qq文件下会自己出来4个.EXE文件。
所有所有的运行程序都会弹出个方框 遇到问题关闭。或者是 应用程序错误。

以下是扫描报告


2010-09-10,20:41:10

System Repair Engineer 2.8.2.1321
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描
    计划任务
    Windows 安全更新检查
    API HOOK
    隐藏进程


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <miniqqlive><; "e:\Program Files\Tencent\QQLive\MiniQQLive.exe">  [File is missing]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <CnsM.dll><; Rundll32.exe C:\PROGRA~1\3721\CnsM.dll,Rundll32>  [File is missing]
    <RavTask><"d:\Program Files\Rising\Rav\RavTask.exe" -system>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
    <MSConfig><C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto>  [(Verified)Microsoft Windows Publisher]
    <CnsMin><; Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32>  [北京三七二一科技有限公司]
    <FixCamera><; C:\WINDOWS\FixCamera.exe>  []
    <helper.dll><; C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32>  [File is missing]
    <RfwMain><; "d:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
    <runeip><; "C:\Program Files\Rising\AntiSpyware\runiep.exe" /startup>  [Beijing Rising Technology Co., Ltd.]
    <snp2std><; C:\WINDOWS\vsnp2std.exe>  [Sonix]
    <SoundMan><; SOUNDMAN.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <switch><; c:\windows\system32\壁纸自动换.exe>  []
    <tsnp2std><; C:\WINDOWS\tsnp2std.exe>  []
    <VModes><; VModes AttachToDesktop>  [N/A]
    <VTTimer><; VTTimer.exe>  [S3 Graphics, Inc.]
    <VTTrayp><; VTtrayp.exe>  [S3 Graphics Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe>  [(Verified)Microsoft Windows Publisher]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]

用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; QQDownload 1.7; TencentTraveler 4.0)

==================================
启动文件夹
N/A

==================================
服务
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Proxy  Service / RfwProxySrv][Running/Auto Start]
  <d:\Program Files\Rising\Rfw\rfwProxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
  <d:\Program Files\Rising\Rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"d:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"D:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Tencent Software Update Service / TSUSVC][Stopped/Auto Start]
  <"C:\Program Files\Tencent\QQSoftMgr\1.0.338.203\TencentUpdateSvc.exe" -run><Tencent>

==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AliIde / AliIde][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD K8 Processor Driver / AmdK8][Stopped/Manual Start]
  <System32\DRIVERS\amdk8.sys><Advanced Micro Devices>
[CmdIde / CmdIde][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
  <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[HookCont / HookCont][Running/System Start]
  <\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Technology Co., Ltd>
[HookNtos / HookNtos][Running/System Start]
  <\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Technology Co., Ltd>
[HookReg / HookReg][Running/System Start]
  <\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Technology Co., Ltd>
[HookSys / HookSys][Running/System Start]
  <\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Technology Co., Ltd>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\d:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
  <system32\drivers\npf.sys><Politecnico di Torino>
[npkcrypt / npkcrypt][Stopped/Auto Start]
  <\??\C:\Program Files\QQ2006\npkcrypt.sys><N/A>
[nv / nv][Stopped/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[ocqhodk / ocqhodk][Running/Boot Start]
  <\SystemRoot\\SystemRoot\System32\drivers\ocqhodk.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Rising  Rfwbase Driver / RfwBase][Running/Auto Start]
  <System32\DRIVERS\rfwbase.SYS><Beijing Rising Technology Co., Ltd.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
[RsFwDrv / RsFwDrv][Running/System Start]
  <\??\d:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[Realtek 10/100/1000 PCI NIC Family NDIS XP Driver / RTL8023xp][Running/Manual Start]
  <system32\DRIVERS\Rtnicxp.sys><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[USB2.0 PC Camera (SNP2STD) / SNP2STD][Running/Manual Start]
  <system32\DRIVERS\snp2sxp.sys><>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[VIA AGP Filter / viaagp1][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\viaagp1.sys><VIA Technologies, Inc.>
[viagfx / viagfx][Running/Manual Start]
  <system32\DRIVERS\vtmini.sys><Copyright (C) VIA/S3 Graphics Co, Ltd.>
[VIAMRAID / VIAMRAID][Stopped/Boot Start]
  <\SystemRoot\system32\DRIVERS\viamraid.sys><VIA Technologies inc,.ltd>
[kajkdwzfjown / kajkdwzfjown][Running/Manual Start]
  <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\hozhgvkmyrjq><N/A>

==================================
浏览器加载项
[QQCycloneHelper Class]
  {00000000-12C9-4305-82F9-43058F20E8D2} <E:\Program Files\Tencent\QQDownload\QQIEHelper02.dll, N/A>
[VnetCookie Class]
  {4E83D567-4697-4F7B-B1F0-A513B01DB89A} <C:\PROGRA~1\ChinaNet\VNETTR~1.DLL, >
[]
  {A9930D97-9CF0-42A0-A10D-4F28836579D5} <E:\PROGRA~1\KuGoo3\KUGOO3~1.OCX, 酷狗>
[访问瑞星网站]
  {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E444} <http://www.rising.com.cn/?u=RSTB, N/A>
[访问卡卡社区]
  {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E445} <http://www.ikaka.com/?u=RSTB, N/A>
[Submit Class]
  {A3CD7F74-93C9-4BC4-B892-CCDF1514F714} <C:\WINDOWS\Downloaded Program Files\safeInput4jh.dll, Beijing eChannels Century Technology Co.,Ltd>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10i.ocx, (Signed) Adobe Systems, Inc.>
[QQCycloneHelper Class]
  {00000000-12C9-4305-82F9-43058F20E8D2} <E:\Program Files\Tencent\QQDownload\QQIEHelper02.dll, N/A>
[VnetCookie Class]
  {4E83D567-4697-4F7B-B1F0-A513B01DB89A} <C:\PROGRA~1\ChinaNet\VNETTR~1.DLL, >
[QQPYChecker Class]
  {5052B4D0-9DF7-45ef-88EF-F42C0EA33A43} <E:\Program Files\Tencent\QQPinyin\3.3.881.400\QQImeChecker.dll, (Signed) Tencent>
[AutoLive]
  {7CA83CF1-3AEA-42D0-A4E3-1594FC6E48B2} <C:\PROGRA~1\3721\autolive.dll, N/A>
[]
  {A9930D97-9CF0-42A0-A10D-4F28836579D5} <E:\PROGRA~1\KuGoo3\KUGOO3~1.OCX, 酷狗>
[]
  {BE830FD4-E393-417F-9F4B-CC70ABB3384C} <, >
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10i.ocx, (Signed) Adobe Systems, Inc.>
[]
  {F08555B0-9CC3-11D2-AA8E-000000000000} <, >
[VnetClinfo Control]
  {FB303E8E-BCBC-4E76-BC72-8D3C16D2FF08} <C:\PROGRA~1\ChinaNet\VNETCL~1.OCX, >
[]
  {FB5F1910-F110-11D2-BB9E-00C04F795683} <, >
[]
  {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E444} <, >
[]
  {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E445} <, >
[&使用超级旋风下载]
  <E:\Program Files\Tencent\QQDownload\geturl.htm, N/A>
[&使用超级旋风下载全部链接]
  <E:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>
[使用KuGoo3下载(&K)]
  <E:\Program Files\KuGoo3\KuGoo3DownX.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
  <E:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>

==================================
正在运行的进程
[PID: 456 / SYSTEM][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 524 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [d:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 548 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [d:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 592 / SYSTEM][C:\WINDOWS\system32\services.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [d:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 604 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [d:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 756 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [d:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 800 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [d:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 876 / SYSTEM][d:\Program Files\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.28]
    [d:\Program Files\Rising\Rav\LPK.DLL]  [N/A, ]
    [d:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 932 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [d:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 992 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [d:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 1068 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [d:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 1116 / SYSTEM][D:\PROGRAM FILES\RISING\RAV\Ravmond.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.60]
    [D:\PROGRAM FILES\RISING\RAV\BWList.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.4]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [D:\PROGRAM FILES\RISING\RAV\USP10.dll]  [N/A, ]
    [D:\PROGRAM FILES\RISING\RAV\RSAPPMGR.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [D:\PROGRAM FILES\RISING\RAV\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.10]
    [D:\PROGRAM FILES\RISING\RAV\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.27]
    [D:\PROGRAM FILES\RISING\RAV\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [D:\PROGRAM FILES\RISING\RAV\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [D:\PROGRAM FILES\RISING\RAV\MonRule.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.24]
    [D:\PROGRAM FILES\RISING\RAV\Hooksys.dll]  [Beijing Rising Technology Co., Ltd, 22, 0, 0, 7]
    [D:\PROGRAM FILES\RISING\RAV\HookReg.dll]  [Beijing Rising Technology Co., Ltd, 22, 0, 0, 2]
    [D:\PROGRAM FILES\RISING\RAV\HookNtos.dll]  [Beijing Rising Technology Co., Ltd, 22, 0, 0, 2]
    [D:\PROGRAM FILES\RISING\RAV\rswalmon.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 21]
    [d:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [D:\PROGRAM FILES\RISING\RAV\recomp.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [D:\PROGRAM FILES\RISING\RAV\refs.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9]
    [D:\PROGRAM FILES\RISING\RAV\ffr.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9]
    [D:\PROGRAM FILES\RISING\RAV\extfile.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 18]
    [d:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
    [d:\Program Files\Rising\Rav\RsStore.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.8]
    [D:\PROGRAM FILES\RISING\RAV\HookCont.dll]  [Beijing Rising Technology Co., Ltd, 22, 0, 0, 1]
    [d:\Program Files\Rising\Rav\fakescan.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.13]
    [d:\Program Files\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.34]
    [D:\PROGRAM FILES\RISING\RAV\viruslib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 14]

[D:\PROGRAM FILES\RISING\RAV\relibldr.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 12]
    [D:\PROGRAM FILES\RISING\RAV\HookWeb.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.2]
    [D:\PROGRAM FILES\RISING\RAV\pearc.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 5]
    [D:\PROGRAM FILES\RISING\RAV\nvfile.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [D:\PROGRAM FILES\RISING\RAV\scanexec.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 11]
    [D:\PROGRAM FILES\RISING\RAV\unexe.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4]
    [D:\PROGRAM FILES\RISING\RAV\scanex.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [D:\PROGRAM FILES\RISING\RAV\scanpack.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 5]
    [D:\PROGRAM FILES\RISING\RAV\revm.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 7]
    [D:\PROGRAM FILES\RISING\RAV\uroutine.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 20]
    [D:\PROGRAM FILES\RISING\RAV\scriptci.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 2]
    [D:\PROGRAM FILES\RISING\RAV\scansct.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 6]
    [D:\PROGRAM FILES\RISING\RAV\extmail.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9]
[PID: 1172 / SYSTEM][d:\Program Files\Rising\Rfw\rfwsrv.exe]  [Beijing Rising Technology Co., Ltd., 7.0.0.65]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [d:\Program Files\Rising\Rfw\USP10.dll]  [N/A, ]
    [d:\Program Files\Rising\Rfw\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [d:\Program Files\Rising\Rfw\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [d:\Program Files\Rising\Rfw\RSAPPMGR.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [d:\Program Files\Rising\Rfw\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.10]
    [d:\Program Files\Rising\Rfw\RfwRule.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.13]
    [d:\Program Files\Rising\Rfw\rfwlog.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.12]
    [d:\Program Files\Rising\Rfw\Rfwdrv.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.41]
    [d:\Program Files\Rising\Rfw\ijt_ctrl.dll]  [Beijing Rising Technology Co., Ltd., 7, 0, 0, 0]
    [d:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\Program Files\Rising\Rfw\unvdet.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
    [d:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
    [d:\Program Files\Rising\Rfw\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.3]
[PID: 1352 / SYSTEM][d:\Program Files\Rising\Rfw\rfwProxy.exe]  [Beijing Rising Technology Co., Ltd., 7.0.0.29]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [d:\Program Files\Rising\Rfw\USP10.dll]  [N/A, ]
    [d:\Program Files\Rising\Rfw\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [d:\Program Files\Rising\Rfw\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [d:\Program Files\Rising\Rfw\RfwRule.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.13]
    [d:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
    [d:\Program Files\Rising\Rfw\MonMid.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 1704 / SYSTEM][d:\Program Files\Rising\Rfw\rfwstub.exe]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [d:\Program Files\Rising\Rfw\USP10.dll]  [N/A, ]
    [d:\Program Files\Rising\Rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [d:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 1856 / SYSTEM][D:\PROGRAM FILES\RISING\RAV\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.9]
    [D:\PROGRAM FILES\RISING\RAV\LPK.DLL]  [N/A, ]
    [d:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
    [D:\PROGRAM FILES\RISING\RAV\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [D:\PROGRAM FILES\RISING\RAV\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [D:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[PID: 1984 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [d:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 856 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [d:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
    [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll]  [Microsoft Corporation, 5.2.6001.22319 (vistasp1_ldr.081126-1506)]
[PID: 1036 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [d:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 2632 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [d:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 3036 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [d:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 3424 / Administrator][C:\WINDOWS\system32\conime.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [d:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 5348 / Administrator][C:\WINDOWS\explorer.exe]  [(Verified) Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\LPK.DLL]  [N/A, ]
    [d:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.17]
    [d:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [C:\WINDOWS\system32\browselc.dll]  [Microsoft Corporation, 6.00.2600.0000]
    [E:\PROGRA~1\KuGoo3\KUGOO3~1.OCX]  [酷狗, 5.2.4.4]
    [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll]  [Microsoft Corporation, 5.2.6001.22319 (vistasp1_ldr.081126-1506)]
    [C:\WINDOWS\system32\shlhook.dll]  [Beijing Rising Technology Co., Ltd., 4.0.0.9]
[PID: 5588 / Administrator][d:\Program Files\Rising\Rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 7.0.1.48]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [d:\Program Files\Rising\Rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 79]
    [d:\Program Files\Rising\Rfw\USP10.dll]  [N/A, ]
    [d:\Program Files\Rising\Rfw\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]

[d:\Program Files\Rising\Rfw\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [d:\Program Files\Rising\Rfw\RSAPPMGR.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [d:\Program Files\Rising\Rfw\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.10]
    [d:\Program Files\Rising\Rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [d:\Program Files\Rising\Rfw\RfwCtrl.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.7]
    [d:\Program Files\Rising\Rfw\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0]
    [d:\Program Files\Rising\Rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [d:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
    [d:\Program Files\Rising\Rfw\RfwRule.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.13]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 5732 / Administrator][D:\Program Files\幻灵游侠2.5\WG\newsys\zd\自动登陆.exe]  [N/A, ]
    [D:\Program Files\幻灵游侠2.5\WG\newsys\zd\LPK.DLL]  [N/A, ]
    [d:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N4\krnln.fnr]  [, 1, 0, 0, 1]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_N4\shell.fne]  [N/A, ]
    [D:\Program Files\幻灵游侠2.5\WG\newsys\zd\AES.DLL]  [N/A, ]
    [C:\WINDOWS\system32\shlhook.dll]  [Beijing Rising Technology Co., Ltd., 4.0.0.9]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.17]
    [D:\新建文件夹\变速齿轮\GearNtKe.dll]  [N/A, ]
[PID: 5288 / Administrator][C:\WINDOWS\system32\dwwin.exe]  [(Verified) Microsoft Corporation, 10.0.5815]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [d:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 2716 / Administrator][C:\WINDOWS\system32\cmd.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [d:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 5012 / Administrator][C:\PROGRA~1\WinRAR\Rar.exe]  [N/A, ]
    [C:\PROGRA~1\WinRAR\USP10.dll]  [N/A, ]
[PID: 6932 / Administrator][C:\WINDOWS\system32\cmd.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [d:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 8024 / Administrator][C:\PROGRA~1\WinRAR\Rar.exe]  [N/A, ]
    [C:\PROGRA~1\WinRAR\USP10.dll]  [N/A, ]
[PID: 4188 / Administrator][D:\Program Files\Tencent\TT\bin\TTraveler.exe]  [Tencent, 4, 8, 0, 733]
    [D:\Program Files\Tencent\TT\bin\TTUtilWidget.dll]  [Tencent, 4, 8, 0, 733]
    [D:\Program Files\Tencent\TT\bin\LPK.DLL]  [N/A, ]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [d:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
    [D:\Program Files\Tencent\TT\bin\PlatformWidget.dll]  [Tencent, 4, 8, 0, 733]
    [D:\Program Files\Tencent\TT\bin\TTMainFrame.dll]  [Tencent, 4, 8, 0, 733]
    [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\gdiplus.dll]  [Microsoft Corporation, 5.2.6001.22319 (vistasp1_ldr.081126-1506)]
    [D:\Program Files\Tencent\TT\bin\TTMBrowser.dll]  [Tencent, 4, 8, 0, 733]
    [D:\Program Files\Tencent\TT\bin\TTabMgr.dll]  [Tencent, 4, 8, 0, 733]
    [D:\Program Files\Tencent\TT\bin\TTStore.dll]  [Tencent, 4, 8, 0, 733]
    [D:\Program Files\Tencent\TT\bin\TTSkin.dll]  [Tencent, 4, 8, 0, 733]
    [D:\Program Files\Tencent\TT\bin\TTFilter.dll]  [Tencent, 4, 8, 0, 733]
    [D:\Program Files\Tencent\TT\bin\TTNetwork.dll]  [Tencent, 4, 8, 0, 733]
    [D:\Program Files\Tencent\TT\bin\sqlite3.dll]  [N/A, ]
    [d:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [D:\Program Files\Tencent\TT\bin\TTPluginMng.dll]  [Tencent, 4, 8, 0, 733]
    [D:\Program Files\Tencent\TT\Plugins\3TTWeather\TTWeather.dll]  [Tencent, 1.0.0.1]
    [D:\Program Files\Tencent\TT\bin\FavoriteLogical.dll]  [Tencent, 4, 8, 0, 733]
    [C:\WINDOWS\Downloaded Program Files\safeInput4jh.dll]  [Beijing eChannels Century Technology Co.,Ltd, 3, 0, 0, 0]
    [C:\Program Files\Common Files\Tencent\TXSSO\Bin\SSOAxCtrlForPTLogin.dll]  [, 1, 0, 1, 4]
    [C:\Program Files\Common Files\Tencent\TXSSO\Bin\SSOPlatform.dll]  [Tencent, 1.2.1.6]
    [C:\Program Files\Common Files\Tencent\TXSSO\Bin\SSOCommon.DLL]  [Tencent, 1.2.1.5]
    [C:\WINDOWS\system32\Macromed\Flash\Flash10i.ocx]  [Adobe Systems, Inc., 10,1,82,76]
    [E:\Program Files\Tencent\QQ\Plugin\Com.Tencent.QQMusic\bin\QQMusic\QzoneMusic.dll]  [Tencent, 3, 2, 165, 710]
    [E:\PROGRA~1\Tencent\QQ\Bin\CPHelper.dll]  [Tencent, 1, 48, 1700, 0]
    [E:\PROGRA~1\Tencent\QQ\Bin\Common.dll]  [Tencent, 1, 48, 1690, 0]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.DLL]  [Microsoft Corporation, 8.00.50727.4053]
    [E:\PROGRA~1\Tencent\QQ\Bin\GF.dll]  [Tencent, 1, 48, 1690, 0]
    [E:\PROGRA~1\Tencent\QQ\Bin\xGraphic32.dll]  [Tencent, 1, 48, 1690, 0]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.4053]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\MFC80CHS.DLL]  [Microsoft Corporation, 8.00.50727.4053]
    [C:\WINDOWS\system32\QQPINYIN.IME]  [Tencent, 3.3.881.400]
    [D:\Program Files\Tencent\TT\bin\TSupport.dll]  [TENCENT Inc., 1, 2, 11, 201]
[PID: 7888 / Administrator][C:\WINDOWS\system32\dwwin.exe]  [(Verified) Microsoft Corporation, 10.0.5815]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\新建文件夹\变速齿轮\GearNtKe.dll]  [N/A, ]
[PID: 2140 / Administrator][C:\WINDOWS\system32\cmd.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\新建文件夹\变速齿轮\GearNtKe.dll]  [N/A, ]
    [d:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 5400 / Administrator][C:\PROGRA~1\WinRAR\Rar.exe]  [N/A, ]
    [C:\PROGRA~1\WinRAR\LPK.DLL]  [N/A, ]
    [D:\新建文件夹\变速齿轮\GearNtKe.dll]  [N/A, ]
[PID: 7004 / Administrator][C:\WINDOWS\system32\dwwin.exe]  [(Verified) Microsoft Corporation, 10.0.5815]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\新建文件夹\变速齿轮\GearNtKe.dll]  [N/A, ]
    [d:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]

[d:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 2620 / Administrator][D:\TDDownload\新建文件夹\SReng2.8.2.1321版\运行助手.exe]  [, 1, 0, 0, 1]
    [d:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 6352 / Administrator][D:\TDDownload\新建文件夹\SReng2.8.2.1321版\sr-engldr.EXE]  [Smallfrogs Studio, 2.8.2.1321]
    [d:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\TDDownload\新建文件夹\SReng2.8.2.1321版\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
[PID: 7236 / SYSTEM][C:\WINDOWS\system32\wuauclt.exe]  [(Verified) Microsoft Corporation, 7.0.6000.374 (winmain(wmbla).070416-2057)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [d:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 10188 / Administrator][C:\WINDOWS\system32\cmd.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [d:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 10224 / Administrator][C:\PROGRA~1\WinRAR\Rar.exe]  [N/A, ]
    [C:\PROGRA~1\WinRAR\LPK.DLL]  [N/A, ]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 548, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 5732, D:\PROGRAM FILES\幻灵游侠2.5\WG\NEWSYS\ZD\自动登陆.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 5732, D:\PROGRAM FILES\幻灵游侠2.5\WG\NEWSYS\ZD\自动登陆.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 5012, C:\PROGRA~1\WINRAR\RAR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 5012, C:\PROGRA~1\WINRAR\RAR.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 8024, C:\PROGRA~1\WINRAR\RAR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 8024, C:\PROGRA~1\WINRAR\RAR.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 5400, C:\PROGRA~1\WINRAR\RAR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 5400, C:\PROGRA~1\WINRAR\RAR.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 2620, D:\TDDOWNLOAD\新建文件夹\SRENG2.8.2.1321版\运行助手.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2620, D:\TDDOWNLOAD\新建文件夹\SRENG2.8.2.1321版\运行助手.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 10224, C:\PROGRA~1\WINRAR\RAR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 10224, C:\PROGRA~1\WINRAR\RAR.EXE]

==================================
计划任务
N/A

==================================
Windows 安全更新检查
Microsoft .NET Framework 版本 1.1，简体中文版
KB920342,  Windows XP 更新程序 (KB920342)
KB941569,  用于附带 Windows Media Format Runtime 9.5 和 11 的 Windows XP 的安全更新程序 (KB941569) MS07-068
KB950760,  用于 Windows XP 的 ActiveX Killbit 累积安全更新程序 (KB950760) MS08-032
KB950762,  Windows XP 安全更新程序 (KB950762) MS08-036
KB951376,  Microsoft XP 安全更新程序 (KB951376) MS08-030
KB940157,  用于 Windows XP 的 Windows 搜索 4.0 (KB940157)
KB951748,  Windows XP 安全更新程序 (KB951748) MS08-037
KB944338,  Windows XP 安全更新程序 (KB944338) MS08-022
KB939683,  用于 Windows XP 的 Windows Media Player 11 更新程序 (KB939683)
KB952954,  Windows XP 安全更新程序 (KB952954) MS08-046
KB950974,  Microsoft XP 安全更新程序 (KB950974) MS08-049
KB952287,  Windows XP 更新程序 (KB952287)
KB954154,  Microsoft XP 安全更新程序 (KB954154) MS08-054
KB958644,  Windows XP 安全更新程序 (KB958644) MS08-067
KB955069,  Windows XP 安全更新程序 (KB955069) MS08-069
KB956802,  Windows XP 安全更新程序 (KB956802) MS08-071
KB956803,  Windows XP 安全更新程序 (KB956803) MS08-066
KB960225,  Windows XP 安全更新程序 (KB960225) MS09-007
KB967715,  Windows XP 更新程序 (KB967715)
KB909520,  Microsoft 基本智能卡加密服务提供程序包： x86 (KB909520)
KB923561,  Windows XP 安全更新程序 (KB923561) MS09-010
KB956572,  Windows XP 安全更新程序 (KB956572) MS09-012
KB952004,  Windows XP 安全更新程序 (KB952004) MS09-012
KB960803,  Windows XP 安全更新程序 (KB960803) MS09-013
KB959426,  Windows XP 安全更新程序 (KB959426) MS09-015
KB936929,  Windows XP Service Pack 3 (KB936929)
KB961501,  Windows XP 安全更新程序 (KB961501) MS09-022
KB970238,  Windows XP 安全更新程序 (KB970238) MS09-026
KB951847,  Microsoft .NET Framework 3.5 Service Pack 1 和 .NET Framework 3.5 Family Update (KB951847) x86
KB971032,  Windows XP 安全更新程序 (KB971032) MS09-040
KB973540,  Windows XP Service Pack 2 安全更新程序 (KB973540) MS09-037
KB973869,  Windows XP 安全更新程序 (KB973869) MS09-037
KB958470,  Windows XP 安全更新程序 (KB958470) MS09-044
KB973507,  Windows XP 安全更新程序 (KB973507) MS09-037
KB960859,  Windows XP 安全更新程序 (KB960859) MS09-042
KB973815,  Windows XP 安全更新程序 (KB973815) MS09-037
KB971657,  Windows XP 安全更新程序 (KB971657) MS09-041
KB944036,  用于 Windows XP 的 Internet Explorer 8
KB956844,  Windows XP 安全更新程序 (KB956844) MS09-046
KB971961,  用于 Windows XP 的 Jscript 5.6 的安全更新程序 (KB971961) MS09-045
KB954155,  用于 Windows XP SP 2 的 Windows Media Format Runtime 9、9.5 和 11 的安全更新程序 (KB954155) MS09-051
KB975025,  Windows XP 安全更新程序 (KB975025) MS09-051
KB974571,  Windows XP 安全更新程序 (KB974571) MS09-056
KB974112,  Windows XP 安全更新程序 (KB974112) MS09-052
KB958869,  Windows XP 安全更新程序 (KB958869) MS09-062
KB969059,  Windows XP 安全更新程序 (KB969059) MS09-057
KB968389,  Windows XP 更新程序 (KB968389)
KB973687,  Windows XP 更新程序 (KB973687)
KB952069,  Windows XP Service Pack 2 安全更新程序 (KB952069) MS08-076
KB974318,  Windows XP 安全更新程序 (KB974318) MS09-071
KB974392,  Windows XP 安全更新程序 (KB974392) MS09-069
KB955759,  Windows XP 更新程序 (KB955759)
KB973904,  Windows XP 安全更新程序 (KB973904) MS09-073
KB972270,  Windows XP 安全更新程序 (KB972270) MS10-001
KB975713,  Windows XP 安全更新程序 (KB975713) MS10-007
KB978037,  Windows XP 安全更新程序 (KB978037) MS10-011
KB975560,  Windows XP 安全更新程序 (KB975560) MS10-013
KB977914,  Windows XP 安全更新程序 (KB977914) MS10-013
KB971468,  Windows XP 安全更新程序 (KB971468) MS10-012
KB978706,  Windows XP 安全更新程序 (KB978706) MS10-005
KB980232,  Windows XP 安全更新程序 (KB980232) MS10-020
KB977816,  Windows XP 安全更新程序 (KB977816) MS10-026
KB981350,  Windows XP 安全更新程序 (KB981350) MS10-022
KB979309,  Windows XP 安全更新程序 (KB979309) MS10-019
KB978338,  Windows XP 安全更新程序 (KB978338) MS10-029
KB979683,  Windows XP 安全更新程序 (KB979683) MS10-021
KB978601,  Windows XP 安全更新程序 (KB978601) MS10-019
KB978542,  Windows XP 安全更新程序 (KB978542) MS10-030
KB981793,  Windows XP 更新程序 (KB981793)
KB931125,  根证书更新程序 [2010 年 5 月] (KB931125)
KB980218,  Windows XP 安全更新程序 (KB980218) MS10-037
KB978695,  用于 Windows XP SP2 的 Windows Media Format Runtime 9、9.5 和 11 的安全更新程序 (KB978695) MS10-033
KB980195,  用于 Windows XP 的 ActiveX Killbit 累积安全更新程序 (KB980195) MS10-034
KB979482,  Windows XP 安全更新程序 (KB979482) MS10-033
KB975562,  Windows XP 安全更新程序 (KB975562) MS10-033
KB979559,  Windows XP 安全更新程序 (KB979559) MS10-032
KB982381,  用于 Windows XP 的 Internet Explorer 6 累积安全更新程序 (KB982381) MS10-035
KB2229593,  Windows XP 安全更新程序 (KB2229593) MS10-042
KB890830,  Windows 恶意软件删除工具 - 2010 年 8 月 (KB890830)

==================================
API HOOK
入口点错误：CreateProcessA (危险等级: 高,  被下面模块所HOOK: 0x00E4212D)
入口点错误：CreateProcessW (危险等级: 高,  被下面模块所HOOK: 0x00E42215)

==================================
隐藏进程
N/A

==================================

~用附件工具搞下~
附注：用暴力删除器把C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\hozhgvkmyrjq干掉
~处理后，再重新扫份日志上来~

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\hozhgvkmyrjq
找不到啊

~那个附件工具给你电脑处理的怎么样了？如果处理了，就扫份新日志上来~