瑞星卡卡安全论坛

杀软被禁用，进程里开机就50多个进程项，未名进程多不胜数，求高手指教

用户系统信息：Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727)

瑞星无法打开，可先下载木马群专杀和橙色八月专杀工具以及“建立安全环境工具”查杀。这些工具除了可以清除病毒外，还可以起到修复瑞星和建立瑞星正常运行环境的作用。
这些工具扫描完，瑞星可启动，启动瑞星后，升级瑞星至最新版本，断网杀毒，问题可解决，专杀工具下载地址为：http://dl.rising.com.cn/DownLoadInfo/VirusTools_More.shtml
下载“建立安全环境工具”的链接地址：http://bbs.ikaka.com/showtopic-8547280.aspx

前几天用专杀还提出了一些木马，今天连木马群专杀及修复都不能用了，开机提示加载C：windows\system32\killdll.dll 时出错，内存分配访问无效。

用户系统信息：Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727)

开机时进程项多达90个了，我已经手动关了那些垃圾木马。可一开机还是有:default4:

用橙色八月提取，结果内存使用高达100%，进度一直停留在内存程序上

安全模式下用专杀查杀。
同时设置msconfig为诊断模式启动。
之后回到正常模式下，再次查杀。

在安全模式下，木马进程依然跳着玩:default11: ，而且关于那个查杀木马群的家伙也不好用了，打不开，说正在被另一个程序使用，完，肯定又是＇进水＇了，另外刚刚一个系统提示，我觉得还是说一下比较好，plugin
run-time error
-2147023838(80070422) automation error the service cannot be started,either beacuse it is disabled or beacuse it has no enabled devices associated with it.

扫SRENG日志发这论坛来先看看吧。
下载SRENG2.6版工具：http://www.kztechs.com/sreng/download.html
SRENG工具的扫描日志操作，看这贴2楼：http://bbs.ikaka.com/showtopic-8442813.aspx

[code]2009-04-08,12:06:32
System Repair Engineer 2.7.1.1261
Smallfrogs (http://www.KZTechs.com)
Windows XP Home Edition Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描
    计划任务
    API HOOK
    隐藏进程

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><; C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <LiveUpdate_UIServer><; C:\Program Files\Lenovo\LiveUpdate\UiServer.exe>  []
    <MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <MSConfig><C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto>  [(Verified)Microsoft Windows Publisher]
    <a360><; C:\WINDOWS\system32\scvhost.exe>  []
    <360Safebox><; "C:\Program Files\360\360safebox\safeboxTray.exe" /r>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <360Safetray><; C:\Program Files\360\360Safe\safemon\360tray.exe /start>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <Alcmtr><; ALCMTR.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <BtTray><; "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe" -startup>  []
    <cabinetLaunch><; C:\Program Files\lenovo\Lenovo Yangtian Data Security Management\launch.exe>  [Lenovo(Beijing) Company, Ltd.]
    <CCenterIM><; "C:\Program Files\Lenovo\联想通讯中心6.0\CCenterIM.exe" /Auto>  []
    <Ferrari><; C:\WINDOWS\system32\scvhost.exe>  []
    <Funshion><; D:\Program Files\Funshion Online\Funshion\Funshion.exe /tray>  []
    <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <KBDaemon><; C:\Program Files\Lenovo\联想功能键盘驱动\KBDaemon.exe>  []
    <LenovoTT><; C:\Program Files\Lenovo\Lenovo Trust Technology\LenovoTT.exe>  [skyware]
    <multitray><; C:\Program Files\Lenovo\MultiRecover\loadtray.exe>  [(Verified)"Xi'an Saming Technology Co., Ltd."]
    <NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <NvMediaCenter><; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <nwiz><; nwiz.exe /install>  [N/A]
    <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <RavTray><; "C:\Program Files\Rising\Rav\RsTray.exe" -system>  [(Verified)Beijing Rising Information Technology Corporation Limited]
    <RfwMain><; "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
    <RTHDCPL><; RTHDCPL.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <runeip><; "C:\Program Files\Rising\AntiSpyware\rstray.exe" /startup>  [(Verified)Beijing Rising Information Technology Corporation Limited]
    <StartCCC><; C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <qq2983><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\131796_xeex.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  []
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><kmon.dll>  [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows XP Publisher]
    <{B70A8AAD-F18A-465E-8240-184DD5845D2D}><C:\WINDOWS\fonts\X7s7xgtP.fon>  [File is missing]
    <{47018D3A-8682-4D30-AC5E-F74B84189AB3}><C:\WINDOWS\fonts\crrp2mDP.fon>  [File is missing]
    <{704C3595-DB85-40F6-A601-8D6F346907BD}><C:\WINDOWS\system32\704C3595.dll>  []
    <{C10D41C6-4D17-4808-87CE-40612862A1BB}><C:\WINDOWS\system32\XR5nPhu9.dll>  []
    <{A1A6BC2E-C6A1-43C1-8884-A31D772F42B8}><C:\WINDOWS\system32\A1A6BC2E.dll>  [File is missing]
    <{028A997C-4262-4107-BD46-2ABBC6143E8C}><C:\WINDOWS\system32\efc0c52cc1.dll>  []
    <{CC0EC2C9-432D-4DCC-91E7-A7C5CEA748D8}><C:\WINDOWS\system32\CC0EC2C9.dll>  [File is missing]
    <{08223B03-1B38-4A33-A83A-A4D3CC1D6E4E}><C:\WINDOWS\system32\08223B03.dll>  []
    <{737858A9-9AEA-4838-9B49-54DA731F7F37}><C:\WINDOWS\system32\BMsg6pdMD4ht.dll>  []
    <{FEACAF74-8D58-42F4-AB39-1CDA51437347}><C:\WINDOWS\system32\etGBJk2YCXnM.dll>  [File is missing]
    <{CC2B89B8-6A27-4D4A-BBBE-D2CD655A47C2}><C:\WINDOWS\system32\d7eb91606b0.dll>  []
    <{A2A0F1E3-5A22-4952-8A3E-25C5E9CFC302}><C:\WINDOWS\system32\MGmdqtJZG47.dll>  [File is missing]
    <{1FB0C5FF-4FA0-49B6-9C16-6E7A15ED3CC2}><C:\WINDOWS\system32\hfbgclff.dll>  [File is missing]
    <{7F90BCCD-8208-418A-AE04-A854328EE6CF}><C:\WINDOWS\system32\nfpgbccd.dll>  [File is missing]
    <{3261172B-A309-4F94-AB03-9105CD41894B}><C:\WINDOWS\system32\jimhhnib.dll>  [File is missing]
    <{1779203F-7B22-403D-A2E7-41B39A65370F}><C:\WINDOWS\system32\hnnpigjf.dll>  [File is missing]
    <{49762F37-EF1F-447D-A27A-967C9520A3F8}><C:\WINDOWS\fonts\sJbQjtY7bc.fon>  [File is missing]
    <{3F8A57D2-00D4-4204-B7A0-91FB4C2446DF}><C:\WINDOWS\system32\jfoalndi.dll>  [File is missing]
    <{3A5700C3-2847-4CBE-A3E5-F0C394690C9A}><C:\WINDOWS\system32\wS0GWMZ.dll>  [File is missing]
    <{DE00760F-DC9F-46C2-9D4E-61B5BB810C51}><C:\WINDOWS\system32\STG4WdmetW2FP.dll>  []
    <{609758CB-54E6-4C21-B57C-3407D9E232E8}><C:\WINDOWS\system32\YbKeaDWhb3vF4pe.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows XP Publisher]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows XP Publisher]
    <WebCheck><C:\WINDOWS\system32\webcheck.dll>  [(Verified)Microsoft Windows]
    <SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Publisher]
    <1FB0C5FF><C:\WINDOWS\system32\hfbgclff.dll>  [File is missing]
    <7F90BCCD><C:\WINDOWS\system32\nfpgbccd.dll>  [File is missing]
    <3261172B><C:\WINDOWS\system32\jimhhnib.dll>  [File is missing]
    <1779203F><C:\WINDOWS\system32\hnnpigjf.dll>  [File is missing]
    <3F8A57D2><C:\WINDOWS\system32\jfoalndi.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\uklognf]
    <WinlogonNotify: uklognf><uklognf.dll>  [Lenovo Co. LTD]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
    <IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    <Browser Customizations><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -BaseSettings>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608}]
    <Fax><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DrRtp.exe]
    <IFEO[DrRtp.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe]
    <IFEO[egui.exe]><services.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctor.exe]
    <IFEO[QQDoctor.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RStray.exe]
    <IFEO[RStray.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINDOWS\System32\logon.scr>  [(Verified)Microsoft Windows Publisher]
==================================
启动文件夹
N/A
==================================
服务
[Application Management / AppMgmt][Stopped/Disabled]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[Ati HotKey Poller / Ati HotKey Poller][Stopped/Disabled]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[BlueSoleilCS / BlueSoleilCS][Stopped/Disabled]
  <C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe><>
[BsHelpCS / BsHelpCS][Stopped/Disabled]
  <C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe><>
[CCommWDSSearch / CCommWDSSearch][Stopped/Disabled]

用户系统信息：Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727)

<"C:\Program Files\lenovo\联想通讯中心6.0\CCommWDSSearch.exe"><TODO: <公司名>>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[IGRS / IGRS][Stopped/Disabled]
  <"C:\Program Files\Common Files\Lenovo Shared\AnyComm\IGRS.exe"><联想集团有限公司>
[lenovo live update / Lenovo Upgrade Service.bis.release][Stopped/Disabled]
  <C:\Program Files\lenovo\LiveUpdate\liveupdate.exe><新思软件技术有限公司>
[NVIDIA Display Driver Service / NVSvc][Stopped/Disabled]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[OKAV Agent Service / OKAV Agent Service][Stopped/Disabled]
  <C:\Program Files\Trend Micro\OKAVAgent\OKAVAgent.exe><Trend Micro Inc.>
[Rav Process Communication Center / RavCCenter][Stopped/Disabled]
  <C:\Program Files\Rising\Rav\CCENTER.EXE><Beijing Rising Information Technology Co., Ltd.>
[Rising RavTask Manager / RavTask][Stopped/Disabled]
  <"C:\Program Files\Rising\Rav\RavTask.exe" RavTask><Beijing Rising Information Technology Co., Ltd.>
[Rising Proxy  Service / RfwProxySrv][Stopped/Disabled]
  <c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Stopped/Disabled]
  <c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Disabled]
  <C:\Program Files\Rising\Rav\RavMonD.exe><Beijing Rising Information Technology Co., Ltd.>
[Rising Scan Service / RsScanSrv][Stopped/Disabled]
  <C:\Program Files\Rising\Rav\ScanFrm.exe><Beijing Rising Information Technology Co., Ltd.>
[Lenovo file service / secsvr][Stopped/Disabled]
  <C:\WINDOWS\secsvr.exe><Lenovo Co. LTD>
[system privilege agent / sysagent][Stopped/Disabled]
  <C:\WINDOWS\system32\sysagent.exe><lenovo>
[Lenovo auto login helper / usblogon][Stopped/Disabled]
  <C:\WINDOWS\usblogon.exe><Lenovo Co. LTD>
==================================
驱动程序
[Microsoft Kernel Acoustic Echo Canceller / aec][Stopped/Manual Start]
  <system32\drivers\aec.sys><N/A>
[AliIde / AliIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD AGP Bus Filter Driver / amdagp][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\amdagp.sys><Advanced Micro Devices, Inc.>
[asc / asc][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\asc.sys><Advanced System Products, Inc.>
[asc3550 / asc3550][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\asc3550.sys><Advanced System Products, Inc.>
[RAS Asynchronous Media Driver / AsyncMac][Stopped/Manual Start]
  <system32\DRIVERS\asyncmac.sys><N/A>
[ati2mtag / ati2mtag][Stopped/Manual Start]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[BdGuard / BdGuard][Running/Boot Start]
  <\SystemRoot\system32\drivers\BDGuard.SYS><>
[Bluetooth Audio Service / BlueletAudio][Stopped/Manual Start]
  <system32\DRIVERS\blueletaudio.sys><IVT Corporation.>
[Bluetooth SCO Audio Service / BlueletSCOAudio][Stopped/Manual Start]
  <system32\DRIVERS\BlueletSCOAudio.sys><IVT Corporation.>
[BREGDRV / BREGDRV][Stopped/Manual Start]
  <\??\D:\TDDOWNLOAD\BREGDRV.sys><N/A>
[Bluetooth PAN Network Adapter / BT][Stopped/Manual Start]
  <system32\DRIVERS\btnetdrv.sys><IVT Corporation.>
[Bluetooth HID Enumerator / BTHidEnum][Running/Boot Start]
  <\SystemRoot\System32\Drivers\vbtenum.sys><IVT Corporation.>
[Bluetooth HID Manager Service / BTHidMgr][Running/Boot Start]
  <\SystemRoot\System32\Drivers\BTHidMgr.sys><IVT Corporation.>
[CmdIde / CmdIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[dac2w2k / dac2w2k][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\dac2w2k.sys><Mylex Corporation>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[hookcont / hookcont][Stopped/System Start]
  <system32\drivers\HookCont.sys><Beijing Rising Information Technology Co., Ltd.>
[hooksys / hooksys][Stopped/System Start]
  <system32\drivers\HookSys.sys><Beijing Rising Information Technology Co., Ltd.>
[HookUrl / HookUrl][Stopped/Auto Start]
  <\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Stopped/Manual Start]
  <system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[mraid35x / mraid35x][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\mraid35x.sys><American Megatrends Inc.>
[nv / nv][Stopped/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[pcidump / pcidump][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\pcidump.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[ql1080 / ql1080][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\ql1080.sys><QLogic Corporation>
[ql12160 / ql12160][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\ql12160.sys><QLogic Corporation>
[ql1280 / ql1280][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\ql1280.sys><QLogic Corporation>
[Rising  Rfwbase Driver / RfwBase][Stopped/Auto Start]
  <System32\DRIVERS\rfwbase.SYS><Beijing Rising Technology Co., Ltd.>
[RsFwDrv / RsFwDrv][Stopped/System Start]
  <\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Information Technology Co., Ltd.>
[rspp / rspp][Stopped/System Start]
  <\??\C:\WINDOWS\system32\Drivers\Rspp.sys><Beijing Rising Information Technology Co., Ltd.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[SafeBoxKrnl / SafeBoxKrnl][Stopped/System Start]
  <\??\C:\WINDOWS\system32\drivers\SafeBoxKrnl.sys><360安全中心>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[SIS AGP Bus Filter / sisagp][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\sisagp.sys><Silicon Integrated Systems Corporation>
[Sparrow / Sparrow][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\sparrow.sys><Adaptec, Inc.>
[symc810 / symc810][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\symc810.sys><Symbios Logic Inc.>
[symc8xx / symc8xx][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\symc8xx.sys><LSI Logic>
[sym_hi / sym_hi][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\sym_hi.sys><LSI Logic>
[sym_u3 / sym_u3][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\sym_u3.sys><LSI Logic>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[ultra / ultra][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\ultra.sys><Promise Technology, Inc.>
[UPDATEDATA / UPDATEDATA][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\acpiec.sys><N/A>
[Virtual Serial port driver / VComm][Stopped/Manual Start]
  <system32\DRIVERS\VComm.sys><IVT Corporation.>
[Bluetooth VComm Manager Service / VcommMgr][Stopped/Manual Start]
  <System32\Drivers\VcommMgr.sys><IVT Corporation.>
[VDProtect / VDProtect][Stopped/System Start]
  <\SystemRoot\system32\drivers\VDProtect.sys><Lenovo>
[NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller / yukonwxp][Running/Manual Start]
  <system32\DRIVERS\yk51x86.sys><Marvell>
[zx / zx][Stopped/Manual Start]
  <\??\C:\DOCUME~1\lenovo\LOCALS~1\Temp\~bc80.tmp><N/A>
==================================
浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[BandIE Class]
  {77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\PROGRA~1\baidu\bar\baidubar.dll, (Signed) Baidu.com, Inc.>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[卡卡上网安全助手]
  {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} <C:\WINDOWS\system32\UrlFilter.dll, (Signed) Beijing Rising Information Technology Co., Ltd.>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360\360Safe\safemon\safemon.dll, (Signed) 360.CN>
[Windows Live Toolbar Helper]
  {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, (Signed) Microsoft Corporation>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, (Signed) Thunder Networking Technologies,LTD>
[联想]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.lenovo.com, N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, (Signed) Microsoft Corporation>
[Windows Live Toolbar]
  {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, (Signed) Microsoft Corporation>
[百度工具栏]
  {B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\baidubar.dll, (Signed) Baidu.com, Inc.>
[AxSubmitControl Class]
  {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\DOWNLO~1\SUBMIT~1.DLL, >
[]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <, >
[]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <, >
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360\360Safe\live.dll, (Signed) 360.cn>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, (Signed) Adobe Systems, Inc.>
[]
  {FB5F1910-F110-11D2-BB9E-00C04F795683} <, >
==================================
正在运行的进程
[PID: 524][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 580][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 604][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4162]
    [C:\WINDOWS\system32\uklognf.dll]  [Lenovo Co. LTD, 1, 0, 0, 1]
    [C:\WINDOWS\system32\mangdrive.dll]  [Lenovo Co. LTD, 1, 0, 0, 1]
    [C:\WINDOWS\system32\COMRes.dll]  [N/A, ]
    [C:\WINDOWS\fonts\gth16502.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth19506.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth24504.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth26507.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth30511.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth33503.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth39513.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth41501.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth43508.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth60335.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth62333.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth68327.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth77327.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth80327.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth83325.ttf]  [N/A, ]
[PID: 648][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 660][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 800][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\COMRes.dll]  [N/A, ]
    [C:\WINDOWS\fonts\gth16502.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth19506.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth24504.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth26507.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth30511.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth33503.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth39513.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth41501.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth43508.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth60335.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth62333.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth68327.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth77327.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth80327.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth83325.ttf]  [N/A, ]
[PID: 904][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\COMRes.dll]  [N/A, ]
    [C:\WINDOWS\fonts\gth16502.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth19506.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth24504.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth26507.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth30511.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth33503.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth39513.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth41501.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth43508.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth60335.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth62333.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth68327.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth77327.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth80327.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth83325.ttf]  [N/A, ]
[PID: 1168][C:\WINDOWS\system32\userinit.exe]  [N/A, ]
    [C:\WINDOWS\system32\COMRes.dll]  [N/A, ]
    [C:\WINDOWS\fonts\gth16502.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth19506.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth24504.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth26507.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth30511.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth33503.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth39513.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth41501.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth43508.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth60335.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth62333.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth68327.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth77327.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth80327.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth83325.ttf]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\msdfjsadfjd.dat]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jxinit.dat]  [N/A, ]
    [C:\WINDOWS\system32\STG4WdmetW2FP.dll]  [N/A, ]
[PID: 1192][C:\WINDOWS\explorer.exe]  [N/A, ]
    [C:\WINDOWSupdate.dll]  [N/A, ]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\WINDOWS\system32\COMRes.dll]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jxinit.dat]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\msdfjsadfjd.dat]  [N/A, ]
    [C:\WINDOWS\fonts\gth16502.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth19506.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth24504.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth26507.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth30511.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth33503.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth39513.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth41501.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth43508.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth60335.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth62333.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth68327.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth77327.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth80327.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth83325.ttf]  [N/A, ]
    [C:\WINDOWS\system32\STG4WdmetW2FP.dll]  [N/A, ]
[PID: 1292][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\WINDOWS\system32\COMRes.dll]  [N/A, ]
    [C:\WINDOWS\fonts\gth16502.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth19506.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth24504.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth26507.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth30511.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth33503.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth39513.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth41501.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth43508.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth60335.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth62333.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth68327.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth77327.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth80327.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth83325.ttf]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jxinit.dat]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\msdfjsadfjd.dat]  [N/A, ]
    [C:\WINDOWS\system32\d7eb91606b0.dll]  [N/A, ]
    [C:\WINDOWS\system32\BMsg6pdMD4ht.dll]  [N/A, ]
    [C:\WINDOWS\system32\08223B03.dll]  [N/A, ]
    [C:\WINDOWS\system32\efc0c52cc1.dll]  [N/A, ]
    [C:\WINDOWS\system32\XR5nPhu9.dll]  [N/A, ]
    [C:\WINDOWS\system32\704C3595.dll]  [N/A, ]
    [C:\WINDOWS\system32\STG4WdmetW2FP.dll]  [N/A, ]
[PID: 1376][C:\WINDOWS\temp\explorer.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\WINDOWS\system32\COMRes.dll]  [N/A, ]
    [C:\WINDOWS\fonts\gth16502.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth19506.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth24504.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth26507.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth30511.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth33503.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth39513.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth41501.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth43508.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth60335.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth62333.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth68327.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth77327.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth80327.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth83325.ttf]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\msdfjsadfjd.dat]  [N/A, ]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jxinit.dat]  [N/A, ]
    [C:\WINDOWS\system32\nvcpl.dll]  [NVIDIA Corporation, 6.14.10.7184]
    [C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll]  [, 2, 0, 0, 0]
    [C:\WINDOWS\system32\STG4WdmetW2FP.dll]  [N/A, ]
    [C:\WINDOWS\system32\704C3595.dll]  [N/A, ]
    [C:\WINDOWS\system32\XR5nPhu9.dll]  [N/A, ]
    [C:\WINDOWS\system32\efc0c52cc1.dll]  [N/A, ]
    [C:\WINDOWS\system32\08223B03.dll]  [N/A, ]
    [C:\WINDOWS\system32\BMsg6pdMD4ht.dll]  [N/A, ]
    [C:\WINDOWS\system32\d7eb91606b0.dll]  [N/A, ]
    [C:\WINDOWS\system32\YbKeaDWhb3vF4pe.dll]  [N/A, ]
    [C:\WINDOWS\system32\ucabinet.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\mangdrive.dll]  [Lenovo Co. LTD, 1, 0, 0, 1]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
[PID: 192][C:\WINDOWS\system32\taskmgr.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\WINDOWS\system32\COMRes.dll]  [N/A, ]

[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jxinit.dat]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\msdfjsadfjd.dat]  [N/A, ]
    [C:\WINDOWS\fonts\gth16502.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth19506.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth24504.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth26507.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth30511.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth33503.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth39513.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth41501.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth43508.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth60335.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth62333.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth68327.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth77327.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth80327.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth83325.ttf]  [N/A, ]
    [C:\WINDOWS\system32\STG4WdmetW2FP.dll]  [N/A, ]
    [C:\WINDOWS\system32\d7eb91606b0.dll]  [N/A, ]
    [C:\WINDOWS\system32\BMsg6pdMD4ht.dll]  [N/A, ]
    [C:\WINDOWS\system32\08223B03.dll]  [N/A, ]
    [C:\WINDOWS\system32\efc0c52cc1.dll]  [N/A, ]
    [C:\WINDOWS\system32\XR5nPhu9.dll]  [N/A, ]
    [C:\WINDOWS\system32\704C3595.dll]  [N/A, ]
[PID: 900][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\WINDOWS\system32\COMRes.dll]  [N/A, ]
    [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\gdiplus.dll]  [Microsoft Corporation, 5.1.3102.5581 (xpsp_sp3_qfe.080415-1416)]
    [C:\WINDOWS\fonts\gth16502.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth19506.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth24504.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth26507.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth30511.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth33503.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth39513.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth41501.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth43508.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth60335.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth62333.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth68327.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth77327.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth80327.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth83325.ttf]  [N/A, ]
    [C:\WINDOWS\system32\d7eb91606b0.dll]  [N/A, ]
    [C:\WINDOWS\system32\BMsg6pdMD4ht.dll]  [N/A, ]
    [C:\WINDOWS\system32\08223B03.dll]  [N/A, ]
    [C:\WINDOWS\system32\efc0c52cc1.dll]  [N/A, ]
    [C:\WINDOWS\system32\XR5nPhu9.dll]  [N/A, ]
    [C:\WINDOWS\system32\704C3595.dll]  [N/A, ]
    [C:\WINDOWS\system32\STG4WdmetW2FP.dll]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jxinit.dat]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\msdfjsadfjd.dat]  [N/A, ]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.67]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 120]
    [C:\WINDOWS\system32\YbKeaDWhb3vF4pe.dll]  [N/A, ]
[PID: 1360][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\WINDOWS\system32\COMRes.dll]  [N/A, ]
    [C:\WINDOWS\system32\d7eb91606b0.dll]  [N/A, ]
    [C:\WINDOWS\system32\BMsg6pdMD4ht.dll]  [N/A, ]
    [C:\WINDOWS\system32\08223B03.dll]  [N/A, ]
    [C:\WINDOWS\system32\efc0c52cc1.dll]  [N/A, ]
    [C:\WINDOWS\system32\XR5nPhu9.dll]  [N/A, ]
    [C:\WINDOWS\system32\704C3595.dll]  [N/A, ]
    [C:\WINDOWS\system32\STG4WdmetW2FP.dll]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jxinit.dat]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\msdfjsadfjd.dat]  [N/A, ]
    [C:\WINDOWS\fonts\gth16502.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth19506.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth24504.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth26507.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth30511.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth33503.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth39513.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth41501.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth43508.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth60335.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth62333.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth68327.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth77327.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth80327.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth83325.ttf]  [N/A, ]
[PID: 548][C:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe]  [Thunder Networking Technologies,LTD, 5.8.9.662]
    [C:\Program Files\Thunder Network\Thunder\Program\BugReport.dll]  [Thunder Networking Technologies,LTD, 1, 4, 1, 20]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\WINDOWS\system32\COMRes.dll]  [N/A, ]
    [C:\Program Files\Thunder Network\Thunder\Program\TaskManager.dll]  [Thunder Networking Technologies,LTD, 1, 3, 10, 73]
    [C:\Program Files\Thunder Network\Thunder\Program\download_interface.dll]  [Thunder Networking Technologies,LTD, 3, 4, 2, 333]
    [C:\Program Files\Thunder Network\Thunder\Program\mp.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 5]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Thunder Network\Thunder\Program\asyn_frame.dll]  [Thunder Networking Technologies,LTD, 1, 3, 2, 32]
    [C:\Program Files\Thunder Network\Thunder\Program\ATL71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Thunder Network\Thunder\Program\XLNet.Dll]  [Thunder Networking Technologies,LTD, 1, 5, 2, 25]
    [C:\Program Files\Thunder Network\Thunder\Program\BHOStub.dll]  [Thunder Networking Technologies,LTD, 1, 1, 1, 12]
    [C:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DownAndPlay.dll]  [, 1, 0, 12, 30]
    [C:\Program Files\Thunder Network\Thunder\Program\backend_agent.dll]  [Thunder Networking Technologies,LTD, 1, 1, 2, 27]
    [C:\Program Files\Thunder Network\Thunder\Program\zlib1.dll]  [, 1.2.3]
    [C:\WINDOWS\fonts\gth16502.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth19506.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth24504.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth26507.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth30511.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth33503.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth39513.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth41501.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth43508.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth60335.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth62333.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth68327.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth77327.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth80327.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth83325.ttf]  [N/A, ]
    [C:\WINDOWS\system32\d7eb91606b0.dll]  [N/A, ]
    [C:\WINDOWS\system32\BMsg6pdMD4ht.dll]  [N/A, ]
    [C:\WINDOWS\system32\08223B03.dll]  [N/A, ]
    [C:\WINDOWS\system32\efc0c52cc1.dll]  [N/A, ]
    [C:\WINDOWS\system32\XR5nPhu9.dll]  [N/A, ]
    [C:\WINDOWS\system32\704C3595.dll]  [N/A, ]
    [C:\WINDOWS\system32\STG4WdmetW2FP.dll]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jxinit.dat]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\msdfjsadfjd.dat]  [N/A, ]
    [C:\Program Files\Thunder Network\Thunder\Program\p2sp.dll]  [Thunder Networking Technologies,LTD, 1, 1, 2, 59]
    [C:\Program Files\Thunder Network\Thunder\Program\fs.dll]  [Thunder Networking Technologies,LTD, 1, 1, 2, 17]
    [C:\Program Files\Thunder Network\Thunder\Program\down_dispatcher.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 42]
    [C:\Program Files\Thunder Network\Thunder\Program\ptl.dll]  [Thunder Networking Technologies,LTD, 3, 2, 2, 55]
    [C:\Program Files\Thunder Network\Thunder\Program\dl_peer_id.dll]  [Thunder Networking Technologies,LTD, 3, 1, 2, 4]
    [C:\Program Files\Thunder Network\Thunder\Program\xl_stat.dll]  [, 1, 0, 2, 7]
    [C:\Program Files\Thunder Network\Thunder\Program\p2p_network_com.dll]  [, 1, 0, 2, 25]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.67]
    [C:\Program Files\Thunder Network\Thunder\Program\iTargetAD.dll]  [Thunder Networking Technologies,LTD, 1, 0, 4, 35]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\Program Files\Thunder Network\Thunder\Program\p2p.dll]  [Thunder Networking Technologies,LTD, 1,1,2,48]
    [C:\Program Files\Thunder Network\Thunder\Program\p2p_upload.dll]  [Thunder Networking Technologies,LTD, 1,1,2,13]
    [C:\Program Files\Thunder Network\Thunder\Program\xldc.dll]  [Thunder Networking Technologies,LTD, 4, 0, 2, 28]
    [C:\Program Files\Thunder Network\Thunder\Program\stream.dll]  [ShenZhen Thunder Networking Technologies,Ltd., 2, 1, 2, 1025]
    [C:\Program Files\Thunder Network\Thunder\Program\p2p_local_res.dll]  [Thunder Networking Technologies,LTD, 1,1,2,18]
    [C:\Program Files\Thunder Network\Thunder\Program\al.dll]  [Thunder Networking Technologies,LTD, 1,1,2,31]
    [C:\Program Files\Thunder Network\Thunder\Program\media_data.dll]  [, 1, 0, 2, 7]
    [C:\Program Files\Thunder Network\Thunder\Program\sl.dll]  [Thunder Networking Technologies,LTD, 1.0.2.2]
    [C:\Program Files\Thunder Network\Thunder\Program\p2sp_pd.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 5]
    [C:\Program Files\Thunder Network\Thunder\Components\InMedia\iEmbedShell.dll]  [　, 3, 4, 11, 118]
    [C:\Program Files\Thunder Network\Thunder\Components\InMedia\iEmbed20.dll]  [Thunder Networking Technologies,LTD, 3, 4, 11, 118]
    [C:\Program Files\Thunder Network\Thunder\Components\InMedia\XLIPC.DLL]  [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
    [C:\Program Files\Thunder Network\Thunder\Program\xldcsubtask.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 13]
    [C:\Program Files\Thunder Network\Thunder\Program\emule_id.dll]  [, 1, 0, 2, 12]
    [C:\Program Files\Thunder Network\Thunder\Components\P4PClient\P4PClient.dll]  [Thunder Networking Technologies,LTD, 2, 2, 5, 70]
    [C:\Program Files\Thunder Network\Thunder\Components\Community\XLCommunity.dll]  [Thunder Networking Technologies,LTD, 2, 6, 0, 104]
    [C:\Program Files\Thunder Network\Thunder\Program\RegisterDll.dll]  [Thunder Networking Technologies,LTD, 2, 17, 0, 67]
    [C:\Program Files\Thunder Network\Thunder\Program\MSVCIRT.dll]  [Microsoft Corporation, 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Thunder Network\Thunder\Program\XLNetU.Dll]  [Thunder Networking Technologies,LTD, 1, 5, 1, 24]
    [C:\Program Files\Thunder Network\Thunder\Program\imdt.dll]  [Thunder Networking Technologies,LTD, 1.2.0.21]
    [C:\Program Files\Thunder Network\Thunder\Components\Security\ThunderSafe.dll]  [Xunlei Networking Technologies,LTD, 2, 1, 8, 106]
    [C:\Program Files\Thunder Network\Thunder\Components\Security\ConfigManager.dll]  [深圳市迅雷网络技术有限公司, 1, 0, 0, 1]
    [C:\Program Files\Thunder Network\Thunder\Components\Security\SafeManager.dll]  [Xunlei Networking Technologies,LTD, 1, 0, 5, 20]
    [C:\Program Files\Thunder Network\Thunder\Components\Security\SafeStatistic.dll]  [Xunlei Networking Technologies,LTD, 1, 0, 0, 1]

[C:\Program Files\Thunder Network\Thunder\Plugins\XLSafeHost\XLSafeHost.dll]  [深圳市迅雷网络技术有限公司, 1, 2, 19, 106]
    [C:\Program Files\Thunder Network\Thunder\Components\InMedia\MediaAddin18.dll]  [Thunder Networking Technologies,LTD, 3, 1, 6, 81]
    [C:\Program Files\Thunder Network\Thunder\Components\Search\XLSearch.dll]  [Thunder Networking Technologies,LTD, 1, 1, 7, 25]
    [C:\Program Files\Thunder Network\Thunder\Program\LiveUpdate.dll]  [Thunder Networking Technologies,LTD, 1, 2, 4, 26]
    [C:\Program Files\Thunder Network\Thunder\Plugins\NetGame\XLNetGame.dll]  [, 1, 0, 0, 2]
    [C:\Program Files\Thunder Network\Thunder\Components\XLSoftBase\DrThunderHost.dll]  [深圳市迅雷网络技术有限公司, 1.0.0.17]
    [C:\Program Files\Thunder Network\Thunder\Components\XLSoftBase\DrKernel.dll]  [深圳市迅雷网络技术有限公司, 1.0.0.8]
    [C:\Program Files\Thunder Network\Thunder\Components\XLSoftBase\DrSoftIdentifier.dll]  [深圳市迅雷网络技术有限公司, 1.0.0.10]
    [C:\Program Files\Thunder Network\Thunder\Components\XLSoftBase\DrUpdate.dll]  [深圳市迅雷网络技术有限公司, 1.1.0.8]
    [C:\Program Files\Thunder Network\Thunder\Components\ExplorerHelper\ExplorerHelper.dll]  [Thunder Networking Technologies,LTD, 1, 0, 4, 26]
    [C:\Program Files\Thunder Network\Thunder\Components\Tips\TipsClient.dll]  [Thunder Networking Technologies,LTD, 3, 0, 2, 131]
    [C:\Program Files\Thunder Network\Thunder\Components\Tips\XLSkin.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
    [C:\Program Files\Thunder Network\Thunder\Components\VPSHELL\VPSHELL.dll]  [迅雷网络, 4, 0, 0, 38]
    [C:\WINDOWS\system32\YbKeaDWhb3vF4pe.dll]  [N/A, ]
    [C:\Program Files\Thunder Network\Thunder\Components\UserExperience\UserExperience.dll]  [Thunder Networking Technologies,LTD, 1, 0, 3, 5]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsXlCom.dll]  [, 1, 0, 0, 30]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\MediaWorker.dll]  [Thunder Networking Technologies,LTD, 1, 2, 0, 22]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [C:\Program Files\Thunder Network\Thunder\Components\DownloadStat\DownloadStat.dll]  [Thunder Networking Technologies,LTD, 1, 4, 1, 6]
    [C:\Program Files\Thunder Network\Thunder\Program\bd.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 20]
    [C:\Program Files\Thunder Network\Thunder\Components\Tips\XLIPC.DLL]  [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
[PID: 1000][D:\TDDOWNLOAD\sreng2\SREngLdr.EXE]  [Smallfrogs Studio, 2.7.1.1261]
[PID: 988][D:\TDDOWNLOAD\sreng2\SREe381f2a3.EXE]  [Smallfrogs Studio, 2.7.1.1261]
    [C:\WINDOWS\system32\COMRes.dll]  [N/A, ]
    [C:\WINDOWS\system32\d7eb91606b0.dll]  [N/A, ]
    [C:\WINDOWS\system32\BMsg6pdMD4ht.dll]  [N/A, ]
    [C:\WINDOWS\system32\08223B03.dll]  [N/A, ]
    [C:\WINDOWS\system32\efc0c52cc1.dll]  [N/A, ]
    [C:\WINDOWS\system32\XR5nPhu9.dll]  [N/A, ]
    [C:\WINDOWS\system32\704C3595.dll]  [N/A, ]
    [C:\WINDOWS\system32\STG4WdmetW2FP.dll]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jxinit.dat]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\msdfjsadfjd.dat]  [N/A, ]
    [C:\WINDOWS\fonts\gth16502.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth19506.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth24504.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth26507.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth30511.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth33503.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth39513.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth41501.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth43508.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth60335.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth62333.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth68327.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth77327.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth80327.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth83325.ttf]  [N/A, ]
    [D:\TDDOWNLOAD\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
[PID: 332][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1      v.onondown.com.cn
127.0.0.2      ymsdasdw1.cn
127.0.0.3      h96b.info
127.0.0.0      xxx.zttwp.cn
127.0.0.0      www.hackerbf.cn
127.0.0.0      geekbyfeng.cn
127.0.0.0      121.14.101.68
127.0.0.0      ppp.etimes888.com
127.0.0.0      www.bypk.com
127.0.0.0      CSC3-2004-crl.verisign.com
127.0.0.1      va9sdhun23.cn
127.0.0.0      udp.hjob123.com
127.0.0.2      bnasnd83nd.cn
127.0.0.0      www.gamehacker.com.cn
127.0.0.0      gamehacker.com.cn
127.0.0.3      adlaji.cn
127.0.0.1      858656.com
127.1.1.1      bnasnd83nd.cn
127.0.0.1      my123.com
127.0.0.0      user1.12-27.net
127.0.0.1      8749.com
127.0.0.0      fengent.cn
127.0.0.1      4199.com
127.0.0.1      user1.16-22.net
127.0.0.1      7379.com
127.0.0.1      2be37c5f.3f6e2cc5f0b.com
127.0.0.1      7255.com
127.0.0.1      user1.23-12.net
127.0.0.1      3448.com
127.0.0.1      www.guccia.net
127.0.0.1      7939.com
127.0.0.1      a.o1o1o1.nEt
127.0.0.1      8009.com
127.0.0.1      user1.12-73.cn
127.0.0.1      piaoxue.com
127.0.0.1      3n8nlasd.cn
127.0.0.1      kzdh.com
127.0.0.0      www.sony888.cn
127.0.0.1      about.blank.la
127.0.0.0      user1.asp-33.cn
127.0.0.1      6781.com
127.0.0.0      www.netkwek.cn
127.0.0.1      7322.com
127.0.0.0      ymsdkad6.cn
127.0.0.1      localhost
127.0.0.0      www.lkwueir.cn
127.0.0.1      06.jacai.com
127.0.1.1      user1.23-17.net
127.0.0.1      1.jopenkk.com
127.0.0.0      upa.luzhiai.net
127.0.0.1      1.jopenqc.com
127.0.0.0      www.guccia.net
127.0.0.1      1.joppnqq.com
127.0.0.0      4m9mnlmi.cn
127.0.0.1      1.xqhgm.com
127.0.0.0      mm119mkssd.cn
127.0.0.1      100.332233.com
127.0.0.0      61.128.171.115:8080
127.0.0.1      121.11.90.79
127.0.0.0      www.1119111.com
127.0.0.1      121565.net
127.0.0.0      win.nihao69.cn
127.0.0.1      125.90.88.38
127.0.0.1      16888.6to23.com
127.0.0.1      2.joppnqq.com
127.0.0.0      puc.lianxiac.net
127.0.0.1      204.177.92.68
127.0.0.0      pud.lianxiac.net
127.0.0.1      210.74.145.236
127.0.0.0      210.76.0.133
127.0.0.1      219.129.239.220
127.0.0.0      61.166.32.2
127.0.0.1      219.153.40.221
127.0.0.0      218.92.186.27
127.0.0.1      219.153.46.27
127.0.0.0      www.fsfsfag.cn
127.0.0.1      219.153.52.123
127.0.0.0      ovo.ovovov.cn
127.0.0.1      221.195.42.71
127.0.0.0      dw.com.com
127.0.0.1      222.73.218.115
127.0.0.1      203.110.168.233:80
127.0.0.1      3.joppnqq.com
127.0.0.1      203.110.168.221:80
127.0.0.1      363xx.com
127.0.0.1      www1.ip10086.com.cm
127.0.0.1      4199.com
127.0.0.1      blog.ip10086.com.cn
127.0.0.1      43242.com
127.0.0.1      www.ccji68.cn
127.0.0.1      5.xqhgm.com
127.0.0.0      t.myblank.cn
127.0.0.1      520.mm5208.com
127.0.0.0      x.myblank.cn
127.0.0.1      59.34.131.54
127.0.0.1      210.51.45.5
127.0.0.1      59.34.198.228
127.0.0.1      www.ew1q.cn
127.0.0.1      59.34.198.88
127.0.0.1      59.34.198.97
127.0.0.1      60.190.114.101
127.0.0.1      60.190.218.34
127.0.0.0      qq-xing.com.cn
127.0.0.1      60.191.124.252
127.0.0.1      61.145.117.212
127.0.0.1      61.157.109.222
127.0.0.1      75.126.3.216
127.0.0.1      75.126.3.217
127.0.0.1      75.126.3.218
127.0.0.0      59.125.231.177:17777
127.0.0.1      75.126.3.220
127.0.0.1      75.126.3.221
127.0.0.1      75.126.3.222
127.0.0.1      772630.com
127.0.0.1      832823.cn
127.0.0.1      8749.com
127.0.0.1      888.jopenqc.com
127.0.0.1      89382.cn
127.0.0.1      8v8.biz
127.0.0.1      97725.com
127.0.0.1      9gg.biz
127.0.0.1      www.9000music.com
127.0.0.1      test.591jx.com
127.0.0.1      a.topxxxx.cn
127.0.0.1      picon.chinaren.com
127.0.0.1      www.5566.net
127.0.0.1      p.qqkx.com
127.0.0.1      news.netandtv.com
127.0.0.1      z.neter888.cn
127.0.0.1      b.myblank.cn
127.0.0.1      wvw.wokutu.com
127.0.0.1      unionch.qyule.com
127.0.0.1      www.qyule.com
127.0.0.1      it.itjc.cn
127.0.0.1      www.linkwww.com
127.0.0.1      vod.kaicn.com
127.0.0.1      www.tx8688.com
127.0.0.1      b.neter888.cn
127.0.0.1      promote.huanqiu.com
127.0.0.1      www.huanqiu.com
127.0.0.1      www.haokanla.com
127.0.0.1      play.unionsky.cn
127.0.0.1      www.52v.com
127.0.0.1      www.gghka.cn
127.0.0.1      icon.ajiang.net
127.0.0.1      new.ete.cn
127.0.0.1      www.stiae.cn
127.0.0.1      o.neter888.cn
127.0.0.1      comm.jinti.com
127.0.0.1      www.google-analytics.com
127.0.0.1      hz.mmstat.com
127.0.0.1      www.game175.cn
127.0.0.1      x.neter888.cn
127.0.0.1      z.neter888.cn
127.0.0.1      p.etimes888.com
127.0.0.1      hx.etimes888.com
127.0.0.1      abc.qqkx.com
127.0.0.1      dm.popdm.cn
127.0.0.1      www.yl9999.com
127.0.0.1      www.dajiadoushe.cn
127.0.0.1      v.onondown.com.cn
127.0.0.1      www.interoo.net
127.0.0.1      bally1.bally-bally.net
127.0.0.1      www.bao5605509.cn
127.0.0.1      www.rty456.cn
127.0.0.1      www.werqwer.cn
127.0.0.1      1.360-1.cn
127.0.0.1      user1.23-16.net
127.0.0.1      www.guccia.net
127.0.0.1      www.interoo.net
127.0.0.1      upa.netsool.net
127.0.0.1      js.users.51.la
127.0.0.1      vip2.51.la
127.0.0.1      web.51.la
127.0.0.1      qq.gong2008.com
127.0.0.1      2008tl.copyip.com
127.0.0.1      tla.laozihuolaile.cn
127.0.0.1      www.tx6868.cn
127.0.0.1      p001.tiloaiai.com
127.0.0.1      s1.tl8tl.com
127.0.0.1      s1.gong2008.com
127.0.0.1      4b3ce56f9g.3f6e2cc5f0b.com
127.0.0.1      2be37c5f.3f6e2cc5f0b.com
==================================
进程特权扫描
特殊特权被允许： SeDebugPrivilege [PID = 1192, C:\WINDOWS\EXPLORER.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 1376, C:\WINDOWS\TEMP\EXPLORER.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1376, C:\WINDOWS\TEMP\EXPLORER.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 1000, D:\TDDOWNLOAD\SRENG2\SRENGLDR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1000, D:\TDDOWNLOAD\SRENG2\SRENGLDR.EXE]
==================================
计划任务
[已启用] 查看 Windows Live Toolbar 更新.job
        C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
==================================
API HOOK
N/A
==================================
隐藏进程
N/A
==================================[/code]

大中午的都去吃饭了？斑竹们都哪去了？:default3:

下载文件批量提取工具提取下面文件
http://bbs.ikaka.com/attachment.aspx?attachmentid=486266

C:\WINDOWS\system32\scvhost.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\131796_xeex.exe
C:\WINDOWS\system32\704C3595.dll
C:\WINDOWS\system32\XR5nPhu9.dll
C:\WINDOWS\system32\efc0c52cc1.dll
C:\WINDOWS\system32\08223B03.dll
C:\WINDOWS\system32\BMsg6pdMD4ht.dll
C:\WINDOWS\system32\d7eb91606b0.dll
C:\WINDOWS\system32\STG4WdmetW2FP.dll
C:\WINDOWS\system32\YbKeaDWhb3vF4pe.dl
C:\WINDOWS\system32\drivers\pcidump.sys
C:\DOCUME~1\lenovo\LOCALS~1\Temp\~bc80.tmp
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\fonts\gth16502.ttf
C:\WINDOWS\fonts\gth19506.ttf
C:\WINDOWS\fonts\gth24504.ttf
C:\WINDOWS\fonts\gth26507.ttf
C:\WINDOWS\fonts\gth30511.ttf
C:\WINDOWS\fonts\gth33503.ttf
C:\WINDOWS\fonts\gth39513.ttf
C:\WINDOWS\fonts\gth41501.ttf
C:\WINDOWS\fonts\gth43508.ttf
C:\WINDOWS\fonts\gth60335.ttf
C:\WINDOWS\fonts\gth62333.ttf
C:\WINDOWS\fonts\gth68327.ttf
C:\WINDOWS\fonts\gth77327.ttf
C:\WINDOWS\fonts\gth80327.ttf
C:\WINDOWS\fonts\gth83325.ttf
C:\WINDOWS\system32\STG4WdmetW2FP.dll
C:\WINDOWS\system32\704C3595.dll
C:\WINDOWS\system32\XR5nPhu9.dll
C:\WINDOWS\system32\efc0c52cc1.dll
C:\WINDOWS\system32\08223B03.dll
C:\WINDOWS\system32\BMsg6pdMD4ht.dll
C:\WINDOWS\system32\d7eb91606b0.dll
C:\WINDOWS\system32\YbKeaDWhb3vF4pe.dll

上传病毒样本到可疑文件交流区，地址为：http://bbs.ikaka.com/showforum-20002.aspx
或者直接发送给瑞星的邮件服务中心【病毒样本】地址为：http://mailcenter.rising.com.cn/uploadnew.aspx

hosts文件被修改了，用卡卡助手-高级工具-系统修复来恢复。

Explorer.exe
C:\WINDOWS\system32\userinit.exe
被替换了，从其他同版本操作系统上拷贝文件覆盖过去。

http://cu003.www.duba.net/duba/tools/dubatools/install.exe
试试这东西呢

样本提完了，放桌面上一大堆，末了还有一个出错的提示，

一个藐视中狂犬的。。。。。。
打开C:\WINDOWS\system32文件夹 （或打开系统对应目录），找到userinit.exe、explorer.exe点击右键查看文件的属性，若在属性窗口中看不到文件的版本标签则说明该文件已经被病毒替换系统已经染毒。
http://download.rising.com.cn/zsgj/RavEdog.exe

中的还真多啊。。 看的我有点晕 不知道是否有遗漏。。

c:\windows\system32\comres.dll
c:\windows\system32\userinit.exe
c:\windows\system32\appmgmts.dll  找正常的文件替换这三个  http://bbs.ikaka.com/showtopic-8417665.aspx#3487007 这里有下载
c:\windows\temp\explorer.exe 将这个文件上传到http://www.virustotal.com/zh-cn/ 检测一下，如果没有问题，就将其替换到c:\windows下,现在windows下的那个explorer.exe是病毒文件。

1.建议使用XDelBox删除以下文件：(XDelBox1.8),系统盘非C盘的或是vista系统的建议下载费尔木马强力清除助手删除以下文件：
使用说明：删除时复制所有要删除文件的路径，在待删除文件列表里点击右键选择剪贴板导入不检查路径，导入后记得勾选抑制其再生，在要删除文件上点击右键，选择立刻重启删除，电脑会重启进入DOS界面进行删除操作（重启计算机以后会有一个系统菜单选择Go Xdelbox To Del Files）。运行xdelbox前最好卸载所有可移动存储设备。

c:\windows\fonts\gth16502.ttf
c:\windows\fonts\gth19506.ttf
c:\windows\fonts\gth24504.ttf
c:\windows\fonts\gth26507.ttf
c:\windows\fonts\gth30511.ttf
c:\windows\fonts\gth33503.ttf
c:\windows\fonts\gth39513.ttf
c:\windows\fonts\gth41501.ttf
c:\windows\fonts\gth43508.ttf
c:\windows\fonts\gth60335.ttf
c:\windows\fonts\gth62333.ttf
c:\windows\fonts\gth68327.ttf
c:\windows\fonts\gth77327.ttf
c:\windows\fonts\gth80327.ttf
c:\windows\fonts\gth83325.ttf
c:\docume~1\admini~1\locals~1\temp\jxinit.dat
c:\docume~1\admini~1\locals~1\temp\msdfjsadfjd.dat
c:\windows\system32\stg4wdmetw2fp.dll
c:\windowsupdate.dll
c:\windows\system32\08223b03.dll
c:\windows\system32\704c3595.dll
c:\windows\system32\bmsg6pdmd4ht.dll
c:\windows\system32\d7eb91606b0.dll
c:\windows\system32\efc0c52cc1.dll
c:\windows\system32\xr5nphu9.dll
c:\windows\system32\ybkeadwhb3vf4pe.dll
c:\windows\system32\scvhost.exe
c:\docume~1\admini~1\locals~1\temp\131796_xeex.exe
c:\windows\fonts\x7s7xgtp.fon
c:\windows\fonts\crrp2mdp.fon
c:\windows\system32\a1a6bc2e.dll
c:\windows\system32\cc0ec2c9.dll
c:\windows\system32\etgbjk2ycxnm.dll
c:\windows\system32\mgmdqtjzg47.dll
c:\windows\system32\hfbgclff.dll
c:\windows\system32\nfpgbccd.dll
c:\windows\system32\jimhhnib.dll
c:\windows\system32\hnnpigjf.dll
c:\windows\fonts\sjbqjty7bc.fon
c:\windows\system32\jfoalndi.dll
c:\windows\system32\ws0gwmz.dll
c:\docume~1\lenovo\locals~1\temp\~bc80.tmp
c:\windows\system32\drivers\pcidump.sys


2.删除重启后使用SREng修复下面各项：

    启动项目 －－ 注册表之如下项删除：
[a360]    <; C:\WINDOWS\system32\scvhost.exe>
[Ferrari]    <; C:\WINDOWS\system32\scvhost.exe>
[qq2983]    <C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\131796_xeex.exe>
[{B70A8AAD-F18A-465E-8240-184DD5845D2D}]    <C:\WINDOWS\fonts\X7s7xgtP.fon>
[{47018D3A-8682-4D30-AC5E-F74B84189AB3}]    <C:\WINDOWS\fonts\crrp2mDP.fon>
[{704C3595-DB85-40F6-A601-8D6F346907BD}]    <C:\WINDOWS\system32\704C3595.dll>
[{C10D41C6-4D17-4808-87CE-40612862A1BB}]    <C:\WINDOWS\system32\XR5nPhu9.dll>
[{A1A6BC2E-C6A1-43C1-8884-A31D772F42B8}]    <C:\WINDOWS\system32\A1A6BC2E.dll>
[{028A997C-4262-4107-BD46-2ABBC6143E8C}]    <C:\WINDOWS\system32\efc0c52cc1.dll>
[{CC0EC2C9-432D-4DCC-91E7-A7C5CEA748D8}]    <C:\WINDOWS\system32\CC0EC2C9.dll>
[{08223B03-1B38-4A33-A83A-A4D3CC1D6E4E}]    <C:\WINDOWS\system32\08223B03.dll>
[{737858A9-9AEA-4838-9B49-54DA731F7F37}]    <C:\WINDOWS\system32\BMsg6pdMD4ht.dll>
[{FEACAF74-8D58-42F4-AB39-1CDA51437347}]    <C:\WINDOWS\system32\etGBJk2YCXnM.dll>
[{CC2B89B8-6A27-4D4A-BBBE-D2CD655A47C2}]    <C:\WINDOWS\system32\d7eb91606b0.dll>
[{A2A0F1E3-5A22-4952-8A3E-25C5E9CFC302}]    <C:\WINDOWS\system32\MGmdqtJZG47.dll>
[{1FB0C5FF-4FA0-49B6-9C16-6E7A15ED3CC2}]    <C:\WINDOWS\system32\hfbgclff.dll>
[{7F90BCCD-8208-418A-AE04-A854328EE6CF}]    <C:\WINDOWS\system32\nfpgbccd.dll>
[{3261172B-A309-4F94-AB03-9105CD41894B}]    <C:\WINDOWS\system32\jimhhnib.dll>
[{1779203F-7B22-403D-A2E7-41B39A65370F}]    <C:\WINDOWS\system32\hnnpigjf.dll>
[{49762F37-EF1F-447D-A27A-967C9520A3F8}]    <C:\WINDOWS\fonts\sJbQjtY7bc.fon>
[{3F8A57D2-00D4-4204-B7A0-91FB4C2446DF}]    <C:\WINDOWS\system32\jfoalndi.dll>
[{3A5700C3-2847-4CBE-A3E5-F0C394690C9A}]    <C:\WINDOWS\system32\wS0GWMZ.dll>
[{DE00760F-DC9F-46C2-9D4E-61B5BB810C51}]    <C:\WINDOWS\system32\STG4WdmetW2FP.dll>
[{609758CB-54E6-4C21-B57C-3407D9E232E8}]    <C:\WINDOWS\system32\YbKeaDWhb3vF4pe.dll>
[1FB0C5FF]    <C:\WINDOWS\system32\hfbgclff.dll>
[7F90BCCD]    <C:\WINDOWS\system32\nfpgbccd.dll>
[3261172B]    <C:\WINDOWS\system32\jimhhnib.dll>
[1779203F]    <C:\WINDOWS\system32\hnnpigjf.dll>
[3F8A57D2]    <C:\WINDOWS\system32\jfoalndi.dll>
[IFEO[DrRtp.exe]]    <C:\WINDOWS\system32\svchost.exe>
[IFEO[egui.exe]]    <services.exe>
[IFEO[QQDoctor.exe]]    <C:\WINDOWS\system32\svchost.exe>
[IFEO[RStray.exe]]    <C:\WINDOWS\system32\svchost.exe>


    启动项目 －－ 服务－－ 驱动程序之如下项禁用：
[zx / zx]    <\??\C:\DOCUME~1\lenovo\LOCALS~1\Temp\~bc80.tmp>
[pcidump / pcidump]    <\??\C:\WINDOWS\system32\drivers\pcidump.sys>

    系统修复－－ HOSTS文件－－重置

**************以上分析报告由SREngLog分析助手提供******************
分析：chuanshao
时间：2009-4-8


3.下载windows清理助手清理恶意软件
http://www.arswp.com/download/arswp/arswp.rar  (升级后使用)

下载临时文件清理工具
http://www.dodudou.com/down/ATF-Cleaner-cn.exe

附件: 系统文件替换工具.rar

:default3: 看不到桌面了，连文件都找不到:default8:

晕死了，谁来帮忙

用户系统信息：Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727)

你先从DLLCACHE目录下看看有没有这个文件，拷贝到system32文件夹下面 ，使用regsvr32 comres.dll 程序注册该文件

你说的那个文件夹在哪？

注册表里找？

又不会了，有人教我啊，:default4: ，以后再也不做系统了

找不到指定的模块

哥们你可能中了AV，猫癣，奔（三个牛，打不出来）牛病毒了，它们最主要的除了你说的外，还人就是杀软全部启动不了，启动了也没法杀毒，对不。
  对付这些王巴蛋很费力，不过你也别担心，你去网上下这三个病毒的专杀工具，记住一点是打包的哟，在安全模式下直接在压缩包里面运行进行查杀，还有要下金山系统急救箱，这个东西很强大，在运行它进行全面查杀，最后你要不放心在开杀软进行全盘扫描。
这样下来，那些无瘌就拿咱们没辙了，祝你好运！

扫描一份sreng日志上来

我说哥们你的CPU能受得了这些病毒祸害吗？三个也不够它用呀，用SRE进行扫描修复吧，还有要在安全模式下，这毒真毒！
  把C盘下它的文件清理干净了，最主要的是把它在注册表的位置给端了，别给它喘气的机会。这毒怎么这么不要脸呀。
  对注册表不了解就用金山系统急救箱和WINDOWS清理助手进行清理和修复。