开机时不运行任何程序直接关机的话没有任何问题，运行几个程序之后在关机就不行了，单击“关闭计算机”鼠标呈现“忙”状态，持续3到4分钟后才出现“待机”“关闭”
电脑关机很慢。点了开始，关闭计算机之后就一直没反应了，至少等4.5分钟才弹出：注销。待机，关闭。但是开机又不慢  （刚开开电脑　后　关闭计算机　都很正常？　过　一会　就　出现上边的情况了）
这是日志
[CODE]
2008-06-14,22:33:58
System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <RavTask><"G:\Program Files\Rising\Rav\RavTask.exe" -system>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
    <RfwMain><"G:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [(Verified)BEIJING RISING SCIENCE AND TECHNOLOGY CORPORATION LIMITED]
    <ScheduleTV><C:\Program Files\Gadmei\TVR PLUS\ScheduleTV.exe>  []
    <runeip><; "G:\台北红楼\runiep.exe" /startup>  [Beijing Rising Technology Co., Ltd.]
    <BigDog303><; C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)>  [N/A]
    <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <SoundMan><; SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <KKDelay><G:\台北红楼\RunOnce.exe>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
    <UIHost><logonui.exe>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    <WinlogonNotify: WgaLogon><WgaLogon.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
    <IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
==================================
启动文件夹
N/A
==================================
服务
[Contrl Center of Storm Media / ccosm][Running/Auto Start]
  <D:\千千静听\暴风影音\stormliv.exe /asservice><北京暴风网际科技有限公司>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[File Replication Service / Ntfrs][Running/Auto Start]
  <C:\WINDOWS\system32\ntfrs.exe><Microsoft Corporation>
[O&O Defrag / O&O Defrag][Running/Auto Start]
  <C:\WINDOWS\system32\oodag.exe><Microsoft Corporation>
[PPRich Server / PPRich][Stopped/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k ppsvcs-->C:\Program Files\PPGou Soft\PPRich\PPRICH.DLL><N/A>
[Rising Proxy  Service / RfwProxySrv][Running/Auto Start]
  <g:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
  <g:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"G:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
  <"G:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
==================================
驱动程序
[360AntiArp / 360AntiArp][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\360AntiArp.sys><360安全中心>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[Intel(R) PRO Adapter Driver / E100B][Running/Manual Start]
  <system32\DRIVERS\e100b325.sys><Intel Corporation>
[EagleNT / EagleNT][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\EagleNT.sys><N/A>
[fhzl / fhzl][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\fhzl.ahc><N/A>
[%GDMCAP.DeviceDesc% / GDMCAP][Running/Auto Start]
  <system32\drivers\GDMCAP.sys><Gadmei Inc>
[HookCont / HookCont][Running/System Start]
  <\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Technology Co., Ltd>
[HookNtos / HookNtos][Running/System Start]
  <\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Technology Co., Ltd>
[HookReg / HookReg][Running/System Start]
  <\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Technology Co., Ltd>
[HookSys / HookSys][Running/System Start]
  <\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Technology Co., Ltd>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\G:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[khebc / khebc][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\khebc><N/A>
[npkcrypt / npkcrypt][Stopped/Auto Start]
  <\??\D:\qq\npkcrypt.sys><N/A>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[olhjf / olhjf][Stopped/Manual Start]
  <\??\C:\DOCUME~1\liliran\LOCALS~1\Temp\_temp.dat><N/A>
[PortTalk / PortTalk][Stopped/Manual Start]
  <System32\Drivers\PortTalk.sys><Beyond Logic http://www.beyondlogic.org>
[PortTalk-0 / PortTalk-0][Stopped/Manual Start]
  <System32\Drivers\PortTalk-0.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Rising  Rfwbase Driver / RfwBase][Running/Auto Start]
  <System32\DRIVERS\rfwbase.SYS><Beijing Rising Technology Co., Ltd.>
[RsAntiSpyware / RsAntiSpyware][Stopped/Disabled]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
[RsFwDrv / RsFwDrv][Running/System Start]
  <\??\G:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[Secdrv / Secdrv][Running/Auto Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[Intel (R) System Managment BIOS Service / SMBios][Running/Manual Start]
  <system32\DRIVERS\SMBios.sys><Intel Corporation>
[sysHostSvc / sysHostSvc][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\GuiHelp.sys><Microsoft Corporation>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[VIMICRO USB PC Camera (ZC0301PLH) / ZSMC303][Stopped/Manual Start]
  <System32\Drivers\usbVM303.sys><VM>
==================================
浏览器加载项
[WebThunder Browser Helper]
  {00000AAA-A363-466E-BEF5-9BB68697AA7F} <D:\honggui\讯雷\WebThunderBHO_Now.dll, Thunder Networking Technologies,LTD>
[启动WEB迅雷]
  {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft Corporation>
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, >
[ICBC Security Ctrl]
  {5AB9367B-DD7F-411D-A030-DF7DE5E17AAE} <C:\WINDOWS\DOWNLO~1\NETBAN~1.OCX, Industrial and Commercial Bank of China>
[GLAvatar Control]
  {61238DE1-3317-4322-89AC-AC844831380D} <e:\联众\Game\Share\GLAVAT~1.OCX, N/A>
[AxSubmitControl Class]
  {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\DOWNLO~1\SUBMIT~1.DLL, >
[Tencent Safety Online Base Module]
  {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <C:\WINDOWS\system32\TSOBase\TSOBase.ocx, Tencent Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
[ADODB.Recordset]
  {00000535-0000-0010-8000-00AA006D2EA4} <C:\Program Files\Common Files\System\ado\msado15.dll, Microsoft Corporation>
[WebThunder Browser Helper]
  {00000AAA-A363-466E-BEF5-9BB68697AA7F} <D:\honggui\讯雷\WebThunderBHO_Now.dll, Thunder Networking Technologies,LTD>
[WebThunder Class]
  {03507A1A-E0C5-4404-AA26-205385C0892D} <, N/A>
[GerneralPeerID Class]
  {0A47E819-F82E-4D5D-B806-6A9EA94D68CD} <D:\honggui\讯雷\Components\InMedia\peerid.dll, N/A>
[PeerDraw Class]
  {10072CEC-8CC1-11D1-986E-00A0C955B42E} <%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll, N/A>
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft Corporation>
[iTrusPTA Class]
  {1E0DFFCF-27FF-4574-849B-55007349FEDA} <C:\WINDOWS\system32\aliedit\pta.dll, >
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[XML DOM Document]
  {2933BF90-7B36-11D2-B20E-00C04F983E60} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[WebThunder DapPlayer]
  {2EEDA47E-8D5C-4d7e-B4B6-E16E19218555} <D:\honggui\讯雷\DownAndPlay\DapPlayer3.0.41.65.941.dll, ShenZhen Thunder Networking Technologies Ltd.>
[Tabular Data Control]
  {333C7BC4-460F-11D0-BC04-0080C7055A83} <C:\WINDOWS\system32\tdc.ocx, Microsoft Corporation>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <D:\honggui\讯雷\ComDlls\ThunderAgent_Now.dll, N/A>
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, >
[HHCtrl Object]
  {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[ICBC Security Ctrl]
  {5AB9367B-DD7F-411D-A030-DF7DE5E17AAE} <C:\WINDOWS\DOWNLO~1\NETBAN~1.OCX, Industrial and Commercial Bank of China>
[PowerPlayer Control]
  {5EC7C511-CD0F-42E6-830C-1BD9882F3458} <G:\IS\iSpeak\pps\POWERP~1.DLL, N/A>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[XMP Class]
  {6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
[XDRM]
  {693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[StormPlayer Object]
  {6BE52E1D-E586-474F-A6E2-1A85A9B4D9FB} <D:\千千静听\暴风影音\mps.dll, 北京暴风网际科技有限公司>

用户系统信息：Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)

[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Active Desktop Mover]
  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, >
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <D:\honggui\360safe_3.0f\360safe_3.0f\live.dll, 360.cn>
[Microsoft Web Browser]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[AxSubmitControl Class]
  {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\DOWNLO~1\SUBMIT~1.DLL, >
[RealPlayer Stream Handler]
  {A1A41E11-91DB-4461-95CD-0C02327FD934} <D:\千千静听\暴风影音\Codec\rmoc3260.dll, RealNetworks, Inc.>
[RMGetLicense Class]
  {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[Thunder DapCtrl]
  {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\DapCtrl1.5.578.28.941.dll, ShenZhen Thunder Networking Technologies Ltd.>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Messenger Object]
  {B69003B3-C55E-4B48-836C-BC5946FC3B28} <C:\Program Files\Messenger\msgsc.dll, Microsoft Corporation>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[QQPlayerSvr Proxy Control]
  {CD108273-D434-43E6-AA90-1469F97EB398} <D:\QQ\QzoneMusic.dll, 腾讯科技>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
  {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <D:\千千静听\暴风影音\Codec\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
[QuickTimeCheck Class]
  {DE4AF3B0-F4D4-11D3-B41A-0050DA2E6C21} <D:\千千静听\暴风影音\Codec\QTSystem\QTCheck.ocx, Apple Computer, Inc.>
[ISActiveX Control]
  {DF28D1E2-C05D-4B7C-AE6E-95C112E1FF8D} <G:\IS\iSpeak\ISACTI~1.OCX, 上海勤和互联网技术软件开发有限公司>
[AgControl Class]
  {DFEAF541-F3E1-4C24-ACAC-99C30715084A} <C:\Program Files\Microsoft Silverlight\npctrl.1.0.30401.0.dll,  Microsoft Corporation>
[RevealTrans]
  {E31E87C4-86EA-4940-9B8A-5BD5D179A737} <C:\WINDOWS\system32\Dxtmsft.dll, Microsoft Corporation>
[PasswordEditCtrl Class]
  {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
[TimwpDll.TimwpCheck]
  {ED4CA2E5-0EEA-44C1-AD7E-74A07A7507A4} <D:\QQ\Timwp.dll, TENCENT>
[XML HTTP Request]
  {ED8C108E-4349-11D2-91A4-00C04F7969E8} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[Thunder DapCtrl]
  {EF1EA76E-5428-4e40-85A1-D4DD2893183A} <D:\honggui\讯雷\DownAndPlay\DapCtrl1.3.17.20.46.dll, ShenZhen Thunder Networking Technologies Ltd.>
[XPPlayer Class]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\pplayer.dll_1_work, Thunder>
[XML DOM Document 3.0]
  {F5078F32-C551-11D3-89B9-0000F81FE221} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[Free Threaded XML DOM Document 3.0]
  {F5078F33-C551-11D3-89B9-0000F81FE221} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[XML HTTP 3.0]
  {F5078F35-C551-11D3-89B9-0000F81FE221} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[XSL Template 3.0]
  {F5078F36-C551-11D3-89B9-0000F81FE221} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[XML DOM Document]
  {F6D90F11-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[Messenger Application]
  {FB7199AB-79BF-11D2-8D94-0000F875C541} <C:\Program Files\Messenger\msgsc.dll, Microsoft Corporation>
[使用WEB迅雷下载]
  <D:\honggui\讯雷\GetUrl.htm, N/A>
[使用WEB迅雷下载全部链接]
  <D:\honggui\讯雷\GetAllUrl.htm, N/A>
[使用迅雷下载]
  <D:\honggui\讯雷\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <D:\honggui\讯雷\Program\getallurl.htm, N/A>
[添加到QQ表情]
  <D:\QQ\AddEmotion.htm, N/A>

==================================
正在运行的进程
[PID: 548 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 608 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [g:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [g:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 632 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WgaLogon.dll]  [Microsoft Corporation, 1.7.0018.7]
    [g:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [g:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 676 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\AppPatch\AcAdProc.dll]  [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)]
    [g:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [g:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 688 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [g:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [g:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 840 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [g:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [g:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 904 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [g:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [g:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 1000 / SYSTEM][G:\Program Files\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.28]
    [g:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [g:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 1020 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
    [g:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [g:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 1108 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [g:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [g:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 1240 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [g:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [g:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[PID: 1300 / SYSTEM][G:\PROGRAM FILES\RISING\RAV\ravmond.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.76]
    [G:\PROGRAM FILES\RISING\RAV\BWList.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.4]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [G:\PROGRAM FILES\RISING\RAV\RSAPPMGR.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [G:\PROGRAM FILES\RISING\RAV\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.16]
    [G:\PROGRAM FILES\RISING\RAV\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.35]
    [G:\PROGRAM FILES\RISING\RAV\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [G:\PROGRAM FILES\RISING\RAV\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [G:\PROGRAM FILES\RISING\RAV\MonRule.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.29]
    [G:\PROGRAM FILES\RISING\RAV\Hooksys.dll]  [Beijing Rising Technology Co., Ltd, 22, 0, 0, 9]
    [G:\PROGRAM FILES\RISING\RAV\HookReg.dll]  [Beijing Rising Technology Co., Ltd, 22, 0, 0, 4]
    [G:\PROGRAM FILES\RISING\RAV\HookNtos.dll]  [Beijing Rising Technology Co., Ltd, 22, 0, 0, 2]
    [G:\PROGRAM FILES\RISING\RAV\rswalmon.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 22]
    [G:\PROGRAM FILES\RISING\RAV\recomp.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 39]
    [G:\PROGRAM FILES\RISING\RAV\refs.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 17]
    [G:\PROGRAM FILES\RISING\RAV\ffr.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 15]
    [G:\Program Files\Rising\Rav\RsStore.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.8]
    [G:\PROGRAM FILES\RISING\RAV\HookCont.dll]  [Beijing Rising Technology Co., Ltd, 22, 0, 0, 1]
    [G:\Program Files\Rising\Rav\fakescan.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.13]
    [G:\Program Files\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.36]
    [G:\PROGRAM FILES\RISING\RAV\viruslib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26]
    [G:\PROGRAM FILES\RISING\RAV\relibldr.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [G:\PROGRAM FILES\RISING\RAV\HookWeb.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.2]
    [G:\PROGRAM FILES\RISING\RAV\nvfile.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 6]
    [G:\PROGRAM FILES\RISING\RAV\extfile.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 29]
    [G:\PROGRAM FILES\RISING\RAV\pearc.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 5]
    [G:\PROGRAM FILES\RISING\RAV\scanexec.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [G:\PROGRAM FILES\RISING\RAV\unexe.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 5]
    [G:\PROGRAM FILES\RISING\RAV\scanex.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 77]
    [g:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [g:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [G:\PROGRAM FILES\RISING\RAV\scansct.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9]
    [G:\PROGRAM FILES\RISING\RAV\scanpack.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9]
    [G:\PROGRAM FILES\RISING\RAV\revm.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 8]
    [G:\PROGRAM FILES\RISING\RAV\urutils.dll]  [, 20, 0, 0, 6]
    [G:\PROGRAM FILES\RISING\RAV\ur000.dat]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 18]
    [G:\PROGRAM FILES\RISING\RAV\extole.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 12]
    [G:\PROGRAM FILES\RISING\RAV\extmail.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9]
[PID: 1324 / SYSTEM][g:\program files\rising\rfw\rfwsrv.exe]  [Beijing Rising Technology Co., Ltd., 7.0.0.68]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [G:\Program Files\Rising\Rfw\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [g:\program files\rising\rfw\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [g:\program files\rising\rfw\RSAPPMGR.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [g:\program files\rising\rfw\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.16]
    [g:\program files\rising\rfw\RfwRule.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.13]
    [g:\program files\rising\rfw\rfwlog.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.12]
    [g:\program files\rising\rfw\Rfwdrv.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.41]
    [g:\program files\rising\rfw\psapi.dll]  [Microsoft Corporation, 4.00]
    [g:\program files\rising\rfw\ijt_ctrl.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.0]
    [g:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [g:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [g:\program files\rising\rfw\unvdet.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
    [g:\program files\rising\rfw\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.3]
[PID: 1548 / SYSTEM][G:\PROGRAM FILES\RISING\RAV\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.9]
    [G:\PROGRAM FILES\RISING\RAV\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [G:\PROGRAM FILES\RISING\RAV\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [G:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [g:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [g:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 1556 / SYSTEM][g:\program files\rising\rfw\rfwproxy.exe]  [Beijing Rising Technology Co., Ltd., 7.0.0.33]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [g:\program files\rising\rfw\psapi.dll]  [Microsoft Corporation, 4.00]
    [G:\Program Files\Rising\Rfw\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [g:\program files\rising\rfw\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [g:\program files\rising\rfw\RfwRule.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.13]
    [g:\program files\rising\rfw\urlrule.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 9]
    [g:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [g:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [g:\program files\rising\rfw\MonMid.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 1820 / SYSTEM][g:\program files\rising\rfw\rfwstub.exe]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [g:\program files\rising\rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [g:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [g:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 2008 / liliran][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.17]
    [C:\WINDOWS\system32\ieframe.dll]  [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
    [g:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [g:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\WINDOWS\system32\WPDShServiceObj.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\PortableDeviceTypes.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\PortableDeviceApi.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [G:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]

[D:\honggui\讯雷\WebThunderBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 75]
[PID: 252 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [g:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [g:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 320 / liliran][g:\program files\rising\rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 7.0.1.65]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [g:\program files\rising\rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 88]
    [G:\Program Files\Rising\Rfw\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [g:\program files\rising\rfw\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [g:\program files\rising\rfw\RSAPPMGR.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [g:\program files\rising\rfw\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.16]
    [g:\program files\rising\rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [g:\program files\rising\rfw\RfwCtrl.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.7]
    [g:\program files\rising\rfw\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0]
    [g:\program files\rising\rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4]
    [g:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [g:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [g:\program files\rising\rfw\RfwRule.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.13]
[PID: 388 / SYSTEM][D:\千千静听\暴风影音\stormliv.exe]  [北京暴风网际科技有限公司, 3, 8, 3, 15]
    [D:\千千静听\暴风影音\MSVCP60.dll]  [Microsoft Corporation, 6.02.3104.0]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
[PID: 532 / SYSTEM][C:\WINDOWS\system32\ntfrs.exe]  [Microsoft Corporation, 5.2.0.1108]
[PID: 264 / SYSTEM][C:\WINDOWS\system32\oodag.exe]  [Microsoft Corporation, 5.2.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1420 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2236 / liliran][G:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.23]
    [G:\Program Files\Rising\Rav\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [G:\Program Files\Rising\Rav\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [G:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [G:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [G:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.16]
[PID: 2284 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2332 / liliran][G:\Program Files\Rising\Rav\Ravmon.exe]  [Beijing Rising Technology Co., Ltd., 20.0.01.19]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [G:\Program Files\Rising\Rav\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [G:\Program Files\Rising\Rav\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [G:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [G:\Program Files\Rising\Rav\recomp.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 39]
    [G:\Program Files\Rising\Rav\refs.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 17]
    [G:\Program Files\Rising\Rav\viruslib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26]
    [G:\Program Files\Rising\Rav\relibldr.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [G:\Program Files\Rising\Rav\RSAPPMGR.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [G:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.16]
    [G:\Program Files\Rising\Rav\MonRule.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.29]
    [G:\Program Files\Rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4]
    [G:\Program Files\Rising\Rav\Rsguilib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 89]
    [G:\Program Files\Rising\Rav\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0]
[PID: 2528 / liliran][C:\Program Files\Gadmei\TVR PLUS\ScheduleTV.exe]  [, 1, 0, 0, 1]
    [C:\Program Files\Gadmei\TVR PLUS\GMDLL.dll]  [N/A, ]
    [g:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [g:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
[PID: 2612 / liliran][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [g:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [g:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 3412 / liliran][G:\台北红楼\runiep.exe]  [Beijing Rising Technology Co., Ltd., 5.0.0.16]
    [G:\台北红楼\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [G:\台北红楼\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 18]
[PID: 2660 / liliran][D:\honggui\sreng2(1)\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16674 (vista_gdr.080415-1732)]
    [g:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [g:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [D:\honggui\sreng2(1)\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost
127.0.0.1  yu.8s7.net
127.0.0.1  1.jopanqc.com
127.0.0.1  2.joppnqq.com
127.0.0.1  wg.47255.com
127.0.0.1  1.joppnqq.com
127.0.0.1  xxx.m111.biz
127.0.0.1  1.jopenqc.com
127.0.0.1  1.jopenkk.com
127.0.0.1  xxx.vh7.biz
127.0.0.1  xxx.j41m.com
127.0.0.1  3.joppnqq.com
127.0.0.1  d.93se.com
127.0.0.1  www.868wg.com
127.0.0.1  xxx.mmma.biz
127.0.0.1  ilove.com
127.0.0.1  tp.shpzhan.cn
127.0.0.1  www.tomwg.com
127.0.0.1  www.cike007.cn
127.0.0.1  www.22aaa.com
127.0.0.1  xx.exiao01.com
127.0.0.1  www.exiao01.com
127.0.0.1  www.exiao01.com
127.0.0.1  new.749571.com
127.0.0.1  xtx.kv8.info
127.0.0.1  cao.kv8.info
127.0.0.1  1.jopmmqq.com
127.0.0.1  171817.171817.com
127.0.0.1  d2.llsging.com
127.0.0.1  down.malasc.cn
127.0.0.1  llboss.com
127.0.0.1  nx.51ylb.cn
127.0.0.1  my.531jx.cn
127.0.0.1  qqq.dzydhx.com
127.0.0.1  qqq.hao1658.com
127.0.0.1  www.333292.com
127.0.0.1  down.18dd.net
127.0.0.1  up.22x44.com
127.0.0.1  aaa.faba01.com
127.0.0.1  bad.tqdlt.cn
127.0.0.1  1.chsipo.com
127.0.0.1  c3.aishangai.net
127.0.0.1  c2.aishangai.net
127.0.0.1  xxx.188dm.com
127.0.0.1  x2.1a2b3c1.com
127.0.0.1  d1.163500.net
127.0.0.1  down.google-serv.cn

==================================
进程特权扫描
特殊特权被允许： SeDebugPrivilege [PID = 2528, C:\PROGRAM FILES\GADMEI\TVR PLUS\SCHEDULETV.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2528, C:\PROGRAM FILES\GADMEI\TVR PLUS\SCHEDULETV.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 3412, G:\台北红楼\RUNIEP.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3412, G:\台北红楼\RUNIEP.EXE]

==================================
API HOOK
入口点错误：CreateProcessA (危险等级: 高,  被下面模块所HOOK: 0x010A1FFD)
入口点错误：CreateProcessW (危险等级: 高,  被下面模块所HOOK: 0x010A20E5)

==================================
隐藏进程
N/A

==================================


[/CODE]

ding

麻烦您能传个日志附件上来嘛，看这个都晕了~~·