[CODE]

2000-12-13,14:29:16

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)]
    <bgswitch><; C:\WINDOWS\system32\bgswitch.exe>  []
    <MsnMsgr><; "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <ATIPTA><C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe>  [ATI Technologies, Inc.]
    <QT4HPOT><C:\Program Files\HPQ\One-Touch\OneTouch.EXE>  [Dritek System Inc.]
    <SynTPLpr><C:\Program Files\Synaptics\SynTP\SynTPLpr.exe>  [Synaptics, Inc.]
    <SynTPEnh><C:\Program Files\Synaptics\SynTP\SynTPEnh.exe>  [Synaptics, Inc.]
    <ATIModeChange><; Ati2mdxx.exe>  [ATI Technologies, Inc.]
    <Cpqset><C:\Program Files\HPQ\Default Settings\cpqset.exe>  []
    <StormCodec_Helper><; "d:\Ringz Studio\Storm Codec\StormSet.exe" /S /opti>  []
    <iTunesHelper><; D:\Program Files\iTunes\iTunesHelper.exe>  [Apple Computer, Inc.]
    <hxgame-update><; C:\Program Files\hxgame\hxupdate\hxgame-update.exe>  []
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [N/A]
    <runeip><; "C:\Program Files\Rising\AntiSpyware\runiep.exe" /startup>  [Beijing Rising Technology Co., Ltd.]
    <360Safetray><D:\360safe\safemon\360Tray.exe /start>  [奇虎网]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
    <MazeSvr><D:\Program Files\天网Maze\MazeSvr.exe>  [N/A]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot>  [RealNetworks, Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <360Safe><Rundll32.exe D:\360safe\AntiAdwa.dll,KillAdware>  [360Safe.com]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
    <Supplicant><c:\program files\锐捷网络\ruijie supplicant\8021x.exe -Boot>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><kvdxjma.dll>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{B0E4D1E9-3CE5-48A1-8DF0-6463E046E7EF}><C:\WINDOWS\system32\gmtaiovciq.dll>  []
    <{AC87A354-ABC3-DEDE-FF33-3213FD7447CA}><C:\WINDOWS\system32\kvdxjma.dll>  []
    <{8A1247C1-53DA-FF43-ABD3-345F323A48D8}><C:\WINDOWS\system32\avwghmn.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    <WinlogonNotify: WgaLogon><WgaLogon.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]

==================================
启动文件夹
[腾讯QQ]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\腾讯QQ.lnk --> D:\PROGRA~1\Tencent\qq\QQ.exe [TENCENT]><H>

==================================
服务
[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[iPod 服务 / iPodService][Stopped/Manual Start]
  <"D:\Program Files\iPod\bin\iPodService.exe"><Apple Computer, Inc.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Windows Media Player Network Sharing Service / WMPNetworkSvc][Running/Auto Start]
  <C:\Program Files\Windows Media Player\WMPNetwk.exe><Microsoft Corporation>
[Windows Driver Foundation - User-mode Driver Framework / WudfSvc][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup-->%SystemRoot%\System32\WUDFSvc.dll><Microsoft Corporation>

==================================
驱动程序
[ALi Audio Accelerator WDM driver / aliadwdm][Stopped/Manual Start]
  <system32\drivers\ac97ali.sys><Acer Laboratories Inc.>
[AliIde / AliIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[ALi Infrared Device Driver / ALiIRDA][Running/Manual Start]
  <system32\DRIVERS\aliirda.sys><Acer Laboratories Inc.>
[RAS Asynchronous Media Driver / AsyncMac][Stopped/Auto Start]
  <system32\DRIVERS\comint32.sys><N/A>
[ati2mtag / ati2mtag][Running/Manual Start]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[ATI Cabo AGP Filter / caboagp][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\atisgkaf.sys><ATI Technologies Inc.>
[Conexant AMC 3D ENVIRONMENTAL AUDIO / CALIAUD][Running/Manual Start]
  <system32\drivers\caliaud.sys><Conexant Systems Inc.>
[CALIHALA / CALIHALA][Running/Manual Start]
  <system32\drivers\calihal.sys><Conexant Systems Inc.>
[Dritek HotKey Keyboard Filter Driver / DKbFltr][Running/Manual Start]
  <System32\Drivers\DKbFltr.SYS><Dritek System Inc.>
[National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver / DP83815][Running/Manual Start]
  <system32\DRIVERS\DP83815.SYS><National Semiconductor Corp.>
[NETGEAR FA330/FA312/FA311 Fast Ethernet Adapter Driver / FA312][Stopped/Manual Start]
  <system32\DRIVERS\FA312nd5.sys><NETGEAR Corp.>
[GEAR CDRom Filter / GEARAspiWDM][Running/Manual Start]
  <SYSTEM32\DRIVERS\GEARAspiWDM.sys><GEAR Software Inc.>
[HookCont / HookCont][Running/System Start]
  <\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Technology Co., Ltd>
[HookNtos / HookNtos][Running/System Start]
  <\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Technology Co., Ltd>
[HookReg / HookReg][Running/System Start]
  <\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Technology Co., Ltd>
[HookSys / HookSys][Running/System Start]
  <\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Technology Co., Ltd>
[HSFHWALI / HSFHWALI][Running/Manual Start]
  <system32\DRIVERS\HSFHWALI.sys><Conexant Systems, Inc.>
[HSF_DP / HSF_DP][Running/Manual Start]
  <system32\DRIVERS\HSF_DP.sys><Conexant Systems, Inc.>
[mcrgqjp / mcrgqjp][Running/Boot Start]
  <\SystemRoot\\SystemRoot\System32\drivers\mcrgqjp.sys><N/A>
[mdmxsdk / mdmxsdk][Running/Auto Start]
  <system32\DRIVERS\mdmxsdk.sys><Conexant>
[npkcrypt / npkcrypt][Stopped/Manual Start]
  <\??\D:\QQ2006\npkcrypt.sys><N/A>
[npkcusb / npkcusb][Stopped/Auto Start]
  <\??\D:\QQ2006\npkcusb.sys><N/A>
[PCANDIS5 NDIS Protocol Driver / PCANDIS5][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\PCANDIS5.SYS><Printing Communications Assoc., Inc. (PCAUSA)>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[QQHX / QQHX][Stopped/Manual Start]
  <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp8.tmp><N/A>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[StreamDispatcher / StreamDispatcher][Running/Auto Start]
  <system32\DRIVERS\strmdisp.sys><Conexant Systems, Inc.>
[Synaptics TouchPad Driver / SynTP][Running/Manual Start]
  <system32\DRIVERS\SynTP.sys><Synaptics, Inc.>
[winachsf / winachsf][Running/Manual Start]
  <system32\DRIVERS\HSF_CNXT.sys><Conexant Systems, Inc.>
[Windows Driver Foundation - User-mode Driver Framework Platform Driver / WudfPf][Stopped/Manual Start]
  <system32\DRIVERS\WudfPf.sys><Microsoft Corporation>
[Windows Driver Foundation - User-mode Driver Framework Reflector / WudfRd][Stopped/Manual Start]
  <system32\DRIVERS\wudfrd.sys><Microsoft Corporation>
[76990 / 76990][Running/]
  <2 - 系统找不到指定的文件。
><N/A>

==================================

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; (R1 1.3))

浏览器加载项
[FlashFXP Helper for Internet Explorer]
  {E5A1691B-D188-4419-AD02-90002030B8EE} <D:\FlashFXP\IEFlash.dll, IniCom Networks, Inc.>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <d:\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[番茄花园]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.tomatolei.com, N/A>
[金山快译(&K)]
  {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} <D:\金山快译\IEBand.dll, 金山软件股份有限公司>
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft Corporation>
[iTrusPTA Class]
  {1E0DFFCF-27FF-4574-849B-55007349FEDA} <C:\WINDOWS\system32\aliedit\pta.dll, >
[MUWebControl Class]
  {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, Microsoft Corporation>
[PicUploadCtrl Class]
  {BF8C499A-AC6E-4F58-82EA-9E5FCC41C34B} <C:\WINDOWS\Downloaded Program Files\PicUpload.dll, Sohu.com Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>
[]
  {9963387B-212E-4643-B207-82DAEA0E713D} <C:\Program Files\Internet Explorer\PLUGINS\Wn_Sys8x.Sys, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>
[FlashFXP Helper for Internet Explorer]
  {E5A1691B-D188-4419-AD02-90002030B8EE} <D:\FlashFXP\IEFlash.dll, IniCom Networks, Inc.>
[&使用BitComet下载]
  <res://D:\BitComet_0.82\BitComet.exe/AddLink.htm, N/A>
[&使用BitComet下载全部链接]
  <res://D:\BitComet_0.82\BitComet.exe/AddAllLink.htm, N/A>
[&使用BitComet下载本页视频]
  <res://D:\BitComet_0.82\BitComet.exe/AddVideo.htm, N/A>
[&使用迅雷下载]
  <d:\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
  <d:\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A>
[导出当前页到超星阅览器(&A)]
  <, N/A>
[导出选中部分到超星阅览器(&S)]
  <, N/A>
[添加到QQ表情]
  <d:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>

==================================
正在运行的进程
[PID: 692 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 760 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 784 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\gmtaiovciq.dll]  [N/A, ]
    [C:\WINDOWS\system32\WgaLogon.dll]  [Microsoft Corporation, 1.7.0018.5]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\imaadp32.acm]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msadp32.acm]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msg711.acm]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\msgsm32.acm]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\tssoft32.acm]  [DSP GROUP, INC., 1.01]
    [C:\WINDOWS\system32\tsd32.dll]  [, ]
    [C:\WINDOWS\system32\msg723.acm]  [Microsoft Corporation, 4.4.3400]
    [C:\WINDOWS\system32\msaud32.acm]  [Microsoft Corporation, 8.00.00.4487]
    [C:\WINDOWS\system32\sl_anet.acm]  [Sipro Lab Telecom Inc., 3.02]
    [C:\WINDOWS\system32\iac25_32.ax]  [Intel Corporation, 2.05.53]
    [C:\WINDOWS\system32\l3codeca.ax]  [Fraunhofer Institut Integrierte Schaltungen IIS, 1, 9, 0, 0305]
    [C:\WINDOWS\system32\vorbis.acm]  [HMS http://hp.vector.co.jp/authors/VA012897/, 0, 0, 3, 6]
    [C:\WINDOWS\system32\vct3216.acm]  [Voxware, Inc., 1.6.0.17]
    [C:\WINDOWS\system32\vct3216.dll]  [Voxware, Inc., 1.6.0.12]
    [C:\WINDOWS\system32\msms001.vwp]  [Voxware, Inc., 2.0.2.61]
    [C:\WINDOWS\system32\mvoice.vwp]  [Voxware, Inc., 2.0.0.12.01]
    [C:\WINDOWS\system32\sirenacm.dll]  [Microsoft Corp., 7.5.0311.0]
[PID: 836 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\AppPatch\AcAdProc.dll]  [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)]
    [C:\WINDOWS\system32\gmtaiovciq.dll]  [N/A, ]
[PID: 848 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\gmtaiovciq.dll]  [N/A, ]
[PID: 1020 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\gmtaiovciq.dll]  [N/A, ]
[PID: 1132 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\gmtaiovciq.dll]  [N/A, ]
[PID: 1232 / SYSTEM][C:\Program Files\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.28]
    [C:\WINDOWS\system32\gmtaiovciq.dll]  [N/A, ]
[PID: 1252 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\gmtaiovciq.dll]  [N/A, ]
    [C:\WINDOWS\system32\wups2.dll]  [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[PID: 1416 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\gmtaiovciq.dll]  [N/A, ]
[PID: 1588 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\gmtaiovciq.dll]  [N/A, ]
[PID: 1604 / SYSTEM][C:\PROGRAM FILES\RISING\RAV\Ravmond.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.60]
    [C:\PROGRAM FILES\RISING\RAV\BWList.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.4]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\gmtaiovciq.dll]  [N/A, ]
    [C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [C:\PROGRAM FILES\RISING\RAV\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.10]
    [C:\PROGRAM FILES\RISING\RAV\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.27]
    [C:\PROGRAM FILES\RISING\RAV\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\PROGRAM FILES\RISING\RAV\MonRule.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.24]
    [C:\PROGRAM FILES\RISING\RAV\Hooksys.dll]  [Beijing Rising Technology Co., Ltd, 22, 0, 0, 7]
    [C:\PROGRAM FILES\RISING\RAV\HookReg.dll]  [Beijing Rising Technology Co., Ltd, 22, 0, 0, 2]
    [C:\PROGRAM FILES\RISING\RAV\HookNtos.dll]  [Beijing Rising Technology Co., Ltd, 22, 0, 0, 2]
    [C:\PROGRAM FILES\RISING\RAV\rswalmon.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 21]
    [C:\PROGRAM FILES\RISING\RAV\recomp.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [C:\PROGRAM FILES\RISING\RAV\refs.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9]
    [C:\PROGRAM FILES\RISING\RAV\ffr.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9]
    [C:\PROGRAM FILES\RISING\RAV\extfile.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 21]
    [C:\Program Files\Rising\Rav\RsStore.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.8]
    [C:\PROGRAM FILES\RISING\RAV\HookCont.dll]  [Beijing Rising Technology Co., Ltd, 22, 0, 0, 1]
    [C:\Program Files\Rising\Rav\fakescan.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.13]
    [C:\Program Files\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.34]
    [C:\PROGRAM FILES\RISING\RAV\viruslib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 14]
    [C:\PROGRAM FILES\RISING\RAV\relibldr.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 13]
    [C:\PROGRAM FILES\RISING\RAV\HookWeb.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.2]
    [C:\PROGRAM FILES\RISING\RAV\pearc.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 5]
    [C:\PROGRAM FILES\RISING\RAV\nvfile.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [C:\PROGRAM FILES\RISING\RAV\scanexec.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 11]
    [C:\PROGRAM FILES\RISING\RAV\unexe.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4]
    [C:\PROGRAM FILES\RISING\RAV\scanex.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 21]
    [C:\PROGRAM FILES\RISING\RAV\scanpack.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 7]
    [C:\PROGRAM FILES\RISING\RAV\revm.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 8]
    [C:\PROGRAM FILES\RISING\RAV\uroutine.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 22]
    [C:\PROGRAM FILES\RISING\RAV\scriptci.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [C:\PROGRAM FILES\RISING\RAV\scansct.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 6]
[PID: 1980 / SYSTEM][C:\PROGRAM FILES\RISING\RAV\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.9]
    [C:\WINDOWS\system32\gmtaiovciq.dll]  [N/A, ]
    [C:\PROGRAM FILES\RISING\RAV\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]

[C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[PID: 2012 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\gmtaiovciq.dll]  [N/A, ]
[PID: 732 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\gmtaiovciq.dll]  [N/A, ]
[PID: 764 / Administrator][C:\PROGRAM FILES\RISING\RAV\RavMon.exe]  [Beijing Rising Technology Co., Ltd., 20.0.01.05]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\gmtaiovciq.dll]  [N/A, ]
    [C:\PROGRAM FILES\RISING\RAV\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [C:\PROGRAM FILES\RISING\RAV\recomp.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [C:\PROGRAM FILES\RISING\RAV\refs.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9]
    [C:\PROGRAM FILES\RISING\RAV\viruslib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 14]
    [C:\PROGRAM FILES\RISING\RAV\relibldr.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 13]
    [C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [C:\PROGRAM FILES\RISING\RAV\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.10]
    [C:\PROGRAM FILES\RISING\RAV\MonRule.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.24]
    [C:\PROGRAM FILES\RISING\RAV\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [C:\PROGRAM FILES\RISING\RAV\Rsguilib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 79]
    [C:\PROGRAM FILES\RISING\RAV\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0]
    [D:\360safe\safemon\safemon.dll]  [奇虎网, 3, 6, 4, 1001]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.5.3 18Apr03]
    [C:\WINDOWS\system32\avwghmn.dll]  [N/A, ]
    [C:\WINDOWS\system32\kvdxjma.dll]  [N/A, ]
[PID: 1500 / NETWORK SERVICE][C:\Program Files\Windows Media Player\WMPNetwk.exe]  [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\wmpmde.dll]  [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\MFPlat.DLL]  [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\gmtaiovciq.dll]  [N/A, ]
    [C:\WINDOWS\system32\wmpps.dll]  [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)]
[PID: 2536 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\gmtaiovciq.dll]  [N/A, ]
[PID: 2860 / Administrator][C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe]  [ATI Technologies, Inc., 6.13.10.3022]
    [C:\WINDOWS\system32\gmtaiovciq.dll]  [N/A, ]
    [C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.CHS]  [ATI Technologies, Inc., 6.13.10.3022]
    [C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll]  [ATI Technologies, Inc., 6.13.10.3022]
[PID: 2880 / Administrator][C:\Program Files\HPQ\One-Touch\OneTouch.EXE]  [Dritek System Inc., 1.6.8.0]
    [C:\Program Files\HPQ\One-Touch\SzUPFUtl.dll]  [Dritek System Inc., 1.00]
    [C:\Program Files\HPQ\One-Touch\OSDUtl.dll]  [Dritek System Inc., 1.00]
    [C:\Program Files\HPQ\One-Touch\RgnMaker.dll]  [Dritek System Inc., 12.07.1999 ( VC60 )]
    [C:\Program Files\HPQ\One-Touch\CDRomUtl.dll]  [Dritek System Inc., 1.00]
    [C:\Program Files\HPQ\One-Touch\MixerUtl.dll]  [Dritek System Inc., 1.00]
    [C:\Program Files\HPQ\One-Touch\LgKCUtl.dll]  [Dritek System Inc., 3, 0, 0, 1]
    [C:\Program Files\HPQ\One-Touch\ComFnUtl.dll]  [Dritek System Inc., 1.00]
    [C:\Program Files\HPQ\One-Touch\Wnd2File.dll]  [Dritek System Inc., 3.00]
    [C:\WINDOWS\system32\gmtaiovciq.dll]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 2892 / Administrator][C:\Program Files\Synaptics\SynTP\SynTPLpr.exe]  [Synaptics, Inc., 7.5.3 18Apr03]
    [C:\WINDOWS\system32\gmtaiovciq.dll]  [N/A, ]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.5.3 18Apr03]
[PID: 2900 / Administrator][C:\Program Files\Synaptics\SynTP\SynTPEnh.exe]  [Synaptics, Inc., 7.5.3 18Apr03]
    [C:\WINDOWS\system32\gmtaiovciq.dll]  [N/A, ]
    [C:\WINDOWS\system32\SynCOM.dll]  [Synaptics, Inc., 7.5.3 18Apr03]
    [C:\WINDOWS\system32\SynTPAPI.dll]  [Synaptics, Inc., 7.5.3 18Apr03]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.5.3 18Apr03]
[PID: 3044 / Administrator][D:\360safe\safemon\360Tray.exe]  [奇虎网, 3, 6, 4, 3002]
    [C:\WINDOWS\system32\gmtaiovciq.dll]  [N/A, ]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.5.3 18Apr03]
    [D:\360safe\safemon\safemon.dll]  [奇虎网, 3, 6, 4, 1001]
    [D:\360safe\safemon\SafeKrnl.dll]  [奇虎网, 3, 6, 0, 1001]
    [D:\360safe\AntiAdwa.dll]  [360Safe.com, 3, 6, 3, 1001]
    [C:\WINDOWS\system32\avwghmn.dll]  [N/A, ]
    [C:\WINDOWS\system32\kvdxjma.dll]  [N/A, ]
    [D:\360safe\live.dll]  [360safe.com, 1, 0, 1, 1021]
[PID: 3072 / Administrator][C:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.20]
    [C:\WINDOWS\system32\gmtaiovciq.dll]  [N/A, ]
    [C:\Program Files\Rising\Rav\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\Program Files\Rising\Rav\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.10]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.5.3 18Apr03]
[PID: 3128 / Administrator][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.1622]
    [C:\WINDOWS\system32\gmtaiovciq.dll]  [N/A, ]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.5.3 18Apr03]
[PID: 3196 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[C:\WINDOWS\system32\gmtaiovciq.dll]  [N/A, ]
    [D:\360safe\safemon\safemon.dll]  [奇虎网, 3, 6, 4, 1001]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.5.3 18Apr03]
[PID: 592 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\gmtaiovciq.dll]  [N/A, ]
    [D:\360safe\safemon\safemon.dll]  [奇虎网, 3, 6, 4, 1001]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.5.3 18Apr03]
    [c:\documents and settings\administrator\application data\ppstream\bin\1.0.0.2\vodrc.dll]  [ppstream.com, 1.0.0.2]
    [D:\FlashFXP\IEFlash.dll]  [IniCom Networks, Inc., 3.0.0.1015]
    [C:\WINDOWS\system32\kvdxjma.dll]  [N/A, ]
    [C:\WINDOWS\system32\avwghmn.dll]  [N/A, ]
    [D:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx]  [Adobe Systems, Inc., 9,0,47,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL]  [Microsoft Corporation, 11.0.5510]
    [C:\WINDOWS\system32\UNISPIM6.IME]  [北京紫光华宇软件股份有限公司, 6.0.0.6138]
    [C:\WINDOWS\system32\KIme.ime]  [金山软件公司, 1, 0, 0, 1]
    [C:\WINDOWS\system32\PortableDeviceApi.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[PID: 1780 / Administrator][D:\360safe\360safe.exe]  [奇虎网, 3, 6, 4, 3003]
    [C:\WINDOWS\system32\gmtaiovciq.dll]  [N/A, ]
    [D:\360safe\safemon\safemon.dll]  [奇虎网, 3, 6, 4, 1001]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.5.3 18Apr03]
    [D:\360safe\AntiAdwa.dll]  [360Safe.com, 3, 6, 3, 1001]
    [D:\360safe\AntiEng.dll]  [360Safe.com, 3, 6, 4, 1001]
    [D:\360safe\LeakCheck.dll]  [360Safe.com, 3, 6, 4, 1001]
    [D:\360safe\CleanHis.dll]  [奇虎网, 3, 0, 2, 1000]
    [C:\WINDOWS\system32\avwghmn.dll]  [N/A, ]
    [C:\WINDOWS\system32\kvdxjma.dll]  [N/A, ]
    [D:\360safe\Antispy.dll]  [奇虎网, 3, 6, 3, 1001]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
[PID: 532 / Administrator][C:\WINDOWS\explorer.exe]  [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
    [C:\WINDOWS\system32\gmtaiovciq.dll]  [N/A, ]
    [D:\360safe\safemon\safemon.dll]  [奇虎网, 3, 6, 4, 1001]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.5.3 18Apr03]
    [c:\documents and settings\administrator\application data\ppstream\bin\1.0.0.2\vodrc.dll]  [ppstream.com, 1.0.0.2]
    [C:\WINDOWS\system32\WPDShServiceObj.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\PortableDeviceTypes.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\PortableDeviceApi.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\kvdxjma.dll]  [N/A, ]
    [C:\WINDOWS\system32\avwghmn.dll]  [N/A, ]
    [D:\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.17]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [C:\WINDOWS\system32\wpdshext.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\Audiodev.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [D:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
[PID: 3260 / Administrator][D:\Program Files\TTPlayer\TTPlayer.exe]  [Alen Soft, 5, 0, 1, 0]
    [D:\Program Files\TTPlayer\ttpcomm.dll]  [N/A, ]
    [C:\WINDOWS\system32\kvdxjma.dll]  [N/A, ]
    [D:\360safe\safemon\safemon.dll]  [奇虎网, 3, 6, 4, 1001]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.5.3 18Apr03]
    [D:\Program Files\TTPlayer\ttpres.dll]  [Alen Soft, 5, 0, 1, 0]
    [D:\Program Files\TTPlayer\msdmo.dll]  [Microsoft Corporation, 6.03.01.0400]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [D:\Program Files\TTPlayer\AddIn\ttp_lrcsh.dll]  [N/A, ]
    [C:\WINDOWS\system32\avwghmn.dll]  [N/A, ]
    [C:\WINDOWS\system32\gmtaiovciq.dll]  [N/A, ]
[PID: 2640 / Administrator][D:\Thunder Network\Thunder\Program\Thunder5.exe]  [Thunder Networking Technologies,LTD, 5, 5, 2, 252]
    [C:\WINDOWS\system32\gmtaiovciq.dll]  [N/A, ]
    [D:\360safe\safemon\safemon.dll]  [奇虎网, 3, 6, 4, 1001]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.5.3 18Apr03]
    [D:\Thunder Network\Thunder\Program\TaskManager.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 10]
    [D:\Thunder Network\Thunder\Program\download_interface.dll]  [Thunder Networking Technologies,LTD, 2, 11, 2, 22]
    [D:\Thunder Network\Thunder\Program\stlport_vc646.dll]  [STLport Consulting, Inc., 4.6.2003.1031]
    [D:\Thunder Network\Thunder\Program\log4cplus.dll]  [, 1, 0, 2, 1]
    [D:\Thunder Network\Thunder\Program\asyn_dns.dll]  [Thunder Networking Technologies,LTD, 2, 11, 2, 22]
    [D:\Thunder Network\Thunder\Program\iTargetAD.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 12]
    [D:\Thunder Network\Thunder\Program\BHOStub.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 8]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx]  [Adobe Systems, Inc., 9,0,47,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\avwghmn.dll]  [N/A, ]
    [C:\WINDOWS\system32\kvdxjma.dll]  [N/A, ]
    [D:\Thunder Network\Thunder\Components\DTAG\DTAG.dll]  [, 1, 0, 0, 1]
    [D:\Thunder Network\Thunder\Program\LiveUpdate.dll]  [, 1, 0, 0, 9]
    [D:\Thunder Network\Thunder\Program\UpdateDownload.dll]  [Thunder Networking Technologies,LTD, 1, 0, 1, 8]
    [D:\Thunder Network\Thunder\Components\InMedia\iEmbedShell.dll]  [　, 1, 0, 0, 14]
    [d:\Thunder Network\Thunder\Components\InMedia\iEmbed07.dll]  [　, 3, 1, 0, 58]
    [D:\Thunder Network\Thunder\Components\Community\XLCommunity.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 10]
    [D:\Thunder Network\Thunder\Program\RegisterDll.dll]  [Thunder Networking Technologies,LTD, 2, 2, 1, 42]
    [D:\Thunder Network\Thunder\Components\Search\XLSearch.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 1]
    [D:\Thunder Network\Thunder\Components\P4PClient\P4PClient.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 3]
    [D:\Thunder Network\Thunder\Program\msgmanage.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 15]
    [D:\Thunder Network\Thunder\Plugins\BhoAdv\bho_adv.dll]  [深圳市迅雷网络技术有限公司, 1.0.1.0]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [c:\documents and settings\administrator\application data\ppstream\bin\1.0.0.2\vodrc.dll]  [ppstream.com, 1.0.0.2]
    [D:\Thunder Network\Thunder\Components\P4PClient\GZipDll.dll]  [N/A, ]
[PID: 3656 / Administrator][C:\Documents and Settings\Administrator\桌面\sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\WINDOWS\system32\gmtaiovciq.dll]  [N/A, ]
    [D:\360safe\safemon\safemon.dll]  [奇虎网, 3, 6, 4, 1001]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.5.3 18Apr03]
    [C:\Documents and Settings\Administrator\桌面\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
    [C:\WINDOWS\system32\kvdxjma.dll]  [N/A, ]
    [C:\WINDOWS\system32\avwghmn.dll]  [N/A, ]

文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 784, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 848, C:\WINDOWS\SYSTEM32\LSASS.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1252, C:\WINDOWS\SYSTEM32\SVCHOST.EXE]
特殊特权被允许： SeSystemtimePrivilege [PID = 1252, C:\WINDOWS\SYSTEM32\SVCHOST.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2012, C:\WINDOWS\SYSTEM32\SPOOLSV.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 2860, C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2860, C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 2880, C:\PROGRAM FILES\HPQ\ONE-TOUCH\ONETOUCH.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2880, C:\PROGRAM FILES\HPQ\ONE-TOUCH\ONETOUCH.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 2892, C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPLPR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2892, C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPLPR.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 2900, C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2900, C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 3044, D:\360SAFE\SAFEMON\360TRAY.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3044, D:\360SAFE\SAFEMON\360TRAY.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 3128, C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3128, C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 3196, C:\WINDOWS\SYSTEM32\CTFMON.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3196, C:\WINDOWS\SYSTEM32\CTFMON.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 592, C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 592, C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 1780, D:\360SAFE\360SAFE.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1780, D:\360SAFE\360SAFE.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 532, C:\WINDOWS\EXPLORER.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 532, C:\WINDOWS\EXPLORER.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 3260, D:\PROGRAM FILES\TTPLAYER\TTPLAYER.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3260, D:\PROGRAM FILES\TTPLAYER\TTPLAYER.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 2640, D:\THUNDER NETWORK\THUNDER\PROGRAM\THUNDER5.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2640, D:\THUNDER NETWORK\THUNDER\PROGRAM\THUNDER5.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

我也是中了这个毒，昨天杀了，但是今天打开网页还是被连上了

开始瑞星都不让升级了，现在的瑞星防护还不能用，
经过昨天的杀毒，任务管理器能用了，但是做的GHO备份被删除完了，还有每个盘符下出现一个sos.exe，没有杀呢，就自己没了，超郁闷，赶快解决一下吧
不知道怎么办，

任务管理器被系统管理员停用解决方法。

“组策略”法，请按照下面步骤进行组策略操作：

1、点击『开始』菜单
2、点击“运行”并键入"gpedit.msc"（不包括双引号）后确定
3、在“组策略”中依次展开

"本地计算机"策略/用户配置/管理模板/系统/Ctrl+Alt+Del 选项

4、在该列表中打开 删除“任务管理器” 的属性
5、在 删除“任务管理器” 属性中的“设置”选项卡中点选“已禁用”或“未配置”单选项，确定。

注：该策略的效果为，“任务栏”上的右键菜单上的“任务管理器”呈不可点击状，而按下组合键Ctrl+Alt+Del之后会弹出题目为“任务管理器”的对话框，内容是“任务管理器已被系统管理员停用”。

上述策略须在管理员帐户下操作
上述方法因需用到“组策略”，故该法适用于：
·Microsoft Windows XP Professional




“注册表”法，请按照下面步骤进行注册表编辑操作：

1、点击『开始』
2、点击“运行”并键入"regedit"（不包括双引号）后确定
3、在“注册表编辑器”中依次展开

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\

在该注册表项下建立名为 System 的项（如在Policies分支下已有System项，则无须此步骤）
在 System 项下建立名为 DisableTaskMgr 的“字串符值”或者“DWORD值”。

如果这样好使，请说1声。

偶也是这个。。。55555555555555555。。明天还杀不掉就格掉勒。。好可惜。。。55

http://forum.ikaka.com/topic.asp?board=28&artid=8404375