[CODE] 2008-12-12,08:08:11 System Repair Engineer 2.7.0.1210 Smallfrogs (http://www.KZTechs.com) Windows XP Home Edition Service Pack 1 (Build 2600) - 管理权限用户 - 完整功能以下内容被选中：所有的启动项目（包括注册表、启动文件夹、服务等）浏览器加载项正在运行的进程（包括进程模块信息）文件关联 Winsock 提供者 Autorun.inf HOSTS 文件进程特权扫描计划任务 API HOOK 隐藏进程启动项目注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] [(Infected) Microsoft Corporation] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <> [N/A] <> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows XP Publisher] [(Verified)Microsoft Windows Publisher] [(Verified)Microsoft Windows Publisher] [(Verified)Microsoft Windows Hardware Compatibility Publisher] [(Verified)Microsoft Windows Hardware Compatibility Publisher] [(Verified)Microsoft Windows Hardware Compatibility Publisher] [(Verified)Microsoft Windows Hardware Compatibility Publisher] <"C:\Program Files\Rising\Rav\RavTask.exe" -system> [(Verified)Beijing Rising Information Technology Corporation Limited] <"C:\Program Files\Rising\AntiSpyware\rstray.exe" /startup> [(Verified)Beijing Rising Information Technology Corporation Limited] <"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [(Verified)Beijing Rising Information Technology Corporation Limited] [] <"C:\WINDOWS\System32\nap32.exe" /run> [Beijing Rising Information Technology Co., Ltd.] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] [(Verified)Beijing Rising Information Technology Corporation Limited] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Publisher] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] [(Verified)Beijing Rising Information Technology Corporation Limited] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{AEB6717E-7E19-11d0-97EE-00C04FD91972}> [(Verified)Microsoft Windows Component Publisher] <{FFAE967F-D0FC-4D2B-A0F5-D1BF27F46418}> [] <{56BC86C7-0692-4F94-A2C1-6CF1DBF8096C}><56BC86C7.dll> [] <{5934EA2B-B2C4-4BE7-BF7A-FBA781A12E40}><5934EA2B.dll> [] <{950D1600-DE4A-448D-93B4-7BAE5A7A8052}><950D1600.dll> [] <{DFB3DAC5-B0B5-4B05-BFCF-FB42737778FA}> [] <{133AEAC9-9C88-4905-864C-38BBA312D9B0}><133AEAC9.dll> [] <{34A25F04-008D-403E-8EE6-2307BC02FA2E}><34A25F04.dll> [] <{DA63E650-537C-4042-87BB-9D19D844680B}> [] <{08223B03-1B38-4A33-A83A-A4D3CC1D6E4E}><08223B03.dll> [] <{E0D39066-96D7-4891-8527-488ADAFCD60F}> [] <{E4814792-EFA3-4C20-93D0-8B130A59F9A8}> [] <{06EA0A93-F850-4155-B819-BD0D9B5F25EE}><06EA0A93.dll> [] <{9CA963CA-107C-4089-B0AB-31380F90D7E3}><9CA963CA.dll> [] <{E44343AD-3605-4282-AC8F-2E41C2F5F398}> [] <{2EF0D734-21FD-4225-A1A2-BCD296182AAF}><2EF0D734.dll> [] <{A1A6BC2E-C6A1-43C1-8884-A31D772F42B8}> [] <{66AFCB56-FAA9-42D2-8C72-2767A46C7FA8}><66AFCB56.dll> [] <{D80E5A86-66ED-46BE-A3E5-312AA716892E}> [] <{32CD708B-60A7-4C00-9377-D73EAA495F0F}> [(Verified)Beijing Rising Information Technology Corporation Limited] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] <%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher] <%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher] <%SystemRoot%\System32\webcheck.dll> [(Verified)Microsoft Windows Publisher] [(Verified)Microsoft Windows Publisher] [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] [(Verified)Microsoft Windows XP Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] [(Verified)Microsoft Windows XP Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] [(Verified)Microsoft Windows XP Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Sebring] [Intel Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\System32\browseui.dll> [(Verified)Microsoft Windows Component Publisher] <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\System32\browseui.dll> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] <浏览器自定义组件> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] <%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] [(Verified)Microsoft Windows XP Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] [(Verified)Microsoft Windows XP Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] <%SystemRoot%\system32\ie4uinit.exe> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwstub.exe] [(Verified)Microsoft Windows XP Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Thunder5.exe] [(Verified)Microsoft Windows XP Publisher] ================================== 启动文件夹 N/A ================================== 服务 [Application Management / AppMgmt][Stopped/Disabled] %SystemRoot%\System32\appmgmts.dll> [D1EED / D1EED][Stopped/Auto Start] [Human Interface Device Access / HidServ][Stopped/Disabled] %SystemRoot%\System32\hidserv.dll> [适配器切换 / IntelRoam][Running/Auto Start] [RegSrvc / RegSrvc][Running/Auto Start] [Rising Proxy Service / RfwProxySrv][Running/Auto Start] [Rising Personal Firewall Service / RfwService][Running/Auto Start] [RoamMgr / RoamMgr][Running/Auto Start] [Remote Procedure Call (RPC) / RpcSs][Running/Auto Start] c:\windows\system32\rpcss.dll> [Rising Process Communication Center / RsCCenter][Stopped/Auto Start] <"C:\Program Files\Rising\Rav\CCenter.exe"> [Rising RealTime Monitor / RsRavMon][Stopped/Auto Start] <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"> [SNS PSP Media Buffer for Window / rtpPStream][Running/Auto Start] [Spectrum24 Event Monitor / S24EventMonitor][Running/Auto Start] ================================== 驱动程序 [6457aed / 6457aed][Running/Manual Start] <\??\C:\WINDOWS\System32\6457aed.sys> [Alps Touch Pad Filter Driver for Windows 2000/XP / ApfiltrService][Running/Manual Start] [b71fe93 / b71fe93][Stopped/Manual Start] <\??\C:\WINDOWS\System32\b71fe93.sys> [Intel(R) PRO Adapter Driver / E100B][Running/Manual Start] [f28907d / f28907d][Stopped/Manual Start] <\??\C:\WINDOWS\System32\f28907d.sys> [HBKernel32 Driver / HBKernel32][Stopped/Boot Start] <\SystemRoot\System32\drivers\HBKernel32.sys> [HookCont / HookCont][Running/System Start] <\SystemRoot\system32\drivers\HookCont.sys> [HookNtos / HookNtos][Running/System Start] <\SystemRoot\system32\drivers\HookNtos.sys> [HookReg / HookReg][Running/System Start] <\SystemRoot\system32\drivers\HookReg.sys> [HookSys / HookSys][Running/System Start] <\SystemRoot\system32\drivers\HookSys.sys> [HookUrl / HookUrl][Running/Auto Start] <\??\C:\Program Files\Rising\Rfw\HookUrl.sys> [ialm / ialm][Running/Manual Start] [英特尔适配器切换驱动程序 / Intel_MIPMNMP][Running/Manual Start] [OMCI WDM Device Driver / OMCI][Running/System Start] [PCAMPR5 NDIS Protocol Driver / PCAMPR5][Running/Manual Start] <\??\C:\WINDOWS\System32\PCAMPR5.SYS> [PCANDIS5 NDIS Protocol Driver / PCANDIS5][Running/Manual Start] <\??\C:\WINDOWS\System32\PCANDIS5.SYS> [Direct Parallel Link Driver / Ptilink][Running/Manual Start] [W2K Pctel Serial Device Driver / Ptserial][Running/Manual Start] [Rising Rfwbase Driver / RfwBase][Running/Auto Start] [RsFwDrv / RsFwDrv][Running/System Start] <\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys> [RsNTGDI / RsNTGDI][Running/Boot Start] <\SystemRoot\System32\Drivers\RsNTGdi.sys> [WLAN Transport / s24trans][Running/Auto Start] [Secdrv / Secdrv][Stopped/Manual Start] [Audio Driver (WDM) - SigmaTel CODEC / STAC97][Running/Manual Start] [W2k Vmodem / Vmodem][Running/Boot Start] <\SystemRoot\System32\DRIVERS\vmodem.sys> [W2k Vpctcom / Vpctcom][Running/Boot Start] <\SystemRoot\System32\DRIVERS\vpctcom.sys> [W2k Vvoice / Vvoice][Running/Boot Start] <\SystemRoot\System32\DRIVERS\vvoice.sys> [Intel(R) PRO/Wireless 7100 Adapter 驱动程序 / w70n51][Stopped/Manual Start] [Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Running/Manual Start] [Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Running/Manual Start] [AIM 3.0 Part 01 Codec Driver CH-7009-A/CH-7011 / {E2B953A6-195A-44F9-9BA3-3D5F4E32BB55}][Running/Manual Start] [AIM 3.0 Part 01 Codec Driver CH-7009-B / {E2B953A7-195A-44F9-9BA3-3D5F4E32BB55}][Running/Manual Start] ================================== 浏览器加载项 [启动迅雷5] {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} [@shdoclc.dll,-866] {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, > [电台(&R)] {8E718888-423F-11D2-876E-00A0C9082467} [] {33564D57-0000-0010-8000-00AA00389B71} <, > [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [Thunder Agent Class] {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} [XMP Class] {6483F145-A768-4C41-AACC-52D4D7845851} [MediaComm Class] {7670648D-461B-42AF-BDFE-46D26AF5EFF2} [DapCtrl Class] {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} [XPPlayer Class] {F3E70CEA-956E-49CC-B444-73AFE593AD7F} [使用迅雷下载] [使用迅雷下载全部链接] [在Foxmail中添加该RSS频道/频道组] [导出到 Microsoft Office Excel(&X)] ================================== 正在运行的进程 [PID: 760 / SYSTEM][\SystemRoot\System32\smss.exe] [(Verified) Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)] [PID: 824 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [(Verified) Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\System32\csrss.dll] [N/A, ] [C:\WINDOWS\system32\sh03007.dll] [N/A, ] [C:\WINDOWS\system32\sh09008.dll] [N/A, ] [C:\WINDOWS\system32\sh14021.dll] [N/A, ] [C:\WINDOWS\system32\sh18033.dll] [N/A, ] [C:\WINDOWS\system32\sh23010.dll] [N/A, ] [C:\WINDOWS\system32\sh27010.dll] [N/A, ] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [PID: 848 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [(Verified) Microsoft Corporation, 5.1.2600.1557 (xpsp2_gdr.040517-1325)] [C:\WINDOWS\system32\HBDNF.dll] [N/A, ] [C:\WINDOWS\system32\HBWOW.dll] [N/A, ] [C:\WINDOWS\system32\HBTL.dll] [N/A, ] [C:\WINDOWS\system32\HBJTLQ.dll] [N/A, ] [C:\WINDOWS\system32\HBWD.dll] [N/A, ] [C:\WINDOWS\system32\HBmhly.dll] [N/A, ] [C:\WINDOWS\system32\HBXMJ.dll] [N/A, ] [C:\WINDOWS\system32\HBASKTAO.dll] [N/A, ] [C:\WINDOWS\system32\D80E5A86.dll] [N/A, ] [C:\WINDOWS\system32\HBJXSJ.dll] [N/A, ] [C:\WINDOWS\System32\LgNotify.dll] [Intel Corporation, 1, 0, 0, 1] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [PID: 892 / SYSTEM][C:\WINDOWS\system32\services.exe] [(Verified) Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [PID: 904 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [(Verified) Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [PID: 1056 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [c:\windows\system32\rpcss.dll] [N/A, ] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [PID: 1168 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [C:\WINDOWS\System32\nap32.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 1] [PID: 1204 / SYSTEM][C:\WINDOWS\System32\S24EvMon.exe] [Intel Corporation , 3.1.8.0] [C:\WINDOWS\System32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\WINDOWS\System32\HBDNF.dll] [N/A, ] [C:\WINDOWS\System32\HBWOW.dll] [N/A, ] [C:\WINDOWS\System32\HBTL.dll] [N/A, ] [C:\WINDOWS\System32\HBJTLQ.dll] [N/A, ] [C:\WINDOWS\System32\HBWD.dll] [N/A, ] [C:\WINDOWS\System32\HBmhly.dll] [N/A, ] [C:\WINDOWS\System32\HBXMJ.dll] [N/A, ] [C:\WINDOWS\System32\HBASKTAO.dll] [N/A, ] [C:\WINDOWS\System32\D80E5A86.dll] [N/A, ] [C:\WINDOWS\System32\HBJXSJ.dll] [N/A, ] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [PID: 1320 / NETWORK SERVICE][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [PID: 1472 / LOCAL SERVICE][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [PID: 1520 / SYSTEM][C:\Program Files\Rising\Rfw\rfwsrv.exe] [Beijing Rising Information Technology Co., Ltd., 7.0.0.77] [C:\WINDOWS\System32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\System32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\System32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\System32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\WINDOWS\System32\HBDNF.dll] [N/A, ] [C:\WINDOWS\System32\HBWOW.dll] [N/A, ] [C:\WINDOWS\System32\HBTL.dll] [N/A, ] [C:\WINDOWS\System32\HBJTLQ.dll] [N/A, ] [C:\WINDOWS\System32\HBWD.dll] [N/A, ] [C:\WINDOWS\System32\HBmhly.dll] [N/A, ] [C:\WINDOWS\System32\HBXMJ.dll] [N/A, ] [C:\WINDOWS\System32\HBASKTAO.dll] [N/A, ] [C:\WINDOWS\System32\D80E5A86.dll] [N/A, ] [C:\WINDOWS\System32\HBJXSJ.dll] [N/A, ] [C:\WINDOWS\System32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Rising\Rfw\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [C:\Program Files\Rising\Rfw\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [C:\Program Files\Rising\Rfw\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.1] [C:\Program Files\Rising\Rfw\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.19] [C:\Program Files\Rising\Rfw\RfwRule.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.17] [C:\Program Files\Rising\Rfw\rfwlog.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.16] [C:\Program Files\Rising\Rfw\Rfwdrv.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.50] [C:\Program Files\Rising\Rfw\ijt_ctrl.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.0] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [C:\Program Files\Rising\Rfw\unvdet.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.8] [C:\Program Files\Rising\Rfw\mPorts.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.6] [PID: 1612 / Owner][C:\WINDOWS\system32\ZCfgSvc.exe] [Intel Corporation, 1, 0, 0, 1] [C:\WINDOWS\system32\PfMgrApi.dll] [Intel Corporation, 1, 0, 0, 1] [C:\WINDOWS\system32\PsRegApi.dll] [Intel Corporation, 4, 0, 0, 1] [C:\WINDOWS\system32\WConfig.DLL] [Intel Corporation, 1, 0, 0, 2] [C:\WINDOWS\system32\WiFiAdap.DLL] [Intel Corporation, 1, 0, 0, 1] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\WINDOWS\system32\HBDNF.dll] [N/A, ] [C:\WINDOWS\system32\HBWOW.dll] [N/A, ] [C:\WINDOWS\system32\HBTL.dll] [N/A, ] [C:\WINDOWS\system32\HBJTLQ.dll] [N/A, ] [C:\WINDOWS\system32\HBWD.dll] [N/A, ] [C:\WINDOWS\system32\HBmhly.dll] [N/A, ] [C:\WINDOWS\system32\HBXMJ.dll] [N/A, ] [C:\WINDOWS\system32\HBASKTAO.dll] [N/A, ] [C:\WINDOWS\system32\D80E5A86.dll] [N/A, ] [C:\WINDOWS\system32\HBJXSJ.dll] [N/A, ] [C:\Program Files\Intel\PROSet\CHS\ZcSvcCHS.dll] [Intel Corporation, 4, 1, 0, 53] [C:\Program Files\Intel\PROSet\CHS\PmApiCHS.dll] [Intel Corporation, 4, 1, 0, 0] [C:\WINDOWS\system32\S24MUDLL.dll] [Intel Corporation, 5.0.1.0] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [C:\WINDOWS\System32\5934EA2B.dll] [N/A, ] [C:\WINDOWS\System32\56BC86C7.dll] [N/A, ] [C:\WINDOWS\System32\FFAE967F.dll] [N/A, ] [C:\WINDOWS\System32\133AEAC9.dll] [N/A, ] [C:\WINDOWS\System32\DFB3DAC5.dll] [N/A, ] [C:\WINDOWS\System32\950D1600.dll] [N/A, ] [C:\WINDOWS\System32\A1A6BC2E.dll] [N/A, ] [C:\WINDOWS\System32\2EF0D734.dll] [N/A, ] [C:\WINDOWS\System32\E44343AD.dll] [N/A, ] [C:\WINDOWS\System32\08223B03.dll] [N/A, ] [C:\WINDOWS\System32\DA63E650.dll] [N/A, ] [PID: 1720 / SYSTEM][C:\Program Files\Rising\Rfw\rfwProxy.exe] [Beijing Rising Information Technology Co., Ltd., 7.0.0.38] [C:\WINDOWS\System32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\System32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\System32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\WINDOWS\System32\HBDNF.dll] [N/A, ] [C:\WINDOWS\System32\HBTL.dll] [N/A, ] [C:\WINDOWS\System32\HBWD.dll] [N/A, ] [C:\WINDOWS\System32\HBmhly.dll] [N/A, ] [C:\WINDOWS\System32\HBXMJ.dll] [N/A, ] [C:\WINDOWS\System32\D80E5A86.dll] [N/A, ] [C:\WINDOWS\System32\HBJXSJ.dll] [N/A, ] [C:\WINDOWS\System32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Rising\Rfw\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [C:\Program Files\Rising\Rfw\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [C:\Program Files\Rising\Rfw\RfwRule.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.17] [C:\Program Files\Rising\Rfw\urlrule.dll] [Beijing Rising Information Technology Co., Ltd., 1.0.0.15] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [C:\Program Files\Rising\Rfw\MonMid.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.6] [PID: 1748 / Owner][C:\WINDOWS\Explorer.EXE] [(Verified) Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)] [C:\WINDOWS\System32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\WINDOWS\System32\HBDNF.dll] [N/A, ] [C:\WINDOWS\System32\HBWOW.dll] [N/A, ] [C:\WINDOWS\System32\HBTL.dll] [N/A, ] [C:\WINDOWS\System32\HBJTLQ.dll] [N/A, ] [C:\WINDOWS\System32\HBWD.dll] [N/A, ] [C:\WINDOWS\System32\HBmhly.dll] [N/A, ] [C:\WINDOWS\System32\HBXMJ.dll] [N/A, ] [C:\WINDOWS\System32\HBASKTAO.dll] [N/A, ] [C:\WINDOWS\System32\D80E5A86.dll] [N/A, ] [C:\WINDOWS\System32\HBJXSJ.dll] [N/A, ] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [C:\WINDOWS\System32\FFAE967F.dll] [N/A, ] [C:\WINDOWS\System32\56BC86C7.dll] [N/A, ] [C:\WINDOWS\System32\5934EA2B.dll] [N/A, ] [C:\WINDOWS\System32\950D1600.dll] [N/A, ] [C:\WINDOWS\System32\DFB3DAC5.dll] [N/A, ] [C:\WINDOWS\System32\133AEAC9.dll] [N/A, ] [C:\WINDOWS\System32\34A25F04.dll] [N/A, ] [C:\WINDOWS\System32\DA63E650.dll] [N/A, ] [C:\WINDOWS\System32\08223B03.dll] [N/A, ] [C:\WINDOWS\System32\E0D39066.dll] [N/A, ] [C:\WINDOWS\System32\E4814792.dll] [N/A, ] [C:\WINDOWS\System32\06EA0A93.dll] [N/A, ] [C:\WINDOWS\System32\9CA963CA.dll] [N/A, ] [C:\WINDOWS\System32\E44343AD.dll] [N/A, ] [C:\WINDOWS\System32\2EF0D734.dll] [N/A, ] [C:\WINDOWS\System32\A1A6BC2E.dll] [N/A, ] [C:\WINDOWS\System32\66AFCB56.dll] [N/A, ] [C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.18] [C:\Program Files\WinRAR\rarext.dll] [N/A, ] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17] [PID: 1920 / Owner][C:\WINDOWS\System32\conime.exe] [(Verified) Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)] [C:\WINDOWS\System32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\WINDOWS\System32\HBDNF.dll] [N/A, ] [C:\WINDOWS\System32\HBTL.dll] [N/A, ] [C:\WINDOWS\System32\HBWD.dll] [N/A, ] [C:\WINDOWS\System32\HBmhly.dll] [N/A, ] [C:\WINDOWS\System32\HBXMJ.dll] [N/A, ] [C:\WINDOWS\System32\D80E5A86.dll] [N/A, ] [C:\WINDOWS\System32\HBJXSJ.dll] [N/A, ] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [C:\WINDOWS\System32\5934EA2B.dll] [N/A, ] [C:\WINDOWS\System32\56BC86C7.dll] [N/A, ] [C:\WINDOWS\System32\FFAE967F.dll] [N/A, ] [C:\WINDOWS\System32\A1A6BC2E.dll] [N/A, ] [C:\WINDOWS\System32\2EF0D734.dll] [N/A, ] [C:\WINDOWS\System32\E44343AD.dll] [N/A, ] [C:\WINDOWS\System32\08223B03.dll] [N/A, ] [C:\WINDOWS\System32\DA63E650.dll] [N/A, ] [C:\WINDOWS\System32\133AEAC9.dll] [N/A, ] [C:\WINDOWS\System32\DFB3DAC5.dll] [N/A, ] [C:\WINDOWS\System32\950D1600.dll] [N/A, ] [PID: 312 / SYSTEM][C:\PROGRAM FILES\RISING\RAV\RavStub.exe] [Beijing Rising Information Technology Co., Ltd., 20.0.0.10] [C:\PROGRAM FILES\RISING\RAV\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [PID: 404 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [(Verified) Microsoft Corporation, 5.1.2600.1699 (xpsp2.050610-1533)] [C:\WINDOWS\system32\HBDNF.dll] [N/A, ] [C:\WINDOWS\system32\HBWOW.dll] [N/A, ] [C:\WINDOWS\system32\HBTL.dll] [N/A, ] [C:\WINDOWS\system32\HBJTLQ.dll] [N/A, ] [C:\WINDOWS\system32\HBWD.dll] [N/A, ] [C:\WINDOWS\system32\HBmhly.dll] [N/A, ] [C:\WINDOWS\system32\HBXMJ.dll] [N/A, ] [C:\WINDOWS\system32\HBASKTAO.dll] [N/A, ] [C:\WINDOWS\system32\D80E5A86.dll] [N/A, ] [C:\WINDOWS\system32\HBJXSJ.dll] [N/A, ] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [PID: 412 / Owner][C:\Program Files\Rising\Rfw\RfwMain.exe] [Beijing Rising Information Technology Co., Ltd., 7.0.1.70] [C:\WINDOWS\System32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\System32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\System32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Rising\Rfw\RsGuiLib.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 90] [C:\WINDOWS\System32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Rising\Rfw\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [C:\Program Files\Rising\Rfw\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [C:\Program Files\Rising\Rfw\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.1] [C:\Program Files\Rising\Rfw\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.19] [C:\Program Files\Rising\Rfw\RSCOMMON.DLL] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17] [C:\Program Files\Rising\Rfw\RfwCtrl.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [C:\Program Files\Rising\Rfw\RsXML.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2] [C:\Program Files\Rising\Rfw\PngDll.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [C:\Program Files\Rising\Rfw\RfwRule.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.17] [C:\WINDOWS\System32\5934EA2B.dll] [N/A, ] [C:\WINDOWS\System32\56BC86C7.dll] [N/A, ] [C:\WINDOWS\System32\FFAE967F.dll] [N/A, ] [C:\WINDOWS\System32\D80E5A86.dll] [N/A, ] [C:\WINDOWS\System32\133AEAC9.dll] [N/A, ] [C:\WINDOWS\System32\DFB3DAC5.dll] [N/A, ] [C:\WINDOWS\System32\950D1600.dll] [N/A, ] [C:\WINDOWS\System32\A1A6BC2E.dll] [N/A, ] [C:\WINDOWS\System32\2EF0D734.dll] [N/A, ] [C:\WINDOWS\System32\E44343AD.dll] [N/A, ] [C:\WINDOWS\System32\08223B03.dll] [N/A, ] [C:\WINDOWS\System32\DA63E650.dll] [N/A, ] [C:\WINDOWS\System32\HBJTLQ.dll] [N/A, ] [C:\WINDOWS\System32\HBXMJ.dll] [N/A, ] [C:\WINDOWS\System32\HBTL.dll] [N/A, ] [C:\WINDOWS\System32\HBDNF.dll] [N/A, ] [C:\WINDOWS\System32\HBWOW.dll] [N/A, ] [C:\WINDOWS\System32\HBASKTAO.dll] [N/A, ] [C:\WINDOWS\System32\HBJXSJ.dll] [N/A, ] [C:\WINDOWS\System32\HBmhly.dll] [N/A, ] [PID: 748 / SYSTEM][C:\WINDOWS\System32\RegSrvc.exe] [Intel Corporation, 4, 0, 0, 1] [C:\WINDOWS\System32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\WINDOWS\System32\HBDNF.dll] [N/A, ] [C:\WINDOWS\System32\HBWOW.dll] [N/A, ] [C:\WINDOWS\System32\HBTL.dll] [N/A, ] [C:\WINDOWS\System32\HBJTLQ.dll] [N/A, ] [C:\WINDOWS\System32\HBWD.dll] [N/A, ] [C:\WINDOWS\System32\HBmhly.dll] [N/A, ] [C:\WINDOWS\System32\HBXMJ.dll] [N/A, ] [C:\WINDOWS\System32\HBASKTAO.dll] [N/A, ] [C:\WINDOWS\System32\D80E5A86.dll] [N/A, ] [C:\WINDOWS\System32\HBJXSJ.dll] [N/A, ] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [PID: 1116 / SYSTEM][C:\WINDOWS\System32\RoamMgr.exe] [Intel Corporation, 1, 0, 0, 2] [C:\WINDOWS\System32\WiFiAdap.DLL] [Intel Corporation, 1, 0, 0, 1] [C:\WINDOWS\System32\WConfig.DLL] [Intel Corporation, 1, 0, 0, 2] [C:\WINDOWS\System32\PfMgrApi.dll] [Intel Corporation, 1, 0, 0, 1] [C:\WINDOWS\System32\PsRegApi.dll] [Intel Corporation, 4, 0, 0, 1] [C:\WINDOWS\System32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\WINDOWS\System32\HBDNF.dll] [N/A, ] [C:\WINDOWS\System32\HBTL.dll] [N/A, ] [C:\WINDOWS\System32\HBWD.dll] [N/A, ] [C:\WINDOWS\System32\HBmhly.dll] [N/A, ] [C:\WINDOWS\System32\HBXMJ.dll] [N/A, ] [C:\WINDOWS\System32\D80E5A86.dll] [N/A, ] [C:\WINDOWS\System32\HBJXSJ.dll] [N/A, ] [C:\WINDOWS\System32\VPN.dll] [Intel Corporation, 1, 0, 0, 7] [C:\WINDOWS\System32\S24MUDLL.dll] [Intel Corporation, 5.0.1.0] [PID: 1300 / SYSTEM][C:\WINDOWS\System32\rtmbufdx.exe] [N/A, ] [C:\WINDOWS\System32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\WINDOWS\System32\HBDNF.dll] [N/A, ] [C:\WINDOWS\System32\HBTL.dll] [N/A, ] [C:\WINDOWS\System32\HBWD.dll] [N/A, ] [C:\WINDOWS\System32\HBmhly.dll] [N/A, ] [C:\WINDOWS\System32\HBXMJ.dll] [N/A, ] [C:\WINDOWS\System32\D80E5A86.dll] [N/A, ] [C:\WINDOWS\System32\HBJXSJ.dll] [N/A, ] [PID: 940 / SYSTEM][C:\Program Files\Intel\Switching\User\RoamSvc.exe] [Intel Corporation, 2.0.80.0] [C:\WINDOWS\System32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\WINDOWS\System32\HBDNF.dll] [N/A, ] [C:\WINDOWS\System32\HBWOW.dll] [N/A, ] [C:\WINDOWS\System32\HBTL.dll] [N/A, ] [C:\WINDOWS\System32\HBJTLQ.dll] [N/A, ] [C:\WINDOWS\System32\HBWD.dll] [N/A, ] [C:\WINDOWS\System32\HBmhly.dll] [N/A, ] [C:\WINDOWS\System32\HBXMJ.dll] [N/A, ] [C:\WINDOWS\System32\HBASKTAO.dll] [N/A, ] [C:\WINDOWS\System32\D80E5A86.dll] [N/A, ] [C:\WINDOWS\System32\HBJXSJ.dll] [N/A, ] [C:\PROGRA~1\Intel\SWITCH~1\User\MSMIPVPN.dll] [Intel Corporation, 2.0.80.0] [C:\PROGRA~1\Intel\SWITCH~1\User\CPMIPVPN.dll] [Intel Corporation, 2.0.80.0] [C:\PROGRA~1\Intel\SWITCH~1\User\CSMIPVPN.dll] [Intel Corporation, 2.0.80.0] [C:\PROGRA~1\Intel\SWITCH~1\User\NSMIPVPN.dll] [Intel Corporation, 2.0.80.0] [PID: 2416 / Owner][C:\WINDOWS\System32\pctspk.exe] [, 1, 0, 0, 1] [C:\WINDOWS\System32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\WINDOWS\System32\HBDNF.dll] [N/A, ] [C:\WINDOWS\System32\HBWOW.dll] [N/A, ] [C:\WINDOWS\System32\HBTL.dll] [N/A, ] [C:\WINDOWS\System32\HBJTLQ.dll] [N/A, ] [C:\WINDOWS\System32\HBWD.dll] [N/A, ] [C:\WINDOWS\System32\HBmhly.dll] [N/A, ] [C:\WINDOWS\System32\HBXMJ.dll] [N/A, ] [C:\WINDOWS\System32\HBASKTAO.dll] [N/A, ] [C:\WINDOWS\System32\D80E5A86.dll] [N/A, ] [C:\WINDOWS\System32\HBJXSJ.dll] [N/A, ] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [C:\WINDOWS\System32\A1A6BC2E.dll] [N/A, ] [C:\WINDOWS\System32\2EF0D734.dll] [N/A, ] [C:\WINDOWS\System32\E44343AD.dll] [N/A, ] [C:\WINDOWS\System32\08223B03.dll] [N/A, ] [C:\WINDOWS\System32\DA63E650.dll] [N/A, ] [C:\WINDOWS\System32\133AEAC9.dll] [N/A, ] [C:\WINDOWS\System32\DFB3DAC5.dll] [N/A, ] [C:\WINDOWS\System32\950D1600.dll] [N/A, ] [C:\WINDOWS\System32\5934EA2B.dll] [N/A, ] [C:\WINDOWS\System32\56BC86C7.dll] [N/A, ] [C:\WINDOWS\System32\FFAE967F.dll] [N/A, ] [PID: 2424 / Owner][C:\Program Files\Apoint\Apoint.exe] [Alps Electric Co., Ltd., 5.4.101.113] [C:\WINDOWS\System32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\WINDOWS\System32\HBDNF.dll] [N/A, ] [C:\WINDOWS\System32\HBTL.dll] [N/A, ] [C:\WINDOWS\System32\HBWD.dll] [N/A, ] [C:\WINDOWS\System32\HBmhly.dll] [N/A, ] [C:\WINDOWS\System32\HBXMJ.dll] [N/A, ] [C:\WINDOWS\System32\D80E5A86.dll] [N/A, ] [C:\WINDOWS\System32\HBJXSJ.dll] [N/A, ] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [C:\WINDOWS\System32\VXDIF.DLL] [Alps Electric Co., Ltd., 6.0.1.56] [C:\Program Files\Apoint\Apoint.DLL] [Alps Electric Co., Ltd., 5.4.102.182] [C:\Program Files\Apoint\EzAuto.dll] [Alps Electric Co., Ltd., 4.5.1.83] [C:\WINDOWS\System32\FFAE967F.dll] [N/A, ] [C:\WINDOWS\System32\56BC86C7.dll] [N/A, ] [C:\WINDOWS\System32\5934EA2B.dll] [N/A, ] [C:\WINDOWS\System32\950D1600.dll] [N/A, ] [C:\WINDOWS\System32\DFB3DAC5.dll] [N/A, ] [C:\WINDOWS\System32\133AEAC9.dll] [N/A, ] [C:\WINDOWS\System32\34A25F04.dll] [N/A, ] [C:\WINDOWS\System32\DA63E650.dll] [N/A, ] [C:\WINDOWS\System32\08223B03.dll] [N/A, ] [C:\WINDOWS\System32\E0D39066.dll] [N/A, ] [C:\WINDOWS\System32\E4814792.dll] [N/A, ] [C:\WINDOWS\System32\06EA0A93.dll] [N/A, ] [C:\WINDOWS\System32\9CA963CA.dll] [N/A, ] [C:\WINDOWS\System32\E44343AD.dll] [N/A, ] [C:\WINDOWS\System32\2EF0D734.dll] [N/A, ] [C:\WINDOWS\System32\A1A6BC2E.dll] [N/A, ] [C:\WINDOWS\System32\66AFCB56.dll] [N/A, ] [C:\Program Files\Apoint\EzLaunch.DLL] [Alps Electric Co., Ltd., 4.5.0.47] [PID: 2508 / Owner][C:\WINDOWS\System32\hkcmd.exe] [Intel Corporation, 3,0,0,2039] [C:\WINDOWS\System32\hccutils.DLL] [Intel Corporation, 3,0,0,2039] [C:\WINDOWS\System32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\WINDOWS\System32\HBDNF.dll] [N/A, ] [C:\WINDOWS\System32\HBTL.dll] [N/A, ] [C:\WINDOWS\System32\HBWD.dll] [N/A, ] [C:\WINDOWS\System32\HBmhly.dll] [N/A, ] [C:\WINDOWS\System32\HBXMJ.dll] [N/A, ] [C:\WINDOWS\System32\D80E5A86.dll] [N/A, ] [C:\WINDOWS\System32\HBJXSJ.dll] [N/A, ] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [C:\WINDOWS\System32\igfxdev.dll] [Intel Corporation, 3,0,0,2039] [C:\WINDOWS\System32\igfxsrvc.dll] [Intel Corporation, 3,0,0,2039] [C:\WINDOWS\System32\igfxres.dll] [Intel Corporation, 3,0,0,2039] [C:\WINDOWS\System32\A1A6BC2E.dll] [N/A, ] [C:\WINDOWS\System32\2EF0D734.dll] [N/A, ] [C:\WINDOWS\System32\E44343AD.dll] [N/A, ] [C:\WINDOWS\System32\08223B03.dll] [N/A, ] [C:\WINDOWS\System32\DA63E650.dll] [N/A, ] [C:\WINDOWS\System32\133AEAC9.dll] [N/A, ] [C:\WINDOWS\System32\DFB3DAC5.dll] [N/A, ] [C:\WINDOWS\System32\950D1600.dll] [N/A, ] [C:\WINDOWS\System32\5934EA2B.dll] [N/A, ] [C:\WINDOWS\System32\56BC86C7.dll] [N/A, ] [C:\WINDOWS\System32\FFAE967F.dll] [N/A, ] [C:\WINDOWS\System32\igfxhk.dll] [Intel Corporation, 3,0,0,2039] [PID: 2588 / Owner][C:\WINDOWS\System32\System.exe] [N/A, ] [C:\WINDOWS\System32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\WINDOWS\System32\HBDNF.dll] [N/A, ] [C:\WINDOWS\System32\HBTL.dll] [N/A, ] [C:\WINDOWS\System32\HBWD.dll] [N/A, ] [C:\WINDOWS\System32\HBmhly.dll] [N/A, ] [C:\WINDOWS\System32\HBXMJ.dll] [N/A, ] [C:\WINDOWS\System32\D80E5A86.dll] [N/A, ] [C:\WINDOWS\System32\HBJXSJ.dll] [N/A, ] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [C:\WINDOWS\System32\A1A6BC2E.dll] [N/A, ] [C:\WINDOWS\System32\2EF0D734.dll] [N/A, ] [C:\WINDOWS\System32\E44343AD.dll] [N/A, ] [C:\WINDOWS\System32\08223B03.dll] [N/A, ] [C:\WINDOWS\System32\DA63E650.dll] [N/A, ] [C:\WINDOWS\System32\133AEAC9.dll] [N/A, ] [C:\WINDOWS\System32\DFB3DAC5.dll] [N/A, ] [C:\WINDOWS\System32\950D1600.dll] [N/A, ] [C:\WINDOWS\System32\5934EA2B.dll] [N/A, ] [C:\WINDOWS\System32\56BC86C7.dll] [N/A, ] [C:\WINDOWS\System32\FFAE967F.dll] [N/A, ] [C:\WINDOWS\System32\HBASKTAO.dll] [N/A, ] [C:\WINDOWS\System32\HBWOW.dll] [N/A, ] [C:\WINDOWS\System32\HBJTLQ.dll] [N/A, ] [PID: 2624 / Owner][C:\Program Files\Apoint\Apntex.exe] [Alps Electric Co., Ltd., 5.0.1.13] [C:\WINDOWS\System32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\WINDOWS\System32\HBDNF.dll] [N/A, ] [C:\WINDOWS\System32\HBWOW.dll] [N/A, ] [C:\WINDOWS\System32\HBTL.dll] [N/A, ] [C:\WINDOWS\System32\HBJTLQ.dll] [N/A, ] [C:\WINDOWS\System32\HBWD.dll] [N/A, ] [C:\WINDOWS\System32\HBmhly.dll] [N/A, ] [C:\WINDOWS\System32\HBXMJ.dll] [N/A, ] [C:\WINDOWS\System32\HBASKTAO.dll] [N/A, ] [C:\WINDOWS\System32\D80E5A86.dll] [N/A, ] [C:\WINDOWS\System32\HBJXSJ.dll] [N/A, ] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [C:\WINDOWS\System32\VXDIF.DLL] [Alps Electric Co., Ltd., 6.0.1.56] [C:\WINDOWS\System32\A1A6BC2E.dll] [N/A, ] [C:\WINDOWS\System32\2EF0D734.dll] [N/A, ] [C:\WINDOWS\System32\E44343AD.dll] [N/A, ] [C:\WINDOWS\System32\08223B03.dll] [N/A, ] [C:\WINDOWS\System32\DA63E650.dll] [N/A, ] [C:\WINDOWS\System32\133AEAC9.dll] [N/A, ] [C:\WINDOWS\System32\DFB3DAC5.dll] [N/A, ] [C:\WINDOWS\System32\950D1600.dll] [N/A, ] [C:\WINDOWS\System32\5934EA2B.dll] [N/A, ] [C:\WINDOWS\System32\56BC86C7.dll] [N/A, ] [C:\WINDOWS\System32\FFAE967F.dll] [N/A, ] [PID: 2640 / Owner][C:\WINDOWS\System32\ctfmon.exe] [(Infected) Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)] [C:\WINDOWS\System32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\WINDOWS\System32\HBDNF.dll] [N/A, ] [C:\WINDOWS\System32\HBTL.dll] [N/A, ] [C:\WINDOWS\System32\HBWD.dll] [N/A, ] [C:\WINDOWS\System32\HBmhly.dll] [N/A, ] [C:\WINDOWS\System32\HBXMJ.dll] [N/A, ] [C:\WINDOWS\System32\D80E5A86.dll] [N/A, ] [C:\WINDOWS\System32\HBJXSJ.dll] [N/A, ] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [C:\WINDOWS\System32\A1A6BC2E.dll] [N/A, ] [C:\WINDOWS\System32\2EF0D734.dll] [N/A, ] [C:\WINDOWS\System32\E44343AD.dll] [N/A, ] [C:\WINDOWS\System32\08223B03.dll] [N/A, ] [C:\WINDOWS\System32\DA63E650.dll] [N/A, ] [C:\WINDOWS\System32\133AEAC9.dll] [N/A, ] [C:\WINDOWS\System32\DFB3DAC5.dll] [N/A, ] [C:\WINDOWS\System32\950D1600.dll] [N/A, ] [C:\WINDOWS\System32\5934EA2B.dll] [N/A, ] [C:\WINDOWS\System32\56BC86C7.dll] [N/A, ] [C:\WINDOWS\System32\FFAE967F.dll] [N/A, ] [PID: 2740 / Owner][C:\WINDOWS\System32\Com\ie.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)] [C:\WINDOWS\System32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\WINDOWS\System32\HBDNF.dll] [N/A, ] [C:\WINDOWS\System32\HBTL.dll] [N/A, ] [C:\WINDOWS\System32\HBWD.dll] [N/A, ] [C:\WINDOWS\System32\HBmhly.dll] [N/A, ] [C:\WINDOWS\System32\HBXMJ.dll] [N/A, ] [C:\WINDOWS\System32\D80E5A86.dll] [N/A, ] [C:\WINDOWS\System32\HBJXSJ.dll] [N/A, ] [C:\WINDOWS\System32\A1A6BC2E.dll] [N/A, ] [C:\WINDOWS\System32\2EF0D734.dll] [N/A, ] [C:\WINDOWS\System32\E44343AD.dll] [N/A, ] [C:\WINDOWS\System32\08223B03.dll] [N/A, ] [C:\WINDOWS\System32\DA63E650.dll] [N/A, ] [C:\WINDOWS\System32\133AEAC9.dll] [N/A, ] [C:\WINDOWS\System32\DFB3DAC5.dll] [N/A, ] [C:\WINDOWS\System32\950D1600.dll] [N/A, ] [C:\WINDOWS\System32\5934EA2B.dll] [N/A, ] [C:\WINDOWS\System32\56BC86C7.dll] [N/A, ] [C:\WINDOWS\System32\FFAE967F.dll] [N/A, ] [PID: 4072 / Owner][C:\Program Files\Huawei-3Com\H3C 802.1X 客户端\Dot1XClient.exe] [N/A, ] [C:\WINDOWS\System32\W32N50.dll] [Printing Communications Assoc., Inc. (PCAUSA), 5.03.16.54] [C:\Program Files\Huawei-3Com\H3C 802.1X 客户端\h3c_utility.dll] [N/A, ] [C:\WINDOWS\System32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\WINDOWS\System32\HBDNF.dll] [N/A, ] [C:\WINDOWS\System32\HBTL.dll] [N/A, ] [C:\WINDOWS\System32\HBWD.dll] [N/A, ] [C:\WINDOWS\System32\HBmhly.dll] [N/A, ] [C:\WINDOWS\System32\HBXMJ.dll] [N/A, ] [C:\WINDOWS\System32\D80E5A86.dll] [N/A, ] [C:\WINDOWS\System32\HBJXSJ.dll] [N/A, ] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [C:\WINDOWS\System32\A1A6BC2E.dll] [N/A, ] [C:\WINDOWS\System32\2EF0D734.dll] [N/A, ] [C:\WINDOWS\System32\E44343AD.dll] [N/A, ] [C:\WINDOWS\System32\08223B03.dll] [N/A, ] [C:\WINDOWS\System32\DA63E650.dll] [N/A, ] [C:\WINDOWS\System32\133AEAC9.dll] [N/A, ] [C:\WINDOWS\System32\DFB3DAC5.dll] [N/A, ] [C:\WINDOWS\System32\950D1600.dll] [N/A, ] [C:\WINDOWS\System32\5934EA2B.dll] [N/A, ] [C:\WINDOWS\System32\56BC86C7.dll] [N/A, ] [C:\WINDOWS\System32\FFAE967F.dll] [N/A, ] [C:\WINDOWS\System32\HBJTLQ.dll] [N/A, ] [C:\WINDOWS\System32\HBWOW.dll] [N/A, ] [C:\WINDOWS\System32\HBASKTAO.dll] [N/A, ] [PID: 3052 / Owner][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)] [C:\WINDOWS\System32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\WINDOWS\System32\HBDNF.dll] [N/A, ] [C:\WINDOWS\System32\HBWOW.dll] [N/A, ] [C:\WINDOWS\System32\HBTL.dll] [N/A, ] [C:\WINDOWS\System32\HBJTLQ.dll] [N/A, ] [C:\WINDOWS\System32\HBWD.dll] [N/A, ] [C:\WINDOWS\System32\HBmhly.dll] [N/A, ] [C:\WINDOWS\System32\HBXMJ.dll] [N/A, ] [C:\WINDOWS\System32\HBASKTAO.dll] [N/A, ] [C:\WINDOWS\System32\D80E5A86.dll] [N/A, ] [C:\WINDOWS\System32\HBJXSJ.dll] [N/A, ] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [C:\WINDOWS\System32\A1A6BC2E.dll] [N/A, ] [C:\WINDOWS\System32\2EF0D734.dll] [N/A, ] [C:\WINDOWS\System32\E44343AD.dll] [N/A, ] [C:\WINDOWS\System32\08223B03.dll] [N/A, ] [C:\WINDOWS\System32\DA63E650.dll] [N/A, ] [C:\WINDOWS\System32\133AEAC9.dll] [N/A, ] [C:\WINDOWS\System32\DFB3DAC5.dll] [N/A, ] [C:\WINDOWS\System32\950D1600.dll] [N/A, ] [C:\WINDOWS\System32\5934EA2B.dll] [N/A, ] [C:\WINDOWS\System32\56BC86C7.dll] [N/A, ] [C:\WINDOWS\System32\FFAE967F.dll] [N/A, ] [C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5] [C:\Program Files\Apoint\Apoint.DLL] [Alps Electric Co., Ltd., 5.4.102.182] [C:\WINDOWS\System32\Vxdif.dll] [Alps Electric Co., Ltd., 6.0.1.56] [C:\WINDOWS\System32\Macromed\Flash\Flash9f.ocx] [Adobe Systems, Inc., 9,0,124,0] [PID: 2832 / Owner][C:\Documents and Settings\Owner\桌面\sreng2\SREngLdr.EXE] [Smallfrogs Studio, 2.7.0.1210] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [C:\WINDOWS\System32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\WINDOWS\System32\HBDNF.dll] [N/A, ] [C:\WINDOWS\System32\HBTL.dll] [N/A, ] [C:\WINDOWS\System32\HBWD.dll] [N/A, ] [C:\WINDOWS\System32\HBmhly.dll] [N/A, ] [C:\WINDOWS\System32\HBXMJ.dll] [N/A, ] [C:\WINDOWS\System32\D80E5A86.dll] [N/A, ] [C:\WINDOWS\System32\HBJXSJ.dll] [N/A, ] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [PID: 540 / Owner][C:\Documents and Settings\Owner\桌面\sreng2\SRE91deb473.EXE] [Smallfrogs Studio, 2.7.0.1210] [C:\WINDOWS\System32\D80E5A86.dll] [N/A, ] [C:\WINDOWS\System32\HBmhly.dll] [N/A, ] [C:\WINDOWS\System32\HBJXSJ.dll] [N/A, ] [C:\WINDOWS\System32\HBDNF.dll] [N/A, ] [C:\WINDOWS\System32\HBTL.dll] [N/A, ] [C:\WINDOWS\System32\HBWD.dll] [N/A, ] [C:\WINDOWS\System32\HBXMJ.dll] [N/A, ] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9] [C:\WINDOWS\System32\A1A6BC2E.dll] [N/A, ] [C:\WINDOWS\System32\2EF0D734.dll] [N/A, ] [C:\WINDOWS\System32\E44343AD.dll] [N/A, ] [C:\WINDOWS\System32\08223B03.dll] [N/A, ] [C:\WINDOWS\System32\DA63E650.dll] [N/A, ] [C:\WINDOWS\System32\133AEAC9.dll] [N/A, ] [C:\WINDOWS\System32\DFB3DAC5.dll] [N/A, ] [C:\WINDOWS\System32\950D1600.dll] [N/A, ] [C:\WINDOWS\System32\5934EA2B.dll] [N/A, ] [C:\WINDOWS\System32\56BC86C7.dll] [N/A, ] [C:\WINDOWS\System32\FFAE967F.dll] [N/A, ] [C:\WINDOWS\System32\HBJTLQ.dll] [N/A, ] [C:\WINDOWS\System32\HBWOW.dll] [N/A, ] [C:\WINDOWS\System32\HBASKTAO.dll] [N/A, ] [C:\Documents and Settings\Owner\桌面\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15] ================================== 文件关联 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 N/A ================================== Autorun.inf N/A ================================== HOSTS 文件 127.0.0.1 v.onondown.com.cn 127.0.0.2 ymsdasdw1.cn 127.0.0.3 h96b.info 127.0.0.0 fuck.zttwp.cn 127.0.0.0 www.hackerbf.cn 127.0.0.0 geekbyfeng.cn 127.0.0.0 121.14.101.68 127.0.0.0 ppp.etimes888.com 127.0.0.0 www.bypk.com 127.0.0.0 CSC3-2004-crl.verisign.com 127.0.0.1 va9sdhun23.cn 127.0.0.0 udp.hjob123.com 127.0.0.2 bnasnd83nd.cn 127.0.0.0 www.gamehacker.com.cn 127.0.0.0 gamehacker.com.cn 127.0.0.3 adlaji.cn 127.0.0.1 858656.com 127.1.1.1 bnasnd83nd.cn 127.0.0.1 my123.com 127.0.0.0 user1.12-27.net 127.0.0.1 8749.com 127.0.0.0 fengent.cn 127.0.0.1 4199.com 127.0.0.1 user1.16-22.net 127.0.0.1 7379.com 127.0.0.1 2be37c5f.3f6e2cc5f0b.com 127.0.0.1 7255.com 127.0.0.1 user1.23-12.net 127.0.0.1 3448.com 127.0.0.1 www.guccia.net 127.0.0.1 7939.com 127.0.0.1 a.o1o1o1.nEt 127.0.0.1 8009.com 127.0.0.1 user1.12-73.cn 127.0.0.1 piaoxue.com 127.0.0.1 3n8nlasd.cn 127.0.0.1 kzdh.com 127.0.0.0 www.sony888.cn 127.0.0.1 about.blank.la 127.0.0.0 user1.asp-33.cn 127.0.0.1 6781.com 127.0.0.0 www.netkwek.cn 127.0.0.1 7322.com 127.0.0.0 ymsdkad6.cn 127.0.0.1 localhost 127.0.0.0 www.lkwueir.cn 127.0.0.1 06.jacai.com 127.0.1.1 user1.23-17.net 127.0.0.1 1.jopenkk.com 127.0.0.0 upa.luzhiai.net 127.0.0.1 1.jopenqc.com 127.0.0.0 www.guccia.net 127.0.0.1 1.joppnqq.com 127.0.0.0 4m9mnlmi.cn 127.0.0.1 1.xqhgm.com 127.0.0.0 mm119mkssd.cn 127.0.0.1 100.332233.com 127.0.0.0 61.128.171.115:8080 127.0.0.1 121.11.90.79 127.0.0.0 www.1119111.com 127.0.0.1 121565.net 127.0.0.0 win.nihao69.cn 127.0.0.1 125.90.88.38 127.0.0.1 16888.6to23.com 127.0.0.1 2.joppnqq.com 127.0.0.0 puc.lianxiac.net 127.0.0.1 204.177.92.68 127.0.0.0 pud.lianxiac.net 127.0.0.1 210.74.145.236 127.0.0.0 210.76.0.133 127.0.0.1 219.129.239.220 127.0.0.0 61.166.32.2 127.0.0.1 219.153.40.221 127.0.0.0 218.92.186.27 127.0.0.1 219.153.46.27 127.0.0.0 www.fsfsfag.cn 127.0.0.1 219.153.52.123 127.0.0.0 ovo.ovovov.cn 127.0.0.1 221.195.42.71 127.0.0.0 dw.com.com 127.0.0.1 222.73.218.115 127.0.0.1 203.110.168.233:80 127.0.0.1 3.joppnqq.com 127.0.0.1 203.110.168.221:80 127.0.0.1 363xx.com 127.0.0.1 www1.ip10086.com.cm 127.0.0.1 4199.com 127.0.0.1 blog.ip10086.com.cn 127.0.0.1 43242.com 127.0.0.1 www.ccji68.cn 127.0.0.1 5.xqhgm.com 127.0.0.0 t.myblank.cn 127.0.0.1 520.mm5208.com 127.0.0.0 x.myblank.cn 127.0.0.1 59.34.131.54 127.0.0.1 210.51.45.5 127.0.0.1 59.34.198.228 127.0.0.1 www.ew1q.cn 127.0.0.1 59.34.198.88 127.0.0.1 59.34.198.97 127.0.0.1 60.190.114.101 127.0.0.1 60.190.218.34 127.0.0.0 qq-xing.com.cn 127.0.0.1 60.191.124.252 127.0.0.1 61.145.117.212 127.0.0.1 61.157.109.222 127.0.0.1 75.126.3.216 127.0.0.1 75.126.3.217 127.0.0.1 75.126.3.218 127.0.0.0 59.125.231.177:17777 127.0.0.1 75.126.3.220 127.0.0.1 75.126.3.221 127.0.0.1 75.126.3.222 127.0.0.1 772630.com 127.0.0.1 832823.cn 127.0.0.1 8749.com 127.0.0.1 888.jopenqc.com 127.0.0.1 89382.cn 127.0.0.1 8v8.biz 127.0.0.1 97725.com 127.0.0.1 9gg.biz 127.0.0.1 www.9000music.com 127.0.0.1 test.591jx.com 127.0.0.1 a.topxxxx.cn 127.0.0.1 picon.chinaren.com 127.0.0.1 www.5566.net 127.0.0.1 p.qqkx.com 127.0.0.1 news.netandtv.com 127.0.0.1 z.neter888.cn 127.0.0.1 b.myblank.cn 127.0.0.1 wvw.wokutu.com 127.0.0.1 unionch.qyule.com 127.0.0.1 www.qyule.com 127.0.0.1 it.itjc.cn 127.0.0.1 www.linkwww.com 127.0.0.1 vod.kaicn.com 127.0.0.1 www.tx8688.com 127.0.0.1 b.neter888.cn 127.0.0.1 promote.huanqiu.com 127.0.0.1 www.huanqiu.com 127.0.0.1 www.haokanla.com 127.0.0.1 play.unionsky.cn 127.0.0.1 www.52v.com 127.0.0.1 www.gghka.cn 127.0.0.1 icon.ajiang.net 127.0.0.1 new.ete.cn 127.0.0.1 www.stiae.cn 127.0.0.1 o.neter888.cn 127.0.0.1 comm.jinti.com 127.0.0.1 www.google-analytics.com 127.0.0.1 hz.mmstat.com 127.0.0.1 www.game175.cn 127.0.0.1 x.neter888.cn 127.0.0.1 z.neter888.cn 127.0.0.1 p.etimes888.com 127.0.0.1 hx.etimes888.com 127.0.0.1 abc.qqkx.com 127.0.0.1 dm.popdm.cn 127.0.0.1 www.yl9999.com 127.0.0.1 www.dajiadoushe.cn 127.0.0.1 v.onondown.com.cn 127.0.0.1 www.interoo.net 127.0.0.1 bally1.bally-bally.net 127.0.0.1 www.bao5605509.cn 127.0.0.1 www.rty456.cn 127.0.0.1 www.werqwer.cn 127.0.0.1 1.360-1.cn 127.0.0.1 user1.23-16.net 127.0.0.1 www.guccia.net 127.0.0.1 www.interoo.net 127.0.0.1 upa.netsool.net 127.0.0.1 js.users.51.la 127.0.0.1 vip2.51.la 127.0.0.1 web.51.la 127.0.0.1 qq.gong2008.com 127.0.0.1 2008tl.copyip.com 127.0.0.1 tla.laozihuolaile.cn 127.0.0.1 www.tx6868.cn 127.0.0.1 p001.tiloaiai.com 127.0.0.1 s1.tl8tl.com 127.0.0.1 s1.gong2008.com 127.0.0.1 4b3ce56f9g.3f6e2cc5f0b.com 127.0.0.1 2be37c5f.3f6e2cc5f0b.com 222.189.238.6 www.qq.com 222.189.238.6 www.baidu.com 222.189.238.6 im.qq.com 222.189.238.6 x.soso.com ================================== 进程特权扫描特殊特权被允许： SeDebugPrivilege [PID = 1612, C:\WINDOWS\SYSTEM32\ZCFGSVC.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 2588, C:\WINDOWS\SYSTEM32\SYSTEM.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 2588, C:\WINDOWS\SYSTEM32\SYSTEM.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 2640, C:\WINDOWS\SYSTEM32\CTFMON.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 2640, C:\WINDOWS\SYSTEM32\CTFMON.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 4072, C:\PROGRAM FILES\HUAWEI-3COM\H3C 802.1X 客户端\DOT1XCLIENT.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 4072, C:\PROGRAM FILES\HUAWEI-3COM\H3C 802.1X 客户端\DOT1XCLIENT.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 2832, C:\DOCUMENTS AND SETTINGS\OWNER\桌面\SRENG2\SRENGLDR.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 2832, C:\DOCUMENTS AND SETTINGS\OWNER\桌面\SRENG2\SRENGLDR.EXE] ================================== 计划任务 N/A ================================== API HOOK 入口点错误：CreateProcessA (危险等级: 高, 被下面模块所HOOK: 0x00E01FFD) 入口点错误：CreateProcessW (危险等级: 高, 被下面模块所HOOK: 0x00E020E5) ================================== 隐藏进程 N/A ================================== [/CODE]