瑞星卡卡安全论坛

请教各位大虾，我用的是正版的瑞星杀毒软件
为什么这段时间总是杀不掉这种木马程序！
全称是Trojan.Wic:\windows\system32\drivers\n32.Undef.ef 　路径为：c:\windows\system32\drivers\z1hw5.sys
还有一路径为：c:\windows\system32\vsuchk.dll
再一为：c:\windows\tempaq>>fakeupx
每次查杀完毕软件都显示删除成功，不能清除
但是一重启机子就又出来了！
请各位高手帮帮俺！
还有AdWare.Win32.Cpush.v 这种病毒，每次杀毒都让解压缩后杀毒！
我也搞不懂，麻烦大家一起给我想想办法吧！
谢谢了！

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; CNCDialer; Alexa Toolbar)

顶！

下载 System Repair Engineer系统扫描工具软件，下载地址如下：
http://www.kztechs.com/sreng/download.html
扫描和上传日志的方法：
1、解压缩所下载的sreng2.zip压缩包；
2、打开已经解压缩的SRENG文件夹，双击运行其中的SREngPS.exe；
3、依次按“智能扫描”、“扫描”、“保存报告”，将日志保存到硬盘上；
4、找到并打开日志，把日志中的内容用“复制”--“粘贴”命令拷贝到帖子上，不要修改地传上来（日志很长，一个帖子搞不完，请手动将全部内容在同一个主题帖下分多个回复帖子传上来）。
友情提示：
1、扫描日志前请先关闭所有打开的软件（如QQ、迅雷等下载程序什么的程序）和IE窗口（请注意，是关闭而不是最小化窗口）
2、注意在没有进一步提示前，请勿用SRENG工具胡乱修复，否则系统可能变的情况更糟。
3、SRENG操作图文详解：http://forum.ikaka.com/topic.asp?board=201&artid=8343881

下载 System Repair Engineer，
http://www.kztechs.com/sreng/download.html
1 解压缩sreng2.zip
2 运行SREng.exe
3 智能扫描=》扫描=》保存报告
4 把日志中的报告完整拷贝贴上来，不要修改

没事到处看看了

CODE]

2008-01-14,11:48:00

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <QQDownload><; "C:\Documents and Settings\xinmai\QQDownload\QQDownload.exe" autostart>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <runeip><"C:\Program Files\Rising\AntiSpyware\runiep.exe" /startup>  [Beijing Rising Technology Co., Ltd.]
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [N/A]
    <SetDefPrt><; C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe>  [Brother Industories, Ltd.]
    <ControlCenter2.0><; C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun>  [Brother Industries, Ltd.]
    <miniqqlive><; "C:\Program Files\Tencent\QQLive\MiniQQLive.exe">  [N/A]
    <SoundMan><; SOUNDMAN.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <pdcdelcp><; D;]XJOEPXT]tztufn43]Svoemm43/fyf!D;]XJOEPXT]tztufn43]deoqsi/emm!Tubsu>  [N/A]
    <RavTask><"D:\软件安装\Rising\Rav\RavTask.exe" -system>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
    <YLive.exe><C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe>  [(Verified)"Beijing Yahoo! Information and Technology Co., Ltd."]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><EXPLORER.EXE>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
    <IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>  [(Verified)Tencent Technology(Shenzhen) Company Limited]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]

==================================

启动文件夹
[腾讯QQ]
  <C:\Documents and Settings\xinmai\「开始」菜单\程序\启动\腾讯QQ.lnk --> D:\软件安装\Tencent\QQ\QQ.exe [TENCENT]><H>
[QQ游戏启动加速程序]
  <C:\Documents and Settings\xinmai\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> C:\PROGRA~1\Tencent\QQGAME\Accel.exe [深圳市腾讯计算机系统有限公司]><N>

==================================
服务
[C-DillaCdaC11BA / C-DillaCdaC11BA][Running/Auto Start]
  <C:\WINDOWS\system32\drivers\CDAC11BA.EXE><Macrovision>
[Contrl Center of Storm Media / ccosm][Running/Auto Start]
  <D:\软件安装\StormII\stormliv.exe /asservice><北京暴风网际科技有限公司>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"D:\软件安装\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"D:\软件安装\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Server Network Debug / SerND][Stopped/Auto Start]
  <><N/A>

==================================
驱动程序
[9 / 9][Stopped/Disabled]
  <system32\drivers\boot00.sys><N/A>
[99 / 99][Stopped/System Start]
  <\SystemRoot\system32\drivers\boot00.sys><N/A>
[ADProt / ADProt][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\ADProt.sys><N/A>
[Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]
  <system32\drivers\ALCXSENS.SYS><Sensaura>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[Brother USB Still Image driver / BrScnUsb][Running/Manual Start]
  <System32\Drivers\BrScnUsb.sys><Brother Industries Ltd.>
[Brother MFC Serial Port Interface WDM Driver / BrSerIf][Running/Manual Start]
  <System32\Drivers\BrSerIf.sys><Brother Industries Ltd.>
[Brother MFC USB Serial WDM Driver / BrUsbSer][Running/Manual Start]
  <System32\Drivers\BrUsbSer.sys><Brother Industries Ltd.>
[CdaC15BA / CdaC15BA][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS><Macrovision Europe Ltd>
[CMB8100 / CMB8100][Running/Auto Start]
  <\??\C:\WINDOWS\system32\Drivers\CertClient.dat><N/A>
[CMBProtector / CMBProtector][Running/Auto Start]
  <\??\C:\WINDOWS\system32\Drivers\CMBProtector.dat><N/A>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Running/Manual Start]
  <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[HookCont / HookCont][Running/System Start]
  <\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Technology Co., Ltd>
[HookNtos / HookNtos][Running/System Start]
  <\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Technology Co., Ltd>
[HookReg / HookReg][Running/System Start]
  <\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Technology Co., Ltd>
[HookSys / HookSys][Running/System Start]
  <\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Technology Co., Ltd>
[HOSTNT / HOSTNT][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\hostnt.sys><N/A>
[MHDRV / MHDRV][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\mhdrv.sys><Rainbow China Co,.Ltd>
[ndlgreod / ndlgreod][Stopped/Disabled]
  <\SystemRoot\System32\drivers\ndlgreod.sys><N/A>
[npkcrypt / npkcrypt][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\npkcrypt.sys><N/A>
[npkycryp / npkycryp][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\npkycryp.sys><N/A>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[pkiiec / pkiiecn][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\pkiiecn.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RCMHDOG / RCMHDOG][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\rcmhdog.sys><Rainbow  China Co.,Ltd>
[RsAntiSpyware / RsAntiSpyware][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><N/A>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[TesSafe / TesSafe][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>
[ViaIde / ViaIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[VIA AC'97 Audio Controller (WDM) / VIAudio][Stopped/Manual Start]
  <system32\drivers\viaudio.sys><VIA Technologies, Inc.>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[yaskp / yaskp][Running/Boot Start]
  <\SystemRoot\system32\drivers\yaskp.sys><Copyright (C) yahoo Corporation.>
[yshield / yshield][Running/Boot Start]
  <\SystemRoot\system32\drivers\yshield.sys><BEIJING YAHOO! INFORMATION AND TECHNOLOGY CO.,LTD.>
[yuwqsrej / yuwqsrej][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\yuwqsrej.sys><Yahoo! China Corporation>

==================================

浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <D:\软件安装\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Yahoo!Photo]
  {33BBE430-0E42-4f12-B075-8D21ACB10DCB} <C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll, Yahoo! China>
[AntiFish Class]
  {38928D50-8A48-44C2-945F-D2F23F771410} <C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll, yahoo! china>
[DragSearch BHO]
  {62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, yahoo! china>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\软件安装\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[yFlashDl Class]
  {F166BC04-3C84-44cc-A6E9-2315EC4844B9} <C:\Program Files\Yahoo!\Assistant\Assist\yflashdl.dll, Yahoo! China>
[assist]
  {FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yassist.dll, Yahoo! China>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <D:\软件安装\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[雅虎助手]
  {5D73EE86-05F1-49ed-B850-E423120EC338} <http://cn.zs.yahoo.com/start.htm?source=yzs_icon&btn=yassistnew, N/A>
[雅虎助手]
  {406F94F0-504F-4A40-8DFD-58B0666ABEBD} <C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll, yahoo! china>
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, >
[Submit Class]
  {A3CD7F74-93C9-4BC4-B892-CCDF1514F714} <C:\WINDOWS\system32\safeInput4jh.dll, Beijing eChannels Century Technology Co.,Ltd>
[safeInput Class]
  {ECCBA953-80E5-11D3-9285-0080ADB811C5} <C:\WINDOWS\Downloaded Program Files\safein.dll, Beijing eChannels Century Technology Co.,Ltd>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <D:\软件安装\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[assist]
  {1B0E7716-898E-48CC-9690-4E338E8DE1D3} <C:\Program Files\3721\assist\assist.dll, N/A>
[iTrusPTA Class]
  {1E0DFFCF-27FF-4574-849B-55007349FEDA} <C:\WINDOWS\system32\aliedit\pta.dll, >
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[XML DOM Document]
  {2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\system32\msxml3.dll, N/A>
[Yahoo!Photo]
  {33BBE430-0E42-4F12-B075-8D21ACB10DCB} <C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll, Yahoo! China>
[Thunder Browser Helper]
  {38928D4F-8A48-44C2-945F-D2F23F771410} <D:\软件安装\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[AntiFish Class]
  {38928D50-8A48-44C2-945F-D2F23F771410} <C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll, yahoo! china>
[雅虎助手]
  {406F94F0-504F-4A40-8DFD-58B0666ABEBD} <C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll, yahoo! china>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <D:\软件安装\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, >
[Yahoo!Live]
  {57421194-58FB-49AE-9B4F-FD48869B9AD4} <C:\Program Files\Yahoo!\Assistant\yaLive.dll, yahoo! china>
[DragSearch BHO]
  {62EED7C6-9F02-42F9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, yahoo! china>
[XMP Class]
  {6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
[XDRM]
  {693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Active Desktop Mover]
  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[MediaComm Class]
  {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <D:\软件安装\Thunder Network\Thunder\Components\InMedia\MediaAddin14.dll, Thunder Networking Technologies,LTD>
[Microsoft Web Browser]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\软件安装\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[Submit Class]
  {A3CD7F74-93C9-4BC4-B892-CCDF1514F714} <C:\WINDOWS\system32\safeInput4jh.dll, Beijing eChannels Century Technology Co.,Ltd>
[RMGetLicense Class]
  {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[Google Toolbar Helper]
  {AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, N/A>
[Thunder DapCtrl]
  {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <D:\软件安装\Thunder Network\Thunder\Components\DownAndPlay\DapCtrl1.2.11.14.80.dll, ShenZhen Thunder Networking Technologies Ltd.>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[QQPlayerSvr Proxy Control]
  {CD108273-D434-43E6-AA90-1469F97EB398} <D:\软件安装\Tencent\QQ\QQPlayerProxy.dll, Tencent>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>
[safeInput Class]
  {ECCBA956-80E5-11D3-9285-0080ADB811C9} <C:\WINDOWS\system32\safeInput4jh.dll, Beijing eChannels Century Technology Co.,Ltd>
[XML HTTP Request]
  {ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\system32\msxml3.dll, N/A>
[Thunder DapPlayer]
  {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <D:\软件安装\Thunder Network\Thunder\Components\DownAndPlay\DapPlayer3.0.40.64.79.dll, ShenZhen Thunder Networking Technologies Ltd.>
[yFlashDl Class]
  {F166BC04-3C84-44CC-A6E9-2315EC4844B9} <C:\Program Files\Yahoo!\Assistant\Assist\yflashdl.dll, Yahoo! China>
[XPPlayer Class]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\pplayer.dll_1_work, Thunder>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A>
[assist]
  {FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yassist.dll, Yahoo! China>
[&使用BitComet下载]
  <res://E:\123\BitComet_0.92\BitComet_Win9x.exe/AddLink.htm, N/A>
[&使用BitComet下载全部链接]
  <res://E:\123\BitComet_0.92\BitComet_Win9x.exe/AddAllLink.htm, N/A>
[&使用BitComet下载本页视频]
  <res://E:\123\BitComet_0.92\BitComet_Win9x.exe/AddVideo.htm, N/A>
[&使用超级旋风下载]
  <, N/A>
[&使用超级旋风下载全部链接]
  <, N/A>
[使用迅雷下载]
  <D:\软件安装\Thunder Network\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <D:\软件安装\Thunder Network\Thunder\Program\getallurl.htm, N/A>
[导出到 Microsoft Excel(&x)]
  <res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
  <D:\软件安装\Tencent\QQ\AddEmotion.htm, N/A>
[添加到雅虎订阅(&Y)]
  <res://C:\Program Files\Yahoo!\Assistant\Assist\yrss.dll/YRSSMENUEXT, N/A>
[雅虎搜索]
  <res://C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll/203, N/A>

==================================

正在运行的进程
[PID: 644 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 716 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 740 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 784 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\AppPatch\AcAdProc.dll]  [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)]
[PID: 796 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 960 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1024 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1204 / SYSTEM][D:\软件安装\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.28]
[PID: 1220 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
    [C:\WINDOWS\system32\wups2.dll]  [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[PID: 1304 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\windows\system32\wudfsvc.dll]  [Microsoft Corporation, 6.0.5716.32 (winmain(wmbla).060928-1756)]
    [c:\windows\system32\WUDFPlatform.dll]  [Microsoft Corporation, 6.0.5716.32 (winmain(wmbla).060928-1756)]
[PID: 1372 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1456 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[PID: 1524 / SYSTEM][D:\软件安装\RISING\RAV\Ravmond.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.60]
    [D:\软件安装\RISING\RAV\BWList.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.4]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [D:\软件安装\RISING\RAV\RSAPPMGR.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [D:\软件安装\RISING\RAV\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.10]
    [D:\软件安装\RISING\RAV\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.30]
    [D:\软件安装\RISING\RAV\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [D:\软件安装\RISING\RAV\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [D:\软件安装\RISING\RAV\MonRule.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.24]
    [D:\软件安装\RISING\RAV\Hooksys.dll]  [Beijing Rising Technology Co., Ltd, 22, 0, 0, 7]
    [D:\软件安装\RISING\RAV\HookReg.dll]  [Beijing Rising Technology Co., Ltd, 22, 0, 0, 2]
    [D:\软件安装\RISING\RAV\HookNtos.dll]  [Beijing Rising Technology Co., Ltd, 22, 0, 0, 2]
    [D:\软件安装\RISING\RAV\rswalmon.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 22]
    [D:\软件安装\RISING\RAV\recomp.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 20]
    [D:\软件安装\RISING\RAV\refs.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 12]
    [D:\软件安装\RISING\RAV\ffr.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 10]
    [D:\软件安装\Rising\Rav\RsStore.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.8]
    [D:\软件安装\RISING\RAV\HookCont.dll]  [Beijing Rising Technology Co., Ltd, 22, 0, 0, 1]
    [D:\软件安装\Rising\Rav\fakescan.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.13]
    [D:\软件安装\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.35]
    [D:\软件安装\RISING\RAV\viruslib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [D:\软件安装\RISING\RAV\relibldr.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 13]
    [D:\软件安装\RISING\RAV\HookWeb.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.2]
    [D:\软件安装\RISING\RAV\nvfile.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [D:\软件安装\RISING\RAV\scanexec.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 13]
    [D:\软件安装\RISING\RAV\unexe.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4]
    [D:\软件安装\RISING\RAV\scanex.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 33]
    [D:\软件安装\RISING\RAV\pearc.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 5]
    [D:\软件安装\RISING\RAV\extfile.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 24]
[PID: 1636 / xinmai][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
    [C:\WINDOWS\system32\AcSignIcon.dll]  [Autodesk, 16.0.0.86]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.17]
    [C:\WINDOWS\system32\ieframe.dll]  [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 1, 5, 1033]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll]  [Autodesk, 16.1.63.0]
    [C:\WINDOWS\system32\WPDShServiceObj.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\PortableDeviceTypes.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\PortableDeviceApi.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [D:\软件安装\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\ywiper.dll]  [Yahoo! China, 3, 0, 5, 1009]
    [C:\WINDOWS\system32\wpdshext.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\Audiodev.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\yaLive.dll]  [yahoo! china, 3, 8, 0, 1140]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]  [Yahoo! China, 3, 0, 3, 1012]
    [D:\软件安装\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.16]
    [C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll]  [Yahoo! China, 3, 1, 2, 1013]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL]  [yahoo! china, 3, 1, 1, 1013]
    [D:\软件安装\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 55]
    [D:\软件安装\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll]  [, 1, 0, 0, 12]
    [D:\软件安装\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 13]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yassist.dll]  [Yahoo! China, 3, 2, 3, 1029]
    [D:\Program Files\Microsoft Office\Office10\msohev.dll]  [Microsoft Corporation, 10.0.2609]
[PID: 1916 / SYSTEM][D:\软件安装\RISING\RAV\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.9]

用卡卡清除一下流氓软件后在查杀试试，电脑里有流氓软件

下载 System Repair Engineer，
http://www.kztechs.com/sreng/download.html
1 解压缩sreng2.zip
2 运行SREng.exe
3 智能扫描=》扫描=》保存报告
4 把日志中的报告完整拷贝贴上来，不要修改

[CODE]
2009-01-10,10:54:31
System Repair Engineer 2.7.0.1210
Smallfrogs (http://www.KZTechs.com)
Windows Vista Home Premium Edition Service Pack 1 (Build 6001) - 管理权限用户 - 完整功能
以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描
    计划任务
    API HOOK
    隐藏进程

启动项目
注册表
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <Apoint><C:\Program Files\Apoint2K\Apoint.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <NvCplDaemon><RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <NvMediaCenter><RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <runeip><"C:\Program Files\Rising\AntiSpyware\rstray.exe" /startup>  [(Verified)Beijing Rising Information Technology Corporation Limited]
    <HP Software Update><C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe>  [(Verified)Hewlett-Packard Company]
    <RisTray><"C:\Program Files\Rising\Ris\RsTray.exe" -system>  [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><explorer.exe>  [(Verified)Microsoft Windows]
    <Userinit><C:\Windows\system32\userinit.exe,>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <WebCheck><C:\Windows\system32\webcheck.dll>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\Windows\system32\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><C:\Windows\system32\ie4uinit.exe -UserIconConfig>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    <Browser Customizations><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

[CODE]

2009-01-10,10:54:31

System Repair Engineer 2.7.0.1210
Smallfrogs (http://www.KZTechs.com)

Windows Vista Home Premium Edition Service Pack 1 (Build 6001) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描
    计划任务
    API HOOK
    隐藏进程


启动项目
注册表
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <Apoint><C:\Program Files\Apoint2K\Apoint.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <NvCplDaemon><RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <NvMediaCenter><RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <runeip><"C:\Program Files\Rising\AntiSpyware\rstray.exe" /startup>  [(Verified)Beijing Rising Information Technology Corporation Limited]
    <HP Software Update><C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe>  [(Verified)Hewlett-Packard Company]
    <RisTray><"C:\Program Files\Rising\Ris\RsTray.exe" -system>  [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><explorer.exe>  [(Verified)Microsoft Windows]
    <Userinit><C:\Windows\system32\userinit.exe,>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <WebCheck><C:\Windows\system32\webcheck.dll>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\Windows\system32\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><C:\Windows\system32\ie4uinit.exe -UserIconConfig>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    <Browser Customizations><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

附件: SREngLOG.log

[CODE]
2009-01-10,10:54:31
System Repair Engineer 2.7.0.1210
Smallfrogs (http://www.KZTechs.com)
Windows Vista Home Premium Edition Service Pack 1 (Build 6001) - 管理权限用户 - 完整功能
以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描
    计划任务
    API HOOK
    隐藏进程

启动项目
注册表
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <Apoint><C:\Program Files\Apoint2K\Apoint.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <NvCplDaemon><RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <NvMediaCenter><RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <runeip><"C:\Program Files\Rising\AntiSpyware\rstray.exe" /startup>  [(Verified)Beijing Rising Information Technology Corporation Limited]
    <HP Software Update><C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe>  [(Verified)Hewlett-Packard Company]
    <RisTray><"C:\Program Files\Rising\Ris\RsTray.exe" -system>  [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><explorer.exe>  [(Verified)Microsoft Windows]
    <Userinit><C:\Windows\system32\userinit.exe,>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <WebCheck><C:\Windows\system32\webcheck.dll>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\Windows\system32\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><C:\Windows\system32\ie4uinit.exe -UserIconConfig>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    <Browser Customizations><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
[CODE]
2009-01-10,10:54:31
System Repair Engineer 2.7.0.1210
Smallfrogs (http://www.KZTechs.com)
Windows Vista Home Premium Edition Service Pack 1 (Build 6001) - 管理权限用户 - 完整功能
以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描
    计划任务
    API HOOK
    隐藏进程

启动项目
注册表
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <Apoint><C:\Program Files\Apoint2K\Apoint.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <NvCplDaemon><RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <NvMediaCenter><RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <runeip><"C:\Program Files\Rising\AntiSpyware\rstray.exe" /startup>  [(Verified)Beijing Rising Information Technology Corporation Limited]
    <HP Software Update><C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe>  [(Verified)Hewlett-Packard Company]
    <RisTray><"C:\Program Files\Rising\Ris\RsTray.exe" -system>  [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><explorer.exe>  [(Verified)Microsoft Windows]
    <Userinit><C:\Windows\system32\userinit.exe,>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <WebCheck><C:\Windows\system32\webcheck.dll>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\Windows\system32\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><C:\Windows\system32\ie4uinit.exe -UserIconConfig>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    <Browser Customizations><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

[CODE]
2009-01-10,10:54:31
System Repair Engineer 2.7.0.1210
Smallfrogs (http://www.KZTechs.com)
Windows Vista Home Premium Edition Service Pack 1 (Build 6001) - 管理权限用户 - 完整功能
以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描
    计划任务
    API HOOK
    隐藏进程

启动项目
注册表
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <Apoint><C:\Program Files\Apoint2K\Apoint.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <NvCplDaemon><RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <NvMediaCenter><RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <runeip><"C:\Program Files\Rising\AntiSpyware\rstray.exe" /startup>  [(Verified)Beijing Rising Information Technology Corporation Limited]
    <HP Software Update><C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe>  [(Verified)Hewlett-Packard Company]
    <RisTray><"C:\Program Files\Rising\Ris\RsTray.exe" -system>  [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><explorer.exe>  [(Verified)Microsoft Windows]
    <Userinit><C:\Windows\system32\userinit.exe,>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <WebCheck><C:\Windows\system32\webcheck.dll>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\Windows\system32\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><C:\Windows\system32\ie4uinit.exe -UserIconConfig>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    <Browser Customizations><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
  [CODE]
2009-01-10,10:54:31
System Repair Engineer 2.7.0.1210
Smallfrogs (http://www.KZTechs.com)
Windows Vista Home Premium Edition Service Pack 1 (Build 6001) - 管理权限用户 - 完整功能
以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描
    计划任务
    API HOOK
    隐藏进程

启动项目
注册表
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <Apoint><C:\Program Files\Apoint2K\Apoint.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <NvCplDaemon><RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <NvMediaCenter><RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <runeip><"C:\Program Files\Rising\AntiSpyware\rstray.exe" /startup>  [(Verified)Beijing Rising Information Technology Corporation Limited]
    <HP Software Update><C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe>  [(Verified)Hewlett-Packard Company]
    <RisTray><"C:\Program Files\Rising\Ris\RsTray.exe" -system>  [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><explorer.exe>  [(Verified)Microsoft Windows]
    <Userinit><C:\Windows\system32\userinit.exe,>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <WebCheck><C:\Windows\system32\webcheck.dll>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\Windows\system32\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><C:\Windows\system32\ie4uinit.exe -UserIconConfig>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    <Browser Customizations><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
启动项目
注册表
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <Apoint><C:\Program Files\Apoint2K\Apoint.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <NvCplDaemon><RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <NvMediaCenter><RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <runeip><"C:\Program Files\Rising\AntiSpyware\rstray.exe" /startup>  [(Verified)Beijing Rising Information Technology Corporation Limited]
    <HP Software Update><C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe>  [(Verified)Hewlett-Packard Company]
    <RisTray><"C:\Program Files\Rising\Ris\RsTray.exe" -system>  [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><explorer.exe>  [(Verified)Microsoft Windows]
    <Userinit><C:\Windows\system32\userinit.exe,>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <WebCheck><C:\Windows\system32\webcheck.dll>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\Windows\system32\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><C:\Windows\system32\ie4uinit.exe -UserIconConfig>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    <Browser Customizations><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows]
[CODE]

2009-01-10,10:54:31
System Repair Engineer 2.7.0.1210
Smallfrogs (http://www.KZTechs.com)
Windows Vista Home Premium Edition Service Pack 1 (Build 6001) - 管理权限用户 - 完整功能
以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描
    计划任务
    API HOOK
    隐藏进程

启动项目
注册表
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <Apoint><C:\Program Files\Apoint2K\Apoint.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <NvCplDaemon><RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <NvMediaCenter><RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <runeip><"C:\Program Files\Rising\AntiSpyware\rstray.exe" /startup>  [(Verified)Beijing Rising Information Technology Corporation Limited]
    <HP Software Update><C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe>  [(Verified)Hewlett-Packard Company]
    <RisTray><"C:\Program Files\Rising\Ris\RsTray.exe" -system>  [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><explorer.exe>  [(Verified)Microsoft Windows]
    <Userinit><C:\Windows\system32\userinit.exe,>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <WebCheck><C:\Windows\system32\webcheck.dll>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\Windows\system32\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><C:\Windows\system32\ie4uinit.exe -UserIconConfig>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    <Browser Customizations><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
浏览器加载项
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\迅雷5\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[卡卡上网安全助手]
  {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} <C:\Windows\system32\UrlFilter.dll, (Signed) Beijing Rising Information Technology Co., Ltd.>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, (Signed) 360.CN>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <D:\迅雷5\Thunder.exe, (Signed) Thunder Networking Technologies,LTD>
[Java Plug-in 1.6.0_07]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[ScreenCapture Class]
  {BFB79EE1-04AE-4D4A-B85E-27EE5F30C095} <C:\Windows\system32\TXGYMailActiveX.dll, (Signed) Tencent Inc.>
[Java Plug-in 1.6.0_02]
  {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} <C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_07]
  {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} <C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_07]
  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll, (Signed) Sun Microsystems, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\Windows\system32\Macromed\Flash\FlDbg10a.ocx, (Signed) Adobe Systems, Inc.>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <D:\迅雷5\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[]
  {03507A1A-E0C5-4404-AA26-205385C0892D} <, >
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <, >
[]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <, >
[]
  {116BA71C-8187-4F15-9A1F-C9D6289155D1} <, >
[XML DOM Document]
  {2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[]
  {2974c985-8151-4de5-b23c-b875f0a8522f} <, >
[]
  {2EEDA47E-8D5C-4d7e-B4B6-E16E19218555} <, >
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <D:\迅雷5\ComDlls\ThunderAgent_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[]
  {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} <, >
[XMP Class]
  {6483F145-A768-4C41-AACC-52D4D7845851} <C:\ProgramData\Thunder Network\KanKan\xplayer.dll_1_work, Xunlei Networking Technologies,LTD>
[XDRM]
  {693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\ProgramData\Thunder Network\KanKan\xdrm.dll_1_work, >
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[MediaComm Class]
  {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <D:\迅雷5\Components\InMedia\MediaAddin18.dll, (Signed) Thunder Networking Technologies,LTD>
[]
  {7E853D72-626A-48EC-A868-BA8D5E23E045} <, >
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, (Signed) 360.cn>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\迅雷5\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <, >
[]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <, >
[卡卡上网安全助手]
  {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} <C:\Windows\system32\UrlFilter.dll, (Signed) Beijing Rising Information Technology Co., Ltd.>
[]
  {A412E581-59B2-485E-834F-C5F0C0268C79} <, >
[DapCtrl Class]
  {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.3.5808.119.(647).dll, (Signed) ShenZhen Thunder Networking Technologies Ltd.>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, (Signed) 360.CN>
[ScreenCapture Class]
  {BFB79EE1-04AE-4D4A-B85E-27EE5F30C095} <C:\Windows\system32\TXGYMailActiveX.dll, (Signed) Tencent Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\Windows\system32\Macromed\Flash\FlDbg10a.ocx, (Signed) Adobe Systems, Inc.>
[XPPlayer Class]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Program Files\Common Files\Thunder Network\KanKan\PPlayer.2.1.5880.242.(647).dll, (Signed) Xunlei Networking Technologies,LTD>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[]
  {FB5DA724-162B-11D3-8B9B-AA70B4B0B524} <, >
[]
  {FB5DA724-162B-11D3-8B9B-AA70B4B0B525} <, >
[使用迅雷下载]
  <D:\迅雷5\Program\GetUrl.htm, N/A>
[使用迅雷下载全部链接]
  <D:\迅雷5\Program\GetAllUrl.htm, N/A>
[添加到QQ表情]
  <E:\qq2008\AddEmotion.htm, N/A>

==================================
正在运行的进程
[PID: 456 / SYSTEM][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 6.0.6001.18000 (longhorn_rtm.080118-1840)]
[PID: 552 / SYSTEM][C:\Windows\system32\csrss.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 612 / SYSTEM][C:\Windows\system32\wininit.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 624 / SYSTEM][C:\Windows\system32\csrss.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 656 / SYSTEM][C:\Windows\system32\services.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 668 / SYSTEM][C:\Windows\system32\lsass.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
    [C:\Windows\system32\DPPWDFLT.dll]  [DigitalPersona, Inc., 3.0.0.2598]
[PID: 676 / SYSTEM][C:\Windows\system32\lsm.exe]  [(Verified) Microsoft Corporation, 6.0.6001.18000 (longhorn_rtm.080118-1840)]
[PID: 784 / SYSTEM][C:\Windows\system32\winlogon.exe]  [(Verified) Microsoft Corporation, 6.0.6001.18000 (longhorn_rtm.080118-1840)]
[PID: 876 / SYSTEM][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 936 / NETWORK SERVICE][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1012 / SYSTEM][C:\Program Files\Rising\Ris\CCENTER.EXE]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [C:\Program Files\Rising\Ris\combase.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
    [C:\Program Files\Rising\Ris\cnt09.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 37]
    [C:\Program Files\Rising\Ris\cnt08.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7]
[PID: 1020 / SYSTEM][C:\Windows\System32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1056 / LOCAL SERVICE][C:\Windows\System32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1092 / SYSTEM][C:\Windows\System32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1132 / SYSTEM][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1220 / NETWORK SERVICE][C:\Windows\system32\SLsvc.exe]  [(Verified) Microsoft Corporation, 6.0.6001.18000 (longhorn_rtm.080118-1840)]
[PID: 1248 / LOCAL SERVICE][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1372 / NETWORK SERVICE][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1580 / SYSTEM][C:\Windows\System32\spoolsv.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1604 / SYSTEM][C:\Program Files\DigitalPersona\Bin\DpHostW.exe]  [DigitalPersona, Inc., 4.2.1.988]
    [C:\Windows\system32\DPCLBACK.dll]  [DigitalPersona, Inc., 4.2.1.988]
    [C:\Program Files\DigitalPersona\Bin\DPDB.dll]  [DigitalPersona, Inc., 4.2.1.988]
    [C:\Windows\system32\dpHMatch.dll]  [DigitalPersona, Inc., 4.0.0.493]
    [C:\Program Files\DigitalPersona\Bin\DPILPro.dll]  [DigitalPersona, Inc., 4.2.1.988]
    [C:\Program Files\DigitalPersona\Bin\DpPMInfo.dll]  [DigitalPersona, Inc., 4.2.1.988]
    [C:\Program Files\DigitalPersona\Bin\DPCOper2.dll]  [DigitalPersona, Inc., 4.2.1.988]
    [C:\Windows\system32\DPFPApi.dll]  [DigitalPersona, Inc., 4.2.1.988]
    [C:\Program Files\DigitalPersona\Bin\DPMux.dll]  [DigitalPersona, Inc., 4.2.1.988]
    [C:\Program Files\DigitalPersona\Bin\DPDeviceAuthentec.dll]  [DigitalPersona, Inc., 4.2.1.988]
    [C:\Program Files\DigitalPersona\Bin\DPDeviceMitsumi.dll]  [DigitalPersona, Inc., 4.2.1.988]
    [C:\Program Files\DigitalPersona\Bin\DPDeviceUpek.dll]  [DigitalPersona, Inc., 4.2.1.988]
    [C:\Program Files\DigitalPersona\Bin\DPDeviceValidity.dll]  [DigitalPersona, Inc., 4.2.1.988]
    [C:\Program Files\DigitalPersona\Bin\DPDevice2.dll]  [DigitalPersona, Inc., 4.2.1.988]
    [C:\Windows\system32\dpHFtrEx.dll]  [DigitalPersona, Inc., 4.0.0.493]
[PID: 1644 / LOCAL SERVICE][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1876 / SYSTEM][C:\Program Files\Common Files\LightScribe\LSSrvc.exe]  [Hewlett-Packard Company, 1.10.13.1]
    [C:\Program Files\Common Files\LightScribe\LSSProxy.dll]  [Hewlett-Packard Company, 1.10.13.1]
    [C:\Program Files\Common Files\LightScribe\LSLog.dll]  [Hewlett-Packard Company, 1.10.13.1]
[PID: 1924 / SYSTEM][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe]  [Microsoft Corporation, 7.10.3077]
    [C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\2052\mdmui.dll]  [Microsoft Corporation, 7.10.3077]
[PID: 2032 / NETWORK SERVICE][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 220 / SYSTEM][C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe]  [, 5.00.3314]
    [C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll]  [, 5.00.3330]
    [C:\Program Files\HP\QuickPlay\Kernel\TV\PCMRRec4.dll]  [CyberLink Corp., 4.02.4530]
    [C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll]  [N/A, ]
[PID: 12 / SYSTEM][C:\Program Files\CyberLink\Shared Files\RichVideo.exe]  [, 2.0.1120  ]
[PID: 540 / SYSTEM][C:\Program Files\Rising\Ris\RavTask.exe]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 22]
    [C:\Program Files\Rising\Ris\rsconf.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [C:\Program Files\Rising\Ris\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
    [C:\Program Files\Rising\Ris\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.13]
    [C:\Program Files\Rising\Ris\proccomm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [C:\Windows\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Windows\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Rising\Ris\rsstub.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
    [C:\Program Files\Rising\Ris\rstask.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 35]
[PID: 604 / SYSTEM][C:\Windows\System32\rpcnetp.exe]  [N/A, ]
    [C:\Windows\System32\rpcnetp.dll]  [N/A, ]
[PID: 1144 / SYSTEM][C:\Program Files\Rising\Ris\RsStub.exe]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [C:\Program Files\Rising\Ris\ProcComm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [C:\Windows\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Windows\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
[PID: 1292 / SYSTEM][C:\Program Files\Rising\Rav\scannerd.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.23]
[PID: 1344 / LOCAL SERVICE][C:\Windows\system32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 1732 / SYSTEM][C:\Windows\System32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 2060 / SYSTEM][C:\Windows\system32\SearchIndexer.exe]  [(Verified) Microsoft Corporation, 7.0.6001.16503 (longhorn(wmbla).080526-2159)]
[PID: 2124 / SYSTEM][C:\Windows\system32\DRIVERS\xaudio.exe]  [Conexant Systems, Inc., 1.00.15.00]
[PID: 2164 / SYSTEM][C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe]  [Hewlett-Packard Development Company, L.P., 2, 0, 1, 9]
[PID: 2324 / SYSTEM][C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe]  [, 5.00.3327]
    [C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll]  [N/A, ]
    [C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll]  [, 5.00.3028]
    [C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll]  [, 1.00.1012]
[PID: 2696 / SYSTEM][C:\Windows\system32\taskeng.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
[PID: 3096 / hy][C:\Program Files\DigitalPersona\Bin\DpAgent.exe]  [DigitalPersona, Inc., 3.0.0.2598]
    [C:\Program Files\DigitalPersona\Bin\DpoSet.dll]  [DigitalPersona, Inc., 3.0.0.2598]
    [C:\Windows\system32\SOGOUPY.IME]  [Sogou.com Inc., 4.0.0.1981]
    [C:\Windows\system32\DPFPApi.DLL]  [DigitalPersona, Inc., 4.2.1.988]
    [C:\Windows\system32\DPCLBACK.dll]  [DigitalPersona, Inc., 4.2.1.988]
    [C:\Program Files\DigitalPersona\Bin\DpOCache.dll]  [DigitalPersona, Inc., 3.0.0.2598]
    [C:\Program Files\DigitalPersona\Bin\DpoFeedb.dll]  [DigitalPersona, Inc., 3.0.0.2598]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1007]
[PID: 3132 / hy][C:\Windows\system32\Dwm.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
    [C:\Windows\system32\nvd3dum.dll]  [NVIDIA Corporation, 7.15.11.5665]
    [C:\Program Files\DigitalPersona\Bin\DpoFeedb.dll]  [DigitalPersona, Inc., 3.0.0.2598]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1007]
[PID: 3160 / hy][C:\Windows\Explorer.EXE]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
    [C:\Windows\system32\SOGOUPY.IME]  [Sogou.com Inc., 4.0.0.1981]
    [C:\Program Files\DigitalPersona\Bin\DpoFeedb.dll]  [DigitalPersona, Inc., 3.0.0.2598]
    [C:\Windows\system32\nvcpl.dll]  [NVIDIA Corporation, 7.15.11.5665]
    [C:\Windows\system32\nvapi.dll]  [NVIDIA Corporation, 7.15.11.5665]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1007]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Windows\system32\RavExt.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
[PID: 3220 / hy][C:\Program Files\SogouInput\4.0.0.1981\PinyinUp.exe]  [Sogou.com Inc., 4.0.0.1981]
    [C:\Program Files\SogouInput\4.0.0.1981\HWSignature.dll]  [Sogou.com Inc., 4.0.0.1981]
    [C:\Program Files\DigitalPersona\Bin\DpoFeedb.dll]  [DigitalPersona, Inc., 3.0.0.2598]
[PID: 3384 / hy][C:\Program Files\Apoint2K\Apoint.exe]  [Alps Electric Co., Ltd., 7.0.1.251]
    [C:\Program Files\Apoint2K\ApResCS.dll]  [Alps Electric Co., Ltd., 5.5.1701.21]
    [C:\Windows\system32\VXDIF.DLL]  [Alps Electric Co., Ltd., 6.0.3.15]
    [C:\Program Files\Apoint2K\Apoint.DLL]  [Alps Electric Co., Ltd., 5.5.1702.262]
    [C:\Program Files\Apoint2K\EzAuto.dll]  [Alps Electric Co., Ltd., 5.5.1.91]
    [C:\Program Files\DigitalPersona\Bin\DpoFeedb.dll]  [DigitalPersona, Inc., 3.0.0.2598]
    [C:\Windows\system32\SOGOUPY.IME]  [Sogou.com Inc., 4.0.0.1981]
    [C:\Program Files\Apoint2K\EzLaunch.DLL]  [Alps Electric Co., Ltd., 5.5.1.86]
[PID: 3416 / SYSTEM][C:\Windows\system32\wbem\wmiprvse.exe]  [(Verified) Microsoft Corporation, 6.0.6001.18000 (longhorn_rtm.080118-1840)]
[PID: 3424 / hy][C:\WINDOWS\System32\rundll32.exe]  [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
    [C:\Windows\system32\NvMcTray.dll]  [NVIDIA Corporation, 7.15.11.5665]
    [C:\WINDOWS\System32\nvapi.dll]  [NVIDIA Corporation, 7.15.11.5665]
    [C:\Windows\system32\SOGOUPY.IME]  [Sogou.com Inc., 4.0.0.1981]
    [C:\Program Files\DigitalPersona\Bin\DpoFeedb.dll]  [DigitalPersona, Inc., 3.0.0.2598]
[PID: 3432 / hy][C:\Program Files\Rising\AntiSpyware\RSTray.exe]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.16]
    [C:\Program Files\Rising\AntiSpyware\rsmginfo.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 8]
    [C:\Program Files\Rising\AntiSpyware\RsXML.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2]
    [C:\Program Files\Rising\AntiSpyware\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Rising\AntiSpyware\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Windows\system32\SOGOUPY.IME]  [Sogou.com Inc., 4.0.0.1981]
    [C:\Program Files\Rising\AntiSpyware\ComServ.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.31]
    [C:\Program Files\Rising\AntiSpyware\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [C:\Program Files\Rising\AntiSpyware\rscommon.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.1.1]
    [C:\Program Files\Rising\AntiSpyware\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [C:\Program Files\Rising\AntiSpyware\pngdll.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5]
    [C:\Program Files\Rising\AntiSpyware\runiep.dll]  [Beijing Rising Information Technology Co., Ltd., 6.0.0.42]
    [C:\Program Files\Rising\AntiSpyware\NComm.dll]  [Beijing Rising Information Technology Co., Ltd., 6.0.0.11]
    [C:\Program Files\Rising\AntiSpyware\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\Program Files\Rising\AntiSpyware\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\Program Files\Rising\AntiSpyware\pscan.dll]  [Beijing Rising Information Technology Co., Ltd., 6.0.0.60]
    [C:\Program Files\Rising\AntiSpyware\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
[PID: 3440 / hy][C:\Program Files\HP\HP Software Update\hpwuSchd2.exe]  [Hewlett-Packard, 80, 1, 0, 0]
    [C:\Windows\system32\SOGOUPY.IME]  [Sogou.com Inc., 4.0.0.1981]
    [C:\Program Files\DigitalPersona\Bin\DpoFeedb.dll]  [DigitalPersona, Inc., 3.0.0.2598]
[PID: 3880 / hy][C:\Windows\system32\taskeng.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
    [C:\Program Files\DigitalPersona\Bin\DpoFeedb.dll]  [DigitalPersona, Inc., 3.0.0.2598]
    [C:\Windows\system32\SOGOUPY.IME]  [Sogou.com Inc., 4.0.0.1981]
    [C:\Windows\system32\nvapi.dll]  [NVIDIA Corporation, 7.15.11.5665]
[PID: 3468 / hy][C:\Program Files\Apoint2K\ApMsgFwd.exe]  [Alps Electric Co., Ltd., 7, 0, 0, 15]
    [C:\Program Files\Apoint2K\Apoint.dll]  [Alps Electric Co., Ltd., 5.5.1702.262]
    [C:\Windows\system32\Vxdif.dll]  [Alps Electric Co., Ltd., 6.0.3.15]
    [C:\Windows\system32\SOGOUPY.IME]  [Sogou.com Inc., 4.0.0.1981]
[PID: 2860 / hy][C:\Windows\system32\wbem\unsecapp.exe]  [(Verified) Microsoft Corporation, 6.0.6001.18000 (longhorn_rtm.080118-1840)]
    [C:\Program Files\DigitalPersona\Bin\DpoFeedb.dll]  [DigitalPersona, Inc., 3.0.0.2598]
[PID: 560 / hy][C:\Program Files\Apoint2K\Apntex.exe]  [Alps Electric Co., Ltd., 7.0.1.26]
    [C:\Windows\system32\VXDIF.DLL]  [Alps Electric Co., Ltd., 6.0.3.15]
    [C:\Program Files\Apoint2K\Apoint.DLL]  [Alps Electric Co., Ltd., 5.5.1702.262]
    [C:\Program Files\DigitalPersona\Bin\DpoFeedb.dll]  [DigitalPersona, Inc., 3.0.0.2598]
    [C:\Windows\system32\SOGOUPY.IME]  [Sogou.com Inc., 4.0.0.1981]
[PID: 2932 / SYSTEM][C:\Windows\System32\svchost.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
    [C:\Windows\System32\rpcnetp.dll]  [N/A, ]
[PID: 2792 / hy][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 7.00.6000.16386 (vista_rtm.061101-2205)]
    [C:\Windows\System32\rpcnetp.dll]  [N/A, ]
[PID: 3348 / SYSTEM][c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe]  [Hewlett-Packard, 2.3.0.2]
    [C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5b3e3b0551bcaa722c27dbb089c431e4\mscorlib.ni.dll]  [Microsoft Corporation, 2.0.50727.1434 (REDBITS.050727-1400)]
    [C:\Windows\assembly\NativeImages_v2.0.50727_32\System\267d4c344058092e6950c11594244f90\System.ni.dll]  [Microsoft Corporation, 2.0.50727.1434 (REDBITS.050727-1400)]
    [C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\80a3d0416c6660b86e245bd1f6b66fd8\System.ServiceProcess.ni.dll]  [Microsoft Corporation, 2.0.50727.1434 (REDBITS.050727-1400)]
    [C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\8fe7232e97fdf63c6b146e93f432d7d7\System.Runtime.Remoting.ni.dll]  [Microsoft Corporation, 2.0.50727.1434 (REDBITS.050727-1400)]
    [C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll]  [Hewlett-Packard, 2.0.0.2]
[PID: 4724 / hy][D:\暴风影音2009\stMgr.exe]  [北京暴风网际科技有限公司, 3, 8, 12, 1]
    [C:\Program Files\DigitalPersona\Bin\DpoFeedb.dll]  [DigitalPersona, Inc., 3.0.0.2598]
    [C:\Windows\system32\SOGOUPY.IME]  [Sogou.com Inc., 4.0.0.1981]
    [D:\暴风影音2009\bfoptdll.dll]  [北京暴风网际科技有限公司, 3, 8, 7, 16]
    [D:\暴风影音2009\MSVCP60.dll]  [Microsoft Corporation, 6.02.3104.0]
    [D:\暴风影音2009\corelog.dll]  [北京暴风网际科技有限公司, 3, 8, 9, 27]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1007]
[PID: 5736 / SYSTEM][C:\Program Files\Rising\Ris\ScanFrm.exe]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.11]

[C:\Windows\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Windows\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Rising\Ris\combase.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
    [C:\Program Files\Rising\Ris\moncomm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
    [C:\Program Files\Rising\Ris\scansrvp.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.11]
    [C:\Program Files\Rising\Ris\proccomm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [C:\Program Files\Rising\Ris\ScanSrv.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.9]
    [C:\Program Files\Rising\Ris\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [C:\Program Files\Rising\Ris\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [C:\Program Files\Rising\Ris\ScanRavT.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.23]
    [C:\Program Files\Rising\Ris\ScanBT.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.36]
    [C:\Program Files\Rising\Ris\ScanStub.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.8]
    [C:\Program Files\Rising\Ris\RsLog.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.32]
    [C:\Program Files\Rising\Ris\ScanAdd.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.14]
    [C:\Program Files\Rising\Ris\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
    [C:\Program Files\Rising\Ris\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.13]
    [C:\Program Files\Rising\Ris\Scanner.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.32]
    [C:\Program Files\Rising\Ris\recomp.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [C:\Program Files\Rising\Ris\refs.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [C:\Program Files\Rising\Ris\viruslib.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [C:\Program Files\Rising\Ris\relibldr.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [C:\Program Files\Rising\Ris\ffr.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [C:\Program Files\Rising\Ris\nvfile.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [C:\Program Files\Rising\Ris\scanexec.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [C:\Program Files\Rising\Ris\unexe.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
    [C:\Program Files\Rising\Ris\scanex.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 17]
    [C:\Program Files\Rising\Ris\mvengine.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [C:\Program Files\Rising\Ris\posttrt.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [C:\Program Files\Rising\Ris\pearc.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [C:\Program Files\Rising\Ris\scanpe.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7]
    [C:\Program Files\Rising\Ris\ur000.dat]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
    [C:\Program Files\Rising\Ris\revm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [C:\Program Files\Rising\Ris\urutils.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [C:\Program Files\Rising\Ris\ur001.dat]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [C:\Program Files\Rising\Ris\SysMail.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.5]
    [C:\Program Files\Rising\Ris\extfile.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
[PID: 2468 / hy][C:\PROGRAM FILES\RISING\RIS\RSTRAY.EXE]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.22]
    [C:\Windows\system32\SOGOUPY.IME]  [Sogou.com Inc., 4.0.0.1981]
    [C:\PROGRAM FILES\RISING\RIS\ComServ.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.49]
    [C:\Windows\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Windows\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\PROGRAM FILES\RISING\RIS\rslang.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 27]
    [C:\PROGRAM FILES\RISING\RIS\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [C:\PROGRAM FILES\RISING\RIS\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [C:\PROGRAM FILES\RISING\RIS\rsxml.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [C:\PROGRAM FILES\RISING\RIS\ProcComm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [C:\PROGRAM FILES\RISING\RIS\MonState.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7]
    [C:\PROGRAM FILES\RISING\RIS\ScanEvnt.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.12]
    [C:\PROGRAM FILES\RISING\RIS\rsguilib.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 70]
    [C:\Windows\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\PROGRAM FILES\RISING\RIS\rsconf.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [C:\PROGRAM FILES\RISING\RIS\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
    [C:\PROGRAM FILES\RISING\RIS\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.13]
    [C:\PROGRAM FILES\RISING\RIS\rfwrule.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.25]
    [C:\PROGRAM FILES\RISING\RIS\rspalvd.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.21]
    [C:\PROGRAM FILES\RISING\RIS\rsnetsvr.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13]
    [C:\PROGRAM FILES\RISING\RIS\ravbintl.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 25]
    [C:\PROGRAM FILES\RISING\RIS\mruleui.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 10]
    [C:\PROGRAM FILES\RISING\RIS\MonTray.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.89]
    [C:\PROGRAM FILES\RISING\RIS\PngDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [C:\PROGRAM FILES\RISING\RIS\RavITray.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 19]
    [C:\PROGRAM FILES\RISING\RIS\ScanPrxy.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.13]
    [C:\PROGRAM FILES\RISING\RIS\rfwtray.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 1, 5]
    [C:\PROGRAM FILES\RISING\RIS\rsmginfo.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
    [C:\PROGRAM FILES\RISING\RIS\rfwlog.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9]
[PID: 6108 / SYSTEM][C:\PROGRAM FILES\RISING\RIS\RSNETSVR.EXE]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
    [C:\PROGRAM FILES\RISING\RIS\NComm.dll]  [Beijing Rising Information Technology Co., Ltd., 6.0.0.9]
    [C:\PROGRAM FILES\RISING\RIS\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [C:\PROGRAM FILES\RISING\RIS\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [C:\PROGRAM FILES\RISING\RIS\ProcComm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [C:\Windows\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Windows\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
[PID: 4196 / SYSTEM][C:\Program Files\Rising\Ris\RavMonD.exe]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
    [C:\Program Files\Rising\Ris\combase.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
    [C:\Windows\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Windows\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Rising\Ris\moncomm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
    [C:\Program Files\Rising\Ris\MonBase.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
    [C:\Program Files\Rising\Ris\Rslog.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.32]
    [C:\Program Files\Rising\Ris\mondrv.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7]
    [C:\Program Files\Rising\Ris\defmon.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 29]
    [C:\Program Files\Rising\Ris\moncom08.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
    [C:\Program Files\Rising\Ris\MonRule.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9]
    [C:\Program Files\Rising\Ris\FileMon.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 21]
    [C:\Program Files\Rising\Ris\MailMon.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 23]
    [C:\Program Files\Rising\Ris\HookWeb.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
    [C:\Program Files\Rising\Ris\rfwlog.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9]
    [C:\Program Files\Rising\Ris\rfwrule.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.25]
    [C:\Program Files\Rising\Ris\rfwsrv.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.75]
    [C:\Program Files\Rising\Ris\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [C:\Program Files\Rising\Ris\mPorts.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.0]
    [C:\Program Files\Rising\Ris\rfwdrvc.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.3]
    [C:\Program Files\Rising\Ris\Rfwdrv.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.5]
    [C:\Program Files\Rising\Ris\urlrule.dll]  [Beijing Rising Information Technology Co., Ltd., 1.0.0.18]
    [C:\Program Files\Rising\Ris\recomp.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [C:\Program Files\Rising\Ris\rsnetsvr.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13]
    [C:\Program Files\Rising\Ris\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [C:\Program Files\Rising\Ris\refs.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [C:\Program Files\Rising\Ris\viruslib.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [C:\Program Files\Rising\Ris\relibldr.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [C:\Program Files\Rising\Ris\rfwproxy.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.24]
    [C:\Program Files\Rising\Ris\proccomm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [C:\Program Files\Rising\Ris\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
    [C:\Program Files\Rising\Ris\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.13]
    [C:\Program Files\Rising\Ris\Hooksys.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 18]
    [C:\Program Files\Rising\Ris\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\Program Files\Rising\Ris\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\Program Files\Rising\Ris\HookCont.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 11]
    [C:\Program Files\Rising\Ris\BACore.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 17]
    [C:\Program Files\Rising\Ris\RSStore.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9]
    [C:\Program Files\Rising\Ris\ScanAdd.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.14]
    [C:\Program Files\Rising\Ris\Scanner.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.32]
    [C:\Program Files\Rising\Ris\ffr.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [C:\Program Files\Rising\Ris\nvfile.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [C:\Program Files\Rising\Ris\scanexec.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [C:\Program Files\Rising\Ris\unexe.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
    [C:\Program Files\Rising\Ris\scanex.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 17]
    [C:\Program Files\Rising\Ris\pearc.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [C:\Program Files\Rising\Ris\scanpe.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7]
    [C:\Program Files\Rising\Ris\ur000.dat]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
    [C:\Program Files\Rising\Ris\urllib.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
    [C:\Program Files\Rising\Ris\extfile.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
    [C:\Program Files\Rising\Ris\extmail.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [C:\Program Files\Rising\Ris\revm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [C:\Program Files\Rising\Ris\urutils.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [C:\Program Files\Rising\Ris\ur001.dat]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [C:\Program Files\Rising\Ris\scansct.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [C:\Program Files\Rising\Ris\ur027.dat]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [C:\Program Files\Rising\Ris\ur025.dat]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
[PID: 1228 / hy][E:\Maxthon2\Maxthon.exe]  [Maxthon International ltd., 2, 1, 5, 1250]
    [E:\Maxthon2\mxpp.dll]  [Maxthon International ltd., 1, 0, 0, 241]
    [E:\Maxthon2\MxSk.dll]  [Maxthon, 1, 0, 0, 413]
    [E:\Maxthon2\MxProxy2.dll]  [Maxthon International ltd., 1, 0, 0, 4106]
    [E:\Maxthon2\MxExt.dll]  [N/A, ]
    [E:\Maxthon2\MxUI.dll]  [Maxthon International, 3, 3, 0, 9]
    [C:\Windows\system32\SOGOUPY.IME]  [Sogou.com Inc., 4.0.0.1981]
    [E:\Maxthon2\mxtool.dll]  [, 1, 0, 0, 1]
    [E:\Maxthon2\maxzlib.dll]  [, 1.2.3]
    [C:\Program Files\Rising\Ris\RavScrCh.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.55]
    [C:\Windows\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Windows\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Windows\system32\Macromed\Flash\FlDbg10a.ocx]  [Adobe Systems, Inc., 10,0,12,36]
    [C:\Windows\system32\nvd3dum.dll]  [NVIDIA Corporation, 7.15.11.5665]
    [c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll]  [ Microsoft Corporation, 2.0.31005.0]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1007]
    [D:\迅雷5\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 120]
[PID: 6020 / hy][C:\WINDOWS\explorer.exe]  [(Verified) Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1007]
    [C:\Windows\system32\SOGOUPY.IME]  [Sogou.com Inc., 4.0.0.1981]
    [C:\Program Files\Cyberlink\PowerDirector\PDM1Splter.ax]  [CyberLink Corp., 2.3.1118  ]
    [C:\Program Files\Cyberlink\PowerDirector\PDM2Splter.ax]  [CyberLink Corp., 2.3.1118  ]
    [C:\Program Files\CyberLink\Power2Go\P2Gm2spliter.ax]  [CyberLink Corp., 2.4.2301  ]
    [C:\Program Files\CyberLink\Power2Go\P2Gm1spliter.ax]  [CyberLink Corp., 2.4.2301  ]
    [C:\Program Files\muvee Technologies\muvee autoProducer 6.1 - SE\mvBurnerDll\mcspmpeg.ax]  [MainConcept AG, 1.1.4178.0 2006/05/29]
    [C:\Program Files\muvee Technologies\muvee autoProducer 6.1 - SE\mvBurnerDll\mcmpegin.dll]  [MainConcept AG, 1.2.4178.0 2006/06/19]
    [C:\Program Files\muvee Technologies\muvee autoProducer 6.1 - SE\mvBurnerDll\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\muvee Technologies\muvee autoProducer 6.1 - SE\mvBurnerDll\mcdsmpeg.ax]  [MainConcept AG, 1.1.4178.0 2006/05/19]
    [C:\Program Files\muvee Technologies\muvee autoProducer 6.1 - SE\mvBurnerDll\mcmpgdec.dll]  [MainConcept AG, 2.0.4178.0 2006/06/07]
    [C:\Program Files\Common Files\Thunder Network\KanKan\RealMediaSplitter.1.0.2.2.(646).ax]  [Gabest, 1, 0, 2, 2]
    [C:\Program Files\HP\QuickPlay\Kernel\DMP\CLWMFDemux.ax]  [CyberLink, 1, 0, 0, 1302]
    [C:\Program Files\Common Files\muvee Technologies\MainConcept2\muveedsmpeg.ax]  [MainConcept AG, 1, 0, 0, 77]
    [C:\Program Files\Common Files\muvee Technologies\MainConcept2\muveempgdec.dll]  [MainConcept AG, official release build]
    [C:\Program Files\Common Files\muvee Technologies\MainConcept2\muveespmpeg.ax]  [MainConcept AG, 1, 0, 1, 12]
    [C:\Program Files\Common Files\muvee Technologies\MainConcept2\muveempegin.dll]  [MainConcept AG, official release build]
    [D:\迅雷5\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 120]
    [D:\迅雷5\Components\ResWorker\DsBho_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 20]
    [D:\迅雷5\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Windows\system32\RavExt.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
    [D:\QvodPlayer\QvodBand.dll]  [Shenzhen QVOD Technology Co.,Ltd, 3, 0, 0, 0]
[PID: 4872 / hy][C:\Windows\System32\mobsync.exe]  [(Verified) Microsoft Corporation, 6.0.6001.18000 (longhorn_rtm.080118-1840)]
    [C:\Program Files\DigitalPersona\Bin\DpoFeedb.dll]  [DigitalPersona, Inc., 3.0.0.2598]
    [C:\Windows\system32\SOGOUPY.IME]  [Sogou.com Inc., 4.0.0.1981]
[PID: 4636 / hy][C:\Program Files\360safe\safemon\360tray.exe]  [奇虎网, 5, 0, 0, 1002]
    [C:\Windows\system32\SOGOUPY.IME]  [Sogou.com Inc., 4.0.0.1981]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1007]
    [C:\Program Files\360safe\safemon\SafeKrnl.dll]  [奇虎网, 4, 3, 0, 1004]
    [C:\Program Files\360safe\AntiAdwa.dll]  [360Safe.com, 4, 2, 0, 1002]
    [C:\Program Files\360safe\live.dll]  [360.cn, 1, 0, 1, 1029]
[PID: 2824 / hy][D:\SREngLdr.EXE]  [Smallfrogs Studio, 2.7.0.1210]
[PID: 3248 / hy][C:\Users\hy\AppData\Local\Temp\SREBD60.EXE]  [Smallfrogs Studio, 2.7.0.1210]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1007]
    [C:\Windows\system32\SOGOUPY.IME]  [Sogou.com Inc., 4.0.0.1981]
[PID: 4696 / SYSTEM][C:\Windows\system32\SearchProtocolHost.exe]  [(Verified) Microsoft Corporation, 7.0.6001.16503 (longhorn(wmbla).080526-2159)]

==================================
文件关联
.TXT  Error. [C:\Windows\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["%SystemRoot%\hh.exe" %1]
.HLP  Error. [C:\Windows\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. ["%SystemRoot%\System32\WScript.exe" "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1      localhost
::1            localhost
127.0.0.1 c0mo.com
127.0.0.1 gxgxy.net
127.0.0.1 union.daqi.com
127.0.0.1 121.15.247.22
127.0.0.1 61.155.140.4
127.0.0.1 219.129.239.251
127.0.0.1 61.164.118.208
127.0.0.1 www.zmjjjyy.cn
127.0.0.1 user9.78-10.net
127.0.0.1 444.gmwo07.com
127.0.0.1 333.gmwo07.com
127.0.0.1 222.gmwo07.com
127.0.0.1 111.gmwo07.com
127.0.0.1 haha.yaoyao09.com
127.0.0.1 www.noseqing.cn
127.0.0.1 fg.pvs360.com
127.0.0.1 cw.pvs360.com
127.0.0.1 ta.pvs360.com
127.0.0.1 dl.pvs360.com
127.0.0.1 ok.sl8cjs.cn
127.0.0.1 nc.mskess.com
127.0.0.1 idc.windowsupdeta.cn
127.0.0.1 pvs360.com
127.0.0.1 sl8cjs.cn
127.0.0.1 windowsupdeta.cn
127.0.0.1 up.22x44.com
127.0.0.1 my.531jx.cn
127.0.0.1 nx.51ylb.cn
127.0.0.1 llboss.com
127.0.0.1 down.malasc.cn
127.0.0.1 d2.llsging.com
127.0.0.1 171817.171817.com
127.0.0.1 wg.47255.com
127.0.0.1 www.tomwg.com
127.0.0.1 tp.shpzhan.cn
127.0.0.1 1.joppnqq.com
127.0.0.1 xx.exiao01.com
127.0.0.1 www.22aaa.com
127.0.0.1 ilove.com
127.0.0.1 xxx.mmma.biz
127.0.0.1 www.868wg.com
127.0.0.1 2.joppnqq.com
127.0.0.1 1.jopanqc.com
127.0.0.1 yu.8s7.net
127.0.0.1 1.jopmmqq.com
127.0.0.1 cao.kv8.info
127.0.0.1 xtx.kv8.info
127.0.0.1 new.749571.com
127.0.0.1 xxx.vh7.biz
127.0.0.1 1.jopenkk.com
127.0.0.1 d.93se.com
127.0.0.1 3.joppnqq.com
127.0.0.1 xxx.j41m.com
127.0.0.1 1.jopenqc.com
127.0.0.1 xxx.m111.biz
127.0.0.1 down.18dd.net
127.0.0.1 www.333292.com
127.0.0.1 qqq.hao1658.com
127.0.0.1 qqq.dzydhx.com
127.0.0.1 www.exiao01.com
127.0.0.1 www.cike007.cn
==================================
进程特权扫描
N/A
==================================
计划任务
[已启用] [url=file://\\ExtendedServicePlan]\\ExtendedServicePlan[/url]
        "C:\Program Files\Hewlett-Packard\SDP\RemEngine.exe" ExtendedServicePlan ShowMessageTask
[已启用] [url=file://\\HPCeeScheduleForhy]\\HPCeeScheduleForhy[/url]
        C:\Program Files\Hewlett-Packard\SDP\Ceement\HPCEE.exe HPCeeScheduleForhy (null)
[已启用] [url=file://\\OGADaily]\\OGADaily[/url]
        C:\Windows\system32\OGAVerify.exe HPCeeScheduleForhy (null)
[已启用] [url=file://\\OGALogon]\\OGALogon[/url]
        C:\Windows\system32\OGAVerify.exe HPCeeScheduleForhy (null)
[已启用] [url=file://\\ServicePlan]\\ServicePlan[/url]
        "C:\Program Files\Hewlett-Packard\SDP\RemEngine.exe" ServicePlan ShowMessageTask3M
[已启用] [url=file://\\SogouImeMgr]\\SogouImeMgr[/url]
        C:\PROGRA~1\SOGOUI~1\400~1.198\PINYIN~1.EXE /S
[已启用] [url=file://\\{37BCAA5B-C0E7-460E-B401-9DD6825C377D]\\{37BCAA5B-C0E7-460E-B401-9DD6825C377D[/url]}
        C:\Windows\system32\pcalua.exe -a E:\Maxthon2\Maxthon.exe -d E:\Maxthon2 -c -debug
[已禁用] \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)
        N/A
[已启用] \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)
        N/A
[已启用] \Microsoft\Windows\Bluetooth\UninstallDeviceTask
        BthUdTask.exe $(Arg0)
[已启用] \Microsoft\Windows\CertificateServicesClient\SystemTask
        N/A
[已启用] \Microsoft\Windows\CertificateServicesClient\UserTask
        N/A
[已启用] \Microsoft\Windows\CertificateServicesClient\UserTask-Roam
        N/A
[已启用] \Microsoft\Windows\Customer Experience Improvement Program\Consolidator
        %SystemRoot%\System32\wsqmcons.exe
[已启用] \Microsoft\Windows\Customer Experience Improvement Program\OptinNotification
        %SystemRoot%\System32\wsqmcons.exe -n 0x1C577FA2B69CAD0
[已启用] \Microsoft\Windows\Customer Experience Improvement Program\Uploader
        %windir%\system32\WSqmCons.exe -u
[已启用] \Microsoft\Windows\Defrag\ManualDefrag
        %windir%\system32\defrag.exe [url=file://\\?\Volume{d69646dc-9763-11dd-ac3b-806e6f6e6963}\]\\?\Volume{d69646dc-9763-11dd-ac3b-806e6f6e6963}\[/url] [url=file://\\?\Volume{d69646dd-9763-11dd-ac3b-806e6f6e6963}\]\\?\Volume{d69646dd-9763-11dd-ac3b-806e6f6e6963}\[/url] [url=file://\\?\Volume{d69646de-9763-11dd-ac3b-806e6f6e6963}\]\\?\Volume{d69646de-9763-11dd-ac3b-806e6f6e6963}\[/url] [url=file://\\?\Volume{d69646df-9763-11dd-ac3b-806e6f6e6963}\]\\?\Volume{d69646df-9763-11dd-ac3b-806e6f6e6963}\[/url] [url=file://\\?\Volume{d69648fe-9763-11dd-ac3b-001d7243f2d5}\]\\?\Volume{d69648fe-9763-11dd-ac3b-001d7243f2d5}\[/url]
[已启用] \Microsoft\Windows\Defrag\ScheduledDefrag
        %windir%\system32\defrag.exe -c -i -g
[已启用] \Microsoft\Windows\Media Center\ehDRMInit
        %SystemRoot%\ehome\ehPrivJob.exe /DRMInit
[已启用] \Microsoft\Windows\Media Center\mcupdate
        %SystemRoot%\ehome\mcupdate $(Arg0) -gc
[已启用] \Microsoft\Windows\Media Center\OCURActivate
        %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
[已启用] \Microsoft\Windows\Media Center\OCURDiscovery
        %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery
[已启用] \Microsoft\Windows\Media Center\UpdateRecordPath
        %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
[已启用] \Microsoft\Windows\MobilePC\HotStart
        N/A
[已启用] \Microsoft\Windows\MobilePC\TMM
        N/A
[已启用] \Microsoft\Windows\MUI\LPRemove
        %windir%\system32\lpremove.exe
[已启用] \Microsoft\Windows\Multimedia\SystemSoundsService
        N/A
[已启用] \Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
        N/A
[已启用] \Microsoft\Windows\Shell\CrawlStartPages
        N/A
[已禁用] \Microsoft\Windows\SideShow\AutoWake
        N/A
[已启用] \Microsoft\Windows\SideShow\GadgetManager
        N/A
[已禁用] \Microsoft\Windows\SideShow\SessionAgent
        N/A
[已禁用] \Microsoft\Windows\SideShow\SystemDataProviders
        N/A
[已启用] \Microsoft\Windows\SystemRestore\SR
        %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
[已启用] \Microsoft\Windows\Tcpip\IpAddressConflict1
        rundll32 ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
[已启用] \Microsoft\Windows\Tcpip\IpAddressConflict2
        rundll32 ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
[已启用] \Microsoft\Windows\UPnP\UPnPHostConfig
        sc.exe config upnphost start= auto
[已启用] \Microsoft\Windows\Windows Error Reporting\QueueReporting
        %windir%\system32\wermgr.exe -queuereporting
[已启用] \Microsoft\Windows\WindowsCalendar\Reminders - hy
        C:\Program Files\Windows Calendar\WinCal.exe /reminder
[已启用] \Microsoft\Windows\Wired\GatherWiredInfo
        %windir%\system32\gatherWiredInfo.vbs
[已启用] \Microsoft\Windows\Wireless\GatherWirelessInfo
        %windir%\system32\gatherWirelessInfo.vbs
==================================
API HOOK
N/A
==================================
隐藏进程
N/A
==================================

[/CODE]

[rpcnetp / rpcnetp][Running/Manual Start]
  <2 - 系统找不到指定的文件。
><(File is missing)>
什么的服务