更新SREngLOG如下：
（SR刚才扫描时勾上安全更新一项就会卡在那里一直扫！？），另附一图[code]2011-05-21,18:07:52
System Repair Engineer 2.8.4.1331
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 3 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描
    计划任务
    API HOOK
    隐藏进程

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <TurboV Help><"C:\Program Files\ASUS\TurboV EVO\TurboVHelp.exe">  [ASUSTek]
    <TurboV EVO><"C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe">  [ASUSTek]
    <JMB36X IDE Setup><C:\WINDOWS\RaidTool\xInsIDE.exe>  []
    <QFan Help><"C:\Program Files\ASUS\AI Suite\QFan3\QFanHelp.exe">  []
    <Cpu Level Up help><"C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe">  []
    <Six Engine><"C:\Program Files\ASUS\Six Engine\SixEngine.exe" -b>  []
    <knsdtray><"D:\Keniu\Keniu Shadu\knsdtray.exe" -autorun>  [(Verified)Keniu Network Technology (Beijing) Co., Ltd.]
    <KSafeTray><"D:\KSafe\KSafeTray.exe" -autorun>  [(Verified)Kingsoft Security Co.,Ltd]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <WebCheck><%SystemRoot%\system32\webcheck.dll>  [(Verified)Microsoft Windows Component Publisher]
    <SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Component Publisher]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
    <WinlogonNotify: dimsntfy><%SystemRoot%\System32\dimsntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
    <浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <N/A><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Remove.PerUser.NT>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [Microsoft Corporation]
==================================
启动文件夹
N/A
==================================
服务
[ASUS System Control Service / AsSysCtrlService][Running/Auto Start]
  <C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe><N/A>
[Ati HotKey Poller / Ati HotKey Poller][Stopped/Manual Start]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart][Stopped/Auto Start]
  <C:\WINDOWS\system32\ati2sgag.exe><>
[DeviceVM Meta Data Export Service / DvmMDES][Running/Auto Start]
  <"C:\ASUS.SYS\config\DVMExportService.exe"><DeviceVM, Inc.>
[GP_CLT_Service / GP_CLT_Service][Running/Auto Start]
  <C:\WINDOWS\system32\GP_CLT_Service.exe><>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[ICBC Daemon Service / ICBC Daemon Service][Running/Auto Start]
  <C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\IcbcDaemon.exe><N/A>
[Keniu Shadu Antivirus Engine / kavehost][Running/Manual Start]
  <"D:\Keniu\Keniu Shadu\Ave\knsdave.exe" -svc><N/A>
[Kingsoft Rescue Service / Kingsoft Rescue Service][Running/Auto Start]
  <D:\杀毒工具\KSM\ksmsvc.exe><>
[Keniu Shadu Service / knsdsvc][Running/Auto Start]
  <"D:\Keniu\Keniu Shadu\knsdsvc.exe" -svc><Keniu Network Technology.>
[KSafe service / KSafeSvc][Running/Auto Start]
  <"D:\KSafe\KSafeSvc.exe" -svc><Kingsoft Corporation>
[OnKey Service _ICBC / OnKey Service _ICBC][Running/Auto Start]
  <C:\WINDOWS\system32\D4Ser_ICBC.exe><Tendyron Corporation>
[Rsd Service / RsMgrSvc][Running/Auto Start]
  <"C:\Program Files\Rising\RSD\RsMgrSvc.exe"><Beijing Rising Information Technology Co., Ltd.>
[RIS Service / RsRISMon][Running/Auto Start]
  <"C:\Program Files\Rising\RIS\RavMonD.exe"><Beijing Rising Information Technology Co., Ltd.>
[XLDoctor Services / XLDoctor Services][Stopped/Manual Start]
  <D:\Thunder Network\Thunder\Program\DctSer.exe><深圳市迅雷网络技术有限公司>
==================================
驱动程序
[AsIO / AsIO][Running/System Start]
  <system32\drivers\AsIO.sys><N/A>
[ati2mtag / ati2mtag][Running/Manual Start]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[ATI Function Driver for High Definition Audio Service / AtiHdmiService][Running/Manual Start]
  <system32\drivers\AtiHdmi.sys><ATI Research Inc.>
[BC / BC][Running/Boot Start]
  <\SystemRoot\system32\Drivers\BC.sys><Kingsoft Corporation>
[bootsafe / bootsafe][Running/Boot Start]
  <\SystemRoot\system32\Drivers\bootsafe.sys><>
[CIDC USB KEY Driver / CIDCUSB][Stopped/Manual Start]
  <System32\Drivers\CIDCUSB.sys><CIDC.>
[ComputerZ / ComputerZ][Stopped/Manual Start]
  <\??\D:\电脑检测工具\鲁大师\LuDaShi\ComputerZ.sys><鲁大师>
[Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[hooksys / hooksys][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\Hooksys.sys><Beijing Rising Information Technology Co., Ltd.>
[HookTdi / HookTdi][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\HookTdi.sys><Beijing Rising Information Technology Co., Ltd.>
[hptpro / hptpro][Stopped/Boot Start]
  <\SystemRoot\system32\DRIVERS\hptpro.sys><HighPoint Technologies, Inc.>
[HTC Device Driver / HTCAND32][Stopped/Manual Start]
  <System32\Drivers\ANDROIDUSB.sys><HTC1124 Inc>
[HyperVM / HyperVM][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\hvm.sys><Beijing Rising Information Technology Co., Ltd.>
[JRAID / JRAID][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\jraid.sys><JMicron Technology Corp.>
[kmodurl / kmodurl][Running/System Start]
  <\??\D:\KSafe\kmodurl.sys><Kingsoft Corporation>
[KnsdBootCheck / KnsdBootCheck][Running/Boot Start]
  <\SystemRoot\system32\Drivers\knbc.sys><Keniu Network Technology.>
[ksapi / ksapi][Running/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\ksapi.sys><Kingsoft Corporation>
[Mouse HID Driver / mouhid][Stopped/Manual Start]
  <system32\DRIVERS\mouhid.sys><N/A>
[ATK0110 ACPI UTILITY / MTsensor][Running/Manual Start]
  <system32\DRIVERS\ASACPI.sys><>
[Nokia USB Phone Parent Driver / nmwcd][Stopped/Manual Start]
  <system32\drivers\ccdcmb.sys><Nokia>
[Nokia USB Communication Driver / nmwcdc][Stopped/Manual Start]
  <system32\drivers\ccdcmbo.sys><Nokia>
[NPPTNT2 / NPPTNT2][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\npptNT2.sys><INCA Internet Co., Ltd.>
[Padus ASPI Shell / pfc][Running/Manual Start]
  <system32\drivers\pfc.sys><Padus, Inc.>
[PortTalk / PortTalk][Stopped/Manual Start]
  <System32\Drivers\PortTalk.sys><Beyond Logic http://www.beyondlogic.org>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Rising RfwARP Driver / RFWARP][Running/Auto Start]
  <system32\DRIVERS\rfwarp.sys><Beijing Rising Information Technology Co., Ltd.>
[Rising RfwNdis Driver / RFWNDIS][Running/Manual Start]
  <system32\DRIVERS\rfwndis.sys><Beijing Rising Information Technology Co., Ltd.>
[rfwtdi / rfwtdi][Running/Auto Start]
  <\??\C:\Program Files\Rising\RIS\rfwtdi.sys><Beijing Rising Information Technology Co., Ltd.>
[rsfwdrv / rsfwdrv][Running/Auto Start]
  <\??\C:\Program Files\Rising\RIS\rsfwdrv.sys><Beijing Rising Information Technology Co., Ltd.>
[Realtek 10/100/1000 PCI NIC Family NDIS XP Driver / RTL8023xp][Running/Manual Start]
  <system32\DRIVERS\Rtnicxp.sys><Realtek Semiconductor Corporation>
[Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver / RTLE8023xp][Running/Manual Start]
  <system32\DRIVERS\Rtenicxp.sys><Realtek Semiconductor Corporation>
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
  <System32\Drivers\SafeBoxKrnl.sys><360安全中心>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[skvkrpr / skvkrpr][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\Drivers\skvkrpr.sys><Kingsoft Corporation>
[Symantec Network Security Intermediate Filter Service / SymIM][Stopped/Manual Start]
  <system32\DRIVERS\SymIM.sys><Symantec Corporation>
[SymIMMP / SymIMMP][Stopped/Manual Start]
  <system32\DRIVERS\SymIM.sys><Symantec Corporation>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[upperdev / upperdev][Stopped/Manual Start]
  <system32\DRIVERS\usbser_lowerflt.sys><Nokia>
[UsbserFilt / UsbserFilt][Stopped/Manual Start]
  <system32\DRIVERS\usbser_lowerfltj.sys><Nokia>
[VIA High Definition Audio Driver Service / VIAHdAudAddService][Running/Manual Start]
  <system32\drivers\viahduaa.sys><VIA Technologies, Inc.>
==================================
浏览器加载项
[迅雷下载支持]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\Thunder Network\Thunder\BHO\XunleiBHO7.1.4.2104.dll, (Signed) 深圳市迅雷网络技术有限公司>
[ICBC Anti-Phishing class]
  {BB4491A2-D11A-4c6b-91C0-B53246A3122B} <C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\Icbc_AntiPhishing.dll, (Signed) 中国工商银行>
[Store Class]
  {1086BE51-00F5-4371-A449-9A2DECE1B138} <C:\WINDOWS\system32\ABCCECom.ocx, (Signed) Feitian Technologies Co., Ltd.>
[]
  {1663ed61-23eb-11d2-b92f-008048fdd814} <, >
[Axcleanctrl Class]
  {36C9539B-49D2-01C7-9C6D-10DACDFEA59C} <C:\WINDOWS\system32\icbcclean.dll, (Signed) >
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, (Signed) >
[]
  {6EA2869B-5A14-4DCB-9E0A-084F74BB20F5} <, >
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\system32\InputControl.dll, (Signed) >
[AxSubmitControl Class]
  {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\system32\SubmitControl.dll, (Signed) >
[]
  {F2AF4FB7-CC87-49C9-B147-E1BAAC82BCDD} <, >
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, (Signed) N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, (Signed) Microsoft Corporation>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[迅雷下载支持]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\Thunder Network\Thunder\BHO\XunleiBHO7.1.4.2104.dll, (Signed) 深圳市迅雷网络技术有限公司>
[ICBC Anti-Phishing class]
  {BB4491A2-D11A-4C6B-91C0-B53246A3122B} <C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\Icbc_AntiPhishing.dll, (Signed) 中国工商银行>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10q.ocx, (Signed) Adobe Systems, Inc.>
[&使用优蛋下载]
  <D:\115\UDown\getUrl.htm, N/A>
[使用迅雷下载]
  <D:\Thunder Network\Thunder\BHO\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <D:\Thunder Network\Thunder\BHO\GetAllUrl.htm, N/A>
==================================

正在运行的进程
[PID: 564 / SYSTEM][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 624 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1316 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
    [C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\msctfime.ime]  [Microsoft Corporation, 5.1.2600.5768 (xpsp_sp3_gdr.090226-1442)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4179]
    [C:\WINDOWS\system32\atiadlxx.dll]  [Advanced Micro Devices, Inc., 6.14.10.1054]
[PID: 1360 / SYSTEM][C:\WINDOWS\system32\services.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)]
[PID: 1372 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1540 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1620 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1816 / SYSTEM][C:\Program Files\Rising\RSD\RsMgrSvc.exe]  [Beijing Rising Information Technology Co., Ltd., 1.0.0.29]
    [C:\Program Files\Rising\RSD\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.4]
    [C:\Program Files\Rising\RSD\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.1]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1828 / SYSTEM][C:\Program Files\Rising\RIS\RavMonD.exe]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 14]
    [C:\Program Files\Rising\RIS\combase.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 16]
    [C:\Program Files\Rising\RIS\rsconf.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.4]
    [C:\Program Files\Rising\RIS\scansrvp.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.12]
    [C:\Program Files\Rising\RIS\cnt09.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 1]
    [C:\Program Files\Rising\RIS\moncomm.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.3]
    [C:\Program Files\Rising\RIS\MonBase.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 1]
    [C:\Program Files\Rising\RIS\Rslog.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.23]
    [C:\Program Files\Rising\RIS\RsStore.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.12]
    [C:\Program Files\Rising\RIS\mondrvd.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 11]
    [C:\Program Files\Rising\RIS\defmon.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 61]
    [C:\Program Files\Rising\RIS\moncom08.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.2]
    [C:\Program Files\Rising\RIS\taskplug.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.2]
    [C:\Program Files\Rising\RIS\mondrvm.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 8]
    [C:\Program Files\Rising\RIS\MonRule.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 32]
    [C:\Program Files\Rising\RIS\FileMon.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 33]
    [C:\Program Files\Rising\RIS\MailMon.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 55]
    [C:\Program Files\Rising\RIS\rfwlog.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.7]
    [C:\Program Files\Rising\RIS\rfwrule.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.1]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Rising\RIS\rfwsrv.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.90]
    [C:\Program Files\Rising\RIS\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.1]
    [C:\Program Files\Rising\RIS\mPorts.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.7]
    [C:\Program Files\Rising\RIS\rfwdrvc.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.36]
    [C:\Program Files\Rising\RIS\fishweb.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 26]
    [C:\Program Files\Rising\RIS\rsindent.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.1.0]
    [C:\Program Files\Rising\RIS\cnt08.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 1]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\Rising\RIS\proccomm.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.1]
    [C:\Program Files\Rising\RIS\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.4]
    [C:\Program Files\Rising\RIS\Hooksys.dll]  [Beijing Rising Information Technology Co., Ltd., 25, 0, 0, 8]
    [C:\Program Files\Rising\RIS\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\Program Files\Rising\RIS\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\Program Files\Rising\RIS\hookTdi.dll]  [Beijing Rising Information Technology Co., Ltd., 25, 0, 0, 9]
    [C:\Program Files\Rising\RIS\BACore.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 57]
    [C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\Program Files\Rising\RIS\recomp.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 12]
    [C:\Program Files\Rising\RIS\refs.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 3]
    [C:\Program Files\Rising\RIS\viruslib.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 8]
    [C:\Program Files\Rising\RIS\relibldr.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 1]
    [C:\Program Files\Rising\RIS\rsnetsvr.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.12]
    [C:\Program Files\Rising\RIS\bawhite.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 5]
    [C:\Program Files\Rising\RIS\ScanAdd.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.31]
    [C:\Program Files\Rising\RIS\Scanner.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 68]
    [C:\Program Files\Rising\RIS\fwfish.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 4]
    [C:\Program Files\Rising\RIS\fwcomp.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 11]
    [C:\Program Files\Rising\RIS\fwfs.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 5]
    [C:\Program Files\Rising\RIS\fwvirlib.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 5]
    [C:\Program Files\Rising\RIS\fwlibldr.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 3]
    [C:\Program Files\Rising\RIS\Rfwdrv.dll]  [Beijing Rising Information Technology Co., Ltd., 25.0.0.7]
    [C:\Program Files\Rising\RIS\ScanSrv.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 17]
    [C:\Program Files\Rising\RIS\scanpe.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 28]
    [C:\Program Files\Rising\RIS\pearc.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 7]
    [C:\Program Files\Rising\RIS\engext.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 16]
    [C:\Program Files\Rising\RIS\ffr.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 2]
    [C:\Program Files\Rising\RIS\nvfile.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 7]
    [C:\Program Files\Rising\RIS\scantj.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 9]
    [C:\Program Files\Rising\RIS\vmicore.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 17]
    [C:\Program Files\Rising\RIS\scanexec.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 5]
    [C:\Program Files\Rising\RIS\unexe.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 0]
    [C:\Program Files\Rising\RIS\scanex.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 7]
    [C:\Program Files\Rising\RIS\ur029.dat]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 2]
[PID: 1884 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\System32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 316 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 612 / SYSTEM][D:\杀毒工具\KSM\ksmsvc.exe]  [, 2010,10,27,1479]
    [D:\杀毒工具\KSM\kdump.dll]  [Kingsoft Corporation, 2010,10,11,1453]
    [D:\杀毒工具\KSM\kxestat.dll]  [Kingsoft Corporation, 2009,11,20,309]
    [D:\杀毒工具\KSM\kxebase.dll]  [Kingsoft Corporation, 2009,11,20,309]
    [D:\杀毒工具\KSM\scom.dll]  [Kingsoft Corporation, 2009,11,20,309]
    [D:\杀毒工具\KSM\kxecore\kxelog.dll]  [Kingsoft Corporation, 2009,11,20,309]
    [D:\杀毒工具\KSM\kxecore\kxecore.dll]  [Kingsoft Corporation, 2010,5,12,402]
    [D:\杀毒工具\KSM\kxecore\kxestat.dll]  [Kingsoft Corporation, 2009,11,20,309]
    [D:\杀毒工具\KSM\ksmcorex.dll]  [Kingsoft Corporation, 2011,05,12,1951]
    [D:\杀毒工具\KSM\ksapi.dll]  [Kingsoft Corporation, 2011,05,04,30]
    [D:\杀毒工具\KSM\ksmbrfix.dll]  [Kingsoft Corporation, 2010,09,13,1403]
    [D:\杀毒工具\KSM\sqlite.dll]  [N/A, ]
    [D:\杀毒工具\KSM\ksbwsspx.dll]  [Kingsoft Corporation, 2010,05,27,1072]
    [D:\杀毒工具\KSM\ksecorex.dll]  [Kingsoft Corporation, 2011,05,20,1673]
    [D:\杀毒工具\KSM\khandler.dll]  [Kingsoft Corporation, 2011,04,08,1844]
    [D:\杀毒工具\KSM\kae\kaecore.dat]  [Kingsoft Corporation, 2010,12,28,110]
    [D:\杀毒工具\KSM\ksbwdet2.dll]  [Kingsoft Corporation, 2011,04,28,1920]
    [D:\杀毒工具\KSM\kcldrep.dll]  [Kingsoft Corporation, 2011,04,25,1905]
    [D:\杀毒工具\KSM\kavifr.dll]  [Kingsoft Corporation, 2010,05,25,74]
[PID: 660 / SYSTEM][D:\Keniu\Keniu Shadu\knsdsvc.exe]  [Keniu Network Technology., 1.0.3.1018]
    [D:\Keniu\Keniu Shadu\Ave\kave8.dll]  [Kaspersky Lab., 8, 0, 2, 54]
    [D:\Keniu\Keniu Shadu\Ave\FSSync.dll]  [Kaspersky Lab, 9.0.0.720]
    [D:\Keniu\Keniu Shadu\Ave\kavesd.dll]  [N/A, ]
    [D:\Keniu\Keniu Shadu\Ave\kavessi.dll]  [N/A, ]
    [D:\Keniu\Keniu Shadu\Ave\ipclib.dll]  [N/A, ]
    [D:\Keniu\Keniu Shadu\Ave\Queue.dll]  [N/A, ]
[PID: 700 / SYSTEM][D:\KSafe\KSafeSvc.exe]  [Kingsoft Corporation, 3.0.0.1491]
    [D:\KSafe\kdump.dll]  [Kingsoft Corporation, 2011,03,08,1746]
    [D:\KSafe\kxebase.dll]  [Kingsoft Corporation, 2010,5,12,402]
    [D:\KSafe\scom.dll]  [Kingsoft Corporation, 2010,5,12,402]
    [D:\KSafe\kxecore\kxecore.dll]  [Kingsoft Corporation, 2010,5,12,402]
    [D:\KSafe\kse\ksbcommsp.dll]  [Kingsoft Corporation, 2011,02,14,1702]
    [D:\KSafe\kexectrl.dll]  [Kingsoft Corporation, 2010,09,18,1422]
    [D:\KSafe\kwssp.dll]  [Kingsoft Corporation, 2011.05.18.1491]
    [D:\KSafe\json.dll]  [N/A, ]
    [D:\KSafe\netstat.dll]  [Kingsoft Corporation, 3.0.0.1496]
    [D:\KSafe\fwproxy.dll]  [Kingsoft Corporation, 3.0.0.1496]
    [D:\KSafe\kse\BKReScan.dll]  [Kingsoft Corporation, 2011,03,04,1740]
    [D:\KSafe\kse\sqlite.dll]  [Kingsoft Corporation, 2010,03,30,781]
    [D:\KSafe\kse\ksbwdet2.dll]  [Kingsoft Corporation, 2011,04,28,1920]
    [D:\KSafe\kse\ksecansp.dll]  [Kingsoft Corporation, 2011,04,21,1878]
    [D:\KSafe\kse\ksecorex.dll]  [Kingsoft Corporation, 2011,04,27,1624]
    [D:\KSafe\KEng\kae\kaecore.dat]  [Kingsoft Corporation, 2010,12,16,1454]
    [D:\KSafe\kse\wfs.dll]  [Kingsoft Corporation, 2011,04,20,1616]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [D:\KSafe\KEng\kae\karchive.dat]  [Kingsoft Corporation, 2010,12,16,1454]
    [D:\KSafe\KEng\kae\kaearcha.dat]  [Kingsoft Corporation, 2010,12,16,1454]
    [D:\KSafe\KEng\kae\kaeolea.dat]  [Kingsoft Corporation, 2010,12,16,1454]
    [D:\KSafe\KEng\kae\kaearchb.dat]  [Kingsoft Corporation, 2011,02,14,1540]
    [D:\KSafe\KEng\kae\kaeunpak.dat]  [Kingsoft Corporation, 2010,06,30,436]
    [D:\KSafe\KEng\kae\kaeunpack.dat]  [Kingsoft Corporation, 2010,07,18,365]
    [D:\KSafe\KEng\kae\kaecoref.dat]  [Kingsoft Corporation, 2010,12,16,1454]
    [D:\KSafe\KEng\kae\kaecorem.dat]  [Kingsoft Corporation, 2010,10,26,1328]
    [D:\KSafe\KEng\kae\kaecorea.dat]  [Kingsoft Corporation, 2010,12,16,1454]
[PID: 484 / SYSTEM][C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe]  [N/A, ]
    [C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsAcpi.dll]  [ASUS, 1, 0, 5, 0]
[PID: 1576 / SYSTEM][C:\ASUS.SYS\config\DVMExportService.exe]  [DeviceVM, Inc., 1.2.5.10]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1660 / SYSTEM][C:\WINDOWS\system32\GP_CLT_Service.exe]  [, 1, 0, 1, 10]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1676 / SYSTEM][C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\IcbcDaemon.exe]  [N/A, ]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1708 / SYSTEM][C:\WINDOWS\system32\D4Ser_ICBC.exe]  [Tendyron Corporation, 1, 0, 0, 1]
[PID: 1868 / SYSTEM][C:\WINDOWS\system32\D4MON_ICBC.exe]  [Tendyron Corporation, 1, 0, 0, 0]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\msctfime.ime]  [Microsoft Corporation, 5.1.2600.5768 (xpsp_sp3_gdr.090226-1442)]
[PID: 224 / SYSTEM][D:\Keniu\Keniu Shadu\Ave\knsdave.exe]  [N/A, ]
    [D:\Keniu\Keniu Shadu\Ave\knavpp.dll]  [Keniu Network Technology., 1.0.3.1018]
    [D:\Keniu\Keniu Shadu\Ave\oas.ppl]  [Kaspersky Lab, 9.0.0.720]
    [D:\Keniu\Keniu Shadu\kneng.dll]  [Keniu Network Technology., 1.0.3.1018]
    [D:\Keniu\Keniu Shadu\knatrun.dll]  [Keniu Network Technology., 1.0.3.1018]
    [D:\Keniu\Keniu Shadu\knbak.dll]  [Keniu Network Technology., 1.0.3.1018]
    [D:\Keniu\Keniu Shadu\kndb.dll]  [Keniu Network Technology., 1.0.3.1018]
    [D:\Keniu\Keniu Shadu\kncache.dll]  [Keniu Network Technology., 1.0.3.1018]
    [D:\Keniu\Keniu Shadu\Ave\ipclib.dll]  [N/A, ]
    [D:\Keniu\Keniu Shadu\Ave\kavess.dll]  [N/A, ]
    [D:\Keniu\Keniu Shadu\Ave\FSSync.dll]  [Kaspersky Lab, 9.0.0.720]
    [D:\Keniu\Keniu Shadu\Ave\prloader.dll]  [Kaspersky Lab, 9.0.0.720]
    [D:\Keniu\Keniu Shadu\Ave\nfio.ppl]  [Kaspersky Lab, 9.0.0.720]
    [D:\Keniu\Keniu Shadu\Ave\fsdrvplg.ppl]  [Kaspersky Lab, 9.0.0.720]
    [D:\Keniu\Keniu Shadu\Ave\winreg.ppl]  [Kaspersky Lab, 9.0.0.720]
    [D:\Keniu\Keniu Shadu\Ave\params.ppl]  [Kaspersky Lab, 9.0.0.720]
    [D:\Keniu\Keniu Shadu\Ave\tm.ppl]  [Kaspersky Lab, 9.0.0.720]
    [D:\Keniu\Keniu Shadu\Ave\schedule.ppl]  [Kaspersky Lab, 9.0.0.720]
    [D:\Keniu\Keniu Shadu\Ave\timer.ppl]  [Kaspersky Lab, 9.0.0.720]
    [D:\Keniu\Keniu Shadu\Ave\thpimpl.ppl]  [Kaspersky Lab, 9.0.0.720]
    [D:\Keniu\Keniu Shadu\Ave\report.ppl]  [Kaspersky Lab, 9.0.0.720]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [D:\Keniu\Keniu Shadu\Ave\procmon.ppl]  [Kaspersky Lab, 9.0.0.720]
    [D:\Keniu\Keniu Shadu\Ave\hashmd5.ppl]  [Kaspersky Lab, 9.0.0.720]
    [D:\Keniu\Keniu Shadu\Ave\reportdb.ppl]  [Kaspersky Lab, 9.0.0.720]
    [D:\Keniu\Keniu Shadu\Ave\klsrlsvc.ppl]  [Kaspersky Lab, 9.0.0.720]
    [D:\Keniu\Keniu Shadu\Ave\regmap.ppl]  [Kaspersky Lab, 9.0.0.720]
    [D:\Keniu\Keniu Shadu\Ave\propmap.ppl]  [Kaspersky Lab, 9.0.0.720]
    [D:\Keniu\Keniu Shadu\Ave\filemap.ppl]  [Kaspersky Lab, 9.0.0.720]
    [D:\Keniu\Keniu Shadu\Ave\crpthlpr.ppl]  [Kaspersky Lab, 9.0.0.720]
    [D:\Keniu\Keniu Shadu\Ave\dtreg.ppl]  [Kaspersky Lab, 9.0.0.720]
    [D:\Keniu\Keniu Shadu\Ave\avs.ppl]  [Kaspersky Lab, 9.0.0.720]
    [D:\Keniu\Keniu Shadu\Ave\avpmgr.ppl]  [Kaspersky Lab, 9.0.0.720]
    [D:\Keniu\Keniu Shadu\Ave\avlib.ppl]  [Kaspersky Lab, 9.0.0.720]
    [D:\Keniu\Keniu Shadu\Ave\wdiskio.ppl]  [Kaspersky Lab, 9.0.0.720]
    [D:\Keniu\Keniu Shadu\Ave\avspm.ppl]  [Kaspersky Lab, 9.0.0.720]
    [D:\Keniu\Keniu Shadu\Ave\dmap.ppl]  [Kaspersky Lab, 9.0.0.720]
    [D:\Keniu\Keniu Shadu\Ave\bases\kavbase.kdl]  [Kaspersky Lab ZAO, 2.1.5.41]
    [D:\Keniu\Keniu Shadu\Ave\bases\klavemu.kdl]  [Kaspersky Lab ZAO, 10.37.19.29]
    [D:\Keniu\Keniu Shadu\Ave\bases\kjim.kdl]  [Kaspersky Lab ZAO, 5.6.7.1]
    [D:\Keniu\Keniu Shadu\Ave\bases\vlns.kdl]  [Kaspersky Lab, 1.4.3.1]
    [D:\Keniu\Keniu Shadu\Ave\bases\mark.kdl]  [Kaspersky Lab ZAO, 4.4.2.1]
    [D:\Keniu\Keniu Shadu\Ave\bases\qscan.kdl]  [Kaspersky Lab ZAO, 3.1.28.0]
    [D:\Keniu\Keniu Shadu\Ave\bases\kavsys.kdl]  [Kaspersky Lab ZAO, 1.6.24.0]
    [D:\Keniu\Keniu Shadu\Ave\icheck3.ppl]  [Kaspersky Lab, 9.0.0.720]
    [D:\Keniu\Keniu Shadu\Ave\bases\webav.kdl]  [Kaspersky Lab, 1.4.3.1]
    [D:\Keniu\Keniu Shadu\Ave\ntfsstrm.ppl]  [Kaspersky Lab, 9.0.0.720]
[PID: 2540 / Administrator][C:\WINDOWS\Explorer.EXE]  [(Verified) Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]

[C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\msctfime.ime]  [Microsoft Corporation, 5.1.2600.5768 (xpsp_sp3_gdr.090226-1442)]
    [D:\Keniu\Keniu Shadu\knsfmon.dll]  [Keniu Network Technology., 1.0.3.1018]
    [D:\KSafe\ksfmon.dll]  [Kingsoft Corporation, 3.0.0.1498]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 9.4.0.195]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.CHS]  [, ]
[PID: 2612 / Administrator][C:\WINDOWS\system32\GP_CLT.exe]  [, 2, 0, 0, 8]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\msctfime.ime]  [Microsoft Corporation, 5.1.2600.5768 (xpsp_sp3_gdr.090226-1442)]
    [C:\WINDOWS\system32\GP_IFD.dll]  [CIDC., 1, 0, 17, 45]
    [C:\WINDOWS\system32\GP_COS.dll]  [, 2, 0, 1, 17]
    [C:\WINDOWS\system32\GP_RES.dll]  [, 2, 0, 1, 14]
[PID: 2616 / Administrator][C:\WINDOWS\system32\GP_CLT.exe]  [, 2, 0, 0, 8]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\msctfime.ime]  [Microsoft Corporation, 5.1.2600.5768 (xpsp_sp3_gdr.090226-1442)]
    [C:\WINDOWS\system32\GP_IFD.dll]  [CIDC., 1, 0, 17, 45]
    [C:\WINDOWS\system32\GP_COS.dll]  [, 2, 0, 1, 17]
    [C:\WINDOWS\system32\GP_RES.dll]  [, 2, 0, 1, 14]
[PID: 2792 / NETWORK SERVICE][C:\WINDOWS\system32\wbem\wmiprvse.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 2804 / Administrator][C:\Program Files\ASUS\TurboV EVO\TurboVHelp.exe]  [ASUSTek, 1.0.0.1]
    [C:\Program Files\ASUS\TurboV EVO\ASACPI.DLL]  [ASUS, 1, 0, 6, 0]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\msctfime.ime]  [Microsoft Corporation, 5.1.2600.5768 (xpsp_sp3_gdr.090226-1442)]
    [C:\Program Files\ASUS\TurboV EVO\HookKey32.dll]  [, 1, 0, 2, 0]
    [C:\Program Files\ASUS\TurboV EVO\pngio.dll]  [N/A, ]
    [C:\Program Files\ASUS\TurboV EVO\flashobj.dll]  [N/A, ]
    [C:\WINDOWS\system32\Macromed\Flash\Flash10q.ocx]  [Adobe Systems, Inc., 10,3,181,14]
[PID: 2868 / Administrator][C:\Program Files\ASUS\AI Suite\QFan3\QFanHelp.exe]  [, 1.0.0.2]
    [C:\Program Files\ASUS\AI Suite\QFan3\ASACPI.DLL]  [ASUS, 1, 0, 6, 0]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\msctfime.ime]  [Microsoft Corporation, 5.1.2600.5768 (xpsp_sp3_gdr.090226-1442)]
    [C:\Program Files\ASUS\AI Suite\QFan3\QFan.dll]  [AsusTek Inc., 1, 0, 0, 0]
    [C:\WINDOWS\system32\AsIo.dll]  [, 1, 0, 0, 1]
[PID: 2928 / Administrator][C:\Program Files\ASUS\Six Engine\SixEngine.exe]  [, 1.0.0.12]
    [C:\Program Files\ASUS\Six Engine\ASACPI.DLL]  [ASUS, 1, 0, 6, 0]
    [C:\Program Files\ASUS\Six Engine\ASUSSERVICE.DLL]  [N/A, ]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\msctfime.ime]  [Microsoft Corporation, 5.1.2600.5768 (xpsp_sp3_gdr.090226-1442)]
    [C:\Program Files\ASUS\Six Engine\AiGear.dll]  [AsusTek Inc., 1, 0, 10, 0]
    [C:\Program Files\ASUS\Six Engine\pngio.dll]  [N/A, ]
    [C:\WINDOWS\system32\AsIo.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\ASUS\Six Engine\AsSpindownTimeout.dll]  [, 1, 0, 0, 1]
[PID: 2952 / Administrator][D:\Keniu\Keniu Shadu\knsdtray.exe]  [Keniu Network Technology., 1.0.3.1018]
    [D:\Keniu\Keniu Shadu\knsfmon.dll]  [Keniu Network Technology., 1.0.3.1018]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\msctfime.ime]  [Microsoft Corporation, 5.1.2600.5768 (xpsp_sp3_gdr.090226-1442)]
    [D:\Keniu\Keniu Shadu\kndb.dll]  [Keniu Network Technology., 1.0.3.1018]
    [D:\Keniu\Keniu Shadu\kneng.dll]  [Keniu Network Technology., 1.0.3.1018]
    [D:\Keniu\Keniu Shadu\knatrun.dll]  [Keniu Network Technology., 1.0.3.1018]
    [D:\Keniu\Keniu Shadu\knbak.dll]  [Keniu Network Technology., 1.0.3.1018]
    [D:\Keniu\Keniu Shadu\kncache.dll]  [Keniu Network Technology., 1.0.3.1018]
    [D:\Keniu\Keniu Shadu\knescan.dll]  [Keniu Network Technology., 1.0.0.1109]
    [D:\Keniu\Keniu Shadu\kse\ksbwdet2.dll]  [Kingsoft Corporation, 2010,11,04,1495]
    [D:\Keniu\Keniu Shadu\kse\sqlite.dll]  [Kingsoft Corporation, 2010,07,05,1194]
    [D:\Keniu\Keniu Shadu\knavp.dll]  [Keniu Network Technology., 1.0.3.1018]
    [D:\Keniu\Keniu Shadu\Ave\kave8.dll]  [Kaspersky Lab., 8, 0, 2, 54]
    [D:\Keniu\Keniu Shadu\Ave\FSSync.dll]  [Kaspersky Lab, 9.0.0.720]
    [D:\Keniu\Keniu Shadu\knup.dll]  [Keniu Network Technology., 1.0.3.1018]
    [D:\Keniu\Keniu Shadu\zlib1.dll]  [, 1.2.3]
    [D:\Keniu\Keniu Shadu\Ave\kavesd.dll]  [N/A, ]
    [D:\Keniu\Keniu Shadu\Ave\kavessi.dll]  [N/A, ]
    [D:\Keniu\Keniu Shadu\Ave\ipclib.dll]  [N/A, ]
    [D:\Keniu\Keniu Shadu\Ave\Queue.dll]  [N/A, ]
    [D:\Keniu\Keniu Shadu\kplugeng.dll]  [Keniu Network Technology., 1.0.3.1018]
[PID: 2960 / Administrator][C:\Program Files\Rising\RIS\RSTRAY.EXE]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.11]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\Rising\RIS\comserv.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.13]
    [C:\Program Files\Rising\RIS\rslang.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.1]
    [C:\Program Files\Rising\RIS\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.4]
    [C:\Program Files\Rising\RIS\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.1]
    [C:\Program Files\Rising\RIS\ProcComm.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.1]
    [C:\Program Files\Rising\RIS\rsxml.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.2]
    [C:\Program Files\Rising\RIS\MonState.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2]
    [C:\Program Files\Rising\RIS\ScanEvnt.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.10]
    [C:\Program Files\Rising\RIS\rsguilib.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.11]
    [C:\Program Files\Rising\RIS\rsconf.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.4]
    [C:\Program Files\Rising\RIS\rfwrule.dll]  [Beijing Rising Information Technology Co., Ltd., 22.0.0.1]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Rising\RIS\rspalvd.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.7]
    [C:\Program Files\Rising\RIS\rsnetsvr.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.12]
    [C:\Program Files\Rising\RIS\mruleui.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 10]
    [C:\Program Files\Rising\RIS\MonTray.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.94]
    [C:\Program Files\Rising\RIS\rfwtray.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 64]
    [C:\Program Files\Rising\RIS\rsmginfo.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.6]
    [C:\Program Files\Rising\RIS\UsbServ.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 3]
    [C:\Program Files\Rising\RIS\ScanTray.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.54]
    [C:\Program Files\Rising\RIS\PngDll.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 3]
    [C:\WINDOWS\system32\shdoclc.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\Rising\RIS\dfw.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.66]
    [C:\Program Files\Rising\RIS\ScanPrxy.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.30]
    [C:\Program Files\Rising\RIS\GCompt.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.51]
    [C:\Program Files\Rising\RIS\Isol.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.14]
    [C:\Program Files\Rising\RIS\rsstore.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.12]
    [C:\Program Files\Rising\RIS\rfwlog.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.7]
[PID: 3024 / Administrator][D:\KSafe\KSafeTray.exe]  [Kingsoft Corporation, 3.0.0.1498]
    [D:\KSafe\ksfmon.dll]  [Kingsoft Corporation, 3.0.0.1498]
    [D:\KSafe\kdump.dll]  [Kingsoft Corporation, 2011,03,08,1746]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\msctfime.ime]  [Microsoft Corporation, 5.1.2600.5768 (xpsp_sp3_gdr.090226-1442)]
    [D:\KSafe\krunopt.dll]  [Kingsoft Corporation, 3.0.0.1491]
    [D:\KSafe\ksafedb.dll]  [Kingsoft Corporation, 3.0.0.1491]
    [D:\KSafe\kwsctrl.dll]  [Kingsoft Corporation, 3.0.0.1491]
    [D:\Keniu\Keniu Shadu\knsfmon.dll]  [Keniu Network Technology., 1.0.3.1018]
    [D:\KSafe\kse\bkrescan.dll]  [Kingsoft Corporation, 2011,03,04,1740]
    [D:\KSafe\kse\sqlite.dll]  [Kingsoft Corporation, 2010,03,30,781]
    [D:\KSafe\ksafeup.dll]  [Kingsoft Corporation, 3.0.0.1491]
    [D:\KSafe\zlib1.dll]  [, 1.2.3]
    [D:\KSafe\ksafevul.dll]  [Kingsoft Corporation, 3.0.0.1491]
    [D:\KSafe\kavmgr.dll]  [Kingsoft Corporation, 3.0.0.1491]
    [C:\Program Files\ASUS\TurboV EVO\HookKey32.dll]  [, 1, 0, 2, 0]
[PID: 3116 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\msctfime.ime]  [Microsoft Corporation, 5.1.2600.5768 (xpsp_sp3_gdr.090226-1442)]
[PID: 3664 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 2468 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 3852 / SYSTEM][C:\Program Files\Rising\RIS\CloudSys.exe]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 41]
    [C:\Program Files\Rising\RIS\ProcComm.dll]  [Beijing Rising Information Technology Co., Ltd., 23.0.0.1]
[PID: 3716 / Administrator][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [D:\KSafe\ksfmon.dll]  [Kingsoft Corporation, 3.0.0.1498]
    [D:\Keniu\Keniu Shadu\knsfmon.dll]  [Keniu Network Technology., 1.0.3.1018]
    [D:\KSafe\kwsui.dll]  [Kingsoft Corporation, 2011.05.18.1491]
    [D:\KSafe\kdump.dll]  [Kingsoft Corporation, 2011,03,08,1746]
    [D:\KSafe\kswebshield.dll]  [Kingsoft Corporation, 2011.05.18.1491]
    [D:\KSafe\kswbc.dll]  [Kingsoft Corporation, 2011.05.18.1491]
    [C:\WINDOWS\system32\msctfime.ime]  [Microsoft Corporation, 5.1.2600.5768 (xpsp_sp3_gdr.090226-1442)]
    [D:\Thunder Network\Thunder\BHO\XunleiBHO7.1.4.2104.dll]  [深圳市迅雷网络技术有限公司, 7,1,4,2104]
    [C:\WINDOWS\system32\ATL71.DLL]  [Microsoft Corporation, 7.10.6101.0]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\Icbc_AntiPhishing.dll]  [中国工商银行, 1.0.6.29]
    [C:\WINDOWS\system32\shdoclc.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [D:\Thunder Network\Thunder\BHO\xldb.7.1.4.2104.dll]  [深圳市迅雷网络技术有限公司, 1, 0, 1, 6]
    [D:\Thunder Network\Thunder\BHO\xldp.7.1.4.2104.dll]  [深圳市迅雷网络技术有限公司, 1, 0, 2, 23]
    [C:\Program Files\ASUS\TurboV EVO\HookKey32.dll]  [, 1, 0, 2, 0]
[PID: 2068 / SYSTEM][C:\WINDOWS\system32\wuauclt.exe]  [(Verified) Microsoft Corporation, 7.2.6001.788 (winmain_oob/wu_wsuswlc(wmbla).081016-1330)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 548 / Administrator][D:\杀毒工具\SRENG\sr-engldr.EXE]  [Smallfrogs Studio, 2.8.4.1331]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [D:\KSafe\ksfmon.dll]  [Kingsoft Corporation, 3.0.0.1498]
    [D:\Keniu\Keniu Shadu\knsfmon.dll]  [Keniu Network Technology., 1.0.3.1018]
    [C:\WINDOWS\system32\msctfime.ime]  [Microsoft Corporation, 5.1.2600.5768 (xpsp_sp3_gdr.090226-1442)]
    [C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [D:\杀毒工具\SRENG\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1      localhost
==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 1316, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2612, C:\WINDOWS\SYSTEM32\GP_CLT.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2616, C:\WINDOWS\SYSTEM32\GP_CLT.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2804, C:\PROGRAM FILES\ASUS\TURBOV EVO\TURBOVHELP.EXE]
==================================
计划任务
N/A
==================================
Windows 安全更新检查
N/A
==================================
API HOOK
入口点错误：LoadLibraryExW (危险等级: 高,  被下面模块所HOOK: 0x012B02F1)
入口点错误：CreateProcessA (危险等级: 高,  被下面模块所HOOK: 0x012702F1)
入口点错误：CreateProcessW (危险等级: 高,  被下面模块所HOOK: 0x012802F1)
入口点错误：ShellExecuteExW (危险等级: 高,  被下面模块所HOOK: 0x012502F1)
入口点错误：ShellExecuteW (危险等级: 高,  被下面模块所HOOK: 0x012402F1)
==================================
隐藏进程
N/A
==================================[/code]

瑞星＋可牛＋毒霸！！！

汗！

建议之装一个杀软

之前只装了瑞星，后来中毒了才到处装来杀毒，但是一个都不管用啊……

你将安全软件都卸载后观察看如何，这情况实在难以判断。

系统有时候被一些恶意程序影响后，也不是很容易知道修复哪里的。