[CODE]

2009-01-04,21:50:21

System Repair Engineer 2.7.0.1210
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 3 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描
    计划任务
    API HOOK
    隐藏进程


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <ATICCC><"C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe">  []
    <Broadcom Wireless Manager UI><C:\WINDOWS\system32\WLTRAY.exe>  [Dell Inc.]
    <Adobe Reader Speed Launcher><"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe">  [(Verified)"Adobe Systems, Incorporated"]
    <Microsoft Pinyin IME Migration><C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL>  [(Verified)Microsoft Corporation]
    <RisTray><"C:\Program Files\Rising\Ris\RsTray.exe" -system>  [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <Ris><"C:\Program Files\Rising\Ris\Update\Setup.exe" /UPDATE /S /ONCE>  [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <WebCheck><%SystemRoot%\system32\webcheck.dll>  [(Verified)Microsoft Windows Component Publisher]
    <SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
    <WinlogonNotify: dimsntfy><%SystemRoot%\System32\dimsntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [Microsoft Corporation]

==================================
启动文件夹
[Adobe Gamma Loader]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Gamma Loader.lnk --> C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.]><N>
[桌面管理器]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\桌面管理器.lnk --> C:\PROGRA~1\RESEAR~1\BLACKB~1\DESKTO~1.EXE [Research In Motion Limited]><N>

==================================
服务
[3ware Controller Service / 3wareSrv][Stopped/Auto Start]
  <C:\WINDOWS\System32\3wareSrv.exe><N/A>
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
  <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[Contrl Center of Storm Media / ccosm][Running/Auto Start]
  <C:\Program Files\StormII\stormliv.exe /asservice><北京暴风网际科技有限公司>
[Help and Support / helpsvc][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><N/A>
[NetMeeting Remote Desktop Sharing / mnmsrvc][Stopped/Manual Start]
  <C:\WINDOWS\system32\mnmsrvc.exe><(File is missing)>
[myingfas / myingfas][Running/Auto Start]
  <C:\\IngFasData\bin\mysqld-nt.exe myingfas><N/A>
[Ris Process Communication Center / RisCCenter][Stopped/Auto Start]
  <C:\Program Files\Rising\Ris\CCENTER.EXE><Beijing Rising Information Technology Co., Ltd.>
[Rising RisTask Manager / RisTask][Running/Auto Start]
  <"C:\Program Files\Rising\Ris\RavTask.exe" RisTask><Beijing Rising Information Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
  <C:\Program Files\Rising\Ris\RavMonD.exe><Beijing Rising Information Technology Co., Ltd.>
[Rising Scan Service / RsScanSrv][Stopped/Auto Start]
  <C:\Program Files\Rising\Ris\ScanFrm.exe><Beijing Rising Information Technology Co., Ltd.>
[Windows Network Media Service / UiPlayer][Running/Auto Start]
  <C:\Program Files\UiTV\UiPlayer\msrv.exe><UiTV Corporation>
[Dell Wireless WLAN Tray Service / wltrysvc][Running/Auto Start]
  <C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe><N/A>

==================================
驱动程序
[aaatimeo / aaatimeo][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\aaatimeo.sys><Microsoft Corporation>
[ADI UAA Function Driver for High Definition Audio Service / ADIHdAudAddService][Stopped/Manual Start]
  <system32\drivers\ADIHdAud.sys><N/A>
[AE Audio Service / AEAudio][Stopped/Manual Start]
  <system32\drivers\AEAudio.sys><N/A>
[AFAMgt / AFAMgt][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\afamgt.sys><Adaptec, Inc.>
[ahcix86 / ahcix86][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\ahcix86.sys><ATI Technologies Inc.>
[AliIde / AliIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD AGP Bus Filter Driver / amdagp][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\amdagp.sys><Advanced Micro Devices, Inc.>
[amdbusdr / amdbusdr][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\amdbusdr.sys><AMD>
[AMD EIDE 驱动程衼E / amdeide][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\AmdEide.sys><AMD>
[amdide / amdide][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\amdide.sys><Advanced Micro Devices>
[AMD Processor Driver / AmdK8][Running/System Start]
  <System32\DRIVERS\amdk8.sys><Advanced Micro Devices>
[SiI-3112 SATALink  Controller / ASH1205][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\ASH1205.sys><Silicon Image, Inc.>
[ata1200a / ata1200a][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\ata1200a.sys><Adaptec, Inc.>
[ati2mtag / ati2mtag][Running/Manual Start]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[atiide / atiide][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\atiide.sys><ATI Technologies Inc.>
[Promise driver accelerator / bb-run][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\bb-run.sys><Promise Technology, Inc.>
[DELL 无线网卡驱动程序 / BCM43XX][Running/Manual Start]
  <system32\DRIVERS\bcmwl5.sys><Broadcom Corporation>
[Broadcom 440x 10/100 Integrated Controller XP Driver / bcm4sbxp][Running/Manual Start]
  <system32\DRIVERS\bcm4sbxp.sys><Broadcom Corporation>
[DELL CERC SATA 1.5/6ch RAID Miniport Driver / cercsr6][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\cercsr6.sys><Adaptec, Inc.>
[CmdIde / CmdIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[Cpq32fs2 / Cpq32fs2][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\Cpq32fs2.sys><Hewlett-Packard Company>
[Dritek Keyboard Filter Driver / DKbFltr][Running/Manual Start]
  <system32\DRIVERS\DKbFltr.sys><Dritek System Inc.>
[Promise Removable Disk Control Driver / dontgo][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\DontGo.sys><Promise Technology, Inc.>
[fttxr52P / fttxr52P][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\fttxr52P.sys><Promise Technology, Inc.>
[Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HpCISSm2 / HpCISSm2][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\HpCISSm2.sys><Hewlett-Packard Company>
[hptmv6 / hptmv6][Stopped/Boot Start]
  <\SystemRoot\system32\DRIVERS\hptmv6.sys><HighPoint Technologies, Inc.>
[HSFHWAZL / HSFHWAZL][Running/Manual Start]
  <system32\DRIVERS\VSTAZL3.SYS><Conexant Systems, Inc.>
[HSF_DPV / HSF_DPV][Running/Manual Start]
  <system32\DRIVERS\VSTDPV3.SYS><Conexant Systems, Inc.>
[Intel  RAID Controller / iaStor55][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\iaStor55.sys><Intel Corporation>
[Intel RAID  Controller / iaStor70][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\iaStor70.sys><Intel Corporation>
[mv61xx / mv61xx][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\mv61xx.sys><Marvell Semiconductor, Inc.>
[mvSata / mvSata][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\mvsata.sys><Marvell Semiconductors Inc.>
[nvgts / nvgts][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\nvgts.sys><NVIDIA Corporation>
[NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\nvrd32.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[QKeyServiceDisplay / QKeyService][Running/Boot Start]
  <\SystemRoot\system32\KeyCrypt.sys><Tencent Technology (Shenzhen) Company Limited>
[ql2100 / ql2100][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\ql2100.sys><QLogic Corporation>
[ql2200 / ql2200][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\ql2200.sys><QLogic Corporation>
[Rising RfwBase Driver / RfwBase9][Running/Manual Start]
  <system32\DRIVERS\rfwbase.sys><Beijing Rising Information Technology Co., Ltd.>
[rfwtdi / rfwtdi][Running/Auto Start]
  <\??\C:\Program Files\Rising\Ris\rfwtdi.sys><Beijing Rising Information Technology Co., Ltd.>
[rimmptsk / rimmptsk][Running/Auto Start]
  <system32\DRIVERS\rimmptsk.sys><REDC>
[BlackBerry 智能手机 / RimUsb][Stopped/Manual Start]
  <System32\Drivers\RimUsb.sys><Research In Motion Limited>
[RIM Virtual Serial Port v2 / RimVSerPort][Running/Manual Start]
  <system32\DRIVERS\RimSerial.sys><Research in Motion Ltd>
[rr172x / rr172x][Stopped/Boot Start]
  <\SystemRoot\system32\DRIVERS\rr172x.sys><HighPoint Technologies, Inc.>
[rr174x / rr174x][Stopped/Boot Start]
  <\SystemRoot\system32\DRIVERS\rr174x.sys><HighPoint Technologies, Inc.>
[rr2340 / rr2340][Stopped/Boot Start]
  <\SystemRoot\system32\DRIVERS\rr2340.sys><HighPoint Technologies, Inc.>
[rsfwdrv / rsfwdrv][Running/Auto Start]
  <\??\C:\Program Files\Rising\Ris\rsfwdrv.sys><Beijing Rising Information Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Information Technology Co., Ltd.>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SenFilt Service / SenFiltService][Stopped/Manual Start]
  <system32\drivers\Senfilt.sys><N/A>
[SATALink External Device Filter / SiRemFil][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\SiRemFil.sys><Silicon Image, Inc.>
[SIS AGP Bus Filter / sisagp][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\sisagp.sys><Silicon Integrated Systems Corporation>
[sisraidx / sisraidx][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\sisraidx.sys><Silicon Integrated Systems Corp.>
[SigmaTel High Definition Audio CODEC / STHDA][Running/Manual Start]
  <system32\drivers\sthda.sys><SigmaTel, Inc.>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[TesSafe / TesSafe][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>
[ViBus / ViBus][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\ViBus.sys><VIA Technologies, Inc.>
[videX32 / videX32][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\videX32.sys><VIA Technologies, Inc.>
[VIA SATA IDE Device Driver / ViPrt][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\ViPrt.sys><VIA Technologies, Inc.>
[winachsf / winachsf][Running/Manual Start]
  <system32\DRIVERS\VSTCNXT3.SYS><Conexant Systems, Inc.>
[VIA SATA IDE Hot-plug Driver / xfilt][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\xfilt.sys><VIA Technologies,Inc>

==================================
浏览器加载项
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL, (Signed) Microsoft Corporation>
[]
  {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A>
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <D:\Program Files\360safe\live.dll, (Signed) 360.cn>
[]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <, >
[]
  {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} <, >
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, (Signed) Adobe Systems, Inc.>
[]
  {E2E2DD38-D088-4134-82B7-F2BA38496583} <, >
[导出到 Microsoft Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
正在运行的进程
[PID: 712 / SYSTEM][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1228 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1256 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4140]
[PID: 1300 / SYSTEM][C:\WINDOWS\system32\services.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1312 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1484 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4140]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2503]
[PID: 1504 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1592 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1812 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1880 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 2032 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4140]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2503]
    [C:\WINDOWS\system32\ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4140]
[PID: 256 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 552 / SYSTEM][C:\WINDOWS\System32\WLTRYSVC.EXE]  [N/A, ]
    [C:\WINDOWS\System32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
[PID: 572 / SYSTEM][C:\WINDOWS\System32\bcmwltry.exe]  [Dell Inc., 4.10.47.3]
    [C:\WINDOWS\System32\bcm1xsup.dll]  [N/A, ]
    [C:\WINDOWS\System32\bcmwlpkt.dll]  [CACE Technologies, 3, 1, 0, 27]
    [C:\WINDOWS\System32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\System32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\System32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\System32\atl71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\System32\wltrynt.dll]  [Broadcom Corporation, 4.10.47.3]
[PID: 592 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1052 / Administrator][C:\WINDOWS\Explorer.EXE]  [(Verified) Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 8.1.0.0]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.CHS]  [Adobe Systems, Inc., 8.0.0.0]
    [C:\WINDOWS\system32\shdoclc.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 3.6.0.1653]
    [C:\WINDOWS\system32\browselc.dll]  [Microsoft Corporation, 6.00.2600.0000]
[PID: 1532 / Administrator][C:\WINDOWS\system32\WLTRAY.exe]  [Dell Inc., 4.10.47.3]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\atl71.dll]  [Microsoft Corporation, 7.10.3077.0]
[PID: 1512 / Administrator][C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE]  [ATI Technologies Inc., 1.11.0.0]
    [C:\WINDOWS\system32\mscoree.dll]  [Microsoft Corporation, 1.1.4322.573]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll]  [Microsoft Corporation, 1.1.4322.573]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll]  [Microsoft Corporation, 1.1.4322.573]
    [c:\windows\microsoft.net\framework\v1.1.4322\mscorlib.dll]  [Microsoft Corporation, 1.1.4322.573]
    [c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_a2251625\mscorlib.dll]  [N/A, ]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll]  [Microsoft Corporation, 1.1.4322.573]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSCORJIT.DLL]  [Microsoft Corporation, 1.1.4322.573]
    [c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll]  [Microsoft Corporation, 1.1.4322.573]
    [c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_fe22855d\system.windows.forms.dll]  [N/A, ]
    [c:\program files\ati technologies\ati.ace\cli.implementation.dll]  [ATI Technologies Inc., 1.2.2460.36578]
    [c:\program files\ati technologies\ati.ace\log.foundation.dll]  [ATI Technologies Inc., 1.2.2208.29985]
    [c:\program files\ati technologies\ati.ace\cli.foundation.dll]  [ATI Technologies Inc., 1.2.2208.29986]
    [c:\program files\ati technologies\ati.ace\log.foundation.service.dll]  [ATI Technologies Inc., 1.2.2460.36737]
    [c:\program files\ati technologies\ati.ace\log.foundation.shared.dll]  [ATI Technologies Inc., 1.2.2208.29991]
    [c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll]  [Microsoft Corporation, 1.1.4322.573]
    [c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_abd68454\system.dll]  [N/A, ]
    [c:\program files\ati technologies\ati.ace\cli.foundation.xmanifestation.dll]  [ATI Technologies Inc., 1.2.2460.36738]
    [c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll]  [Microsoft Corporation, 1.1.4322.573]
    [c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_1bb56c10\system.xml.dll]  [N/A, ]
    [c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll]  [Microsoft Corporation, 1.1.4322.573]
    [c:\program files\ati technologies\ati.ace\cli.component.runtime.dll]  [ATI Technologies Inc., 1.2.2460.36741]
    [c:\program files\ati technologies\ati.ace\aticccom.dll]  [ATI Technologies Inc., 1.0.0.0]
    [c:\program files\ati technologies\ati.ace\aem.foundation.dll]  [ATI Technologies Inc., 1.2.2208.29985]
    [c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll]  [Microsoft Corporation, 1.1.4322.573]
    [c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_ec1c3a13\system.drawing.dll]  [N/A, ]
    [c:\program files\ati technologies\ati.ace\cli.caste.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2208.29987]
    [c:\program files\ati technologies\ati.ace\cli.caste.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2460.36732]
    [c:\program files\ati technologies\ati.ace\cli.component.runtime.shared.dll]  [ATI Technologies Inc., 1.2.2208.29988]
    [c:\program files\ati technologies\ati.ace\dem.foundation.dll]  [ATI Technologies Inc., 1.11.0.0]
    [c:\program files\ati technologies\ati.ace\dem.graphics.i0601.dll]  [ATI Technologies Inc., 2.0.2344.17361]
    [c:\program files\ati technologies\ati.ace\ace.graphics.displaysmanager.shared.dll]  [ATI Technologies Inc., 1.11.0.0]
    [c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll]  [Microsoft Corporation, 1.1.4322.573]
    [c:\windows\system32\atidemgr.dll]  [ATI Technologies Inc., 1.2.2456.36741]
    [c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll]  [Microsoft Corporation, 1.1.4322.573]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll]  [Microsoft Corporation, 1.1.4322.573]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\perfcounter.dll]  [Microsoft Corporation, 1.1.4322.573]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll]  [Microsoft Corporation, 1.1.4322.573]
    [c:\program files\ati technologies\ati.ace\cli.aspect.multivpu3.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2460.36616]
    [c:\program files\ati technologies\ati.ace\cli.aspect.multivpu3.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2302.19274]
    [c:\program files\ati technologies\ati.ace\cli.aspect.multivpu2.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2460.36575]
    [c:\program files\ati technologies\ati.ace\cli.aspect.multivpu2.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2208.29991]
    [c:\program files\ati technologies\ati.ace\cli.aspect.multivpu.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2460.36640]
    [c:\program files\ati technologies\ati.ace\cli.aspect.multivpu.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2208.30001]
    [c:\program files\ati technologies\ati.ace\cli.aspect.verylargedesktop.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2460.36615]
    [c:\program files\ati technologies\ati.ace\cli.aspect.verylargedesktop.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2208.29993]
    [c:\program files\ati technologies\ati.ace\cli.aspect.radeon3d.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2460.36658]
    [c:\program files\ati technologies\ati.ace\cli.aspect.radeon3dlegacy.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2460.36655]
    [c:\program files\ati technologies\ati.ace\cli.aspect.displayscolour2.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2460.36622]
    [c:\program files\ati technologies\ati.ace\cli.aspect.displayscolour2.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2208.30007]
    [c:\program files\ati technologies\ati.ace\cli.aspect.displayscolour.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2460.36689]
    [c:\program files\ati technologies\ati.ace\cli.aspect.displayscolour.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2208.29990]
    [c:\program files\ati technologies\ati.ace\cli.aspect.mmvideo.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2460.36673]
    [c:\program files\ati technologies\ati.ace\cli.aspect.mmvideo.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2208.30001]
    [c:\program files\ati technologies\ati.ace\cli.aspect.videooverlay.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2460.36648]
    [c:\program files\ati technologies\ati.ace\cli.aspect.videooverlay.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2208.29989]
    [c:\program files\ati technologies\ati.ace\ace.graphics.videooverlay.shared.dll]  [ATI Technologies Inc., 1.11.0.0]
    [c:\program files\ati technologies\ati.ace\cli.aspect.smartgart.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2460.36652]
    [c:\program files\ati technologies\ati.ace\cli.aspect.vpurecover.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2460.36645]
    [c:\program files\ati technologies\ati.ace\cli.aspect.vpurecover.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2208.29988]
    [c:\program files\ati technologies\ati.ace\cli.aspect.workstationconfig.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2460.36643]
    [c:\program files\ati technologies\ati.ace\cli.aspect.devicecrt.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2460.36709]
    [c:\program files\ati technologies\ati.ace\cli.aspect.devicecrt.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2236.29147]
    [c:\program files\ati technologies\ati.ace\cli.aspect.devicecrt2.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2460.36628]
    [c:\program files\ati technologies\ati.ace\cli.aspect.devicecrt2.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2236.29162]
    [c:\program files\ati technologies\ati.ace\cli.aspect.devicelcd.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2460.36700]
    [c:\program files\ati technologies\ati.ace\cli.aspect.devicelcd.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2208.29994]
    [c:\program files\ati technologies\ati.ace\cli.aspect.devicelcd2.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2460.36622]
    [c:\program files\ati technologies\ati.ace\cli.aspect.devicelcd2.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2208.29993]
    [c:\program files\ati technologies\ati.ace\cli.aspect.devicecv.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2460.36706]
    [c:\program files\ati technologies\ati.ace\cli.aspect.devicecv.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2341.28028]
    [c:\program files\ati technologies\ati.ace\cli.aspect.customformats.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2341.28007]
    [c:\program files\ati technologies\ati.ace\cli.aspect.devicecv2.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2460.36631]
    [c:\program files\ati technologies\ati.ace\cli.aspect.devicecv2.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2341.28018]
    [c:\program files\ati technologies\ati.ace\cli.aspect.devicetv2.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2460.36696]
    [c:\program files\ati technologies\ati.ace\cli.aspect.devicetv.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2460.36692]
    [c:\program files\ati technologies\ati.ace\cli.aspect.devicedfp.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2460.36702]
    [c:\program files\ati technologies\ati.ace\cli.aspect.devicedfp.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2341.28013]
    [c:\program files\ati technologies\ati.ace\cli.aspect.devicedfp2.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2460.36625]
    [c:\program files\ati technologies\ati.ace\cli.aspect.devicedfp2.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2341.28023]
    [c:\program files\ati technologies\ati.ace\cli.aspect.overdrive3.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2460.36665]
    [c:\program files\ati technologies\ati.ace\cli.aspect.overdrive3.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2279.31385]
    [c:\program files\ati technologies\ati.ace\cli.aspect.overdrive2.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2460.36670]
    [c:\program files\ati technologies\ati.ace\cli.aspect.powerplay3.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2460.36662]
    [c:\program files\ati technologies\ati.ace\cli.aspect.powerplay3.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2208.29989]
    [c:\program files\ati technologies\ati.ace\cli.aspect.displaysoptions.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2460.36683]
    [c:\program files\ati technologies\ati.ace\cli.aspect.integratedumaframebuffer.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2460.36677]
    [c:\program files\ati technologies\ati.ace\cli.aspect.infocentre.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2460.36680]
    [c:\program files\ati technologies\ati.ace\cli.aspect.infocentre.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2208.29990]
    [c:\program files\ati technologies\ati.ace\cli.aspect.hotkeyshandling.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2460.36634]
    [c:\program files\ati technologies\ati.ace\cli.aspect.hotkeyshandling.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2208.30002]
    [c:\program files\ati technologies\ati.ace\cli.aspect.radeon3d.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2232.28756]
    [c:\program files\ati technologies\ati.ace\cli.aspect.radeon3dlegacy.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2232.28758]
    [c:\program files\ati technologies\ati.ace\dem.graphics.i0600.dll]  [ATI Technologies Inc., 1.11.0.0]
    [c:\program files\ati technologies\ati.ace\cli.aspect.smartgart.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2208.29990]
    [c:\program files\ati technologies\ati.ace\cli.aspect.workstationconfig.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2390.25922]
    [c:\program files\ati technologies\ati.ace\cli.aspect.deviceproperty.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2208.29987]
    [c:\program files\ati technologies\ati.ace\dem.graphics.i0602.dll]  [ATI Technologies Inc., 1.11.0.0]
    [c:\program files\ati technologies\ati.ace\cli.aspect.deviceproperty2.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2208.29986]
    [c:\program files\ati technologies\ati.ace\cli.aspect.devicetv2.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2307.27448]
    [c:\program files\ati technologies\ati.ace\cli.aspect.devicetv.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2307.27453]
    [c:\program files\ati technologies\ati.ace\cli.aspect.overdrive2.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2412.27525]
    [c:\program files\ati technologies\ati.ace\cli.aspect.displaysoptions.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2208.29993]
    [c:\program files\ati technologies\ati.ace\cli.aspect.integratedumaframebuffer.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2208.29988]
    [c:\program files\ati technologies\ati.ace\apm.foundation.dll]  [ATI Technologies Inc., 1.2.2208.30002]
[PID: 1656 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1900 / Administrator][C:\Program Files\Rising\Ris\rsnetsvr.exe]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
    [C:\Program Files\Rising\Ris\NComm.dll]  [Beijing Rising Information Technology Co., Ltd., 6.0.0.9]
    [C:\Program Files\Rising\Ris\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [C:\Program Files\Rising\Ris\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [C:\Program Files\Rising\Ris\ProcComm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
[PID: 1016 / SYSTEM][C:\Program Files\StormII\stormliv.exe]  [北京暴风网际科技有限公司, 3, 8, 3, 15]
    [C:\Program Files\StormII\MSVCP60.dll]  [Microsoft Corporation, 6.02.3104.0]
[PID: 1188 / SYSTEM][C:\IngFasData\bin\mysqld-nt.exe]  [N/A, ]
[PID: 1588 / SYSTEM][C:\Program Files\Rising\Ris\RavTask.exe]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 22]
    [C:\Program Files\Rising\Ris\rsconf.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [C:\Program Files\Rising\Ris\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
    [C:\Program Files\Rising\Ris\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.13]
    [C:\Program Files\Rising\Ris\proccomm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Rising\Ris\rsstub.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
    [C:\Program Files\Rising\Ris\rstask.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 33]
[PID: 2660 / SYSTEM][C:\Program Files\UiTV\UiPlayer\msrv.exe]  [UiTV Corporation, 1, 0, 1, 4]
    [C:\Program Files\UiTV\UiPlayer\UiPlay.dll]  [UiTV Corporation, 3.0.5.6]
[PID: 2712 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 3956 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 2916 / Administrator][C:\Program Files\ATI Technologies\ATI.ACE\cli.exe]  [ATI Technologies Inc., 1.11.0.0]
    [C:\WINDOWS\system32\mscoree.dll]  [Microsoft Corporation, 1.1.4322.573]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll]  [Microsoft Corporation, 1.1.4322.573]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll]  [Microsoft Corporation, 1.1.4322.573]
    [c:\windows\microsoft.net\framework\v1.1.4322\mscorlib.dll]  [Microsoft Corporation, 1.1.4322.573]
    [c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_a2251625\mscorlib.dll]  [N/A, ]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll]  [Microsoft Corporation, 1.1.4322.573]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSCORJIT.DLL]  [Microsoft Corporation, 1.1.4322.573]
    [c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll]  [Microsoft Corporation, 1.1.4322.573]
    [c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_fe22855d\system.windows.forms.dll]  [N/A, ]
    [c:\program files\ati technologies\ati.ace\cli.implementation.dll]  [ATI Technologies Inc., 1.2.2460.36578]
    [c:\program files\ati technologies\ati.ace\log.foundation.dll]  [ATI Technologies Inc., 1.2.2208.29985]
    [c:\program files\ati technologies\ati.ace\cli.foundation.dll]  [ATI Technologies Inc., 1.2.2208.29986]
    [c:\program files\ati technologies\ati.ace\log.foundation.service.dll]  [ATI Technologies Inc., 1.2.2460.36737]
    [c:\program files\ati technologies\ati.ace\log.foundation.shared.dll]  [ATI Technologies Inc., 1.2.2208.29991]
    [c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll]  [Microsoft Corporation, 1.1.4322.573]
    [c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_abd68454\system.dll]  [N/A, ]
    [c:\program files\ati technologies\ati.ace\cli.foundation.xmanifestation.dll]  [ATI Technologies Inc., 1.2.2460.36738]
    [c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll]  [Microsoft Corporation, 1.1.4322.573]
    [c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_1bb56c10\system.xml.dll]  [N/A, ]
    [c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll]  [Microsoft Corporation, 1.1.4322.573]
    [c:\program files\ati technologies\ati.ace\cli.component.wizard.dll]  [ATI Technologies Inc., 1.2.2460.36607]
    [c:\program files\ati technologies\ati.ace\cli.foundation.clients.dll]  [ATI Technologies Inc., 1.2.2208.29986]
    [c:\program files\ati technologies\ati.ace\cli.component.wizard.shared.dll]  [ATI Technologies Inc., 1.2.2208.29987]
    [c:\program files\ati technologies\ati.ace\cli.component.runtime.dll]  [ATI Technologies Inc., 1.2.2460.36741]
    [c:\program files\ati technologies\ati.ace\aticccom.dll]  [ATI Technologies Inc., 1.0.0.0]
    [c:\program files\ati technologies\ati.ace\cli.caste.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2208.29987]
    [c:\program files\ati technologies\ati.ace\aem.foundation.dll]  [ATI Technologies Inc., 1.2.2208.29985]
    [c:\program files\ati technologies\ati.ace\ace.graphics.displaysmanager.shared.dll]  [ATI Technologies Inc., 1.11.0.0]
    [c:\program files\ati technologies\ati.ace\cli.caste.graphics.wizard.dll]  [ATI Technologies Inc., 1.2.2460.36610]
    [c:\program files\ati technologies\ati.ace\cli.caste.graphics.wizard.shared.dll]  [ATI Technologies Inc., 1.2.2208.29990]
    [c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll]  [Microsoft Corporation, 1.1.4322.573]
    [c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_ec1c3a13\system.drawing.dll]  [N/A, ]
    [c:\program files\ati technologies\ati.ace\cli.aspect.devicecv.graphics.wizard.dll]  [ATI Technologies Inc., 1.2.2460.36597]
    [c:\program files\ati technologies\ati.ace\cli.aspect.devicecv2.graphics.wizard.dll]  [ATI Technologies Inc., 1.2.2460.36600]
    [c:\program files\ati technologies\ati.ace\cli.aspect.devicelcd.graphics.wizard.dll]  [ATI Technologies Inc., 1.2.2460.36592]
    [c:\program files\ati technologies\ati.ace\cli.aspect.devicelcd2.graphics.wizard.dll]  [ATI Technologies Inc., 1.2.2460.36616]
    [c:\program files\ati technologies\ati.ace\cli.aspect.devicetv.graphics.wizard.dll]  [ATI Technologies Inc., 1.2.2460.36587]
    [c:\program files\ati technologies\ati.ace\cli.aspect.devicetv2.graphics.wizard.dll]  [ATI Technologies Inc., 1.2.2460.36589]
    [c:\program files\ati technologies\ati.ace\cli.aspect.displaysmanager.graphics.wizard.dll]  [ATI Technologies Inc., 1.2.2460.36604]
    [c:\program files\ati technologies\ati.ace\cli.aspect.radeon3d.graphics.wizard.dll]  [ , 1.2.2460.36579]
    [c:\program files\ati technologies\ati.ace\cli.aspect.mmvideo.graphics.wizard.dll]  [ATI Technologies Inc., 1.2.2460.36581]
    [c:\program files\ati technologies\ati.ace\cli.aspect.transcode.local.wizard.dll]  [ATI Technologies Inc., 1.2.2460.36574]
    [c:\program files\ati technologies\ati.ace\cli.aspect.infocentre.graphics.wizard.dll]  [ATI Technologies Inc., 1.2.2460.36584]
    [c:\program files\ati technologies\ati.ace\cli.aspect.devicecv.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2341.28028]
    [c:\program files\ati technologies\ati.ace\cli.aspect.deviceproperty.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2208.29987]
    [c:\program files\ati technologies\ati.ace\cli.aspect.customformats.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2341.28007]
    [c:\program files\ati technologies\ati.ace\cli.aspect.devicecv2.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2341.28018]
    [c:\program files\ati technologies\ati.ace\cli.aspect.deviceproperty2.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2208.29986]
    [c:\program files\ati technologies\ati.ace\cli.aspect.devicelcd.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2208.29994]
    [c:\program files\ati technologies\ati.ace\cli.aspect.devicelcd2.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2208.29993]
    [c:\program files\ati technologies\ati.ace\cli.aspect.devicetv.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2307.27453]
    [c:\program files\ati technologies\ati.ace\cli.aspect.devicetv2.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2307.27448]
    [c:\program files\ati technologies\ati.ace\cli.aspect.radeon3d.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2232.28756]
    [c:\program files\ati technologies\ati.ace\cli.aspect.mmvideo.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2208.30001]
    [c:\program files\ati technologies\ati.ace\cli.aspect.transcode.local.shared.dll]  [ATI Technologies Inc., 1.2.0.0]
    [c:\program files\ati technologies\ati.ace\atixclib.dll]  [ , 1.0.0.0]
    [c:\program files\ati technologies\ati.ace\cli.aspect.infocentre.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2208.29990]
    [c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll]  [Microsoft Corporation, 1.1.4322.573]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\perfcounter.dll]  [Microsoft Corporation, 1.1.4322.573]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll]  [Microsoft Corporation, 1.1.4322.573]
[PID: 3364 / Administrator][C:\WINDOWS\system32\conime.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1824 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\browselc.dll]  [Microsoft Corporation, 6.00.2600.0000]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 8.0.0.2006102200]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\system32\shdoclc.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx]  [Adobe Systems, Inc., 9,0,124,0]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 3.6.0.1653]
[PID: 3156 / SYSTEM][C:\Program Files\Rising\Ris\CopyRun\RavCopy.exe]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.16]
    [C:\Program Files\Rising\Ris\CopyRun\RsXML.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
[PID: 1844 / SYSTEM][C:\PROGRAM FILES\RISING\RIS\Update\Setup.exe]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.47]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\PROGRAM FILES\RISING\RIS\Update\Setup.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.10]
    [C:\PROGRAM FILES\RISING\RIS\Update\RsLang.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 27]
    [C:\PROGRAM FILES\RISING\RIS\Update\ProcComm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [C:\PROGRAM FILES\RISING\RIS\Update\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\PROGRAM FILES\RISING\RIS\Update\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
[PID: 3940 / Administrator][C:\PROGRAM FILES\RISING\RIS\Update\RAVXP.EXE]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.2]
    [C:\PROGRAM FILES\RISING\RIS\Update\ProcComm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [C:\PROGRAM FILES\RISING\RIS\Update\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\PROGRAM FILES\RISING\RIS\Update\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
[PID: 3176 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 3824 / Administrator][C:\Documents and Settings\Administrator\桌面\sreng2\SREngLdr.EXE]  [Smallfrogs Studio, 2.7.0.1210]
[PID: 3988 / Administrator][C:\Documents and Settings\Administrator\桌面\sreng2\SREc021e65a.EXE]  [Smallfrogs Studio, 2.7.0.1210]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Documents and Settings\Administrator\桌面\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1       localhost

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 1256, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 572, C:\WINDOWS\SYSTEM32\BCMWLTRY.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1532, C:\WINDOWS\SYSTEM32\WLTRAY.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 1512, C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CLI.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1512, C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CLI.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 2916, C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CLI.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2916, C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CLI.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3824, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\SRENG2\SRENGLDR.EXE]

==================================
计划任务
[已启用] SogouImeMgr.job
        C:\PROGRA~1\SOGOUI~1\360~1.165\PinyinRepair.exe 

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]