[CODE] 2010-01-15,08:24:27 System Repair Engineer 2.8.2.1321 Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 3 (Build 2600) - 管理权限用户 - 完整功能以下内容被选中：所有的启动项目（包括注册表、启动文件夹、服务等）浏览器加载项正在运行的进程（包括进程模块信息）文件关联 Winsock 提供者 Autorun.inf HOSTS 文件进程特权扫描计划任务 Windows 安全更新检查 API HOOK 隐藏进程启动项目注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <"C:\Program Files\Rising\Rav\RsTray.exe" -system> [(Verified)Beijing Rising Information Technology Corporation Limited] <"C:\Program Files\Rising\RFW\RsTray.exe" -system> [(Verified)Beijing Rising Information Technology Corporation Limited] <"C:\Program Files\Rising\AntiSpyware\rstray.exe" /startup> [(Verified)Beijing Rising Information Technology Corporation Limited] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Component Publisher] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{AEB6717E-7E19-11d0-97EE-00C04FD91972}> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] <%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher] <%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher] <%SystemRoot%\system32\webcheck.dll> [(Verified)Microsoft Windows Component Publisher] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy] <%SystemRoot%\System32\dimsntfy.dll> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn] [(Verified)Logitech] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher] <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] <浏览器自定义组件> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] <%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] <%SystemRoot%\system32\ie4uinit.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] [(Verified)Microsoft Corporation] ================================== 启动文件夹 N/A ================================== 服务 [Human Interface Device Access / HidServ][Stopped/Disabled] %SystemRoot%\System32\hidserv.dll> [Logitech Bluetooth Service / LBTServ][Stopped/Manual Start] [Performance Service / nTuneService][Running/Auto Start] [NVIDIA Display Driver Service / nvsvc][Running/Auto Start] [Rav Service / RsRavMon][Running/Auto Start] <"C:\Program Files\Rising\Rav\RavMonD.exe"> [RFW Service / RsRFWMon][Running/Auto Start] <"C:\Program Files\Rising\RFW\RavMonD.exe"> [ServiceLayer / ServiceLayer][Stopped/Manual Start] <"C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"> [Tencent Software Update Service / TSUSVC][Stopped/Auto Start] <"C:\Program Files\Tencent\QQSoftMgr\1.0.338.203\TencentUpdateSvc.exe" -run> [Update Center Service / UpdateCenterService][Running/Auto Start] [主动防御 / ZhuDongFangYu][Stopped/Manual Start] <"D:\360safe\deepscan\zhudongfangyu.exe"><360.cn> ================================== 驱动程序 [360SelfProtection / 360SelfProtection][Running/System Start] <360安全中心> [BC / BC][Running/Boot Start] <\SystemRoot\system32\Drivers\BC.sys> [BFSDRV / BFSDRV][Running/System Start] <\??\C:\WINDOWS\system32\drivers\bfsdrv.sys><360安全中心> [Bluetooth Audio Service / BlueletAudio][Running/Manual Start] [Bluetooth SCO Audio Service / BlueletSCOAudio][Running/Manual Start] [bootsafe / bootsafe][Running/Boot Start] <\SystemRoot\system32\Drivers\bootsafe.sys><> [BREGDRV / BREGDRV][Running/System Start] <\??\C:\WINDOWS\system32\drivers\bregdrv.sys><360安全中心> [Bluetooth PAN Network Adapter / BT][Stopped/Manual Start] [Bluetooth USB For Bluetooth Service / Btcsrusb][Stopped/Manual Start] [Bluetooth HID Enumerator / BTHidEnum][Running/Boot Start] <\SystemRoot\System32\Drivers\vbtenum.sys> [Bluetooth HID Manager Service / BTHidMgr][Running/Boot Start] <\SystemRoot\System32\Drivers\BTHidMgr.sys> [ce / ce][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\ce.sys> [EagleNT / EagleNT][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\EagleNT.sys> [EfiSystemMon / EfiMon][Running/System Start] <奇虎网> [fstfat.sys / fstfat.sys][Stopped/Manual Start] <\??\C:\WINDOWS\system32\fstfat.sys> [%GDMCAP.DeviceDesc% / GDMCAP][Running/Auto Start] [Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start] [hookcont / hookcont][Running/System Start] [HookPort / HookPort][Running/Boot Start] <\SystemRoot\System32\Drivers\Hookport.sys><360安全中心> [hooksys / hooksys][Running/System Start] [Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start] [KernlProD / KernlProD][Stopped/Manual Start] <\??\C:\WINDOWS\system32\ntkrlmon.sys> [Logitech SetPoint Keyboard Driver / L8042Kbd][Running/Manual Start] [SetPoint PS/2 Mouse Filter Driver / L8042mou][Running/Manual Start] [SetPoint Mouse Filter Driver / LMouKE][Running/Manual Start] [Nokia USB Phone Parent / nmwcd][Stopped/Manual Start] [Nokia USB Generic / nmwcdc][Stopped/Manual Start] [Netgroup Packet Filter / NPF][Stopped/Manual Start] [npkcrypt / npkcrypt][Stopped/Auto Start] <\??\C:\Documents and Settings\Administrator\桌面\QQ2006Beta1 Lite－sec edition\npkcrypt.sys> [nv / nv][Running/Manual Start] [NVIDIA Enthusiasts Platform KDM / nvoclock][Running/Manual Start] [oreans32 / oreans32][Running/System Start] <\??\C:\WINDOWS\system32\drivers\oreans32.sys> [PCCS Mode Change Filter Driver / pccsmcfd][Stopped/Manual Start] [Direct Parallel Link Driver / Ptilink][Running/Manual Start] [QKeyServiceDisplay / QKeyService][Running/Boot Start] <\SystemRoot\system32\KeyCrypt.sys> [QQGameProtect / QQGameProtect][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\QQGameProtect.sys> [Quantum DeepScanner Servers / qutmdserv][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\qutmdrv.sys><360.cn> [qutmipc / qutmipc][Running/System Start] <\??\C:\WINDOWS\system32\drivers\qutmipc.sys><360安全中心> [Rising RfwARP Driver / RFWARP][Running/Auto Start] [Rising RfwBase Driver / RfwBase9][Running/Manual Start] [rfwtdi / rfwtdi][Running/Auto Start] <\??\C:\Program Files\Rising\RFW\rfwtdi.sys> [RivaTuner32 / RivaTuner32][Stopped/Manual Start] <\??\D:\RivaTuner v2.24\RivaTuner32.sys> [rsassist / rsassist][Running/Auto Start] [rsfwdrv / rsfwdrv][Running/System Start] <\??\C:\Program Files\Rising\RFW\rsfwdrv.sys> [RsNTGDI / RsNTGDI][Running/Boot Start] <\SystemRoot\system32\Drivers\RsNTGdi.sys> [SafeBoxKrnl / SafeBoxKrnl][Running/System Start] <\??\C:\WINDOWS\system32\Drivers\safeboxkrnl.sys><360安全中心> [Secdrv / Secdrv][Stopped/Manual Start] [sptd / sptd][Running/Boot Start] <\SystemRoot\System32\Drivers\sptd.sys> [TCP/IP Protocol Driver / Tcpip][Running/System Start] [TesDrvPt / TesDrvPt][Stopped/Manual Start] <\??\C:\WINDOWS\system32\TesDrvPt.sys> [TesSafe / TesSafe][Stopped/Manual Start] <\??\C:\WINDOWS\system32\TesSafe.sys> [TKP / TKP][Stopped/Manual Start] <\??\C:\WINDOWS\system32\DRIVERS\6044> [TVICHW32 / TVICHW32][Stopped/Manual Start] <\??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS> [Virtual Serial port driver / VComm][Running/Manual Start] [Bluetooth VComm Manager Service / VcommMgr][Running/Manual Start] [NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller / yukonwxp][Running/Manual Start] [FAMETECH USB PC CAMERA / ZSMC301b][Stopped/Manual Start] ================================== 浏览器加载项 [QQCycloneHelper Class] {00000000-12C9-4305-82F9-43058F20E8D2} [ThunderAtOnce Class] {01443AEC-0FD1-40fd-9C87-E93D1494C233} [QvodExtend] {53AC8551-0DE0-4606-8A1E-A51AF20ADD60} [Groove GFS Browser Helper] {72853161-30C5-4D22-B7F9-0BBC1D38A37E} [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} [卡卡上网安全助手] {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} [SafeMon Class] {B69F34DD-F0F9-42DC-9EDD-957187DA688D} [MiniFlashGetBHO] {C74E94A7-B7BD-4891-9328-455395BCC7AD} [启动迅雷5] {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} [Send to OneNote from Internet Explorer button] {2670000A-7350-4f3c-8081-5663EE0C6C49} [信息检索(&R)] {92780B25-18CC-41C8-B9BE-3C9C571A8263} [QvodButton] {82D9671E-0B56-4285-92CD-15BC08B883BB} [] {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <, > [] {00000162-9980-0010-8000-00AA00389B71} <, > [PhotoDrawEx Class] {05F5F404-7C24-4B39-B5CC-340CEDEB9C0D} [Windows Genuine Advantage Validation Tool] {17492023-C23A-453E-A040-C7C580BBF700} [System Requirements Lab Class] {1E54D648-B804-468d-BC78-4AFFED8E262E} <, > [System Requirements Lab Class] {1E54D648-B804-468d-BC78-4AFFED8E262F} [PhotoDraw Class] {2375BEE5-F175-4F1C-81EC-8E4E2E72E2DD} [nEdit Control] {32D72994-45B9-42B5-8980-FB561D1BE2D0} [EditCtrl Class] {488A4255-3236-44B3-8F27-FA1AECAA8844} [AxInputControl Class] {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <, > [RavOnline Class] {9FAFB576-6933-4CCC-AB3D-B988EC43D04E} <, > [QQCertCtrl Class] {BAEA0695-03A4-43BB-8495-C7025E1A8F42} [ScreenCapture Class] {BFB79EE1-04AE-4D4A-B85E-27EE5F30C095} [Tencent Safety Online Base Module] {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <, > [VodClient Control Class] {D4003189-95B1-4A2F-9A87-F2B03665960D} [PasswordEditCtrl Class] {E787FD25-8D7C-4693-AE67-9406BC6E22DF} [PPLive Lite Class] {EF0D1A14-1033-41A2-A589-240C01EDC078} <, > [QQCycloneHelper Class] {00000000-12C9-4305-82F9-43058F20E8D2} [ThunderAtOnce Class] {01443AEC-0FD1-40FD-9C87-E93D1494C233} [] {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <, > [] {0A0DDBD3-6641-40B9-873F-BBDD26D6C14E} <, > [] {116BA71C-8187-4F15-9A1F-C9D6289155D1} <, > [Player Class] {11F2A418-94B2-4e16-9B0C-B00C0435F903} [InstallHelper Class] {1DABF8D5-8430-4985-9B7F-A30E53D709B3} [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} [HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, (Signed) N/A> [] {2670000A-7350-4F3C-8081-5663EE0C6C49} <, > [] {2974c985-8151-4de5-b23c-b875f0a8522f} <, > [DHTML Edit Control Safe for Scripting for IE5] {2D360201-FFF5-11D1-8D03-00A0C959BC0A} [XML Document] {48123BC4-99D9-11D1-A6B3-00C04FD91555} [Thunder Agent Class] {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} [QQPYChecker Class] {5052B4D0-9DF7-45ef-88EF-F42C0EA33A43} [QvodExtend] {53AC8551-0DE0-4606-8A1E-A51AF20ADD60} [Shell Name Space] {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A> [QQLiveFile Class] {6B232760-90F1-41c3-9902-C8552C1D8A72} [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} [IJetCarNetscapeMini Class] {6C1C7AF0-0DC2-4770-9B27-517416A85F3B} [Groove GFS Browser Helper] {72853161-30C5-4D22-B7F9-0BBC1D38A37E} [] {82D9671E-0B56-4285-92CD-15BC08B883BB} <, > [360SafeLive] {87515F61-A66C-4319-A0E0-D416CB8059E3} [Microsoft Web 浏览器] {8856F961-340A-11D0-A96B-00C04FD705A2} [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} [] {92780B25-18CC-41C8-B9BE-3C9C571A8263} <, > [OFrameObject Class] {9701758C-4373-482E-B13C-776C048EC890} [卡卡上网安全助手] {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} [VersionDetector Class] {9EFF1953-9694-47B1-AEF6-B2A3FE8BFE9B} [APlayer Control] {A9322148-C691-4B9D-91FC-B9C461DBE9DD} [RMGetLicense Class] {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} [DapCtrl Class] {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} [Microsoft Scriptlet Component] {AE24FDAE-03C6-11D1-8B76-0080C744F389} [] {B070D3E3-FEC0-47D9-8E8A-99D4EEB3D3B0} <, > [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A> [SafeMon Class] {B69F34DD-F0F9-42DC-9EDD-957187DA688D} [WebPlayer Class] {B965124A-7C58-45f8-91BF-28A981CE7594} [RDS.DataSpace] {BD96C556-65A3-11D0-983A-00C04FC29E36} [MiniFlashGetBHO] {C74E94A7-B7BD-4891-9328-455395BCC7AD} [AUDIO__MP3 Moniker Class] {CD3AFA76-B84F-48F0-9393-7EDC34128127} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [QQLive Class] {D9EBCF5D-3F8F-4b6a-89BA-70577BE73C62} [] {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <, > [PlayerCtrl Class] {E05BC2A3-9A46-4A32-80C9-023A473F5B23} [PasswordEditCtrl Class] {E787FD25-8D7C-4693-AE67-9406BC6E22DF} [&U使用纳米机器人下载并收藏] [&使用QQ旋风下载] [&使用QQ旋风下载全部链接] [使用电驴下载] [使用迅雷下载] [使用迅雷下载全部链接] [使用迷你快车下载] [使用迷你快车下载全部链接] [导出到 Microsoft Excel(&X)] ================================== 正在运行的进程 [PID: 936 / SYSTEM][\SystemRoot\System32\smss.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [PID: 1004 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [PID: 1028 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\WINDOWS\system32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll] [Logitech, Inc., 4.60.122] [c:\program files\common files\logishrd\bluetooth\LBTServ.dll] [Logitech, Inc., 4.60.122] [PID: 1072 / SYSTEM][C:\WINDOWS\system32\services.exe] [(Verified) Microsoft Corporation, 5.1.2600.5755 (xpsp_sp3_qfe.090206-1316)] [PID: 1084 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [PID: 1260 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe] [NVIDIA Corporation, 4.00.1381.9562] [C:\WINDOWS\system32\nvapi.dll] [NVIDIA Corporation, 6.14.11.9562] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [PID: 1308 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [PID: 1372 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [PID: 1496 / SYSTEM][C:\Program Files\Rising\Rav\RavMonD.exe] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2] [C:\Program Files\Rising\Rav\combase.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 17] [C:\Program Files\Rising\Rav\cnt09.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5] [C:\Program Files\Rising\Rav\moncomm.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 9] [C:\Program Files\Rising\Rav\MonBase.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3] [C:\Program Files\Rising\Rav\Rslog.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.41] [C:\Program Files\Rising\Rav\mondrv.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6] [C:\Program Files\Rising\Rav\defmon.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 45] [C:\Program Files\Rising\Rav\moncom08.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1] [C:\Program Files\Rising\Rav\MonRule.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 10] [C:\Program Files\Rising\Rav\FileMon.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 29] [C:\Program Files\Rising\Rav\MailMon.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 22] [C:\Program Files\Rising\Rav\HookWeb.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 12] [C:\Program Files\Rising\Rav\rsindent.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 11] [C:\Program Files\Rising\Rav\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [C:\Program Files\Rising\Rav\taskplug.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 10] [C:\Program Files\Rising\Rav\scansrvp.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.7] [C:\Program Files\Rising\Rav\cnt08.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\Program Files\Rising\Rav\proccomm.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4] [C:\Program Files\Rising\Rav\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.0] [C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.0] [C:\Program Files\Rising\Rav\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [C:\Program Files\Rising\Rav\Hooksys.dll] [Beijing Rising Information Technology Co., Ltd., 24, 0, 0, 3] [C:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [C:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [C:\Program Files\Rising\Rav\HookCont.dll] [Beijing Rising Information Technology Co., Ltd., 24, 0, 0, 1] [C:\Program Files\Rising\Rav\BACore.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 32] [C:\WINDOWS\system32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\Program Files\Rising\Rav\recomp.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6] [C:\Program Files\Rising\Rav\refs.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3] [C:\Program Files\Rising\Rav\viruslib.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3] [C:\Program Files\Rising\Rav\relibldr.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3] [C:\Program Files\Rising\Rav\rsnetsvr.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3] [C:\Program Files\Rising\Rav\bawhite.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3] [C:\Program Files\Rising\Rav\RSStore.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5] [C:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.21] [C:\Program Files\Rising\Rav\ScanAdd.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.4] [C:\Program Files\Rising\Rav\rstask.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5] [C:\Program Files\Rising\Rav\rsstub.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1] [C:\Program Files\Rising\Rav\ScanSrv.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.3] [C:\Program Files\Rising\Rav\scanpe.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 10] [C:\Program Files\Rising\Rav\pearc.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2] [C:\Program Files\Rising\Rav\ur000.dat] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4] [C:\Program Files\Rising\Rav\urutils.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1] [C:\Program Files\Rising\Rav\revm.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6] [C:\Program Files\Rising\Rav\ffr.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4] [C:\Program Files\Rising\Rav\nvfile.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1] [C:\Program Files\Rising\Rav\scanexec.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2] [C:\Program Files\Rising\Rav\unexe.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2] [C:\Program Files\Rising\Rav\scanex.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 62] [C:\Program Files\Rising\Rav\scantj.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4] [C:\Program Files\Rising\Rav\methodex.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3] [C:\Program Files\Rising\Rav\heurex.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 15] [C:\Program Files\Rising\Rav\pecompd.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5] [C:\Program Files\Rising\Rav\ScanRavT.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.4] [C:\Program Files\Rising\Rav\ScanBT.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.18] [C:\Program Files\Rising\Rav\ScanStub.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.1] [C:\Program Files\Rising\Rav\ur023.dat] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1] [C:\Program Files\Rising\Rav\scansct.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4] [C:\Program Files\Rising\Rav\ur001.dat] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2] [C:\Program Files\Rising\Rav\ur025.dat] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2] [C:\Program Files\Rising\Rav\extmail.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5] [PID: 1528 / SYSTEM][C:\Program Files\Rising\RFW\RavMonD.exe] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2] [C:\Program Files\Rising\RFW\combase.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 17] [C:\Program Files\Rising\RFW\cnt09.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5] [C:\Program Files\Rising\RFW\MonBase.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3] [C:\Program Files\Rising\RFW\MonComm.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 9] [C:\Program Files\Rising\RFW\rfwlog.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.14] [C:\Program Files\Rising\RFW\rfwrule.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.1] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Rising\RFW\rfwsrv.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.2] [C:\Program Files\Rising\RFW\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [C:\Program Files\Rising\RFW\mPorts.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.0] [C:\Program Files\Rising\RFW\rfwdrvc.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.1] [C:\Program Files\Rising\RFW\Rfwdrv.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.5] [C:\Program Files\Rising\RFW\rsnetsvr.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3] [C:\Program Files\Rising\RFW\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [C:\Program Files\Rising\RFW\RfwArp.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.5] [C:\Program Files\Rising\RFW\urlrule.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.1] [C:\Program Files\Rising\RFW\recomp.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6] [C:\Program Files\Rising\RFW\refs.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3] [C:\Program Files\Rising\RFW\viruslib.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3] [C:\Program Files\Rising\RFW\relibldr.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3] [C:\Program Files\Rising\RFW\rfwproxy.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 67] [C:\Program Files\Rising\RFW\rslang.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1] [C:\Program Files\Rising\RFW\rsindent.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 11] [C:\Program Files\Rising\RFW\taskplug.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 10] [C:\Program Files\Rising\RFW\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.0] [C:\Program Files\Rising\RFW\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.0] [C:\Program Files\Rising\RFW\proccomm.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4] [C:\Program Files\Rising\RFW\NComm2.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3] [C:\Program Files\Rising\RFW\rstask.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5] [C:\Program Files\Rising\RFW\rsstub.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\Program Files\Rising\RFW\urllib.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1] [PID: 1576 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\WINDOWS\System32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\WINDOWS\system32\msi.dll] [Microsoft Corporation, 4.5.6001.22159] [PID: 1640 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [PID: 1932 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [PID: 2036 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [PID: 504 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\WINDOWS\system32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\WINDOWS\system32\msi.dll] [Microsoft Corporation, 4.5.6001.22159] [PID: 928 / Administrator][C:\WINDOWS\Explorer.EXE] [(Verified) Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.DLL] [Microsoft Corporation, 8.00.50727.4053] [C:\WINDOWS\system32\msi.dll] [Microsoft Corporation, 4.5.6001.22159] [D:\Thunder\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 120] [D:\Thunder\Components\ResWorker\DsBho_00.dll] [ShenZhen Thunder Networking Technologies,LTD, 1, 0, 0, 20] [D:\Thunder\Components\ResWorker\DataProcessor_00.dll] [ShenZhen Thunder Networking Technologies,LTD, 1, 0, 0, 16] [C:\WINDOWS\system32\nvcpl.dll] [NVIDIA Corporation, 6.14.11.9562] [C:\WINDOWS\system32\NVRSZHC.DLL] [NVIDIA Corporation, 6.14.11.9562] [C:\WINDOWS\system32\nvapi.dll] [NVIDIA Corporation, 6.14.11.9562] [C:\Program Files\NVIDIA Corporation\nView\nvshell.dll] [, ] [C:\WINDOWS\system32\shdoclc.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [D:\Thunder\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.5.34] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [PID: 1428 / Administrator][C:\Program Files\Rising\Rav\RsTray.exe] [Beijing Rising Information Technology Co., Ltd., 22.0.0.10] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\Program Files\Rising\Rav\comserv.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.15] [C:\Program Files\Rising\Rav\rslang.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1] [C:\Program Files\Rising\Rav\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [C:\Program Files\Rising\Rav\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [C:\Program Files\Rising\Rav\ProcComm.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4] [C:\Program Files\Rising\Rav\rsxml.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2] [C:\Program Files\Rising\Rav\MonState.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2] [C:\Program Files\Rising\Rav\ScanEvnt.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.3] [C:\Program Files\Rising\Rav\rsguilib.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 57] [C:\Program Files\Rising\Rav\rsconf.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.1] [C:\Program Files\Rising\Rav\rspalvd.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.7] [C:\Program Files\Rising\Rav\ravbintl.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 21] [C:\Program Files\Rising\Rav\mruleui.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 7] [C:\Program Files\Rising\Rav\MonTray.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.74] [C:\Program Files\Rising\Rav\RavITray.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6] [C:\Program Files\Rising\Rav\rsmginfo.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4] [C:\Program Files\Rising\Rav\scanleak.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6] [C:\Program Files\Rising\Rav\ravppops.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 21] [C:\Program Files\Rising\Rav\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.0] [C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.0] [C:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [C:\Program Files\Rising\Rav\ScanPrxy.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.4] [PID: 1452 / Administrator][C:\Program Files\Rising\RFW\RsTray.exe] [Beijing Rising Information Technology Co., Ltd., 22.0.0.10] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\Program Files\Rising\RFW\comserv.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.15] [C:\Program Files\Rising\RFW\rslang.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1] [C:\Program Files\Rising\RFW\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [C:\Program Files\Rising\RFW\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [C:\Program Files\Rising\RFW\ProcComm.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4] [C:\Program Files\Rising\RFW\rsxml.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2] [C:\Program Files\Rising\RFW\MonState.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2] [C:\Program Files\Rising\RFW\rfwrule.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.1] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Rising\RFW\rsconf.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.1] [C:\Program Files\Rising\RFW\rspalvd.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.7] [C:\Program Files\Rising\RFW\rsguilib.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 57] [C:\Program Files\Rising\RFW\ravbintl.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 21] [C:\Program Files\Rising\RFW\rsnetsvr.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3] [C:\Program Files\Rising\RFW\rsmginfo.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4] [C:\Program Files\Rising\RFW\rfwtray.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 39] [C:\Program Files\Rising\RFW\ravppops.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 21] [C:\Program Files\Rising\RFW\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.0] [C:\Program Files\Rising\RFW\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.0] [C:\Program Files\Rising\RFW\PngDll.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [C:\Program Files\Rising\RFW\rfwlog.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.14] [PID: 896 / Administrator][C:\Program Files\Rising\AntiSpyware\rstray.exe] [Beijing Rising Information Technology Co., Ltd., 21.0.0.27] [C:\Program Files\Rising\AntiSpyware\rsmginfo.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\Program Files\Rising\AntiSpyware\RsXML.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2] [C:\Program Files\Rising\AntiSpyware\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Rising\AntiSpyware\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Rising\AntiSpyware\ComServ.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.31] [C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [C:\Program Files\Rising\AntiSpyware\rscommon.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.1.1] [C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [C:\Program Files\Rising\AntiSpyware\pngdll.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5] [C:\Program Files\Rising\AntiSpyware\runiep.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.44] [C:\Program Files\Rising\AntiSpyware\NComm.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.11] [C:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [C:\Program Files\Rising\AntiSpyware\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [PID: 1676 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [PID: 2840 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [PID: 2888 / SYSTEM][C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe] [NVIDIA, 6.05.13] [C:\Program Files\NVIDIA Corporation\nTune\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\NVIDIA Corporation\nTune\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\NVIDIA Corporation\nTune\nTuneServiceENU.dll] [NVIDIA, 6.05.13] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\Program Files\NVIDIA Corporation\nTune\nvsulib.dll] [NVIDIA, 6.05.13] [C:\WINDOWS\system32\nvapi.dll] [NVIDIA Corporation, 6.14.11.9562] [PID: 3048 / Administrator][C:\Program Files\Rising\AntiSpyware\ras.exe] [Beijing Rising Information Technology Co., Ltd., 6.0.0.7] [C:\Program Files\Rising\AntiSpyware\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Rising\AntiSpyware\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\Program Files\Rising\AntiSpyware\KakaMgr.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.30] [C:\Program Files\Rising\AntiSpyware\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [C:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [C:\Program Files\Rising\AntiSpyware\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [C:\Program Files\Rising\AntiSpyware\dbmgr.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.4] [C:\Program Files\Rising\AntiSpyware\RSXML.DLL] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2] [C:\Program Files\Rising\AntiSpyware\pweb.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.24] [C:\Program Files\Rising\AntiSpyware\pscan.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.94] [C:\Program Files\Rising\AntiSpyware\NComm.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.11] [C:\Program Files\Rising\AntiSpyware\pset.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.12] [C:\Program Files\Rising\AntiSpyware\pdefend.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.15] [C:\Program Files\Rising\AntiSpyware\ptools.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.18] [C:\WINDOWS\system32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\Program Files\Rising\AntiSpyware\psysinfo.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.72] [C:\Program Files\Rising\AntiSpyware\PngDll.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5] [C:\WINDOWS\system32\shdoclc.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [PID: 3096 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [PID: 3268 / SYSTEM][C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe] [NVIDIA, 6.05.10] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterServiceENU.dll] [NVIDIA, 6.05.10] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [PID: 3424 / Administrator][C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe] [NVIDIA, 6.05.13] [C:\Program Files\NVIDIA Corporation\nTune\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\NVIDIA Corporation\nTune\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\NVIDIA Corporation\nTune\nTuneCmdZHC.dll] [NVIDIA, 6.05.13] [C:\Program Files\NVIDIA Corporation\nTune\nvsulib.dll] [NVIDIA, 6.05.13] [C:\WINDOWS\system32\nvapi.dll] [NVIDIA Corporation, 6.14.11.9562] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [PID: 3436 / Administrator][C:\Program Files\Rising\AntiSpyware\knownsvr.exe] [Beijing Rising Information Technology Co., Ltd., 6.0.0.14] [C:\Program Files\Rising\AntiSpyware\NComm.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.11] [C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [PID: 2308 / Administrator][C:\Program Files\racer-gxn\racer.exe] [Putian Runway, 3,3,130,331] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\Program Files\racer-gxn\rwxre.dll] [Putian Runway, 3,3,130,331] [C:\Program Files\racer-gxn\nspr4.dll] [Netscape Communications Corporation, 4.6.1] [C:\Program Files\racer-gxn\xpcom_core.dll] [Mozilla Foundation, Personal] [C:\Program Files\racer-gxn\plc4.dll] [Netscape Communications Corporation, 4.6.1] [C:\Program Files\racer-gxn\plds4.dll] [Netscape Communications Corporation, 4.6.1] [C:\Program Files\racer-gxn\nss3.dll] [Netscape Communications Corporation, 3.10.2] [C:\Program Files\racer-gxn\softokn3.dll] [Netscape Communications Corporation, 3.10.2] [C:\Program Files\racer-gxn\js3250.dll] [Netscape Communications Corporation, 4.0] [C:\Program Files\racer-gxn\gkgfx.dll] [Mozilla Foundation, Personal] [C:\Program Files\racer-gxn\xpcom_compat.dll] [Mozilla Foundation, Personal] [C:\Program Files\racer-gxn\smime3.dll] [Netscape Communications Corporation, 3.10.2] [C:\Program Files\racer-gxn\ssl3.dll] [Netscape Communications Corporation, 3.10.2] [C:\Program Files\racer-gxn\components\jar50.dll] [Mozilla Foundation, Personal] [C:\Program Files\racer-gxn\components\racer_base_comp.dll] [Putian Runway, 3,3,130,331] [C:\Program Files\racer-gxn\racer_base.dll] [Putian Runway, 3,3,130,331] [C:\Program Files\racer-gxn\kbdhook.dll] [Putian Runway, 3,3,130,331] [C:\Program Files\racer-gxn\components\gklayout.dll] [Mozilla Foundation, Personal] [C:\Program Files\racer-gxn\nssckbi.dll] [Netscape Communications Corporation, 1.53] [C:\Program Files\racer-gxn\components\racer_ad_comp.dll] [Putian Runway, 3,3,130,331] [C:\Program Files\racer-gxn\components\racer_access_pppoe.dll] [Putian Runway, 3,3,130,331] [C:\Program Files\racer-gxn\pppoe.dll] [北京润汇科技有限公司, 9, 0, 22, 50] [C:\Program Files\racer-gxn\components\racer_nss4_comp.dll] [Putian Runway, 3,3,130,331] [C:\Program Files\racer-gxn\nss4.dll] [北京润汇科技有限公司, 1, 0, 0, 4] [C:\Program Files\racer-gxn\wpcap.dll] [CACE Technologies, 3, 2, 0, 29] [C:\Program Files\racer-gxn\packet.dll] [CACE Technologies, 3, 2, 0, 29] [C:\Program Files\racer-gxn\WanPacket.dll] [CACE Technologies, 3, 2, 0, 29] [C:\WINDOWS\system32\NPPTools.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\racer-gxn\plugins\npmozax.dll] [, 1, 0, 0, 4] [C:\Program Files\racer-gxn\plugins\NPSWF32.dll] [, ] [PID: 1716 / SYSTEM][C:\WINDOWS\system32\wuauclt.exe] [(Verified) Microsoft Corporation, 7.2.6001.788 (winmain_oob/wu_wsuswlc(wmbla).081016-1330)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [PID: 996 / Administrator][D:\qq\QQ.exe] [TENCENT, 8,0,1300,1881] [D:\qq\QQBaseClassInDll.dll] [TENCENT, 8,0,1300,1881] [D:\qq\QQHelperDll.dll] [TENCENT, 8,0,1300,1881] [D:\qq\BasicCtrlDll.dll] [TENCENT, 8,0,1248,1851] [D:\qq\HookQQ.dll] [N/A, ] [D:\qq\LoadPatch.dll] [N/A, ] [D:\qq\TheTools.dll] [N/A, ] [D:\qq\HKDlls\KillQQAd.dll] [N/A, ] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [D:\qq\CaiHong.dll] [N/A, ] [D:\qq\LoginCtrl.dll] [TENCENT, 8,0,1300,1881] [D:\qq\LoginCtrlRes.dll] [TENCENT, 8,0,1249,1853] [D:\qq\RICHED20.dll] [Microsoft Corporation, 5.31.23.1218] [D:\qq\QQAPI.dll] [TENCENT, 8,0,1249,1853] [E:\QQ2010\Bin\TXPFProxy.dll] [Tencent, 1, 45, 1480, 0] [D:\qq\Reporter.dll] [N/A, ] [D:\qq\QQRes.dll] [TENCENT, 8,0,978,1833] [D:\qq\QQMainFrame.dll] [TENCENT, 8,0,1249,1853] [D:\qq\gdiplus.dll] [Microsoft Corporation, 5.1.3102.2180 (xpsp_sp2_rtm.040803-2158)] [D:\qq\UnReadMsgMgr.dll] [TENCENT, 8,0,1249,1853] [D:\qq\QQAllInOne.dll] [TENCENT, 8,0,1300,1881] [D:\qq\SCCore.dll] [TENCENT, 1, 6, 0, 2] [D:\qq\CameraDll.dll] [TENCENT, 8,0,1249,1853] [D:\qq\CQQApplication.dll] [TENCENT, 8,0,1300,1881] [D:\qq\FlashAvatarDll.dll] [, 1, 0, 0, 1] [D:\qq\NewSkin.dll] [TENCENT, 8,0,1249,1853] [D:\qq\MailSummary.dll] [TENCENT, 8,0,1234,1851] [D:\qq\UserDefinedHead.dll] [TENCENT, 8,0,1249,1853] [D:\qq\QQPlugin.dll] [TENCENT, 8,0,1249,1853] [D:\qq\vbscript.dll] [N/A, ] [D:\qq\encode.dll] [Microsoft Corporation, 5.6.0.8825] [D:\qq\QQSpace.dll] [TENCENT, 8,0,1249,1853] [C:\WINDOWS\system32\Macromed\Flash\Flash10d.ocx] [Adobe Systems, Inc., 10,0,42,34] [D:\qq\msdmo.dll] [, ] [D:\qq\QQAvatar.dll] [TENCENT, 8,0,1249,1853] [D:\qq\OEMApplication.dll] [TENCENT, 8,0,1249,1853] [D:\qq\QQKnowledgeSearch.dll] [TENCENT, 8,0,1249,1853] [D:\qq\QQGroupMng.dll] [TENCENT, 8,0,1249,1853] [D:\qq\QQPet.dll] [TENCENT, 8,0,1249,1853] [D:\qq\QQSysMsgMng.dll] [TENCENT, 8,0,1249,1853] [D:\qq\QRingMng.dll] [TENCENT, 8,0,1249,1853] [D:\qq\LongConnection.dll] [TENCENT, 8,0,1249,1851] [D:\qq\QQConfigPlugin.dll] [TENCENT, 8,0,1249,1853] [D:\qq\QQCustomFace.dll] [TENCENT, 8,0,1249,1853] [D:\qq\PhoneAPI.dll] [TENCENT, 8,0,1249,1853] [D:\qq\DialerAllinOne.dll] [tencent, 1, 4, 0, 0] [D:\qq\BQQApplication.dll] [TENCENT, 8,0,1249,1853] [D:\qq\PersonalDesktop.dll] [TENCENT, 8,0,1249,1853] [D:\qq\CommercesMng.dll] [TENCENT, 8,0,1249,1853] [D:\qq\QQAddr.dll] [深圳市腾讯计算机系统有限公司, 5, 0, 101, 330] [D:\qq\QQSceneMng.dll] [TENCENT, 8,0,1249,1853] [D:\qq\QQSettingCtrl.dll] [TENCENT, ] [D:\qq\AddrSearch.dll] [Tencent, 2, 3, 16, 12] [PID: 1220 / Administrator][E:\QQ2010\Bin\TXPlatform.exe] [Tencent, 1, 45, 1480, 0] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [E:\QQ2010\Bin\TXPFProxy.dll] [Tencent, 1, 45, 1480, 0] [PID: 1340 / SYSTEM][C:\WINDOWS\system32\wbem\wmiprvse.exe] [(Verified) Microsoft Corporation, 5.1.2600.5755 (xpsp_sp3_qfe.090206-1316)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [PID: 2336 / Administrator][D:\sreng2\SREngLdr.EXE] [Smallfrogs Studio, 2.8.2.1321] [PID: 3444 / Administrator][D:\sreng2\SREc577fa3d.EXE] [Smallfrogs Studio, 2.8.2.1321] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\WINDOWS\system32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [D:\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15] ================================== 文件关联 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 N/A ================================== Autorun.inf N/A ================================== HOSTS 文件 N/A ================================== 进程特权扫描特殊特权被允许： SeLoadDriverPrivilege [PID = 1028, C:\WINDOWS\SYSTEM32\WINLOGON.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 2308, C:\PROGRAM FILES\RACER-GXN\RACER.EXE] ================================== 计划任务 [已启用] OGADaily.job C:\WINDOWS\system32\OGAVerify.exe [已启用] OGALogon.job C:\WINDOWS\system32\OGAVerify.exe ================================== Windows 安全更新检查 Microsoft .NET Framework 版本 1.1 简体中文语言包 KB940157, 用于 Windows XP 的 Windows 搜索 4.0 (KB940157) KB949810, Office 正版增值计划通知 (KB949810)-CHS KB905474, Windows Genuine Advantage 通知 (KB905474) KB909520, Microsoft 基本智能卡加密服务提供程序包： x86 (KB909520) KB963673, 2007 Microsoft Office System 常用功能帮助的更新 (KB963673) KB963671, Microsoft 脚本编辑器帮助更新 (KB963671) KB867460, Microsoft .NET Framework 1.1 Service Pack 1 KB967642, 2007 Microsoft Office system 更新 (KB967642) KB963678, Microsoft Office Excel 2007 帮助更新 (KB963678) KB963677, Microsoft Office Outlook 2007 帮助更新 (KB963677) KB963669, Microsoft Office PowerPoint 2007 帮助更新 (KB963669) KB963665, Microsoft Office Word 2007 帮助更新 (KB963665) KB953195, 2007 Microsoft Office 套件 Service Pack 2 (SP2) KB944036, 用于 Windows XP 的 Internet Explorer 8 KB944036, Windows Live 软件包 KB974417, 用于 Windows 2000、Windows Server 2003 和 Windows XP 的 Microsoft .NET Framework 2.0 Service Pack 2 安全更新程序 (KB974417) MS09-061 KB951944, 2007 Microsoft Office system 安全更新 (KB951944) MS08-055 KB951550, Microsoft Office 2007 安全更新 (KB951550) MS08-069 KB931125, 根证书更新 [2009 年 11 月] (KB931125) KB970430, Windows XP 更新程序 (KB970430) KB971737, Windows XP 更新程序 (KB971737) KB977839, Outlook 2007 垃圾邮件筛选器更新 (KB977839) KB972270, Windows XP 安全更新程序 (KB972270) MS10-001 KB890830, Windows 恶意软件删除工具 - 2010 年 1 月 (KB890830) ================================== API HOOK N/A ================================== 隐藏进程 N/A ================================== [/CODE]