中了Trojan.DL.Small.uyj 病毒和Trojan.PSW.OnlineGames.aoo 等好几个,瑞星可以杀出来,却杀不死,怎么办,扫描日志在下面,请给了彻底杀毒的办法,最好说的浅显点.
[CODE]

2007-04-27,17:09:04

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 1 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>  [(Verified)Microsoft Windows XP Publisher]
    <QQDownload><"C:\Program Files\Tencent\QQDownload\QQDownload.exe" autostart>  [N/A]
    <iTudouAutoStart><F:\tudou\iTudou\iTudou.exe -AutoStart>  []
    <6gdykbld55qre><C:\DOCUME~1\lenovo\LOCALS~1\Temp\winlog0n.exe>  [N/A]
    <87><C:\DOCUME~1\lenovo\LOCALS~1\Temp\Servera.exe>  []
    <8><C:\DOCUME~1\lenovo\LOCALS~1\Temp\iexpl0re.exe>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <fy><C:\WINDOWS\Sysfy3\svchost.exe>  []
    <JT><C:\WINDOWS\SysJT3\svchost.exe>  []
    <J2><C:\WINDOWS\System32\SysJ2\svchost.exe>  [N/A]
    <sun><C:\WINDOWS\SysSun2\svchost.exe>  []
    <wl><C:\WINDOWS\Syswl3\svchost.exe>  []
    <wm><C:\WINDOWS\Syswm7\svchost.exe>  []
    <sj><C:\WINDOWS\Syssj5\svchost.exe>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <SysExplr><e:\Herosoft\HeroV8\SysExplr.EXE>  [N/A]
    <SoundMan><SOUNDMAN.EXE>  [(Verified)Microsoft Windows XP Publisher]
    <SKDaemon><C:\Program Files\Lenovo\Legend Standard Keyboard\skdaemon.exe>  []
    <Shuttle.exe><C:\Program Files\联想(北京)有限公司\幸福飞梭\Shuttle.exe>  []
    <PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows XP Publisher]
    <PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows XP Publisher]
    <NeroFilterCheck><C:\WINDOWS\system32\NeroCheck.exe>  [Ahead Software Gmbh]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows XP Publisher]
    <IgfxTray><C:\WINDOWS\System32\igfxtray.exe>  [(Verified)Microsoft Windows XP Publisher]
    <HotKeysCmds><C:\WINDOWS\System32\hkcmd.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <helper.dll><C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32>  []
    <ControlCenter.exe><"C:\Program Files\Lenovo\RemoteControlCenter\ControlCenter.exe">  []
    <CnsMin><Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32>  [北京三七二一科技有限公司]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [(Verified)Microsoft Windows XP Publisher]
    <stup.exe><C:\PROGRA~1\TENCENT\Adplus\stup.exe>  [Tencent]
    <Exprer><C:\WINDOWS\Exprer.exe>  []
    <nwiztlbb><C:\WINDOWS\System32\nwiztlbb.exe>  []
    <nwizAskTao><C:\WINDOWS\System32\nwizAskTao.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <RavStub><"C:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows XP Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]

==================================
启动文件夹
[Microsoft Office]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk --> C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [Microsoft Corporation]><N>

==================================
服务
[Application Management / AppMgmt][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Machine Debug Manager / MDM][Running/Auto Start]
  <"C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"><Microsoft Corporation>
[Rising Proxy  Service / RfwProxySrv][Stopped/Manual Start]
  <c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
  <c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\System32\mspmsnsv.dll><Microsoft Corporation>

==================================
驱动程序
[ADProt / ADProt][Stopped/System Start]
  <\SystemRoot\system32\drivers\ADProt.sys><腾讯科技（深圳）有限公司>
[Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]
  <system32\drivers\ALCXSENS.SYS><Sensaura Ltd>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[CALLKEY_IO / CALLKEY_IO][Stopped/Manual Start]
  <\??\C:\happyhome\智能维护\CALLKEY.sys><N/A>
[eobsrdr / eobsrdr][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\eobsrdr.sys><>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[HookCont / HookCont][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[ialm / ialm][Running/Manual Start]
  <System32\DRIVERS\ialmnt5.sys><Intel Corporation>
[kdlbqdn / kdlbqdn][Running/System Start]
  <2 - 系统找不到指定的文件。
><N/A>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs][Running/Auto Start]
  <\??\c:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\D:\qq\npkcrypt.sys><INCA Internet Co., Ltd.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsFwDrv / RsFwDrv][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\System32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek RTL8139/810X Family PCI Fast Ethernet NIC NT Driver / rtl8139][Running/Manual Start]
  <System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[PS/2 Keyboard Filter Driver for WinXp / Skkbdf][Running/Manual Start]
  <System32\DRIVERS\Skkbdf.sys><Silitek Corp.>
[Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Running/System Start]
  <system32\drivers\ialmsbw.sys><Intel Corporation>
[Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Running/Manual Start]
  <system32\drivers\ialmkchw.sys><Intel Corporation>
[khjgrh / khjgrh][Running/Boot Start]
  <\SystemRoot\\SystemRoot\System32\drivers\khjgrh.sys><N/A>

==================================

浏览器加载项
[QQCycloneHelper Class]
  {00000000-12C9-4305-82F9-43058F20E8D2} <C:\Program Files\Tencent\QQDownload\QQIEHelper02.dll, 腾讯公司>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx, >
[Tencent Browser Helper]
  {0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\Adplus\SSAddr.dll, Tencent>
[]
  {669751ED-D558-49AE-B01A-3B374CC7910E} <C:\WINDOWS\System32\ssup.dll, TENCENT>
[上网助手]
  {BB936323-19FA-4521-BA29-ECA6A121BC78} <C:\PROGRA~1\3721\Assist\asbar.dll, 3721>
[NTIECatcher Class]
  {C56CB6B0-0D96-11D6-8C65-B2868B609932} <e:\Xi\NetTransport 2\NTIEHelper.dll, N/A>
[豪杰超级解霸V8]
  {367E0A21-8601-4986-9C9A-153BF5ACA118} <e:\Herosoft\HeroV8\STHSDVD.EXE, N/A>
[联想]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.lenovo.com, N/A>
[CibaCtrl Class]
  {8DE0FCD4-5EB5-11D3-AD25-00002100131B} <C:\HAPPYH~1\CIBA2002\IEPlugin.dll, >
[JoyoCtrl Class]
  {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} <C:\HAPPYH~1\CIBA2002\IEPlugin.dll, >
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\qq\QQ.EXE, N/A>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[上网助手]
  {BB936323-19FA-4521-BA29-ECA6A121BC78} <C:\PROGRA~1\3721\Assist\asbar.dll, 3721>
[Tencent Safety Online Base Module]
  {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <C:\WINDOWS\DOWNLO~1\TSOBase.ocx, Tencent Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[&使用超级旋风下载]
  <C:\Program Files\Tencent\QQDownload\geturl.htm, N/A>
[&使用超级旋风下载全部链接]
  <C:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>
[上传到QQ网络硬盘]
  <D:\qq\AddToNetDisk.htm, N/A>
[使用iTudou下载节目]
  <F:\tudou\iTudou\iTudou_Link.HTM, N/A>
[使用影音传送带下载]
  <E:\Xi\NetTransport 2\NTAddLink.html, N/A>
[使用影音传送带下载全部链接]
  <E:\Xi\NetTransport 2\NTAddList.html, N/A>
[导出到 Microsoft Excel(&x)]
  <res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
  <D:\qq\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\qq\SendMMS.htm, N/A>
[用比特精灵下载(&B)]
  <F:\BitSpirit\bsurl.htm, N/A>
[豪杰超级解霸V8实时播放]
  <e:\Herosoft\HeroV8\MPURLGET.HTM, N/A>

==================================
正在运行的进程
[PID: 404][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 476][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 500][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 544][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 556][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 716][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 784][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\wups.dll]  [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
    [C:\WINDOWS\System32\wups2.dll]  [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
[PID: 1120][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\PROGRA~1\3721\helper.dll]  [, 2, 5, 0, 1003]
    [C:\PROGRA~1\3721\alrex.dll]  [, 2.5.0.1002]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 0, 9]
    [C:\WINDOWS\downlo~1\Wltqtg.dll]  [Tencent, 4, 5, 1, 15]
    [C:\PROGRA~1\3721\AutoLive.dll]  [, 2, 5, 2, 1005]
    [C:\WINDOWS\Sysfy3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\System32\Exprer.dll]  [N/A, ]
    [C:\WINDOWS\SysJT3\Ghook.dll]  [N/A, ]
    [C:\DOCUME~1\lenovo\LOCALS~1\Temp\LgSy0.dll]  [N/A, ]
    [C:\DOCUME~1\lenovo\LOCALS~1\Temp\Kavs0.dll]  [N/A, ]
    [C:\WINDOWS\System32\nwiztlbb.dll]  [N/A, ]
    [C:\WINDOWS\System32\nwizAskTao.dll]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\PROGRA~1\3721\Assist\asbar.dll]  [3721, 1, 0, 1, 1001]
    [C:\PROGRA~1\3721\Assist\tbwrap.dll]  [3721, 1, 0, 0, 2]
    [C:\PROGRA~1\3721\Assist\asnoad.dll]  [, 1, 0, 0, 9]
    [C:\PROGRA~1\3721\Assist\aswiper.dll]  [3721, 1, 0, 1, 1004]
    [C:\PROGRA~1\3721\Assist\asiesec.dll]  [yahoo, 1, 0, 0, 9]
    [C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx]  [, 1, 0, 0, 1]
    [C:\Program Files\TENCENT\Adplus\SSAddr.dll]  [Tencent, 4, 4, 3, 30]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\Program Files\Microsoft Office\Office10\msohev.dll]  [Microsoft Corporation, 10.0.2609]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\WINDOWS\System32\TudouUpload.dll]  [www.Tudou.com, 1.1.0.0]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 1564][c:\program files\rising\rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 70]
    [c:\program files\rising\rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
    [c:\program files\rising\rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [c:\program files\rising\rfw\RfwCtrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [c:\program files\rising\rfw\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [c:\program files\rising\rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 0, 9]
    [C:\PROGRA~1\3721\helper.dll]  [, 2, 5, 0, 1003]
    [C:\WINDOWS\Sysfy3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysJT3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [C:\DOCUME~1\lenovo\LOCALS~1\Temp\Kavs0.dll]  [N/A, ]
    [C:\DOCUME~1\lenovo\LOCALS~1\Temp\LgSy0.dll]  [N/A, ]
    [C:\WINDOWS\System32\Exprer.dll]  [N/A, ]
[PID: 1616][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5.1.14]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 0, 9]
    [C:\WINDOWS\SysJT3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Sysfy3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
[PID: 1632][C:\Program Files\Lenovo\Legend Standard Keyboard\skdaemon.exe]  [, 1, 0, 0, 1]
    [C:\Program Files\Lenovo\Legend Standard Keyboard\MacFun.dll]  [Silitek, 1, 0, 0, 0]
    [C:\Program Files\Lenovo\Legend Standard Keyboard\OpenDriver.dll]  [Silitek, 1, 0, 0, 0]
    [C:\Program Files\Lenovo\Legend Standard Keyboard\OSD.dll]  [silitek, 1, 0, 0, 1]
    [C:\Program Files\Lenovo\Legend Standard Keyboard\lxkeyled.dll]  [Silitek, 1, 0, 0, 1]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 0, 9]
    [C:\WINDOWS\Sysfy3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysJT3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]

[PID: 1644][C:\Program Files\联想(北京)有限公司\幸福飞梭\Shuttle.exe]  [, 1, 0, 0, 1]
    [C:\Program Files\联想(北京)有限公司\幸福飞梭\SK_OSD.dll]  [silitek, 1, 0, 0, 1]
    [C:\Program Files\联想(北京)有限公司\幸福飞梭\VolumeOsd.dll]  [N/A, ]
    [C:\Program Files\联想(北京)有限公司\幸福飞梭\ScrOSD32.dll]  [N/A, ]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 0, 9]
    [C:\WINDOWS\Sysfy3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysJT3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
[PID: 1704][C:\WINDOWS\System32\igfxtray.exe]  [Intel Corporation, 3,0,0,1607]
    [C:\WINDOWS\System32\hccutils.DLL]  [Intel Corporation, 3,0,0,1607]
    [C:\WINDOWS\System32\igfxdev.dll]  [Intel Corporation, 3,0,0,1607]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 0, 9]
    [C:\PROGRA~1\3721\helper.dll]  [, 2, 5, 0, 1003]
    [C:\WINDOWS\System32\igfxsrvc.dll]  [Intel Corporation, 3,0,0,1607]
    [C:\WINDOWS\System32\igfxres.dll]  [Intel Corporation, 3,0,0,1607]
    [C:\WINDOWS\System32\igfxress.dll]  [Intel Corporation, 3,0,0,1607]
    [C:\WINDOWS\SysJT3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Sysfy3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
[PID: 1728][C:\WINDOWS\System32\hkcmd.exe]  [Intel Corporation, 3,0,0,1607]
    [C:\WINDOWS\System32\hccutils.DLL]  [Intel Corporation, 3,0,0,1607]
    [C:\WINDOWS\System32\igfxdev.dll]  [Intel Corporation, 3,0,0,1607]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 0, 9]
    [C:\PROGRA~1\3721\helper.dll]  [, 2, 5, 0, 1003]
    [C:\WINDOWS\System32\igfxsrvc.dll]  [Intel Corporation, 3,0,0,1607]
    [C:\WINDOWS\System32\igfxhk.dll]  [Intel Corporation, 3,0,0,1607]
    [C:\WINDOWS\System32\igfxres.dll]  [Intel Corporation, 3,0,0,1607]
    [C:\WINDOWS\SysJT3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Sysfy3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
[PID: 1756][C:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\PROGRA~1\3721\helper.dll]  [, 2, 5, 0, 1003]
    [C:\PROGRA~1\3721\AutoLive.dll]  [, 2, 5, 2, 1005]
    [C:\PROGRA~1\3721\notifier.dll]  [, 2.5.0.1002]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 0, 9]
    [C:\WINDOWS\Sysfy3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysJT3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
[PID: 1828][C:\Program Files\Lenovo\RemoteControlCenter\ControlCenter.exe]  [N/A, ]
    [C:\Program Files\Lenovo\RemoteControlCenter\SK_OSD.dll]  [silitek, 1, 0, 0, 1]
    [C:\Program Files\Lenovo\RemoteControlCenter\VolumeOsd.dll]  [N/A, ]
    [C:\Program Files\Lenovo\RemoteControlCenter\ScrOSD32.dll]  [N/A, ]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\PROGRA~1\3721\helper.dll]  [, 2, 5, 0, 1003]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 0, 9]
    [C:\WINDOWS\Sysfy3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysJT3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]

[PID: 1892][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3760]
    [C:\PROGRA~1\3721\helper.dll]  [, 2, 5, 0, 1003]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 0, 9]
    [C:\WINDOWS\SysJT3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Sysfy3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
[PID: 240][C:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 0, 9]
    [C:\PROGRA~1\3721\helper.dll]  [, 2, 5, 0, 1003]
    [C:\WINDOWS\Sysfy3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysJT3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
[PID: 308][C:\Program Files\Tencent\QQDownload\QQDownload.exe]  [Tencent Technology (Shenzhen) Company Limited, 1, 1, 101, 82]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 0, 9]
    [C:\PROGRA~1\3721\helper.dll]  [, 2, 5, 0, 1003]
    [C:\Program Files\Tencent\QQDownload\QQDownload.dll]  [Tencent Technology (Shenzhen) Company Limited, 1, 1, 100, 82]
    [C:\Program Files\Tencent\QQDownload\TNProxy.dll]  [Tencent Technology(Shenzhen) Company Limited, 2, 1, 101, 60]
    [C:\Program Files\Microsoft Office\Office10\msohev.dll]  [Microsoft Corporation, 10.0.2609]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\WINDOWS\Sysfy3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysJT3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [C:\DOCUME~1\lenovo\LOCALS~1\Temp\Kavs0.dll]  [N/A, ]
    [C:\DOCUME~1\lenovo\LOCALS~1\Temp\LgSy0.dll]  [N/A, ]
    [C:\WINDOWS\System32\Exprer.dll]  [N/A, ]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\msadp32.acm]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 2984][C:\WINDOWS\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 0, 9]
    [C:\PROGRA~1\3721\helper.dll]  [, 2, 5, 0, 1003]
    [C:\WINDOWS\SysJT3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Sysfy3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
[PID: 3344][C:\WINDOWS\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 0, 9]
    [C:\PROGRA~1\3721\helper.dll]  [, 2, 5, 0, 1003]
    [C:\WINDOWS\SysJT3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Sysfy3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
[PID: 1820][D:\TT\TTraveler.exe]  [腾讯公司, 3.2.200.275]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 0, 9]
    [C:\PROGRA~1\3721\helper.dll]  [, 2, 5, 0, 1003]
    [C:\PROGRA~1\3721\AutoLive.dll]  [, 2, 5, 2, 1005]
    [D:\TT\Plugins\QQFloatBar\QQFloatBar4TT2.dll]  [腾讯公司, 1, 1, 0, 5]
    [D:\TT\Plugins\TWeather\TWeather.dll]  [, 1, 0, 0, 3]
    [C:\WINDOWS\Sysfy3\Ghook.dll]  [N/A, ]
    [D:\TT\PersonalDesktop.dll]  [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 4]
    [C:\WINDOWS\SysJT3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\System32\Exprer.dll]  [N/A, ]
    [C:\Program Files\Common Files\Microsoft Shared\VS7Debug\pdm.dll]  [Microsoft Corporation, 7.00.9064.9112]
    [C:\Program Files\Common Files\Microsoft Shared\VS7Debug\2052\mdmui.dll]  [Microsoft Corporation, 7.00.9064.9132]
    [C:\Program Files\Common Files\Microsoft Shared\VS7Debug\msdbg2.dll]  [Microsoft Corporation, 7.00.9064.9112]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\System32\Macromed\Flash\Flash9c.ocx]  [Adobe Systems, Inc., 9,0,45,0]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Common Files\Microsoft Shared\Ink\PENCHS.DLL]  [Microsoft Corporation, 1.0.1038.0]
    [C:\DOCUME~1\lenovo\LOCALS~1\Temp\Kavs0.dll]  [N/A, ]
    [C:\DOCUME~1\lenovo\LOCALS~1\Temp\LgSy0.dll]  [N/A, ]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
[PID: 2664][C:\WINDOWS\Sysfy3\svchost.exe]  [N/A, ]
    [C:\WINDOWS\Sysfy3\Ghook.dll]  [N/A, ]

[PID: 1892][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3760]
    [C:\PROGRA~1\3721\helper.dll]  [, 2, 5, 0, 1003]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 0, 9]
    [C:\WINDOWS\SysJT3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Sysfy3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
[PID: 240][C:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 0, 9]
    [C:\PROGRA~1\3721\helper.dll]  [, 2, 5, 0, 1003]
    [C:\WINDOWS\Sysfy3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysJT3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
[PID: 308][C:\Program Files\Tencent\QQDownload\QQDownload.exe]  [Tencent Technology (Shenzhen) Company Limited, 1, 1, 101, 82]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 0, 9]
    [C:\PROGRA~1\3721\helper.dll]  [, 2, 5, 0, 1003]
    [C:\Program Files\Tencent\QQDownload\QQDownload.dll]  [Tencent Technology (Shenzhen) Company Limited, 1, 1, 100, 82]
    [C:\Program Files\Tencent\QQDownload\TNProxy.dll]  [Tencent Technology(Shenzhen) Company Limited, 2, 1, 101, 60]
    [C:\Program Files\Microsoft Office\Office10\msohev.dll]  [Microsoft Corporation, 10.0.2609]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\WINDOWS\Sysfy3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysJT3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [C:\DOCUME~1\lenovo\LOCALS~1\Temp\Kavs0.dll]  [N/A, ]
    [C:\DOCUME~1\lenovo\LOCALS~1\Temp\LgSy0.dll]  [N/A, ]
    [C:\WINDOWS\System32\Exprer.dll]  [N/A, ]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\msadp32.acm]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 2984][C:\WINDOWS\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 0, 9]
    [C:\PROGRA~1\3721\helper.dll]  [, 2, 5, 0, 1003]
    [C:\WINDOWS\SysJT3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Sysfy3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
[PID: 3344][C:\WINDOWS\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 0, 9]
    [C:\PROGRA~1\3721\helper.dll]  [, 2, 5, 0, 1003]
    [C:\WINDOWS\SysJT3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Sysfy3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
[PID: 1820][D:\TT\TTraveler.exe]  [腾讯公司, 3.2.200.275]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 0, 9]
    [C:\PROGRA~1\3721\helper.dll]  [, 2, 5, 0, 1003]
    [C:\PROGRA~1\3721\AutoLive.dll]  [, 2, 5, 2, 1005]
    [D:\TT\Plugins\QQFloatBar\QQFloatBar4TT2.dll]  [腾讯公司, 1, 1, 0, 5]
    [D:\TT\Plugins\TWeather\TWeather.dll]  [, 1, 0, 0, 3]
    [C:\WINDOWS\Sysfy3\Ghook.dll]  [N/A, ]
    [D:\TT\PersonalDesktop.dll]  [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 4]
    [C:\WINDOWS\SysJT3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\System32\Exprer.dll]  [N/A, ]
    [C:\Program Files\Common Files\Microsoft Shared\VS7Debug\pdm.dll]  [Microsoft Corporation, 7.00.9064.9112]
    [C:\Program Files\Common Files\Microsoft Shared\VS7Debug\2052\mdmui.dll]  [Microsoft Corporation, 7.00.9064.9132]
    [C:\Program Files\Common Files\Microsoft Shared\VS7Debug\msdbg2.dll]  [Microsoft Corporation, 7.00.9064.9112]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\System32\Macromed\Flash\Flash9c.ocx]  [Adobe Systems, Inc., 9,0,45,0]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Common Files\Microsoft Shared\Ink\PENCHS.DLL]  [Microsoft Corporation, 1.0.1038.0]
    [C:\DOCUME~1\lenovo\LOCALS~1\Temp\Kavs0.dll]  [N/A, ]
    [C:\DOCUME~1\lenovo\LOCALS~1\Temp\LgSy0.dll]  [N/A, ]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
[PID: 2664][C:\WINDOWS\Sysfy3\svchost.exe]  [N/A, ]
    [C:\WINDOWS\Sysfy3\Ghook.dll]  [N/A, ]

[PID: 2700][C:\WINDOWS\System32\conime.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 0, 9]
    [C:\PROGRA~1\3721\helper.dll]  [, 2, 5, 0, 1003]
    [C:\WINDOWS\SysJT3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Sysfy3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
[PID: 2484][C:\WINDOWS\SysJT3\svchost.exe]  [N/A, ]
    [C:\WINDOWS\SysJT3\Ghook.dll]  [N/A, ]
[PID: 3920][C:\WINDOWS\System32\wuauclt.exe]  [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
    [C:\WINDOWS\System32\wuaucpl.cpl]  [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 0, 9]
    [C:\PROGRA~1\3721\helper.dll]  [, 2, 5, 0, 1003]
    [C:\WINDOWS\System32\wups.dll]  [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
    [C:\WINDOWS\System32\wups2.dll]  [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
    [C:\WINDOWS\System32\wucltui.dll]  [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysJT3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Sysfy3\Ghook.dll]  [N/A, ]
[PID: 928][C:\WINDOWS\SysSun2\svchost.exe]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
[PID: 964][C:\WINDOWS\Syswl3\svchost.exe]  [N/A, ]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
[PID: 1036][C:\WINDOWS\Syssj5\svchost.exe]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
[PID: 1056][C:\WINDOWS\Syswm7\svchost.exe]  [N/A, ]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
[PID: 2572][C:\Program Files\Rising\Rav\RsAgent.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 12]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 0, 9]
    [C:\PROGRA~1\3721\helper.dll]  [, 2, 5, 0, 1003]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysJT3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Sysfy3\Ghook.dll]  [N/A, ]
[PID: 2796][C:\WINDOWS\msagent\AgentSvr.exe]  [Microsoft Corporation, 2.00.0.3422]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 0, 9]
    [C:\PROGRA~1\3721\helper.dll]  [, 2, 5, 0, 1003]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysJT3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Sysfy3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\DOCUME~1\lenovo\LOCALS~1\Temp\Kavs0.dll]  [N/A, ]
    [C:\DOCUME~1\lenovo\LOCALS~1\Temp\LgSy0.dll]  [N/A, ]
    [C:\WINDOWS\System32\Exprer.dll]  [N/A, ]

[PID: 2964][C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe]  [Adobe Systems Incorporated, 5.0.1.2001032700]
    [C:\Program Files\Adobe\Acrobat 5.0\Reader\CoolType.dll]  [Adobe Systems, Incorporated, 4.04.26]
    [C:\Program Files\Adobe\Acrobat 5.0\Reader\BIB.dll]  [Adobe Systems, Incorporated, 1.0.20]
    [C:\Program Files\Adobe\Acrobat 5.0\Reader\ACELite.dll]  [Adobe Systems, Incorporated, 1.02.00]
    [C:\Program Files\Adobe\Acrobat 5.0\Reader\AGM.dll]  [Adobe Systems, Incorporated, 4.04.26]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 0, 9]
    [C:\PROGRA~1\3721\helper.dll]  [, 2, 5, 0, 1003]
    [c:\program files\adobe\acrobat 5.0\reader\rdlang32.chs]  [Adobe Systems Incorporated, 5.0.0.377]
    [C:\WINDOWS\System32\ATMLIB.dll]  [Adobe Systems, 5.1 Build 225]
    [C:\Program Files\Adobe\Acrobat 5.0\Reader\SPPlugins\ExpressViews.apl]  [Adobe Systems Incorporated, 1.1]
    [C:\Program Files\Adobe\Acrobat 5.0\Reader\SPPlugins\ADMPlugin.apl]  [Adobe Systems Incorporated, 2.82ac22 2001.05.04-0720h.51s]
    [C:\Program Files\Adobe\Acrobat 5.0\Reader\plug_ins\AcroFill.api]  [Adobe Systems Incorporated, 5.0.0.2001032100]
    [C:\Program Files\Adobe\Acrobat 5.0\Reader\plug_ins\EScript.api]  [Adobe Systems Incorporated, 5.0.0.2001031500]
    [C:\Program Files\Adobe\Acrobat 5.0\Reader\plug_ins\EWH32.api]  [Adobe Systems Incorporated, 5.0.0.2001031900]
    [C:\Program Files\Adobe\Acrobat 5.0\Reader\plug_ins\weblink.api]  [Adobe Systems Incorporated, 5.0.0.2001031500]
    [C:\Program Files\Adobe\Acrobat 5.0\Reader\plug_ins\WHA.api]  [Adobe Systems Incorporated, 5.0.0.2001031500]
    [C:\Program Files\Adobe\Acrobat 5.0\Reader\plug_ins\Webbuy.api]  [Adobe Systems Incorporated, 5.0.0.2001031500]
    [C:\Program Files\Adobe\Acrobat 5.0\Reader\plug_ins\hls.api]  [Adobe Systems Incorporated, 5.0.0.2001031500]
    [C:\Program Files\Adobe\Acrobat 5.0\Reader\plug_ins\reflow.api]  [Adobe Systems Incorporated, 5.0.0.2001031500]
    [C:\Program Files\Adobe\Acrobat 5.0\Reader\plug_ins\Movie\Movie.api]  [Adobe Systems, Inc., 5.0.0.2001031500]
    [C:\Program Files\Adobe\Acrobat 5.0\Reader\plug_ins\MSAA.api]  [Adobe Systems Incorporated, 5.0.0.2001031500]
    [C:\Program Files\Adobe\Acrobat 5.0\Reader\plug_ins\Infusium.api]  [Adobe Systems Incorporated, 5.0.0.2001031500]
    [C:\Program Files\Adobe\Acrobat 5.0\Reader\plug_ins\Webbuy.CHS]  [, ]
    [C:\Program Files\Adobe\Acrobat 5.0\Reader\plug_ins\AcroFill.CHS]  [, ]
    [C:\Program Files\Adobe\Acrobat 5.0\Reader\plug_ins\EScript.CHS]  [, ]
    [C:\Program Files\Adobe\Acrobat 5.0\Reader\plug_ins\EWH32.CHS]  [, ]
    [C:\Program Files\Adobe\Acrobat 5.0\Reader\plug_ins\hls.CHS]  [, ]
    [C:\Program Files\Adobe\Acrobat 5.0\Reader\plug_ins\Infusium.CHS]  [, ]
    [C:\Program Files\Adobe\Acrobat 5.0\Reader\plug_ins\Movie\Movie.CHS]  [, ]
    [C:\Program Files\Adobe\Acrobat 5.0\Reader\plug_ins\MSAA.CHS]  [, ]
    [C:\Program Files\Adobe\Acrobat 5.0\Reader\plug_ins\reflow.CHS]  [Adobe Systems Incorporated, 5.0.0.0]
    [C:\Program Files\Adobe\Acrobat 5.0\Reader\plug_ins\weblink.CHS]  [, ]
    [C:\Program Files\Adobe\Acrobat 5.0\Reader\plug_ins\WHA.CHS]  [, ]
    [C:\Program Files\Adobe\Acrobat 5.0\Reader\WHA Library.dll]  [Adobe Systems Incorporated, 0.2.0.0]
    [C:\Program Files\Adobe\Acrobat 5.0\Reader\WHA Library.CHS]  [Adobe Systems Incorporated, 0.2.0.0]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysJT3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Sysfy3\Ghook.dll]  [N/A, ]
    [C:\DOCUME~1\lenovo\LOCALS~1\Temp\Kavs0.dll]  [N/A, ]
    [C:\DOCUME~1\lenovo\LOCALS~1\Temp\LgSy0.dll]  [N/A, ]
    [C:\WINDOWS\System32\Exprer.dll]  [N/A, ]
[PID: 1968][C:\Program Files\Windows NT\Accessories\wordpad.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 0, 9]
    [C:\PROGRA~1\3721\helper.dll]  [, 2, 5, 0, 1003]
    [C:\Program Files\Common Files\Microsoft Shared\Ink\PENCHS.DLL]  [Microsoft Corporation, 1.0.1038.0]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysJT3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Sysfy3\Ghook.dll]  [N/A, ]
    [C:\DOCUME~1\lenovo\LOCALS~1\Temp\Kavs0.dll]  [N/A, ]
    [C:\DOCUME~1\lenovo\LOCALS~1\Temp\LgSy0.dll]  [N/A, ]
    [C:\WINDOWS\System32\Exprer.dll]  [N/A, ]
[PID: 1988][C:\Program Files\WinRAR\WinRAR.exe]  [N/A, ]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 0, 9]
    [C:\PROGRA~1\3721\helper.dll]  [, 2, 5, 0, 1003]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysJT3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Sysfy3\Ghook.dll]  [N/A, ]
    [C:\DOCUME~1\lenovo\LOCALS~1\Temp\Kavs0.dll]  [N/A, ]
    [C:\DOCUME~1\lenovo\LOCALS~1\Temp\LgSy0.dll]  [N/A, ]
    [C:\WINDOWS\System32\Exprer.dll]  [N/A, ]
[PID: 2152][C:\DOCUME~1\lenovo\LOCALS~1\Temp\Rar$EX00.281\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 0, 9]
    [C:\PROGRA~1\3721\helper.dll]  [, 2, 5, 0, 1003]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysJT3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Sysfy3\Ghook.dll]  [N/A, ]
    [C:\DOCUME~1\lenovo\LOCALS~1\Temp\Kavs0.dll]  [N/A, ]
    [C:\DOCUME~1\lenovo\LOCALS~1\Temp\LgSy0.dll]  [N/A, ]
    [C:\WINDOWS\System32\Exprer.dll]  [N/A, ]

==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost
127.0.0.1      mmm.caifu18.net
127.0.0.1      www.18dmm.com
127.0.0.1      d.qbbd.com
127.0.0.1      www.5117music.com
127.0.0.1      www.union123.com
127.0.0.1      www.wu7x.cn
127.0.0.1      www.54699.com
127.0.0.1      www1.6tan.com
127.0.0.1      www2.6tan.com
127.0.0.1      www.97725.com
127.0.0.1      down.97725.com
127.0.0.1      ip.315hack.com
127.0.0.1      ip.54liumang.com
127.0.0.1      www.41ip.com
127.0.0.1      xulao.com
127.0.0.1      www.heixiou.com
127.0.0.1      www.9cyy.com
127.0.0.1      www.hunll.com
127.0.0.1      www.down.hunll.com
127.0.0.1      do.77276.com
127.0.0.1      www.baidulink.com
127.0.0.1      adnx.yygou.cn
127.0.0.1      222.73.220.45
127.0.0.1      www.f5game.com
127.0.0.1      www.guazhan.cn
127.0.0.1      wm,103715.com
127.0.0.1      www.my6688.cn
127.0.0.1      i.96981.com
127.0.0.1      d.77276.com
127.0.0.1      www1.cw988.cn
127.0.0.1      cool.47555.com
127.0.0.1      www.asdwc.com
127.0.0.1      55880.cn
127.0.0.1      61.152.169.234
127.0.0.1      cc.wzxqy.com
127.0.0.1      www.54699.com
127.0.0.1      t.gcuj.com
127.0.0.1      www.puma163.com
127.0.0.1      ceoww.com
127.0.0.1      boolom.com
127.0.0.1      adult-novel.cn

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]