[C:\Program Files\Rising\Rav\Unpacker.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
    [C:\Program Files\Rising\Rav\ExtOLE.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
[PID: 1540][c:\program files\rising\rfw\rfwsrv.exe]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 32>
    [c:\program files\rising\rfw\RfwRule.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 13>
    [c:\program files\rising\rfw\rfwlog.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 6>
    [c:\program files\rising\rfw\Rfwdrv.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 21>
    [c:\program files\rising\rfw\MonDrv.dll]  <rs><1, 0, 0, 4>
    [c:\program files\rising\rfw\ProcLib.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 9>
[PID: 1632][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\RavExt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
    [D:\软件\Program Files\木马专杀大师\Sockethook.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\xunleibho_v14.dll]  <Thunder Networking Technologies,LTD><4, 6, 0, 62>
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>

[D:\软件\PROGRA~1\KuGoo2\KUGOO3~1.OCX]  <N/A><N/A>
[PID: 1784][C:\WINDOWS\system32\spoolsv.exe]  <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
    [C:\WINDOWS\system32\hpzsnt09.dll]  <HP><2.236.4.0>
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\vprproc.dll]  <Windows (R) 2000 DDK provider><5.00.2195.1620>
[PID: 1832][C:\WINDOWS\System32\SCardSvr.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1916][C:\Program Files\Rising\Rav\RavStub.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 16>
    [C:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[PID: 136][c:\program files\rising\rfw\RfwMain.exe]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 51>
    [c:\program files\rising\rfw\RsGuiLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 23>
    [c:\program files\rising\rfw\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [c:\program files\rising\rfw\PngDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [D:\软件\Program Files\木马专杀大师\Sockethook.dll]  <N/A><N/A>
[PID: 292][C:\Program Files\cFosSpeed\spd.exe]  <cFos Software GmbH><2.02.943>

[PID: 588][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1240][C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe]  <Hewlett-Packard><1, 0, 0, 1>
    [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpodvd08.dll]  <Hewlett-Packard><2, 0, 2, 2>
    [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxm08.dll]  <Hewlett-Packard Co.><4.2.0.127>
    [D:\软件\Program Files\木马专杀大师\Sockethook.dll]  <N/A><N/A>
[PID: 1328][C:\Program Files\Rising\Rav\RavTask.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [C:\Program Files\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [C:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [D:\软件\Program Files\木马专杀大师\Sockethook.dll]  <N/A><N/A>
[PID: 1380][C:\Program Files\Rising\Rav\Ravmon.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 1, 28>

[C:\Program Files\Rising\Rav\RsGuiLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 24>
    [C:\Program Files\Rising\Rav\BWList.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [C:\Program Files\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [C:\Program Files\Rising\Rav\PngDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [D:\软件\Program Files\木马专杀大师\Sockethook.dll]  <N/A><N/A>
[PID: 1488][C:\Program Files\Canon\CAL\CALMAIN.exe]  <Canon Inc.><8, 1, 0, 14>
[PID: 2024][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  <RealNetworks, Inc.><0.1.0.3208>
    [D:\软件\Program Files\木马专杀大师\Sockethook.dll]  <N/A><N/A>
[PID: 376][C:\WINDOWS\system32\BHDCRegC.exe]  <SHHIC><1.01>
    [D:\软件\Program Files\木马专杀大师\Sockethook.dll]  <N/A><N/A>
[PID: 404][D:\软件\Program Files\木马专杀大师\木马专杀大师.exe]  <木马专杀大师><2.6.0.0>

[D:\软件\Program Files\木马专杀大师\Sockethook.dll]  <N/A><N/A>
[PID: 412][C:\Program Files\cFosSpeed\cFosSpeed.exe]  <cFos Software GmbH><2.02.943>
    [D:\软件\Program Files\木马专杀大师\Sockethook.dll]  <N/A><N/A>
[PID: 276][C:\WINDOWS\system32\ctfmon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [D:\软件\Program Files\木马专杀大师\Sockethook.dll]  <N/A><N/A>
[PID: 2216][C:\WINDOWS\System32\alg.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2724][C:\Program Files\Rising\Rav\RsAgent.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 12>
    [D:\软件\Program Files\木马专杀大师\Sockethook.dll]  <N/A><N/A>
    [C:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
[PID: 2752][C:\WINDOWS\msagent\AgentSvr.exe]  <Microsoft Corporation><2.00.0.3422>
    [D:\软件\Program Files\木马专杀大师\Sockethook.dll]  <N/A><N/A>
[PID: 336][C:\Program Files\Real\RealPlayer\realplay.exe]  <RealNetworks, Inc.><6.0.12.1056>
    [C:\WINDOWS\system32\PNCRT.dll]  <Real Networks, Inc><6.0.0.0>
    [C:\Program Files\Common Files\Real\Update_OB\rnms3270.dll]  <RealNetworks, Inc.><7.0.1.3041>

[C:\Program Files\Common Files\Real\Common\objb3201.dll]  <RealNetworks, Inc.><0.1.0.6032>
    [C:\Program Files\Common Files\Real\RCAPlugins\uisy3201.dll]  <RealNetworks, Inc.><0.1.0.3537>
    [C:\Program Files\Real\RealPlayer\lang\gemctl_cn.dll]  <RealNetworks, Inc.><6.0.12.298>
    [C:\Program Files\Common Files\Real\Common\pnrs3260.dll]  <RealNetworks, Inc.><6.0.9.3775>
    [C:\Program Files\Common Files\Real\Update_OB\rnad3201.dll]  <RealNetworks, Inc.><0.1.0.3208>
    [D:\软件\Program Files\木马专杀大师\Sockethook.dll]  <N/A><N/A>
    [C:\Program Files\Common Files\Real\Update_OB\rnqu3270.dll]  <RealNetworks, Inc.><7.0.0.3461>
    [C:\Program Files\Common Files\Real\Update_OB\setu3270.dll]  <RealNetworks, Inc.><7.0.0.4074>
    [C:\Program Files\Common Files\Real\Plugins\httpfsys.dll]  <RealNetworks, Inc.><10.0.0.2015>
[PID: 2240][D:\软件\Program Files\Maxthon(myie)\Maxthon.exe]  <Maxthon International Ltd.><1, 5, 1, 39>
    [D:\软件\Program Files\Maxthon(myie)\maxzlib.dll]  < ><1, 0, 0, 2>
    [D:\软件\Program Files\木马专杀大师\Sockethook.dll]  <N/A><N/A>
    [D:\软件\Program Files\Maxthon(myie)\Services\RealTime\real_time.dll]  <><1, 0, 0, 1>

[C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx]  <Macromedia, Inc.><8,0,22,0>
[PID: 3288][C:\WINDOWS\system32\DllHost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [D:\软件\Program Files\木马专杀大师\Sockethook.dll]  <N/A><N/A>
[PID: 2564][D:\软件\Program Files\Thunder\Thunder.exe]  <Thunder Networking Technologies,LTD><5.1.5.189>
    [D:\软件\Program Files\Thunder\UpdateDownload.dll]  <Thunder Networking Technologies,LTD><1, 0, 0, 2>
    [D:\软件\Program Files\Thunder\download_interface.dll]  <Thunder Networking Technologies,LTD><1, 0, 2, 74>
    [D:\软件\Program Files\Thunder\log4cplus.dll]  <><1, 0, 2, 1>
    [D:\软件\Program Files\Thunder\stlport_vc646.dll]  <STLport Consulting, Inc.><4.6.2003.1031>
    [D:\软件\Program Files\Thunder\msgmanage.dll]  <Thunder Networking Technologies,LTD><1, 0, 0, 15>
    [D:\软件\Program Files\Thunder\historyinfo_manage.dll]  <Thunder Networking Technologies,LTD><5, 2, 0, 148>
    [D:\软件\Program Files\木马专杀大师\Sockethook.dll]  <N/A><N/A>
    [D:\软件\Program Files\Thunder\iEmbed.dll]  <Thunder Networking Technologies,LTD><1, 1, 0, 22>
    [D:\软件\Program Files\Thunder\RegisterDll.dll]  <Thunder Networking Technologies,LTD><1, 2, 0, 7>
    [D:\软件\Program Files\Thunder\FloatBar.dll]  <Thunder Networking Technologies,LTD><1, 0, 0, 2>
    [D:\软件\Program Files\Thunder\Plugins\TingTing\TingTing.dll]  <Thunder Networking Technologies,LTD><1, 0, 0, 7>
    [D:\软件\Program Files\Thunder\iTargetAd.dll]  <Thunder Networking Technologies,LTD><1, 0, 0, 59>
    [C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx]  <Macromedia, Inc.><8,0,22,0>
    [C:\WINDOWS\system32\RavExt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
[PID: 128][C:\WINDOWS\system32\conime.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [D:\软件\Program Files\木马专杀大师\Sockethook.dll]  <N/A><N/A>
[PID: 584][D:\软件\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>
    [D:\软件\Program Files\木马专杀大师\Sockethook.dll]  <N/A><N/A>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

贴完了，谢谢！

(现在网页时不时会被改掉，越来越频繁~~~哭~~~~)

winxp里有WINLOGON.EXE这个进程（只有一个），正常吗？
是：C:\WINDOWS\System32\WINLOGON.EXE

SREng里看“注册表”，有一个名字是WinlogonNotify: AtiExtEvent，数据是：ati2evxx.dll,显示为蓝色，是病毒吗？

（越来越乱了~~~~……）