C盘空间突然从8G变为1.46G，电脑老卡 bbs.ikaka.com

ksws0397788 - 2008-11-22 20:03:00

==============================================================
金山清理专家系统诊断报告

该诊断报告由金山清理专家提供 http://www.duba.net
==============================================================

诊断时间: 2008-11-22, 20:12
诊断平台: Windows XP [5.1.2600] Service Pack 3
IE版本: Internet Explorer V7.0.13.5730
计算机物理内存: 1023(MB)
当前可用内存: 572(MB)
硬盘总大小: 135(GB)
硬盘可用空间: 115(GB)
清理专家版本: 2008.06.13.404
恶意软件库版本: 0.00.00.0
漏洞库版本: 0.00.00.0

==============================================================
常规启动项
==============================================================

该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

[NvCplDaemon] <; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>

[NvMediaCenter] <; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>

[SoundMAXPnP] <; C:\Program Files\Analog Devices\Core\smax4pnp.exe>

--------------------------------------------------------------
该项来源: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\KASDisabled

[QQDownload] <REM "C:\Program Files\Tencent\QQDownload\QQDownload.exe" autostart>

==============================================================
启动文件夹位置
==============================================================

Common Startup: C:\Documents and Settings\All Users\「开始」菜单\程序\启动
Startup: C:\Documents and Settings\Administrator\「开始」菜单\程序\启动
Common Startup: %ALLUSERSPROFILE%\「开始」菜单\程序\启动

==============================================================
Host File
==============================================================

127.0.0.1 localhost

==============================================================
驱动程序
==============================================================

该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32

[msacm.avis] [已启用] <ff_acm.acm>

--------------------------------------------------------------
该项来源: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

[AlcwWmDrv] [已启用] <\??\C:\WINDOWS\system32\drivers\AlcwWmDrv.sys>

[sptd] [已启用] <System32\Drivers\sptd.sys>
文件路径: C:\WINDOWS\system32\Drivers\sptd.sys [文件无法访问]

[WmRegProDrv] [已启用] <System32\Drivers\WmRegProDrv.sys>

==============================================================
当前进程
==============================================================

名称: 金-山-诊-断及粉-碎-器.exe [已启用]
命令行: "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.390\金-山-诊-断及粉-碎-器.exe"
文件路径: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.390\金-山-诊-断及粉-碎-器.exe [未知]
模块文件: C:\WINDOWS\system32\ntdll.dll (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\kernel32.dll (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\ADVAPI32.DLL (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\RPCRT4.dll (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\Secur32.dll (Microsoft Corporation)
模块文件: C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.DLL (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\msvcrt.dll (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\GDI32.dll (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\USER32.dll (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\SHLWAPI.dll (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\COMDLG32.DLL (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\OLE32.DLL (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\IMM32.DLL (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\LPK.DLL (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\USP10.dll (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\kmon.dll (Beijing Rising Information Technology Co.. Ltd.)
模块文件: F:\瑞星\comx3.dll (Beijing Rising Information Technology Co.. Ltd.)
模块文件: F:\瑞星\Syslay.dll (Beijing Rising Information Technology Co.. Ltd.)
模块文件: C:\WINDOWS\system32\Wtsapi32.dll (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\WINSTA.dll (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\NETAPI32.dll (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\OLEAUT32.dll (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\iertutil.dll (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\riched32.dll (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\RICHED20.dll (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\uxtheme.dll (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\MSCTF.dll (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\msctfime.ime (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\SOGOUPY.IME (Sogou.com Inc.)
模块文件: C:\WINDOWS\system32\MSIMG32.dll (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\VERSION.dll (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\NTMARTA.DLL (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\SAMLIB.dll (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\WLDAP32.dll (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\SETUPAPI.dll (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\appHelp.dll (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\CLBCATQ.DLL (Microsoft Corporation)
模块文件: C:\WINDOWS\system32\COMRes.dll (Microsoft Corporation)

==============================================================
ActiveX控件
==============================================================

该项来源: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats

[VaCom.Application]
<{51E88884-1306-4444-B22D-C34119E44232}> <D:\DOWNLO~1\Movie\飞速TU~1\TDVaCom.Dll>

==============================================================
其他安全区域
==============================================================

该项来源: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

[显示摇曳 CPL 扩展] <deskpan.dll>

ksws0397788 - 2008-11-22 20:04:00

[CODE]

2008-11-22,20:07:12

System Repair Engineer 2.7.0.1210
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 3 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描
计划任务
API HOOK
隐藏进程

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Component Publisher]
<KPPMain><D:\Backup\我的文档\000\杀软2\KPP\KPPMain.exe> [(Verified)KINGSOFT CORPORATION]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<ZSSnp211><C:\WINDOWS\ZSSnp211.exe> [ZSMCSNAP]
<runeip><"F:\瑞星\rstray.exe" /startup> [(Verified)Beijing Rising Information Technology Corporation Limited]
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [(Verified)Beijing Rising Information Technology Corporation Limited]
<RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [(Verified)Beijing Rising Information Technology Corporation Limited]
<Thunder><"C:\Program Files\Thunder Network\Thunder\Thunder.exe" /s> [Thunder Networking Technologies,LTD]
<NvMediaCenter><; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<SoundMAXPnP><; C:\Program Files\Analog Devices\Core\smax4pnp.exe> [Analog Devices, Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<KKDelay><F:\瑞星\RunOnce.exe> [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><kmon.dll> [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll> [(Verified)Microsoft Windows Component Publisher]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<PostBootReminder><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
<CDBurn><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
<WebCheck><C:\WINDOWS\system32\webcheck.dll> [(Verified)Microsoft Windows Component Publisher]
<SysTray><C:\WINDOWS\system32\stobject.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
<WinlogonNotify: crypt32chain><crypt32.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
<WinlogonNotify: cryptnet><cryptnet.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
<WinlogonNotify: cscdll><cscdll.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
<WinlogonNotify: dimsntfy><%SystemRoot%\System32\dimsntfy.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
<WinlogonNotify: ScCertProp><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
<WinlogonNotify: Schedule><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
<WinlogonNotify: sclgntfy><sclgntfy.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
<WinlogonNotify: SensLogn><WlNotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
<WinlogonNotify: termsrv><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
<WinlogonNotify: wlballoon><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
<IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
<Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
<Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
<Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -BaseSettings> [(Verified)Microsoft Windows Component Publisher]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\WINDOWS\system32\scrnsave.scr> [(Verified)Microsoft Windows Component Publisher]

==================================
启动文件夹
[谷歌金山词霸合作版]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\谷歌金山词霸合作版.lnk --> F:\金山词霸\POWERW~1\XDict.exe [Copyright (c) Kingsoft Corporation Limited. All rights reserved.]><N>
[腾讯QQ]
<C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\腾讯QQ.lnk --> C:\PROGRA~1\Tencent\QQ\QQ.exe [TENCENT]><N>
[QQ游戏启动加速程序]
<C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> C:\PROGRA~1\Tencent\QQGame\Accel.exe [深圳市腾讯计算机系统有限公司]><N>

==================================
服务
[Contrl Center of Storm Media / ccosm][Running/Auto Start]
<C:\Program Files\StormII\stormliv.exe /asservice><北京暴风网际科技有限公司>
[Kingsoft Basic Service / kaccore][Stopped/Manual Start]
<"C:\Program Files\Kingsoft\KAC\Service\kaccore.exe"><Kingsoft Corporation>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Rising Proxy Service / RfwProxySrv][Running/Auto Start]
<C:\Program Files\Rising\Rfw\rfwProxy.exe><Beijing Rising Information Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
<C:\Program Files\Rising\Rfw\rfwsrv.exe><Beijing Rising Information Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Information Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
<"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Information Technology Co., Ltd.>

==================================
驱动程序
[A320RAID / A320RAID][Stopped/Boot Start]
<\SystemRoot\System32\Drivers\a320raid.sys><Adaptec, Inc.>
[ADI UAA Function Driver for High Definition Audio Service / ADIHdAudAddService][Running/Manual Start]
<system32\drivers\ADIHdAud.sys><Analog Devices, Inc.>
[ADPU320 / ADPU320][Stopped/Boot Start]
<\SystemRoot\System32\Drivers\adpu320.sys><Adaptec, Inc.>
[AE Audio Service / AEAudio][Running/Manual Start]
<system32\drivers\AEAudio.sys><Andrea Electronics Corporation>
[ahci8086 / ahci8086][Running/Boot Start]
<\SystemRoot\System32\Drivers\ahci8086.sys><ATI Technologies Inc.>
[AlcwWmDrv / AlcwWmDrv][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\drivers\AlcwWmDrv.sys><N/A>
[AmdK8 Compatible Device / AmdK8][Stopped/Manual Start]
<System32\drivers\amdk8.sys><Advanced Micro Devices>
[CSB6IDE / CSB6IDE][Running/Boot Start]
<\SystemRoot\System32\Drivers\csb6ide.sys><ServerWorks Corporation>
[FASTTRAK / FASTTRAK][Running/Boot Start]
<\SystemRoot\System32\Drivers\fasttrak.sys><Promise Technology, Inc.>
[VIA Rhine Family Fast Ethernet Adapter Driver Service / FETNDISB][Stopped/Manual Start]
<system32\DRIVERS\fetnd5b.sys><VIA Technologies, Inc.>
[FTSATA2 / FTSATA2][Running/Boot Start]
<\SystemRoot\System32\Drivers\ftsata2.sys><Promise Technology, Inc.>
[Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start]
<system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HookCont / HookCont][Running/System Start]
<\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Information Technology Co., Ltd.>
[HookNtos / HookNtos][Running/System Start]
<\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Information Technology Co., Ltd.>
[HookReg / HookReg][Running/System Start]
<\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Information Technology Co., Ltd.>
[HookSys / HookSys][Running/System Start]
<\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Information Technology Co., Ltd.>
[HookUrl / HookUrl][Running/Auto Start]
<\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Information Technology Co., Ltd.>
[IASTOR / IASTOR][Running/Boot Start]
<\SystemRoot\System32\Drivers\iaStor.sys><Intel Corporation>
[ITERAID / ITERAID][Stopped/Boot Start]
<\SystemRoot\System32\Drivers\iteraid.sys><Integrated Technology Express, Inc.>
[JRAID / JRAID][Running/Boot Start]
<\SystemRoot\System32\Drivers\JRAID.SYS><JMicron Technology Corp.>
[KPPDriver / KPPDriver][Running/Manual Start]
<\??\C:\WINDOWS\system32\drivers\KPPDriver.sys><Kingsoft Corporation>
[M5228 / M5228][Stopped/Boot Start]
<\SystemRoot\System32\Drivers\m5228.sys><ALi Corporation.>
[M5281 / M5281][Running/Boot Start]
<\SystemRoot\System32\Drivers\m5281.sys><ALi Corporation>
[M5289 / M5289][Running/Boot Start]
<\SystemRoot\System32\Drivers\m5289.sys><ULi Electronics Inc.>
[Nokia USB Phone Parent / nmwcd][Stopped/Manual Start]
<system32\drivers\ccdcmb.sys><Nokia>
[nv / nv][Running/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[NVATABUS / NVATABUS][Running/Boot Start]
<\SystemRoot\System32\Drivers\NVATABUS.SYS><NVIDIA Corporation>
[NVRAID / NVRAID][Running/Boot Start]
<\SystemRoot\System32\Drivers\NVRAID.SYS><NVIDIA Corporation>
[PnpWmkDrv / PnpWmkDrv][Running/System Start]
<\??\C:\WINDOWS\system32\drivers\PnpWmkDrv.sys><Windows (R) 2000 DDK provider>
[StarForce Protection Environment Driver v6 / prodrv06][Running/System Start]
<\SystemRoot\System32\drivers\prodrv06.sys><Protection Technology>
[StarForce Protection Helper Driver v2 / prohlp02][Running/Boot Start]
<\SystemRoot\System32\drivers\prohlp02.sys><Protection Technology>
[StarForce Protection Synchronization Driver v1 / prosync1][Running/Boot Start]
<\SystemRoot\System32\drivers\prosync1.sys><Protection Technology>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Rising Rfwbase Driver / RfwBase][Running/Auto Start]
<System32\DRIVERS\rfwbase.SYS><Beijing Rising Information Technology Co., Ltd.>
[RsFwDrv / RsFwDrv][Running/System Start]
<\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Information Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Information Technology Co., Ltd.>
[Realtek 10/100/1000 PCI NIC Family NDIS XP Driver / RTL8023xp][Running/Manual Start]
<system32\DRIVERS\Rtnicxp.sys><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SenFilt Service / SenFiltService][Running/Manual Start]
<system32\drivers\Senfilt.sys><Sensaura>
[StarForce Protection Helper Driver / sfhlp01][Running/Boot Start]
<\SystemRoot\System32\drivers\sfhlp01.sys><Protection Technology>
[SI3112R / SI3112R][Stopped/Boot Start]
<\SystemRoot\System32\Drivers\SI3112r.sys><Silicon

ksws0397788 - 2008-11-22 20:05:00

mage, Inc>
[SI3114R / SI3114R][Stopped/Boot Start]
<\SystemRoot\SYSTEM32\Drivers\SI3114R.sys><Silicon Image, Inc>
[SI3114R5 / SI3114R5][Stopped/Boot Start]
<\SystemRoot\System32\Drivers\Si3114r5.sys><Silicon Image, Inc>
[SI3124 / SI3124][Stopped/Boot Start]
<\SystemRoot\SYSTEM32\Drivers\SI3124.sys><Silicon Image, Inc.>
[SI3124R / SI3124R][Stopped/Boot Start]
<\SystemRoot\SYSTEM32\Drivers\SI3124R.sys><Silicon Image, Inc>
[SI3124R5 / SI3124R5][Stopped/Boot Start]
<\SystemRoot\SYSTEM32\Drivers\Si3124r5.sys><Silicon Image, Inc>
[SI3132 / SI3132][Stopped/Boot Start]
<\SystemRoot\System32\Drivers\SI3132.sys><Silicon Image, Inc.>
[SI3132R5 / SI3132R5][Stopped/Boot Start]
<\SystemRoot\System32\Drivers\Si3132r5.sys><Silicon Image, Inc>
[SISRAID2 / SISRAID2][Stopped/Boot Start]
<\SystemRoot\System32\Drivers\SiSRaid2.sys><Silicon Integrated Systems Corp>
[SISRAID4 / SISRAID4][Stopped/Boot Start]
<\SystemRoot\System32\Drivers\SiSRaid4.sys><Silicon Integrated Systems>
[sptd / sptd][Running/Boot Start]
<\SystemRoot\System32\Drivers\sptd.sys><N/A>
[SAMSUNG Mobile USB Device 1.0 driver (WDM) / ss_bus][Stopped/Manual Start]
<system32\DRIVERS\ss_bus.sys><MCCI Corporation>
[SAMSUNG Mobile USB Modem 1.0 Filter / ss_mdfl][Stopped/Manual Start]
<system32\DRIVERS\ss_mdfl.sys><MCCI Corporation>
[SAMSUNG Mobile USB Modem 1.0 Drivers / ss_mdm][Stopped/Manual Start]
<system32\DRIVERS\ss_mdm.sys><MCCI Corporation>
[SYMMPI / SYMMPI][Stopped/Boot Start]
<\SystemRoot\System32\Drivers\symmpi.sys><LSI Logic>
[sym_hi / sym_hi][Running/Boot Start]
<\SystemRoot\System32\Drivers\sym_hi.sys><LSI Logic>
[sym_u3 / sym_u3][Running/Boot Start]
<\SystemRoot\System32\Drivers\sym_u3.sys><LSI Logic>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
<system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[TesSafe / TesSafe][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>
[TSKSP / TSKSP][Stopped/Manual Start]
<\??\C:\Program Files\Tencent\QQDoctor\TSKSP.sys><Tencent>
[ULSATA / ULSATA][Running/Boot Start]
<\SystemRoot\System32\Drivers\ulsata.sys><Promise Technology, Inc.>
[ULSATA2 / ULSATA2][Running/Boot Start]
<\SystemRoot\System32\Drivers\ulsata2.sys><Promise Technology, Inc.>
[VIAMRAID / VIAMRAID][Stopped/Boot Start]
<\SystemRoot\System32\Drivers\viamraid.sys><VIA Technologies inc,.ltd>
[vmscsi / vmscsi][Stopped/Boot Start]
<\SystemRoot\System32\Drivers\vmscsi.sys><VMware, Inc.>
[WmRegProDrv / WmRegProDrv][Stopped/Manual Start]
<System32\Drivers\WmRegProDrv.sys><N/A>
[USB PC Camera (ZS0211) / ZSMC211][Stopped/Manual Start]
<System32\Drivers\ZS211.sys><ZSMC Corporation>

==================================
浏览器加载项
[ThunderAtOnce Class]
{01443AEC-0FD1-40fd-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[卡卡上网安全助手]
{98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} <C:\WINDOWS\system32\UrlFilter.dll, (Signed) Beijing Rising Information Technology Co., Ltd.>
[CBBrowerBuddy Class]
{A412E581-59B2-485E-834F-C5F0C0268C79} <F:\金山词霸\PowerWord Lite\CBEBand.dll, (Signed) Copyright (c) Kingsoft Corporation Limited. All rights reserved.>
[启动迅雷5]
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[CBBrowerBuddy Class]
{A412E581-59B2-485E-834F-C5F0C0268C79} <F:\金山词霸\PowerWord Lite\CBEBand.dll, (Signed) Copyright (c) Kingsoft Corporation Limited. All rights reserved.>
[]
{e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, (Signed) Microsoft Corporation>
[瑞星卡卡工具条(&R)]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\KakaTool.dll, (Signed) Beijing Rising Information Technology Co., Ltd.>
[PhotoDraw Class]
{2375BEE5-F175-4F1C-81EC-8E4E2E72E2DD} <c:\program files\tencent\qq\Qzone\QQPhotoDraw.dll, (Signed) TENCENT>
[EditCtrl Class]
{488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, (Signed) >
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, (Signed) Microsoft Corporation>
[MUWebControl Class]
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, (Signed) Microsoft Corporation>
[AxInputControl Class]
{73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\system32\INPUTC~1.DLL, >
[PMPXPlayerCtl Class]
{88E07994-F8DD-4952-8DBF-0C4617F11117} <C:\Program Files\CCTV\CCTV-MSRA Video Client\1.0.257\PMPXPlayer.dll, Microsoft Corporation>
[CCTVUpdateInstall]
{AC414988-E5BB-4C2C-873B-EA53D2F3D23A} <C:\WINDOWS\Downloaded Program Files\CCTVUpdateInstall.dll, (Signed) >
[]
{B2EC6023-6C00-49F9-A8BE-3AAC4E326BA4} <, >
[GetWebContent Class]
{B80CBA99-2493-4343-8A83-386E9F3CA5C2} <C:\WINDOWS\system32\WebReadOnLine_ATL.dll, (Signed) isoshu>
[ScreenCapture Class]
{BFB79EE1-04AE-4D4A-B85E-27EE5F30C095} <C:\WINDOWS\system32\TXGYMailActiveX.dll, (Signed) Tencent Inc.>
[Tencent Safety Online Base Module]
{C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <C:\WINDOWS\DOWNLO~1\TSOBase.ocx, (Signed) Tencent Corporation>
[ScienceWord Control 5.0]
{C29E7AB7-8C79-421A-AB75-0AE00E848C2D} <C:\WINDOWS\system32\SCIENC~1.OCX, Novoasoft Corporation>
[]
{00000000-12C9-4305-82F9-43058F20E8D2} <, >
[ThunderAtOnce Class]
{01443AEC-0FD1-40FD-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <, >
[]
{06A70D58-8D40-49DD-B46B-DC00AA3ADCA4} <, >
[]
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <, >
[]
{0A47E819-F82E-4D5D-B806-6A9EA94D68CD} <, >
[PeerDraw Class]
{10072CEC-8CC1-11D1-986E-00A0C955B42E} <%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll, (Signed) N/A>
[]
{11F2A418-94B2-4E16-9B0C-B00C0435F903} <, >
[]
{1345F3CB-7C40-41C2-9AC2-87CF8B68E34E} <, >
[Fade]
{16B280C5-EE70-11D1-9066-00C04FD9189D} <C:\WINDOWS\system32\Dxtmsft.dll, (Signed) Microsoft Corporation>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, (Signed) Microsoft Corporation>
[]
{1CD4FAEE-09F6-4B77-8A49-EF2A9EBC8D46} <, >
[InstallHelper Class]
{1DABF8D5-8430-4985-9B7F-A30E53D709B3} <C:\Program Files\Tencent\QQ\QQLive\QQLiveInstaller.dll, (Signed) >
[iTrusPTA Class]
{1E0DFFCF-27FF-4574-849B-55007349FEDA} <C:\WINDOWS\system32\aliedit\pta.dll, (Signed) >
[]
{1F364306-AA45-47B5-9F9D-39A8B94E7EF1} <, >
[]
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <, >
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, (Signed) Microsoft Corporation>
[]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <, >
[PhotoDraw Class]
{2375BEE5-F175-4F1C-81EC-8E4E2E72E2DD} <c:\program files\tencent\qq\Qzone\QQPhotoDraw.dll, (Signed) TENCENT>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <C:\WINDOWS\system32\mshtml.dll, (Signed) Microsoft Corporation>
[XML DOM Document]
{2933BF90-7B36-11D2-B20E-00C04F983E60} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[XSL Template]
{2933BF94-7B36-11D2-B20E-00C04F983E60} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, (Signed) Microsoft Corporation>
[]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <, >
[RealPlayer RAM Download Handler]
{2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <C:\WINDOWS\system32\rmoc3260.dll, (Signed) RealNetworks, Inc.>
[HtmlDlgSafeHelper Class]
{3050F819-98B5-11CF-BB82-00AA00BDCE0B} <C:\WINDOWS\system32\mshtmled.dll, (Signed) Microsoft Corporation>
[]
{381FFDE8-2394-4F90-B10D-FC6124A40F8C} <, >
[]
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <, >
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[Thunder Agent Class]
{485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <C:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[EditCtrl Class]
{488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, (Signed) >
[]
{4E8A5278-C04E-4FE3-BF78-8A7CCD6EF333} <, >
[Microsoft Terminal Services Client Control (redist)]
{4eb89ff4-7f78-4a0f-8b8d-2bf02e94e4b2} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[Microsoft Terminal Services Client Control (redist)]
{4EDCB26C-D24C-4e72-AF07-B576699AC0DE} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[CoopenControl Class]
{51D33728-411D-423D-B1C3-92717AB6970A} <C:\Program Files\Coopen\CoopenActiveControl89.dll, 北京首都在线网络技术有限公司>
[VaCom.Application]
{51E88884-1306-4444-B22D-C34119E44232} <D:\DOWNLO~1\Movie\飞速TU~1\TDVaCom.Dll, N/A>
[HHCtrl Object]
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, (Signed) Microsoft Corporation>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>
[]
{55302805-482E-470E-8A57-6795A1487F90} <, >
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, (Signed) Microsoft Corporation>
[XMP Class]
{6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, Xunlei Networking Technologies,LTD>
[QQMusicCreator Class]
{6927992D-6A89-4549-8A32-95901BF5D920} <, >
[XDRM]
{693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[StormPlayer Object]
{6BE52E1D-E586-474F-A6E2-1A85A9B4D9FB} <C:\Program Files\StormII\mps.dll, (Signed) 北京暴风网际科技有限公司>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[WangWangObj Class]
{6E213FC7-DD5A-4115-B7E6-D4C7838C361E} <D:\Backup\我的文档\000\新建文件夹 (2)\WangWang\WangWangX6.dll, (Signed) 阿里巴巴软件(上海)有限公司>
[MUWebControl Class]
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, (Signed) Microsoft Corporation>
[Active Desktop Mover]
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, (Signed) N/A>
[Microsoft Terminal Services Client Control (redist)]
{7390f3d8-0439-4c05-91e3-cf5cb290c3d0} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[AxInputControl Class]
{73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\system32\INPUTC~1.DLL, >
[]
{7550D5D5-D85C-414F-B623-0AD223AEC216} <, >
[Microsoft Terminal Services Client Control (redist)]
{7584c670-2274-4efb-b00b-d6aaba6d3850} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[MediaComm Class]
{7670648D-461B-42AF-BDFE-46D26AF5EFF2} <C:\Program Files\Thunder Network\Thunder\Components\InMedia\MediaAddin18.dll, (Signed) Thunder Networking Technologies,LTD>
[NCTAudioFile2 Class]
{77829F14-D911-40FF-A2F0-D11DB8D6D0BC} <C:\Program Files\Mobile PhoneTools\NCTAudioFile2.dll, NCT Company Ltd.>
[]
{78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} <, >
[XDownloaddManager Class]
{802F530B-A8F6-4631-AE49-6BACAAC6373E} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[Microsoft Web Browser]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[XML DOM Document 4.0]
{88D969C0-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml4.dll, (Signed) Microsoft Corporation>
[XML HTTP 4.0]
{88D969C5-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml4.dll, (Signed) Microsoft Corporation>
[XML DOM 文档 5.0]
{88D969E5-F192-11D4-A65F-0040963251E5} <C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSXML5.DLL, (Signed) Microsoft Corporation>
[XML HTTP 5.0]
{88D969EA-F192-11D4-A65F-0040963251E5} <C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSXML5.DLL, (Signed) Microsoft Corporation>
[XML DOM Document 6.0]
{88D96A05-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation>
[XML HTTP 6.0]
{88D96A0A-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation>
[PMPXPlayerCtl Class]
{88E07994-F8DD-4952-8DBF-0C4617F11117} <C:\Program Files\CCTV\CCTV-MSRA Video Client\1.0.257\PMPXPlayer.dll, Microsoft Corporation>
[Uploader Class]
{8B054DFE-79A3-4A6A-9F46-CD2A2F601129} <C:\WINDOWS\system32\TXGYMailActiveX.dll, (Signed) Tencent Inc.>
[AxSubmitControl Class]
{8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\system32\SUBMIT~1.DLL, >
[Microsoft Terminal Services Client Control (redist)]
{9059f30f-4eb1-4bd2-9fdc-36f43a218f4a} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[]
{95B3F550-91C4-4627-BCC4-521288C52977} <, >
[卡卡上网安全助手]
{98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} <C:\WINDOWS\system32\UrlFilter.dll, (Signed) Beijing Rising Information Technology Co., Ltd.>
[]
{99F99EC9-2DC7-4036-A083-F49C2199FB1A} <, >
[]
{9FAFB576-6933-4CCC-AB3D-B988EC43D04E} <, >
[CBBrowerBuddy Class]
{A412E581-59B2-485E-834F-C5F0C0268C79} <F:\金山词霸\PowerWord Lite\CBEBand.dll, (Signed) Copyright (c) Kingsoft Corporation Limited. All rights reserved.>
[UploadFilePartition Class]
{A877BA28-1F7E-4876-B299-50B3199A1A5D} <C:\WINDOWS\system32\TXGYMailActiveX.dll, (Signed) Tencent Inc.>
[]
{A986E409-30CC-4185-89BB-AB212C104524} <, >
[RMGetLicense Class]
{A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, (Signed) Microsoft Corporation>
[]
{AA58ED58-01DD-4D91-8333-CF10577473F7} <, >
[CCTVUpdateInstall]
{AC414988-E5BB-4C2C-873B-EA53D2F3D23A} <C:\WINDOWS\Downloaded Program Files\CCTVUpdateInstall.dll, (Signed) >
[DapCtrl Class]

ksws0397788 - 2008-11-22 20:05:00

{ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.1.5805.77.(647).dll, ShenZhen Thunder Networking Technologies Ltd.>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, (Signed) Microsoft Corporation>
[UploadManager Class]
{AF2F4E3F-DC4D-40B3-B7DA-77974FF2F317} <C:\WINDOWS\system32\CMUpload.dll, NetEase(Hangzhou)Network Tech.Co.,Ltd.>
[]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <, >
[]
{B2EC6023-6C00-49F9-A8BE-3AAC4E326BA4} <, >
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A>
[]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <, >
[ScreenCapture163 Class]
{B6DEE590-8486-4F35-86BB-265FC72DBD96} <C:\WINDOWS\system32\163screencapture.dll, NetEase(Hangzhou)Network Tech.Co.,Ltd.>
[GetWebContent Class]
{B80CBA99-2493-4343-8A83-386E9F3CA5C2} <C:\WINDOWS\system32\WebReadOnLine_ATL.dll, (Signed) isoshu>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, (Signed) Microsoft Corporation>
[ScreenCapture Class]
{BFB79EE1-04AE-4D4A-B85E-27EE5F30C095} <C:\WINDOWS\system32\TXGYMailActiveX.dll, (Signed) Tencent Inc.>
[Tencent Safety Online Base Module]
{C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <C:\WINDOWS\DOWNLO~1\TSOBase.ocx, (Signed) Tencent Corporation>
[ScienceWord Control 5.0]
{C29E7AB7-8C79-421A-AB75-0AE00E848C2D} <C:\WINDOWS\system32\SCIENC~1.OCX, Novoasoft Corporation>
[]
{C661F36D-DF85-4EF4-83C7-E107B83D04B1} <, >
[KooPlayer Control]
{C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\DOCUME~1\ADMINI~1\APPLIC~1\CCTV\tv\CCTVPL~1.OCX, (Signed) CCTV.COM>
[]
{C74E94A7-B7BD-4891-9328-455395BCC7AD} <, >
[QQPlayerCtrl Class]
{CD108273-D434-43E6-AA90-1469F97EB398} <C:\Program Files\Tencent\QQ\QzoneMusic.dll, (Signed) 深圳腾讯科技>
[AUDIO__MID Moniker Class]
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, (Signed) RealNetworks, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx, (Signed) Adobe Systems, Inc.>
[]
{D6E814A0-E0C5-11D4-8D29-0050BA6940E3} <, >
[]
{D82303B7-A754-4DCB-8AFC-8CF99435AACE} <, >
[]
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <, >
[瑞星卡卡工具条(&R)]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\KakaTool.dll, (Signed) Beijing Rising Information Technology Co., Ltd.>
[Microsoft Silverlight]
{DFEAF541-F3E1-4C24-ACAC-99C30715084A} <C:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll, (Signed) Microsoft Corporation>
[PlayerCtrl Class]
{E05BC2A3-9A46-4A32-80C9-023A473F5B23} <C:\Program Files\Tencent\QQ\QzoneMusic.dll, (Signed) 深圳腾讯科技>
[]
{E2E2DD38-D088-4134-82B7-F2BA38496583} <, >
[RevealTrans]
{E31E87C4-86EA-4940-9B8A-5BD5D179A737} <C:\WINDOWS\system32\Dxtmsft.dll, (Signed) Microsoft Corporation>
[PasswordEditCtrl Class]
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, (Signed) 腾讯科技（深圳）有限公司>
[]
{E847C78C-C210-4195-8799-FBF3BF89797D} <, >
[TimwpDll.TimwpCheck]
{ED4CA2E5-0EEA-44C1-AD7E-74A07A7507A4} <C:\PROGRA~1\Tencent\QQ\Timwp.dll, (Signed) TENCENT>
[XML HTTP Request]
{ED8C108E-4349-11D2-91A4-00C04F7969E8} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[Thunder DapPlayer]
{EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <C:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DapPlayer3.0.5712.71.75.dll, ShenZhen Thunder Networking Technologies Ltd.>
[]
{F156768E-81EF-470C-9057-481BA8380DBA} <, >
[XPPlayer Class]
{F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Program Files\Common Files\Thunder Network\KanKan\PPlayer.2.1.5853.212.(647).dll, Xunlei Networking Technologies,LTD>
[XML DOM Document 3.0]
{F5078F32-C551-11D3-89B9-0000F81FE221} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[Free Threaded XML DOM Document 3.0]
{F5078F33-C551-11D3-89B9-0000F81FE221} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[XML HTTP 3.0]
{F5078F35-C551-11D3-89B9-0000F81FE221} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[XSL Template 3.0]
{F5078F36-C551-11D3-89B9-0000F81FE221} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[XML DOM Document]
{F6D90F11-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[XML HTTP]
{F6D90F16-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[]
{FB5DA724-162B-11D3-8B9B-AA70B4B0B524} <, >
[]
{FB5DA724-162B-11D3-8B9B-AA70B4B0B525} <, >
[]
{FB5F1910-F110-11D2-BB9E-00C04F795683} <, >
[]
{FCCD3612-8C0F-476D-969E-4243DF89C3CE} <, >
[使用迅雷下载]
<C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[使用迅雷下载全部链接]
<C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>

==================================
正在运行的进程
[PID: 484 / SYSTEM][\SystemRoot\System32\smss.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 560 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 584 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.6.0.1653]
[PID: 628 / SYSTEM][C:\WINDOWS\system32\services.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 640 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 804 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 864 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 928 / SYSTEM][C:\Program Files\Rising\Rav\CCenter.exe] [Beijing Rising Information Technology Co., Ltd., 20.0.0.33]
[C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 944 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5]
[PID: 1012 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 1048 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 1096 / SYSTEM][C:\PROGRAM FILES\RISING\RAV\ravmond.exe] [Beijing Rising Information Technology Co., Ltd., 20.0.0.80]
[C:\PROGRAM FILES\RISING\RAV\BWList.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.5]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.1]
[C:\PROGRAM FILES\RISING\RAV\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.19]
[C:\PROGRAM FILES\RISING\RAV\RsLog.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.36]
[C:\PROGRAM FILES\RISING\RAV\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[C:\PROGRAM FILES\RISING\RAV\MonRule.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.29]
[C:\PROGRAM FILES\RISING\RAV\Hooksys.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 12]
[C:\PROGRAM FILES\RISING\RAV\HookReg.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6]
[C:\PROGRAM FILES\RISING\RAV\HookNtos.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5]
[C:\PROGRAM FILES\RISING\RAV\rswalmon.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 24]
[C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\PROGRAM FILES\RISING\RAV\recomp.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 41]
[C:\PROGRAM FILES\RISING\RAV\refs.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18]
[C:\PROGRAM FILES\RISING\RAV\ffr.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
[C:\Program Files\Rising\Rav\RsStore.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.9]
[C:\PROGRAM FILES\RISING\RAV\HookCont.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3]
[C:\Program Files\Rising\Rav\fakescan.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.14]
[C:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.39]
[C:\PROGRAM FILES\RISING\RAV\viruslib.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27]
[C:\PROGRAM FILES\RISING\RAV\relibldr.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.6.0.1653]
[C:\PROGRAM FILES\RISING\RAV\HookWeb.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.3]
[C:\PROGRAM FILES\RISING\RAV\extfile.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 32]
[C:\PROGRAM FILES\RISING\RAV\pearc.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 8]
[C:\PROGRAM FILES\RISING\RAV\nvfile.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 7]
[C:\PROGRAM FILES\RISING\RAV\scanexec.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 22]

ksws0397788 - 2008-11-22 20:05:00

I
[C:\PROGRAM FILES\RISING\RAV\unexe.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 6]
[C:\PROGRAM FILES\RISING\RAV\scanex.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 99]
[C:\PROGRAM FILES\RISING\RAV\scanpack.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10]
[C:\PROGRAM FILES\RISING\RAV\revm.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 11]
[C:\PROGRAM FILES\RISING\RAV\urutils.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 7]
[C:\PROGRAM FILES\RISING\RAV\ur000.dat] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 22]
[C:\PROGRAM FILES\RISING\RAV\extmail.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10]
[C:\PROGRAM FILES\RISING\RAV\scriptci.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 4]
[C:\PROGRAM FILES\RISING\RAV\ur023.dat] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 3]
[C:\PROGRAM FILES\RISING\RAV\scansct.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 11]
[C:\PROGRAM FILES\RISING\RAV\uroutine.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27]
[C:\PROGRAM FILES\RISING\RAV\ur001.dat] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5]
[C:\PROGRAM FILES\RISING\RAV\extole.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 13]
[PID: 1112 / SYSTEM][C:\Program Files\Rising\Rfw\rfwsrv.exe] [Beijing Rising Information Technology Co., Ltd., 7.0.0.77]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
[C:\WINDOWS\system32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Rising\Rfw\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[C:\Program Files\Rising\Rfw\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[C:\Program Files\Rising\Rfw\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.1]
[C:\Program Files\Rising\Rfw\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.19]
[C:\Program Files\Rising\Rfw\RfwRule.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.17]
[C:\Program Files\Rising\Rfw\rfwlog.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.16]
[C:\Program Files\Rising\Rfw\Rfwdrv.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.50]
[C:\Program Files\Rising\Rfw\ijt_ctrl.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.0]
[C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\Program Files\Rising\Rfw\unvdet.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.8]
[C:\Program Files\Rising\Rfw\mPorts.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.6]
[PID: 1168 / SYSTEM][C:\Program Files\Rising\Rfw\rfwProxy.exe] [Beijing Rising Information Technology Co., Ltd., 7.0.0.37]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
[C:\WINDOWS\system32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Rising\Rfw\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[C:\Program Files\Rising\Rfw\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[C:\Program Files\Rising\Rfw\RfwRule.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.17]
[C:\Program Files\Rising\Rfw\urlrule.dll] [Beijing Rising Information Technology Co., Ltd., 1.0.0.15]
[C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\Program Files\Rising\Rfw\MonMid.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.6]
[PID: 1484 / SYSTEM][C:\Program Files\Rising\Rfw\rfwstub.exe] [Beijing Rising Information Technology Co., Ltd., 7.0.0.12]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Rising\Rfw\RSCOMMON.DLL] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
[C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 1672 / SYSTEM][C:\PROGRAM FILES\RISING\RAV\RavStub.exe] [Beijing Rising Information Technology Co., Ltd., 20.0.0.10]
[C:\PROGRAM FILES\RISING\RAV\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
[C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 1904 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
[C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 132 / SYSTEM][C:\Program Files\StormII\stormliv.exe] [北京暴风网际科技有限公司, 3, 8, 10, 29]
[C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
[C:\Program Files\StormII\bfoptdll.dll] [北京暴风网际科技有限公司, 3, 8, 7, 16]
[C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 244 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe] [NVIDIA Corporation, 6.14.10.9371]
[C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
[C:\WINDOWS\system32\nvapi.dll] [N/A, ]
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.6.0.1653]
[C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 1404 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 3512 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
[C:\WINDOWS\System32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
[F:\瑞星\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
[F:\瑞星\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
[C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 3468 / Administrator][C:\WINDOWS\Explorer.EXE] [(Verified) Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.6.0.1653]
[D:\Backup\我的文档\000\杀软2\KPP\KPPShellEx.dll] [Kingsoft Corporation, 2008,03,10,1183]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.18]
[C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\WINDOWS\system32\KakaTool.dll] [Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 3]
[F:\瑞星\syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
[F:\瑞星\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
[C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.5.29]
[C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 96]
[C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_01.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 20]
[C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_01.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
[PID: 3764 / Administrator][C:\Program Files\Rising\Rfw\RfwMain.exe] [Beijing Rising Information Technology Co., Ltd., 7.0.1.70]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Rising\Rfw\RsGuiLib.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 90]
[C:\WINDOWS\system32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Rising\Rfw\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[C:\Program Files\Rising\Rfw\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[C:\Program Files\Rising\Rfw\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.1]
[C:\Program Files\Rising\Rfw\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.19]
[C:\Program Files\Rising\Rfw\RSCOMMON.DLL] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
[C:\Program Files\Rising\Rfw\RfwCtrl.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\Program Files\Rising\Rfw\RsXML.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2]
[C:\Program Files\Rising\Rfw\PngDll.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5]
[C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\Program Files\Rising\Rfw\RfwRule.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.17]
[PID: 1312 / Administrator][C:\PROGRAM FILES\RISING\RAV\RavMon.exe] [Beijing Rising Information Technology Co., Ltd., 20.0.01.27]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\PROGRAM FILES\RISING\RAV\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
[C:\PROGRAM FILES\RISING\RAV\recomp.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 41]
[C:\PROGRAM FILES\RISING\RAV\refs.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18]
[C:\PROGRAM FILES\RISING\RAV\viruslib.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27]
[C:\PROGRAM FILES\RISING\RAV\relibldr.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
[C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.1]
[C:\PROGRAM FILES\RISING\RAV\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.19]
[C:\PROGRAM FILES\RISING\RAV\MonRule.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.29]
[C:\PROGRAM FILES\RISING\RAV\PngDll.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5]
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.6.0.1653]
[C:\PROGRAM FILES\RISING\RAV\Rsguilib.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 90]
[C:\PROGRAM FILES\RISING\RAV\RsXML.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2]
[C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 976 / Administrator][C:\WINDOWS\ZSSnp211.exe] [ZSMCSNAP, 3, 6, 818, 7]
[C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
[C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[PID: 1924 / Administrator][F:\瑞星\rstray.exe] [Beijing Rising Information Technology Co., Ltd., 21.0.0.16]
[C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
[F:\瑞星\rsmginfo.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 8]
[F:\瑞星\RsXML.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2]
[F:\瑞星\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[F:\瑞星\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.6.0.1653]
[F:\瑞星\ComServ.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.31]
[F:\瑞星\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
[F:\瑞星\rscommon.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.1.1]
[F:\瑞星\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
[F:\瑞星\pngdll.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5]
[F:\瑞星\runiep.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.41]
[F:\瑞星\NComm.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.6]
[C:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[F:\瑞星\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.18]
[PID: 1260 / Administrator][C:\Program Files\Rising\Rav\RavTask.exe] [Beijing Rising Information Technology Co., Ltd., 20.0.0.24]
[C:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[C:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Information Technology Co., Ltd., 20.0.0.1]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.19]
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.6.0.1653]
[PID: 1004 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
[C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[C:\Program Files\Rising\Rfw\olemon.dll] [Beijing

ksws0397788 - 2008-11-22 20:06:00

Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.6.0.1653]
[PID: 2892 / Administrator][C:\Program Files\arswp\ArSwp.exe] [ArSwp.com, 2, 8, 2, 1115]
[C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
[F:\瑞星\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
[F:\瑞星\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
[C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[D:\Backup\我的文档\000\杀软2\KPP\KPPShellEx.dll] [Kingsoft Corporation, 2008,03,10,1183]
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.6.0.1653]
[C:\Program Files\arswp\plugin\ArFix.dll] [ArSwp.Com, 2, 5, 0, 0]
[PID: 2076 / Administrator][F:\瑞星\knownsvr.exe] [Beijing Rising Information Technology Co., Ltd., 6.0.0.12]
[F:\瑞星\NComm.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.6]
[C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
[F:\瑞星\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
[F:\瑞星\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
[PID: 3632 / Administrator][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 7.00.6000.16735 (vista_gdr.080820-1506)]
[C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
[F:\瑞星\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
[F:\瑞星\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
[C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.6.0.1653]
[D:\Backup\我的文档\000\杀软2\KPP\KPPShellEx.dll] [Kingsoft Corporation, 2008,03,10,1183]
[D:\Backup\我的文档\000\杀软2\KPP\MSVCP60.dll] [Microsoft Corporation, 6.02.3104.0]
[C:\WINDOWS\system32\KakaTool.dll] [Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 3]
[C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.5.29]
[C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 96]
[C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_01.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 20]
[C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_01.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
[C:\WINDOWS\system32\UrlFilter.dll] [Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 15]
[F:\瑞星\UrlRule.dll] [Beijing Rising Information Technology Co., Ltd., 1.0.0.15]
[F:\金山词霸\PowerWord Lite\CBEBand.dll] [Copyright (c) Kingsoft Corporation Limited. All rights reserved., 0.0.1.2]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5]
[C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx] [Adobe Systems, Inc., 10,0,12,36]
[C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xmvsource.dll_1_work] [XunLei, 1, 0, 0, 5]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[C:\WINDOWS\system32\l3codeca.acm] [Fraunhofer Institut Integrierte Schaltungen IIS, 1, 9, 0, 0305]
[C:\Program Files\Samsung\Samsung PC Studio 3\FunVideoCodecFilter.ax] [Mobile Leader, 1.06]
[C:\Program Files\Samsung\Samsung PC Studio 3\MSLUR71.dll] [MobileLeader, Inc., 7.10.0000]
[C:\Program Files\Samsung\Samsung PC Studio 3\FunAudioCodecFilter.ax] [Mobile Leader, 1.02]
[F:\快乐影音\KLPlayer\Codecs\ffdshow.ax] [, 1.0.5.2055]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\voxmsdec.ax] [Voxware, Inc., 1.0.0.012]
[C:\WINDOWS\system32\voxmvdec.ax] [Voxware, Inc., 1.0.0.011]
[C:\Program Files\StormII\Codec\VideoTune.ax] [CHINA, 1, 0, 0, 1]
[C:\WINDOWS\system32\l3codecx.ax] [Fraunhofer Institut Integrierte Schaltungen IIS, 1, 5, 0, 50]
[F:\快乐影音\KLPlayer\Codecs\vsfilter.dll] [Gabest, 1, 0, 1, 3]
[C:\WINDOWS\system32\TTL2Dec.dll] [N/A, ]
[C:\WINDOWS\system32\acelpdec.ax] [Sipro Lab Telecom Inc., 1.40]
[C:\Program Files\PowerInfo\DreamPlayer\H264DecFilter.ax] [VVSky, 1.00]
[C:\WINDOWS\system32\Vid1Dec.dll] [N/A, ]
[C:\WINDOWS\system32\xvid.ax] [N/A, ]
[C:\WINDOWS\system32\CoreAAC.ax] [, 1, 2, 0, 573]
[C:\WINDOWS\system32\DivX_c32.ax] [Hacked With Joy ! , 4.DivX.3917]
[C:\Program Files\PowerInfo\DreamPlayer\DreamMDV.ax] [PowerInfo, 3, 0, 0, 1]
[C:\Program Files\PowerInfo\DreamPlayer\DreamMDA.ax] [PowerInfo, 3, 0, 0, 1]
[C:\Program Files\PowerInfo\DreamPlayer\DreamMDX.ax] [PowerInfo, 3, 0, 0, 1]
[C:\WINDOWS\system32\ir41_32.ax] [Intel Corporation, 4.51.16.03]
[C:\WINDOWS\system32\ir50_32.dll] [Intel Corporation, R.5.10.15.2.55]
[C:\Program Files\Common Files\Sonic Shared\CinemasterAudio.dll] [Sonic Solutions, 4, 3, 0, 169]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[F:\快乐影音\KLPlayer\Codecs\CLVSD.ax] [CyberLink Corp., 8.2.530 ]
[F:\快乐影音\KLPlayer\Codecs\CoreAVCDecoder.ax] [CoreCodec, Inc., 1, 5, 0, 0]
[F:\快乐影音\KLPlayer\Codecs\mxrender.dll] [Collegesoft Co., Ltd., 1, 2, 0, 0]
[F:\快乐影音\KLPlayer\Codecs\MDSSND.dll] [Collegesoft Co., Ltd., 1, 6, 2602, 1]
[F:\快乐影音\KLPlayer\Codecs\mtcontrol.dll] [Collegesoft Co., Ltd., 1, 4, 2602, 1]
[F:\快乐影音\KLPlayer\Codecs\mtcontain.dll] [Collegesoft Co., Ltd., 1.4.0.0]
[F:\快乐影音\KLPlayer\Codecs\wtlvcl.dll] [Collegesoft Co.,Ltd., 1.4.0.0]
[F:\快乐影音\KLPlayer\Codecs\mdssockc.dll] [Collegesoft Co., Ltd., 5, 20, 2509, 0]
[F:\快乐影音\KLPlayer\Codecs\mcucltu.dll] [Collegesoft Co., Ltd., 2, 0, 2602, 1]
[F:\快乐影音\KLPlayer\Codecs\mxshmaiu.dll] [Collegesoft Co., Ltd., 1, 2, 2572, 0]
[F:\快乐影音\KLPlayer\Codecs\mxbitmap.dll] [N/A, ]
[F:\快乐影音\KLPlayer\Codecs\mxcurhk.dll] [N/A, ]
[F:\快乐影音\KLPlayer\Codecs\PmpSplitter.ax] [cooleyes, 1, 0, 1, 1]
[F:\快乐影音\KLPlayer\RadGtSplitter.ax] [Gabest, 1, 0, 0, 0]
[F:\快乐影音\KLPlayer\Codecs\AviSplitter.ax] [Gabest, 1, 1, 0, 0]
[C:\Program Files\Samsung\Samsung PC Studio 3\FunConvFilter.ax] [Mobile Leader, 1.01]
[F:\快乐影音\KLPlayer\Codecs\mpeg2dmx.ax] [Moonlight Cordless Ltd., 3, 1, 200, 50117]
[C:\WINDOWS\system32\mpeg2data.ax] [, ]
[C:\WINDOWS\system32\encdec.dll] [, ]
[F:\快乐影音\KLPlayer\Codecs\xebdec.ax] [ratDVD, 0, 5, 0, 16]
[F:\快乐影音\KLPlayer\Codecs\WavPackDSSplitter.ax] [-, 1, 1, 0, 319]
[C:\WINDOWS\system32\RealMediaSplitter.ax] [Gabest, 1, 0, 1, 1]
[F:\快乐影音\KLPlayer\Codecs\TTADSSplitter.ax] [-, 1, 0, 0, 197]
[F:\快乐影音\KLPlayer\Codecs\VgmAudioDecX.ax] [DS USA, Inc., 1, 0, 6, 9]
[C:\WINDOWS\system32\DmoDec.dll] [Microsoft Corporation, 8.10]
[F:\快乐影音\KLPlayer\Codecs\TRLDRP6.AX] [, 4, 7, 2, 9]
[C:\WINDOWS\system32\mpg2splt.ax] [, ]
[F:\快乐影音\KLPlayer\Codecs\FLVSplitter.ax] [Gabest, 1, 1, 0, 0]
[F:\快乐影音\KLPlayer\Codecs\WavPackDSDecoder.ax] [-, 1, 1, 0, 482]
[C:\Program Files\Samsung\Samsung PC Studio 3\FunAviSplitter.ax] [Gabest, 1, 0, 0, 7]
[F:\快乐影音\KLPlayer\Codecs\vgmv2k2dx.ax] [DS USA, Inc, 1, 0, 11, 14]
[F:\快乐影音\KLPlayer\Codecs\TTADSDecoder.ax] [-, 1, 0, 0, 157]
[F:\快乐影音\KLPlayer\Codecs\madFlac.ax] [www.madshi.net, 1.7.0.0]
[F:\快乐影音\KLPlayer\Codecs\libFlac.dll] [N/A, ]
[C:\WINDOWS\system32\Mpeg4VideoDecoder.ax] [Institute for Information Industry (III), 1, 0, 305, 19]
[C:\WINDOWS\system32\III_AMR_DecoderFilter.ax] [N/A, ]
[F:\快乐影音\KLPlayer\Codecs\VgmSplt.ax] [DS USA, Inc, 1, 0, 11, 19]
[C:\WINDOWS\system32\III_AMR_EncoderFilter.ax] [N/A, ]
[C:\WINDOWS\system32\Mpeg4Splitter.ax] [Institute for Information Industry (III), 1, 0, 305, 19]
[C:\WINDOWS\system32\iac25_32.ax] [Intel Corporation, 2.05.53]
[F:\快乐影音\KLPlayer\Codecs\vgmbgr.ax] [DS USA, Inc., 1, 0, 3, 4]
[C:\WINDOWS\system32\aac_parser.ax] [, 1.1]
[F:\快乐影音\KLPlayer\Codecs\splitter.ax] [, 1.7.401.3]
[F:\快乐影音\KLPlayer\Codecs\mkzlib.dll] [N/A, ]
[F:\快乐影音\KLPlayer\Codecs\mkunicode.dll] [N/A, ]
[PID: 4000 / SYSTEM][C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE] [Microsoft Corporation, 11.0.5525]
[PID: 3484 / Administrator][F:\新建文件夹\S\SREngLdr.EXE] [Smallfrogs Studio, 2.7.0.1210]
[C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[C:\WINDOWS\system32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
[C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[PID: 3464 / Administrator][F:\新建文件夹\S\SRE46903132.EXE] [Smallfrogs Studio, 2.7.0.1210]
[C:\Program Files\Rising\Rfw\ijt_base.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.21]
[C:\Program Files\Rising\Rfw\olemon.dll] [Beijing Rising Information Technology Co., Ltd., 7.0.0.9]
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.6.0.1653]
[F:\新建文件夹\S\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT Error. [C:\WINDOWS\notepad.exe %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost

==================================
进程特权扫描
特殊特权被允许： SeDebugPrivilege [PID = 976, C:\WINDOWS\ZSSNP211.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 976, C:\WINDOWS\ZSSNP211.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 2892, C:\PROGRAM FILES\ARSWP\ARSWP.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2892, C:\PROGRAM FILES\ARSWP\ARSWP.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 3484, F:\新建文件夹\S\SRENGLDR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3484, F:\新建文件夹\S\SRENGLDR.EXE]

==================================
计划任务
[已启用] SogouImeMgr.job
D:\DOWNLO~1\SOFT_N~1\SOGOUI~1\360~1.165\PinyinRepair.exe

==================================
API HOOK
入口点错误：CreateProcessA (危险等级: 高, 被下面模块所HOOK: 0x01011FFD)
入口点错误：CreateProcessW (危险等级: 高, 被下面模块所HOOK: 0x010120E5)

==================================
隐藏进程
N/A

==================================

瑞星卡卡安全论坛