我的这台机子被病毒搞得不像样子了，乱七八糟的，字也不能打，关一个窗口就把所有的窗口都关了！！各位前辈，帮我看看吧，我把扫描日志发上去！！

2006-11-08,08:22:46

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Server Service Pack 4 (Build 2195)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <internat.exe><internat.exe>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><C:\WINNT\rundl132.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <CPQTEAM><cpqteam.exe>  [(Verified)Hewlett-Packard Company]
    <MS04_028 Memory Patch><C:\Documents and Settings\Administrator\My Documents\RavJPG.exe -Patch>  [Beijing Rising Tech. Co., Ltd.]
    <TPP Auto Loader><C:\WINNT\tppaldr.exe>  [Cypress Semiconductor]
    <LANServer><C:\WINNT\system32\LANServer.exe>  [Ben Ziegler]
    <RavTray><"C:\Program Files\Rising\Rav\RavTray.exe">  [Rising]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <ENStation><C:\WINNT\explorerb.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><EXPLORER.EXE>  [N/A]
    <Userinit><C:\WINNT\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINNT\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
    <{6E44887F-5214-41F2-AB46-4728735C4CC6}><C:\Program Files\Internet Explorer\PLUGINS\system.sys>  [N/A]
    <{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><D:\ewido_4.0.0.172c_3.3\shellexecutehook.dll>  [Anti-Malware Development a.s.]

==================================
启动文件夹
[LANFax Manager]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\LANFax Manager.lnk --> C:\PROGRA~1\LANFAX~1\LANFAX~1\LANFAX~1.EXE [北京华录北方电子有限公司]><N>
[腾讯通]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\腾讯通.lnk --> C:\PROGRA~1\Tencent\RTX\rtxc.exe [Tencent]><N>

==================================
服务
[ASP.NET State Service / aspnet_state]
  <C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Event Notifier / CIMnotify]
  <C:\WINNT\System32\CIMntfy\cimntfy.exe><Hewlett-Packard Company>
[NIC Agent / CpqNicMgmt]
  <C:\WINNT\System32\CPQNiMgt\cpqnimgt.exe><Hewlett-Packard Company>
[Compaq Remote Monitor Service / CpqRcmc]
  <C:\WINNT\System32\CpqRcmc.exe><Compaq>
[Version Control Agent / cpqvcagent]
  <C:\Compaq\vcagent\vcagent.exe><N/A>
[Web Agent / CpqWebMgmt]
  <C:\WINNT\System32\CPQMgmt\cpqwmgmt.exe><HP Corporation>
[Foundation Agent / CqMgHost]
  <C:\WINNT\System32\CPQMgmt\CqMgHost\cqmghost.exe><Hewlett-Packard Company>
[Server Agents / CqMgServ]
  <C:\WINNT\System32\CPQMgmt\CqMgServ\cqmgserv.exe><Hewlett-Packard Company>
[Storage Agents / CqMgStor]
  <C:\WINNT\System32\CPQMgmt\CqMgStor\cqmgstor.exe><Hewlett-Packard Company>
[Logical Disk Manager Administrative Service / dmadmin]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[ewido anti-spyware 4.0 guard / ewido anti-spyware 4.0 guard]
  <D:\ewido_4.0.0.172c_3.3\guard.exe><Anti-Malware Development a.s.>
[KDDelegateService / KDDelegateService]
  <C:\Program Files\Kingdee\K3ERP\KDDelegateService.exe><N/A>
[Lotus Domino Server (LotusDominoData) / Lotus Domino Server (LotusDominoData)]
  <e:\Lotus\Domino\nservice.exe =e:\Lotus\Domino\notes.ini><N/A>
[RavAgent / RavAgent]
  <"C:\Program Files\Rising\Rav\RavAgent.exe"><北京瑞星科技股份有限公司>
[Rav Net Alert / RavAlert]
  <"C:\Program Files\Rising\Rav\RavAlert.exe"><瑞星科技股份发展有限公司>
[RavService / RavService]
  <"C:\Program Files\Rising\Rav\RavService.exe" /service><Beijing Rising Technology Co., Ltd.>
[RavUpdate / RavUpdate]
  <"C:\Program Files\Rising\Rav\RavUpdate.exe" ><Beijing Rising Technology Co., Ltd.>
[RNReport / RNReport]
  <"C:\Program Files\Rising\Rav\RNReport.exe"><瑞星科技股份发展有限公司>
[Rising Process Communication Center / RsCCenter]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Surveyor / Surveyor]
  <C:\compaq\survey\Surveyor.EXE><N/A>
[HP ProLiant System Shutdown Service / sysdown]
  <C:\WINNT\System32\sysdown.exe><Compaq Computer Corporation>

驱动程序
[Microsoft ACPI Driver / ACPI]
  <\SystemRoot\System32\DRIVERS\ACPI.sys><N/A>
[adpu160m / adpu160m]
  <\SystemRoot\system32\drivers\adpu160m.sys><N/A>
[AFD 网络支持环境 / AFD]
  <\SystemRoot\System32\drivers\afd.sys><N/A>
[RAS Asynchronous Media Driver / AsyncMac]
  <System32\DRIVERS\asyncmac.sys><N/A>
[Standard IDE/ESDI Hard Disk Controller / atapi]
  <\SystemRoot\System32\DRIVERS\atapi.sys><N/A>
[atirage3 / atirage3]
  <System32\DRIVERS\atimpab.sys><N/A>
[ATM ARP Client Protocol / Atmarpc]
  <System32\DRIVERS\atmarpc.sys><N/A>
[Audio Stub Driver / audstub]
  <System32\DRIVERS\audstub.sys><N/A>
[Rising TDI Base Driver / BaseTDI]
  <System32\DRIVERS\BaseTDI.SYS><N/A>
[CD-ROM Driver / Cdrom]
  <System32\DRIVERS\cdrom.sys><N/A>
[Cdsys / Cdsys]
  <\??\C:\WINNT\system32\cdcd.sys><N/A>
[Network Management Protocol Driver / CNMPROT]
  <System32\DRIVERS\cnmprot.sys><N/A>
[cpq32fs2 / cpq32fs2]
  <\SystemRoot\system32\drivers\cpq32fs2.sys><N/A>
[Cpqarray / Cpqarray]
  <\SystemRoot\system32\drivers\cpqarray.sys><N/A>
[cpqarry2 / cpqarry2]
  <\SystemRoot\system32\drivers\cpqarry2.sys><N/A>
[HP ProLiant Advanced System Management Controller / cpqasm]
  <System32\DRIVERS\cpqasm.sys><N/A>
[CPQCISSE / CPQCISSE]
  <System32\DRIVERS\CPQCISSE.sys><N/A>
[cpqcissm / cpqcissm]
  <\SystemRoot\system32\drivers\cpqcissm.sys><N/A>
[HP Network Teaming and Configuration / CPQTeam]
  <System32\DRIVERS\cpqteam.sys><N/A>
[DfsDriver / DfsDriver]
  <\SystemRoot\system32\drivers\Dfs.sys><N/A>
[Disk Driver / Disk]
  <\SystemRoot\System32\DRIVERS\disk.sys><N/A>
[dmboot / dmboot]
  <System32\drivers\dmboot.sys><N/A>
[Logical Disk Manager Driver / dmio]
  <\SystemRoot\System32\drivers\dmio.sys><N/A>
[dmload / dmload]
  <\SystemRoot\System32\drivers\dmload.sys><N/A>
[ewido anti-spyware 4.0 driver / ewido anti-spyware 4.0 driver]
  <\??\D:\ewido_4.0.0.172c_3.3\guard.sys><N/A>
[ExpScaner / ExpScaner]
  <\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[Floppy Disk Controller Driver / Fdc]
  <System32\DRIVERS\fdc.sys><N/A>
[Floppy Disk Driver / Flpydisk]
  <System32\DRIVERS\flpydisk.sys><N/A>
[FltMgr / FltMgr]
  <\SystemRoot\system32\drivers\fltmgr.sys><N/A>
[FsVga / FsVga]
  <System32\DRIVERS\fsvga.sys><N/A>
[Volume Manager Driver / Ftdisk]
  <\SystemRoot\System32\DRIVERS\ftdisk.sys><N/A>
[Generic Packet Classifier / Gpc]
  <System32\DRIVERS\msgpc.sys><N/A>
[HookCont / HookCont]
  <\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising tech Co. ltd>
[HookReg / HookReg]
  <\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys]
  <\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[i8042 Keyboard and PS/2 Mouse Port Driver / i8042prt]
  <System32\DRIVERS\i8042prt.sys><N/A>
[IP Traffic Filter Driver / IpFilterDriver]
  <System32\DRIVERS\ipfltdrv.sys><N/A>
[IP in IP Tunnel Driver / IpInIp]
  <System32\DRIVERS\ipinip.sys><N/A>
[IP Network Address Translator / IpNat]
  <System32\DRIVERS\ipnat.sys><N/A>
[IPSEC driver / IPSEC]
  <System32\DRIVERS\ipsec.sys><N/A>
[IR Enumerator Service / IRENUM]
  <System32\DRIVERS\irenum.sys><N/A>
[PnP ISA/EISA Bus Driver / isapnp]
  <\SystemRoot\System32\DRIVERS\isapnp.sys><N/A>
[Keyboard Class Driver / Kbdclass]
  <System32\DRIVERS\kbdclass.sys><N/A>
[MegaIDE / MegaIDE]
  <\SystemRoot\system32\drivers\MegaIDE.sys><N/A>
[MEMSCAN / MEMSCAN]
  <\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[Mouse Class Driver / Mouclass]
  <System32\DRIVERS\mouclass.sys><N/A>
[MRxSmb / MRxSmb]
  <System32\DRIVERS\mrxsmb.sys><N/A>
[Microsoft Streaming Service Proxy / MSKSSRV]
  <system32\drivers\MSKSSRV.sys><N/A>
[Microsoft Streaming Clock Proxy / MSPCLOCK]
  <system32\drivers\MSPCLOCK.sys><N/A>
[Microsoft Streaming Quality Manager Proxy / MSPQM]
  <system32\drivers\MSPQM.sys><N/A>
[Remote Access NDIS TAPI Driver / NdisTapi]
  <System32\DRIVERS\ndistapi.sys><N/A>
[NDIS 用户模式 I/O 协议 / Ndisuio]
  <System32\DRIVERS\ndisuio.sys><N/A>
[Remote Access NDIS WAN Driver / NdisWan]
  <System32\DRIVERS\ndiswan.sys><N/A>
[NetBIOS Interface / NetBIOS]
  <System32\DRIVERS\netbios.sys><N/A>
[NetBios over Tcpip / NetBT]
  <System32\DRIVERS\netbt.sys><N/A>
[NetDetect / NetDetect]
  <\SystemRoot\system32\drivers\netdtect.sys><N/A>
[New0 / New0]
  <\??\C:\WINNT\System32\new.sys><N/A>
[npkcrypt / npkcrypt]
  <\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[IPX Traffic Filter Driver / NwlnkFlt]
  <System32\DRIVERS\nwlnkflt.sys><N/A>
[IPX Traffic Forwarder Driver / NwlnkFwd]
  <System32\DRIVERS\nwlnkfwd.sys><N/A>
[Microsoft USB Open Host Controller Driver / openhci]
  <System32\DRIVERS\openhci.sys><N/A>
[Parallel class driver / Parallel]
  <System32\DRIVERS\parallel.sys><N/A>
[Parallel port driver / Parport]
  <System32\DRIVERS\parport.sys><N/A>
[PCI Bus Driver / PCI]
  <\SystemRoot\System32\DRIVERS\pci.sys><N/A>
[PCIIde / PCIIde]
  <\SystemRoot\System32\DRIVERS\pciide.sys><N/A>
[WAN Miniport (PPTP) / PptpMiniport]
  <System32\DRIVERS\raspptp.sys><N/A>
[Direct Parallel Link Driver / Ptilink]
  <System32\DRIVERS\ptilink.sys><N/A>
[Compaq NC7760 Gigabit Server Adapter / q57w2k]
  <System32\DRIVERS\q57w2k.sys><N/A>
[Remote Access Auto Connection Driver / RasAcd]
  <System32\DRIVERS\rasacd.sys><N/A>
[WAN Miniport (L2TP) / Rasl2tp]
  <System32\DRIVERS\rasl2tp.sys><N/A>
[Direct Parallel / Raspti]
  <System32\DRIVERS\raspti.sys><N/A>
[Microsoft Streaming Network Raw Channel Access / RCA]
  <system32\drivers\RCA.sys><N/A>
[Rdbss / Rdbss]
  <System32\DRIVERS\rdbss.sys><N/A>
[Terminal Server Device Redirector Driver / rdpdr]
  <System32\DRIVERS\rdpdr.sys><N/A>
[Digital CD Audio Playback Filter Driver / redbook]
  <System32\DRIVERS\redbook.sys><N/A>
[Serenum Filter Driver / serenum]
  <System32\DRIVERS\serenum.sys><N/A>
[Serial port driver / Serial]
  <System32\DRIVERS\serial.sys><N/A>
[特殊目的工具驱动程序 / spud]
  <\SystemRoot\System32\drivers\spud.sys><N/A>
[Srv / Srv]
  <System32\DRIVERS\srv.sys><N/A>
[Software Bus Driver / swenum]
  <System32\DRIVERS\swenum.sys><N/A>
[symc810 / symc810]
  <\SystemRoot\System32\DRIVERS\symc810.sys><N/A>
[symc8xx / symc8xx]
  <\SystemRoot\System32\DRIVERS\symc8xx.sys><N/A>
[symmpi / symmpi]
  <\SystemRoot\system32\drivers\symmpi.sys><N/A>
[sym_hi / sym_hi]
  <\SystemRoot\System32\DRIVERS\sym_hi.sys><N/A>
[HP ProLiant System Management Interface Driver / sysmgmt]
  <System32\DRIVERS\sysmgmt.sys><N/A>
[TCP/IP Protocol Driver / Tcpip]
  <System32\DRIVERS\tcpip.sys><N/A>
[Terminal Device Driver / TermDD]
  <\SystemRoot\System32\drivers\termdd.sys><N/A>
[USB Storage Adapter FX (TPP) / TPPFX]
  <system32\DRIVERS\TPPFX.SYS><N/A>
[Microcode Update Driver / Update]
  <System32\DRIVERS\update.sys><N/A>
[Microsoft USB Standard Hub Driver / usbhub]
  <System32\DRIVERS\usbhub.sys><N/A>
[USB Mass Storage Driver / USBSTOR]
  <System32\DRIVERS\USBSTOR.SYS><N/A>
[VgaSave / VgaSave]
  <\SystemRoot\System32\drivers\vga.sys><N/A>
[Remote Access IP ARP Driver / Wanarp]
  <System32\DRIVERS\wanarp.sys><N/A>
[XPROTECTOR / XPROTECTOR]
  <\??\C:\WINNT\system32\drivers\Oreans.sys><N/A>

浏览器加载项
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, N/A>
[@msdxmLC.dll,-1@2052,电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINNT\system32\wuweb.dll, Microsoft Corporation>
[NTKO OFFICE文档控件]
  {C9BC4DFF-4248-4A3C-8A49-63A7D317F404} <C:\WINNT\Downloaded Program Files\OfficeControl.ocx, 千航网络[NTKO SOFTWARE] WEB:http://www.ntko.com Email: tanger@ntko.com>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[SnSubmitControl Class]
  {DD713965-ECD7-407B-A886-FCF999BB6765} <C:\WINNT\Downloaded Program Files\SubmitControl.dll, 上海盛大网络发展有限公司 <www.snda.com>>
[上传到QQ网络硬盘]
  <C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
  <C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 212][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 236][\??\C:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 260][\??\C:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.00.2195.6997]
    [C:\WINNT\system32\UNISPIM.IME]  [北京清华紫光软件股份有限公司, 3.0.0.3045]
[PID: 288][C:\WINNT\system32\services.exe]  [Microsoft Corporation, 5.00.2195.7035]
    [C:\WINNT\system32\dmserver.dll]  [VERITAS Software Corp., 2195.6605.297.3]
[PID: 300][C:\WINNT\system32\lsass.exe]  [Microsoft Corporation, 5.00.2195.7011]
[PID: 392][C:\WINNT\System32\termsrv.exe]  [Microsoft Corporation, 5.00.2195.6696]
[PID: 500][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 528][C:\Program Files\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 544][C:\Program Files\Rising\Rav\Ravmond.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 1, 19]
    [C:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 18]
    [C:\WINNT\system32\MSVCP60.dll]  [Microsoft Corporation, 6.00.8168.0]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\Program Files\Rising\Rav\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [C:\Program Files\Rising\Rav\HOOKSYS.dll]  [Rising, 18, 1, 0, 9]
    [C:\Program Files\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 32]
    [C:\Program Files\Rising\Rav\libload.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
    [C:\Program Files\Rising\Rav\VirusLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
    [C:\Program Files\Rising\Rav\regmon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [C:\Program Files\Rising\Rav\psapi.dll]  [Microsoft Corporation, 4.00]
    [C:\Program Files\Rising\Rav\HookWeb.dll]  [rising, 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\MemMon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
    [C:\Program Files\Rising\Rav\expscan.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\Program Files\Rising\Rav\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
    [C:\Program Files\Rising\Rav\MailMon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\Program Files\Rising\Rav\SpamEng.dll]  [N/A, 18, 0, 0, 6]
    [C:\Program Files\Rising\Rav\engine.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 35]
    [C:\Program Files\Rising\Rav\PostTrt.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 18]
    [C:\Program Files\Rising\Rav\UnExe.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [C:\Program Files\Rising\Rav\ScanExec.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 15]
    [C:\Program Files\Rising\Rav\ScanEx.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 30]
    [C:\Program Files\Rising\Rav\RSUnpack.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 18]
    [C:\Program Files\Rising\Rav\ExtFile.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 21]
    [C:\Program Files\Rising\Rav\NvFile.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 7]
    [C:\Program Files\Rising\Rav\ScanMac.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
    [C:\Program Files\Rising\Rav\ScanSct.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 19]
    [C:\Program Files\Rising\Rav\Unpacker.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\Program Files\Rising\Rav\ExtOLE.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [C:\Program Files\Rising\Rav\ScanNet.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\Program Files\Rising\Rav\ExtMail.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\ScanElf.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 584][C:\WINNT\system32\spoolsv.exe]  [Microsoft Corporation, 5.00.2195.7059]
    [C:\WINNT\system32\spool\DRIVERS\W32X86\3\SDNT5UI.DLL]  [Zenographics, Inc., 5.50.1811.0]
    [C:\WINNT\system32\spool\DRIVERS\W32X86\3\SDDM32.DLL]  [Zenographics, Inc., 5, 52, 1023, 0]
    [C:\WINNT\system32\spool\DRIVERS\W32X86\3\ZSPOOL.dll]  [Zenographics, Inc., 5, 51, 709, 0]
    [C:\WINNT\system32\spool\DRIVERS\W32X86\3\ZGDI32.dll]  [Zenographics, Inc., 5, 51, 628, 0]
    [C:\WINNT\system32\spool\DRIVERS\W32X86\3\ZTAG32.dll]  [Zenographics, Inc., 5, 50, 1725, 0]
    [C:\WINNT\system32\spool\DRIVERS\W32X86\3\SDDMUI.DLL]  [Zenographics, Inc., 5, 51, 1211, 0]
    [C:\WINNT\system32\spool\DRIVERS\W32X86\3\ZLANG.dll]  [Zenographics, Inc., 1, 2, 1414, 0]
    [C:\WINNT\system32\spool\DRIVERS\W32X86\3\SR32.dll]  [Zenographics, Inc., 5, 54, 315, 0]
[PID: 660][C:\Program Files\Rising\Rav\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 920][C:\WINNT\System32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 956][C:\WINNT\System32\llssrv.exe]  [Microsoft Corporation, 5.00.2195.7021]
[PID: 988][e:\Lotus\Domino\nservice.exe]  [N/A, N/A]
    [e:\Lotus\Domino\nnotes.dll]  [N/A, N/A]
    [e:\Lotus\Domino\js32.dll]  [N/A, N/A]
    [e:\Lotus\Domino\NLSCCSTR.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\NSTRINGS.DLL]  [N/A, N/A]
[PID: 1020][C:\Program Files\Rising\Rav\RavAgent.exe]  [北京瑞星科技股份有限公司, 18, 0, 1, 28]
    [C:\WINNT\system32\MSVCP60.dll]  [Microsoft Corporation, 6.00.8168.0]
    [C:\Program Files\Rising\Rav\RsCommx.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
    [C:\Program Files\Rising\Rav\Strategy.dll]  [Rising, 18, 0, 0, 10]
[PID: 1036][C:\Program Files\Rising\Rav\RavAlert.exe]  [瑞星科技股份发展有限公司, 18, 0, 0, 27]
    [C:\WINNT\system32\MSVCP60.dll]  [Microsoft Corporation, 6.00.8168.0]
    [C:\Program Files\Rising\Rav\RsCommx.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\PlugIn\RptMC.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [C:\Program Files\Rising\Rav\PlugIn\AltP936.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\Program Files\Rising\Rav\PlugIn\MalAlrt.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\Program Files\Rising\Rav\PlugIn\TrpPlgIn.dll]  [, 18, 0, 0, 6]
    [C:\Program Files\Rising\Rav\RsSnmp.dll]  [, 18, 0, 0, 4]
    [C:\Program Files\Rising\Rav\PlugIn\MBPlgIn.dll]  [, 18, 0, 0, 4]
    [C:\Program Files\Rising\Rav\PlugIn\NLPlgIn.dll]  [, 18, 0, 0, 4]
    [C:\Program Files\Rising\Rav\PlugIn\RptUpCT.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]

[PID: 1064][C:\Program Files\Rising\Rav\RavService.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 43]
    [C:\WINNT\system32\MSVCP60.dll]  [Microsoft Corporation, 6.00.8168.0]
    [C:\Program Files\Rising\Rav\DLCenter.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 27]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
[PID: 1096][C:\Program Files\Rising\Rav\RavUpdate.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 36]
    [C:\WINNT\system32\MSVCP60.dll]  [Microsoft Corporation, 6.00.8168.0]
    [C:\Program Files\Rising\Rav\DLCenter.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 27]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
[PID: 1140][e:\Lotus\Domino\nSERVER.EXE]  [N/A, N/A]
    [e:\Lotus\Domino\nserverl.dll]  [N/A, N/A]
    [e:\Lotus\Domino\nnotes.dll]  [N/A, N/A]
    [e:\Lotus\Domino\js32.dll]  [N/A, N/A]
    [e:\Lotus\Domino\NLSCCSTR.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\NSTRINGS.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\namhook.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\ndecsext.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\NLCAPI.dll]  [N/A, N/A]
    [e:\Lotus\Domino\nTCP.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\nNTCP.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\kvfilter.dll]  [Verity, Inc., Build 1453]
    [e:\Lotus\Domino\nFTGTR34.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\gtr34nts.dll]  [N/A, N/A]
    [e:\Lotus\Domino\nlxlid102.dll]  [N/A, N/A]
    [e:\Lotus\Domino\nlxrt22.dll]  [N/A, N/A]
    [e:\Lotus\Domino\nlxsum22.dll]  [N/A, N/A]
[PID: 1224][C:\Program Files\Rising\Rav\RNReport.exe]  [瑞星科技股份发展有限公司, 18, 0, 0, 10]
    [C:\WINNT\system32\MSVCP60.dll]  [Microsoft Corporation, 6.00.8168.0]
    [C:\Program Files\Rising\Rav\RsCommx.dll]  [rising, 18, 0, 0, 1]
[PID: 1380][C:\WINNT\System32\locator.exe]  [Microsoft Corporation, 5.00.2195.6619]
[PID: 1400][C:\WINNT\system32\MSTask.exe]  [Microsoft Corporation, 4.71.2195.6972]
[PID: 1452][C:\WINNT\System32\snmp.exe]  [Microsoft Corporation, 5.00.2195.6605]
    [C:\WINNT\System32\CPQMgmt\CqMgHost\HOSTMIB.DLL]  [N/A, N/A]
    [C:\WINNT\System32\CQHSTUTL.dll]  [N/A, N/A]
    [C:\WINNT\system32\cpqmgmt\CqMgHost\hostsnmp.dll]  [N/A, N/A]
    [C:\WINNT\System32\CPQMgmt\CqMgHost\CPQMIB1K.DLL]  [N/A, N/A]
    [C:\WINNT\System32\CPQNiMgt\CPQNIMIB.DLL]  [N/A, N/A]
    [C:\WINNT\system32\cpqnimgt\w2kmgdll.dll]  [N/A, N/A]
    [C:\WINNT\system32\cpqnimgt\cqnisnmp.dll]  [N/A, N/A]
    [C:\WINNT\system32\sm2user.dll]  [Hewlett-Packard Company, 6.30.0.0]
    [C:\WINNT\System32\CPQNiMgt\NICMIB.DLL]  [N/A, N/A]
    [C:\WINNT\System32\CPQMgmt\CqMgStor\STORMIB.DLL]  [N/A, N/A]
    [C:\WINNT\System32\cqstrutl.dll]  [N/A, N/A]
    [C:\WINNT\system32\cpqmgmt\cqmgstor\storsnmp.dll]  [N/A, N/A]
    [C:\WINNT\System32\CPQMgmt\CqMgServ\SERVMIB.DLL]  [N/A, N/A]
    [C:\WINNT\System32\cqsrvutl.dll]  [N/A, N/A]
    [C:\WINNT\system32\cpqmgmt\cqmgserv\servsnmp.dll]  [N/A, N/A]
[PID: 1496][C:\WINNT\System32\lserver.exe]  [Microsoft Corporation, 5.00.2195.6701]
[PID: 1536][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 1552][C:\WINNT\System32\CPQNiMgt\cpqnimgt.exe]  [Hewlett-Packard Company, 6.30.0.0]
    [C:\WINNT\System32\CPQNiMgt\w2kmgdll.dll]  [N/A, N/A]
[PID: 1596][e:\Lotus\Domino\nRouter.EXE]  [N/A, N/A]
    [e:\Lotus\Domino\nnotes.dll]  [N/A, N/A]
    [e:\Lotus\Domino\js32.dll]  [N/A, N/A]
    [e:\Lotus\Domino\NLSCCSTR.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\NSTRINGS.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\namhook.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\ndecsext.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\NLCAPI.dll]  [N/A, N/A]
    [e:\Lotus\Domino\nNTCP.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\nTCP.DLL]  [N/A, N/A]
[PID: 1780][C:\WINNT\System32\CPQMgmt\CqMgServ\cqmgserv.exe]  [Hewlett-Packard Company, 6.30.0.0]
    [C:\WINNT\System32\CPQMgmt\CqMgServ\CQMGSERV.dll]  [N/A, N/A]
    [C:\WINNT\system32\cqsrvutl.dll]  [N/A, N/A]
    [C:\WINNT\System32\CPQMgmt\CqMgServ\CPQHLTH.dll]  [N/A, N/A]
    [C:\WINNT\System32\CPQMgmt\CqMgServ\SERVALRT.dll]  [N/A, N/A]
[PID: 1808][C:\WINNT\System32\CPQMgmt\CqMgStor\cqmgstor.exe]  [Hewlett-Packard Company, 6.30.0.0]
    [C:\WINNT\System32\CPQMgmt\CqMgStor\CQMGSTOR.dll]  [N/A, N/A]
    [C:\WINNT\system32\cqstrutl.dll]  [N/A, N/A]
    [C:\WINNT\System32\CPQMgmt\CqMgStor\CPQIDE.dll]  [N/A, N/A]
    [C:\WINNT\System32\CPQMgmt\CqMgStor\CPQMSCSI.dll]  [N/A, N/A]
    [C:\WINNT\System32\CPQMgmt\CqMgStor\CPQMDISK.dll]  [N/A, N/A]
    [C:\WINNT\System32\CPQMgmt\CqMgStor\CPQMIDA.dll]  [N/A, N/A]
    [C:\WINNT\system32\CQHSTUTL.DLL]  [N/A, N/A]
    [C:\WINNT\System32\CPQMgmt\CqMgStor\CPQFCA.dll]  [N/A, N/A]
    [C:\WINNT\System32\CPQMgmt\CqMgStor\STORALRT.dll]  [N/A, N/A]
[PID: 1872][C:\WINNT\System32\dns.exe]  [Microsoft Corporation, 5.00.2195.6715]
[PID: 1920][C:\WINNT\system32\inetsrv\inetinfo.exe]  [Microsoft Corporation, 5.00.0984]
    [C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll]  [Microsoft Corporation, 1.1.4322.573]
    [C:\WINNT\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll]  [Microsoft Corporation, 1.1.4322.2032]
[PID: 1928][e:\Lotus\Domino\nReplica.EXE]  [N/A, N/A]
    [e:\Lotus\Domino\nnotes.dll]  [N/A, N/A]
    [e:\Lotus\Domino\js32.dll]  [N/A, N/A]
    [e:\Lotus\Domino\NLSCCSTR.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\NSTRINGS.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\nTCP.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\namhook.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\ndecsext.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\NLCAPI.dll]  [N/A, N/A]
[PID: 2148][e:\Lotus\Domino\nUpdate.EXE]  [N/A, N/A]
    [e:\Lotus\Domino\nnotes.dll]  [N/A, N/A]
    [e:\Lotus\Domino\js32.dll]  [N/A, N/A]
    [e:\Lotus\Domino\NLSCCSTR.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\NSTRINGS.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\namhook.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\ndecsext.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\NLCAPI.dll]  [N/A, N/A]
    [e:\Lotus\Domino\nFTGTR34.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\gtr34nts.dll]  [N/A, N/A]
    [e:\Lotus\Domino\nlxlid102.dll]  [N/A, N/A]
    [e:\Lotus\Domino\nlxrt22.dll]  [N/A, N/A]
    [e:\Lotus\Domino\nlxsum22.dll]  [N/A, N/A]
    [e:\Lotus\Domino\kvfilter.dll]  [Verity, Inc., Build 1453]
[PID: 2196][C:\WINNT\System32\CPQMgmt\CqMgHost\cqmghost.exe]  [Hewlett-Packard Company, 6.30.0.0]
    [C:\WINNT\System32\CPQMgmt\CqMgHost\CQMGHOST.dll]  [N/A, N/A]
    [C:\WINNT\system32\CQHSTUTL.dll]  [N/A, N/A]
    [C:\WINNT\System32\CPQMgmt\CqMgHost\CPQMHOST.dll]  [N/A, N/A]
    [C:\WINNT\System32\CPQMgmt\CqMgHost\CPQPERF.dll]  [N/A, N/A]
    [C:\WINNT\System32\CPQMgmt\CqMgHost\CPQSTAT.dll]  [N/A, N/A]
    [C:\WINNT\System32\CPQMgmt\CqMgHost\CPQSWV.dll]  [Hewlett-Packard Company, 6.30.0.0]
    [C:\WINNT\System32\CPQMgmt\CqMgHost\CPQTHRSH.dll]  [N/A, N/A]
    [C:\WINNT\System32\CPQMgmt\CqMgHost\HOSTALRT.dll]  [N/A, N/A]
[PID: 2272][C:\WINNT\System32\CPQMgmt\cpqwmgmt.exe]  [HP Corporation, 6.30.0.0]
    [C:\WINNT\System32\CPQMgmt\CPQWEBAG.dll]  [HP Corporation, 6.30.0.0]
    [C:\WINNT\System32\CPQMgmt\MSVCP60.dll]  [Microsoft Corporation, 6.00.8168.0]
    [C:\WINNT\System32\CPQMgmt\XPath.dll]  [N/A, N/A]
    [C:\WINNT\System32\CPQMgmt\xerces-c_1_3.dll]  [Apache Software Foundation, 1, 3, 0]
    [C:\WINNT\System32\CPQMgmt\PlatformSupport.dll]  [N/A, N/A]
    [C:\WINNT\System32\CPQMgmt\XalanDOM.dll]  [N/A, N/A]
    [C:\WINNT\System32\CPQMgmt\DOMSupport.dll]  [N/A, N/A]
    [C:\WINNT\System32\CPQMgmt\XercesParserLiaison.dll]  [N/A, N/A]
    [C:\WINNT\System32\CPQMgmt\XMLSupport.dll]  [N/A, N/A]
    [C:\WINNT\System32\CPQMgmt\XSLT.dll]  [N/A, N/A]
    [C:\WINNT\System32\CPQMgmt\CpqHMMO.dll]  [HP, 5.5.0]
    [C:\WINNT\System32\CPQMgmt\expat.dll]  [N/A, N/A]
[PID: 2280][e:\Lotus\Domino\nAmgr.EXE]  [N/A, N/A]
    [e:\Lotus\Domino\nnotes.dll]  [N/A, N/A]
    [e:\Lotus\Domino\js32.dll]  [N/A, N/A]
    [e:\Lotus\Domino\NLSCCSTR.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\NSTRINGS.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\namhook.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\ndecsext.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\NLCAPI.dll]  [N/A, N/A]
[PID: 2348][e:\Lotus\Domino\namgr.EXE]  [N/A, N/A]
    [e:\Lotus\Domino\nnotes.dll]  [N/A, N/A]
    [e:\Lotus\Domino\js32.dll]  [N/A, N/A]
    [e:\Lotus\Domino\NLSCCSTR.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\NSTRINGS.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\nlsxbe.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\LTOUIN22.dll]  [Lotus Development Corporation., 2.2.0.8911]
    [e:\Lotus\Domino\namhook.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\ndecsext.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\NLCAPI.dll]  [N/A, N/A]
    [e:\Lotus\Domino\javai.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\zip.dll]  [N/A, N/A]
[PID: 2364][e:\Lotus\Domino\nAdminP.EXE]  [N/A, N/A]
    [e:\Lotus\Domino\nnotes.dll]  [N/A, N/A]
    [e:\Lotus\Domino\js32.dll]  [N/A, N/A]
    [e:\Lotus\Domino\NLSCCSTR.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\NSTRINGS.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\namhook.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\ndecsext.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\NLCAPI.dll]  [N/A, N/A]
[PID: 2372][e:\Lotus\Domino\nCalConn.EXE]  [N/A, N/A]
    [e:\Lotus\Domino\nnotes.dll]  [N/A, N/A]
    [e:\Lotus\Domino\js32.dll]  [N/A, N/A]
    [e:\Lotus\Domino\NLSCCSTR.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\NSTRINGS.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\namhook.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\ndecsext.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\NLCAPI.dll]  [N/A, N/A]
[PID: 2400][e:\Lotus\Domino\nEvent.EXE]  [N/A, N/A]
    [e:\Lotus\Domino\nnotes.dll]  [N/A, N/A]
    [e:\Lotus\Domino\js32.dll]  [N/A, N/A]
    [e:\Lotus\Domino\NLSCCSTR.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\NSTRINGS.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\namhook.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\ndecsext.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\NLCAPI.dll]  [N/A, N/A]
[PID: 2388][e:\Lotus\Domino\nSched.EXE]  [N/A, N/A]
    [e:\Lotus\Domino\nnotes.dll]  [N/A, N/A]
    [e:\Lotus\Domino\js32.dll]  [N/A, N/A]
    [e:\Lotus\Domino\NLSCCSTR.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\NSTRINGS.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\namhook.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\ndecsext.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\NLCAPI.dll]  [N/A, N/A]
    [e:\Lotus\Domino\nTCP.DLL]  [N/A, N/A]

[PID: 2496][e:\Lotus\Domino\nStats.EXE]  [N/A, N/A]
    [e:\Lotus\Domino\nnotes.dll]  [N/A, N/A]
    [e:\Lotus\Domino\js32.dll]  [N/A, N/A]
    [e:\Lotus\Domino\NLSCCSTR.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\NSTRINGS.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\namhook.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\ndecsext.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\NLCAPI.dll]  [N/A, N/A]
[PID: 2532][e:\Lotus\Domino\nPOP3.EXE]  [N/A, N/A]
    [e:\Lotus\Domino\nnotes.dll]  [N/A, N/A]
    [e:\Lotus\Domino\js32.dll]  [N/A, N/A]
    [e:\Lotus\Domino\NLSCCSTR.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\NSTRINGS.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\namhook.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\ndecsext.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\NLCAPI.dll]  [N/A, N/A]
    [e:\Lotus\Domino\nTCP.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\nNTCP.DLL]  [N/A, N/A]
[PID: 2552][e:\Lotus\Domino\nDECS.EXE]  [N/A, N/A]
    [e:\Lotus\Domino\NLCAPI.dll]  [N/A, N/A]
    [e:\Lotus\Domino\NLCHTAPI.dll]  [N/A, N/A]
    [e:\Lotus\Domino\nnotes.dll]  [N/A, N/A]
    [e:\Lotus\Domino\js32.dll]  [N/A, N/A]
    [e:\Lotus\Domino\NLSCCSTR.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\NSTRINGS.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\namhook.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\ndecsext.DLL]  [N/A, N/A]
[PID: 1560][e:\Lotus\Domino\nmaps.EXE]  [N/A, N/A]
    [e:\Lotus\Domino\nnotes.dll]  [N/A, N/A]
    [e:\Lotus\Domino\js32.dll]  [N/A, N/A]
    [e:\Lotus\Domino\NLSCCSTR.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\NSTRINGS.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\namhook.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\ndecsext.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\NLCAPI.dll]  [N/A, N/A]
[PID: 2380][e:\Lotus\Domino\nSMTP.EXE]  [N/A, N/A]
    [e:\Lotus\Domino\nnotes.dll]  [N/A, N/A]
    [e:\Lotus\Domino\js32.dll]  [N/A, N/A]
    [e:\Lotus\Domino\NLSCCSTR.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\NSTRINGS.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\namhook.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\ndecsext.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\NLCAPI.dll]  [N/A, N/A]
    [e:\Lotus\Domino\nTCP.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\nNTCP.DLL]  [N/A, N/A]
[PID: 2544][C:\WINNT\System32\WBEM\WinMgmt.exe]  [Microsoft Corporation, 1.50.1085.0100]
    [C:\WINNT\system32\mscoree.dll]  [Microsoft Corporation, 1.1.4322.2032]
    [C:\WINNT\Microsoft.NET\Framework\v1.1.4322\CorperfmonExt.dll]  [Microsoft Corporation, 1.1.4322.2032]
    [C:\WINNT\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [e:\Lotus\Domino\nnotes.dll]  [N/A, N/A]
    [e:\Lotus\Domino\js32.dll]  [N/A, N/A]
    [e:\Lotus\Domino\NLSCCSTR.DLL]  [N/A, N/A]
    [e:\Lotus\Domino\NSTRINGS.DLL]  [N/A, N/A]
[PID: 484][\??\C:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 1956][\??\C:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.00.2195.6997]
[PID: 2644][\??\C:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 2668][\??\C:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.00.2195.6997]
[PID: 2952][C:\WINNT\system32\conime.exe]  [Microsoft Corporation, 5.00.2195.6655]
    [C:\WINNT\system32\UNISPIM.IME]  [北京清华紫光软件股份有限公司, 3.0.0.3045]
[PID: 3076][C:\WINNT\System32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 3044][C:\Program Files\Rising\Rav\RavControl.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 71]
    [C:\Program Files\Rising\Rav\Comm.dll]  [北京瑞星科技股份有限公司, 18, 0, 0, 36]
    [C:\WINNT\system32\MSVCP60.dll]  [Microsoft Corporation, 6.00.8168.0]
    [C:\Program Files\Rising\Rav\RavUILib.dll]  [, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
    [C:\Program Files\Rising\Rav\RavControl936.dll]  [瑞星科技股份发展有限公司, 18, 0, 0, 71]
    [C:\WINNT\system32\UNISPIM.IME]  [北京清华紫光软件股份有限公司, 3.0.0.3045]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\Program Files\Rising\Rav\RsCommx.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\libload.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
    [C:\Program Files\Rising\Rav\VirusLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
    [C:\WINNT\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 19]
    [D:\ewido_4.0.0.172c_3.3\shellexecutehook.dll]  [Anti-Malware Development a.s., 4, 0, 0, 172]
[PID: 3188][C:\Program Files\LANFax Suite\LANFax Manager\LANFax Conversion.exe]  [, 1, 0, 2, 1]
    [C:\WINNT\system32\UNISPIM.IME]  [北京清华紫光软件股份有限公司, 3.0.0.3045]
[PID: 3260][C:\WINNT\system32\dllhost.exe]  [Microsoft Corporation, 5.00.2195.6692]
[PID: 3356][C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe]  [Microsoft Corporation, 1.1.4322.2032]
    [C:\WINNT\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll]  [Microsoft Corporation, 1.1.4322.2032]
    [C:\WINNT\system32\mscoree.dll]  [Microsoft Corporation, 1.1.4322.2032]
    [C:\WINNT\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll]  [Microsoft Corporation, 1.1.4322.2032]
    [C:\WINNT\Microsoft.NET\Framework\v1.1.4322\fusion.dll]  [Microsoft Corporation, 1.1.4322.2032]
    [c:\winnt\microsoft.net\framework\v1.1.4322\mscorlib.dll]  [Microsoft Corporation, 1.1.4322.2032]
    [c:\winnt\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_1a0a6180\mscorlib.dll]  [N/A, N/A]
    [c:\winnt\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll]  [Microsoft Corporation, 1.1.4322.2037]
    [c:\winnt\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll]  [Microsoft Corporation, 1.1.4322.2032]
    [c:\winnt\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll]  [Microsoft Corporation, 1.1.4322.2032]
    [c:\winnt\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll]  [Microsoft Corporation, 1.1.4322.2032]
    [c:\winnt\assembly\gac\system.data\1.0.5000.0__b77a5c561934e089\system.data.dll]  [Microsoft Corporation, 1.1.4322.2032]
    [c:\winnt\assembly\gac\system.enterpriseservices\1.0.5000.0__b03f5f7f11d50a3a\system.enterpriseservices.dll]  [Microsoft Corporation, 1.1.4322.2032]
    [c:\winnt\assembly\gac\system.web.regularexpressions\1.0.5000.0__b03f5f7f11d50a3a\system.web.regularexpressions.dll]  [Microsoft Corporation, 1.1.4322.2032]
    [c:\winnt\assembly\gac\microsoft.visualc\7.0.5000.0__b03f5f7f11d50a3a\microsoft.visualc.dll]  [Microsoft Corporation, 7.10.3052.4]
    [c:\winnt\assembly\gac\system.directoryservices\1.0.5000.0__b03f5f7f11d50a3a\system.directoryservices.dll]  [Microsoft Corporation, 1.1.4322.2032]
    [c:\winnt\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll]  [Microsoft Corporation, 1.1.4322.2032]
    [c:\winnt\assembly\gac\system.runtime.serialization.formatters.soap\1.0.5000.0__b03f5f7f11d50a3a\system.runtime.serialization.formatters.soap.dll]  [Microsoft Corporation, 1.1.4322.2032]
    [c:\winnt\assembly\gac\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\cscompmgd.dll]  [ , 7.10.3052.4]
    [C:\WINNT\Microsoft.NET\Framework\v1.1.4322\MSCORJIT.DLL]  [Microsoft Corporation, 1.1.4322.2032]
    [c:\winnt\assembly\gac\system.web.mobile\1.0.5000.0__b03f5f7f11d50a3a\system.web.mobile.dll]  [Microsoft Corporation, 1.1.4322.2032]
    [c:\winnt\assembly\gac\system.design\1.0.5000.0__b03f5f7f11d50a3a\system.design.dll]  [Microsoft Corporation, 1.1.4322.2032]
    [c:\winnt\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll]  [Microsoft Corporation, 1.1.4322.2032]
    [c:\winnt\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll]  [Microsoft Corporation, 1.1.4322.573]
[PID: 3696][D:\ewido_4.0.0.172c_3.3\ewido.exe]  [Anti-Malware Development a.s., 4, 0, 0, 172]
    [D:\ewido_4.0.0.172c_3.3\engine.dll]  [Anti-Malware Development a.s., 4, 0, 0, 172]
    [C:\WINNT\system32\UNISPIM.IME]  [北京清华紫光软件股份有限公司, 3.0.0.3045]
[PID: 3192][C:\Program Files\LANFax Suite\LANFax Manager\LANFax Manager.exe]  [北京华录北方电子有限公司, 6, 5, 6, 0]
    [C:\Program Files\LANFax Suite\LANFax Manager\LanFax.dll]  [北京华录北方电子有限责任公司, 9, 1, 5, 0]
    [C:\Program Files\LANFax Suite\LANFax Manager\lmsch.dll]  [北京华录北方电子有限公司, 6, 5, 6, 0]
    [C:\WINNT\system32\UNISPIM.IME]  [北京清华紫光软件股份有限公司, 3.0.0.3045]
[PID: 3976][C:\WINNT\explorer.exe]  [Microsoft Corporation, 5.00.3700.6690]
    [C:\WINNT\system32\UNISPIM.IME]  [北京清华紫光软件股份有限公司, 3.0.0.3045]
    [C:\WINNT\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 19]
    [D:\ewido_4.0.0.172c_3.3\shellexecutehook.dll]  [Anti-Malware Development a.s., 4, 0, 0, 172]
    [C:\WINNT\system32\c_g18030.dll]  [Microsoft Corporation, 5.2.3663.0 (main.020715-1506)]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 3960][D:\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]
    [C:\WINNT\system32\UNISPIM.IME]  [北京清华紫光软件股份有限公司, 3.0.0.3045]
    [D:\SREng\Plugins\SRECXTMG.SRE]  [Smallfrogs Studio, 1, 5, 0, 55]

==================================
文件关联
.TXT  Error. [NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["C:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

找到<ENStation><C:\WINNT\explorerb.exe> [N/A]
中了木马了!
删掉这个文件!
在安全模式下杀毒!

我试试看呀！！谢谢你！！

还有:
]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><C:\WINNT\rundl132.exe> [N/A]
<{6E44887F-5214-41F2-AB46-4728735C4CC6}><C:\Program Files\Internet Explorer\PLUGINS\system.sys> [N/A]
[New0 / New0]
<\??\C:\WINNT\System32\new.sys><N/A>
其它的自己再找,太多了,看得头晕

[XPROTECTOR / XPROTECTOR]
<\??\C:\WINNT\system32\drivers\Oreans.sys><N/A>
这是个什么驱动呀？？