[CODE]

2008-05-31,22:23:59

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <nwiz><nwiz.exe /install>  []
    <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <stup.exe><Rundll32.exe C:\PROGRA~1\TENCENT\SSPlus\SPlus1.dll,Rundll32 R>  [(Verified)Tencent Technology(Shenzhen) Company Limited]
    <360Safetray><G:\360\360safe\safemon\360tray.exe /start>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
    <UIHost><logonui.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
    <{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [Microsoft Corporation]

==================================
启动文件夹
[Adobe Reader Speed Launch]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Reader Speed Launch.lnk --> C:\PROGRA~1\Adobe\READER~1.0\Reader\READER~1.EXE [Adobe Systems Incorporated]><N>
[AutoCAD 启动加速器]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\AutoCAD 启动加速器.lnk --> C:\PROGRA~1\COMMON~1\AUTODE~1\ACSTAR~1.EXE [Autodesk, Inc]><N>
[飞信签名档]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\飞信签名档.lnk --> D:\飞信\Fetion\SignMain.exe []><N>
[腾讯QQ]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\腾讯QQ.lnk --> G:\qq\QQ.exe [TENCENT]><N>

==================================
服务
[Autodesk Licensing Service / Autodesk Licensing Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"><Autodesk>
[Contrl Center of Storm Media / ccosm][Running/Auto Start]
  <C:\Program Files\StormII\stormliv.exe /asservice><北京暴风网际科技有限公司>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
  <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
驱动程序
[360AntiArp / 360AntiArp][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\360AntiArp.sys><360安全中心>
[ADProt / ADProt][Running/System Start]
  <\SystemRoot\system32\drivers\ADProt.sys><腾讯科技（深圳）有限公司>
[BdGuard / BdGuard][Running/Boot Start]
  <\SystemRoot\system32\drivers\BDGuard.SYS><>
[BIOS / BIOS][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\BIOS.sys><BIOSTAR Group>
[hefsljh / hefsljh][Running/Boot Start]
  <\SystemRoot\system32\drivers\hefsljh.sys><>
[HookCont / HookCont][Running/System Start]
  <\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Technology Co., Ltd>
[HookNtos / HookNtos][Running/System Start]
  <\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Technology Co., Ltd>
[HookReg / HookReg][Running/System Start]
  <\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Technology Co., Ltd>
[HookSys / HookSys][Running/System Start]
  <\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Technology Co., Ltd>
[npkcrypt / npkcrypt][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\npkcrypt.sys><N/A>
[npkycryp / npkycryp][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\npkycryp.sys><N/A>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[NVIDIA nForce Networking Controller Driver / NVENETFD][Running/Manual Start]
  <system32\DRIVERS\NVENETFD.sys><NVIDIA Corporation>
[NVIDIA Network Bus Enumerator / nvnetbus][Running/Manual Start]
  <system32\DRIVERS\nvnetbus.sys><NVIDIA Corporation>
[DDK PACKET Protocol / Packet][Stopped/Manual Start]
  <system32\DRIVERS\ProtoDrv.sys><360安全中心>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
  <\??\G:\360\360Safebox\SafeBoxKrnl.sys><360安全中心>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[PCANDIS5 NDIS Protocol Driver / PCANDIS5][Running/Manual Start]
  <\??\C:\WINDOWS\system32\PCANDIS5.SYS><Printing Communications Assoc., Inc. (PCAUSA)>

==================================
浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <G:\Thunder5\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Tencent Browser Helper]
  {0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\SSPlus\SAddr1.dll, Tencent>
[QQToolbar]
  {29CF293A-1E7D-4069-9E11-E39698D0AF95} <C:\Program Files\Tencent\QQToolbar\IEBar.dll, TENCENT>
[]
  {669751ED-D558-49AE-B01A-3B374CC7910E} <C:\WINDOWS\system32\SSup.dll, TENCENT>
[BandIE Class]
  {77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <G:\Thunder5\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <G:\360\360safe\safemon\safemon.dll, 360.CN>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <G:\Thunder5\Thunder.exe, Thunder Networking Technologies,LTD>
[QQToolbar]
  {29CF293A-1E7D-4069-9E11-E39698D0AF95} <C:\Program Files\Tencent\QQToolbar\IEBar.dll, TENCENT>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[百度工具栏]
  {B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <G:\Thunder5\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[GerneralPeerID Class]
  {0A47E819-F82E-4D5D-B806-6A9EA94D68CD} <G:\Thunder5\Components\InMedia\peerid.dll, >
[Tencent Browser Helper]
  {0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\SSPlus\SAddr1.dll, Tencent>
[PhotoDraw Class]
  {2375BEE5-F175-4F1C-81EC-8E4E2E72E2DD} <G:\qq上传工具\Tencent\QQPhotoDraw.dll, TENCENT>
[QQToolbar]
  {29CF293A-1E7D-4069-9E11-E39698D0AF95} <C:\Program Files\Tencent\QQToolbar\IEBar.dll, TENCENT>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <G:\Thunder5\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[XMP Class]
  {6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
[]
  {669751ED-D558-49AE-B01A-3B374CC7910E} <C:\WINDOWS\system32\SSup.dll, TENCENT>
[XDRM]
  {693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[MediaComm Class]
  {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <G:\Thunder5\Components\InMedia\MediaAddin16.dll, Thunder Networking Technologies,LTD>
[BandIE Class]
  {77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <G:\360\360safe\live.dll, 360.cn>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <G:\Thunder5\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[RMGetLicense Class]
  {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[DapCtrl COM Module]
  {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.1.6.5711.41.728.dll, ShenZhen Thunder Networking Technologies Ltd.>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[百度工具栏]
  {B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <G:\360\360safe\safemon\safemon.dll, 360.CN>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[Thunder DapPlayer]
  {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <G:\Thunder5\Components\DownAndPlay\DapPlayer3.0.5712.71.728.dll, ShenZhen Thunder Networking Technologies Ltd.>
[XPPlayer Class]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\pplayer.dll_1_work, Thunder>
[使用迅雷下载]
  <G:\Thunder5\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <G:\Thunder5\Program\getallurl.htm, N/A>
[添加到QQ表情]
  <G:\qq\AddEmotion.htm, N/A>

==================================
正在运行的进程
[PID: 440 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 508 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 532 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 3.2.0.0]
[PID: 576 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 588 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 736 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 812 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 896 / SYSTEM][C:\Program Files\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.28]
[PID: 912 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\wups2.dll]  [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
[PID: 1004 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1060 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1092 / SYSTEM][C:\PROGRAM FILES\RISING\RAV\ravmond.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.76]
    [C:\PROGRAM FILES\RISING\RAV\BWList.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.4]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [C:\PROGRAM FILES\RISING\RAV\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.16]
    [C:\PROGRAM FILES\RISING\RAV\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.34]
    [C:\PROGRAM FILES\RISING\RAV\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\PROGRAM FILES\RISING\RAV\MonRule.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.29]
    [C:\PROGRAM FILES\RISING\RAV\Hooksys.dll]  [Beijing Rising Technology Co., Ltd, 22, 0, 0, 9]
    [C:\PROGRAM FILES\RISING\RAV\HookReg.dll]  [Beijing Rising Technology Co., Ltd, 22, 0, 0, 4]
    [C:\PROGRAM FILES\RISING\RAV\HookNtos.dll]  [Beijing Rising Technology Co., Ltd, 22, 0, 0, 2]
    [C:\PROGRAM FILES\RISING\RAV\rswalmon.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 22]
    [C:\PROGRAM FILES\RISING\RAV\recomp.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 38]
    [C:\PROGRAM FILES\RISING\RAV\refs.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 17]
    [C:\PROGRAM FILES\RISING\RAV\ffr.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 14]
    [C:\Program Files\Rising\Rav\RsStore.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.8]
    [C:\PROGRAM FILES\RISING\RAV\HookCont.dll]  [Beijing Rising Technology Co., Ltd, 22, 0, 0, 1]
    [C:\Program Files\Rising\Rav\fakescan.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.13]
    [C:\Program Files\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.36]
    [C:\PROGRAM FILES\RISING\RAV\viruslib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26]
    [C:\PROGRAM FILES\RISING\RAV\relibldr.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [C:\PROGRAM FILES\RISING\RAV\HookWeb.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.2]
    [C:\PROGRAM FILES\RISING\RAV\nvfile.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 6]
    [C:\PROGRAM FILES\RISING\RAV\scanexec.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 17]
    [C:\PROGRAM FILES\RISING\RAV\unexe.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4]
    [C:\PROGRAM FILES\RISING\RAV\scanex.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 73]
    [C:\PROGRAM FILES\RISING\RAV\pearc.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 5]
    [C:\PROGRAM FILES\RISING\RAV\extfile.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 29]
    [C:\PROGRAM FILES\RISING\RAV\scanpack.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9]
    [C:\PROGRAM FILES\RISING\RAV\revm.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 8]
    [C:\PROGRAM FILES\RISING\RAV\urutils.dll]  [, 20, 0, 0, 6]
    [C:\PROGRAM FILES\RISING\RAV\ur000.dat]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 18]
    [C:\PROGRAM FILES\RISING\RAV\scriptci.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [C:\PROGRAM FILES\RISING\RAV\uroutine.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26]
    [C:\PROGRAM FILES\RISING\RAV\ur001.dat]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [C:\PROGRAM FILES\RISING\RAV\ur012.dat]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0]
    [C:\PROGRAM FILES\RISING\RAV\scansct.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9]
    [C:\PROGRAM FILES\RISING\RAV\ur023.dat]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 1]
    [C:\PROGRAM FILES\RISING\RAV\posttrt.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 18]
    [C:\PROGRAM FILES\RISING\RAV\extmail.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9]
[PID: 1216 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1392 / SYSTEM][C:\PROGRAM FILES\RISING\RAV\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.9]
    [C:\PROGRAM FILES\RISING\RAV\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[PID: 1620 / Administrator][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 3.2.0.0]
    [D:\新建文件夹\SOGOU\SogouInput\Plugin\SgImeWord.dll]  [Sogou.com Inc., 3.2.0.0]
    [C:\WINDOWS\system32\AcSignIcon.dll]  [Autodesk, 17.0.54.0]
    [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll]  [Autodesk, 17.0.54.110]
    [G:\360\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 5, 1001]
    [C:\PROGRA~1\TENCENT\SSPlus\SPlus1.dll]  [TENCENT, 5, 0, 3, 17]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 8.0.0.0]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.CHS]  [Adobe Systems, Inc., 8.0.0.0]
    [C:\WINDOWS\system32\nvcpl.dll]  [NVIDIA Corporation, 6.14.11.6225]
    [C:\WINDOWS\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.11.6225]
    [C:\WINDOWS\system32\nvapi.dll]  [NVIDIA Corporation, 6.14.11.6225]
    [C:\WINDOWS\system32\nvshell.dll]  [, ]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.17]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [G:\Thunder5\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.29]
    [G:\Thunder5\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 96]
    [G:\Thunder5\Components\ResWorker\DsBho_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 19]
    [G:\Thunder5\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
    [C:\WINDOWS\downlo~1\Dvgvn.dll]  [Tencent, 5, 0, 6, 23]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 8.0.0.2006102200]
    [C:\WINDOWS\system32\shlhook.dll]  [Beijing Rising Technology Co., Ltd., 4.0.0.9]
    [C:\WINDOWS\system32\Audiodev.dll]  [Microsoft Corporation, 5.2.3802.3802 built by: dnsrv(bld4act)]
[PID: 1636 / SYSTEM][C:\Program Files\StormII\stormliv.exe]  [北京暴风网际科技有限公司, 3, 8, 3, 15]
    [C:\Program Files\StormII\MSVCP60.dll]  [Microsoft Corporation, 6.02.3104.0]
[PID: 1740 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.11.6225]
    [C:\WINDOWS\system32\nvapi.dll]  [NVIDIA Corporation, 6.14.11.6225]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 3.2.0.0]
[PID: 1964 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 1540 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1812 / Administrator][C:\WINDOWS\system32\RUNDLL32.EXE]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\NvMcTray.dll]  [NVIDIA Corporation, 6.14.11.6225]
    [C:\WINDOWS\system32\nvapi.dll]  [NVIDIA Corporation, 6.14.11.6225]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 3.2.0.0]
    [D:\新建文件夹\SOGOU\SogouInput\Plugin\SgImeWord.dll]  [Sogou.com Inc., 3.2.0.0]
    [C:\WINDOWS\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.11.6225]
    [C:\PROGRA~1\TENCENT\SSPlus\SPlus1.dll]  [TENCENT, 5, 0, 3, 17]
[PID: 1880 / Administrator][C:\WINDOWS\system32\Rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRA~1\TENCENT\SSPlus\SPlus1.dll]  [TENCENT, 5, 0, 3, 17]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 3.2.0.0]
    [D:\新建文件夹\SOGOU\SogouInput\Plugin\SgImeWord.dll]  [Sogou.com Inc., 3.2.0.0]
[PID: 2092 / Administrator][G:\360\360safe\safemon\360tray.exe]  [奇虎网, 4, 1, 8, 1002]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 3.2.0.0]
    [D:\新建文件夹\SOGOU\SogouInput\Plugin\SgImeWord.dll]  [Sogou.com Inc., 3.2.0.0]
    [G:\360\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 5, 1001]
    [G:\360\360safe\safemon\SafeKrnl.dll]  [奇虎网, 4, 1, 8, 1001]
    [G:\360\360safe\AntiAdwa.dll]  [360Safe.com, 4, 1, 5, 1001]
    [G:\360\360safe\live.dll]  [360.cn, 1, 0, 1, 1027]
    [C:\PROGRA~1\TENCENT\SSPlus\SPlus1.dll]  [TENCENT, 5, 0, 3, 17]
[PID: 2108 / Administrator][C:\PROGRAM FILES\RISING\RAV\RavMon.exe]  [Beijing Rising Technology Co., Ltd., 20.0.01.19]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\PROGRAM FILES\RISING\RAV\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [C:\PROGRAM FILES\RISING\RAV\recomp.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 38]
    [C:\PROGRAM FILES\RISING\RAV\refs.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 17]
    [C:\PROGRAM FILES\RISING\RAV\viruslib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26]
    [C:\PROGRAM FILES\RISING\RAV\relibldr.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [C:\PROGRAM FILES\RISING\RAV\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.16]
    [C:\PROGRAM FILES\RISING\RAV\MonRule.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.29]
    [C:\PROGRAM FILES\RISING\RAV\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 3.2.0.0]
    [D:\新建文件夹\SOGOU\SogouInput\Plugin\SgImeWord.dll]  [Sogou.com Inc., 3.2.0.0]
    [C:\PROGRAM FILES\RISING\RAV\Rsguilib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 88]
    [C:\PROGRAM FILES\RISING\RAV\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0]
[PID: 2312 / Administrator][C:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.23]
    [C:\Program Files\Rising\Rav\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\Program Files\Rising\Rav\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.16]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 3.2.0.0]
    [D:\新建文件夹\SOGOU\SogouInput\Plugin\SgImeWord.dll]  [Sogou.com Inc., 3.2.0.0]
[PID: 2332 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [G:\360\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 5, 1001]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 3.2.0.0]
    [D:\新建文件夹\SOGOU\SogouInput\Plugin\SgImeWord.dll]  [Sogou.com Inc., 3.2.0.0]
    [C:\PROGRA~1\TENCENT\SSPlus\SPlus1.dll]  [TENCENT, 5, 0, 3, 17]
[PID: 2508 / Administrator][G:\hhhh\8021x.exe]  [锐捷网络, 3, 2, 0, 0]
    [C:\WINDOWS\system32\W32N50.dll]  [Printing Communications Assoc., Inc. (PCAUSA), 5.03.16.54]
    [C:\PROGRA~1\TENCENT\SSPlus\SPlus1.dll]  [TENCENT, 5, 0, 3, 17]
    [G:\360\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 5, 1001]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 3.2.0.0]
    [D:\新建文件夹\SOGOU\SogouInput\Plugin\SgImeWord.dll]  [Sogou.com Inc., 3.2.0.0]
    [G:\hhhh\EXRGPA~1.OCX]  [锐捷网络, 1, 0, 0, 1]
    [G:\hhhh\HIDetect.dll]  [锐捷网络, 1, 0, 0, 1]
    [G:\hhhh\Vx_API.dll]  [锐捷网络, 1, 0, 0, 1]
[PID: 2796 / Administrator][G:\qq\TXPlatform.exe]  [Tencent, 1, 0, 170, 0]
    [C:\PROGRA~1\TENCENT\SSPlus\SPlus1.dll]  [TENCENT, 5, 0, 3, 17]
    [G:\360\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 5, 1001]
[PID: 3108 / Administrator][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRA~1\TENCENT\SSPlus\SPlus1.dll]  [TENCENT, 5, 0, 3, 17]
    [G:\360\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 5, 1001]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 3.2.0.0]
    [D:\新建文件夹\SOGOU\SogouInput\Plugin\SgImeWord.dll]  [Sogou.com Inc., 3.2.0.0]
[PID: 3976 / Administrator][D:\飞信\Fetion\FetionFX.exe]  [China Mobile, 3.2.0540.0]
    [C:\WINDOWS\system32\mscoree.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\56d4e05536a6254b8bb2825a60267c81\mscorlib.ni.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\PROGRA~1\TENCENT\SSPlus\SPlus1.dll]  [TENCENT, 5, 0, 3, 17]
    [G:\360\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 5, 1001]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\55709196861c2d469d787d6da6a4c6e4\System.ni.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\3862f1e752a82d418c30a65b9b00b45e\System.Drawing.ni.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\aaffdfa34bfdf8418f343eee4078aefb\System.Windows.Forms.ni.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [D:\飞信\Fetion\ImpsControls.dll]  [China Mobile, 3.0.0.0]
    [D:\飞信\Fetion\ImpsPcBase.dll]  [China Mobile, 3.0.0.0]
    [C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f85e386218645f45a46257bd6f186f1c\System.Xml.ni.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [D:\飞信\Fetion\ImpsClientBase.dll]  [China Mobile, 3.0.0.0]
    [D:\飞信\Fetion\ImpsClientUtils.dll]  [China Mobile, 3.0.0.0]
    [D:\飞信\Fetion\ImpsClientResource.dll]  [China Mobile, 3.0.0.0]
    [D:\飞信\Fetion\ImpsClientCore.dll]  [China Mobile, 3.0.0.0]
    [D:\飞信\Fetion\ImpsBase.dll]  [China Mobile, 3.0.0.0]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 3.2.0.0]
    [D:\新建文件夹\SOGOU\SogouInput\Plugin\SgImeWord.dll]  [Sogou.com Inc., 3.2.0.0]
    [C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_zh-CHS_b77a5c561934e089\System.Windows.Forms.resources.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [D:\飞信\Fetion\NCindy.dll]  [China Mobile, 3.0.0.0]
    [D:\飞信\Fetion\Interop.DynamicGifCtlLib.dll]  [ , 1.0.0.0]
    [C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_zh-CHS_b77a5c561934e089\mscorlib.resources.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [D:\飞信\Fetion\ImpsPcCommLayer.dll]  [China Mobile, 3.0.0.0]
    [D:\飞信\Fetion\ImpsClientData.dll]  [China Mobile, 3.0.0.0]
    [D:\飞信\Fetion\SQLite.Interop.DLL]  [, 1.0.44.0]
    [D:\飞信\Fetion\sensmon.dll]  [China Mobile, 1.0.0.1]
    [D:\飞信\Fetion\Interop.WMPLib.dll]  [ , 1.0.0.0]
    [D:\飞信\Fetion\AxInterop.WMPLib.dll]  [, 1.0.0.0]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll]  [Microsoft Corporation, 8.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [D:\飞信\Fetion\DynamicGifCtl.dll]  [China Mobile, 2.0.0.0]
    [C:\WINDOWS\assembly\GAC_MSIL\System.Drawing.resources\2.0.0.0_zh-CHS_b03f5f7f11d50a3a\System.Drawing.resources.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
[PID: 2680 / Administrator][G:\Thunder5\Program\Thunder5.exe]  [Thunder Networking Technologies,LTD, 5.7.12.493]
    [G:\Thunder5\Program\BugReport.dll]  [Thunder Networking Technologies,LTD, 1, 4, 1, 20]
    [G:\Thunder5\Program\TaskManager.dll]  [Thunder Networking Technologies,LTD, 1, 3, 6, 66]
    [G:\Thunder5\Program\download_interface.dll]  [Thunder Networking Technologies,LTD, 3, 1, 2, 311]
    [G:\Thunder5\Program\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [G:\Thunder5\Program\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [G:\Thunder5\Program\asyn_frame.dll]  [Thunder Networking Technologies,LTD, 1, 1, 2, 13]
    [G:\Thunder5\Program\ATL71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [G:\Thunder5\Program\p2p_upload.dll]  [Thunder Networking Technologies,LTD, 1, 1, 2, 8]
    [G:\Thunder5\Program\fs.dll]  [Thunder Networking Technologies,LTD, 1, 1, 2, 9]
    [G:\Thunder5\Program\XLNet.Dll]  [Thunder Networking Technologies,LTD, 1, 5, 1, 24]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 3.2.0.0]
    [D:\新建文件夹\SOGOU\SogouInput\Plugin\SgImeWord.dll]  [Sogou.com Inc., 3.2.0.0]
    [G:\Thunder5\Program\BHOStub.dll]  [Thunder Networking Technologies,LTD, 1, 1, 1, 10]
    [G:\Thunder5\Components\DownAndPlay\DownAndPlay.dll]  [, 1, 0, 8, 26]
    [G:\Thunder5\Program\backend_agent.dll]  [Thunder Networking Technologies,LTD, 1, 1, 2, 17]
    [G:\Thunder5\Program\p2sp.dll]  [Thunder Networking Technologies,LTD, 1, 1, 2, 18]
    [G:\Thunder5\Program\down_dispatcher.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 17]
    [G:\Thunder5\Program\ptl.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 18]
    [G:\Thunder5\Program\xl_stat.dll]  [Thunder Networking Technologies,LTD, 1, 1, 2, 3]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [G:\Thunder5\Program\iTargetAD.dll]  [Thunder Networking Technologies,LTD, 1, 0, 4, 35]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx]  [Adobe Systems, Inc., 9,0,124,0]
    [G:\Thunder5\Program\p2p.dll]  [Thunder Networking Technologies,LTD, 1,1,2,20]
    [G:\Thunder5\Program\xldc.dll]  [Thunder Networking Technologies,LTD, 2, 6, 2, 12]
    [G:\Thunder5\Program\stream.dll]  [Thunder Networking Technologies,LTD, 2, 1, 2, 359]
    [G:\Thunder5\Program\p2p_local_res.dll]  [Thunder Networking Technologies,LTD, 1, 1, 2, 8]
    [G:\Thunder5\Program\al.dll]  [Thunder Networking Technologies,LTD, 1,1,2,15]
    [G:\Thunder5\Components\InMedia\iEmbedShell.dll]  [　, 1, 0, 2, 24]
    [G:\Thunder5\Components\InMedia\iEmbed16.dll]  [Thunder Networking Technologies,LTD, 3, 4, 7, 103]
    [G:\Thunder5\Components\InMedia\PlayerHelper.dll]  [thunder, 1, 1, 5, 41]
    [G:\Thunder5\Components\InMedia\XLIPC.DLL]  [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
    [G:\Thunder5\Components\P4PClient\P4PClient.dll]  [Thunder Networking Technologies,LTD, 2, 2, 5, 70]
    [G:\Thunder5\Components\Community\XLCommunity.dll]  [Thunder Networking Technologies,LTD, 2, 1, 0, 38]
    [G:\Thunder5\Program\RegisterDll.dll]  [Thunder Networking Technologies,LTD, 2, 17, 0, 67]
    [G:\Thunder5\Program\MSVCIRT.dll]  [Microsoft Corporation, 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [G:\Thunder5\Components\Security\ThunderSafe.dll]  [深圳市迅雷网络技术有限公司, 1, 0, 7, 79]
    [G:\Thunder5\Components\Security\XLSafeUI.dll]  [深圳市迅雷网络技术有限公司, 1, 0, 7, 79]
    [G:\Thunder5\Components\Search\XLSearch.dll]  [Thunder Networking Technologies,LTD, 1, 1, 6, 21]
    [G:\Thunder5\Program\LiveUpdate.dll]  [Thunder Networking Technologies,LTD, 1, 2, 3, 25]
    [G:\Thunder5\Plugins\KLScan\PluginKLScan.dll]  [Thunder Networking Technologies,LTD, 1.1.0.10]
    [G:\Thunder5\Components\XLSoftBase\XLSoftwareBase.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 3]
    [G:\Thunder5\Plugins\XLSafeHost\XLSafeHost.dll]  [深圳市迅雷网络技术有限公司, 1, 0, 7, 59]
    [G:\Thunder5\Plugins\XLSafeHost\ThunderRAV\ThunderRAV.dll]  [N/A, ]
    [G:\Thunder5\Plugins\XLSafeHost\ThunderRAV\bin\rsscan.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4]
    [G:\Thunder5\Plugins\XLSafeHost\ThunderRAV\bin\recomp.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 38]
    [G:\Thunder5\Plugins\XLSafeHost\ThunderRAV\bin\refs.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 17]
    [G:\Thunder5\Plugins\XLSafeHost\ThunderRAV\bin\viruslib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26]
    [G:\Thunder5\Plugins\XLSafeHost\ThunderRAV\bin\relibldr.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [G:\Thunder5\Components\ExplorerHelper\ExplorerHelper.dll]  [Thunder Networking Technologies,LTD, 1, 0, 4, 19]
    [G:\Thunder5\ComDlls\ThunderAgent_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 4, 23]
    [G:\Thunder5\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 96]
    [G:\Thunder5\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.29]
    [G:\Thunder5\Components\Tips\TipsClient.dll]  [Thunder Networking Technologies,LTD, 2, 2, 12, 108]
    [G:\Thunder5\Components\VPSHELL\VPSHELL.dll]  [迅雷网络, 3, 0, 1, 33]
    [G:\Thunder5\Components\UserExperience\UserExperience.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 4]
    [G:\Thunder5\Components\ResWorker\DsXlCom.dll]  [, 1, 0, 0, 30]
    [G:\Thunder5\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
    [G:\Thunder5\Components\ResWorker\MediaWorker.dll]  [Thunder Networking Technologies,LTD, 1, 2, 0, 22]
    [G:\Thunder5\Components\Tips\XLIPC.DLL]  [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
    [G:\Thunder5\Components\DownloadStat\DownloadStat.dll]  [Thunder Networking Technologies,LTD, 1, 4, 1, 6]
    [G:\Thunder5\Program\emule_id.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 7]
    [G:\Thunder5\Program\bd.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 17]
    [G:\Thunder5\Program\FloatBar.dll]  [Giganology Inc., 1, 0, 0, 2]
    [G:\Thunder5\Program\bt_download.dll]  [Thunder Networking Technologies,LTD, 1, 1, 2, 12]
    [G:\Thunder5\Program\emule.dll]  [, 1, 1, 2, 12]
    [C:\WINDOWS\system32\AcSignIcon.dll]  [Autodesk, 17.0.54.0]
    [G:\Thunder5\Plugins\XLSafeHost\ThunderRAV\bin\ffr.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 14]
    [G:\Thunder5\Plugins\XLSafeHost\ThunderRAV\bin\scanexec.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 17]
    [G:\Thunder5\Plugins\XLSafeHost\ThunderRAV\bin\unexe.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4]
    [G:\Thunder5\Plugins\XLSafeHost\ThunderRAV\bin\scanex.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 73]
    [G:\Thunder5\Plugins\XLSafeHost\ThunderRAV\bin\extfile.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 29]
    [G:\Thunder5\Plugins\XLSafeHost\ThunderRAV\bin\pearc.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 5]
    [G:\Thunder5\Plugins\XLSafeHost\ThunderRAV\bin\scanpack.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9]
    [G:\Thunder5\Plugins\XLSafeHost\ThunderRAV\bin\revm.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 8]
    [G:\Thunder5\Plugins\XLSafeHost\ThunderRAV\bin\urutils.dll]  [, 20, 0, 0, 6]
    [G:\Thunder5\Plugins\XLSafeHost\ThunderRAV\bin\ur000.dat]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 18]
    [G:\Thunder5\Plugins\XLSafeHost\ThunderRAV\bin\scriptci.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [G:\Thunder5\Plugins\XLSafeHost\ThunderRAV\bin\ur001.dat]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [G:\Thunder5\Plugins\XLSafeHost\ThunderRAV\bin\ur023.dat]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 1]
    [G:\Thunder5\Plugins\XLSafeHost\ThunderRAV\bin\uroutine.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26]
    [G:\Thunder5\Plugins\XLSafeHost\ThunderRAV\bin\scansct.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9]
[PID: 988 / Administrator][C:\WINDOWS\system32\wuauclt.exe]  [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
    [C:\PROGRA~1\TENCENT\SSPlus\SPlus1.dll]  [TENCENT, 5, 0, 3, 17]
    [G:\360\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 5, 1001]
    [C:\WINDOWS\system32\wups2.dll]  [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 3.2.0.0]
    [D:\新建文件夹\SOGOU\SogouInput\Plugin\SgImeWord.dll]  [Sogou.com Inc., 3.2.0.0]
[PID: 1784 / Administrator][C:\Program Files\Rising\Rav\Rav.exe]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 71]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 3.2.0.0]
    [D:\新建文件夹\SOGOU\SogouInput\Plugin\SgImeWord.dll]  [Sogou.com Inc., 3.2.0.0]
    [C:\Program Files\Rising\Rav\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\Program Files\Rising\Rav\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\Program Files\Rising\Rav\Rsguilib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 88]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Rising\Rav\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0]
    [C:\Program Files\Rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4]
    [C:\Program Files\Rising\Rav\RsCommon.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [C:\Program Files\Rising\Rav\ravpagem.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 1, 5]
    [C:\Program Files\Rising\Rav\htmllib.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.16]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.17]
    [C:\WINDOWS\system32\shlhook.dll]  [Beijing Rising Technology Co., Ltd., 4.0.0.9]
    [C:\Program Files\Rising\Rav\ravpagew.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 87]
    [C:\Program Files\Rising\Rav\RSAPPMGR.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.16]
    [C:\WINDOWS\system32\AcSignIcon.dll]  [Autodesk, 17.0.54.0]
    [C:\Program Files\Rising\Rav\fakescan.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.13]
    [C:\Program Files\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.36]
    [C:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.4]
    [C:\Program Files\Rising\Rav\SysMail.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.10]
    [C:\Program Files\Rising\Rav\recomp.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 38]
    [C:\Program Files\Rising\Rav\refs.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 17]
    [C:\Program Files\Rising\Rav\viruslib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26]
    [C:\Program Files\Rising\Rav\relibldr.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [C:\Program Files\Rising\Rav\mvengine.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [C:\Program Files\Rising\Rav\posttrt.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 18]
    [C:\Program Files\Rising\Rav\ffr.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 14]
    [C:\Program Files\Rising\Rav\nvfile.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 6]
    [C:\Program Files\Rising\Rav\scanexec.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 17]
    [C:\Program Files\Rising\Rav\unexe.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4]
    [C:\Program Files\Rising\Rav\scanex.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 73]
    [C:\Program Files\Rising\Rav\pearc.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 5]
    [C:\Program Files\Rising\Rav\extfile.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 29]
    [C:\Program Files\Rising\Rav\scanpack.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9]
    [C:\Program Files\Rising\Rav\revm.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 8]
    [C:\Program Files\Rising\Rav\urutils.dll]  [, 20, 0, 0, 6]
    [C:\Program Files\Rising\Rav\ur000.dat]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 18]
    [C:\Program Files\Rising\Rav\extmail.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9]
    [C:\Program Files\Rising\Rav\scansct.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9]
    [C:\Program Files\Rising\Rav\extole.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 12]
    [C:\Program Files\Rising\Rav\scriptci.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [C:\Program Files\Rising\Rav\ur001.dat]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [C:\Program Files\Rising\Rav\uroutine.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26]
    [C:\Program Files\Rising\Rav\RsStore.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.8]
    [C:\Program Files\Rising\Rav\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.34]
    [C:\Program Files\Rising\Rav\ur023.dat]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 1]
[PID: 3704 / Administrator][G:\TT\TTraveler.exe]  [腾讯公司, 3, 3, 200, 290]
    [C:\PROGRA~1\TENCENT\SSPlus\SPlus1.dll]  [TENCENT, 5, 0, 3, 17]
    [G:\360\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 5, 1001]
    [C:\WINDOWS\system32\AcSignIcon.dll]  [Autodesk, 17.0.54.0]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 3.2.0.0]
    [D:\新建文件夹\SOGOU\SogouInput\Plugin\SgImeWord.dll]  [Sogou.com Inc., 3.2.0.0]
    [G:\TT\Plugins\QQFloatBar\QQFloatBar4TT2.dll]  [腾讯公司, 1, 1, 0, 5]
    [G:\TT\Plugins\TWeather\TWeather.dll]  [, 1, 0, 0, 3]
    [G:\TT\TTNetFavor.dll]  [N/A, ]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
[PID: 2192 / Administrator][G:\sreng2\hao123.com]  [Smallfrogs Studio, 2.5.16.900]
    [C:\PROGRA~1\TENCENT\SSPlus\SPlus1.dll]  [TENCENT, 5, 0, 3, 17]
    [G:\360\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 5, 1001]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 3.2.0.0]
    [D:\新建文件夹\SOGOU\SogouInput\Plugin\SgImeWord.dll]  [Sogou.com Inc., 3.2.0.0]
    [G:\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
[PID: 2448 / NETWORK SERVICE][C:\WINDOWS\system32\wbem\wmiprvse.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1       localhost

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 2508, G:\HHHH\8021X.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3976, D:\飞信\FETION\FETIONFX.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2680, G:\THUNDER5\PROGRAM\THUNDER5.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3704, G:\TT\TTRAVELER.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]