[CODE] 2008-12-15,17:56:28 System Repair Engineer 2.7.0.1210 Smallfrogs (http://www.KZTechs.com) Windows 2000 Professional Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能以下内容被选中：所有的启动项目（包括注册表、启动文件夹、服务等）浏览器加载项正在运行的进程（包括进程模块信息）文件关联 Winsock 提供者 Autorun.inf HOSTS 文件进程特权扫描计划任务 API HOOK 隐藏进程启动项目注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"> [Microsoft Corporation] <"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1> [File is missing] [(Verified)Microsoft Windows 2000 Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] [A4Tech Co.,Ltd.] [(Verified)Symantec Corporation] <"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"> [(Verified)Symantec Corporation] [(Verified)Symantec Corporation] [NVIDIA Corporation] [NVIDIA Corporation] <"C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe"> [Acronis] <"C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"> [Acronis] [(Verified)Microsoft Windows Hardware Compatibility Publisher] <"C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti> [] <"C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe"> [(Verified)Google Inc] [(Verified)Microsoft Windows 2000 Publisher] [] <"C:\Program Files\Rising\AntiSpyware\rstray.exe" /startup> [(Verified)Beijing Rising Information Technology Corporation Limited] [(Verified)Microsoft Windows Hardware Compatibility Publisher] [(Verified)Microsoft Windows Hardware Compatibility Publisher] [(Verified)Microsoft Windows Hardware Compatibility Publisher] <360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r> [(Verified)Qizhi Software (beijing) Co. Ltd] <"C:\WINNT\system32\nap32.exe" /run> [Beijing Rising Information Technology Co., Ltd.] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows 2000 Publisher] [(Verified)Microsoft Windows 2000 Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] [(Verified)Beijing Rising Information Technology Corporation Limited] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{AEB6717E-7E19-11d0-97EE-00C04FD91972}> [(Verified)Microsoft Windows Component Publisher] <{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] [(Verified)Microsoft Windows 2000 Publisher] <%SystemRoot%\system32\webcheck.dll> [(Verified)Microsoft Windows Component Publisher] [(Verified)Microsoft Windows 2000 Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ActiveSync] [Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] [(Verified)Microsoft Windows 2000 Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] [(Verified)Microsoft Windows 2000 Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] [(Verified)Microsoft Windows 2000 Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] [(Verified)Microsoft Windows Hardware Compatibility Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon] [(Verified)Symantec Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] [(Verified)Microsoft Windows 2000 Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] [(Verified)Microsoft Windows 2000 Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif] [(Verified)Microsoft Windows 2000 Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher] <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] <"C:\WINNT\system32\shmgrate.exe" OCInstallUserConfigIE> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] <"C:\WINNT\system32\shmgrate.exe" OCInstallUserConfigOE> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] [(Verified)Microsoft Windows 2000 Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6A5110B5-E14B-4268-A065-EF89FF33C325}] [(Verified)Microsoft Windows 2000 Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]

<"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] [(Verified)Microsoft Windows 2000 Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] <%SystemRoot%\system32\ie4uinit.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] [(Verified)Microsoft Corporation] ================================== 启动文件夹 [Adobe Reader Speed Launch] C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [Adobe Systems Incorporated]> ================================== 服务 [Acronis Scheduler2 Service / AcrSch2Svc][Running/Auto Start] <"C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe"> [AnmChannelFactoryServer / AnmChannelFactoryServer][Stopped/Manual Start] [AnmChannelServer / AnmChannelServer][Stopped/Manual Start] [AnmLoggerServer / AnmLoggerServer][Stopped/Manual Start] [AnmSupplierServer / AnmSupplierServer][Stopped/Manual Start] [Autodesk Licensing Service / Autodesk Licensing Service][Running/Auto Start] <"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"> [Symantec Event Manager / ccEvtMgr][Running/Auto Start] <"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"> [Contrl Center of Storm Media / ccosm][Running/Auto Start] <北京暴风网际科技有限公司> [Symantec Password Validation / ccPwdSvc][Stopped/Manual Start] <"C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"> [Symantec Settings Manager / ccSetMgr][Running/Auto Start] <"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"> [Cmb WebProtect Support / CMBWPS][Running/Auto Start] [CT Bus Broker / CTBusBroker][Stopped/Manual Start] [Symantec AntiVirus Definition Watcher / DefWatch][Running/Auto Start] <"C:\Program Files\Symantec AntiVirus\DefWatch.exe"> [Dialogic / Dialogic][Stopped/Manual Start] [Dialogic SS7 Service / DlgcS7Srv][Stopped/Manual Start] [IPLink H.323 Stack / dlgH323][Stopped/Manual Start] <> [DM3Config / DM3Config][Stopped/Manual Start] [Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start] [Persits Software Email Agent / EmailAgent][Stopped/Manual Start] [Google Updater Service / gusvc][Stopped/Manual Start] <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"> [Envox CT ADE?ICR Service / ICRService][Stopped/Manual Start] [Kingsoft Basic Service / kaccore][Running/Auto Start] <"C:\Program Files\Kingsoft\KAC\Service\kaccore.exe"> [Machine Debug Manager / MDM][Running/Auto Start] <"C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"> [mental ray 3.5 Satellite (32-bit) / mi-raysat_3dsmax9_32][Running/Auto Start] <"C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe"> [MSSQLSERVER / MSSQLSERVER][Stopped/Manual Start] [MSSQLServerADHelper / MSSQLServerADHelper][Stopped/Manual Start] [NVIDIA Display Driver Service / NVSvc][Stopped/Auto Start] [PSSDIAG / PSSDIAG][Stopped/Manual Start] [SavRoam / SavRoam][Stopped/Manual Start] <"C:\Program Files\Symantec AntiVirus\SavRoam.exe"> [Symantec Network Drivers Service / SNDSrvc][Stopped/Manual Start] <"C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"> [SQLSERVERAGENT / SQLSERVERAGENT][Stopped/Manual Start] [Symantec AntiVirus / Symantec AntiVirus][Running/Auto Start] <"C:\Program Files\Symantec AntiVirus\Rtvscan.exe"> [SymWMI Service / SymWSC][Stopped/Auto Start] [User Profile Hive Cleanup / UPHClean][Running/Auto Start] [Visual Studio Analyzer RPC bridge / Visual Studio Analyzer RPC bridge][Stopped/Manual Start] [Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start] C:\WINNT\system32\mspmsnsv.dll> ================================== 驱动程序 [360AntiArp / 360AntiArp][Running/System Start] <\??\C:\WINNT\system32\drivers\360AntiArp.sys><360安全中心> [Service for WDM 3D Audio Driver / ALCXSENS][Stopped/Manual Start] [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Stopped/Manual Start] [A4Tech PS/2 Port Mouse Driver / Amps2prt][Stopped/Manual Start] [Broadcom NetXtreme Gigabit Ethernet / b57w2k][Stopped/Manual Start] [CMB8100 / CMB8100][Running/Auto Start] <\??\C:\WINNT\system32\Drivers\CertClient.dat> [CMBProtector / CMBProtector][Running/Auto Start] <\??\C:\WINNT\system32\Drivers\CMBProtector.dat> [Dialogic Antares Protocol Driver / DlgcAntares][Stopped/Manual Start] [dlgcmcd / dlgcmcd][Stopped/Manual Start] <\??\C:\WINNT\system32\Drivers\dlgcmcd.sys> [dlgcmpd / dlgcmpd][Stopped/Manual Start] <\??\C:\WINNT\system32\Drivers\dlgcmpd.sys> [DialogicUPGRADEDRV / dlgcupgrade][Stopped/Manual Start] <\??\C:\WINNT\system32\Drivers\dlgcupgrade.sys> [dmboot / dmboot][Stopped/Disabled] [Logical Disk Manager Driver / dmio][Running/Boot Start] <\SystemRoot\System32\drivers\dmio.sys> [dmload / dmload][Running/Boot Start] <\SystemRoot\System32\drivers\dmload.sys> [Symantec Eraser Control driver / eeCtrl][Running/System Start] <\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys> [Dialogic FW Download Driver / Gloaddrv][Stopped/Manual Start] <\??\C:\WINNT\system32\Drivers\Gloaddrv.sys> [HOSTNT / HOSTNT][Running/Auto Start] <\??\C:\WINNT\system32\drivers\hostnt.sys> [ialm / ialm][Running/Manual Start] [KAVBootC / KAVBootC][Running/Boot Start] <\SystemRoot\system32\Drivers\KAVBootC.sys> [KAVSafe / KAVSafe][Running/Auto Start] <\??\C:\WINNT\system32\Drivers\KAVSafe.sys> [Logitech PS/2 Mouse Filter Driver / L8042PR2][Running/Manual Start] [Logitech HID/USB Mouse Filter Driver / LHidFlt2][Running/Manual Start] [Logitech USB Receiver device driver / LHidUsb][Running/Manual Start] [Logitech Mouse Class Filter Driver / LMouFlt2][Running/Manual Start] [MHDRV / MHDRV][Running/Auto Start] <\??\C:\WINNT\system32\drivers\mhdrv.sys> [NAVENG / NAVENG][Running/Manual Start] <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081214.003\naveng.sys> [NAVEX15 / NAVEX15][Running/Manual Start] <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081214.003\navex15.sys> [npkcrypt / npkcrypt][Running/Auto Start] <\??\C:\Program Files\Tencent\qq\TMDlls\npkcrypt.sys> [npkcusb / npkcusb][Running/Manual Start] <\??\C:\Program Files\Tencent\qq\TMDlls\npkcusb.sys> [npkycryp / npkycryp][Stopped/Manual Start] <\??\C:\Program Files\Tencent\qq\TMDlls\npkycryp.sys> [nv / nv][Stopped/Manual Start] [nv4 / nv4][Stopped/Manual Start] [DDK PACKET Protocol / Packet][Stopped/Manual Start] <360安全中心> [Padus ASPI Shell / pfc][Stopped/Manual Start] [Direct Parallel Link Driver / Ptilink][Running/Manual Start] [RCMHDOG / RCMHDOG][Running/Auto Start] <\??\C:\WINNT\system32\drivers\rcmhdog.sys> [ROCKEYNT / ROCKEYNT][Running/Auto Start] <\??\C:\WINNT\system32\drivers\Rockeynt.sys> [RsAntiSpyware / RsAntiSpyware][Running/Boot Start] <\SystemRoot\system32\drivers\RsBoot.sys> [Realtek RTL8139-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start] [SafeBoxKrnl / SafeBoxKrnl][Running/System Start] <\??\C:\WINNT\system32\drivers\SafeBoxKrnl.sys><360安全中心> [SAVRT / SAVRT][Running/System Start] <\??\C:\Program Files\Symantec AntiVirus\savrt.sys> [SAVRTPEL / SAVRTPEL][Running/Auto Start] <\??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys> [SENSE3 / SENSE3][Running/Auto Start] [Acronis Snapshots Manager / snapman][Running/Boot Start] <\SystemRoot\system32\DRIVERS\snapman.sys> [SNIFFER Protocol Driver / Sniffer][Running/Auto Start] [Superk5 / Superk5][Running/Auto Start] <\SystemRoot\System32\drivers\superk5.sys> [SymEvent / SymEvent][Running/Manual Start] <\??\C:\Program Files\Symantec\SYMEVENT.SYS> [SYMREDRV / SYMREDRV][Running/Manual Start] <\SystemRoot\System32\Drivers\SYMREDRV.SYS> [SYMTDI / SYMTDI][Running/System Start] <\SystemRoot\System32\Drivers\SYMTDI.SYS> [Acronis TrueImage FS Filter / tifsfilter][Running/Auto Start] [Acronis TrueImage Backup Archive Explorer / timounter][Running/Boot Start] <\SystemRoot\system32\DRIVERS\timntr.sys> [Rainbow China UDA Driver / UDA][Stopped/Manual Start] [Senselock USB Lock driver / USBLOCK][Stopped/Auto Start] [VMware Virtual Ethernet Adapter Driver / VMnetAdapter][Stopped/Manual Start] [Virtual PC Application Services / VPCAppSv][Running/Auto Start] [Performance Tools Driver / VSPerfDrv][Stopped/Manual Start] <\??\C:\Program Files\Microsoft Visual Studio 8\Team Tools\Performance Tools\VSPerfDrv.sys> ================================== 浏览器加载项 [Adobe PDF Reader Link Helper] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [Kingsoft Trojan Webshield] {4E8A5278-C04E-4FE3-BF78-8A7CCD6EF333} [WebProtect] {53763D1D-9CA8-4C7C-9756-A8E6B8FC063B} [Microsoft Web Test Recorder Helper] {62355041-605D-4469-84FD-5D66ED67A7E3} [IcbcBho Class] {90760F64-1931-4AAC-8E2E-AB39AAC071E1} [卡卡上网安全助手] {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} [CBBrowerBuddy Class] {A412E581-59B2-485E-834F-C5F0C0268C79} [Google Toolbar Helper] {AA58ED58-01DD-4d91-8333-CF10577473F7} [Google Toolbar Notifier BHO] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [SafeMon Class] {B69F34DD-F0F9-42DC-9EDD-957187DA688D} [SafeCenterEyeOnIE Class] {D2DA0BDA-D20F-4B0B-98D4-8BEAAE175E6D} [IEBuddyExtControl Class] {3AECD3C1-7085-4731-96DC-47B6CF7EF749} [信息检索(&R)] {92780B25-18CC-41C8-B9BE-3C9C571A8263} [CBBrowerBuddy Class] {A412E581-59B2-485E-834F-C5F0C0268C79} [@shdoclc.dll,-866] {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, > [Fiddler2] {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} <"C:\Program Files\Fiddler2\Fiddler.exe", N/A> [电台(&R)] {8E718888-423F-11D2-876E-00A0C9082467} [FlashGet Bar] {E0E899AB-F487-11D5-8D29-0050BA6940E3} [&Google] {2318C2B1-4965-11d4-9B18-009027A5CD4F} [工行工具栏] {DBAC56F9-1623-425F-BC03-EB2602F423A0} [Edit Class] {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} [CKAVWebScan Object] {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} [Windows Genuine Advantage Validation Tool] {17492023-C23A-453E-A040-C7C580BBF700} [EditCtrl Class] {488A4255-3236-44B3-8F27-FA1AECAA8844} [Windows Live Safety Center Base Module] {5ED80217-570B-4DA9-BF44-BE107C0EC166} [WUWebControl Class] {6414512B-B978-451D-A0D8-FCFDF33E833C} [MUWebControl Class] {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [AxInputControl Class] {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} [RavOnline Class] {9FAFB576-6933-4CCC-AB3D-B988EC43D04E} [UploadFilePartition Class] {A877BA28-1F7E-4876-B299-50B3199A1A5D} [ScreenCapture Class] {BFB79EE1-04AE-4D4A-B85E-27EE5F30C095} [Tencent Safety Online Base Module] {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [KUpdateObj2 Class] {D82303B7-A754-4DCB-8AFC-8CF99435AACE} [Rising Web Scan Object] {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} [IFlashGetNetscapeEx Class] {116BA71C-8187-4F15-9A1F-C9D6289155D1} [WangWangObj Class] {6E213FC7-DD5A-4115-B7E6-D4C7838C361E} [360SafeLive] {87515F61-A66C-4319-A0E0-D416CB8059E3} [] {FB5DA724-162B-11D3-8B9B-AA70B4B0B525} <, > [使用快车(Flas&hGet)下载] [使用快车(Flash&Get)下载全部链接] [使用网际快车下载] [使用网际快车下载全部链接] [在Foxmail中添加该RSS频道/频道组] [添加到QQ表情] ================================== 正在运行的进程 [PID: 260][\SystemRoot\System32\smss.exe] [(Verified) Microsoft Corporation, 5.00.2195.6601] [PID: 288][\??\C:\WINNT\system32\csrss.exe] [(Verified) Microsoft Corporation, 5.00.2195.6601] [PID: 284][\??\C:\WINNT\system32\winlogon.exe] [(Verified) Microsoft Corporation, 5.00.2195.6997] [C:\WINNT\system32\ATL.DLL] [Microsoft Corporation, 3.00.9782] [C:\WINNT\system32\NavLogon.dll] [Symantec Corporation, 9.0.0.338] [PID: 336][C:\WINNT\system32\services.exe] [(Verified) Microsoft Corporation, 5.00.2195.7035] [C:\WINNT\system32\dmserver.dll] [VERITAS Software Corp., 2195.6605.297.3] [PID: 348][C:\WINNT\system32\lsass.exe] [(Verified) Microsoft Corporation, 5.00.2195.7011] [PID: 584][C:\WINNT\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe] [Microsoft Corporation, 2.0.50727.1433 (REDBITS.050727-1400)] [C:\WINNT\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [PID: 596][C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe] [Autodesk, 2.70.000] [C:\WINNT\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [PID: 636][C:\Program Files\CMBCHINA\WebProtect\WPService.exe] [China Merchants Bank, 1, 0, 0, 1] [C:\WINNT\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\Program Files\CMBCHINA\WebProtect\WebProtectPlus.dll] [China Merchants Bank, 1, 0, 0, 1] [PID: 644][C:\Program Files\Symantec AntiVirus\DefWatch.exe] [Symantec Corporation, 9.0.0.338] [C:\WINNT\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [PID: 664][C:\WINNT\system32\hidserv.exe] [(Verified) Microsoft Corporation, 5.00.2195.6655] [C:\WINNT\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [PID: 692][C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe] [N/A, ] [C:\WINNT\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [PID: 756][C:\WINNT\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.00.2134.1] [C:\WINNT\system32\nap32.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 1] [PID: 792][C:\WINNT\system32\stisvc.exe] [(Verified) Microsoft Corporation, 5.00.2195.6656] [C:\WINNT\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [PID: 840][C:\Program Files\Symantec AntiVirus\Rtvscan.exe] [Symantec Corporation, 9.0.0.338] [C:\WINNT\system32\CBA.DLL] [Intel? Corporation, 6.12.0.112 E] [C:\WINNT\system32\MsgSys.dll] [Intel? Corporation, 6.12.0.112 E] [C:\WINNT\system32\NTS.dll] [Intel? Corporation, 6.12.0.112 E] [C:\WINNT\system32\PDS.DLL] [Intel? Corporation, 6.12.0.112 E] [C:\Program Files\Symantec AntiVirus\NAVLU.dll] [Symantec Corporation, 9.0.0.338] [C:\WINNT\system32\MFC42.DLL] [Microsoft Corporation, 6.00.9782.0] [C:\Program Files\Symantec AntiVirus\I2ldvp3.dll] [Symantec Corporation, 9.0.0.338] [C:\Program Files\Symantec AntiVirus\ecmldr32.DLL] [Symantec Corp., 1.1.0.3] [C:\WINNT\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\Program Files\Symantec AntiVirus\SAVRT32.DLL] [Symantec Corporation, 9.3.0.28] [C:\Program Files\Symantec AntiVirus\NAVNTUTL.DLL] [Symantec Corporation, 9.0.0.338] [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081214.003\ecmsvr32.dll] [Symantec Corporation, 81.3.0.13] [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081214.003\NAVEX32a.DLL] [Symantec Corporation, 20081.3.0.17] [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20081214.003\NAVENG32.DLL] [Symantec Corporation, 20081.3.0.17] [C:\Program Files\Symantec AntiVirus\IMail.dll] [Symantec Corporation, 9.0.0.338] [C:\Program Files\Symantec AntiVirus\NotesExt.dll] [Symantec Corporation, 9.0.0.338] [C:\Program Files\Symantec AntiVirus\vpmsece.dll] [Symantec Corporation, 9.0.0.338] [C:\Program Files\Common Files\Symantec Shared\SSC\scandlgs.dll] [Symantec Corporation, 9.0.0.338] [C:\WINNT\system32\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0] [C:\Program Files\Symantec AntiVirus\DecSDK.dll] [Symantec Corporation, 3.02.11.32] [C:\Program Files\Symantec AntiVirus\Dec2.dll] [Symantec Corporation, 3.02.11.32] [C:\Program Files\Symantec AntiVirus\Dec2ID.dll] [Symantec Corporation, 3.02.11.32] [C:\Program Files\Symantec AntiVirus\Dec2ZIP.dll] [Symantec Corporation, 3.02.11.32] [C:\Program Files\Symantec AntiVirus\Dec2SS.dll] [Symantec Corporation, 3.02.11.32] [C:\Program Files\Symantec AntiVirus\Dec2GZIP.dll] [Symantec Corporation, 3.02.11.32] [C:\Program Files\Symantec AntiVirus\Dec2CAB.dll] [Symantec Corporation, 3.02.11.32] [C:\Program Files\Symantec AntiVirus\Dec2LHA.dll] [Symantec Corporation, 3.02.11.32] [C:\Program Files\Symantec AntiVirus\Dec2ARJ.dll] [Symantec Corporation, 3.02.11.32] [C:\Program Files\Symantec AntiVirus\Dec2TNEF.dll] [Symantec Corporation, 3.02.11.32] [C:\Program Files\Symantec AntiVirus\Dec2LZ.dll] [Symantec Corporation, 3.02.11.32] [C:\Program Files\Symantec AntiVirus\Dec2AMG.dll] [Symantec Corporation, 3.02.11.32] [C:\Program Files\Symantec AntiVirus\Dec2TAR.dll] [Symantec Corporation, 3.02.11.32] [C:\Program Files\Symantec AntiVirus\Dec2RTF.dll] [Symantec Corporation, 3.02.11.32] [C:\Program Files\Symantec AntiVirus\Dec2Text.dll] [Symantec Corporation, 3.02.11.32] [PID: 896][C:\WINNT\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.00.2134.1] [C:\WINNT\System32\ATL.DLL] [Microsoft Corporation, 3.00.9782] [C:\WINNT\system32\nap32.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 1] [PID: 924][C:\Program Files\UPHClean\uphclean.exe] [Microsoft Corporation, 1.6.30.0] [C:\WINNT\system32\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0] [C:\WINNT\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [PID: 944][C:\WINNT\System32\WBEM\WinMgmt.exe] [(Verified) Microsoft Corporation, 1.50.1085.0100] [C:\WINNT\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [PID: 956][C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe] [Acronis, 1,0,0,216] [C:\WINNT\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [PID: 980][C:\Program Files\StormII\stormliv.exe] [北京暴风网际科技有限公司, 3, 8, 3, 15] [C:\Program Files\StormII\MSVCP60.dll] [Microsoft Corporation, 6.02.3104.0] [C:\WINNT\system32\MFC42.DLL] [Microsoft Corporation, 6.00.9782.0] [C:\WINNT\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [PID: 1004][C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe] [Symantec Corporation, 2.2.0.577] [C:\WINNT\system32\MSVCP70.dll] [Microsoft Corporation, 7.00.9466.0] [C:\WINNT\system32\MSVCR70.dll] [Microsoft Corporation, 7.00.9466.0] [C:\WINNT\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 2.2.0.577] [PID: 1056][C:\Program Files\Kingsoft\KAC\Service\kaccore.exe] [Kingsoft Corporation, 2008,12,03,369] [C:\WINNT\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\Program Files\Kingsoft\KAC\Service\errorreport.dll] [Kingsoft Corporation, 2008,07,23,168] [C:\Program Files\Kingsoft\KAC\Service\dbghelp.dll] [Microsoft Corporation, 6.5.0003.7 (vbl_core_fbrel(jshay).050527-1915)] [C:\Program Files\Kingsoft\KAC\Service\corehelper.dll] [Kingsoft Corporation, 2008,10,20,303] [C:\Program Files\baidu\SafeCenter\productproxy.dll] [N/A, ] [C:\Program Files\baidu\SafeCenter\kacc.dll] [Kingsoft Corporation, 1, 0, 0, 1] [C:\Program Files\baidu\SafeCenter\infoc.dll] [Kingsoft Corporation, 1,0,0,159] [PID: 1120][C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe] [Microsoft Corporation, 7.10.6030] [C:\WINNT\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\Program Files\Common Files\Microsoft Shared\VS7Debug\2052\mdmui.dll] [Microsoft Corporation, 7.10.6030] [C:\Program Files\Common Files\Microsoft Shared\VS7Debug\csm.dll] [Microsoft Corporation, 8.0.50727.762 (SP.050727-7600)] [C:\Program Files\Common Files\Microsoft Shared\VS7Debug\msdbg2.dll] [Microsoft Corporation, 8.0.50727.42 (RTM.050727-4200)] [PID: 1264][C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe] [Symantec Corporation, 2.2.0.577] [C:\WINNT\system32\MSVCP70.dll] [Microsoft Corporation, 7.00.9466.0] [C:\WINNT\system32\MSVCR70.dll] [Microsoft Corporation, 7.00.9466.0] [C:\WINNT\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 2.2.0.577] [C:\PROGRA~1\COMMON~1\SYMANT~1\CCSETEVT.DLL] [Symantec Corporation, 2.2.0.577] [PID: 1176][C:\WINNT\system32\inetsrv\inetinfo.exe] [(Verified) Microsoft Corporation, 5.00.0984] [C:\WINNT\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [PID: 2304][C:\WINNT\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.00.2134.1] [C:\WINNT\system32\nap32.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 1] [PID: 1512][C:\WINNT\Explorer.EXE] [(Verified) Microsoft Corporation, 5.00.3700.6690] [C:\WINNT\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\WINNT\system32\ATL.DLL] [Microsoft Corporation, 3.00.9782] [C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll] [Logitech Inc., 1.1.0] [C:\WINNT\system32\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0] [C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll] [Logitech Inc., 9.79.025] [D:\RTX\BQQHook.dll] [N/A, ] [C:\Program Files\WinRAR\rarext.dll] [N/A, ] [C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll] [Symantec Corporation, 9.0.0.338] [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 7.0.9.2006121800] [C:\WINNT\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.6030.0] [C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO.dll] [Microsoft Corporation, 8.0.50727.762 (SP.050727-7600)] [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1007] [C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll] [N/A, ] [C:\Program Files\Haali\MatroskaSplitter\mkunicode.dll] [N/A, ] [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0] [C:\Program Files\Tencent\qq\TMDlls\qdshm.dll] [, 1, 0, 1, 2] [PID: 2380][C:\WINNT\system32\conime.exe] [(Verified) Microsoft Corporation, 5.00.2195.6655] [C:\WINNT\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [PID: 1520][C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe] [A4Tech Co.,Ltd., 7.42.0.0] [C:\WINNT\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [PID: 408][C:\Program Files\Common Files\Symantec Shared\ccApp.exe] [Symantec Corporation, 2.2.0.577] [C:\WINNT\system32\MSVCP70.dll] [Microsoft Corporation, 7.00.9466.0] [C:\WINNT\system32\MSVCR70.dll] [Microsoft Corporation, 7.00.9466.0] [C:\WINNT\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 2.2.0.577] [C:\Program Files\Symantec\LiveUpdate\ProductRegCom.DLL] [Symantec Corporation, 2.0.39.0] [C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll] [Logitech Inc., 1.1.0] [C:\WINNT\system32\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0] [C:\Program Files\Symantec\LiveUpdate\LuComServerPS.DLL] [Symantec Corporation, 2.0.39.0] [C:\PROGRA~1\COMMON~1\SYMANT~1\CCALERT.DLL] [Symantec Corporation, 2.2.0.577] [C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLPXY.DLL] [Symantec Corporation, 2.2.0.577] [C:\WINNT\system32\SYMREDIR.dll] [Symantec Corporation, 5.3.0.46] [C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll] [Logitech Inc., 9.79.025] [C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll] [Symantec Corporation, 2.2.0.577] [C:\Program Files\Common Files\Symantec Shared\ccProSub.dll] [Symantec Corporation, 2.2.0.577] [C:\Program Files\Symantec AntiVirus\SavEmail.dll] [Symantec Corporation, 9.0.0.338] [PID: 744][C:\PROGRA~1\SYMANT~1\VPTray.exe] [Symantec Corporation, 9.0.0.338] [C:\WINNT\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\Program Files\Symantec AntiVirus\SAVRT32.DLL] [Symantec Corporation, 9.3.0.28] [C:\Program Files\Symantec AntiVirus\Cliproxy.dll] [Symantec Corporation, 9.0.0.338] [C:\PROGRA~1\SYMANT~1\NAVNTUTL.DLL] [Symantec Corporation, 9.0.0.338] [C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll] [Logitech Inc., 1.1.0] [C:\WINNT\system32\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0] [PID: 1256][C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe] [Acronis, 8,0,0,1022] [C:\WINNT\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [PID: 2296][C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe] [Acronis, 1,0,0,216] [C:\WINNT\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll] [Logitech Inc., 1.1.0] [C:\WINNT\system32\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0] [PID: 2136][C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe] [Google Inc., 1, 0, 0, 1] [C:\WINNT\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll] [Logitech Inc., 1.1.0] [C:\WINNT\system32\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0] [PID: 2228][C:\Program Files\Logitech\MouseWare\system\em_exec.exe] [Logitech Inc., 9.79.025] [C:\Program Files\Logitech\MouseWare\system\EVENTEX.dll] [Logitech Inc., 9.79.025] [C:\WINNT\system32\COMNCTR.dll] [Logitech Inc., 9.79.025] [C:\Program Files\Logitech\MouseWare\system\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0] [C:\WINNT\system32\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0] [C:\WINNT\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\Program Files\Logitech\MouseWare\system\ccresrce.dll] [Logitech Inc., 9.79.025] [C:\Program Files\Logitech\MouseWare\system\GlbResLt.dll] [Logitech Inc., 9.79.025] [C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll] [Logitech Inc., 1.1.0] [C:\Program Files\Logitech\MouseWare\System\devices.dll] [Logitech Inc., 9.79.025] [C:\Program Files\Logitech\MouseWare\system\ccstmglb.dll] [Logitech Inc., 9.79.025] [C:\Program Files\Logitech\MouseWare\system\ccustom.dll] [Logitech Inc., 9.79.025] [C:\Program Files\Logitech\MouseWare\system\ccmsghk.dll] [Logitech Inc., 9.79.025] [C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll] [Logitech Inc., 9.79.025] [PID: 976][C:\Program Files\Rising\AntiSpyware\rstray.exe] [Beijing Rising Information Technology Co., Ltd., 21.0.0.16] [C:\WINNT\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\Program Files\Rising\AntiSpyware\rsmginfo.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 8] [C:\Program Files\Rising\AntiSpyware\RsXML.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2] [C:\Program Files\Rising\AntiSpyware\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Rising\AntiSpyware\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Rising\AntiSpyware\ComServ.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.31] [C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [C:\Program Files\Rising\AntiSpyware\rscommon.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.1.1] [C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [C:\Program Files\Rising\AntiSpyware\pngdll.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5] [C:\Program Files\Rising\AntiSpyware\runiep.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.41] [C:\Program Files\Rising\AntiSpyware\NComm.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.6] [C:\Program Files\Rising\AntiSpyware\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [C:\Program Files\Rising\AntiSpyware\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll] [Logitech Inc., 9.79.025] [C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll] [Logitech Inc., 1.1.0] [C:\WINNT\system32\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0] [PID: 2216][C:\WINNT\system32\hkcmd.exe] [Intel Corporation, 6.14.10.4926] [C:\WINNT\system32\hccutils.DLL] [Intel Corporation, 6.14.10.4926] [C:\WINNT\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\WINNT\system32\igfxsrvc.dll] [Intel Corporation, 6.14.10.4926] [C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll] [Logitech Inc., 1.1.0] [C:\WINNT\system32\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0] [PID: 2252][C:\WINNT\system32\igfxpers.exe] [Intel Corporation, 6.14.10.4926] [C:\WINNT\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\WINNT\system32\igfxsrvc.dll] [Intel Corporation, 6.14.10.4926] [C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll] [Logitech Inc., 1.1.0] [C:\WINNT\system32\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0] [PID: 2152][C:\WINNT\system32\igfxsrvc.exe] [Intel Corporation, 6.14.10.4926] [C:\WINNT\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\WINNT\system32\igfxsrvc.dll] [Intel Corporation, 6.14.10.4926] [C:\WINNT\system32\igfxdev.dll] [Intel Corporation, 6.14.10.4926] [C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll] [Logitech Inc., 1.1.0] [C:\WINNT\system32\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0] [PID: 1916][C:\Program Files\Microsoft ActiveSync\wcescomm.exe] [Microsoft Corporation, 4.1.4841.0] [C:\WINNT\system32\CEUTIL.dll] [Microsoft Corporation, 4.1.4841.0] [C:\WINNT\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.6030.0] [C:\WINNT\system32\RAPI.dll] [Microsoft Corporation, 4.1.4841.0] [C:\Program Files\Microsoft ActiveSync\TCP2UDP.dll] [Microsoft Corporation, 4.1.4841.0] [C:\WINNT\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\Program Files\Microsoft ActiveSync\rapiproxystub.dll] [N/A, ] [C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll] [Logitech Inc., 1.1.0] [C:\WINNT\system32\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0] [C:\Program Files\Microsoft ActiveSync\dtptdns.dll] [Microsoft Corporation, 4.1.4841.0] [PID: 2064][C:\WINNT\system32\internat.exe] [(Verified) Microsoft Corporation, 5.00.2920.0000] [C:\WINNT\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll] [Logitech Inc., 1.1.0] [C:\WINNT\system32\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0] [PID: 1884][C:\PROGRA~1\MI3AA1~1\rapimgr.exe] [Microsoft Corporation, 4.1.4841.0] [C:\WINNT\system32\CEUTIL.dll] [Microsoft Corporation, 4.1.4841.0] [C:\WINNT\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.6030.0] [C:\PROGRA~1\MI3AA1~1\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINNT\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\Program Files\Microsoft ActiveSync\rapiproxystub.dll] [N/A, ] [PID: 1228][D:\RTX\rtxc.exe] [Tencent, 3,3,0,2003] [D:\RTX\RTXDbug.dll] [N/A, ] [D:\RTX\Utility.dll] [Tencent, 3,3,0,2003] [D:\RTX\UILib.dll] [Tencent, 3,3,0,2003] [D:\RTX\gdiplus.dll] [Microsoft Corporation, 5.1.3102.3352 (xpsp_sp2_qfe.080415-1302)] [D:\RTX\Crypt.dll] [N/A, ] [D:\RTX\BqqZip.dll] [N/A, ] [D:\RTX\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0] [D:\RTX\CameraWnd.dll] [Tencent, 3,3,0,2003] [C:\WINNT\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [D:\RTX\QQRes.dll] [N/A, ] [C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [D:\RTX\RICHED20.DLL] [Microsoft Corporation, 5.30.23.1205] [C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll] [Logitech Inc., 9.79.025] [D:\RTX\Core.dll] [Tencent, 3,3,0,2003] [D:\RTX\MPBase.dll] [Tencent, 3,3,0,2003] [D:\RTX\ProxySocketLib.dll] [Tencent, 3,3,0,2003] [D:\RTX\Parser.dll] [Tencent, 3,3,0,2003] [D:\RTX\MsgRec.dll] [N/A, ] [D:\RTX\MsgDb.dll] [N/A, ] [D:\RTX\libdb42.dll] [Sleepycat Software, 4.2.52] [D:\RTX\BQQApi.dll] [Tencent, 3,3,0,2003] [D:\RTX\Store.dll] [Tencent, 3,3,0,2003] [D:\RTX\ClientAPI.dll] [Tencent, 3,3,0,2003] [C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll] [Logitech Inc., 1.1.0] [D:\RTX\QQSkin.dll] [Tencent, 3,3,0,2003] [D:\RTX\ATL.DLL] [Microsoft Corporation, 3.00.8168] [D:\RTX\NewSkin.dll] [Tencent, 3,3,0,2003] [D:\RTX\BQQHook.dll] [N/A, ] [D:\RTX\DeptHideSet.dll] [Tencent, 3,3,0,2003] [D:\RTX\RTCBuddy.dll] [Tencent, 3,3,0,2003] [D:\RTX\vbscript.dll] [Microsoft Corporation, 5.6.0.7426] [D:\RTX\RTXInfoComm.dll] [Tencent, 3,3,0,2003] [D:\RTX\IntegrationIM.dll] [Tencent, 3,3,0,2003] [D:\RTX\SendFile.dll] [Tencent, 3,3,0,2003] [D:\RTX\BQQAVPlugin.dll] [Tencent, 3,3,0,2003] [PID: 1964][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2800.1106] [C:\WINNT\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll] [Logitech Inc., 9.79.025] [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 7.0.9.2006121800] [C:\WINNT\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.6030.0] [C:\Program Files\baidu\safecenter\iebuddy.dll] [Kingsoft Corporation, 2008,05,15,156] [C:\Program Files\baidu\safecenter\iebuddyext.dll] [Kingsoft Corporation, 2007,09,29,200] [C:\Program Files\CMBCHINA\WebProtect\WebProtect.dll] [China Merchants Bank, 1, 0, 0, 1] [C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO.dll] [Microsoft Corporation, 8.0.50727.762 (SP.050727-7600)] [C:\Program Files\中国工商银行\工行IE浏览器安全插件\IcbcToolBar.dll] [中国工商银行, 1.0.0.1] [C:\WINNT\system32\UrlFilter.dll] [Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 15] [C:\WINNT\system32\ATL.DLL] [Microsoft Corporation, 3.00.9782] [C:\Program Files\Rising\AntiSpyware\UrlRule.dll] [Beijing Rising Information Technology Co., Ltd., 1.0.0.15] [C:\Program Files\Kingsoft\PowerWord Lite\CBEBand.dll] [Copyright (c) Kingsoft Corporation Limited. All rights reserved., 0.0.1.2] [c:\program files\google\googletoolbar2.dll] [Google Inc., 4, 0, 1606, 6690] [C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll] [Google Inc., 2, 0, 301, 7164] [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1007] [C:\Program Files\baidu\safecenter\safecenterstatus.dll] [Kingsoft Corporation, 2008,07,02,143] [C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll] [Logitech Inc., 1.1.0] [C:\WINNT\system32\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0] [D:\RTX\BQQHook.dll] [N/A, ] [C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll] [N/A, ] [C:\Program Files\Haali\MatroskaSplitter\mkunicode.dll] [N/A, ] [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0] [C:\WINNT\system32\Macromed\Flash\Flash10a.ocx] [Adobe Systems, Inc., 10,0,12,36] [C:\WINNT\system32\msjava.dll] [Microsoft Corporation, 5.00.3810] [C:\WINNT\system32\VMHELPER.DLL] [Microsoft Corporation, 5.00.3810] [C:\Program Files\Common Files\Microsoft Shared\VS7Debug\pdm.dll] [Microsoft Corporation, 8.0.50727.762 (SP.050727-7600)] [C:\WINNT\system32\JAVALE.DLL] [Microsoft Corporation, 6.00.8424] [C:\WINNT\system32\JIT.DLL] [Microsoft Corporation, 5.00.3810] [C:\WINNT\system32\javart.dll] [Microsoft Corporation, 5.00.3810] [C:\WINNT\system32\msawt.dll] [Microsoft Corporation, 5.00.3810] [C:\WINNT\system32\javacypt.dll] [Microsoft Corporation, 5.00.3810] [C:\WINNT\system32\GOOGLEPINYIN.IME] [Google Inc., ] [C:\WINNT\Downloaded Program Files\RavOLCtl.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.17] [PID: 2272][C:\WINNT\system32\taskmgr.exe] [(Verified) Microsoft Corporation, 5.00.2195.6620] [C:\WINNT\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll] [Logitech Inc., 9.79.025] [C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll] [Logitech Inc., 1.1.0] [C:\WINNT\system32\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0] [PID: 1748][C:\Program Files\Rising\AntiSpyware\ras.exe] [Beijing Rising Information Technology Co., Ltd., 6.0.0.7] [C:\Program Files\Rising\AntiSpyware\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Rising\AntiSpyware\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINNT\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\WINNT\system32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.6030.0] [C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll] [Logitech Inc., 9.79.025] [C:\Program Files\Rising\AntiSpyware\KakaMgr.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.27] [C:\Program Files\Rising\AntiSpyware\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [C:\Program Files\Rising\AntiSpyware\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [C:\Program Files\Rising\AntiSpyware\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [C:\Program Files\Rising\AntiSpyware\dbmgr.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.4] [C:\Program Files\Rising\AntiSpyware\RSXML.DLL] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2] [C:\Program Files\Rising\AntiSpyware\pweb.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.19] [C:\Program Files\Rising\AntiSpyware\pscan.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.59] [C:\Program Files\Rising\AntiSpyware\NComm.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.6] [C:\Program Files\Rising\AntiSpyware\pset.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.12] [C:\Program Files\Rising\AntiSpyware\pdefend.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.14] [C:\Program Files\Rising\AntiSpyware\ptools.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.16] [C:\Program Files\Rising\AntiSpyware\psysinfo.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.56] [C:\Program Files\Rising\AntiSpyware\PngDll.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5] [C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll] [Logitech Inc., 1.1.0] [C:\WINNT\system32\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0] [D:\RTX\BQQHook.dll] [N/A, ] [C:\WINNT\system32\ATL.dll] [Microsoft Corporation, 3.00.9782] [PID: 220][C:\Program Files\Rising\AntiSpyware\knownsvr.exe] [Beijing Rising Information Technology Co., Ltd., 6.0.0.14] [C:\Program Files\Rising\AntiSpyware\NComm.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.6] [C:\WINNT\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [PID: 2088][D:\Download\sreng2\SREngLdr.EXE] [Smallfrogs Studio, 2.7.0.1210] [PID: 548][D:\Download\sreng2\SRE4b3e068f.EXE] [Smallfrogs Studio, 2.7.0.1210] [C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll] [Logitech Inc., 9.79.025] [C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll] [Logitech Inc., 1.1.0] [C:\WINNT\system32\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0] [D:\RTX\BQQHook.dll] [N/A, ] [D:\Download\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15] [C:\WINNT\system32\ATL.DLL] [Microsoft Corporation, 3.00.9782] ================================== 文件关联 .TXT Error. [C:\WINNT\notepad.exe %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM Error. ["hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI Error. [UltraEdit.ini] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS Error. [C:\WINNT\WScript.exe "%1" %*] .JS Error. [C:\WINNT\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 N/A ================================== Autorun.inf N/A ================================== HOSTS 文件 127.0.0.1 localhost 192.168.3.6 tyfovcrm ================================== 进程特权扫描特殊特权被允许： SeSystemtimePrivilege [PID = 956, C:\PROGRAM FILES\COMMON FILES\ACRONIS\SCHEDULE2\SCHEDUL2.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 1120, C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE] 特殊特权被允许： SeSystemtimePrivilege [PID = 1120, C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 1520, C:\PROGRA~1\A4TECH\MOUSE\AMOUMAIN.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 1256, C:\PROGRAM FILES\ACRONIS\TRUEIMAGE\TRUEIMAGEMONITOR.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 2296, C:\PROGRAM FILES\COMMON FILES\ACRONIS\SCHEDULE2\SCHEDHLP.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 2228, C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 1916, C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 1884, C:\PROGRA~1\MI3AA1~1\RAPIMGR.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 1228, D:\RTX\RTXC.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 2088, D:\DOWNLOAD\SRENG2\SRENGLDR.EXE] ================================== 计划任务 [已启用] Symantec NetDetect.job C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE ================================== API HOOK N/A ================================== 隐藏进程 N/A ================================== [/CODE]