[CODE] 2009-06-17,09:15:17 System Repair Engineer 2.7.1.1261 Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能 以下内容被选中: 所有的启动项目(包括注册表、启动文件夹、服务等) 浏览器加载项 正在运行的进程(包括进程模块信息) 文件关联 Winsock 提供者 Autorun.inf HOSTS 文件 进程特权扫描 计划任务 API HOOK 隐藏进程 启动项目 注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] [(Verified)Microsoft Windows Publisher] [] [Microsoft Corporation] [(Verified)"Alibaba Software(Shanghai)Co,. Ltd"] [File is missing] <"E:\Program Files\Microsoft ActiveSync\wcescomm.exe"> [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <360Safebox><"C:\Program Files\360Safebox\SafeBoxTray.exe" /r> [(Verified)Qizhi Software (beijing) Co. Ltd] <"D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"> [(Verified)"Adobe Systems, Incorporated"] <"C:\Program Files\GridService\peer.exe" -n Grid> [FS2YOU] <"d:\Program Files\Rising\Ris\RsTray.exe" -system> [(Verified)Beijing Rising Information Technology Corporation Limited] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Component Publisher] [(Verified)Microsoft Windows Publisher] [ORIONNET] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{32CD708B-60A7-4C00-9377-D73EAA495F0F}> [(Verified)Beijing Rising Information Technology Corporation Limited] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] <%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher] <%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher] <%SystemRoot%\system32\webcheck.dll> [(Verified)Microsoft Windows Publisher] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher] <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] <%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] <%SystemRoot%\system32\ie4uinit.exe> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] [Microsoft Corporation] ================================== 启动文件夹 [腾讯QQ] E:\PROGRA~1\Tencent\QQ\QQ.exe [TENCENT]> ================================== 服务 [Contrl Center of Storm Media / ccosm][Running/Auto Start] <北京暴风网际科技有限公司> [Std frbe Service / frbe][Stopped/Auto Start] [Human Interface Device Access / HidServ][Stopped/Disabled] %SystemRoot%\System32\hidserv.dll> [InstallDriver Table Manager / IDriverT][Stopped/Manual Start] <"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"> [NMIndexingService / NMIndexingService][Stopped/Disabled] <><(File is missing)> [OracleMTSRecoveryService / OracleMTSRecoveryService][Running/Auto Start] [OracleOraHome92ClientCache / OracleOraHome92ClientCache][Stopped/Manual Start] [Pml Driver HPZ12 / Pml Driver HPZ12][Stopped/Manual Start] <><(File is missing)> [Ris Process Communication Center / RisCCenter][Stopped/Auto Start] [Rising RisTask Manager / RisTask][Running/Auto Start] <"d:\Program Files\Rising\Ris\RavTask.exe" RisTask> [Rising RealTime Monitor / RsRavMon][Stopped/Auto Start] [Rising Scan Service / RsScanSrv][Stopped/Auto Start] [TDQM Server / TdqmServerService][Stopped/Manual Start] <"C:\Program Files\NCR\Teradata DQM\server\tdqmserv.exe"> ================================== 驱动程序 [59015 / 59015][Stopped/Boot Start] <\SystemRoot\System32\drivers\59015.sys> [a347bus / a347bus][Running/Boot Start] <\SystemRoot\system32\DRIVERS\a347bus.sys><> [a347scsi / a347scsi][Running/Boot Start] <\SystemRoot\System32\Drivers\a347scsi.sys><> [aeaudio / aeaudio][Running/Manual Start] [Rising TDI Base Driver / BaseTDI][Running/Auto Start] [Intel(R) PRO Adapter Driver / E100B][Running/Manual Start] [hnt / hnt][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\hnt.sys> [hookcont / hookcont][Running/System Start] [hooksys / hooksys][Running/System Start] [ialm / ialm][Running/Manual Start] [Direct Parallel Link Driver / Ptilink][Running/Manual Start] [Rising RfwBase Driver / RfwBase9][Running/Manual Start] [rfwtdi / rfwtdi][Running/Auto Start] <\??\d:\Program Files\Rising\Ris\rfwtdi.sys> [rsfwdrv / rsfwdrv][Running/System Start] <\??\d:\Program Files\Rising\Ris\rsfwdrv.sys> [RsNTGDI / RsNTGDI][Running/Boot Start] <\SystemRoot\system32\Drivers\RsNTGdi.sys> [SafeBoxKrnl / SafeBoxKrnl][Running/System Start] <\??\C:\WINDOWS\system32\drivers\SafeBoxKrnl.sys><360安全中心> [Secdrv / Secdrv][Stopped/Manual Start] [SKNFW / SKNFW][Running/System Start] <\??\C:\WINDOWS\system32\Drivers\SKNFW.sys> [smwdm / smwdm][Running/Manual Start] [vncdrv / vncdrv][Running/Manual Start] [76985500 / 76985500][Stopped/Manual Start] <2 - 系统找不到指定的文件。 > ================================== 浏览器加载项 [SafeMon Class] {B69F34DD-F0F9-42DC-9EDD-957187DA688D} [Create Mobile Favorite] {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} [Create Mobile Favorite] {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} [信息检索(&R)] {92780B25-18CC-41C8-B9BE-3C9C571A8263} [AddSHCARoot Control] {098A3F72-3110-4004-B954-2F9DC44934B4} [Windows Genuine Advantage Validation Tool] {17492023-C23A-453E-A040-C7C580BBF700} [Siebel High Interactivity Framework] {252D8B73-FEEF-454D-97EB-F6BCF54DE48C} [PowerCreator VGAPlayer Control] {339C1EE2-1029-46B8-81F1-360217F26FC4} [EditCtrl Class] {488A4255-3236-44B3-8F27-FA1AECAA8844} [Hmdcx Control] {5D8B72ED-75CC-4311-BA2C-6EDCBAD3F2DD} [PDFEncrypt Control] {5E2664B2-F672-4956-B5B8-C07978766BDF} [IDFlowViewX Control] {7BD7A34E-F3EE-44B1-95A7-E04C2B7FB90C} [] {7C70EA74-C654-42E4-A011-494B6ABB209D} <, > [Windows.WindowsUc] {7F8626CA-48AD-4875-BDA1-83FD7CFD3C22} [163Uploader Control] {8686F2A6-DC01-4E8F-BDE3-DCC7DBBAD6AE} [AxSubmitControl Class] {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} [AddressDialogActiveForm Control] {977AEDDD-6591-49D6-8EA3-C0DF2440EE23} [M8ProxyOCX Control] {9B157FFF-F83E-426A-B78C-BFCA7A31AFC0} [Submit Class] {A3CD7F74-93C9-4BC4-B892-CCDF1514F714} [photo_uploader Control] {A984ED9F-E8DA-44E5-BC18-C14B9ABEF79D} [passport.FileObjectCtrl] {AB70C611-DE79-4DB5-B637-CCA50876E4D8} [ExamSaver Control] {D0FC51B8-8FD0-4A66-A68E-DA68F2233505} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [PDFCtrl.WordToPDF] {E0FE703B-0A98-4325-9885-8B626035EE13} [Rising Web Scan Object] {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} [PasswordEditCtrl Class] {E787FD25-8D7C-4693-AE67-9406BC6E22DF} [] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <, > [Web Browser Applet Control] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [AddSHCARoot Control] {098A3F72-3110-4004-B954-2F9DC44934B4} [CoDetect Class] {0DA7FE79-8391-4FA0-8F1E-57E61BDF0E35} [Windows Genuine Advantage Validation Tool] {17492023-C23A-453E-A040-C7C580BBF700} [] {18DF081C-E8AD-4283-A596-FA578C2EBDC3} <, > [] {19EFFC12-25FB-479A-A0F2-1569AE1B3365} <, > [Siebel Client Generic Control Class] {1B678040-F331-43CB-8FEB-6CC640E5FA89} [] {1DABF8D5-8430-4985-9B7F-A30E53D709B3} <, > [iTrusPTA Class] {1E0DFFCF-27FF-4574-849B-55007349FEDA} [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} [] {2318C2B1-4965-11D4-9B18-009027A5CD4F} <, > [Siebel High Interactivity Framework] {252D8B73-FEEF-454D-97EB-F6BCF54DE48C} [HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, (Signed) N/A> [Siebel Client List Control Class] {2A199AD4-B9CE-4095-947B-B688B864CE7E} [PGEdit Class] {2BFAA61B-5C83-4865-8281-D8BDBF863061} [Siebel Client Menu Class] {2CC89845-B361-45A8-A05D-A61205E235F5} [DHTML Edit Control Safe for Scripting for IE5] {2D360201-FFF5-11D1-8D03-00A0C959BC0A} [] {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} <, > [] {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} <, > [RealPlayer RAM Download Handler] {2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} [Tabular Data Control] {333C7BC4-460F-11D0-BC04-0080C7055A83} [PowerCreator VGAPlayer Control] {339C1EE2-1029-46B8-81F1-360217F26FC4} [] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <, > [PDFStamp Control] {43E83C05-A5E7-4C2A-9FD6-BC62F1CB1EC4} [Microsoft Office Control] {4453D895-F2A1-4A38-A285-1EF9BD3F6D5D} [XML Document] {48123BC4-99D9-11D1-A6B3-00C04FD91555} [EditCtrl Class] {488A4255-3236-44B3-8F27-FA1AECAA8844} [HHCtrl Object] {52A2AAAE-085D-4187-97EA-8C30DB990436} [Shell Name Space] {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A> [WangWangX Class] {5D09DD40-CDC4-4C56-B615-0D1E3B357C2B} [PDFEncrypt Control] {5E2664B2-F672-4956-B5B8-C07978766BDF} [Microsoft 外壳 UI 帮助程序] {64AB4BB7-111E-11D1-8F79-00C04FC2FBE1} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A> [StormPlayer Object] {6BE52E1D-E586-474F-A6E2-1A85A9B4D9FB} [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} [WangWangObj Class] {6E213FC7-DD5A-4115-B7E6-D4C7838C361E} [Active Desktop Mover] {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, (Signed) N/A> [] {769A6A36-ED24-4376-BC7C-80225BF35698} <, > [] {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} <, > [IDFlowViewX Control] {7BD7A34E-F3EE-44B1-95A7-E04C2B7FB90C} [163Uploader Control] {8686F2A6-DC01-4E8F-BDE3-DCC7DBBAD6AE} [360SafeLive] {87515F61-A66C-4319-A0E0-D416CB8059E3} [Microsoft Web 浏览器] {8856F961-340A-11D0-A96B-00C04FD705A2} [] {92780B25-18CC-41C8-B9BE-3C9C571A8263} <, > [AddressDialogActiveForm Control] {977AEDDD-6591-49D6-8EA3-C0DF2440EE23} [] {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} <, > [M8ProxyOCX Control] {9B157FFF-F83E-426A-B78C-BFCA7A31AFC0} [Submit Class] {A3CD7F74-93C9-4BC4-B892-CCDF1514F714} [] {AA58ED58-01DD-4D91-8333-CF10577473F7} <, > [passport.FileObjectCtrl] {AB70C611-DE79-4DB5-B637-CCA50876E4D8} [Microsoft Scriptlet Component] {AE24FDAE-03C6-11D1-8B76-0080C744F389} [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A> [SafeMon Class] {B69F34DD-F0F9-42DC-9EDD-957187DA688D} [QQCertCtrl Class] {BAEA0695-03A4-43BB-8495-C7025E1A8F42} [ImageUploader edition Control] {BB6633E1-FE3B-41A1-A2D3-D08400D828BC} [RDS.DataSpace] {BD96C556-65A3-11D0-983A-00C04FC29E36} [OWSClientMiscApis Class] {BDEADE3F-C265-11D0-BCED-00A0C90AB50F} [OWSBrowserUI Class] {BDEADE43-C265-11D0-BCED-00A0C90AB50F} [Siebel Client Tree Control Class] {C916D0A1-8E18-4255-BC5E-5B51756BB5A7} [CoCommandManager Class] {CBB63FF2-BF7F-4FFD-9FFB-237FC49DE22F} [AUDIO__MP3 Moniker Class] {CD3AFA76-B84F-48F0-9393-7EDC34128127} [AUDIO__WAV Moniker Class] {CD3AFA7B-B84F-48F0-9393-7EDC34128127} [AUDIO__X_MS_WMA Moniker Class] {CD3AFA84-B84F-48F0-9393-7EDC34128127} [VIDEO__AVI Moniker Class] {CD3AFA88-B84F-48F0-9393-7EDC34128127} [VIDEO__MPEG Moniker Class] {CD3AFA89-B84F-48F0-9393-7EDC34128127} [VIDEO__X_MS_ASF Moniker Class] {CD3AFA8F-B84F-48F0-9393-7EDC34128127} [VIDEO__X_MS_WMV Moniker Class] {CD3AFA94-B84F-48F0-9393-7EDC34128127} [RealPlayer G2 Control] {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} [ExamSaver Control] {D0FC51B8-8FD0-4A66-A68E-DA68F2233505} [] {D18A0B52-D63C-4ED0-AFC6-C1E3DC1AF43A} <, > [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [] {D9347033-9612-11D1-9D75-00C04FCC8CDC} <, > [CSSCoUINavCtrl Class] {DBE24DC9-196A-4754-ACCD-68934936DA76} [Siebel Client Toolbar Class] {DCB7630B-A32F-4093-A690-B21B2DA6D369} [PlayerCtrl Class] {E05BC2A3-9A46-4A32-80C9-023A473F5B23} [PDFCtrl.WordToPDF] {E0FE703B-0A98-4325-9885-8B626035EE13} [PasswordEditCtrl Class] {E787FD25-8D7C-4693-AE67-9406BC6E22DF} [safeInput Class] {ECCBA953-80E5-11D3-9285-0080ADB811C5} [safeInput Class] {ECCBA956-80E5-11D3-9285-0080ADB811C9} [iSee 保存所有图片] [iSee保存Flash] [iSee保存所有图片] [iSee读取Exif] [定位查看 GPS 卫星地图] [查看 Exif/GPS/IPTC 信息] [添加到QQ表情] [添加相册用户到iSee收藏] ================================== 正在运行的进程 [PID: 912 / SYSTEM][\SystemRoot\System32\smss.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 984 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1008 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.3889] [C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3.0.0.3889] [PID: 1052 / SYSTEM][C:\WINDOWS\system32\services.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1064 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1240 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1316 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1456 / SYSTEM][d:\Program Files\Rising\Ris\CCENTER.EXE] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2] [d:\Program Files\Rising\Ris\combase.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11] [d:\Program Files\Rising\Ris\cnt09.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 37] [d:\Program Files\Rising\Ris\cnt08.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1464 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [E:\oracle\ora92\bin\oci.dll] [Oracle Corporation, 9.2.0.1.0] [PID: 1540 / SYSTEM][d:\Program Files\Rising\Ris\RavTask.exe] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 24] [d:\Program Files\Rising\Ris\proccomm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [d:\Program Files\Rising\Ris\rsconf.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [d:\Program Files\Rising\Ris\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.1] [d:\Program Files\Rising\Ris\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.20] [d:\Program Files\Rising\Ris\rstask.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 39] [d:\Program Files\Rising\Ris\rsstub.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1652 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1672 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1972 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [(Verified) Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\HPBMMON.DLL] [Hewlett-Packard, 10.00.16] [C:\WINDOWS\system32\hpdomon.dll] [Hewlett-Packard, 03.42.00] [C:\WINDOWS\system32\HPBHealr.dll] [N/A, ] [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\IMFPrint.DLL] [Zenographics, Inc., 5, 54, 330, 0] [C:\WINDOWS\system32\Imf32.dll] [Zenographics, Inc., 5, 60, 1204, 0] [C:\WINDOWS\system32\ZTAG32.dll] [Zenographics, Inc., 5, 60, 1210, 0] [C:\WINDOWS\system32\ZSPOOL.dll] [Zenographics, Inc., 5, 51, 709, 0] [PID: 216 / SYSTEM][d:\Program Files\StormII\stormliv.exe] [北京暴风网际科技有限公司, 3, 8, 3, 15] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 304 / SYSTEM][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE] [Microsoft Corporation, 7.00.9466] [C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\2052\mdmui.dll] [Microsoft Corporation, 7.00.9466] [PID: 336 / SYSTEM][E:\oracle\ora92\bin\omtsreco.exe] [Oracle Corporation, 9.2.0.1.0] [E:\oracle\ora92\bin\OCI.dll] [Oracle Corporation, 9.2.0.1.0] [E:\oracle\ora92\bin\OraClient9.Dll] [Oracle Corporation, 9.2.0.1.0 Production ] [E:\oracle\ora92\bin\oracore9.dll] [Oracle Corporation, 9.2.0.1.0 Production] [E:\oracle\ora92\bin\oranls9.dll] [Oracle Corporation, 9.2.0.1.0 Production] [E:\oracle\ora92\bin\oraunls9.dll] [Oracle Corporation, 9.2.0.1.0 Production] [E:\oracle\ora92\bin\oravsn9.dll] [Oracle Corporation, 9.2.0.1.0 Production ] [E:\oracle\ora92\bin\oracommon9.dll] [Oracle Corporation, 9.2.0.1.0 Production ] [E:\oracle\ora92\bin\orageneric9.dll] [Oracle Corporation, 9.2.0.1.0 Production ] [E:\oracle\ora92\bin\oraxml9.dll] [Oracle Corporation, ] [E:\oracle\ora92\bin\oraxsd9.dll] [Oracle Corporation, ] [E:\oracle\ora92\bin\orannzsbb9.dll] [Oracle Corporation, 9.2.0.1.0 Production] [E:\oracle\ora92\bin\oran9.dll] [Oracle Corporation, 9.2.0.1.0 Production] [E:\oracle\ora92\bin\oranl9.dll] [Oracle Corporation, 9.2.0.1.0 Production] [E:\oracle\ora92\bin\oranldap9.dll] [Oracle Corporation, 9.2.0.1.0 Production] [E:\oracle\ora92\bin\oraldapclnt9.dll] [Oracle Corporation, 9.2.0.1.0 Production] [E:\oracle\ora92\bin\orancrypt9.dll] [Oracle Corporation, 9.2.0.1.0 Production] [E:\oracle\ora92\bin\ORATRACE9.dll] [N/A, ] [E:\oracle\ora92\bin\oranro9.dll] [Oracle Corporation, 9.2.0.1.0 Production] [E:\oracle\ora92\bin\oranhost9.dll] [Oracle Corporation, 9.2.0.1.0 Production] [E:\oracle\ora92\bin\oranoname9.dll] [Oracle Corporation, 9.2.0.1.0 Production] [E:\oracle\ora92\bin\orancds9.dll] [Oracle Corporation, 9.2.0.1.0 Production] [E:\oracle\ora92\bin\orantns9.dll] [Oracle Corporation, 9.2.0.1.0 Production] [E:\oracle\ora92\bin\oranms.dll] [Oracle Corporation, 9.2.0.0.0] [E:\oracle\ora92\bin\oranmsp.dll] [Oracle Corporation, 9.2.0.0.0] [E:\oracle\ora92\bin\orapls9.dll] [Oracle Corporation, 9.2.0.1.0 Production ] [E:\oracle\ora92\bin\oraslax9.dll] [Oracle Corporation, 9.2.0.1.0 Production] [E:\oracle\ora92\bin\orasnls9.dll] [Oracle Corporation, 9.2.0.1.0 Production] [E:\oracle\ora92\bin\orawtc9.dll] [Oracle Corporation, 9.2.0.1.0 Production ] [E:\oracle\ora92\bin\orasql9.dll] [Oracle Corporation, 9.2.0.1.0 Production] [E:\oracle\ora92\bin\omtsrecomsgus.dll] [Oracle Corporation, 9.2.0.0.1] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 708 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)] [PID: 964 / Administrator][C:\WINDOWS\Explorer.EXE] [(Verified) Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 9.0.0.2008061100] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762] [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.CHS] [Adobe Systems, Inc., 9.0.0.0] [D:\Program Files\SPX\engine.dll] [N/A, ] [C:\WINDOWS\system32\FREEWB.IME] [Delphi Fan Studio, 4.5] [C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12] [D:\360Safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1007] [C:\WINDOWS\system32\igfxpph.dll] [Intel Corporation, 3.0.0.3889] [C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3.0.0.3889] [C:\Program Files\WinRAR\rarext.dll] [N/A, ] [C:\Program Files\IDM Computer Solutions\UltraEdit-32\ue32ctmn.dll] [, 1, 0, 0, 1] [D:\Program Files\Alisoft\WangWang\AliIMExt.dll] [Alibaba software (Shanghai) Corporation., 1.0.0.1] [e:\Program Files\GlobalSCAPE\CuteFTP ZH\Cuteshell.dll] [GlobalSCAPE, Inc., 50, 6, 3, 2] [C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 3.0.0.3889] [C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.3889] [C:\WINDOWS\system32\igfxdev.dll] [Intel Corporation, 3.0.0.3889] [PID: 1796 / SYSTEM][d:\Program Files\Rising\Ris\rsnetsvr.exe] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 15] [d:\Program Files\Rising\Ris\NComm.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.12] [d:\Program Files\Rising\Ris\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [d:\Program Files\Rising\Ris\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [d:\Program Files\Rising\Ris\ProcComm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1856 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 320 / Administrator][C:\Program Files\GridService\peer.exe] [FS2YOU, 2, 1, 10, 8366] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 540 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 620 / Administrator][C:\Program Files\Microsoft Chinese Date & Time\ICalClk.exe] [Microsoft Corporation, 1.0.0129.0] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 896 / Administrator][E:\Program Files\Microsoft ActiveSync\wcescomm.exe] [Microsoft Corporation, 4.5.5096.0] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1432 / Administrator][E:\PROGRA~1\MICROS~1\rapimgr.exe] [Microsoft Corporation, 4.5.5096.0] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll] [Microsoft Corporation, 8.00.50727.762] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 516 / Administrator][D:\Program Files\SPX\spx.exe] [MoodySoft, 4.0.0.0] [D:\Program Files\SPX\ICQMAPI.dll] [N/A, ] [D:\Program Files\SPX\lpng.dll] [N/A, ] [D:\Program Files\SPX\freeze.dll] [N/A, ] [D:\Program Files\SPX\engine.dll] [N/A, ] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\FREEWB.IME] [Delphi Fan Studio, 4.5] [C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 5.00.2000.3] [D:\360Safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1007] [PID: 1132 / Administrator][E:\Program Files\Tencent\QQ\QQ.exe] [TENCENT, 8,0,1249,1853] [E:\Program Files\Tencent\QQ\QQBaseClassInDll.dll] [TENCENT, 8,0,1249,1853] [E:\Program Files\Tencent\QQ\QQHelperDll.dll] [TENCENT, 8,0,1249,1853] [E:\Program Files\Tencent\QQ\BasicCtrlDll.dll] [TENCENT, 8,0,1248,1851] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [E:\Program Files\Tencent\QQ\RICHED20.dll] [Microsoft Corporation, 5.31.23.1218] [E:\Program Files\Tencent\QQ\QQAPI.dll] [TENCENT, 8,0,1249,1853] [E:\Program Files\Tencent\QQ\LoginCtrl.dll] [TENCENT, 8,0,1249,1853] [E:\Program Files\Tencent\QQ\LoginCtrlRes.dll] [TENCENT, 8,0,1249,1853] [E:\Program Files\Tencent\QQ\QQRes.dll] [TENCENT, 8,0,978,1833] [D:\Program Files\SPX\engine.dll] [N/A, ] [E:\Program Files\Tencent\QQ\QQMainFrame.dll] [TENCENT, 8,0,1249,1853] [E:\Program Files\Tencent\QQ\UnReadMsgMgr.dll] [TENCENT, 8,0,1249,1853] [E:\Program Files\Tencent\QQ\QQAllInOne.dll] [TENCENT, 8,0,1249,1853] [E:\Program Files\Tencent\QQ\SCCore.dll] [TENCENT, 1, 6, 0, 2] [E:\Program Files\Tencent\QQ\CameraDll.dll] [TENCENT, 8,0,1249,1853] [E:\Program Files\Tencent\QQ\CQQApplication.dll] [TENCENT, 8,0,1249,1853] [E:\Program Files\Tencent\QQ\FlashAvatarDll.dll] [, 1, 0, 0, 1] [E:\Program Files\Tencent\QQ\NewSkin.dll] [TENCENT, 8,0,1249,1853] [E:\Program Files\Tencent\QQ\MailSummary.dll] [TENCENT, 8,0,1234,1851] [E:\Program Files\Tencent\QQ\QQSpace.dll] [TENCENT, 8,0,1249,1853] [E:\Program Files\Tencent\QQ\UserDefinedHead.dll] [TENCENT, 8,0,1249,1853] [E:\Program Files\Tencent\QQ\QQPlugin.dll] [TENCENT, 8,0,1249,1853] [C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx] [Adobe Systems, Inc., 9,0,124,0] [C:\WINDOWS\system32\msdmo.dll] [, ] [E:\Program Files\Tencent\QQ\QQAvatar.dll] [TENCENT, 8,0,1249,1853] [E:\Program Files\Tencent\QQ\OEMApplication.dll] [TENCENT, 8,0,1249,1853] [E:\Program Files\Tencent\QQ\QQKnowledgeSearch.dll] [TENCENT, 8,0,1249,1853] [E:\Program Files\Tencent\QQ\QQGroupMng.dll] [TENCENT, 8,0,1249,1853] [E:\Program Files\Tencent\QQ\QQCustomFace.dll] [TENCENT, 8,0,1249,1853] [E:\Program Files\Tencent\QQ\QQPet.dll] [TENCENT, 8,0,1249,1853] [E:\Program Files\Tencent\QQ\QQSysMsgMng.dll] [TENCENT, 8,0,1249,1853] [E:\Program Files\Tencent\QQ\QQConfigPlugin.dll] [TENCENT, 8,0,1249,1853] [E:\Program Files\Tencent\QQ\GroupConnection.dll] [TENCENT, 8,0,1249,1851] [E:\Program Files\Tencent\QQ\QQMagicFace.dll] [TENCENT, 8,0,1249,1853] [E:\Program Files\Tencent\QQ\ImageOle.dll] [TENCENT, 8,0,1249,1853] [E:\Program Files\Tencent\QQ\QRingMng.dll] [TENCENT, 8,0,1249,1853] [E:\Program Files\Tencent\QQ\QQLiveQMng.dll] [TENCENT, 8,0,1249,1853] [E:\Program Files\Tencent\QQ\LongConnection.dll] [TENCENT, 8,0,1249,1851] [E:\Program Files\Tencent\QQ\PhoneAPI.dll] [TENCENT, 8,0,1249,1853] [E:\Program Files\Tencent\QQ\DialerAllinOne.dll] [tencent, 1, 4, 0, 0] [C:\WINDOWS\system32\FREEWB.IME] [Delphi Fan Studio, 4.5] [E:\Program Files\Tencent\QQ\BQQApplication.dll] [TENCENT, 8,0,1249,1853] [E:\Program Files\Tencent\QQ\CommercesMng.dll] [TENCENT, 8,0,1249,1853] [E:\Program Files\Tencent\QQ\PersonalDesktop.dll] [TENCENT, 8,0,1249,1853] [E:\Program Files\Tencent\QQ\QQAddr.dll] [深圳市腾讯计算机系统有限公司, 5, 0, 101, 330] [E:\Program Files\Tencent\QQ\QQSceneMng.dll] [TENCENT, 8,0,1249,1853] [d:\Program Files\Rising\Ris\RavScrCh.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.74] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [E:\Program Files\Tencent\QQ\AddrSearch.dll] [Tencent, 2, 3, 12, 11] [E:\Program Files\Tencent\QQ\QQMsgFriendMng.dll] [TENCENT, 8,0,1249,1853] [E:\Program Files\Tencent\QQ\QQZip.dll] [TENCENT, 8,0,1249,1851] [E:\Program Files\Tencent\QQ\CPaiPaiApplication.dll] [, 8,0,1249,1853] [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.CHS] [Adobe Systems, Inc., 9.0.0.0] [E:\Program Files\Tencent\QQ\QQFileTransfer.dll] [TENCENT, 8,0,1249,1851] [C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12] [D:\360Safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1007] [PID: 1708 / Administrator][e:\Program Files\Tencent\QQ\TXPlatform.exe] [Tencent, 1, 5, 225, 0] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 2808 / Administrator][E:\Program Files\Microsoft ActiveSync\WCESMgr.exe] [Microsoft Corporation, 4.5.5096.0] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL] [Microsoft Corporation, 8.00.50727.762] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL] [Microsoft Corporation, 8.00.50727.762] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll] [Microsoft Corporation, 8.00.50727.762] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80CHS.DLL] [Microsoft Corporation, 8.00.50727.762] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [D:\Program Files\SPX\engine.dll] [N/A, ] [PID: 1960 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1544 / Administrator][D:\Program Files\PLSQL Developer\PLSQLDev.exe] [Allround Automations, 7.0.0.1050] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [E:\oracle\ora92\bin\oci.dll] [Oracle Corporation, 9.2.0.1.0] [D:\Program Files\SPX\engine.dll] [N/A, ] [E:\oracle\ora92\bin\OraClient9.Dll] [Oracle Corporation, 9.2.0.1.0 Production ] [C:\WINDOWS\system32\oracore9.dll] [Oracle Corporation, 9.2.0.1.0 Production] [C:\WINDOWS\system32\oranls9.dll] [Oracle Corporation, 9.2.0.1.0 Production] [C:\WINDOWS\system32\oraunls9.dll] [Oracle Corporation, 9.2.0.1.0 Production] [E:\oracle\ora92\bin\oravsn9.dll] [Oracle Corporation, 9.2.0.1.0 Production ] [E:\oracle\ora92\bin\oracommon9.dll] [Oracle Corporation, 9.2.0.1.0 Production ] [E:\oracle\ora92\bin\orageneric9.dll] [Oracle Corporation, 9.2.0.1.0 Production ] [E:\oracle\ora92\bin\oraxml9.dll] [Oracle Corporation, ] [E:\oracle\ora92\bin\oraxsd9.dll] [Oracle Corporation, ] [E:\oracle\ora92\bin\orannzsbb9.dll] [Oracle Corporation, 9.2.0.1.0 Production] [E:\oracle\ora92\bin\oran9.dll] [Oracle Corporation, 9.2.0.1.0 Production] [E:\oracle\ora92\bin\oranl9.dll] [Oracle Corporation, 9.2.0.1.0 Production] [E:\oracle\ora92\bin\oranldap9.dll] [Oracle Corporation, 9.2.0.1.0 Production] [E:\oracle\ora92\bin\oraldapclnt9.dll] [Oracle Corporation, 9.2.0.1.0 Production] [E:\oracle\ora92\bin\orancrypt9.dll] [Oracle Corporation, 9.2.0.1.0 Production] [E:\oracle\ora92\bin\ORATRACE9.dll] [N/A, ] [E:\oracle\ora92\bin\oranro9.dll] [Oracle Corporation, 9.2.0.1.0 Production] [E:\oracle\ora92\bin\oranhost9.dll] [Oracle Corporation, 9.2.0.1.0 Production] [E:\oracle\ora92\bin\oranoname9.dll] [Oracle Corporation, 9.2.0.1.0 Production] [E:\oracle\ora92\bin\orancds9.dll] [Oracle Corporation, 9.2.0.1.0 Production] [E:\oracle\ora92\bin\orantns9.dll] [Oracle Corporation, 9.2.0.1.0 Production] [E:\oracle\ora92\bin\oranms.dll] [Oracle Corporation, 9.2.0.0.0] [E:\oracle\ora92\bin\oranmsp.dll] [Oracle Corporation, 9.2.0.0.0] [E:\oracle\ora92\bin\orapls9.dll] [Oracle Corporation, 9.2.0.1.0 Production ] [E:\oracle\ora92\bin\oraslax9.dll] [Oracle Corporation, 9.2.0.1.0 Production] [E:\oracle\ora92\bin\orasnls9.dll] [Oracle Corporation, 9.2.0.1.0 Production] [E:\oracle\ora92\bin\orawtc9.dll] [Oracle Corporation, 9.2.0.1.0 Production ] [E:\oracle\ora92\bin\orasql9.dll] [Oracle Corporation, 9.2.0.1.0 Production] [E:\oracle\ora92\bin\orantcp9.dll] [Oracle Corporation, 9.2.0.1.0 Production] [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\SDNT5UI.DLL] [Zenographics, Inc., 5.60.709.0] [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\SDDM32.DLL] [Zenographics, Inc., 5, 60, 1511, 0] [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ZSPOOL.dll] [Zenographics, Inc., 5, 51, 709, 0] [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ZGDI32.dll] [Zenographics, Inc., 5, 60, 709, 0] [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ZTAG32.dll] [Zenographics, Inc., 5, 60, 1210, 0] [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\SDDMUI.DLL] [Zenographics, Inc., 5, 60, 1520, 0] [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\SR32.dll] [Zenographics, Inc., 5, 60, 1407, 0] [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\IMFNT5.DLL] [Zenographics, Inc., 0, 3, 1418, 0] [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\Imf32.dll] [Zenographics, Inc., 5, 60, 1204, 0] [D:\360Safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1007] [PID: 2756 / SYSTEM][d:\Program Files\Rising\Ris\ScanFrm.exe] [Beijing Rising Information Technology Co., Ltd., 21.0.0.11] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [d:\Program Files\Rising\Ris\combase.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11] [d:\Program Files\Rising\Ris\moncomm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13] [d:\Program Files\Rising\Ris\scansrvp.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.13] [d:\Program Files\Rising\Ris\proccomm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46] [d:\Program Files\Rising\Ris\ScanSrv.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.10] [d:\Program Files\Rising\Ris\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [d:\Program Files\Rising\Ris\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [d:\Program Files\Rising\Ris\ScanRavT.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.27] [d:\Program Files\Rising\Ris\ScanBT.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.49] [d:\Program Files\Rising\Ris\ScanStub.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.9] [d:\Program Files\Rising\Ris\ScanAdd.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.19] [d:\Program Files\Rising\Ris\ScanSimT.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.24] [d:\Program Files\Rising\Ris\RsLog.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [d:\Program Files\Rising\Ris\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.1] [d:\Program Files\Rising\Ris\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.20] [d:\Program Files\Rising\Ris\Scanner.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.39] [d:\Program Files\Rising\Ris\recomp.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [d:\Program Files\Rising\Ris\refs.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3] [d:\Program Files\Rising\Ris\viruslib.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5] [d:\Program Files\Rising\Ris\relibldr.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 6] [PID: 2580 / Administrator][D:\PROGRAM FILES\RISING\RIS\RSTRAY.EXE] [Beijing Rising Information Technology Co., Ltd., 21.0.0.22] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [D:\PROGRAM FILES\RISING\RIS\ComServ.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.49] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [D:\PROGRAM FILES\RISING\RIS\rslang.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 28] [D:\PROGRAM FILES\RISING\RIS\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [D:\PROGRAM FILES\RISING\RIS\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [D:\PROGRAM FILES\RISING\RIS\rsxml.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2] [D:\PROGRAM FILES\RISING\RIS\ProcComm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46] [D:\PROGRAM FILES\RISING\RIS\MonState.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7] [D:\PROGRAM FILES\RISING\RIS\ScanEvnt.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.14] [D:\PROGRAM FILES\RISING\RIS\rsguilib.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 75] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0] [D:\PROGRAM FILES\RISING\RIS\rsconf.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [D:\PROGRAM FILES\RISING\RIS\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.1] [D:\PROGRAM FILES\RISING\RIS\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.20] [D:\PROGRAM FILES\RISING\RIS\rfwrule.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.25] [D:\PROGRAM FILES\RISING\RIS\rspalvd.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.26] [D:\PROGRAM FILES\RISING\RIS\rsnetsvr.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 14] [D:\PROGRAM FILES\RISING\RIS\ravbintl.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 29] [D:\PROGRAM FILES\RISING\RIS\mruleui.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 10] [D:\PROGRAM FILES\RISING\RIS\MonTray.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.1.4] [D:\PROGRAM FILES\RISING\RIS\PngDll.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [D:\PROGRAM FILES\RISING\RIS\RavITray.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 23] [D:\PROGRAM FILES\RISING\RIS\ScanPrxy.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.17] [D:\PROGRAM FILES\RISING\RIS\rfwtray.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 1, 12] [D:\PROGRAM FILES\RISING\RIS\rsmginfo.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11] [D:\PROGRAM FILES\RISING\RIS\rfwlog.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13] [PID: 676 / SYSTEM][d:\Program Files\Rising\Ris\RavMonD.exe] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2] [d:\Program Files\Rising\Ris\combase.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [d:\Program Files\Rising\Ris\moncomm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13] [d:\Program Files\Rising\Ris\MonBase.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 6] [d:\Program Files\Rising\Ris\Rslog.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [d:\Program Files\Rising\Ris\mondrv.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9] [d:\Program Files\Rising\Ris\defmon.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 31] [d:\Program Files\Rising\Ris\moncom08.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1] [d:\Program Files\Rising\Ris\MonRule.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9] [d:\Program Files\Rising\Ris\FileMon.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 28] [d:\Program Files\Rising\Ris\MailMon.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 24] [d:\Program Files\Rising\Ris\HookWeb.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11] [d:\Program Files\Rising\Ris\rfwlog.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13] [d:\Program Files\Rising\Ris\rfwrule.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.25] [d:\Program Files\Rising\Ris\rfwsrv.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.89] [d:\Program Files\Rising\Ris\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [d:\Program Files\Rising\Ris\mPorts.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.0] [d:\Program Files\Rising\Ris\rfwdrvc.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.3] [d:\Program Files\Rising\Ris\Rfwdrv.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.5] [d:\Program Files\Rising\Ris\rsnetsvr.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 14] [d:\Program Files\Rising\Ris\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [d:\Program Files\Rising\Ris\urlrule.dll] [Beijing Rising Information Technology Co., Ltd., 1.0.0.18] [d:\Program Files\Rising\Ris\recomp.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [d:\Program Files\Rising\Ris\refs.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3] [d:\Program Files\Rising\Ris\viruslib.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5] [d:\Program Files\Rising\Ris\relibldr.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 6] [d:\Program Files\Rising\Ris\rfwproxy.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.25] [d:\Program Files\Rising\Ris\proccomm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46] [d:\Program Files\Rising\Ris\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.1] [d:\Program Files\Rising\Ris\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.20] [d:\Program Files\Rising\Ris\Hooksys.dll] [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 18] [d:\Program Files\Rising\Ris\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [d:\Program Files\Rising\Ris\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [d:\Program Files\Rising\Ris\HookCont.dll] [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 12] [d:\Program Files\Rising\Ris\BACore.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 22] [d:\Program Files\Rising\Ris\RSStore.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12] [d:\Program Files\Rising\Ris\ScanAdd.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.19] [d:\Program Files\Rising\Ris\Scanner.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.39] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [d:\Program Files\Rising\Ris\ffr.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3] [d:\Program Files\Rising\Ris\nvfile.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3] [d:\Program Files\Rising\Ris\scanexec.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 6] [d:\Program Files\Rising\Ris\unexe.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2] [d:\Program Files\Rising\Ris\scanex.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46] [d:\Program Files\Rising\Ris\urllib.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1] [d:\Program Files\Rising\Ris\extfile.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 14] [d:\Program Files\Rising\Ris\scansct.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3] [d:\Program Files\Rising\Ris\pearc.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [d:\Program Files\Rising\Ris\scanpe.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 14] [d:\Program Files\Rising\Ris\ur000.dat] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13] [d:\Program Files\Rising\Ris\urutils.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [d:\Program Files\Rising\Ris\methodex.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2] [d:\Program Files\Rising\Ris\posttrt.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2] [d:\Program Files\Rising\Ris\pecompd.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1] [d:\Program Files\Rising\Ris\heurex.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2] [d:\Program Files\Rising\Ris\revm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7] [d:\Program Files\Rising\Ris\ur025.dat] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1] [d:\Program Files\Rising\Ris\scriptci.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1] [d:\Program Files\Rising\Ris\uroutine.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [d:\Program Files\Rising\Ris\ur003.dat] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3] [d:\Program Files\Rising\Ris\ur001.dat] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7] [d:\Program Files\Rising\Ris\ur021.dat] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2] [d:\Program Files\Rising\Ris\extmail.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5] [d:\Program Files\Rising\Ris\ur023.dat] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 6] [PID: 2384 / Administrator][E:\oracle\ora92\bin\sqlplusw.exe] [Oracle Corporation, 9.2.0.1.0] [E:\oracle\ora92\bin\oraclient9.dll] [Oracle Corporation, 9.2.0.1.0 Production ] [E:\oracle\ora92\bin\oracore9.dll] [Oracle Corporation, 9.2.0.1.0 Production] [E:\oracle\ora92\bin\oranls9.dll] [Oracle Corporation, 9.2.0.1.0 Production] [E:\oracle\ora92\bin\oraunls9.dll] [Oracle Corporation, 9.2.0.1.0 Production] [E:\oracle\ora92\bin\oravsn9.dll] [Oracle Corporation, 9.2.0.1.0 Production ] [E:\oracle\ora92\bin\oracommon9.dll] [Oracle Corporation, 9.2.0.1.0 Production ] [E:\oracle\ora92\bin\orageneric9.dll] [Oracle Corporation, 9.2.0.1.0 Production ] [E:\oracle\ora92\bin\oraxml9.dll] [Oracle Corporation, ] [E:\oracle\ora92\bin\oraxsd9.dll] [Oracle Corporation, ] [E:\oracle\ora92\bin\orannzsbb9.dll] [Oracle Corporation, 9.2.0.1.0 Production] [E:\oracle\ora92\bin\oran9.dll] [Oracle Corporation, 9.2.0.1.0 Production] [E:\oracle\ora92\bin\oranl9.dll] [Oracle Corporation, 9.2.0.1.0 Production] [E:\oracle\ora92\bin\oranldap9.dll] [Oracle Corporation, 9.2.0.1.0 Production] [E:\oracle\ora92\bin\oraldapclnt9.dll] [Oracle Corporation, 9.2.0.1.0 Production] [E:\oracle\ora92\bin\orancrypt9.dll] [Oracle Corporation, 9.2.0.1.0 Production] [E:\oracle\ora92\bin\ORATRACE9.dll] [N/A, ] [E:\oracle\ora92\bin\oranro9.dll] [Oracle Corporation, 9.2.0.1.0 Production] [E:\oracle\ora92\bin\oranhost9.dll] [Oracle Corporation, 9.2.0.1.0 Production] [E:\oracle\ora92\bin\oranoname9.dll] [Oracle Corporation, 9.2.0.1.0 Production] [E:\oracle\ora92\bin\orancds9.dll] [Oracle Corporation, 9.2.0.1.0 Production] [E:\oracle\ora92\bin\orantns9.dll] [Oracle Corporation, 9.2.0.1.0 Production] [E:\oracle\ora92\bin\oranms.dll] [Oracle Corporation, 9.2.0.0.0] [E:\oracle\ora92\bin\oranmsp.dll] [Oracle Corporation, 9.2.0.0.0] [E:\oracle\ora92\bin\orapls9.dll] [Oracle Corporation, 9.2.0.1.0 Production ] [E:\oracle\ora92\bin\oraslax9.dll] [Oracle Corporation, 9.2.0.1.0 Production] [E:\oracle\ora92\bin\orasnls9.dll] [Oracle Corporation, 9.2.0.1.0 Production] [E:\oracle\ora92\bin\orawtc9.dll] [Oracle Corporation, 9.2.0.1.0 Production ] [E:\oracle\ora92\bin\orasql9.dll] [Oracle Corporation, 9.2.0.1.0 Production] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [D:\Program Files\SPX\engine.dll] [N/A, ] [E:\oracle\ora92\bin\orantcp9.dll] [Oracle Corporation, 9.2.0.1.0 Production] [D:\360Safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1007] [PID: 2192 / Administrator][E:\Program Files\Mozilla Firefox\firefox.exe] [Mozilla Corporation, 1.9.0.10] [E:\Program Files\Mozilla Firefox\xul.dll] [Mozilla Foundation, 1.9.0.10] [E:\Program Files\Mozilla Firefox\sqlite3.dll] [sqlite.org, 3.5.9] [E:\Program Files\Mozilla Firefox\MOZCRT19.dll] [Mozilla Foundation, 8.00.0000] [E:\Program Files\Mozilla Firefox\js3250.dll] [Netscape Communications Corporation, 4.0] [E:\Program Files\Mozilla Firefox\nspr4.dll] [Mozilla Foundation, 4.7.3] [E:\Program Files\Mozilla Firefox\smime3.dll] [Mozilla Foundation, 3.12.2.0 Basic ECC] [E:\Program Files\Mozilla Firefox\nss3.dll] [Mozilla Foundation, 3.12.2.0 Basic ECC] [E:\Program Files\Mozilla Firefox\nssutil3.dll] [Mozilla Foundation, 3.12.2.0 Basic ECC] [E:\Program Files\Mozilla Firefox\plc4.dll] [Mozilla Foundation, 4.7.3] [E:\Program Files\Mozilla Firefox\plds4.dll] [Mozilla Foundation, 4.7.3] [E:\Program Files\Mozilla Firefox\ssl3.dll] [Mozilla Foundation, 3.12.2.0 Basic ECC] [E:\Program Files\Mozilla Firefox\xpcom.dll] [Mozilla Foundation, 1.9.0.10] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [D:\360Safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1007] [E:\Program Files\Mozilla Firefox\components\browserdirprovider.dll] [Mozilla Foundation, 1.9.0.10] [E:\Program Files\Mozilla Firefox\components\brwsrcmp.dll] [Mozilla Foundation, 1.9.0.10] [E:\Program Files\Mozilla Firefox\softokn3.dll] [Mozilla Foundation, 3.12.2.0 Basic ECC] [E:\Program Files\Mozilla Firefox\nssdbm3.dll] [Mozilla Foundation, 3.12.2.0 Basic ECC] [E:\Program Files\Mozilla Firefox\freebl3.dll] [Mozilla Foundation, 3.12.2.0 Basic ECC] [E:\Program Files\Mozilla Firefox\nssckbi.dll] [Mozilla Foundation, 1.73] [D:\Program Files\SPX\engine.dll] [N/A, ] [C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12] [C:\WINDOWS\system32\icm32.dll] [Microsoft Corporation, 5.1.2600.2709 (xpsp_sp2_gdr.050628-1518)] [PID: 3328 / Administrator][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [D:\360Safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1007] [D:\Program Files\SPX\engine.dll] [N/A, ] [d:\Program Files\Rising\Ris\RavScrCh.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.74] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx] [Adobe Systems, Inc., 9,0,124,0] [C:\WINDOWS\system32\mscoree.dll] [Microsoft Corporation, 2.0.50727.832 (QFE.050727-8300)] [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll] [Microsoft Corporation, 2.0.50727.832 (QFE.050727-8300)] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762] [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.CHS] [Adobe Systems, Inc., 9.0.0.0] [PID: 2224 / Administrator][F:\工具集\常用软件\sreng2.71.1261%e7%89%88\sr-engldr.EXE] [Smallfrogs Studio, 2.7.1.1261] [PID: 2500 / Administrator][F:\工具集\常用软件\sreng2.71.1261%e7%89%88\SRE2dbd6102.EXE] [Smallfrogs Studio, 2.7.1.1261] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [D:\360Safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1007] [D:\Program Files\SPX\engine.dll] [N/A, ] [F:\工具集\常用软件\sreng2.71.1261%e7%89%88\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15] ================================== 文件关联 .TXT Error. [C:\WINDOWS\notepad.exe %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM Error. ["hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 N/A ================================== Autorun.inf N/A ================================== HOSTS 文件 127.0.0.1 sams.nikonimaging.com 127.0.0.1 yu.8s7.net 127.0.0.1 1.jopanqc.com 127.0.0.1 2.joppnqq.com 127.0.0.1 wg.47255.com 127.0.0.1 1.joppnqq.com 127.0.0.1 xxx.m111.biz 127.0.0.1 1.jopenqc.com 127.0.0.1 1.jopenkk.com 127.0.0.1 xxx.vh7.biz 127.0.0.1 xxx.j41m.com 127.0.0.1 3.joppnqq.com 127.0.0.1 d.93se.com 127.0.0.1 www.868wg.com 127.0.0.1 xxx.mmma.biz 127.0.0.1 ilove.com 127.0.0.1 tp.shpzhan.cn 127.0.0.1 www.tomwg.com 127.0.0.1 www.cike007.cn 127.0.0.1 www.22aaa.com 127.0.0.1 xx.exiao01.com 127.0.0.1 www.exiao01.com 127.0.0.1 www.exiao01.com 127.0.0.1 new.749571.com 127.0.0.1 xtx.kv8.info 127.0.0.1 cao.kv8.info 127.0.0.1 1.jopmmqq.com 127.0.0.1 171817.171817.com 127.0.0.1 d2.llsging.com 127.0.0.1 down.malasc.cn 127.0.0.1 llboss.com 127.0.0.1 nx.51ylb.cn 127.0.0.1 my.531jx.cn 127.0.0.1 qqq.dzydhx.com 127.0.0.1 qqq.hao1658.com 127.0.0.1 www.333292.com 127.0.0.1 down.18dd.net 127.0.0.1 up.22x44.com 127.0.0.1 aaa.faba01.com 127.0.0.1 bad.tqdlt.cn 127.0.0.1 1.chsipo.com 127.0.0.1 c3.aishangai.net 127.0.0.1 c2.aishangai.net 127.0.0.1 xxx.188dm.com 127.0.0.1 x2.1a2b3c1.com 127.0.0.1 d1.163500.net 127.0.0.1 down.google-serv.cn 127.0.0.1 windowsupdeta.cn 127.0.0.1 sl8cjs.cn 127.0.0.1 pvs360.com ================================== 进程特权扫描 特殊特权被允许: SeLoadDriverPrivilege [PID = 516, D:\PROGRAM FILES\SPX\SPX.EXE] 特殊特权被允许: SeLoadDriverPrivilege [PID = 1544, D:\PROGRAM FILES\PLSQL DEVELOPER\PLSQLDEV.EXE] 特殊特权被允许: SeLoadDriverPrivilege [PID = 2384, E:\ORACLE\ORA92\BIN\SQLPLUSW.EXE] 特殊特权被允许: SeLoadDriverPrivilege [PID = 2224, F:\工具集\常用软件\SRENG2.71.1261%E7%89%88\SR-ENGLDR.EXE] ================================== 计划任务 N/A ================================== API HOOK N/A ================================== 隐藏进程 N/A ================================== [/CODE]