2009-01-15,20:00:08

System Repair Engineer 2.7.0.1210
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描
    计划任务
    API HOOK
    隐藏进程


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [Microsoft Corporation]
    <swg><C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe>  [(Verified)Google Inc]
    <QQ2009><"E:\QQ2009\Bin\QQ.exe" /background>  [(Verified)Tencent Technology(Shenzhen) Company Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <switch><c:\windows\system32\壁纸自动换.exe>  []
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <nwiz><nwiz.exe /install>  []
    <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <Cmaudio><RunDll32 cmicnfg.cpl,CMICtrlWnd>  [N/A]
    <BigDogPath><C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (ZC0301PL)>  [File is missing]
    <Flashget><"C:\Program Files\FlashGet\FlashGet.exe" /min>  [FlashGet.com]
    <runeip><"G:\rx\kaka\rstray.exe" /startup>  [(Verified)Beijing Rising Information Technology Corporation Limited]
    <RisTray><"C:\Program Files\Rising\Ris\RsTray.exe" -system>  [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <KKDelay><G:\rx\kaka\RunOnce.exe>  [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><eikpjnpd.dll,FA8DB457.dll,oienmiop.dll,lpknncbj.dll,fgbecdke.dll,aefpdgib.dll,hoklafih.dll,C60CD181.dll,bckaddlj.dll,gmjbaaap.dll,BADA7991.dll,lbbgnlej.dll,kmbpibkk.dll,dbcihiln.dll,lbpamfao.dll,ccidanba.dll,ofdmgeji.dll,AD35F6AA.dll,clclcdcm.dll,ncidkneb.dll,4AC0C10F.dll,ljmhlimi.dll,nlbhhibo.dll,B91780AB.dll,gilndpkl.dll,09D334D6.dll,bipielip.dll,ejkadikb.dll,chimeolc.dll,kmon.dll>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{3FDEB171-8F86-0009-0001-69B8DB553683}><C:\WINDOWS\system32\sysdlwd2.dll>  [File is missing]
    <{5A041F13-A111-12A4-B0CF-F99818AA68A5}><C:\WINDOWS\system32\artlbbdll.dll>  [File is missing]
    <{3FDEB171-8F86-D001-D001-69B8DB553683}><C:\WINDOWS\system32\sysdlhj4.dll>  [File is missing]
    <{5BB075E3-9428-4C92-9BBA-286A0E728B98}><C:\WINDOWS\system32\lbbgnlej.dll>  [File is missing]
    <{BADA7991-A1AD-441A-914E-D4FB34011CFD}><C:\WINDOWS\system32\BADA7991.dll>  [File is missing]
    <{063BAAA9-49F6-4955-8E2B-3D09FC995540}><C:\WINDOWS\system32\gmjbaaap.dll>  [File is missing]
    <{3FDEB171-8F86-0008-0001-69B8DB553683}><C:\WINDOWS\system32\sysdlyy4.dll>  [File is missing]
    <{BC4ADD53-B900-4EC8-9AB9-B3B19BE62CA5}><C:\WINDOWS\system32\bckaddlj.dll>  [File is missing]
    <{C60CD181-310D-4D46-A869-F38722D95D36}><C:\WINDOWS\system32\C60CD181.dll>  [File is missing]
    <{1845AF21-3B2E-4F11-84C9-1B4E2AFD1F92}><C:\WINDOWS\system32\hoklafih.dll>  [File is missing]
    <{AEF9D02B-6AD0-4E75-97C3-58BDCC5D914E}><C:\WINDOWS\system32\aefpdgib.dll>  [File is missing]
    <{F0BECD4E-369C-4029-806A-94238B389258}><C:\WINDOWS\system32\fgbecdke.dll>  [File is missing]
    <{59477CB3-D98A-458B-BBE8-D916708D687F}><C:\WINDOWS\system32\lpknncbj.dll>  [File is missing]
    <{82E76289-9ADE-4B92-A72F-252D0474858B}><C:\WINDOWS\system32\oienmiop.dll>  [File is missing]
    <{FA8DB457-F3EA-42D6-8EDE-8947FA769424}><C:\WINDOWS\system32\FA8DB457.dll>  [File is missing]
    <{E249379D-86B3-4CD5-A0DA-86506F762DD4}><C:\WINDOWS\system32\eikpjnpd.dll>  [File is missing]
    <{C126E85C-4DDC-43E9-9E45-A3E7B765DC73}><C:\WINDOWS\system32\chimeolc.dll>  [File is missing]
    <{E34AD24B-1473-4BCD-8873-2730DC3831C5}><C:\WINDOWS\system32\ejkadikb.dll>  [File is missing]
    <{B292E529-F65B-4A5A-8623-F3B251C547A9}><C:\WINDOWS\system32\bipielip.dll>  [File is missing]
    <{09D334D6-C1B0-4A6C-9819-6613278049C7}><C:\WINDOWS\system32\09D334D6.dll>  [File is missing]
    <{0257D945-880B-44C1-8672-B82BE577DD59}><C:\WINDOWS\system32\gilndpkl.dll>  [File is missing]
    <{B91780AB-953E-42F4-B4AE-79160AD02528}><C:\WINDOWS\system32\B91780AB.dll>  [File is missing]
    <{75B112B8-7C32-4199-8864-05D0B5CBEEAC}><C:\WINDOWS\system32\nlbhhibo.dll>  [File is missing]
    <{53615262-E16B-43CA-ADFA-78A70AB1A0CF}><C:\WINDOWS\system32\ljmhlimi.dll>  [File is missing]
    <{4AC0C10F-C350-4A47-A450-7BB32C31A07B}><C:\WINDOWS\system32\4AC0C10F.dll>  [File is missing]
    <{7C2D47EB-F69F-4538-B1DB-549E08763C94}><C:\WINDOWS\system32\ncidkneb.dll>  [File is missing]
    <{8A91F259-6B1A-4DD5-BF5B-259FF454AC49}><C:\WINDOWS\system32\oaphfilp.dll>  [File is missing]
    <{88FD8DF1-44A7-41E4-875B-8F0C1655EDB6}><C:\WINDOWS\system32\oofdodfh.dll>  [File is missing]
    <{108349D5-7824-4396-860D-5870D04E32E3}><C:\WINDOWS\system32\hgojkpdl.dll>  [File is missing]
    <{3FDEB171-8F86-0012-0001-69B8DB553683}><C:\WINDOWS\system32\sysdlTLBB.dll>  [File is missing]
    <{C5C5CDC6-83FA-4233-A736-4E1D0B030382}><C:\WINDOWS\system32\clclcdcm.dll>  [File is missing]
    <{AD35F6AA-4ACA-4690-A014-538F980C08C9}><C:\WINDOWS\system32\AD35F6AA.dll>  [File is missing]
    <{CC2DA7BA-99C1-461D-9BA4-EAA05F43E64E}><C:\WINDOWS\system32\ccidanba.dll>  [File is missing]
    <{5B9A6FA8-2D09-4D9D-81A7-18B1411F6DDB}><C:\WINDOWS\system32\lbpamfao.dll>  [File is missing]
    <{DBC21257-C939-49AB-9C6B-A15C053523A2}><C:\WINDOWS\system32\dbcihiln.dll>  [File is missing]
    <{16BBE8E8-E993-4FA1-93B0-9BFADC01B224}><C:\WINDOWS\system32\hmbbeoeo.dll>  [File is missing]
    <{05C58E6E-D49A-492E-A8B5-6630ED431C25}><C:\WINDOWS\system32\glcloeme.dll>  [File is missing]
    <{46B92B44-2113-4240-8383-4E35DDE21056}><C:\WINDOWS\system32\kmbpibkk.dll>  [File is missing]
    <{959AFAE4-9800-4E39-BBB3-1F2460B4A0D5}><C:\WINDOWS\system32\plpafaek.dll>  [File is missing]
    <{5A6407C9-D723-4B85-B733-DD59B9E51DF4}><C:\WINDOWS\system32\lamkgncp.dll>  [File is missing]
    <{3F3C0F1B-6F23-4C72-8A4E-70ED99D6F61F}><C:\WINDOWS\system32\jfjcgfhb.dll>  [File is missing]
    <{21687402-375D-4B32-B07D-58ADEFACCD65}><C:\WINDOWS\system32\ihmonkgi.dll>  [File is missing]
    <{8FD60E32-4AD4-43FE-83CA-D6B75D4FE26F}><C:\WINDOWS\system32\ofdmgeji.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <WebCheck><%SystemRoot%\system32\webcheck.dll>  [(Verified)Microsoft Windows Publisher]
    <SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Publisher]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Component Publisher]
    <5BB075E3><C:\WINDOWS\system32\lbbgnlej.dll>  [File is missing]
    <BADA7991><C:\WINDOWS\system32\BADA7991.dll>  [File is missing]
    <DE979EC0><>  [N/A]
    <063BAAA9><C:\WINDOWS\system32\gmjbaaap.dll>  [File is missing]
    <BC4ADD53><C:\WINDOWS\system32\bckaddlj.dll>  [File is missing]
    <C60CD181><C:\WINDOWS\system32\C60CD181.dll>  [File is missing]
    <A656A2B6><>  [N/A]
    <1845AF21><C:\WINDOWS\system32\hoklafih.dll>  [File is missing]
    <AEF9D02B><C:\WINDOWS\system32\aefpdgib.dll>  [File is missing]
    <F0BECD4E><C:\WINDOWS\system32\fgbecdke.dll>  [File is missing]
    <59477CB3><C:\WINDOWS\system32\lpknncbj.dll>  [File is missing]
    <82E76289><C:\WINDOWS\system32\oienmiop.dll>  [File is missing]
    <FA8DB457><C:\WINDOWS\system32\FA8DB457.dll>  [File is missing]
    <5836A9BB><>  [N/A]
    <E249379D><C:\WINDOWS\system32\eikpjnpd.dll>  [File is missing]
    <C126E85C><C:\WINDOWS\system32\chimeolc.dll>  [File is missing]
    <E34AD24B><C:\WINDOWS\system32\ejkadikb.dll>  [File is missing]
    <B292E529><C:\WINDOWS\system32\bipielip.dll>  [File is missing]
    <09D334D6><C:\WINDOWS\system32\09D334D6.dll>  [File is missing]
    <8A91F259><C:\WINDOWS\system32\oaphfilp.dll>  [File is missing]
    <0257D945><C:\WINDOWS\system32\gilndpkl.dll>  [File is missing]
    <B91780AB><C:\WINDOWS\system32\B91780AB.dll>  [File is missing]
    <108349D5><C:\WINDOWS\system32\hgojkpdl.dll>  [File is missing]
    <75B112B8><C:\WINDOWS\system32\nlbhhibo.dll>  [File is missing]
    <53615262><C:\WINDOWS\system32\ljmhlimi.dll>  [File is missing]
    <4AC0C10F><C:\WINDOWS\system32\4AC0C10F.dll>  [File is missing]
    <88FD8DF1><C:\WINDOWS\system32\oofdodfh.dll>  [File is missing]
    <7C2D47EB><C:\WINDOWS\system32\ncidkneb.dll>  [File is missing]
    <C5C5CDC6><C:\WINDOWS\system32\clclcdcm.dll>  [File is missing]
    <AD35F6AA><C:\WINDOWS\system32\AD35F6AA.dll>  [File is missing]
    <8FD60E32><C:\WINDOWS\system32\ofdmgeji.dll>  [File is missing]
    <CC2DA7BA><C:\WINDOWS\system32\ccidanba.dll>  [File is missing]
    <5B9A6FA8><C:\WINDOWS\system32\lbpamfao.dll>  [File is missing]
    <DBC21257><C:\WINDOWS\system32\dbcihiln.dll>  [File is missing]
    <16BBE8E8><C:\WINDOWS\system32\hmbbeoeo.dll>  [File is missing]
    <05C58E6E><C:\WINDOWS\system32\glcloeme.dll>  [File is missing]
    <46B92B44><C:\WINDOWS\system32\kmbpibkk.dll>  [File is missing]
    <959AFAE4><C:\WINDOWS\system32\plpafaek.dll>  [File is missing]
    <5A6407C9><C:\WINDOWS\system32\lamkgncp.dll>  [File is missing]
    <3F3C0F1B><C:\WINDOWS\system32\jfjcgfhb.dll>  [File is missing]
    <21687402><C:\WINDOWS\system32\ihmonkgi.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
    <浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Thunder5.exe]
    <IFEO[Thunder5.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINDOWS\system32\ssmypics.scr>  [(Verified)Microsoft Windows Publisher]

==================================
启动文件夹
[QQ游戏启动加速程序]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> F:\QQG\QQGAME\Accel.exe [深圳市腾讯计算机系统有限公司]><N>

==================================
服务
[DCOM Server Process Launcher / DcomLaunch][Stopped/Auto Start]
  <C:\WINDOWS\system32\svchost -k DcomLaunch-->%SystemRoot%\system32\rpcss.dll><N/A>
[Google Updater Service / gusvc][Stopped/Manual Start]
  <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Ris Process Communication Center / RisCCenter][Stopped/Auto Start]
  <C:\Program Files\Rising\Ris\CCENTER.EXE><Beijing Rising Information Technology Co., Ltd.>
[Rising RisTask Manager / RisTask][Stopped/Auto Start]
  <"C:\Program Files\Rising\Ris\RavTask.exe" RisTask><Beijing Rising Information Technology Co., Ltd.>
[Remote Procedure Call (RPC) / RpcSs][Others/Auto Start]
  <C:\WINDOWS\system32\svchost -k rpcss-->c:\windows\system32\rpcss.dll><N/A>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
  <C:\Program Files\Rising\Ris\RavMonD.exe><Beijing Rising Information Technology Co., Ltd.>
[Rising Scan Service / RsScanSrv][Stopped/Auto Start]
  <C:\Program Files\Rising\Ris\ScanFrm.exe><Beijing Rising Information Technology Co., Ltd.>

==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[AliIde / AliIde][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD K8 Processor Driver / AmdK8][Stopped/Manual Start]
  <System32\DRIVERS\amdk8.sys><Advanced Micro Devices>
[CmdIde / CmdIde][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[C-Media WDM Audio Interface / cmuda][Running/Manual Start]
  <system32\drivers\cmuda.sys><C-Media Inc>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
  <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[VIA Rhine Family Fast Ethernet Adapter Driver Service / FETNDISB][Running/Manual Start]
  <system32\DRIVERS\fetnd5b.sys><VIA Technologies, Inc.>
[hookcont / hookcont][Running/System Start]
  <system32\drivers\HookCont.sys><Beijing Rising Information Technology Co., Ltd.>
[hooksys / hooksys][Stopped/Disabled]
  <system32\drivers\HookSys.sys><Beijing Rising Information Technology Co., Ltd.>
[msiffei / msiffei][Stopped/Manual Start]
  <System32\Drivers\msiffei.sys><N/A>
[npkcrypt / npkcrypt][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Rising RfwBase Driver / RfwBase9][Running/Manual Start]
  <system32\DRIVERS\rfwbase.sys><Beijing Rising Information Technology Co., Ltd.>
[rfwtdi / rfwtdi][Running/Auto Start]
  <\??\C:\Program Files\Rising\Ris\rfwtdi.sys><Beijing Rising Information Technology Co., Ltd.>
[rsfwdrv / rsfwdrv][Running/System Start]
  <\??\C:\Program Files\Rising\Ris\rsfwdrv.sys><Beijing Rising Information Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Information Technology Co., Ltd.>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[VIA AGP Filter / viaagp1][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\viaagp1.sys><VIA Technologies, Inc.>
[Vimicro USB PC Camera (ZC0301PL) / ZSMC301b][Running/Manual Start]
  <System32\Drivers\usbVM31b.sys><VM>

==================================
浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[Info cache]
  {295AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\WINDOWS\Intel\pctools_2009113_7980.dll, N/A>
[Thunder Browser Helper]
  {2F364305-AA45-47B5-9F9D-39A8B94E7EF7} <C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[FGCatchUrl]
  {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <C:\Program Files\FlashGet\jccatch.dll, www.flashget.com>
[]
  {5A041F13-A111-12A4-B0CF-F99818AA68A5} <C:\WINDOWS\system32\artlbbdll.dll, N/A>
[卡卡上网安全助手]
  {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} <C:\WINDOWS\system32\UrlFilter.dll, (Signed) Beijing Rising Information Technology Co., Ltd.>
[Google Toolbar Helper]
  {AA58ED58-01DD-4d91-8333-CF10577473F7} <C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll, (Signed) N/A>
[Google Toolbar Notifier BHO]
  {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll, (Signed) Google Inc.>
[Google Dictionary Compression sdch]
  {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} <C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll, (Signed) Google Inc.>
[SrchHook Class]
  {F08555B0-9CC3-11D2-AA8E-000000000000} <C:\WINDOWS\system32\IEBHO.dll, N/A>
[FlashGet GetFlash Class]
  {F156768E-81EF-470C-9057-481BA8380DBA} <C:\Program Files\FlashGet\getflash.dll, www.flashget.com>
[快车]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\Program Files\FlashGet\FlashGet.exe, FlashGet.com>
[快捷工具条3.2]
  {BE830FD4-E393-417F-9F4B-CC70ABB3384C} <C:\WINDOWS\system32\IETool.dll, N/A>
[&Google Toolbar]
  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll, (Signed) N/A>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[&Google Toolbar]
  {2318C2B1-4965-11D4-9B18-009027A5CD4F} <C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll, (Signed) N/A>
[Info cache]
  {295AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\WINDOWS\Intel\pctools_2009113_7980.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, (Signed) Microsoft Corporation>
[Thunder Browser Helper]
  {2F364305-AA45-47B5-9F9D-39A8B94E7EF7} <C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[FGCatchUrl]
  {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <C:\Program Files\FlashGet\jccatch.dll, www.flashget.com>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <C:\Program Files\Thunder\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[]
  {5A041F13-A111-12A4-B0CF-F99818AA68A5} <C:\WINDOWS\system32\artlbbdll.dll, N/A>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, N/A>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, (Signed) Microsoft Corporation>
[卡卡上网安全助手]
  {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} <C:\WINDOWS\system32\UrlFilter.dll, (Signed) Beijing Rising Information Technology Co., Ltd.>
[Google Toolbar Helper]
  {AA58ED58-01DD-4D91-8333-CF10577473F7} <C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll, (Signed) N/A>
[Google Toolbar Notifier BHO]
  {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll, (Signed) Google Inc.>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, (Signed) Microsoft Corporation>
[快捷工具条3.2]
  {BE830FD4-E393-417F-9F4B-CC70ABB3384C} <C:\WINDOWS\system32\IETool.dll, N/A>
[Google Dictionary Compression sdch]
  {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} <C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll, (Signed) Google Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx, (Signed) Adobe Systems, Inc.>
[]
  {D6E814A0-E0C5-11D4-8D29-0050BA6940E3} <, >
[PlayerCtrl Class]
  {E05BC2A3-9A46-4A32-80C9-023A473F5B23} <E:\QQ2009\Plugin\Com.Tencent.QQMusic\bin\QQMusic\QzoneMusic.dll, (Signed) 深圳腾讯科技>
[SrchHook Class]
  {F08555B0-9CC3-11D2-AA8E-000000000000} <C:\WINDOWS\system32\IEBHO.dll, N/A>
[FlashGet GetFlash Class]
  {F156768E-81EF-470C-9057-481BA8380DBA} <C:\Program Files\FlashGet\getflash.dll, www.flashget.com>
[FGAutoLive]
  {F90D830D-C175-4bbe-82C7-FF94669A4C42} <C:\Program Files\FlashGet\fgupdate.dll, www.flashget.com>
[FGCatchUrl]
  {FB5DA724-162B-11D3-8B9B-AA70B4B0B524} <C:\Program Files\FlashGet\jccatch.dll, www.flashget.com>
[]
  {FB5F1910-F110-11D2-BB9E-00C04F795683} <, >
[&使用快车(FlashGet)下载]
  <C:\Program Files\FlashGet\jc_link.htm, N/A>
[&使用快车(FlashGet)下载全部链接]
  <C:\Program Files\FlashGet\jc_all.htm, N/A>
[使用迅雷下载]
  <C:\Program Files\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <C:\Program Files\Thunder\Program\getallurl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
正在运行的进程
[PID: 808 / SYSTEM][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 884 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 908 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 952 / SYSTEM][C:\WINDOWS\system32\services.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 964 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1176 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1368 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1400 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1596 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.9136]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1700 / SYSTEM][C:\Program Files\Rising\Ris\ScanFrm.exe]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.11]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\Program Files\Rising\Ris\combase.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
    [C:\Program Files\Rising\Ris\moncomm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
    [C:\Program Files\Rising\Ris\scansrvp.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.11]
    [C:\Program Files\Rising\Ris\proccomm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [C:\Program Files\Rising\Ris\ScanSrv.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.9]
    [C:\Program Files\Rising\Ris\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [C:\Program Files\Rising\Ris\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Rising\Ris\ScanRavT.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.23]
    [C:\Program Files\Rising\Ris\ScanBT.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.36]
    [C:\Program Files\Rising\Ris\ScanStub.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.8]
    [C:\Program Files\Rising\Ris\RsLog.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.32]
    [C:\Program Files\Rising\Ris\ScanAdd.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.14]
    [C:\Program Files\Rising\Ris\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
    [C:\Program Files\Rising\Ris\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.18]
    [C:\Program Files\Rising\Ris\Scanner.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.32]
    [C:\Program Files\Rising\Ris\recomp.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [C:\Program Files\Rising\Ris\refs.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [C:\Program Files\Rising\Ris\viruslib.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [C:\Program Files\Rising\Ris\relibldr.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
[PID: 1872 / SYSTEM][C:\Program Files\Rising\Ris\rsnetsvr.exe]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
    [C:\Program Files\Rising\Ris\NComm.dll]  [Beijing Rising Information Technology Co., Ltd., 6.0.0.9]
    [C:\Program Files\Rising\Ris\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\Program Files\Rising\Ris\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [C:\Program Files\Rising\Ris\ProcComm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2000 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2012 / Administrator][C:\WINDOWS\Explorer.EXE]  [(Verified) Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\WINDOWS\system32\nvcpl.dll]  [NVIDIA Corporation, 6.14.10.9136]
    [C:\WINDOWS\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.9136]
    [C:\WINDOWS\system32\nvshell.dll]  [, ]
    [C:\WINDOWS\system32\browselc.dll]  [Microsoft Corporation, 6.00.2600.0000]
[PID: 480 / Administrator][C:\WINDOWS\system32\RUNDLL32.EXE]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\WINDOWS\system32\NvMcTray.dll]  [NVIDIA Corporation, 6.14.10.9136]
    [C:\WINDOWS\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.9136]
[PID: 504 / Administrator][C:\WINDOWS\system32\RunDll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\WINDOWS\system\cmicnfg.cpl]  [C-Media Corporation, 1, 0, 41, 16]
    [C:\WINDOWS\System32\udaprop.dll]  [C-Media Corporation, 1.0.2.2]
[PID: 512 / Administrator][C:\WINDOWS\VM_STI.EXE]  [Vimicro, 4, 2, 1124, 6]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [C:\WINDOWS\system32\VM31bPrp.Ax]  [Vimicro, 1.00.01.00]
[PID: 528 / Administrator][G:\rx\kaka\rstray.exe]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.16]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [G:\rx\kaka\rsmginfo.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [G:\rx\kaka\ComServ.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.31]
    [G:\rx\kaka\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [G:\rx\kaka\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [G:\rx\kaka\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [G:\rx\kaka\RsXML.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2]
    [G:\rx\kaka\rscommon.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.1.1]
    [G:\rx\kaka\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [G:\rx\kaka\pngdll.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5]
    [G:\rx\kaka\runiep.dll]  [Beijing Rising Information Technology Co., Ltd., 6.0.0.42]
    [G:\rx\kaka\NComm.dll]  [Beijing Rising Information Technology Co., Ltd., 6.0.0.11]
    [G:\rx\kaka\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [G:\rx\kaka\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[PID: 540 / Administrator][C:\Program Files\Rising\Ris\RsTray.exe]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.22]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Rising\Ris\ComServ.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.49]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Rising\Ris\rslang.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 27]
    [C:\Program Files\Rising\Ris\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [C:\Program Files\Rising\Ris\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [C:\Program Files\Rising\Ris\rsxml.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [C:\Program Files\Rising\Ris\ProcComm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [C:\Program Files\Rising\Ris\MonState.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7]
    [C:\Program Files\Rising\Ris\ScanEvnt.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.12]
    [C:\Program Files\Rising\Ris\rsguilib.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 70]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Rising\Ris\rsconf.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [C:\Program Files\Rising\Ris\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
    [C:\Program Files\Rising\Ris\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.18]
    [C:\Program Files\Rising\Ris\rfwrule.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.25]
    [C:\Program Files\Rising\Ris\rspalvd.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.21]
    [C:\Program Files\Rising\Ris\rsnetsvr.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13]
    [C:\Program Files\Rising\Ris\ravbintl.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 25]
    [C:\Program Files\Rising\Ris\mruleui.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 10]
    [C:\Program Files\Rising\Ris\MonTray.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.90]
    [C:\Program Files\Rising\Ris\PngDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [C:\Program Files\Rising\Ris\RavITray.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 19]
    [C:\Program Files\Rising\Ris\ScanPrxy.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.13]
    [C:\Program Files\Rising\Ris\rfwtray.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 1, 5]
    [C:\Program Files\Rising\Ris\rsmginfo.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
    [C:\Program Files\Rising\Ris\rfwlog.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9]
[PID: 700 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
[PID: 488 / Administrator][E:\QQ2009\Bin\QQ.exe]  [Tencent, 1, 20, 346, 0]
    [E:\QQ2009\Bin\Common.dll]  [Tencent, 1, 15, 305, 0]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [E:\QQ2009\Bin\KernelUtil.dll]  [Tencent, 1, 15, 305, 0]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [E:\QQ2009\Bin\AppMisc.dll]  [Tencent, 1, 20, 346, 0]
    [E:\QQ2009\Bin\GF.dll]  [Tencent, 1, 15, 305, 0]
    [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\gdiplus.dll]  [Microsoft Corporation, 5.1.3102.5581 (xpsp_sp3_qfe.080415-1416)]
    [E:\QQ2009\Bin\AppUtil.dll]  [Tencent, 1, 20, 346, 0]
    [E:\QQ2009\Bin\ChatFrame.dll]  [Tencent, 1, 20, 346, 0]
    [E:\QQ2009\Bin\ConfigCenter.dll]  [Tencent, 1, 20, 346, 0]
    [E:\QQ2009\Bin\CustomFace.dll]  [Tencent, 1, 20, 346, 0]
    [E:\QQ2009\Bin\IM.dll]  [Tencent, 1, 15, 305, 0]
    [E:\QQ2009\Bin\KernelMisc.dll]  [Tencent, 1, 15, 305, 0]
    [E:\QQ2009\Bin\LongCnn.dll]  [Tencent, 1, 15, 305, 0]
    [E:\QQ2009\Bin\ContactInfoFrame.dll]  [Tencent, 1, 20, 346, 0]
    [E:\QQ2009\Bin\MsgMgr.dll]  [Tencent, 1, 20, 346, 0]
    [E:\QQ2009\Bin\SkinMgr.dll]  [TODO: <Company name>, 1, 20, 346, 0]
    [E:\QQ2009\Bin\QInterLive.dll]  [TODO: <Company name>, 1, 20, 346, 0]
    [E:\QQ2009\Bin\AppCtrl.dll]  [TODO: <Company name>, 1, 20, 346, 0]
    [E:\QQ2009\Bin\SystemMsg.dll]  [Tencent, 1, 20, 346, 0]
    [E:\QQ2009\Bin\MainFrame.dll]  [Tencent, 1, 20, 346, 0]
    [E:\QQ2009\Bin\TaskTray.dll]  [Tencent, 1, 20, 346, 0]
[PID: 1392 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [G:\rx\kaka\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [G:\rx\kaka\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\browselc.dll]  [Microsoft Corporation, 6.00.2600.0000]
    [C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll]  [N/A, ]
    [C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_F423308312A7B033.dll]  [Google Inc., 5, 0, 2124, 6042]
    [C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll]  [Google Inc., 5, 0, 926, 3450]
    [C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.2.9]
    [C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 3, 11]
    [C:\Program Files\FlashGet\jccatch.dll]  [www.flashget.com, 1, 8, 4, 1007]
    [C:\WINDOWS\system32\UrlFilter.dll]  [Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 15]
    [G:\rx\kaka\UrlRule.dll]  [Beijing Rising Information Technology Co., Ltd., 1.0.0.15]
    [C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll]  [Google Inc., 1, 0, 610, 10250]
    [C:\Program Files\FlashGet\getflash.dll]  [www.flashget.com, 1, 8, 4, 1003]
    [C:\WINDOWS\system32\WINWB86.IME]  [Microsoft Corporation, 4.00.950]
    [C:\Program Files\Rising\Ris\RavScrCh.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.58]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
[PID: 1812 / Administrator][C:\Program Files\Rising\Ris\rsmain.exe]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Rising\Ris\rspalmgr.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.29]
    [C:\Program Files\Rising\Ris\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [C:\Program Files\Rising\Ris\RSXML.DLL]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Rising\Ris\RsGuiLib.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 70]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Rising\Ris\rslang.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 27]
    [C:\Program Files\Rising\Ris\ravbmenu.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 15]
    [C:\Program Files\Rising\Ris\rsconf.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [C:\Program Files\Rising\Ris\rspalvd.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.21]
    [C:\Program Files\Rising\Ris\ravppops.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
    [C:\Program Files\Rising\Ris\ravbintl.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 25]
    [C:\Program Files\Rising\Ris\ravpsafe.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.24]
    [C:\Program Files\Rising\Ris\MonState.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7]
    [C:\Program Files\Rising\Ris\ScanPrxy.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.13]
    [C:\Program Files\Rising\Ris\psafecfg.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.18]
    [C:\Program Files\Rising\Ris\rfwrule.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.25]
    [C:\Program Files\Rising\Ris\rfwLog.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9]
    [C:\Program Files\Rising\Ris\rfw.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 1, 51]
    [C:\Program Files\Rising\Ris\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
    [C:\Program Files\Rising\Ris\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.18]
    [C:\Program Files\Rising\Ris\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [C:\Program Files\Rising\Ris\ProcComm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [C:\Program Files\Rising\Ris\ravxpage.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 81]
    [C:\Program Files\Rising\Ris\ravxmons.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 24]
    [C:\Program Files\Rising\Ris\ravptool.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.20]
    [C:\Program Files\Rising\Ris\log2file.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.5]
    [C:\Program Files\Rising\Ris\PngDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [C:\Program Files\Rising\Ris\mPorts.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.0]
[PID: 1624 / Administrator][C:\Program Files\Rising\Ris\RegGuide.exe]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.10]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\Program Files\Rising\Ris\ProcComm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Rising\Ris\RavScrCh.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.58]
[PID: 2028 / Administrator][C:\Program Files\WinRAR\WinRAR.exe]  [N/A, ]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [G:\rx\kaka\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [G:\rx\kaka\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\gdiplus.dll]  [Microsoft Corporation, 5.1.3102.5581 (xpsp_sp3_qfe.080415-1416)]
[PID: 1380 / Administrator][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.468\释放的2.7.0.1210.exe]  [Smallfrogs Studio, 2.7.0.1210]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [G:\rx\kaka\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [G:\rx\kaka\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 img.tongji.cn.yahoo.com
127.0.0.1 js.tongji.cn.yahoo.com
127.0.0.1      js.tongji.cn.yahoo.com
127.0.0.1      img.tongji.cn.yahoo.com

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 908, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2028, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]

==================================
计划任务
N/A

==================================
API HOOK
入口点错误：NtCreateFile (危险等级: 高,  被下面模块所HOOK: 0x003C56BD)
入口点错误：NtCreateKey (危险等级: 高,  被下面模块所HOOK: 0x003C585D)
入口点错误：NtLoadDriver (危险等级: 高,  被下面模块所HOOK: 0x003C5FAD)
入口点错误：NtSetValueKey (危险等级: 高,  被下面模块所HOOK: 0x003C592D)
入口点错误：NtWriteFile (危险等级: 高,  被下面模块所HOOK: 0x003C578D)
入口点错误：ZwCreateFile (危险等级: 高,  被下面模块所HOOK: 0x003C56BD)
入口点错误：ZwCreateKey (危险等级: 高,  被下面模块所HOOK: 0x003C585D)
入口点错误：ZwSetValueKey (危险等级: 高,  被下面模块所HOOK: 0x003C592D)
入口点错误：ZwWriteFile (危险等级: 高,  被下面模块所HOOK: 0x003C578D)
入口点错误：CreateServiceA (危险等级: 高,  被下面模块所HOOK: 0x003C5C6D)
入口点错误：CreateServiceW (危险等级: 高,  被下面模块所HOOK: 0x003C5D3D)
入口点错误：LoadLibraryA (危险等级: 高,  被下面模块所HOOK: 0x003C696D)
入口点错误：LoadLibraryExW (危险等级: 高,  被下面模块所HOOK: 0x003C5555)
入口点错误：CreateFileW (危险等级: 高,  被下面模块所HOOK: 0x003C648D)
入口点错误：CreateProcessA (危险等级: 高,  被下面模块所HOOK: 0x003C689D)
入口点错误：CreateProcessW (危险等级: 高,  被下面模块所HOOK: 0x003C66FD)

==================================
隐藏进程
N/A

==================================