[CODE]

2009-12-16,15:30:46

System Repair Engineer 2.8.1.1279
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 3 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描
    计划任务
    Windows 安全更新检查
    API HOOK
    隐藏进程


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Component Publisher]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Component Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Component Publisher]
    <RavTray><"d:\Program Files\Rising\Rav\RsTray.exe" -system>  [(Verified)Beijing Rising Information Technology Corporation Limited]
    <RFWTray><"d:\Program Files\Rising\RFW\RsTray.exe" -system>  [(Verified)Beijing Rising Information Technology Corporation Limited]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [NVIDIA Corporation]
    <nwiz><nwiz.exe /install>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <WebCheck><C:\WINDOWS\system32\webcheck.dll>  [(Verified)Microsoft Windows]
    <SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
    <WinlogonNotify: dimsntfy><%SystemRoot%\System32\dimsntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
    <IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    <Browser Customizations><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
    <浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -BaseSettings>  [(Verified)Microsoft Windows]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINDOWS\system32\logon.scr>  [(Verified)Microsoft Windows Component Publisher]

==================================
启动文件夹
[Adobe Gamma Loader]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Gamma Loader.lnk --> C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.]><N>

==================================
服务
[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Network Location Awareness (NLA) / Nla][Running/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\mswsock.dll><Microsoft Corporation>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Rav Service / RsRavMon][Running/Auto Start]
  <"d:\Program Files\Rising\Rav\RavMonD.exe"><Beijing Rising Information Technology Co., Ltd.>
[RFW Service / RsRFWMon][Running/Auto Start]
  <"d:\Program Files\Rising\RFW\RavMonD.exe"><Beijing Rising Information Technology Co., Ltd.>

==================================
驱动程序
[AFD / AFD][Running/System Start]
  <\SystemRoot\System32\drivers\afd.sys><Microsoft Corporation>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AMD Processor Driver / AmdK8][Running/System Start]
  <system32\DRIVERS\AmdK8.sys><Advanced Micro Devices>
[Creative AudioPCI (ES1371,ES1373) (WDM) / es1371][Stopped/Manual Start]
  <system32\drivers\es1371mp.sys><Creative Technology Ltd.>
[hookcont / hookcont][Running/System Start]
  <system32\drivers\HookCont.sys><Beijing Rising Information Technology Co., Ltd.>
[hooksys / hooksys][Running/System Start]
  <system32\drivers\HookSys.sys><Beijing Rising Information Technology Co., Ltd.>
[Intel(R) Ham 5628 V.92 Modem / Intels51][Running/Manual Start]
  <system32\DRIVERS\Intels51.sys><Intel Corporation>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[nvatabus / nvatabus][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\nvatabus.sys><NVIDIA Corporation>
[NVIDIA nForce Networking Controller Driver / NVENETFD][Running/Manual Start]
  <system32\DRIVERS\NVENETFD.sys><NVIDIA Corporation>
[NVIDIA Network Bus Enumerator / nvnetbus][Running/Manual Start]
  <system32\DRIVERS\nvnetbus.sys><NVIDIA Corporation>
[NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\nvrd32.sys><NVIDIA Corporation>
[AMD PCNET Compatable Adapter Driver / PCnet][Stopped/Manual Start]
  <system32\DRIVERS\pcntpci5.sys><AMD Inc.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Rising RfwARP Driver / RFWARP][Running/Auto Start]
  <system32\DRIVERS\rfwarp.sys><Beijing Rising Information Technology Co., Ltd.>
[Rising RfwBase Driver / RfwBase9][Running/Manual Start]
  <system32\DRIVERS\rfwbase.sys><Beijing Rising Information Technology Co., Ltd.>
[rfwtdi / rfwtdi][Running/Auto Start]
  <\??\d:\Program Files\Rising\RFW\rfwtdi.sys><Beijing Rising Information Technology Co., Ltd.>
[rsassist / rsassist][Running/Auto Start]
  <system32\drivers\rsassist.sys><Beijing Rising Information Technology Co., Ltd.>
[rsfwdrv / rsfwdrv][Running/System Start]
  <\??\d:\Program Files\Rising\RFW\rsfwdrv.sys><Beijing Rising Information Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Information Technology Co., Ltd.>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[Sentinel / Sentinel][Stopped/Auto Start]
  <\SystemRoot\System32\Drivers\SENTINEL.SYS><N/A>
[SATALink driver accelerator / SiFilter][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\SiWinAcc.sys><Silicon Image, Inc.>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[viamraid / viamraid][Stopped/Boot Start]
  <\SystemRoot\system32\DRIVERS\viamraid.sys><VIA Technologies inc,.ltd>

==================================
浏览器加载项
[QQCycloneHelper Class]
  {00000000-12C9-4305-82F9-43058F20E8D2} <d:\Program Files\Tencent\QQDownload\QQIEHelper01.dll, 腾讯公司>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[msiebr Class]
  {A2DF4DBF-29B4-42A4-BD19-2CBC443E2E84} <C:\WINDOWS\WinProc.dll, N/A>
[PPLive]
  {95B3F550-91C4-4627-BCC4-521288C52977} <C:\Program Files\PPLive\PPLive.exe, (Signed) N/A>
[]
  {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A>
[QQCycloneHelper Class]
  {00000000-12C9-4305-82F9-43058F20E8D2} <d:\Program Files\Tencent\QQDownload\QQIEHelper01.dll, 腾讯公司>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, (Signed) Microsoft Corporation>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, (Signed) Microsoft Corporation>
[Microsoft Office Control]
  {4453D895-F2A1-4A38-A285-1EF9BD3F6D5D} <C:\PROGRA~1\MICROS~1\OFFICE11\AUTHZAX.DLL, (Signed) Microsoft Corporation>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <C:\Program Files\Thunder\ComDlls\ThunderAgent_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, (Signed) >
[QQPYChecker Class]
  {5052B4D0-9DF7-45ef-88EF-F42C0EA33A43} <d:\Program Files\Tencent\QQPinyin\3.0.685.201\QQImeChecker.dll, (Signed) Tencent>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>
[XMP Class]
  {6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
[XDRM]
  {693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[CCtInf Class]
  {6DBB2904-082D-4DB0-944A-21C22BA121F4} <C:\WINDOWS\system32\BANKCE~1.DLL, >
[MUWebControl Class]
  {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, (Signed) Microsoft Corporation>
[Microsoft Web Browser]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[]
  {95B3F550-91C4-4627-BCC4-521288C52977} <, >
[msiebr Class]
  {A2DF4DBF-29B4-42A4-BD19-2CBC443E2E84} <C:\WINDOWS\WinProc.dll, N/A>
[DapCtrl Class]
  {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.1.5802.54.(12).dll, ShenZhen Thunder Networking Technologies Ltd.>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, (Signed) Adobe Systems, Inc.>
[]
  {E2E2DD38-D088-4134-82B7-F2BA38496583} <, >
[XML HTTP Request]
  {ED8C108E-4349-11D2-91A4-00C04F7969E8} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[Thunder DapPlayer]
  {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <C:\Program Files\Thunder\Components\DownAndPlay\DapPlayer3.0.5712.71.12.dll, ShenZhen Thunder Networking Technologies Ltd.>
[XPPlayer Class]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Program Files\Common Files\Thunder Network\KanKan\PPlayer.2.0.0.166.(12).dll, Thunder>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[&使用超级旋风下载]
  <d:\Program Files\Tencent\QQDownload\geturl.htm, N/A>
[&使用超级旋风下载全部链接]
  <d:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>
[使用迅雷下载]
  <C:\Program Files\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <C:\Program Files\Thunder\Program\getallurl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
  <d:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>

==================================
正在运行的进程
[PID: 912 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 968 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 992 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
    [C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1036 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1048 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
    [C:\WINDOWS\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[PID: 1204 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1248 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[PID: 1288 / SYSTEM][d:\Program Files\Rising\Rav\RavMonD.exe]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2]
    [d:\Program Files\Rising\Rav\combase.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 17]
    [d:\Program Files\Rising\Rav\cnt09.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5]
    [d:\Program Files\Rising\Rav\moncomm.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 9]
    [d:\Program Files\Rising\Rav\MonBase.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3]
    [d:\Program Files\Rising\Rav\Rslog.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.41]
    [d:\Program Files\Rising\Rav\mondrv.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6]
    [d:\Program Files\Rising\Rav\defmon.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 45]
    [d:\Program Files\Rising\Rav\moncom08.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1]
    [d:\Program Files\Rising\Rav\MonRule.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 10]
    [d:\Program Files\Rising\Rav\FileMon.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 29]
    [d:\Program Files\Rising\Rav\MailMon.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 22]
    [d:\Program Files\Rising\Rav\HookWeb.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 12]
    [d:\Program Files\Rising\Rav\rsindent.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 11]
    [d:\Program Files\Rising\Rav\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [d:\Program Files\Rising\Rav\taskplug.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 10]
    [d:\Program Files\Rising\Rav\scansrvp.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.7]
    [d:\Program Files\Rising\Rav\cnt08.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1]
    [d:\Program Files\Rising\Rav\proccomm.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4]
    [d:\Program Files\Rising\Rav\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.0]
    [d:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.0]
    [d:\Program Files\Rising\Rav\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [d:\Program Files\Rising\Rav\Hooksys.dll]  [Beijing Rising Information Technology Co., Ltd., 24, 0, 0, 3]
    [d:\Program Files\Rising\Rav\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [d:\Program Files\Rising\Rav\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [d:\Program Files\Rising\Rav\HookCont.dll]  [Beijing Rising Information Technology Co., Ltd., 24, 0, 0, 1]
    [d:\Program Files\Rising\Rav\BACore.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 31]
    [C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [d:\Program Files\Rising\Rav\recomp.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6]
    [d:\Program Files\Rising\Rav\refs.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3]
    [d:\Program Files\Rising\Rav\viruslib.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3]
    [d:\Program Files\Rising\Rav\relibldr.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3]
    [d:\Program Files\Rising\Rav\rsnetsvr.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3]
    [d:\Program Files\Rising\Rav\bawhite.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3]
    [d:\Program Files\Rising\Rav\RSStore.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5]
    [d:\Program Files\Rising\Rav\Scanner.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.21]
    [d:\Program Files\Rising\Rav\ScanAdd.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.4]
    [C:\WINDOWS\system32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [d:\Program Files\Rising\Rav\rstask.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5]
    [d:\Program Files\Rising\Rav\rsstub.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1]
    [d:\Program Files\Rising\Rav\ScanSrv.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.3]
    [d:\Program Files\Rising\Rav\scanpe.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 10]
    [d:\Program Files\Rising\Rav\pearc.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2]
    [d:\Program Files\Rising\Rav\ur000.dat]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4]
    [d:\Program Files\Rising\Rav\urutils.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1]
    [d:\Program Files\Rising\Rav\ffr.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4]
    [d:\Program Files\Rising\Rav\nvfile.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1]
    [d:\Program Files\Rising\Rav\scanexec.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2]
    [d:\Program Files\Rising\Rav\unexe.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2]
    [d:\Program Files\Rising\Rav\scanex.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 51]
    [d:\Program Files\Rising\Rav\scantj.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4]
    [d:\Program Files\Rising\Rav\methodex.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3]
    [d:\Program Files\Rising\Rav\revm.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6]
    [d:\Program Files\Rising\Rav\pecompd.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5]
    [d:\Program Files\Rising\Rav\heurex.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 13]
    [d:\Program Files\Rising\Rav\extsfx.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4]
    [d:\Program Files\Rising\Rav\ur025.dat]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2]
    [d:\Program Files\Rising\Rav\scansct.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3]
    [d:\Program Files\Rising\Rav\extmail.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5]
[PID: 1324 / SYSTEM][d:\Program Files\Rising\RFW\RavMonD.exe]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2]
    [d:\Program Files\Rising\RFW\combase.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 17]
    [d:\Program Files\Rising\RFW\cnt09.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5]
    [d:\Program Files\Rising\RFW\MonBase.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3]
    [d:\Program Files\Rising\RFW\MonComm.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 9]
    [d:\Program Files\Rising\RFW\rfwlog.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.14]
    [d:\Program Files\Rising\RFW\rfwrule.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.1]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [d:\Program Files\Rising\RFW\rfwsrv.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.2]
    [d:\Program Files\Rising\RFW\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [d:\Program Files\Rising\RFW\mPorts.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.0]
    [d:\Program Files\Rising\RFW\rfwdrvc.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
    [d:\Program Files\Rising\RFW\Rfwdrv.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.5]
    [d:\Program Files\Rising\RFW\RfwArp.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.5]
    [d:\Program Files\Rising\RFW\rsnetsvr.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3]
    [d:\Program Files\Rising\RFW\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [d:\Program Files\Rising\RFW\urlrule.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.1]
    [d:\Program Files\Rising\RFW\recomp.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6]
    [d:\Program Files\Rising\RFW\refs.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3]
    [d:\Program Files\Rising\RFW\viruslib.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3]
    [d:\Program Files\Rising\RFW\relibldr.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3]
    [d:\Program Files\Rising\RFW\rfwproxy.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 55]
    [C:\WINDOWS\system32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [d:\Program Files\Rising\RFW\rslang.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1]
    [d:\Program Files\Rising\RFW\rsindent.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 11]
    [d:\Program Files\Rising\RFW\taskplug.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 10]
    [d:\Program Files\Rising\RFW\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.0]
    [d:\Program Files\Rising\RFW\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.0]
    [d:\Program Files\Rising\RFW\proccomm.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4]
    [d:\Program Files\Rising\RFW\NComm2.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2]
    [d:\Program Files\Rising\RFW\rstask.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5]
    [d:\Program Files\Rising\RFW\rsstub.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1]
    [C:\WINDOWS\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [d:\Program Files\Rising\RFW\urllib.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1]
[PID: 1384 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [c:\windows\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\System32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1584 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [c:\windows\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[PID: 1688 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[PID: 296 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[PID: 396 / Administrator][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\FreeLaunchBar\flb.dll]  [TrueSoft, 1.0.0.0]
    [C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.29]
    [C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 96]
    [C:\WINDOWS\system32\l3codeca.acm]  [Fraunhofer Institut Integrierte Schaltungen IIS, 1, 9, 0, 0305]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.1]
[PID: 684 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.11.7519]
    [C:\WINDOWS\system32\nvapi.dll]  [NVIDIA Corporation, 6.14.11.7519]
[PID: 1536 / Administrator][D:\Program Files\Rising\Rav\RsTray.exe]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.10]
    [D:\Program Files\Rising\Rav\comserv.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.15]
    [D:\Program Files\Rising\Rav\rslang.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1]
    [D:\Program Files\Rising\Rav\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [D:\Program Files\Rising\Rav\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [D:\Program Files\Rising\Rav\ProcComm.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4]
    [D:\Program Files\Rising\Rav\rsxml.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2]
    [D:\Program Files\Rising\Rav\MonState.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2]
    [D:\Program Files\Rising\Rav\ScanEvnt.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.3]
    [D:\Program Files\Rising\Rav\rsguilib.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 55]
    [D:\Program Files\Rising\Rav\rsconf.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.1]
    [D:\Program Files\Rising\Rav\rspalvd.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.7]
    [D:\Program Files\Rising\Rav\ravbintl.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 21]
    [D:\Program Files\Rising\Rav\mruleui.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 7]
    [D:\Program Files\Rising\Rav\MonTray.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.72]
    [D:\Program Files\Rising\Rav\RavITray.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6]
    [D:\Program Files\Rising\Rav\rsmginfo.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4]
    [D:\Program Files\Rising\Rav\scanleak.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6]
    [D:\Program Files\Rising\Rav\ravppops.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 21]
    [D:\Program Files\Rising\Rav\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.0]
    [D:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.0]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [D:\Program Files\Rising\Rav\PngDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [D:\Program Files\Rising\Rav\ScanPrxy.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.4]
    [C:\WINDOWS\System32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[PID: 1508 / Administrator][D:\Program Files\Rising\RFW\RsTray.exe]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.10]
    [D:\Program Files\Rising\RFW\comserv.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.15]
    [D:\Program Files\Rising\RFW\rslang.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1]
    [D:\Program Files\Rising\RFW\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [D:\Program Files\Rising\RFW\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [D:\Program Files\Rising\RFW\ProcComm.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4]
    [D:\Program Files\Rising\RFW\rsxml.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2]
    [D:\Program Files\Rising\RFW\MonState.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2]
    [D:\Program Files\Rising\RFW\rfwrule.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.1]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\Program Files\Rising\RFW\rsconf.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.1]
    [D:\Program Files\Rising\RFW\rspalvd.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.7]
    [D:\Program Files\Rising\RFW\rsguilib.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 55]
    [D:\Program Files\Rising\RFW\ravbintl.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 21]
    [D:\Program Files\Rising\RFW\rsnetsvr.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3]
    [D:\Program Files\Rising\RFW\rsmginfo.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4]
    [D:\Program Files\Rising\RFW\rfwtray.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 38]
    [D:\Program Files\Rising\RFW\ravppops.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 21]
    [D:\Program Files\Rising\RFW\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.0]
    [D:\Program Files\Rising\RFW\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.0]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [D:\Program Files\Rising\RFW\PngDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [D:\Program Files\Rising\RFW\rfwlog.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.14]
    [C:\WINDOWS\System32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
[PID: 1860 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1096 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
    [C:\WINDOWS\System32\MSWSOCK.DLL]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1444 / Administrator][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 7.00.5730.13 (longhorn(wmbla).070711-1130)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [d:\Program Files\Tencent\QQDownload\QQIEHelper01.dll]  [腾讯公司, 1, 1, 0, 5]
    [C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.29]
    [C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 96]
    [C:\WINDOWS\system32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [d:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 16]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\jscript.dll]  [Microsoft Corporation, 5.7.0.18066]
    [C:\WINDOWS\system32\vbscript.dll]  [Microsoft Corporation, 5.7.0.18066]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx]  [Adobe Systems, Inc., 9,0,124,0]
    [C:\WINDOWS\system32\QQPINYIN.IME]  [Tencent, 3.0.685.201]
[PID: 3324 / Administrator][E:\1的文档\sreng2.8.1.1279版\sr-engldr.EXE]  [Smallfrogs Studio, 2.8.1.1279]
[PID: 3372 / Administrator][E:\1的文档\sreng2.8.1.1279版\SREcec25149.EXE]  [Smallfrogs Studio, 2.8.1.1279]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [E:\1的文档\sreng2.8.1.1279版\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
    [C:\WINDOWS\System32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]
    [C:\WINDOWS\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)]

==================================
文件关联
.TXT  Error. [C:\WINDOWS\NOTEPAD.EXE "%1" ]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
MSAFD Tcpip [TCP/IP]
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD Tcpip [UDP/IP]
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD Tcpip [RAW/IP]
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD Irda [IrDA]
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{C06FF54A-4B22-40AD-8084-65C69AC950E9}] SEQPACKET 0
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{C06FF54A-4B22-40AD-8084-65C69AC950E9}] DATAGRAM 0
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{F6C60E97-F8D3-4E62-9FA2-A9D685B07D97}] SEQPACKET 1
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{F6C60E97-F8D3-4E62-9FA2-A9D685B07D97}] DATAGRAM 1
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{90284CC5-9E19-496E-A350-36F5EAF0B47E}] SEQPACKET 2
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{90284CC5-9E19-496E-A350-36F5EAF0B47E}] DATAGRAM 2
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{A3D6B21A-3364-4EF4-B7EB-97B9124026C7}] SEQPACKET 3
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{A3D6B21A-3364-4EF4-B7EB-97B9124026C7}] DATAGRAM 3
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{20773CD7-CB10-4411-A570-09C87DCEE0CE}] SEQPACKET 4
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)
MSAFD NetBIOS [\Device\NetBT_Tcpip_{20773CD7-CB10-4411-A570-09C87DCEE0CE}] DATAGRAM 4
    C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider)

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1       localhost
127.0.0.1	858656.com
127.0.0.1	my123.com
127.0.0.1	8749.com
127.0.0.1	4199.com
127.0.0.1	7379.com
127.0.0.1	7255.com
127.0.0.1	3448.com
127.0.0.1	7939.com
127.0.0.1	8009.com
127.0.0.1	piaoxue.com
127.0.0.1	kzdh.com
127.0.0.1	about.blank.la
127.0.0.1	6781.com
127.0.0.1	7322.com
127.0.0.1	9991.com

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 684, C:\WINDOWS\SYSTEM32\NVSVC32.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3324, E:\1的文档\SRENG2.8.1.1279版\SR-ENGLDR.EXE]

==================================
计划任务
N/A

==================================
Windows 安全更新检查
 Microsoft .NET Framework 版本 1.1，简体中文版 
KB943649,  Outlook 2003 更新 (KB943649) 
KB945185,  Office 2003 安全更新 (KB945185) MS08-013
KB907417,  Office 2003 更新 (KB907417) 
KB943973,  Microsoft Works Suite 2005 安全更新 (KB943973) MS08-011
KB925850,  Windows Media Player 11 
KB950213,  Microsoft Office Publisher 2003 安全更新 (KB950213) MS08-027
KB940157,  用于 Windows XP 的 Windows 搜索 4.0 (KB940157) 
KB953432,  Microsoft Office Outlook 2003 更新 (KB953432) 
KB938127,  用于 Windows XP 的 Internet Explorer 7 安全更新程序 (KB938127) MS07-050
KB902344,  启用了 WMDRM 的 Media Player 更新程序 (KB902344) 
KB951066,  用于 Windows XP 的 Outlook Express 安全更新程序 (KB951066) MS08-048
KB952954,  Windows XP 安全更新程序 (KB952954) MS08-046
KB950974,  Microsoft XP 安全更新程序 (KB950974) MS08-049
KB952287,  Windows XP 更新程序 (KB952287) 
KB921598,  Microsoft Office 2003 安全更新 (KB921598) MS08-044
KB955439,  Access Snapshot Viewer 2003 安全更新 (KB955439) MS08-041
KB953404,  Microsoft Office 2003 安全更新 (KB953404) MS08-055
KB949810,  Office 正版增值计划通知 (KB949810)-CHS 
KB958644,  Windows XP 安全更新程序 (KB958644) MS08-067
KB951535,  Microsoft Office 2003 安全更新 (KB951535) MS08-069
KB955069,  Windows XP 安全更新程序 (KB955069) MS08-069
KB954459,  Windows XP 安全更新程序 (KB954459) MS08-069
KB957097,  Windows XP 安全更新程序 (KB957097) MS08-068
KB956802,  Windows XP 安全更新程序 (KB956802) MS08-071
KB956803,  Windows XP 安全更新程序 (KB956803) MS08-066
KB958687,  Windows XP 安全更新程序 (KB958687) MS09-001
KB960225,  Windows XP 安全更新程序 (KB960225) MS09-007
KB967715,  Windows XP 更新程序 (KB967715) 
KB905474,  Windows Genuine Advantage 通知 (KB905474) 
KB909520,  Microsoft 基本智能卡加密服务提供程序包： x86 (KB909520) 
KB923561,  Windows XP 安全更新程序 (KB923561) MS09-010
KB956572,  Windows XP 安全更新程序 (KB956572) MS09-012
KB952004,  Windows XP 安全更新程序 (KB952004) MS09-012
KB960803,  Windows XP 安全更新程序 (KB960803) MS09-013
KB959426,  Windows XP 安全更新程序 (KB959426) MS09-015
KB957784,  Microsoft Office PowerPoint 2003 安全更新 (KB957784) MS09-017
KB961501,  Windows XP 安全更新程序 (KB961501) MS09-022
KB970238,  Windows XP 安全更新程序 (KB970238) MS09-026
KB951847,  Microsoft .NET Framework 3.5 Service Pack 1 和 .NET Framework 3.5 Family Update (KB951847) x86 
KB971633,  Windows XP 安全更新程序 (KB971633) MS09-028
KB973923,  Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package 的安全更新 (KB973923) MS09-035
KB971557,  Windows XP 安全更新程序 (KB971557) MS09-038
KB973540,  Windows XP Service Pack 3 安全更新程序 (KB973540) MS09-037
KB973869,  Windows XP 安全更新程序 (KB973869) MS09-037
KB956744,  Windows XP 安全更新程序 (KB956744) MS09-044
KB973354,  Windows XP 安全更新程序 (KB973354) MS09-037
KB973507,  Windows XP 安全更新程序 (KB973507) MS09-037
KB960859,  Windows XP 安全更新程序 (KB960859) MS09-042
KB973815,  Windows XP 安全更新程序 (KB973815) MS09-037
KB971657,  Windows XP 安全更新程序 (KB971657) MS09-041
KB947319,  Microsoft Office Web Components 安全更新 (KB947319) MS09-043
KB961371,  Windows XP 安全更新程序 (KB961371) MS09-029
KB944036,  用于 Windows XP 的 Internet Explorer 8 
KB974331,  Microsoft Silverlight 更新 (KB974331) 
KB956844,  Windows XP 安全更新程序 (KB956844) MS09-046
KB971961,  用于 Windows XP 的 Jscript 5.7 的安全更新程序 (KB971961) MS09-045
KB968816,  用于 Windows XP SP 3 的 Windows Media Format Runtime 9、9.5 和 11 的安全更新程序 (KB968816) MS09-047
KB968816,  Windows Live 软件包 
KB973525,  用于 Windows XP 的 ActiveX Killbit 累积安全更新程序 (KB973525) MS09-055
KB954155,  用于 Windows XP SP 3 的 Windows Media Format Runtime 9、9.5 和 11 的安全更新程序 (KB954155) MS09-051
KB975025,  Windows XP 安全更新程序 (KB975025) MS09-051
KB974571,  Windows XP 安全更新程序 (KB974571) MS09-056
KB974112,  Windows XP 安全更新程序 (KB974112) MS09-052
KB971486,  Windows XP 安全更新程序 (KB971486) MS09-058
KB958869,  Windows XP 安全更新程序 (KB958869) MS09-062
KB969059,  Windows XP 安全更新程序 (KB969059) MS09-057
KB974554,  Microsoft Office 2003 安全更新 (KB974554) MS09-060
KB972580,  Microsoft Office 2003 安全更新 (KB972580) MS09-062
KB973705,  Microsoft Office Outlook 2003 安全更新 (KB973705) MS09-060
KB974771,  Outlook 2003 垃圾邮件筛选器更新 (KB974771) 
KB954430,  Microsoft XML Core Services 4.0 Service Pack 2 安全更新程序 (KB954430) MS08-069
KB968389,  Windows XP 更新程序 (KB968389) 
KB971513,  Windows XP 更新程序 (KB971513) 
KB973475,  Microsoft Office Excel 2003 安全更新 (KB973475) MS09-067
KB973443,  Microsoft Office Word 2003 安全更新 (KB973443) MS09-068
KB969947,  Windows XP 安全更新程序 (KB969947) MS09-065
KB973687,  Windows XP 更新程序 (KB973687) 
KB973688,  Microsoft XML Core Services 4.0 Service Pack 2 更新程序 (KB973688) 
KB952069,  Windows XP Service Pack 3 安全更新程序 (KB952069) MS08-076
KB976098,  Windows XP 更新程序 (KB976098) 
KB931125,  根证书更新 [2009 年 11 月] (KB931125) 
KB974318,  Windows XP 安全更新程序 (KB974318) MS09-071
KB974392,  Windows XP 安全更新程序 (KB974392) MS09-069
KB955759,  Windows XP 更新程序 (KB955759) 
KB973904,  Windows XP 安全更新程序 (KB973904) MS09-073
KB890830,  Windows 恶意软件删除工具 - 2009 年 12 月 (KB890830) 
KB976325,  用于 Windows XP 的 Internet Explorer 7 累积安全更新程序 (KB976325) MS09-072
KB976882,  Outlook 2003 垃圾邮件筛选器更新 (KB976882) 
KB975051,  Microsoft Office 2003 安全更新 (KB975051) MS09-073

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]