启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <Google Desktop Search><"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <333><C:\Syswm1i\svchost.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <Cmaudio><RunDll32 cmicnfg.cpl,CMICtrlWnd>  [N/A]
    <IgfxTray><C:\WINDOWS\system32\igfxtray.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <DAEMON Tools><"E:\新建文件夹 (2)\5\DAEMON Tools\daemon.exe" -lang 1033>  [(Verified)DAEMON Tools Code Signing Services]
    <cmdbc><C:\WINDOWS\cmdbc.exe>  []
    <WebThunder><C:\Program Files\Thunder Network\WebThunder\WebThunder.exe>  [深圳市迅雷网络技术有限公司]
    <Thunder><"D:\新建文件夹 (2)\Thunder.exe" /s>  [Thunder Networking Technologies,LTD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <twih_y><%systemroot%\system32\rundll32.exe %systemroot%\system32\twih_y.dll,Run>  [(Verified)Microsoft Windows Publisher]
    <dkjwqfu><%systemroot%\system32\rundll32.exe %systemroot%\system32\dkjwqfu.dll,Run>  []
    <RavStub><"C:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE>  [Beijing Rising Technology Co., Ltd.]
    <wsttrs><C:\WINDOWS\wsttrs.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows XP Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]

==================================
启动文件夹
N/A

==================================
服务
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Windows SystemDown / WindowsDown][Stopped/Auto Start]
  <C:\WINDOWS\system32\servet.exe><N/A>
[Windows Media Connect Service / WMConnectCDS][Stopped/Manual Start]
  <C:\Program Files\Windows Media Connect 2\wmccds.exe><Microsoft Corporation>

==================================
驱动程序
[75765 / 75765][Running/Boot Start]
  <\SystemRoot\System32\drivers\75765.sys><N/A>
[a0 / a0][Running/Boot Start]
  <\SystemRoot\\SystemRoot\System32\drivers\75765.sys><N/A>
[BaseTDI / BaseTDI][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\basetdi.sys><Beijing Rising Technology Co., Ltd.>
[C-Media WDM Audio Interface / cmuda][Running/Manual Start]
  <system32\drivers\cmuda.sys><C-Media Inc>
[dkjwqfu / dkjwqfu][Running/Boot Start]
  <\SystemRoot\system32\drivers\dkjwqfu.sys><N/A>
[dtscsi / dtscsi][Running/Manual Start]
  <\SystemRoot\System32\Drivers\dtscsi.sys><N/A>
[EagleNT / EagleNT][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\EagleNT.sys><N/A>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[HookCont / HookCont][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising tech Co. ltd>
[HookReg / HookReg][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[ialm / ialm][Stopped/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\C:\WINDOWS\system32\npkcrypt.sys><INCA Internet Co., Ltd.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\RSPPSYS.sys><Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[sptd / sptd][Running/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[ytajvxyq / ytajvxyq][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ytajvxyq.sys><Yahoo! China Corporation>
[Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Stopped/Manual Start]
  <system32\drivers\ialmsbw.sys><Intel Corporation>
[Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Stopped/Manual Start]
  <system32\drivers\ialmkchw.sys><Intel Corporation>

浏览器加载项
[WebThunder Browser Helper]
  {00000AAA-A363-466E-BEF5-9BB68697AA7F} <C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_016.dll, Thunder Networking Technologies,LTD>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <D:\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[BandIE Class]
  {77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\新建文件夹 (2)\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[Google Toolbar Helper]
  {AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <D:\新建文件夹 (2)\Thunder.exe, Thunder Networking Technologies,LTD>
[启动Web迅雷]
  {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <D:\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[&Google]
  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[百度超级搜霸]
  {B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[WebThunder Browser Helper]
  {00000AAA-A363-466E-BEF5-9BB68697AA7F} <C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_016.dll, Thunder Networking Technologies,LTD>
[PeerDraw Class]
  {10072CEC-8CC1-11D1-986E-00A0C955B42E} <C:\Program Files\Common Files\Microsoft Shared\VGX\vgx.dll, Microsoft Corporation>
[&Google]
  {2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <D:\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[BandIE Class]
  {77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\新建文件夹 (2)\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[Google Toolbar Helper]
  {AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[百度超级搜霸]
  {B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\flash.ocx, Macromedia, Inc.>
[&使用迅雷下载]
  <D:\新建文件夹 (2)\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
  <D:\新建文件夹 (2)\Program\GetAllUrl.htm, N/A>
[&使用迷你迅雷下载]
  <E:\新建文件夹\Program\GetUrl.htm, N/A>
[Google 搜索(&G)]
  <res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html, N/A>
[上传到QQ网络硬盘]
  <C:\Program Files\Tencent\qq\AddToNetDisk.htm, N/A>
[使用Web迅雷下载]
  <C:\Program Files\Thunder Network\WebThunder\GetUrl.htm, N/A>
[使用Web迅雷下载全部链接]
  <C:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm, N/A>
[反向链接]
  <res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html, N/A>
[添加到QQ自定义面板]
  <C:\Program Files\Tencent\qq\AddPanel.htm, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <C:\Program Files\Tencent\qq\SendMMS.htm, N/A>
[类似网页]
  <res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html, N/A>
[缓存的网页快照]
  <res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html, N/A>
[翻译英文字词(&T)]
  <res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html, N/A>

正在运行的进程
[PID: 508][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 556][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 580][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 628][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
[PID: 640][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
    [C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll]  [N/A, ]
[PID: 808][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
[PID: 856][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
    [C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll]  [N/A, ]
[PID: 920][C:\Program Files\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
[PID: 936][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
    [C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll]  [N/A, ]
    [C:\WINDOWS\system32\wups2.dll]  [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
[PID: 1116][C:\Program Files\Rising\Rav\Ravmond.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 1, 47]
    [C:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\RsPPsys.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\Program Files\Rising\Rav\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [C:\Program Files\Rising\Rav\HOOKSYS.dll]  [Beijing Rising Technology Co., Ltd., 18, 1, 0, 12]
    [C:\Program Files\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 33]
    [C:\Program Files\Rising\Rav\libload.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
    [C:\Program Files\Rising\Rav\VirusLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\regmon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [C:\Program Files\Rising\Rav\psapi.dll]  [Microsoft Corporation, 4.00]
    [C:\Program Files\Rising\Rav\HookWeb.dll]  [rising, 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\MemMon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
    [C:\Program Files\Rising\Rav\expscan.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\Program Files\Rising\Rav\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
    [C:\Program Files\Rising\Rav\MailMon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\Program Files\Rising\Rav\SpamEng.dll]  [, 18, 0, 0, 6]
    [C:\Program Files\Rising\Rav\engine.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 35]
    [C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll]  [N/A, ]
    [C:\Program Files\Rising\Rav\PostTrt.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 18]
    [C:\Program Files\Rising\Rav\UnExe.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [C:\Program Files\Rising\Rav\ScanExec.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 16]
    [C:\Program Files\Rising\Rav\ScanEx.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 32]
    [C:\Program Files\Rising\Rav\RSUnpack.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 20]
    [C:\Program Files\Rising\Rav\ExtFile.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 24]
    [C:\Program Files\Rising\Rav\NvFile.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 7]
    [C:\Program Files\Rising\Rav\ScanMac.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
    [C:\Program Files\Rising\Rav\ScanSct.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
    [C:\Program Files\Rising\Rav\Unpacker.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\Program Files\Rising\Rav\ScanNet.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\Program Files\Rising\Rav\ExtOLE.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [C:\Program Files\Rising\Rav\ScanElf.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
    [C:\Program Files\Rising\Rav\ExtMail.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[PID: 1320][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2649 (xpsp.050406-1732)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
    [c:\Syswm1i\Ghook.dll]  [N/A, ]
[PID: 1372][C:\Program Files\CNNIC\Cdn\cdnup.exe]  [CNNIC, 2, 5, 0, 8]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
    [C:\Program Files\CNNIC\Cdn\cdnuplib.dll]  [CNNIC, 2, 5, 0, 11]
    [C:\Program Files\CNNIC\Cdn\cdnprh.dll]  [CNNIC, 2, 4, 0, 7]
    [c:\Syswm1i\Ghook.dll]  [N/A, ]
[PID: 1612][C:\WINDOWS\wsttrs.exe]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\wsttrs.dll]  [N/A, ]
[PID: 3116][C:\Program Files\Tencent\qq\TIMPlatform.exe]  [tencent, 0, 3, 1, 8]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
    [c:\Syswm1i\Ghook.dll]  [N/A, ]
    [C:\Program Files\Tencent\qq\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
[PID: 2512][C:\PROGRA~1\MOZILL~1\FIREFOX.EXE]  [Mozilla Corporation, 1.8.1: 2006101023]
    [C:\PROGRA~1\MOZILL~1\js3250.dll]  [Netscape Communications Corporation, 4.0]
    [C:\PROGRA~1\MOZILL~1\nspr4.dll]  [Netscape Communications Corporation, 4.6.3]
    [C:\PROGRA~1\MOZILL~1\xpcom_core.dll]  [Mozilla Foundation, 1.8.1: 2006101023]
    [C:\PROGRA~1\MOZILL~1\plc4.dll]  [Netscape Communications Corporation, 4.6.3]
    [C:\PROGRA~1\MOZILL~1\plds4.dll]  [Netscape Communications Corporation, 4.6.3]
    [C:\PROGRA~1\MOZILL~1\smime3.dll]  [Mozilla Foundation, 3.11.3 Basic ECC]
    [C:\PROGRA~1\MOZILL~1\nss3.dll]  [Mozilla Foundation, 3.11.3 Basic ECC]
    [C:\PROGRA~1\MOZILL~1\softokn3.dll]  [Mozilla Foundation, 3.11.3 Basic ECC]
    [C:\PROGRA~1\MOZILL~1\ssl3.dll]  [Mozilla Foundation, 3.11.3 Basic ECC]
    [C:\PROGRA~1\MOZILL~1\xpcom_compat.dll]  [Mozilla Foundation, 1.8.1: 2006101023]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
    [C:\PROGRA~1\MOZILL~1\components\myspell.dll]  [Mozilla Foundation, 1.8.1: 2006101023]
    [C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll]  [N/A, ]
    [C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork2.dll]  [N/A, ]
    [C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_zh_cn.dll]  [N/A, ]
    [C:\PROGRA~1\MOZILL~1\components\jar50.dll]  [Mozilla Foundation, 1.8.1: 2006101023]
    [C:\PROGRA~1\MOZILL~1\extensions\talkback@mozilla.org\components\qfaservices.dll]  [Mozilla Foundation, 1.8.1: 2006101023]
    [C:\PROGRA~1\MOZILL~1\extensions\talkback@mozilla.org\components\FULLSOFT.DLL]  [Full Circle Software, Inc., 2.2.unofficial]
    [C:\PROGRA~1\MOZILL~1\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll]  [N/A, ]
    [C:\PROGRA~1\MOZILL~1\xpcom.dll]  [Mozilla Foundation, 1.8.1: 2006101023]
    [c:\Syswm1i\Ghook.dll]  [N/A, ]

[PID: 3416][D:\新建文件夹 (2)\Program\Thunder5.exe]  [Thunder Networking Technologies,LTD, 5, 5, 6, 274]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
    [D:\新建文件夹 (2)\Program\TaskManager.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 14]
    [D:\新建文件夹 (2)\Program\download_interface.dll]  [Thunder Networking Technologies,LTD, 2, 12, 2, 56]
    [D:\新建文件夹 (2)\Program\asyn_dns.dll]  [Thunder Networking Technologies,LTD, 2, 12, 2, 56]
    [C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll]  [N/A, ]
    [D:\新建文件夹 (2)\Program\BHOStub.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 8]
    [c:\Syswm1i\Ghook.dll]  [N/A, ]
    [D:\新建文件夹 (2)\Program\iTargetAD.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 16]
    [C:\WINDOWS\system32\macromed\flash\flash.ocx]  [Macromedia, Inc., 8,5,0,246]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [D:\新建文件夹 (2)\Components\DiagnoseHelper\DiagnoseHelper.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 10]
    [D:\新建文件夹 (2)\Components\PortVerify\PortVerify.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 1]
    [D:\新建文件夹 (2)\Components\ExplorerHelper\ExplorerHelper.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 1]
    [D:\新建文件夹 (2)\Components\DTAG\DTAG.dll]  [Thunder Networking Technologies,LTD, 1, 1, 0, 2]
    [D:\新建文件夹 (2)\Components\DTAG\ExtractMediaTag.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 1]
    [D:\新建文件夹 (2)\Program\LiveUpdate.dll]  [, 1, 0, 1, 17]
    [D:\新建文件夹 (2)\Components\InMedia\iEmbedShell.dll]  [　, 1, 0, 0, 15]
    [D:\新建文件夹 (2)\Components\InMedia\iEmbed08.dll]  [　, 3, 2, 0, 63]
    [D:\新建文件夹 (2)\Components\Community\XLCommunity.dll]  [Thunder Networking Technologies,LTD, 1, 0, 4, 15]
    [D:\新建文件夹 (2)\Program\RegisterDll.dll]  [Thunder Networking Technologies,LTD, 2, 2, 1, 43]
    [D:\新建文件夹 (2)\Components\Search\XLSearch.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 7]
    [D:\新建文件夹 (2)\Components\P4PClient\P4PClient.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 14]
    [D:\新建文件夹 (2)\Components\VPSHELL\VPSHELL.dll]  [, 1, 1, 0, 4]
    [D:\新建文件夹 (2)\Components\VPSHELL\VideoPicture.dll]  [XunLei, 1, 1, 0, 4]
    [D:\新建文件夹 (2)\Components\Tips\TipsClient.dll]  [Thunder Networking Technologies,LTD, 2, 1, 1, 50]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [D:\新建文件夹 (2)\Plugins\TingTing\TingTing.dll]  [Thunder Networking Technologies,LTD, 1, 1, 1, 12]
    [D:\新建文件夹 (2)\Plugins\BhoAdv\bho_adv.dll]  [深圳市迅雷网络技术有限公司, 1.0.1.0]
[PID: 2020][C:\Program Files\Rising\Rav\InBuild.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 8]
[PID: 2692][C:\Program Files\Rising\Rav\Rav.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 75]
    [C:\Program Files\Rising\Rav\PlugIn\RsPgScan.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 17]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [C:\Program Files\Rising\Rav\RavUI.Dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 65]
    [C:\Program Files\Rising\Rav\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 26]
    [C:\Program Files\Rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [c:\Syswm1i\Ghook.dll]  [N/A, ]
    [C:\Program Files\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 33]
    [C:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [C:\Program Files\Rising\Rav\RavUIMsg.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 27]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\libload.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
    [C:\Program Files\Rising\Rav\VirusLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\engine.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 35]
    [C:\Program Files\Rising\Rav\UnExe.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [C:\Program Files\Rising\Rav\RSUnpack.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 20]
    [C:\Program Files\Rising\Rav\ExtFile.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 24]
    [C:\Program Files\Rising\Rav\ScanEx.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 32]
    [C:\Program Files\Rising\Rav\PostTrt.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 18]
    [C:\Program Files\Rising\Rav\NvFile.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 7]
    [C:\Program Files\Rising\Rav\ScanMac.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
    [C:\Program Files\Rising\Rav\ScanSct.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
[PID: 3224][C:\DOCUME~1\ADMINI~1.13B\LOCALS~1\Temp\Rar$EX00.234\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2523 (xpsp.040919-1030)]
    [c:\Syswm1i\Ghook.dll]  [N/A, ]
    [C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll]  [N/A, ]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
Google Desktop over [MSAFD Tcpip [TCP/IP]]
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll(, N/A)
Google Desktop over [MSAFD Tcpip [UDP/IP]]
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll(, N/A)
Google Desktop
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll(, N/A)

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost