版主和各位大侠，求你们救救我的电脑！三天前在另一台机器上下载并安装了瑞星免费防火墙（好像是支付宝版的）、木马专杀和迅雷五。不知怎么就中招了。winlogon进程总是60-70，cpu一直是100%。电脑慢到你没耐心。我在安全模式里、正常模式里杀毒（瑞星总能杀了十个左右），杀飘雪，橙色八月，杀进程，金山急救箱，360，超级兔子，顶级木马专杀等等等等，十八般武艺都使出来了。还是没用。进程分析后，winlogon。exe里的模块名称，每次杀毒后都不同，去网上搜索也没结果。支支招吧，拜托各位了！

用户系统信息：Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB5; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; InfoPath.2)

扫SRENG日志发这论坛来
下载SRENG2.6版工具：http://www.kztechs.com/sreng/download.html
SRENG工具的扫描日志操作，看这贴2楼：http://bbs.ikaka.com/showtopic-8442813.aspx

CODE]

2009-04-10,12:42:46

System Repair Engineer 2.7.1.1261
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描
    计划任务
    API HOOK
    隐藏进程


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><D:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <swg><D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe>  [(Verified)Google Inc]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <PHIME2002A><; D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <IgfxTray><; D:\WINDOWS\system32\igfxtray.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <HotKeysCmds><; D:\WINDOWS\system32\hkcmd.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <360Safebox><"E:\360安全卫士 V4.1.8.1006 标准版\360Safebox\safeboxTray.exe" /r>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <Microsoft Pinyin IME Migration><D:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL>  [(Verified)Microsoft Corporation]
    <TkBellExe><"D:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <DesktopCalendar><e:\日历\RenewDesktop.exe>  [File is missing]
    <RavTray><"D:\Program Files\Rising\Rav\RsTray.exe" -system>  [(Verified)Beijing Rising Information Technology Corporation Limited]
    <CalSprite><E:\日历\CalSprite\CalSprite.exe>  [SnowFox Studio.]
    <Storm2Set><; D:\WINDOWS\system32\rundll32.exe "E:\暴风影~1.8\StormSet.dll",CheckEnv>  [File is missing]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><D:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <GinaDLL><MsGina.dll>  [(Verified)Microsoft Windows Publisher]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <WebCheck><D:\WINDOWS\system32\webcheck.dll>  [(Verified)Microsoft Windows Component Publisher]
    <SysTray><D:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Publisher]
    <WPDShServiceObj><D:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
    <IE7 Uninstall Stub><D:\WINDOWS\system32\ieudinit.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><D:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><D:\WINDOWS\system32\ie4uinit.exe -UserIconConfig>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    <Browser Customizations><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
    <浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer><D:\WINDOWS\system32\ie4uinit.exe -BaseSettings>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><D:\WINDOWS\system32\Rundll32.exe D:\WINDOWS\system32\mscories.dll,Install>  [Microsoft Corporation]

==================================
启动文件夹
[OneNote 2007 屏幕剪辑程序和启动程序]
  <D:\Documents and Settings\Administrator.YANG-D3ABF62D43\「开始」菜单\程序\启动\OneNote 2007 屏幕剪辑程序和启动程序.lnk --> D:\PROGRA~1\MI1933~1\Office12\ONENOTEM.EXE [Microsoft Corporation]><H>

==================================
服务
[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
  <"D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><>
[Contrl Center of Storm Media / ccosm][Stopped/Auto Start]
  <E:\暴风影音 2.8\stormliv.exe /asservice><北京暴风网际科技有限公司>
[Google Updater Service / gusvc][Stopped/Manual Start]
  <"D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <D:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
  <"D:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"><Macrovision Corporation>
[ilab / ilab][Stopped/Auto Start]
  <D:\WINDOWS\System32\svchost.exe -k netsvcs-->D:\WINDOWS\system32\Silab.dll><i-lab.cn>
[Irmon / Irmon][Stopped/Auto Start]
  <D:\WINDOWS\System32\svchost.exe -k netsvcs-->D:\WINDOWS\system32\irmon32.dll><N/A>
[Kingsoft Rescue Service / Kingsoft Rescue Service][Running/Auto Start]
  <E:\金山急救箱KSFA\KSMSvc.exe><>
[Messenger / Messenger][Stopped/Boot Start]
  <\SystemRoot\D:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\msgsvc.dll><>
[Network Location Manager / Nlm][Stopped/Auto Start]
  <><(File is missing)>
[Rav Process Communication Center / RavCCenter][Stopped/Auto Start]
  <D:\Program Files\Rising\Rav\CCENTER.EXE><Beijing Rising Information Technology Co., Ltd.>
[Rising RavTask Manager / RavTask][Running/Auto Start]
  <"D:\Program Files\Rising\Rav\RavTask.exe" RavTask><Beijing Rising Information Technology Co., Ltd.>
[Rising Proxy  Service / RfwProxySrv][Stopped/Manual Start]
  <><(File is missing)>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
  <D:\Program Files\Rising\Rav\RavMonD.exe><Beijing Rising Information Technology Co., Ltd.>
[Rising Scan Service / RsScanSrv][Stopped/Auto Start]
  <D:\Program Files\Rising\Rav\ScanFrm.exe><Beijing Rising Information Technology Co., Ltd.>

==================================
驱动程序
[Service for Avance AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Avance Logic, Inc.>
[Apaidi / Apaidi][Stopped/Auto Start]
  <\??\D:\WINDOWS\system32\drivers\Apaidi.sys><N/A>
[Aspi32 / Aspi32][Running/Auto Start]
  <System32\drivers\aspi32.sys><Adaptec>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Rising>
[BC / BC][Running/Boot Start]
  <\SystemRoot\system32\Drivers\BC.sys><Kingsoft Corporation>
[bootsafe / bootsafe][Running/Boot Start]
  <\SystemRoot\system32\Drivers\bootsafe.sys><>
[dbecafhg / dbecafhg][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\dbecafhg.sys><N/A>
[EagleNT / EagleNT][Stopped/Manual Start]
  <\??\D:\WINDOWS\system32\drivers\EagleNT.sys><N/A>
[hookcont / hookcont][Running/System Start]
  <system32\drivers\HookCont.sys><Beijing Rising Information Technology Co., Ltd.>
[hooksys / hooksys][Running/System Start]
  <system32\drivers\HookSys.sys><Beijing Rising Information Technology Co., Ltd.>
[HookUrl / HookUrl][Stopped/Auto Start]
  <\??\D:\Program Files\Rising\Rfw\HookUrl.sys><N/A>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[KvMemon / KvMemon][Stopped/Manual Start]
  <\??\E:\kv2006\KV2006\KvMemon.sys><N/A>
[mProcRs / mProcRs][Stopped/Auto Start]
  <\??\d:\program files\rising\rfw\mProcRs.sys><N/A>
[npkcrypt / npkcrypt][Stopped/Auto Start]
  <\??\E:\qqbate2006\npkcrypt.sys><N/A>
[oreans32 / oreans32][Stopped/System Start]
  <\??\D:\WINDOWS\system32\drivers\oreans32.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[QKeyServiceDisplay / QKeyService][Running/Boot Start]
  <\SystemRoot\system32\KeyCrypt.sys><Tencent Technology (Shenzhen) Company Limited>
[RecAgent / RecAgent][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\RecAgent.sys><Smart Link>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Information Technology Co., Ltd.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[QXVD Driver for QX2006  / SAA7134][Running/Manual Start]
  <System32\Drivers\QX2006.sys><>
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
  <\??\D:\WINDOWS\system32\drivers\SafeBoxKrnl.sys><360安全中心>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[sptd / sptd][Running/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[Spy Emergency Driver / SpyEmrg][Stopped/System Start]
  <System32\Drivers\spyemrg.sys><N/A>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[WINIO / WINIO][Stopped/Manual Start]
  <\??\D:\WINDOWS\Downloaded Program Files\winio.sys><N/A>
[zlportio / zlportio][Stopped/Manual Start]
  <\??\D:\监控\P9.08\服务器端\QX2006应用软件\zlportio.sys><N/A>
[ZSMC USB PC Camera / ZSMC301b][Stopped/Manual Start]
  <System32\Drivers\usbVM31b.sys><VM>
[Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Running/System Start]
  <system32\drivers\ialmsbw.sys><Intel Corporation>
[Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}]

[Running/Manual Start]
  <system32\drivers\ialmkchw.sys><Intel Corporation>

==================================
浏览器加载项
[Groove GFS Browser Helper]
  {72853161-30C5-4D22-B7F9-0BBC1D38A37E} <D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll, (Signed) Microsoft Corporation>
[Windows Live Sign-in Helper]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, (Signed) Microsoft Corporation>
[Google Toolbar Helper]
  {AA58ED58-01DD-4d91-8333-CF10577473F7} <D:\Program Files\Google\Google Toolbar\GoogleToolbar.dll, (Signed) N/A>
[]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <, >
[Send to OneNote from Internet Explorer button]
  {2670000A-7350-4f3c-8081-5663EE0C6C49} <D:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll, (Signed) Microsoft Corporation>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <D:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL, (Signed) Microsoft Corporation>
[BitComet]
  {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} <, >
[&Google Toolbar]
  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <D:\Program Files\Google\Google Toolbar\GoogleToolbar.dll, (Signed) N/A>
[ULiveCtrl Control]
  {070CA17A-4BD2-4612-83B4-32B1B9159B47} <D:\WINDOWS\system32\UCLIVE~1.OCX, 北京新浪信息技术有限公司>
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <D:\WINDOWS\system32\LegitCheckControl.DLL, (Signed) Microsoft Corporation>
[]
  {33564D57-9980-0010-8000-00AA00389B71} <, >
[Office Update Installation Engine]
  {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} <D:\WINDOWS\opuc.dll, Microsoft Corporation>
[updatePanelX Control]
  {43E839C5-E10F-443A-BC1F-F09CFD2ABC77} <D:\WINDOWS\system32\uusee\internet\updateC.ocx, N/A>
[]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <, >
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <D:\WINDOWS\system32\wuweb.dll, (Signed) Microsoft Corporation>
[CCtInf Class]
  {6DBB2904-082D-4DB0-944A-21C22BA121F4} <D:\WINDOWS\system32\BANKCE~1.DLL, >
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <D:\WINDOWS\system32\INPUTC~1.DLL, >
[SLAProbe Control]
  {7A97B026-F3BB-49F6-BEAC-75021AD45B4E} <, >
[photo_uploader Control]
  {A984ED9F-E8DA-44E5-BC18-C14B9ABEF79D} <D:\WINDOWS\DOWNLO~1\PHOTO_~1.OCX, >
[ScreenCapture Class]
  {BFB79EE1-04AE-4D4A-B85E-27EE5F30C095} <D:\WINDOWS\system32\TXGYMailActiveX.dll, (Signed) Tencent Inc.>
[]
  {C14D003A-DA41-4FEE-8204-62A94EAA29D1} <, >
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <D:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, (Signed) Adobe Systems, Inc.>
[KvScanOnline Control]
  {EF6205C1-3F17-4829-BCB5-1336ED89E356} <D:\WINDOWS\system32\KvDown.ocx, N/A>
[]
  {00000000-0000-0000-0000-000000000000} <, >
[]
  {00000000-12C9-4305-82F9-43058F20E8D2} <, >
[Google Script Object]
  {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <D:\Program Files\Google\Google Toolbar\GoogleToolbar.dll, (Signed) N/A>
[]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <, >
[]
  {017767CF-2834-11D4-98F9-00C0DF242218} <, >
[]
  {03507A1A-E0C5-4404-AA26-205385C0892D} <, >
[]
  {05C1004E-2596-48E5-8E26-39362985EEB9} <, >
[]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <, >
[ULiveCtrl Control]
  {070CA17A-4BD2-4612-83B4-32B1B9159B47} <D:\WINDOWS\system32\UCLIVE~1.OCX, 北京新浪信息技术有限公司>
[Web Browser Applet Control]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <D:\WINDOWS\system32\msjava.dll, Microsoft Corporation>
[]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <, >
[]
  {0A155D3C-68E2-4215-A47A-E800A446447A} <, >
[GerneralPeerID Class]
  {0A47E819-F82E-4D5D-B806-6A9EA94D68CD} <E:\迅雷\Components\InMedia\peerid.dll, N/A>
[Fade]
  {16B280C5-EE70-11D1-9066-00C04FD9189D} <D:\WINDOWS\system32\Dxtmsft.dll, (Signed) Microsoft Corporation>
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <D:\WINDOWS\system32\LegitCheckControl.DLL, (Signed) Microsoft Corporation>
[]
  {19850308-4B15-11D1-ABED-709549C10000} <, >
[]
  {1E0DFFCF-27FF-4574-849B-55007349FEDA} <, >
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <D:\WINDOWS\system32\wmpdxm.dll, (Signed) Microsoft Corporation>
[&Google Toolbar]
  {2318C2B1-4965-11D4-9B18-009027A5CD4F} <D:\Program Files\Google\Google Toolbar\GoogleToolbar.dll, (Signed) N/A>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <D:\WINDOWS\system32\mshtml.dll, (Signed) Microsoft Corporation>
[]
  {2670000A-7350-4F3C-8081-5663EE0C6C49} <, >
[]
  {27BEF713-0690-444D-98F5-2BC45501CBB0} <, >
[]
  {29269350-EC07-4274-821F-F2E0E2697149} <, >
[XML DOM Document]
  {2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[Passport 的批处理服务]
  {2D2307C8-7DB4-40D6-9100-D52AF4F97A5B} <%SystemRoot%\system32\netplwiz.dll, (Signed) N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <D:\WINDOWS\system32\dllcache\dhtmled.ocx, (Signed) Microsoft Corporation>
[RealPlayer RAM Download Handler]
  {2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <D:\WINDOWS\system32\rmoc3260.dll, (Signed) RealNetworks, Inc.>
[HtmlDlgSafeHelper Class]
  {3050F819-98B5-11CF-BB82-00AA00BDCE0B} <D:\WINDOWS\system32\mshtmled.dll, (Signed) Microsoft Corporation>
[Tabular Data Control]
  {333C7BC4-460F-11D0-BC04-0080C7055A83} <D:\WINDOWS\system32\tdc.ocx, (Signed) Microsoft Corporation>
[]
  {367E0A21-8601-4986-9C9A-153BF5ACA118} <, >
[BitComet Helper]
  {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <E:\bt\BitComet\tools\BitCometBHO_1.2.2.28.dll, (Signed) BitComet>
[BitCometBar]
  {3F1ABCDB-A875-46C1-8345-B72A4567E486} <, >
[]
  {3F618E1F-D981-4905-A757-4D237441B5B3} <, >
[]
  {42AFACEE-2A77-41EB-9EE2-D9F8AF827F90} <, >
[updatePanelX Control]
  {43E839C5-E10F-443A-BC1F-F09CFD2ABC77} <D:\WINDOWS\system32\uusee\internet\updateC.ocx, N/A>
[]
  {4453D895-F2A1-4A38-A285-1EF9BD3F6D5D} <, >
[]
  {461CC20B-FB6E-4F16-8FE8-C29359DB100E} <, >
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[]
  {4836C333-208E-4BCE-B30B-00B9545B0F6E} <, >
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <E:\迅雷\ComDlls\ThunderAgent_Now.dll, N/A>
[]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <, >
[]
  {4E83D567-4697-4F7B-B1F0-A513B01DB89A} <, >
[HHCtrl Object]
  {52A2AAAE-085D-4187-97EA-8C30DB990436} <D:\WINDOWS\system32\hhctrl.ocx, (Signed) Microsoft Corporation>
[]
  {53AF6E02-F18F-4228-AC13-3E79773FBE50} <, >
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <D:\WINDOWS\system32\wuweb.dll, (Signed) Microsoft Corporation>
[XMP Class]
  {6483F145-A768-4C41-AACC-52D4D7845851} <D:\Documents and Settings\All Users.WINDOWS\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, Thunder Networking Technologies,LTD>
[XDRM]
  {693571CB-54A3-4E90-9D52-EEAE1334E2D3} <D:\Documents and Settings\All Users.WINDOWS\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[StormPlayer Object]
  {6BE52E1D-E586-474F-A6E2-1A85A9B4D9FB} <E:\暴风影音 2.8\mps.dll, (Signed) 北京暴风网际科技有限公司>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <D:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[CCtInf Class]
  {6DBB2904-082D-4DB0-944A-21C22BA121F4} <D:\WINDOWS\system32\BANKCE~1.DLL, >
[WangWangObj Class]
  {6E213FC7-DD5A-4115-B7E6-D4C7838C361E} <E:\阿里旺旺\WangWang\WangWangX6.dll, (Signed) 阿里巴巴软件(上海)有限公司>
[Active Desktop Mover]
  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, (Signed) N/A>
[Groove GFS Browser Helper]
  {72853161-30C5-4D22-B7F9-0BBC1D38A37E} <D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll, (Signed) Microsoft Corporation>
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <D:\WINDOWS\system32\INPUTC~1.DLL, >
[]
  {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <, >
[]
  {7E853D72-626A-48EC-A868-BA8D5E23E045} <, >
[]
  {80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} <, >
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <E:\360安全卫士 V4.1.8.1006 标准版\360safe\live.dll, (Signed) 360.cn>
[Microsoft Web Browser]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <D:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>
[]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <, >
[XML DOM Document 5.0]
  {88D969E5-F192-11D4-A65F-0040963251E5} <D:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll, (Signed) Microsoft Corporation>
[Uploader Class]
  {8B054DFE-79A3-4A6A-9F46-CD2A2F601129} <D:\WINDOWS\system32\TXGYMailActiveX.dll, (Signed) Tencent Inc.>
[AxSubmitControl Class]
  {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <D:\WINDOWS\system32\SUBMIT~1.DLL, >
[Windows Live Sign-in Helper]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, (Signed) Microsoft Corporation>
[]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <, >
[]
  {95B3F550-91C4-4627-BCC4-521288C52977} <, >
[]
  {962EFB8E-2683-42D4-AC74-AAA4C759B9C6} <, >
[]
  {9701758C-4373-482E-B13C-776C048EC890} <, >
[]
  {A0ABEB73-F219-4CBA-B8AE-9298115E56CC} <, >
[UploadFilePartition Class]
  {A877BA28-1F7E-4876-B299-50B3199A1A5D} <D:\WINDOWS\system32\TXGYMailActiveX.dll, (Signed) Tencent Inc.>
[photo_uploader Control]
  {A984ED9F-E8DA-44E5-BC18-C14B9ABEF79D} <D:\WINDOWS\DOWNLO~1\PHOTO_~1.OCX, >
[RMGetLicense Class]
  {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <D:\WINDOWS\system32\msnetobj.dll, (Signed) Microsoft Corporation>
[Google Toolbar Helper]
  {AA58ED58-01DD-4D91-8333-CF10577473F7} <D:\Program Files\Google\Google Toolbar\GoogleToolbar.dll, (Signed) N/A>
[]
  {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <, >
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <D:\WINDOWS\system32\mshtml.dll, (Signed) Microsoft Corporation>
[Google Toolbar Notifier BHO]
  {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <D:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll, (Signed) Google Inc.>
[]
  {B0CE7123-982E-4A0C-A0D6-E4F32B9BAEDF} <, >
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A>
[]
  {B5A34A93-D538-43A7-8371-864CB6148D12} <, >
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <E:\360安全卫士 V4.1.8.1006 标准版\360safe\safemon\safemon.dll, (Signed) 360.CN>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <D:\Program Files\Common Files\System\msadc\msadco.dll, (Signed) Microsoft Corporation>
[]
  {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <, >
[]
  {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <, >
[ScreenCapture Class]
  {BFB79EE1-04AE-4D4A-B85E-27EE5F30C095} <D:\WINDOWS\system32\TXGYMailActiveX.dll, (Signed) Tencent Inc.>
[]
  {C14D003A-DA41-4FEE-8204-62A94EAA29D1} <, >
[]
  {C661F36D-DF85-4EF4-83C7-E107B83D04B1} <, >
[]
  {C95FE080-8F5D-11D2-A20B-00AA003C157B} <, >
[]
  {CA828031-4325-11D4-BDB2-00105A776E78} <, >
[QQPlayerCtrl Class]
  {CD108273-D434-43E6-AA90-1469F97EB398} <E:\QQMusic\QzoneMusic.dll, (Signed) 深圳腾讯科技>
[AUDIO__MID Moniker Class]
  {CD3AFA74-B84F-48F0-9393-7EDC34128127} <D:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <D:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[AUDIO__WAV Moniker Class]
  {CD3AFA7B-B84F-48F0-9393-7EDC34128127} <D:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
  {CD3AFA84-B84F-48F0-9393-7EDC34128127} <D:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
  {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <D:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <D:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <D:\WINDOWS\system32\rmoc3260.dll, (Signed) RealNetworks, Inc.>
[]
  {D18A0B52-D63C-4ED0-AFC6-C1E3DC1AF43A} <, >
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <D:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, (Signed) Adobe Systems, Inc.>
[TencentVmpCtl Class]
  {D9819BD5-422B-4281-8523-726466ED692B} <, >
[]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <, >
[QuickTimeCheck Class]
  {DE4AF3B0-F4D4-11D3-B41A-0050DA2E6C21} <E:\暴风影音 2.8\Codec\QTSystem\QTCheck.ocx, (Signed) Apple Computer, Inc.>
[]
  {DEDEB80D-FA35-45D9-9460-4983E5A8AFE6} <, >
[Microsoft Silverlight]
  {DFEAF541-F3E1-4C24-ACAC-99C30715084A} <D:\Program Files\Microsoft Silverlight\2.0.40115.0\npctrl.dll, (Signed)  Microsoft Corporation>
[PlayerCtrl Class]
  {E05BC2A3-9A46-4A32-80C9-023A473F5B23} <E:\QQMusic\QzoneMusic.dll, (Signed) 深圳腾讯科技>
[]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <, >
[TimwpDll.TimwpCheck]
  {ED4CA2E5-0EEA-44C1-AD7E-74A07A7507A4} <E:\QQ\Timwp.dll, (Signed) TENCENT>
[XML HTTP Request]
  {ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[]
  {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <, >
[]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <, >
[MyTvPlayer1 Class]
  {F4B182CA-9795-4087-990D-0BF26659E970} <, >
[XML DOM Document 3.0]
  {F5078F32-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[Free Threaded XML DOM Document 3.0]
  {F5078F33-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[XML HTTP 3.0]
  {F5078F35-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[XSL Template 3.0]
  {F5078F36-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[XML DOM Document]
  {F6D90F11-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[IEDown Class]
  {F917534D-535B-416B-8E8F-0C04756C31A8} <D:\WINDOWS\system32\GLIEDown2.dll, 联众公司>
[]
  {FB5F1910-F110-11D2-BB9E-00C04F795683} <, >
[IERPCtl Class]
  {FDC7A535-4070-4B92-A0EA-D9994BCC0DC5} <E:\realplay\rpplugins\ierpplug.dll, RealNetworks, Inc.>
[]
  {FEDF637B-F631-4583-A210-33CC828D42DB} <, >
[]
  {FF354A24-B490-4D4F-8EEC-B3ACD6E681A4} <, >
[导出到 Microsoft Excel(&X)]
  <res://D:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://E:\OFFICE~1\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
  <E:\QQ\AddEmotion.htm, N/A>

==================================
正在运行的进程
[PID: 488 / SYSTEM][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 544 / SYSTEM][\??\D:\WINDOWS\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 568 / SYSTEM][\??\D:\WINDOWS\system32\winlogon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\WINDOWS\system32\gxbfdy.dll]  [N/A, ]
[PID: 616 / SYSTEM][D:\WINDOWS\system32\services.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\WINDOWS\AppPatch\AcAdProc.dll]  [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)]
[PID: 628 / SYSTEM][D:\WINDOWS\system32\lsass.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 780 / SYSTEM][D:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 840 / NETWORK SERVICE][D:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 892 / SYSTEM][D:\Program Files\Rising\Rav\CCENTER.EXE]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [D:\Program Files\Rising\Rav\combase.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
    [D:\Program Files\Rising\Rav\cnt09.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 37]
    [D:\Program Files\Rising\Rav\cnt08.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7]
[PID: 900 / SYSTEM][D:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1004 / NETWORK SERVICE][D:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1016 / LOCAL SERVICE][D:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1308 / SYSTEM][E:\金山急救箱KSFA\KSMSvc.exe]  [, 2008, 11, 14, 2]
    [E:\金山急救箱KSFA\dump.dll]  [Kingsoft Corporation, 2006, 2, 16, 8]
    [E:\金山急救箱KSFA\KSMCore.dll]  [, 2009, 4, 1, 91]
    [E:\金山急救箱KSFA\KAVRep.dll]  [Kingsoft Corporation, 2008,11,27,198]
    [E:\金山急救箱KSFA\KIPC.dll]  [, 2009, 3, 18, 8]
    [E:\金山急救箱KSFA\kaeautorunex.dll]  [Kingsoft Corporation, 2009, 3, 25, 335]
    [E:\金山急救箱KSFA\DC.dll]  [Kingsoft Corporation, 2008, 11, 26, 118]
    [E:\金山急救箱KSFA\bcdll.dll]  [, 2008, 11, 17, 1]
    [E:\金山急救箱KSFA\kassysrepair.dll]  [Kingsoft Corporation, 2008, 11, 12, 202]
[PID: 1396 / SYSTEM][D:\WINDOWS\system32\spoolsv.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [D:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
[PID: 1404 / SYSTEM][D:\Program Files\Rising\Rav\rsnetsvr.exe]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 15]
    [D:\Program Files\Rising\Rav\NComm.dll]  [Beijing Rising Information Technology Co., Ltd., 6.0.0.12]
    [D:\Program Files\Rising\Rav\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [D:\Program Files\Rising\Rav\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [D:\Program Files\Rising\Rav\ProcComm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [D:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
[PID: 1772 / SYSTEM][D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE]  [Microsoft Corporation, 7.00.9466]
    [D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\2052\mdmui.dll]  [Microsoft Corporation, 7.00.9466]
[PID: 1828 / SYSTEM][D:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 23]
    [D:\Program Files\Rising\Rav\rsconf.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [D:\Program Files\Rising\Rav\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
    [D:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.18]
    [D:\Program Files\Rising\Rav\proccomm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [D:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [D:\Program Files\Rising\Rav\rsstub.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
    [D:\Program Files\Rising\Rav\rstask.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 36]
[PID: 1884 / SYSTEM][D:\WINDOWS\system32\tcpsvcs.exe]  [(Verified) Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 2004 / SYSTEM][D:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2112 / LOCAL SERVICE][D:\WINDOWS\System32\alg.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID: 2736 / Administrator][D:\WINDOWS\system32\ctfmon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2752 / Administrator][D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe]  [Google Inc., 2, 0, 301, 1654]
    [D:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\gtn.dll]  [Google Inc., 5, 0, 926, 3450]
    [D:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll]  [Google Inc., 5, 0, 926, 3450]
[PID: 1756 / Administrator][D:\WINDOWS\explorer.exe]  [(Verified) Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
    [D:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [D:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [D:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
    [D:\WINDOWS\system32\igfxpph.dll]  [Intel Corporation, 3,0,0,1715]
    [D:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3,0,0,1715]
    [D:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3,0,0,1715]
    [D:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3,0,0,1715]
    [D:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3,0,0,1715]
    [D:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [D:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
[PID: 1904 / SYSTEM][D:\Program Files\Rising\Rav\ScanFrm.exe]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.11]
    [D:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [D:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\Program Files\Rising\Rav\combase.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
    [D:\Program Files\Rising\Rav\moncomm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
    [D:\Program Files\Rising\Rav\scansrvp.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.11]
    [D:\Program Files\Rising\Rav\proccomm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [D:\Program Files\Rising\Rav\ScanSrv.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.9]
    [D:\Program Files\Rising\Rav\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [D:\Program Files\Rising\Rav\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
[PID: 2572 / Administrator][D:\PROGRAM FILES\RISING\RAV\RSTRAY.EXE]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.22]
    [D:\PROGRAM FILES\RISING\RAV\ComServ.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.49]
    [D:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [D:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\PROGRAM FILES\RISING\RAV\rslang.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 28]
    [D:\PROGRAM FILES\RISING\RAV\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [D:\PROGRAM FILES\RISING\RAV\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [D:\PROGRAM FILES\RISING\RAV\rsxml.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [D:\PROGRAM FILES\RISING\RAV\ProcComm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [D:\PROGRAM FILES\RISING\RAV\MonState.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7]
    [D:\PROGRAM FILES\RISING\RAV\ScanEvnt.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.12]
    [D:\PROGRAM FILES\RISING\RAV\rsguilib.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 71]
    [D:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [D:\PROGRAM FILES\RISING\RAV\rsconf.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [D:\PROGRAM FILES\RISING\RAV\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
    [D:\PROGRAM FILES\RISING\RAV\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.18]
    [D:\PROGRAM FILES\RISING\RAV\rspalvd.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.24]
    [D:\PROGRAM FILES\RISING\RAV\ravbintl.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 28]
    [D:\PROGRAM FILES\RISING\RAV\mruleui.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 10]
    [D:\PROGRAM FILES\RISING\RAV\MonTray.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.93]
    [D:\PROGRAM FILES\RISING\RAV\PngDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [D:\PROGRAM FILES\RISING\RAV\RavITray.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 23]
    [D:\PROGRAM FILES\RISING\RAV\ScanPrxy.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.15]
    [D:\PROGRAM FILES\RISING\RAV\rsmginfo.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
[PID: 2528 / SYSTEM][D:\Program Files\Rising\Rav\RavMonD.exe]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
    [D:\Program Files\Rising\Rav\combase.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
    [D:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [D:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\Program Files\Rising\Rav\moncomm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
    [D:\Program Files\Rising\Rav\MonBase.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 6]
    [D:\Program Files\Rising\Rav\Rslog.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.34]
    [D:\Program Files\Rising\Rav\mondrv.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9]
    [D:\Program Files\Rising\Rav\defmon.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 31]
    [D:\Program Files\Rising\Rav\moncom08.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
    [D:\Program Files\Rising\Rav\MonRule.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9]
    [D:\Program Files\Rising\Rav\FileMon.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 22]
    [D:\Program Files\Rising\Rav\MailMon.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 24]
    [D:\Program Files\Rising\Rav\HookWeb.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
    [D:\Program Files\Rising\Rav\proccomm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [D:\Program Files\Rising\Rav\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
    [D:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.18]
    [D:\Program Files\Rising\Rav\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [D:\Program Files\Rising\Rav\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [D:\Program Files\Rising\Rav\Hooksys.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 18]
    [D:\Program Files\Rising\Rav\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [D:\Program Files\Rising\Rav\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [D:\Program Files\Rising\Rav\HookCont.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 12]
    [D:\Program Files\Rising\Rav\rsnetsvr.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 14]
    [D:\Program Files\Rising\Rav\BACore.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 22]
    [D:\Program Files\Rising\Rav\recomp.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [D:\Program Files\Rising\Rav\refs.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [D:\Program Files\Rising\Rav\RSStore.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9]
    [D:\Program Files\Rising\Rav\ScanAdd.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.15]
    [D:\Program Files\Rising\Rav\Scanner.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.33]
    [D:\Program Files\Rising\Rav\viruslib.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [D:\Program Files\Rising\Rav\relibldr.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [D:\Program Files\Rising\Rav\ffr.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [D:\Program Files\Rising\Rav\nvfile.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [D:\Program Files\Rising\Rav\scanexec.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
    [D:\Program Files\Rising\Rav\unexe.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
    [D:\Program Files\Rising\Rav\scanex.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 29]
    [D:\Program Files\Rising\Rav\pearc.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [D:\Program Files\Rising\Rav\scanpe.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9]
    [D:\Program Files\Rising\Rav\ur000.dat]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 10]
    [D:\Program Files\Rising\Rav\urutils.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [D:\Program Files\Rising\Rav\extfile.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13]
    [D:\Program Files\Rising\Rav\revm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [D:\Program Files\Rising\Rav\scansct.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [D:\Program Files\Rising\Rav\extmail.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [D:\Program Files\Rising\Rav\ur025.dat]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
[PID: 416 / Administrator][D:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 7.00.6000.16791 (vista_gdr.081217-1620)]
    [D:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [D:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [D:\Program Files\Google\Google Toolbar\GoogleToolbar.dll]  [N/A, ]
    [D:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_F423308312A7B033.dll]  [Google Inc., 5, 0, 2124, 6042]
    [D:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll]  [Google Inc., 5, 0, 926, 3450]
    [D:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.69]
    [D:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [D:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx]  [Adobe Systems, Inc., 9,0,124,0]
[PID: 3328 / Administrator][D:\Program Files\WinRAR\WinRAR.exe]  [N/A, ]
    [D:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [D:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.DLL]  [Microsoft Corporation, 8.00.50727.762]
[PID: 3668 / Administrator][D:\DOCUME~1\ADMINI~1.YAN\LOCALS~1\Temp\Rar$EX02.719\SREngLdr.EXE]  [Smallfrogs Studio, 2.7.1.1261]
[PID: 3196 / Administrator][D:\DOCUME~1\ADMINI~1.YAN\LOCALS~1\Temp\Rar$EX02.719\SREc08027d9.EXE]  [Smallfrogs Studio, 2.7.1.1261]
    [D:\DOCUME~1\ADMINI~1.YAN\LOCALS~1\Temp\Rar$EX02.719\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. [d:\windows\hh.exe %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [D:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost127.0.0.1    js.k0102.com
127.0.0.1    360.gxgxy.net
127.0.0.1    w.c0mo.com
127.0.0.1    jj.gxgxy.net

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 3328, D:\PROGRAM FILES\WINRAR\WINRAR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3668, D:\DOCUME~1\ADMINI~1.YAN\LOCALS~1\TEMP\RAR$EX02.719\SRENGLDR.EXE]

==================================
计划任务
[已启用] OGADaily.job
        D:\WINDOWS\system32\OGAVerify.exe
[已启用] OGALogon.job
        D:\WINDOWS\system32\OGAVerify.exe
[已启用] SogouImeMgr.job
        E:\搜狗拼~1.105\SOGOUI~1\360~1.165\PinyinRepair.exe

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

麻烦了,请看看.

D:\WINDOWS\system32\irmon32.dll
D:\WINDOWS\system32\drivers\Apaidi.sys
D:\WINDOWS\system32\drivers\dbecafhg.sys
D:\WINDOWS\system32\gxbfdy.dll
上传病毒样本到可疑文件交流区，地址为：http://bbs.ikaka.com/showforum-20002.aspx
或者直接发送给瑞星的邮件服务中心【病毒样本】地址为：http://mailcenter.rising.com.cn/uploadnew.aspx