我电脑前2天中了个灰鸽子，，好像不太正常，，帮我看下sreng的日志

[CODE]
2008-07-13,20:40:41
System Repair Engineer 2.6.11.992
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 3 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Component Publisher]
    <OlympicExpress><"d:\Program Files\SogouInput\OlympicNews.exe">  [(Verified)Sogou.com]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <SkyTel><SkyTel.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <RTHDCPL><RTHDCPL.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <Alcmtr><ALCMTR.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <nwiz><; nwiz.exe /install>  []
    <NvMediaCenter><; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <tsnpstd3><C:\WINDOWS\tsnpstd3.exe>  []
    <snpstd3><C:\WINDOWS\vsnpstd3.exe>  []
    <runeip><"d:\Program Files\Rising\AntiSpyware\runiep.exe" /startup>  [Beijing Rising Technology Co., Ltd.]
    <RavTask><"d:\Program Files\Rising\Rav\RavTask.exe" -system>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
    <Microsoft Pinyin IME Migration><C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL>  [(Verified)Microsoft Corporation]
    <Adobe Reader Speed Launcher><"D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe">  [(Verified)"Adobe Systems, Incorporated"]
    <RfwMain><"d:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [(Verified)BEIJING RISING SCIENCE AND TECHNOLOGY CORPORATION LIMITED]
    <vmware-tray><D:\Program Files\VMware\VMware Workstation\vmware-tray.exe>  [(Verified)"VMware, Inc."]
    <VMware hqtray><"D:\Program Files\VMware\VMware Workstation\hqtray.exe">  [(Verified)"VMware, Inc."]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <KKDelay><D:\Program Files\Rising\AntiSpyware\RunOnce.exe>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Component Publisher]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll>  [Beijing Rising Technology Co., Ltd.]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [Microsoft Corporation]
==================================
启动文件夹
[Adobe Gamma Loader]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Gamma Loader.lnk --> C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.]><H>
[AutoCAD 启动加速器]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\AutoCAD 启动加速器.lnk --> C:\PROGRA~1\COMMON~1\AUTODE~1\ACSTAR~1.EXE [Autodesk, Inc]><N>
[QQ游戏启动加速程序]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> D:\PROGRA~1\Tencent\QQGame\Accel.exe [深圳市腾讯计算机系统有限公司]><N>
==================================
服务
[Autodesk Licensing Service / Autodesk Licensing Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"><Autodesk>
[Background Intelligent Transfer Service / BITS][Stopped/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\d3dx.dll><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NBService / NBService][Stopped/Manual Start]
  <C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe><Nero AG>
[NMIndexingService / NMIndexingService][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe"><Nero AG>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[PeanutHull DDNS Service / Peanuthull5Core][Stopped/Manual Start]
  <d:\Program Files\Oray\PeanutHull5\PhCore.exe><上海贝锐>
[Pml Driver HPZ12 / Pml Driver HPZ12][Running/Auto Start]
  <C:\WINDOWS\system32\HPZipm12.exe><HP>
[Rising Proxy  Service / RfwProxySrv][Running/Auto Start]
  <d:\Program Files\Rising\Rfw\rfwProxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
  <d:\Program Files\Rising\Rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"d:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
  <"D:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[StarWind iSCSI Service / StarWindService][Running/Auto Start]
  <D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe><Rocket Division Software>
[VMware Agent Service / ufad-ws60][Stopped/Manual Start]
  <"D:\Program Files\VMware\VMware Workstation\vmware-ufad.exe" -d "D:\Program Files\VMware\VMware Workstation\\" -s ufad-p2v.xml><VMware, Inc.>
[VMware Authorization Service / VMAuthdService][Running/Auto Start]
  <"D:\Program Files\VMware\VMware Workstation\vmware-authd.exe"><VMware, Inc.>
[VMware DHCP Service / VMnetDHCP][Running/Auto Start]
  <C:\WINDOWS\system32\vmnetdhcp.exe><VMware, Inc.>
[VMware Virtual Mount Manager Extended / vmount2][Running/Auto Start]
  <"C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe"><VMware, Inc.>
[VMware NAT Service / VMware NAT Service][Running/Auto Start]
  <C:\WINDOWS\system32\vmnat.exe><VMware, Inc.>
==================================
驱动程序
[AmdK8 Compatible Device / AmdK8][Stopped/Manual Start]
  <System32\drivers\amdk8.sys><Advanced Micro Devices>
[GMSIPCI / GMSIPCI][Stopped/Manual Start]
  <\??\F:\INSTALL\GMSIPCI.SYS><N/A>
[VMware hcmon / hcmon][Running/Auto Start]
  <\??\C:\WINDOWS\system32\Drivers\hcmon.sys><VMware, Inc.>
[Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HookCont / HookCont][Running/System Start]
  <\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Technology Co., Ltd>
[HookNtos / HookNtos][Running/System Start]
  <\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Technology Co., Ltd>
[HookReg / HookReg][Running/System Start]
  <\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Technology Co., Ltd>
[HookSys / HookSys][Running/System Start]
  <\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Technology Co., Ltd>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\d:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[IEEE-1284.4 Driver HPZid412 / HPZid412][Running/Manual Start]
  <system32\DRIVERS\HPZid412.sys><HP>
[Print Class Driver for IEEE-1284.4 HPZipr12 / HPZipr12][Running/Manual Start]
  <system32\DRIVERS\HPZipr12.sys><HP>
[USB to IEEE-1284.4 Translation Driver HPZius12 / HPZius12][Running/Manual Start]
  <system32\DRIVERS\HPZius12.sys><HP>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
  <system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[MSICPL / MSICPL][Stopped/Manual Start]
  <\??\F:\install4\MSICPL.sys><N/A>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
  <system32\drivers\npf.sys><NetGroup - Politecnico di Torino>
[npkcrypt / npkcrypt][Stopped/Auto Start]
  <\??\D:\Program Files\Tencent\QQ\npkcrypt.sys><N/A>
[NTACCESS / NTACCESS][Stopped/Manual Start]
  <\??\F:\NTACCESS.sys><N/A>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[QKeyServiceDisplay / QKeyService][Running/Boot Start]
  <\SystemRoot\system32\KeyCrypt.sys><Tencent Technology (Shenzhen) Company Limited>
[Rising  Rfwbase Driver / RfwBase][Running/Auto Start]
  <System32\DRIVERS\rfwbase.SYS><Beijing Rising Technology Co., Ltd.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
[RsFwDrv / RsFwDrv][Running/System Start]
  <\??\d:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[Realtek 10/100/1000 PCI NIC Family NDIS XP Driver / RTL8023xp][Running/Manual Start]
  <system32\DRIVERS\Rtnicxp.sys><Realtek Semiconductor Corporation>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SetupNTGLM7X / SetupNTGLM7X][Stopped/Manual Start]
  <\??\F:\NTGLM7X.sys><N/A>
[USB PC Camera (SNPSTD3) / SNPSTD3][Running/Manual Start]
  <system32\DRIVERS\snpstd3.sys><>
[TesSafe / TesSafe][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>
[TQANTISYS / TQANTISYS][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\TQANTISYS.SYS><天晴数码娱乐公司>
[TQAT_Hooker By FZH / TQAT][Stopped/Manual Start]
  <\??\D:\QQ魔域3829\TQAT\tqat.sys><N/A>
[Vax347b / Vax347b][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\Vax347b.sys><>
[Vax347s / Vax347s][Running/Boot Start]
  <\SystemRoot\System32\Drivers\Vax347s.sys><>
[VMware kbd / vmkbd][Running/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\VMkbd.sys><VMware, Inc.>
[VMware Virtual Ethernet Adapter Driver / VMnetAdapter][Running/Manual Start]
  <system32\DRIVERS\vmnetadapter.sys><VMware, Inc.>
[VMware Bridge Protocol / VMnetBridge][Running/Auto Start]
  <system32\DRIVERS\vmnetbridge.sys><VMware, Inc.>
[VMware Network Application Interface / VMnetuserif][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\vmnetuserif.sys><VMware, Inc.>
[VMware VMparport / VMparport][Running/Auto Start]
  <\??\C:\WINDOWS\system32\Drivers\VMparport.sys><VMware, Inc.>
[VMware vmx86 / vmx86][Running/Auto Start]
  <\??\C:\WINDOWS\system32\Drivers\vmx86.sys><VMware, Inc.>
[Vstor2 Virtual Storage Driver / vstor2][Running/Auto Start]
  <\??\C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys><VMware, Inc.>
[Vstor2 WS60 Virtual Storage Driver / vstor2-ws60][Running/Auto Start]
  <\??\D:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys><VMware, Inc.>
[XScanPF / XScanPF][Stopped/Manual Start]
  <\??\D:\Mu\X-Scan-v3.3\dat\xpf.sys><N/A>

不完整啊
把扫描结果作为附件传上来吧

==================================
浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL, Microsoft Corporation>
[@xpsp3res.dll,-20001]
  {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[SSReaderPlug]
  {1DE88635-1C72-401E-B23B-93FA86D30F3B} <C:\WINDOWS\DOWNLO~1\SSREAD~1.DLL, 北京超星>
[PowerPlayer Control]
  {5EC7C511-CD0F-42E6-830C-1BD9882F3458} <C:\WINDOWS\DOWNLO~1\CONFLICT.1\POWERP~1.DLL, PPStream Inc.>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[PowerList Control]
  {20C2C286-BDE8-441B-B73D-AFA22D914DA5} <C:\WINDOWS\DOWNLO~1\CONFLICT.1\POWERL~1.OCX, PPStream Inc.>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[IETag Factory]
  {38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, Microsoft Corporation>
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, N/A>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <C:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[Microsoft Terminal Services Client Control (redist)]
  {4eb89ff4-7f78-4a0f-8b8d-2bf02e94e4b2} <%systemroot%\system32\mstscax.dll, N/A>
[Microsoft Terminal Services Client Control (redist)]
  {4EDCB26C-D24C-4e72-AF07-B576699AC0DE} <%systemroot%\system32\mstscax.dll, N/A>
[PowerPlayer Control]
  {5EC7C511-CD0F-42E6-830C-1BD9882F3458} <C:\WINDOWS\DOWNLO~1\CONFLICT.1\POWERP~1.DLL, PPStream Inc.>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Terminal Services Client Control (redist)]
  {7390f3d8-0439-4c05-91e3-cf5cb290c3d0} <%systemroot%\system32\mstscax.dll, N/A>
[Microsoft Terminal Services Client Control (redist)]
  {7584c670-2274-4efb-b00b-d6aaba6d3850} <%systemroot%\system32\mstscax.dll, N/A>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[Microsoft Terminal Services Client Control (redist)]
  {9059f30f-4eb1-4bd2-9fdc-36f43a218f4a} <%systemroot%\system32\mstscax.dll, N/A>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
[PlayerCtrl Class]
  {E05BC2A3-9A46-4A32-80C9-023A473F5B23} <d:\Program Files\Tencent\QQMusic\QzoneMusic.dll, 深圳腾讯科技>
[&U使用纳米机器人下载并收藏]
  <D:\Program Files\NamiRobot\Data\du.html, N/A>
[使用迅雷下载]
  <C:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>
[导出到 Microsoft Excel(&X)]
  <res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
  <d:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
==================================
正在运行的进程
[PID: 828 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 904 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [d:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.19]
    [d:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 928 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
    [d:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.19]
    [d:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 972 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\AppPatch\AcAdProc.dll]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
    [d:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.19]
    [d:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 984 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
    [d:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.19]
    [d:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 1156 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [d:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.19]
    [d:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 1216 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [d:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.19]
    [d:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 1640 / SYSTEM][d:\Program Files\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.28]
    [d:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.19]
    [d:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 1656 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [d:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.19]
    [d:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 384 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [d:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.19]
    [d:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 536 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [d:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.19]
    [d:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 588 / SYSTEM][D:\PROGRAM FILES\RISING\RAV\ravmond.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.76]
    [D:\PROGRAM FILES\RISING\RAV\BWList.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.4]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [D:\PROGRAM FILES\RISING\RAV\RSAPPMGR.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [D:\PROGRAM FILES\RISING\RAV\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.18]
    [D:\PROGRAM FILES\RISING\RAV\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.35]
    [D:\PROGRAM FILES\RISING\RAV\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [D:\PROGRAM FILES\RISING\RAV\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [D:\PROGRAM FILES\RISING\RAV\MonRule.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.29]
    [D:\PROGRAM FILES\RISING\RAV\Hooksys.dll]  [Beijing Rising Technology Co., Ltd, 22, 0, 0, 9]
    [d:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.19]
    [d:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [D:\PROGRAM FILES\RISING\RAV\HookReg.dll]  [Beijing Rising Technology Co., Ltd, 22, 0, 0, 4]
    [D:\PROGRAM FILES\RISING\RAV\HookNtos.dll]  [Beijing Rising Technology Co., Ltd, 22, 0, 0, 2]
    [D:\PROGRAM FILES\RISING\RAV\rswalmon.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 22]
    [D:\PROGRAM FILES\RISING\RAV\recomp.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 39]
    [D:\PROGRAM FILES\RISING\RAV\refs.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 17]
    [D:\PROGRAM FILES\RISING\RAV\ffr.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 15]
    [d:\Program Files\Rising\Rav\RsStore.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.8]
    [D:\PROGRAM FILES\RISING\RAV\HookCont.dll]  [Beijing Rising Technology Co., Ltd, 22, 0, 0, 1]
    [d:\Program Files\Rising\Rav\fakescan.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.13]
    [d:\Program Files\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.36]
    [D:\PROGRAM FILES\RISING\RAV\viruslib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26]
    [D:\PROGRAM FILES\RISING\RAV\relibldr.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [D:\PROGRAM FILES\RISING\RAV\HookWeb.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.2]
    [D:\PROGRAM FILES\RISING\RAV\extfile.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 29]
    [D:\PROGRAM FILES\RISING\RAV\pearc.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 5]
    [D:\PROGRAM FILES\RISING\RAV\nvfile.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 6]
    [D:\PROGRAM FILES\RISING\RAV\scanexec.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [D:\PROGRAM FILES\RISING\RAV\unexe.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 5]
    [D:\PROGRAM FILES\RISING\RAV\scanex.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 80]
    [D:\PROGRAM FILES\RISING\RAV\scanpack.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9]
    [D:\PROGRAM FILES\RISING\RAV\revm.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 8]
    [D:\PROGRAM FILES\RISING\RAV\urutils.dll]  [, 20, 0, 0, 6]
    [D:\PROGRAM FILES\RISING\RAV\ur000.dat]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 18]
    [D:\PROGRAM FILES\RISING\RAV\scansct.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9]
    [D:\PROGRAM FILES\RISING\RAV\extmail.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9]
    [D:\PROGRAM FILES\RISING\RAV\scriptci.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [D:\PROGRAM FILES\RISING\RAV\ur023.dat]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 1]
    [D:\PROGRAM FILES\RISING\RAV\uroutine.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26]
    [D:\PROGRAM FILES\RISING\RAV\extole.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 12]
[PID: 596 / SYSTEM][d:\Program Files\Rising\Rfw\rfwsrv.exe]  [Beijing Rising Technology Co., Ltd., 7.0.0.73]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [d:\Program Files\Rising\Rfw\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [d:\Program Files\Rising\Rfw\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [d:\Program Files\Rising\Rfw\RSAPPMGR.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [d:\Program Files\Rising\Rfw\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.18]
    [d:\Program Files\Rising\Rfw\RfwRule.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.13]
    [d:\Program Files\Rising\Rfw\rfwlog.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.12]
    [d:\Program Files\Rising\Rfw\Rfwdrv.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.45]
    [d:\Program Files\Rising\Rfw\ijt_ctrl.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.0]
    [d:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.19]
    [d:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [d:\Program Files\Rising\Rfw\unvdet.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
    [d:\Program Files\Rising\Rfw\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.3]
[PID: 632 / SYSTEM][d:\Program Files\Rising\Rfw\rfwProxy.exe]  [Beijing Rising Technology Co., Ltd., 7.0.0.34]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [d:\Program Files\Rising\Rfw\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [d:\Program Files\Rising\Rfw\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [d:\Program Files\Rising\Rfw\RfwRule.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.13]
    [d:\Program Files\Rising\Rfw\urlrule.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 9]
    [d:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.19]
    [d:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [d:\Program Files\Rising\Rfw\MonMid.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.4]
[PID: 428 / SYSTEM][d:\Program Files\Rising\Rfw\rfwstub.exe]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [d:\Program Files\Rising\Rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [d:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.19]
    [d:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 1492 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
    [d:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.19]
    [d:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\WINDOWS\system32\HpTcpMon.dll]  [Hewlett Packard, 5.01.00.011]
    [C:\WINDOWS\system32\hpzjrd01.dll]  [Hewlett Packard, 2.01.00.003]
    [C:\WINDOWS\system32\HPTcpMUI.dll]  [Microsoft Corporation, 5.01.00.011]
    [C:\WINDOWS\system32\hptcpmib.dll]  [Hewlett Packard, 5.01.00.011]
    [C:\WINDOWS\system32\hpzsnt12.dll]  [HP, 14.00.00.41711]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll]  [Microsoft Corporation, 11.3.1897.0]
[PID: 1784 / SYSTEM][D:\PROGRAM FILES\RISING\RAV\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.9]
    [D:\PROGRAM FILES\RISING\RAV\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [D:\PROGRAM FILES\RISING\RAV\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [D:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [d:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.19]
    [d:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 200 / op001][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\AcSignIcon.dll]  [Autodesk, 17.0.54.0]
    [C:\WINDOWS\system32\shlhook.dll]  [Beijing Rising Technology Co., Ltd., 4.0.0.9]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.17]
    [d:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.19]
    [d:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll]  [Autodesk, 17.0.54.110]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll]  [Nero AG, 2, 0, 0, 8]
    [C:\Program Files\Common Files\Ahead\Lib\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Common Files\Ahead\Lib\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Common Files\Ahead\Lib\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 8.1.0.0]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.CHS]  [Adobe Systems, Inc., 8.0.0.0]
    [C:\WINDOWS\system32\nvcpl.dll]  [NVIDIA Corporation, 6.14.10.9371]
    [C:\WINDOWS\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.9371]
    [C:\WINDOWS\system32\nvapi.dll]  [N/A, ]
    [C:\WINDOWS\system32\nvshell.dll]  [, ]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.29]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 8.0.0.2006102200]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 96]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 20]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
    [D:\Program Files\Microsoft Office\Office12\msohevi.dll]  [Microsoft Corporation, 12.0.4518.1014]

[PID: 248 / op001][d:\Program Files\Rising\Rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 7.0.1.67]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [d:\Program Files\Rising\Rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 88]
    [C:\WINDOWS\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [d:\Program Files\Rising\Rfw\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [d:\Program Files\Rising\Rfw\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [d:\Program Files\Rising\Rfw\RSAPPMGR.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [d:\Program Files\Rising\Rfw\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.18]
    [d:\Program Files\Rising\Rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [d:\Program Files\Rising\Rfw\RfwCtrl.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.7]
    [d:\Program Files\Rising\Rfw\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0]
    [d:\Program Files\Rising\Rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4]
    [d:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.19]
    [d:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [d:\Program Files\Rising\Rfw\RfwRule.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.13]
[PID: 296 / op001][C:\WINDOWS\RTHDCPL.EXE]  [Realtek Semiconductor Corp., 2.1.2.0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1260 / SYSTEM][C:\WINDOWS\system32\HPZipm12.exe]  [HP, 10, 1, 1, 6]
[PID: 1028 / op001][C:\WINDOWS\tsnpstd3.exe]  [, 1, 1, 3, 1]
    [d:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.19]
    [d:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 1816 / op001][C:\WINDOWS\vsnpstd3.exe]  [, 1, 0, 2, 2]
    [d:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.19]
    [d:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 1956 / op001][D:\Program Files\Rising\AntiSpyware\runiep.exe]  [Beijing Rising Technology Co., Ltd., 5.0.0.16]
    [D:\Program Files\Rising\AntiSpyware\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [D:\Program Files\Rising\AntiSpyware\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17]
[PID: 2056 / op001][D:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.23]
    [D:\Program Files\Rising\Rav\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [D:\Program Files\Rising\Rav\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [D:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [D:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [D:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.18]
[PID: 2088 / op001][D:\Program Files\Rising\Rav\Ravmon.exe]  [Beijing Rising Technology Co., Ltd., 20.0.01.19]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [D:\Program Files\Rising\Rav\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [D:\Program Files\Rising\Rav\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [D:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [D:\Program Files\Rising\Rav\recomp.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 39]
    [D:\Program Files\Rising\Rav\refs.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 17]
    [D:\Program Files\Rising\Rav\viruslib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26]
    [D:\Program Files\Rising\Rav\relibldr.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [D:\Program Files\Rising\Rav\RSAPPMGR.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [D:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.18]
    [D:\Program Files\Rising\Rav\MonRule.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.29]
    [D:\Program Files\Rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4]
    [D:\Program Files\Rising\Rav\Rsguilib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 89]
    [D:\Program Files\Rising\Rav\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0]
[PID: 2132 / op001][D:\Program Files\VMware\VMware Workstation\vmware-tray.exe]  [VMware, Inc., 6.0.3 build-80004]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\Program Files\VMware\VMware Workstation\vmwarebase.DLL]  [VMware, Inc., 6.0.3 build-80004]
    [D:\Program Files\VMware\VMware Workstation\vmcryptolib.DLL]  [VMware, Inc., 6.0.0 build-43577]
    [D:\Program Files\VMware\VMware Workstation\libxml2.dll]  [N/A, ]
    [D:\Program Files\VMware\VMware Workstation\iconv.dll]  [Free Software Foundation, 1.9]
    [D:\Program Files\VMware\VMware Workstation\zlib1.dll]  [, 1.2.3]
    [D:\Program Files\VMware\VMware Workstation\vmcuiutil.dll]  [VMware, Inc., 6.0.3 build-80004]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [D:\Program Files\VMware\VMware Workstation\sigc-2.0.dll]  [The libsigc++ development team (see AUTHORS), 2.0.17]
    [d:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.19]
    [d:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [D:\Program Files\VMware\VMware Workstation\libeay32.dll]  [Eric Young, The OpenSSL Project, VMware Inc., OpenSSL 0.9.7l (VMware build 100)]
    [D:\Program Files\VMware\VMware Workstation\ssleay32.dll]  [Eric Young, The OpenSSL Project, VMware Inc., OpenSSL 0.9.7l (VMware build 100)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [D:\Program Files\VMware\VMware Workstation\vmnetMgr.dll]  [VMware, Inc., 6.0.3 build-80004]
    [D:\Program Files\VMware\VMware Workstation\VNETLIB.dll]  [VMware, Inc., 6.0.3 build-80004]
[PID: 2144 / op001][D:\Program Files\VMware\VMware Workstation\hqtray.exe]  [VMware, Inc., 6.0.3 build-80004]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\Program Files\VMware\VMware Workstation\vmwarebase.DLL]  [VMware, Inc., 6.0.3 build-80004]
    [D:\Program Files\VMware\VMware Workstation\vmcryptolib.DLL]  [VMware, Inc., 6.0.0 build-43577]
    [D:\Program Files\VMware\VMware Workstation\libxml2.dll]  [N/A, ]
    [D:\Program Files\VMware\VMware Workstation\iconv.dll]  [Free Software Foundation, 1.9]
    [D:\Program Files\VMware\VMware Workstation\zlib1.dll]  [, 1.2.3]
    [d:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.19]
    [d:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 2152 / op001][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
    [d:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.19]
    [d:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 2240 / op001][C:\WINDOWS\system32\taskmgr.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
[PID: 2572 / op001][D:\Program Files\SogouInput\OlympicNews.exe]  [Sogou.com Inc., 3.5.0.0]
    [d:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.19]
    [d:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [D:\Program Files\SogouInput\pxpnet.dll]  [Sohu.com Inc., 1, 0, 0, 13]
[PID: 2612 / SYSTEM][D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe]  [Rocket Division Software, 2.6.1 Build 0x20050401]
[PID: 2976 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\hpgwiamd.dll]  [Hewlett-Packard, 3.2.2.905]
[PID: 2996 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 3092 / SYSTEM][C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe]  [VMware, Inc., 1.5.2 build-42958]
    [C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmxScsiLib.dll]  [VMware, Inc., 1.5.2 build-42958]
    [C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\SSLEAY32.dll]  [N/A, ]
    [C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\LIBEAY32.dll]  [N/A, ]
    [C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
[PID: 3332 / SYSTEM][C:\WINDOWS\system32\vmnat.exe]  [VMware, Inc., 6.0.3 build-80004]
[PID: 3344 / op001][d:\Program Files\Rising\Rfw\RfwCfg.exe]  [Beijing Rising Technology Co., Ltd., 7.0.2.58]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [d:\Program Files\Rising\Rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 88]
    [C:\WINDOWS\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [d:\Program Files\Rising\Rfw\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [d:\Program Files\Rising\Rfw\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [d:\Program Files\Rising\Rfw\RSAPPMGR.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [d:\Program Files\Rising\Rfw\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.18]
    [d:\Program Files\Rising\Rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [d:\Program Files\Rising\Rfw\RfwCtrl.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.7]
    [d:\Program Files\Rising\Rfw\ProxyCtr.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.1]
    [d:\Program Files\Rising\Rfw\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0]
    [d:\Program Files\Rising\Rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4]
    [d:\Program Files\Rising\Rfw\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.3]
    [C:\WINDOWS\system32\shlhook.dll]  [Beijing Rising Technology Co., Ltd., 4.0.0.9]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.17]
[PID: 3396 / SYSTEM][C:\WINDOWS\system32\vmnetdhcp.exe]  [VMware, Inc., 6.0.3 build-80004]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
[PID: 3756 / SYSTEM][D:\Program Files\VMware\VMware Workstation\vmware-authd.exe]  [VMware, Inc., 6.0.3 build-80004]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\Program Files\VMware\VMware Workstation\vmwarebase.DLL]  [VMware, Inc., 6.0.3 build-80004]
    [D:\Program Files\VMware\VMware Workstation\vmcryptolib.DLL]  [VMware, Inc., 6.0.0 build-43577]
    [D:\Program Files\VMware\VMware Workstation\libxml2.dll]  [N/A, ]
    [D:\Program Files\VMware\VMware Workstation\iconv.dll]  [Free Software Foundation, 1.9]
    [D:\Program Files\VMware\VMware Workstation\zlib1.dll]  [, 1.2.3]
    [C:\WINDOWS\system32\netfxperf.dll]  [Microsoft Corporation, 1.1.4322.573]
    [C:\WINDOWS\system32\mscoree.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\perfcounter.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\system32\odbcbcp.dll]  [Microsoft Corporation, 2000.085.1132.00 (xpsp.080413-0852)]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CorperfmonExt.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_perf.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [D:\PROGRA~1\MICROS~1\Office12\OLMAPI32.DLL]  [Microsoft Corporation, 12.0.6300.5000]
    [C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll]  [Microsoft Corporation, 12.0.6213.1000]
    [D:\Program Files\VMware\VMware Workstation\vmPerfmon.dll]  [VMware, Inc., 6.0.3 build-80004]
[PID: 2488 / SYSTEM][C:\WINDOWS\system32\wbem\wmiapsrv.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108)]
[PID: 2744 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
[PID: 3080 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 396 / op001][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [d:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.19]
    [d:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\WINDOWS\system32\AcSignIcon.dll]  [Autodesk, 17.0.54.0]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.29]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 8.0.0.2006102200]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 96]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 20]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
    [d:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [D:\Program Files\Microsoft Office\Office12\msohevi.dll]  [Microsoft Corporation, 12.0.4518.1014]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 3.5.0.0]
    [d:\Program Files\SogouInput\Plugin\SgImeWord.dll]  [Sogou.com Inc., 3.5.0.0]
    [C:\WINDOWS\system32\shlhook.dll]  [Beijing Rising Technology Co., Ltd., 4.0.0.9]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.17]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx]  [Adobe Systems, Inc., 9,0,124,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll]  [Nero AG, 2, 0, 0, 8]
    [C:\Program Files\Common Files\Ahead\Lib\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Common Files\Ahead\Lib\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Common Files\Ahead\Lib\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 8.1.0.0]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.CHS]  [Adobe Systems, Inc., 8.0.0.0]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 4, 23]
    [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll]  [Autodesk, 17.0.54.110]
[PID: 2416 / op001][C:\WINDOWS\regedit.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [d:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.19]
    [d:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 2320 / op001][C:\Program Files\WinRAR\WinRAR.exe]  [N/A, ]
    [C:\WINDOWS\system32\AcSignIcon.dll]  [Autodesk, 17.0.54.0]
    [C:\WINDOWS\system32\Audiodev.dll]  [Microsoft Corporation, 5.2.3802.3802 built by: dnsrv(bld4act)]
[PID: 3732 / op001][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.921\SREngLdr.EXE]  [Smallfrogs Studio, 2.6.11.992]
[PID: 3644 / op001][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.921\SRE2c00d43b.EXE]  [Smallfrogs Studio, 2.6.11.992]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.921\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
[PID: 2328 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.9371]
    [C:\WINDOWS\system32\nvapi.dll]  [N/A, ]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
RSVP UDP Service Provider
    C:\WINDOWS\system32\SPI65.DLL(, SPI65 协议过滤提供者，卸载此文件会导致计算机无法上网。)
RSVP TCP Service Provider
    C:\WINDOWS\system32\SPI65.DLL(, SPI65 协议过滤提供者，卸载此文件会导致计算机无法上网。)

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost
127.0.0.1 c0mo.com
127.0.0.1 gxgxy.net
127.0.0.1 444.gmwo07.com
127.0.0.1 333.gmwo07.com
127.0.0.1 222.gmwo07.com
127.0.0.1 111.gmwo07.com
127.0.0.1 haha.yaoyao09.com
127.0.0.1 www.noseqing.cn
127.0.0.1 fg.pvs360.com
127.0.0.1 cw.pvs360.com
127.0.0.1 ta.pvs360.com
127.0.0.1 dl.pvs360.com
127.0.0.1 ok.sl8cjs.cn
127.0.0.1 nc.mskess.com
127.0.0.1 idc.windowsupdeta.cn
127.0.0.1 pvs360.com
127.0.0.1 sl8cjs.cn
127.0.0.1 windowsupdeta.cn
127.0.0.1 up.22x44.com
127.0.0.1 my.531jx.cn
127.0.0.1 nx.51ylb.cn
127.0.0.1 llboss.com
127.0.0.1 down.malasc.cn
127.0.0.1 d2.llsging.com
127.0.0.1 171817.171817.com
127.0.0.1 wg.47255.com
127.0.0.1 www.tomwg.com
127.0.0.1 tp.shpzhan.cn
127.0.0.1 1.joppnqq.com
127.0.0.1 xx.exiao01.com
127.0.0.1 www.22aaa.com
127.0.0.1 ilove.com
127.0.0.1 xxx.mmma.biz
127.0.0.1 www.868wg.com
127.0.0.1 2.joppnqq.com
127.0.0.1 1.jopanqc.com
127.0.0.1 yu.8s7.net
127.0.0.1 1.jopmmqq.com
127.0.0.1 cao.kv8.info
127.0.0.1 xtx.kv8.info
127.0.0.1 new.749571.com
127.0.0.1 xxx.vh7.biz
127.0.0.1 1.jopenkk.com
127.0.0.1 d.93se.com
127.0.0.1 3.joppnqq.com
127.0.0.1 xxx.j41m.com
127.0.0.1 1.jopenqc.com
127.0.0.1 xxx.m111.biz
127.0.0.1 down.18dd.net
127.0.0.1 www.333292.com
127.0.0.1 qqq.hao1658.com
127.0.0.1 qqq.dzydhx.com
127.0.0.1 www.exiao01.com
127.0.0.1 www.cike007.cn

==================================
进程特权扫描
特殊特权被允许： SeDebugPrivilege [PID = 1028, C:\WINDOWS\TSNPSTD3.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1028, C:\WINDOWS\TSNPSTD3.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 1816, C:\WINDOWS\VSNPSTD3.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1816, C:\WINDOWS\VSNPSTD3.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 1956, D:\PROGRAM FILES\RISING\ANTISPYWARE\RUNIEP.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1956, D:\PROGRAM FILES\RISING\ANTISPYWARE\RUNIEP.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 2320, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2320, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 3732, C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\RAR$EX00.921\SRENGLDR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3732, C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\RAR$EX00.921\SRENGLDR.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

==================================
删除服务
[Background Intelligent Transfer Service / BITS][Stopped/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\d3dx.dll><N/A>
=================================
重启，显示隐藏文件后删除C:\WINDOWS\system32\d3dx.dll