFA92FB32F} (http://www.tomatolei.com, N/A)
[个性]
{6576434C-102F-22A0-36C9-2222F95ABF02} (G:\tools\IE修改器\myie., N/A)
[信息检索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} (E:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL, (Signed) Microsoft Corporation)
[FlashGet]
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} (C:\PROGRA~1\FlashGet\flashget.exe, Amaze Soft)
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} (C:\PROGRA~1\FlashGet\fgiebar.dll, Amaze Soft)
[iTrusPTA Class]
{1E0DFFCF-27FF-4574-849B-55007349FEDA} (C:\WINDOWS\system32\aliedit\pta.dll, (Signed) )
[GDGetTokenInfo Class]
{3AA9CF07-DF20-48FF-98BE-DED276E40146} (C:\WINDOWS\system32\GDREAD~1.DLL, )
[EditCtrl Class]
{488A4255-3236-44B3-8F27-FA1AECAA8844} (C:\WINDOWS\system32\aliedit\aliedit.dll, (Signed) )
[InfoSecNetSign Class]
{5CB840B5-A94E-4AD9-B785-4866E3B04476} (C:\WINDOWS\DOWNLO~1\ICBCNE~1.DLL, (Signed) Infosec Technologies Co., Ltd.)
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} (C:\WINDOWS\system32\wuweb.dll, (Signed) Microsoft Corporation)
[AxSubmitControl Class]
{8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (C:\WINDOWS\DOWNLO~1\SUBMIT~1.DLL, )
[]
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} (, )
[CCTVUpdateInstall]
{AC414988-E5BB-4C2C-873B-EA53D2F3D23A} (C:\WINDOWS\Downloaded Program Files\CCTVUpdateInstall.dll, )
[NTKO OFFICE文档控件]
{C9BC4DFF-4248-4A3C-8A49-63A7D317F404} (C:\WINDOWS\Downloaded Program Files\OfficeControl.ocx, 千航网络[NTKO SOFTWARE] WEB:http://www.ntko.com Email: tanger@ntko.com)
[ThunderAtOnce Class]
{01443AEC-0FD1-40FD-9C87-E93D1494C233} (C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD)
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (e:\program files xp\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx, (Signed) )
[]
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} (, )
[CAdLogic Object]
{11F09AFD-75AD-4E51-AB43-E09E9351CE16} (C:\Program Files\Common Files\PushWare\cpush.dll, )
[Thunder Agent Class]
{485463B7-8FB2-4B3B-B29B-8B919B0EACCE} (C:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll, (Signed) Thunder Networking Technologies,LTD)
[]
{6096E38F-5AC1-4391-8EC4-75DFA92FB32F} (, )
[]
{6576434C-102F-22A0-36C9-2222F95ABF02} (, )
[]
{7E853D72-626A-48EC-A868-BA8D5E23E045} (, )
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} (C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD)
[Windows Live 登录帮助程序]
{9030D464-4C02-4ABF-8ECC-5164760863C6} (C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, (Signed) Microsoft Corporation)
[]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} (, )
[卡卡上网安全助手]
{98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} (C:\WINDOWS\system32\urlFilter.dll, (Signed) Beijing Rising Information Technology Co., Ltd.)
[IeCatch2 Class]
{A5366673-E8CA-11D3-9CD9-0090271D075B} (C:\PROGRA~1\FlashGet\jccatch.dll, Amaze Soft)
[SafeMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} (C:\Program Files\360safe\safemon\safemon.dll, (Signed) 360.CN)
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} (C:\Program Files\Common Files\System\msadc\msadco.dll, (Signed) Microsoft Corporation)
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} (C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.)
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} (C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, (Signed) Adobe Systems, Inc.)
[]
{D6E814A0-E0C5-11D4-8D29-0050BA6940E3} (, )
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} (C:\PROGRA~1\FlashGet\fgiebar.dll, Amaze Soft)
[ThunderAtOnce Class]
{ED6A25E8-08F5-4937-948D-3E10C4F47FAA} (C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD)
[使用网际快车下载]
(C:\Program Files\FlashGet\jc_link.htm, N/A)
[使用网际快车下载全部链接]
(C:\Program Files\FlashGet\jc_all.htm, N/A)
[使用迅雷下载]
(C:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A)
[使用迅雷下载全部链接]
(C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A)
[导出到 Microsoft Excel(&X)]
(res://E:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000, N/A)



--------------------------------------------------------------------------------



正在运行的进程

[PID: 312 / SYSTEM][\SystemRoot\System32\smss.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 368 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 396 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4132]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 440 / SYSTEM][C:\WINDOWS\system32\services.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 452 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 608 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 664 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 704 / SYSTEM][C:\Program Files\Rising\Rav\CCenter.exe] [Beijing Rising Information Technology Co., Ltd., 20.0.0.33]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 728 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\WINDOWS\System32\mscoree.dll] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
[C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762]
[PID: 848 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 884 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 912 / SYSTEM][C:\PROGRAM FILES\RISING\RAV\ravmond.exe] [Beijing Rising Information Technology Co., Ltd., 20.0.0.80]
[C:\PROGRAM FILES\RISING\RAV\BWList.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.5]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.1]
[C:\PROGRAM FILES\RISING\RAV\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.19]
[C:\PROGRAM FILES\RISING\RAV\RsLog.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.36]
[C:\PROGRAM FILES\RISING\RAV\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[C:\PROGRAM FILES\RISING\RAV\MonRule.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.29]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\PROGRAM FILES\RISING\RAV\Hooksys.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 12]
[C:\PROGRAM FILES\RISING\RAV\HookReg.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6]
[C:\PROGRAM FILES\RISING\RAV\HookNtos.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5]
[C:\PROGRAM FILES\RISING\RAV\rswalmon.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 24]
[C:\PROGRAM FILES\RISING\RAV\recomp.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 41]
[C:\PROGRAM FILES\RISING\RAV\refs.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18]
[C:\PROGRAM FILES\RISING\RAV\ffr.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
[C:\Program Files\Rising\Rav\RsStore.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.9]
[C:\PROGRAM FILES\RISING\RAV\HookCont.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3]
[C:\Program Files\Rising\Rav\fakescan.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.14]
[C:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.39]
[C:\PROGRAM FILES\RISING\RAV\viruslib.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27]
[C:\PROGRAM FILES\RISING\RAV\relibldr.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRAM FILES\RISING\RAV\HookWeb.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.3]
[C:\PROGRAM FILES\RISING\RAV\extfile.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 32]
[C:\PROGRAM FILES\RISING\RAV\pearc.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 8]
[C:\PROGRAM FILES\RISING\RAV\nvfile.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 7]
[C:\PROGRAM FILES\RISING\RAV\scanexec.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 22]
[C:\PROGRAM FILES\RISING\RAV\unexe.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 6]
[C:\PROGRAM FILES\RISING\RAV\scanex.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 98]
[C:\PROGRAM FILES\RISING\RAV\scanpack.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10]
[C:\PROGRAM FILES\RISING\RAV\revm.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 11]
[C:\PROGRAM FILES\RISING\RAV\urutils.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 7]
[C:\PROGRAM FILES\RISING\RAV\ur000.dat] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 22]
[C:\PROGRAM FILES\RISING\RAV\scriptci.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 4]
[C:\PROGRAM FILES\RISING\RAV\ur001.dat] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5]
[C:\PROGRAM FILES\RISING\RAV\extmail.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10]
[C:\PROGRAM FILES\RISING\RAV\scansct.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 11]
[C:\PROGRAM FILES\RISING\RAV\ur023.dat] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 3]
[C:\PROGRAM FILES\RISING\RAV\uroutine.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27]
[C:\PROGRAM FILES\RISING\RAV\extole.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 13]
[C:\PROGRAM FILES\RISING\RAV\posttrt.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 25]
[PID: 928 / SYSTEM][c:\program files\rising\rfw\rfwsrv.exe] [Beijing Rising Information Technology Co., Ltd., 7.0.0.77]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
[C:\Program Files\Rising\Rfw\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[c:\program files\rising\rfw\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[c:\program files\rising\rfw\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.1]
[c:\program files\rising\rfw\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.19]
[c:\program files\rising\rfw\RfwRule.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.17]
[c:\program files\rising\rfw\rfwlog.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.16]
[c:\program files\rising\rfw\Rfwdrv.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.50]
[c:\program files\rising\rfw\ijt_ctrl.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.0]
[c:\program files\rising\rfw\unvdet.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.8]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[c:\program files\rising\rfw\mPorts.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.6]
[PID: 1160 / SYSTEM][c:\program files\rising\rfw\rfwproxy.exe] [Beijing Rising Information Technology Co., Ltd., 7.0.0.37]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
[C:\Program Files\Rising\Rfw\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[c:\program files\rising\rfw\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[c:\program files\rising\rfw\RfwRule.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.17]
[c:\program files\rising\rfw\urlrule.dll] [Beijing Rising Information Technology Co., Ltd., 1.0.0.15]
[c:\program files\rising\rfw\MonMid.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.6]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 1480 / Administrator][C:\WINDOWS\Explorer.EXE] [(Verified) Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005]
[D:\ftc2008\FTCMon.dll] [木马清道夫监控模块, 4.3.0.0]
[e:\program files xp\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx] [, 1, 0, 0, 1]
[C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 96]
[C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 20]
[C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
[C:\PROGRA~1\FlashGet\jccatch.dll] [Amaze Soft, 1, 1, 4, 0]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.18]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
[d:\ftc2008\FTCCommenu.dll] [Fygsoft and Microsoft, 3.0.0.71]
[C:\Program Files\Common Files\Adobe\Shell\PSICON.DLL] [Adobe Systems, Incorporated, 6.0]
[C:\Program Files\Macromedia\FlashPaper 2\FlashPaperContextMenu.dll] [, 2.01.2283.0]
[PID: 1504 / Administrator][c:\program files\rising\rfw\RfwMain.exe] [Beijing Rising Information Technology Co., Ltd., 7.0.1.70]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[c:\program files\rising\rfw\RsGuiLib.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 90]
[C:\Program Files\Rising\Rfw\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[c:\program files\rising\rfw\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[c:\program files\rising\rfw\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.1]
[c:\program files\rising\rfw\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.19]
[c:\program files\rising\rfw\RSCOMMON.DLL] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
[c:\program files\rising\rfw\RfwCtrl.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[c:\program files\rising\rfw\RsXML.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2]
[c:\program files\rising\rfw\PngDll.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[c:\program files\rising\rfw\RfwRule.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.17]
[PID: 1616 / SYSTEM][C:\Program Files\Google\Update\GoogleUpdate.exe] [Google Inc., 1.2.131.7]
[C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\Program Files\Google\Update\1.2.131.25\goopdate.dll] [Google Inc., 1.2.131.25]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1632 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [(Infected) Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\WINDOWS\system32\ZLhp1020.DLL] [Zenographics, Inc., 5, 53, 3723, 0]
[C:\WINDOWS\system32\ZLM.dll] [Zenographics, Inc., 5, 50, 1416, 0]
[C:\WINDOWS\system32\KC2MON.DLL] [Microsoft Corporation, 4.00]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\IMFPrint.DLL] [Zenographics, Inc., 5, 54, 330, 0]
[C:\WINDOWS\system32\Imf32.dll] [Zenographics, Inc., 5, 60, 1204, 0]
[C:\WINDOWS\system32\ZTAG32.dll] [Zenographics, Inc., 5, 60, 1210, 0]
[C:\WINDOWS\system32\ZSPOOL.dll] [Zenographics, Inc., 5, 51, 709, 0]
[PID: 212 / Administrator][C:\Program Files\Rising\Rav\RavTask.exe] [Beijing Rising Information Technology Co., Ltd., 20.0.0.24]
[C:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[C:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Information Technology Co., Ltd., 20.0.0.1]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.19]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 252 / Administrator][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3208]
[C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\ftc2008\FTCMon.dll] [木马清道夫监控模块, 4.3.0.0]
[PID: 344 / Administrator][C:\Program Files\Rising\Rav\Ravmon.exe] [Beijing Rising Information Technology Co., Ltd., 20.0.01.27]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[C:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
[C:\Program Files\Rising\Rav\recomp.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 41]
[C:\Program Files\Rising\Rav\refs.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18]
[C:\Program Files\Rising\Rav\viruslib.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27]
[C:\Program Files\Rising\Rav\relibldr.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
[C:\Program Files\Rising\Rav\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.1]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.19]
[C:\Program Files\Rising\Rav\MonRule.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.29]
[C:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Rising\Rav\Rsguilib.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 90]
[C:\Program Files\Rising\Rav\RsXML.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2]
[PID: 1468 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[D:\ftc2008\FTCMon.dll] [木马清道夫监控模块, 4.3.0.0]
[PID: 1536 / Administrator][C:\Program Files\Windows Live\Messenger\msnmsgr.exe] [Microsoft Corporation, 8.5.1302.1018]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
[C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.36]
[C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[D:\ftc2008\FTCMon.dll] [木马清道夫监控模块, 4.3.0.0]
[PID: 2200 / SYSTEM][C:\WINDOWS\system32\inetsrv\inetinfo.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
[C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.36]
[C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762]
[PID: 2212 / Administrator][C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe] [Microsoft Corporation, 2000.080.2039.00]
[C:\Program Files\Microsoft SQL Server\80\Tools\Binn\W95SCM.dll] [Microsoft Corporation, 2000.080.2039.00]
[C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLSVC.dll] [Microsoft Corporation, 2000.080.2039.00]
[C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLRESLD.dll] [Microsoft Corporation, 2000.080.2039.00]
[C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
[C:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\2052\SQLSVC.RLL] [Microsoft Corporation, 2000.080.0382.00]
[C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.36]
[C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\2052\sqlmangr.RLL] [Microsoft Corporation, 2000.080.0194.00]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\ftc2008\FTCMon.dll] [木马清道夫监控模块, 4.3.0.0]
[PID: 2328 / SYSTEM][e:\全国政府采购执行情况专项检查软件\MSDE_GSECMS\binnMSSQL$MSDE_GSECMS\Binn\sqlservr.exe] [Microsoft Corporation, 2000.080.2039.00]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[e:\全国政府采购执行情况专项检查软件\MSDE_GSECMS\binnMSSQL$MSDE_GSECMS\Binn\opends60.dll] [Microsoft Corporation, 2000.080.2039.00]
[e:\全国政府采购执行情况专项检查软件\MSDE_GSECMS\binnMSSQL$MSDE_GSECMS\Binn\sqlsort.dll] [Microsoft Corporation, 2000.080.2039.00]
[e:\全国政府采购执行情况专项检查软件\MSDE_GSECMS\binnMSSQL$MSDE_GSECMS\Binn\ums.dll] [Microsoft Corporation, 2000.080.2039.00]
[C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
[C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.36]
[C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
[e:\全国政府采购执行情况专项检查软件\MSDE_GSECMS\binnMSSQL$MSDE_GSECMS\Binn\Resources\2052\sqlevn70.RLL] [Microsoft Corporation, 2000.080.2039.00]
[e:\全国政府采购执行情况专项检查软件\MSDE_GSECMS\binnMSSQL$MSDE_GSECMS\binn\SSNETLIB.dll] [Microsoft Corporation, 2000.080.2039.00]
[e:\全国政府采购执行情况专项检查软件\MSDE_GSECMS\binnMSSQL$MSDE_GSECMS\Binn\SSmsLPCn.dll] [Microsoft Corporation, 2000.080.2039.00]
[e:\全国政府采购执行情况专项检查软件\MSDE_GSECMS\binnMSSQL$MSDE_GSECMS\Binn\SSnmPN70.dll] [Microsoft Corporation, 2000.080.2039.00]
[PID: 2576 / NETWORK SERVICE][C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe] [Microsoft Corporation, 2005.090.1399.00]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll] [Microsoft Corporation, 8.00.50727.762]
[C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
[C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.36]
[C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
[C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\Resources\1033\sqlevn70.RLL] [Microsoft Corporation, 2005.090.1399.00]
[C:\WINDOWS\system32\MSCOREE.DLL] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
[PID: 2728 / SYSTEM][C:\PROGRA~1\MICROS~3\MSSQL\binn\sqlservr.exe] [Microsoft Corporation, 2000.080.0194.00]
[C:\PROGRA~1\MICROS~3\MSSQL\binn\OPENDS60.DLL] [Microsoft Corporation, 2000.080.0194.00]
[C:\PROGRA~1\MICROS~3\MSSQL\binn\UMS.DLL] [Microsoft Corporation, 2000.080.0194.00]
[C:\PROGRA~1\MICROS~3\MSSQL\binn\SQLSORT.DLL] [Microsoft Corporation, 2000.080.0194.00]
[C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
[C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.36]
[C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
[C:\PROGRA~1\MICROS~3\MSSQL\binn\Resources\2052\sqlevn70.RLL] [Microsoft Corporation, 2000.080.0194.00]
[C:\PROGRA~1\MICROS~3\MSSQL\binn\SSNETLIB.dll] [Microsoft Corporation, 2000.080.0194.00]
[C:\PROGRA~1\MICROS~3\MSSQL\binn\SSNMPN70.dll] [Microsoft Corporation, 2000.080.0194.00]
[C:\PROGRA~1\MICROS~3\MSSQL\binn\SSmsLPCn.dll] [Microsoft Corporation, 2000.080.0194.00]
[PID: 2840 / NETWORK SERVICE][C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe] [Microsoft Corporation, 2005.090.1399.00]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762]
[C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
[PID: 2888 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2904 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
[C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.36]
[C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
[PID: 3940 / Administrator][E:\Program Files xp\Microsoft Office\Office12\POWERPNT.EXE] [Microsoft Corporation, 12.0.4518.1014]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762]
[E:\Program Files xp\Microsoft Office\Office12\USP10.dll] [Microsoft Corporation, 1.0626.5756.0 (vista_rtm.061008-1400)]
[C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
[D:\ftc2008\FTCMon.dll] [木马清道夫监控模块, 4.3.0.0]
[C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.36]
[C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\mscoree.dll] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\NOZOMIUI.DLL] [N/A, ]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\NOZOMINT.DLL] [Windows (R) 2000 DDK provider, 5.00.2195.1620]
[C:\Program Files\Macromedia\FlashPaper 2\OfficePrintAddIn.dll] [Macromedia, 2.01.2283.0]
[C:\Program Files\Macromedia\FlashPaper 2\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Macromedia\FlashPaper 2\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\VB6CHS.DLL] [Microsoft Corporation, 6.00.8169]
[C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
[C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\c8355648a739b949a48f253f7275f2f7\mscorlib.ni.dll] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
[C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fusion.dll] [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
[C:\Program Files\Rising\Rav\RsPlugIn.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.20]
[C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL] [, ]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll] [Microsoft Corporation, 8.00.50727.762]
[PID: 1592 / Administrator][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
[C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.36]
[C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005]
[C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, Copyright 2005-2007]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[e:\program files xp\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx] [, 1, 0, 0, 1]
[C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 96]
[C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 20]
[C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
[C:\WINDOWS\system32\urlFilter.dll] [Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 15]
[C:\Program Files\Rising\AntiSpyware\UrlRule.dll] [Beijing Rising Information Technology Co., Ltd., 1.0.0.15]
[C:\PROGRA~1\FlashGet\jccatch.dll] [Amaze Soft, 1, 1, 4, 0]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5]
[C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx] [Adobe Systems, Inc., 9,0,124,0]
[C:\Program Files\Common Files\PushWare\cpush.dll] [, 1.1.1.2]
[C:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 4, 23]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.18]
[PID: 4072 / Administrator][C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe] [Microsoft Corporation, 4.200.520.1]
[C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
[C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.36]
[C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3644 / SYSTEM][C:\WINDOWS\system32\a.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2832 / Administrator][E:\Program Files xp\同花顺华创\hexin.exe] [上海核新软件技术有限公司(Hexin), 2008, 2, 14, 84]
[C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[E:\Program Files xp\同花顺华创\RICHED20.dll] [Microsoft Corporation, 5.30.23.1205]
[PID: 900 / Administrator][E:\Program Files xp\同花顺华创\GLT.exe] [上海核新软件技术有限公司, 2006, 10, 9, 1]
[E:\Program Files xp\同花顺华创\sqlite30.dll] [上海核新软件技术有限公司, 2005, 5, 12, 0]
[C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[E:\Program Files xp\同花顺华创\RICHEDTW.DLL] [Microsoft Corporation, 5.00.2134.1]
[E:\Program Files xp\同花顺华创\RICHED20.dll] [Microsoft Corporation, 5.30.23.1205]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5]
[PID: 2652 / Administrator][E:\Program Files xp\同花顺华创\zdsj.exe] [上海核新软件技术有限公司, 2007, 3, 16, 0]
[C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[E:\Program Files xp\同花顺华创\RICHED20.dll] [Microsoft Corporation, 5.30.23.1205]
[PID: 3916 / Administrator][C:\Program Files\FlashGet\flashget.exe] [Amaze Soft, 1, 3, 0, 0]
[C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2564 / Administrator][C:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe] [Thunder Networking Technologies,LTD, 5.8.5.576]
[C:\Program Files\Thunder Network\Thunder\Program\BugReport.dll] [Thunder Networking Technologies,LTD, 1, 4, 1, 20]
[C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Thunder Network\Thunder\Program\TaskManager.dll] [Thunder Networking Technologies,LTD, 1, 3, 9, 71]
[C:\Program Files\Thunder Network\Thunder\Program\download_interface.dll] [Thunder Networking Technologies,LTD, 3, 3, 2, 323]
[C:\Program Files\Thunder Network\Thunder\Program\mp.dll] [Thunder Networking Technologies,LTD, 1, 0, 2, 2]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Thunder Network\Thunder\Program\asyn_frame.dll] [Thunder Networking Technologies,LTD, 1, 2, 2, 25]
[C:\Program Files\Thunder Network\Thunder\Program\ATL71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Thunder Network\Thunder\Program\fs.dll] [Thunder Networking Technologies,LTD, 1, 1, 2, 12]
[C:\Program Files\Thunder Network\Thunder\Program\XLNet.Dll] [Thunder Networking Technologies,LTD, 1, 5, 2, 25]
[C:\Program Files\Thunder Network\Thunder\Program\BHOStub.dll] [Thunder Networking Technologies,LTD, 1, 1, 1, 10]
[C:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DownAndPlay.dll] [, 1, 0, 12, 30]
[C:\Program Files\Thunder Network\Thunder\Program\backend_agent.dll] [Thunder Networking Technologies,LTD, 1, 2, 2, 24]
[C:\Program Files\Thunder Network\Thunder\Program\zlib1.dll] [, 1.2.3]
[C:\Program Files\Thunder Network\Thunder\Program\p2sp.dll] [Thunder Networking Technologies,LTD, 1, 1, 2, 39]
[C:\Program Files\Thunder Network\Thunder\Program\down_dispatcher.dll] [Thunder Networking Technologies,LTD, 1, 0, 2, 24]
[C:\Program Files\Thunder Network\Thunder\Program\ptl.dll] [Thunder Networking Technologies,LTD, 3,2,2,31]
[C:\Program Files\Thunder Network\Thunder\Program\dl_peer_id.dll] [Thunder Networking Technologies,LTD, 3, 1, 2, 2]
[C:\Program Files\Thunder Network\Thunder\Program\xl_stat.dll] [, 1, 1, 2, 6]
[C:\Program Files\Thunder Network\Thunder\Program\p2p_network_com.dll] [, 1, 0, 2, 25]
[C:\Program Files\Thunder Network\Thunder\Program\p2p_upload.dll] [Thunder Networking Technologies,LTD, 1,2,2,12]
[C:\Program Files\Thunder Network\Thunder\Program\p2p.dll] [Thunder Networking Technologies,LTD, 1,2,2,34]
[C:\Program Files\Thunder Network\Thunder\Program\xldc.dll] [Thunder Networking Technologies,LTD, 2, 6, 2, 18]
[C:\Program Files\Thunder Network\Thunder\Program\stream.dll] [Thunder Networking Technologies,LTD, 2, 1, 2, 391]
[C:\Program Files\Thunder Network\Thunder\Program\p2p_local_res.dll] [Thunder Networking Technologies,LTD, 1,2,2,16]
[C:\Program Files\Thunder Network\Thunder\Program\al.dll] [Thunder Networking Technologies,LTD, 1,2,2,22]
[C:\Program Files\Thunder Network\Thunder\Program\iTargetAD.dll] [Thunder Networking Technologies,LTD, 1, 0, 4, 35]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762]
[C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx] [Adobe Systems, Inc., 9,0,124,0]
[C:\Program Files\Thunder Network\Thunder\Components\InMedia\iEmbedShell.dll] [　, 1, 0, 2, 26]
[C:\Program Files\Thunder Network\Thunder\Components\InMedia\iEmbed18.dll] [Thunder Networking Technologies,LTD, 3, 4, 9, 110]
[C:\Program Files\Thunder Network\Thunder\Components\InMedia\PlayerHelper.dll] [thunder, 1, 2, 7, 61]
[C:\Program Files\Thunder Network\Thunder\Components\InMedia\XLIPC.DLL] [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
[C:\Program Files\Thunder Network\Thunder\Components\P4PClient\P4PClient.dll] [Thunder Networking Technologies,LTD, 2, 2, 5, 70]
[C:\Program Files\Thunder Network\Thunder\Components\Community\XLCommunity.dll] [Thunder Networking Technologies,LTD, 2, 5, 0, 90]
[C:\Program Files\Thunder Network\Thunder\Program\RegisterDll.dll] [Thunder Networking Technologies,LTD, 2, 17, 0, 67]
[C:\Program Files\Thunder Network\Thunder\Program\MSVCIRT.dll] [Microsoft Corporation, 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Thunder Network\Thunder\Program\imdt.dll] [Thunder Networking Technologies,LTD, 1.2.2.18]
[C:\Program Files\Thunder Network\Thunder\Components\Search\XLSearch.dll] [Thunder Networking Technologies,LTD, 1, 1, 7, 25]
[C:\Program Files\Thunder Network\Thunder\Program\LiveUpdate.dll] [Thunder Networking Technologies,LTD, 1, 2, 4, 26]
[C:\Program Files\Thunder Network\Thunder\Components\XLSoftBase\XLSoftwareBase.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 3]
[C:\Program Files\Thunder Network\Thunder\Plugins\KanKanTop\KanKanTop.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 4]
[C:\Program Files\Thunder Network\Thunder\Components\ExplorerHelper\ExplorerHelper.dll] [Thunder Networking Technologies,LTD, 1, 0, 4, 19]
[C:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 4, 23]
[C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 96]
[C:\Program Files\Thunder Network\Thunder\Components\Tips\TipsClient.dll] [Thunder Networking Technologies,LTD, 2, 2, 14, 120]
[C:\Program Files\Thunder Network\Thunder\Components\VPSHELL\VPSHELL.dll] [迅雷网络, 3, 0, 1, 33]
[C:\Program Files\Thunder Network\Thunder\Components\UserExperience\UserExperience.dll] [Thunder Networking Technologies,LTD, 1, 0, 3, 5]
[C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsXlCom.dll] [, 1, 0, 0, 30]
[C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
[C:\Program Files\Thunder Network\Thunder\Components\ResWorker\MediaWorker.dll] [Thunder Networking Technologies,LTD, 1, 2, 0, 22]
[C:\Program Files\Thunder Network\Thunder\Program\emule_id.dll] [, 1, 0, 2, 11]
[C:\Program Files\Thunder Network\Thunder\Components\Tips\XLIPC.DLL] [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5]
[C:\Program Files\Thunder Network\Thunder\Components\DownloadStat\DownloadStat.dll] [Thunder Networking Technologies,LTD, 1, 4, 1, 6]
[C:\Program Files\Thunder Network\Thunder\Components\InMedia\MediaAddin17.dll] [Thunder Networking Technologies,LTD, 3, 1, 5, 78]
[C:\Program Files\Thunder Network\Thunder\Program\bd.dll] [Thunder Networking Technologies,LTD, 1, 0, 2, 18]
[PID: 3404 / Administrator][C:\Program Files\Thunder Network\Thunder\Components\InMedia\ThunderMinisite.exe] [Thunder Networking Technologies,LTD, 1, 0, 5, 20]
[C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
[c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[c:\program files\rising\rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Thunder Network\Thunder\Components\InMedia\XLIPC.DLL] [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5]
[C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx] [Adobe Systems, Inc., 9,0,124,0]
[C:\Program Files\Thunder Network\Thunder\Components\InMedia\MediaAddin17.dll] [Thunder Networking Technologies,LTD, 3, 1, 5, 78]
[PID: 3484 / Administrator][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.766\SREngLdr.EXE] [Smallfrogs Studio, 2.7.0.1210]
[PID: 4056 / Administrator][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.766\SRE37a9badc.EXE] [Smallfrogs Studio, 2.7.0.1210]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.766\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]



--------------------------------------------------------------------------------



文件关联

.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS Error. ["C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1"]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]



--------------------------------------------------------------------------------



Winsock 提供者

N/A



--------------------------------------------------------------------------------



Autorun.inf

[C:\]
[AutoRun] 
shell\open=打开(&O) 
shell\open\Command=HBYP.PIF 
shell\open\Default=1 
shell\explore=资源管理器(&X) 
shell\explore\command=HBYP.PIF
[D:\]
[AutoRun] 
shell\open=打开(&O) 
shell\open\Command=HBYP.PIF 
shell\open\Default=1 
shell\explore=资源管理器(&X) 
shell\explore\command=HBYP.PIF
[E:\]
[AutoRun] 
shell\open=打开(&O) 
shell\open\Command=HBYP.PIF 
shell\open\Default=1 
shell\explore=资源管理器(&X) 
shell\explore\command=HBYP.PIF
[F:\]
[AutoRun] 
shell\open=打开(&O) 
shell\open\Command=HBYP.PIF 
shell\open\Default=1 
shell\explore=资源管理器(&X) 
shell\explore\command=HBYP.PIF
[G:\]
[AutoRun] 
shell\open=打开(&O) 
shell\open\Command=HBYP.PIF 
shell\open\Default=1 
shell\explore=资源管理器(&X) 
shell\explore\command=HBYP.PIF



--------------------------------------------------------------------------------



HOSTS 文件

127.0.0.1 localhost



--------------------------------------------------------------------------------



进程特权扫描

特殊特权被允许： SeLoadDriverPrivilege [PID = 1632, C:\WINDOWS\SYSTEM32\SPOOLSV.EXE]
特殊特权被允许： SeSystemtimePrivilege [PID = 252, C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 252, C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 252, C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE]
特殊特权被允许： SeSystemtimePrivilege [PID = 2212, C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\SQLMANGR.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 2212, C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\SQLMANGR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2212, C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\SQLMANGR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3644, C:\WINDOWS\SYSTEM32\A.EXE]
特殊特权被允许： SeSystemtimePrivilege [PID = 3644, C:\WINDOWS\SYSTEM32\A.EXE]
特殊特权被允许： SeSystemtimePrivilege [PID = 2832, E:\PROGRAM FILES XP\同花顺华创\HEXIN.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 2832, E:\PROGRAM FILES XP\同花顺华创\HEXIN.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2832, E:\PROGRAM FILES XP\同花顺华创\HEXIN.EXE]
特殊特权被允许： SeSystemtimePrivilege [PID = 900, E:\PROGRAM FILES XP\同花顺华创\GLT.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 900, E:\PROGRAM FILES XP\同花顺华创\GLT.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 900, E:\PROGRAM FILES XP\同花顺华创\GLT.EXE]
特殊特权被允许： SeSystemtimePrivilege [PID = 2652, E:\PROGRAM FILES XP\同花顺华创\ZDSJ.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 2652, E:\PROGRAM FILES XP\同花顺华创\ZDSJ.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2652, E:\PROGRAM FILES XP\同花顺华创\ZDSJ.EXE]
特殊特权被允许： SeSystemtimePrivilege [PID = 3916, C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 3916, C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3916, C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE]
特殊特权被允许： SeSystemtimePrivilege [PID = 2564, C:\PROGRAM FILES\THUNDER NETWORK\THUNDER\PROGRAM\THUNDER5.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 2564, C:\PROGRAM FILES\THUNDER NETWORK\THUNDER\PROGRAM\THUNDER5.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2564, C:\PROGRAM FILES\THUNDER NETWORK\THUNDER\PROGRAM\THUNDER5.EXE]
特殊特权被允许： SeSystemtimePrivilege [PID = 3404, C:\PROGRAM FILES\THUNDER NETWORK\THUNDER\COMPONENTS\INMEDIA\THUNDERMINISITE.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 3404, C:\PROGRAM FILES\THUNDER NETWORK\THUNDER\COMPONENTS\INMEDIA\THUNDERMINISITE.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3404, C:\PROGRAM FILES\THUNDER NETWORK\THUNDER\COMPONENTS\INMEDIA\THUNDERMINISITE.EXE]
特殊特权被允许： SeSystemtimePrivilege [PID = 3484, C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\RAR$EX00.766\SRENGLDR.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 3484, C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\RAR$EX00.766\SRENGLDR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3484, C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\RAR$EX00.766\SRENGLDR.EXE]



--------------------------------------------------------------------------------



计划任务

[已启用] GoogleUpdateTaskMachine.job
C:\Program Files\Google\Update\GoogleUpdate.exe 



--------------------------------------------------------------------------------



API HOOK

入口点错误：FreeLibrary (危险等级: 高, 被下面模块所HOOK: 0x5F00002D)



--------------------------------------------------------------------------------



隐藏进程

[1381] D:\ftc2008\Trojanwall.exe



--------------------------------------------------------------------------------