[CODE] 2009-04-20,01:58:33 System Repair Engineer 2.7.1.1261 Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能以下内容被选中：所有的启动项目（包括注册表、启动文件夹、服务等）浏览器加载项正在运行的进程（包括进程模块信息）文件关联 Winsock 提供者 Autorun.inf HOSTS 文件进程特权扫描计划任务 API HOOK 隐藏进程启动项目注册表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] [(Verified)Microsoft Windows Publisher] [(Verified)Synacast Corp.] [(Verified)SHANGHAI ZHONGYUAN NETWORKS LIMITED] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Publisher] [(Verified)Microsoft Windows Publisher] [(Verified)Microsoft Windows Publisher] [ATI Technologies, Inc.] [(Verified)Microsoft Windows Hardware Compatibility Publisher] [中国互联网信息中心(CNNIC)] <360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r> [(Verified)Qizhi Software (beijing) Co. Ltd] <360Safetray> [(Verified)Qizhi Software (beijing) Co. Ltd] <"d:\Program Files\Rising\AntiSpyware\rstray.exe" /startup> [(Verified)Beijing Rising Information Technology Corporation Limited] [皮皮科技] <"D:\Program Files\Rising\Rising\Rav\RsTray.exe" -system> [(Verified)Beijing Rising Information Technology Corporation Limited] <"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [(Verified)"RealNetworks, Inc."] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] [(Verified)Beijing Rising Information Technology Corporation Limited] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Component Publisher] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] [(Verified)Beijing Rising Information Technology Corporation Limited] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{AEB6717E-7E19-11d0-97EE-00C04FD91972}> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] <%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher] <%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher] [(Verified)Microsoft Windows] [(Verified)Microsoft Windows Publisher] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] [Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher] <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] [(Verified)Microsoft Windows] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] [(Verified)Microsoft Windows] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] <"C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP> [(Verified)Microsoft Windows] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] <浏览器自定义组件> [(Verified)Microsoft Windows] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] <%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] [(Verified)Microsoft Windows] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] [(Verified)Microsoft Corporation] [HKEY_CURRENT_USER\Control Panel\Desktop] [(Verified)Microsoft Windows Publisher] ================================== 启动文件夹 [腾讯QQ] D:\PROGRA~1\Tencent\QQ\QQ.exe [TENCENT]> ================================== 服务 [Adobe LM Service / Adobe LM Service][Stopped/Manual Start] <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"> [Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start] [ATI Smart / ATI Smart][Stopped/Auto Start] <> [Autodesk Licensing Service / Autodesk Licensing Service][Running/Auto Start] <"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"> [cFosSpeed System Service / cFosSpeedS][Stopped/Auto Start] <"C:\Program Files\cFosSpeed\spd.exe" -service> [Windows Presentation Foundation Font Cache 3.0.0.0 / FontCache3.0.0.0][Stopped/Manual Start] [Google Updater Service / gusvc][Stopped/Manual Start] <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"> [Human Interface Device Access / HidServ][Stopped/Disabled] %SystemRoot%\System32\hidserv.dll> [Windows CardSpace / idsvc][Stopped/Manual Start] <"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"> [mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit / mi-raysat_3dsMax2009_32][Running/Auto Start] <"D:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe"> [Net.Tcp Port Sharing Service / NetTcpPortSharing][Stopped/Disabled] <"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"> [Rav Process Communication Center / RavCCenter][Stopped/Auto Start] [Rising RavTask Manager / RavTask][Running/Auto Start] <"D:\Program Files\Rising\Rising\Rav\RavTask.exe" RavTask> [Cyberlink RichVideo Service(CRVS) / RichVideo][Running/Auto Start] <"C:\Program Files\Cyberlink\Shared files\RichVideo.exe"><> [Rising Scan Service / RsScanSrv][Stopped/Auto Start] ================================== 驱动程序 [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start] [ati2mtag / ati2mtag][Running/Manual Start] [cFosSpeed Miniport / cFosSpeed][Running/Manual Start] [cnprov / cnprov][Running/Boot Start] <\SystemRoot\system32\drivers\cnprov.sys><中国互联网络信息中心(CNNIC)> [idnaux / idnaux][Running/Auto Start] <中国互联网络信息中心(CNNIC)> [Phase One 1394 Camera Driver / P1C1394][Stopped/Auto Start] <\SystemRoot\System32\Drivers\p1c1394.sys> [Direct Parallel Link Driver / Ptilink][Running/Manual Start] [RsNTGDI / RsNTGDI][Running/Boot Start] <\SystemRoot\system32\Drivers\RsNTGdi.sys> [SafeBoxKrnl / SafeBoxKrnl][Running/System Start] <\??\C:\WINDOWS\system32\drivers\SafeBoxKrnl.sys><360安全中心> [Sony Ericsson Device 038 Driver driver (WDM) / SE26bus][Stopped/Manual Start] [Sony Ericsson Device 038 USB WMC Modem Filter / SE26mdfl][Stopped/Manual Start] [Sony Ericsson Device 038 USB WMC Modem Driver / SE26mdm][Stopped/Manual Start] [Sony Ericsson Device 038 USB WMC Device Management Drivers (WDM) / SE26mgmt][Stopped/Manual Start] [Sony Ericsson Device 038 USB WMC OBEX Interface / SE26obex][Stopped/Manual Start] [Sony Ericsson Device 038 USB Ethernet Emulation SEMC38 (WDM) / se26unic][Stopped/Manual Start] [Secdrv / Secdrv][Stopped/Manual Start] [sptd / sptd][Running/Boot Start] <\SystemRoot\System32\Drivers\sptd.sys> [TCP/IP Protocol Driver / Tcpip][Running/System Start] [NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller / yukonwxp][Running/Manual Start] ================================== 浏览器加载项 [ThunderAtOnce Class] {01443AEC-0FD1-40fd-9C87-E93D1494C233} [IE2EMBHO Class] {0A0DDBD3-6641-40B9-873F-BBDD26D6C14E} [Adobe PDF Link Helper] {18DF081C-E8AD-4283-A596-FA578C2EBDC3} [RealPlayer Download and Record Plugin for Internet Explorer] {3049C3E9-B461-4BC5-8870-4C09146192CA} [IEAux Class] {7605CC7C-00FD-4A5F-BAFD-828342DE6279} [BandIE Class] {77FEF28E-EB96-44FF-B511-3185DEA48697} [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} [卡卡上网安全助手] {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} [Download_Bho Class] {A986E409-30CC-4185-89BB-AB212C104524} [Google Toolbar Helper] {AA58ED58-01DD-4d91-8333-CF10577473F7} [Google Toolbar Notifier BHO] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [SafeMon Class] {B69F34DD-F0F9-42DC-9EDD-957187DA688D} [启动迅雷5] {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} [PPLive] {95B3F550-91C4-4627-BCC4-521288C52977} [中文上网] {B012491E-8FA4-4851-AA9B-22E33784FBAD} [&Google] {2318C2B1-4965-11d4-9B18-009027A5CD4F} [百度工具栏] {B580CF65-E151-49C3-B73F-70B13FCA8E86} [DAEMON Tools Toolbar] {32099AAC-C132-4136-9E9A-4E364A424E17} [InstallHelper Class] {1DABF8D5-8430-4985-9B7F-A30E53D709B3} [PMPXPlayerCtl Class] {88E07994-F8DD-4952-8DBF-0C4617F11117} [] {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} <, > [RavOnline Class] {9FAFB576-6933-4CCC-AB3D-B988EC43D04E} [CCTVUpdateInstall] {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} [Google Script Object] {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} [ThunderAtOnce Class] {01443AEC-0FD1-40FD-9C87-E93D1494C233} [QuickTime Object] {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [] {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <, > [IE2EMBHO Class] {0A0DDBD3-6641-40B9-873F-BBDD26D6C14E} [GerneralPeerID Class] {0A47E819-F82E-4D5D-B806-6A9EA94D68CD} [] {11F2A418-94B2-4E16-9B0C-B00C0435F903} <, > [Adobe PDF Link Helper] {18DF081C-E8AD-4283-A596-FA578C2EBDC3} [InformationCardSigninHelper Class] {19916E01-B44E-4E31-94A4-4696DF46157B} [InstallHelper Class] {1DABF8D5-8430-4985-9B7F-A30E53D709B3} [iTrusPTA Class] {1E0DFFCF-27FF-4574-849B-55007349FEDA} [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} [&Google] {2318C2B1-4965-11D4-9B18-009027A5CD4F} [HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} [XML DOM Document] {2933BF90-7B36-11D2-B20E-00C04F983E60} [] {29CF293A-1E7D-4069-9E11-E39698D0AF95} <, > [DHTML Edit Control Safe for Scripting for IE5] {2D360201-FFF5-11D1-8D03-00A0C959BC0A} [RealPlayer Download and Record Plugin for Internet Explorer] {3049C3E9-B461-4BC5-8870-4C09146192CA} [HtmlDlgSafeHelper Class] {3050F819-98B5-11CF-BB82-00AA00BDCE0B} [DAEMON Tools Toolbar] {32099AAC-C132-4136-9E9A-4E364A424E17} [] {35980F6E-A137-4E50-953D-813BB8556899} <, > [QuickTime Object] {4063BE15-3B08-470D-A0D5-B37161CFFD69} [HHCtrl Object] {41B23C28-488E-4E5C-ACE2-BB0BBABE99E8} [XML Document] {48123BC4-99D9-11D1-A6B3-00C04FD91555} [Thunder Agent Class] {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} [EditCtrl Class] {488A4255-3236-44B3-8F27-FA1AECAA8844} [HHCtrl Object] {52A2AAAE-085D-4187-97EA-8C30DB990436} [PowerPlayer Control] {5EC7C511-CD0F-42E6-830C-1BD9882F3458} [CJfchk Object] {632C6705-17AB-4407-9281-F60D0A7726BE} [WUWebControl Class] {6414512B-B978-451D-A0D8-FCFDF33E833C} [XMP Class] {6483F145-A768-4C41-AACC-52D4D7845851} [XDRM] {693571CB-54A3-4E90-9D52-EEAE1334E2D3} [StormPlayer Object] {6BE52E1D-E586-474F-A6E2-1A85A9B4D9FB} [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} [IEAux Class] {7605CC7C-00FD-4A5F-BAFD-828342DE6279} [MediaComm Class] {7670648D-461B-42AF-BDFE-46D26AF5EFF2} [BandIE Class] {77FEF28E-EB96-44FF-B511-3185DEA48697} [XDownloaddManager Class] {802F530B-A8F6-4631-AE49-6BACAAC6373E} [360SafeLive] {87515F61-A66C-4319-A0E0-D416CB8059E3} [Microsoft Web Browser] {8856F961-340A-11D0-A96B-00C04FD705A2} [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} [XML DOM Document 4.0] {88D969C0-F192-11D4-A65F-0040963251E5} [XML DOM 文档 5.0] {88D969E5-F192-11D4-A65F-0040963251E5} [XML HTTP 5.0] {88D969EA-F192-11D4-A65F-0040963251E5} [XML DOM Document 6.0] {88D96A05-F192-11D4-A65F-0040963251E5} [XML HTTP 6.0] {88D96A0A-F192-11D4-A65F-0040963251E5} [PMPXPlayerCtl Class] {88E07994-F8DD-4952-8DBF-0C4617F11117} [] {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} <, > [] {95B3F550-91C4-4627-BCC4-521288C52977} <, > [OFrameObject Class] {9701758C-4373-482E-B13C-776C048EC890} [卡卡上网安全助手] {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} [] {9C3C2C08-C494-4F52-AE94-85156A447D43} <, > [RavOnline Class] {9FAFB576-6933-4CCC-AB3D-B988EC43D04E} [Tool Class] {A7F05EE4-0426-454F-8013-C41E3596E9E9} [Download_Bho Class] {A986E409-30CC-4185-89BB-AB212C104524} [RMGetLicense Class] {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} [Google Toolbar Helper] {AA58ED58-01DD-4D91-8333-CF10577473F7} [CCTVUpdateInstall] {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} [DapCtrl Class] {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} [Google Toolbar Notifier BHO] {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [] {B012491E-8FA4-4851-AA9B-22E33784FBAD} <, > [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A> [百度工具栏] {B580CF65-E151-49C3-B73F-70B13FCA8E86} [SafeMon Class] {B69F34DD-F0F9-42DC-9EDD-957187DA688D} [RDS.DataSpace] {BD96C556-65A3-11D0-983A-00C04FC29E36} [KooPlayer Control] {C728DAB8-FDF5-4CD7-89DD-879D25794C77} [QQPlayerCtrl Class] {CD108273-D434-43E6-AA90-1469F97EB398} [VIDEO__X_MS_ASF Moniker Class] {CD3AFA8F-B84F-48F0-9393-7EDC34128127} [Microsoft Url Search Hook] {CFBFAE00-17A6-11D0-99CB-00C04FD64497} [RealPlayer G2 Control] {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [QuickTimeCheck Class] {DE4AF3B0-F4D4-11D3-B41A-0050DA2E6C21} [Microsoft Silverlight] {DFEAF541-F3E1-4C24-ACAC-99C30715084A} [PasswordEditCtrl Class] {E787FD25-8D7C-4693-AE67-9406BC6E22DF} [XML HTTP Request] {ED8C108E-4349-11D2-91A4-00C04F7969E8} [] {EE60714F-AC17-427E-861A-FD60CBDF119A} <, > [Thunder DapPlayer] {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} [XPPlayer Class] {F3E70CEA-956E-49CC-B444-73AFE593AD7F} [XML DOM Document 3.0] {F5078F32-C551-11D3-89B9-0000F81FE221} [Free Threaded XML DOM Document 3.0] {F5078F33-C551-11D3-89B9-0000F81FE221} [XML HTTP 3.0] {F5078F35-C551-11D3-89B9-0000F81FE221} [XSL Template 3.0] {F5078F36-C551-11D3-89B9-0000F81FE221} [XML DOM Document] {F6D90F11-9C73-11D3-B32E-00C04F990BB4} [XML HTTP] {F6D90F16-9C73-11D3-B32E-00C04F990BB4} [] {FB5DA724-162B-11D3-8B9B-AA70B4B0B524} <, > [IERPCtl Class] {FDC7A535-4070-4B92-A0EA-D9994BCC0DC5} [&访问通用网址] [使用电驴下载] [使用迅雷下载] [使用迅雷下载全部链接] [导出到 Microsoft Office Excel(&X)] [添加到QQ表情] ================================== 正在运行的进程 [PID: 820 / SYSTEM][\SystemRoot\System32\smss.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 948 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 988 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\Ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4113] [C:\WINDOWS\system32\WgaLogon.dll] [Microsoft Corporation, 1.7.0018.1] [PID: 1032 / SYSTEM][C:\WINDOWS\system32\services.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1044 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1204 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4113] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2496] [PID: 1244 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1352 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1504 / SYSTEM][D:\Program Files\Rising\Rising\Rav\CCENTER.EXE] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2] [D:\Program Files\Rising\Rising\Rav\combase.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [D:\Program Files\Rising\Rising\Rav\cnt09.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 37] [D:\Program Files\Rising\Rising\Rav\cnt08.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1512 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1576 / SYSTEM][D:\Program Files\Rising\Rising\Rav\RavTask.exe] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 24] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [D:\Program Files\Rising\Rising\Rav\proccomm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [D:\Program Files\Rising\Rising\Rav\rsconf.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [D:\Program Files\Rising\Rising\Rav\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.1] [D:\Program Files\Rising\Rising\Rav\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.18] [D:\Program Files\Rising\Rising\Rav\rstask.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 36] [D:\Program Files\Rising\Rising\Rav\rsstub.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12] [PID: 1648 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1800 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 2016 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [(Verified) Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll] [Microsoft Corporation, 6.0.5824.16384 (winmain(wmbla).060911-0725)] [PID: 276 / Administrator][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4113] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2496] [D:\Program Files\360safe\safemon\safemon.dll] [360.CN, 5, 0, 0, 1007] [PID: 436 / SYSTEM][C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe] [Autodesk, 2.80.011] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [PID: 476 / Administrator][C:\WINDOWS\Explorer.EXE] [(Verified) Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 9.1.0.2009022700] [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.CHS] [, ] [D:\Program Files\360safe\safemon\safemon.dll] [360.CN, 5, 0, 0, 1007] [D:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 120] [D:\Program Files\Thunder\Components\ResWorker\DsBho_00.dll] [ShenZhen Thunder Networking Technologies,LTD, 1, 0, 0, 20] [D:\Program Files\Thunder\Components\ResWorker\DataProcessor_00.dll] [ShenZhen Thunder Networking Technologies,LTD, 1, 0, 0, 16] [D:\Program Files\Tencent\QQ\qdshm.dll] [, 1, 0, 101, 20] [D:\Program Files\winRAR 3,71\rarext.dll] [N/A, ] [C:\Program Files\Turbo Squid Tentacles\SaveToTentacles32.dll] [, 1, 0, 0, 1] [C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12] [d:\PROGRA~1\Wopti\WOPTIE~1.DLL] [共软网络, 1.0.8.530] [D:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.5.34] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [D:\Program Files\CoreDRAW12\PROGRAMS\CdrIco.DLL] [Corel Corporation, 1.0.0.458] [D:\Program Files\CoreDRAW12\PROGRAMS\CRLUTL.dll] [Corel Corporation, 1.0.0.458] [D:\Program Files\CoreDRAW12\PROGRAMS\CRLI18N.dll] [Corel Corporation, 1.0.0.458] [C:\WINDOWS\system32\MFC71U.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0] [PID: 608 / SYSTEM][D:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe] [N/A, ] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [PID: 752 / SYSTEM][C:\Program Files\Cyberlink\Shared files\RichVideo.exe] [, 1.1.0808 ] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [PID: 944 / SYSTEM][D:\Program Files\Rising\Rising\Rav\ScanFrm.exe] [Beijing Rising Information Technology Co., Ltd., 21.0.0.11] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [D:\Program Files\Rising\Rising\Rav\combase.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11] [D:\Program Files\Rising\Rising\Rav\moncomm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12] [D:\Program Files\Rising\Rising\Rav\scansrvp.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.12] [D:\Program Files\Rising\Rising\Rav\proccomm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46] [D:\Program Files\Rising\Rising\Rav\ScanSrv.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.10] [D:\Program Files\Rising\Rising\Rav\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [D:\Program Files\Rising\Rising\Rav\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [D:\Program Files\Rising\Rising\Rav\ScanRavT.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.25] [D:\Program Files\Rising\Rising\Rav\ScanBT.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.44] [D:\Program Files\Rising\Rising\Rav\ScanStub.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.9] [D:\Program Files\Rising\Rising\Rav\RsLog.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.34] [D:\Program Files\Rising\Rising\Rav\ScanAdd.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.17] [D:\Program Files\Rising\Rising\Rav\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.1] [D:\Program Files\Rising\Rising\Rav\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.18] [D:\Program Files\Rising\Rising\Rav\Scanner.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.36] [D:\Program Files\Rising\Rising\Rav\recomp.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [D:\Program Files\Rising\Rising\Rav\refs.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3] [D:\Program Files\Rising\Rising\Rav\viruslib.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [D:\Program Files\Rising\Rising\Rav\relibldr.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2] [PID: 1668 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\System32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [PID: 1672 / Administrator][C:\WINDOWS\system32\wscntfy.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [D:\Program Files\360safe\safemon\safemon.dll] [360.CN, 5, 0, 0, 1007] [PID: 676 / Administrator][C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe] [ATI Technologies, Inc., 6.14.10.5142] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll] [ATI Technologies, Inc., 6.14.10.5142] [C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.CHS] [ATI Technologies, Inc., 6.14.10.5142] [C:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll] [ATI Technologies, Inc., 6.14.10.5142] [D:\Program Files\360safe\safemon\safemon.dll] [360.CN, 5, 0, 0, 1007] [PID: 684 / Administrator][C:\WINDOWS\SOUNDMAN.EXE] [Realtek Semiconductor Corp., 5.1.0.38] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [D:\Program Files\360safe\safemon\safemon.dll] [360.CN, 5, 0, 0, 1007] [PID: 704 / Administrator][C:\Program Files\OCINS\idnsvr.exe] [中国互联网信息中心(CNNIC), 2, 6, 0, 1] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [C:\Program Files\OCINS\idnsvr.dll] [中国互联网信息中心(CNNIC), 2, 6, 0, 4] [D:\Program Files\360safe\safemon\safemon.dll] [360.CN, 5, 0, 0, 1007] [PID: 784 / Administrator][D:\Program Files\Rising\AntiSpyware\rstray.exe] [Beijing Rising Information Technology Co., Ltd., 21.0.0.16] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [D:\Program Files\Rising\AntiSpyware\rsmginfo.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11] [D:\Program Files\Rising\AntiSpyware\RsXML.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2] [D:\Program Files\Rising\AntiSpyware\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [D:\Program Files\Rising\AntiSpyware\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [D:\Program Files\Rising\AntiSpyware\ComServ.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.31] [D:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [D:\Program Files\Rising\AntiSpyware\rscommon.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.1.1] [D:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [D:\Program Files\Rising\AntiSpyware\pngdll.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [D:\Program Files\Rising\AntiSpyware\runiep.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.42] [D:\Program Files\Rising\AntiSpyware\NComm.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.11] [D:\Program Files\Rising\Rising\Rav\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [D:\Program Files\Rising\AntiSpyware\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20] [D:\Program Files\360safe\safemon\safemon.dll] [360.CN, 5, 0, 0, 1007] [PID: 860 / Administrator][D:\Program Files\Rising\Rising\Rav\RsTray.exe] [Beijing Rising Information Technology Co., Ltd., 21.0.0.22] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [D:\Program Files\Rising\Rising\Rav\ComServ.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.49] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [D:\Program Files\Rising\Rising\Rav\rslang.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 28] [D:\Program Files\Rising\Rising\Rav\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [D:\Program Files\Rising\Rising\Rav\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [D:\Program Files\Rising\Rising\Rav\rsxml.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2] [D:\Program Files\Rising\Rising\Rav\ProcComm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46] [D:\Program Files\Rising\Rising\Rav\MonState.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7] [D:\Program Files\Rising\Rising\Rav\ScanEvnt.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.14] [D:\Program Files\Rising\Rising\Rav\rsguilib.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 73] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0] [D:\Program Files\Rising\Rising\Rav\rsconf.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [D:\Program Files\Rising\Rising\Rav\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.1] [D:\Program Files\Rising\Rising\Rav\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.18] [D:\Program Files\Rising\Rising\Rav\rspalvd.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.24] [D:\Program Files\Rising\Rising\Rav\ravbintl.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 28] [D:\Program Files\Rising\Rising\Rav\mruleui.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 10] [D:\Program Files\Rising\Rising\Rav\MonTray.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.1.0] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [D:\Program Files\Rising\Rising\Rav\PngDll.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [D:\Program Files\360safe\safemon\safemon.dll] [360.CN, 5, 0, 0, 1007] [D:\Program Files\Rising\Rising\Rav\RavITray.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 23] [D:\Program Files\Rising\Rising\Rav\ScanPrxy.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.16] [D:\Program Files\Rising\Rising\Rav\rsmginfo.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11] [PID: 644 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [PID: 2584 / Administrator][D:\Program Files\PPStream\ppsap.exe] [PPStream Inc, 1, 0, 11, 171] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [d:\Program Files\PPStream\1.1.0.2663\vodnet.dll] [PPStream Inc., 1, 0, 11, 209] [d:\Program Files\PPStream\1.1.0.2663\vodres.dll] [PPStream Inc., 1, 0, 11, 209] [d:\Program Files\PPStream\1.1.0.2663\ppssg.dll] [PPStream Inc., 1, 0, 11, 192] [d:\Program Files\PPStream\1.1.0.2663\fds.dll] [PPStream Inc., 1, 0, 0, 101] [D:\Program Files\360safe\safemon\safemon.dll] [360.CN, 5, 0, 0, 1007] [PID: 3672 / Administrator][C:\WINDOWS\system32\conime.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [d:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [d:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [D:\Program Files\360safe\safemon\safemon.dll] [360.CN, 5, 0, 0, 1007] [PID: 268 / Administrator][d:\Program Files\Rising\AntiSpyware\knownsvr.exe] [Beijing Rising Information Technology Co., Ltd., 6.0.0.14] [d:\Program Files\Rising\AntiSpyware\NComm.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.11] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [d:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [d:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [D:\Program Files\360safe\safemon\safemon.dll] [360.CN, 5, 0, 0, 1007] [PID: 2496 / Administrator][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.1.68] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [d:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [d:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [D:\Program Files\360safe\safemon\safemon.dll] [360.CN, 5, 0, 0, 1007] [PID: 2996 / Administrator][C:\Program Files\PPLiveVA\PPLiveVA.exe] [Synacast, 0, 1, 0, 8] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [d:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [d:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [C:\Program Files\PPLiveVA\PPVa.DLL] [Synacast, 0, 1, 2, 55] [C:\Program Files\PPLiveVA\NetTools.dll] [, 1.0.0.2] [D:\Program Files\360safe\safemon\safemon.dll] [360.CN, 5, 0, 0, 1007] [C:\Program Files\PPLiveVA\VAProxyD.dll] [Synacast, 1.0.0.33] [C:\Program Files\PPLiveVA\FloatWin.dll] [Synacast, 1.0.0.11] [C:\Program Files\PPLiveVA\TipsClient.dll] [synacast corp., 1, 0, 0, 1] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\PPLiveVA\FlashWinCenter.dll] [Synacast, 1.0.0.2] [C:\Program Files\PPLiveVA\peer.dll] [Synacast, 0, 0, 5, 16] [PID: 3496 / Administrator][C:\Program Files\PPLiveVA\PPLiveVAMonitor.exe] [, 0, 1, 1, 2] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [d:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [d:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [PID: 3916 / Administrator][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [d:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [d:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [D:\Program Files\360safe\safemon\safemon.dll] [360.CN, 5, 0, 0, 1007] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\PPLiveVA\VAProxyD.dll] [Synacast, 1.0.0.33] [C:\Program Files\PPLiveVA\FloatWin.dll] [Synacast, 1.0.0.11] [PID: 5848 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 708 / Administrator][D:\Program Files\Thunder\Program\Thunder5.exe] [ShenZhen Thunder Networking Technologies,LTD, 5.8.13.699] [D:\Program Files\Thunder\Program\BugReport.dll] [ShenZhen Thunder Networking Technologies,LTD, 1, 4, 1, 20] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [d:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [d:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [D:\Program Files\360safe\safemon\safemon.dll] [360.CN, 5, 0, 0, 1007] [D:\Program Files\Thunder\Program\TaskManager.dll] [ShenZhen Thunder Networking Technologies,LTD, 1, 3, 11, 75] [D:\Program Files\Thunder\Program\download_interface.dll] [ShenZhen Thunder Networking Technologies,LTD, 3, 4, 2, 333] [D:\Program Files\Thunder\Program\mp.dll] [ShenZhen Thunder Networking Technologies,LTD, 1, 0, 2, 5] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [D:\Program Files\Thunder\Program\asyn_frame.dll] [ShenZhen Thunder Networking Technologies,LTD, 1, 3, 2, 32] [D:\Program Files\Thunder\Program\ATL71.DLL] [Microsoft Corporation, 7.10.3077.0] [D:\Program Files\Thunder\Program\emule.dll] [ShenZhen Thunder Networking Technologies,LTD, 1, 1, 2, 48] [D:\Program Files\Thunder\Program\zlib1.dll] [, 1.2.3] [D:\Program Files\Thunder\Program\fs.dll] [ShenZhen Thunder Networking Technologies,LTD, 1, 1, 2, 17] [D:\Program Files\Thunder\Program\down_dispatcher.dll] [ShenZhen Thunder Networking Technologies,LTD, 1, 0, 2, 44] [D:\Program Files\Thunder\Program\backend_agent.dll] [ShenZhen Thunder Networking Technologies,LTD, 1, 1, 2, 27] [D:\Program Files\Thunder\Program\ptl.dll] [ShenZhen Thunder Networking Technologies,LTD, 3, 2, 2, 55] [D:\Program Files\Thunder\Program\dl_peer_id.dll] [ShenZhen Thunder Networking Technologies,LTD, 3, 1, 2, 4] [D:\Program Files\Thunder\Program\xl_stat.dll] [ShenZhen Thunder Networking Technologies,LTD, 1, 0, 2, 7] [D:\Program Files\Thunder\Program\p2p_upload.dll] [ShenZhen Thunder Networking Technologies,LTD, 1,1,2,13] [D:\Program Files\Thunder\Program\p2p_network_com.dll] [ShenZhen Thunder Networking Technologies,LTD, 1, 0, 2, 25] [D:\Program Files\Thunder\Program\XLNet.Dll] [ShenZhen Thunder Networking Technologies,LTD, 1, 5, 2, 25] [D:\Program Files\Thunder\Program\BHOStub.dll] [ShenZhen Thunder Networking Technologies,LTD, 1, 1, 1, 13] [D:\Program Files\Thunder\Program\FloatBar.dll] [ShenZhen Thunder Networking Technologies,LTD, 1, 0, 0, 2] [D:\Program Files\Thunder\Components\DownAndPlay\DownAndPlay.dll] [ShenZhen Thunder Networking Technologies,LTD, 1, 0, 12, 30] [D:\Program Files\Thunder\Program\p2p.dll] [ShenZhen Thunder Networking Technologies,LTD, 1,1,2,48] [D:\Program Files\Thunder\Program\xldc.dll] [ShenZhen Thunder Networking Technologies,LTD, 4, 0, 2, 27] [D:\Program Files\Thunder\Program\stream.dll] [ShenZhen Thunder Networking Technologies,LTD, 2, 1, 2, 1041] [D:\Program Files\Thunder\Program\p2sp.dll] [ShenZhen Thunder Networking Technologies,LTD, 1, 1, 2, 59] [D:\Program Files\Thunder\Program\p2p_local_res.dll] [ShenZhen Thunder Networking Technologies,LTD, 1,1,2,18] [D:\Program Files\Thunder\Program\p2sp_pd.dll] [ShenZhen Thunder Networking Technologies,LTD, 1, 0, 2, 5] [D:\Program Files\Thunder\Program\al.dll] [ShenZhen Thunder Networking Technologies,LTD, 1,1,2,31] [D:\Program Files\Thunder\Program\media_data.dll] [ShenZhen Thunder Networking Technologies,LTD, 1, 0, 2, 7] [D:\Program Files\Thunder\Program\sl.dll] [ShenZhen Thunder Networking Technologies,LTD, 1.0.2.2] [D:\Program Files\Thunder\Program\iTargetAD.dll] [ShenZhen Thunder Networking Technologies,LTD, 1, 0, 4, 35] [C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx] [Adobe Systems, Inc., 9,0,124,0] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [D:\Program Files\Thunder\Components\youyou\Youyou.dll] [ShenZhen Thunder Networking Technologies,LTD, 1.1.0.2] [D:\Program Files\Thunder\Components\Community\XLCommunity.dll] [ShenZhen Thunder Networking Technologies,LTD, 3.0.2.15] [D:\Program Files\Thunder\Program\XLI18N.dll] [ShenZhen Thunder Networking Technologies,LTD, 1, 0, 2, 1] [D:\Program Files\Thunder\Components\Community\VipResource.dll] [N/A, ] [D:\Program Files\Thunder\Program\http.dll] [ShenZhen Thunder Networking Technologies,LTD, 1.0.0.4] [D:\Program Files\Thunder\Components\Community\XLCP.dll] [ShenZhen Thunder Networking Technologies,LTD, 1.0.1.5] [D:\Program Files\Thunder\Components\Community\XLUser.dll] [ShenZhen Thunder Networking Technologies,LTD, 1.0.1.7] [D:\Program Files\Thunder\Components\Community\XLBlog.dll] [ShenZhen Thunder Networking Technologies,LTD, 1.0.1.9] [D:\Program Files\Thunder\Program\xldcsubtask.dll] [ShenZhen Thunder Networking Technologies,LTD, 1, 0, 2, 5] [D:\Program Files\Thunder\Components\InMedia\iEmbedShell.dll] [ShenZhen Thunder Networking Technologies,LTD, 3, 4, 12, 125] [D:\Program Files\Thunder\Components\InMedia\iEmbed22.dll] [ShenZhen Thunder Networking Technologies,LTD, 3, 4, 12, 125] [D:\Program Files\Thunder\Components\InMedia\XLIPC.DLL] [ShenZhen Thunder Networking Technologies,LTD, 1, 0, 0, 2] [D:\Program Files\Thunder\Components\Security\ThunderSafe.dll] [ShenZhen Thunder Networking Technologies,LTD, 2, 1, 9, 113] [D:\Program Files\Thunder\Components\Security\ConfigManager.dll] [ShenZhen Thunder Networking Technologies,LTD, 1, 0, 0, 1] [D:\Program Files\Thunder\Components\Security\SafeManager.dll] [ShenZhen Thunder Networking Technologies,LTD, 1, 0, 6, 21] [D:\Program Files\Thunder\Components\Security\SafeStatistic.dll] [ShenZhen Thunder Networking Technologies,LTD, 1, 0, 0, 1] [D:\Program Files\Thunder\Program\XLNetU.Dll] [ShenZhen Thunder Networking Technologies,LTD, 1, 5, 1, 24] [D:\Program Files\Thunder\Plugins\XLSafeHost\XLSafeHost.dll] [ShenZhen Thunder Networking Technologies,LTD, 1, 2, 20, 108] [D:\Program Files\Thunder\Plugins\XLSafeHost\ThunderRAV\ThunderRAV.dll] [N/A, ] [D:\Program Files\Thunder\Plugins\XLSafeHost\ThunderRAV\bin\rsscan.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4] [D:\Program Files\Thunder\Program\emule_id.dll] [ShenZhen Thunder Networking Technologies,LTD, 1, 0, 2, 12] [D:\Program Files\Thunder\Plugins\XLSafeHost\ThunderRAV\bin\recomp.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [D:\Program Files\Thunder\Plugins\XLSafeHost\ThunderRAV\bin\refs.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3] [D:\Program Files\Thunder\Plugins\XLSafeHost\ThunderRAV\bin\viruslib.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [D:\Program Files\Thunder\Plugins\XLSafeHost\ThunderRAV\bin\relibldr.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2] [D:\Program Files\Thunder\Components\Search\XLSearch.dll] [ShenZhen Thunder Networking Technologies,LTD, 1, 1, 9, 28] [D:\Program Files\Thunder\Components\Search\GGTipsRule.dll] [N/A, ] [D:\Program Files\Thunder\Program\LiveUpdate.dll] [ShenZhen Thunder Networking Technologies,LTD, 1, 2, 4, 26] [D:\Program Files\Thunder\Plugins\Xmp\XmpVip.dll] [ShenZhen Thunder Networking Technologies,LTD, 1.0.0.3] [D:\Program Files\Thunder\Plugins\NetGame\XLNetGame.dll] [ShenZhen Thunder Networking Technologies,LTD, 1, 0, 0, 2] [D:\Program Files\Thunder\Components\XLSoftBase\DrThunderHost.dll] [ShenZhen Thunder Networking Technologies,LTD, 1.1.0.21] [D:\Program Files\Thunder\Components\XLSoftBase\DrKernel.dll] [ShenZhen Thunder Networking Technologies,LTD, 1.1.0.15] [D:\Program Files\Thunder\Components\XLSoftBase\DrSoftIdentifier.dll] [ShenZhen Thunder Networking Technologies,LTD, 1.0.0.12] [D:\Program Files\Thunder\Components\XLSoftBase\DrUpdate.dll] [ShenZhen Thunder Networking Technologies,LTD, 1.1.0.12] [D:\Program Files\Thunder\Components\XLSoftBase\DrGetFile.dll] [ShenZhen Thunder Networking Technologies,LTD, 1.1.0.4] [D:\Program Files\Thunder\Plugins\GouGouTop\GouGouTop.dll] [Thunder Networking Technologies,LTD, 1, 0, 2, 5] [D:\Program Files\Thunder\Plugins\KanKanTop\KanKanTop.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 4] [D:\Program Files\Thunder\Components\ExplorerHelper\ExplorerHelper.dll] [ShenZhen Thunder Networking Technologies,LTD, 1, 0, 4, 26] [D:\Program Files\Thunder\Components\Tips\TipsClient.dll] [ShenZhen Thunder Networking Technologies,LTD, 3, 0, 3, 137] [D:\Program Files\Thunder\Components\Tips\XLSkin.dll] [ShenZhen Thunder Networking Technologies,LTD, 1, 0, 1, 3] [D:\Program Files\Thunder\Components\VPSHELL\VPSHELL.dll] [ShenZhen Thunder Networking Technologies,LTD, 4, 0, 1, 42] [D:\Program Files\Thunder\Components\UserExperience\UserExperience.dll] [ShenZhen Thunder Networking Technologies,LTD, 1, 0, 3, 5] [D:\Program Files\Thunder\Components\ResWorker\DsXlCom.dll] [ShenZhen Thunder Networking Technologies,LTD, 1, 0, 0, 30] [D:\Program Files\Thunder\Components\ResWorker\DataProcessor_00.dll] [ShenZhen Thunder Networking Technologies,LTD, 1, 0, 0, 16] [D:\Program Files\Thunder\Components\ResWorker\MediaWorker.dll] [ShenZhen Thunder Networking Technologies,LTD, 1, 2, 0, 22] [D:\Program Files\Thunder\Components\DownloadStat\DownloadStat.dll] [ShenZhen Thunder Networking Technologies,LTD, 1, 4, 1, 6] [D:\Program Files\Thunder\Program\bd.dll] [ShenZhen Thunder Networking Technologies,LTD, 1, 0, 2, 20] [D:\Program Files\Thunder\Plugins\XLSafeHost\ThunderRAV\bin\ffr.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3] [D:\Program Files\Thunder\Plugins\XLSafeHost\ThunderRAV\bin\scanexec.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5] [D:\Program Files\Thunder\Plugins\XLSafeHost\ThunderRAV\bin\unexe.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1] [D:\Program Files\Thunder\Plugins\XLSafeHost\ThunderRAV\bin\scanex.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 34] [D:\Program Files\Thunder\Plugins\XLSafeHost\ThunderRAV\bin\extfile.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13] [D:\Program Files\Thunder\Plugins\XLSafeHost\ThunderRAV\bin\pearc.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [D:\Program Files\Thunder\Plugins\XLSafeHost\ThunderRAV\bin\scanpe.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11] [D:\Program Files\Thunder\Plugins\XLSafeHost\ThunderRAV\bin\ur000.dat] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12] [D:\Program Files\Thunder\Plugins\XLSafeHost\ThunderRAV\bin\urutils.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [D:\Program Files\Thunder\Plugins\XLSafeHost\ThunderRAV\bin\scansct.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3] [PID: 6080 / Administrator][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [d:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [d:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [D:\Program Files\360safe\safemon\safemon.dll] [360.CN, 5, 0, 0, 1007] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [D:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.5.34] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [d:\Program Files\easyMule\modules\IE2EM.dll] [VeryCD.com, 1.0.0.1] [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll] [Adobe Systems Incorporated, 9.1.0.2009022700] [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 9.1.0.2009022700] [d:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll] [RealPlayer, 1.0.1.85] [d:\Program Files\Real\RealPlayer\lang\rpbrp_cn.dll] [RealNetworks, Inc., 6.0.14.0] [C:\PROGRA~1\OCINS\ieaux.dll] [中国互联网络信息中心(CNNIC), 2, 6, 0, 35] [C:\PROGRA~1\OCINS\idnsvr.dll] [中国互联网信息中心(CNNIC), 2, 6, 0, 4] [C:\PROGRA~1\baidu\bar\baidubar.dll] [Baidu.com, Inc., 2, 0, 2, 183] [D:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 120] [D:\Program Files\Thunder\Components\ResWorker\DsBho_00.dll] [ShenZhen Thunder Networking Technologies,LTD, 1, 0, 0, 20] [D:\Program Files\Thunder\Components\ResWorker\DataProcessor_00.dll] [ShenZhen Thunder Networking Technologies,LTD, 1, 0, 0, 16] [C:\WINDOWS\system32\UrlFilter.dll] [Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 15] [d:\Program Files\Rising\AntiSpyware\UrlRule.dll] [Beijing Rising Information Technology Co., Ltd., 1.0.0.15] [C:\Program Files\PPLiveVA\DownloaderManager.dll] [Synacast, 1.0.0.35] [c:\program files\google\googletoolbar2.dll] [Google Inc., 4, 0, 1606, 6690] [C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll] [Google Inc., 3, 1, 807, 1746] [D:\Program Files\360safe\safemon\urlproc.dll] [360.CN, 1, 0, 0, 1003] [C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx] [Adobe Systems, Inc., 9,0,124,0] [C:\WINDOWS\Downloaded Program Files\RavOLCtl.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.17] [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RavOL\REComp.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 41] [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RavOL\refs.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18] [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RavOL\viruslib.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27] [C:\Program Files\PPLiveVA\VAProxyD.dll] [Synacast, 1.0.0.33] [C:\Program Files\PPLiveVA\FloatWin.dll] [Synacast, 1.0.0.11] [PID: 6104 / Administrator][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [d:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [d:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [D:\Program Files\360safe\safemon\safemon.dll] [360.CN, 5, 0, 0, 1007] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [D:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.5.34] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 9.1.0.2009022700] [d:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll] [RealPlayer, 1.0.1.85] [C:\PROGRA~1\OCINS\idnsvr.dll] [中国互联网信息中心(CNNIC), 2, 6, 0, 4] [C:\PROGRA~1\baidu\bar\baidubar.dll] [Baidu.com, Inc., 2, 0, 2, 183] [D:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 120] [D:\Program Files\Thunder\Components\ResWorker\DsBho_00.dll] [ShenZhen Thunder Networking Technologies,LTD, 1, 0, 0, 20] [D:\Program Files\Thunder\Components\ResWorker\DataProcessor_00.dll] [ShenZhen Thunder Networking Technologies,LTD, 1, 0, 0, 16] [C:\Program Files\PPLiveVA\DownloaderManager.dll] [Synacast, 1.0.0.35] [c:\program files\google\googletoolbar2.dll] [Google Inc., 4, 0, 1606, 6690] [D:\Program Files\360safe\safemon\urlproc.dll] [360.CN, 1, 0, 0, 1003] [d:\Program Files\easyMule\modules\IE2EM.dll] [VeryCD.com, 1.0.0.1] [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll] [Adobe Systems Incorporated, 9.1.0.2009022700] [d:\Program Files\Real\RealPlayer\lang\rpbrp_cn.dll] [RealNetworks, Inc., 6.0.14.0] [C:\PROGRA~1\OCINS\ieaux.dll] [中国互联网络信息中心(CNNIC), 2, 6, 0, 35] [C:\WINDOWS\system32\UrlFilter.dll] [Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 15] [d:\Program Files\Rising\AntiSpyware\UrlRule.dll] [Beijing Rising Information Technology Co., Ltd., 1.0.0.15] [C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll] [Google Inc., 3, 1, 807, 1746] [C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx] [Adobe Systems, Inc., 9,0,124,0] [C:\Program Files\PPLiveVA\VAProxyD.dll] [Synacast, 1.0.0.33] [C:\Program Files\PPLiveVA\FloatWin.dll] [Synacast, 1.0.0.11] [PID: 3512 / Administrator][D:\Program Files\Rising\Rising\Rav\rsmain.exe] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [D:\Program Files\360safe\safemon\safemon.dll] [360.CN, 5, 0, 0, 1007] [D:\Program Files\Rising\Rising\Rav\rspalmgr.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.29] [D:\Program Files\Rising\Rising\Rav\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [D:\Program Files\Rising\Rising\Rav\RSXML.DLL] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [D:\Program Files\Rising\Rising\Rav\RsGuiLib.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 73] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0] [D:\Program Files\Rising\Rising\Rav\rslang.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 28] [D:\Program Files\Rising\Rising\Rav\ravbmenu.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 16] [D:\Program Files\Rising\Rising\Rav\rsconf.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [D:\Program Files\Rising\Rising\Rav\rspalvd.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.24] [D:\Program Files\Rising\Rising\Rav\ravppops.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 15] [D:\Program Files\Rising\Rising\Rav\ravbintl.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 28] [D:\Program Files\Rising\Rising\Rav\ravpsafe.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.25] [D:\Program Files\Rising\Rising\Rav\MonState.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7] [D:\Program Files\Rising\Rising\Rav\ScanPrxy.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.16] [D:\Program Files\Rising\Rising\Rav\psafecfg.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.19] [D:\Program Files\Rising\Rising\Rav\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.1] [D:\Program Files\Rising\Rising\Rav\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.18] [D:\Program Files\Rising\Rising\Rav\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [D:\Program Files\Rising\Rising\Rav\ProcComm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46] [D:\Program Files\Rising\Rising\Rav\ravxpage.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 86] [D:\Program Files\Rising\Rising\Rav\ravxmons.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 24] [D:\Program Files\Rising\Rising\Rav\ravptool.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.20] [D:\Program Files\Rising\Rising\Rav\log2file.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.10] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [D:\Program Files\Rising\Rising\Rav\PngDll.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4] [D:\Program Files\Rising\Rising\Rav\htmllib.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1] [PID: 4588 / Administrator][C:\WINDOWS\sreng2\SREngLdr.EXE] [Smallfrogs Studio, 2.7.1.1261] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [PID: 4900 / Administrator][C:\WINDOWS\sreng2\SRE734fbaa.EXE] [Smallfrogs Studio, 2.7.1.1261] [C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33] [d:\Program Files\Rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37] [d:\Program Files\Rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6] [D:\Program Files\360safe\safemon\safemon.dll] [360.CN, 5, 0, 0, 1007] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15] ================================== 文件关联 .TXT Error. [C:\WINDOWS\notepad.exe %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM Error. ["hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS Error. [] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 N/A ================================== Autorun.inf N/A ================================== HOSTS 文件 127.0.0.1 localhost 127.0.0.1 c0mo.com 127.0.0.1 gxgxy.net 127.0.0.1 fg.pvs360.com 127.0.0.1 cw.pvs360.com 127.0.0.1 ta.pvs360.com 127.0.0.1 dl.pvs360.com 127.0.0.1 ok.sl8cjs.cn 127.0.0.1 union.daqi.com 127.0.0.1 121.15.247.22 127.0.0.1 61.155.140.4 127.0.0.1 444.gmwo07.com 127.0.0.1 333.gmwo07.com 127.0.0.1 222.gmwo07.com 127.0.0.1 111.gmwo07.com 127.0.0.1 www.zmjjjyy.cn 127.0.0.1 user9.78-10.net 127.0.0.1 haha.yaoyao09.com 127.0.0.1 www.noseqing.cn 127.0.0.1 219.129.239.251 127.0.0.1 61.164.118.208 127.0.0.1 nc.mskess.com 127.0.0.1 idc.windowsupdeta.cn 127.0.0.1 pvs360.com 127.0.0.1 sl8cjs.cn 127.0.0.1 my.531jx.cn 127.0.0.1 nx.51ylb.cn 127.0.0.1 llboss.com 127.0.0.1 windowsupdeta.cn 127.0.0.1 up.22x44.com 127.0.0.1 d2.llsging.com 127.0.0.1 down.malasc.cn 127.0.0.1 wg.47255.com 127.0.0.1 www.tomwg.com 127.0.0.1 tp.shpzhan.cn 127.0.0.1 www.22aaa.com 127.0.0.1 ilove.com 127.0.0.1 xxx.mmma.biz 127.0.0.1 171817.171817.com 127.0.0.1 www.868wg.com 127.0.0.1 yu.8s7.net 127.0.0.1 1.jopmmqq.com 127.0.0.1 cao.kv8.info 127.0.0.1 xtx.kv8.info 127.0.0.1 new.749571.com 127.0.0.1 xxx.vh7.biz 127.0.0.1 1.jopenkk.com 127.0.0.1 d.93se.com 127.0.0.1 3.joppnqq.com 127.0.0.1 xxx.j41m.com 127.0.0.1 xxx.m111.biz 127.0.0.1 down.18dd.net 127.0.0.1 www.333292.com 127.0.0.1 1.jopenqc.com 127.0.0.1 qqq.hao1658.com 127.0.0.1 qqq.dzydhx.com 127.0.0.1 www.cike007.cn 127.0.0.1 www.exiao01.com 127.0.0.1 2.joppnqq.com 127.0.0.1 1.jopanqc.com 127.0.0.1 1.joppnqq.com 127.0.0.1 www.exiao01.com 127.0.0.1 xx.exiao01.com ================================== 进程特权扫描特殊特权被允许： SeLoadDriverPrivilege [PID = 676, C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 704, C:\PROGRAM FILES\OCINS\IDNSVR.EXE] 特殊特权被允许： SeLoadDriverPrivilege [PID = 4588, C:\WINDOWS\SRENG2\SRENGLDR.EXE] ================================== 计划任务 [已启用] User_Feed_Synchronization-{ED342F80-8E5D-424A-B57A-ADEDF04F14FF}.job C:\WINDOWS\system32\msfeedssync.exe ================================== API HOOK 入口点错误：NtCreateFile (危险等级: 高, 被下面模块所HOOK: 0x003D57D5) 入口点错误：NtCreateKey (危险等级: 高, 被下面模块所HOOK: 0x003D5975) 入口点错误：NtLoadDriver (危险等级: 高, 被下面模块所HOOK: 0x003D60C5) 入口点错误：NtSetValueKey (危险等级: 高, 被下面模块所HOOK: 0x003D5A45) 入口点错误：NtWriteFile (危险等级: 高, 被下面模块所HOOK: 0x003D58A5) 入口点错误：ZwCreateFile (危险等级: 高, 被下面模块所HOOK: 0x003D57D5) 入口点错误：ZwCreateKey (危险等级: 高, 被下面模块所HOOK: 0x003D5975) 入口点错误：ZwSetValueKey (危险等级: 高, 被下面模块所HOOK: 0x003D5A45) 入口点错误：ZwWriteFile (危险等级: 高, 被下面模块所HOOK: 0x003D58A5) 入口点错误：CreateServiceA (危险等级: 高, 被下面模块所HOOK: 0x003D5D85) 入口点错误：CreateServiceW (危险等级: 高, 被下面模块所HOOK: 0x003D5E55) 入口点错误：LoadLibraryA (危险等级: 高, 被下面模块所HOOK: 0x003D6A85) 入口点错误：LoadLibraryExW (危险等级: 高, 被下面模块所HOOK: 0x003D566D) 入口点错误：CreateFileW (危险等级: 高, 被下面模块所HOOK: 0x003D65A5) 入口点错误：CreateProcessA (危险等级: 高, 被下面模块所HOOK: 0x003D69B5) 入口点错误：CreateProcessW (危险等级: 高, 被下面模块所HOOK: 0x003D6815) ================================== 隐藏进程 N/A ================================== [/CODE]