[CODE]

2008-02-13,19:01:53

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}><"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe">  [Nero AG]
    <QQDownload><"D:\Program Files\Tencent\QQDownload\QQDownload.exe" autostart>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <StormCodec_Helper><"d:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti>  []
    <360Safetray><d:\Program Files\360safe\safemon\360tray.exe /start>  [奇虎网]
    <360Safebox><"d:\Program Files\360Safebox\safeboxTray.exe" /r>  [奇虎网]
    <RavTask><"d:\Program Files\Rising\Rav\RavTask.exe" -system>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
    <RTHDCPL><RTHDCPL.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <SkyTel><SkyTel.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <Alcmtr><ALCMTR.EXE>  [(Verified)Microsoft Windows Publisher]
    <!!QQKav><D:\Program Files\qqkav_newhua\qqkav_newhua.exe>  [Jsing.Net & QQKav.Com]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><userinit.exe,>  [(Verified)Microsoft Windows Publisher]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINDOWS\豪杰多~1.SCR>  []

==================================
启动文件夹
[腾讯QQ]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\腾讯QQ.lnk --> D:\PROGRA~1\Tencent\QQ\QQ.exe [TENCENT]><N>

==================================
服务
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NBService / NBService][Stopped/Manual Start]
  <C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe><Nero AG>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"d:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"D:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Sysbak hotkey Server / Sysbak_hotkey_Server][Running/Auto Start]
  <"C:\Program Files\Founder\Emergency Center\Hotkey.exe" /Service><N/A>

==================================
驱动程序
[VIA Rhine Family Fast Ethernet Adapter Driver Service / FETNDISB][Stopped/Manual Start]
  <system32\DRIVERS\fetnd5b.sys><VIA Technologies, Inc.>
[Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HookCont / HookCont][Running/System Start]
  <\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Technology Co., Ltd>
[HookNtos / HookNtos][Running/System Start]
  <\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Technology Co., Ltd>
[HookReg / HookReg][Running/System Start]
  <\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Technology Co., Ltd>
[HookSys / HookSys][Running/System Start]
  <\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Technology Co., Ltd>
[ialm / ialm][Stopped/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
  <system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[Softlumos Multi-Platform / Mulsys][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\Mulsys.SYS><Softlumos Corporation>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[PauseDrv / PauseDrv][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\Drivers\PauseDrv.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[Realtek 10/100/1000 PCI NIC Family NDIS XP Driver / RTL8023xp][Running/Manual Start]
  <system32\DRIVERS\Rtnicxp.sys><Realtek Semiconductor Corporation>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
  <\??\d:\Program Files\360Safebox\SafeBoxKrnl.sys><奇虎网>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[VIA AGP Filter / viaagp1][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\viaagp1.sys><VIA Technologies, Inc.>
[ViaIde / ViaIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[videX32 / videX32][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\videX32.sys><VIA Technologies, Inc.>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[VIA SATA IDE Hot-plug Driver / xfilt][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\xfilt.sys><VIA Technologies,Inc>
[Vimicro USB PC Camera (ZC0301PL) / ZSMC301b][Running/Manual Start]
  <System32\Drivers\usbVM31b.sys><VM>

==================================
浏览器加载项
[QQCycloneHelper Class]
  {00000000-12C9-4305-82F9-43058F20E8D2} <D:\Program Files\Tencent\QQDownload\QQIEHelper02.dll, 腾讯公司>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <d:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[QQToolbar]
  {29CF293A-1E7D-4069-9E11-E39698D0AF95} <C:\Program Files\Tencent\QQToolbar\IEBar.dll, TENCENT>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <d:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <d:\Program Files\360safe\safemon\safemon.dll, 奇虎网>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <d:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[豪杰超级解霸V8]
  {367E0A21-8601-4986-9C9A-153BF5ACA118} <d:\Herosoft\HeroV8\STHSDVD.EXE, N/A>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[PPLive]
  {95B3F550-91C4-4627-BCC4-521288C52977} <D:\Program Files\PPLive\PPLive.exe, N/A>
[YlmF]
  {7A37C212-F116-423D-8152-8340DD8C1848} <http://www.ylmf.com, N/A>
[QQToolbar]
  {29CF293A-1E7D-4069-9E11-E39698D0AF95} <C:\Program Files\Tencent\QQToolbar\IEBar.dll, TENCENT>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>
[QQCycloneHelper Class]
  {00000000-12C9-4305-82F9-43058F20E8D2} <D:\Program Files\Tencent\QQDownload\QQIEHelper02.dll, 腾讯公司>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <d:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[QQToolbar]
  {29CF293A-1E7D-4069-9E11-E39698D0AF95} <C:\Program Files\Tencent\QQToolbar\IEBar.dll, TENCENT>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <d:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <d:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <d:\Program Files\360safe\safemon\safemon.dll, 奇虎网>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>
[&使用超级旋风下载]
  <D:\Program Files\Tencent\QQDownload\geturl.htm, N/A>
[&使用超级旋风下载全部链接]
  <D:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>
[使用迅雷下载]
  <d:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <d:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
  <D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[百度Flash搜索]
  <res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/FLASHSEARCH.HTM, N/A>
[百度mp3搜索]
  <res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUMP3.HTM, N/A>
[百度信息快递搜索]
  <res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUIE.HTM, N/A>
[百度图片搜索]
  <res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUIMG.HTM, N/A>
[百度搜索]
  <res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUSEARCH.HTM, N/A>
[百度新闻搜索]
  <res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUNEWS.HTM, N/A>
[豪杰超级解霸V8实时播放]
  <d:\Herosoft\HeroV8\MPURLGET.HTM, N/A>

正在运行的进程
[PID: 512 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 576 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 600 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 644 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 656 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 808 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 868 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 948 / SYSTEM][d:\Program Files\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.28]
[PID: 964 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1028 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1084 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1096 / SYSTEM][D:\PROGRAM FILES\RISING\RAV\Ravmond.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.60]
    [D:\PROGRAM FILES\RISING\RAV\BWList.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.4]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [D:\PROGRAM FILES\RISING\RAV\RSAPPMGR.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [D:\PROGRAM FILES\RISING\RAV\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.10]
    [D:\PROGRAM FILES\RISING\RAV\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.30]
    [D:\PROGRAM FILES\RISING\RAV\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [D:\PROGRAM FILES\RISING\RAV\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [D:\PROGRAM FILES\RISING\RAV\MonRule.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.24]
    [D:\PROGRAM FILES\RISING\RAV\Hooksys.dll]  [Beijing Rising Technology Co., Ltd, 22, 0, 0, 7]
    [D:\PROGRAM FILES\RISING\RAV\HookReg.dll]  [Beijing Rising Technology Co., Ltd, 22, 0, 0, 2]
    [D:\PROGRAM FILES\RISING\RAV\HookNtos.dll]  [Beijing Rising Technology Co., Ltd, 22, 0, 0, 2]
    [D:\PROGRAM FILES\RISING\RAV\rswalmon.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 22]
    [D:\PROGRAM FILES\RISING\RAV\recomp.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26]
    [D:\PROGRAM FILES\RISING\RAV\refs.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 13]
    [D:\PROGRAM FILES\RISING\RAV\ffr.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 10]
    [D:\Program Files\Rising\Rav\RsStore.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.8]
    [D:\PROGRAM FILES\RISING\RAV\HookCont.dll]  [Beijing Rising Technology Co., Ltd, 22, 0, 0, 1]
    [D:\Program Files\Rising\Rav\fakescan.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.13]
    [D:\Program Files\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.35]
    [D:\PROGRAM FILES\RISING\RAV\viruslib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 17]
    [D:\PROGRAM FILES\RISING\RAV\relibldr.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 13]
    [D:\PROGRAM FILES\RISING\RAV\HookWeb.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.2]
    [D:\PROGRAM FILES\RISING\RAV\nvfile.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [D:\PROGRAM FILES\RISING\RAV\extfile.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 29]
    [D:\PROGRAM FILES\RISING\RAV\pearc.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 5]
    [D:\PROGRAM FILES\RISING\RAV\scanexec.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 14]
    [D:\PROGRAM FILES\RISING\RAV\unexe.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4]
    [D:\PROGRAM FILES\RISING\RAV\scanex.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 41]
    [D:\PROGRAM FILES\RISING\RAV\scanpack.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 8]
    [D:\PROGRAM FILES\RISING\RAV\revm.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 8]
    [D:\PROGRAM FILES\RISING\RAV\urutils.dll]  [, 20, 0, 0, 3]
    [D:\PROGRAM FILES\RISING\RAV\ur000.dat]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [D:\PROGRAM FILES\RISING\RAV\scansct.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 6]
    [D:\PROGRAM FILES\RISING\RAV\scriptci.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [D:\PROGRAM FILES\RISING\RAV\uroutine.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26]
    [D:\PROGRAM FILES\RISING\RAV\extmail.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9]
[PID: 1436 / SYSTEM][D:\PROGRAM FILES\RISING\RAV\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.9]
    [D:\PROGRAM FILES\RISING\RAV\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [D:\PROGRAM FILES\RISING\RAV\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [D:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[PID: 1484 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1580 / Administrator][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\Program Files\360safe\safemon\safemon.dll]  [奇虎网, 3, 6, 4, 1001]
    [C:\Program Files\Founder\Emergency Center\SBHotkey.dll]  [N/A, ]
    [C:\WINDOWS\system32\nvcpl.dll]  [NVIDIA Corporation, 6.14.11.0089]
    [C:\WINDOWS\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.11.0089]
    [C:\WINDOWS\system32\nvapi.dll]  [NVIDIA Corporation, 6.14.11.0089]
    [C:\WINDOWS\system32\nvCplUIR.dll]  [NVIDIA Corporation, 1.4.2.9]
    [C:\WINDOWS\system32\nvshell.dll]  [, ]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.17]
    [d:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_01.dll]  [, 1, 0, 0, 12]
    [d:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_01.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 13]
    [C:\WINDOWS\system32\JPWB.IME]  [常诚研制, 4.00.950]
    [d:\Herosoft\HeroV8\VCvtShell.dll]  [herosoft, 1, 0, 0, 1]
    [d:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [d:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.16]
    [d:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 55]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll]  [Nero AG, 2, 7, 2, 0]
    [C:\Program Files\Nero\Nero 7\Nero BackItUp\MFC71U.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Nero\Nero 7\Nero BackItUp\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Nero\Nero 7\Nero BackItUp\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
[PID: 1848 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.11.0089]
    [C:\WINDOWS\system32\nvapi.dll]  [NVIDIA Corporation, 6.14.11.0089]
    [C:\Program Files\Founder\Emergency Center\SBHotkey.dll]  [N/A, ]
[PID: 1860 / Administrator][D:\Program Files\360safe\safemon\360tray.exe]  [奇虎网, 3, 6, 4, 3003]
    [D:\Program Files\360safe\safemon\safemon.dll]  [奇虎网, 3, 6, 4, 1001]
    [D:\Program Files\360safe\safemon\SafeKrnl.dll]  [奇虎网, 3, 6, 0, 1001]
    [D:\Program Files\360safe\AntiAdwa.dll]  [360Safe.com, 3, 6, 3, 1001]
    [C:\Program Files\Founder\Emergency Center\SBHotkey.dll]  [N/A, ]
    [d:\Herosoft\HeroV8\VCvtShell.dll]  [herosoft, 1, 0, 0, 1]
[PID: 1884 / Administrator][D:\Program Files\360Safebox\safeboxTray.exe]  [奇虎网, 1, 2, 0, 1001]
    [D:\Program Files\360Safebox\safeboxapi.dll]  [奇虎网, 1, 2, 0, 1001]
    [D:\Program Files\360safe\safemon\safemon.dll]  [奇虎网, 3, 6, 4, 1001]
    [D:\Program Files\360Safebox\liveupdate.dll]  [奇虎网, 1, 2, 0, 1001]
    [C:\Program Files\Founder\Emergency Center\SBHotkey.dll]  [N/A, ]
    [d:\Herosoft\HeroV8\VCvtShell.dll]  [herosoft, 1, 0, 0, 1]

[PID: 1896 / Administrator][D:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.22]
    [D:\Program Files\Rising\Rav\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [D:\Program Files\Rising\Rav\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [D:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [D:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [D:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.10]
[PID: 1916 / Administrator][D:\Program Files\Rising\Rav\Ravmon.exe]  [Beijing Rising Technology Co., Ltd., 20.0.01.05]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [D:\Program Files\Rising\Rav\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [D:\Program Files\Rising\Rav\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [D:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [D:\Program Files\Rising\Rav\recomp.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26]
    [D:\Program Files\Rising\Rav\refs.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 13]
    [D:\Program Files\Rising\Rav\viruslib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 17]
    [D:\Program Files\Rising\Rav\relibldr.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 13]
    [D:\Program Files\Rising\Rav\RSAPPMGR.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [D:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.10]
    [D:\Program Files\Rising\Rav\MonRule.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.24]
    [D:\Program Files\Rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [D:\Program Files\Rising\Rav\Rsguilib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 79]
    [D:\Program Files\Rising\Rav\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0]
[PID: 1932 / Administrator][C:\WINDOWS\RTHDCPL.EXE]  [Realtek Semiconductor Corp., 2.1.2.4]
    [D:\Program Files\360safe\safemon\safemon.dll]  [奇虎网, 3, 6, 4, 1001]
    [C:\Program Files\Founder\Emergency Center\SBHotkey.dll]  [N/A, ]
    [d:\Herosoft\HeroV8\VCvtShell.dll]  [herosoft, 1, 0, 0, 1]
[PID: 2016 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 140 / SYSTEM][C:\Program Files\Founder\Emergency Center\Hotkey.exe]  [N/A, ]
    [C:\Program Files\Founder\Emergency Center\MFC42D.DLL]  [Microsoft Corporation, 6.00.8168.0]
    [C:\Program Files\Founder\Emergency Center\MSVCRTD.dll]  [Microsoft Corporation, 6.00.8168.0]
    [C:\Program Files\Founder\Emergency Center\MSVCP60D.dll]  [Microsoft Corporation, 6.00.8972.0]
    [C:\Program Files\Founder\Emergency Center\SBHotkey.dll]  [N/A, ]
[PID: 852 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\Program Files\360safe\safemon\safemon.dll]  [奇虎网, 3, 6, 4, 1001]
    [C:\Program Files\Founder\Emergency Center\SBHotkey.dll]  [N/A, ]
    [d:\Herosoft\HeroV8\VCvtShell.dll]  [herosoft, 1, 0, 0, 1]
[PID: 920 / Administrator][C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe]  [Nero AG, 1, 5, 3, 0]
    [C:\Program Files\Common Files\Ahead\Lib\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Common Files\Ahead\Lib\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\Program Files\360safe\safemon\safemon.dll]  [奇虎网, 3, 6, 4, 1001]
    [C:\Program Files\Common Files\Ahead\Lib\AdvrCntr2.dll]  [Nero AG, 5,16,1, 9000]
    [C:\Program Files\Founder\Emergency Center\SBHotkey.dll]  [N/A, ]
    [C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvrPS.dll]  [Nero AG, 1, 5, 3, 0]
    [C:\Program Files\Common Files\Ahead\Lib\NMDataServices.dll]  [Nero AG, 1, 5, 3, 0]
    [d:\Herosoft\HeroV8\VCvtShell.dll]  [herosoft, 1, 0, 0, 1]
[PID: 1288 / Administrator][C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe]  [Nero AG, 1, 5, 3, 0]
    [C:\Program Files\Common Files\Ahead\Lib\NMSQLDB.dll]  [Nero AG, 1, 5, 3, 0]
    [C:\Program Files\Common Files\Ahead\Lib\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Common Files\Ahead\Lib\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\Program Files\360safe\safemon\safemon.dll]  [奇虎网, 3, 6, 4, 1001]
    [C:\Program Files\Common Files\Ahead\Lib\NMLogCxx.dll]  [Nero AG, 1, 5, 3, 0]
    [C:\Program Files\Common Files\Ahead\Lib\log4cxx.dll]  [Nero AG, 1, 0, 0, 0]
    [C:\Program Files\Common Files\Ahead\Lib\NMCoFoundation.dll]  [Nero AG, 1, 5, 3, 0]
    [C:\Program Files\Founder\Emergency Center\SBHotkey.dll]  [N/A, ]
    [C:\Program Files\Common Files\Ahead\Lib\NMPluginBase.dll]  [Nero AG, 1, 5, 3, 0]
    [C:\Program Files\Common Files\Ahead\Lib\NMFullTextExtraction.dll]  [Nero AG, 1, 5, 3, 0]
    [C:\Program Files\Common Files\Ahead\Lib\NMSearchPluginSimilarImages.dll]  [Nero AG, 1, 5, 3, 0]
    [C:\Program Files\Common Files\Ahead\Lib\NeroIPP.dll]  [Nero AG, 4,5,13,0]
    [C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvrPS.dll]  [Nero AG, 1, 5, 3, 0]
    [C:\Program Files\Common Files\Ahead\Lib\NMDataServices.dll]  [Nero AG, 1, 5, 3, 0]
    [d:\Herosoft\HeroV8\VCvtShell.dll]  [herosoft, 1, 0, 0, 1]
[PID: 2140 / Administrator][D:\Program Files\Tencent\QQ\TXPlatform.exe]  [Tencent, 1, 0, 170, 0]
    [D:\Program Files\360safe\safemon\safemon.dll]  [奇虎网, 3, 6, 4, 1001]
    [C:\Program Files\Founder\Emergency Center\SBHotkey.dll]  [N/A, ]
    [d:\Herosoft\HeroV8\VCvtShell.dll]  [herosoft, 1, 0, 0, 1]
[PID: 3340 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3584 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\Program Files\360safe\safemon\safemon.dll]  [奇虎网, 3, 6, 4, 1001]
    [C:\Program Files\Tencent\QQToolbar\IEBar.dll]  [TENCENT, 2, 0, 16, 17]
    [C:\Documents and Settings\Administrator\Application Data\TENCENT\QQToolbar\buttons\Toolbar.dll]  [TENCENT, 2, 0, 16, 17]
    [D:\Program Files\Tencent\QQDownload\QQIEHelper02.dll]  [腾讯公司, 1, 1, 0, 5]
    [d:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.16]
    [d:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 55]
    [d:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_01.dll]  [, 1, 0, 0, 12]
    [d:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_01.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 13]
    [C:\Program Files\Founder\Emergency Center\SBHotkey.dll]  [N/A, ]
    [d:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx]  [Adobe Systems, Inc., 9,0,115,0]
    [C:\WINDOWS\system32\JPWB.IME]  [常诚研制, 4.00.950]
    [d:\Herosoft\HeroV8\VCvtShell.dll]  [herosoft, 1, 0, 0, 1]
[PID: 3100 / Administrator][D:\Program Files\扫描日志\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [D:\Program Files\360safe\safemon\safemon.dll]  [奇虎网, 3, 6, 4, 1001]
    [d:\Herosoft\HeroV8\VCvtShell.dll]  [herosoft, 1, 0, 0, 1]
    [C:\Program Files\Founder\Emergency Center\SBHotkey.dll]  [N/A, ]
    [D:\Program Files\扫描日志\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost
127.0.0.1    locator.metadata.windowsmedia.com
127.0.0.1    onlinestore.smgbb.cn
127.0.0.1  yu.8s7.net
127.0.0.1  1.jopanqc.com
127.0.0.1  2.joppnqq.com
127.0.0.1  wg.47255.com
127.0.0.1  1.joppnqq.com
127.0.0.1  xxx.m111.biz
127.0.0.1  1.jopenqc.com
127.0.0.1  1.jopenkk.com
127.0.0.1  xxx.vh7.biz
127.0.0.1  xxx.j41m.com
127.0.0.1  3.joppnqq.com
127.0.0.1  d.93se.com
127.0.0.1  www.868wg.com
127.0.0.1  xxx.mmma.biz
127.0.0.1  ilove.com
127.0.0.1  tp.shpzhan.cn
127.0.0.1  www.tomwg.com
127.0.0.1  www.cike007.cn
127.0.0.1  www.22aaa.com
127.0.0.1  xx.exiao01.com
127.0.0.1  www.exiao01.com
127.0.0.1  www.exiao01.com
127.0.0.1  new.749571.com
127.0.0.1  xtx.kv8.info
127.0.0.1  cao.kv8.info
127.0.0.1  1.jopmmqq.com
127.0.0.1  171817.171817.com
127.0.0.1  d2.llsging.com
127.0.0.1  down.malasc.cn
127.0.0.1  llboss.com
127.0.0.1  nx.51ylb.cn
127.0.0.1  my.531jx.cn
127.0.0.1  qqq.dzydhx.com
127.0.0.1  qqq.hao1658.com
127.0.0.1  www.333292.com
127.0.0.1  down.18dd.net
127.0.0.1  up.22x44.com

==================================
进程特权扫描
特殊特权被允许： SeDebugPrivilege [PID = 1860, D:\PROGRAM FILES\360SAFE\SAFEMON\360TRAY.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 920, C:\PROGRAM FILES\COMMON FILES\AHEAD\LIB\NMBGMONITOR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1288, C:\PROGRAM FILES\COMMON FILES\AHEAD\LIB\NMINDEXSTORESVR.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

头晕!!!!

楼主的hosts文件怪怪的。

应该是被改过了。

没改呀,就是扫完了,我就直接弄上来了,怎么办呢~~

帮忙指点一下啊~

你自己觉得电脑有什么异常？？？？

总是有模块错误,还有死机

再有就是看上面的那张图片,接收数字相当高,现在已达到12215535了