2007-04-03,11:49:38

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件


启动项目


注册表

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
(ctfmon.exe)(C:\WINDOWS\system32\ctfmon.exe) [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
(load)() [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
(IMJPMIG8.1)("C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32) [(Verified)Microsoft Windows Publisher]
(PHIME2002ASync)(C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC) [(Verified)Microsoft Windows Publisher]
(PHIME2002A)(C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName) [(Verified)Microsoft Windows Publisher]
(nwiz)(nwiz.exe /installquiet) [(Verified)Microsoft Windows Hardware Compatibility Publisher]
(SynTPLpr)(C:\Program Files\Synaptics\SynTP\SynTPLpr.exe) [(Verified)Microsoft Windows Hardware Compatibility Publisher]
(SynTPEnh)(C:\Program Files\Synaptics\SynTP\SynTPEnh.exe) [(Verified)Microsoft Windows Hardware Compatibility Publisher]
(Dell Performance USB keyboard hotkey blocker)(C:\Program Files\Dell\USBKEYBLCK\USBKeyBlock.exe) [N/A]
(RavTask)("C:\Program Files\Rising\Rav\RavTask.exe" -system) [Beijing Rising Technology Co., Ltd.]
(O2USB)(o2usb.exe) []
(IMSCMig)(C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload) [(Verified)Microsoft Corporation]
(RfwMain)("C:\Program Files\Rising\Rfw1\rfwmain.exe" -Startup) [Beijing Rising Technology Co., Ltd.]
(TkBellExe)("C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot) [RealNetworks, Inc.]
(StormCodec_Helper)("C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti) []
(runeip)(C:\Program Files\Rising\AntiSpyware\runiep.exe) [Beijing Rising Technology Co., Ltd.]
(zzgdipclient)(D:\Program Files\zbnclient\zzgdipclient.exe) []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
(RavStub)("C:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE) [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(shell)(Explorer.exe) [(Verified)Microsoft Windows Publisher]
(Userinit)(userinit.exe,) [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
(AppInit_DLLs)(anifix1.dll) [(Verified)eEye Digital Security]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(UIHost)(logonui.exe) [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
({32CD708B-60A7-4C00-9377-D73EAA495F0F})(C:\WINDOWS\system32\RavExt.dll) [Beijing Rising Technology Co., Ltd.]




--------------------------------------------------------------------------------



启动文件夹

[eEye Windows Animated Cursor Patch Checker]
(C:\Documents and Settings\All Users.WINDOWS\「开始」菜单\程序\启动\eEye Windows Animated Cursor Patch Checker.lnk --) C:\PROGRA~1\EEYEDI~1\WINDOW~1.ANI\ANIPAT~1.EXE [eEye Digital Security])(N)
[IE-Bar]
(C:\Documents and Settings\All Users.WINDOWS\「开始」菜单\程序\启动\IE-Bar.lnk --) C:\PROGRA~1\COMMON~1\IE-Bar\iebar.exe [N/A])(N)
[QQ游戏启动加速程序]
(C:\Documents and Settings\Administrator.BAOBAO\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --) D:\PROGRA~1\Tencent\QQGAME\Accel.exe [深圳市腾讯计算机系统有限公司])(N)

服务

[C-DillaCdaC11BA / C-DillaCdaC11BA][Running/Auto Start]
(C:\WINDOWS\system32\drivers\CDAC11BA.EXE)(Macrovision)
[Human Interface Device Access / HidServ][Stopped/Disabled]
(C:\WINDOWS\System32\svchost.exe -k netsvcs--)%SystemRoot%\System32\hidserv.dll)(N/A)
[Iap / Iap][Running/Auto Start]
("C:\Program Files\Dell\OpenManage\Client\Iap.exe")(Dell Inc)
[Indexing Manager / Live][Stopped/Auto Start]
(C:\WINDOWS\System32\svchost.exe -k netsvcs--)C:\WINDOWS\system32\mssapi.dll)(N/A)
[NVIDIA Driver Helper Service / NVSvc][Running/Auto Start]
(C:\WINDOWS\system32\nvsvc32.exe)(NVIDIA Corporation)
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
(C:\Program Files\Rising\Rfw1\rfwsrv.exe)(Beijing Rising Technology Co., Ltd.)
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
("C:\Program Files\Rising\Rav\CCenter.exe")(Beijing Rising Technology Co., Ltd.)
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
("C:\Program Files\Rising\Rav\Ravmond.exe")(Beijing Rising Technology Co., Ltd.)



--------------------------------------------------------------------------------



驱动程序

[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
(system32\drivers\ac97intc.sys)(Intel Corporation)
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
(System32\DRIVERS\BaseTDI.SYS)(Beijing Rising Technology Co., Ltd.)
[CdaC15BA / CdaC15BA][Running/Auto Start]
(\??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS)(Macrovision Europe Ltd)
[3Com 3C90X-BC Family PCI EtherLink Adapter / EL90XBC][Running/Manual Start]
(system32\DRIVERS\el90xbc5.sys)(3Com Corporation)
[ExpScaner / ExpScaner][Running/Auto Start]
(\??\C:\Program Files\Rising\Rav\ExpScan.sys)()
[fsprot / fsprot][Running/System Start]
(system32\drivers\fsprot.sys)(N/A)
[HookCont / HookCont][Running/Auto Start]
(\??\C:\Program Files\Rising\Rav\HOOKCONT.sys)(Rising)
[HookReg / HookReg][Running/Auto Start]
(\??\C:\Program Files\Rising\Rav\HookReg.sys)()
[HookSys / HookSys][Running/Auto Start]
(\??\C:\Program Files\Rising\Rav\HookSys.sys)(Rising)
[HookUrl / HookUrl][Running/Auto Start]
(\??\C:\Program Files\Rising\Rfw1\HookUrl.sys)(Beijing Rising Technology Co., Ltd.)
[MEMSCAN / MEMSCAN][Running/Auto Start]
(\??\C:\Program Files\Rising\Rav\MEMSCAN.sys)(瑞星软件有限公司)
[moprot / moprot][Running/System Start]
(system32\drivers\moprot.sys)(N/A)
[mProcRs / mProcRs][Running/Auto Start]
(\??\c:\program files\rising\rfw1\mProcRs.sys)(Beijing Rising Technology Co., Ltd.)
[npkcrypt / npkcrypt][Running/Auto Start]
(\??\D:\Program Files\QQ\npkcrypt.sys)(INCA Internet Co., Ltd.)
[nv / nv][Running/Manual Start]
(system32\DRIVERS\nv4_mini.sys)(NVIDIA Corporation)
[OMCI WDM Device Driver / omci][Running/System Start]
(system32\DRIVERS\omci.sys)(Dell Inc)
[OzCrd2k / OzCrd2k][Running/Boot Start]
(\SystemRoot\system32\drivers\OzCrd2k.sys)(N/A)
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
(system32\DRIVERS\ptilink.sys)(Parallel Technologies, Inc.)
[RsFwDrv / RsFwDrv][Running/Auto Start]
(\??\C:\Program Files\Rising\Rfw1\RsFwDrv.sys)(Beijing Rising Technology Co., Ltd.)
[RsNTGDI / RsNTGDI][Running/Boot Start]
(\SystemRoot\system32\Drivers\RsNTGdi.sys)(Beijing Rising Technology Co., Ltd.)
[RSPPSYS / RSPPSYS][Running/Auto Start]
(\??\C:\Program Files\Rising\Rav\RSPPSYS.sys)(Rising)
[Secdrv / Secdrv][Stopped/Manual Start]
(system32\DRIVERS\secdrv.sys)(N/A)
[Intel 82801 Audio Driver (WDM) - SigmaTel Codec / STAC97][Running/Manual Start]
(system32\drivers\STAC97.sys)(SigmaTel, Inc.)
[Synaptics TouchPad Driver / SynTP][Running/Manual Start]
(system32\DRIVERS\SynTP.sys)(Synaptics, Inc.)



--------------------------------------------------------------------------------



浏览器加载项

[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx, )
[]
{C64E4E3D-AAA0-4081-B6A7-22A40AFBFD35} (C:\WINDOWS\system32\rs.obj, N/A)
[Shockwave Flash Object]
{DE8C8BF0-4A16-12DD-CBBD-789569C11983} (C:\WINDOWS\system32\FLD202~1.DLL, Macromedia,Inc.)
[bho Class]
{ED8DFC5C-10EF-45AB-9DC2-0639AFF5A270} (C:\PROGRA~1\COMMON~1\Wnwb\wnwbio.dll, 深圳世强软件开发部)
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} (D:\Program Files\QQ\QQ.EXE, TENCENT)
[HdwCode Control]
{52A05F4B-9F0C-4752-BB78-9B6DFD2DE9D5} (C:\WINDOWS\DOWNLO~1\HdwCode.ocx, home)
[163Uploader Control]
{8686F2A6-DC01-4E8F-BDE3-DCC7DBBAD6AE} (C:\WINDOWS\system32\163UPL~1.OCX, 广州网易互动娱乐有限公司)
[Submit Class]
{A3CD7F74-93C9-4BC4-B892-CCDF1514F714} (C:\WINDOWS\Downloaded Program Files\safein.dll, Beijing eChannels Century Technology Co.,Ltd)
[Ppinstall Control]
{CF051549-EDE1-40F5-B440-BCD646CF2C25} (C:\WINDOWS\DOWNLO~1\PPINST~1.OCX, 网易 NetEase)
[UpdateC2 Control]
{DC7094C6-8F61-42ED-AECE-63F5EEF647C5} (C:\PROGRA~1\UUSee\updateC2.ocx, N/A)
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx, )
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} (C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation)
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} (%SystemRoot%\system32\mshtml.dll, N/A)
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} (C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation)
[IEHandle Class]
{31EBA2E2-58B2-4980-9C41-F12F5F1422C5} (C:\Program Files\Common Files\Collegesoft\Share Components\TPHANDLE.dll, 江苏科建教育软件有限责任公司)
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} (C:\WINDOWS\system32\wmp.dll, Microsoft Corporation)
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} (C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation)
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} (C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation)
[]
{C64E4E3D-AAA0-4081-B6A7-22A40AFBFD35} (C:\WINDOWS\system32\rs.obj, N/A)
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} (C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.)
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} (C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.)
[Shockwave Flash Object]
{DE8C8BF0-4A16-12DD-CBBD-789569C11983} (C:\WINDOWS\system32\FLD202~1.DLL, Macromedia,Inc.)
[bho Class]
{ED8DFC5C-10EF-45AB-9DC2-0639AFF5A270} (C:\PROGRA~1\COMMON~1\Wnwb\wnwbio.dll, 深圳世强软件开发部)
[上传到QQ网络硬盘]
(D:\Program Files\QQ\AddToNetDisk.htm, N/A)
[导出到 Microsoft Office Excel(&X)]
(res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A)
[添加到QQ自定义面板]
(D:\Program Files\QQ\AddPanel.htm, N/A)
[添加到QQ表情]
(D:\Program Files\QQ\AddEmotion.htm, N/A)
[用QQ彩信发送该图片]
(D:\Program Files\QQ\SendMMS.htm, N/A)

正在运行的进程

[PID: 432][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 492][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1400][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\anifix1.dll] [N/A, ]
[C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.0.0.86]
[C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] [Autodesk, 16.0.0.86]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.10.11 13May04]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[PID: 1684][C:\Program Files\Rising\Rfw1\RfwMain.exe] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 70]
[C:\Program Files\Rising\Rfw1\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
[C:\WINDOWS\system32\anifix1.dll] [N/A, ]
[C:\Program Files\Rising\Rfw1\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\Program Files\Rising\Rfw1\RfwCtrl.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
[C:\Program Files\Rising\Rfw1\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
[C:\Program Files\Rising\Rfw1\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.10.11 13May04]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
[PID: 364][C:\Program Files\Synaptics\SynTP\SynTPLpr.exe] [Synaptics, Inc., 7.10.11 13May04]
[C:\WINDOWS\system32\anifix1.dll] [N/A, ]
[C:\WINDOWS\system32\SynCOM.dll] [Synaptics, Inc., 7.10.11 13May04]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.10.11 13May04]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
[PID: 392][C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] [Synaptics, Inc., 7.10.11 13May04]
[C:\WINDOWS\system32\anifix1.dll] [N/A, ]
[C:\WINDOWS\system32\SynCOM.dll] [Synaptics, Inc., 7.10.11 13May04]
[C:\WINDOWS\system32\SynTPAPI.dll] [Synaptics, Inc., 7.10.11 13May04]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.10.11 13May04]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
[PID: 1244][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3510]
[C:\WINDOWS\system32\anifix1.dll] [N/A, ]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.10.11 13May04]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
[PID: 1340][C:\Program Files\Rising\AntiSpyware\runiep.exe] [Beijing Rising Technology Co., Ltd., 1, 0, 1, 3]
[C:\WINDOWS\system32\anifix1.dll] [N/A, ]
[C:\Program Files\Rising\AntiSpyware\iep_ctrl.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.10.11 13May04]
[PID: 1324][D:\Program Files\zbnclient\zzgdipclient.exe] [N/A, ]
[C:\WINDOWS\system32\anifix1.dll] [N/A, ]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.10.11 13May04]
[D:\Program Files\zbnclient\pa01.dll] [N/A, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 1708][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\anifix1.dll] [N/A, ]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.10.11 13May04]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
[PID: 2664][D:\Program Files\TT\TTraveler.exe] [腾讯公司, 3.2.200.275]
[C:\WINDOWS\system32\anifix1.dll] [N/A, ]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.10.11 13May04]
[C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.0.0.86]
[D:\Program Files\TT\Plugins\QQFloatBar\QQFloatBar4TT2.dll] [腾讯公司, 1, 1, 0, 5]
[D:\Program Files\TT\Plugins\TWeather\TWeather.dll] [, 1, 0, 0, 3]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
[D:\Program Files\TT\PersonalDesktop.dll] [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 4]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx] [Adobe Systems, Inc., 9,0,16,0]
[C:\Program Files\wnwb2005\WNMKEY.DLL] [深圳世强软件开发部 www.wnwb.com , 2005, 7, 5, 1]
[C:\WINDOWS\system32\WNWBIO.IME] [深圳世强软件开发部 www.wnwb.com , 2005, 1, 31, 1]

[C:\WINDOWS\system32\msdmo.dll] [, ]
[C:\WINDOWS\system32\ffdshow.ax] [, 1.0.2.2028]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Ringz Studio\Storm Codec\Codecs\VSFilter.dll] [Gabest, 1, 0, 1, 3]
[C:\WINDOWS\system32\rmoc3260.dll] [RealNetworks, Inc., 6.0.9.2318]
[C:\WINDOWS\system32\PNCRT.dll] [Real Networks, Inc, 6.0.0.0]
[C:\Program Files\Real\RealPlayer\rpplugins\embd3260.dll] [RealNetworks, Inc., 6.0.12.1483]
[C:\Program Files\Common Files\Real\Common\pngu3267.dll] [RealNetworks, Inc., 6.7.0.2712]
[C:\Program Files\Common Files\Real\Common\pnrs3260.dll] [RealNetworks, Inc., 6.0.9.4068]
[C:\Program Files\Common Files\Real\Common\objb3201.dll] [RealNetworks, Inc., 0.1.0.6391]
[C:\Program Files\Real\RealPlayer\rpplugins\rpcl3260.dll] [RealNetworks, Inc., 6.0.9.3112]
[C:\Program Files\Real\RealPlayer\rpplugins\rput3260.dll] [RealNetworks, Inc., 6.0.9.3088]
[C:\Program Files\Common Files\Real\Common\pnen3260.dll] [RealNetworks, Inc., 10.0.0.1007]
[C:\Program Files\Common Files\Real\Plugins\zipf3260.dll] [RealNetworks, Inc., 6.0.8.2550]
[C:\Program Files\Common Files\Real\Plugins\vsrlocal.dll] [RealNetworks, Inc., 10.1.0.906]
[C:\Program Files\Common Files\Real\Plugins\vidsite.dll] [RealNetworks, Inc., 10.0.0.979]
[C:\Program Files\Common Files\Real\Plugins\clntxres.dll] [RealNetworks, Inc., 10.0.0.3694]
[C:\Program Files\Real\RealPlayer\lang\cdplay_cn.dll] [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealPlayer\lang\dbcomp_cn.dll] [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealPlayer\lang\embed_cn.dll] [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealPlayer\lang\gemctl_cn.dll] [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealPlayer\lang\pngui_cn.dll] [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealPlayer\lang\pdgenxfer_cn.dll] [N/A, ]
[C:\Program Files\Real\RealPlayer\lang\rjctl_cn.dll] [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealPlayer\lang\rjeq_cn.dll] [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealPlayer\lang\rjres_cn.dll] [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealPlayer\lang\rjskin_cn.dll] [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealPlayer\lang\rjviz_cn.dll] [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealPlayer\lang\rjfade_cn.dll] [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealPlayer\lang\rjdlg_cn.dll] [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealPlayer\lang\rjmisc_cn.dll] [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealPlayer\lang\rjprog_cn.dll] [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealPlayer\lang\rpapp_cn.dll] [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealPlayer\lang\rpclsvc_cn.dll] [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealPlayer\lang\rpclutil_cn.dll] [RealNetworks, Inc., 6.0.12.299]
[C:\Program Files\Real\RealPlayer\lang\rpdemand_cn.dll] [RealNetworks, Inc., 6.0.12.299]
[C:\Program Files\Real\RealPlayer\lang\rpdsplyr_cn.dll] [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealPlayer\lang\rpgutil_cn.dll] [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealPlayer\lang\rpmnpane_cn.dll] [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealPlayer\lang\rpplylst_cn.dll] [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealPlayer\lang\rpwebctl_cn.dll] [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealPlayer\lang\tcdinfo_cn.dll] [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealPlayer\lang\tclsvc_cn.dll] [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealPlayer\lang\tdwnmgr_cn.dll] [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealPlayer\lang\tmp3_cn.dll] [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealPlayer\lang\twave_cn.dll] [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealPlayer\lang\teasdk_cn.dll] [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealPlayer\lang\tearm_cn.dll] [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealPlayer\lang\tmdedit_cn.dll] [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Real\RealPlayer\lang\mydevices_cn.dll] [RealNetworks, Inc., 6.0.12.299]
[C:\Program Files\Common Files\Real\Plugins\memfsys.dll] [RealNetworks, Inc., 10.0.0.966]
[C:\WINDOWS\system32\msxml4.dll] [Microsoft Corporation, 4.20.9841.0]
[C:\Program Files\Common Files\Real\Plugins\httpfsys.dll] [RealNetworks, Inc., 10.0.0.2779]
[C:\Program Files\Real\RealPlayer\rpplugins\rpap3260.dll] [RealNetworks, Inc., 6.0.9.3039]
[C:\Program Files\Common Files\Real\Plugins\ramfformat.dll] [RealNetworks, Inc., 10.0.0.2223]
[C:\Program Files\Common Files\Real\Plugins\wm9fformat.dll] [RealNetworks, Inc., 1.0.0.1088]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[PID: 1240][C:\Program Files\wnwb2005\wnwb.exe] [深圳世强软件开发部 www.wnwb.com , 2005, 11, 19, 1]
[C:\WINDOWS\system32\anifix1.dll] [N/A, ]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.10.11 13May04]
[C:\Program Files\wnwb2005\WNMKEY.DLL] [深圳世强软件开发部 www.wnwb.com , 2005, 7, 5, 1]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
[PID: 2516][C:\DZH5\internet\hypwise.exe] [N/A, ]
[C:\WINDOWS\system32\anifix1.dll] [N/A, ]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.10.11 13May04]
[C:\DZH5\internet\olepro32.dll] [Microsoft Corporation, 5.0.4275]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
[PID: 1380][C:\WINDOWS\system32\wuauclt.exe] [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
[C:\WINDOWS\system32\anifix1.dll] [N/A, ]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.10.11 13May04]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
[PID: 1004][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\anifix1.dll] [N/A, ]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.10.11 13May04]
[C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.0.0.86]
[C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx] [, 1, 0, 0, 1]
[C:\WINDOWS\system32\rs.obj] [N/A, ]
[C:\WINDOWS\system32\FLD202~1.DLL] [Macromedia,Inc., 1, 0, 0, 1]
[C:\PROGRA~1\COMMON~1\Wnwb\wnwbio.dll] [深圳世强软件开发部, 2005, 8, 30, 1]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx] [Adobe Systems, Inc., 9,0,16,0]
[C:\Program Files\wnwb2005\WNMKEY.DLL] [深圳世强软件开发部 www.wnwb.com , 2005, 7, 5, 1]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[C:\WINDOWS\system32\ffdshow.ax] [, 1.0.2.2028]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Ringz Studio\Storm Codec\Codecs\VSFilter.dll] [Gabest, 1, 0, 1, 3]
[PID: 3772][C:\Program Files\WinRAR\WinRAR.exe] [Eugene Roshal, 3.30]
[C:\WINDOWS\system32\anifix1.dll] [N/A, ]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.10.11 13May04]
[C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.0.0.86]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
[PID: 3844][C:\DOCUME~1\ADMINI~1.BAO\LOCALS~1\Temp\Rar$EX00.576\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]
[C:\WINDOWS\system32\anifix1.dll] [N/A, ]
[C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.10.11 13May04]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]

文件关联

.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]



--------------------------------------------------------------------------------



Winsock 提供者

N/A



--------------------------------------------------------------------------------



Autorun.inf

N/A



--------------------------------------------------------------------------------



HOSTS 文件

127.0.0.1 localhost



--------------------------------------------------------------------------------



API HOOK

N/A



--------------------------------------------------------------------------------



隐藏进程

N/A

就是上图的这几个，瑞星一直提示~~杀不掉~~

顶顶~~~表沉了~~~

顶顶~~~

顶顶~~