[CODE] 2008-04-28,02:15:23 System Repair Engineer 2.5.16.900 Smallfrogs (http://www.KZTechs.com) Windows XP Home Edition Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能以下内容被选中：所有的启动项目（包括注册表、启动文件夹、服务等）浏览器加载项正在运行的进程（包括进程模块信息）文件关联 Winsock 提供者 Autorun.inf HOSTS 文件进程特权扫描启动项目注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] [(Verified)Microsoft Windows Publisher] [TOSHIBA] <"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"> [N/A] [土豆网(www.tudou.com)] <"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background> [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Publisher] [(Verified)Microsoft Windows Publisher] [(Verified)Microsoft Windows Publisher] [(Verified)Microsoft Windows Publisher] [(Verified)Microsoft Windows Hardware Compatibility Publisher] [adi] <00THotkey> [东芝公司] [(Verified)Microsoft Windows Hardware Compatibility Publisher] [(Verified)Microsoft Windows Hardware Compatibility Publisher] [Toshiba Corp.] [N/A] [东芝公司] <"C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"> [TOSHIBA CORPORATION] [TOSHIBA Corporation] [(Verified)Microsoft Windows Publisher] [(Verified)Microsoft Windows Publisher] <"realsched.exe" -osboot> [N/A] <"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [(Verified)BEIJING RISING SCIENCE AND TECHNOLOGY CORPORATION LIMITED] <"C:\Program Files\Rising\Rav\RavTask.exe" -system> [(Verified)Beijing Rising Science and Technology Corporation Limited] [N/A] [(Verified)Microsoft Corporation] <"C:\Program Files\Thunder Network\Thunder2\Thunder.exe" /s> [Thunder Networking Technologies,LTD] <"C:\Program Files\QuickTime\QTTask.exe" -atboottime> [Apple Inc.] <"C:\Program Files\iTunes\iTunesHelper.exe"> [(Verified)Apple Inc.] <"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"> [Adobe Systems Incorporated] <360Safetray> [(Verified)Qizhi Software (beijing) Co. Ltd] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Publisher] [(Verified)Microsoft Windows Publisher] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{32CD708B-60A7-4C00-9377-D73EAA495F0F}> [(Verified)Beijing Rising Science and Technology Corporation Limited] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] <%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] [Microsoft Corporation] [HKEY_CURRENT_USER\Control Panel\Desktop] [ScreenTime Media] ================================== 启动文件夹 [金山词霸 2006] C:\PROGRA~1\Kingsoft\POWERW~1\XDICT.exe [Kingsoft Co, Ltd.]> ================================== 服务 [Apple Mobile Device / Apple Mobile Device][Running/Auto Start] <"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"> [Application Management / AppMgmt][Stopped/Manual Start] %SystemRoot%\System32\appmgmts.dll> [Contrl Center of Storm Media / ccosm][Running/Auto Start] <北京暴风网际科技有限公司> [ConfigFree Service / CFSvcs][Running/Auto Start] [DVD-RAM_Service / DVD-RAM_Service][Running/Auto Start] [InstallDriver Table Manager / IDriverT][Stopped/Manual Start] <"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"> [iPod 服务 / iPod Service][Running/Manual Start] <"C:\Program Files\iPod\bin\iPodService.exe"> [MazeSvr / MazeSvr][Stopped/Auto Start] [Rising Proxy Service / RfwProxySrv][Running/Auto Start] [Rising Personal Firewall Service / RfwService][Running/Auto Start] [Rising Process Communication Center / RsCCenter][Running/Auto Start] <"C:\Program Files\Rising\Rav\CCenter.exe"> [Rising RealTime Monitor / RsRavMon][Stopped/Auto Start] <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"> [SoundMAX Agent Service / SoundMAX Agent Service (default)][Running/Auto Start] [Windows Accounts Driver / windows_2][Stopped/Auto Start] [Windows Live Setup Service / WLSetupSvc][Stopped/Manual Start] <"C:\Program Files\Windows Live\installer\WLSetupSvc.exe"> ================================== 驱动程序 [aeaudio / aeaudio][Running/Manual Start] [Rising TDI Base Driver / BaseTDI][Running/Auto Start] [CMB8100 / CMB8100][Running/Auto Start] <\??\C:\WINDOWS\system32\Drivers\CertClient.dat> [CMBProtector / CMBProtector][Running/Auto Start] <\??\C:\WINDOWS\system32\Drivers\CMBProtector.dat> [Intel(R) PRO Adapter Driver / E100B][Running/Manual Start] [GEARAspiWDM / GEARAspiWDM][Running/Manual Start] [HookCont / HookCont][Running/System Start] <\SystemRoot\system32\drivers\HookCont.sys> [HookNtos / HookNtos][Running/System Start] <\SystemRoot\system32\drivers\HookNtos.sys> [HookReg / HookReg][Running/System Start] <\SystemRoot\system32\drivers\HookReg.sys> [HookSys / HookSys][Running/System Start] <\SystemRoot\system32\drivers\HookSys.sys> [HookUrl / HookUrl][Running/Auto Start] <\??\C:\Program Files\Rising\Rfw\HookUrl.sys> [ialm / ialm][Running/Manual Start] [meiudf / meiudf][Running/System Start] [TOSHIBA Network Device Usermode I/O Protocol / Netdevio][Running/Auto Start] [NOWMEMDF / NOWMEMDF][Stopped/Manual Start] <\??\C:\WINDOWS\system32\NOWMEMDF.sys> [npkcrypt / npkcrypt][Stopped/Auto Start] <\??\C:\Program Files\Tencent\QQ\npkcrypt.sys> [npkcusb / npkcusb][Stopped/Auto Start] <\??\C:\Program Files\Tencent\QQ\npkcusb.sys> [pciSd / pciSd][Stopped/Manual Start] [Direct Parallel Link Driver / Ptilink][Running/Manual Start] [PxHelp20 / PxHelp20][Running/Boot Start] <\SystemRoot\System32\DRIVERS\PxHelp20.sys> [Rising Rfwbase Driver / RfwBase][Running/Auto Start] [RsFwDrv / RsFwDrv][Running/System Start] <\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys> [RsNTGDI / RsNTGDI][Running/Boot Start] <\SystemRoot\system32\Drivers\RsNTGdi.sys> [Secdrv / Secdrv][Stopped/Manual Start] [smwdm / smwdm][Running/Manual Start] [Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start] [SAMSUNG Mobile USB Device II 1.0 driver (WDM) / ssm_bus][Stopped/Manual Start] [SAMSUNG Mobile USB Modem II 1.0 Filter / ssm_mdfl][Stopped/Manual Start] [SAMSUNG Mobile USB Modem II 1.0 Drivers / ssm_mdm][Stopped/Manual Start] [Synaptics TouchPad Driver / SynTP][Running/Manual Start] [TOSHIBA Software Modem / TOSHIBASoftModem][Running/Manual Start] [TOSHIBA SD Card Host Controller Driver / tsdhd][Running/Manual Start] [Toshiba ACPI-Based Value Added Logical Device Driver / TVALD][Running/Boot Start] <\SystemRoot\System32\DRIVERS\TVALD.SYS> [Toshiba Value Added Logical and General Purpose Device Driver / TVALG][Running/Boot Start] <\SystemRoot\System32\DRIVERS\TVALG.SYS> [Intel(R) PRO/Wireless 7100 Adapter 驱动程序 / w70n51][Running/Manual Start] [Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Running/Manual Start] [Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Running/Manual Start] [AIM 3.0 Part 01 Codec Driver CH-7009-A/CH-7011 / {E2B953A6-195A-44F9-9BA3-3D5F4E32BB55}][Running/Manual Start] ================================== 浏览器加载项 [ThunderAtOnce Class] {01443AEC-0FD1-40fd-9C87-E93D1494C233} [Adobe PDF Reader Link Helper] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} [Windows Live 登录帮助程序] {9030D464-4C02-4ABF-8ECC-5164760863C6} [SafeMon Class] {B69F34DD-F0F9-42DC-9EDD-957187DA688D} [ThunirBHO] {BAF3565A-AC09-41FE-935F-0A82091E96F8} [] {FB3412B6-6D67-4650-B3B4-C2A90191A80F} [启动迅雷5] {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} [TOL24] {345ff7d8-2364-4ef7-889b-7d3c1d0bd342} [信息检索(&R)] {92780B25-18CC-41C8-B9BE-3C9C571A8263} [Encarta &Researcher] {9455301C-CF6B-11D3-A266-00C04F689C50} [PPLive] {95B3F550-91C4-4627-BCC4-521288C52977} [QQ] {c95fe080-8f5d-11d2-a20b-00aa003c157b} [] {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A> [Edit Class] {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} [InfosecCertInstall Class] {0EB487C8-E9AC-43A6-8C4C-083999B0622F} [Office Update Installation Engine] {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} [sslclientnew Control] {40CFEA79-ED5B-4B2B-8B8D-B567E40AF812} [Playctrl Control] {4567F27D-6ACF-407B-8900-6785184045E0} [WUWebControl Class] {6414512B-B978-451D-A0D8-FCFDF33E833C} [MofileUploadX Control] {7260569F-1D40-4E7F-B95B-2E68D35668B9} [AxInputControl Class] {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} [ScreenCapture Class] {BFB79EE1-04AE-4D4A-B85E-27EE5F30C095} [ThunderAtOnce Class] {01443AEC-0FD1-40FD-9C87-E93D1494C233} [Thunder Browser Helper] {06849E9E-C8D7-4D59-B87D-784B7D6BE0B3} [Adobe PDF Reader Link Helper] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [Web Browser Applet Control] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [GerneralPeerID Class] {0A47E819-F82E-4D5D-B806-6A9EA94D68CD} [CEnroll Class] {127698E4-E730-4E5C-A2B1-21490A70C8A1} [Shockwave ActiveX Control] {166B1BCA-3F9C-11CF-8075-444553540000} [Windows Genuine Advantage Validation Tool] {17492023-C23A-453E-A040-C7C580BBF700} [InformationCardSigninHelper Class] {19916E01-B44E-4E31-94A4-4696DF46157B} [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} [HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} [DHTML Edit Control Safe for Scripting for IE5] {2D360201-FFF5-11D1-8D03-00A0C959BC0A} [Tabular Data Control] {333C7BC4-460F-11D0-BC04-0080C7055A83} [Office Update Installation Engine] {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} [QuickTime Object] {4063BE15-3B08-470D-A0D5-B37161CFFD69} [XML Document] {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\System32\msxml3.dll, N/A> [Thunder Agent Class] {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} [EditCtrl Class] {488A4255-3236-44B3-8F27-FA1AECAA8844} [HHCtrl Object] {52A2AAAE-085D-4187-97EA-8C30DB990436} [Shell Name Space] {55136805-B2DE-11D1-B9F2-00A0C98BC547} [WUWebControl Class] {6414512B-B978-451D-A0D8-FCFDF33E833C} [XMP Class] {6483F145-A768-4C41-AACC-52D4D7845851} [Microsoft Shell UI Helper] {64AB4BB7-111E-11D1-8F79-00C04FC2FBE1} [XDRM] {693571CB-54A3-4E90-9D52-EEAE1334E2D3} [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} [WangWangObj Class] {6E213FC7-DD5A-4115-B7E6-D4C7838C361E} [Active Desktop Mover] {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A> [MofileUploadX Control] {7260569F-1D40-4E7F-B95B-2E68D35668B9} [AxInputControl Class] {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} [MediaComm Class] {7670648D-461B-42AF-BDFE-46D26AF5EFF2} [360SafeLive] {87515F61-A66C-4319-A0E0-D416CB8059E3} [Microsoft Web Browser] {8856F961-340A-11D0-A96B-00C04FD705A2} [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} [AxSubmitControl Class] {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} [Windows Live 登录帮助程序] {9030D464-4C02-4ABF-8ECC-5164760863C6} [Encarta &Researcher] {9455301C-CF6B-11D3-A266-00C04F689C50} [UploadFilePartition Class] {A877BA28-1F7E-4876-B299-50B3199A1A5D} [EROSave Control] {A930FE7E-48A6-4134-A6DB-EF0E9DED06B4} [RMGetLicense Class] {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} [Thunder DapCtrl] {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\System32\shdocvw.dll, N/A> [SafeMon Class] {B69F34DD-F0F9-42DC-9EDD-957187DA688D} [ThunirBHO] {BAF3565A-AC09-41FE-935F-0A82091E96F8} [RDS.DataSpace] {BD96C556-65A3-11D0-983A-00C04FC29E36} [OWSClientMiscApis Class] {BDEADE3F-C265-11D0-BCED-00A0C90AB50F} [OWSBrowserUI Class] {BDEADE43-C265-11D0-BCED-00A0C90AB50F} [ScreenCapture Class] {BFB79EE1-04AE-4D4A-B85E-27EE5F30C095} [AUDIO__MP3 Moniker Class] {CD3AFA76-B84F-48F0-9393-7EDC34128127} [AUDIO__X_MS_WMA Moniker Class] {CD3AFA84-B84F-48F0-9393-7EDC34128127} [VIDEO__AVI Moniker Class] {CD3AFA88-B84F-48F0-9393-7EDC34128127} [RealPlayer G2 Control] {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} [Windows Live 登录控制] {D2517915-48CE-4286-970F-921E881B8C5C} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [] {E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} [XML HTTP Request] {ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\System32\msxml3.dll, N/A> [Thunder DapPlayer] {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} [XPPlayer Class] {F3E70CEA-956E-49CC-B444-73AFE593AD7F} [XML DOM Document] {F6D90F11-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\System32\msxml3.dll, N/A> [XML HTTP] {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\System32\msxml3.dll, N/A> [] {FB3412B6-6D67-4650-B3B4-C2A90191A80F} [上传到QQ网络硬盘] [使用迅雷下载] [使用迅雷下载全部链接] [添加到QQ自定义面板] [添加到QQ表情] [用QQ彩信发送该图片] ================================== 正在运行的进程 [PID: 716 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 780 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [PID: 804 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\WgaLogon.dll] [Microsoft Corporation, 1.7.0018.5] [C:\WINDOWS\system32\IMSC40A.IME] [Microsoft Corporation, 6.0.0.2529] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 848 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [PID: 864 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [PID: 996 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [PID: 1092 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [PID: 1148 / SYSTEM][C:\Program Files\Rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.28] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [PID: 1168 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)] [PID: 1304 / NETWORK SERVICE][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [PID: 1396 / LOCAL SERVICE][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)] [PID: 1464 / SYSTEM][C:\PROGRAM FILES\RISING\RAV\ravmond.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.76] [C:\PROGRAM FILES\RISING\RAV\BWList.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.4] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.0] [C:\PROGRAM FILES\RISING\RAV\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.16] [C:\PROGRAM FILES\RISING\RAV\RsLog.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.34] [C:\PROGRAM FILES\RISING\RAV\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\PROGRAM FILES\RISING\RAV\MonRule.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.29] [C:\PROGRAM FILES\RISING\RAV\Hooksys.dll] [Beijing Rising Technology Co., Ltd, 22, 0, 0, 9] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [C:\PROGRAM FILES\RISING\RAV\HookReg.dll] [Beijing Rising Technology Co., Ltd, 22, 0, 0, 4] [C:\PROGRAM FILES\RISING\RAV\HookNtos.dll] [Beijing Rising Technology Co., Ltd, 22, 0, 0, 2] [C:\PROGRAM FILES\RISING\RAV\rswalmon.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 22] [C:\PROGRAM FILES\RISING\RAV\recomp.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 35] [C:\PROGRAM FILES\RISING\RAV\refs.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 15] [C:\PROGRAM FILES\RISING\RAV\ffr.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 13] [C:\Program Files\Rising\Rav\RsStore.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.8] [C:\PROGRAM FILES\RISING\RAV\HookCont.dll] [Beijing Rising Technology Co., Ltd, 22, 0, 0, 1] [C:\Program Files\Rising\Rav\fakescan.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.13] [C:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.36] [C:\PROGRAM FILES\RISING\RAV\viruslib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26] [C:\PROGRAM FILES\RISING\RAV\relibldr.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 14] [C:\WINDOWS\system32\IMSC40A.IME] [Microsoft Corporation, 6.0.0.2529] [C:\PROGRAM FILES\RISING\RAV\HookWeb.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.2] [C:\PROGRAM FILES\RISING\RAV\nvfile.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 5] [C:\PROGRAM FILES\RISING\RAV\extfile.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 29] [C:\PROGRAM FILES\RISING\RAV\pearc.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 5] [C:\PROGRAM FILES\RISING\RAV\scanexec.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 17] [C:\PROGRAM FILES\RISING\RAV\unexe.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4] [C:\PROGRAM FILES\RISING\RAV\scanex.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 59] [C:\PROGRAM FILES\RISING\RAV\scanpack.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9] [C:\PROGRAM FILES\RISING\RAV\revm.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 8] [C:\PROGRAM FILES\RISING\RAV\urutils.dll] [, 20, 0, 0, 5] [C:\PROGRAM FILES\RISING\RAV\ur000.dat] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 18] [C:\PROGRAM FILES\RISING\RAV\scansct.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 8] [C:\PROGRAM FILES\RISING\RAV\scriptci.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3] [C:\PROGRAM FILES\RISING\RAV\uroutine.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26] [C:\PROGRAM FILES\RISING\RAV\ur023.dat] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0] [C:\PROGRAM FILES\RISING\RAV\ur001.dat] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3] [PID: 1476 / SYSTEM][c:\program files\rising\rfw\rfwsrv.exe] [Beijing Rising Technology Co., Ltd., 7.0.0.68] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Rising\Rfw\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [c:\program files\rising\rfw\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [c:\program files\rising\rfw\RSAPPMGR.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.0] [c:\program files\rising\rfw\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.16] [c:\program files\rising\rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.13] [c:\program files\rising\rfw\rfwlog.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.12] [c:\program files\rising\rfw\Rfwdrv.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.41] [c:\program files\rising\rfw\psapi.dll] [Microsoft Corporation, 4.00] [c:\program files\rising\rfw\ijt_ctrl.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.0] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [c:\program files\rising\rfw\unvdet.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.5] [c:\program files\rising\rfw\mPorts.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.3] [PID: 1652 / SYSTEM][c:\program files\rising\rfw\rfwproxy.exe] [Beijing Rising Technology Co., Ltd., 7.0.0.32] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0] [c:\program files\rising\rfw\psapi.dll] [Microsoft Corporation, 4.00] [C:\Program Files\Rising\Rfw\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [c:\program files\rising\rfw\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [c:\program files\rising\rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.13] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [c:\program files\rising\rfw\MonMid.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.4] [PID: 1864 / SYSTEM][c:\program files\rising\rfw\rfwstub.exe] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [c:\program files\rising\rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [PID: 152 / cunic][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)] [C:\WINDOWS\system32\IMSC40A.IME] [Microsoft Corporation, 6.0.0.2529] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)] [C:\WINDOWS\system32\WPDShServiceObj.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\PortableDeviceTypes.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.5.11 30May03] [C:\WINDOWS\system32\TPwrCfg.DLL] [TOSHIBA Corporation, 1, 0, 4, 0] [C:\WINDOWS\system32\TPwrReg.dll] [TOSHIBA Corporation, 1, 0, 1, 0] [C:\WINDOWS\system32\TPSTrace.DLL] [TOSHIBA Corporation, 1, 0, 2, 0] [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001] [C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.17] [C:\Program Files\Thunder Network\Thunder2\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.5.29] [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 8.0.0.2006102200] [C:\Program Files\Thunder Network\Thunder2\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 74] [C:\Program Files\Thunder Network\Thunder2\Components\ResWorker\DsBho_01.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 18] [C:\Program Files\Thunder Network\Thunder2\Components\ResWorker\DataProcessor_01.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 16] [C:\WINDOWS\system32\ipjgjrczym.dll] [N/A, ] [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510] [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 8.1.0.0] [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.CHS] [Adobe Systems, Inc., 8.0.0.0] [PID: 440 / SYSTEM][C:\PROGRAM FILES\RISING\RAV\RavStub.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.9] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [C:\PROGRAM FILES\RISING\RAV\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [PID: 536 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.8166.2] [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.8166.2] [PID: 624 / SYSTEM][C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe] [Apple, Inc., 1, 14, 0, 0] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [PID: 692 / cunic][c:\program files\rising\rfw\RfwMain.exe] [Beijing Rising Technology Co., Ltd., 7.0.1.65] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [c:\program files\rising\rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 88] [C:\WINDOWS\system32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Rising\Rfw\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [c:\program files\rising\rfw\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [c:\program files\rising\rfw\RSAPPMGR.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.0] [c:\program files\rising\rfw\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.16] [c:\program files\rising\rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [c:\program files\rising\rfw\RfwCtrl.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.7] [c:\program files\rising\rfw\RsXML.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0] [c:\program files\rising\rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [c:\program files\rising\rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.13] [PID: 696 / SYSTEM][C:\Program Files\StormII\stormliv.exe] [北京暴风网际科技有限公司, 3, 8, 3, 15] [C:\Program Files\StormII\MSVCP60.dll] [Microsoft Corporation, 6.02.3104.0] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [PID: 1392 / SYSTEM][C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe] [TOSHIBA CORPORATION, 3, 0, 0, 12] [C:\Program Files\TOSHIBA\ConfigFree\NDSAPI.dll] [TOSHIBA CORPORATION, 4, 0, 2, 420] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)] [C:\Program Files\TOSHIBA\ConfigFree\IpAdrSet.dll] [TOSHIBA CORPORATION, 3, 0, 0, 5] [PID: 1612 / SYSTEM][C:\WINDOWS\System32\DVDRAMSV.exe] [Matsushita Electric Industrial Co., Ltd., 2, 0, 7, 0] [PID: 1680 / SYSTEM][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE] [Microsoft Corporation, 7.00.9466] [C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\2052\mdmui.dll] [Microsoft Corporation, 7.00.9466] [PID: 1816 / SYSTEM][C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe] [Analog Devices, Inc., 3, 2, 6, 0] [PID: 2448 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 2936 / cunic][C:\WINDOWS\System32\igfxtray.exe] [Intel Corporation, 3,0,0,2104] [C:\WINDOWS\System32\hccutils.DLL] [Intel Corporation, 3,0,0,2104] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [C:\WINDOWS\System32\igfxdev.dll] [Intel Corporation, 3,0,0,2104] [C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.5.11 30May03] [C:\WINDOWS\system32\IMSC40A.IME] [Microsoft Corporation, 6.0.0.2529] [C:\WINDOWS\System32\igfxsrvc.dll] [Intel Corporation, 3,0,0,2104] [C:\WINDOWS\System32\igfxres.dll] [Intel Corporation, 3,0,0,2104] [C:\WINDOWS\System32\igfxress.dll] [Intel Corporation, 3,0,0,2104] [PID: 2944 / cunic][C:\WINDOWS\System32\hkcmd.exe] [Intel Corporation, 3,0,0,2104] [C:\WINDOWS\System32\hccutils.DLL] [Intel Corporation, 3,0,0,2104] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [C:\WINDOWS\System32\igfxdev.dll] [Intel Corporation, 3,0,0,2104] [C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.5.11 30May03] [C:\WINDOWS\system32\IMSC40A.IME] [Microsoft Corporation, 6.0.0.2529] [C:\WINDOWS\System32\igfxsrvc.dll] [Intel Corporation, 3,0,0,2104] [C:\WINDOWS\System32\igfxhk.dll] [Intel Corporation, 3,0,0,2104] [C:\WINDOWS\System32\igfxres.dll] [Intel Corporation, 3,0,0,2104] [PID: 2952 / cunic][C:\Program Files\Analog Devices\SoundMAX\PmProxy.exe] [adi, 1, 0, 0, 18] [C:\Program Files\Analog Devices\SoundMAX\PMCPL.cpl] [Analog Devices, 1, 0, 0, 19] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [C:\WINDOWS\system32\IMSC40A.IME] [Microsoft Corporation, 6.0.0.2529] [PID: 2960 / cunic][C:\WINDOWS\System32\00THotkey.exe] [东芝公司, 1, 0, 0, 21] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [C:\WINDOWS\system32\TSCI.DLL] [Toshiba, 1.0.0.0] [C:\WINDOWS\system32\THCI.DLL] [Toshiba, 1.0.0.0] [C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 2968 / cunic][C:\Program Files\Synaptics\SynTP\SynTPLpr.exe] [Synaptics, Inc., 7.5.11 30May03] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.5.11 30May03] [C:\WINDOWS\system32\IMSC40A.IME] [Microsoft Corporation, 6.0.0.2529] [PID: 2992 / cunic][C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] [Synaptics, Inc., 7.5.11 30May03] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [C:\WINDOWS\system32\IMSC40A.IME] [Microsoft Corporation, 6.0.0.2529] [C:\WINDOWS\System32\SynCOM.dll] [Synaptics, Inc., 7.5.11 30May03] [C:\WINDOWS\system32\SynTPAPI.dll] [Synaptics, Inc., 7.5.11 30May03] [C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.5.11 30May03] [PID: 3020 / cunic][C:\WINDOWS\system32\TFNF5.exe] [Toshiba Corp., 1. 0. 1. 0] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [C:\WINDOWS\system32\IMSC40A.IME] [Microsoft Corporation, 6.0.0.2529] [PID: 3032 / NETWORK SERVICE][C:\WINDOWS\System32\wbem\wmiprvse.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [PID: 3060 / cunic][C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe] [TOSHIBA Corporation, 3.01.01] [C:\WINDOWS\system32\TCtrlCommon.dll] [TOSHIBA Corporation, 3.01.00] [C:\WINDOWS\system32\THCI.dll] [Toshiba, 1.0.0.0] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.5.11 30May03] [C:\WINDOWS\system32\IMSC40A.IME] [Microsoft Corporation, 6.0.0.2529] [PID: 3116 / cunic][C:\Program Files\TOSHIBA\TouchED\TouchED.Exe] [东芝公司, 2, 5, 0, 0] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [C:\WINDOWS\system32\IMSC40A.IME] [Microsoft Corporation, 6.0.0.2529] [PID: 3148 / cunic][C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe] [TOSHIBA CORPORATION, 2, 1, 0, 1] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.5.11 30May03] [PID: 3184 / cunic][C:\WINDOWS\system32\TPSMain.exe] [TOSHIBA Corporation, 1, 0, 1, 2] [C:\WINDOWS\system32\TPSMainCtl.dll] [TOSHIBA Corporation, 1, 0, 1, 0] [C:\WINDOWS\system32\CpuPerf.dll] [TOSHIBA Corporation, 1, 0, 1, 0] [C:\WINDOWS\system32\TPSTrace.DLL] [TOSHIBA Corporation, 1, 0, 2, 0] [C:\WINDOWS\system32\TPwrReg.dll] [TOSHIBA Corporation, 1, 0, 1, 0] [C:\WINDOWS\system32\TPeculiarity.dll] [TOSHIBA Corporation, 1, 0, 1, 0] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.5.11 30May03] [PID: 3244 / cunic][C:\Program Files\Rising\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.23] [C:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 20.0.0.0] [C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.16] [C:\WINDOWS\system32\IMSC40A.IME] [Microsoft Corporation, 6.0.0.2529] [PID: 3284 / cunic][C:\Program Files\Rising\Rav\Ravmon.exe] [Beijing Rising Technology Co., Ltd., 20.0.01.19] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [C:\Program Files\Rising\Rav\recomp.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 35] [C:\Program Files\Rising\Rav\refs.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 15] [C:\Program Files\Rising\Rav\viruslib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26] [C:\Program Files\Rising\Rav\relibldr.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 14] [C:\Program Files\Rising\Rav\RSAPPMGR.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.0] [C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.16] [C:\Program Files\Rising\Rav\MonRule.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.29] [C:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4] [C:\WINDOWS\system32\IMSC40A.IME] [Microsoft Corporation, 6.0.0.2529] [C:\Program Files\Rising\Rav\Rsguilib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 88] [C:\Program Files\Rising\Rav\RsXML.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0] [PID: 3368 / cunic][C:\Program Files\iTunes\iTunesHelper.exe] [Apple Inc., 7.6.1.9] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.5.11 30May03] [C:\Program Files\iTunes\iTunesHelper.Resources\zh_CN.lproj\iTunesHelperLocalized.DLL] [Apple Inc., 7.6.1.1] [C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL] [Apple Inc., 7.6.1.9] [C:\WINDOWS\system32\IMSC40A.IME] [Microsoft Corporation, 6.0.0.2529] [C:\Program Files\QuickTime\QTSystem\QuickTime.qts] [Apple Inc., 7.4.1] [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001] [C:\Program Files\Common Files\Apple\Mobile Device Support\bin\iTunesMobileDevice.dll] [Apple Inc., 7, 6, 120, 1] [PID: 3384 / cunic][C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe] [Adobe Systems Incorporated, 8.0.0.0] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.5.11 30May03] [C:\WINDOWS\system32\IMSC40A.IME] [Microsoft Corporation, 6.0.0.2529] [PID: 3396 / cunic][C:\Program Files\360safe\safemon\360tray.exe] [奇虎网, 4, 1, 5, 1001] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.5.11 30May03] [C:\WINDOWS\system32\IMSC40A.IME] [Microsoft Corporation, 6.0.0.2529] [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001] [C:\Program Files\360safe\safemon\SafeKrnl.dll] [奇虎网, 4, 1, 5, 1001] [C:\Program Files\360safe\AntiAdwa.dll] [360Safe.com, 4, 1, 5, 1001] [C:\Program Files\360safe\live.dll] [360.cn, 1, 0, 1, 1027] [PID: 3404 / cunic][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.5.11 30May03] [C:\WINDOWS\system32\IMSC40A.IME] [Microsoft Corporation, 6.0.0.2529] [PID: 3412 / cunic][C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe] [TOSHIBA, 1, 0, 5, 0] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.5.11 30May03] [C:\WINDOWS\system32\IMSC40A.IME] [Microsoft Corporation, 6.0.0.2529] [PID: 3512 / SYSTEM][C:\WINDOWS\system32\wuauclt.exe] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)] [PID: 3528 / cunic][C:\WINDOWS\system32\TPSBattM.exe] [TOSHIBA Corporation, 1, 0, 1, 0] [C:\WINDOWS\system32\TPwrCfg.DLL] [TOSHIBA Corporation, 1, 0, 4, 0] [C:\WINDOWS\system32\TPwrReg.dll] [TOSHIBA Corporation, 1, 0, 1, 0] [C:\WINDOWS\system32\TPSTrace.DLL] [TOSHIBA Corporation, 1, 0, 2, 0] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.5.11 30May03] [C:\WINDOWS\system32\IMSC40A.IME] [Microsoft Corporation, 6.0.0.2529] [PID: 3556 / cunic][C:\Program Files\Tudou\飞速Tudou\TudouVA.exe] [土豆网(www.tudou.com), 1.0.1.0] [C:\Program Files\Tudou\飞速Tudou\upnpdll.dll] [N/A, ] [C:\Program Files\Tudou\飞速Tudou\MFC80.DLL] [Microsoft Corporation, 8.00.50727.42] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.5.11 30May03] [C:\WINDOWS\system32\IMSC40A.IME] [Microsoft Corporation, 6.0.0.2529] [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001] [C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)] [C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3] [C:\PROGRA~1\COMMON~1\MICROS~1\IME\SHARED2.0\MSCAND20.DLL] [Microsoft Corporation, 9.0.8164.0] [PID: 3576 / cunic][C:\Program Files\Thunder Network\Thunder2\Program\Thunder5.exe] [Thunder Networking Technologies,LTD, 5.7.9.473] [C:\Program Files\Thunder Network\Thunder2\Program\BugReport.dll] [Thunder Networking Technologies,LTD, 1, 2, 0, 15] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)] [C:\Program Files\Thunder Network\Thunder2\Program\TaskManager.dll] [Thunder Networking Technologies,LTD, 1, 3, 4, 62] [C:\Program Files\Thunder Network\Thunder2\Program\download_interface.dll] [Thunder Networking Technologies,LTD, 3, 0, 2, 307] [C:\Program Files\Thunder Network\Thunder2\Program\stlport_vc646.dll] [STLport Consulting, Inc., 4.6.2003.1031] [C:\Program Files\Thunder Network\Thunder2\Program\asyn_frame.dll] [, 1, 0, 2, 7] [C:\Program Files\Thunder Network\Thunder2\Program\backend_agent.dll] [, 1, 0, 2, 11] [C:\Program Files\Thunder Network\Thunder2\Program\ptl.dll] [Thunder Networking Technologies, LTD, 1, 0, 2, 12] [C:\Program Files\Thunder Network\Thunder2\Program\p2p_upload.dll] [, 1, 0, 2, 7] [C:\Program Files\Thunder Network\Thunder2\Program\fs.dll] [, 1, 0, 2, 7] [C:\Program Files\Thunder Network\Thunder2\Program\p2p.dll] [, 1, 0, 2, 12] [C:\Program Files\Thunder Network\Thunder2\Program\p2p_local_res.dll] [, 1, 0, 2, 7] [C:\Program Files\Thunder Network\Thunder2\Program\p2sp.dll] [, 1, 0, 2, 13] [C:\Program Files\Thunder Network\Thunder2\Program\down_dispatcher.dll] [, 1, 0, 2, 12] [C:\Program Files\Thunder Network\Thunder2\Program\xldc.dll] [Thunder Networking Technologies,LTD, 1, 5, 2, 9] [C:\Program Files\Thunder Network\Thunder2\Program\bd.dll] [Thunder Networking Technologies,LTD, 1, 0, 2, 16] [C:\Program Files\Thunder Network\Thunder2\Program\stream.dll] [ShenZhen Thunder Networking Technologies Ltd., 2, 0, 2, 310] [C:\Program Files\Thunder Network\Thunder2\Program\al.dll] [, 1, 1, 2, 9] [C:\Program Files\Thunder Network\Thunder2\Program\emule_id.dll] [, 1, 0, 2, 6] [C:\Program Files\Thunder Network\Thunder2\Program\XLNet.Dll] [Thunder Networking Technologies,LTD, 1, 4, 5, 21] [C:\WINDOWS\system32\IMSC40A.IME] [Microsoft Corporation, 6.0.0.2529] [C:\Program Files\Thunder Network\Thunder2\Program\iTargetAD.dll] [Thunder Networking Technologies,LTD, 1, 0, 3, 34] [C:\Program Files\Thunder Network\Thunder2\Program\BHOStub.dll] [Thunder Networking Technologies,LTD, 1, 1, 1, 10] [C:\Program Files\Thunder Network\Thunder2\Components\DownAndPlay\DownAndPlay.dll] [, 1, 0, 8, 26] [C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx] [Adobe Systems, Inc., 9,0,124,0] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)] [C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3] [C:\WINDOWS\system32\Macromed\Common\SwSupport.dll] [Macromedia, Inc., 8.5.1r102] [C:\Program Files\Thunder Network\Thunder2\Components\InMedia\iEmbedShell.dll] [　, 1, 0, 2, 24] [C:\Program Files\Thunder Network\Thunder2\Components\InMedia\iEmbed16.dll] [Thunder Networking Technologies,LTD, 3, 4, 7, 103] [C:\Program Files\Thunder Network\Thunder2\Components\InMedia\XLIPC.DLL] [Thunder Networking Technologies,LTD, 1, 0, 0, 2] [C:\Program Files\Thunder Network\Thunder2\Components\InMedia\PlayerHelper.dll] [thunder, 1, 1, 5, 41] [C:\Program Files\Thunder Network\Thunder2\Components\P4PClient\P4PClient.dll] [Thunder Networking Technologies,LTD, 2, 2, 5, 70] [C:\PROGRA~1\COMMON~1\MICROS~1\IME\SHARED2.0\MSCAND20.DLL] [Microsoft Corporation, 9.0.8164.0] [C:\Program Files\Thunder Network\Thunder2\Components\Community\XLCommunity.dll] [Thunder Networking Technologies,LTD, 1, 5, 0, 16] [C:\Program Files\Thunder Network\Thunder2\Program\RegisterDll.dll] [Thunder Networking Technologies,LTD, 2, 16, 5, 63] [C:\Program Files\Thunder Network\Thunder2\Program\MSVCIRT.dll] [Microsoft Corporation, 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Thunder Network\Thunder2\Components\Security\ThunderSafe.dll] [深圳市迅雷网络技术有限公司, 1, 0, 7, 77] [C:\Program Files\Thunder Network\Thunder2\Program\ATL71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Thunder Network\Thunder2\Components\Security\XLSafeUI.dll] [深圳市迅雷网络技术有限公司, 1, 0, 7, 77] [C:\Program Files\Thunder Network\Thunder2\Components\Search\XLSearch.dll] [Thunder Networking Technologies,LTD, 1, 1, 6, 21] [C:\Program Files\Thunder Network\Thunder2\Program\LiveUpdate.dll] [Thunder Networking Technologies,LTD, 1, 2, 3, 25] [C:\Program Files\Thunder Network\Thunder2\Plugins\XLSafeHost\XLSafeHost.dll] [深圳市迅雷网络技术有限公司, 1, 0, 7, 59] [C:\Program Files\Thunder Network\Thunder2\Plugins\XLSafeHost\ThunderRAV\ThunderRAV.dll] [N/A, ] [C:\Program Files\Thunder Network\Thunder2\Plugins\XLSafeHost\ThunderRAV\bin\rsscan.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3] [C:\Program Files\Thunder Network\Thunder2\Plugins\XLSafeHost\ThunderRAV\bin\recomp.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 35] [C:\Program Files\Thunder Network\Thunder2\Plugins\XLSafeHost\ThunderRAV\bin\refs.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 15] [C:\Program Files\Thunder Network\Thunder2\Plugins\XLSafeHost\ThunderRAV\bin\viruslib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26] [C:\Program Files\Thunder Network\Thunder2\Plugins\XLSafeHost\ThunderRAV\bin\relibldr.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 14] [C:\Program Files\Thunder Network\Thunder2\Plugins\KanKanTop\KanKanTop.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 4] [C:\Program Files\Thunder Network\Thunder2\Components\ExplorerHelper\ExplorerHelper.dll] [Thunder Networking Technologies,LTD, 1, 0, 4, 18] [C:\Program Files\Thunder Network\Thunder2\ComDlls\ThunderAgent_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 4, 23] [C:\Program Files\Thunder Network\Thunder2\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 74] [C:\Program Files\Thunder Network\Thunder2\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.5.29] [C:\Program Files\Thunder Network\Thunder2\Components\Tips\TipsClient.dll] [Thunder Networking Technologies,LTD, 2, 2, 11, 106] [C:\Program Files\Thunder Network\Thunder2\Components\VPSHELL\VPSHELL.dll] [迅雷网络, 3, 0, 1, 33] [C:\Program Files\Thunder Network\Thunder2\Components\UserExperience\UserExperience.dll] [Thunder Networking Technologies,LTD, 1, 0, 1, 3] [C:\Program Files\Thunder Network\Thunder2\Components\ResWorker\DsXlCom.dll] [, 1, 0, 0, 29] [C:\Program Files\Thunder Network\Thunder2\Components\ResWorker\DataProcessor_01.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 16] [C:\Program Files\Thunder Network\Thunder2\Components\ResWorker\MediaWorker.dll] [Thunder Networking Technologies,LTD, 1, 2, 0, 22] [C:\Program Files\Thunder Network\Thunder2\Components\Tips\XLIPC.DLL] [Thunder Networking Technologies,LTD, 1, 0, 0, 2] [C:\Program Files\Thunder Network\Thunder2\Components\DownloadStat\DownloadStat.dll] [Thunder Networking Technologies,LTD, 1, 4, 1, 6] [PID: 3720 / cunic][C:\Program Files\Kingsoft\PowerWord 2006\XDICT.EXE] [Kingsoft Co, Ltd., 9, 0, 0, 0] [C:\Program Files\Kingsoft\PowerWord 2006\AccountActivate.dll] [N/A, ] [C:\Program Files\Kingsoft\PowerWord 2006\DicMngr.dll] [Kingsoft, 2, 0, 0, 1] [C:\Program Files\Kingsoft\PowerWord 2006\doshow.dll] [N/A, ] [C:\Program Files\Kingsoft\PowerWord 2006\ITextOut.dll] [Kingsoft, 1, 1, 0, 1] [C:\Program Files\Kingsoft\PowerWord 2006\KPic10.dll] [N/A, ] [C:\Program Files\Kingsoft\PowerWord 2006\ijl11.dll] [Intel Corporation, 1.1.2] [C:\Program Files\Kingsoft\PowerWord 2006\NormGrab.DLL] [Kingsoft Co, Ltd., 6, 0, 0, 0] [C:\Program Files\Kingsoft\PowerWord 2006\toTTSEngine50.dll] [Kingsoft Corporation, 1, 0, 0, 1] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)] [C:\Program Files\Kingsoft\PowerWord 2006\xfile.dll] [N/A, ] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001] [C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.5.11 30May03] [C:\Program Files\Kingsoft\PowerWord 2006\DBCore10.dll] [Kingsoft Corp., 1, 5, 0, 1] [C:\Program Files\Kingsoft\PowerWord 2006\XdictGrb.dll] [Kingsoft Co, Ltd., 9, 0, 0, 2] [C:\PROGRA~1\COMMON~1\MICROS~1\Speech\sapi.dll] [Microsoft Corporation, 5.1.4111.00 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\PROGRA~1\COMMON~1\SPEECH~1\MICROS~1\TTS\1033\spttseng.dll] [Microsoft Corporation, 5.1.4111.00 (XPClient.010817-1148)] [C:\PROGRA~1\COMMON~1\SPEECH~1\MICROS~1\spcommon.dll] [Microsoft Corporation, 5.1.4111.00 (XPClient.010817-1148)] [C:\WINDOWS\system32\IMSC40A.IME] [Microsoft Corporation, 6.0.0.2529] [C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)] [C:\Program Files\Kingsoft\PowerWord 2006\KAVPassport.DLL] [Kingsoft Corporation, 2005, 9, 27, 0] [PID: 3444 / SYSTEM][C:\Program Files\iPod\bin\iPodService.exe] [Apple Inc., 7.6.1.9] [C:\Program Files\iPod\bin\iPodService.Resources\zh_CN.lproj\iPodServiceLocalized.DLL] [Apple Inc., 7.6.1.1] [C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL] [Apple Inc., 7.6.1.9] [PID: 2080 / cunic][D:\新建文件夹 (2)\sreng2\123.com] [Smallfrogs Studio, 2.5.16.900] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)] [c:\program files\rising\rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.10] [c:\program files\rising\rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.6] [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1001] [C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.5.11 30May03] [C:\WINDOWS\system32\IMSC40A.IME] [Microsoft Corporation, 6.0.0.2529] [D:\新建文件夹 (2)\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15] ================================== 文件关联 .TXT Error. [C:\WINDOWS\notepad.exe %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM Error. ["hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 N/A ================================== Autorun.inf N/A ================================== HOSTS 文件 127.0.0.1 localhost 127.0.0.1 yu.8s7.net 127.0.0.1 1.jopanqc.com 127.0.0.1 2.joppnqq.com 127.0.0.1 wg.47255.com 127.0.0.1 1.joppnqq.com 127.0.0.1 xxx.m111.biz 127.0.0.1 1.jopenqc.com 127.0.0.1 1.jopenkk.com 127.0.0.1 xxx.vh7.biz 127.0.0.1 xxx.j41m.com 127.0.0.1 3.joppnqq.com 127.0.0.1 d.93se.com 127.0.0.1 www.868wg.com 127.0.0.1 xxx.mmma.biz 127.0.0.1 ilove.com 127.0.0.1 tp.shpzhan.cn 127.0.0.1 www.tomwg.com 127.0.0.1 www.177dvd.cn 127.0.0.1 www.cike007.cn 127.0.0.1 www.22aaa.com 127.0.0.1 xx.exiao01.com 127.0.0.1 www.exiao01.com 127.0.0.1 www.exiao01.com 127.0.0.1 new.749571.com 127.0.0.1 xtx.kv8.info 127.0.0.1 cao.kv8.info 127.0.0.1 1.jopmmqq.com 127.0.0.1 171817.171817.com 127.0.0.1 d2.llsging.com 127.0.0.1 down.malasc.cn 127.0.0.1 llboss.com 127.0.0.1 nx.51ylb.cn 127.0.0.1 my.531jx.cn 127.0.0.1 qqq.dzydhx.com 127.0.0.1 qqq.hao1658.com 127.0.0.1 www.333292.com 127.0.0.1 down.18dd.net 127.0.0.1 up.22x44.com ================================== 进程特权扫描特殊特权被允许： SeLoadDriverPrivilege [PID = 624, C:\PROGRAM FILES\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 2952, C:\PROGRAM FILES\ANALOG DEVICES\SOUNDMAX\PMPROXY.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 2952, C:\PROGRAM FILES\ANALOG DEVICES\SOUNDMAX\PMPROXY.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 2960, C:\WINDOWS\SYSTEM32\00THOTKEY.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 2960, C:\WINDOWS\SYSTEM32\00THOTKEY.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 3020, C:\WINDOWS\SYSTEM32\TFNF5.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 3020, C:\WINDOWS\SYSTEM32\TFNF5.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 3060, C:\PROGRAM FILES\TOSHIBA\TOSHIBA CONTROLS\TFNCKY.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 3060, C:\PROGRAM FILES\TOSHIBA\TOSHIBA CONTROLS\TFNCKY.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 3116, C:\PROGRAM FILES\TOSHIBA\TOUCHED\TOUCHED.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 3116, C:\PROGRAM FILES\TOSHIBA\TOUCHED\TOUCHED.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 3148, C:\PROGRAM FILES\TOSHIBA\WIRELESS HOTKEY\TOSHKCW.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 3148, C:\PROGRAM FILES\TOSHIBA\WIRELESS HOTKEY\TOSHKCW.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 3184, C:\WINDOWS\SYSTEM32\TPSMAIN.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 3184, C:\WINDOWS\SYSTEM32\TPSMAIN.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 3384, C:\PROGRAM FILES\ADOBE\READER 8.0\READER\READER_SL.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 3384, C:\PROGRAM FILES\ADOBE\READER 8.0\READER\READER_SL.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 3412, C:\PROGRAM FILES\TOSHIBA\TOSCDSPD\TOSCDSPD.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 3412, C:\PROGRAM FILES\TOSHIBA\TOSCDSPD\TOSCDSPD.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 3528, C:\WINDOWS\SYSTEM32\TPSBATTM.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 3528, C:\WINDOWS\SYSTEM32\TPSBATTM.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 3556, C:\PROGRAM FILES\TUDOU\飞速TUDOU\TUDOUVA.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 3556, C:\PROGRAM FILES\TUDOU\飞速TUDOU\TUDOUVA.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 3576, C:\PROGRAM FILES\THUNDER NETWORK\THUNDER2\PROGRAM\THUNDER5.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 3576, C:\PROGRAM FILES\THUNDER NETWORK\THUNDER2\PROGRAM\THUNDER5.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 3720, C:\PROGRAM FILES\KINGSOFT\POWERWORD 2006\XDICT.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 3720, C:\PROGRAM FILES\KINGSOFT\POWERWORD 2006\XDICT.EXE] ================================== API HOOK 入口点错误：CreateProcessA (危险等级: 高, 被下面模块所HOOK: 0x010A1FFD) 入口点错误：CreateProcessW (危险等级: 高, 被下面模块所HOOK: 0x010A20E5) ================================== 隐藏进程 N/A ================================== [/CODE]