[CODE] 2009-12-03,08:29:32 System Repair Engineer 2.8.1.1279 Smallfrogs (http://www.KZTechs.com) Windows 7 Home Basic Edition (Build 7600) - 管理权限用户 - 完整功能以下内容被选中：所有的启动项目（包括注册表、启动文件夹、服务等）浏览器加载项正在运行的进程（包括进程模块信息）文件关联 Winsock 提供者 Autorun.inf HOSTS 文件进程特权扫描计划任务 Windows 安全更新检查 API HOOK 隐藏进程启动项目注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <"d:\Program Files\Tencent\QQ\Bin\QQ.exe" /background> [(Verified)Tencent Technology(Shenzhen) Company Limited] [China Mobile] [(Verified)Microsoft Windows] <; D:\Program Files\Kingsoft\WPS Office Personal\Office6\addins\plgpf\{DAC5DB99-8AE8-4835-A5F9-8EE3AC6AE1EC}\wpslive.exe> [(Verified)"Zhuhai Kingsoft Software Co.,Ltd"] [香港佳讯国际有限公司] [oovista & allinsmart] <快门> [赛尔新概念] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] [Putian Runway] [(Verified)Microsoft Corporation] <"D:\Program Files\Rising\Ris\RsTray.exe" -system> [(Verified)Beijing Rising Information Technology Corporation Limited] <"C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"> [(Verified)"Adobe Systems, Incorporated"] <"D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"> [(Verified)"Adobe Systems, Incorporated"] [(Verified)"Zhuhai Kingsoft Software Co.,Ltd"] [(Verified)Microsoft Windows Hardware Compatibility Publisher] <; C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL> [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] <360safeuninst> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows] [(Verified)Microsoft Windows] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] <> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] <%SystemRoot%\system32\unregmp2.exe /ShowWMP> [(Verified)Microsoft Windows] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] [(Verified)Microsoft Windows] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] <"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP> [(Verified)Microsoft Windows] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] <%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <"%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] <%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI> [(Verified)Microsoft Windows] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] [(Verified)Microsoft Windows] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] [(Verified)Microsoft Windows] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] [(Verified)Microsoft Windows] ================================== 启动文件夹 N/A ================================== 服务 [ICBC Daemon Service / ICBC Daemon Service][Stopped/Auto Start] [Kingsoft Antivirus WebShield Service / Kingsoft Antivirus WebShield Service][Running/Auto Start] [NVIDIA Display Driver Service / nvsvc][Running/Auto Start] [Ris Service / RsRisMon][Running/Auto Start] <"D:\Program Files\Rising\Ris\RavMonD.exe"> [主动防御 / ZhuDongFangYu][Stopped/Manual Start] <2 - 系统找不到指定的文件。 ><(File is missing)> ================================== 驱动程序 [360SelfProtection / 360SelfProtection][Running/Manual Start] <2 - 系统找不到指定的文件。 > [adp94xx / adp94xx][Stopped/Manual Start] <\SystemRoot\system32\DRIVERS\adp94xx.sys> [adpahci / adpahci][Stopped/Manual Start] <\SystemRoot\system32\DRIVERS\adpahci.sys> [adpu320 / adpu320][Stopped/Manual Start] <\SystemRoot\system32\DRIVERS\adpu320.sys> [aic78xx / aic78xx][Stopped/Manual Start] <\SystemRoot\system32\DRIVERS\djsvs.sys> [aliide / aliide][Stopped/Manual Start] <\SystemRoot\system32\DRIVERS\aliide.sys> [amdsata / amdsata][Stopped/Manual Start] <\SystemRoot\system32\DRIVERS\amdsata.sys> [amdsbs / amdsbs][Stopped/Manual Start] <\SystemRoot\system32\DRIVERS\amdsbs.sys> [amdxata / amdxata][Running/Boot Start] <\SystemRoot\system32\DRIVERS\amdxata.sys> [Apaidi / Apaidi][Running/Auto Start] <\??\C:\Windows\system32\drivers\Apaidi.sys> [arc / arc][Stopped/Manual Start] <\SystemRoot\system32\DRIVERS\arc.sys> [arcsas / arcsas][Stopped/Manual Start] <\SystemRoot\system32\DRIVERS\arcsas.sys> [Broadcom NetXtreme II VBD / b06bdrv][Stopped/Manual Start] <\SystemRoot\system32\DRIVERS\bxvbdx.sys> [Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 / b57nd60x][Stopped/Manual Start] [BFSDRV / BFSDRV][Running/] <2 - 系统找不到指定的文件。 > [BREGDRV / BREGDRV][Running/Manual Start] <2 - 系统找不到指定的文件。 > [Brother USB Mass-Storage Lower Filter Driver / BrFiltLo][Stopped/Manual Start] <\SystemRoot\system32\DRIVERS\BrFiltLo.sys> [Brother USB Mass-Storage Upper Filter Driver / BrFiltUp][Stopped/Manual Start] <\SystemRoot\system32\DRIVERS\BrFiltUp.sys> [Brother MFC Serial Port Interface Driver (WDM) / Brserid][Stopped/Manual Start] <\SystemRoot\System32\Drivers\Brserid.sys> [Brother WDM Serial driver / BrSerWdm][Stopped/Manual Start] <\SystemRoot\System32\Drivers\BrSerWdm.sys> [Brother MFC USB Fax Only Modem / BrUsbMdm][Stopped/Manual Start] <\SystemRoot\System32\Drivers\BrUsbMdm.sys> [Brother MFC USB Serial WDM Driver / BrUsbSer][Stopped/Manual Start] <\SystemRoot\System32\Drivers\BrUsbSer.sys> [cmdide / cmdide][Stopped/Manual Start] <\SystemRoot\system32\DRIVERS\cmdide.sys> [Broadcom NetXtreme II 10 GigE VBD / ebdrv][Stopped/Manual Start] <\SystemRoot\system32\DRIVERS\evbdx.sys> [EfiSystemMon / EfiMon][Running/] <2 - 系统找不到指定的文件。 > [elxstor / elxstor][Stopped/Manual Start] <\SystemRoot\system32\DRIVERS\elxstor.sys> [Hauppauge Consumer Infrared Receiver / hcw85cir][Stopped/Manual Start] <\SystemRoot\system32\drivers\hcw85cir.sys> [hookcont / hookcont][Running/System Start] [HookPort / HookPort][Running/] <2 - 系统找不到指定的文件。 > [hooksys / hooksys][Running/System Start] [HpSAMD / HpSAMD][Stopped/Manual Start] <\SystemRoot\system32\DRIVERS\HpSAMD.sys> [iaStorV / iaStorV][Stopped/Manual Start] <\SystemRoot\system32\DRIVERS\iaStorV.sys> [iirsp / iirsp][Stopped/Manual Start] <\SystemRoot\system32\DRIVERS\iirsp.sys> [Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start] [LSI_FC / LSI_FC][Stopped/Manual Start] <\SystemRoot\system32\DRIVERS\lsi_fc.sys> [LSI_SAS / LSI_SAS][Stopped/Manual Start] <\SystemRoot\system32\DRIVERS\lsi_sas.sys> [LSI_SAS2 / LSI_SAS2][Stopped/Manual Start] <\SystemRoot\system32\DRIVERS\lsi_sas2.sys> [LSI_SCSI / LSI_SCSI][Stopped/Manual Start] <\SystemRoot\system32\DRIVERS\lsi_scsi.sys> [megasas / megasas][Stopped/Manual Start] <\SystemRoot\system32\DRIVERS\megasas.sys> [MegaSR / MegaSR][Stopped/Manual Start] <\SystemRoot\system32\DRIVERS\MegaSR.sys> [nfrd960 / nfrd960][Stopped/Manual Start] <\SystemRoot\system32\DRIVERS\nfrd960.sys> [NetGroup Packet Filter Driver / NPF][Running/Manual Start] [nvlddmkm / nvlddmkm][Running/Manual Start] [nvraid / nvraid][Stopped/Manual Start] <\SystemRoot\system32\DRIVERS\nvraid.sys> [nvstor / nvstor][Stopped/Manual Start] <\SystemRoot\system32\DRIVERS\nvstor.sys> [ql2300 / ql2300][Stopped/Manual Start] <\SystemRoot\system32\DRIVERS\ql2300.sys> [ql40xx / ql40xx][Stopped/Manual Start] <\SystemRoot\system32\DRIVERS\ql40xx.sys> [Quantum DeepScanner Servers / qutmdserv][Stopped/] <2 - 系统找不到指定的文件。 > [qutmipc / qutmipc][Running/Disabled] <\??\C:\Windows\system32\drivers\qutmipc.sys> [Rising RfwARP Driver / RFWARP][Running/Auto Start] [Rising RfwBase Driver / RfwBase9][Running/System Start] [rfwtdi / rfwtdi][Running/Auto Start] <\??\D:\Program Files\Rising\Ris\rfwtdi.sys> [rsassist / rsassist][Running/Auto Start] [rsfwdrv / rsfwdrv][Running/System Start] <\??\D:\Program Files\Rising\Ris\rsfwdrv.sys> [RsNTGDI / RsNTGDI][Running/Boot Start] <\SystemRoot\system32\Drivers\RsNTGdi.sys> [SiSRaid2 / SiSRaid2][Stopped/Manual Start] <\SystemRoot\system32\DRIVERS\SiSRaid2.sys> [SiSRaid4 / SiSRaid4][Stopped/Manual Start] <\SystemRoot\system32\DRIVERS\sisraid4.sys> [stexstor / stexstor][Stopped/Manual Start] <\SystemRoot\system32\DRIVERS\stexstor.sys> [viaide / viaide][Stopped/Manual Start] <\SystemRoot\system32\DRIVERS\viaide.sys> [vsmraid / vsmraid][Stopped/Manual Start] <\SystemRoot\system32\DRIVERS\vsmraid.sys> [NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller / yukonw7][Running/Manual Start] <> ================================== 浏览器加载项 [ThunderAtOnce Class] {01443AEC-0FD1-40fd-9C87-E93D1494C233} [Adobe PDF Link Helper] {18DF081C-E8AD-4283-A596-FA578C2EBDC3} [QvodExtend] {53AC8551-0DE0-4606-8A1E-A51AF20ADD60} [Search Helper] {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} [Windows Live 登录帮助程序] {9030D464-4C02-4ABF-8ECC-5164760863C6} [Mini金山词霸for IE] {B685398A-632A-47B7-86ED-910D8F15930D} [ICBC Anti-Phishing class] {BB4491A2-D11A-4c6b-91C0-B53246A3122B} [Send to OneNote from Internet Explorer button] {2670000A-7350-4f3c-8081-5663EE0C6C49} [Create Mobile Favorite] {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} [Create Mobile Favorite] {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} [信息检索(&R)] {92780B25-18CC-41C8-B9BE-3C9C571A8263} [很快视频搜索] {998A88A0-A355-809B-831C-B83A80000991} [启动UUSee 网络电视] {998A88A0-A355-809B-831C-B83A80000992} [CibaMenu Class] {45A13DCA-1DFD-4905-B3EB-6AA6D443B036} [Office Genuine Advantage Validation Tool] {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} [Windows Genuine Advantage Validation Tool] {17492023-C23A-453E-A040-C7C580BBF700} [InstallHelper Class] {1DABF8D5-8430-4985-9B7F-A30E53D709B3} [GDGetTokenInfo Class] {3AA9CF07-DF20-48FF-98BE-DED276E40146} [DLM Control] {4871A87A-BFDD-4106-8153-FFDE2BAC2967} [EditCtrl Class] {488A4255-3236-44B3-8F27-FA1AECAA8844} [ICBC Security Ctrl] {5AB9367B-DD7F-411D-A030-DF7DE5E17AAE} [Windows Live Safety Center Base Module] {5ED80217-570B-4DA9-BF44-BE107C0EC166} [WUWebControl Class] {6414512B-B978-451D-A0D8-FCFDF33E833C} [MUWebControl Class] {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [AxInputControl Class] {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} [CertEnroll Class] {7978461C-CC22-48F2-BC69-02220D3E101D} [UploadFilePartition Class] {A877BA28-1F7E-4876-B299-50B3199A1A5D} [InfoSecICBCNetSign Class] {B1FBC1AD-5644-4084-882A-0F8BA85E7506} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [] {E2883E8F-472F-4FB0-9522-AC9BF37916A7} <, > [ThunderAtOnce Class] {01443AEC-0FD1-40FD-9C87-E93D1494C233} [Microsoft Office Template and Media Control] {02BCC737-B171-4746-94C9-0D8A0B2C0089} [Office Genuine Advantage Validation Tool] {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} [Player Class] {11F2A418-94B2-4e16-9B0C-B00C0435F903} [VistaWUWebControl Class] {12A66224-5E8A-4679-8941-0B9B960BF5EA} <%SystemRoot%\system32\wuwebv.dll, (Signed) N/A> [] {15DDE989-CD45-4561-BF99-D22C0D5C2B85} <, > [Fade] {16B280C5-EE70-11D1-9066-00C04FD9189D} [Windows Genuine Advantage Validation Tool] {17492023-C23A-453E-A040-C7C580BBF700} [Adobe PDF Link Helper] {18DF081C-E8AD-4283-A596-FA578C2EBDC3} [InformationCardSigninHelper Class] {19916E01-B44E-4E31-94A4-4696DF46157B} [InstallHelper Class] {1DABF8D5-8430-4985-9B7F-A30E53D709B3} [iTrusPTA Class] {1E0DFFCF-27FF-4574-849B-55007349FEDA} [HallToolkit Class] {1E36C446-29F0-4773-A3FB-59C5501446EB} [] {219C3416-8CB2-491A-A3C7-D9FCDDC9D600} <, > [] {21FA44EF-376D-4D53-9B0F-8A89D3229068} <, > [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} [HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} [] {2670000A-7350-4F3C-8081-5663EE0C6C49} <, > [XML DOM Document] {2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A> [XSL Template] {2933BF94-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A> [] {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} <, > [] {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} <, > [IETag Factory] {38481807-CA0E-42D2-BF39-B33AF135CC4D} [GDGetTokenInfo Class] {3AA9CF07-DF20-48FF-98BE-DED276E40146} [] {45A13DCA-1DFD-4905-B3EB-6AA6D443B036} <, > [XML Document] {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A> [Thunder Agent Class] {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} [DLM Control] {4871A87A-BFDD-4106-8153-FFDE2BAC2967} [EditCtrl Class] {488A4255-3236-44B3-8F27-FA1AECAA8844} [QvodExtend] {53AC8551-0DE0-4606-8A1E-A51AF20ADD60} [Shell Name Space] {55136805-B2DE-11D1-B9F2-00A0C98BC547} [XPPIECtrl Class] {5AB1EF72-6CC6-4090-9030-8E0ACF7E6D3E} [ICBC Security Ctrl] {5AB9367B-DD7F-411D-A030-DF7DE5E17AAE} [Windows Live Safety Center Base Module] {5ED80217-570B-4DA9-BF44-BE107C0EC166} [CAntiVersion Object] {5EFE0AA6-B28B-41BD-9B3C-02AA3F79EA9A} [WUWebControl Class] {6414512B-B978-451D-A0D8-FCFDF33E833C} [QQLiveFile Class] {6B232760-90F1-41c3-9902-C8552C1D8A72} [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} <%SystemRoot%\system32\wmp.dll, (Signed) N/A> [MUWebControl Class] {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [Search Helper] {6EBF7485-159F-4BFF-A14F-B9E3AAC4465B} [] {72853161-30C5-4D22-B7F9-0BBC1D38A37E} <, > [Windows Script Host Shell Object] {72C24DD5-D70A-438B-8A42-98424B88AFB8} [AxInputControl Class] {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} [] {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <, > [] {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} <, > [CertEnroll Class] {7978461C-CC22-48F2-BC69-02220D3E101D} [XDownloaddManager Class] {802F530B-A8F6-4631-AE49-6BACAAC6373E} [] {82D9671E-0B56-4285-92CD-15BC08B883BB} <, > [] {87515F61-A66C-4319-A0E0-D416CB8059E3} <, > [Microsoft Web Browser] {8856F961-340A-11D0-A96B-00C04FD705A2} [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} [XML HTTP 4.0] {88D969C5-F192-11D4-A65F-0040963251E5} [XML DOM Document 5.0] {88D969E5-F192-11D4-A65F-0040963251E5} [XML DOM Document 6.0] {88D96A05-F192-11D4-A65F-0040963251E5} <%SystemRoot%\System32\msxml6.dll, (Signed) N/A> [XML HTTP 6.0] {88D96A0A-F192-11D4-A65F-0040963251E5} <%SystemRoot%\System32\msxml6.dll, (Signed) N/A> [Uploader Class] {8B054DFE-79A3-4A6A-9F46-CD2A2F601129} [AxSubmitControl Class] {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} [SSOForPTLogin Class] {8FC1EE75-72B3-4A23-B987-2B1C4C8A611B} [Windows Live 登录帮助程序] {9030D464-4C02-4ABF-8ECC-5164760863C6} [] {92780B25-18CC-41C8-B9BE-3C9C571A8263} <, > [OFrameObject Class] {9701758C-4373-482E-B13C-776C048EC890} [] {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} <, > [] {998A88A0-A355-809B-831C-B83A80000991} <, > [] {998A88A0-A355-809B-831C-B83A80000992} <, > [VersionDetector Class] {9EFF1953-9694-47B1-AEF6-B2A3FE8BFE9B} [UploadFilePartition Class] {A877BA28-1F7E-4876-B299-50B3199A1A5D} [APlayer Control] {A9322148-C691-4B9D-91FC-B9C461DBE9DD} [DapCtrl Class] {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} [InfoSecICBCNetSign Class] {B1FBC1AD-5644-4084-882A-0F8BA85E7506} [] {B4F3A835-0E21-4959-BA22-42B3008E02FF} <, > [Mini金山词霸for IE] {B685398A-632A-47B7-86ED-910D8F15930D} [] {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <, > [ICBC Anti-Phishing class] {BB4491A2-D11A-4C6B-91C0-B53246A3122B} [FTNUpload Class] {BDEACC50-F56D-4D60-860F-CF6ED1766D65} [ScreenCapture Class] {BFB79EE1-04AE-4D4A-B85E-27EE5F30C095} [Microsoft Office 12 Authorization Control] {C9712B19-838B-45A5-ABF2-9A315DDDED50} [AUDIO__MP3 Moniker Class] {CD3AFA76-B84F-48F0-9393-7EDC34128127} <%SystemRoot%\system32\wmp.dll, (Signed) N/A> [AUDIO__WAV Moniker Class] {CD3AFA7B-B84F-48F0-9393-7EDC34128127} <%SystemRoot%\system32\wmp.dll, (Signed) N/A> [VIDEO__X_MS_WMV Moniker Class] {CD3AFA94-B84F-48F0-9393-7EDC34128127} <%SystemRoot%\system32\wmp.dll, (Signed) N/A> [Microsoft Url Search Hook] {CFBFAE00-17A6-11D0-99CB-00C04FD64497} [Windows Live 登录控制] {D2517915-48CE-4286-970F-921E881B8C5C} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [QQLive Class] {D9EBCF5D-3F8F-4b6a-89BA-70577BE73C62} [Microsoft Silverlight] {DFEAF541-F3E1-4C24-ACAC-99C30715084A} [] {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} <, > [] {E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} <, > [TimwpDll.TimwpCheck] {ED4CA2E5-0EEA-44C1-AD7E-74A07A7507A4} [XML HTTP Request] {ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A> [QvodCtrl Class] {F3D0D36F-23F8-4682-A195-74C92B03D4AF} [XPPlayer Class] {F3E70CEA-956E-49CC-B444-73AFE593AD7F} [XML DOM Document 3.0] {F5078F32-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A> [Free Threaded XML DOM Document 3.0] {F5078F33-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A> [XML HTTP 3.0] {F5078F35-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A> [XSL Template 3.0] {F5078F36-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A> [XML DOM Document] {F6D90F11-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A> [Free Threaded XML DOM Document] {F6D90F12-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A> [XML HTTP] {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A> [使用UUSee下载] [使用UUSee加速播放] [使用迅雷下载] [使用迅雷下载全部链接] [发送至 OneNote(&N)] [导出到 Microsoft Excel(&X)] [添加到QQ表情] ================================== 正在运行的进程 [PID: 276 / SYSTEM][\SystemRoot\System32\smss.exe] [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)] [PID: 408 / SYSTEM][C:\Windows\system32\csrss.exe] [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)] [PID: 468 / SYSTEM][C:\Windows\system32\wininit.exe] [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)] [PID: 480 / SYSTEM][C:\Windows\system32\csrss.exe] [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)] [PID: 532 / SYSTEM][C:\Windows\system32\services.exe] [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)] [PID: 540 / SYSTEM][C:\Windows\system32\lsass.exe] [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)] [PID: 548 / SYSTEM][C:\Windows\system32\lsm.exe] [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)] [PID: 608 / SYSTEM][C:\Windows\system32\winlogon.exe] [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)] [PID: 692 / SYSTEM][C:\Windows\system32\svchost.exe] [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)] [PID: 748 / SYSTEM][C:\Windows\system32\nvvsvc.exe] [NVIDIA Corporation, 8.17.11.9562] [PID: 788 / NETWORK SERVICE][C:\Windows\system32\svchost.exe] [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)] [PID: 876 / SYSTEM][D:\Program Files\Rising\Ris\RavMonD.exe] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2] [D:\Program Files\Rising\Ris\combase.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 17] [D:\Program Files\Rising\Ris\cnt09.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5] [D:\Program Files\Rising\Ris\moncomm.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 9] [D:\Program Files\Rising\Ris\MonBase.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3] [D:\Program Files\Rising\Ris\Rslog.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.41] [D:\Program Files\Rising\Ris\mondrv.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6] [D:\Program Files\Rising\Ris\defmon.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 44] [D:\Program Files\Rising\Ris\moncom08.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1] [D:\Program Files\Rising\Ris\MonRule.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 10] [D:\Program Files\Rising\Ris\FileMon.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 29] [D:\Program Files\Rising\Ris\MailMon.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 22] [D:\Program Files\Rising\Ris\HookWeb.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 12] [D:\Program Files\Rising\Ris\rfwlog.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.14] [D:\Program Files\Rising\Ris\rfwrule.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.1] [C:\Windows\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.6030.0] [C:\Windows\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.6030.0] [D:\Program Files\Rising\Ris\rfwsrv.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.2] [D:\Program Files\Rising\Ris\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [D:\Program Files\Rising\Ris\mPorts.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.0] [D:\Program Files\Rising\Ris\rfwdrvc.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.1] [D:\Program Files\Rising\Ris\Rfwdrv.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.5] [D:\Program Files\Rising\Ris\rsnetsvr.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3] [D:\Program Files\Rising\Ris\RfwArp.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.5] [D:\Program Files\Rising\Ris\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [D:\Program Files\Rising\Ris\urlrule.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.1] [D:\Program Files\Rising\Ris\recomp.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6] [D:\Program Files\Rising\Ris\refs.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3] [D:\Program Files\Rising\Ris\viruslib.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3] [D:\Program Files\Rising\Ris\relibldr.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3] [D:\Program Files\Rising\Ris\rfwproxy.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 54] [D:\Program Files\Rising\Ris\rslang.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1] [D:\Program Files\Rising\Ris\rsindent.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 11] [D:\Program Files\Rising\Ris\taskplug.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 9] [D:\Program Files\Rising\Ris\scansrvp.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.7] [D:\Program Files\Rising\Ris\cnt08.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1] [D:\Program Files\Rising\Ris\proccomm.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4] [D:\Program Files\Rising\Ris\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.0] [D:\Program Files\Rising\Ris\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.0] [D:\Program Files\Rising\Ris\Hooksys.dll] [Beijing Rising Information Technology Co., Ltd., 24, 0, 0, 3] [D:\Program Files\Rising\Ris\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [D:\Program Files\Rising\Ris\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [D:\Program Files\Rising\Ris\HookCont.dll] [Beijing Rising Information Technology Co., Ltd., 24, 0, 0, 1] [D:\Program Files\Rising\Ris\BACore.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 30] [D:\Program Files\Rising\Ris\bawhite.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2] [D:\Program Files\Rising\Ris\RSStore.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5] [D:\Program Files\Rising\Ris\Scanner.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.17] [D:\Program Files\Rising\Ris\ScanAdd.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.4] [D:\Program Files\Rising\Ris\NComm2.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2] [D:\Program Files\Rising\Ris\rstask.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5] [D:\Program Files\Rising\Ris\rsstub.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1] [D:\Program Files\Rising\Ris\ScanSrv.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.3] [D:\Program Files\Rising\Ris\scanpe.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 10] [D:\Program Files\Rising\Ris\pearc.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2] [D:\Program Files\Rising\Ris\ur000.dat] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4] [D:\Program Files\Rising\Ris\urutils.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1] [D:\Program Files\Rising\Ris\revm.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6] [D:\Program Files\Rising\Ris\ffr.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4] [D:\Program Files\Rising\Ris\nvfile.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1] [D:\Program Files\Rising\Ris\scanexec.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2] [D:\Program Files\Rising\Ris\unexe.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2] [D:\Program Files\Rising\Ris\scanex.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 45] [D:\Program Files\Rising\Ris\scantj.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4] [D:\Program Files\Rising\Ris\methodex.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3] [D:\Program Files\Rising\Ris\heurex.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 13] [D:\Program Files\Rising\Ris\pecompd.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5] [D:\Program Files\Rising\Ris\extmail.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5] [D:\Program Files\Rising\Ris\scansct.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3] [D:\Program Files\Rising\Ris\urllib.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1] [D:\Program Files\Rising\Ris\ScanRavT.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.4] [D:\Program Files\Rising\Ris\ScanBT.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.18] [D:\Program Files\Rising\Ris\ScanStub.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.1] [D:\Program Files\Rising\Ris\extsfx.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4] [D:\Program Files\Rising\Ris\extarch.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 7] [D:\Program Files\Rising\Ris\extcomp.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2] [D:\Program Files\Rising\Ris\ur001.dat] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2] [PID: 956 / LOCAL SERVICE][C:\Windows\System32\svchost.exe] [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)] [PID: 988 / SYSTEM][C:\Windows\System32\svchost.exe] [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)] [PID: 1016 / SYSTEM][C:\Windows\system32\svchost.exe] [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)] [PID: 1144 / LOCAL SERVICE][C:\Windows\system32\svchost.exe] [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)] [PID: 1196 / SYSTEM][C:\Windows\system32\nvvsvc.exe] [NVIDIA Corporation, 8.17.11.9562] [C:\Windows\system32\NVSVC.DLL] [NVIDIA Corporation, 8.17.11.9562] [C:\Windows\system32\nvapi.dll] [NVIDIA Corporation, 8.17.11.9562] [C:\Windows\system32\NVSVCR.DLL] [NVIDIA Corporation, 8.17.11.9562] [d:\Users\Qinghua\AppData\Roaming\Maxthon2\Modules\MxKWS\kwsui.dll] [Kingsoft Corporation, 2009,09,16,336] [PID: 1296 / NETWORK SERVICE][C:\Windows\system32\svchost.exe] [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)] [PID: 1360 / SYSTEM][d:\Users\Qinghua\AppData\Roaming\Maxthon2\Modules\MxKWS\KSWebShield.exe] [Kingsoft Corporation, 2009,10,26,434] [d:\Users\Qinghua\AppData\Roaming\Maxthon2\Modules\MxKWS\kwssp.dll] [Kingsoft Corporation, 2009,09,03,302] [PID: 1568 / SYSTEM][C:\Windows\System32\spoolsv.exe] [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)] [PID: 1596 / LOCAL SERVICE][C:\Windows\system32\svchost.exe] [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)] [PID: 1776 / SYSTEM][C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe] [Microsoft Corporation, 1.3.59.0] [PID: 1824 / LOCAL SERVICE][C:\Windows\system32\svchost.exe] [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)] [PID: 2072 / Qinghua][C:\Windows\system32\taskhost.exe] [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)] [C:\Windows\system32\SOGOUPY.IME] [Sogou.com Inc., 4.3.0.3315] [d:\Users\Qinghua\AppData\Roaming\Maxthon2\Modules\MxKWS\kwsui.dll] [Kingsoft Corporation, 2009,09,16,336] [PID: 2104 / Qinghua][C:\Windows\system32\Dwm.exe] [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)] [d:\Users\Qinghua\AppData\Roaming\Maxthon2\Modules\MxKWS\kwsui.dll] [Kingsoft Corporation, 2009,09,16,336] [C:\Windows\system32\nvd3dum.dll] [NVIDIA Corporation, 8.17.11.9562] [PID: 2132 / Qinghua][C:\Windows\Explorer.EXE] [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)] [d:\Users\Qinghua\AppData\Roaming\Maxthon2\Modules\MxKWS\kwsui.dll] [Kingsoft Corporation, 2009,09,16,336] [C:\Windows\system32\SOGOUPY.IME] [Sogou.com Inc., 4.3.0.3315] [C:\Windows\system32\FXSAPI.dll] [Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)] [d:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll] [深圳市迅雷网络技术有限公司, 5,9,11,1168] [C:\Windows\system32\ATL71.DLL] [Microsoft Corporation, 7.10.6101.0] [C:\Windows\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.6030.0] [C:\Windows\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.6030.0] [d:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll] [深圳市迅雷网络技术有限公司, 5,9,11,1168] [D:\Program Files\Thunder Network\Thunder\userdata\Components\ResWorker\DsBho_01.dll] [深圳市迅雷网络技术有限公司, 1, 0, 0, 26] [D:\Program Files\Thunder Network\Thunder\userdata\Components\ResWorker\DataProcessor_01.dll] [深圳市迅雷网络技术有限公司, 1, 0, 0, 20] [C:\Windows\system32\nvshext.dll] [NVIDIA Corporation, 191.07] [D:\Program Files\WinRAR\rarext.dll] [, ] [C:\Windows\system32\RavExt.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.1] [PID: 2164 / SYSTEM][d:\Users\Qinghua\AppData\Roaming\Maxthon2\Modules\MxKWS\KSWebShield.exe] [Kingsoft Corporation, 2009,10,26,434] [d:\Users\Qinghua\AppData\Roaming\Maxthon2\Modules\MxKWS\kwsui.dll] [Kingsoft Corporation, 2009,09,16,336] [PID: 2676 / Qinghua][C:\Windows\system32\taskeng.exe] [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)] [d:\Users\Qinghua\AppData\Roaming\Maxthon2\Modules\MxKWS\kwsui.dll] [Kingsoft Corporation, 2009,09,16,336] [C:\Windows\system32\SOGOUPY.IME] [Sogou.com Inc., 4.3.0.3315] [PID: 2708 / Qinghua][D:\Program Files\Rising\Ris\RsTray.exe] [Beijing Rising Information Technology Co., Ltd., 22.0.0.10] [C:\Windows\system32\SOGOUPY.IME] [Sogou.com Inc., 4.3.0.3315] [D:\Program Files\Rising\Ris\comserv.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.15] [D:\Program Files\Rising\Ris\rslang.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1] [D:\Program Files\Rising\Ris\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [D:\Program Files\Rising\Ris\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [D:\Program Files\Rising\Ris\ProcComm.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4] [D:\Program Files\Rising\Ris\rsxml.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2] [D:\Program Files\Rising\Ris\MonState.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2] [D:\Program Files\Rising\Ris\ScanEvnt.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.3] [D:\Program Files\Rising\Ris\rsguilib.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 55] [D:\Program Files\Rising\Ris\rsconf.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.1] [D:\Program Files\Rising\Ris\rfwrule.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.1] [C:\Windows\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.6030.0] [C:\Windows\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.6030.0] [D:\Program Files\Rising\Ris\rspalvd.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.6] [D:\Program Files\Rising\Ris\rsnetsvr.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3] [D:\Program Files\Rising\Ris\ravbintl.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 21] [D:\Program Files\Rising\Ris\mruleui.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 7] [D:\Program Files\Rising\Ris\MonTray.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.72] [D:\Program Files\Rising\Ris\RavITray.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6] [D:\Program Files\Rising\Ris\rfwtray.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 38] [D:\Program Files\Rising\Ris\rsmginfo.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3] [D:\Program Files\Rising\Ris\scanleak.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6] [D:\Program Files\Rising\Ris\ravppops.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 21] [D:\Program Files\Rising\Ris\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.0] [D:\Program Files\Rising\Ris\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.0] [D:\Program Files\Rising\Ris\PngDll.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [D:\Program Files\Rising\Ris\ScanPrxy.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.4] [D:\Program Files\Rising\Ris\rfwlog.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.14] [PID: 2748 / Qinghua][D:\Program Files\Rising\Ris\RsMain.exe] [Beijing Rising Information Technology Co., Ltd., 22.0.0.4] [D:\Program Files\Rising\Ris\rspalmgr.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.20] [D:\Program Files\Rising\Ris\RSXML.DLL] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2] [D:\Program Files\Rising\Ris\RsGuiLib.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 55] [D:\Program Files\Rising\Ris\rslang.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1] [D:\Program Files\Rising\Ris\rsconf.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.1] [D:\Program Files\Rising\Ris\rspalvd.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.6] [D:\Program Files\Rising\Ris\ravppops.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 21] [D:\Program Files\Rising\Ris\ravbintl.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 21] [D:\Program Files\Rising\Ris\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [D:\Program Files\Rising\Ris\ravpsafe.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.28] [D:\Program Files\Rising\Ris\MonState.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2] [D:\Program Files\Rising\Ris\ScanPrxy.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.4] [D:\Program Files\Rising\Ris\pubcfg.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.52] [D:\Program Files\Rising\Ris\rsscanbd.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2] [D:\Program Files\Rising\Ris\rfwrule.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.1] [C:\Windows\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.6030.0] [C:\Windows\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.6030.0] [D:\Program Files\Rising\Ris\rfwLog.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.14] [D:\Program Files\Rising\Ris\rfw.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 70] [D:\Program Files\Rising\Ris\rsw7pv.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.10] [D:\Program Files\Rising\Ris\PngDll.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [D:\Program Files\Rising\Ris\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.0] [D:\Program Files\Rising\Ris\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.0] [D:\Program Files\Rising\Ris\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [D:\Program Files\Rising\Ris\ProcComm.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4] [D:\Program Files\Rising\Ris\ravxpage.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 51] [D:\Program Files\Rising\Ris\ravxmons.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 16] [D:\Program Files\Rising\Ris\ravptool.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.14] [D:\Program Files\Rising\Ris\log2file.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.14] [C:\Windows\system32\SOGOUPY.IME] [Sogou.com Inc., 4.3.0.3315] [D:\Program Files\Rising\Ris\mPorts.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.0] [D:\Program Files\Rising\Ris\htmllib.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2] [PID: 2984 / Qinghua][C:\Program Files\Windows Sidebar\sidebar.exe] [Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)] [d:\Users\Qinghua\AppData\Roaming\Maxthon2\Modules\MxKWS\kwsui.dll] [Kingsoft Corporation, 2009,09,16,336] [C:\Windows\system32\SOGOUPY.IME] [Sogou.com Inc., 4.3.0.3315] [D:\Program Files\Rising\Ris\RavScrCh.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 15] [C:\Windows\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.6030.0] [C:\Windows\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.6030.0] [PID: 3396 / SYSTEM][C:\Windows\system32\SearchIndexer.exe] [(Verified) Microsoft Corporation, 7.00.7600.16385 (win7_rtm.090713-1255)] [PID: 3984 / Qinghua][D:\Program Files\racer-ccn-racerpc-ha\racer.exe] [Putian Runway, 3,3,130,354] [d:\Users\Qinghua\AppData\Roaming\Maxthon2\Modules\MxKWS\kwsui.dll] [Kingsoft Corporation, 2009,09,16,336] [D:\Program Files\racer-ccn-racerpc-ha\rwxre.dll] [Putian Runway, 3,3,130,354] [D:\Program Files\racer-ccn-racerpc-ha\nspr4.dll] [Netscape Communications Corporation, 4.6.1] [D:\Program Files\racer-ccn-racerpc-ha\xpcom_core.dll] [Mozilla Foundation, Personal] [D:\Program Files\racer-ccn-racerpc-ha\plc4.dll] [Netscape Communications Corporation, 4.6.1] [D:\Program Files\racer-ccn-racerpc-ha\plds4.dll] [Netscape Communications Corporation, 4.6.1] [D:\Program Files\racer-ccn-racerpc-ha\nss3.dll] [Netscape Communications Corporation, 3.10.2] [D:\Program Files\racer-ccn-racerpc-ha\softokn3.dll] [Netscape Communications Corporation, 3.10.2] [D:\Program Files\racer-ccn-racerpc-ha\js3250.dll] [Netscape Communications Corporation, 4.0] [D:\Program Files\racer-ccn-racerpc-ha\gkgfx.dll] [Mozilla Foundation, Personal] [D:\Program Files\racer-ccn-racerpc-ha\xpcom_compat.dll] [Mozilla Foundation, Personal] [D:\Program Files\racer-ccn-racerpc-ha\smime3.dll] [Netscape Communications Corporation, 3.10.2] [D:\Program Files\racer-ccn-racerpc-ha\ssl3.dll] [Netscape Communications Corporation, 3.10.2] [C:\Windows\system32\SOGOUPY.IME] [Sogou.com Inc., 4.3.0.3315] [D:\Program Files\racer-ccn-racerpc-ha\components\racer_base_comp.dll] [Putian Runway, 3,3,130,354] [D:\Program Files\racer-ccn-racerpc-ha\racer_base.dll] [Putian Runway, 3,3,130,354] [D:\Program Files\racer-ccn-racerpc-ha\kbdhook.dll] [Putian Runway, 3,3,130,354] [D:\Program Files\racer-ccn-racerpc-ha\components\jar50.dll] [Mozilla Foundation, Personal] [D:\Program Files\racer-ccn-racerpc-ha\components\gklayout.dll] [Mozilla Foundation, Personal] [D:\Program Files\racer-ccn-racerpc-ha\nssckbi.dll] [Netscape Communications Corporation, 1.53] [D:\Program Files\racer-ccn-racerpc-ha\components\racer_ad_comp.dll] [Putian Runway, 3,3,130,354] [D:\Program Files\racer-ccn-racerpc-ha\components\racer_access_pppoe.dll] [Putian Runway, 3,3,130,354] [D:\Program Files\racer-ccn-racerpc-ha\pppoe.DLL] [北京润汇科技有限公司, 9, 0, 22, 50] [D:\Program Files\racer-ccn-racerpc-ha\components\racer_nss4_comp.dll] [Putian Runway, 3,3,130,354] [D:\Program Files\racer-ccn-racerpc-ha\nss4.dll] [北京润汇科技有限公司, 1, 0, 0, 4] [D:\Program Files\racer-ccn-racerpc-ha\wpcap.dll] [CACE Technologies, 3, 2, 0, 29] [D:\Program Files\racer-ccn-racerpc-ha\packet.dll] [CACE Technologies, 3, 2, 0, 29] [D:\Program Files\racer-ccn-racerpc-ha\WanPacket.dll] [CACE Technologies, 3, 2, 0, 29] [C:\Windows\system32\NPPTools.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [D:\Program Files\racer-ccn-racerpc-ha\plugins\NPSWF32.dll] [, ] [PID: 800 / LOCAL SERVICE][C:\Windows\system32\svchost.exe] [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)] [PID: 1576 / NETWORK SERVICE][C:\Program Files\Windows Media Player\wmpnetwk.exe] [Microsoft Corporation, 12.0.7600.16385 (win7_rtm.090713-1255)] [PID: 2868 / LOCAL SERVICE][C:\Windows\system32\svchost.exe] [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)] [PID: 4028 / SYSTEM][C:\Windows\System32\svchost.exe] [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)] [PID: 3628 / Qinghua][D:\Program Files\Kingsoft\WPS Office Personal\Office6\addins\plgpf\{DAC5DB99-8AE8-4835-A5F9-8EE3AC6AE1EC}\wpslive.exe] [Kingsoft Corp. Ltd., 1,0,0,2066] [d:\Users\Qinghua\AppData\Roaming\Maxthon2\Modules\MxKWS\kwsui.dll] [Kingsoft Corporation, 2009,09,16,336] [C:\Windows\system32\SOGOUPY.IME] [Sogou.com Inc., 4.3.0.3315] [D:\Program Files\Kingsoft\WPS Office Personal\Office6\addins\plgpf\{DAC5DB99-8AE8-4835-A5F9-8EE3AC6AE1EC}\wpslive.dll] [Kingsoft Corp. Ltd., 1,0,0,2066] [PID: 3484 / SYSTEM][C:\Windows\system32\svchost.exe] [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)] [PID: 3876 / SYSTEM][C:\Windows\system32\wbem\wmiprvse.exe] [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)] [PID: 1264 / SYSTEM][C:\Windows\system32\SearchProtocolHost.exe] [(Verified) Microsoft Corporation, 7.00.7600.16385 (win7_rtm.090713-1255)] [PID: 5512 / Qinghua][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 8.00.7600.16385 (win7_rtm.090713-1255)] [d:\Users\Qinghua\AppData\Roaming\Maxthon2\Modules\MxKWS\kwsui.dll] [Kingsoft Corporation, 2009,09,16,336] [d:\Users\Qinghua\AppData\Roaming\Maxthon2\Modules\MxKWS\kswebshield.dll] [Kingsoft Corporation, 2009,09,03,302] [d:\Users\Qinghua\AppData\Roaming\Maxthon2\Modules\MxKWS\kswbc.dll] [Kingsoft Corporation, 2009,09,04,309] [C:\Windows\system32\SOGOUPY.IME] [Sogou.com Inc., 4.3.0.3315] [PID: 4156 / Qinghua][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 8.00.7600.16385 (win7_rtm.090713-1255)] [d:\Users\Qinghua\AppData\Roaming\Maxthon2\Modules\MxKWS\kwsui.dll] [Kingsoft Corporation, 2009,09,16,336] [d:\Users\Qinghua\AppData\Roaming\Maxthon2\Modules\MxKWS\kswebshield.dll] [Kingsoft Corporation, 2009,09,03,302] [d:\Users\Qinghua\AppData\Roaming\Maxthon2\Modules\MxKWS\kswbc.dll] [Kingsoft Corporation, 2009,09,04,309] [C:\Windows\system32\SOGOUPY.IME] [Sogou.com Inc., 4.3.0.3315] [d:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll] [深圳市迅雷网络技术有限公司, 5,9,11,1168] [C:\Windows\system32\ATL71.DLL] [Microsoft Corporation, 7.10.6101.0] [C:\Windows\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.6030.0] [C:\Windows\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.6030.0] [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll] [Adobe Systems Incorporated, 9.1.0.2009022700] [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 9.1.0.2009022700] [C:\Program Files\Common Files\System\Extend.dll] [Shenzhen QVOD Technology Co.,Ltd, 3, 0, 0, 0] [d:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll] [深圳市迅雷网络技术有限公司, 5,9,11,1168] [D:\Program Files\Thunder Network\Thunder\userdata\Components\ResWorker\DsBho_01.dll] [深圳市迅雷网络技术有限公司, 1, 0, 0, 26] [D:\Program Files\Thunder Network\Thunder\userdata\Components\ResWorker\DataProcessor_01.dll] [深圳市迅雷网络技术有限公司, 1, 0, 0, 20] [C:\Program Files\Kingsoft\Powerword_Mini\MiniPowerwordForIE.dll] [Copyright (c) Kingsoft Corporation Limited. All rights reserved., 0.0.0.1] [C:\Users\Qinghua\AppData\Roaming\Kingsoft\Powerword_Mini\MiniPowerwordUnhandlerCrash.dll] [N/A, ] [C:\Program Files\Kingsoft\Powerword_Mini\MiniPowerwordService.dll] [Copyright (c) Kingsoft Corporation Limited. All rights reserved., 0.0.0.1] [C:\Program Files\Kingsoft\Powerword_Mini\MiniPowerwordSetting.dll] [TODO: <公司名>, 1.0.0.1] [D:\Program Files\360\360safe\safemon\safemon.dll] [360.CN, 5, 1, 0, 1001] [C:\Program Files\Kingsoft\Powerword_Mini\CBGrabManager.dll] [Copyright (c) Kingsoft Corporation Limited. All rights reserved., 0.0.0.1] [C:\Program Files\Kingsoft\Powerword_Mini\CBSelectText.dll] [Copyright (c) Kingsoft Corporation Limited. All rights reserved., 0.0.0.1] [C:\Program Files\Kingsoft\Powerword_Mini\CBGrabProxy.dll] [Copyright (c) Kingsoft Corporation Limited. All rights reserved., 0.0.1.111] [D:\Program Files\ICBCEbankTools\ICBCAntiPhishing\Icbc_AntiPhishing.dll] [中国工商银行, 1.0.6.29] [C:\Program Files\Kingsoft\Powerword_Mini\MiniPowerwordDataService.dll] [Copyright (c) Kingsoft Corporation Limited. All rights reserved., 0.0.0.1] [C:\Program Files\Kingsoft\Powerword_Mini\CBDBCoreplus.dll] [N/A, ] [C:\Program Files\Kingsoft\Powerword_Mini\MiniPowerwordUI.dll] [Copyright (c) Kingsoft Corporation Limited. All rights reserved., 0.0.0.1] [D:\Program Files\ICBCEbankTools\ICBCAntiPhishing\KeyMonitor.dll] [N/A, ] [D:\Program Files\Rising\Ris\RavScrCh.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 15] [C:\Windows\system32\Macromed\Flash\Flash10e.ocx] [Adobe Systems, Inc., 10,1,51,45] [C:\Windows\system32\nvd3dum.dll] [NVIDIA Corporation, 8.17.11.9562] [d:\Program Files\Kingsoft\PowerWord_Pro\CBGrabProxy.dll] [Copyright (c) Kingsoft Corporation Limited. All rights reserved., 0.0.1.106] [C:\Program Files\Kingsoft\Powerword_Mini\google_service.dll] [Google Inc., 1.0.2.5] [PID: 5688 / Qinghua][C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe] [Adobe Systems, Inc., 10,1,51,45] [C:\Windows\system32\Macromed\Flash\FlashUtil10e.dll] [Adobe Systems, Inc., 10,1,51,45] [d:\Users\Qinghua\AppData\Roaming\Maxthon2\Modules\MxKWS\kwsui.dll] [Kingsoft Corporation, 2009,09,16,336] [PID: 4732 / Qinghua][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 8.00.7600.16385 (win7_rtm.090713-1255)] [d:\Users\Qinghua\AppData\Roaming\Maxthon2\Modules\MxKWS\kwsui.dll] [Kingsoft Corporation, 2009,09,16,336] [d:\Users\Qinghua\AppData\Roaming\Maxthon2\Modules\MxKWS\kswebshield.dll] [Kingsoft Corporation, 2009,09,03,302] [d:\Users\Qinghua\AppData\Roaming\Maxthon2\Modules\MxKWS\kswbc.dll] [Kingsoft Corporation, 2009,09,04,309] [C:\Windows\system32\SOGOUPY.IME] [Sogou.com Inc., 4.3.0.3315] [d:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll] [深圳市迅雷网络技术有限公司, 5,9,11,1168] [C:\Windows\system32\ATL71.DLL] [Microsoft Corporation, 7.10.6101.0] [C:\Windows\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.6030.0] [C:\Windows\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.6030.0] [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll] [Adobe Systems Incorporated, 9.1.0.2009022700] [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 9.1.0.2009022700] [C:\Program Files\Common Files\System\Extend.dll] [Shenzhen QVOD Technology Co.,Ltd, 3, 0, 0, 0] [d:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll] [深圳市迅雷网络技术有限公司, 5,9,11,1168] [D:\Program Files\Thunder Network\Thunder\userdata\Components\ResWorker\DsBho_01.dll] [深圳市迅雷网络技术有限公司, 1, 0, 0, 26] [D:\Program Files\Thunder Network\Thunder\userdata\Components\ResWorker\DataProcessor_01.dll] [深圳市迅雷网络技术有限公司, 1, 0, 0, 20] [C:\Program Files\Kingsoft\Powerword_Mini\MiniPowerwordForIE.dll] [Copyright (c) Kingsoft Corporation Limited. All rights reserved., 0.0.0.1] [C:\Users\Qinghua\AppData\Roaming\Kingsoft\Powerword_Mini\MiniPowerwordUnhandlerCrash.dll] [N/A, ] [C:\Program Files\Kingsoft\Powerword_Mini\MiniPowerwordService.dll] [Copyright (c) Kingsoft Corporation Limited. All rights reserved., 0.0.0.1] [C:\Program Files\Kingsoft\Powerword_Mini\MiniPowerwordSetting.dll] [TODO: <公司名>, 1.0.0.1] [C:\Program Files\Kingsoft\Powerword_Mini\CBGrabManager.dll] [Copyright (c) Kingsoft Corporation Limited. All rights reserved., 0.0.0.1] [D:\Program Files\360\360safe\safemon\safemon.dll] [360.CN, 5, 1, 0, 1001] [C:\Program Files\Kingsoft\Powerword_Mini\CBSelectText.dll] [Copyright (c) Kingsoft Corporation Limited. All rights reserved., 0.0.0.1] [C:\Program Files\Kingsoft\Powerword_Mini\CBGrabProxy.dll] [Copyright (c) Kingsoft Corporation Limited. All rights reserved., 0.0.1.111] [C:\Program Files\Kingsoft\Powerword_Mini\MiniPowerwordDataService.dll] [Copyright (c) Kingsoft Corporation Limited. All rights reserved., 0.0.0.1] [C:\Program Files\Kingsoft\Powerword_Mini\CBDBCoreplus.dll] [N/A, ] [C:\Program Files\Kingsoft\Powerword_Mini\MiniPowerwordUI.dll] [Copyright (c) Kingsoft Corporation Limited. All rights reserved., 0.0.0.1] [D:\Program Files\ICBCEbankTools\ICBCAntiPhishing\Icbc_AntiPhishing.dll] [中国工商银行, 1.0.6.29] [D:\Program Files\Rising\Ris\RavScrCh.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 15] [C:\Windows\system32\Macromed\Flash\Flash10e.ocx] [Adobe Systems, Inc., 10,1,51,45] [d:\Program Files\Kingsoft\PowerWord_Pro\CBGrabProxy.dll] [Copyright (c) Kingsoft Corporation Limited. All rights reserved., 0.0.1.106] [PID: 2892 / NETWORK SERVICE][C:\Windows\system32\wbem\wmiprvse.exe] [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)] [PID: 1072 / SYSTEM][C:\Windows\servicing\TrustedInstaller.exe] [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)] [PID: 5880 / SYSTEM][C:\Windows\system32\SearchFilterHost.exe] [(Verified) Microsoft Corporation, 7.00.7600.16385 (win7_rtm.090713-1255)] [PID: 5460 / Qinghua][D:\Program Files\WinRAR\WinRAR.exe] [, ] [d:\Users\Qinghua\AppData\Roaming\Maxthon2\Modules\MxKWS\kwsui.dll] [Kingsoft Corporation, 2009,09,16,336] [C:\Windows\system32\SOGOUPY.IME] [Sogou.com Inc., 4.3.0.3315] [PID: 1316 / Qinghua][D:\TDDOWNLOAD\TEMP\Rar$EX00.414\SREngLdr.EXE] [Smallfrogs Studio, 2.8.1.1279] [PID: 5516 / Qinghua][D:\TDDOWNLOAD\TEMP\Rar$EX00.414\SRE7927577a.EXE] [Smallfrogs Studio, 2.8.1.1279] [d:\Users\Qinghua\AppData\Roaming\Maxthon2\Modules\MxKWS\kwsui.dll] [Kingsoft Corporation, 2009,09,16,336] [C:\Windows\system32\SOGOUPY.IME] [Sogou.com Inc., 4.3.0.3315] [D:\TDDOWNLOAD\TEMP\Rar$EX00.414\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15] ================================== 文件关联 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["%SystemRoot%\hh.exe" %1] .HLP OK. [%SystemRoot%\winhlp32.exe %1] .INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .VBS OK. ["%SystemRoot%\System32\WScript.exe" "%1" %*] .JS Error. [C:\Windows\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 N/A ================================== Autorun.inf N/A ================================== HOSTS 文件 N/A ================================== 进程特权扫描 N/A ================================== 计划任务 [已启用] \\RunAsStdUser Task14557 D:\Program Files\Rising\Ris\RsMain.exe [已启用] \\SogouImeMgr d:\PROGRA~1\SOGOUI~1\430~1.331\PINYIN~1.EXE /S [已启用] \\{2E2F7673-6850-4C18-9957-72E74647AA20} C:\Windows\system32\pcalua.exe -a "C:\Users\Qinghua\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T83E9FEP\QQLive8.13.4823.0[1].exe" -d C:\Users\Qinghua\Desktop -c /S [已启用] \\{4ECAEC8F-AC1F-40A8-8745-451BBF2813E5} C:\Windows\system32\pcalua.exe -a "C:\Users\Qinghua\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\T83E9FEP\QQLive8.13.4823.0[1].exe" -d C:\Users\Qinghua\Desktop -c /S [已启用] \\{A5AF12AE-D0F5-419C-B39F-2E19E0D7E08A} C:\Windows\system32\pcalua.exe -a "D:\课件大师2008 V6.5 正式版\课件大师\Setup.exe" -d "D:\课件大师2008 V6.5 正式版\课件大师" [已禁用] \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated) N/A [已启用] \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual) N/A [已禁用] \Microsoft\Windows\AppID\PolicyConverter %windir%\system32\appidpolicyconverter.exe [已禁用] \Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck %windir%\system32\appidcertstorecheck.exe [已启用] \Microsoft\Windows\Application Experience\AitAgent aitagent [已启用] \Microsoft\Windows\Application Experience\ProgramDataUpdater %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [已启用] \Microsoft\Windows\Autochk\Proxy %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [已启用] \Microsoft\Windows\Bluetooth\UninstallDeviceTask BthUdTask.exe $(Arg0) [已启用] \Microsoft\Windows\CertificateServicesClient\SystemTask N/A [已启用] \Microsoft\Windows\CertificateServicesClient\UserTask N/A [已禁用] \Microsoft\Windows\CertificateServicesClient\UserTask-Roam N/A [已启用] \Microsoft\Windows\Customer Experience Improvement Program\Consolidator %SystemRoot%\System32\wsqmcons.exe [已启用] \Microsoft\Windows\Customer Experience Improvement Program\Uploader %windir%\system32\WSqmCons.exe -u [已启用] \Microsoft\Windows\Defrag\ScheduledDefrag %windir%\system32\defrag.exe -c [已启用] \Microsoft\Windows\Location\Notifications %windir%\System32\LocationNotifications.exe [已启用] \Microsoft\Windows\Maintenance\WinSAT N/A [已启用] \Microsoft\Windows\MobilePC\HotStart N/A [已启用] \Microsoft\Windows\MUI\LPRemove %windir%\system32\lpremove.exe [已启用] \Microsoft\Windows\Multimedia\SystemSoundsService N/A [已启用] \Microsoft\Windows\NetTrace\GatherNetworkInfo %windir%\system32\gatherNetworkInfo.vbs [已启用] \Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem %SystemRoot%\System32\powercfg.exe -energy -auto [已启用] \Microsoft\Windows\Ras\MobilityManager N/A [已启用] \Microsoft\Windows\SystemRestore\SR %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [已启用] \Microsoft\Windows\Tcpip\IpAddressConflict1 %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [已启用] \Microsoft\Windows\Tcpip\IpAddressConflict2 %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [已启用] \Microsoft\Windows\Time Synchronization\SynchronizeTime %windir%\system32\sc.exe start w32time task_started [已启用] \Microsoft\Windows\UPnP\UPnPHostConfig sc.exe config upnphost start= auto [已禁用] \Microsoft\Windows\User Profile Service\HiveUploadTask N/A [已启用] \Microsoft\Windows\Windows Error Reporting\QueueReporting %windir%\system32\wermgr.exe -queuereporting [已启用] \Microsoft\Windows\Windows Media Sharing\UpdateLibrary "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [已启用] \Microsoft\Windows\WindowsBackup\AutomaticBackup %systemroot%\system32\rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup [已禁用] \Microsoft\Windows\WindowsBackup\ConfigNotification %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION [已启用] \Microsoft\Windows\WindowsBackup\Windows Backup Monitor %systemroot%\system32\sdclt.exe /CHECKSKIPPED [已禁用] \Microsoft\Windows\WindowsColorSystem\Calibration Loader N/A ================================== Windows 安全更新检查 Windows Live 软件包 KB915597, Definition Update for Windows Defender - KB915597 (Definition 1.71.346.0) ================================== API HOOK N/A ================================== 隐藏进程 N/A ================================== [/CODE]