[CODE] 2010-11-01,19:23:28 System Repair Engineer 2.8.2.1321 Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 3 (Build 2600) - 管理权限用户 - 完整功能 以下内容被选中: 所有的启动项目(包括注册表、启动文件夹、服务等) 浏览器加载项 正在运行的进程(包括进程模块信息) 文件关联 Winsock 提供者 Autorun.inf HOSTS 文件 进程特权扫描 计划任务 API HOOK 隐藏进程 启动项目 注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] [(Verified)Microsoft Windows Component Publisher] [File is missing] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <> [N/A] <> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Component Publisher] [(Verified)Microsoft Windows Component Publisher] [(Verified)Microsoft Windows Component Publisher] <"d:\Program Files\Rising\RFW\RsTray.exe" -system> [(Verified)Beijing Rising Information Technology Corporation Limited] [File is missing] [(Verified)Tencent Technology(Shenzhen) Company Limited] [] <"d:\Program Files\Rising\Rav\RSTRAY.EXE" -system> [(Verified)Beijing Rising Information Technology Corporation Limited] <"C:\Program Files\Rising\AntiSpyware\rstray.exe" /startup> [(Verified)Beijing Rising Information Technology Corporation Limited] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Component Publisher] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{AEB6717E-7E19-11d0-97EE-00C04FD91972}> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] <%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher] <%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher] <%SystemRoot%\system32\webcheck.dll> [(Verified)Microsoft Windows Component Publisher] [(Verified)Microsoft Windows Component Publisher] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy] <%SystemRoot%\System32\dimsntfy.dll> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher] <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] <浏览器自定义组件> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] <%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] <%SystemRoot%\system32\ie4uinit.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] [(Verified)Microsoft Corporation] ================================== 启动文件夹 N/A ================================== 服务 [Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start] [Autodesk Licensing Service / Autodesk Licensing Service][Stopped/Manual Start] <"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"> [EliteE Net Service / EliteE Net Service][Stopped/Auto Start] [COM+ Event System / EventSystem][Stopped/Auto Start] C:\WINDOWS\system32\es.dll><> [Human Interface Device Access / HidServ][Stopped/Disabled] %SystemRoot%\System32\hidserv.dll> [Network Location Awareness (NLA) / Nla][Running/Manual Start] %SystemRoot%\System32\mswsock.dll> [PIPIStartSvr / PIPIStartSvr][Stopped/Auto Start] [Remote Packet Capture Protocol v.0 (experimental) / rpcapd][Stopped/Manual Start] <"C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini"> [Rsd Service / RsMgrSvc][Running/Auto Start] <"C:\Program Files\Rising\RSD\RsMgrSvc.exe"> [Rav Service / RsRavMon][Running/Auto Start] <"d:\Program Files\Rising\Rav\RavMonD.exe"> [RFW Service / RsRFWMon][Running/Auto Start] <"d:\Program Files\Rising\RFW\RavMonD.exe"> [Rising Scan Service / RsScanSrv][Stopped/Auto Start] <\ScanFrm.exe><(File is missing)> [ServiceLayer / ServiceLayer][Stopped/Manual Start] <"C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"> ================================== 驱动程序 [AFD / AFD][Running/System Start] <\SystemRoot\System32\drivers\afd.sys> [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start] [ati2mtag / ati2mtag][Running/Manual Start] [Creative AudioPCI (ES1371,ES1373) (WDM) / es1371][Stopped/Manual Start] [hooksys / hooksys][Running/System Start] <\??\C:\WINDOWS\system32\drivers\Hooksys.sys> [HookTdi / HookTdi][Running/System Start] <\??\C:\WINDOWS\system32\drivers\HookTdi.sys> [HyperVM / HyperVM][Running/System Start] <\??\C:\WINDOWS\system32\drivers\hvm.sys> [ShuyaFilter Service / Ndisrd][Stopped/Manual Start] [Nokia USB Phone Parent / nmwcd][Stopped/Manual Start] [Nokia USB Generic / nmwcdc][Stopped/Manual Start] [NetGroup Packet Filter Driver / NPF][Stopped/Manual Start] [NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start] <\SystemRoot\system32\DRIVERS\nvrd32.sys> [PCCS Mode Change Filter Driver / pccsmcfd][Stopped/Manual Start] [AMD PCNET Compatable Adapter Driver / PCnet][Stopped/Manual Start] [Direct Parallel Link Driver / Ptilink][Running/Manual Start] [Rising RfwARP Driver / RFWARP][Running/Auto Start] [Rising RfwBase Driver / RfwBase9][Running/Manual Start] [rfwtdi / rfwtdi][Running/Auto Start] <\??\d:\Program Files\Rising\RFW\rfwtdi.sys> [Feitian ROCKEY4 Device Service / ROCKEYNT][Running/Manual Start] [rsfwdrv / rsfwdrv][Running/System Start] <\??\d:\Program Files\Rising\RFW\rsfwdrv.sys> [Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start] [Secdrv / Secdrv][Stopped/Manual Start] [SATALink driver accelerator / SiFilter][Stopped/Disabled] <\SystemRoot\system32\DRIVERS\SiWinAcc.sys> [USB PC Camera (SNPSTD3) / SNPSTD3][Stopped/Manual Start] [TCP/IP Protocol Driver / Tcpip][Running/System Start] [upperdev / upperdev][Stopped/Manual Start] [UsbserFilt / UsbserFilt][Stopped/Manual Start] [viamraid / viamraid][Stopped/Boot Start] <\SystemRoot\system32\DRIVERS\viamraid.sys> [USB PC Camera 301P / ZSMC301b][Stopped/Manual Start] ================================== 浏览器加载项 [ThunderAtOnce Class] {01443AEC-0FD1-40fd-9C87-E93D1494C233} [Tencent Browser Helper] {0C7C23EF-A848-485B-873C-0ED954731014} [PIPI Link Helper] {1A3440C6-F123-4CAB-84EE-C814E1AE0D8F} [QQ工具栏] {29CF293A-1E7D-4069-9E11-E39698D0AF95} [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} [卡卡上网安全助手] {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} [] {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A> [QQ工具栏] {29CF293A-1E7D-4069-9E11-E39698D0AF95} [PowerCreator VGAPlayer Control] {339C1EE2-1029-46B8-81F1-360217F26FC4} [ThunderAtOnce Class] {01443AEC-0FD1-40FD-9C87-E93D1494C233} [Tencent Browser Helper] {0C7C23EF-A848-485B-873C-0ED954731014} [Windows Genuine Advantage Validation Tool] {17492023-C23A-453E-A040-C7C580BBF700} [PIPI Link Helper] {1A3440C6-F123-4CAB-84EE-C814E1AE0D8F} [InstallHelper Class] {1DABF8D5-8430-4985-9B7F-A30E53D709B3} [QQ工具栏] {29CF293A-1E7D-4069-9E11-E39698D0AF95} [Microsoft Office Control] {4453D895-F2A1-4A38-A285-1EF9BD3F6D5D} [Thunder Agent Class] {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} [EditCtrl Class] {488A4255-3236-44B3-8F27-FA1AECAA8844} [QQPYChecker Class] {5052B4D0-9DF7-45ef-88EF-F42C0EA33A43} [Shell Name Space] {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A> [XMP Class] {6483F145-A768-4C41-AACC-52D4D7845851} [XDRM] {693571CB-54A3-4E90-9D52-EEAE1334E2D3} [CCtInf Class] {6DBB2904-082D-4DB0-944A-21C22BA121F4} [MUWebControl Class] {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} [] {95B3F550-91C4-4627-BCC4-521288C52977} <, > [卡卡上网安全助手] {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} [DapCtrl Class] {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [PlayerCtrl Class] {E05BC2A3-9A46-4A32-80C9-023A473F5B23} [] {E2E2DD38-D088-4134-82B7-F2BA38496583} <, > [] {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <, > [PPLive Lite Class] {EF0D1A14-1033-41A2-A589-240C01EDC078} [XPPlayer Class] {F3E70CEA-956E-49CC-B444-73AFE593AD7F} [使用迅雷下载] [使用迅雷下载全部链接] [导出到 Microsoft Office Excel(&X)] [添加到QQ表情] ================================== 正在运行的进程 [PID: 692 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [PID: 752 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [PID: 784 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\WINDOWS\system32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\WINDOWS\system32\Ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4177] [C:\WINDOWS\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] [PID: 828 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [PID: 840 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\WINDOWS\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\WINDOWS\system32\mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] [PID: 1004 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4197] [C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2513] [C:\WINDOWS\system32\atipdlxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2533] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [PID: 1016 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [PID: 1092 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\WINDOWS\system32\mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] [C:\WINDOWS\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] [PID: 1212 / SYSTEM][C:\Program Files\Rising\RSD\RsMgrSvc.exe] [Beijing Rising Information Technology Co., Ltd., 1.0.0.12] [C:\Program Files\Rising\RSD\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 23.0.0.4] [C:\Program Files\Rising\RSD\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 23.0.0.1] [PID: 1244 / SYSTEM][d:\Program Files\Rising\RFW\RavMonD.exe] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2] [d:\Program Files\Rising\RFW\combase.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 17] [d:\Program Files\Rising\RFW\cnt09.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5] [d:\Program Files\Rising\RFW\MonBase.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3] [d:\Program Files\Rising\RFW\MonComm.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 9] [d:\Program Files\Rising\RFW\rfwlog.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.15] [d:\Program Files\Rising\RFW\rfwrule.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.1] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [d:\Program Files\Rising\RFW\rfwsrv.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.2] [d:\Program Files\Rising\RFW\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [d:\Program Files\Rising\RFW\mPorts.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.0] [d:\Program Files\Rising\RFW\rfwdrvc.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.1] [d:\Program Files\Rising\RFW\Rfwdrv.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.5] [d:\Program Files\Rising\RFW\rsnetsvr.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3] [d:\Program Files\Rising\RFW\RfwArp.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.5] [d:\Program Files\Rising\RFW\urlrule.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.1] [d:\Program Files\Rising\RFW\recomp.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6] [d:\Program Files\Rising\RFW\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [d:\Program Files\Rising\RFW\refs.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3] [d:\Program Files\Rising\RFW\viruslib.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3] [d:\Program Files\Rising\RFW\relibldr.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3] [d:\Program Files\Rising\RFW\rfwproxy.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 73] [C:\WINDOWS\system32\WININET.dll] [Microsoft Corporation, 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430)] [C:\WINDOWS\system32\mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] [d:\Program Files\Rising\RFW\rslang.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1] [d:\Program Files\Rising\RFW\rsindent.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 11] [d:\Program Files\Rising\RFW\taskplug.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 10] [d:\Program Files\Rising\RFW\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.0] [d:\Program Files\Rising\RFW\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.0] [d:\Program Files\Rising\RFW\proccomm.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4] [d:\Program Files\Rising\RFW\NComm2.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3] [d:\Program Files\Rising\RFW\rstask.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5] [d:\Program Files\Rising\RFW\rsstub.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [d:\Program Files\Rising\RFW\urllib.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1] [C:\WINDOWS\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] [PID: 1280 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [c:\windows\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] [C:\WINDOWS\system32\WININET.dll] [Microsoft Corporation, 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430)] [C:\WINDOWS\system32\mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] [C:\WINDOWS\System32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [PID: 1320 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [PID: 1412 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4197] [C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2513] [C:\WINDOWS\system32\atipdlxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2533] [C:\WINDOWS\system32\ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4177] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [PID: 1600 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [c:\windows\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] [C:\WINDOWS\system32\mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] [PID: 1744 / SYSTEM][C:\windows\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\WINDOWS\system32\WININET.dll] [Microsoft Corporation, 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430)] [C:\windows\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\WINDOWS\System32\mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] [C:\windows\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] [PID: 1912 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\WINDOWS\system32\mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] [PID: 276 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\WINDOWS\system32\WININET.dll] [Microsoft Corporation, 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, Inc., 17.1.51.0] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80U.DLL] [Microsoft Corporation, 8.00.50727.4053] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\MFC80CHS.DLL] [Microsoft Corporation, 8.00.50727.4053] [C:\Program Files\FreeLaunchBar\flb.dll] [TrueSoft, 1.0.0.0] [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll] [Microsoft Corporation, 5.2.6001.22319 (vistasp1_ldr.081126-1506)] [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] [Autodesk, Inc., 17.1.51.0] [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [腾讯, 5, 0, 4, 15] [C:\Program Files\Rising\AntiSpyware\RegCall.dll] [Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 6] [D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 120] [C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll] [Autodesk, 17.1.51.0] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.DLL] [Microsoft Corporation, 8.00.50727.4053] [C:\Program Files\WinRAR\rarext.dll] [N/A, ] [C:\WINDOWS\system32\ravext.dll] [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 3] [C:\WINDOWS\system32\KakaExt.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.4] [C:\WINDOWS\system32\QQWUBI.IME] [Tencent, 1.1.220.201] [C:\WINDOWS\system32\shdoclc.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\Program Files\Common Files\Autodesk Shared\dwf Common\DWFShellExtensionRes.dll] [Autodesk, Inc., 1.1.0.341] [C:\Program Files\TENCENT\SSPlus\SAddr1.dll] [腾讯, 5, 1, 16, 10] [D:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.5.34] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [PID: 316 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\WINDOWS\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] [C:\WINDOWS\system32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\WINDOWS\system32\CNMLM8O.DLL] [CANON INC., 2.05.2.10] [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD8O.DLL] [CANON INC., 2.05.2.10] [C:\WINDOWS\System32\mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] [PID: 596 / Administrator][D:\Program Files\Rising\RFW\RsTray.exe] [Beijing Rising Information Technology Co., Ltd., 22.0.0.11] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [D:\Program Files\Rising\RFW\comserv.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.15] [D:\Program Files\Rising\RFW\rslang.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1] [D:\Program Files\Rising\RFW\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [D:\Program Files\Rising\RFW\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [D:\Program Files\Rising\RFW\ProcComm.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4] [D:\Program Files\Rising\RFW\rsxml.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2] [D:\Program Files\Rising\RFW\MonState.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2] [D:\Program Files\Rising\RFW\rfwrule.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.1] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [D:\Program Files\Rising\RFW\rsconf.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.1] [D:\Program Files\Rising\RFW\rspalvd.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.7] [D:\Program Files\Rising\RFW\rsguilib.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 57] [D:\Program Files\Rising\RFW\ravbintl.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 22] [C:\WINDOWS\system32\WININET.dll] [Microsoft Corporation, 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430)] [D:\Program Files\Rising\RFW\rsnetsvr.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3] [D:\Program Files\Rising\RFW\rsmginfo.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4] [D:\Program Files\Rising\RFW\rfwtray.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 39] [D:\Program Files\Rising\RFW\ravppops.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 21] [D:\Program Files\Rising\RFW\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.0] [D:\Program Files\Rising\RFW\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.0] [D:\Program Files\Rising\RFW\PngDll.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [D:\Program Files\Rising\RFW\rfwlog.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.15] [C:\WINDOWS\System32\mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] [C:\WINDOWS\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] [PID: 608 / Administrator][C:\WINDOWS\VM_STI.EXE] [VM., 4.2.610.4] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\WINDOWS\system32\msdmo.dll] [, ] [PID: 616 / Administrator][C:\WINDOWS\system32\Rundll32.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [腾讯, 5, 0, 4, 15] [PID: 664 / Administrator][C:\WINDOWS\vsnpstd3.exe] [, 1, 1, 5, 11] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [腾讯, 5, 0, 4, 15] [PID: 420 / Administrator][D:\Program Files\Rising\Rav\RSTRAY.EXE] [Beijing Rising Information Technology Co., Ltd., 23.0.0.7] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [D:\Program Files\Rising\Rav\comserv.dll] [Beijing Rising Information Technology Co., Ltd., 23.0.0.13] [D:\Program Files\Rising\Rav\rslang.dll] [Beijing Rising Information Technology Co., Ltd., 23.0.0.1] [D:\Program Files\Rising\Rav\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 23.0.0.4] [D:\Program Files\Rising\Rav\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 23.0.0.1] [D:\Program Files\Rising\Rav\ProcComm.dll] [Beijing Rising Information Technology Co., Ltd., 23.0.0.1] [D:\Program Files\Rising\Rav\rsxml.dll] [Beijing Rising Information Technology Co., Ltd., 23.0.0.2] [D:\Program Files\Rising\Rav\MonState.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2] [D:\Program Files\Rising\Rav\ScanEvnt.dll] [Beijing Rising Information Technology Co., Ltd., 23.0.0.10] [D:\Program Files\Rising\Rav\rsguilib.dll] [Beijing Rising Information Technology Co., Ltd., 23.0.0.11] [D:\Program Files\Rising\Rav\rsconf.dll] [Beijing Rising Information Technology Co., Ltd., 23.0.0.4] [D:\Program Files\Rising\Rav\rspalvd.dll] [Beijing Rising Information Technology Co., Ltd., 23.0.0.7] [D:\Program Files\Rising\Rav\mruleui.dll] [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 10] [D:\Program Files\Rising\Rav\MonTray.dll] [Beijing Rising Information Technology Co., Ltd., 23.0.0.69] [D:\Program Files\Rising\Rav\rsmginfo.dll] [Beijing Rising Information Technology Co., Ltd., 23.0.0.5] [C:\WINDOWS\system32\WININET.dll] [Microsoft Corporation, 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430)] [D:\Program Files\Rising\Rav\UsbServ.dll] [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 3] [D:\Program Files\Rising\Rav\ScanTray.dll] [Beijing Rising Information Technology Co., Ltd., 23.0.0.48] [D:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 3] [C:\WINDOWS\system32\shdoclc.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\WINDOWS\system32\mshtml.dll] [Microsoft Corporation, 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430)] [D:\Program Files\Rising\Rav\dfw.dll] [Beijing Rising Information Technology Co., Ltd., 23.0.0.63] [D:\Program Files\Rising\Rav\ScanPrxy.dll] [Beijing Rising Information Technology Co., Ltd., 23.0.0.30] [D:\Program Files\Rising\Rav\GCompt.dll] [Beijing Rising Information Technology Co., Ltd., 23.0.0.46] [C:\Program Files\TENCENT\SSPlus\SAddr1.dll] [腾讯, 5, 1, 16, 10] [C:\WINDOWS\system32\mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] [d:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Information Technology Co., Ltd., 23.0.0.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\jscript.dll] [Microsoft Corporation, 5.7.0.18066] [C:\WINDOWS\system32\vbscript.dll] [Microsoft Corporation, 5.7.0.18066] [C:\WINDOWS\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] [PID: 964 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [PID: 1312 / Administrator][C:\Program Files\Rising\AntiSpyware\rstray.exe] [Beijing Rising Information Technology Co., Ltd., 21.0.0.32] [C:\Program Files\Rising\AntiSpyware\rsmginfo.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4] [C:\WINDOWS\system32\WININET.dll] [Microsoft Corporation, 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430)] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\Program Files\Rising\AntiSpyware\RegCall.dll] [Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 6] [C:\Program Files\Rising\AntiSpyware\RsXML.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2] [C:\Program Files\Rising\AntiSpyware\ComServ.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.33] [C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [C:\Program Files\Rising\AntiSpyware\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Rising\AntiSpyware\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Rising\AntiSpyware\rscommon.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.1.1] [C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [C:\Program Files\Rising\AntiSpyware\rsxml1.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2] [C:\Program Files\Rising\AntiSpyware\pngdll.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5] [C:\Program Files\Rising\AntiSpyware\runiep.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.78] [C:\Program Files\Rising\AntiSpyware\NComm.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.11] [d:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [C:\Program Files\Rising\AntiSpyware\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [C:\WINDOWS\System32\mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] [C:\WINDOWS\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] [PID: 1420 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\Program Files\Rising\AntiSpyware\RegCall.dll] [Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 6] [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [腾讯, 5, 0, 4, 15] [PID: 1616 / SYSTEM][d:\Program Files\Rising\Rav\RavMonD.exe] [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 12] [d:\Program Files\Rising\Rav\combase.dll] [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 11] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [d:\Program Files\Rising\Rav\rsconf.dll] [Beijing Rising Information Technology Co., Ltd., 23.0.0.4] [d:\Program Files\Rising\Rav\scansrvp.dll] [Beijing Rising Information Technology Co., Ltd., 23.0.0.12] [d:\Program Files\Rising\Rav\cnt09.dll] [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 1] [d:\Program Files\Rising\Rav\moncomm.dll] [Beijing Rising Information Technology Co., Ltd., 23.0.0.3] [d:\Program Files\Rising\Rav\MonBase.dll] [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 1] [d:\Program Files\Rising\Rav\Rslog.dll] [Beijing Rising Information Technology Co., Ltd., 23.0.0.19] [d:\Program Files\Rising\Rav\RsStore.dll] [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 11] [d:\Program Files\Rising\Rav\mondrvd.dll] [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 11] [d:\Program Files\Rising\Rav\defmon.dll] [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 53] [d:\Program Files\Rising\Rav\moncom08.dll] [Beijing Rising Information Technology Co., Ltd., 23.0.0.2] [d:\Program Files\Rising\Rav\taskplug.dll] [Beijing Rising Information Technology Co., Ltd., 23.0.0.2] [d:\Program Files\Rising\Rav\mondrvm.dll] [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 8] [d:\Program Files\Rising\Rav\MonRule.dll] [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 31] [d:\Program Files\Rising\Rav\FileMon.dll] [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 32] [d:\Program Files\Rising\Rav\MailMon.dll] [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 54] [d:\Program Files\Rising\Rav\rsindent.dll] [Beijing Rising Information Technology Co., Ltd., 23.0.1.0] [d:\Program Files\Rising\Rav\cnt08.dll] [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 1] [d:\Program Files\Rising\Rav\proccomm.dll] [Beijing Rising Information Technology Co., Ltd., 23.0.0.1] [d:\Program Files\Rising\Rav\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 23.0.0.4] [d:\Program Files\Rising\Rav\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 23.0.0.1] [d:\Program Files\Rising\Rav\Hooksys.dll] [Beijing Rising Information Technology Co., Ltd., 25, 0, 0, 8] [d:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [d:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [d:\Program Files\Rising\Rav\rstask.dll] [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 7] [d:\Program Files\Rising\Rav\rslang.dll] [Beijing Rising Information Technology Co., Ltd., 23.0.0.1] [d:\Program Files\Rising\Rav\rsstub.dll] [Beijing Rising Information Technology Co., Ltd., 23.0.0.1] [d:\Program Files\Rising\Rav\hookTdi.dll] [Beijing Rising Information Technology Co., Ltd., 25, 0, 0, 9] [d:\Program Files\Rising\Rav\BACore.dll] [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 28] [d:\Program Files\Rising\Rav\recomp.dll] [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 12] [d:\Program Files\Rising\Rav\refs.dll] [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 3] [d:\Program Files\Rising\Rav\viruslib.dll] [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 2] [d:\Program Files\Rising\Rav\relibldr.dll] [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 1] [d:\Program Files\Rising\Rav\rsnetsvr.dll] [Beijing Rising Information Technology Co., Ltd., 23.0.0.12] [d:\Program Files\Rising\Rav\bawhite.dll] [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 5] [d:\Program Files\Rising\Rav\ScanAdd.dll] [Beijing Rising Information Technology Co., Ltd., 23.0.0.31] [d:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 68] [C:\WINDOWS\system32\mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] [d:\Program Files\Rising\Rav\ScanSrv.dll] [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 17] [d:\Program Files\Rising\Rav\scanpe.dll] [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 25] [d:\Program Files\Rising\Rav\pearc.dll] [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 7] [d:\Program Files\Rising\Rav\engext.dll] [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 4] [d:\Program Files\Rising\Rav\ffr.dll] [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 2] [d:\Program Files\Rising\Rav\nvfile.dll] [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 7] [d:\Program Files\Rising\Rav\scanexec.dll] [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 5] [d:\Program Files\Rising\Rav\unexe.dll] [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 0] [d:\Program Files\Rising\Rav\scanex.dll] [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 7] [d:\Program Files\Rising\Rav\scantj.dll] [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 9] [d:\Program Files\Rising\Rav\extsfx.dll] [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 8] [d:\Program Files\Rising\Rav\vmicore.dll] [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 15] [d:\Program Files\Rising\Rav\extmail.dll] [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 0] [d:\Program Files\Rising\Rav\scansct.dll] [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 1] [d:\Program Files\Rising\Rav\extarch.dll] [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 8] [d:\Program Files\Rising\Rav\extcomp.dll] [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 4] [d:\Program Files\Rising\Rav\ur029.dat] [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 2] [d:\Program Files\Rising\Rav\ur025.dat] [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 1] [d:\Program Files\Rising\Rav\urutils.dll] [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 6] [PID: 2468 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] [C:\WINDOWS\System32\MSWSOCK.DLL] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] [C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [PID: 1712 / Administrator][C:\Program Files\Rising\AntiSpyware\knownsvr.exe] [Beijing Rising Information Technology Co., Ltd., 6.0.0.14] [C:\Program Files\Rising\AntiSpyware\NComm.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.11] [C:\WINDOWS\system32\WININET.dll] [Microsoft Corporation, 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430)] [C:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [C:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [PID: 3812 / Administrator][d:\Program Files\Tencent\TT\bin\ttraveler.exe] [Tencent, 4, 8, 0, 803] [d:\Program Files\Tencent\TT\bin\TTUtilWidget.dll] [Tencent, 4, 8, 0, 803] [C:\WINDOWS\system32\WININET.dll] [Microsoft Corporation, 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\Program Files\Rising\AntiSpyware\RegCall.dll] [Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 6] [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [腾讯, 5, 0, 4, 15] [d:\Program Files\Tencent\TT\bin\PlatformWidget.dll] [Tencent, 4, 8, 0, 803] [d:\Program Files\Tencent\TT\bin\TTMainFrame.dll] [Tencent, 4, 8, 0, 803] [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll] [Microsoft Corporation, 5.2.6001.22319 (vistasp1_ldr.081126-1506)] [d:\Program Files\Tencent\TT\bin\TTMBrowser.dll] [Tencent, 4, 8, 0, 803] [d:\Program Files\Tencent\TT\bin\TTabMgr.dll] [Tencent, 4, 8, 0, 803] [d:\Program Files\Tencent\TT\bin\TTStore.dll] [Tencent, 4, 8, 0, 803] [d:\Program Files\Tencent\TT\bin\TTSkin.dll] [Tencent, 4, 8, 0, 803] [d:\Program Files\Tencent\TT\bin\vbscript.dll] [Microsoft Corporation, 5.7.0.16535] [C:\WINDOWS\System32\mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] [C:\WINDOWS\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] [d:\Program Files\Tencent\TT\bin\TTFilter.dll] [Tencent, 4, 8, 0, 803] [d:\Program Files\Tencent\TT\bin\TTNetwork.dll] [Tencent, 4, 8, 0, 803] [C:\WINDOWS\system32\mshtml.dll] [Microsoft Corporation, 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430)] [d:\Program Files\Tencent\TT\bin\sqlite3.dll] [N/A, ] [C:\WINDOWS\system32\shdoclc.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [d:\Program Files\Tencent\TT\bin\FavoriteLogical.dll] [Tencent, 4, 8, 0, 803] [d:\Program Files\Tencent\TT\bin\TTPluginMng.dll] [Tencent, 4, 8, 0, 803] [d:\Program Files\Tencent\TT\Plugins\3TTWeather\TTWeather.dll] [Tencent, 1.0.0.1] [d:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Information Technology Co., Ltd., 23.0.0.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\jscript.dll] [Microsoft Corporation, 5.7.0.18066] [C:\WINDOWS\system32\vbscript.dll] [Microsoft Corporation, 5.7.0.18066] [C:\WINDOWS\system32\Macromed\Flash\Flash10i.ocx] [Adobe Systems, Inc., 10,1,82,76] [D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 120] [C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, Inc., 17.1.51.0] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80U.DLL] [Microsoft Corporation, 8.00.50727.4053] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\MFC80CHS.DLL] [Microsoft Corporation, 8.00.50727.4053] [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] [Autodesk, Inc., 17.1.51.0] [C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll] [Autodesk, 17.1.51.0] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.DLL] [Microsoft Corporation, 8.00.50727.4053] [C:\WINDOWS\system32\QQWUBI.IME] [Tencent, 1.1.220.201] [d:\Program Files\Tencent\TT\bin\TSupport.dll] [TENCENT Inc., 1, 2, 11, 201] [PID: 2020 / Administrator][D:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe] [Thunder Networking Technologies,LTD, 5.8.7.639] [D:\Program Files\Thunder Network\Thunder\Program\BugReport.dll] [Thunder Networking Technologies,LTD, 1, 4, 1, 20] [C:\WINDOWS\system32\WININET.dll] [Microsoft Corporation, 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430)] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\Program Files\Rising\AntiSpyware\RegCall.dll] [Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 6] [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [腾讯, 5, 0, 4, 15] [D:\Program Files\Thunder Network\Thunder\Program\TaskManager.dll] [Thunder Networking Technologies,LTD, 1, 3, 10, 72] [D:\Program Files\Thunder Network\Thunder\Program\download_interface.dll] [Thunder Networking Technologies,LTD, 3, 3, 2, 325] [D:\Program Files\Thunder Network\Thunder\Program\mp.dll] [Thunder Networking Technologies,LTD, 1, 0, 2, 2] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [D:\Program Files\Thunder Network\Thunder\Program\asyn_frame.dll] [Thunder Networking Technologies,LTD, 1, 4, 2, 30] [C:\WINDOWS\system32\MSWSOCK.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] [D:\Program Files\Thunder Network\Thunder\Program\ATL71.DLL] [Microsoft Corporation, 7.10.3077.0] [D:\Program Files\Thunder Network\Thunder\Program\XLNet.Dll] [Thunder Networking Technologies,LTD, 1, 5, 2, 25] [D:\Program Files\Thunder Network\Thunder\Program\BHOStub.dll] [Thunder Networking Technologies,LTD, 1, 1, 1, 10] [D:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DownAndPlay.dll] [, 1, 0, 12, 30] [D:\Program Files\Thunder Network\Thunder\Program\backend_agent.dll] [Thunder Networking Technologies,LTD, 1, 1, 2, 25] [D:\Program Files\Thunder Network\Thunder\Program\zlib1.dll] [, 1.2.3] [D:\Program Files\Thunder Network\Thunder\Program\ptl.dll] [Thunder Networking Technologies,LTD, 3, 2, 2, 35] [D:\Program Files\Thunder Network\Thunder\Program\dl_peer_id.dll] [Thunder Networking Technologies,LTD, 3, 1, 2, 3] [D:\Program Files\Thunder Network\Thunder\Program\xl_stat.dll] [, 1, 0, 2, 7] [D:\Program Files\Thunder Network\Thunder\Program\p2p_upload.dll] [Thunder Networking Technologies,LTD, 1,1,2,13] [D:\Program Files\Thunder Network\Thunder\Program\p2p.dll] [Thunder Networking Technologies,LTD, 1,1,2,37] [D:\Program Files\Thunder Network\Thunder\Program\fs.dll] [Thunder Networking Technologies,LTD, 1, 1, 2, 13] [D:\Program Files\Thunder Network\Thunder\Program\xldc.dll] [Thunder Networking Technologies,LTD, 3, 6, 2, 24] [D:\Program Files\Thunder Network\Thunder\Program\stream.dll] [Thunder Networking Technologies,LTD, 2, 1, 2, 1013] [D:\Program Files\Thunder Network\Thunder\Program\p2sp.dll] [Thunder Networking Technologies,LTD, 1, 1, 2, 43] [D:\Program Files\Thunder Network\Thunder\Program\down_dispatcher.dll] [Thunder Networking Technologies,LTD, 1, 0, 2, 29] [C:\WINDOWS\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] [D:\Program Files\Thunder Network\Thunder\Program\p2p_local_res.dll] [Thunder Networking Technologies,LTD, 1,1,2,18] [D:\Program Files\Thunder Network\Thunder\Program\emule.dll] [, 1, 1, 2, 37] [D:\Program Files\Thunder Network\Thunder\Program\al.dll] [Thunder Networking Technologies,LTD, 1,1,2,23] [D:\Program Files\Thunder Network\Thunder\Program\iTargetAD.dll] [N/A, ] [C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, Inc., 17.1.51.0] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80U.DLL] [Microsoft Corporation, 8.00.50727.4053] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\MFC80CHS.DLL] [Microsoft Corporation, 8.00.50727.4053] [D:\Program Files\Thunder Network\Thunder\Components\Community\XLCommunity.dll] [Thunder Networking Technologies,LTD, 1, 5, 0, 16] [D:\Program Files\Thunder Network\Thunder\Program\RegisterDll.dll] [Thunder Networking Technologies,LTD, 2, 17, 0, 67] [D:\Program Files\Thunder Network\Thunder\Program\MSVCIRT.dll] [Microsoft Corporation, 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)] [D:\Program Files\Thunder Network\Thunder\Components\Security\ThunderSafe.dll] [深圳市迅雷网络技术有限公司, 2, 1, 7, 102] [D:\Program Files\Thunder Network\Thunder\Components\Security\ConfigManager.dll] [深圳市迅雷网络技术有限公司, 1, 0, 0, 1] [D:\Program Files\Thunder Network\Thunder\Components\Security\SafeManager.dll] [Xunlei Networking Technologies,LTD, 1, 0, 5, 20] [D:\Program Files\Thunder Network\Thunder\Components\Security\SafeStatistic.dll] [Xunlei Networking Technologies,LTD, 1, 0, 0, 1] [D:\Program Files\Thunder Network\Thunder\Program\XLNetU.Dll] [Thunder Networking Technologies,LTD, 1, 5, 1, 24] [D:\Program Files\Thunder Network\Thunder\Plugins\XLSafeHost\XLSafeHost.dll] [深圳市迅雷网络技术有限公司, 1, 2, 9, 90] [D:\Program Files\Thunder Network\Thunder\Plugins\KanKanTop\KanKanTop.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 4] [D:\Program Files\Thunder Network\Thunder\Components\ExplorerHelper\ExplorerHelper.dll] [Thunder Networking Technologies,LTD, 1, 0, 4, 25] [D:\Program Files\Thunder Network\Thunder\Plugins\XLSafeHost\AutoHelp.dll] [Beijing Rising Technology Co., Ltd., 6.0.0.5] [C:\WINDOWS\system32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [D:\Program Files\Thunder Network\Thunder\Components\DownloadStat\DownloadStat.dll] [Thunder Networking Technologies,LTD, 1, 4, 1, 6] [D:\Program Files\Thunder Network\Thunder\Program\emule_id.dll] [, 1, 0, 2, 11] [D:\Program Files\Thunder Network\Thunder\Program\bd.dll] [Thunder Networking Technologies,LTD, 1, 0, 2, 19] [PID: 2464 / Administrator][C:\Documents and Settings\Administrator\桌面\sreng2\SREngLdr.EXE] [Smallfrogs Studio, 2.8.2.1321] [PID: 2480 / Administrator][C:\Documents and Settings\Administrator\桌面\sreng2\SREcec25149.EXE] [Smallfrogs Studio, 2.8.2.1321] [C:\WINDOWS\system32\WININET.dll] [Microsoft Corporation, 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430)] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\Program Files\Rising\AntiSpyware\RegCall.dll] [Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 6] [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [腾讯, 5, 0, 4, 15] [C:\WINDOWS\system32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\WINDOWS\System32\mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] [C:\WINDOWS\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] [PID: 2052 / Administrator][C:\Documents and Settings\Administrator\桌面\sreng2\SREngLdr.EXE] [Smallfrogs Studio, 2.8.2.1321] [PID: 2952 / Administrator][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SRE36.EXE] [Smallfrogs Studio, 2.8.2.1321] [C:\WINDOWS\system32\WININET.dll] [Microsoft Corporation, 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430)] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\Program Files\Rising\AntiSpyware\RegCall.dll] [Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 6] [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [腾讯, 5, 0, 4, 15] [C:\WINDOWS\System32\mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] [C:\WINDOWS\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] [PID: 3644 / Administrator][C:\Documents and Settings\Administrator\桌面\sreng2\SREngLdr.EXE] [Smallfrogs Studio, 2.8.2.1321] [PID: 3268 / Administrator][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SRE39.EXE] [Smallfrogs Studio, 2.8.2.1321] [C:\WINDOWS\system32\WININET.dll] [Microsoft Corporation, 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430)] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\Program Files\Rising\AntiSpyware\RegCall.dll] [Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 6] [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [腾讯, 5, 0, 4, 15] [C:\WINDOWS\system32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\WINDOWS\System32\mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] [C:\WINDOWS\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] [C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, Inc., 17.1.51.0] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80U.DLL] [Microsoft Corporation, 8.00.50727.4053] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\MFC80CHS.DLL] [Microsoft Corporation, 8.00.50727.4053] [PID: 2428 / Administrator][C:\Documents and Settings\Administrator\桌面\sreng2\SREcec25149.EXE] [Smallfrogs Studio, 2.8.2.1321] [C:\WINDOWS\system32\WININET.dll] [Microsoft Corporation, 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430)] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\Program Files\Rising\AntiSpyware\RegCall.dll] [Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 6] [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [腾讯, 5, 0, 4, 15] [C:\WINDOWS\system32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\WINDOWS\System32\mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] [C:\WINDOWS\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] [PID: 148 / Administrator][C:\WINDOWS\system32\NOTEPAD.EXE] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\Program Files\Rising\AntiSpyware\RegCall.dll] [Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 6] [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [腾讯, 5, 0, 4, 15] [PID: 904 / Administrator][C:\Documents and Settings\Administrator\桌面\sreng2\SREcec25149.EXE] [Smallfrogs Studio, 2.8.2.1321] [C:\WINDOWS\system32\WININET.dll] [Microsoft Corporation, 6.00.2900.5583 (xpsp_sp3_gdr.080417-1430)] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\Program Files\Rising\AntiSpyware\RegCall.dll] [Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 6] [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll] [腾讯, 5, 0, 4, 15] [C:\WINDOWS\system32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\Documents and Settings\Administrator\桌面\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15] [C:\WINDOWS\System32\mswsock.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] [C:\WINDOWS\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249)] ================================== 文件关联 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 MSAFD Tcpip [TCP/IP] C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider) MSAFD Tcpip [UDP/IP] C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider) MSAFD Tcpip [RAW/IP] C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider) MSAFD NetBIOS [\Device\NetBT_Tcpip_{EE6774CA-5C87-491D-816C-6CCC6BF11DDE}] SEQPACKET 3 C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider) MSAFD NetBIOS [\Device\NetBT_Tcpip_{EE6774CA-5C87-491D-816C-6CCC6BF11DDE}] DATAGRAM 3 C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider) MSAFD NetBIOS [\Device\NetBT_Tcpip_{5F588733-6429-4B13-A427-05CECE07D482}] SEQPACKET 0 C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider) MSAFD NetBIOS [\Device\NetBT_Tcpip_{5F588733-6429-4B13-A427-05CECE07D482}] DATAGRAM 0 C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider) MSAFD NetBIOS [\Device\NetBT_Tcpip_{F6C60E97-F8D3-4E62-9FA2-A9D685B07D97}] SEQPACKET 1 C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider) MSAFD NetBIOS [\Device\NetBT_Tcpip_{F6C60E97-F8D3-4E62-9FA2-A9D685B07D97}] DATAGRAM 1 C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider) MSAFD NetBIOS [\Device\NetBT_Tcpip_{90284CC5-9E19-496E-A350-36F5EAF0B47E}] SEQPACKET 2 C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider) MSAFD NetBIOS [\Device\NetBT_Tcpip_{90284CC5-9E19-496E-A350-36F5EAF0B47E}] DATAGRAM 2 C:\WINDOWS\system32\mswsock.dll(Microsoft Corporation, Microsoft Windows Sockets 2.0 Service Provider) ================================== Autorun.inf N/A ================================== HOSTS 文件 127.0.0.1 localhost 127.0.0.1 858656.com 127.0.0.1 my123.com 127.0.0.1 8749.com 127.0.0.1 4199.com 127.0.0.1 7379.com 127.0.0.1 7255.com 127.0.0.1 3448.com 127.0.0.1 7939.com 127.0.0.1 8009.com 127.0.0.1 piaoxue.com 127.0.0.1 kzdh.com 127.0.0.1 about.blank.la 127.0.0.1 6781.com 127.0.0.1 7322.com 127.0.0.1 9991.com ================================== 进程特权扫描 特殊特权被允许: SeLoadDriverPrivilege [PID = 1004, C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE] 特殊特权被允许: SeLoadDriverPrivilege [PID = 1412, C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE] 特殊特权被允许: SeLoadDriverPrivilege [PID = 608, C:\WINDOWS\VM_STI.EXE] 特殊特权被允许: SeLoadDriverPrivilege [PID = 664, C:\WINDOWS\VSNPSTD3.EXE] 特殊特权被允许: SeDebugPrivilege [PID = 2020, D:\PROGRAM FILES\THUNDER NETWORK\THUNDER\PROGRAM\THUNDER5.EXE] 特殊特权被允许: SeLoadDriverPrivilege [PID = 2020, D:\PROGRAM FILES\THUNDER NETWORK\THUNDER\PROGRAM\THUNDER5.EXE] ================================== 计划任务 N/A ================================== Windows 安全更新检查 N/A ================================== API HOOK N/A ================================== 隐藏进程 N/A ================================== [/CODE]