[C:\WINDOWS\system32\zkjjx.dll] [N/A, N/A]
[C:\WINDOWS\system32\wfdrd.dll] [N/A, N/A]
[C:\WINDOWS\system32\hreax.dll] [N/A, N/A]
[C:\WINDOWS\system32\wtrmm.dll] [N/A, N/A]
[C:\WINDOWS\system32\wgptl.dll] [N/A, N/A]
[C:\WINDOWS\system32\fksdy.dll] [N/A, N/A]
[C:\WINDOWS\system32\msport.dll] [N/A, N/A]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, N/A]
[PID: 2492][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2096 (xpsp_sp2_rc1.040311-2315)]
[C:\WINDOWS\system32\RemoteDbg.dll] [N/A, N/A]
[C:\WINDOWS\system32\windds32.dll] [N/A, N/A]
[C:\WINDOWS\system32\WMIApiSrv.dll] [N/A, N/A]
[C:\WINDOWS\system32\netsrvcs.dll] [N/A, N/A]
[C:\Program Files\TENCENT\Adplus\Adplus.dll] [Tencent, 4, 1, 6, 61]
[C:\Program Files\TENCENT\Adplus\SSAddr.dll] [Tencent, 4, 1, 6, 61]
[C:\Program Files\Internet Explorer\PLUGINS\System64.Sys] [N/A, N/A]
[C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.0.0.86]
[C:\WINDOWS\system32\KakaTool.dll] [Beijing Rising Technology Co., Ltd., 2, 0, 3, 0]
[D:\Program Files\FlashGet\jccatch.dll] [www.flashget.com, 1, 8, 1, 1006]
[D:\Program Files\FlashGet\getflash.dll] [www.flashget.com, 1, 8, 1, 1002]
[D:\Program Files\Rising\KakaToolBar\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\WINDOWS\system32\zkjjx.dll] [N/A, N/A]
[C:\WINDOWS\system32\wfdrd.dll] [N/A, N/A]
[C:\WINDOWS\system32\hreax.dll] [N/A, N/A]
[C:\WINDOWS\system32\wtrmm.dll] [N/A, N/A]
[C:\WINDOWS\system32\wgptl.dll] [N/A, N/A]
[C:\WINDOWS\system32\fksdy.dll] [N/A, N/A]
[C:\WINDOWS\system32\msport.dll] [N/A, N/A]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, N/A]
[C:\WINDOWS\system32\cdnns.dll] [CNNIC, 2, 0, 0, 0]
[D:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\WINDOWS\system32\WinForm.dll] [N/A, N/A]
[C:\WINDOWS\system32\MsIMMs32.dll] [N/A, N/A]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, N/A]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, N/A]
[C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx] [Adobe Systems, Inc., 9,0,7,0]
[C:\WINDOWS\system32\spxjiq.dll] [N/A, N/A]
[C:\WINDOWS\system32\FREEWB.IME] [Delphi Fan Studio, 5.1]
[D:\Program Files\freewb\plugin\date.plg] [, 1, 0, 0, 1]
[PID: 2420][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2096 (xpsp_sp2_rc1.040311-2315)]
[C:\WINDOWS\system32\msdebug.dll] [N/A, N/A]
[C:\WINDOWS\system32\RemoteDbg.dll] [N/A, N/A]
[C:\WINDOWS\system32\windds32.dll] [N/A, N/A]
[C:\WINDOWS\system32\windhcp.ocx] [N/A, N/A]
[C:\WINDOWS\system32\WMIApiSrv.dll] [N/A, N/A]
[C:\WINDOWS\system32\netsrvcs.dll] [N/A, N/A]
[C:\Program Files\TENCENT\Adplus\Adplus.dll] [Tencent, 4, 1, 6, 61]
[C:\Program Files\Internet Explorer\PLUGINS\System64.Sys] [N/A, N/A]
[D:\Program Files\Rising\KakaToolBar\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, N/A]
[PID: 1856][D:\Program Files\Rising\Rav\RavStub.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
[C:\WINDOWS\system32\msdebug.dll] [N/A, N/A]
[C:\WINDOWS\system32\RemoteDbg.dll] [N/A, N/A]
[C:\WINDOWS\system32\windds32.dll] [N/A, N/A]
[C:\WINDOWS\system32\windhcp.ocx] [N/A, N/A]
[C:\WINDOWS\system32\WMIApiSrv.dll] [N/A, N/A]
[C:\WINDOWS\system32\netsrvcs.dll] [N/A, N/A]
[D:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[D:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 3576][D:\Program Files\Rising\KakaToolBar\runiep.exe] [Beijing Rising Technology Co., Ltd., 1, 0, 1, 6]
[C:\WINDOWS\system32\RemoteDbg.dll] [N/A, N/A]
[C:\WINDOWS\system32\windds32.dll] [N/A, N/A]
[C:\WINDOWS\system32\WMIApiSrv.dll] [N/A, N/A]
[C:\WINDOWS\system32\netsrvcs.dll] [N/A, N/A]
[D:\Program Files\Rising\KakaToolBar\iep_ctrl.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
[D:\Program Files\Rising\KakaToolBar\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\Program Files\TENCENT\Adplus\Adplus.dll] [Tencent, 4, 1, 6, 61]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, N/A]
[D:\Program Files\Rising\orangeaug.com] [Beijing Rising Tech. Co., Ltd., 1, 4, 6, 5]
[C:\WINDOWS\system32\RemoteDbg.dll] [N/A, N/A]
[C:\WINDOWS\system32\windds32.dll] [N/A, N/A]
[C:\WINDOWS\system32\WMIApiSrv.dll] [N/A, N/A]
[C:\WINDOWS\system32\netsrvcs.dll] [N/A, N/A]
[C:\Program Files\TENCENT\Adplus\Adplus.dll] [Tencent, 4, 1, 6, 61]
[D:\Program Files\Rising\KakaToolBar\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, N/A]
[C:\WINDOWS\system32\spxjiq.dll] [N/A, N/A]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, N/A]
[C:\WINDOWS\system32\cdnns.dll] [CNNIC, 2, 0, 0, 0]
[D:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\Program Files\Internet Explorer\PLUGINS\System64.Sys] [N/A, N/A]
[C:\WINDOWS\system32\zkjjx.dll] [N/A, N/A]
[C:\WINDOWS\system32\wfdrd.dll] [N/A, N/A]
[C:\WINDOWS\system32\wgptl.dll] [N/A, N/A]
[C:\WINDOWS\system32\fksdy.dll] [N/A, N/A]
[C:\WINDOWS\system32\msport.dll] [N/A, N/A]
[C:\WINDOWS\system32\hreax.dll] [N/A, N/A]
[C:\WINDOWS\system32\wtrmm.dll] [N/A, N/A]
[PID: 3208][D:\Program Files\Rising\SREng.EXE] [Smallfrogs Studio, 2.3.13.690]
[C:\WINDOWS\system32\RemoteDbg.dll] [N/A, N/A]
[C:\WINDOWS\system32\windds32.dll] [N/A, N/A]
[C:\WINDOWS\system32\WMIApiSrv.dll] [N/A, N/A]
[C:\WINDOWS\system32\netsrvcs.dll] [N/A, N/A]
[C:\Program Files\TENCENT\Adplus\Adplus.dll] [Tencent, 4, 1, 6, 61]
[D:\Program Files\Rising\KakaToolBar\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, N/A]
[C:\WINDOWS\system32\spxjiq.dll] [N/A, N/A]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, N/A]
[C:\WINDOWS\system32\cdnns.dll] [CNNIC, 2, 0, 0, 0]
[C:\WINDOWS\system32\wgptl.dll] [N/A, N/A]
[C:\WINDOWS\system32\fksdy.dll] [N/A, N/A]
[C:\WINDOWS\system32\msport.dll] [N/A, N/A]
[C:\WINDOWS\system32\zkjjx.dll] [N/A, N/A]
[C:\Program Files\Internet Explorer\PLUGINS\System64.Sys] [N/A, N/A]
[C:\WINDOWS\system32\wfdrd.dll] [N/A, N/A]
[C:\WINDOWS\system32\hreax.dll] [N/A, N/A]
[C:\WINDOWS\system32\wtrmm.dll] [N/A, N/A]



--------------------------------------------------------------------------------

文件关联

.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]



--------------------------------------------------------------------------------



Winsock 提供者

N/A



--------------------------------------------------------------------------------



Autorun.inf

[E:\]
[AutoRun]
open=SysAuto.exe
shellexecute=SysAuto.exe
shell\打开(&O)\command=SysAuto.exe



--------------------------------------------------------------------------------



HOSTS 文件

N/A



--------------------------------------------------------------------------------



API HOOK

N/A