[CODE] 2008-06-21,12:39:47 System Repair Engineer 2.6.8.980 Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能以下内容被选中：所有的启动项目（包括注册表、启动文件夹、服务等）浏览器加载项正在运行的进程（包括进程模块信息）文件关联 Winsock 提供者 Autorun.inf HOSTS 文件进程特权扫描启动项目注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] [(Verified)Microsoft Windows Publisher] <"F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"> [Nero AG] <; "F:\Program Files\Tencent\QQDownload\QQDownload.exe" autostart> [File is missing] [(Verified)"Shanghai Source Networking Technology Co., Ltd"] <"F:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background> [(Verified)Microsoft Corporation] <; F:\Program Files\Tudou\iTudou\iTudou.exe -AutoStart> [土豆网] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <> [N/A] <> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <; "F:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Publisher] [(Verified)Microsoft Windows Publisher] [(Verified)Microsoft Windows Publisher] [(Verified)Microsoft Windows Hardware Compatibility Publisher] [] [(Verified)Microsoft Windows Publisher] [(Verified)Microsoft Windows Hardware Compatibility Publisher] [(Verified)Microsoft Windows Publisher] <; F:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe> [Nero AG] <"C:\Program Files\Rising\Rav\RavTask.exe" -system> [(Verified)Beijing Rising Science and Technology Corporation Limited] [] [File is missing] [] <"F:\Program Files\DAEMON Tools\daemon.exe" -lang 1033> [(Verified)DAEMON Tools Code Signing Services] <; F:\Program Files\Incesoft\XiaoiAlerts\XiaoiUpdater.exe /hide> [(Verified)"Incesoft Technology Co., Ltd."] [Super Rabbit Soft] [(Verified)Microsoft Corporation] <"F:\Program Files\GridService\peer.exe" -n Grid> [Mercury] [(Verified)"Sun Microsystems, Inc."] <"F:\Program Files\Unlocker\UnlockerAssistant.exe"> [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Component Publisher] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{32CD708B-60A7-4C00-9377-D73EAA495F0F}> [(Verified)Beijing Rising Science and Technology Corporation Limited] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] <%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing] ================================== 启动文件夹 [星空极速] F:\PROGRA~1\ChinaNet\VNETCL~1.EXE []> [I7080动漫社区] C:\PROGRA~1\WORLDO~1\Url\I7080~1.URL [N/A]> [腾讯QQ] F:\PROGRA~1\Tencent\QQ\QQ.exe [TENCENT]> ================================== 服务 [... / ...][Stopped/] <2 - 系统找不到指定的文件。 ><(File is missing)> [##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## / Bonjour Service][Running/Auto Start] <"F:\Program Files\Bonjour\mDNSResponder.exe"> [FLEXnet Licensing Service / FLEXnet Licensing Service][Stopped/Manual Start] <"F:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"> [Human Interface Device Access / HidServ][Stopped/Disabled] %SystemRoot%\System32\hidserv.dll> [Macromedia Licensing Service / Macromedia Licensing Service][Stopped/Manual Start] <"F:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"><> [NBService / NBService][Stopped/Manual Start] [NVIDIA Display Driver Service / NVSvc][Running/Auto Start] [Rising Process Communication Center / RsCCenter][Running/Auto Start] <"C:\Program Files\Rising\Rav\CCenter.exe"> [Rising RealTime Monitor / RsRavMon][Stopped/Auto Start] <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"> [Windows User Mode Driver Framework / UMWdf][Running/Auto Start] [Messenger 共享文件夹 USN 杂志阅读器服务 / usnjsvc][Stopped/Manual Start] <"F:\Program Files\Windows Live\Messenger\usnsvc.exe"> [Windows Live Setup Service / WLSetupSvc][Stopped/Manual Start] <"F:\Program Files\Windows Live\installer\WLSetupSvc.exe"> ================================== 驱动程序 [Cdsys / Cdsys][Stopped/Manual Start] <\??\F:\WINDOWS\system32\cdcd.sys> [EagleNT / EagleNT][Stopped/Manual Start] <\??\F:\WINDOWS\system32\drivers\EagleNT.sys> [Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start] [HOOKAPI / HOOKAPI][Stopped/Auto Start] <\??\C:\PROGRAM FILES\RISING\RAV\HookApi.Sys> [HookCont / HookCont][Running/System Start] <\SystemRoot\system32\drivers\HookCont.sys> [HookNtos / HookNtos][Running/System Start] <\SystemRoot\system32\drivers\HookNtos.sys> [HookReg / HookReg][Running/System Start] <\SystemRoot\system32\drivers\HookReg.sys> [HookSys / HookSys][Running/System Start] <\SystemRoot\system32\drivers\HookSys.sys> [Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start] [Netgroup Packet Filter / NPF][Running/Manual Start] [npkcrypt / npkcrypt][Stopped/Manual Start] <\??\H:\LineageII\system\npkcrypt.sys> [nv / nv][Running/Manual Start] [nvata / nvata][Running/Boot Start] <\SystemRoot\system32\DRIVERS\nvata.sys> [OrangeWare USB 2.0 Root Hub Support / ousb2hub][Running/Manual Start] [OrangeWare USB Enhanced Host Controller Service / ousbehci][Running/Auto Start] [Direct Parallel Link Driver / Ptilink][Running/Manual Start] [RsNTGDI / RsNTGDI][Running/Boot Start] <\SystemRoot\system32\Drivers\RsNTGdi.sys> [Realtek 10/100/1000 PCI NIC Family NDIS XP Driver / RTL8023xp][Running/Manual Start] [Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start] [Sony Ericsson Device 616 driver (WDM) / s616bus][Stopped/Manual Start] [Sony Ericsson Device 616 USB WMC Modem Filter / s616mdfl][Stopped/Manual Start] [Sony Ericsson Device 616 USB WMC Modem Driver / s616mdm][Stopped/Manual Start] [Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM) / s616mgmt][Stopped/Manual Start] [Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS) / s616nd5][Stopped/Manual Start] [Sony Ericsson Device 616 USB WMC OBEX Interface / s616obex][Stopped/Manual Start] [Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM) / s616unic][Stopped/Manual Start] [Secdrv / Secdrv][Stopped/Manual Start] [sptd / sptd][Running/Boot Start] <\SystemRoot\System32\Drivers\sptd.sys> [WINIO / WINIO][Stopped/Manual Start] <\??\G:\winio.sys> ================================== 浏览器加载项 [ThunderAtOnce Class] {01443AEC-0FD1-40fd-9C87-E93D1494C233} [超级兔子上网精灵] {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} [启动迅雷5] {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} [浩方对战平台] {0A155D3C-68E2-4215-A47A-E800A446447A} [PPLive] {95B3F550-91C4-4627-BCC4-521288C52977} [超级兔子上网精灵] {43869BB3-22FD-4F15-9B46-238106BA2F4E} [MSN Photo Upload Tool] {4F1E5B1A-2A80-42CA-8532-2D05CB959537} [Java Plug-in 1.6.0_05] {8AD9C840-044E-11D1-B3E9-00805F499D93} [Java Plug-in 1.5.0_05] {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} [Java Plug-in 1.6.0_05] {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [Java Plug-in 1.6.0_05] {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [QQCycloneHelper Class] {01443AEB-0FD1-40FD-9C87-E93D1494C233} [ThunderAtOnce Class] {01443AEC-0FD1-40FD-9C87-E93D1494C233} [AcroIEHlprObj Class] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [GerneralPeerID Class] {0A47E819-F82E-4D5D-B806-6A9EA94D68CD} [Fade] {16B280C5-EE70-11D1-9066-00C04FD9189D} [InformationCardSigninHelper Class] {19916E01-B44E-4E31-94A4-4696DF46157B} [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} [HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} [XML DOM Document] {2933BF90-7B36-11D2-B20E-00C04F983E60} [DHTML Edit Control Safe for Scripting for IE5] {2D360201-FFF5-11D1-8D03-00A0C959BC0A} [RealPlayer RAM Download Handler] {2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} [HtmlDlgSafeHelper Class] {3050F819-98B5-11CF-BB82-00AA00BDCE0B} [IETag Factory] {38481807-CA0E-42D2-BF39-B33AF135CC4D} [超级兔子上网精灵] {43869BB3-22FD-4F15-9B46-238106BA2F4E} [Microsoft Office Control] {4453D895-F2A1-4A38-A285-1EF9BD3F6D5D} [XML Document] {48123BC4-99D9-11D1-A6B3-00C04FD91555} [QQRightClick Class] {4836C333-208E-4BCE-B30B-00B9545B0F6E} [Thunder Agent Class] {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} [IE2EMUrlTaker Class] {48618374-565F-4CA0-B8CD-6F496C997FAF} [VnetCookie Class] {4E83D567-4697-4F7B-B1F0-A513B01DB89A} [MSN Photo Upload Tool] {4F1E5B1A-2A80-42CA-8532-2D05CB959537} [Shell Name Space] {55136805-B2DE-11D1-B9F2-00A0C98BC547} [XMP Class] {6483F145-A768-4C41-AACC-52D4D7845851} [XDRM] {693571CB-54A3-4E90-9D52-EEAE1334E2D3} [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} [Active Desktop Mover] {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A> [超级兔子上网精灵] {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} [SSVHelper Class] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [MediaComm Class] {7670648D-461B-42AF-BDFE-46D26AF5EFF2} [Peer Adapter] {80E18282-3716-48CA-B50C-F7B7F6A32791} <, N/A> [Microsoft Web Browser] {8856F961-340A-11D0-A96B-00C04FD705A2} [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} [XML DOM Document 4.0] {88D969C0-F192-11D4-A65F-0040963251E5} [XML HTTP 4.0] {88D969C5-F192-11D4-A65F-0040963251E5} [XML DOM 文档 5.0] {88D969E5-F192-11D4-A65F-0040963251E5} [Free Threaded XML DOM Document 5.0] {88D969E6-F192-11D4-A65F-0040963251E5} [XSL Template 5.0] {88D969E8-F192-11D4-A65F-0040963251E5} [XML HTTP 5.0] {88D969EA-F192-11D4-A65F-0040963251E5} [Windows Live 登录帮助程序] {9030D464-4C02-4ABF-8ECC-5164760863C6} [MSNMessenger Class] {967C962A-2B0B-4C92-8B30-B09F02BA2582} [RMGetLicense Class] {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} [Thunder DapCtrl] {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A> [] {B69003B3-C55E-4B48-836C-BC5946FC3B28} [RDS.DataSpace] {BD96C556-65A3-11D0-983A-00C04FC29E36} [Adobe Acrobat Control for ActiveX] {CA8A9780-280D-11CF-A24D-444553540000} [QQPlayerSvr Proxy Control] {CD108273-D434-43E6-AA90-1469F97EB398} [AUDIO__MP3 Moniker Class] {CD3AFA76-B84F-48F0-9393-7EDC34128127} [VIDEO__X_MS_ASF Moniker Class] {CD3AFA8F-B84F-48F0-9393-7EDC34128127} [RealPlayer G2 Control] {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [TGSearch] {DD069A98-B494-487D-B0B3-C2F56ECB6DAA} [AgControl Class] {DFEAF541-F3E1-4C24-ACAC-99C30715084A} [] {E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} [TimwpDll.TimwpCheck] {ED4CA2E5-0EEA-44C1-AD7E-74A07A7507A4} [XML HTTP Request] {ED8C108E-4349-11D2-91A4-00C04F7969E8} [Thunder DapPlayer] {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} [XPPlayer Class] {F3E70CEA-956E-49CC-B444-73AFE593AD7F} [XML DOM Document 3.0] {F5078F32-C551-11D3-89B9-0000F81FE221} [Free Threaded XML DOM Document 3.0] {F5078F33-C551-11D3-89B9-0000F81FE221} [XML HTTP 3.0] {F5078F35-C551-11D3-89B9-0000F81FE221} [XSL Template 3.0] {F5078F36-C551-11D3-89B9-0000F81FE221} [XML DOM Document] {F6D90F11-9C73-11D3-B32E-00C04F990BB4} [XML HTTP] {F6D90F16-9C73-11D3-B32E-00C04F990BB4} [] {FB7199AB-79BF-11D2-8D94-0000F875C541} [Thunder Browser Helper] {FC75B9CE-EE17-4BC6-B3D8-90B5588043A3} [使用迅雷下载] [使用迅雷下载全部链接] [导出到 Microsoft Office Excel(&X)] [添加到QQ表情] ================================== 正在运行的进程 [PID: 520 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 576 / SYSTEM][\??\F:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 600 / SYSTEM][\??\F:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [F:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 644 / SYSTEM][F:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 656 / SYSTEM][F:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 816 / SYSTEM][F:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 872 / NETWORK SERVICE][F:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [F:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1] [PID: 940 / SYSTEM][C:\Program Files\Rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.28] [PID: 956 / SYSTEM][F:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [F:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [F:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)] [PID: 1008 / NETWORK SERVICE][F:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1152 / LOCAL SERVICE][F:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [F:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [F:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)] [PID: 1368 / SYSTEM][F:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp.050610-1527)] [F:\WINDOWS\system32\CNMLM75.DLL] [CANON INC., 1.90.2.20] [F:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.8166.2] [F:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD75.DLL] [CANON INC., 1.90.2.20] [F:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.8166.2] [F:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1] [PID: 1560 / BAOHAN][F:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)] [F:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [F:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)] [F:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)] [F:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [F:\Program Files\Unlocker\UnlockerHook.dll] [N/A, ] [F:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 96] [F:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll] [, 1, 0, 0, 17] [F:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 16] [F:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll] [Nero AG, 2, 0, 0, 8] [F:\Program Files\Common Files\Ahead\Lib\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [F:\Program Files\Common Files\Ahead\Lib\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [F:\Program Files\Common Files\Ahead\Lib\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [F:\Program Files\winrar\KATTXOGR.dat] [N/A, ] [F:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.17] [F:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll] [Nero AG, 2, 7, 2, 0] [F:\Program Files\Nero\Nero 7\Nero BackItUp\MFC71U.DLL] [Microsoft Corporation, 7.10.3077.0] [F:\Program Files\WinRAR\rarext.dll] [N/A, ] [F:\Program Files\Unlocker\UnlockerCOM.dll] [N/A, ] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [F:\WINDOWS\system32\nvcpl.dll] [NVIDIA Corporation, 6.14.11.0109] [F:\WINDOWS\system32\NVRSZHC.DLL] [NVIDIA Corporation, 6.14.11.0109] [F:\WINDOWS\system32\nvapi.dll] [NVIDIA Corporation, 6.14.11.0109] [F:\WINDOWS\Vista\Rtback\ContextBG.dll] [Grigri, 1, 0, 0, 1] [F:\WINDOWS\system32\nvshell.dll] [, ] [F:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.5.16] [F:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510] [PID: 1684 / BAOHAN][F:\WINDOWS\RTHDCPL.EXE] [Realtek Semiconductor Corp., 2.1.3.0] [F:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [F:\Program Files\Unlocker\UnlockerHook.dll] [N/A, ] [F:\Program Files\winrar\KATTXOGR.dat] [N/A, ] [PID: 1724 / BAOHAN][C:\Program Files\Rising\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.23] [C:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 20.0.0.0] [C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.18] [F:\Program Files\winrar\KATTXOGR.dat] [N/A, ] [PID: 1792 / BAOHAN][F:\Program Files\DAEMON Tools\daemon.exe] [DT Soft Ltd., 4.08.0.0] [F:\Program Files\DAEMON Tools\daemon.dll] [DT Soft Ltd., 4.08.0.0] [F:\Program Files\DAEMON Tools\PFCTOC.DLL] [Padus(R), Inc., 1, 0, 0, 12] [F:\Program Files\DAEMON Tools\Plugins\Images\bw5mount.dll] [, 1.1.0.0] [F:\Program Files\DAEMON Tools\Plugins\Images\ccdmount.dll] [GENERIC, 1.10.0.0] [F:\Program Files\DAEMON Tools\Plugins\Images\cuemount.dll] [DT Soft Ltd., 1.0.0.0] [F:\Program Files\DAEMON Tools\Plugins\Images\mdsmount.dll] [DT Soft Ltd., 1.18.0.0] [F:\Program Files\DAEMON Tools\Plugins\Images\nrgmount.dll] [DT Soft Ltd., 1.12.0.0] [F:\Program Files\DAEMON Tools\Plugins\Images\pdimount.dll] [GENERIC, 1.01.0.0] [F:\Program Files\winrar\KATTXOGR.dat] [N/A, ] [PID: 1884 / BAOHAN][C:\Program Files\Rising\Rav\Ravmon.exe] [Beijing Rising Technology Co., Ltd., 20.0.01.19] [F:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [F:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [F:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [C:\Program Files\Rising\Rav\recomp.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 39] [C:\Program Files\Rising\Rav\refs.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 17] [C:\Program Files\Rising\Rav\viruslib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26] [C:\Program Files\Rising\Rav\relibldr.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [C:\Program Files\Rising\Rav\RSAPPMGR.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.0] [C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.18] [C:\Program Files\Rising\Rav\MonRule.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.29] [C:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4] [F:\Program Files\Unlocker\UnlockerHook.dll] [N/A, ] [C:\Program Files\Rising\Rav\Rsguilib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 89] [C:\Program Files\Rising\Rav\RsXML.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0] [F:\Program Files\winrar\KATTXOGR.dat] [N/A, ] [PID: 1892 / BAOHAN][F:\Program Files\Java\jre1.6.0_05\bin\jusched.exe] [Sun Microsystems, Inc., 6.0.50.13] [F:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [F:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)] [PID: 1920 / BAOHAN][F:\Program Files\Unlocker\UnlockerAssistant.exe] [N/A, ] [F:\Program Files\Unlocker\UnlockerHook.dll] [N/A, ] [F:\Program Files\winrar\KATTXOGR.dat] [N/A, ] [PID: 1956 / BAOHAN][F:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [F:\Program Files\winrar\KATTXOGR.dat] [N/A, ] [F:\Program Files\Unlocker\UnlockerHook.dll] [N/A, ] [PID: 2012 / BAOHAN][F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe] [Nero AG, 1, 5, 3, 0] [F:\Program Files\Common Files\Ahead\Lib\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [F:\Program Files\Common Files\Ahead\Lib\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [F:\Program Files\Common Files\Ahead\Lib\AdvrCntr2.dll] [Nero AG, 5,16,1, 9000] [F:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [F:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)] [F:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvrPS.dll] [Nero AG, 1, 5, 3, 0] [F:\Program Files\Common Files\Ahead\Lib\NMDataServices.dll] [Nero AG, 1, 5, 3, 0] [F:\Program Files\winrar\KATTXOGR.dat] [N/A, ] [PID: 140 / BAOHAN][E:\Program Files\eMule\emule.exe] [http://www.emule-project.net, 0.48.0.80313 Unicode] [F:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)] [F:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [F:\Program Files\Unlocker\UnlockerHook.dll] [N/A, ] [E:\Program Files\eMule\lang\zh_CN.dll] [http://www.emule-project.net, 0.48.0.80313] [F:\WINDOWS\Vista\YzDock\YzDock.dll] [Y'z@Home, 0, 5, 0, 0] [F:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1] [PID: 620 / BAOHAN][F:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe] [Nero AG, 1, 5, 3, 0] [F:\Program Files\Common Files\Ahead\Lib\NMSQLDB.dll] [Nero AG, 1, 5, 3, 0] [F:\Program Files\Common Files\Ahead\Lib\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [F:\Program Files\Common Files\Ahead\Lib\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [F:\Program Files\Unlocker\UnlockerHook.dll] [N/A, ] [F:\Program Files\Common Files\Ahead\Lib\NMLogCxx.dll] [Nero AG, 1, 5, 3, 0] [F:\Program Files\Common Files\Ahead\Lib\log4cxx.dll] [Nero AG, 1, 0, 0, 0] [F:\Program Files\Common Files\Ahead\Lib\NMCoFoundation.dll] [Nero AG, 1, 5, 3, 0] [F:\Program Files\Common Files\Ahead\Lib\NMPluginBase.dll] [Nero AG, 1, 5, 3, 0] [F:\Program Files\Common Files\Ahead\Lib\NMFullTextExtraction.dll] [Nero AG, 1, 5, 3, 0] [F:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)] [F:\Program Files\Common Files\Ahead\Lib\NMSearchPluginSimilarImages.dll] [Nero AG, 1, 5, 3, 0] [F:\Program Files\Common Files\Ahead\Lib\NeroIPP.dll] [Nero AG, 4,5,13,0] [F:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvrPS.dll] [Nero AG, 1, 5, 3, 0] [F:\Program Files\Common Files\Ahead\Lib\NMDataServices.dll] [Nero AG, 1, 5, 3, 0] [F:\Program Files\winrar\KATTXOGR.dat] [N/A, ] [PID: 1436 / BAOHAN][F:\Program Files\ChinaNet\VnetClient.exe] [, 2007, 11, 20, 11] [F:\Program Files\ChinaNet\Communicate.dll] [GDCN, 2006, 2, 15, 1] [F:\Program Files\ChinaNet\DialModule.dll] [GDCN, 2007, 9, 18, 12] [F:\Program Files\ChinaNet\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0] [F:\Program Files\Unlocker\UnlockerHook.dll] [N/A, ] [F:\Program Files\winrar\KATTXOGR.dat] [N/A, ] [F:\PROGRA~1\ChinaNet\CLIENT~1.DLL] [, 2004, 2, 28, 1] [F:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [F:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)] [F:\PROGRA~1\ChinaNet\ADVERT~1.OCX] [, 2007, 4, 20, 15] [F:\PROGRA~1\ChinaNet\BDSearch.ocx] [gdcn, 2007, 3, 1, 10] [F:\PROGRA~1\ChinaNet\PageFram.ocx] [Workgroup, 2008, 2, 28, 17] [F:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)] [F:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1] [F:\PROGRA~1\ChinaNet\ACCOUN~1.OCX] [GDCN, 2007, 9, 20, 16] [F:\PROGRA~1\ChinaNet\AccountMgr.dll] [, 2006, 11, 19, 14] [F:\PROGRA~1\ChinaNet\PlugIns\PLUGIN~2\SMSMOD~1.OCX] [gdcn, 2007.03.28.14] [F:\PROGRA~1\ChinaNet\PlugIns\PLUGIN~2\SmsCom.dll] [, 2007.03.28.14] [F:\PROGRA~1\ChinaNet\PlugIns\PLUGIN~2\SmsCtrls.dll] [, 2007.03.28.14] [F:\PROGRA~1\ChinaNet\PlugIns\PLUGIN~3\VNETPP~1.OCX] [gdcn, 2008, 1, 7, 1] [F:\PROGRA~1\ChinaNet\PlugIns\PLUGIN~3\vnetlist.ocx] [, 1, 8, 0, 20] [F:\PROGRA~1\ChinaNet\PlugIns\PLUGIN~3\uilib.dll] [Synacast, 1, 0, 0, 1] [F:\PROGRA~1\ChinaNet\PlugIns\PLUGIN~3\common.dll] [, 1, 0, 0, 1] [C:\PROGRA~1\PPLive\ETS.DLL] [, 1, 0, 0, 1] [F:\PROGRA~1\ChinaNet\IcosBar.ocx] [Workgroup, 2007, 4, 29, 15] [F:\PROGRA~1\ChinaNet\VnetSkin.ocx] [GDDC, 2006, 9, 6, 15] [F:\PROGRA~1\ChinaNet\DialogStyle.dll] [, 1, 0, 0, 1] [F:\PROGRA~1\ChinaNet\Timer.ocx] [, 2008, 4, 9, 10] [F:\PROGRA~1\ChinaNet\NEWMES~1.DLL] [, 7, 9, 16, 1] [F:\PROGRA~1\ChinaNet\PassCtrl.dll] [GDCN, 2006, 3, 1, 16] [F:\WINDOWS\system32\wpcap.dll] [Politecnico di Torino, 3, 0, 0, 18] [F:\WINDOWS\system32\pthreadVC.dll] [N/A, ] [F:\WINDOWS\system32\packet.dll] [Politecnico di Torino, 3, 0, 0, 18] [F:\PROGRA~1\ChinaNet\PlugPush.dll] [, 2006, 12, 20, 20] [F:\PROGRA~1\ChinaNet\ALLINT~1.DLL] [, 2007, 4, 28, 18] [F:\PROGRA~1\ChinaNet\VNETLO~1.OCX] [, 2007, 12, 17, 11] [F:\PROGRA~1\ChinaNet\StatNum.dll] [, 2006, 12, 9, 17] [F:\PROGRA~1\ChinaNet\VNETON~1.OCX] [, 7, 9, 17, 1] [F:\Program Files\ChinaNet\AllFunctions.dll] [GDCN, 2007, 9, 25, 14] [F:\Program Files\ChinaNet\VnetOptLog.dll] [ , 2007, 4, 11, 15] [F:\PROGRA~1\ChinaNet\VNETSE~1.OCX] [, 2007, 9, 19, 17] [F:\PROGRA~1\ChinaNet\Weather.ocx] [Microsoft, 2007, 3, 29, 15] [F:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx] [Adobe Systems, Inc., 9,0,115,0] [F:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [F:\Program Files\ChinaNet\Base64.dll] [N/A, ] [F:\Program Files\Common Files\Microsoft Shared\INK\PENCHS.DLL] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [PID: 2436 / SYSTEM][F:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [F:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [F:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)] [F:\Program Files\winrar\KATTXOGR.dat] [N/A, ] [F:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1] [PID: 2448 / SYSTEM][F:\Program Files\Bonjour\mDNSResponder.exe] [Apple Computer, Inc., 1,0,3,1] [PID: 2572 / SYSTEM][F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE] [Microsoft Corporation, 7.00.9466] [F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\2052\mdmui.dll] [Microsoft Corporation, 7.00.9466] [F:\Program Files\winrar\KATTXOGR.dat] [N/A, ] [PID: 2620 / SYSTEM][F:\WINDOWS\system32\nvsvc32.exe] [NVIDIA Corporation, 6.14.11.0109] [F:\WINDOWS\system32\nvapi.dll] [NVIDIA Corporation, 6.14.11.0109] [F:\Program Files\winrar\KATTXOGR.dat] [N/A, ] [PID: 2660 / LOCAL SERVICE][F:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: DNSRV(bld4act)] [PID: 3816 / LOCAL SERVICE][F:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 2208 / BAOHAN][C:\Program Files\Rising\Rav\Rav.exe] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 71] [F:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [F:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)] [F:\Program Files\Unlocker\UnlockerHook.dll] [N/A, ] [F:\Program Files\winrar\KATTXOGR.dat] [N/A, ] [C:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Program Files\Rising\Rav\Rsguilib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 89] [F:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [F:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [F:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Rising\Rav\RsXML.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0] [C:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4] [C:\Program Files\Rising\Rav\RsCommon.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [C:\Program Files\Rising\Rav\ravpagem.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 1, 5] [C:\Program Files\Rising\Rav\htmllib.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.16] [F:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1] [F:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.17] [F:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)] [C:\Program Files\Rising\Rav\ravpagew.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 87] [C:\Program Files\Rising\Rav\RSAPPMGR.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.0] [C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.18] [C:\Program Files\Rising\Rav\fakescan.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.13] [C:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.36] [C:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.4] [C:\Program Files\Rising\Rav\SysMail.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.10] [C:\Program Files\Rising\Rav\recomp.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 39] [C:\Program Files\Rising\Rav\refs.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 17] [C:\Program Files\Rising\Rav\viruslib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26] [C:\Program Files\Rising\Rav\relibldr.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [C:\Program Files\Rising\Rav\mvengine.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [C:\Program Files\Rising\Rav\posttrt.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 22] [C:\Program Files\Rising\Rav\ffr.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 15] [C:\Program Files\Rising\Rav\nvfile.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 6] [C:\Program Files\Rising\Rav\scanexec.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Program Files\Rising\Rav\unexe.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 5] [C:\Program Files\Rising\Rav\scanex.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 77] [C:\Program Files\Rising\Rav\pearc.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 5] [C:\Program Files\Rising\Rav\scanpack.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9] [C:\Program Files\Rising\Rav\revm.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 8] [C:\Program Files\Rising\Rav\urutils.dll] [, 20, 0, 0, 6] [C:\Program Files\Rising\Rav\ur000.dat] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 18] [C:\Program Files\Rising\Rav\extfile.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 29] [C:\Program Files\Rising\Rav\scansct.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9] [C:\Program Files\Rising\Rav\scriptci.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3] [C:\Program Files\Rising\Rav\uroutine.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26] [C:\Program Files\Rising\Rav\extole.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 12] [C:\Program Files\Rising\Rav\extmail.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9] [C:\Program Files\Rising\Rav\scanelf.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3] [C:\Program Files\Rising\Rav\ur023.dat] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 1] [C:\Program Files\Rising\Rav\ur013.dat] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0] [C:\Program Files\Rising\Rav\ur001.dat] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3] [C:\Program Files\Rising\Rav\ur006.dat] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 5] [C:\Program Files\Rising\Rav\scanmac.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9] [C:\Program Files\Rising\Rav\ur021.dat] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4] [PID: 2200 / BAOHAN][C:\Program Files\Rising\Rav\RsAgent.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.9] [F:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [F:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [F:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [F:\Program Files\Unlocker\UnlockerHook.dll] [N/A, ] [F:\Program Files\winrar\KATTXOGR.dat] [N/A, ] [C:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [PID: 3636 / BAOHAN][F:\WINDOWS\msagent\AgentSvr.exe] [Microsoft Corporation, 2.00.0.3424] [F:\Program Files\Unlocker\UnlockerHook.dll] [N/A, ] [F:\Program Files\winrar\KATTXOGR.dat] [N/A, ] [PID: 2476 / BAOHAN][F:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [F:\Program Files\Unlocker\UnlockerHook.dll] [N/A, ] [F:\Program Files\winrar\KATTXOGR.dat] [N/A, ] [PID: 1500 / BAOHAN][F:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe] [Thunder Networking Technologies,LTD, 5.7.7.441] [F:\Program Files\Thunder Network\Thunder\Program\BugReport.dll] [迅雷网络, 1, 0, 1, 4] [F:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [F:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)] [F:\Program Files\Unlocker\UnlockerHook.dll] [N/A, ] [F:\Program Files\winrar\KATTXOGR.dat] [N/A, ] [F:\Program Files\Thunder Network\Thunder\Program\TaskManager.dll] [Thunder Networking Technologies,LTD, 1, 3, 1, 56] [F:\Program Files\Thunder Network\Thunder\Program\download_interface.dll] [Thunder Networking Technologies,LTD, 2, 21, 2, 217] [F:\Program Files\Thunder Network\Thunder\Program\stlport_vc646.dll] [STLport Consulting, Inc., 4.6.2003.1031] [F:\Program Files\Thunder Network\Thunder\Program\asyn_dns.dll] [Thunder Networking Technologies,LTD, 2, 21, 2, 217] [F:\Program Files\Thunder Network\Thunder\Program\streammedialib.dll] [, 1, 3, 2, 124] [F:\Program Files\Thunder Network\Thunder\Program\al.dll] [, 1, 0, 1, 3] [F:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1] [F:\Program Files\Thunder Network\Thunder\Program\xldc.dll] [Thunder Networking Technologies,LTD, 1, 0, 2, 14] [F:\Program Files\Thunder Network\Thunder\Program\bd.dll] [Thunder Networking Technologies,LTD, 1, 0, 2, 6] [F:\Program Files\Thunder Network\Thunder\Program\XLNet.Dll] [Thunder Networking Technologies,LTD, 1, 3, 4, 18] [F:\Program Files\Thunder Network\Thunder\Program\iTargetAD.dll] [Thunder Networking Technologies,LTD, 1, 0, 3, 34] [F:\Program Files\Thunder Network\Thunder\Program\BHOStub.dll] [Thunder Networking Technologies,LTD, 1, 1, 0, 8] [F:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DownAndPlay.dll] [, 1, 0, 11, 29] [F:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx] [Adobe Systems, Inc., 9,0,115,0] [F:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [F:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)] [F:\Program Files\Thunder Network\Thunder\Components\InMedia\iEmbedShell.dll] [　, 1, 0, 2, 24] [F:\Program Files\Thunder Network\Thunder\Components\InMedia\iEmbed15.dll] [Thunder Networking Technologies,LTD, 3, 4, 6, 99] [F:\Program Files\Thunder Network\Thunder\Components\InMedia\PlayerHelper.dll] [thunder, 1, 1, 4, 37] [F:\Program Files\Thunder Network\Thunder\Components\InMedia\XLNet.dll] [Thunder Networking Technologies,LTD, 1, 3, 4, 18] [F:\Program Files\Thunder Network\Thunder\Components\InMedia\XLIPC.DLL] [Thunder Networking Technologies,LTD, 1, 0, 0, 2] [F:\Program Files\Thunder Network\Thunder\Components\P4PClient\P4PClient.dll] [Thunder Networking Technologies,LTD, 2, 2, 5, 70] [F:\Program Files\Common Files\Microsoft Shared\INK\PENCHS.DLL] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [F:\Program Files\Thunder Network\Thunder\Components\Community\XLCommunity.dll] [Thunder Networking Technologies,LTD, 1, 5, 0, 16] [F:\Program Files\Thunder Network\Thunder\Program\RegisterDll.dll] [Thunder Networking Technologies,LTD, 2, 16, 5, 63] [F:\Program Files\Thunder Network\Thunder\Program\MSVCIRT.dll] [Microsoft Corporation, 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3] [F:\Program Files\Thunder Network\Thunder\Components\Security\ThunderSafe.dll] [深圳市迅雷网络技术有限公司, 1, 0, 7, 71] [F:\Program Files\Thunder Network\Thunder\Program\ATL71.DLL] [Microsoft Corporation, 7.10.3077.0] [F:\Program Files\Thunder Network\Thunder\Components\Security\XLSafeUI.dll] [深圳市迅雷网络技术有限公司, 1, 0, 7, 71] [F:\Program Files\Thunder Network\Thunder\Components\Search\XLSearch.dll] [Thunder Networking Technologies,LTD, 1, 1, 6, 20] [F:\Program Files\Thunder Network\Thunder\Program\LiveUpdate.dll] [Thunder Networking Technologies,LTD, 1, 2, 2, 22] [F:\Program Files\Thunder Network\Thunder\Plugins\KLScan\PluginKLScan.dll] [Thunder Networking Technologies,LTD, 1.1.0.9] [F:\Program Files\Thunder Network\Thunder\Plugins\XLSafeHost\XLSafeHost.dll] [深圳市迅雷网络技术有限公司, 1, 0, 7, 57] [F:\Program Files\Thunder Network\Thunder\Plugins\XLSafeHost\ThunderRAV\ThunderRAV.dll] [N/A, ] [F:\Program Files\Thunder Network\Thunder\Plugins\XLSafeHost\ThunderRAV\bin\rsscan.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4] [F:\Program Files\Thunder Network\Thunder\Plugins\XLSafeHost\ThunderRAV\bin\recomp.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 39] [F:\Program Files\Thunder Network\Thunder\Plugins\XLSafeHost\ThunderRAV\bin\refs.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 17] [F:\Program Files\Thunder Network\Thunder\Plugins\XLSafeHost\ThunderRAV\bin\viruslib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26] [F:\Program Files\Thunder Network\Thunder\Plugins\XLSafeHost\ThunderRAV\bin\relibldr.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [F:\Program Files\Thunder Network\Thunder\Plugins\GouGouTop\GouGouTop.dll] [Thunder Networking Technologies,LTD, 1, 0, 2, 4] [F:\Program Files\Thunder Network\Thunder\Plugins\KanKanTop\KanKanTop.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 4] [F:\Program Files\Thunder Network\Thunder\Components\ExplorerHelper\ExplorerHelper.dll] [Thunder Networking Technologies,LTD, 1, 0, 4, 16] [F:\Program Files\Thunder Network\Thunder\Components\Tips\TipsClient.dll] [Thunder Networking Technologies,LTD, 2, 2, 11, 106] [F:\Program Files\Thunder Network\Thunder\Components\VPSHELL\VPSHELL.dll] [迅雷网络, 3, 0, 1, 33] [F:\Program Files\Thunder Network\Thunder\Components\UserExperience\UserExperience.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 1] [F:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsXlCom.dll] [, 1, 0, 0, 29] [F:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 16] [F:\Program Files\Thunder Network\Thunder\Components\ResWorker\MediaWorker.dll] [Thunder Networking Technologies,LTD, 1, 2, 0, 22] [F:\Program Files\Thunder Network\Thunder\Components\Tips\XLIPC.DLL] [Thunder Networking Technologies,LTD, 1, 0, 0, 2] [F:\Program Files\Thunder Network\Thunder\Components\DownloadStat\DownloadStat.dll] [深圳市迅雷网络技术有限公司, 1, 3, 1, 4] [F:\Program Files\Thunder Network\Thunder\Program\FloatBar.dll] [Giganology Inc., 1, 0, 0, 2] [F:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL] [Microsoft Corporation, 11.0.8164] [F:\Program Files\Thunder Network\Thunder\Plugins\XLSafeHost\ThunderRAV\bin\ffr.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 15] [F:\Program Files\Thunder Network\Thunder\Plugins\XLSafeHost\ThunderRAV\bin\scanexec.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [F:\Program Files\Thunder Network\Thunder\Plugins\XLSafeHost\ThunderRAV\bin\unexe.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 5] [F:\Program Files\Thunder Network\Thunder\Plugins\XLSafeHost\ThunderRAV\bin\scanex.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 77] [F:\Program Files\Thunder Network\Thunder\Plugins\XLSafeHost\ThunderRAV\bin\pearc.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 5] [F:\Program Files\Thunder Network\Thunder\Plugins\XLSafeHost\ThunderRAV\bin\scanpack.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9] [F:\Program Files\Thunder Network\Thunder\Plugins\XLSafeHost\ThunderRAV\bin\revm.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 8] [F:\Program Files\Thunder Network\Thunder\Plugins\XLSafeHost\ThunderRAV\bin\urutils.dll] [, 20, 0, 0, 6] [F:\Program Files\Thunder Network\Thunder\Plugins\XLSafeHost\ThunderRAV\bin\ur000.dat] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 18] [F:\Program Files\Thunder Network\Thunder\Plugins\XLSafeHost\ThunderRAV\bin\extfile.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 29] [F:\Program Files\Thunder Network\Thunder\Plugins\XLSafeHost\ThunderRAV\bin\scriptci.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3] [F:\Program Files\Thunder Network\Thunder\Plugins\XLSafeHost\ThunderRAV\bin\uroutine.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26] [F:\Program Files\Thunder Network\Thunder\Plugins\XLSafeHost\ThunderRAV\bin\scansct.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9] [PID: 1052 / BAOHAN][F:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)] [F:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)] [F:\WINDOWS\system32\IEFRAME.dll] [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)] [F:\Program Files\Unlocker\UnlockerHook.dll] [N/A, ] [F:\Program Files\winrar\KATTXOGR.dat] [N/A, ] [F:\WINDOWS\system32\IEUI.dll] [Microsoft Corporation, 7.00.5730.13 (longhorn(wmbla).070711-1130)] [F:\WINDOWS\system32\xmllite.dll] [Microsoft Corporation, 1.00.1018.0] [F:\Program Files\Common Files\Microsoft Shared\INK\PENCHS.DLL] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [F:\Program Files\Internet Explorer\ieproxy.dll] [Microsoft Corporation, 7.00.5730.13 (longhorn(wmbla).070711-1130)] [F:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll] [Xiang Feng Technology, 2, 3, 0, 1658] [F:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.5.16] [F:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 96] [F:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll] [, 1, 0, 0, 17] [F:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 16] [F:\WINDOWS\system32\ieapfltr.dll] [Microsoft Corporation, 7.0.6000.16461] [F:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [F:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1] [C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3] [F:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx] [Adobe Systems, Inc., 9,0,124,0] [F:\WINDOWS\system32\WINABCX.IME] [PKUETI, 5.22.216] [PID: 3160 / BAOHAN][C:\Program Files\TTPlayer\TTPlayer.exe] [Alen Soft, 5, 1, 0, 0] [F:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [F:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)] [C:\Program Files\TTPlayer\ttpcomm.dll] [N/A, ] [F:\Program Files\Unlocker\UnlockerHook.dll] [N/A, ] [F:\Program Files\winrar\KATTXOGR.dat] [N/A, ] [C:\Program Files\TTPlayer\ttpres.dll] [Alen Soft, 5, 1, 0, 0] [C:\Program Files\TTPlayer\msdmo.dll] [Microsoft Corporation, 6.03.01.0400] [F:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [F:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1] [F:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)] [F:\Program Files\Common Files\Microsoft Shared\INK\PENCHS.DLL] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3] [F:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx] [Adobe Systems, Inc., 9,0,124,0] [PID: 2980 / BAOHAN][F:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)] [F:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)] [F:\WINDOWS\system32\IEFRAME.dll] [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)] [F:\Program Files\Unlocker\UnlockerHook.dll] [N/A, ] [F:\Program Files\winrar\KATTXOGR.dat] [N/A, ] [F:\WINDOWS\system32\IEUI.dll] [Microsoft Corporation, 7.00.5730.13 (longhorn(wmbla).070711-1130)] [F:\WINDOWS\system32\xmllite.dll] [Microsoft Corporation, 1.00.1018.0] [F:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510] [F:\Program Files\Common Files\Microsoft Shared\INK\PENCHS.DLL] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [F:\Program Files\Internet Explorer\ieproxy.dll] [Microsoft Corporation, 7.00.5730.13 (longhorn(wmbla).070711-1130)] [F:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll] [Xiang Feng Technology, 2, 3, 0, 1658] [F:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.5.16] [F:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 96] [F:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll] [, 1, 0, 0, 17] [F:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 16] [F:\WINDOWS\system32\ieapfltr.dll] [Microsoft Corporation, 7.0.6000.16461] [F:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [F:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1] [C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3] [F:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx] [Adobe Systems, Inc., 9,0,124,0] [PID: 1280 / BAOHAN][F:\Documents and Settings\BAOHAN\桌面\Vikingkiller.scr] [Beijing Rising Tech. Co., Ltd., 1, 6, 0, 1] [F:\Program Files\Unlocker\UnlockerHook.dll] [N/A, ] [F:\Program Files\winrar\KATTXOGR.dat] [N/A, ] [F:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)] [F:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)] [F:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [F:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1] [F:\Program Files\Common Files\Microsoft Shared\INK\PENCHS.DLL] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3] [PID: 1964 / BAOHAN][F:\Documents and Settings\BAOHAN\桌面\ravDiskGen.exe] [Beijing Rising Technology Co., Ltd., 1, 4, 0, 0] [F:\Program Files\Unlocker\UnlockerHook.dll] [N/A, ] [F:\Program Files\winrar\KATTXOGR.dat] [N/A, ] [F:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)] [F:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)] [F:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [F:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1] [F:\Program Files\Common Files\Microsoft Shared\INK\PENCHS.DLL] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3] [PID: 3964 / BAOHAN][C:\Program Files\Rising\Rav\ScanBD.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.9] [F:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [F:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)] [C:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [F:\Program Files\Unlocker\UnlockerHook.dll] [N/A, ] [F:\Program Files\winrar\KATTXOGR.dat] [N/A, ] [F:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)] [C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3] [F:\Program Files\Common Files\Microsoft Shared\INK\PENCHS.DLL] [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)] [C:\Program Files\Rising\Rav\BDEngine.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.2] [C:\Program Files\Rising\Rav\libload.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16] [C:\Program Files\Rising\Rav\BDEX.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.4] [C:\Program Files\Rising\Rav\BDLib.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.1] [F:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1] [PID: 2568 / BAOHAN][F:\WINDOWS\system32\cmd.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 3704 / BAOHAN][F:\WINDOWS\system32\ntvdm.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 932 / BAOHAN][F:\Documents and Settings\BAOHAN\桌面\sreng980\SREngLdr.EXE] [Smallfrogs Studio, 2.6.8.980] [PID: 3372 / BAOHAN][F:\Documents and Settings\BAOHAN\桌面\sreng980\SREff777796.EXE] [Smallfrogs Studio, 2.6.8.980] [F:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [F:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)] [F:\Program Files\Unlocker\UnlockerHook.dll] [N/A, ] [F:\Program Files\winrar\KATTXOGR.dat] [N/A, ] [F:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1] [PID: 2744 / BAOHAN][F:\WINDOWS\system32\notepad.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [F:\Program Files\Unlocker\UnlockerHook.dll] [N/A, ] [F:\Program Files\winrar\KATTXOGR.dat] [N/A, ] [PID: 1452 / BAOHAN][F:\Documents and Settings\BAOHAN\桌面\sreng980\SREngLdr.EXE] [Smallfrogs Studio, 2.6.8.980] [PID: 2756 / BAOHAN][F:\DOCUME~1\BAOHAN\LOCALS~1\Temp\SRE2E1F.EXE] [Smallfrogs Studio, 2.6.8.980] [F:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [F:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)] [F:\Program Files\Unlocker\UnlockerHook.dll] [N/A, ] [F:\Program Files\winrar\KATTXOGR.dat] [N/A, ] [F:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1] ================================== 文件关联 .TXT Error. [F:\WINDOWS\notepad.exe %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM Error. ["hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI Error. [F:\WINDOWS\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 N/A ================================== Autorun.inf N/A ================================== HOSTS 文件 127.0.0.1 localhost ================================== 进程特权扫描特殊特权被允许： SeLoadDriverPrivilege [PID = 2012, F:\PROGRAM FILES\COMMON FILES\AHEAD\LIB\NMBGMONITOR.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 620, F:\PROGRAM FILES\COMMON FILES\AHEAD\LIB\NMINDEXSTORESVR.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 1436, F:\PROGRAM FILES\CHINANET\VNETCLIENT.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 1500, F:\PROGRAM FILES\THUNDER NETWORK\THUNDER\PROGRAM\THUNDER5.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 3160, C:\PROGRAM FILES\TTPLAYER\TTPLAYER.EXE] 特殊特权被允许： SeDebugPrivilege [PID = 1280, F:\DOCUMENTS AND SETTINGS\BAOHAN\桌面\VIKINGKILLER.SCR] 特殊特权被允许： SeLoadDriverPrivilege [PID = 1280, F:\DOCUMENTS AND SETTINGS\BAOHAN\桌面\VIKINGKILLER.SCR] 特殊特权被允许： SeDebugPrivilege [PID = 1964, F:\DOCUMENTS AND SETTINGS\BAOHAN\桌面\RAVDISKGEN.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 1964, F:\DOCUMENTS AND SETTINGS\BAOHAN\桌面\RAVDISKGEN.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 932, F:\DOCUMENTS AND SETTINGS\BAOHAN\桌面\SRENG980\SRENGLDR.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 3372, F:\DOCUMENTS AND SETTINGS\BAOHAN\桌面\SRENG980\SREFF777796.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 1452, F:\DOCUMENTS AND SETTINGS\BAOHAN\桌面\SRENG980\SRENGLDR.EXE] ================================== API HOOK N/A ================================== 隐藏进程 [3196] F:\WINDOWS\regedit.exe ================================== [/CODE]