[CODE]

2008-08-14,22:03:21

System Repair Engineer 2.6.12.1018
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <16878><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <RavTask><"D:\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <RfwMain><"D:\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <Thunder><"D:\Thunder\Thunder.exe" /s>  [Thunder Networking Technologies,LTD]
    <360Safetray><D:\60safe\safemon\360tray.exe /start>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <SoundMan><SOUNDMAN.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <搜狐彩电网页版><C:\Program Files\sohutv_web\SysTrayIcon.exe "C:\Program Files\sohutv_web" "558f21966df76f32f45f3e73c3b6691a" "1.0.0.4" "">  [File is missing]
    <Grid Service><"C:\Program Files\GridService\peer.exe" -n Grid>  [FS2YOU]
    <qww><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]

==================================
启动文件夹
[腾讯QQ]
  <C:\Documents and Settings\HZH\「开始」菜单\程序\启动\腾讯QQ.lnk --> D:\Tencent\QQ\QQ.exe [TENCENT]><N>
[QQ游戏启动加速程序]
  <C:\Documents and Settings\HZH\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> D:\Tencent\QQGame\Accel.exe [深圳市腾讯计算机系统有限公司]><N>

==================================
服务
[Contrl Center of Storm Media / ccosm][Stopped/Auto Start]
  <D:\StormII\stormliv.exe /asservice><北京暴风网际科技有限公司>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[MySQL / MySQL][Running/Auto Start]
  <"C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt" --defaults-file="C:\Program Files\MySQL\MySQL Server 5.0\my.ini" MySQL><(File is missing)>
[PnpWMmng / PnpWMmng][Running/Auto Start]
  <D:\完美卸~1\PnpWMmng.exe><完美卸载>
[Qvod Terminal / Qvod Terminal][Running/Auto Start]
  <D:\Program Files\QvodPlayer\QvodTerminal.exe><Shenzhen QVOD Technology Co.,Ltd>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
  <d:\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"D:\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon][Running/Auto Start]
  <"D:\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\D:\Rising\Rav\ExpScan.sys><>
[HookCont / HookCont][Running/Auto Start]
  <\??\D:\Rising\Rav\HOOKCONT.sys><Rising tech Co. ltd>
[HookReg / HookReg][Running/Auto Start]
  <\??\D:\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\D:\Rising\Rav\HookSys.sys><Rising>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\D:\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs][Running/Auto Start]
  <\??\d:\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[PnpWmkDrv / PnpWmkDrv][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\PnpWmkDrv.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[QKeyServiceDisplay / QKeyService][Running/Boot Start]
  <\SystemRoot\system32\KeyCrypt.sys><Tencent Technology (Shenzhen) Company Limited>
[RsFwDrv / RsFwDrv][Running/Auto Start]
  <\??\D:\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
  <\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[TesSafe / TesSafe][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>

==================================
浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <D:\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[Java(tm) Plug-In SSV Helper]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre6\bin\ssv.dll, N/A>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[Download_Bho Class]
  {A986E409-30CC-4185-89BB-AB212C104524} <C:\Program Files\PPLiveVA\DownloaderManager.dll, (Signed) >
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <D:\60safe\safemon\safemon.dll, (Signed) 360.CN>
[JQSIEStartDetectorImpl Class]
  {E7E6F031-17CE-4C07-BC86-EABFE594F69C} <C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll, N/A>
[]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <, >
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <D:\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[浩方对战平台]
  {0A155D3C-68E2-4215-A47A-E800A446447A} <F:\Platform\GameClient.exe, (Signed) 上海浩方在线信息技术有限公司>
[番茄花园]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://tomatolei.com, N/A>
[PPLive]
  {95B3F550-91C4-4627-BCC4-521288C52977} <D:\PPLive\PPLive.exe, (Signed) N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, (Signed) Microsoft Corporation>
[]
  {8DE0FCD4-5EB5-11D3-AD25-00002100131c} <, >
[MMCPlayer Class]
  {05C1004E-2596-48E5-8E26-39362985EEB9} <C:\WINDOWS\Downloaded Program Files\MMCShell.dll, (Signed) Sohu.com Inc.>
[Shockwave ActiveX Control]
  {166B1BCA-3F9C-11CF-8075-444553540000} <C:\WINDOWS\system32\Adobe\Director\SwDir.dll, (Signed) Adobe Systems, Inc.>
[]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <, >
[]
  {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} <, >
[]
  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <, >
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, (Signed) Adobe Systems, Inc.>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <D:\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <, >
[]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <, >
[]
  {0A155D3C-68E2-4215-A47A-E800A446447A} <, >
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <D:\Thunder\ComDlls\ThunderAgent_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <, >
[XMP Class]
  {6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
[XDRM]
  {693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[Java(tm) Plug-In SSV Helper]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre6\bin\ssv.dll, N/A>
[MediaComm Class]
  {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <D:\Thunder\Components\InMedia\MediaAddin17.dll, Thunder Networking Technologies,LTD>
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <D:\60safe\live.dll, (Signed) 360.cn>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[]
  {95B3F550-91C4-4627-BCC4-521288C52977} <, >
[Download_Bho Class]
  {A986E409-30CC-4185-89BB-AB212C104524} <C:\Program Files\PPLiveVA\DownloaderManager.dll, (Signed) >
[DapCtrl Class]
  {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.1.5803.60.(721).dll, ShenZhen Thunder Networking Technologies Ltd.>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <D:\60safe\safemon\safemon.dll, (Signed) 360.CN>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, (Signed) Adobe Systems, Inc.>
[JQSIEStartDetectorImpl Class]
  {E7E6F031-17CE-4C07-BC86-EABFE594F69C} <C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll, N/A>
[Thunder DapPlayer]
  {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <D:\Thunder\Components\DownAndPlay\DapPlayer3.0.5712.71.721.dll, ShenZhen Thunder Networking Technologies Ltd.>
[XPPlayer Class]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Program Files\Common Files\Thunder Network\KanKan\PPlayer.2.0.0.181.(722).dll, Xunlei Networking Technologies,LTD>
[]
  {FB5F1910-F110-11D2-BB9E-00C04F795683} <, >
[&U使用纳米机器人下载并收藏]
  <C:\Program Files\NamiRobot\Data\du.html, N/A>
[使用迅雷下载]
  <D:\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <D:\Thunder\Program\getallurl.htm, N/A>
[添加到QQ表情]
  <D:\Tencent\QQ\AddEmotion.htm, N/A>

==================================
正在运行的进程
[PID: 436 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 496 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 520 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 564 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 576 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 728 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 772 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 840 / SYSTEM][D:\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 868 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 932 / SYSTEM][D:\完美卸~1\PnpWMmng.exe]  [完美卸载, 5.1.2600.2937 ]
[PID: 992 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1084 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1104 / SYSTEM][D:\Rising\Rav\Ravmond.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 1, 1]
    [D:\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 16]
    [D:\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [D:\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [D:\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [D:\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [D:\Rising\Rav\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 17]
    [D:\Rising\Rav\HOOKSYS.dll]  [Rising, 18, 1, 0, 9]
    [D:\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 25]
    [D:\Rising\Rav\libload.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 9]
    [D:\Rising\Rav\VirusLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
    [D:\Rising\Rav\regmon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [D:\Rising\Rav\psapi.dll]  [Microsoft Corporation, 4.00]
    [D:\Rising\Rav\HookWeb.dll]  [rising, 18, 0, 0, 1]
    [D:\Rising\Rav\MemMon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 8]
    [D:\Rising\Rav\expscan.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [D:\Rising\Rav\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
    [D:\Rising\Rav\MailMon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [D:\Rising\Rav\SpamEng.dll]  [, 18, 0, 0, 4]
    [D:\Rising\Rav\engine.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 21]
    [D:\Rising\Rav\PostTrt.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [D:\Rising\Rav\UnExe.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [D:\Rising\Rav\ScanExec.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [D:\Rising\Rav\ScanEx.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [D:\Rising\Rav\NvFile.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 7]
    [D:\Rising\Rav\ScanMac.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [D:\Rising\Rav\ScanSct.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 8]
    [D:\Rising\Rav\Unpacker.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
    [D:\Rising\Rav\ExtOLE.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[PID: 1172 / SYSTEM][d:\rising\rfw\rfwsrv.exe]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 23]
    [d:\rising\rfw\RfwRule.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 9]
    [d:\rising\rfw\rfwlog.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 6]
    [d:\rising\rfw\Rfwdrv.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 19]
    [d:\rising\rfw\psapi.dll]  [Microsoft Corporation, 4.00]
    [d:\rising\rfw\MonDrv.dll]  [rs, 1, 0, 0, 4]
    [d:\rising\rfw\ProcLib.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 9]
[PID: 1288 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1388 / SYSTEM][D:\Rising\Rav\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
    [D:\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [D:\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 1548 / SYSTEM][C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe]  [N/A, ]
[PID: 1608 / SYSTEM][D:\Program Files\QvodPlayer\QvodTerminal.exe]  [Shenzhen QVOD Technology Co.,Ltd, 2, 5, 0, 53]
[PID: 1804 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 400 / HZH][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [D:\60safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [D:\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.29]
    [D:\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 96]
    [D:\Thunder\Components\ResWorker\DsBho_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 20]
    [D:\Thunder\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
[PID: 480 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 960 / HZH][C:\WINDOWS\system32\wscntfy.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1148 / HZH][d:\rising\rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 38]
    [d:\rising\rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 22]
    [d:\rising\rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [d:\rising\rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [D:\60safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
[PID: 1972 / HZH][D:\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 22]
    [D:\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [D:\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [D:\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [D:\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
[PID: 568 / HZH][D:\Rising\Rav\Ravmon.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 98]
    [D:\Rising\Rav\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 22]
    [D:\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 16]
    [D:\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [D:\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [D:\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [D:\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [D:\Rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [D:\60safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
[PID: 2072 / HZH][D:\Thunder\Program\Thunder5.exe]  [Thunder Networking Technologies,LTD, 5.8.3.556]
    [D:\Thunder\Program\BugReport.dll]  [Thunder Networking Technologies,LTD, 1, 4, 1, 20]
    [D:\Thunder\Program\TaskManager.dll]  [Thunder Networking Technologies,LTD, 1, 3, 8, 68]
    [D:\Thunder\Program\download_interface.dll]  [Thunder Networking Technologies,LTD, 3, 1, 2, 318]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\Thunder\Program\asyn_frame.dll]  [Thunder Networking Technologies,LTD, 1, 1, 2, 21]
    [D:\Thunder\Program\ATL71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [D:\Thunder\Program\fs.dll]  [Thunder Networking Technologies,LTD, 1, 1, 2, 10]
    [D:\Thunder\Program\backend_agent.dll]  [Thunder Networking Technologies,LTD, 1, 1, 2, 20]
    [D:\Thunder\Program\XLNet.Dll]  [Thunder Networking Technologies,LTD, 1, 5, 2, 25]
    [D:\Thunder\Program\ptl.dll]  [Thunder Networking Technologies,LTD, 3, 1, 2, 24]
    [D:\Thunder\Program\xl_stat.dll]  [Thunder Networking Technologies,LTD, 1, 1, 2, 3]
    [D:\60safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [D:\Thunder\Program\p2p_upload.dll]  [Thunder Networking Technologies,LTD, 1, 1, 2, 8]
    [D:\Thunder\Program\p2p.dll]  [Thunder Networking Technologies,LTD, 1,1,2,24]
    [D:\Thunder\Program\xldc.dll]  [Thunder Networking Technologies,LTD, 3, 6, 2, 15]
    [D:\Thunder\Program\stream.dll]  [Thunder Networking Technologies,LTD, 2, 1, 2, 382]
    [D:\Thunder\Program\p2sp.dll]  [Thunder Networking Technologies,LTD, 1, 1, 2, 25]
    [D:\Thunder\Program\down_dispatcher.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 17]
    [D:\Thunder\Program\p2p_local_res.dll]  [Thunder Networking Technologies,LTD, 1,1,2,12]
    [D:\Thunder\Program\al.dll]  [Thunder Networking Technologies,LTD, 1,1,2,15]
    [D:\Thunder\Program\p2p_network_com.dll]  [, 1, 0, 2, 25]
    [D:\Thunder\Program\iTargetAD.dll]  [Thunder Networking Technologies,LTD, 1, 0, 4, 35]
    [D:\Thunder\Program\BHOStub.dll]  [Thunder Networking Technologies,LTD, 1, 1, 1, 10]
    [D:\Thunder\Components\DownAndPlay\DownAndPlay.dll]  [, 1, 0, 12, 30]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx]  [Adobe Systems, Inc., 9,0,124,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\Macromed\Common\SwSupport.dll]  [Adobe Systems, Inc., 10.4r25]
    [D:\Thunder\Components\InMedia\iEmbedShell.dll]  [　, 1, 0, 2, 25]
    [D:\Thunder\Components\InMedia\iEmbed17.dll]  [Thunder Networking Technologies,LTD, 3, 4, 8, 107]
    [D:\Thunder\Components\InMedia\PlayerHelper.dll]  [thunder, 1, 2, 7, 61]
    [D:\Thunder\Components\InMedia\XLIPC.DLL]  [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
    [D:\Thunder\Components\P4PClient\P4PClient.dll]  [Thunder Networking Technologies,LTD, 2, 2, 5, 70]
    [D:\Thunder\Components\Community\XLCommunity.dll]  [Thunder Networking Technologies,LTD, 2, 4, 0, 77]
    [D:\Thunder\Program\RegisterDll.dll]  [Thunder Networking Technologies,LTD, 2, 17, 0, 67]
    [D:\Thunder\Program\MSVCIRT.dll]  [Microsoft Corporation, 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\Thunder\Program\imdt.dll]  [TODO: <Company name>, 1.1.2.5]
    [D:\Thunder\Components\Security\ThunderSafe.dll]  [深圳市迅雷网络技术有限公司, 2, 1, 1, 93]
    [D:\Thunder\Components\Security\ConfigManager.dll]  [深圳市迅雷网络技术有限公司, 1, 0, 0, 1]
    [D:\Thunder\Components\Security\SafeManager.dll]  [深圳市迅雷网络技术有限公司, 1, 0, 4, 16]
    [D:\Thunder\Plugins\XLSafeHost\XLSafeHost.dll]  [深圳市迅雷网络技术有限公司, 1, 2, 5, 81]
    [D:\Thunder\Plugins\XLSafeHost\AutoHelp.dll]  [Beijing Rising Technology Co., Ltd., 6.0.0.3]
    [D:\Thunder\Program\XLNetU.Dll]  [Thunder Networking Technologies,LTD, 1, 5, 1, 24]
    [D:\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
    [D:\Thunder\Components\Search\XLSearch.dll]  [Thunder Networking Technologies,LTD, 1, 1, 6, 21]
    [D:\Thunder\Program\LiveUpdate.dll]  [Thunder Networking Technologies,LTD, 1, 2, 3, 25]
    [D:\Thunder\Components\XLSoftBase\XLSoftwareBase.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 3]
    [D:\Thunder\Plugins\KanKanTop\KanKanTop.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 4]
    [D:\Thunder\Components\ExplorerHelper\ExplorerHelper.dll]  [Thunder Networking Technologies,LTD, 1, 0, 4, 19]
    [D:\Thunder\Components\Tips\TipsClient.dll]  [Thunder Networking Technologies,LTD, 2, 2, 13, 118]
    [D:\Thunder\Components\VPSHELL\VPSHELL.dll]  [迅雷网络, 3, 0, 1, 33]
    [D:\Thunder\Components\UserExperience\UserExperience.dll]  [Thunder Networking Technologies,LTD, 1, 0, 3, 5]
    [D:\Thunder\Components\ResWorker\DsXlCom.dll]  [, 1, 0, 0, 30]
    [D:\Thunder\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
    [D:\Thunder\Components\ResWorker\MediaWorker.dll]  [Thunder Networking Technologies,LTD, 1, 2, 0, 22]
    [D:\Thunder\Components\Tips\XLIPC.DLL]  [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
    [D:\Thunder\Components\DownloadStat\DownloadStat.dll]  [Thunder Networking Technologies,LTD, 1, 4, 1, 6]
    [D:\Thunder\Program\bd.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 17]
    [D:\Thunder\Program\emule_id.dll]  [, 1, 0, 2, 8]
[PID: 2200 / HZH][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5, 1, 0, 59]
[PID: 2208 / HZH][C:\Program Files\sohutv_web\SysTrayIcon.exe]  [Sohu.com Inc., 1, 0, 0, 23]
    [C:\Program Files\sohutv_web\dbghelp.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\sohutv_web\vodclient.dll]  [Sohu.com Inc., 4, 0, 0, 79]
    [C:\Program Files\sohutv_web\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\Program Files\sohutv_web\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [D:\60safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
[PID: 2232 / HZH][C:\Program Files\GridService\peer.exe]  [FS2YOU, 2, 1, 10, 8196]
    [D:\60safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
[PID: 2260 / HZH][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\60safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
[PID: 3460 / HZH][C:\WINDOWS\system32\wuauclt.exe]  [Microsoft Corporation, 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\60safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
[PID: 3276 / SYSTEM][C:\WINDOWS\system32\msiexec.exe]  [Microsoft Corporation, 3.0.3790.2180]
[PID: 488 / HZH][D:\Maxthon2\Maxthon.exe]  [Maxthon International ltd., 2, 1, 2, 649]
    [D:\Maxthon2\mxpp.dll]  [Maxthon International ltd., 1, 0, 0, 117]
    [D:\Maxthon2\MxSk.dll]  [Maxthon, 1, 0, 0, 358]
    [D:\Maxthon2\MxProxy2.dll]  [Maxthon International ltd., 1, 0, 0, 4033]
    [D:\Maxthon2\MxExt.dll]  [N/A, ]
    [D:\Maxthon2\MxUI.dll]  [Maxthon International, 3, 3, 0, 3]
    [D:\60safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [D:\Maxthon2\mxtool.dll]  [, 1, 0, 0, 1]
    [D:\Maxthon2\maxzlib.dll]  [, 1.2.3]
    [D:\Maxthon2\Modules\MxPageSearch\MxPageSearch.dll]  [Maxthon International ltd., 1,0,0,1330]
    [D:\Maxthon2\Modules\MxWebBoost\MxWebBoost.dll]  [Maxthon, 1,0,2,1259]
    [D:\Maxthon2\mxdb.dll]  [Max, 3, 5, 3, 125]
    [D:\Maxthon2\Modules\MxHistory\MxHistory.dll]  [Maxthon International ltd., 1, 0, 0, 7]
    [D:\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 3.5.0.0]
    [D:\SogouInput\Plugin\SgImeWord.dll]  [Sogou.com Inc., 3.5.0.0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx]  [Adobe Systems, Inc., 9,0,124,0]
    [C:\WINDOWS\system32\Macromed\Common\SwSupport.dll]  [Adobe Systems, Inc., 10.4r25]
[PID: 2612 / HZH][I:\日志\SREngLdr.EXE]  [Smallfrogs Studio, 2.6.12.1018]
[PID: 2644 / HZH][C:\DOCUME~1\HZH\LOCALS~1\Temp\SRE15.EXE]  [Smallfrogs Studio, 2.6.12.1018]
    [D:\60safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1       localhost
59.63.157.25 www.fs2you.com
222.169.230.101 dyn.www.fs2you.com
59.32.232.195 cachefile1.fs2you.com
222.169.230.98 cachefile2.fs2you.com
221.204.246.79 cachefile3.fs2you.com
61.150.85.80 cachefile4.fs2you.com
60.2.139.27 cachefile5.fs2you.com
61.184.189.10 cachefile6.fs2you.com
61.174.62.132 cachefile7.fs2you.com
58.211.75.49 cachefile8.fs2you.com
61.134.84.238 cachefile9.fs2you.com
61.156.40.181 cachefile10.fs2you.com
218.75.151.4 cachefile11.fs2you.com
58.211.75.31 cachefile12.fs2you.com
124.94.101.133 cachefile13.fs2you.com
221.204.246.115 cachefile14.fs2you.com
218.75.151.10 cachefile15.fs2you.com
58.218.209.126 cachefile16.fs2you.com
61.157.152.173 cachefile17.fs2you.com
125.46.41.27 cachefile18.fs2you.com
125.91.11.223 cachefile19.fs2you.com
59.53.48.134 cachefile20.fs2you.com
59.53.48.136 cachefile21.fs2you.com
59.53.48.144 cachefile22.fs2you.com
61.139.106.204 cachefile23.fs2you.com
59.53.48.172 cachefile24.fs2you.com
124.94.101.146 cachefile25.fs2you.com
61.166.111.227 cachefile26.fs2you.com

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 1972, D:\RISING\RAV\RAVTASK.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 568, D:\RISING\RAV\RAVMON.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2072, D:\THUNDER\PROGRAM\THUNDER5.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2232, C:\PROGRAM FILES\GRIDSERVICE\PEER.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2612, I:\日志\SRENGLDR.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]