[CODE]

2011-12-13,12:19:22

System Repair Engineer 2.8.4.1331
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 3 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描
    计划任务
    Windows 安全更新检查
    API HOOK
    隐藏进程


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
    <QuickTime Task><"C:\Program Files\QuickTime\qttask.exe" -atboottime>  [Apple Inc.]
    <RavTRAY><"D:\Downloads\Rising\RAV\RSTRAY.EXE" -system>  [(Verified)Beijing Rising Information Technology Corporation Limited]
    <RFWTRAY><"D:\Downloads\Rising\RFW\RSTRAY.EXE" -system>  [(Verified)Beijing Rising Information Technology Corporation Limited]
    <ZSSnp211><C:\WINDOWS\ZSSnp211.exe>  [ZSMCSNAP]
    <Domino><C:\WINDOWS\Domino.exe>  []
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <nwiz><nwiz.exe /install>  []
    <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <WebCheck><%SystemRoot%\System32\webcheck.dll>  [(Verified)Microsoft Windows Component Publisher]
    <SysTray><C:\WINDOWS\System32\stobject.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
    <WinlogonNotify: dimsntfy><%SystemRoot%\System32\dimsntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\System32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\System32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Windows Media Player><C:\WINDOWS\INF\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINDOWS\System32\logon.scr>  [(Verified)Microsoft Windows Component Publisher]

==================================
启动文件夹
N/A

==================================
服务
[Apple Mobile Device / Apple Mobile Device][Running/Auto Start]
  <"C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"><Apple Inc.>
[Bonjour 服务 / Bonjour Service][Running/Auto Start]
  <"C:\Program Files\Bonjour\mDNSResponder.exe"><Apple Inc.>
[FLEXnet Licensing Service / FLEXnet Licensing Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"><Acresso Software Inc.>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[iPod 服务 / iPod Service][Stopped/Manual Start]
  <"C:\Program Files\iPod\bin\iPodService.exe"><Apple Inc.>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Rsd Service / RsMgrSvc][Running/Auto Start]
  <"C:\Program Files\Rising\RSD\RsMgrSvc.exe"><Beijing Rising Information Technology Co., Ltd.>
[Rav Service / RsRavMon][Running/Auto Start]
  <"D:\Downloads\Rising\RAV\RavMonD.exe"><Beijing Rising Information Technology Co., Ltd.>
[RFW Service / RsRFWMon][Running/Auto Start]
  <"D:\Downloads\Rising\RFW\RavMonD.exe"><Beijing Rising Information Technology Co., Ltd.>

==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[ApolloProtect / ApolloProtect][Stopped/Manual Start]
  <\??\D:\Program Files\街头篮球\Apollo\Apollo.sys><N/A>
[Intel(R) PRO Network Connection Driver / E100B][Running/Manual Start]
  <System32\DRIVERS\e100b325.sys><Intel Corporation>
[GEAR ASPI Filter Driver / GEARAspiWDM][Running/Manual Start]
  <system32\DRIVERS\GEARAspiWDM.sys><GEAR Software Inc.>
[hooksys / hooksys][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\Hooksys.sys><Beijing Rising Information Technology Co., Ltd.>
[HookTdi / HookTdi][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\HookTdi.sys><Beijing Rising Information Technology Co., Ltd.>
[HyperVM / HyperVM][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\hvm.sys><Beijing Rising Information Technology Co., Ltd.>
[Agere Modem Driver / ltmodem5][Running/Manual Start]
  <System32\DRIVERS\ltmdmnt.sys><Agere Systems>
[nv / nv][Running/Manual Start]
  <System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[nv4 / nv4][Stopped/Manual Start]
  <System32\DRIVERS\nv4.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[rfwaf / rfwaf][Running/Auto Start]
  <\??\D:\Downloads\Rising\RFW\rfwaf.sys><Beijing Rising Information Technology Co., Ltd.>
[Rising RfwARP Driver / RFWARP][Running/Auto Start]
  <system32\DRIVERS\rfwarp.sys><Beijing Rising Information Technology Co., Ltd.>
[Rising RfwNdis Driver / RFWNDIS][Running/Manual Start]
  <system32\DRIVERS\rfwndis.sys><Beijing Rising Information Technology Co., Ltd.>
[rfwtdi / rfwtdi][Running/Auto Start]
  <\??\D:\Downloads\Rising\RFW\rfwtdi.sys><Beijing Rising Information Technology Co., Ltd.>
[rsd protect / rsdsys][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\protreg.sys><Beijing Rising Information Technology Co., Ltd.>
[rsfwdrv / rsfwdrv][Running/Auto Start]
  <\??\D:\Downloads\Rising\RFW\rsfwdrv.sys><Beijing Rising Information Technology Co., Ltd.>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[Intel(R) SMBus 2.0 Driver / smbusp][Running/Manual Start]
  <system32\DRIVERS\intelsmb.sys><Intel Corporation>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
  <System32\DRIVERS\tcpip.sys><Microsoft Corporation>
[TesSafe / TesSafe][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>
[Apple Mobile USB Driver / USBAAPL][Stopped/Manual Start]
  <System32\Drivers\usbaapl.sys><Apple, Inc.>
[ZSMC USB PC Camera (ZS0211) / ZSMC211][Running/Manual Start]
  <System32\Drivers\ZS211.sys><ZSMC.Corporation>

==================================
浏览器加载项
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <D:\DOWNLO~1\word\OFFICE11\REFIEBAR.DLL, (Signed) Microsoft Corporation>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, (Signed) Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash11e.ocx, (Signed) Adobe Systems, Inc.>
[PlayCtrl Class]
  {02E2D748-67F8-48B4-8AB4-0A085374BB99} <D:\Downloads\baidu\BaiduPlayer\Xbdyy.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, (Signed) Microsoft Corporation>
[Microsoft Terminal Services Client Control (redist)]
  {4eb89ff4-7f78-4a0f-8b8d-2bf02e94e4b2} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[Microsoft Terminal Services Client Control (redist)]
  {4EDCB26C-D24C-4e72-AF07-B576699AC0DE} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[QQPYChecker Class]
  {5052B4D0-9DF7-45ef-88EF-F42C0EA33A43} <D:\Downloads\QQpinyin\4.4.1108.400\QQImeChecker.dll, (Signed) Tencent>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[Active Desktop Mover]
  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, (Signed) N/A>
[Microsoft Terminal Services Client Control (redist)]
  {7390f3d8-0439-4c05-91e3-cf5cb290c3d0} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[Microsoft Terminal Services Client Control (redist)]
  {7584c670-2274-4efb-b00b-d6aaba6d3850} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\System32\shdocvw.dll, (Signed) Microsoft Corporation>
[Microsoft Terminal Services Client Control (redist)]
  {9059f30f-4eb1-4bd2-9fdc-36f43a218f4a} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <, >
[DapCtrl Class]
  {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.3.5814.165.(880).dll, (Signed) 深圳市迅雷网络技术有限公司>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\System32\shdocvw.dll, (Signed) N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash11e.ocx, (Signed) Adobe Systems, Inc.>
[]
  {FB5F1910-F110-11D2-BB9E-00C04F795683} <, >
[使用迅雷下载]
  <D:\Program Files\Program\GetUrl.htm, N/A>
[使用迅雷下载全部链接]
  <D:\Program Files\Program\GetAllUrl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://D:\DOWNLO~1\word\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到飞信表情]
  <res://D:\Downloads\飞信\Fetion\FetionExt.dll/202, N/A>
[通过飞信短信发送]
  <res://D:\Downloads\飞信\Fetion\FetionExt.dll/201, N/A>

==================================
正在运行的进程
[PID: 756 / SYSTEM][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 880 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 904 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
    [C:\Program Files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll]  [Adobe Systems Incorporated, 4.0.0.0client1]
[PID: 948 / SYSTEM][C:\WINDOWS\system32\services.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)]
[PID: 960 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
    [C:\WINDOWS\system32\xunyount.dll]  [, 1, 0, 0, 2]
[PID: 1116 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1184 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\xunyount.dll]  [, 1, 0, 0, 2]
    [C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 3,0,0,2]
[PID: 1352 / SYSTEM][C:\Program Files\Rising\RSD\RsMgrSvc.exe]  [Beijing Rising Information Technology Co., Ltd., 1.0.0.38]
    [C:\Program Files\Rising\RSD\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.4]
    [C:\Program Files\Rising\RSD\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.1]
[PID: 1400 / SYSTEM][D:\Downloads\Rising\RFW\RavMonD.exe]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 14]
    [D:\Downloads\Rising\RFW\combase.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 22]
    [D:\Downloads\Rising\RFW\cnt09.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 1]
    [D:\Downloads\Rising\RFW\MonBase.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 1]
    [D:\Downloads\Rising\RFW\MonComm.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.3]
    [D:\Downloads\Rising\RFW\rsconf.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.8]
    [D:\Downloads\Rising\RFW\rfwlog.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.7]
    [D:\Downloads\Rising\RFW\rfwrule.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.1]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\Downloads\Rising\RFW\rfwsrv.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.99]
    [D:\Downloads\Rising\RFW\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.1]
    [D:\Downloads\Rising\RFW\mPorts.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.7]
    [D:\Downloads\Rising\RFW\rfwdrvc.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.37]
    [D:\Downloads\Rising\RFW\fishweb.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 26]
    [D:\Downloads\Rising\RFW\rsindent.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.1.0]
    [D:\Downloads\Rising\RFW\taskplug.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.2]
    [D:\Downloads\Rising\RFW\rfwPgDef.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.4]
    [D:\Downloads\Rising\RFW\proccomm.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.1]
    [D:\Downloads\Rising\RFW\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.4]
    [D:\Downloads\Rising\RFW\Rfwdrv.dll]  [Beijing Rising Information Technology Co., Ltd., 25.0.0.8]
    [D:\Downloads\Rising\RFW\RfwArp.dll]  [Beijing Rising Information Technology Co., Ltd., 25.0.0.1]
    [D:\Downloads\Rising\RFW\urlrule.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.2]
    [D:\Downloads\Rising\RFW\recomp.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 12]
    [D:\Downloads\Rising\RFW\refs.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 3]
    [D:\Downloads\Rising\RFW\viruslib.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 8]
    [D:\Downloads\Rising\RFW\relibldr.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 1]
    [D:\Downloads\Rising\RFW\rfwproxy.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 79]
    [C:\WINDOWS\system32\xunyount.dll]  [, 1, 0, 0, 2]
    [D:\Downloads\Rising\RFW\rslang.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.1]
    [D:\Downloads\Rising\RFW\fwfish.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 4]
    [D:\Downloads\Rising\RFW\fwcomp.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 11]
    [D:\Downloads\Rising\RFW\fwfs.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 5]
    [D:\Downloads\Rising\RFW\fwvirlib.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 5]
    [D:\Downloads\Rising\RFW\fwlibldr.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 3]
    [D:\Downloads\Rising\RFW\rstask.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 7]
    [D:\Downloads\Rising\RFW\rsstub.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.1]
    [D:\Downloads\Rising\RFW\urllib.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 1]
    [C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 3,0,0,2]
[PID: 1468 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\xunyount.dll]  [, 1, 0, 0, 2]
    [C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 3,0,0,2]
[PID: 1568 / NETWORK SERVICE][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\xunyount.dll]  [, 1, 0, 0, 2]
[PID: 1764 / LOCAL SERVICE][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\xunyount.dll]  [, 1, 0, 0, 2]
[PID: 2004 / jason][C:\WINDOWS\Explorer.EXE]  [(Verified) Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll]  [Adobe Systems Incorporated, 4.0.0.0client1]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [C:\WINDOWS\system32\nvcpl.dll]  [NVIDIA Corporation, 6.14.10.9371]
    [C:\WINDOWS\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.9371]
    [C:\WINDOWS\system32\nvapi.dll]  [N/A, ]
    [C:\WINDOWS\system32\nvshell.dll]  [, ]
[PID: 268 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [(Verified) Microsoft Corporation, 5.1.2600.6024 (xpsp_sp3_gdr.100817-1626)]
    [C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 3,0,0,2]
[PID: 320 / jason][D:\Downloads\Rising\RFW\RSTRAY.EXE]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.12]
    [D:\Downloads\Rising\RFW\comserv.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.15]
    [D:\Downloads\Rising\RFW\rslang.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.1]
    [D:\Downloads\Rising\RFW\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.4]
    [D:\Downloads\Rising\RFW\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.1]
    [D:\Downloads\Rising\RFW\ProcComm.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.1]
    [D:\Downloads\Rising\RFW\rsxml.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.2]
    [D:\Downloads\Rising\RFW\MonState.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2]
    [D:\Downloads\Rising\RFW\rfwrule.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.1]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\Downloads\Rising\RFW\rsconf.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.8]
    [D:\Downloads\Rising\RFW\rspalvd.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.7]
    [D:\Downloads\Rising\RFW\rsguilib.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.12]
    [D:\Downloads\Rising\RFW\rsnetsvr.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.12]
    [D:\Downloads\Rising\RFW\rsmginfo.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.14]
    [D:\Downloads\Rising\RFW\rfwtray.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 78]
    [D:\Downloads\Rising\RFW\rfwlog.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.7]
    [D:\Downloads\Rising\RFW\PngDll.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 3]
    [C:\WINDOWS\system32\xunyount.dll]  [, 1, 0, 0, 2]
    [C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 3,0,0,2]
[PID: 328 / jason][C:\WINDOWS\ZSSnp211.exe]  [ZSMCSNAP, 3, 6, 818, 7]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [C:\WINDOWS\system32\ZS211Prp.Ax]  [ZSMC, 3, 6, 703, 15]
[PID: 336 / jason][C:\WINDOWS\Domino.exe]  [, 3, 6, 818, 7]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
[PID: 368 / jason][C:\WINDOWS\system32\ctfmon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
[PID: 1920 / LOCAL SERVICE][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1976 / SYSTEM][C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe]  [Apple Inc., 17.66.0.47]
    [C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll]  [Apple, Inc., 1, 0, 0, 25]
    [C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll]  [Apple Inc., 17.66.0.47]
    [C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll]  [Apple Inc., 1,550,54,0]
    [C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll]  [Open Source Software community project, 2, 7, 0, 11200]
    [C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll]  [Apple Inc., 1,435,16,1]
    [C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll]  [Apple Inc., 1,109,5,11]
    [C:\Program Files\Common Files\Apple\Apple Application Support\icuin40.dll]  [IBM Corporation and others, 4, 0, 0, 3208]
    [C:\Program Files\Common Files\Apple\Apple Application Support\icuuc40.dll]  [IBM Corporation and others, 4, 0, 0, 3208]
    [C:\Program Files\Common Files\Apple\Apple Application Support\icudt40.dll]  [IBM Corporation and others, 4, 0, 0, 3208]
    [C:\WINDOWS\system32\xunyount.dll]  [, 1, 0, 0, 2]
[PID: 1556 / SYSTEM][C:\Program Files\Bonjour\mDNSResponder.exe]  [Apple Inc., 3,0,0,2]
    [C:\WINDOWS\system32\xunyount.dll]  [, 1, 0, 0, 2]
[PID: 504 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.9371]
    [C:\WINDOWS\system32\nvapi.dll]  [N/A, ]
[PID: 1672 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 2212 / jason][C:\Program Files\Rising\RSD\popwndexe.exe]  [Beijing Rising Information Technology Co., Ltd., 1.0.0.5]
    [C:\Program Files\Rising\RSD\rsdk.dll]  [Beijing Rising Information Technology Co., Ltd., 1.0.0.2]
    [C:\Program Files\Rising\RSD\rsmginfo.dll]  [Beijing Rising Information Technology Co., Ltd., 1.0.0.26]
    [C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 3,0,0,2]
    [C:\WINDOWS\system32\xunyount.dll]  [, 1, 0, 0, 2]
[PID: 2408 / jason][C:\WINDOWS\system32\wscntfy.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108)]
[PID: 2616 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
    [C:\WINDOWS\system32\xunyount.dll]  [, 1, 0, 0, 2]
[PID: 2220 / SYSTEM][D:\Downloads\Rising\RAV\RavMonD.exe]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 14]
    [D:\Downloads\Rising\RAV\combase.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 22]
    [D:\Downloads\Rising\RAV\rsconf.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.8]
    [D:\Downloads\Rising\RAV\scansrvp.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.12]
    [D:\Downloads\Rising\RAV\cnt09.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 1]
    [D:\Downloads\Rising\RAV\moncomm.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.3]
    [D:\Downloads\Rising\RAV\MonBase.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 1]
    [D:\Downloads\Rising\RAV\Rslog.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.26]
    [D:\Downloads\Rising\RAV\RsStore.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.12]
    [D:\Downloads\Rising\RAV\mondrvd.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 11]
    [D:\Downloads\Rising\RAV\defmon.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 62]
    [D:\Downloads\Rising\RAV\moncom08.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.2]
    [D:\Downloads\Rising\RAV\taskplug.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.2]
    [D:\Downloads\Rising\RAV\mondrvm.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 8]
    [D:\Downloads\Rising\RAV\MonRule.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 33]
    [D:\Downloads\Rising\RAV\FileMon.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 34]
    [D:\Downloads\Rising\RAV\MailMon.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 55]
    [D:\Downloads\Rising\RAV\rsindent.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.1.0]
    [D:\Downloads\Rising\RAV\cnt08.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 1]
    [D:\Downloads\Rising\RAV\proccomm.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.1]
    [D:\Downloads\Rising\RAV\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.4]
    [D:\Downloads\Rising\RAV\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.1]
    [D:\Downloads\Rising\RAV\Hooksys.dll]  [Beijing Rising Information Technology Co., Ltd., 25, 0, 0, 8]
    [D:\Downloads\Rising\RAV\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [D:\Downloads\Rising\RAV\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [D:\Downloads\Rising\RAV\rstask.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 8]
    [D:\Downloads\Rising\RAV\rslang.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.1]
    [D:\Downloads\Rising\RAV\rsstub.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.1]
    [D:\Downloads\Rising\RAV\hookTdi.dll]  [Beijing Rising Information Technology Co., Ltd., 25, 0, 0, 9]
    [D:\Downloads\Rising\RAV\BACore.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 98]
    [D:\Downloads\Rising\RAV\rsnetsvr.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.12]
    [D:\Downloads\Rising\RAV\bawhite.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 5]
    [D:\Downloads\Rising\RAV\ScanAdd.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.31]
    [D:\Downloads\Rising\RAV\Scanner.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 70]
    [D:\Downloads\Rising\RAV\recomp.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 12]
    [D:\Downloads\Rising\RAV\refs.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 3]
    [D:\Downloads\Rising\RAV\viruslib.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 8]
    [D:\Downloads\Rising\RAV\relibldr.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 1]
    [C:\WINDOWS\system32\xunyount.dll]  [, 1, 0, 0, 2]
    [D:\Downloads\Rising\RAV\ScanSrv.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 17]
    [D:\Downloads\Rising\RAV\scanpe.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 30]
    [D:\Downloads\Rising\RAV\pearc.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 8]
    [D:\Downloads\Rising\RAV\engext.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 25]
    [D:\Downloads\Rising\RAV\vmicore.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 18]
    [D:\Downloads\Rising\RAV\ur029.dat]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 2]
    [D:\Downloads\Rising\RAV\ffr.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 3]
    [D:\Downloads\Rising\RAV\nvfile.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 7]
    [D:\Downloads\Rising\RAV\scanexec.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 8]
    [D:\Downloads\Rising\RAV\unexe.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 0]
    [D:\Downloads\Rising\RAV\scanex.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 13]
    [D:\Downloads\Rising\RAV\extarch.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 15]
    [D:\Downloads\Rising\RAV\extcomp.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 6]
    [D:\Downloads\Rising\RAV\scantj.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 9]
    [D:\Downloads\Rising\RAV\extsfx.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 9]
    [D:\Downloads\Rising\RAV\scansct.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 1]
    [D:\Downloads\Rising\RAV\ur025.dat]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 2]
    [D:\Downloads\Rising\RAV\urutils.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 6]
    [D:\Downloads\Rising\RAV\extole.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 2]
[PID: 3604 / jason][D:\DOWNLOADS\RISING\RAV\RSTRAY.EXE]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.12]
    [D:\DOWNLOADS\RISING\RAV\comserv.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.15]
    [D:\DOWNLOADS\RISING\RAV\rslang.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.1]
    [D:\DOWNLOADS\RISING\RAV\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.4]
    [D:\DOWNLOADS\RISING\RAV\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.1]
    [D:\DOWNLOADS\RISING\RAV\ProcComm.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.1]
    [D:\DOWNLOADS\RISING\RAV\rsxml.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.2]
    [D:\DOWNLOADS\RISING\RAV\MonState.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2]
    [D:\DOWNLOADS\RISING\RAV\ScanEvnt.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.10]
    [D:\DOWNLOADS\RISING\RAV\rsguilib.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.12]
    [D:\DOWNLOADS\RISING\RAV\rsconf.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.8]
    [D:\DOWNLOADS\RISING\RAV\rspalvd.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.7]
    [D:\DOWNLOADS\RISING\RAV\mruleui.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 10]
    [D:\DOWNLOADS\RISING\RAV\MonTray.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.1.15]
    [D:\DOWNLOADS\RISING\RAV\rsmginfo.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.14]
    [D:\DOWNLOADS\RISING\RAV\UsbServ.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 3]
    [D:\DOWNLOADS\RISING\RAV\ScanTray.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.55]
    [D:\DOWNLOADS\RISING\RAV\PngDll.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 3]
    [D:\DOWNLOADS\RISING\RAV\dfw.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.66]
    [D:\DOWNLOADS\RISING\RAV\ScanPrxy.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.32]
    [D:\DOWNLOADS\RISING\RAV\GCompt.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.55]
    [D:\DOWNLOADS\RISING\RAV\Isol.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.14]
    [D:\DOWNLOADS\RISING\RAV\rsstore.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.12]
    [C:\WINDOWS\system32\xunyount.dll]  [, 1, 0, 0, 2]
    [C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 3,0,0,2]
[PID: 3548 / NETWORK SERVICE][C:\WINDOWS\system32\wbem\wmiprvse.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)]
[PID: 3836 / jason][D:\优化\sr-engldr.EXE]  [Smallfrogs Studio, 2.8.4.1331]
    [D:\优化\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost
127.0.0.2 127.0.0.1 activate.adobe.com
127.0.0.3 127.0.0.1 practivate.adobe.com
127.0.0.4 127.0.0.1 ereg.adobe.com
127.0.0.5 127.0.0.1 activate.wip3.adobe.com
127.0.0.6 127.0.0.1 wip3.adobe.com
127.0.0.7 127.0.0.1 3dns-3.adobe.com
127.0.0.8 127.0.0.1 3dns-2.adobe.com
127.0.0.9 127.0.0.1 adobe-dns.adobe.com
127.0.0.10 127.0.0.1 adobe-dns-2.adobe.com
127.0.0.11 127.0.0.1 adobe-dns-3.adobe.com
127.0.0.12 127.0.0.1 ereg.wip3.adobe.com
127.0.0.13 127.0.0.1 activate-sea.adobe.com
127.0.0.14 127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.15 127.0.0.1 activate-sjc0.adobe.com

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 328, C:\WINDOWS\ZSSNP211.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 336, C:\WINDOWS\DOMINO.EXE]

==================================
计划任务
N/A

==================================
Windows 安全更新检查
 Microsoft .NET Framework 版本 1.1，简体中文版 
KB925850,  Windows Media Player 11 
KB940157,  用于 Windows XP 的 Windows 搜索 4.0 (KB940157) 
KB909520,  Microsoft 基本智能卡加密服务提供程序包： x86 (KB909520) 
KB951847,  Microsoft .NET Framework 3.5 Service Pack 1 和 .NET Framework 3.5 Family Update (KB951847) x86 
KB944036,  用于 Windows XP 的 Internet Explorer 8 
KB971513,  Windows XP 更新程序 (KB971513) 
KB2492386,  Windows XP 更新程序 (KB2492386) 
KB2507938,  Windows XP 安全更新程序 (KB2507938) MS11-056
KB2567680,  Windows XP 安全更新程序 (KB2567680) MS11-063
KB2566454,  Windows XP 安全更新程序 (KB2566454) MS11-062
KB2562937,  用于 Windows XP 的 ActiveX Killbit 更新汇总 (KB2562937) 
KB2570222,  Windows XP 安全更新程序 (KB2570222) MS11-065
KB2536276,  Windows XP 安全更新程序 (KB2536276) MS11-043
KB2570791,  Windows XP 更新程序 (KB2570791) 
KB982670,  用于 Windows XP x86 的 Microsoft .NET Framework 4 Client Profile (KB982670) 
KB2570947,  Windows XP 安全更新程序 (KB2570947) MS11-071
KB2567053,  Windows XP 安全更新程序 (KB2567053) MS11-077
KB2592799,  Windows XP 安全更新程序 (KB2592799) MS11-080
KB2564958,  Windows XP 安全更新程序 (KB2564958) MS11-075
KB2586448,  用于 Windows XP 的 Internet Explorer 6 累积安全更新程序 (KB2586448) MS11-081
KB2544893,  Windows XP 安全更新程序 (KB2544893) MS11-037
KB890830,  Windows 恶意软件删除工具 - 2011 年 11 月 (KB890830) 
KB2641690,  Windows XP 更新程序 (KB2641690) 
KB931125,  根证书更新 [2011 年 11 月] (KB931125) 

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]