载入中…

 | 网站首页 | 文章中心 | 下载中心 | 图片中心 | 反木马论坛 |日志分析|样本上传|求助| | 

您现在的位置: 反木马在线 >> 文章中心 >> 木马查杀 >> 文章正文
RootKit.Win32.GameHack,Trojan.PSW木马清除手记
作者:佚名    文章来源:本站原创    点击数:    更新时间:2008-3-21

       用户SRE扫描日志:

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <RTHDCPL><RTHDCPL.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <Alcmtr><ALCMTR.EXE>  [(Verified)BEIJING RISING SCIENCE AND TECHNOLOGY CORPORATION LIMITED]
    <StartCCC><C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe>  []
    <runeip><"C:\Program Files\Rising\AntiSpyware\runiep.exe" /startup>  [Beijing Rising Technology Co., Ltd.]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [(Verified)"RealNetworks, Inc."]
    <Adobe Reader Speed Launcher><"F:\Adobe\Reader 8.0\Reader\Reader_sl.exe">  [(Verified)"Adobe Systems, Incorporated"]
    <RavTask><"F:\Rising\Rav\RavTask.exe" -system>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
    <RfwMain><"F:\Rising\Rfw\rfwmain.exe" -Startup>  [(Verified)BEIJING RISING SCIENCE AND TECHNOLOGY CORPORATION LIMITED]
    <LotusHlp><C:\WINDOWS\LotusHlp.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
    <Userinit><userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
    <{50632D5C-B71B-4ba0-B012-3DC6F15C011B}><C:\WINDOWS\system32\msosiocp.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [Microsoft Corporation]

==================================
启动文件夹
[HP Digital Imaging Monitor]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\HP Digital Imaging Monitor.lnk --> F:\HP\DIGITA~1\bin\hpqtra08.exe [Hewlett-Packard Development Company, L.P.]><N>
[HP Photosmart Premier 快速启动 ]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\HP Photosmart Premier 快速启动 .lnk --> F:\HP\DIGITA~1\bin\hpqthb08.exe [Hewlett-Packard Development Company, L.P.]><N>

==================================
服务
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart][Stopped/Auto Start]
  <C:\WINDOWS\system32\ati2sgag.exe><>
[Contrl Center of Storm Media / ccosm][Running/Auto Start]
  <C:\Program Files\StormII\stormliv.exe /asservice><北京暴风网际科技有限公司>
[Pml Driver HPZ12 / Pml Driver HPZ12][Stopped/Auto Start]
  <C:\WINDOWS\system32\HPZipm12.exe><HP>
[Rising Proxy  Service / RfwProxySrv][Running/Auto Start]
  <f:\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
  <f:\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"F:\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
  <"F:\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
驱动程序
[ati2mtag / ati2mtag][Running/Manual Start]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[ENTECH / ENTECH][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys><EnTech Taiwan>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HookCont / HookCont][Running/System Start]
  <\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Technology Co., Ltd>
[HookNtos / HookNtos][Running/System Start]
  <\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Technology Co., Ltd>
[HookReg / HookReg][Running/System Start]
  <\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Technology Co., Ltd>
[HookSys / HookSys][Running/System Start]
  <\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Technology Co., Ltd>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\F:\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[IEEE-1284.4 Driver HPZid412 / HPZid412][Stopped/Manual Start]
  <system32\DRIVERS\HPZid412.sys><HP>
[Print Class Driver for IEEE-1284.4 HPZipr12 / HPZipr12][Stopped/Manual Start]
  <system32\DRIVERS\HPZipr12.sys><HP>
[USB to IEEE-1284.4 Translation Driver HPZius12 / HPZius12][Stopped/Manual Start]
  <system32\DRIVERS\HPZius12.sys><HP>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
  <system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[OrangeWare USB 2.0 Root Hub Support / ousb2hub][Running/Manual Start]
  <system32\DRIVERS\ousb2hub.sys><OrangeWare Corporation>
[OrangeWare USB Enhanced Host Controller Service / ousbehci][Running/Auto Start]
  <System32\Drivers\ousbehci.sys><OrangeWare Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[USB Token Holder Service / R5BaseSmc][Running/Manual Start]
  <system32\DRIVERS\smccard.sys><OEM>
[Rising  Rfwbase Driver / RfwBase][Running/Auto Start]
  <System32\DRIVERS\rfwbase.SYS><Beijing Rising Technology Co., Ltd.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
[RsFwDrv / RsFwDrv][Running/System Start]
  <\??\F:\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver / RTLE8023xp][Running/Manual Start]
  <system32\DRIVERS\Rtenicxp.sys><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[USB Token Service / token][Running/Manual Start]
  <system32\DRIVERS\eps2kt1.sys><>
[WINIO / WINIO][Stopped/Manual Start]
  <\??\D:\winio.sys><N/A>
[WoptiHWDetect / WoptiHWDetect][Running/Manual Start]
  <\??\F:\Wopti\WoptiHWDetect.sys><SSN>

==================================
浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <F:\thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <F:\thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <F:\thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <F:\thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <F:\thunder\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[XMP Class]
  {6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
[XDRM]
  {693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[MediaComm Class]
  {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <F:\thunder\Components\InMedia\MediaAddin14.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <F:\thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[RMGetLicense Class]
  {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[Thunder DapCtrl]
  {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <F:\thunder\Components\DownAndPlay\DapCtrl1.2.11.14.883.dll, ShenZhen Thunder Networking Technologies Ltd.>
[Thunder DapPlayer]
  {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <F:\thunder\Components\DownAndPlay\DapPlayer3.0.40.64.882.dll, ShenZhen Thunder Networking Technologies Ltd.>
[XPPlayer Class]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\pplayer.dll_1_work, Thunder>
[使用迅雷下载]
  <F:\thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <F:\thunder\Program\getallurl.htm, N/A>
[添加到QQ表情]
  <f:\Tencent\QQ\AddEmotion.htm, N/A>

==================================
正在运行的进程
[PID: 628 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 712 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [f:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [f:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[PID: 744 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4163]
    [f:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [f:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 788 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\AppPatch\AcAdProc.dll]  [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)]
    [f:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [f:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[PID: 800 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [f:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [f:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[PID: 956 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4173]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2512]
    [C:\WINDOWS\system32\atipdlxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2521]
    [f:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [f:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[PID: 968 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [f:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [f:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[PID: 1052 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [f:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [f:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[PID: 1156 / SYSTEM][F:\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.28]
    [f:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [f:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[PID: 1216 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [f:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [f:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
    [C:\olite\bin\oci.dll]  [Oracle Corporation, 8.0.5.0.1]
    [C:\olite\bin\ORA805.dll]  [Oracle Corporation, 8.0.5.0.0]
    [C:\olite\bin\CORE40.dll]  [Oracle Corporation, 4.0.5.0.0]
    [C:\olite\bin\NLSRTL33.dll]  [Oracle Corporation, 3.3.2.0.0]
    [C:\olite\bin\NL80.dll]  [Oracle Corporation, 8.0.4.0.0 Production]
    [C:\olite\bin\OTRACE80.dll]  [Oracle Corporation, 8.0.4.0.0]
    [C:\olite\bin\NS80.dll]  [Oracle Corporation, 8.0.4.0.2 Production]
    [C:\olite\bin\nasns80.dll]  [Oracle Corporation, 8.0.4.0.0 Production]
    [C:\olite\bin\nz80.dll]  [Oracle Corporation, 8.0.4.0.0 Production]
    [C:\olite\bin\NNFG80.dll]  [Oracle Corporation, 8.0.4.0.1 Production]
    [C:\olite\bin\NNCI80.dll]  [Oracle Corporation, 8.0.4.0.0 Production]
    [C:\olite\bin\NNG80.dll]  [Oracle Corporation, 8.0.4.0.2 Production]
    [C:\olite\bin\NMP80.dll]  [Oracle Corporation, 8.0.4.0.0 Production]
    [C:\olite\bin\NPL80.dll]  [Oracle Corporation, 8.0.4.0.0 Production]
    [C:\olite\bin\NR80.dll]  [Oracle Corporation, 8.0.4.0.0 Production]
    [C:\olite\bin\NT80.dll]  [Oracle Corporation, 8.0.4.0.1 Production]
    [C:\olite\bin\NCR80.dll]  [Oracle Corporation, 8.0.4.0.0 Production]
    [C:\olite\bin\NMS80.dll]  [Oracle Corporation, 8.0.4.0.0 Production]
    [C:\olite\bin\NNFD80.dll]  [Oracle Corporation, 8.0.4.0.0 Production]
    [C:\olite\bin\NNFN80.dll]  [Oracle Corporation, 8.0.4.0.0 Production]
    [C:\olite\bin\NI80.dll]  [Oracle Corporation, 8.0.4.0.0 Production]
    [C:\olite\bin\PLS805.dll]  [Oracle Corporation, 8.0.5.0.0]
    [C:\olite\bin\NDWSI80.DLL]  [N/A, ]
    [C:\olite\bin\SQLLib80.dll]  [Oracle Corporation, 8.0.5.0.0]
    [C:\olite\bin\xa80.dll]  [Oracle Corporation, 8.0.5.0.0]
[PID: 1276 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4173]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2512]
    [C:\WINDOWS\system32\atipdlxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2521]
    [C:\WINDOWS\system32\ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4163]
    [f:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [f:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[PID: 1312 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [f:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [f:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[PID: 1408 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [f:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [f:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[PID: 1528 / SYSTEM][F:\RISING\RAV\ravmond.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.74]
    [F:\RISING\RAV\BWList.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.4]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [F:\RISING\RAV\RSAPPMGR.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [F:\RISING\RAV\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.10]
    [F:\RISING\RAV\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.34]
    [F:\RISING\RAV\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [F:\RISING\RAV\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [F:\RISING\RAV\MonRule.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.28]
    [F:\RISING\RAV\Hooksys.dll]  [Beijing Rising Technology Co., Ltd, 22, 0, 0, 8]
    [f:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [f:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
    [F:\RISING\RAV\HookReg.dll]  [Beijing Rising Technology Co., Ltd, 22, 0, 0, 4]
    [F:\RISING\RAV\HookNtos.dll]  [Beijing Rising Technology Co., Ltd, 22, 0, 0, 2]
    [F:\RISING\RAV\rswalmon.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 22]
    [F:\RISING\RAV\recomp.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 31]
    [F:\RISING\RAV\refs.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 15]
    [F:\RISING\RAV\ffr.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 10]
    [F:\Rising\Rav\RsStore.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.8]
    [F:\RISING\RAV\HookCont.dll]  [Beijing Rising Technology Co., Ltd, 22, 0, 0, 1]
    [F:\Rising\Rav\fakescan.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.13]
    [F:\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.36]
    [F:\RISING\RAV\viruslib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 21]
    [F:\RISING\RAV\relibldr.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 13]
    [F:\RISING\RAV\HookWeb.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.2]
    [F:\RISING\RAV\nvfile.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [F:\RISING\RAV\extfile.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 29]
    [F:\RISING\RAV\pearc.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 5]
    [F:\RISING\RAV\scanexec.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 15]
    [F:\RISING\RAV\unexe.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4]
    [F:\RISING\RAV\scanex.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 52]
    [F:\RISING\RAV\scanpack.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9]
    [F:\RISING\RAV\revm.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 8]
    [F:\RISING\RAV\urutils.dll]  [, 20, 0, 0, 4]
    [F:\RISING\RAV\ur000.dat]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 14]
    [F:\RISING\RAV\scriptci.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [F:\RISING\RAV\uroutine.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26]
    [F:\RISING\RAV\posttrt.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [F:\RISING\RAV\ur001.dat]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 2]
    [F:\RISING\RAV\scansct.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 7]
[PID: 1540 / SYSTEM][f:\rising\rfw\rfwsrv.exe]  [Beijing Rising Technology Co., Ltd., 7.0.0.68]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [F:\Rising\Rfw\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [f:\rising\rfw\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [f:\rising\rfw\RSAPPMGR.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [f:\rising\rfw\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.10]
    [f:\rising\rfw\RfwRule.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.13]
    [f:\rising\rfw\rfwlog.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.12]
    [f:\rising\rfw\Rfwdrv.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.41]
    [f:\rising\rfw\psapi.dll]  [Microsoft Corporation, 4.00]
    [f:\rising\rfw\ijt_ctrl.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.0]
    [f:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [f:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
    [f:\rising\rfw\unvdet.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
    [f:\rising\rfw\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.3]
[PID: 1688 / SYSTEM][f:\rising\rfw\rfwproxy.exe]  [Beijing Rising Technology Co., Ltd., 7.0.0.29]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [f:\rising\rfw\psapi.dll]  [Microsoft Corporation, 4.00]
    [F:\Rising\Rfw\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [f:\rising\rfw\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [f:\rising\rfw\RfwRule.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.13]
    [f:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [f:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
    [f:\rising\rfw\MonMid.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 1904 / SYSTEM][f:\rising\rfw\rfwstub.exe]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [f:\rising\rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [f:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [f:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[PID: 280 / SYSTEM][F:\RISING\RAV\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.9]
    [F:\RISING\RAV\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [F:\RISING\RAV\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [F:\RISING\RAV\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [f:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [f:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[PID: 472 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [f:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [f:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
    [C:\WINDOWS\system32\HpTcpMon.dll]  [Hewlett Packard, 5.01.01.01]
    [C:\WINDOWS\system32\hpzjrd01.dll]  [Hewlett Packard, 2.01.00.003]
    [C:\WINDOWS\system32\HPTcpMUI.dll]  [Microsoft Corporation, 5.01.01.01]
    [C:\WINDOWS\system32\hptcpmib.dll]  [Hewlett Packard, 5.01.01.01]
    [C:\WINDOWS\system32\hpz3l43a.dll]  [Hewlett-Packard Company, 60.053.243.00]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\hpzpp43a.dll]  [Hewlett-Packard Corporation, 60.053.243.00]
[PID: 512 / LOCAL SERVICE][C:\WINDOWS\System32\SCardSvr.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [f:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [f:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[PID: 1120 / banaza][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.17]
    [f:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [f:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
    [C:\WINDOWS\system32\msosiocp.dll]  [N/A, ]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
    [C:\WINDOWS\system32\WPDShServiceObj.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\PortableDeviceTypes.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\PortableDeviceApi.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\rkbuou.dll]  [N/A, ]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 8.1.0.0]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.CHS]  [Adobe Systems, Inc., 8.0.0.0]
    [F:\thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.16]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 8.0.0.2006102200]
    [F:\thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 55]
    [F:\thunder\Components\ResWorker\DsBho_01.dll]  [, 1, 0, 0, 12]
    [F:\thunder\Components\ResWorker\DataProcessor_01.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 13]
    [C:\Program Files\Common Files\Adobe\Shell\PSICON.DLL]  [Adobe Systems, Incorporated, 6.0]
[PID: 1320 / banaza][F:\RISING\RAV\RavMon.exe]  [Beijing Rising Technology Co., Ltd., 20.0.01.13]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [F:\RISING\RAV\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [F:\RISING\RAV\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [F:\RISING\RAV\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [F:\RISING\RAV\recomp.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 31]
    [F:\RISING\RAV\refs.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 15]
    [F:\RISING\RAV\viruslib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 21]
    [F:\RISING\RAV\relibldr.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 13]
    [F:\RISING\RAV\RSAPPMGR.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [F:\RISING\RAV\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.10]
    [F:\RISING\RAV\MonRule.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.28]
    [F:\RISING\RAV\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4]
    [F:\RISING\RAV\Rsguilib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 88]
    [F:\RISING\RAV\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0]
    [f:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [f:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[PID: 1508 / banaza][f:\rising\rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 7.0.1.65]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [f:\rising\rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 88]
    [C:\WINDOWS\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [F:\Rising\Rfw\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [f:\rising\rfw\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [f:\rising\rfw\RSAPPMGR.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [f:\rising\rfw\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.10]
    [f:\rising\rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [f:\rising\rfw\RfwCtrl.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.7]
    [f:\rising\rfw\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0]
    [f:\rising\rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4]
    [f:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [f:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
    [f:\rising\rfw\RfwRule.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.13]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[PID: 1808 / SYSTEM][C:\Program Files\StormII\stormliv.exe]  [北京暴风网际科技有限公司, 3, 8, 3, 15]
    [C:\Program Files\StormII\MSVCP60.dll]  [Microsoft Corporation, 6.02.3104.0]
    [f:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [f:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
[PID: 2452 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2680 / banaza][C:\WINDOWS\system32\wscntfy.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [f:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [f:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
    [C:\WINDOWS\system32\rkbuou.dll]  [N/A, ]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[PID: 2788 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3216 / banaza][C:\WINDOWS\RTHDCPL.EXE]  [Realtek Semiconductor Corp., 2.1.4.9]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
    [C:\WINDOWS\system32\rkbuou.dll]  [N/A, ]
[PID: 3244 / banaza][C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE]  [Advanced Micro Devices Inc., 2.0.0.0]
    [C:\WINDOWS\system32\mscoree.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9855886dd2d37d48a3804e8cda081855\mscorlib.ni.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\77679c2149c25b4f9be26ef2ecb8bc27\System.ni.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\b3d1e2cd7a470e4497445ea6546616b5\System.Drawing.ni.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\dd58989a6ac6a147ad784b8134958e51\System.Windows.Forms.ni.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.2736.38608__90ba9c70f846762e\MOM.Implementation.dll]  [Advanced Micro Devices Inc., 2.0.2736.38608]
    [C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.2700.34671__90ba9c70f846762e\LOG.Foundation.dll]  [ATI Technologies Inc., 2.0.2700.34671]
    [C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2700.34681__90ba9c70f846762e\LOG.Foundation.Private.dll]  [ATI Technologies Inc., 2.0.2700.34681]
    [C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2736.38607__90ba9c70f846762e\LOG.Foundation.Implementation.dll]  [ATI Technologies Inc., 2.0.2736.38607]
    [C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.2700.34703__90ba9c70f846762e\MOM.Foundation.dll]  [Advanced Micro Devices Inc., 2.0.2700.34703]
    [C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2700.34708__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll]  [ATI Technologies Inc., 2.0.2700.34708]
    [C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\9323684fcbe2a94d8c4c6141e1ec54ea\System.Web.ni.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
    [C:\WINDOWS\system32\rkbuou.dll]  [N/A, ]
    [C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.2736.38316__90ba9c70f846762e\AEM.Server.dll]  [ATI Technologies Inc., 2.0.2736.38316]
    [C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2700.34680__90ba9c70f846762e\NEWAEM.Foundation.dll]  [ATI Technologies Inc., 2.0.2700.34680]
[PID: 3268 / banaza][C:\Program Files\Rising\AntiSpyware\runiep.exe]  [Beijing Rising Technology Co., Ltd., 5.0.0.12]
    [C:\Program Files\Rising\AntiSpyware\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Rising\AntiSpyware\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
    [C:\WINDOWS\system32\rkbuou.dll]  [N/A, ]
[PID: 3280 / banaza][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.4053]
    [f:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [f:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
    [C:\WINDOWS\system32\rkbuou.dll]  [N/A, ]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[PID: 3524 / banaza][F:\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.22]
    [F:\Rising\Rav\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [F:\Rising\Rav\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [F:\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [F:\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [F:\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.10]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[PID: 3680 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3724 / banaza][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [f:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [f:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
    [C:\WINDOWS\system32\rkbuou.dll]  [N/A, ]
[PID: 3784 / banaza][C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe]  [ATI Technologies Inc., 2.0.0.0]
    [C:\WINDOWS\system32\mscoree.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9855886dd2d37d48a3804e8cda081855\mscorlib.ni.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\77679c2149c25b4f9be26ef2ecb8bc27\System.ni.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\b3d1e2cd7a470e4497445ea6546616b5\System.Drawing.ni.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\dd58989a6ac6a147ad784b8134958e51\System.Windows.Forms.ni.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.2736.38608__90ba9c70f846762e\CCC.Implementation.dll]  [ATI Technologies Inc., 2.0.2736.38608]
    [C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.2700.34671__90ba9c70f846762e\LOG.Foundation.dll]  [ATI Technologies Inc., 2.0.2700.34671]
    [C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.2700.34703__90ba9c70f846762e\MOM.Foundation.dll]  [Advanced Micro Devices Inc., 2.0.2700.34703]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.2700.34674__90ba9c70f846762e\CLI.Foundation.dll]  [ATI Technologies Inc., 2.0.2700.34674]
    [C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2700.34708__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll]  [ATI Technologies Inc., 2.0.2700.34708]
    [C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2736.38607__90ba9c70f846762e\LOG.Foundation.Implementation.dll]  [ATI Technologies Inc., 2.0.2736.38607]
    [C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2700.34681__90ba9c70f846762e\LOG.Foundation.Private.dll]  [ATI Technologies Inc., 2.0.2700.34681]
    [C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.2736.38608__90ba9c70f846762e\MOM.Implementation.dll]  [Advanced Micro Devices Inc., 2.0.2736.38608]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2700.34808__90ba9c70f846762e\CLI.Foundation.XManifest.dll]  [ATI Technologies Inc., 2.0.2700.34808]
    [C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\e43b29e2fa0d2a458c82a46dd8845594\System.Xml.ni.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2736.38317__90ba9c70f846762e\CLI.Component.Runtime.dll]  [Advanced Micro Devices, Inc., 2.0.2736.38317]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2700.34706__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll]  [ATI Technologies Inc., 2.0.2700.34706]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2700.34690__90ba9c70f846762e\CLI.Foundation.Private.dll]  [ATI Technologies Inc., 2.0.2700.34690]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2700.34702__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll]  [ATI Technologies Inc., 2.0.2700.34702]
    [C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll]  [ATI Technologies Inc., 2.0.0.0]
    [C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.2736.38316__90ba9c70f846762e\AEM.Server.dll]  [ATI Technologies Inc., 2.0.2736.38316]
    [C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2700.34680__90ba9c70f846762e\NEWAEM.Foundation.dll]  [ATI Technologies Inc., 2.0.2700.34680]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2736.38316__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll]  [ATI Technologies Inc., 2.0.2736.38316]
    [C:\WINDOWS\assembly\GAC_MSIL\AEM.Foundation\2.0.2700.34672__90ba9c70f846762e\AEM.Foundation.dll]  [ATI Technologies Inc., 2.0.2700.34672]
    [C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2700.34697__90ba9c70f846762e\AEM.Server.Shared.dll]  [ATI Technologies Inc., 2.0.2700.34697]
    [C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2736.38653__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll]  [ATI Technologies Inc., 2.0.2736.38653]
    [C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2700.34739__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll]  [ATI Technologies Inc., 2.0.2700.34739]
    [C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2700.34701__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll]  [ATI Technologies Inc., 2.0.2700.34701]
    [C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll]  [ATI Technologies Inc., 2.0.2573.17685]
    [C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll]  [ATI Technologies Inc., 2.0.2573.17684]
    [C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.2700.34754__90ba9c70f846762e\DEM.Graphics.dll]  [ATI Technologies Inc., 2.0.2700.34754]
    [C:\WINDOWS\system32\ATIDEMGX.dll]  [Advanced Micro Devices, Inc., 2.0.2733.37788]
    [C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2700.34706__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll]  [ATI Technologies Inc., 2.0.2700.34706]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
    [C:\WINDOWS\system32\rkbuou.dll]  [N/A, ]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2736.38325__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll]  [Advanced Mirco Devices, Inc., 2.0.2736.38325]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2700.34697__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll]  [Advanced Mirco Devices, Inc., 2.0.2700.34697]
    [C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll]  [ATI Technologies Inc., 2.0.2573.17685]
    [C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2700.34751__90ba9c70f846762e\DEM.OS.I0602.dll]  [ATI Technologies Inc., 2.0.2700.34751]
    [C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2700.34689__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll]  [ATI Technologies Inc., 2.0.2700.34689]
    [C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.2700.34718__90ba9c70f846762e\DEM.OS.dll]  [ATI Technologies Inc., 2.0.2700.34718]
    [C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.2736.38318__90ba9c70f846762e\ATIDEMOS.dll]  [ATI Technologies Inc., 2.0.2736.38318]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2736.38346__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll]  [ATI Technologies Inc., 2.0.2736.38346]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2700.34717__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll]  [ATI Technologies Inc., 2.0.2700.34717]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2736.38545__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll]  [ATI Technologies Inc., 2.0.2736.38545]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2700.34740__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll]  [ATI Technologies Inc., 2.0.2700.34740]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2700.34726__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll]  [ATI Technologies Inc., 2.0.2700.34726]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2736.38483__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll]  [Advanced Micro Devices, Inc., 2.0.2736.38483]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2700.34708__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll]  [ATI Technologies Inc., 2.0.2700.34708]
    [C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0703.dll]  [Advanced Micro Devices, Inc., 2.0.2651.18802]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2700.34709__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll]  [ATI Technologies Inc., 2.0.2700.34709]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2736.38586__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll]  [ATI Technologies Inc., 2.0.2736.38586]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2700.34728__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll]  [ATI Technologies Inc., 2.0.2700.34728]
    [C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2700.34750__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll]  [ATI Technologies Inc., 2.0.2700.34750]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Runtime\2.0.2736.38381__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Runtime.dll]  [ATI Technologies Inc., 2.0.2736.38381]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Shared\2.0.2700.34714__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Shared.dll]  [ATI Technologies Inc., 2.0.2700.34714]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2736.38401__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll]  [ATI Technologies Inc., 2.0.2736.38401]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2700.34716__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll]  [ATI Technologies Inc., 2.0.2700.34716]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2736.38512__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll]  [ATI Technologies Inc., 2.0.2736.38512]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2700.34724__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll]  [ATI Technologies Inc., 2.0.2700.34724]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2736.38491__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll]  [ATI Technologies Inc., 2.0.2736.38491]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2700.34722__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll]  [ATI Technologies Inc., 2.0.2700.34722]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2736.38532__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll]  [Advanced Micro Devices, Inc., 2.0.2736.38532]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2700.34721__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll]  [ATI Technologies Inc., 2.0.2700.34721]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2736.38483__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll]  [Advanced Micro Devices, Inc., 2.0.2736.38483]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2700.34721__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll]  [ATI Technologies Inc., 2.0.2700.34721]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.2736.38374__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll]  [ATI Technologies Inc., 2.0.2736.38374]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.2700.34714__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll]  [ATI Technologies Inc., 2.0.2700.34714]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive3.Graphics.Runtime\2.0.2736.38435__90ba9c70f846762e\CLI.Aspect.OverDrive3.Graphics.Runtime.dll]  [ATI Technologies Inc., 2.0.2736.38435]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive3.Graphics.Shared\2.0.2700.34719__90ba9c70f846762e\CLI.Aspect.OverDrive3.Graphics.Shared.dll]  [ATI Technologies Inc., 2.0.2700.34719]
    [C:\WINDOWS\system32\ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2512]
    [C:\WINDOWS\system32\atipdlxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2521]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2736.38552__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll]  [ATI Technologies Inc., 2.0.2736.38552]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2700.34727__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll]  [ATI Technologies Inc., 2.0.2700.34727]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2736.38491__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll]  [ATI Technologies Inc., 2.0.2736.38491]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2705.19134__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll]  [ATI Technologies Inc., 2.0.2705.19134]
    [C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.2736.38317__90ba9c70f846762e\APM.Server.dll]  [Advanced Micro Devices, Inc., 2.0.2736.38317]
    [C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.2700.34704__90ba9c70f846762e\APM.Foundation.dll]  [ATI Technologies Inc., 2.0.2700.34704]
    [C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\217ec6628b12cf4d84f6c0f7d963ce06\System.Configuration.ni.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\9323684fcbe2a94d8c4c6141e1ec54ea\System.Web.ni.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2736.38600__90ba9c70f846762e\CLI.Component.Systemtray.dll]  [ATI Technologies Inc., 2.0.2736.38600]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2700.34698__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll]  [Advanced Micro Devices, Inc., 2.0.2700.34698]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2736.38354__90ba9c70f846762e\CLI.Component.Wizard.dll]  [Advanced Micro Devices, Inc., 2.0.2736.38354]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2700.34686__90ba9c70f846762e\CLI.Component.Client.Shared.dll]  [ATI Technologies Inc., 2.0.2700.34686]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2700.34705__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll]  [ATI Technologies Inc., 2.0.2700.34705]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2700.34752__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll]  [ATI Technologies Inc., 2.0.2700.34752]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2736.38360__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll]  [ATI Technologies Inc., 2.0.2736.38360]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2700.34713__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll]  [ATI Technologies Inc., 2.0.2700.34713]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2736.38622__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll]  [ATI Technologies Inc., 2.0.2736.38622]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2736.38559__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll]  [ATI Technologies Inc., 2.0.2736.38559]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2736.38368__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll]  [ATI Technologies Inc., 2.0.2736.38368]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2700.34759__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll]  [ATI Technologies Inc., 2.0.2700.34759]
    [C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll]  [ , 1.0.0.0]
    [C:\Program Files\Common Files\ATI Technologies\Multimedia\atixcode.dll]  [N/A, ]
    [C:\Program Files\Common Files\ATI Technologies\Multimedia\atidvcr.dll]  [ATI Technologies, Inc., 9.14.0.70409]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2736.38574__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll]  [ATI Technologies Inc., 2.0.2736.38574]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.2736.38600_zh-CHS_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll]  [ATI Technologies Inc., 2.0.2736.38600]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2736.38382__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll]  [ATI Technologies Inc., 2.0.2736.38382]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2736.38595__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll]  [ATI Technologies Inc., 2.0.2736.38595]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.2736.38567__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll]  [ATI Technologies Inc., 2.0.2736.38567]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2736.38333__90ba9c70f846762e\CLI.Component.Dashboard.dll]  [Advanced Micro Devices, Inc., 2.0.2736.38333]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2700.34694__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll]  [ATI Technologies Inc., 2.0.2700.34694]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2700.34711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll]  [ATI Technologies Inc., 2.0.2700.34711]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2736.38339__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll]  [ATI Technologies Inc., 2.0.2736.38339]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2700.34729__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll]  [ATI Technologies Inc., 2.0.2700.34729]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2736.38629__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll]  [Advanced Mirco Devices, Inc., 2.0.2736.38629]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2736.38346__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll]  [ATI Technologies Inc., 2.0.2736.38346]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2736.38389__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll]  [ATI Technologies Inc., 2.0.2736.38389]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2736.38512__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll]  [ATI Technologies Inc., 2.0.2736.38512]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2736.38485__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll]  [ATI Technologies Inc., 2.0.2736.38485]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.2736.38547__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll]  [ATI Technologies Inc., 2.0.2736.38547]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.2736.38588__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll]  [ATI Technologies Inc., 2.0.2736.38588]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.2736.38477__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll]  [Advanced Micro Devices, Inc., 2.0.2736.38477]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2736.38553__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll]  [ATI Technologies Inc., 2.0.2736.38553]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2736.38395__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll]  [ATI Technologies Inc., 2.0.2736.38395]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2736.38493__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll]  [ATI Technologies Inc., 2.0.2736.38493]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.2736.38375__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll]  [ATI Technologies Inc., 2.0.2736.38375]
    [C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive3.Graphics.Dashboard\2.0.2736.38442__90ba9c70f846762e\CLI.Aspect.OverDrive3.Graphics.Dashboard.dll]  [ATI Technologies Inc., 2.0.2736.38442]
[PID: 3848 / banaza][F:\HP\Digital Imaging\bin\hpqtra08.exe]  [Hewlett-Packard Development Company, L.P., 61.0.163.000]
    [f:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [f:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
    [F:\HP\Digital Imaging\bin\hpqcxm08.dll]  [Hewlett-Packard Development Company, L.P., 61.0.163.000]
    [F:\HP\Digital Imaging\bin\hpquio08.dll]  [Hewlett-Packard Development Company, L.P., 61.0.163.000]
    [F:\HP\Digital Imaging\bin\hpqtra08.rsc]  [Hewlett-Packard Development Company, L.P., 61.0.163.000]
    [F:\HP\Digital Imaging\bin\hpqtao08.dll]  [Hewlett-Packard Development Company, L.P., 61.0.163.000]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
    [F:\HP\Digital Imaging\bin\hpotra08.dll]  [Hewlett-Packard Co., 51.0.230.000]
    [F:\HP\Digital Imaging\bin\hpotra08.rsc]  [Hewlett-Packard Co., 51.0.230.000]
    [F:\HP\Digital Imaging\bin\hpqcob08.dll]  [Hewlett-Packard Development Company, L.P., 61.0.163.000]
    [F:\HP\Digital Imaging\bin\hpodio08.dll]  [Hewlett-Packard Development Company, L.P., 61.0.163.000]
    [F:\HP\Digital Imaging\bin\hpotradd.dll]  [Hewlett-Packard Development Company, L.P., 61.0.163.000]
    [F:\HP\Digital Imaging\bin\hpqrif08.dll]  [Hewlett-Packard Development Company, L.P., 61.0.163.000]
    [F:\HP\Digital Imaging\bin\hpodvd09.dll]  [Hewlett-Packard Development Company, L.P., 61.0.163.000]
    [F:\HP\Digital Imaging\bin\hpoddcomm09.dll]  [Hewlett-Packard Development Company, L.P., 61.0.163.000]
    [C:\WINDOWS\system32\rkbuou.dll]  [N/A, ]
    [C:\WINDOWS\system32\hpzipr12.dll]  [HP, 10, 1, 1, 2]
    [C:\WINDOWS\system32\hpzidr12.dll]  [HP, 10, 1, 1, 2]
[PID: 3884 / banaza][F:\HP\Digital Imaging\bin\hpqimzone.exe]  [Hewlett-Packard Development Company, L.P., 061.000.163.000]
    [C:\WINDOWS\system32\mscoree.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll]  [Microsoft Corporation, 1.1.4322.2032]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll]  [Microsoft Corporation, 1.1.4322.2032]
    [c:\windows\microsoft.net\framework\v1.1.4322\mscorlib.dll]  [Microsoft Corporation, 1.1.4322.2032]
    [c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_69bc9eb1\mscorlib.dll]  [N/A, ]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll]  [Microsoft Corporation, 1.1.4322.573]
    [c:\windows\assembly\gac\hpqiface\4.0.0.0__a53cf5803f4c3827\hpqiface.dll]  [Hewlett-Packard Development Company, L.P., 061.000.163.000]
    [c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll]  [Microsoft Corporation, 1.1.4322.2032]
    [c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_abe72022\system.windows.forms.dll]  [N/A, ]
    [c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll]  [Microsoft Corporation, 1.1.4322.2032]
    [c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_6c3b9625\system.drawing.dll]  [N/A, ]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSCORJIT.DLL]  [Microsoft Corporation, 1.1.4322.2032]
    [c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll]  [Microsoft Corporation, 1.1.4322.2032]
    [c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_4b75f3b8\system.dll]  [N/A, ]
    [c:\windows\assembly\gac\hpqcc2\3.0.0.0__a53cf5803f4c3827\hpqcc2.dll]  [Hewlett-Packard Development Company, L.P., 060.000.087.000]
    [c:\windows\assembly\gac\hpqutils\4.0.0.0__a53cf5803f4c3827\hpqutils.dll]  [Hewlett-Packard Development Company, L.P., 060.000.087.000]
    [c:\windows\assembly\gac\hpqfmrsc\4.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll]  [Hewlett-Packard Development Company, L.P., 061.000.163.000]
    [c:\windows\assembly\gac\hpqtray\4.0.0.0__a53cf5803f4c3827\hpqtray.dll]  [Hewlett-Packard Development Company, L.P., 061.000.163.000]
    [c:\windows\assembly\gac\hpqovskn\3.0.0.0__a53cf5803f4c3827\hpqovskn.dll]  [Hewlett-Packard Development Company, L.P., 060.000.087.000]
    [c:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll]  [Hewlett-Packard Development Company, L.P., 061.000.163.000]
    [c:\windows\assembly\gac\hpqimvlt\3.0.0.0__a53cf5803f4c3827\hpqimvlt.dll]  [Hewlett-Packard Development Company, L.P., 060.000.087.000]
    [c:\windows\assembly\gac\hpqimgrc\4.0.0.0__a53cf5803f4c3827\hpqimgrc.dll]  [Hewlett-Packard Development Company, L.P., 060.000.087.000]
    [f:\hp\digital imaging\bin\zh-chs\hpqimzone.resources.dll]  [ , 60.0.83.0]
    [c:\windows\assembly\gac\hpqntrop\4.0.0.0__a53cf5803f4c3827\hpqntrop.dll]  [Hewlett-Packard Development Company, L.P., 060.000.087.000]
    [c:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll]  [Hewlett-Packard Development Company, L.P., 61.0.163.000]
    [F:\HP\Digital Imaging\bin\hpqcxm08.dll]  [Hewlett-Packard Development Company, L.P., 61.0.163.000]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
    [C:\WINDOWS\system32\rkbuou.dll]  [N/A, ]
    [c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll]  [Microsoft Corporation, 1.1.4322.2032]
    [c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_b7247030\system.xml.dll]  [N/A, ]
    [c:\windows\assembly\gac\lead\13.0.0.113__9cf889f53ea9b907\lead.dll]  [LEAD Technologies, Inc., 13.0.0.113]
    [c:\windows\assembly\gac\lead.wrapper\13.0.0.113__9cf889f53ea9b907\lead.wrapper.dll]  [LEAD Technologies, Inc., 13.0.0.113]
    [F:\HP\Digital Imaging\bin\ltkrn13n.dll]  [LEAD Technologies, Inc., 13.0.0.098]
    [c:\windows\assembly\gac\hpqtray.resources\4.0.0.0_zh-chs_a53cf5803f4c3827\hpqtray.resources.dll]  [ , 60.0.83.0]
    [c:\windows\assembly\gac\hpqfmrsc.resources\4.0.0.0_zh-chs_a53cf5803f4c3827\hpqfmrsc.resources.dll]  [ , 60.0.83.0]
    [c:\windows\assembly\gac\lead.windows.forms\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.dll]  [LEAD Technologies, Inc., 13.0.0.113]
    [c:\windows\assembly\gac\lead.drawing\13.0.0.113__9cf889f53ea9b907\lead.drawing.dll]  [LEAD Technologies, Inc., 13.0.0.113]
    [c:\windows\assembly\gac\interop.hpqimgr\4.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll]  [ , 4.0.0.0]
    [F:\HP\Digital Imaging\Bin\hpqimgr.dll]  [Hewlett-Packard Development Company, L.P., 060.000.087.000]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\ATL71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [F:\HP\Digital Imaging\Bin\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [c:\windows\assembly\gac\hpqasset\4.0.0.0__a53cf5803f4c3827\hpqasset.dll]  [Hewlett-Packard Development Company, L.P., 061.000.163.000]
    [f:\hp\digital imaging\bin\hpqmirsc.dll]  [Hewlett-Packard Development Company, L.P., 061.000.163.000]
    [f:\hp\digital imaging\bin\zh-chs\hpqmirsc.resources.dll]  [ , 60.0.83.0]
    [c:\windows\assembly\gac\hpqedit\3.0.0.0__a53cf5803f4c3827\hpqedit.dll]  [Hewlett-Packard Development Company, L.P., 060.000.087.000]
    [c:\windows\assembly\gac\hpqvideo\3.0.0.0__a53cf5803f4c3827\hpqvideo.dll]  [Hewlett-Packard Development Company, L.P., 060.000.087.000]
    [c:\windows\assembly\gac\lead.windows.forms.drawingcontainer\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.drawingcontainer.dll]  [LEAD Technologies, Inc., 13.0.0.113]
    [c:\windows\assembly\gac\hpqmdmr\4.0.0.0__a53cf5803f4c3827\hpqmdmr.dll]  [Hewlett-Packard Development Company, L.P., 060.000.087.000]
    [c:\windows\assembly\gac\lead.drawing.imaging.imageprocessing\13.0.0.113__9cf889f53ea9b907\lead.drawing.imaging.imageprocessing.dll]  [LEAD Technologies, Inc., 13.0.0.113]
    [c:\windows\assembly\gac\hpqimlib\3.0.0.0__a53cf5803f4c3827\hpqimlib.dll]  [Hewlett-Packard Development Company, L.P., 060.000.087.000]
    [c:\windows\assembly\gac\hpqedit.resources\3.0.0.0_zh-chs_a53cf5803f4c3827\hpqedit.resources.dll]  [ , 3.0.0.0]
    [c:\windows\assembly\gac\hpqglutl\4.0.0.0__a53cf5803f4c3827\hpqglutl.dll]  [Hewlett-Packard Development Company, L.P., 060.000.087.000]
    [c:\windows\assembly\gac\hpqcc2.resources\3.0.0.0_zh-chs_a53cf5803f4c3827\hpqcc2.resources.dll]  [ , 3.0.0.0]
    [f:\hp\digital imaging\bin\zh-chs\hpqvideo.resources.dll]  [ , 3.0.0.0]
    [c:\windows\assembly\gac\interop.hpqvideo\4.0.0.0__a53cf5803f4c3827\interop.hpqvideo.dll]  [ , 4.0.0.0]
    [F:\HP\Digital Imaging\bin\hpqvdcom.dll]  [Hewlett-Packard Development Company, L.P., 060.000.087.000]
    [c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll]  [Microsoft Corporation, 1.1.4322.573]
    [c:\windows\assembly\gac\hpqprrsc\4.0.0.0__a53cf5803f4c3827\hpqprrsc.dll]  [Hewlett-Packard Development Company, L.P., 061.000.163.000]
    [c:\windows\assembly\gac\hpqprrsc.resources\4.0.0.0_zh-chs_a53cf5803f4c3827\hpqprrsc.resources.dll]  [ , 60.0.83.0]
    [c:\windows\assembly\gac\system.resources\1.0.5000.0_zh-chs_b77a5c561934e089\system.resources.dll]  [Microsoft Corporation, 1.1.4322.573]
    [c:\windows\assembly\gac\mscorlib.resources\1.0.5000.0_zh-chs_b77a5c561934e089\mscorlib.resources.dll]  [Microsoft Corporation, 1.1.4322.573]
    [c:\windows\assembly\gac\interop.hprblog\3.0.0.0__a53cf5803f4c3827\interop.hprblog.dll]  [ , 3.0.0.0]
    [c:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll]  [Hewlett-Packard Development Company, L.P., 061.000.163.000]
    [c:\windows\assembly\gac\hpqcprsc.resources\3.0.0.0_zh-chs_a53cf5803f4c3827\hpqcprsc.resources.dll]  [ , 60.0.83.0]
    [c:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll]  [Hewlett-Packard Development Company, L.P., 061.000.163.000]
    [c:\windows\assembly\gac\hpqisrtb.resources\4.0.0.0_zh-chs_a53cf5803f4c3827\hpqisrtb.resources.dll]  [Hewlett-Packard Development Company, L.P., 61.0.163.0]
    [c:\windows\assembly\gac\hpqbakup\3.0.0.0__a53cf5803f4c3827\hpqbakup.dll]  [Hewlett-Packard Development Company, L.P., 060.000.087.000]
    [c:\windows\assembly\gac\hpqbakup.resources\3.0.0.0_zh-chs_a53cf5803f4c3827\hpqbakup.resources.dll]  [ , 3.0.0.0]
    [c:\windows\assembly\gac\lead.drawing.imaging.codecs\13.0.0.113__9cf889f53ea9b907\lead.drawing.imaging.codecs.dll]  [LEAD Technologies, Inc., 13.0.0.113]
    [F:\HP\Digital Imaging\bin\ltfil13n.dll]  [LEAD Technologies, Inc., 13.0.0.113]
[PID: 1708 / banaza][F:\HP\Digital Imaging\bin\hpqSTE08.exe]  [Hewlett-Packard Development Company, L.P., 61.0.163.000]
    [F:\HP\Digital Imaging\bin\hpqmfc09.dll]  [Hewlett-Packard Development Company, L.P., 61.0.163.000]
    [F:\HP\Digital Imaging\bin\hpqtap08.dll]  [Hewlett-Packard Development Company, L.P., 61.0.163.000]
    [f:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [f:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
    [F:\HP\Digital Imaging\bin\hpqcxm08.dll]  [Hewlett-Packard Development Company, L.P., 61.0.163.000]
    [F:\HP\Digital Imaging\bin\hpqSTE08.rsc]  [Hewlett-Packard Development Company, L.P., 61.0.163.000]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
    [C:\WINDOWS\system32\rkbuou.dll]  [N/A, ]
    [F:\HP\Digital Imaging\bin\hpqsti08.dll]  [Hewlett-Packard Development Company, L.P., 61.0.163.000]
    [F:\HP\Digital Imaging\bin\hpqcob08.dll]  [Hewlett-Packard Development Company, L.P., 61.0.163.000]
    [F:\HP\Digital Imaging\bin\hpqstp08.dll]  [Hewlett-Packard Development Company, L.P., 61.0.163.000]
    [F:\HP\Digital Imaging\bin\hpodio08.dll]  [Hewlett-Packard Development Company, L.P., 61.0.163.000]
    [F:\HP\Digital Imaging\bin\hpocxi08.dll]  [Hewlett-Packard Development Company, L.P., 61.0.163.000]
    [F:\HP\Digital Imaging\bin\hpqsem08.rsc]  [Hewlett-Packard Development Company, L.P., 61.0.163.000]
    [C:\WINDOWS\system32\hpzipr12.dll]  [HP, 10, 1, 1, 2]
[PID: 2268 / banaza][F:\Wopti\WoptiUtilities.exe]  [SSN, 7.80.8.218]
    [F:\Wopti\WoptiP2P.dll]  [共软网络, 1.4.7.613]
    [F:\Wopti\D3DX81ab.dll]  [鲁锦, 1.0.0.0]
    [C:\WINDOWS\system32\wpdshext.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\PortableDeviceApi.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\Audiodev.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
    [C:\WINDOWS\system32\rkbuou.dll]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.17]
[PID: 2584 / banaza][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
    [C:\WINDOWS\system32\rkbuou.dll]  [N/A, ]
[PID: 2612 / banaza][F:\Maxthon\Maxthon.exe]  [Maxthon International Ltd., 1, 6, 2, 60]
    [F:\Maxthon\maxzlib.dll]  [ , 1, 0, 0, 2]
    [F:\thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 55]
    [F:\thunder\Components\ResWorker\DsBho_01.dll]  [, 1, 0, 0, 12]
    [F:\thunder\Components\ResWorker\DataProcessor_01.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 13]
    [C:\WINDOWS\system32\odbcbcp.dll]  [Microsoft Corporation, 2000.085.1117.00 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\mscoree.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CorperfmonExt.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
    [C:\WINDOWS\system32\rkbuou.dll]  [N/A, ]
    [F:\Maxthon\Services\RealTime\real_time.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx]  [Adobe Systems, Inc., 9,0,115,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
[PID: 2980 / banaza][H:\download\Software\sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [f:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [f:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
    [C:\WINDOWS\system32\rkbuou.dll]  [N/A, ]
    [H:\download\Software\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1       localhost

==================================
进程特权扫描
特殊特权被允许: SeDebugPrivilege [PID = 3244, C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CORE-STATIC\MOM.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3244, C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CORE-STATIC\MOM.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 3268, C:\PROGRAM FILES\RISING\ANTISPYWARE\RUNIEP.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3268, C:\PROGRAM FILES\RISING\ANTISPYWARE\RUNIEP.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 3784, C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CORE-STATIC\CCC.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3784, C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CORE-STATIC\CCC.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 3848, F:\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3848, F:\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 3884, F:\HP\DIGITAL IMAGING\BIN\HPQIMZONE.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3884, F:\HP\DIGITAL IMAGING\BIN\HPQIMZONE.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 1708, F:\HP\DIGITAL IMAGING\BIN\HPQSTE08.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1708, F:\HP\DIGITAL IMAGING\BIN\HPQSTE08.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 2612, F:\MAXTHON\MAXTHON.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2612, F:\MAXTHON\MAXTHON.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 504, F:\THUNDER\PROGRAM\UPNP.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 504, F:\THUNDER\PROGRAM\UPNP.EXE]

==================================
API HOOK
入口点错误:CreateProcessA (危险等级: 高,  被下面模块所HOOK: 0x00E81FFD)
入口点错误:CreateProcessW (危险等级: 高,  被下面模块所HOOK: 0x00E820E5)

==================================
隐藏进程
N/A

==================================

清楚方法:

先清理插件,下载Windows清理助手 http://www.arswp.com/download/arswp/arswp.rar
清理临时文件夹:
打开我的电脑-工具-文件夹选项-查看-显示隐藏文件-隐藏受保护的系统文件(勾去掉)-确定
重起进入安全模式(开机不停的按F8,选择安全模式启动) 清空临时文件夹:
C:\Documents and Settings\用户名\Local Settings\Temporary Internet Files
C:\Documents and Settings\用户名\Local Settings\Temp

然后安全模式全盘查杀(更新到最新版本杀软)
注册表中
<LotusHlp><C:\WINDOWS\LotusHlp.exe> []
<{50632D5C-B71B-4ba0-B012-3DC6F15C011B}><C:\WINDOWS\system32\msosiocp.dll> []



进程中
C:\WINDOWS\system32\rkbuou.dll

用XDELBOX删除
C:\WINDOWS\system32\rkbuou.dll
C:\WINDOWS\system32\msosiocp.dll

用SRENG删除注册表中
<LotusHlp><C:\WINDOWS\LotusHlp.exe> []
<{50632D5C-B71B-4ba0-B012-3DC6F15C011B}><C:\WINDOWS\system32\msosiocp.dll> []
发表评论】【加入收藏】【告诉好友】【打印此文】【关闭窗口
 
  • 上一篇文章:

  • 下一篇文章:
    • 相关新闻
    解析Rootkit木马后门
    RootKit.Win32.CallGate.g清除手记
    论坛新帖
    新 闻 TOP 10
  • 没有热点文章
    		•
    点击申请点击申请点击申请点击申请点击申请点击申请点击申请
    点击申请点击申请点击申请点击申请点击申请点击申请点击申请点击申请
    文字链接: 热门下说网
    Copyright © 2008 FanMuMa.com All Rights Reserved
    客服邮箱:fanmuma#126.com(将#换为@) 站长:Fisco 联系电话:15802671439 联系QQ:337803 
    捍卫属于个人的一切--