[CODE] 2008-07-28,11:59:08 System Repair Engineer 2..4 Smallfrogs (http://www.KZTechs.com) Windows 2000 Professional Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能以下内容被选中：所有的启动项目（包括注册表、启动文件夹、服务等）浏览器加载项正在运行的进程（包括进程模块信息）文件关联 Winsock 提供者 Autorun.inf HOSTS 文件启动项目注册表 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] [(Verified)Microsoft Windows 2000 Publisher] [(Verified)Microsoft Windows Hardware Compatibility Publisher] [(Verified)Microsoft Windows Hardware Compatibility Publisher] [(Verified)Microsoft Windows Hardware Compatibility Publisher] [Motorola Inc.] <"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [(Verified)"RealNetworks, Inc."] [Ahead Software Gmbh] <"C:\Program Files\Rising\Rav\RavTask.exe" -system> [(Verified)Beijing Rising Science and Technology Corporation Limited] <360Safetray> [N/A] <360Antiarp> [(Verified)Qizhi Software (beijing) Co. Ltd] <"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [(Verified)BEIJING RISING SCIENCE AND TECHNOLOGY CORPORATION LIMITED] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows 2000 Publisher] [(Verified)Microsoft Windows 2000 Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{189F087F-4378-405F-85FA-37D955AD7A8C}> [N/A] <{DC3D30AE-0380-4151-8934-EE98A34B0370}><> [N/A] <{E8A3B193-77E3-4FB3-986D-F4FA4828BAFC}> [N/A] <{C0595A7E-2E2F-4B34-A83A-019270A0A464}> [N/A] <{28EB3777-3E23-4E72-8449-A992D09D24C3}><> [N/A] <{A9895933-6636-4281-BC58-EE6DE2AF96E3}> [N/A] <{461D2AB4-29A5-45C2-9134-D52272D3DE38}> [N/A] <{011DB9B9-44B4-44D9-B17E-BC7608F2E549}> [N/A] <{841529CB-7F77-4B99-A895-B5441E0D302F}> [N/A] <{8C41B7F7-3168-400D-A702-0E7EFE0BA304}><> [N/A] <{17DFD111-BF3A-4CB4-ADB0-88FCBFE69821}><> [N/A] <{6E6CA8A1-81BC-4707-A54C-F4903DD70BAD}><> [N/A] <{EA5D4B0E-B8CE-4761-8C7E-5D26369F0EC6}> [N/A] <{45AADFAA-DD36-42AB-83AD-0521BBF58C24}><> [N/A] <{84143967-B645-4BFF-B873-DA1DC886E9A7}><> [N/A] <{CAED0F3B-DF8B-4DBF-BB20-8DFBC3199068}> [N/A] <{5E907A48-400E-4EA8-9792-FFAE052D59E9}> [N/A] <{4D165A2A-4BC1-4CA8-8299-08E05AAAB5A4}> [N/A] <{B29583D8-033A-4B9F-8553-7C5458F3FB8E}> [N/A] <{73AE86E6-7F03-4C3B-8980-FB1DA157D3C7}> [N/A] <{1E51C0FD-EE36-434B-AD2A-FD1FF3731C38}> [N/A] <{875E07B1-0614-43D9-A76E-D76A28AB3D7B}> [N/A] <{7914E0AA-ECCB-4311-B584-C49538227824}> [N/A] <{031B7024-4FC5-49B3-98EF-6B810FF12678}> [N/A] <{7C8D1401-A58D-A81C-CD24-A5915C4517C7}><> [N/A] <{6B1AEF69-DDAE-FDAD-DCAB-698F026ABDB6}><> [N/A] <{55694105-5108-9405-3695-954187462155}><> [N/A] <{D490415F-65F8-B5C5-D8BA-9405FB12054D}> [N/A] <{6C648541-1025-9650-9057-6541258720C6}><> [N/A] <{00150015-0015-0015-0015-00150015BB15}> [N/A] <{7A041F13-A111-12A3-B0CF-F99818AA68A7}><> [N/A] <{7FD45A54-9875-698F-E56E-65102358FDF7}><> [N/A] <{91954FAC-1023-154F-895A-1458258AD819}><> [N/A] <{87FD640A-158F-48AC-FD14-1597F14A9778}><> [N/A] <{528DF602-9541-A985-210A-984A698C6F25}><> [N/A] <{2A698452-C5D8-C584-C256-C264C987C5A2}><> [N/A] <{3D698451-2015-6358-9871-2015987452D3}><> [N/A] <{4A698102-5904-AFD0-20DF-CD1A65829CA4}><> [N/A] <{AA59145F-315D-BC23-AC1F-145DF81A34AA}><> [N/A] <{50940F85-F015-14F1-A05F-F69858AC6D05}><> [N/A] <{CC69134A-F15F-D14D-A31A-C31C4D124FCC}> [N/A] <{6A908760-8000-4000-A000-9000322145A6}><> [N/A] <{5D098345-6785-1098-5413-678067AE03D5}><> [N/A] <{57AC9076-C898-B098-D098-A18319080975}><> [N/A] <{35671234-7890-ABCD-CDEF-567801237653}><> [N/A] <{7319A1F1-9410-9654-3201-345FFA349137}><> [N/A] <{91698482-6555-3666-1222-954784129019}><> [N/A] <{80AF1289-F140-A140-D012-C1458759FC08}><> [N/A] <{37A924AF-1A5F-CF21-AB1D-1D5CF82A8A73}><> [N/A] <{14698742-2059-3025-9058-954023874141}><> [N/A] <{39109876-7619-9101-7012-901938475193}><> [N/A] <{25FD6584-698F-BCD2-602C-698745210352}><> [N/A] <{470165F1-9F65-569F-F895-F14F58F41074}><> [N/A] <{38093456-9012-4568-9076-908765467183}><> [N/A] <{32CD708B-60A7-4C00-9377-D73EAA495F0F}> [(Verified)Beijing Rising Science and Technology Corporation Limited] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] [(Verified)Microsoft Windows Hardware Compatibility Publisher] ================================== 启动文件夹 [Microsoft Office] C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [Microsoft Corporation]> [EPSON Status Monitor 3 Environment Check 2] C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [SEIKO EPSON CORPORATION]> [EPSON Online Register] C:\PROGRA~1\EPSON\ONLINE~1\ONLINE~1.EXE []> [QQ游戏启动加速程序] C:\PROGRA~1\Tencent\QQGame\Accel.exe [深圳市腾讯计算机系统有限公司]> ================================== 服务 [Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start] [OracleMTSRecoveryService / OracleMTSRecoveryService][Running/Auto Start] [OracleOraHome92ClientCache / OracleOraHome92ClientCache][Stopped/Manual Start] [Rising Process Communication Center / RsCCenter][Running/Auto Start] <"C:\Program Files\Rising\Rav\CCenter.exe"> [Rising RealTime Monitor / RsRavMon][Stopped/Auto Start] <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"> [Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start] C:\WINNT\system32\mspmsnsv.dll> [Rising Proxy Service / RfwProxySrv][Running/Auto Start] [Rising Personal Firewall Service / RfwService][Running/Auto Start] ================================== 驱动程序 [17bfd8001004c33a / 17bfd8001004c33a][Stopped/Manual Start] <\??\C:\17bfd8001004c33a.dat> [360AntiArp / 360AntiArp][Running/System Start] <\??\C:\WINNT\system32\drivers\360AntiArp.sys><360安全中心> [783b3580f111bc55 / 783b3580f111bc55][Stopped/Manual Start] <\??\C:\783b3580f111bc55.dat> [a347bus / a347bus][Running/Boot Start] <\SystemRoot\system32\DRIVERS\a347bus.sys><> [a347scsi / a347scsi][Running/Boot Start] <\SystemRoot\System32\Drivers\a347scsi.sys><> [ADI UAA Function Driver for High Definition Audio Service / ADIHdAudAddService][Running/Manual Start] [Standard IDE/ESDI Hard Disk Controller / atapi][Running/Boot Start] <\SystemRoot\system32\DRIVERS\atapi.sys> [Broadcom NetXtreme Gigabit Ethernet / b57w2k][Running/Manual Start] [dmboot / dmboot][Stopped/Disabled] [Logical Disk Manager Driver / dmio][Running/Boot Start] <\SystemRoot\System32\drivers\dmio.sys> [dmload / dmload][Running/Boot Start] <\SystemRoot\System32\drivers\dmload.sys> [Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start] [HookCont / HookCont][Running/System Start] <\SystemRoot\system32\drivers\HookCont.sys> [HookNtos / HookNtos][Running/System Start] <\SystemRoot\system32\drivers\HookNtos.sys> [HookReg / HookReg][Running/System Start] <\SystemRoot\system32\drivers\HookReg.sys> [HookSys / HookSys][Running/System Start] <\SystemRoot\system32\drivers\HookSys.sys> [ialm / ialm][Running/Manual Start] [DDK PACKET Protocol / Packet][Running/Manual Start] <360安全中心> [Direct Parallel Link Driver / Ptilink][Running/Manual Start] [RsNTGDI / RsNTGDI][Running/Boot Start] <\SystemRoot\system32\Drivers\RsNTGdi.sys> [smserial / smserial][Running/Manual Start] [Conexant Setup API / UIUSys][Stopped/Manual Start] [Rising Rfwbase Driver / RfwBase][Running/Auto Start] [RsFwDrv / RsFwDrv][Running/System Start] <\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys> [HookUrl / HookUrl][Running/Auto Start] <\??\C:\Program Files\Rising\Rfw\HookUrl.sys> ================================== 浏览器加载项 [ThunderAtOnce Class] {01443AEC-0FD1-40fd-9C87-E93D1494C233} [BitComet Helper] {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} [SafeMon Class] {B69F34DD-F0F9-42DC-9EDD-957187DA688D} [启动迅雷5] {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} [番茄花园] {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} [@shdoclc.dll,-866] {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A> [BitComet] {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} <, N/A> [@msdxmLC.dll,-1@2052,电台(&R)] {8E718888-423F-11D2-876E-00A0C9082467} [KooPlayer Control] {C728DAB8-FDF5-4CD7-89DD-879D25794C77} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [Thunder Agent Class] {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} [XMP Class] {6483F145-A768-4C41-AACC-52D4D7845851} [XDRM] {693571CB-54A3-4E90-9D52-EEAE1334E2D3} [MediaComm Class] {7670648D-461B-42AF-BDFE-46D26AF5EFF2} [360SafeLive] {87515F61-A66C-4319-A0E0-D416CB8059E3} [RMGetLicense Class] {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} [Thunder DapCtrl] {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} [Thunder DapPlayer] {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} [XPPlayer Class] {F3E70CEA-956E-49CC-B444-73AFE593AD7F} [&使用BitComet下载] [&使用BitComet下载全部链接] [&使用BitComet下载本页视频] [使用迅雷下载] [使用迅雷下载全部链接] [添加到QQ表情] [用维棠下载视频] ================================== 正在运行的进程 [PID: 168][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.00.2195.6601] [PID: 196][\??\C:\WINNT\system32\csrss.exe] [Microsoft Corporation, 5.00.2195.6601] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.19] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.7] [PID: 192][\??\C:\WINNT\system32\winlogon.exe] [Microsoft Corporation, 5.00.2195.6997] [C:\WINNT\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2195.6673] [C:\WINNT\system32\msacm32.drv] [Microsoft Corporation, 5.00.2134.1] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.19] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.7] [PID: 244][C:\WINNT\system32\services.exe] [Microsoft Corporation, 5.00.2195.7035] [C:\WINNT\system32\dmserver.dll] [VERITAS Software Corp., 2195.6605.297.3] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.19] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.7] [PID: 1032][C:\WINNT\Explorer.EXE] [Microsoft Corporation, 5.00.3700.6690] [C:\WINNT\AppPatch\AcLayers.DLL] [Microsoft Corporation, 5.00.2195.6717] [C:\WINNT\system32\qxk.dll] [N/A, ] [C:\WINNT\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2195.6673] [C:\WINNT\system32\msacm32.drv] [Microsoft Corporation, 5.00.2134.1] [C:\WINNT\system32\8391.dat] [N/A, ] [C:\WINNT\system32\igfxpph.dll] [Intel Corporation, 3.0.0.4670] [C:\WINNT\system32\hccutils.DLL] [Intel Corporation, 3.0.0.4670] [C:\WINNT\system32\igfxres.dll] [Intel Corporation, 3.0.0.4670] [C:\WINNT\system32\igfxress.dll] [Intel Corporation, 3.0.0.4670] [C:\WINNT\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.4670] [C:\WINNT\system32\83196.dat] [N/A, ] [C:\WINNT\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.17] [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll] [, 1, 0, 0, 12] [C:\WINNT\system32\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0] [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 13] [C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3] [C:\WINNT\system32\wuaucpl.cpl.mui] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)] [C:\WINNT\system32\powercfg.cpl] [Microsoft Corporation, 5.00.3502.6601] [C:\WINNT\system32\igfxcpl.cpl] [Intel Corporation, 3.0.0.4670] [C:\Program Files\WinRAR\rarext.dll] [N/A, ] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [C:\WINNT\system32\msadp32.acm] [Microsoft Corporation, 5.00.2134.1] [C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.5.16] [C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 55] [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1002] [C:\WINNT\system32\113252.dat] [N/A, ] [C:\WINNT\system32\113406.dat] [N/A, ] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.19] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.7] [C:\WINNT\system32\83357.dat] [N/A, ] [C:\WINNT\system32\840.dat] [N/A, ] [C:\WINNT\system32\11414.dat] [N/A, ] [C:\WINNT\system32\11477.dat] [N/A, ] [PID: 1156][C:\WINNT\system32\dhdna\lsass.exe] [N/A, ] [C:\WINNT\system32\qxk.dll] [N/A, ] [C:\WINNT\system32\ipc.dll] [Microsoft Corporation, 5.00.2195.7038] [C:\WINNT\system32\ubo.dll] [Microsoft Corporation, 5.00.2195.7135] [C:\WINNT\system32\8391.dat] [N/A, ] [C:\WINNT\system32\83196.dat] [N/A, ] [C:\WINNT\system32\113252.dat] [N/A, ] [C:\WINNT\system32\113406.dat] [N/A, ] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.19] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.7] [C:\WINNT\system32\83357.dat] [N/A, ] [C:\WINNT\system32\840.dat] [N/A, ] [C:\WINNT\system32\11414.dat] [N/A, ] [PID: 1360][C:\WINNT\system32\hkcmd.exe] [Intel Corporation, 3.0.0.4670] [C:\WINNT\system32\hccutils.DLL] [Intel Corporation, 3.0.0.4670] [C:\WINNT\system32\qxk.dll] [N/A, ] [C:\WINNT\system32\ipc.dll] [Microsoft Corporation, 5.00.2195.7038] [C:\WINNT\system32\ubo.dll] [Microsoft Corporation, 5.00.2195.7135] [C:\WINNT\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.4670] [C:\WINNT\system32\igfxres.dll] [Intel Corporation, 3.0.0.4670] [C:\WINNT\system32\8391.dat] [N/A, ] [C:\WINNT\system32\83196.dat] [N/A, ] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.19] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.7] [C:\WINNT\system32\840.dat] [N/A, ] [C:\WINNT\system32\83357.dat] [N/A, ] [C:\WINNT\system32\113252.dat] [N/A, ] [C:\WINNT\system32\113406.dat] [N/A, ] [C:\WINNT\system32\11477.dat] [N/A, ] [C:\WINNT\system32\11414.dat] [N/A, ] [PID: 1460][C:\WINNT\system32\igfxpers.exe] [Intel Corporation, 3.0.0.4670] [C:\WINNT\system32\qxk.dll] [N/A, ] [C:\WINNT\system32\ipc.dll] [Microsoft Corporation, 5.00.2195.7038] [C:\WINNT\system32\ubo.dll] [Microsoft Corporation, 5.00.2195.7135] [C:\WINNT\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.4670] [C:\WINNT\system32\83196.dat] [N/A, ] [C:\WINNT\system32\8391.dat] [N/A, ] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.19] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.7] [C:\WINNT\system32\840.dat] [N/A, ] [C:\WINNT\system32\11477.dat] [N/A, ] [PID: 1472][C:\WINNT\sm56hlpr.exe] [Motorola Inc., 6.09.07] [C:\WINNT\system32\qxk.dll] [N/A, ] [C:\WINNT\system32\ipc.dll] [Microsoft Corporation, 5.00.2195.7038] [C:\WINNT\system32\ubo.dll] [Microsoft Corporation, 5.00.2195.7135] [C:\WINNT\sm56eng.dll] [N/A, ] [C:\WINNT\sm56fra.dll] [N/A, ] [C:\WINNT\sm56brz.dll] [N/A, ] [C:\WINNT\sm56chs.dll] [N/A, ] [C:\WINNT\sm56cht.dll] [N/A, ] [C:\WINNT\sm56ger.dll] [N/A, ] [C:\WINNT\sm56itl.dll] [N/A, ] [C:\WINNT\sm56jpn.dll] [N/A, ] [C:\WINNT\sm56spn.dll] [N/A, ] [C:\WINNT\system32\83196.dat] [N/A, ] [C:\WINNT\system32\8391.dat] [N/A, ] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.19] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.7] [C:\WINNT\system32\113406.dat] [N/A, ] [C:\WINNT\system32\113252.dat] [N/A, ] [C:\WINNT\system32\840.dat] [N/A, ] [C:\WINNT\system32\11477.dat] [N/A, ] [PID: 1552][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.4053] [C:\WINNT\system32\qxk.dll] [N/A, ] [C:\WINNT\system32\ipc.dll] [Microsoft Corporation, 5.00.2195.7038] [C:\WINNT\system32\ubo.dll] [Microsoft Corporation, 5.00.2195.7135] [C:\WINNT\system32\83196.dat] [N/A, ] [C:\WINNT\system32\8391.dat] [N/A, ] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.19] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.7] [C:\WINNT\system32\840.dat] [N/A, ] [C:\WINNT\system32\11477.dat] [N/A, ] [C:\WINNT\system32\11414.dat] [N/A, ] [C:\WINNT\system32\113406.dat] [N/A, ] [C:\WINNT\system32\113252.dat] [N/A, ] [C:\WINNT\system32\83357.dat] [N/A, ] [PID: 1612][C:\Program Files\Rising\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.23] [C:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 20.0.0.0] [C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.18] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.19] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.7] [PID: 1280][C:\WINNT\system32\conime.exe] [Microsoft Corporation, 5.00.2195.6655] [C:\WINNT\system32\8391.dat] [N/A, ] [C:\WINNT\system32\ipc.dll] [Microsoft Corporation, 5.00.2195.7038] [C:\WINNT\system32\ubo.dll] [Microsoft Corporation, 5.00.2195.7135] [C:\WINNT\system32\83196.dat] [N/A, ] [C:\WINNT\system32\qxk.dll] [N/A, ] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.19] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.7] [C:\WINNT\system32\840.dat] [N/A, ] [C:\WINNT\system32\11477.dat] [N/A, ] [PID: 1232][C:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe] [Thunder Networking Technologies,LTD, 5.7.6.426] [C:\WINNT\system32\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0] [C:\WINNT\system32\qxk.dll] [N/A, ] [C:\WINNT\system32\ipc.dll] [Microsoft Corporation, 5.00.2195.7038] [C:\WINNT\system32\ubo.dll] [Microsoft Corporation, 5.00.2195.7135] [C:\WINNT\system32\83196.dat] [N/A, ] [C:\WINNT\system32\8391.dat] [N/A, ] [C:\Program Files\Thunder Network\Thunder\Program\TaskManager.dll] [Thunder Networking Technologies,LTD, 1, 3, 0, 52] [C:\Program Files\Thunder Network\Thunder\Program\download_interface.dll] [Thunder Networking Technologies,LTD, 2, 21, 2, 204] [C:\Program Files\Thunder Network\Thunder\Program\stlport_vc646.dll] [STLport Consulting, Inc., 4.6.2003.1031] [C:\Program Files\Thunder Network\Thunder\Program\asyn_dns.dll] [Thunder Networking Technologies,LTD, 2, 21, 2, 204] [C:\Program Files\Thunder Network\Thunder\Program\streammedialib.dll] [, 1, 3, 2, 107] [C:\Program Files\Thunder Network\Thunder\Program\al.dll] [, 1, 0, 1, 2] [C:\Program Files\Thunder Network\Thunder\Program\bd.dll] [Thunder Networking Technologies,LTD, 1, 0, 2, 5] [C:\Program Files\Thunder Network\Thunder\Program\XLNet.Dll] [Thunder Networking Technologies,LTD, 1, 3, 2, 16] [C:\Program Files\Thunder Network\Thunder\Program\BHOStub.dll] [Thunder Networking Technologies,LTD, 1, 1, 0, 8] [C:\Program Files\Thunder Network\Thunder\Program\FloatBar.dll] [Giganology Inc., 1, 0, 0, 2] [C:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DownAndPlay.dll] [, 1, 0, 11, 29] [C:\Program Files\Thunder Network\Thunder\Program\iTargetAD.dll] [Thunder Networking Technologies,LTD, 1, 0, 3, 34] [C:\WINNT\system32\Macromed\Flash\Flash9f.ocx] [Adobe Systems, Inc., 9,0,124,0] [C:\WINNT\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2195.6673] [C:\WINNT\system32\msacm32.drv] [Microsoft Corporation, 5.00.2134.1] [C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3] [C:\WINNT\system32\msadp32.acm] [Microsoft Corporation, 5.00.2134.1] [C:\Program Files\Thunder Network\Thunder\Components\InMedia\iEmbedShell.dll] [　, 1, 0, 1, 23] [C:\Program Files\Thunder Network\Thunder\Components\InMedia\iEmbed14.dll] [Thunder Networking Technologies,LTD, 3, 4, 5, 98] [C:\Program Files\Thunder Network\Thunder\Components\InMedia\PlayerHelper.dll] [thunder, 1, 1, 2, 34] [C:\Program Files\Thunder Network\Thunder\Components\InMedia\XLNet.dll] [Thunder Networking Technologies,LTD, 1, 3, 2, 16] [C:\Program Files\Thunder Network\Thunder\Components\InMedia\XLIPC.DLL] [Thunder Networking Technologies,LTD, 1, 0, 0, 2] [C:\Program Files\Thunder Network\Thunder\Components\P4PClient\P4PClient.dll] [Thunder Networking Technologies,LTD, 2, 2, 5, 70] [C:\Program Files\Thunder Network\Thunder\Components\Community\XLCommunity.dll] [Thunder Networking Technologies,LTD, 1, 5, 0, 14] [C:\Program Files\Thunder Network\Thunder\Program\RegisterDll.dll] [Thunder Networking Technologies,LTD, 2, 16, 5, 63] [C:\Program Files\Thunder Network\Thunder\Program\MSVCIRT.dll] [Microsoft Corporation, 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Thunder Network\Thunder\Components\Security\ThunderSafe.dll] [深圳市迅雷网络技术有限公司, 1, 0, 7, 66] [C:\Program Files\Thunder Network\Thunder\Program\ATL71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Thunder Network\Thunder\Components\Security\XLSafeUI.dll] [深圳市迅雷网络技术有限公司, 1, 0, 7, 66] [C:\Program Files\Thunder Network\Thunder\Components\Search\XLSearch.dll] [Thunder Networking Technologies,LTD, 1, 1, 6, 20] [C:\Program Files\Thunder Network\Thunder\Program\LiveUpdate.dll] [Thunder Networking Technologies,LTD, 1, 2, 1, 20] [C:\Program Files\Thunder Network\Thunder\Plugins\XLSafeHost\XLSafeHost.dll] [深圳市迅雷网络技术有限公司, 1, 0, 7, 57] [C:\Program Files\Thunder Network\Thunder\Plugins\XLSafeHost\ThunderRAV\ThunderRAV.dll] [N/A, ] [C:\Program Files\Thunder Network\Thunder\Plugins\XLSafeHost\ThunderRAV\bin\rsscan.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4] [C:\Program Files\Thunder Network\Thunder\Plugins\XLSafeHost\ThunderRAV\bin\recomp.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 39] [C:\Program Files\Thunder Network\Thunder\Plugins\XLSafeHost\ThunderRAV\bin\refs.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 17] [C:\Program Files\Thunder Network\Thunder\Plugins\XLSafeHost\ThunderRAV\bin\viruslib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26] [C:\Program Files\Thunder Network\Thunder\Plugins\XLSafeHost\ThunderRAV\bin\relibldr.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [C:\Program Files\Thunder Network\Thunder\Plugins\BhoAdv\bho_adv.dll] [深圳市迅雷网络技术有限公司, 1.0.1.0] [C:\Program Files\Thunder Network\Thunder\Plugins\KanKanTop\KanKanTop.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 4] [C:\Program Files\Thunder Network\Thunder\Components\ExplorerHelper\ExplorerHelper.dll] [Thunder Networking Technologies,LTD, 1, 0, 4, 16] [C:\Program Files\Thunder Network\Thunder\Components\Tips\TipsClient.dll] [Thunder Networking Technologies,LTD, 2, 2, 10, 101] [C:\Program Files\Thunder Network\Thunder\Components\VPSHELL\VPSHELL.dll] [XunLei, 2, 3, 0, 28] [C:\Program Files\Thunder Network\Thunder\Components\VPSHELL\VideoPicture.dll] [XunLei, 2, 3, 0, 28] [C:\Program Files\Thunder Network\Thunder\Components\UserExperience\UserExperience.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 1] [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsXlCom.dll] [, 1, 0, 0, 26] [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 13] [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\MediaWorker.dll] [Thunder Networking Technologies,LTD, 1, 2, 0, 20] [C:\WINNT\system32\WMVCore.DLL] [Microsoft Corporation, 9.00.00.3267 (xpsp_sp2_qfe.071025-1245)] [C:\WINNT\system32\msdmo.dll] [Microsoft Corporation, 4.90.2490.1] [C:\WINNT\system32\WMASF.DLL] [Microsoft Corporation, 9.00.00.3267 (xpsp_sp2_qfe.071025-1245)] [C:\WINNT\system32\wmidx.dll] [Microsoft Corporation, 9.00.00.2980] [C:\Program Files\Thunder Network\Thunder\Components\Tips\XLIPC.DLL] [Thunder Networking Technologies,LTD, 1, 0, 0, 2] [C:\Program Files\Thunder Network\Thunder\Components\DownloadStat\DownloadStat.dll] [深圳市迅雷网络技术有限公司, 1, 3, 1, 4] [C:\WINNT\system32\113252.dat] [N/A, ] [C:\Program Files\Thunder Network\Thunder\Plugins\XLSafeHost\ThunderRAV\bin\ffr.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 15] [C:\Program Files\Thunder Network\Thunder\Plugins\XLSafeHost\ThunderRAV\bin\scanexec.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Program Files\Thunder Network\Thunder\Plugins\XLSafeHost\ThunderRAV\bin\unexe.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 5] [C:\Program Files\Thunder Network\Thunder\Plugins\XLSafeHost\ThunderRAV\bin\scanex.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 79] [C:\Program Files\Thunder Network\Thunder\Plugins\XLSafeHost\ThunderRAV\bin\pearc.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 5] [C:\Program Files\Thunder Network\Thunder\Plugins\XLSafeHost\ThunderRAV\bin\scanpack.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9] [C:\Program Files\Thunder Network\Thunder\Plugins\XLSafeHost\ThunderRAV\bin\revm.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 8] [C:\Program Files\Thunder Network\Thunder\Plugins\XLSafeHost\ThunderRAV\bin\urutils.dll] [, 20, 0, 0, 6] [C:\Program Files\Thunder Network\Thunder\Plugins\XLSafeHost\ThunderRAV\bin\ur000.dat] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 18] [C:\Program Files\Thunder Network\Thunder\Plugins\XLSafeHost\ThunderRAV\bin\extfile.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 29] [C:\Program Files\Thunder Network\Thunder\Plugins\XLSafeHost\ThunderRAV\bin\scansct.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9] [C:\Program Files\Thunder Network\Thunder\Plugins\XLSafeHost\ThunderRAV\bin\extmail.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9] [C:\Program Files\Thunder Network\Thunder\Plugins\XLSafeHost\ThunderRAV\bin\scriptci.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3] [C:\Program Files\Thunder Network\Thunder\Plugins\XLSafeHost\ThunderRAV\bin\ur001.dat] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3] [C:\WINNT\system32\113406.dat] [N/A, ] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.19] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.7] [C:\WINNT\system32\83357.dat] [N/A, ] [C:\WINNT\system32\840.dat] [N/A, ] [C:\WINNT\system32\11414.dat] [N/A, ] [C:\WINNT\system32\11477.dat] [N/A, ] [PID: 2088][C:\Program Files\Rising\Rfw\rfwmain.exe] [Beijing Rising Technology Co., Ltd., 7.0.1.67] [C:\WINNT\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINNT\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINNT\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Rising\Rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 88] [C:\Program Files\Rising\Rfw\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Program Files\Rising\Rfw\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.19] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.7] [C:\Program Files\Rising\Rfw\RSAPPMGR.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.0] [C:\Program Files\Rising\Rfw\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.18] [C:\Program Files\Rising\Rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16] [C:\Program Files\Rising\Rfw\RfwCtrl.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.7] [C:\Program Files\Rising\Rfw\RsXML.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0] [C:\Program Files\Rising\Rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4] [C:\WINNT\system32\113406.dat] [N/A, ] [C:\WINNT\system32\ipc.dll] [Microsoft Corporation, 5.00.2195.7038] [C:\WINNT\system32\ubo.dll] [Microsoft Corporation, 5.00.2195.7135] [C:\WINNT\system32\113252.dat] [N/A, ] [C:\WINNT\system32\qxk.dll] [N/A, ] [C:\WINNT\system32\83196.dat] [N/A, ] [C:\WINNT\system32\8391.dat] [N/A, ] [C:\Program Files\Rising\Rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.13] [C:\WINNT\system32\840.dat] [N/A, ] [C:\WINNT\system32\83357.dat] [N/A, ] [C:\WINNT\system32\11477.dat] [N/A, ] [C:\WINNT\system32\11414.dat] [N/A, ] [PID: 2592][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2800.1106] [C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.19] [C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Technology Co., Ltd., 7.0.0.7] [C:\WINNT\system32\840.dat] [N/A, ] [C:\WINNT\system32\ipc.dll] [Microsoft Corporation, 5.00.2195.7038] [C:\WINNT\system32\ubo.dll] [Microsoft Corporation, 5.00.2195.7135] [C:\WINNT\system32\113406.dat] [N/A, ] [C:\WINNT\system32\113252.dat] [N/A, ] [C:\WINNT\system32\83357.dat] [N/A, ] [C:\WINNT\system32\qxk.dll] [N/A, ] [C:\WINNT\system32\83196.dat] [N/A, ] [C:\WINNT\system32\8391.dat] [N/A, ] [C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.5.16] [C:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll] [BitComet, 20071130] [C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 55] [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll] [, 1, 0, 0, 12] [C:\WINNT\system32\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0] [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 13] [C:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 1, 5, 1002] [C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3] [C:\WINNT\system32\winabc.ime] [Microsoft Corporation, 5.00.2195.6601] [C:\WINNT\system32\winzm.ime] [Microsoft Corporation, 5.00.2195.6601] [C:\WINNT\system32\wdmaud.drv] [Microsoft Corporation, 5.00.2195.6673] [C:\WINNT\system32\msacm32.drv] [Microsoft Corporation, 5.00.2134.1] [C:\WINNT\system32\msadp32.acm] [Microsoft Corporation, 5.00.2134.1] [C:\WINNT\system32\msratelc.dll] [Microsoft Corporation, 6.00.2800.1106] [C:\WINNT\system32\Macromed\Flash\Flash9f.ocx] [Adobe Systems, Inc., 9,0,124,0] [C:\WINNT\system32\11414.dat] [N/A, ] [C:\WINNT\system32\11477.dat] [N/A, ] [PID: 3004][C:\Program Files\WinRAR\WinRAR.exe] [Alexander Roshal, 3.41] [C:\WINNT\system32\11414.dat] [N/A, ] [C:\WINNT\system32\ipc.dll] [Microsoft Corporation, 5.00.2195.7038] [C:\WINNT\system32\ubo.dll] [Microsoft Corporation, 5.00.2195.7135] [C:\WINNT\system32\11477.dat] [N/A, ] [C:\WINNT\system32\840.dat] [N/A, ] [C:\WINNT\system32\113406.dat] [N/A, ] [C:\WINNT\system32\113252.dat] [N/A, ] [C:\WINNT\system32\83357.dat] [N/A, ] [C:\WINNT\system32\qxk.dll] [N/A, ] [C:\WINNT\system32\83196.dat] [N/A, ] [C:\WINNT\system32\8391.dat] [N/A, ] [PID: 2660][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.032\修改的2.4版SREng.EXE] [1111, 2..4] [C:\WINNT\system32\11414.dat] [N/A, ] [C:\WINNT\system32\ipc.dll] [Microsoft Corporation, 5.00.2195.7038] [C:\WINNT\system32\ubo.dll] [Microsoft Corporation, 5.00.2195.7135] [C:\WINNT\system32\11477.dat] [N/A, ] [C:\WINNT\system32\840.dat] [N/A, ] [C:\WINNT\system32\113406.dat] [N/A, ] [C:\WINNT\system32\113252.dat] [N/A, ] [C:\WINNT\system32\83357.dat] [N/A, ] [C:\WINNT\system32\qxk.dll] [N/A, ] [C:\WINNT\system32\83196.dat] [N/A, ] [C:\WINNT\system32\8391.dat] [N/A, ] ================================== 文件关联 .TXT Error. [C:\WINNT\notepad.exe %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM Error. ["hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI Error. [C:\WINNT\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 N/A ================================== Autorun.inf N/A ================================== HOSTS 文件 N/A ================================== API HOOK 入口点错误：RegEnumValueA (危险等级: 高, 被下面模块所HOOK: C:\WINNT\system32\11414.dat) 入口点错误：RegEnumValueW (危险等级: 高, 被下面模块所HOOK: C:\WINNT\system32\11414.dat) 入口点错误：RegOpenKeyExA (危险等级: 高, 被下面模块所HOOK: C:\WINNT\system32\11414.dat) 入口点错误：CreateFileA (危险等级: 高, 被下面模块所HOOK: C:\WINNT\system32\11414.dat) 入口点错误：CreateFileW (危险等级: 高, 被下面模块所HOOK: C:\WINNT\system32\11414.dat) ================================== 隐藏进程 N/A ================================== [/CODE]