[code]2010-05-02,16:21:20
System Repair Engineer 2.8.2.1321
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中：
  用户系统信息：Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; TencentTraveler 4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)

Hijack Hunter 1.1.0.0
http://www.novirusthanks.org
日志创建于 2010-5-2 at 下午 04:28:43

[+] 系统基本信息

操作系统: Microsoft Windows XP Service Pack 2 32-bit OS
Build Version: 2600.xpsp_sp2_gdr.100216-1441
Internet Explorer: 8.0.6001.18702
System Folder: C:\WINDOWS\system32

[+] 运行进程

C:\Program Files\Rising\Rav\RavMonD.exe (191128 bytes) (Beijing Rising Information Technology Co., Ltd.) (cde5ccfc56693a009f7acc17a32612d3)
C:\Program Files\Rising\Rfw\RavMonD.exe (191128 bytes) (Beijing Rising Information Technology Co., Ltd.) (cde5ccfc56693a009f7acc17a32612d3)
E:\ksm3\KSM3.0\ksmsvc.exe (140696 bytes) (Unknown) (4e4d9f75412e7c6eea77f2a21283ba6c)
C:\WINDOWS\system32\nvsvc32.exe (155715 bytes) (NVIDIA Corporation) (986d6666e076afd2b60acafd5b01a00f)
C:\WINDOWS\stsystra.exe (282624 bytes) (SigmaTel, Inc.) (289bdc9e5681bd1be0fb871c460bd254)
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (226656 bytes) (Microsoft Corp.) (d358e077a0a05d9b12da22d137ee8464)
C:\Program Files\Rising\AntiSpyware\rstray.exe (215704 bytes) (Beijing Rising Information Technology Co., Ltd.) (1b3e1ce0c35f56aca235267007b6fc17)
C:\Program Files\Rising\Rav\RsTray.exe (178840 bytes) (Beijing Rising Information Technology Co., Ltd.) (0133b0acda832cf8e8c585641665282f)
C:\Program Files\Rising\Rfw\RsTray.exe (178840 bytes) (Beijing Rising Information Technology Co., Ltd.) (0133b0acda832cf8e8c585641665282f)
C:\WINDOWS\system32\wdfmgr.exe (38912 bytes) (Microsoft Corporation) (ab0a7ca90d9e3d6a193905dc1715ded0)
C:\Program Files\Common Files\Real\Update_OB\realsched.exe (202256 bytes) (RealNetworks, Inc.) (e2724029d3648c2eb226d16678727fa9)
E:\QQ\Bin\QQ.exe (144760 bytes) (Tencent) (aab5ea901f37cb9d13c457d89e4bdb63)
E:\QQ\Bin\TXPlatform.exe (152952 bytes) (Tencent) (d676cf8e30c39dbc587476cad491ad62)
E:\TT\bin\TTraveler.exe (995192 bytes) (Tencent) (01a741f9bc796eeaae40e291252fd9a7)
E:\TT\bin\TSVulFWMan.exe (21368 bytes) (Tencent) (020a2efdc85492b47d6dfe9344b91ca5)
C:\Program Files\Rising\AntiSpyware\knownsvr.exe (469616 bytes) (Beijing Rising Information Technology Co., Ltd.) (362ff6f3924244c8a9eee809f3e32683)
C:\Program Files\WinRAR\WinRAR.exe (847360 bytes) (Unknown) (6ddfe95ff49a876d4f8525f8e0a1d1f8)
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX01.625\HijackHunter.exe (441856 bytes) (NoVirusThanks Company Srl) (4b61f927ae05cbccf4c8231e0a316fa9)

[+] 加载模块

C:\WINDOWS\system32\msacm32.drv (20480 bytes) (Microsoft Corporation) (f6dccd16f92358594eea83a1144f52b9)
C:\Program Files\Rising\Rav\combase.dll (207512 bytes) (Beijing Rising Information Technology Co., Ltd.) (e03e645f569da5cd503acd851fbb7838)
C:\Program Files\Rising\Rav\cnt09.dll (547480 bytes) (Beijing Rising Information Technology Co., Ltd.) (f2da5514295f92d2ceb64bf4c31b6551)
C:\Program Files\Rising\Rav\moncomm.dll (101016 bytes) (Beijing Rising Information Technology Co., Ltd.) (a5005826bfbeceada1454efac6f84b6a)
C:\Program Files\Rising\Rav\MonBase.dll (121456 bytes) (Beijing Rising Information Technology Co., Ltd.) (c0b8790cff1f5e36e822b15061b7103d)
C:\Program Files\Rising\Rav\Rslog.dll (539288 bytes) (Beijing Rising Information Technology Co., Ltd.) (fba0eb000c7e5d158777e77e938cf976)
C:\Program Files\Rising\Rav\mondrv.dll (101016 bytes) (Beijing Rising Information Technology Co., Ltd.) (72312f34862d5cd262b1fc538f6b7114)
C:\Program Files\Rising\Rav\defmon.dll (187032 bytes) (Beijing Rising Information Technology Co., Ltd.) (87c3edbd6c5a5d9495d56af4d54f5ae4)
C:\Program Files\Rising\Rav\moncom08.dll (68208 bytes) (Beijing Rising Information Technology Co., Ltd.) (1228be9732c11a4bff637d671da06fc4)
C:\Program Files\Rising\Rav\MonRule.dll (514712 bytes) (Beijing Rising Information Technology Co., Ltd.) (050d9ad3cdd879af674b7eb4d5aba7bb)
C:\Program Files\Rising\Rav\FileMon.dll (158360 bytes) (Beijing Rising Information Technology Co., Ltd.) (0251e64c4ff4069fb504ed6b8abd8e2d)
C:\Program Files\Rising\Rav\MailMon.dll (158360 bytes) (Beijing Rising Information Technology Co., Ltd.) (db8e92ea9ebcba497c67dc22f11a80f7)
C:\Program Files\Rising\Rav\HookWeb.dll (84632 bytes) (Beijing Rising Information Technology Co., Ltd.) (5945eceb5a222ab34db95168436a81f1)
C:\Program Files\Rising\Rav\rsindent.dll (572056 bytes) (Beijing Rising Information Technology Co., Ltd.) (90904e491ac6516090a8a8026f36beda)
C:\Program Files\Rising\Rav\Syslay.dll (100976 bytes) (Beijing Rising Information Technology Co., Ltd.) (0048c959e7105ee25df11258bf806cc1)
C:\Program Files\Rising\Rav\taskplug.dll (96920 bytes) (Beijing Rising Information Technology Co., Ltd.) (fb77201fa34933bf2a84b5dbb86509e0)
C:\Program Files\Rising\Rav\scansrvp.dll (76440 bytes) (Beijing Rising Information Technology Co., Ltd.) (be41632c24ee07ece5486242f099a577)
C:\Program Files\Rising\Rav\cnt08.dll (109168 bytes) (Beijing Rising Information Technology Co., Ltd.) (3b49bd11fd21a304f8eb3e749ccacacd)
C:\Program Files\Rising\Rav\proccomm.dll (101016 bytes) (Beijing Rising Information Technology Co., Ltd.) (ae4a3a533f165b055ec088a692fc4e9a)
C:\Program Files\Rising\Rav\RSAPPMGR.dll (64152 bytes) (Beijing Rising Information Technology Co., Ltd.) (9993cae186bc04c4103c9c4663dd620e)
C:\Program Files\Rising\Rav\CfgDll.dll (277144 bytes) (Beijing Rising Information Technology Co., Ltd.) (0c0a56d49fa8d9ee193f9eaa7b3125b1)
C:\Program Files\Rising\Rav\comx3.dll (182896 bytes) (Beijing Rising Information Technology Co., Ltd.) (41a70b49ea7b39ccc471e12727bb6146)
C:\Program Files\Rising\Rav\Hooksys.dll (133784 bytes) (Beijing Rising Information Technology Co., Ltd.) (df226ee9f58c6910f64008dc89a7a2f2)
C:\Program Files\Rising\Rav\ProcCom.dll (125552 bytes) (Beijing Rising Information Technology Co., Ltd.) (9c00cdef1a2fdcaf8955e623e8cc9e17)
C:\Program Files\Rising\Rav\RsCommX2.dll (141936 bytes) (Beijing Rising Information Technology Co., Ltd.) (eff42f658c2ab6060367ac6bd8073ce7)
C:\Program Files\Rising\Rav\HookCont.dll (80496 bytes) (Beijing Rising Information Technology Co., Ltd.) (933accabcf62a1a7274e102ce8fa778c)
C:\Program Files\Rising\Rav\BACore.dll (479896 bytes) (Beijing Rising Information Technology Co., Ltd.) (495295e6fed9296dda94b5c9c75ebb91)
C:\Program Files\Rising\Rav\recomp.dll (248472 bytes) (Beijing Rising Information Technology Co., Ltd.) (38ec1460692691dc95e158f3ff22247f)
C:\Program Files\Rising\Rav\refs.dll (232048 bytes) (Beijing Rising Information Technology Co., Ltd.) (b1da94c92e25b97969b3dc6ca311f6b7)
C:\Program Files\Rising\Rav\viruslib.dll (199320 bytes) (Beijing Rising Information Technology Co., Ltd.) (270eea4f7a31edf0adea47c9e94d384d)
C:\Program Files\Rising\Rav\relibldr.dll (170608 bytes) (Beijing Rising Information Technology Co., Ltd.) (ea4f0442ac74ef2eef722e6187b66d0d)
C:\Program Files\Rising\Rav\rsnetsvr.dll (514712 bytes) (Beijing Rising Information Technology Co., Ltd.) (8c8b4a61f2f711c6b83cb6f31a0e64ed)
C:\Program Files\Rising\Rav\bawhite.dll (88728 bytes) (Beijing Rising Information Technology Co., Ltd.) (367e9309315eae2286d6108d85e66e46)
C:\Program Files\Rising\Rav\RSStore.dll (174744 bytes) (Beijing Rising Information Technology Co., Ltd.) (198107874a549f8f8ee7d5158d868dba)
C:\Program Files\Rising\Rav\Scanner.dll (273048 bytes) (Beijing Rising Information Technology Co., Ltd.) (2c4d7e8e638a9cf49c783dd0495e4baa)
C:\Program Files\Rising\Rav\ScanAdd.dll (109208 bytes) (Beijing Rising Information Technology Co., Ltd.) (351df3086bda33f93726ba9c3f3af727)
C:\Program Files\Rising\Rav\rstask.dll (162456 bytes) (Beijing Rising Information Technology Co., Ltd.) (171bfce9148261e0abddbfac012e9c62)
C:\Program Files\Rising\Rav\rsstub.dll (96880 bytes) (Beijing Rising Information Technology Co., Ltd.) (4b50306338351bcb1c1b331494c719a5)
C:\Program Files\Rising\Rav\ScanSrv.dll (105112 bytes) (Beijing Rising Information Technology Co., Ltd.) (2ff7b14775a4a9cd8700aa0f6425c539)
C:\Program Files\Rising\Rav\scanpe.dll (182936 bytes) (Beijing Rising Information Technology Co., Ltd.) (3a2b6c9099c0fb2a73d251e8bc361fb6)
C:\Program Files\Rising\Rav\pearc.dll (170648 bytes) (Beijing Rising Information Technology Co., Ltd.) (7be7e961175ef64446203c2a60bcfa93)
C:\Program Files\Rising\Rav\ur000.dat (109208 bytes) (Beijing Rising Information Technology Co., Ltd.) (dbba1103dbd5e80ae4c4eb20fcf936ca)
C:\Program Files\Rising\Rav\urutils.dll (219760 bytes) (Beijing Rising Information Technology Co., Ltd.) (48d63ea7f67280b474fb605ba7bf669b)
C:\Program Files\Rising\Rav\revm.dll (719512 bytes) (Beijing Rising Information Technology Co., Ltd.) (8684b795dff9b45ccc4875085cf525e0)
C:\Program Files\Rising\Rav\ffr.dll (203416 bytes) (Beijing Rising Information Technology Co., Ltd.) (d73c2e0f1ea292c264c0a10cac122d73)
C:\Program Files\Rising\Rav\nvfile.dll (137840 bytes) (Beijing Rising Information Technology Co., Ltd.) (7815592d06c7c1880f2a3e0b053f997e)
C:\Program Files\Rising\Rav\scanexec.dll (277104 bytes) (Beijing Rising Information Technology Co., Ltd.) (90a3b0815f8bc1a80b48e135f5c13967)
C:\Program Files\Rising\Rav\unexe.dll (838256 bytes) (Beijing Rising Information Technology Co., Ltd.) (75b6ee4fb02a13f8c1b69e70fb47ab99)
C:\Program Files\Rising\Rav\scanex.dll (924312 bytes) (Beijing Rising Information Technology Co., Ltd.) (9d3039212e8de45b3ce97ffd907c2896)
C:\Program Files\Rising\Rav\scansct.dll (141976 bytes) (Beijing Rising Information Technology Co., Ltd.) (ff5731ecce9b341da1e54f7c5012d5a2)
C:\Program Files\Rising\Rav\extmail.dll (240280 bytes) (Beijing Rising Information Technology Co., Ltd.) (94c97e8b6cd849ab0a31530f03264898)
C:\Program Files\Rising\Rav\ur001.dat (72304 bytes) (Beijing Rising Information Technology Co., Ltd.) (8c329fdad7d44b633bcf74b36c76a106)
C:\Program Files\Rising\Rav\scantj.dll (72344 bytes) (Beijing Rising Information Technology Co., Ltd.) (fccb92b5ce58d3ef55a7a003e227ee29)
C:\Program Files\Rising\Rav\methodex.dll (543384 bytes) (Beijing Rising Information Technology Co., Ltd.) (a169147232a1f5a4a493fe24885fe090)
C:\Program Files\Rising\Rav\heurex.dll (260760 bytes) (Beijing Rising Information Technology Co., Ltd.) (f48cf3f061784dc77802be53a9ec4036)
C:\Program Files\Rising\Rav\pecompd.dll (141976 bytes) (Beijing Rising Information Technology Co., Ltd.) (0928de7e9bcb09ecc6933a94601e3b4d)
C:\Program Files\Rising\Rfw\combase.dll (207512 bytes) (Beijing Rising Information Technology Co., Ltd.) (e03e645f569da5cd503acd851fbb7838)
C:\Program Files\Rising\Rfw\cnt09.dll (547480 bytes) (Beijing Rising Information Technology Co., Ltd.) (f2da5514295f92d2ceb64bf4c31b6551)
C:\Program Files\Rising\Rfw\MonBase.dll (121456 bytes) (Beijing Rising Information Technology Co., Ltd.) (c0b8790cff1f5e36e822b15061b7103d)
C:\Program Files\Rising\Rfw\MonComm.dll (101016 bytes) (Beijing Rising Information Technology Co., Ltd.) (a5005826bfbeceada1454efac6f84b6a)
C:\Program Files\Rising\Rfw\rfwlog.dll (531096 bytes) (Beijing Rising Information Technology Co., Ltd.) (3a89e54e2aec7770073765467b34031b)
C:\Program Files\Rising\Rfw\rfwrule.dll (41624 bytes) (Beijing Rising Information Technology Co., Ltd.) (64c0534cc336fe9d09f86cb953c3781b)
C:\WINDOWS\system32\MSVCP71.dll (499712 bytes) (Microsoft Corporation) (561fa2abb31dfa8fab762145f81667c2)
C:\WINDOWS\system32\MSVCR71.dll (348160 bytes) (Microsoft Corporation) (86f1895ae8c5e8b17d99ece768a70732)
C:\Program Files\Rising\Rfw\rfwsrv.dll (305816 bytes) (Beijing Rising Information Technology Co., Ltd.) (2cc5c78f8f0c52e04b2d7512e1b5b3c0)
C:\Program Files\Rising\Rfw\Syslay.dll (100976 bytes) (Beijing Rising Information Technology Co., Ltd.) (0048c959e7105ee25df11258bf806cc1)
C:\Program Files\Rising\Rfw\mPorts.dll (109208 bytes) (Beijing Rising Information Technology Co., Ltd.) (838afc91a6fd5069059934e4c57e4ca4)
C:\Program Files\Rising\Rfw\rfwdrvc.dll (72344 bytes) (Beijing Rising Information Technology Co., Ltd.) (e2434cdb0ed332b4dd6a4141347b4605)
C:\Program Files\Rising\Rfw\Rfwdrv.dll (72344 bytes) (Beijing Rising Information Technology Co., Ltd.) (217f9f6ad8ca567ee4b76629dd791934)
C:\Program Files\Rising\Rfw\RfwArp.dll (64152 bytes) (Beijing Rising Information Technology Co., Ltd.) (95a3e30a7a7e67336d00f1b461a046b9)
C:\Program Files\Rising\Rfw\rsnetsvr.dll (514712 bytes) (Beijing Rising Information Technology Co., Ltd.) (8c8b4a61f2f711c6b83cb6f31a0e64ed)
C:\Program Files\Rising\Rfw\urlrule.dll (84632 bytes) (Beijing Rising Information Technology Co., Ltd.) (0876a2a40394d7c096e0b7cfc2ce0532)
C:\Program Files\Rising\Rfw\comx3.dll (182896 bytes) (Beijing Rising Information Technology Co., Ltd.) (41a70b49ea7b39ccc471e12727bb6146)
C:\Program Files\Rising\Rfw\recomp.dll (248472 bytes) (Beijing Rising Information Technology Co., Ltd.) (38ec1460692691dc95e158f3ff22247f)
C:\Program Files\Rising\Rfw\refs.dll (232048 bytes) (Beijing Rising Information Technology Co., Ltd.) (b1da94c92e25b97969b3dc6ca311f6b7)
C:\Program Files\Rising\Rfw\viruslib.dll (199320 bytes) (Beijing Rising Information Technology Co., Ltd.) (270eea4f7a31edf0adea47c9e94d384d)
C:\Program Files\Rising\Rfw\relibldr.dll (170608 bytes) (Beijing Rising Information Technology Co., Ltd.) (ea4f0442ac74ef2eef722e6187b66d0d)
C:\Program Files\Rising\Rfw\rfwproxy.dll (207512 bytes) (Beijing Rising Information Technology Co., Ltd.) (0968a010df6489dd721fba25bddd9e44)
C:\WINDOWS\system32\Normaliz.dll (23552 bytes) (Microsoft Corporation) (10753a3adc3e39a3b10cc3f08e98e6b4)
C:\WINDOWS\system32\iertutil.dll (1985536 bytes) (Microsoft Corporation) (95825f207451c184cf341255b2212249)
C:\Program Files\Rising\Rfw\rslang.dll (137880 bytes) (Beijing Rising Information Technology Co., Ltd.) (697393919436836ac17dace077e2e14d)
C:\Program Files\Rising\Rfw\rsindent.dll (572056 bytes) (Beijing Rising Information Technology Co., Ltd.) (90904e491ac6516090a8a8026f36beda)
C:\Program Files\Rising\Rfw\taskplug.dll (96920 bytes) (Beijing Rising Information Technology Co., Ltd.) (fb77201fa34933bf2a84b5dbb86509e0)
C:\Program Files\Rising\Rfw\RSAPPMGR.dll (64152 bytes) (Beijing Rising Information Technology Co., Ltd.) (9993cae186bc04c4103c9c4663dd620e)
C:\Program Files\Rising\Rfw\CfgDll.dll (277144 bytes) (Beijing Rising Information Technology Co., Ltd.) (0c0a56d49fa8d9ee193f9eaa7b3125b1)
C:\Program Files\Rising\Rfw\proccomm.dll (101016 bytes) (Beijing Rising Information Technology Co., Ltd.) (ae4a3a533f165b055ec088a692fc4e9a)
C:\Program Files\Rising\Rfw\NComm2.dll (117400 bytes) (Beijing Rising Information Technology Co., Ltd.) (403176f318e64d2dadfaa994205b15ac)
C:\Program Files\Rising\Rfw\rstask.dll (162456 bytes) (Beijing Rising Information Technology Co., Ltd.) (171bfce9148261e0abddbfac012e9c62)
C:\Program Files\Rising\Rfw\rsstub.dll (96880 bytes) (Beijing Rising Information Technology Co., Ltd.) (4b50306338351bcb1c1b331494c719a5)
C:\Program Files\Rising\Rfw\urllib.dll (60056 bytes) (Beijing Rising Information Technology Co., Ltd.) (cf7433855f8af8847be492b38fd5e278)
C:\WINDOWS\system32\wups2.dll (44768 bytes) (Microsoft Corporation) (5bd1234e11b39c63bba87022af6d43c2)

E:\ksm3\KSM3.0\kdump.dll (210328 bytes) (Kingsoft Corporation) (1ea0dbaf96d7dae2d521eb9101af7366)
E:\ksm3\KSM3.0\kxestat.dll (266648 bytes) (Kingsoft Corporation) (6f2c4e5de8f3f003557b5e3163d0235e)
E:\ksm3\KSM3.0\kxebase.dll (63000 bytes) (Kingsoft Corporation) (fed50c819682282e0da9094ec0c6209a)
E:\ksm3\KSM3.0\scom.dll (67088 bytes) (Kingsoft Corporation) (358bca6f7befaf8b9f135d4a15a6fb61)
E:\ksm3\KSM3.0\kxecore\kxelog.dll (34328 bytes) (Kingsoft Corporation) (c48dcb35a666d2299ae26024d8b0a0dd)
E:\ksm3\KSM3.0\kxecore\kxecore.dll (120344 bytes) (Kingsoft Corporation) (95780091283446c0f5d03239ff98db32)
E:\ksm3\KSM3.0\kxecore\kxestat.dll (266648 bytes) (Kingsoft Corporation) (6f2c4e5de8f3f003557b5e3163d0235e)
E:\ksm3\KSM3.0\ksmcorex.dll (874904 bytes) (Kingsoft Corporation) (056dc6bb48c5733c21c832f39fb116ff)
E:\ksm3\KSM3.0\COMRes.dll (615936 bytes) (Microsoft Corporation) (b28585002eed6f4e45a5c084b7c7255d)
E:\ksm3\KSM3.0\kcldrep.dll (402840 bytes) (Kingsoft Corporation) (cb227cc2d7cba978ce19d5d55c2856f0)
E:\ksm3\KSM3.0\sqlite.dll (353800 bytes) (Unknown) (effb0640cb1a1fb876dbe828ca68555d)
E:\ksm3\KSM3.0\ksbwsspx.dll (169368 bytes) (Kingsoft Corporation) (8c5475d9c0e2da2b33aec19c1bb50a81)
E:\ksm3\KSM3.0\kavifr.dll (206232 bytes) (Kingsoft Corporation) (4c26b0a66adc255ac06880739e5f1e4d)
E:\ksm3\KSM3.0\ksbwdet.dll (294808 bytes) (Kingsoft Corporation) (24a03538df3e263ba6a6842e4459eaa7)
E:\ksm3\KSM3.0\ksreng.dll (1255320 bytes) (Kingsoft Corporation) (3afdc1e3449363f4e6eba182aafcee33)
E:\ksm3\KSM3.0\ksbwquar.dll (140696 bytes) (Unknown) (878c1384a2212ced879dbb9a9e716737)
E:\ksm3\KSM3.0\khandler.dll (44440 bytes) (Kingsoft Corporation) (a9020d65f67a01211c57f81bee0f0785)
E:\ksm3\KSM3.0\ksedetect.dll (83352 bytes) (Unknown) (3c0aa4b207a866627b33f7bbde888c12)
E:\ksm3\KSM3.0\wss\ksecsk.dll (100968 bytes) (Kingsoft Corporation) (36e4c72e00f3f7ba3de061e03d61c253)
E:\ksm3\KSM3.0\wss\ksecore.dll (469608 bytes) (Kingsoft Corporation) (c205533b8afe2c36f4dc514af61a92b5)
E:\ksm3\KSM3.0\wss\kspfeng.dll (920168 bytes) (Kingsoft Corporation) (19e6308377d63a2b244980decddee1ec)
E:\ksm3\KSM3.0\wss\kae\kaecore.dat (304536 bytes) (Kingsoft Corporation) (0295ce5948cbc578fc476a253407764c)
E:\ksm3\KSM3.0\wss\ksejob.dll (125544 bytes) (Kingsoft Corporation) (0963c6a40599e631edbd2a95032a9659)
C:\WINDOWS\system32\ieframe.dll (11070976 bytes) (Microsoft Corporation) (0d5c62e6462fee517c7fb3b64a58ef1b)
E:\ksm3\KSM3.0\wss\kae\karchive.dat (83352 bytes) (Kingsoft Corporation) (673874926eca6c228db14f35ba7d87a4)
E:\ksm3\KSM3.0\wss\kae\kaearcha.dat (91544 bytes) (Kingsoft Corporation) (ba6cf96cf8cec2af7a0c5cd685e76fca)
E:\ksm3\KSM3.0\wss\kae\kaeolea.dat (148888 bytes) (Kingsoft Corporation) (488368d623ac40af82340546fc3ed58b)
E:\ksm3\KSM3.0\wss\kae\kaearchb.dat (775576 bytes) (Kingsoft Corporation) (a89c7fde671f4cfa9fb81a79e275c0d2)
E:\ksm3\KSM3.0\wss\kae\kaeunpak.dat (87448 bytes) (Kingsoft Corporation) (39ce6ed86ad3d0b58d8bfc1ee36e998b)
E:\ksm3\KSM3.0\wss\kae\kaeunpack.dat (348432 bytes) (Kingsoft Corporation) (211b8075eec8a8c6f462077354a4fe1c)
E:\ksm3\KSM3.0\wss\kae\kaecoref.dat (91544 bytes) (Kingsoft Corporation) (fce9c9d61cc5dbd729d9c98bf46e8bd1)
E:\ksm3\KSM3.0\wss\kae\kaecoreb.dat (116120 bytes) (Kingsoft Corporation) (a2f887b76c479710756d46340b07cd74)
C:\Program Files\WinRAR\rarext.dll (121344 bytes) (Unknown) (db85440d8d5cfede55eab0f44edfb16f)
C:\Program Files\Rising\AntiSpyware\RegCall.dll (80536 bytes) (Beijing Rising Information Technology Co., Ltd.) (700cd529c29e7395bceec3471d34230a)
C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll (40960 bytes) (Unknown) (9d43a02dc4fa25597ce4d9bc1aaed01b)
C:\WINDOWS\system32\RavExt.dll (146072 bytes) (Beijing Rising Information Technology Co., Ltd.) (0fff58ddf2869a1e7cff3fe27485b493)
C:\WINDOWS\system32\KakaExt.dll (146072 bytes) (Beijing Rising Information Technology Co., Ltd.) (3e0cae37844143089aa64d729e62cd1b)
E:\TT\bin\TSVulFW.DAT (98304 bytes) (Tencent) (0dee66730321082277e428b0dfb362e2)
C:\WINDOWS\system32\mdimon.dll (28040 bytes) (Microsoft Corporation) (322fd75a97dba67fc8f97a9957f857f1)
C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll (28552 bytes) (Microsoft Corporation) (ea8647a21bcb56c5f15712d4b7407501)
C:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll (89088 bytes) (Microsoft Corporation) (8a2dbd51d349085ef8469cf4d0bc186d)
C:\WINDOWS\system32\nvapi.dll (196608 bytes) (Unknown) (8bd6b5cb286ec8829356f5f9e4aedbae)
C:\WINDOWS\system32\STLang.dll (1093632 bytes) (SigmaTel, Inc.) (544705bd006cfdadd49c942658602f4a)
C:\WINDOWS\system32\stacapi.dll (225280 bytes) (SigmaTel, Inc.) (ebf4a4251a7174b6c94af0455c8181dd)
C:\Program Files\Microsoft\Search Enhancement Pack\SeaShadow\SEASHADO.dll (142176 bytes) (Microsoft Corp.) (1755f4933644f656c7f30bfb81a8ecd0)
C:\WINDOWS\system32\NvMcTray.dll (86016 bytes) (NVIDIA Corporation) (9ffa0f0822246ba7cec9e55ad1c77ff8)
C:\WINDOWS\system32\NVRSZHC.DLL (221184 bytes) (NVIDIA Corporation) (7e3976ae38f9268dad60a39e4ed1c674)
C:\Program Files\Rising\AntiSpyware\rsmginfo.dll (314008 bytes) (Beijing Rising Information Technology Co., Ltd.) (d1b577553a0ffbd4ede21d3a4bffd3a2)
C:\Program Files\Rising\AntiSpyware\RsXML.dll (236184 bytes) (Beijing Rising Information Technology Co., Ltd.) (0fd209c3a3a690bffad704e20278dbad)
C:\Program Files\Rising\AntiSpyware\ComServ.dll (154264 bytes) (Beijing Rising Information Technology Co., Ltd.) (9381a02b0a877f528abdaacb4abb97b9)
C:\Program Files\Rising\AntiSpyware\Syslay.dll (100976 bytes) (Beijing Rising Information Technology Co., Ltd.) (33788884077c48aa20d6b09f7b415ebf)
C:\Program Files\Rising\AntiSpyware\MSVCP71.dll (499712 bytes) (Microsoft Corporation) (561fa2abb31dfa8fab762145f81667c2)
C:\Program Files\Rising\AntiSpyware\MSVCR71.dll (348160 bytes) (Microsoft Corporation) (86f1895ae8c5e8b17d99ece768a70732)
C:\Program Files\Rising\AntiSpyware\rscommon.dll (150128 bytes) (Beijing Rising Information Technology Co., Ltd.) (16c313a295393c4774b96d30f9cc9b56)
C:\Program Files\Rising\AntiSpyware\comx3.dll (182896 bytes) (Beijing Rising Information Technology Co., Ltd.) (41a70b49ea7b39ccc471e12727bb6146)
C:\Program Files\Rising\AntiSpyware\rsxml1.dll (146072 bytes) (Beijing Rising Information Technology Co., Ltd.) (a40e564a7db97dd00b6585827c3cbbe5)
C:\Program Files\Rising\AntiSpyware\pngdll.dll (264816 bytes) (Beijing Rising Information Technology Co., Ltd.) (57f7d65f25bcd1e6d646662d53bbec4d)
C:\Program Files\Rising\AntiSpyware\runiep.dll (473752 bytes) (Beijing Rising Information Technology Co., Ltd.) (9bc48d8f7642845f514156d77db9fd3d)
C:\Program Files\Rising\AntiSpyware\NComm.dll (215664 bytes) (Beijing Rising Information Technology Co., Ltd.) (e2fa9bedc4b6d2609483b69fab1049eb)
C:\Program Files\Rising\AntiSpyware\RsCommX2.dll (141936 bytes) (Beijing Rising Information Technology Co., Ltd.) (eff42f658c2ab6060367ac6bd8073ce7)
C:\Program Files\Rising\Rav\comserv.dll (203416 bytes) (Beijing Rising Information Technology Co., Ltd.) (dd4a2e452aa9a22a14136282819aec26)
C:\Program Files\Rising\Rav\rslang.dll (137880 bytes) (Beijing Rising Information Technology Co., Ltd.) (697393919436836ac17dace077e2e14d)
C:\Program Files\Rising\Rav\rsxml.dll (236184 bytes) (Beijing Rising Information Technology Co., Ltd.) (9ac7e5df2e5f603272bfbcc543063db2)
C:\Program Files\Rising\Rav\MonState.dll (80496 bytes) (Beijing Rising Information Technology Co., Ltd.) (cfdd46a7744baaa6d8b39a876f7b040c)
C:\Program Files\Rising\Rav\ScanEvnt.dll (88728 bytes) (Beijing Rising Information Technology Co., Ltd.) (c568e26c0cecf4f04bf379d703ff5cea)
C:\Program Files\Rising\Rav\rsguilib.dll (494232 bytes) (Beijing Rising Information Technology Co., Ltd.) (4833e9032d27732b966e5982775ebea5)
C:\Program Files\Rising\Rav\rsconf.dll (92824 bytes) (Beijing Rising Information Technology Co., Ltd.) (49d3b1b8c734db22cc80d432ff224f64)
C:\Program Files\Rising\Rav\rspalvd.dll (137880 bytes) (Beijing Rising Information Technology Co., Ltd.) (4827ce4efc53ddcf40a197397b8d4948)
C:\Program Files\Rising\Rav\ravbintl.dll (158360 bytes) (Beijing Rising Information Technology Co., Ltd.) (869829571ef24e47f8012a69ce75e042)
C:\Program Files\Rising\Rav\mruleui.dll (510616 bytes) (Beijing Rising Information Technology Co., Ltd.) (fc42e4b843eef4c46f4eee5c92e9b751)
C:\Program Files\Rising\Rav\MonTray.dll (510616 bytes) (Beijing Rising Information Technology Co., Ltd.) (2993ae8b94afbeb54c45c2bf8ea23116)
C:\Program Files\Rising\Rav\RavITray.dll (129688 bytes) (Beijing Rising Information Technology Co., Ltd.) (5467a3ea260013c718cd20ffd6040255)
C:\Program Files\Rising\Rav\rsmginfo.dll (314008 bytes) (Beijing Rising Information Technology Co., Ltd.) (d1b577553a0ffbd4ede21d3a4bffd3a2)
C:\Program Files\Rising\Rav\scanleak.dll (80536 bytes) (Beijing Rising Information Technology Co., Ltd.) (6099048f68cbcaeff4ffb659732758b1)
C:\Program Files\Rising\Rav\ravppops.dll (555672 bytes) (Beijing Rising Information Technology Co., Ltd.) (bf7ef559d751fb2c69fe86e6afe5cdba)
C:\Program Files\Rising\Rav\PngDll.dll (264816 bytes) (Beijing Rising Information Technology Co., Ltd.) (9e066ad3fcedfbed7022414922f91dcb)
C:\Program Files\Rising\Rav\ScanPrxy.dll (522904 bytes) (Beijing Rising Information Technology Co., Ltd.) (79ee7d4666597d8315ff0c5d5829c4c3)
C:\Program Files\Rising\Rfw\comserv.dll (203416 bytes) (Beijing Rising Information Technology Co., Ltd.) (dd4a2e452aa9a22a14136282819aec26)
C:\Program Files\Rising\Rfw\rsxml.dll (236184 bytes) (Beijing Rising Information Technology Co., Ltd.) (9ac7e5df2e5f603272bfbcc543063db2)
C:\Program Files\Rising\Rfw\MonState.dll (80496 bytes) (Beijing Rising Information Technology Co., Ltd.) (cfdd46a7744baaa6d8b39a876f7b040c)
C:\Program Files\Rising\Rfw\rsconf.dll (92824 bytes) (Beijing Rising Information Technology Co., Ltd.) (49d3b1b8c734db22cc80d432ff224f64)
C:\Program Files\Rising\Rfw\rspalvd.dll (137880 bytes) (Beijing Rising Information Technology Co., Ltd.) (4827ce4efc53ddcf40a197397b8d4948)
C:\Program Files\Rising\Rfw\rsguilib.dll (494232 bytes) (Beijing Rising Information Technology Co., Ltd.) (4833e9032d27732b966e5982775ebea5)
C:\Program Files\Rising\Rfw\ravbintl.dll (158360 bytes) (Beijing Rising Information Technology Co., Ltd.) (869829571ef24e47f8012a69ce75e042)
C:\Program Files\Rising\Rfw\rsmginfo.dll (314008 bytes) (Beijing Rising Information Technology Co., Ltd.) (d1b577553a0ffbd4ede21d3a4bffd3a2)
C:\Program Files\Rising\Rfw\rfwtray.dll (334488 bytes) (Beijing Rising Information Technology Co., Ltd.) (7365f8d4292056dfa02650642d8dbb07)
C:\Program Files\Rising\Rfw\ravppops.dll (555672 bytes) (Beijing Rising Information Technology Co., Ltd.) (bf7ef559d751fb2c69fe86e6afe5cdba)
C:\Program Files\Rising\Rfw\PngDll.dll (264816 bytes) (Beijing Rising Information Technology Co., Ltd.) (9e066ad3fcedfbed7022414922f91dcb)
E:\QQ\Bin\Common.dll (2217336 bytes) (Tencent) (ba750ed97baff868a5cbb97c1674dd8c)

E:\QQ\Bin\KernelUtil.dll (599416 bytes) (Tencent) (62de1237f09e084e20842cac8ff4927b)
E:\QQ\Bin\GF.dll (2745720 bytes) (Tencent) (f89579d4e3cc3f14299639253809432f)
E:\QQ\Bin\xGraphic32.dll (75128 bytes) (Tencent) (8622bbfffd6a08c8c6a624f719085bb0)
E:\QQ\Bin\AppUtil.dll (976248 bytes) (Tencent) (02762b8e75d3d9f396f8355c03091be5)
E:\QQ\Bin\AFUtil.dll (320888 bytes) (Tencent) (2571ebc9068d6fdddd9a5b65eb0e88c3)
E:\QQ\Bin\AppFramework.dll (1840504 bytes) (Tencent) (9115c969b64efd322d5d49b933244a44)
E:\QQ\Bin\MainFrame.dll (1856888 bytes) (Tencent) (1b2f55ac009f5a8286b8a8686d371ce3)
E:\QQ\Bin\AFCtrl.dll (1885560 bytes) (Tencent) (23c8247840ee54c47cd2a381735bac2c)
E:\QQ\Bin\MSVCP60.dll (406960 bytes) (Microsoft Corporation) (939b64be2088c05e73e0ef0fecd34369)
E:\QQ\Bin\IM.dll (3843448 bytes) (Tencent) (c25b836e0ab8f12acbe3b48906758983)
E:\QQ\Bin\TaskTray.dll (275832 bytes) (Tencent) (d20c48f7a1252a02704f3d99ea65b30b)
E:\QQ\Bin\TXPFProxy.dll (30072 bytes) (Tencent) (7b95740746a920fbf7577d4ca54ba851)
E:\QQ\Plugin\Com.Tencent.QQShow\Bin\FlashAvatarDll.dll (136568 bytes) (Tencent) (f9e27c6c21dab7f7be030a404a121576)
E:\QQ\Bin\KernelMisc.dll (329080 bytes) (Tencent) (c789264b573822fd6fa37d08d3b1408e)
E:\QQ\Bin\AppMisc.dll (1623416 bytes) (Tencent) (c5f133b2e9113961ba9f29fc718ca007)
E:\QQ\Bin\ChatFrame.dll (1246584 bytes) (Tencent) (5e9a236660ebc0959ac3996ba6a7e05f)
E:\QQ\Bin\ConfigCenter.dll (718200 bytes) (Tencent) (ad8105a212d51560a6a6bfe2a3a52d83)
E:\QQ\Bin\CustomFace.dll (951672 bytes) (Tencent) (adc051c2c3eab481004efe0832b27308)
E:\QQ\Bin\LongCnn.dll (963960 bytes) (Tencent) (a65a763c199cea0fab686948dc460453)
E:\QQ\Bin\ContactInfoFrame.dll (812408 bytes) (Tencent) (b85c942b29d76669821eb10a06433e87)
E:\QQ\Bin\MsgMgr.dll (1070456 bytes) (Tencent) (a9d9246b45ca6234030c8ad8512e5f81)
E:\QQ\Bin\SkinMgr.dll (460152 bytes) (Tencent) (8512e568bc74a9c5ff8517bbfbf3614b)
E:\QQ\Bin\QInterLive.dll (111992 bytes) (Tencent) (7b318a806eea8e53c07511887ebd24a5)
E:\QQ\Bin\SystemMsg.dll (513400 bytes) (Tencent) (a8d2c277a1d26366f5470489a5598e7b)
E:\QQ\Plugin\Com.Tencent.PaiPai\Bin\PaiPai.dll (1185144 bytes) (Tencent) (d1884c7b2ce6885791ac45504b8fcfdd)
E:\QQ\Plugin\Com.Tencent.AudioVideo\Bin\AudioVideo.dll (1394040 bytes) (Tencent) (e51a0900e73d5d4616861cb5e578ca89)
E:\QQ\Plugin\Com.Tencent.MMOG\Bin\MMOG.dll (341368 bytes) (Tencent) (00b063ecd0364ab04fc829c2b334a20c)
E:\QQ\Plugin\Com.Tencent.Soso\Bin\Soso.dll (464248 bytes) (Tencent) (16ee68e526e88cc25f04a50d3c396004)
E:\QQ\Plugin\Com.Tencent.Qzone\Bin\Qzone.dll (927096 bytes) (Tencent) (6be36e5053250e09e276144830be0d21)
E:\QQ\Plugin\Com.Tencent.Weather\Bin\Weather.dll (214392 bytes) (Tencent) (e5fc0748eeb14c3231a61640f6bcf00b)
E:\QQ\Plugin\Com.Tencent.SoBar\Bin\SoBar.dll (107896 bytes) (Tencent) (5c7695f1ca2310bfc3f21d7318668a26)
E:\QQ\Plugin\Com.Tencent.PaiPaiGift\Bin\PaiPaiGift.dll (304504 bytes) (Tencent) (cc88cd02e3c93442af31ebbdb2ac2c95)
E:\QQ\Plugin\Com.Tencent.QQLive\Bin\QQLive.dll (107896 bytes) (Tencent) (33d52174ce71ec69abfa5e1c4e975099)
E:\QQ\Plugin\Com.Tencent.QQMusic\Bin\QQMusic.dll (353656 bytes) (Tencent) (d49ceb3ea9fe10efc788447e1fab7488)
E:\QQ\Plugin\Com.Tencent.taotao\Bin\Taotao.dll (120184 bytes) (Tencent) (0ef7d8da4e3f59ec502ae2565e04ad1f)
E:\QQ\Bin\BasicCtrlDll.dll (456168 bytes) (TENCENT) (ee13b0d404d19b16670c30a566ebd6b7)
C:\Program Files\Common Files\Tencent\TXSSO\Bin\SSOPlatform.dll (584880 bytes) (Tencent) (ce1c1a22ecb2e5310c210123c045fc7d)
C:\Program Files\Common Files\Tencent\TXSSO\Bin\SSOCommon.DLL (1496440 bytes) (Tencent) (3b06f791efd217f4c85c66e779f1c296)
E:\QQ\Bin\RICHED20.dll (965400 bytes) (Microsoft Corporation) (450013df2b53104a350b43e835f41dd3)
E:\QQ\Bin\GroupApp.dll (1160568 bytes) (Tencent) (8552b10c9fbd71981c3e8e70ced37960)
E:\QQ\Plugin\com.tencent.snsapp\Bin\SNSApp.dll (398712 bytes) (Tencent) (8303fe30bae90ab3e330e7a3e4bd1deb)
E:\QQ\Plugin\com.tencent.paycenter\Bin\PayCenter.dll (251256 bytes) (Tencent) (b50fd3714f6ae2fb7a97b3aecf5af61e)
E:\QQ\Plugin\com.tencent.qbar\Bin\QBar.dll (144760 bytes) (Tencent) (b15f2474fb206cc6c9d60a00c9c0adf8)
E:\QQ\Plugin\com.tencent.qqvipmisc\Bin\QQVipMisc.dll (173432 bytes) (Tencent) (0921aa01fe26e89850ea4a6436933c19)
E:\QQ\Plugin\com.tencent.wenwen\Bin\WenWen.dll (263544 bytes) (Tencent) (4d8f162429039c09bc928fd4abbf7d38)
E:\QQ\Bin\Contacts.dll (374136 bytes) (Tencent) (ec8757e6147e008f899edaf7705df058)
E:\QQ\Plugin\com.tencent.netbar\Bin\NetBar.dll (99704 bytes) (Tencent) (04ad8f544b958b5a5afc12f0778b2697)
E:\QQ\Plugin\com.tencent.vas\Bin\VAS.dll (206200 bytes) (Tencent) (cf4f2880cb8caa07f3edd581b7bba241)
E:\QQ\Plugin\com.tencent.wireless\Bin\Wireless.dll (623992 bytes) (Tencent) (ce979ef3ab70740cd3694d0b02945b0c)
E:\QQ\Plugin\com.tencent.qqshow\Bin\QQShow.dll (853368 bytes) (Tencent) (f8c9ae84ed92decd87ff199833512c88)
E:\QQ\Plugin\com.tencent.crm\Bin\CRM.dll (263544 bytes) (Tencent) (5e64475afe9a059f87243d05c03d85bf)
E:\QQ\Bin\InformationBox.dll (689528 bytes) (Tencent) (63c6f334f5b4c6bc1b8bb4b7f6cf63b9)
E:\QQ\Plugin\com.tencent.qqgame\Bin\QQGame.dll (460152 bytes) (Tencent) (afdfc28de8db2ae51f064f19163f5b45)
E:\QQ\Plugin\com.tencent.qqpet\Bin\QQPet.dll (263544 bytes) (Tencent) (28eee57cd0864b5743ca109d1afa8b34)
E:\QQ\Plugin\com.tencent.mail\Bin\Mail.dll (234872 bytes) (Tencent) (b0491751f98e4b0a0d1af7441bebc077)
E:\QQ\Plugin\com.tencent.qqvip\Bin\QQVip.dll (316792 bytes) (Tencent) (e5acfbbaea8a6e54a7e0c5ca05fd6581)
E:\QQ\Plugin\com.tencent.filetransfer\Bin\FileTransfer.dll (836984 bytes) (Tencent) (251db820420fb2a3fb10c20da91122da)
C:\WINDOWS\system32\Macromed\Flash\Flash10h.ocx (5703120 bytes) (Adobe Systems, Inc.) (badd86fbfc57096f5b31a94fab99eaec)
E:\QQ\Plugin\com.tencent.memo\Bin\Memo.dll (382328 bytes) (Tencent) (475b84fa2385ddec09cdaf06a4ebbafc)
E:\QQ\Plugin\com.tencent.advertisement\Bin\Advertisement.dll (451960 bytes) (Tencent) (6e5f24abbbd46ac1c3b8b0f926baa1e7)
E:\QQ\Plugin\com.tencent.today\Bin\Today.dll (136568 bytes) (Tencent) (905c8537bb780c08f8cb8d3b2b0b166e)
E:\QQ\Plugin\com.tencent.qqring\Bin\QQRing.dll (255352 bytes) (Tencent) (95173466b5c085eb4f0905cfb14376f4)
E:\QQ\Plugin\com.tencent.qqwebsite\Bin\QQWebsite.dll (177528 bytes) (Tencent) (3c14c4d69b43cfe134559cc605afdf9a)
C:\Program Files\Rising\Rav\RavScrCh.dll (109208 bytes) (Beijing Rising Information Technology Co., Ltd.) (53c55f2e5126bcac48a5ee6a97aa1ec2)
E:\QQ\Bin\AddrSearch.dll (99656 bytes) (Tencent) (8dd2679d40ffb5e183004667c42ff97a)
E:\QQ\Plugin\com.tencent.gamelife\Bin\GameLife.dll (251256 bytes) (Tencent) (4a89db2eec7c11b8b5bf7f41b9cd6adb)
E:\QQ\Bin\Camera.dll (230776 bytes) (Tencent) (ebd83fb52466b140dd3a0a22f53a549d)
E:\QQ\Bin\SCCore.dll (312696 bytes) (Tencent) (b63767c10ea2ce9e28fb6ce8f927f16f)
E:\TT\bin\TTUtilWidget.dll (929656 bytes) (Tencent) (cec0248424d9f4501e090a585d976d1c)
E:\TT\bin\ATL80.DLL (101240 bytes) (Microsoft Corporation) (e952d298c9f1b93cb6f528c0a9088339)
E:\TT\bin\MSVCP80.dll (554360 bytes) (Microsoft Corporation) (d493183daf2db5871111860a3b56031f)
E:\TT\bin\MSVCR80.dll (632184 bytes) (Microsoft Corporation) (7312976b850d74d45ec9a7ed4f429618)
E:\TT\bin\detoured.dll (26072 bytes) (Microsoft Corporation) (68ac90857892e652fa0537e8f6f14f19)
E:\TT\bin\PlatformWidget.dll (155512 bytes) (Tencent) (1a1d35654b4e31edf4384b7c4abe6bf4)
E:\TT\bin\TTMainFrame.dll (1778040 bytes) (Tencent) (bec566ab683154f3c36e7a0285c93864)
E:\TT\bin\TTMBrowser.dll (605560 bytes) (Tencent) (b89bf34239a90b6071c527cfc69f8932)
E:\TT\bin\TTabMgr.dll (212344 bytes) (Tencent) (9ee6ef08a7289cf33259d772b3b586ff)
E:\TT\bin\TTStore.dll (313720 bytes) (Tencent) (ccfa184df3179d5329535db6835632a2)
E:\TT\bin\TTSkin.dll (322936 bytes) (Tencent) (3fb072759733967b2b1fe50d48ca2317)
E:\TT\bin\vbscript.dll (419192 bytes) (Microsoft Corporation) (7a273dec57c58fab239fa53f03ab0b0d)
E:\TT\bin\TTPluginMng.dll (151928 bytes) (Tencent) (8e36ae7ddad405579936319d3159c140)
E:\TT\Plugins\3TTWeather\TTWeather.dll (622592 bytes) (Tencent) (626c34ed98050d55a824f29bc03a866a)
E:\TT\bin\TTSidebar.dll (225144 bytes) (Tencent) (dfb2d19868afb868e79c18bdda7a9d03)
E:\TT\bin\FavoriteLogical.dll (667000 bytes) (Tencent) (5fde032aa2c13a86206741a0093a8b10)
E:\TT\bin\sqlite3.dll (338544 bytes) (Unknown) (d20daf227e7861c2981630e78c213df7)
E:\TT\bin\TTFilter.dll (100216 bytes) (Tencent) (c31b0803abefad2db755f89f156421b6)
E:\TT\bin\TTNetwork.dll (231800 bytes) (Tencent) (7d15861fbea850cfa6a8072a97ed0b76)
C:\Program Files\Internet Explorer\ieproxy.dll (247808 bytes) (Microsoft Corporation) (5696576e4e717efc67fcb62953800064)
E:\TT\bin\TSupport.dll (91512 bytes) (TENCENT Inc.) (5e651390f652027a3ed8e7d3f6ad1de0)
C:\WINDOWS\system32\WBJJU.IME (245760 bytes) (北京六合源软件技术有限公司) (982894d6e84f5a5dadc4cf410b2e1c1f)
C:\WINDOWS\system32\WbCodeU.dll (339968 bytes) (Unknown) (6d5318a785f9f28bbeb1bc31576fef24)
C:\WINDOWS\system32\mscoree.dll (282112 bytes) (Microsoft Corporation) (c99248b969a799b771f484cd68bcb96e)
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll (46592 bytes) (Microsoft Corporation) (9a2d686c89acc36e3aa7cde3d1c45c1a)
C:\WINDOWS\system32\l3codeca.acm (307260 bytes) (Fraunhofer Institut Integrierte Schaltungen IIS) (d7d3d561511b1d363fe9bae01122e2d6)
C:\WINDOWS\system32\Audiodev.dll (484352 bytes) (Microsoft Corporation) (d56ea61a4265c0cd19764ed7b13c4b30)

[+] 注册表启动项

数值名称: IMJPMIG8.1
数值数据: "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
注册表项: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

数值名称: PHIME2002ASync
数值数据: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
注册表项: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

数值名称: PHIME2002A
数值数据: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
注册表项: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

数值名称: SigmatelSysTrayApp
数值数据: stsystra.exe
注册表项: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

数值名称: NvCplDaemon
数值数据: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
注册表项: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

数值名称: NvMediaCenter
数值数据: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
注册表项: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

数值名称: StormCodec_Helper
数值数据: "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
注册表项: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

数值名称: IMSCMig
数值数据: C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
注册表项: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

数值名称: runeip
数值数据: "C:\Program Files\Rising\AntiSpyware\rstray.exe" /startup
注册表项: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

数值名称: RavTray
数值数据: "C:\Program Files\Rising\Rav\RsTray.exe" -system
注册表项: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

数值名称: RFWTray
数值数据: "C:\Program Files\Rising\Rfw\RsTray.exe" -system
注册表项: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

数值名称: TkBellExe
数值数据: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
注册表项: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

数值名称: ctfmon.exe
数值数据: C:\WINDOWS\system32\ctfmon.exe
注册表项: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

数值名称: msnmsgr
数值数据: "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
注册表项: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

数值名称: StubPath
数值数据: C:\WINDOWS\system32\ieudinit.exe
注册表项: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}

数值名称: StubPath
数值数据: C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
注册表项: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}

数值名称: StubPath
数值数据: "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
注册表项: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}

数值名称: StubPath
数值数据: %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
注册表项: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}

数值名称: StubPath
数值数据: %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
注册表项: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}

数值名称: StubPath
数值数据: "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
注册表项: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}

数值名称: StubPath
数值数据: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
注册表项: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}

数值名称: StubPath
数值数据: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
注册表项: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}

数值名称: StubPath
数值数据: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub
注册表项: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}

数值名称: StubPath
数值数据: "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
注册表项: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}

数值名称: StubPath
数值数据: regsvr32.exe /s /n /i:U shell32.dll
注册表项: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}

数值名称: StubPath
数值数据: C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
注册表项: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}

数值名称: StubPath
数值数据: C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
注册表项: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}

数值名称: SecurityProviders
数值数据: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
注册表项: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders

数值名称: SCRNSAVE.EXE
数值数据: C:\WINDOWS\System32\logon.scr
注册表项: HKEY_CURRENT_USER\Control Panel\Desktop

数值名称: Shell
数值数据: Explorer.exe
注册表项: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

数值名称: Userinit
数值数据: C:\WINDOWS\system32\userinit.exe,
注册表项: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

数值名称: UIHost
数值数据: logonui.exe
注册表项: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

数值名称: VmApplet
数值数据: rundll32 shell32,Control_RunDLL "sysdm.cpl"
注册表项: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

数值名称: {3049C3E9-B461-4BC5-8870-4C09146192CA}
数值数据: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
注册表项: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}

数值名称: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B}
数值数据: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
注册表项: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}

数值名称: {9030D464-4C02-4ABF-8ECC-5164760863C6}
数值数据: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
注册表项: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}

数值名称: {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8}
数值数据: C:\WINDOWS\system32\UrlFilter.dll
注册表项: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98B7C13A-E9CD-4959-8B46-FBEAB41E42A8}

数值名称: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}
数值数据: C:\Program Files\Windows Live\Toolbar\wltcore.dll
注册表项: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}

[+] 其他启动方式

数值名称: PostBootReminder
数值数据: %SystemRoot%\system32\SHELL32.dll
CLSID: {7849596a-48ea-486e-8937-a2a3009f31a9}
注册表项: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

数值名称: CDBurn
数值数据: %SystemRoot%\system32\SHELL32.dll
CLSID: {fbeb8a05-beee-4442-804e-409d6c4515e9}
注册表项: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

数值名称: WebCheck
数值数据: C:\WINDOWS\system32\webcheck.dll
CLSID: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
注册表项: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

数值名称: SysTray
数值数据: C:\WINDOWS\system32\stobject.dll
CLSID: {35CEC8A3-2BE6-11D2-8773-92E220524153}
注册表项: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

数值名称:
数值数据: "%1" %*
注册表项: HKEY_CLASSES_ROOT\exefile\shell\open\command\

数值名称:
数值数据: "%1" %*
注册表项: HKEY_CLASSES_ROOT\comfile\shell\open\command\

数值名称:
数值数据: "%1" %*
注册表项: HKEY_CLASSES_ROOT\batfile\shell\open\command\

数值名称:
数值数据: "%1" %*
注册表项: HKEY_CLASSES_ROOT\piffile\shell\open\command\

数值名称:
数值数据: "%1" /S
注册表项: HKEY_CLASSES_ROOT\scrfile\shell\open\command\

数值名称:
数值数据: C:\WINDOWS\system32\mshta.exe "%1" %*
注册表项: HKEY_CLASSES_ROOT\htafile\shell\open\command\

数值名称:
数值数据: %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
注册表项: HKEY_CLASSES_ROOT\Unknown\shell\openas\command\

数值名称:
数值数据: %SystemRoot%\Explorer.exe
注册表项: HKEY_CLASSES_ROOT\Directory\shell\find\command\

数值名称:
数值数据: %SystemRoot%\Explorer.exe /idlist,%I,%L
注册表项: HKEY_CLASSES_ROOT\Folder\shell\open\command\

数值名称:
数值数据: %SystemRoot%\Explorer.exe /e,/idlist,%I,%L
注册表项: HKEY_CLASSES_ROOT\Folder\shell\explore\command\

数值名称:
数值数据: %SystemRoot%\Explorer.exe
注册表项: HKEY_CLASSES_ROOT\Drive\shell\find\command\

数值名称:
数值数据: "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1
注册表项: HKEY_CLASSES_ROOT\Applications\iexplore.exe\shell\open\command\

数值名称:
数值数据: C:\Program Files\Internet Explorer\iexplore.exe
注册表项: HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\

数值名称: DllName
数值数据: crypt32.dll
注册表项: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain

数值名称: DllName
数值数据: cryptnet.dll
注册表项: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet

数值名称: DLLName
数值数据: cscdll.dll
注册表项: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll

数值名称: DLLName
数值数据: wlnotify.dll
注册表项: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp

数值名称: DllName
数值数据: wlnotify.dll
注册表项: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule

数值名称: DllName
数值数据: sclgntfy.dll
注册表项: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy

数值名称: DLLName
数值数据: WlNotify.dll
注册表项: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn

数值名称: DllName
数值数据: wlnotify.dll
注册表项: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv

数值名称: DLLName
数值数据: wlnotify.dll
注册表项: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon

数值名称:
数值数据: shell32.dll
CLSID: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
注册表项: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

数值名称: Browseui 预加载程序
数值数据: %SystemRoot%\system32\browseui.dll
CLSID: {438755C2-A8BA-11D1-B96B-00A0C90312E1}
注册表项: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler

数值名称: 组件类别缓存程序
数值数据: %SystemRoot%\system32\browseui.dll
CLSID: {8C7461EF-2B13-11d2-BE35-3078302C2030}
注册表项: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler

数值名称: midi
数值数据: wdmaud.drv
注册表项: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Drivers32

数值名称: Windows
数值数据: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
注册表项: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems

数值名称: AlternateShell
数值数据: cmd.exe
注册表项: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot

数值名称: Debugger
数值数据: ntsd -d
注册表项: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path


[+] 启动文件夹

C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\desktop.ini (84 bytes) (Unknown) (d6a6856702e3f0953e7246a9b4a9fe35)
C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk (467 bytes) (Unknown) (b6016ee18d82333f4e52c3020dd321da)
C:\Documents and Settings\All Users\「开始」菜单\程序\启动\desktop.ini (84 bytes) (Unknown) (d6a6856702e3f0953e7246a9b4a9fe35)

[+] TCP/IP协议

[+] 自定义注册表键值转储


[+] Internet Explorer设置

数值名称: Start Page
数值数据: http://go.microsoft.com/fwlink/?LinkId=69157
注册表项: HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main

数值名称: Start Page
数值数据: about:blank
注册表项: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main

数值名称: Default_Search_URL
数值数据: http://go.microsoft.com/fwlink/?LinkId=54896
注册表项: HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main

数值名称: Search Page
数值数据: http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
注册表项: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main

数值名称: Search Page
数值数据: http://go.microsoft.com/fwlink/?LinkId=54896
注册表项: HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main

数值名称: Default_Page_URL
数值数据: http://go.microsoft.com/fwlink/?LinkId=69157
注册表项: HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main

数值名称: SearchAssistant
数值数据: http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
注册表项: HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search

数值名称: NavigationFailure
数值数据: res://ieframe.dll/navcancl.htm
注册表项: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs

数值名称: DesktopItemNavigationFailure
数值数据: res://ieframe.dll/navcancl.htm
注册表项: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs

数值名称: NavigationCanceled
数值数据: res://ieframe.dll/navcancl.htm
注册表项: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs

数值名称: OfflineInformation
数值数据: res://ieframe.dll/offcancl.htm
注册表项: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs

数值名称: Home
数值数据: 270
注册表项: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs

数值名称: blank
数值数据: res://mshtml.dll/blank.htm
注册表项: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs

数值名称: PostNotCached
数值数据: res://ieframe.dll/repost.htm
注册表项: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs

数值名称: InPrivate
数值数据: res://ieframe.dll/inprivate.htm
注册表项: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs

数值名称: NoAdd-ons
数值数据: res://ieframe.dll/noaddon.htm
注册表项: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs

数值名称: NoAdd-onsInfo
数值数据: res://ieframe.dll/noaddoninfo.htm
注册表项: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs

数值名称: SecurityRisk
数值数据: res://ieframe.dll/securityatrisk.htm
注册表项: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs

数值名称: Tabs
数值数据: res://ieframe.dll/tabswelcome.htm
注册表项: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs

数值名称: CheckExeSignatures
数值数据: yes
注册表项: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download


[+] Windows Firewall允许的程序

数值名称: %windir%\system32\sessmgr.exe
数值数据: %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
注册表项: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

数值名称: E:\TT\bin\TTLiveUpdate.exe
数值数据: E:\TT\bin\TTLiveUpdate.exe:*:Enabled:TT_TTLiveUpdate.exe
注册表项: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

数值名称: E:\TT\bin\TTraveler.exe
数值数据: E:\TT\bin\TTraveler.exe:*:Enabled:TT_TTraveler.exe
注册表项: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

数值名称: E:\TT\bin\TTCrashReport.exe
数值数据: E:\TT\bin\TTCrashReport.exe:*:Enabled:TT_TTCrashReport.exe
注册表项: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

数值名称: C:\Program Files\Tencent\QQSoftMgr\1.0.338.203\QQSoftMgr.exe
数值数据: C:\Program Files\Tencent\QQSoftMgr\1.0.338.203\QQSoftMgr.exe:*:Enabled:QQ软件管理
注册表项: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

数值名称: C:\Program Files\Tencent\QQSoftMgr\1.0.338.203\QQSoftMgrUpdater.exe
数值数据: C:\Program Files\Tencent\QQSoftMgr\1.0.338.203\QQSoftMgrUpdater.exe:*:Enabled:QQ软件管理在线更新
注册表项: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

数值名称: C:\Program Files\Tencent\QQSoftMgr\1.0.338.203\TencentUpdateSvc.exe
数值数据: C:\Program Files\Tencent\QQSoftMgr\1.0.338.203\TencentUpdateSvc.exe:*:Enabled:QQ软件管理更新服务
注册表项: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

数值名称: E:\QQ\Bin\QQ.exe
数值数据: E:\QQ\Bin\QQ.exe:*:Enabled:腾讯QQ2010
注册表项: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

数值名称: C:\Documents and Settings\Administrator\Local Settings\Temp\QQMusicInstall.exe
数值数据: C:\Documents and Settings\Administrator\Local Settings\Temp\QQMusicInstall.exe:*:Enabled:QQ音乐播放器
注册表项: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

数值名称: C:\Program Files\Rising\Rav\RavMonD.exe
数值数据: C:\Program Files\Rising\Rav\RavMonD.exe:*:Enabled:Rav Service
注册表项: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

数值名称: C:\Program Files\Rising\Rfw\RavMonD.exe
数值数据: C:\Program Files\Rising\Rfw\RavMonD.exe:*:Enabled:RFW Service
注册表项: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

数值名称: E:\QQMusic\QQGAME\QQGameDl.exe
数值数据: E:\QQMusic\QQGAME\QQGameDl.exe:*:Enabled:QQGameDl
注册表项: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

数值名称: C:\Program Files\Messenger\msmsgs.exe
数值数据: C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
注册表项: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

数值名称: C:\Program Files\Windows Live\Messenger\msnmsgr.exe
数值数据: C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
注册表项: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

数值名称: C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
数值数据: C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync
注册表项: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

数值名称: E:\QQMusic\QzoneMusic.exe
数值数据: E:\QQMusic\QzoneMusic.exe:*:Enabled:Qzone音乐播放控件3.0 Beta4
注册表项: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

数值名称: E:\QQMusic\QQMusic.exe
数值数据: E:\QQMusic\QQMusic.exe:*:Enabled:QQMusic
注册表项: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

数值名称: %windir%\system32\sessmgr.exe
数值数据: %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
注册表项: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List

数值名称: C:\Program Files\Windows Live\Messenger\msnmsgr.exe
数值数据: C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
注册表项: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List

数值名称: C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
数值数据: C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync
注册表项: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List

[+] Windows Firewall开放的端口


[+] Windows劫持

数值名称: DisableSR
数值数据: 1
注册表项: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\SystemRestore

数值名称: SFCDisable
数值数据: 0
注册表项: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

数值名称: FirstRunDisabled
数值数据: 1
注册表项: HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center

数值名称: AntiVirusDisableNotify
数值数据: 0
注册表项: HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center

数值名称: FirewallDisableNotify
数值数据: 0
注册表项: HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center

数值名称: UpdatesDisableNotify
数值数据: 0
注册表项: HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center

数值名称: AntiVirusOverride
数值数据: 0
注册表项: HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center

数值名称: FirewallOverride
数值数据: 0
注册表项: HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center

数值名称: EnableDCOM
数值数据: Y
注册表项: HKEY_LOCAL_MACHINE\Software\Microsoft\Ole

数值名称: Start
数值数据: 2
注册表项: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry

数值名称: EnableSecurityFilters
数值数据: 0
注册表项: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

数值名称: Wallpaper
数值数据: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
注册表项: HKEY_CURRENT_USER\Control Panel\Desktop

数值名称: OriginalWallpaper
数值数据: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
注册表项: HKEY_CURRENT_USER\Control Panel\Desktop

数值名称: ConvertedWallpaper
数值数据: E:\cc\壁纸\20070608_3a69bb46c81bd21738727JYlhXzKhIUX.jpg
注册表项: HKEY_CURRENT_USER\Control Panel\Desktop


[+] 临时文件夹中的可执行程序


[+] 可疑文件夹中的可执行程序

C:\Program Files\windows nt\hypertrm.exe (28160 bytes) (Hilgraeve, Inc.) (e71ddbd9bedbcd46995044f2bdf6e6ad)

[+] Internet Explorer文件夹中的可执行程序

C:\Program Files\Internet Explorer\ExtExport.exe (144384 bytes) (Microsoft Corporation) (44d37a87f00d8684ad907dae295f67fb)
C:\Program Files\Internet Explorer\iedvtool.dll (742912 bytes) (Microsoft Corporation) (bd3c4101b9340e697c9eb0c9c7c9fedf)
C:\Program Files\Internet Explorer\iexplore.exe.mui (12288 bytes) (Microsoft Corporation) (4eaf0ddc2158ca4aae6c18e98a246e45)
C:\Program Files\Internet Explorer\jsdbgui.dll (521216 bytes) (Microsoft Corporation) (33db6e706fd3a2271033c5d29b3d6f76)
C:\Program Files\Internet Explorer\jsdebuggeride.dll (121344 bytes) (Microsoft Corporation) (3494af094cfb1d1b9a3c1ce255492b6c)
C:\Program Files\Internet Explorer\JSProfilerCore.dll (118272 bytes) (Microsoft Corporation) (d68cc4e775420716b6abc4d188d5d316)
C:\Program Files\Internet Explorer\jsprofilerui.dll (233984 bytes) (Microsoft Corporation) (0f6a0675181d3ae76755986f3bf9e598)
C:\Program Files\Internet Explorer\pdm.dll (355832 bytes) (Microsoft Corporation) (3ca2dfd1ee857cde7dccf4235f52d142)
C:\Program Files\Internet Explorer\sqmapi.dll (134144 bytes) (Microsoft Corporation) (5eb87ba0b93ca7e894fc8002e3ce4c2a)
C:\Program Files\Internet Explorer\xpshims.dll (12800 bytes) (Microsoft Corporation) (91aa17d860c4903fa8d0d8c009a449f5)
C:\Program Files\Internet Explorer\ieproxy.dll (247808 bytes) (Microsoft Corporation) (5696576e4e717efc67fcb62953800064)
C:\Program Files\Internet Explorer\iecompat.dll (64000 bytes) (Microsoft Corporation) (c49bcadd185a78e548a7b87434dd5c26)

[+] 自定义文件列表

C:\WINDOWS\setdebug.exe (46352 bytes) (Microsoft Corporation) (afab870a40df457165c83896e546fe92)
C:\WINDOWS\stsystra.exe (282624 bytes) (SigmaTel, Inc.) (289bdc9e5681bd1be0fb871c460bd254)
C:\WINDOWS\system32\keystone.exe (425984 bytes) (Unknown) (94eb51915cf36b7f094501d40655b2a9)
C:\WINDOWS\system32\setver.exe (12141 bytes) (Unknown) (db3bd5aab4a9f3b9c4b772bdac84cdfb)
C:\WINDOWS\system32\taskman.exe (15360 bytes) (Microsoft Corporation) (005ab22c5d9123cc4840eb54ae521a51)
C:\WINDOWS\system32\migpwd.exe (51712 bytes) (Microsoft Corporation) (d6165edbaa5f3b26375a7eb511b12b70)
C:\WINDOWS\system32\ieudinit.exe (36864 bytes) (Microsoft Corporation) (06a0d051b6937cda3e38702494bbfc2a)
C:\WINDOWS\system32\nvappbar.exe (442368 bytes) (Unknown) (fbf363882470999ac2d47f25feacd559)
C:\WINDOWS\system32\nvcolor.exe (147456 bytes) (NVIDIA Corporation) (c3bce4508661cddba9f8ab9d9ca0341f)
C:\WINDOWS\system32\nvdspsch.exe (1339392 bytes) (Unknown) (eb7fe7d15c13240d46818a6dbe435a90)
C:\WINDOWS\system32\nwiz.exe (1617920 bytes) (Unknown) (bf40c88ceebd9ea8f5d1ec858d9cc92e)
C:\WINDOWS\system32\spupdsvc.exe (26144 bytes) (Microsoft Corporation) (3a61a08f543bde5b16d1c5dfcc04cc5b)
C:\WINDOWS\system32\cliconfg.exe (20480 bytes) (Microsoft Corporation) (0b2db679a23e6c3521e47ff808eeda92)
C:\WINDOWS\system32\tzchange.exe (46080 bytes) (Microsoft Corporation) (2273a67d52af485e87fd6aac2e8d6807)
C:\WINDOWS\system32\uwdf.exe (47104 bytes) (Microsoft Corporation) (31776e2f4809b2369ed901a45cda5b8a)
C:\WINDOWS\system32\wdfmgr.exe (38912 bytes) (Microsoft Corporation) (ab0a7ca90d9e3d6a193905dc1715ded0)
C:\WINDOWS\system32\NVUNINST.EXE (208896 bytes) (NVIDIA Corporation) (6cf47aca6a081d2bd3c4490f41533248)
C:\WINDOWS\system32\nvsvc32.exe (155715 bytes) (NVIDIA Corporation) (986d6666e076afd2b60acafd5b01a00f)
C:\WINDOWS\system32\nvudisp.exe (208896 bytes) (NVIDIA Corporation) (6cf47aca6a081d2bd3c4490f41533248)
C:\WINDOWS\system32\Hdaudpropshortcut.exe (61952 bytes) (Windows (R) Server 2003 DDK provider) (bdb806c747c5257b9919e1a64b2db67b)
C:\WINDOWS\system32\WISPTIS.EXE (189952 bytes) (Microsoft Corporation) (99783fa6bfeb23a5f97b4a8db36c8a39)
C:\WINDOWS\system32\msfeedssync.exe (13312 bytes) (Microsoft Corporation) (fee2ba1ad38f457f418e82ea30724053)
C:\WINDOWS\system32\MRT.exe (31971272 bytes) (Microsoft Corporation) (5b2ad4b9219f5f7bd3229f4c5a7cf013)
C:\WINDOWS\system32\clspack.exe (49424 bytes) (Microsoft Corporation) (1c702f5c05b8282895a4d191cadabc14)
C:\WINDOWS\system32\jdbgmgr.exe (15120 bytes) (Microsoft Corporation) (a091ee93b655989161335d033350b048)
C:\WINDOWS\system32\jview.exe (172304 bytes) (Microsoft Corporation) (9e8b8cab625584ec29320c644d5a959f)
C:\WINDOWS\system32\wjview.exe (171792 bytes) (Microsoft Corporation) (f4cdc83fcef266f203812c324b0441b6)
C:\WINDOWS\system32\kknative.exe (15776 bytes) (Beijing Rising Information Technology Co., Ltd.) (9a1fd816774015c88487cad5347c8601)
C:\WINDOWS\system32\bsmain.exe (237680 bytes) (Beijing Rising Information Technology Co., Ltd.) (7556055c51585b20814bd612b4fd04e3)
C:\WINDOWS\system32\icardagt.exe (622080 bytes) (Microsoft Corporation) (f7889fc13a627f8cfa92420a211b9d33)
C:\WINDOWS\system32\verclsid.exe (28672 bytes) (Microsoft Corporation) (32a71f37940de5997fbb8f7bf76bd246)
C:\WINDOWS\system32\TsWpfWrp.exe (26112 bytes) (Microsoft Corporation) (b534ac76bf7623f48a7200aa0bddae7d)
C:\WINDOWS\system32\WinFXDocObj.exe (208384 bytes) (Microsoft Corporation) (cb61f20255c666e59f076247203d8496)
C:\WINDOWS\system32\PresentationHost.exe (326160 bytes) (Microsoft Corporation) (d256d79648c57ad83fa203555c8acf05)

[+] Files created 30 days ago

C:\WINDOWS\system32\drivers\rsassist.sys (12056 bytes) (Beijing Rising Information Technology Co., Ltd.) (2010-4-9 下午 04:10:16) (----) (05dd1cd69a464f0c406d37f61aecb88c)
C:\WINDOWS\system32\drivers\RsNTGdi.sys (11320 bytes) (Beijing Rising Information Technology Co., Ltd.) (2010-4-26 下午 02:58:00) (----) (3b9cd45cb4f79635d4249bed6e111e34)
C:\WINDOWS\system32\drivers\HookHelp.sys (37912 bytes) (Beijing Rising Information Technology Co., Ltd.) (2010-4-9 下午 04:10:16) (----) (52217bc74e68476f9973d5b835c19c30)
C:\WINDOWS\system32\drivers\HookSys.sys (168472 bytes) (Beijing Rising Information Technology Co., Ltd.) (2010-4-9 下午 04:10:16) (----) (5637b354f4bc3cac78aff51e0378c1f7)
C:\WINDOWS\system32\drivers\HookCont.sys (15512 bytes) (Beijing Rising Information Technology Co., Ltd.) (2010-4-9 下午 04:10:18) (----) (fc3d73394f83eaa6bcd66559397bcc19)
C:\WINDOWS\system32\drivers\rfwbase.sys (19184 bytes) (Beijing Rising Information Technology Co., Ltd.) (2010-4-9 下午 05:32:32) (--A-) (0fec959ecbe25bea9fc83ffd5b9bb5f3)
C:\WINDOWS\system32\drivers\rfwarp.sys (27632 bytes) (Beijing Rising Information Technology Co., Ltd.) (2010-4-9 下午 05:32:32) (--A-) (275074f14f462a54c644005d9f41e8d5)
C:\WINDOWS\system32\drivers\BC.sys (24984 bytes) (Kingsoft Corporation) (2010-4-19 下午 10:51:18) (--A-) (8964a8f677a76a68609c67320dda6bc9)
C:\Program Files\Common Files\Real\Codecs\atrc.dll (122880 bytes) (Unknown) (2010-5-1 上午 03:07:24) (--A-) (e55574dca2b3434338185ce75616da7e)
C:\Program Files\Common Files\Real\Codecs\cook.dll (106496 bytes) (Unknown) (2010-5-1 上午 03:07:24) (--A-) (9244704334e6ca449953d646b67d6b75)
C:\Program Files\Common Files\Real\Codecs\raac.dll (589824 bytes) (Unknown) (2010-5-1 上午 03:07:24) (--A-) (0882b83b4012c59f3c6da9ade4834e6a)
C:\Program Files\Common Files\Real\Codecs\sipr.dll (167936 bytes) (Unknown) (2010-5-1 上午 03:07:24) (--A-) (413acd92b9c8e972c088e8ba5366ae36)
C:\Program Files\Common Files\Real\Codecs\drv1.dll (106496 bytes) (RealNetworks, Inc.) (2010-5-1 上午 03:07:26) (--A-) (97b508444be9fd71048e0c46be188938)
C:\Program Files\Common Files\Real\Codecs\drv2.dll (180224 bytes) (Unknown) (2010-5-1 上午 03:07:26) (--A-) (95fb40daaf727f6375532cb59093b16b)
C:\Program Files\Common Files\Real\Codecs\drvc.dll (286720 bytes) (Unknown) (2010-5-1 上午 03:07:26) (--A-) (972fca42ed1c70a42d4b97b2ea9288ab)
C:\Program Files\Common Files\Real\Codecs\rv10.dll (86016 bytes) (RealNetworks, Inc.) (2010-5-1 上午 03:07:26) (--A-) (6202f3631bd610757bc8dd04b0484a62)
C:\Program Files\Common Files\Real\Codecs\rv20.dll (86016 bytes) (Unknown) (2010-5-1 上午 03:07:26) (--A-) (1661fffb928b550a9dc758444cc70964)
C:\Program Files\Common Files\Real\Codecs\rv30.dll (86016 bytes) (Unknown) (2010-5-1 上午 03:07:26) (--A-) (d5ec079b8e3464bb4a8cc531406bb5c1)
C:\Program Files\Common Files\Real\Codecs\rv40.dll (86016 bytes) (Unknown) (2010-5-1 上午 03:07:26) (--A-) (7d454263e8fbbcf74de82e99f897c244)
C:\Program Files\Common Files\Real\Codecs\evrc.dll (86016 bytes) (Unknown) (2010-5-1 上午 03:07:28) (--A-) (e8a5d2a13e5ca2a480448a685dbc373e)
C:\Program Files\Common Files\Real\Codecs\ralf.dll (155648 bytes) (Unknown) (2010-5-1 上午 03:07:28) (--A-) (4346cea6f5702f5b01b6f6326a99e86a)
C:\Program Files\Common Files\Real\Codecs\mp4v.dll (86016 bytes) (Unknown) (2010-5-1 上午 03:07:36) (--A-) (21fe931533c8d886c427c5418f01a682)
C:\Program Files\Common Files\Real\Codecs\dmp4.dll (212992 bytes) (Unknown) (2010-5-1 上午 03:07:36) (--A-) (a1faaf727683d4e07c4a36318e7b370a)
C:\Program Files\Common Files\Real\Codecs\avcq.dll (45056 bytes) (Unknown) (2010-5-1 上午 03:07:36) (--A-) (5f0e07c8a51ea99a2f80bca3101ab175)
C:\Program Files\Common Files\Real\Codecs\amrn.dll (204800 bytes) (Unknown) (2010-5-1 上午 03:07:36) (--A-) (12681120804ef3d67ea8a7812d5c609f)
C:\Program Files\Common Files\Real\Codecs\amrw.dll (110592 bytes) (Unknown) (2010-5-1 上午 03:07:36) (--A-) (3a50ee4bcea50edf4bad85e27214d0f9)
C:\Program Files\Common Files\Real\Codecs\qclp.dll (118784 bytes) (Unknown) (2010-5-1 上午 03:07:36) (--A-) (2c7b1e488ed674b3695eaeea80a7e1be)
C:\Program Files\Common Files\Real\Codecs\colorcvt.dll (548919 bytes) (Unknown) (2010-5-1 上午 03:08:12) (--A-) (dd19636e2650eaff14c54ea2d4de1789)
C:\Program Files\Common Files\Real\Plugins\authmgr.dll (45056 bytes) (Unknown) (2010-5-1 上午 03:04:46) (--A-) (1cf55ba8575094f72347bc861f36a231)
C:\Program Files\Common Files\Real\Plugins\cdda3260.dll (17408 bytes) (RealNetworks, Inc.) (2010-5-1 上午 03:04:46) (--A-) (61187bfa13a999b3a1a70bace0125f2a)
C:\Program Files\Common Files\Real\Plugins\clbascauth.dll (25088 bytes) (Unknown) (2010-5-1 上午 03:04:46) (--A-) (90ac0a6f1514c87027f7aa03ab1404a7)
C:\Program Files\Common Files\Real\Plugins\httpfsys.dll (204800 bytes) (Unknown) (2010-5-1 上午 03:04:46) (--A-) (3a1efaa6209d6fc742d8fde651685eae)
C:\Program Files\Common Files\Real\Plugins\hxsdp.dll (49152 bytes) (Unknown) (2010-5-1 上午 03:04:46) (--A-) (a5c084f4dd3437605f83279f0ca4a130)
C:\Program Files\Common Files\Real\Plugins\memfsys.dll (86016 bytes) (Unknown) (2010-5-1 上午 03:04:46) (--A-) (2c7697c68d67bd576175506bd921820d)
C:\Program Files\Common Files\Real\Plugins\ntlmauth.dll (29184 bytes) (Unknown) (2010-5-1 上午 03:04:46) (--A-) (787bc31510365556300bfc47b880d9ea)
C:\Program Files\Common Files\Real\Plugins\pacplin.dll (364544 bytes) (Unknown) (2010-5-1 上午 03:04:46) (--A-) (dc546e249d4b21cdc1af041011f1e488)
C:\Program Files\Common Files\Real\Plugins\plusplin.dll (73728 bytes) (Unknown) (2010-5-1 上午 03:04:46) (--A-) (53d1f560688dadc577d0791e6b3d9613)
C:\Program Files\Common Files\Real\Plugins\pxcb3210.dll (24064 bytes) (RealNetworks, Inc.) (2010-5-1 上午 03:04:46) (--A-) (1295175517ebba8154430f176a8c7a85)
C:\Program Files\Common Files\Real\Plugins\ramfformat.dll (32256 bytes) (Unknown) (2010-5-1 上午 03:04:46) (--A-) (77ac64b9bc84879ff7fc600693829208)
C:\Program Files\Common Files\Real\Plugins\ramrender.dll (77824 bytes) (Unknown) (2010-5-1 上午 03:04:46) (--A-) (4625f20eb846c55ced2bd0c99d7ff23f)
C:\Program Files\Common Files\Real\Plugins\rmfformat.dll (184320 bytes) (Unknown) (2010-5-1 上午 03:04:46) (--A-) (56b5c86242188c196bcaa2166a005087)
C:\Program Files\Common Files\Real\Plugins\rn5auth.dll (53248 bytes) (Unknown) (2010-5-1 上午 03:04:46) (--A-) (97db57121dab0cb077470132422fccf1)
C:\Program Files\Common Files\Real\Plugins\smlfformat.dll (61440 bytes) (Unknown) (2010-5-1 上午 03:04:46) (--A-) (ee003fe0eaca9def495cc9ede15e1963)
C:\Program Files\Common Files\Real\Plugins\smlrender.dll (520192 bytes) (Unknown) (2010-5-1 上午 03:04:46) (--A-) (7c36c3243272a7c233932f31eff4850f)
C:\Program Files\Common Files\Real\Plugins\smmrender.dll (61440 bytes) (Unknown) (2010-5-1 上午 03:04:46) (--A-) (757939875f2803f2d6fd07960e0b6616)
C:\Program Files\Common Files\Real\Plugins\vidsite.dll (380928 bytes) (Unknown) (2010-5-1 上午 03:04:46) (--A-) (f34334e4ad03a9729b428c95d811fe00)
C:\Program Files\Common Files\Real\Plugins\smplfsys.dll (86016 bytes) (Unknown) (2010-5-1 上午 03:04:46) (--A-) (796b0623bf94db5b0f41d7770af3739e)
C:\Program Files\Common Files\Real\Plugins\zipf3260.dll (167936 bytes) (RealNetworks, Inc.) (2010-5-1 上午 03:04:46) (--A-) (0b913156eea6f6a47049971064218326)
C:\Program Files\Common Files\Real\Plugins\clntxres.dll (44032 bytes) (Unknown) (2010-5-1 上午 03:04:46) (--A-) (535d3ad0633630fedfbe0bde7b971f26)
C:\Program Files\Common Files\Real\Plugins\vsrcplin.dll (131072 bytes) (Unknown) (2010-5-1 上午 03:04:46) (--A-) (8c56d768e32120399c2c7a835f7e47ef)
C:\Program Files\Common Files\Real\Plugins\vsrlocal.dll (122880 bytes) (Unknown) (2010-5-1 上午 03:04:46) (--A-) (c829899759440a3c74bd71f585b36efe)
C:\Program Files\Common Files\Real\Plugins\rarender.dll (159744 bytes) (Unknown) (2010-5-1 上午 03:07:24) (--A-) (6ca29e844f3021d4aaffb8cdab2e5e9d)
C:\Program Files\Common Files\Real\Plugins\rvrender.dll (159744 bytes) (Unknown) (2010-5-1 上午 03:07:26) (--A-) (282aeda0ce0161e6bb5b692bc44955d6)
C:\Program Files\Common Files\Real\Plugins\imaprender.dll (53248 bytes) (Unknown) (2010-5-1 上午 03:07:26) (--A-) (cf1631fbaaf3c9796c5476a6edc8b645)
C:\Program Files\Common Files\Real\Plugins\swfformat.dll (114688 bytes) (Unknown) (2010-5-1 上午 03:07:26) (--A-) (6b64e75998e7bc01521b9ffe872c0b2a)
C:\Program Files\Common Files\Real\Plugins\swfrender.dll (630784 bytes) (Unknown) (2010-5-1 上午 03:07:26) (--A-) (a8b0d0ff668f848955d0d6af3ec8bb52)
C:\Program Files\Common Files\Real\Plugins\rtfformat.dll (114688 bytes) (Unknown) (2010-5-1 上午 03:07:28) (--A-) (fdd7d620845cc478494dbfbcbbb4db0e)

C:\Program Files\Common Files\Real\Plugins\rtrender.dll (135168 bytes) (Unknown) (2010-5-1 上午 03:07:28) (--A-) (c62965109c3b789bb0b95671413bd618)
C:\Program Files\Common Files\Real\Plugins\imgrender.dll (512000 bytes) (Unknown) (2010-5-1 上午 03:07:28) (--A-) (84b3c4a00e0a7524df429050ef2a5b4d)
C:\Program Files\Common Files\Real\Plugins\qcpfformat.dll (36864 bytes) (Unknown) (2010-5-1 上午 03:07:28) (--A-) (d6b6f3c9bf9eea27647b61a9d765abe1)
C:\Program Files\Common Files\Real\Plugins\sdpplin.dll (49152 bytes) (Unknown) (2010-5-1 上午 03:07:34) (--A-) (cc7023288d1677aca85360978d1d5685)
C:\Program Files\Common Files\Real\Plugins\mp3fformat.dll (53248 bytes) (Unknown) (2010-5-1 上午 03:07:34) (--A-) (b1c7212274e9a937ce8b7e1b65df1bd2)
C:\Program Files\Common Files\Real\Plugins\mp3render.dll (163840 bytes) (Unknown) (2010-5-1 上午 03:07:34) (--A-) (71260ae39551a003622708cdfc186620)
C:\Program Files\Common Files\Real\Plugins\mp3metaff.dll (69632 bytes) (Unknown) (2010-5-1 上午 03:07:34) (--A-) (d10d433cd4ab0b7644e83d47a30a19bc)
C:\Program Files\Common Files\Real\Plugins\stubdrm.dll (17920 bytes) (Unknown) (2010-5-1 上午 03:07:36) (--A-) (6c53340f5662ec381894fa748c836eaa)
C:\Program Files\Common Files\Real\Plugins\ravemgr.dll (548864 bytes) (Unknown) (2010-5-1 上午 03:07:36) (--A-) (2f78c7e11d4ae97f0ed4051f12c209f1)
C:\Program Files\Common Files\Real\Plugins\hxxml.dll (90112 bytes) (Unknown) (2010-5-1 上午 03:07:36) (--A-) (aacc077f186b1d945792febafe4dba94)
C:\Program Files\Common Files\Real\Plugins\mp4arender.dll (135168 bytes) (Unknown) (2010-5-1 上午 03:07:36) (--A-) (4bbdf710a614fdc64bfe95bd610f05e5)
C:\Program Files\Common Files\Real\Plugins\mp4fformat.dll (94208 bytes) (Unknown) (2010-5-1 上午 03:07:36) (--A-) (42f6331ec377f89b662b0f1f673d75db)
C:\Program Files\Common Files\Real\Plugins\mp4vrender.dll (151552 bytes) (Unknown) (2010-5-1 上午 03:07:36) (--A-) (953e7b4d23872487ad91756828b735ef)
C:\Program Files\Common Files\Real\Plugins\h263render.dll (126976 bytes) (Unknown) (2010-5-1 上午 03:07:36) (--A-) (8f3ad281fb588376ca6bbec2e24bf5fc)
C:\Program Files\Common Files\Real\Plugins\3gppttrenderer.dll (29184 bytes) (Unknown) (2010-5-1 上午 03:07:36) (--A-) (5d51f0267d8bdbaeaf73f632cab88d72)
C:\Program Files\Common Files\Real\Plugins\amrff.dll (36864 bytes) (Unknown) (2010-5-1 上午 03:07:36) (--A-) (9643090b0edf59452a702830999f891e)
C:\Program Files\Common Files\Real\Plugins\aacff.dll (77824 bytes) (Unknown) (2010-5-1 上午 03:07:36) (--A-) (ad99ca0fa66da89c18e4aad15e600546)
C:\Program Files\Common Files\Real\Plugins\flvff.dll (61440 bytes) (Unknown) (2010-5-1 上午 03:07:36) (--A-) (968da24926465b33295083fc80ed7e7b)
C:\Program Files\Common Files\Real\Plugins\flvrender.dll (307200 bytes) (Unknown) (2010-5-1 上午 03:07:36) (--A-) (6ff8806bd3cd58066a760d31b938ced1)
C:\Program Files\Common Files\Real\Plugins\wm9fformat.dll (172032 bytes) (Unknown) (2010-5-1 上午 03:07:36) (--A-) (e5e83de1f57502fddc5ae5f618c94dd4)
C:\Program Files\Common Files\Real\Plugins\wm9writer.dll (14848 bytes) (Unknown) (2010-5-1 上午 03:07:36) (--A-) (4ef04a4f6bc142ea3697fb611b48aac3)
C:\Program Files\Common Files\Real\Plugins\wmsechnd.dll (172032 bytes) (RealNetworks, Inc.) (2010-5-1 上午 03:07:36) (--A-) (5f6bcc0a49c2a84005350adc5e0a474c)
C:\Program Files\Common Files\Real\Plugins\recf3260.dll (19968 bytes) (RealNetworks, Inc.) (2010-5-1 上午 03:08:12) (--A-) (7c9d786706eeaf35d687bf158f30ad4d)
C:\Program Files\Common Files\Real\Plugins\cont3260.dll (73728 bytes) (RealNetworks, Inc.) (2010-5-1 上午 03:08:12) (--A-) (e19611117a82c501168757aae470c9d8)
C:\Program Files\Common Files\Real\Plugins\audplin.dll (135168 bytes) (Unknown) (2010-5-1 上午 03:08:12) (--A-) (16dfcb54b0682d2d2c568fc4416b0af6)
C:\Program Files\Common Files\Real\Plugins\vidplin.dll (176128 bytes) (Unknown) (2010-5-1 上午 03:08:12) (--A-) (f0b53a5f8c44c8fe57e8a402069057be)
C:\Program Files\Common Files\Real\Plugins\mpgfformat.dll (69632 bytes) (Unknown) (2010-5-1 上午 03:08:12) (--A-) (086c18bbf5002762b07a0e3d8ffce46e)
C:\Program Files\Common Files\Real\Plugins\mpgrender.dll (184320 bytes) (Unknown) (2010-5-1 上午 03:08:12) (--A-) (9d5b554e582374a7ce25cecc9af18b6a)
C:\Program Files\Common Files\Real\Plugins\mp4wrtr.dll (122880 bytes) (Unknown) (2010-5-1 上午 03:08:12) (--A-) (f4c1ba7bd01fb3872d1d8f1f85238298)
C:\Program Files\Common Files\Real\Plugins\rmwrtr.dll (278528 bytes) (Unknown) (2010-5-1 上午 03:08:12) (--A-) (643a898326e4a459eb9a73e62e628cfc)
C:\Program Files\Common Files\Real\Plugins\security.dll (30208 bytes) (RealNetworks, Inc.) (2010-5-1 上午 03:08:14) (--A-) (84430a3872762fd44ed7194bd3a6ad87)
C:\Program Files\Common Files\Real\Plugins\rmxrend.dll (90112 bytes) (RealNetworks, Inc.) (2010-5-1 上午 03:08:14) (--A-) (b60008bac5cff2cd221a9e94163e004e)
C:\Program Files\Common Files\Real\Plugins\rmxfpln.dll (35328 bytes) (RealNetworks, Inc.) (2010-5-1 上午 03:08:14) (--A-) (a8abc91343506ff4b3a96df32b313fb9)
C:\Program Files\Common Files\Real\Plugins\tfilesys.dll (57344 bytes) (RealNetworks, Inc.) (2010-5-1 上午 03:08:14) (--A-) (505824d5c29eb9c0a26521f0d1777aff)
C:\Program Files\Common Files\Real\Plugins\pdgenxferfsys.dll (65536 bytes) (RealNetworks, Inc.) (2010-5-1 上午 03:08:18) (--A-) (867e2d228bd528412bf0b379de0cabbd)
C:\Program Files\Common Files\Real\Plugins\ExtResources\coreres.xrs (28160 bytes) (RealNetworks, Inc. ) (2010-5-1 上午 03:04:46) (--A-) (d9445968d1c01210613ba89911325aa8)
C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe (222776 bytes) (RealNetworks, Inc.) (2010-5-1 上午 03:04:42) (--A-) (b9d76f208d0a8a6c9bff75b591c3e61f)
C:\Program Files\Common Files\Real\Update_OB\rnqu3270.dll (303104 bytes) (RealNetworks, Inc.) (2010-5-1 上午 03:04:42) (--A-) (29de56401151626edfec6c2729a13e36)