[CODE] 2009-05-08,11:57:30 System Repair Engineer 2.7.0.1210 Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 3 (Build 2600) - 管理权限用户 - 完整功能以下内容被选中：所有的启动项目（包括注册表、启动文件夹、服务等）浏览器加载项正在运行的进程（包括进程模块信息）文件关联 Winsock 提供者 Autorun.inf HOSTS 文件进程特权扫描 API HOOK 隐藏进程启动项目注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] [(Verified)Microsoft Windows Component Publisher] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Component Publisher] [(Verified)Microsoft Windows Component Publisher] [(Verified)Microsoft Windows Component Publisher] <"C:\Program Files\Rising\Ris\RsTray.exe" -system> [(Verified)Beijing Rising Information Technology Corporation Limited] [(Verified)Microsoft Windows Hardware Compatibility Publisher] [] [(Verified)Microsoft Windows Hardware Compatibility Publisher] [(Verified)Microsoft Windows Hardware Compatibility Publisher] [(Verified)Microsoft Windows Hardware Compatibility Publisher] [Realtek Semiconductor Corp.] [(Verified)Microsoft Windows Hardware Compatibility Publisher] <"C:\Program Files\Rising\AntiSpyware\rstray.exe" /startup> [(Verified)Beijing Rising Information Technology Corporation Limited] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Component Publisher] [(Infected) Microsoft Corporation] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{AEB6717E-7E19-11d0-97EE-00C04FD91972}> [(Verified)Microsoft Windows Component Publisher] <{3BF06F2A-7AA8-4474-90A2-CFAFC22D43AB}> [] <{C2EE4B05-6467-40E1-8638-C8B895AE335A}> [] <{15882A2F-A06D-486E-8958-E84C86CBF273}> [] <{CD95107F-52A5-42A4-9914-18949993E798}> [] <{C1CB394D-CECE-440B-9381-838D36862DE2}> [] <{91F5C9DB-ACD1-4812-BAB9-6F5AE433930A}> [] <{1ECE2FCB-C1BB-4706-920C-F4C1076FD155}> [] <{7A93621D-BFFE-4EB1-AAE1-CD487F429840}> [] <{704C3595-DB85-40F6-A601-8D6F346907BD}> [] <{4E5CFE74-700B-4A8B-B0BF-A6B47D896C18}> [] <{FBFAD3A6-0B1E-4122-9C2B-92A4623875EC}> [] <{CCCA2FB9-2D5D-4481-8BFE-1CDDC458A3F4}> [] <{E88AE11C-26DF-4F4D-8726-C043F513990E}> [] <{08223B03-1B38-4A33-A83A-A4D3CC1D6E4E}> [] <{6B74576A-BB20-47B3-AE0A-046B062897D0}> [] <{122B901E-493F-4AD9-BC69-7DE8C3E52FCC}> [] <{71C4F360-FF1E-413E-B17A-0CA267A78E97}> [] <{E4814792-EFA3-4C20-93D0-8B130A59F9A8}> [] <{C722AD57-35DA-4460-8353-328372F32AB2}> [] <{93DA1E7D-7C46-4F90-8674-EC90511FCA72}> [] <{E0891B58-70E9-4E8B-9750-E1A75356D132}> [File is missing] <{52FEBF54-8638-4C4D-B433-70F4933526EE}> [] <{8AD6BC3C-DE8E-46BB-B34E-FDDB7DDFE624}> [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] <%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher] <%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher] <%SystemRoot%\system32\webcheck.dll> [(Verified)Microsoft Windows Component Publisher] [(Verified)Microsoft Windows Component Publisher] [File is missing] <52FEBF54> [] <8AD6BC3C> [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy] <%SystemRoot%\System32\dimsntfy.dll> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher] <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] <浏览器自定义组件> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] <%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] <%SystemRoot%\system32\ie4uinit.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe] [(Verified)Microsoft Windows Component Publisher] [HKEY_CURRENT_USER\Control Panel\Desktop] [(Verified)Microsoft Windows Component Publisher] ================================== 启动文件夹 N/A ================================== 服务 [Agere Modem Call Progress Audio / AgereModemAudio][Running/Auto Start] [NVIDIA Display Driver Service / NVSvc][Running/Auto Start] [Ris Process Communication Center / RisCCenter][Stopped/Auto Start] [Rising RisTask Manager / RisTask][Running/Auto Start] <"C:\Program Files\Rising\Ris\RavTask.exe" RisTask> [Rising RealTime Monitor / RsRavMon][Stopped/Auto Start] [Rising Scan Service / RsScanSrv][Stopped/Auto Start] ================================== 驱动程序 [Agere Systems Soft Modem / AgereSoftModem][Running/Manual Start] [Alps Pointing-device Filter Driver / ApfiltrService][Running/Manual Start] [ENE CIR Receiver / enecir][Running/Manual Start] [ENE CIR HID Receiver / enecirhid][Running/Manual Start] [ENE CIR HIDmini Filter / enecirhidma][Running/Manual Start] [Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start] [hookcont / hookcont][Running/System Start] [hooksys / hooksys][Running/System Start] [Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start] [Intel(R) Wireless WiFi Link 适配器驱动程序（适用于 Windows XP 32 位） / NETw5x32][Stopped/Manual Start] [nv / nv][Running/Manual Start] [Service for NVIDIA High Definition Audio Driver / NVHDA][Running/Manual Start] [Direct Parallel Link Driver / Ptilink][Running/Manual Start] [Rising RfwBase Driver / RfwBase9][Running/Manual Start] [rfwtdi / rfwtdi][Running/Auto Start] <\??\C:\Program Files\Rising\Ris\rfwtdi.sys> [rsfwdrv / rsfwdrv][Running/System Start] <\??\C:\Program Files\Rising\Ris\rsfwdrv.sys> [RsNTGDI / RsNTGDI][Running/Boot Start] <\SystemRoot\system32\Drivers\RsNTGdi.sys> [Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver / RTLE8023xp][Running/Manual Start] [Secdrv / Secdrv][Stopped/Manual Start] [zx / zx][Stopped/Manual Start] <\??\C:\DOCUME~1\mingming\LOCALS~1\Temp\~101371.tmp> ================================== 浏览器加载项 [] {3D10BA6D-FD37-4CBC-A5E7-95CD4B043399} [卡卡上网安全助手] {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} [] {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A> [Messenger] {FB5F1910-F110-11d2-BB9E-00C04F795683} [] {3D10BA6D-FD37-4CBC-A5E7-95CD4B043399} [卡卡上网安全助手] {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [] {E2E2DD38-D088-4134-82B7-F2BA38496583} <, > [] {FB5F1910-F110-11D2-BB9E-00C04F795683} <, > ================================== 正在运行的进程 [PID: 904 / SYSTEM][\SystemRoot\System32\smss.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [PID: 968 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [PID: 996 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\WINDOWS\system32\COMRes.dll] [N/A, ] [C:\WINDOWS\fonts\GTH72386.ttf] [N/A, ] [C:\WINDOWS\fonts\GTH73380.ttf] [N/A, ] [C:\WINDOWS\fonts\GTH78390.ttf] [N/A, ] [C:\WINDOWS\fonts\GTH80390.ttf] [N/A, ] [PID: 1040 / SYSTEM][C:\WINDOWS\system32\services.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [PID: 1056 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [PID: 1224 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\WINDOWS\system32\COMRes.dll] [N/A, ] [C:\WINDOWS\fonts\GTH72386.ttf] [N/A, ] [C:\WINDOWS\fonts\GTH73380.ttf] [N/A, ] [C:\WINDOWS\fonts\GTH78390.ttf] [N/A, ] [C:\WINDOWS\fonts\GTH80390.ttf] [N/A, ] [PID: 1300 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\WINDOWS\system32\COMRes.dll] [N/A, ] [C:\WINDOWS\fonts\GTH72386.ttf] [N/A, ] [C:\WINDOWS\fonts\GTH73380.ttf] [N/A, ] [C:\WINDOWS\fonts\GTH78390.ttf] [N/A, ] [C:\WINDOWS\fonts\GTH80390.ttf] [N/A, ] [PID: 1436 / SYSTEM][C:\Program Files\Rising\Ris\CCENTER.EXE] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2] [C:\Program Files\Rising\Ris\combase.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11] [C:\Program Files\Rising\Ris\cnt09.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 37] [C:\Program Files\Rising\Ris\cnt08.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7] [PID: 1444 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\WINDOWS\System32\COMRes.dll] [N/A, ] [C:\WINDOWS\fonts\GTH72386.ttf] [N/A, ] [C:\WINDOWS\fonts\GTH73380.ttf] [N/A, ] [C:\WINDOWS\fonts\GTH78390.ttf] [N/A, ] [C:\WINDOWS\fonts\GTH80390.ttf] [N/A, ] [PID: 1484 / SYSTEM][C:\Program Files\Rising\Ris\RavTask.exe] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 24] [C:\Program Files\Rising\Ris\proccomm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Rising\Ris\rsconf.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [C:\Program Files\Rising\Ris\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.1] [C:\Program Files\Rising\Ris\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.19] [C:\Program Files\Rising\Ris\rstask.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 36] [C:\Program Files\Rising\Ris\rsstub.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12] [PID: 1700 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [PID: 1824 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\WINDOWS\system32\COMRes.dll] [N/A, ] [C:\WINDOWS\fonts\GTH72386.ttf] [N/A, ] [C:\WINDOWS\fonts\GTH73380.ttf] [N/A, ] [C:\WINDOWS\fonts\GTH78390.ttf] [N/A, ] [C:\WINDOWS\fonts\GTH80390.ttf] [N/A, ] [PID: 1872 / SYSTEM][C:\Program Files\Rising\Ris\RavMonD.exe] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1] [C:\Program Files\Rising\Ris\combase.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Rising\Ris\moncomm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12] [C:\Program Files\Rising\Ris\MonBase.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 6] [C:\Program Files\Rising\Ris\Rslog.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.36] [C:\Program Files\Rising\Ris\mondrv.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9] [C:\Program Files\Rising\Ris\defmon.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 31] [C:\Program Files\Rising\Ris\moncom08.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1] [C:\Program Files\Rising\Ris\MonRule.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9] [C:\Program Files\Rising\Ris\FileMon.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 27] [C:\Program Files\Rising\Ris\MailMon.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 24] [C:\Program Files\Rising\Ris\HookWeb.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11] [C:\Program Files\Rising\Ris\rfwlog.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13] [C:\Program Files\Rising\Ris\rfwrule.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.25] [C:\Program Files\Rising\Ris\rfwsrv.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.84] [C:\Program Files\Rising\Ris\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [C:\Program Files\Rising\Ris\mPorts.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.0] [C:\Program Files\Rising\Ris\rfwdrvc.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.3] [C:\Program Files\Rising\Ris\Rfwdrv.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.5] [C:\Program Files\Rising\Ris\rsnetsvr.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 14] [C:\Program Files\Rising\Ris\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [C:\Program Files\Rising\Ris\urlrule.dll] [Beijing Rising Information Technology Co., Ltd., 1.0.0.18] [C:\Program Files\Rising\Ris\recomp.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2] [C:\Program Files\Rising\Ris\refs.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3] [C:\Program Files\Rising\Ris\viruslib.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3] [C:\Program Files\Rising\Ris\relibldr.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2] [C:\Program Files\Rising\Ris\rfwproxy.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.25] [C:\Program Files\Rising\Ris\proccomm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46] [C:\Program Files\Rising\Ris\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.1] [C:\Program Files\Rising\Ris\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.19] [C:\Program Files\Rising\Ris\Hooksys.dll] [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 18] [C:\Program Files\Rising\Ris\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [C:\Program Files\Rising\Ris\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [C:\Program Files\Rising\Ris\HookCont.dll] [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 12] [C:\Program Files\Rising\Ris\BACore.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 22] [C:\Program Files\Rising\Ris\RSStore.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11] [C:\Program Files\Rising\Ris\ScanAdd.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.17] [C:\Program Files\Rising\Ris\Scanner.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.38] [C:\WINDOWS\system32\COMRes.dll] [N/A, ] [C:\WINDOWS\fonts\GTH72386.ttf] [N/A, ] [C:\WINDOWS\fonts\GTH73380.ttf] [N/A, ] [C:\WINDOWS\fonts\GTH78390.ttf] [N/A, ] [C:\WINDOWS\fonts\GTH80390.ttf] [N/A, ] [C:\Program Files\Rising\Ris\ffr.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3] [C:\Program Files\Rising\Ris\nvfile.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3] [C:\Program Files\Rising\Ris\scanexec.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5] [C:\Program Files\Rising\Ris\unexe.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1] [C:\Program Files\Rising\Ris\scanex.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 36] [C:\Program Files\Rising\Ris\pearc.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [C:\Program Files\Rising\Ris\scanpe.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12] [C:\Program Files\Rising\Ris\ur000.dat] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13] [C:\Program Files\Rising\Ris\urutils.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [C:\Program Files\Rising\Ris\revm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [C:\Program Files\Rising\Ris\ur001.dat] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7] [C:\Program Files\Rising\Ris\extfile.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13] [C:\Program Files\Rising\Ris\urllib.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1] [C:\Program Files\Rising\Ris\scansct.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3] [C:\Program Files\Rising\Ris\ur025.dat] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1] [C:\Program Files\Rising\Ris\scriptci.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1] [C:\Program Files\Rising\Ris\uroutine.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [C:\Program Files\Rising\Ris\extmail.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5] [C:\Program Files\Rising\Ris\posttrt.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2] [PID: 140 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] [C:\WINDOWS\system32\COMRes.dll] [N/A, ] [C:\WINDOWS\fonts\GTH72386.ttf] [N/A, ] [C:\WINDOWS\fonts\GTH73380.ttf] [N/A, ] [C:\WINDOWS\fonts\GTH78390.ttf] [N/A, ] [C:\WINDOWS\fonts\GTH80390.ttf] [N/A, ] [PID: 340 / mingming][C:\WINDOWS\system32\userinit.exe] [(Infected) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\WINDOWS\system32\08223B03.dll] [N/A, ] [C:\WINDOWS\system32\CCCA2FB9.dll] [N/A, ] [C:\WINDOWS\system32\GrTZqH5SnRhAt.dll] [N/A, ] [C:\WINDOWS\system32\PkVyCX5kHnftC7BXjt.dll] [N/A, ] [C:\WINDOWS\system32\kT2NuqZeGma.dll] [N/A, ] [C:\WINDOWS\fonts\J99sm27AQRa.fon] [N/A, ] [C:\WINDOWS\fonts\tY5UFS434YYd.fon] [N/A, ] [C:\WINDOWS\fonts\fyrwJf5Qfhh.fon] [N/A, ] [C:\WINDOWS\fonts\CtZ8uc499k.fon] [N/A, ] [C:\WINDOWS\fonts\cC8kqzNExNc.fon] [N/A, ] [C:\DOCUME~1\mingming\LOCALS~1\Temp\gametl.dll] [N/A, ] [C:\Program Files\Internet Explorer\LookHttp.jsp] [N/A, ] [PID: 464 / mingming][C:\WINDOWS\Explorer.exe] [(Verified) Microsoft Corporation, 6.00.2900.5634 (xpsp_sp3_qfe.080703-1303)] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\WINDOWS\system32\COMRes.dll] [N/A, ] [C:\WINDOWS\fonts\cC8kqzNExNc.fon] [N/A, ] [C:\WINDOWS\fonts\CtZ8uc499k.fon] [N/A, ] [C:\WINDOWS\fonts\GTH72386.ttf] [N/A, ] [C:\WINDOWS\fonts\GTH73380.ttf] [N/A, ] [C:\WINDOWS\fonts\fyrwJf5Qfhh.fon] [N/A, ] [C:\WINDOWS\fonts\GTH78390.ttf] [N/A, ] [C:\WINDOWS\fonts\GTH80390.ttf] [N/A, ] [C:\WINDOWS\fonts\tY5UFS434YYd.fon] [N/A, ] [C:\WINDOWS\fonts\J99sm27AQRa.fon] [N/A, ] [C:\WINDOWS\fonts\MbsV2QQJe.fon] [N/A, ] [C:\WINDOWS\system32\kT2NuqZeGma.dll] [N/A, ] [C:\WINDOWS\system32\PkVyCX5kHnftC7BXjt.dll] [N/A, ] [C:\WINDOWS\system32\704C3595.dll] [N/A, ] [C:\WINDOWS\system32\GrTZqH5SnRhAt.dll] [N/A, ] [C:\WINDOWS\system32\v6yj3gxacYQU.dll] [N/A, ] [C:\WINDOWS\system32\CCCA2FB9.dll] [N/A, ] [C:\WINDOWS\system32\yp77Tt3UCG74J.dll] [N/A, ] [C:\WINDOWS\system32\08223B03.dll] [N/A, ] [C:\WINDOWS\system32\ACg9ycsarj8y.dll] [N/A, ] [C:\WINDOWS\system32\122B901E.dll] [N/A, ] [C:\WINDOWS\system32\qB5BKZy7vR5m.dll] [N/A, ] [C:\WINDOWS\system32\E4814792.dll] [N/A, ] [C:\WINDOWS\system32\ufQCU5.dll] [N/A, ] [C:\WINDOWS\system32\CDuAUVkGy9.dll] [N/A, ] [C:\WINDOWS\system32\nvcpl.dll] [NVIDIA Corporation, 6.14.11.7561] [C:\WINDOWS\system32\NVRSZHC.DLL] [NVIDIA Corporation, 6.14.11.7561] [C:\WINDOWS\system32\nvapi.dll] [NVIDIA Corporation, 6.14.11.7561] [C:\WINDOWS\system32\nvshell.dll] [, ] [C:\DOCUME~1\mingming\LOCALS~1\Temp\gametl.dll] [N/A, ] [C:\Program Files\Internet Explorer\LookHttp.jsp] [N/A, ] [C:\Program Files\rar\rarext.dll] [N/A, ] [C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12] [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5660_x-ww_e0385ec6\gdiplus.dll] [Microsoft Corporation, 5.1.3102.5660 (xpsp_sp3_qfe.080820-1303)] [C:\WINDOWS\system32\lifebflk.dll] [N/A, ] [C:\WINDOWS\system32\oadmbcjc.dll] [N/A, ] [PID: 820 / mingming][C:\WINDOWS\system32\RUNDLL32.EXE] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\WINDOWS\system32\NvMcTray.dll] [NVIDIA Corporation, 6.14.11.7561] [C:\WINDOWS\system32\nvapi.dll] [NVIDIA Corporation, 6.14.11.7561] [C:\WINDOWS\system32\COMRes.dll] [N/A, ] [C:\WINDOWS\system32\NVRSZHC.DLL] [NVIDIA Corporation, 6.14.11.7561] [C:\WINDOWS\fonts\GTH72386.ttf] [N/A, ] [C:\WINDOWS\fonts\GTH73380.ttf] [N/A, ] [C:\WINDOWS\fonts\GTH78390.ttf] [N/A, ] [C:\WINDOWS\fonts\GTH80390.ttf] [N/A, ] [C:\WINDOWS\system32\08223B03.dll] [N/A, ] [C:\WINDOWS\system32\CCCA2FB9.dll] [N/A, ] [C:\WINDOWS\system32\GrTZqH5SnRhAt.dll] [N/A, ] [C:\WINDOWS\system32\PkVyCX5kHnftC7BXjt.dll] [N/A, ] [C:\WINDOWS\system32\kT2NuqZeGma.dll] [N/A, ] [C:\WINDOWS\fonts\J99sm27AQRa.fon] [N/A, ] [C:\WINDOWS\fonts\tY5UFS434YYd.fon] [N/A, ] [C:\WINDOWS\fonts\fyrwJf5Qfhh.fon] [N/A, ] [C:\WINDOWS\fonts\CtZ8uc499k.fon] [N/A, ] [C:\WINDOWS\fonts\cC8kqzNExNc.fon] [N/A, ] [C:\DOCUME~1\mingming\LOCALS~1\Temp\gametl.dll] [N/A, ] [C:\Program Files\Internet Explorer\LookHttp.jsp] [N/A, ] [C:\WINDOWS\system32\E4814792.dll] [N/A, ] [PID: 572 / mingming][C:\WINDOWS\RTHDCPL.EXE] [Realtek Semiconductor Corp., 2.2.1.1] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\WINDOWS\system32\COMRes.dll] [N/A, ] [C:\WINDOWS\fonts\GTH72386.ttf] [N/A, ] [C:\WINDOWS\fonts\GTH73380.ttf] [N/A, ] [C:\WINDOWS\fonts\GTH78390.ttf] [N/A, ] [C:\WINDOWS\fonts\GTH80390.ttf] [N/A, ] [C:\WINDOWS\system32\08223B03.dll] [N/A, ] [C:\WINDOWS\system32\CCCA2FB9.dll] [N/A, ] [C:\WINDOWS\system32\GrTZqH5SnRhAt.dll] [N/A, ] [C:\WINDOWS\system32\PkVyCX5kHnftC7BXjt.dll] [N/A, ] [C:\WINDOWS\system32\kT2NuqZeGma.dll] [N/A, ] [C:\WINDOWS\fonts\J99sm27AQRa.fon] [N/A, ] [C:\WINDOWS\fonts\tY5UFS434YYd.fon] [N/A, ] [C:\WINDOWS\fonts\fyrwJf5Qfhh.fon] [N/A, ] [C:\WINDOWS\fonts\CtZ8uc499k.fon] [N/A, ] [C:\WINDOWS\fonts\cC8kqzNExNc.fon] [N/A, ] [C:\DOCUME~1\mingming\LOCALS~1\Temp\gametl.dll] [N/A, ] [C:\Program Files\Internet Explorer\LookHttp.jsp] [N/A, ] [PID: 1060 / mingming][C:\Program Files\Apoint2K\Apoint.exe] [Alps Electric Co., Ltd., 7.0.1.260] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\Program Files\Apoint2K\ApResCS.dll] [Alps Electric Co., Ltd., 5.5.1.24] [C:\WINDOWS\system32\VXDIF.DLL] [Alps Electric Co., Ltd., 6.0.3.19] [C:\Program Files\Apoint2K\Apoint.DLL] [Alps Electric Co., Ltd., 5.5.1.391] [C:\Program Files\Apoint2K\EzAuto.dll] [Alps Electric Co., Ltd., 5.5.1.92] [C:\WINDOWS\system32\COMRes.dll] [N/A, ] [C:\WINDOWS\fonts\cC8kqzNExNc.fon] [N/A, ] [C:\WINDOWS\fonts\CtZ8uc499k.fon] [N/A, ] [C:\WINDOWS\fonts\fyrwJf5Qfhh.fon] [N/A, ] [C:\WINDOWS\fonts\tY5UFS434YYd.fon] [N/A, ] [C:\WINDOWS\fonts\J99sm27AQRa.fon] [N/A, ] [C:\WINDOWS\fonts\MbsV2QQJe.fon] [N/A, ] [C:\WINDOWS\system32\kT2NuqZeGma.dll] [N/A, ] [C:\WINDOWS\system32\PkVyCX5kHnftC7BXjt.dll] [N/A, ] [C:\WINDOWS\system32\704C3595.dll] [N/A, ] [C:\WINDOWS\system32\GrTZqH5SnRhAt.dll] [N/A, ] [C:\WINDOWS\system32\v6yj3gxacYQU.dll] [N/A, ] [C:\WINDOWS\system32\CCCA2FB9.dll] [N/A, ] [C:\WINDOWS\system32\yp77Tt3UCG74J.dll] [N/A, ] [C:\WINDOWS\system32\08223B03.dll] [N/A, ] [C:\WINDOWS\system32\ACg9ycsarj8y.dll] [N/A, ] [C:\WINDOWS\system32\122B901E.dll] [N/A, ] [C:\WINDOWS\system32\qB5BKZy7vR5m.dll] [N/A, ] [C:\WINDOWS\system32\E4814792.dll] [N/A, ] [C:\WINDOWS\system32\ufQCU5.dll] [N/A, ] [C:\WINDOWS\system32\CDuAUVkGy9.dll] [N/A, ] [C:\WINDOWS\fonts\GTH72386.ttf] [N/A, ] [C:\WINDOWS\fonts\GTH73380.ttf] [N/A, ] [C:\WINDOWS\fonts\GTH78390.ttf] [N/A, ] [C:\WINDOWS\fonts\GTH80390.ttf] [N/A, ] [C:\Program Files\Apoint2K\EzLaunch.DLL] [Alps Electric Co., Ltd., 5.5.1.89] [C:\DOCUME~1\mingming\LOCALS~1\Temp\gametl.dll] [N/A, ] [C:\Program Files\Internet Explorer\LookHttp.jsp] [N/A, ] [PID: 1384 / mingming][C:\Program Files\Apoint2K\ApMsgFwd.exe] [Alps Electric Co., Ltd., 7, 0, 0, 18] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\WINDOWS\system32\COMRes.dll] [N/A, ] [C:\WINDOWS\system32\08223B03.dll] [N/A, ] [C:\WINDOWS\system32\CCCA2FB9.dll] [N/A, ] [C:\WINDOWS\system32\GrTZqH5SnRhAt.dll] [N/A, ] [C:\WINDOWS\system32\PkVyCX5kHnftC7BXjt.dll] [N/A, ] [C:\WINDOWS\system32\kT2NuqZeGma.dll] [N/A, ] [C:\WINDOWS\fonts\J99sm27AQRa.fon] [N/A, ] [C:\WINDOWS\fonts\tY5UFS434YYd.fon] [N/A, ] [C:\WINDOWS\fonts\fyrwJf5Qfhh.fon] [N/A, ] [C:\WINDOWS\fonts\CtZ8uc499k.fon] [N/A, ] [C:\WINDOWS\fonts\cC8kqzNExNc.fon] [N/A, ] [C:\WINDOWS\fonts\GTH72386.ttf] [N/A, ] [C:\WINDOWS\fonts\GTH73380.ttf] [N/A, ] [C:\WINDOWS\fonts\GTH78390.ttf] [N/A, ] [C:\WINDOWS\fonts\GTH80390.ttf] [N/A, ] [C:\DOCUME~1\mingming\LOCALS~1\Temp\gametl.dll] [N/A, ] [C:\Program Files\Internet Explorer\LookHttp.jsp] [N/A, ] [C:\WINDOWS\system32\ufQCU5.dll] [N/A, ] [PID: 1472 / mingming][C:\Program Files\Apoint2K\Apntex.exe] [Alps Electric Co., Ltd., 7.0.1.27] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\WINDOWS\system32\VXDIF.DLL] [Alps Electric Co., Ltd., 6.0.3.19] [C:\Program Files\Apoint2K\Apoint.DLL] [Alps Electric Co., Ltd., 5.5.1.391] [C:\WINDOWS\system32\COMRes.dll] [N/A, ] [C:\WINDOWS\fonts\GTH72386.ttf] [N/A, ] [C:\WINDOWS\fonts\GTH73380.ttf] [N/A, ] [C:\WINDOWS\fonts\GTH78390.ttf] [N/A, ] [C:\WINDOWS\fonts\GTH80390.ttf] [N/A, ] [C:\WINDOWS\system32\08223B03.dll] [N/A, ] [C:\WINDOWS\system32\CCCA2FB9.dll] [N/A, ] [C:\WINDOWS\system32\GrTZqH5SnRhAt.dll] [N/A, ] [C:\WINDOWS\system32\PkVyCX5kHnftC7BXjt.dll] [N/A, ] [C:\WINDOWS\system32\kT2NuqZeGma.dll] [N/A, ] [C:\WINDOWS\fonts\J99sm27AQRa.fon] [N/A, ] [C:\WINDOWS\fonts\tY5UFS434YYd.fon] [N/A, ] [C:\WINDOWS\fonts\fyrwJf5Qfhh.fon] [N/A, ] [C:\WINDOWS\fonts\CtZ8uc499k.fon] [N/A, ] [C:\WINDOWS\fonts\cC8kqzNExNc.fon] [N/A, ] [C:\DOCUME~1\mingming\LOCALS~1\Temp\gametl.dll] [N/A, ] [C:\Program Files\Internet Explorer\LookHttp.jsp] [N/A, ] [C:\WINDOWS\system32\E4814792.dll] [N/A, ] [PID: 1532 / mingming][C:\WINDOWS\system32\ctfmon.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\WINDOWS\system32\COMRes.dll] [N/A, ] [C:\WINDOWS\system32\08223B03.dll] [N/A, ] [C:\WINDOWS\system32\CCCA2FB9.dll] [N/A, ] [C:\WINDOWS\system32\GrTZqH5SnRhAt.dll] [N/A, ] [C:\WINDOWS\system32\PkVyCX5kHnftC7BXjt.dll] [N/A, ] [C:\WINDOWS\system32\kT2NuqZeGma.dll] [N/A, ] [C:\WINDOWS\fonts\J99sm27AQRa.fon] [N/A, ] [C:\WINDOWS\fonts\tY5UFS434YYd.fon] [N/A, ] [C:\WINDOWS\fonts\fyrwJf5Qfhh.fon] [N/A, ] [C:\WINDOWS\fonts\CtZ8uc499k.fon] [N/A, ] [C:\WINDOWS\fonts\cC8kqzNExNc.fon] [N/A, ] [C:\WINDOWS\fonts\GTH72386.ttf] [N/A, ] [C:\WINDOWS\fonts\GTH73380.ttf] [N/A, ] [C:\WINDOWS\fonts\GTH78390.ttf] [N/A, ] [C:\WINDOWS\fonts\GTH80390.ttf] [N/A, ] [C:\DOCUME~1\mingming\LOCALS~1\Temp\gametl.dll] [N/A, ] [C:\Program Files\Internet Explorer\LookHttp.jsp] [N/A, ] [PID: 1564 / mingming][C:\WINDOWS\system32\conime.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\WINDOWS\system32\COMRes.dll] [N/A, ] [C:\WINDOWS\fonts\GTH72386.ttf] [N/A, ] [C:\WINDOWS\fonts\GTH73380.ttf] [N/A, ] [C:\WINDOWS\fonts\GTH78390.ttf] [N/A, ] [C:\WINDOWS\fonts\GTH80390.ttf] [N/A, ] [C:\WINDOWS\system32\08223B03.dll] [N/A, ] [C:\WINDOWS\system32\CCCA2FB9.dll] [N/A, ] [C:\WINDOWS\system32\GrTZqH5SnRhAt.dll] [N/A, ] [C:\WINDOWS\system32\PkVyCX5kHnftC7BXjt.dll] [N/A, ] [C:\WINDOWS\system32\kT2NuqZeGma.dll] [N/A, ] [C:\WINDOWS\fonts\J99sm27AQRa.fon] [N/A, ] [C:\WINDOWS\fonts\tY5UFS434YYd.fon] [N/A, ] [C:\WINDOWS\fonts\fyrwJf5Qfhh.fon] [N/A, ] [C:\WINDOWS\fonts\CtZ8uc499k.fon] [N/A, ] [C:\WINDOWS\fonts\cC8kqzNExNc.fon] [N/A, ] [C:\DOCUME~1\mingming\LOCALS~1\Temp\gametl.dll] [N/A, ] [C:\Program Files\Internet Explorer\LookHttp.jsp] [N/A, ] [C:\WINDOWS\system32\E4814792.dll] [N/A, ] [PID: 1944 / mingming][C:\DOCUME~1\mingming\LOCALS~1\Temp\RtkBtMnt.exe] [Realtek Semiconductor Corp., 1.0.0.10] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\WINDOWS\system32\COMRes.dll] [N/A, ] [C:\WINDOWS\fonts\GTH72386.ttf] [N/A, ] [C:\WINDOWS\fonts\GTH73380.ttf] [N/A, ] [C:\WINDOWS\fonts\GTH78390.ttf] [N/A, ] [C:\WINDOWS\fonts\GTH80390.ttf] [N/A, ] [PID: 620 / SYSTEM][C:\WINDOWS\system32\agrsmsvc.exe] [Agere Systems, 1.0.0.8] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [PID: 1128 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe] [NVIDIA Corporation, 6.14.11.7561] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [C:\WINDOWS\system32\nvapi.dll] [NVIDIA Corporation, 6.14.11.7561] [PID: 1756 / SYSTEM][C:\Program Files\Rising\Ris\ScanFrm.exe] [Beijing Rising Information Technology Co., Ltd., 21.0.0.11] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Rising\Ris\combase.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11] [C:\Program Files\Rising\Ris\moncomm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12] [C:\Program Files\Rising\Ris\scansrvp.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.12] [C:\Program Files\Rising\Ris\proccomm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46] [C:\Program Files\Rising\Ris\ScanSrv.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.10] [C:\Program Files\Rising\Ris\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [C:\Program Files\Rising\Ris\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [C:\Program Files\Rising\Ris\ScanRavT.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.25] [C:\Program Files\Rising\Ris\ScanBT.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.46] [C:\Program Files\Rising\Ris\ScanStub.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.9] [C:\Program Files\Rising\Ris\RsLog.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.36] [C:\Program Files\Rising\Ris\ScanAdd.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.17] [C:\Program Files\Rising\Ris\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.1] [C:\Program Files\Rising\Ris\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.19] [C:\Program Files\Rising\Ris\Scanner.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.38] [C:\Program Files\Rising\Ris\recomp.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2] [C:\Program Files\Rising\Ris\refs.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3] [C:\Program Files\Rising\Ris\viruslib.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3] [C:\Program Files\Rising\Ris\relibldr.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2] [C:\Program Files\Rising\Ris\mvengine.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3] [C:\Program Files\Rising\Ris\posttrt.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2] [C:\Program Files\Rising\Ris\ffr.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3] [C:\Program Files\Rising\Ris\nvfile.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3] [C:\WINDOWS\system32\COMRes.dll] [N/A, ] [C:\WINDOWS\fonts\GTH72386.ttf] [N/A, ] [C:\WINDOWS\fonts\GTH73380.ttf] [N/A, ] [C:\WINDOWS\fonts\GTH78390.ttf] [N/A, ] [C:\WINDOWS\fonts\GTH80390.ttf] [N/A, ] [C:\Program Files\Rising\Ris\scanexec.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5] [C:\Program Files\Rising\Ris\unexe.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1] [C:\Program Files\Rising\Ris\scanex.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 36] [C:\Program Files\Rising\Ris\pearc.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [C:\Program Files\Rising\Ris\scanpe.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12] [C:\Program Files\Rising\Ris\ur000.dat] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13] [C:\Program Files\Rising\Ris\urutils.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [C:\Program Files\Rising\Ris\revm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [C:\Program Files\Rising\Ris\ur001.dat] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7] [C:\Program Files\Rising\Ris\extfile.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13] [C:\Program Files\Rising\Ris\extole.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1] [C:\Program Files\Rising\Ris\scansct.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3] [C:\Program Files\Rising\Ris\scanmac.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [C:\Program Files\Rising\Ris\ur023.dat] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 6] [C:\Program Files\Rising\Ris\extmail.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5] [C:\Program Files\Rising\Ris\rsstore.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11] [C:\Program Files\Rising\Ris\ur004.dat] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1] [C:\Program Files\Rising\Ris\scriptci.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1] [C:\Program Files\Rising\Ris\uroutine.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [C:\Program Files\Rising\Ris\ur027.dat] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5] [C:\Program Files\Rising\Ris\ur011.dat] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [C:\Program Files\Rising\Ris\ur025.dat] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1] [PID: 1772 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\WINDOWS\system32\COMRes.dll] [N/A, ] [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5660_x-ww_e0385ec6\gdiplus.dll] [Microsoft Corporation, 5.1.3102.5660 (xpsp_sp3_qfe.080820-1303)] [C:\WINDOWS\fonts\GTH72386.ttf] [N/A, ] [C:\WINDOWS\fonts\GTH73380.ttf] [N/A, ] [C:\WINDOWS\fonts\GTH78390.ttf] [N/A, ] [C:\WINDOWS\fonts\GTH80390.ttf] [N/A, ] [PID: 2908 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] [C:\WINDOWS\System32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [C:\WINDOWS\System32\COMRes.dll] [N/A, ] [C:\WINDOWS\fonts\GTH72386.ttf] [N/A, ] [C:\WINDOWS\fonts\GTH73380.ttf] [N/A, ] [C:\WINDOWS\fonts\GTH78390.ttf] [N/A, ] [C:\WINDOWS\fonts\GTH80390.ttf] [N/A, ] [PID: 1604 / mingming][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [C:\WINDOWS\system32\COMRes.dll] [N/A, ] [C:\Program Files\Internet Explorer\LookHttp.jsp] [N/A, ] [C:\WINDOWS\system32\UrlFilter.dll] [Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 15] [C:\Program Files\Rising\AntiSpyware\UrlRule.dll] [Beijing Rising Information Technology Co., Ltd., 1.0.0.15] [C:\DOCUME~1\mingming\LOCALS~1\Temp\gametl.dll] [N/A, ] [C:\WINDOWS\system32\08223B03.dll] [N/A, ] [C:\WINDOWS\system32\CCCA2FB9.dll] [N/A, ] [C:\WINDOWS\system32\GrTZqH5SnRhAt.dll] [N/A, ] [C:\WINDOWS\system32\PkVyCX5kHnftC7BXjt.dll] [N/A, ] [C:\WINDOWS\system32\kT2NuqZeGma.dll] [N/A, ] [C:\WINDOWS\fonts\J99sm27AQRa.fon] [N/A, ] [C:\WINDOWS\fonts\tY5UFS434YYd.fon] [N/A, ] [C:\WINDOWS\fonts\fyrwJf5Qfhh.fon] [N/A, ] [C:\WINDOWS\fonts\CtZ8uc499k.fon] [N/A, ] [C:\WINDOWS\fonts\cC8kqzNExNc.fon] [N/A, ] [C:\Program Files\Rising\Ris\RavScrCh.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.70] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\fonts\GTH72386.ttf] [N/A, ] [C:\WINDOWS\fonts\GTH73380.ttf] [N/A, ] [C:\WINDOWS\fonts\GTH78390.ttf] [N/A, ] [C:\WINDOWS\fonts\GTH80390.ttf] [N/A, ] [C:\WINDOWS\system32\ACg9ycsarj8y.dll] [N/A, ] [C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx] [Adobe Systems, Inc., 10,0,12,36] [C:\WINDOWS\fonts\MbsV2QQJe.fon] [N/A, ] [C:\WINDOWS\system32\704C3595.dll] [N/A, ] [C:\WINDOWS\system32\v6yj3gxacYQU.dll] [N/A, ] [C:\WINDOWS\system32\yp77Tt3UCG74J.dll] [N/A, ] [C:\WINDOWS\system32\122B901E.dll] [N/A, ] [C:\WINDOWS\system32\qB5BKZy7vR5m.dll] [N/A, ] [C:\WINDOWS\system32\E4814792.dll] [N/A, ] [C:\WINDOWS\system32\ufQCU5.dll] [N/A, ] [C:\WINDOWS\system32\CDuAUVkGy9.dll] [N/A, ] [C:\WINDOWS\system32\lifebflk.dll] [N/A, ] [C:\WINDOWS\system32\oadmbcjc.dll] [N/A, ] [PID: 1652 / mingming][C:\DOCUME~1\mingming\LOCALS~1\Temp\32148] [N/A, ] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [PID: 448 / mingming][C:\DOCUME~1\mingming\LOCALS~1\Temp\31169] [N/A, ] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [C:\Program Files\Internet Explorer\LookHttp.jsp] [N/A, ] [C:\DOCUME~1\mingming\LOCALS~1\Temp\gametl.dll] [N/A, ] [C:\WINDOWS\system32\08223B03.dll] [N/A, ] [C:\WINDOWS\system32\CCCA2FB9.dll] [N/A, ] [C:\WINDOWS\system32\GrTZqH5SnRhAt.dll] [N/A, ] [C:\WINDOWS\system32\PkVyCX5kHnftC7BXjt.dll] [N/A, ] [C:\WINDOWS\system32\kT2NuqZeGma.dll] [N/A, ] [C:\WINDOWS\fonts\J99sm27AQRa.fon] [N/A, ] [C:\WINDOWS\fonts\tY5UFS434YYd.fon] [N/A, ] [C:\WINDOWS\fonts\fyrwJf5Qfhh.fon] [N/A, ] [C:\WINDOWS\fonts\CtZ8uc499k.fon] [N/A, ] [C:\WINDOWS\fonts\cC8kqzNExNc.fon] [N/A, ] [C:\WINDOWS\system32\COMRes.dll] [N/A, ] [C:\WINDOWS\fonts\MbsV2QQJe.fon] [N/A, ] [C:\WINDOWS\system32\704C3595.dll] [N/A, ] [C:\WINDOWS\fonts\GTH72386.ttf] [N/A, ] [C:\WINDOWS\fonts\GTH73380.ttf] [N/A, ] [C:\WINDOWS\fonts\GTH78390.ttf] [N/A, ] [C:\WINDOWS\fonts\GTH80390.ttf] [N/A, ] [C:\WINDOWS\system32\v6yj3gxacYQU.dll] [N/A, ] [C:\WINDOWS\system32\yp77Tt3UCG74J.dll] [N/A, ] [C:\WINDOWS\system32\ACg9ycsarj8y.dll] [N/A, ] [C:\WINDOWS\system32\122B901E.dll] [N/A, ] [C:\WINDOWS\system32\qB5BKZy7vR5m.dll] [N/A, ] [C:\WINDOWS\system32\E4814792.dll] [N/A, ] [C:\WINDOWS\system32\ufQCU5.dll] [N/A, ] [C:\WINDOWS\system32\CDuAUVkGy9.dll] [N/A, ] [PID: 2712 / mingming][C:\DOCUME~1\mingming\LOCALS~1\Temp\~225fc3.tmp] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\Program Files\Internet Explorer\LookHttp.jsp] [N/A, ] [C:\DOCUME~1\mingming\LOCALS~1\Temp\gametl.dll] [N/A, ] [C:\WINDOWS\system32\08223B03.dll] [N/A, ] [C:\WINDOWS\system32\CCCA2FB9.dll] [N/A, ] [C:\WINDOWS\system32\GrTZqH5SnRhAt.dll] [N/A, ] [C:\WINDOWS\system32\PkVyCX5kHnftC7BXjt.dll] [N/A, ] [C:\WINDOWS\system32\kT2NuqZeGma.dll] [N/A, ] [C:\WINDOWS\fonts\J99sm27AQRa.fon] [N/A, ] [C:\WINDOWS\fonts\tY5UFS434YYd.fon] [N/A, ] [C:\WINDOWS\fonts\fyrwJf5Qfhh.fon] [N/A, ] [C:\WINDOWS\fonts\CtZ8uc499k.fon] [N/A, ] [C:\WINDOWS\fonts\cC8kqzNExNc.fon] [N/A, ] [C:\WINDOWS\system32\COMRes.dll] [N/A, ] [C:\WINDOWS\fonts\GTH72386.ttf] [N/A, ] [C:\WINDOWS\fonts\GTH73380.ttf] [N/A, ] [C:\WINDOWS\fonts\GTH78390.ttf] [N/A, ] [C:\WINDOWS\fonts\GTH80390.ttf] [N/A, ] [PID: 2312 / mingming][C:\DOCUME~1\mingming\LOCALS~1\Temp\Rar$EX53.907\SREngLdr.EXE] [Smallfrogs Studio, 2.7.0.1210] [PID: 3412 / mingming][C:\DOCUME~1\mingming\LOCALS~1\Temp\Rar$EX53.907\SRE7fa4de7a.EXE] [Smallfrogs Studio, 2.7.0.1210] [C:\Program Files\Internet Explorer\LookHttp.jsp] [N/A, ] [C:\WINDOWS\system32\COMRes.dll] [N/A, ] [C:\DOCUME~1\mingming\LOCALS~1\Temp\gametl.dll] [N/A, ] [C:\WINDOWS\system32\08223B03.dll] [N/A, ] [C:\WINDOWS\fonts\GTH72386.ttf] [N/A, ] [C:\WINDOWS\system32\CCCA2FB9.dll] [N/A, ] [C:\WINDOWS\system32\GrTZqH5SnRhAt.dll] [N/A, ] [C:\WINDOWS\system32\PkVyCX5kHnftC7BXjt.dll] [N/A, ] [C:\WINDOWS\system32\kT2NuqZeGma.dll] [N/A, ] [C:\WINDOWS\fonts\J99sm27AQRa.fon] [N/A, ] [C:\WINDOWS\fonts\tY5UFS434YYd.fon] [N/A, ] [C:\WINDOWS\fonts\fyrwJf5Qfhh.fon] [N/A, ] [C:\WINDOWS\fonts\CtZ8uc499k.fon] [N/A, ] [C:\WINDOWS\fonts\GTH73380.ttf] [N/A, ] [C:\WINDOWS\fonts\cC8kqzNExNc.fon] [N/A, ] [C:\WINDOWS\fonts\GTH78390.ttf] [N/A, ] [C:\WINDOWS\fonts\GTH80390.ttf] [N/A, ] [C:\DOCUME~1\mingming\LOCALS~1\Temp\Rar$EX53.907\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15] [C:\WINDOWS\system32\oadmbcjc.dll] [N/A, ] [C:\WINDOWS\system32\lifebflk.dll] [N/A, ] [C:\WINDOWS\system32\ACg9ycsarj8y.dll] [N/A, ] [C:\Program Files\Rising\Ris\RavScrCh.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.70] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] ================================== 文件关联 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 N/A ================================== Autorun.inf [F:\] [AutoRun] open=MSDOS.bat shell\open=打开(&O) shell\open\Command=MSDOS.bat shell\open\Default=1 shell\explore=资源管理器(&X) shell\explore\Command=MSDOS.bat ================================== HOSTS 文件 127.0.0.1 v.onondown.com.cn 127.0.0.2 ymsdasdw1.cn 127.0.0.3 h96b.info 127.0.0.0 fuck.zttwp.cn 127.0.0.0 www.hackerbf.cn 127.0.0.0 zzz.2008wyt.net 127.1.1.1 999.2005wyt.com 127.1.1.1 219.152.120.240 127.0.0.0 ww.popdm.cn 127.1.1.1 bbt.etimes888.com 127.1.1.1 219.147.13.53 127.1.1.1 a1.xxoozjz.com:56868 127.1.1.1 a1.xxoozjz.com 127.1.1.1 ddown.xxoozjz.com:56868 127.1.1.1 ddown.xxoozjz.com 127.1.1.1 dnl-13.geo.kaspersky.com 127.1.1.1 dl.360safe.com 127.1.1.1 www.sunlight.org.cn 127.1.1.1 w.wonthe.cn 127.1.1.1 20068080.cn 127.1.1.1 l.neter888.cn 127.1.1.1 stat.untang.com 127.1.1.1 www.ikdy.cn 127.0.0.0 geekbyfeng.cn 127.0.0.0 121.14.101.68 127.0.0.0 ppp.etimes888.com 127.0.0.0 www.bypk.com 127.0.0.0 CSC3-2004-crl.verisign.com 127.0.0.1 va9sdhun23.cn 127.0.0.0 udp.hjob123.com 127.1.1.1 999.hfdy2828.com 127.1.1.1 www.hfdy2929.com 127.1.1.1 www.xiazaide1.cn 127.1.1.1 www.vuf51579.cn 127.1.1.1 wm.eo2q.cn 127.1.1.1 d.www-263.com 127.1.1.1 www.ssy1688.cn 127.1.1.1 121.12.173.218 127.1.1.1 qq.18i16.net 127.1.1.1 a.baidu-6661.com 127.1.1.1 www.vuf51579.cn 127.1.1.1 www.1079223105.cn 127.1.1.1 home.xzx6.cn 127.1.1.1 top.fgc3.cn 127.1.1.1 165.246.44.228 127.1.1.1 wwww.ttfafa.com 127.1.1.1 pa.tt-09.com 127.0.0.2 bnasnd83nd.cn 127.0.0.0 www.gamehacker.com.cn 127.0.0.0 gamehacker.com.cn 127.1.1.1 www.cctv-100008.cn 127.1.1.1 222.73.208.141 127.0.0.3 adlaji.cn 127.1.1.1 aiyyw.com 127.0.0.1 858656.com 127.1.1.1 bnasnd83nd.cn 127.0.0.1 my123.com 127.0.0.0 user1.12-27.net 127.0.0.1 8749.com 127.0.0.0 fengent.cn 127.0.0.1 4199.com 127.0.0.1 user1.16-22.net 127.0.0.1 7379.com 127.0.0.1 2be37c5f.3f6e2cc5f0b.com 127.0.0.1 7255.com 127.0.0.1 user1.23-12.net 127.0.0.1 3448.com 127.0.0.1 www.guccia.net 127.0.0.1 7939.com 127.0.0.1 a.o1o1o1.nEt 127.0.0.1 8009.com 127.0.0.1 user1.12-73.cn 127.0.0.1 piaoxue.com 127.0.0.1 3n8nlasd.cn 127.0.0.1 kzdh.com 127.0.0.0 www.sony888.cn 127.0.0.1 about.blank.la 127.0.0.0 user1.asp-33.cn 127.0.0.1 6781.com 127.0.0.0 www.netkwek.cn 127.0.0.1 7322.com 127.0.0.0 ymsdkad6.cn 127.0.0.1 localhost 127.0.0.0 www.lkwueir.cn 127.0.0.1 06.jacai.com 127.0.1.1 user1.23-17.net 127.0.0.1 1.jopenkk.com 127.0.0.0 upa.luzhiai.net 127.0.0.1 1.jopenqc.com 127.0.0.0 www.guccia.net 127.0.0.1 1.joppnqq.com 127.0.0.0 4m9mnlmi.cn 127.0.0.1 1.xqhgm.com 127.0.0.0 mm119mkssd.cn 127.0.0.1 100.332233.com 127.0.0.0 61.128.171.115:8080 127.0.0.1 121.11.90.79 127.0.0.0 www.1119111.com 127.0.0.1 121565.net 127.0.0.0 win.nihao69.cn 127.0.0.1 125.90.88.38 127.0.0.1 16888.6to23.com 127.0.0.1 2.joppnqq.com 127.0.0.0 puc.lianxiac.net 127.0.0.1 204.177.92.68 127.0.0.0 pud.lianxiac.net 127.0.0.1 210.74.145.236 127.0.0.0 210.76.0.133 127.0.0.1 219.129.239.220 127.0.0.0 61.166.32.2 127.0.0.1 219.153.40.221 127.0.0.0 218.92.186.27 127.0.0.1 219.153.46.27 127.0.0.0 www.fsfsfag.cn 127.0.0.1 219.153.52.123 127.0.0.0 ovo.ovovov.cn 127.0.0.1 221.195.42.71 127.0.0.0 dw.com.com 127.0.0.1 222.73.218.115 127.0.0.1 203.110.168.233:80 127.0.0.1 3.joppnqq.com 127.0.0.1 203.110.168.221:80 127.0.0.1 363xx.com 127.0.0.1 www1.ip10086.com.cm 127.0.0.1 4199.com 127.0.0.1 blog.ip10086.com.cn 127.0.0.1 43242.com 127.0.0.1 www.ccji68.cn 127.0.0.1 5.xqhgm.com 127.0.0.0 t.myblank.cn 127.0.0.1 520.mm5208.com 127.0.0.0 x.myblank.cn 127.0.0.1 59.34.131.54 127.0.0.1 210.51.45.5 127.0.0.1 59.34.198.228 127.0.0.1 www.ew1q.cn 127.0.0.1 59.34.198.88 127.0.0.1 59.34.198.97 127.0.0.1 60.190.114.101 127.0.0.1 60.190.218.34 127.0.0.0 qq-xing.com.cn 127.0.0.1 60.191.124.252 127.0.0.1 61.145.117.212 127.0.0.1 61.157.109.222 127.0.0.1 75.126.3.216 127.0.0.1 220.250.64.21 127.0.0.1 75.126.3.217 127.0.0.1 75.126.3.218 127.0.0.0 59.125.231.177:17777 127.0.0.1 75.126.3.220 127.0.0.1 75.126.3.221 127.0.0.1 75.126.3.222 127.0.0.1 772630.com 127.0.0.1 832823.cn 127.0.0.1 8749.com 127.0.0.1 888.jopenqc.com 127.0.0.1 89382.cn 127.0.0.1 8v8.biz 127.0.0.1 97725.com 127.0.0.1 9gg.biz 127.0.0.1 www.9000music.com 127.0.0.1 test.591jx.com 127.0.0.1 a.topxxxx.cn 127.0.0.1 picon.chinaren.com 127.0.0.1 www.5566.net 127.0.0.1 p.qqkx.com 127.0.0.1 news.netandtv.com 127.0.0.1 z.neter888.cn 127.0.0.1 b.myblank.cn 127.0.0.1 wvw.wokutu.com 127.0.0.1 unionch.qyule.com 127.0.0.1 www.qyule.com 127.0.0.1 it.itjc.cn 127.0.0.1 www.linkwww.com 127.0.0.1 vod.kaicn.com 127.0.0.1 www.tx8688.com 127.0.0.1 b.neter888.cn 127.0.0.1 promote.huanqiu.com 127.0.0.1 www.huanqiu.com 127.0.0.1 www.haokanla.com 127.0.0.1 play.unionsky.cn 127.0.0.1 www.52v.com 127.0.0.1 www.gghka.cn 127.0.0.1 icon.ajiang.net 127.0.0.1 new.ete.cn 127.0.0.1 www.stiae.cn 127.0.0.1 o.neter888.cn 127.0.0.1 comm.jinti.com 127.0.0.1 www.google-analytics.com 127.0.0.1 hz.mmstat.com 127.0.0.1 www.game175.cn 127.0.0.1 x.neter888.cn 127.0.0.1 z.neter888.cn 127.0.0.1 p.etimes888.com 127.0.0.1 hx.etimes888.com 127.0.0.1 abc.qqkx.com 127.0.0.1 dm.popdm.cn 127.0.0.1 www.yl9999.com 127.0.0.1 www.dajiadoushe.cn 127.0.0.1 v.onondown.com.cn 127.0.0.1 www.interoo.net 127.0.0.1 bally1.bally-bally.net 127.0.0.1 www.bao5605509.cn 127.0.0.1 www.rty456.cn 127.0.0.1 www.werqwer.cn 127.0.0.1 1.360-1.cn 127.0.0.1 user1.23-16.net 127.0.0.1 www.guccia.net 127.0.0.1 www.interoo.net 127.0.0.1 upa.netsool.net 127.0.0.1 js.users.51.la 127.0.0.1 qq.gong2008.com 127.0.0.1 2008tl.copyip.com 127.0.0.1 tla.laozihuolaile.cn 127.0.0.1 www.tx6868.cn 127.0.0.1 p001.tiloaiai.com 127.0.0.1 s1.tl8tl.com 127.0.0.1 s1.gong2008.com 127.0.0.1 4b3ce56f9g.3f6e2cc5f0b.com 127.0.0.1 2be37c5f.3f6e2cc5f0b.com 222.189.238.6 biz5c.sandai.net 222.189.238.6 recommend.xunlei.com 222.189.238.6 news.51uc.com 222.189.238.6 chat.sina.com.cn 222.189.238.6 hallcenter.ourgame.com ================================== 进程特权扫描特殊特权被允许： SeDebugPrivilege [PID = 1944, C:\DOCUME~1\MINGMING\LOCALS~1\TEMP\RTKBTMNT.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 1944, C:\DOCUME~1\MINGMING\LOCALS~1\TEMP\RTKBTMNT.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 3004, C:\PROGRAM FILES\RAR\WINRAR.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 3004, C:\PROGRAM FILES\RAR\WINRAR.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 448, C:\DOCUME~1\MINGMING\LOCALS~1\TEMP\31169] 特殊特权被允许： SeLoadDriverPrivilege [PID = 448, C:\DOCUME~1\MINGMING\LOCALS~1\TEMP\31169] 特殊特权被允许： SeLoadDriverPrivilege [PID = 2712, C:\DOCUME~1\MINGMING\LOCALS~1\TEMP\~225FC3.TMP] 特殊特权被允许： SeDebugPrivilege [PID = 2312, C:\DOCUME~1\MINGMING\LOCALS~1\TEMP\RAR$EX53.907\SRENGLDR.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 2312, C:\DOCUME~1\MINGMING\LOCALS~1\TEMP\RAR$EX53.907\SRENGLDR.EXE] ================================== 计划任务 N/A ================================== API HOOK N/A ================================== 隐藏进程 N/A ================================== [/CODE]