[CODE] 2009-09-09,22:44:00 System Repair Engineer 2.8.1.1279 Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能以下内容被选中：所有的启动项目（包括注册表、启动文件夹、服务等）浏览器加载项正在运行的进程（包括进程模块信息）文件关联 Winsock 提供者 Autorun.inf HOSTS 文件进程特权扫描计划任务 Windows 安全更新检查 API HOOK 隐藏进程启动项目注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <"C:\Program Files\Rising\AntiSpyware\rstray.exe" /startup> [(Verified)Beijing Rising Information Technology Corporation Limited] <"d:\Tencent\QQLive\QQLiveOneClick.exe" -system_startup> [File is missing] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Publisher] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{AEB6717E-7E19-11d0-97EE-00C04FD91972}> [(Verified)Microsoft Windows Component Publisher] <{32CD708B-60A7-4C00-9377-D73EAA495F0F}> [(Verified)Beijing Rising Information Technology Corporation Limited] <{E3531A16-FFEA-416F-82DF-32FEDE02EABF}> [] <{4894F5C2-169D-4DAC-A982-444B9BDB3AC4}> [] <{610B6886-2A1A-475A-A842-65A613C70460}> [] <{E9C84B05-22D2-4820-99B0-4AAAA7CD6A5D}> [] <{51716C09-6B08-4CCF-B526-718E912C0573}> [] <{87DE8A1A-96C5-4420-B222-EF998F697CE7}> [] <{B7D59563-AD35-4D2B-B174-7A61A0BC829B}> [] <{44F0085F-F868-4528-B15A-378BBAE66523}> [] <{765BA0B5-EBE4-4B1A-AFDA-5683606F626C}> [] <{A600E212-2A41-41BC-92F1-ED5C96B06185}> [] <{76CBCF38-0583-44C7-A1AE-D463DFE625EC}> [] <{5405A7B2-F3F5-446F-8715-2A4EF674E079}> [] <{704C3595-DB85-40F6-A601-8D6F346907BD}> [] <{7938BD2F-0143-4C46-991C-71069712D9D9}> [] <{8708994F-1758-4C2C-9A3F-FA22D6CCCB41}> [] <{122B901E-493F-4AD9-BC69-7DE8C3E52FCC}> [] <{7BCD75AC-7DF8-4B42-9B00-4FEA1CE14755}> [] <{24144CB8-10ED-4BFC-843F-68A9F3369947}> [] <{C1B34818-3883-4A0A-9665-189A8A39EAB0}> [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] <%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher] <%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher] <%SystemRoot%\system32\webcheck.dll> [(Verified)Microsoft Windows Publisher] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher] <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] <浏览器自定义组件> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] <%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] <%SystemRoot%\system32\ie4uinit.exe> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E6389DF0-CF0D-4018-82C6-7EF518E3262E}] [] ================================== 启动文件夹 N/A ================================== 服务 [Help and Support / helpsvc][Stopped/Disabled] %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll> [Human Interface Device Access / HidServ][Stopped/Disabled] %SystemRoot%\System32\hidserv.dll> [NetMeeting Remote Desktop Sharing / mnmsrvc][Stopped/Disabled] <><(File is missing)> [Rising Process Communication Center / RsCCenter][Stopped/Auto Start] <><(File is missing)> [Rising RealTime Monitor / RsRavMon][Stopped/Auto Start] <><(File is missing)> ================================== 驱动程序 [A320RAID / A320RAID][Stopped/Boot Start] <\SystemRoot\System32\Drivers\a320raid.sys> [ADPU320 / ADPU320][Stopped/Boot Start] <\SystemRoot\System32\Drivers\adpu320.sys> [ahci8086 / ahci8086][Running/Boot Start] <\SystemRoot\System32\Drivers\ahci8086.sys> [AmdK8 Compatible Device / AmdK8][Stopped/Manual Start] [CSB6IDE / CSB6IDE][Running/Boot Start] <\SystemRoot\System32\Drivers\csb6ide.sys> [FASTTRAK / FASTTRAK][Running/Boot Start] <\SystemRoot\System32\Drivers\fasttrak.sys> [VIA Rhine Family Fast Ethernet Adapter Driver Service / FETNDISB][Stopped/Manual Start] [usb Card Device / ft2kEnum][Running/Manual Start] [FTSATA2 / FTSATA2][Running/Boot Start] <\SystemRoot\System32\Drivers\ftsata2.sys> [USB Chip Holder Service / GDBaseSmc][Running/Manual Start] [HookCont / HookCont][Running/System Start] <\SystemRoot\system32\drivers\HookCont.sys> [HookNtos / HookNtos][Running/System Start] <\SystemRoot\system32\drivers\HookNtos.sys> [HookReg / HookReg][Running/System Start] <\SystemRoot\system32\drivers\HookReg.sys> [HookSys / HookSys][Running/System Start] <\SystemRoot\system32\drivers\HookSys.sys> [IASTOR / IASTOR][Running/Boot Start] <\SystemRoot\System32\Drivers\iaStor.sys> [ITERAID / ITERAID][Stopped/Boot Start] <\SystemRoot\System32\Drivers\iteraid.sys> [JRAID / JRAID][Running/Boot Start] <\SystemRoot\System32\Drivers\JRAID.SYS> [M5228 / M5228][Stopped/Boot Start] <\SystemRoot\System32\Drivers\m5228.sys> [M5281 / M5281][Running/Boot Start] <\SystemRoot\System32\Drivers\m5281.sys> [M5289 / M5289][Running/Boot Start] <\SystemRoot\System32\Drivers\m5289.sys> [nv / nv][Running/Manual Start] [NVATABUS / NVATABUS][Running/Boot Start] <\SystemRoot\System32\Drivers\NVATABUS.SYS> [NVRAID / NVRAID][Running/Boot Start] <\SystemRoot\System32\Drivers\NVRAID.SYS> [Direct Parallel Link Driver / Ptilink][Running/Manual Start] [SmartCard Reader Device / Reader_Device][Running/Manual Start] [RsNTGDI / RsNTGDI][Running/Boot Start] <\SystemRoot\system32\Drivers\RsNTGdi.sys> [Realtek 10/100/1000 PCI NIC Family NDIS XP Driver / RTL8023xp][Running/Manual Start] [Secdrv / Secdrv][Stopped/Manual Start] [SI3112R / SI3112R][Stopped/Boot Start] <\SystemRoot\System32\Drivers\SI3112r.sys> [SI3114R / SI3114R][Stopped/Boot Start] <\SystemRoot\SYSTEM32\Drivers\SI3114R.sys> [SI3114R5 / SI3114R5][Stopped/Boot Start] <\SystemRoot\System32\Drivers\Si3114r5.sys> [SI3124 / SI3124][Stopped/Boot Start] <\SystemRoot\SYSTEM32\Drivers\SI3124.sys> [SI3124R / SI3124R][Stopped/Boot Start] <\SystemRoot\SYSTEM32\Drivers\SI3124R.sys> [SI3124R5 / SI3124R5][Stopped/Boot Start] <\SystemRoot\SYSTEM32\Drivers\Si3124r5.sys> [SI3132 / SI3132][Stopped/Boot Start] <\SystemRoot\System32\Drivers\SI3132.sys> [SI3132R5 / SI3132R5][Stopped/Boot Start] <\SystemRoot\System32\Drivers\Si3132r5.sys> [SISRAID2 / SISRAID2][Stopped/Boot Start] <\SystemRoot\System32\Drivers\SiSRaid2.sys> [SISRAID4 / SISRAID4][Stopped/Boot Start] <\SystemRoot\System32\Drivers\SiSRaid4.sys> [System Restore Filter Driver / sr][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\sr.sys> [SYMMPI / SYMMPI][Stopped/Boot Start] <\SystemRoot\System32\Drivers\symmpi.sys> [sym_hi / sym_hi][Running/Boot Start] <\SystemRoot\System32\Drivers\sym_hi.sys> [sym_u3 / sym_u3][Running/Boot Start] <\SystemRoot\System32\Drivers\sym_u3.sys> [ULSATA / ULSATA][Running/Boot Start] <\SystemRoot\System32\Drivers\ulsata.sys> [ULSATA2 / ULSATA2][Running/Boot Start] <\SystemRoot\System32\Drivers\ulsata2.sys> [VIA AGP Filter / viaagp1][Running/Boot Start] <\SystemRoot\system32\DRIVERS\viaagp1.sys> [VIAMRAID / VIAMRAID][Stopped/Boot Start] <\SystemRoot\System32\Drivers\viamraid.sys> [VIA AC'97 Audio Controller (WDM) / VIAudio][Running/Manual Start] [vmscsi / vmscsi][Stopped/Boot Start] <\SystemRoot\System32\Drivers\vmscsi.sys> [MintRoot / MintRoot][Running/Manual Start] <\??\C:\Program Files\Common Files\System\MintRoot.sys> ================================== 浏览器加载项 [FG2CatchUrl] {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} [卡卡上网安全助手] {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} [FlashGetBHO] {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} [雨林木风] {7550D5D5-D85C-414F-B623-0AD223AEC216} [WUWebControl Class] {6414512B-B978-451D-A0D8-FCFDF33E833C} [] {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} <, > [Rising Online Antivirus scanner control] {9FAFB576-6933-4CCC-AB3D-B988EC43D04E} <%ProgramFiles%\Rising\RavOL\RavOLCtl.dll, (Signed) N/A> [] {06A70D58-8D40-49DD-B46B-DC00AA3ADCA4} <, > [IFlashGetNetscapeEx Class] {116BA71C-8187-4F15-9A1F-C9D6289155D1} [Player Class] {11F2A418-94B2-4e16-9B0C-B00C0435F903} [Windows Genuine Advantage Validation Tool] {17492023-C23A-453E-A040-C7C580BBF700} [InstallHelper Class] {1DABF8D5-8430-4985-9B7F-A30E53D709B3} [FG2CatchUrl] {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} [] {2318C2B1-4965-11D4-9B18-009027A5CD4F} <, > [JetCarNetscape Class] {2974c985-8151-4de5-b23c-b875f0a8522f} [] {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <, > [WUWebControl Class] {6414512B-B978-451D-A0D8-FCFDF33E833C} [QQLiveFile Class] {6B232760-90F1-41c3-9902-C8552C1D8A72} [] {7550D5D5-D85C-414F-B623-0AD223AEC216} <, > [] {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} <, > [卡卡上网安全助手] {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} [] {AA58ED58-01DD-4D91-8333-CF10577473F7} <, > [] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <, > [FlashGetBHO] {B070D3E3-FEC0-47D9-8E8A-99D4EEB3D3B0} [WebPlayer Class] {B965124A-7C58-45f8-91BF-28A981CE7594} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [] {D6E814A0-E0C5-11D4-8D29-0050BA6940E3} <, > [QQLive Class] {D9EBCF5D-3F8F-4b6a-89BA-70577BE73C62} [] {F156768E-81EF-470C-9057-481BA8380DBA} <, > [FG2CatchUrl] {FB5DA724-162B-11D3-8B9B-AA70B4B0B525} [] {FB5F1910-F110-11D2-BB9E-00C04F795683} <, > [使用快车(Flas&hGet)下载] [使用快车(Flash&Get)下载全部链接] [使用快车(FlashGet)下载该网页FLV] [导出到 Microsoft Office Excel(&X)] [添加到QQ表情] ================================== 正在运行的进程 [PID: 428][\SystemRoot\System32\smss.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 496][\??\C:\WINDOWS\system32\csrss.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Common Files\system\abbhelp.dll] [梦想工作室, 2.0.0.0] [PID: 520][\??\C:\WINDOWS\system32\winlogon.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\COMRes.dll] [N/A, ] [C:\Program Files\Common Files\system\abbhelp.dll] [梦想工作室, 2.0.0.0] [PID: 564][C:\WINDOWS\system32\services.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Common Files\system\abbhelp.dll] [梦想工作室, 2.0.0.0] [PID: 576][C:\WINDOWS\system32\lsass.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Common Files\system\abbhelp.dll] [梦想工作室, 2.0.0.0] [PID: 712][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\COMRes.dll] [N/A, ] [C:\Program Files\Common Files\system\abbhelp.dll] [梦想工作室, 2.0.0.0] [PID: 804][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\COMRes.dll] [N/A, ] [C:\Program Files\Common Files\system\abbhelp.dll] [梦想工作室, 2.0.0.0] [PID: 896][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\COMRes.dll] [N/A, ] [C:\Program Files\Common Files\system\abbhelp.dll] [梦想工作室, 2.0.0.0] [PID: 940][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Common Files\system\abbhelp.dll] [梦想工作室, 2.0.0.0] [PID: 1072][C:\WINDOWS\System32\SCardSvr.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\System32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 39] [C:\Program Files\Common Files\system\abbhelp.dll] [梦想工作室, 2.0.0.0] [PID: 1232][C:\WINDOWS\Explorer.EXE] [(Verified) Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 39] [C:\WINDOWS\system32\COMRes.dll] [N/A, ] [C:\WINDOWS\system32\MSIMG32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Common Files\system\abbhelp.dll] [梦想工作室, 2.0.0.0] [C:\WINDOWS\Downloaded Program Files\UYTbcaZtxE23MEzKGQ.cur] [N/A, ] [C:\WINDOWS\system32\SrNRKs5F7Rkv9hp.inf] [N/A, ] [C:\WINDOWS\Downloaded Program Files\6YYnDBbzHzrrmenHmv.cur] [N/A, ] [C:\WINDOWS\system32\PERrGx5DkqSbQdwauCRQH.dll] [N/A, ] [C:\WINDOWS\system32\2exJW3dsaTgWrf5uAPadmHN.dll] [N/A, ] [C:\WINDOWS\system32\3a5XTcKYzK7KZcrfRE.inf] [N/A, ] [C:\WINDOWS\system32\DvpZDPd688jbuMdBxV.inf] [N/A, ] [C:\WINDOWS\system32\pj83ZgsqjcWUNwjrRp42tFw.dll] [N/A, ] [C:\WINDOWS\system32\sDV2mGwkejdKa74QJzsjw.inf] [N/A, ] [C:\WINDOWS\system32\skcfujQ5EDN.dll] [N/A, ] [C:\WINDOWS\system32\rfpz9wwyy2np.dll] [N/A, ] [C:\WINDOWS\system32\704C3595.dll] [N/A, ] [C:\WINDOWS\system32\DMvJFcDsGe5Kccsmc6gZFjB.inf] [N/A, ] [C:\WINDOWS\system32\B4yNKrEEhEerKFeeA4.inf] [N/A, ] [C:\WINDOWS\fonts\A97CRaCB.fon] [N/A, ] [C:\WINDOWS\system32\122B901E.dll] [N/A, ] [C:\WINDOWS\Downloaded Program Files\CWWFj6tF7GvQjNsqc.cur] [N/A, ] [C:\WINDOWS\fonts\SD78dgC7hD2sktQHyAu.fon] [N/A, ] [C:\WINDOWS\system32\emHnPuBAaF7XjuXBbdxSg.dll] [N/A, ] [C:\WINDOWS\system32\shdoclc.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.18] [C:\Program Files\WinRAR\rarext.dll] [N/A, ] [PID: 1304][C:\Program Files\Rising\AntiSpyware\rstray.exe] [Beijing Rising Information Technology Co., Ltd., 21.0.0.17] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 39] [C:\Program Files\Rising\AntiSpyware\rsmginfo.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11] [C:\Program Files\Rising\AntiSpyware\RsXML.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2] [C:\Program Files\Rising\AntiSpyware\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Rising\AntiSpyware\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Rising\AntiSpyware\ComServ.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.31] [C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [C:\Program Files\Rising\AntiSpyware\rscommon.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.1.1] [C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [C:\Program Files\Rising\AntiSpyware\pngdll.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Rising\AntiSpyware\runiep.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.43] [C:\Program Files\Rising\AntiSpyware\NComm.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.11] [C:\Program Files\Rising\AntiSpyware\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [C:\Program Files\Rising\AntiSpyware\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [C:\Program Files\Common Files\system\abbhelp.dll] [梦想工作室, 2.0.0.0] [C:\Program Files\Rising\AntiSpyware\WS2HELP.dll] [N/A, ] [C:\WINDOWS\Downloaded Program Files\UYTbcaZtxE23MEzKGQ.cur] [N/A, ] [C:\WINDOWS\system32\SrNRKs5F7Rkv9hp.inf] [N/A, ] [C:\WINDOWS\Downloaded Program Files\6YYnDBbzHzrrmenHmv.cur] [N/A, ] [C:\WINDOWS\system32\PERrGx5DkqSbQdwauCRQH.dll] [N/A, ] [C:\WINDOWS\system32\2exJW3dsaTgWrf5uAPadmHN.dll] [N/A, ] [C:\WINDOWS\system32\3a5XTcKYzK7KZcrfRE.inf] [N/A, ] [C:\WINDOWS\system32\pj83ZgsqjcWUNwjrRp42tFw.dll] [N/A, ] [C:\WINDOWS\system32\sDV2mGwkejdKa74QJzsjw.inf] [N/A, ] [C:\WINDOWS\system32\skcfujQ5EDN.dll] [N/A, ] [C:\WINDOWS\system32\704C3595.dll] [N/A, ] [C:\WINDOWS\fonts\A97CRaCB.fon] [N/A, ] [C:\WINDOWS\system32\B4yNKrEEhEerKFeeA4.inf] [N/A, ] [C:\WINDOWS\system32\COMRes.dll] [N/A, ] [C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.18] [C:\WINDOWS\system32\emHnPuBAaF7XjuXBbdxSg.dll] [N/A, ] [C:\WINDOWS\system32\DvpZDPd688jbuMdBxV.inf] [N/A, ] [C:\WINDOWS\system32\rfpz9wwyy2np.dll] [N/A, ] [C:\WINDOWS\system32\DMvJFcDsGe5Kccsmc6gZFjB.inf] [N/A, ] [C:\WINDOWS\system32\122B901E.dll] [N/A, ] [C:\WINDOWS\Downloaded Program Files\CWWFj6tF7GvQjNsqc.cur] [N/A, ] [C:\WINDOWS\fonts\SD78dgC7hD2sktQHyAu.fon] [N/A, ] [PID: 1324][C:\WINDOWS\system32\ctfmon.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 39] [C:\Program Files\Common Files\system\abbhelp.dll] [梦想工作室, 2.0.0.0] [C:\WINDOWS\Downloaded Program Files\UYTbcaZtxE23MEzKGQ.cur] [N/A, ] [C:\WINDOWS\system32\SrNRKs5F7Rkv9hp.inf] [N/A, ] [C:\WINDOWS\Downloaded Program Files\6YYnDBbzHzrrmenHmv.cur] [N/A, ] [C:\WINDOWS\system32\PERrGx5DkqSbQdwauCRQH.dll] [N/A, ] [C:\WINDOWS\system32\3a5XTcKYzK7KZcrfRE.inf] [N/A, ] [C:\WINDOWS\system32\2exJW3dsaTgWrf5uAPadmHN.dll] [N/A, ] [C:\WINDOWS\system32\pj83ZgsqjcWUNwjrRp42tFw.dll] [N/A, ] [C:\WINDOWS\system32\sDV2mGwkejdKa74QJzsjw.inf] [N/A, ] [C:\WINDOWS\system32\skcfujQ5EDN.dll] [N/A, ] [C:\WINDOWS\system32\B4yNKrEEhEerKFeeA4.inf] [N/A, ] [C:\WINDOWS\system32\704C3595.dll] [N/A, ] [C:\WINDOWS\fonts\A97CRaCB.fon] [N/A, ] [PID: 1496][C:\WINDOWS\System32\alg.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\System32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 39] [C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [C:\WINDOWS\System32\COMRes.dll] [N/A, ] [C:\Program Files\Common Files\system\abbhelp.dll] [梦想工作室, 2.0.0.0] [PID: 228][C:\WINDOWS\system32\wuauclt.exe] [(Verified) Microsoft Corporation, 7.2.6001.788 (winmain_oob/wu_wsuswlc(wmbla).081016-1330)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 39] [C:\Program Files\Common Files\system\abbhelp.dll] [梦想工作室, 2.0.0.0] [C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [C:\WINDOWS\system32\MSIMG32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\COMRes.dll] [N/A, ] [C:\WINDOWS\fonts\A97CRaCB.fon] [N/A, ] [C:\WINDOWS\system32\B4yNKrEEhEerKFeeA4.inf] [N/A, ] [C:\WINDOWS\system32\704C3595.dll] [N/A, ] [C:\WINDOWS\system32\skcfujQ5EDN.dll] [N/A, ] [C:\WINDOWS\system32\sDV2mGwkejdKa74QJzsjw.inf] [N/A, ] [C:\WINDOWS\system32\pj83ZgsqjcWUNwjrRp42tFw.dll] [N/A, ] [C:\WINDOWS\system32\3a5XTcKYzK7KZcrfRE.inf] [N/A, ] [C:\WINDOWS\system32\2exJW3dsaTgWrf5uAPadmHN.dll] [N/A, ] [C:\WINDOWS\system32\PERrGx5DkqSbQdwauCRQH.dll] [N/A, ] [C:\WINDOWS\Downloaded Program Files\6YYnDBbzHzrrmenHmv.cur] [N/A, ] [C:\WINDOWS\system32\SrNRKs5F7Rkv9hp.inf] [N/A, ] [C:\WINDOWS\Downloaded Program Files\UYTbcaZtxE23MEzKGQ.cur] [N/A, ] [PID: 1512][D:\TheWorld 2.0\TheWorld.exe] [Phoenix Studio, 2, 4, 1, 1] [D:\TheWorld 2.0\WS2HELP.dll] [N/A, ] [C:\WINDOWS\system32\DvpZDPd688jbuMdBxV.inf] [N/A, ] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 39] [C:\Program Files\Common Files\system\abbhelp.dll] [梦想工作室, 2.0.0.0] [C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\COMRes.dll] [N/A, ] [C:\WINDOWS\system32\shdoclc.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 2024][D:\TheWorld 2.0\TheWorld.exe] [Phoenix Studio, 2, 4, 1, 1] [D:\TheWorld 2.0\WS2HELP.dll] [N/A, ] [C:\WINDOWS\system32\DvpZDPd688jbuMdBxV.inf] [N/A, ] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 39] [C:\Program Files\Common Files\system\abbhelp.dll] [梦想工作室, 2.0.0.0] [C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\COMRes.dll] [N/A, ] [C:\WINDOWS\fonts\A97CRaCB.fon] [N/A, ] [C:\WINDOWS\system32\B4yNKrEEhEerKFeeA4.inf] [N/A, ] [C:\WINDOWS\system32\704C3595.dll] [N/A, ] [C:\WINDOWS\system32\skcfujQ5EDN.dll] [N/A, ] [C:\WINDOWS\system32\sDV2mGwkejdKa74QJzsjw.inf] [N/A, ] [C:\WINDOWS\system32\pj83ZgsqjcWUNwjrRp42tFw.dll] [N/A, ] [C:\WINDOWS\system32\3a5XTcKYzK7KZcrfRE.inf] [N/A, ] [C:\WINDOWS\system32\2exJW3dsaTgWrf5uAPadmHN.dll] [N/A, ] [C:\WINDOWS\system32\PERrGx5DkqSbQdwauCRQH.dll] [N/A, ] [C:\WINDOWS\Downloaded Program Files\6YYnDBbzHzrrmenHmv.cur] [N/A, ] [C:\WINDOWS\system32\SrNRKs5F7Rkv9hp.inf] [N/A, ] [C:\WINDOWS\Downloaded Program Files\UYTbcaZtxE23MEzKGQ.cur] [N/A, ] [C:\WINDOWS\system32\shdoclc.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Rising\RavOL\RavOLCtl.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.7] [C:\Program Files\Rising\RavOL\ScanStub.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.2] [C:\Program Files\Rising\RavOL\OScanner.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.3] [C:\Program Files\Rising\RavOL\REComp.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [C:\Program Files\Rising\RavOL\refs.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5] [C:\Program Files\Rising\RavOL\viruslib.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5] [C:\Program Files\Rising\RavOL\relibldr.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 6] [C:\Program Files\Rising\RavOL\mvengine.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3] [C:\Program Files\Rising\RavOL\posttrt.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2] [C:\Program Files\Rising\RavOL\ffr.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3] [C:\Program Files\Rising\RavOL\nvfile.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3] [C:\Program Files\Rising\RavOL\scanexec.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 6] [C:\Program Files\Rising\RavOL\unexe.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2] [C:\Program Files\Rising\RavOL\scanex.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 61] [C:\Program Files\Rising\RavOL\extole.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1] [C:\Program Files\Rising\RavOL\scansct.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3] [C:\Program Files\Rising\RavOL\extmail.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5] [C:\Program Files\Rising\RavOL\extfile.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 16] [C:\Program Files\Rising\RavOL\pearc.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [C:\Program Files\Rising\RavOL\scanpe.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 14] [C:\Program Files\Rising\RavOL\ur000.dat] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 16] [C:\Program Files\Rising\RavOL\urutils.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [C:\Program Files\Rising\RavOL\methodex.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [C:\Program Files\Rising\RavOL\revm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9] [C:\Program Files\Rising\RavOL\pecompd.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1] [C:\Program Files\Rising\RavOL\heurex.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11] [C:\Program Files\Rising\RavOL\rsstore.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 10] [C:\Program Files\Rising\RavOL\ur001.dat] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7] [C:\Program Files\Rising\RavOL\scanmac.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5] [C:\Program Files\Rising\RavOL\scriptci.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1] [C:\Program Files\Rising\RavOL\uroutine.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [C:\Program Files\Rising\RavOL\ur025.dat] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1] [C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx] [Adobe Systems, Inc., 10,0,22,87] [C:\WINDOWS\system32\JPWB.IME] [常诚研制, 4.00.950] [C:\Program Files\Rising\RavOL\ur023.dat] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 6] [C:\Program Files\Rising\RavOL\ur004.dat] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1] [C:\Program Files\Rising\RavOL\ur012.dat] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1] [C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.18] [C:\WINDOWS\system32\emHnPuBAaF7XjuXBbdxSg.dll] [N/A, ] [C:\WINDOWS\system32\rfpz9wwyy2np.dll] [N/A, ] [C:\WINDOWS\system32\DMvJFcDsGe5Kccsmc6gZFjB.inf] [N/A, ] [C:\WINDOWS\system32\122B901E.dll] [N/A, ] [C:\WINDOWS\Downloaded Program Files\CWWFj6tF7GvQjNsqc.cur] [N/A, ] [C:\WINDOWS\fonts\SD78dgC7hD2sktQHyAu.fon] [N/A, ] [PID: 3680][D:\Tencent\QQ\QQ.exe] [TENCENT, 8,0,714,1791] [D:\Tencent\QQ\QQHelperDll.dll] [TENCENT, 8,0,714,1791] [D:\Tencent\QQ\BasicCtrlDll.dll] [TENCENT, 8,0,713,1791] [D:\Tencent\QQ\WS2HELP.dll] [N/A, ] [C:\WINDOWS\system32\MSIMG32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [D:\Tencent\QQ\QQBaseClassInDll.dll] [TENCENT, 8,0,714,1791] [C:\WINDOWS\system32\DvpZDPd688jbuMdBxV.inf] [N/A, ] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 39] [C:\WINDOWS\system\Noy3.tmp] [N/A, ] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [D:\Tencent\QQ\QQAPI.dll] [TENCENT, 8,0,713,1791] [C:\WINDOWS\system32\COMRes.dll] [N/A, ] [C:\WINDOWS\fonts\A97CRaCB.fon] [N/A, ] [C:\WINDOWS\system32\B4yNKrEEhEerKFeeA4.inf] [N/A, ] [C:\WINDOWS\system32\704C3595.dll] [N/A, ] [C:\WINDOWS\system32\skcfujQ5EDN.dll] [N/A, ] [C:\WINDOWS\system32\sDV2mGwkejdKa74QJzsjw.inf] [N/A, ] [C:\WINDOWS\system32\pj83ZgsqjcWUNwjrRp42tFw.dll] [N/A, ] [C:\WINDOWS\system32\3a5XTcKYzK7KZcrfRE.inf] [N/A, ] [C:\WINDOWS\system32\2exJW3dsaTgWrf5uAPadmHN.dll] [N/A, ] [C:\WINDOWS\system32\PERrGx5DkqSbQdwauCRQH.dll] [N/A, ] [C:\WINDOWS\Downloaded Program Files\6YYnDBbzHzrrmenHmv.cur] [N/A, ] [C:\WINDOWS\system32\SrNRKs5F7Rkv9hp.inf] [N/A, ] [C:\WINDOWS\Downloaded Program Files\UYTbcaZtxE23MEzKGQ.cur] [N/A, ] [D:\Tencent\QQ\LoginCtrl.dll] [TENCENT, 8,0,714,1791] [D:\Tencent\QQ\LoginCtrlRes.dll] [TENCENT, 8,0,714,1791] [D:\Tencent\QQ\QQRes.dll] [TENCENT, 8,0,714,1791] [D:\Tencent\QQ\QQMainFrame.dll] [N/A, ] [D:\Tencent\QQ\QQPlugin.dll] [N/A, ] [D:\Tencent\QQ\UnReadMsgMgr.dll] [N/A, ] [D:\Tencent\QQ\CQQApplication.dll] [N/A, ] [D:\Tencent\QQ\FlashAvatarDll.dll] [, 1, 4, 0, 1] [D:\Tencent\QQ\NewSkin.dll] [TENCENT, 8,0,713,1791] [D:\Tencent\QQ\MailSummary.dll] [TENCENT, 8,0,713,1791] [D:\Tencent\QQ\QQSpace.dll] [TENCENT, 8,0,713,1791] [D:\Tencent\QQ\QQAllInOne.dll] [TENCENT, 8,0,714,1791] [D:\Tencent\QQ\SCCore.dll] [TENCENT, 1, 6, 0, 2] [D:\Tencent\QQ\CameraDll.dll] [TENCENT, 8,0,713,1791] [C:\WINDOWS\system32\msdmo.dll] [, ] [D:\Tencent\QQ\QQKnowledgeSearch.dll] [TENCENT, 8,0,713,1791] [D:\Tencent\QQ\OEMApplication.dll] [TENCENT, 8,0,713,1791] [D:\Tencent\QQ\QQGroupMng.dll] [TENCENT, 8,0,713,1791] [D:\Tencent\QQ\QQSysMsgMng.dll] [N/A, ] [D:\Tencent\QQ\UserDefinedHead.dll] [TENCENT, 8,0,713,1791] [D:\Tencent\QQ\QQConfigPlugin.dll] [TENCENT, 8,0,713,1791] [D:\Tencent\QQ\QQCustomFace.dll] [N/A, ] [D:\Tencent\QQ\QRingMng.dll] [N/A, ] [D:\Tencent\QQ\QQPet.dll] [TENCENT, 8,0,713,1791] [D:\Tencent\QQ\QQAvatar.dll] [N/A, ] [D:\Tencent\QQ\LongConnection.dll] [TENCENT, 8,0,713,1791] [D:\Tencent\QQ\PhoneAPI.dll] [TENCENT, 8,0,713,1791] [D:\Tencent\QQ\DialerAllinOne.dll] [tencent, 1, 4, 0, 0] [C:\WINDOWS\system32\emHnPuBAaF7XjuXBbdxSg.dll] [N/A, ] [C:\WINDOWS\system32\rfpz9wwyy2np.dll] [N/A, ] [C:\WINDOWS\system32\DMvJFcDsGe5Kccsmc6gZFjB.inf] [N/A, ] [C:\WINDOWS\system32\122B901E.dll] [N/A, ] [C:\WINDOWS\Downloaded Program Files\CWWFj6tF7GvQjNsqc.cur] [N/A, ] [C:\WINDOWS\fonts\SD78dgC7hD2sktQHyAu.fon] [N/A, ] [D:\Tencent\QQ\BQQApplication.dll] [N/A, ] [D:\Tencent\QQ\ImageOle.dll] [TENCENT, 8,0,713,1791] [D:\Tencent\QQ\QQLiveQMng.dll] [TENCENT, 8,0,713,1791] [C:\WINDOWS\system32\shdoclc.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [D:\Tencent\QQ\CommercesMng.dll] [TENCENT, 8,0,713,1791] [D:\Tencent\QQ\PersonalDesktop.dll] [TENCENT, 8,0,713,1791] [D:\Tencent\QQ\QQAddr.dll] [深圳市腾讯计算机系统有限公司, 5, 0, 101, 330] [D:\Tencent\QQ\AddrSearch.dll] [Tencent, 2, 3, 14, 10] [D:\Tencent\QQ\QQSceneMng.dll] [N/A, ] [C:\WINDOWS\system32\JPWB.IME] [常诚研制, 4.00.950] [D:\Tencent\QQ\GroupConnection.dll] [TENCENT, 8,0,713,1791] [D:\Tencent\QQ\QQMagicFace.dll] [TENCENT, 8,0,713,1791] [D:\Tencent\QQ\QQFileTransfer.dll] [TENCENT, 8,0,713,1791] [PID: 2976][d:\Tencent\QQ\TXPlatform.exe] [Tencent, 1, 0, 170, 0] [C:\WINDOWS\system32\DvpZDPd688jbuMdBxV.inf] [N/A, ] [d:\Tencent\QQ\WS2HELP.dll] [N/A, ] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 39] [C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [C:\WINDOWS\system32\COMRes.dll] [N/A, ] [C:\WINDOWS\fonts\A97CRaCB.fon] [N/A, ] [C:\WINDOWS\system32\B4yNKrEEhEerKFeeA4.inf] [N/A, ] [C:\WINDOWS\system32\704C3595.dll] [N/A, ] [C:\WINDOWS\system32\skcfujQ5EDN.dll] [N/A, ] [C:\WINDOWS\system32\sDV2mGwkejdKa74QJzsjw.inf] [N/A, ] [C:\WINDOWS\system32\pj83ZgsqjcWUNwjrRp42tFw.dll] [N/A, ] [C:\WINDOWS\system32\3a5XTcKYzK7KZcrfRE.inf] [N/A, ] [C:\WINDOWS\system32\2exJW3dsaTgWrf5uAPadmHN.dll] [N/A, ] [C:\WINDOWS\system32\PERrGx5DkqSbQdwauCRQH.dll] [N/A, ] [C:\WINDOWS\Downloaded Program Files\6YYnDBbzHzrrmenHmv.cur] [N/A, ] [C:\WINDOWS\system32\SrNRKs5F7Rkv9hp.inf] [N/A, ] [C:\WINDOWS\Downloaded Program Files\UYTbcaZtxE23MEzKGQ.cur] [N/A, ] [PID: 3480][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\COMRes.dll] [N/A, ] [PID: 3292][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX02.373\SREngLdr.EXE] [Smallfrogs Studio, 2.8.1.1279] [C:\WINDOWS\system32\DvpZDPd688jbuMdBxV.inf] [N/A, ] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 39] [PID: 3340][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX02.373\SRE46903132.EXE] [Smallfrogs Studio, 2.8.1.1279] [C:\WINDOWS\system32\DvpZDPd688jbuMdBxV.inf] [N/A, ] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 39] [C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\fonts\A97CRaCB.fon] [N/A, ] [C:\WINDOWS\system32\B4yNKrEEhEerKFeeA4.inf] [N/A, ] [C:\WINDOWS\system32\704C3595.dll] [N/A, ] [C:\WINDOWS\system32\skcfujQ5EDN.dll] [N/A, ] [C:\WINDOWS\system32\sDV2mGwkejdKa74QJzsjw.inf] [N/A, ] [C:\WINDOWS\system32\pj83ZgsqjcWUNwjrRp42tFw.dll] [N/A, ] [C:\WINDOWS\system32\3a5XTcKYzK7KZcrfRE.inf] [N/A, ] [C:\WINDOWS\system32\2exJW3dsaTgWrf5uAPadmHN.dll] [N/A, ] [C:\WINDOWS\system32\PERrGx5DkqSbQdwauCRQH.dll] [N/A, ] [C:\WINDOWS\Downloaded Program Files\6YYnDBbzHzrrmenHmv.cur] [N/A, ] [C:\WINDOWS\system32\SrNRKs5F7Rkv9hp.inf] [N/A, ] [C:\WINDOWS\Downloaded Program Files\UYTbcaZtxE23MEzKGQ.cur] [N/A, ] [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX02.373\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15] [C:\WINDOWS\system32\COMRes.dll] [N/A, ] ================================== 文件关联 .TXT Error. [C:\WINDOWS\notepad.exe %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM Error. ["hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 N/A ================================== Autorun.inf N/A ================================== HOSTS 文件 127.0.0.1 localhost ================================== 进程特权扫描特殊特权被允许： SeSystemtimePrivilege [PID = 3292, C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\RAR$EX02.373\SRENGLDR.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 3292, C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\RAR$EX02.373\SRENGLDR.EXE] ================================== 计划任务 N/A ================================== Windows 安全更新检查 Windows Messenger 4.7 Microsoft .NET Framework 版本 1.1，简体中文版 KB890859, Windows XP 安全更新程序 (KB890859) MS05-018 KB891122, 启用了 WMDRM 的 Media Player 更新程序 (KB891122) KB900485, Windows XP 更新程序 (KB900485) KB908531, Microsoft XP 安全更新程序 (KB908531) MS06-015 KB920872, Windows XP 更新程序 (KB920872) KB925876, 用于 Windows XP 的远程桌面连接 (Terminal Services Client 6.0) (KB925876) KB938828, Windows XP 更新程序 (KB938828) KB941569, 用于附带 Windows Media Format Runtime 9.5 和 11 的 Windows XP 的安全更新程序 (KB941569) MS07-068 KB892130, Windows 正版增值验证工具 (KB892130) KB925850, Windows Media Player 11 KB953356, Windows XP 更新程序 (KB953356) KB940157, 用于 Windows XP 的 Windows 搜索 4.0 (KB940157) KB958644, Windows XP 安全更新程序 (KB958644) MS08-067 KB955069, Windows XP 安全更新程序 (KB955069) MS08-069 KB954459, Microsoft XML Core Services 6.0 Service Pack 2 安全更新程序 (KB954459) MS08-069 KB957097, Windows XP 安全更新程序 (KB957097) MS08-068 KB954600, Windows XP 安全更新程序 (KB954600) MS08-076 KB956802, Windows XP 安全更新程序 (KB956802) MS08-071 KB952069, Windows XP Service Pack 2 安全更新程序 (KB952069) MS08-076 KB956803, Windows XP 安全更新程序 (KB956803) MS08-066 KB958687, Windows XP 安全更新程序 (KB958687) MS09-001 KB960225, Windows XP 安全更新程序 (KB960225) MS09-007 KB967715, Windows XP 更新程序 (KB967715) KB905474, Windows Genuine Advantage 通知 (KB905474) KB909520, Microsoft 基本智能卡加密服务提供程序包： x86 (KB909520) KB923561, Windows XP 安全更新程序 (KB923561) MS09-010 KB956572, Windows XP 安全更新程序 (KB956572) MS09-012 KB952004, Windows XP 安全更新程序 (KB952004) MS09-012 KB960803, Windows XP 安全更新程序 (KB960803) MS09-013 KB959426, Windows XP 安全更新程序 (KB959426) MS09-015 KB954430, Microsoft XML Core Services 4.0 Service Pack 2 安全更新程序 (KB954430) MS08-069 KB931125, 根证书更新程序 [2009 年 5 月] (KB931125) KB961501, Windows XP 安全更新程序 (KB961501) MS09-022 KB968537, Windows XP 安全更新程序 (KB968537) MS09-025 KB970238, Windows XP 安全更新程序 (KB970238) MS09-026 KB951847, Microsoft .NET Framework 3.5 Service Pack 1 和 .NET Framework 3.5 Family Update (KB951847) x86 KB971633, Windows XP 安全更新程序 (KB971633) MS09-028 KB973346, 用于 Windows XP 的 ActiveX Killbit 累积安全更新程序 (KB973346) MS09-032 KB972260, 用于 Windows XP 的 Internet Explorer 6 累积安全更新程序 (KB972260) MS09-034 KB968389, Windows XP 更新程序 (KB968389) KB971032, Windows XP 安全更新程序 (KB971032) MS09-040 KB971557, Windows XP 安全更新程序 (KB971557) MS09-038 KB973540, Windows XP Service Pack 2 安全更新程序 (KB973540) MS09-037 KB973869, Windows XP 安全更新程序 (KB973869) MS09-037 KB958470, Windows XP 安全更新程序 (KB958470) MS09-044 KB973354, Windows XP 安全更新程序 (KB973354) MS09-037 KB973507, Windows XP 安全更新程序 (KB973507) MS09-037 KB960859, Windows XP 安全更新程序 (KB960859) MS09-042 KB973815, Windows XP 安全更新程序 (KB973815) MS09-037 KB971657, Windows XP 安全更新程序 (KB971657) MS09-041 KB970653, Windows XP 更新程序 (KB970653) KB961371, Windows XP 安全更新程序 (KB961371) MS09-029 KB944036, 用于 Windows XP 的 Internet Explorer 8 KB956844, Windows XP 安全更新程序 (KB956844) MS09-046 KB890830, Windows 恶意软件删除工具 - 2009 年 9 月 (KB890830) KB971961, 用于 Windows XP 的 Jscript 5.6 的安全更新程序 (KB971961) MS09-045 KB968816, 用于 Windows XP SP 2 的 Windows Media Format Runtime 9、9.5 和 11 的安全更新程序 (KB968816) MS09-047 ================================== API HOOK 入口点错误：NtCreateFile (危险等级: 高, 被下面模块所HOOK: 0x003C56C5) 入口点错误：NtCreateKey (危险等级: 高, 被下面模块所HOOK: 0x003C5865) 入口点错误：NtLoadDriver (危险等级: 高, 被下面模块所HOOK: 0x003C5FB5) 入口点错误：NtSetValueKey (危险等级: 高, 被下面模块所HOOK: 0x003C5935) 入口点错误：NtWriteFile (危险等级: 高, 被下面模块所HOOK: 0x003C5795) 入口点错误：ZwCreateFile (危险等级: 高, 被下面模块所HOOK: 0x003C56C5) 入口点错误：ZwCreateKey (危险等级: 高, 被下面模块所HOOK: 0x003C5865) 入口点错误：ZwSetValueKey (危险等级: 高, 被下面模块所HOOK: 0x003C5935) 入口点错误：ZwWriteFile (危险等级: 高, 被下面模块所HOOK: 0x003C5795) 入口点错误：CreateServiceA (危险等级: 高, 被下面模块所HOOK: 0x003C5C75) 入口点错误：CreateServiceW (危险等级: 高, 被下面模块所HOOK: 0x003C5D45) 入口点错误：LoadLibraryExW (危险等级: 高, 被下面模块所HOOK: 0x003C555D) 入口点错误：CreateProcessA (危险等级: 高, 被下面模块所HOOK: 0x003C5A05) 入口点错误：CreateProcessW (危险等级: 高, 被下面模块所HOOK: 0x003C5AD5) 入口点错误：FreeLibrary (危险等级: 高, 被下面模块所HOOK: 0x5F00002D) ================================== 隐藏进程 [976] C:\Program Files\Common Files\system\q28.exe [3740] C:\Program Files\Common Files\System\QQTa5I.exe ================================== [/CODE]