[CODE]

2008-05-04,17:02:46

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <SigmatelSysTrayApp><stsystra.exe>  [SigmaTel, Inc.]
    <SKYNET Personal FireWall><D:\天网防~1\FIREWALL\pfw.exe>  [N/A]
    <RfwMain><"D:\Rising\Rfw\rfwmain.exe" -Startup>  [(Verified)BEIJING RISING SCIENCE AND TECHNOLOGY CORPORATION LIMITED]
    <runeip><"D:\Rising\runiep.exe" /startup>  [Beijing Rising Technology Co., Ltd.]
    <360Safetray><D:\360safe\safemon\360tray.exe /start>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <360Antiarp><D:\360safe\antiarp\antiarp.exe /start>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <RavTask><"D:\Rising\Rav\RavTask.exe" -system>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
    <BluetoothAuthenticationAgent><rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent>  [(Verified)Microsoft Windows Publisher]
    <AntiARPStandalone><D:\ARP防火墙\AntiARP.exe>  []
    <FixCamera><C:\WINDOWS\FixCamera.exe>  []
    <snpstd3><C:\WINDOWS\vsnpstd3.exe>  []
    <tsnpstd3><C:\WINDOWS\tsnpstd3.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><ieprot.dll>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll>  [Beijing Rising Technology Co., Ltd.]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    <WinlogonNotify: WgaLogon><WgaLogon.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Remove.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINDOWS\system32\七彩泡泡.SCR>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32>  [N/A]
    <PHIME2002A><; >  [N/A]
    <PHIME2002ASync><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32>  [N/A]

==================================
启动文件夹
[BlueSoleil]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\BlueSoleil.lnk --> D:\BlueSoleil.exe [N/A]><N>

==================================
服务
[3ware Controller Service / 3wareSrv][Stopped/Auto Start]
  <C:\WINDOWS\System32\3wareSrv.exe><N/A>
[ARP防火墙加载程序 / AntiARPClientLoader][Stopped/Auto Start]
  <D:\AntiARPClientLoader.exe><N/A>
[BlueSoleil Hid Service / BlueSoleil Hid Service][Stopped/Auto Start]
  <D:\BTNtService.exe><N/A>
[Contrl Center of Storm Media / ccosm][Running/Auto Start]
  <C:\Program Files\StormII\stormliv.exe /asservice><北京暴风网际科技有限公司>
[Help and Support / helpsvc][Stopped/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><N/A>
[HID Input Service / HidServ][Stopped/Auto Start]
  <\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NetMeeting Remote Desktop Sharing / mnmsrvc][Stopped/Manual Start]
  <><N/A>
[Rising Proxy  Service / RfwProxySrv][Running/Auto Start]
  <d:\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
  <d:\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"D:\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
  <"D:\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
驱动程序
[000329ef / 000329ef][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\Drivers\000329ef.sys><N/A>
[360AntiArp / 360AntiArp][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\360AntiArp.sys><360安全中心>
[AntiARP NDIS Protocol Driver / AntiArpNdisProt][Running/Auto Start]
  <system32\DRIVERS\AntiArpNdisProt.sys><Windows (R) 2000 DDK provider>
[Promise driver accelerator / bb-run][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\bb-run.sys><Promise Technology, Inc.>
[Broadcom 802.11 网络适配器驱动程序 / BCM43XX][Stopped/Manual Start]
  <system32\DRIVERS\bcmwl5.sys><Broadcom Corporation>
[Broadcom 440x 10/100 Integrated Controller XP Driver / bcm4sbxp][Running/Manual Start]
  <system32\DRIVERS\bcm4sbxp.sys><Broadcom Corporation>
[Bluetooth Audio Service / BlueletAudio][Running/Manual Start]
  <system32\DRIVERS\blueletaudio.sys><IVT Corporation>
[Bluetooth PAN Network Adapter / BT][Stopped/Manual Start]
  <system32\DRIVERS\btnetdrv.sys><IVT Corporation>
[Bluetooth USB For Bluetooth Service / Btcsrusb][Stopped/Manual Start]
  <System32\Drivers\btcusb.sys><IVT Corporation>
[Bluetooth HID Enumerator / BTHidEnum][Running/Manual Start]
  <system32\DRIVERS\vbtenum.sys><N/A>
[Bluetooth HID Manager Service / BTHidMgr][Running/Boot Start]
  <\SystemRoot\System32\Drivers\BTHidMgr.sys><IVT Corporation>
[Dritek Keyboard Filter Driver / DKbFltr][Running/Manual Start]
  <system32\DRIVERS\DKbFltr.sys><Dritek System Inc.>
[Promise Removable Disk Control Driver / dontgo][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\DontGo.sys><Promise Technology, Inc.>
[ENTECH / ENTECH][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys><EnTech Taiwan>
[Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HookCont / HookCont][Running/System Start]
  <\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Technology Co., Ltd>
[HookNtos / HookNtos][Running/System Start]
  <\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Technology Co., Ltd>
[HookReg / HookReg][Running/System Start]
  <\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Technology Co., Ltd>
[HookSys / HookSys][Running/System Start]
  <\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Technology Co., Ltd>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\D:\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[HSFHWAZL / HSFHWAZL][Running/Manual Start]
  <system32\DRIVERS\VSTAZL3.SYS><Conexant Systems, Inc.>
[HSF_DPV / HSF_DPV][Running/Manual Start]
  <system32\DRIVERS\VSTDPV3.SYS><Conexant Systems, Inc.>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\igxpmp32.sys><Intel Corporation>
[kl1 / kl1][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\kl1.sys><N/A>
[klif / klif][Stopped/System Start]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><N/A>
[NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\nvrd32.sys><NVIDIA Corporation>
[DDK PACKET Protocol / Packet][Running/Manual Start]
  <system32\DRIVERS\ProtoDrv.sys><360安全中心>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Rising  Rfwbase Driver / RfwBase][Running/Auto Start]
  <System32\DRIVERS\rfwbase.SYS><Beijing Rising Technology Co., Ltd.>
[rimmptsk / rimmptsk][Running/Manual Start]
  <system32\DRIVERS\rimmptsk.sys><REDC>
[rimsptsk / rimsptsk][Running/Manual Start]
  <system32\DRIVERS\rimsptsk.sys><REDC>
[Ricoh xD-Picture Card Driver / rismxdp][Running/Manual Start]
  <system32\DRIVERS\rixdptsk.sys><REDC>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
[RsFwDrv / RsFwDrv][Running/System Start]
  <\??\D:\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[Sonic Focus Plugin for Sigmatel HDA / sfng32][Stopped/Manual Start]
  <system32\drivers\sfng32.sys><Sonic Focus, Inc>
[SATALink External Device Filter / SiRemFil][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\SiRemFil.sys><Silicon Image, Inc.>
[SKNFW / SKNFW][Running/System Start]
  <\??\C:\WINDOWS\system32\Drivers\SKNFW.sys><N/A>
[USB PC Camera (SNPSTD3) / SNPSTD3][Stopped/Manual Start]
  <system32\DRIVERS\snpstd3.sys><Sonix Co. Ltd.>
[System Restore Filter Driver / sr][Stopped/Disabled]
  <system32\DRIVERS\sr.sys><N/A>
[SigmaTel High Definition Audio CODEC / STHDA][Running/Manual Start]
  <system32\drivers\sthda.sys><SigmaTel, Inc.>
[Virtual Serial port driver / VComm][Running/Manual Start]
  <system32\DRIVERS\VComm.sys><IVT Corporation>
[Bluetooth VComm Manager Service / VcommMgr][Running/Manual Start]
  <System32\Drivers\VcommMgr.sys><IVT Corporation>
[ViBus / ViBus][Stopped/Boot Start]
  <\SystemRoot\system32\DRIVERS\ViBus.sys><N/A>
[winachsf / winachsf][Running/Manual Start]
  <system32\DRIVERS\VSTCNXT3.SYS><Conexant Systems, Inc.>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[xAntiArpSpoof Service / xAntiArp][Running/Manual Start]
  <system32\DRIVERS\xAntiArp.sys><Windows (R) 2000 DDK provider>
[VIA SATA IDE Hot-plug Driver / xfilt][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\xfilt.sys><VIA Technologies,Inc>

==================================
浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <D:\360safe\safemon\safemon.dll, 360.CN>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[PasswordEditCtrl Class]
  {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <D:\360safe\safemon\safemon.dll, 360.CN>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[使用迅雷下载]
  <C:\Program Files\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <C:\Program Files\Thunder\Program\getallurl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
正在运行的进程
[PID: 628 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1004 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [d:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 1028 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17]
    [C:\WINDOWS\system32\WgaLogon.dll]  [Microsoft Corporation, 1.7.0018.7]
    [d:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1076 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [d:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 1088 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [d:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\WINDOWS\system32\xunyount.dll]  [N/A, ]
[PID: 1240 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [d:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 1332 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\xunyount.dll]  [N/A, ]
    [d:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 1492 / SYSTEM][D:\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.28]
    [d:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 1508 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [d:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\WINDOWS\system32\xunyount.dll]  [N/A, ]
[PID: 1660 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [d:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\WINDOWS\system32\xunyount.dll]  [N/A, ]
[PID: 1752 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [d:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\WINDOWS\system32\xunyount.dll]  [N/A, ]
[PID: 1840 / SYSTEM][d:\rising\rfw\rfwsrv.exe]  [Beijing Rising Technology Co., Ltd., 7.0.0.68]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17]
    [D:\Rising\Rfw\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [d:\rising\rfw\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [d:\rising\rfw\RSAPPMGR.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [d:\rising\rfw\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.16]
    [d:\rising\rfw\RfwRule.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.13]
    [d:\rising\rfw\rfwlog.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.12]
    [d:\rising\rfw\Rfwdrv.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.41]
    [d:\rising\rfw\psapi.dll]  [Microsoft Corporation, 4.00]
    [d:\rising\rfw\ijt_ctrl.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.0]
    [d:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [d:\rising\rfw\unvdet.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
    [d:\rising\rfw\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.3]
[PID: 1940 / SYSTEM][d:\rising\rfw\rfwproxy.exe]  [Beijing Rising Technology Co., Ltd., 7.0.0.32]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17]
    [d:\rising\rfw\psapi.dll]  [Microsoft Corporation, 4.00]
    [D:\Rising\Rfw\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [d:\rising\rfw\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [d:\rising\rfw\RfwRule.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.13]
    [C:\WINDOWS\system32\xunyount.dll]  [N/A, ]
    [d:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [d:\rising\rfw\MonMid.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 456 / SYSTEM][d:\rising\rfw\rfwstub.exe]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17]
    [d:\rising\rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [d:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 992 / Administrator][d:\rising\rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 7.0.1.65]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [d:\rising\rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 88]
    [D:\Rising\Rfw\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [d:\rising\rfw\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [d:\rising\rfw\RSAPPMGR.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [d:\rising\rfw\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.16]
    [d:\rising\rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [d:\rising\rfw\RfwCtrl.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.7]
    [d:\rising\rfw\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0]
    [d:\rising\rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4]
    [d:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [d:\rising\rfw\RfwRule.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.13]
    [C:\WINDOWS\system32\xunyount.dll]  [N/A, ]
    [d:\rising\rfw\PSAPI.DLL]  [Microsoft Corporation, 4.00]
[PID: 1140 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17]
    [d:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\WINDOWS\system32\mdimon.dll]  [Microsoft Corporation, 11.3.8166.2]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll]  [Microsoft Corporation, 11.3.8166.2]
[PID: 1984 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 176 / SYSTEM][C:\Program Files\StormII\stormliv.exe]  [北京暴风网际科技有限公司, 3, 7, 12, 20]
    [C:\Program Files\StormII\MSVCP60.dll]  [Microsoft Corporation, 6.02.3104.0]
    [C:\WINDOWS\system32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17]
    [C:\WINDOWS\system32\xunyount.dll]  [N/A, ]
[PID: 368 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2164 / Administrator][C:\WINDOWS\stsystra.exe]  [SigmaTel, Inc., 1.0.4823.0  nd322 cp1]
    [C:\WINDOWS\system32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17]
    [d:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\WINDOWS\system32\stacapi.dll]  [SigmaTel, Inc., 1.0.4823.0  nd322 cp1]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 2196 / Administrator][D:\Rising\runiep.exe]  [Beijing Rising Technology Co., Ltd., 5.0.0.16]
    [D:\Rising\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [D:\Rising\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17]
    [D:\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 0, 1006]
[PID: 2204 / Administrator][D:\360safe\safemon\360tray.exe]  [奇虎网, 4, 1, 0, 1004]
    [C:\WINDOWS\system32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17]
    [d:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [D:\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 0, 1006]
    [D:\360safe\safemon\SafeKrnl.dll]  [奇虎网, 4, 1, 0, 1001]
    [D:\360safe\AntiAdwa.dll]  [360Safe.com, 4, 1, 0, 1001]
    [D:\360safe\live.dll]  [360.cn, 1, 0, 1, 1027]
    [C:\WINDOWS\system32\xunyount.dll]  [N/A, ]
[PID: 2232 / Administrator][D:\360safe\antiarp\antiarp.exe]  [360安全中心, 2, 0, 0, 1008]
    [C:\WINDOWS\system32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17]
    [d:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [D:\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 0, 1006]
    [C:\WINDOWS\system32\xunyount.dll]  [N/A, ]
[PID: 2260 / Administrator][D:\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.23]
    [D:\Rising\Rav\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [D:\Rising\Rav\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [D:\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [D:\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [D:\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.16]
[PID: 2300 / Administrator][C:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17]
    [d:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [D:\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 0, 1006]
[PID: 2724 / Administrator][C:\WINDOWS\FixCamera.exe]  [, 1, 0, 1, 1]
    [C:\WINDOWS\system32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17]
    [d:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 3140 / Administrator][C:\WINDOWS\vsnpstd3.exe]  [, 1, 1, 5, 11]
    [C:\WINDOWS\system32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17]
    [d:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [D:\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 0, 1006]
[PID: 3148 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17]
    [C:\WINDOWS\system32\xunyount.dll]  [N/A, ]
[PID: 3444 / Administrator][C:\WINDOWS\tsnpstd3.exe]  [, 1, 1, 5, 10]
    [C:\WINDOWS\system32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17]
    [d:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [D:\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 0, 1006]
[PID: 3536 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17]
    [d:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [D:\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 0, 1006]
[PID: 2072 / Administrator][C:\WINDOWS\explorer.exe]  [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)]
    [C:\WINDOWS\system32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17]
    [D:\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 0, 1006]
    [C:\WINDOWS\system32\xunyount.dll]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\shlhook.dll]  [Beijing Rising Technology Co., Ltd., 4.0.0.9]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.17]
    [D:\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.16]
    [C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 44]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\WINDOWS\system32\Audiodev.dll]  [Microsoft Corporation, 5.2.3802.3802 built by: dnsrv(bld4act)]
[PID: 2964 / Administrator][D:\千千静听\TTPlayer.exe]  [Alen Soft, 5, 1, 0, 0]
    [D:\千千静听\ttpcomm.dll]  [N/A, ]
    [C:\WINDOWS\system32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17]
    [D:\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 0, 1006]
    [D:\千千静听\ttpres.dll]  [Alen Soft, 5, 1, 0, 0]
    [D:\千千静听\msdmo.dll]  [Microsoft Corporation, 6.03.01.0400]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [D:\千千静听\AddIn\ttp_lrcsh.dll]  [N/A, ]
    [C:\WINDOWS\system32\xunyount.dll]  [N/A, ]
[PID: 3560 / Administrator][D:\QQ\TXPlatform.exe]  [Tencent, 1, 0, 170, 0]
    [C:\WINDOWS\system32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17]
    [d:\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [d:\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [D:\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 0, 1006]
[PID: 2060 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17]
    [D:\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 0, 1006]
    [C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.16]
    [C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 44]
    [C:\WINDOWS\system32\xunyount.dll]  [N/A, ]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [D:\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
[PID: 2948 / Administrator][F:\小说\eBookReader中文阅读软件 V1.2\eBookReader.exe]  [JiangSir WorkShop (YuJun Jiang), 1.2.0.588]
    [C:\WINDOWS\system32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17]
    [D:\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 0, 1006]
    [C:\WINDOWS\system32\hhopen.ocx]  [, 1, 0, 0, 1]
[PID: 352 / SYSTEM][D:\RISING\RAV\ravmond.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.76]
    [D:\RISING\RAV\BWList.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.4]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17]
    [D:\RISING\RAV\RSAPPMGR.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [D:\RISING\RAV\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.16]
    [D:\RISING\RAV\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.34]
    [D:\RISING\RAV\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [D:\RISING\RAV\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [D:\RISING\RAV\MonRule.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.29]
    [D:\RISING\RAV\Hooksys.dll]  [Beijing Rising Technology Co., Ltd, 22, 0, 0, 9]
    [D:\RISING\RAV\HookReg.dll]  [Beijing Rising Technology Co., Ltd, 22, 0, 0, 4]
    [D:\RISING\RAV\HookNtos.dll]  [Beijing Rising Technology Co., Ltd, 22, 0, 0, 2]
    [D:\RISING\RAV\rswalmon.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 22]
    [D:\RISING\RAV\recomp.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 35]
    [D:\RISING\RAV\refs.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 15]
    [D:\RISING\RAV\ffr.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 13]
    [D:\Rising\Rav\RsStore.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.8]
    [D:\RISING\RAV\HookCont.dll]  [Beijing Rising Technology Co., Ltd, 22, 0, 0, 1]
    [D:\Rising\Rav\fakescan.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.13]
    [D:\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.36]
    [D:\RISING\RAV\viruslib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26]
    [D:\RISING\RAV\relibldr.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 14]
    [C:\WINDOWS\system32\xunyount.dll]  [N/A, ]
    [D:\RISING\RAV\HookWeb.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.2]
    [D:\RISING\RAV\nvfile.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 5]
    [D:\RISING\RAV\scanexec.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 17]
    [D:\RISING\RAV\unexe.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4]
    [D:\RISING\RAV\scanex.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 62]
    [D:\RISING\RAV\pearc.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 5]
    [D:\RISING\RAV\extfile.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 29]
    [D:\RISING\RAV\scansct.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 8]
    [D:\RISING\RAV\scanpack.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9]
    [D:\RISING\RAV\revm.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 8]
    [D:\RISING\RAV\urutils.dll]  [, 20, 0, 0, 5]
    [D:\RISING\RAV\ur000.dat]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 18]
    [D:\RISING\RAV\scriptci.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [D:\RISING\RAV\ur023.dat]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 1]
    [D:\RISING\RAV\uroutine.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26]
    [D:\RISING\RAV\extmail.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9]
[PID: 1148 / SYSTEM][D:\RISING\RAV\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.9]
    [D:\RISING\RAV\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [D:\RISING\RAV\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [D:\RISING\RAV\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[PID: 3396 / Administrator][D:\Rising\Rav\RAVMON.EXE]  [Beijing Rising Technology Co., Ltd., 20.0.01.19]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [D:\Rising\Rav\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [D:\Rising\Rav\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [D:\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [D:\Rising\Rav\recomp.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 35]
    [D:\Rising\Rav\refs.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 15]
    [D:\Rising\Rav\viruslib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26]
    [D:\Rising\Rav\relibldr.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 14]
    [D:\Rising\Rav\RSAPPMGR.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [D:\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.16]
    [D:\Rising\Rav\MonRule.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.29]
    [D:\Rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4]
    [D:\Rising\Rav\Rsguilib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 88]
    [D:\Rising\Rav\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0]
[PID: 2780 / Administrator][D:\Rising\Rav\Rav.exe]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 70]
    [D:\Rising\Rav\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [D:\Rising\Rav\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [D:\Rising\Rav\Rsguilib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 88]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [D:\Rising\Rav\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0]
    [D:\Rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4]
    [D:\Rising\Rav\RsCommon.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [D:\Rising\Rav\ravpagem.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 1, 5]
    [D:\Rising\Rav\htmllib.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.16]
    [C:\WINDOWS\system32\xunyount.dll]  [N/A, ]
    [C:\WINDOWS\system32\shlhook.dll]  [Beijing Rising Technology Co., Ltd., 4.0.0.9]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.17]
    [D:\Rising\Rav\ravpagew.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 87]
    [D:\Rising\Rav\RSAPPMGR.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [D:\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.16]
    [D:\Rising\Rav\fakescan.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.13]
    [D:\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.36]
    [D:\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.4]
    [D:\Rising\Rav\SysMail.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.10]
    [D:\Rising\Rav\RsStore.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.8]
    [D:\Rising\Rav\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.34]
[PID: 2316 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17]
    [D:\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 0, 1006]
    [C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.16]
    [C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 44]
    [C:\WINDOWS\system32\xunyount.dll]  [N/A, ]
    [D:\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx]  [Adobe Systems, Inc., 9,0,124,0]
[PID: 2404 / Administrator][C:\sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\WINDOWS\system32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17]
    [D:\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 0, 1006]
    [C:\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
    [C:\WINDOWS\system32\xunyount.dll]  [N/A, ]

==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
xunyou over MSAFD Tcpip [TCP/IP]
    C:\WINDOWS\system32\xunyount.dll(, N/A)
xunyou over MSAFD Tcpip [UDP/IP]
    C:\WINDOWS\system32\xunyount.dll(, N/A)
xunyou over MSAFD Tcpip [RAW/IP]
    C:\WINDOWS\system32\xunyount.dll(, N/A)
xunyou
    C:\WINDOWS\system32\xunyount.dll(, N/A)

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1       localhost
127.0.0.1  yu.8s7.net
127.0.0.1  1.jopanqc.com
127.0.0.1  2.joppnqq.com
127.0.0.1  wg.47255.com
127.0.0.1  1.joppnqq.com
127.0.0.1  xxx.m111.biz
127.0.0.1  1.jopenqc.com
127.0.0.1  1.jopenkk.com
127.0.0.1  xxx.vh7.biz
127.0.0.1  xxx.j41m.com
127.0.0.1  3.joppnqq.com
127.0.0.1  d.93se.com
127.0.0.1  www.868wg.com
127.0.0.1  xxx.mmma.biz
127.0.0.1  ilove.com
127.0.0.1  tp.shpzhan.cn
127.0.0.1  www.tomwg.com
127.0.0.1  www.cike007.cn
127.0.0.1  www.22aaa.com
127.0.0.1  xx.exiao01.com
127.0.0.1  www.exiao01.com
127.0.0.1  www.exiao01.com
127.0.0.1  new.749571.com
127.0.0.1  xtx.kv8.info
127.0.0.1  cao.kv8.info
127.0.0.1  1.jopmmqq.com
127.0.0.1  171817.171817.com
127.0.0.1  d2.llsging.com
127.0.0.1  down.malasc.cn
127.0.0.1  llboss.com
127.0.0.1  nx.51ylb.cn
127.0.0.1  my.531jx.cn
127.0.0.1  qqq.dzydhx.com
127.0.0.1  qqq.hao1658.com
127.0.0.1  www.333292.com
127.0.0.1  down.18dd.net
127.0.0.1  up.22x44.com
127.0.0.1  aaa.faba01.com
127.0.0.1  bad.tqdlt.cn
127.0.0.1  1.chsipo.com
127.0.0.1  c3.aishangai.net
127.0.0.1  c2.aishangai.net
127.0.0.1  xxx.188dm.com
127.0.0.1  x2.1a2b3c1.com
127.0.0.1  d1.163500.net
127.0.0.1  down.google-serv.cn

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 1028, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 2164, C:\WINDOWS\STSYSTRA.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2164, C:\WINDOWS\STSYSTRA.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 2196, D:\RISING\RUNIEP.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2196, D:\RISING\RUNIEP.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 2724, C:\WINDOWS\FIXCAMERA.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2724, C:\WINDOWS\FIXCAMERA.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 3140, C:\WINDOWS\VSNPSTD3.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3140, C:\WINDOWS\VSNPSTD3.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 3444, C:\WINDOWS\TSNPSTD3.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3444, C:\WINDOWS\TSNPSTD3.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2964, D:\千千静听\TTPLAYER.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2948, F:\小说\EBOOKREADER中文阅读软件 V1.2\EBOOKREADER.EXE]

==================================
API HOOK
入口点错误：NtCreateFile (危险等级: 高,  被下面模块所HOOK: 0x003C3AF5)
入口点错误：NtWriteFile (危险等级: 高,  被下面模块所HOOK: 0x003C3B95)
入口点错误：ZwCreateFile (危险等级: 高,  被下面模块所HOOK: 0x003C3AF5)
入口点错误：ZwWriteFile (危险等级: 高,  被下面模块所HOOK: 0x003C3B95)

==================================
隐藏进程
N/A

==================================


[/CODE]