4月4日早上点错一个网页。。恶梦开始了。。。
　　中毒前瑞星更新至3月30日，中毒后所有瑞星可执行文件无效。
　　RAVMON、smartup、ras改名后可以运行，但是所有监控被禁用，杀毒软件可将smartup改名后智能升级，卡卡改名后可运行但无法升级。
　　用橙色八月专杀杀了三次，再也杀不出什么了。灰鸽子、威金、熊猫、Trojan.PSW.QQPass 专杀工具也用过，没查出病毒。
　　用SERVICES.MSC后将瑞星进程全设为自动，但是没有ravmon进程。
　　内存监控修复.exe用过，无效。
　　任务管理器里多了msrundll.exe cdnup.exe  conime.exe,偶尔会跳出三个CMD和三个myplay.com,然后自动消失。
　　进安全模式就蓝屏，修复或重新安装瑞星都显示安装通用库错误。
　　注册表里的winlogon\shell的值后多了asp.exe 删除后自动出现
　　用瑞星在线查毒查出一堆17个毒，大部分是盗号木马。
　　现在开机扫描可用，无毒。
　　另：autoruns与SREng都要改名后才能运行。

[CODE]

2007-04-05,10:19:13

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}><"C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe">  [Nero AG]
    <c><; C:\DOCUME~1\TANYI~1\LOCALS~1\Temp\Servere.exe>  [N/A]
    <MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background>  [(Verified)Microsoft Windows XP Publisher]
    <Realplayer.exe><; C:\WINDOWS\system32\Realplayer.exe>  [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <333><C:\Syswm1i\svchost.exe>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <SoundMan><SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]
    <DAEMON Tools><"D:\Tool\DAEMON Tools\daemon.exe" -lang 1033>  [(Verified)DAEMON Tools Code Signing Services]
    <NeroFilterCheck><C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe>  [Nero AG]
    <NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [NVIDIA Corporation]
    <NvMediaCenter><; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [NVIDIA Corporation]
    <CdnCtr><C:\Program Files\CNNIC\Cdn\cdnup.exe>  [CNNIC]
    <runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <winform><; C:\WINDOWS\winform.exe>  []
    <mppds><C:\WINDOWS\mppds.exe>  []
    <upxdnd><C:\DOCUME~1\TANYI~1\LOCALS~1\Temp\upxdnd.exe>  []
    <msccrt><; C:\WINDOWS\msccrt.exe>  []
    <cmdbc><C:\WINDOWS\cmdbc.exe>  []
    <AutoInsQyule><; C:\Program Files\Qyule\QyuleInstall.exe>  [N/A]
    <DAEMON Tools-1033><; "D:\Tool\D-Tools\daemon.exe"  -lang 1033>  [N/A]
    <DaemonTools_WhenUSaveNow_Installer><; C:\Program Files\DaemonTools_WhenUSaveNow_Installer\DaemonTools_WhenUSaveNow_Installer.exe>  [N/A]
    <FixCamera><; C:\WINDOWS\FixCamera.exe>  []
    <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <kernel32><; C:\WINDOWS\Kernel32.exe>  [N/A]
    <Lexmark X1100 Series><; "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe">  [N/A]
    <LogitechVideoRepair><; C:\Program Files\Logitech\Video\ISStart.exe>  [N/A]
    <LVCOMSX><; C:\WINDOWS\system32\LVCOMSX.EXE>  [N/A]
    <MoveSearch><; C:\Program Files\wsearch\Search.exe>  [N/A]
    <nwiz><; nwiz.exe /install>  []
    <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <qcsszjcz><; c:\chenhu2\chenqxms.exe>  [陈虎]
    <snpstd3><; C:\WINDOWS\vsnpstd3.exe>  []
    <StormCodec_Helper><; "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti>  []
    <System><; C:\Program Files\Common Files\System\Updaterun.exe>  [N/A]
    <TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [N/A]
    <tsnpstd3><; C:\WINDOWS\tsnpstd3.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe asp.exe>  []
    <Userinit><C:\WINDOWS\system32\UserInit.exe,rundll32.exe C:\WINDOWS\system32\winsys16_070402.dll start>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ieencode]
    <WinlogonNotify: ieencode><ftpsapi6.dll>  []

==================================
启动文件夹
N/A

==================================
服务
[1F4418C4 / 1F4418C4][Stopped/Disabled]
  <C:\WINDOWS\system32\1F4418C4.EXE -service><N/A>
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
  <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Cryptographic Machine / AtHome][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\evpyo.dll><Microsoft Corporation>
[ Cryptographic Server / CryptographicServer][Stopped/Disabled]
  <C:\WINDOWS\system32\mshtmlsed.exe><N/A>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
  <"C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"><Macrovision Corporation>
[IEAgent service / IEAgent][Stopped/Disabled]
  <"C:\WINDOWS\system32\ieagent.exe"><>
[NBService / NBService][Stopped/Manual Start]
  <C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe><Nero AG>
[NMIndexingService / NMIndexingService][Running/Manual Start]
  <"C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe"><Nero AG>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Rising Proxy  Service / RfwProxySrv][Stopped/Auto Start]
  <c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Stopped/Auto Start]
  <c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Remote Packet Capture Protocol v.0 (experimental) / rpcapd][Stopped/Manual Start]
  <"C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini"><N/A>
[Rising Process Communication Center / RsCCenter][Stopped/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Std sbfd Service / sbfd][Stopped/Disabled]
  <C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\uwxy\egki.dll,Service -s><Microsoft Corporation>
[Computer Storage / WIDETS][Running/Auto Start]
  <C:\WINDOWS\SYSTEM32\RUNDLL2000.EXE C:\WINDOWS\SYSTEM32\WBEM\NBGQB.DLL,Export 1087><Microsoft Corporation>
[Portable Media / WmdmPWD][Running/Auto Start]
  <C:\WINDOWS\system32\Svchost.exe -k WmdmPWD-->C:\WINDOWS\system32\MDserivces\services\svchost.dll><Microsoft Corporation>

驱动程序
[acpidisk / acpidisk][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\acpidisk.sys><N/A>
[aeedgdcj / aeedgdcj][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\aeedgdcj.sys><N/A>
[Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]
  <system32\drivers\ALCXSENS.SYS><Sensaura Ltd>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[cdeigigh / cdeigigh][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\cdeigigh.sys><N/A>
[cdnprot / cdnprot][Running/Boot Start]
  <\SystemRoot\system32\drivers\cdnprot.sys><中国互联网络信息中心(CNNIC)>
[Digi PortServer Driver / DIGIRPS][Stopped/Manual Start]
  <system32\DRIVERS\digirlpt.sys><Digi International, Inc.>
[dtscsi / dtscsi][Stopped/Manual Start]
  <\SystemRoot\System32\Drivers\dtscsi.sys><N/A>
[EagleNT / EagleNT][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\EagleNT.sys><N/A>
[enfmij7 / enfmij76][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\enfmij76.sys><N/A>
[ExpScaner / ExpScaner][Stopped/Auto Start]
  <\??\C:\Program Files\Rising\Rav\ExpScan.sys><N/A>
[HookCont / HookCont][Stopped/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><N/A>
[HookReg / HookReg][Stopped/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookReg.sys><N/A>
[HookSys / HookSys][Stopped/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookSys.sys><N/A>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[kcveab9 / kcveab99][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\kcveab99.sys><N/A>
[mProcRs / mProcRs][Stopped/Disabled]
  <\??\c:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[mwkrgw1 / mwkrgw13][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\mwkrgw13.sys><N/A>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
  <system32\drivers\npf.sys><CACE Technologies>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\D:\Tool\qq2005\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[oqmhit0 / oqmhit09][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\oqmhit09.sys><N/A>
[StarForce Protection Environment Driver v6 / prodrv06][Running/System Start]
  <\SystemRoot\System32\drivers\prodrv06.sys><StarForce Technologies, Inc.>
[StarForce Protection Helper Driver v2 / prohlp02][Running/Boot Start]
  <\SystemRoot\System32\drivers\prohlp02.sys><StarForce Technologies, Inc.>
[StarForce Protection Synchronization Driver v1 / prosync1][Running/Boot Start]
  <\SystemRoot\System32\drivers\prosync1.sys><StarForce Technologies, Inc.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[Logitech QuickCam Communicate / QCMerced][Stopped/Manual Start]
  <system32\DRIVERS\LVCM.sys><N/A>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[RsFwDrv / RsFwDrv][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Stopped/Auto Start]
  <\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><N/A>
[Secdrv / Secdrv][Running/Auto Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[StarForce Protection Environment Driver (version 1.x) / sfdrv01][Running/Boot Start]
  <\SystemRoot\System32\drivers\sfdrv01.sys><Protection Technology>
[StarForce Protection Environment Driver (version 1.x.a) / sfdrv01a][Running/Boot Start]
  <\SystemRoot\System32\drivers\sfdrv01a.sys><Protection Technology (StarForce)>
[StarForce Protection Helper Driver / sfhlp01][Running/Boot Start]
  <\SystemRoot\System32\drivers\sfhlp01.sys><StarForce Technologies, Inc.>
[StarForce Protection Helper Driver (version 2.x) / sfhlp02][Running/Boot Start]
  <\SystemRoot\System32\drivers\sfhlp02.sys><Protection Technology (StarForce)>
[StarForce Protection Synchronization Driver (version 3.x) / sfsync03][Running/Boot Start]
  <\SystemRoot\System32\drivers\sfsync03.sys><Protection Technology>
[StarForce Protection Synchronization Driver (version 4.x) / sfsync04][Running/Boot Start]
  <\SystemRoot\System32\drivers\sfsync04.sys><Protection Technology (StarForce)>
[USB PC Camera (SNPSTD3) / SNPSTD3][Stopped/Manual Start]
  <system32\DRIVERS\snpstd3.sys><>
[sptd / sptd][Running/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[SVKP / SVKP][Running/Auto Start]
  <\??\C:\WINDOWS\system32\SVKP.sys><AntiCracking>
[uoudcn4 / uoudcn45][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\uoudcn45.sys><N/A>
[usb8028 / usb8028][Running/System Start]
  <system32\drivers\usb8028.sys><Microsoft Corporation>
[usb8028x / usb8028x][Running/System Start]
  <system32\drivers\usb8028x.sys><Windows System Internal>
[%WMIBIOS.ServiceName% / WMIBIOS][Running/Manual Start]
  <System32\Drivers\wmibios.sys><Gigabyte Technology>
[WMIINFO Driver / WMIINFO][Running/Manual Start]
  <System32\Drivers\wmiinfo.sys><Gigabyte Technology>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter / yukonwxp][Running/Manual Start]
  <system32\DRIVERS\yukonwxp.sys><Marvell Semiconductor Inc.>
[yzdjkz72 / yzdjkz72][Stopped/Boot Start]
  <\SystemRoot\system32\\drivers\\system32\\drivers\\%s.sys.sys><N/A>
[VIMICRO USB PC Camera / ZSMC301b][Stopped/Manual Start]
  <System32\Drivers\usbVM31b.sys><VM>

==================================
浏览器加载项
[BitComet Helper]
  {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <F:\BitComet0.70\tools\BitCometBHO.dll, BitComet>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <D:\Tool\qq2005\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[HelpIE Class]
  {589A6FED-A214-4FE3-8D1E-CD07BC634D89} <C:\WINDOWS\system32\HelpIE.dll, TODO: <公司名>>
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\Tool\迅雷\ComDlls\XunLeiBHO_001.dll, Thunder Networking Technologies,LTD>
[IeCatch2 Class]
  {A5366673-E8CA-11D3-9CD9-0090271D075B} <D:\Tool\flashget\jccatch.dll, Amaze Soft>
[NTIECatcher Class]
  {C56CB6B0-0D96-11D6-8C65-B2868B609932} <D:\Tool\NetTransport 2\NTIEHelper.dll, Xi>
[浩方对战平台]
  {0A155D3C-68E2-4215-A47A-E800A446447A} <F:\My Games\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司>
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\Tool\qq2005\QQ.EXE, TENCENT>
[FlashGet]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <D:\Tool\flashget\flashget.exe, Amaze Soft>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <D:\Tool\qq2005\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[Rising Web Scan Object]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\DOWNLO~1\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[BitComet Helper]
  {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <F:\BitComet0.70\tools\BitCometBHO.dll, BitComet>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <D:\Tool\qq2005\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[HelpIE Class]
  {589A6FED-A214-4FE3-8D1E-CD07BC634D89} <C:\WINDOWS\system32\HelpIE.dll, TODO: <公司名>>
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\Tool\迅雷\ComDlls\XunLeiBHO_001.dll, Thunder Networking Technologies,LTD>
[IeCatch2 Class]
  {A5366673-E8CA-11D3-9CD9-0090271D075B} <D:\Tool\flashget\jccatch.dll, Amaze Soft>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[NTIECatcher Class]
  {C56CB6B0-0D96-11D6-8C65-B2868B609932} <D:\Tool\NetTransport 2\NTIEHelper.dll, Xi>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[]
  {D7ECC3AC-9614-4DDB-8FAB-69B74554CD9D} <C:\DOCUME~1\TANYI~1\APPLIC~1\MICROS~1\AddIns\IE_HEL~1.DLL, N/A>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <D:\Tool\flashget\fgiebar.dll, Amaze Soft>
[Rising Web Scan Object]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\DOWNLO~1\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[&使用迅雷下载]
  <D:\Tool\迅雷\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
  <D:\Tool\迅雷\Program\GetAllUrl.htm, N/A>
[???QQ??]
  <D:\Tool\qq2005\AddEmotion.htm, N/A>
[???QQ????]
  <D:\Tool\qq2005\AddToNetDisk.htm, N/A>
[???QQ?????]
  <D:\Tool\qq2005\AddPanel.htm, N/A>
[?QQ???????]
  <D:\Tool\qq2005\SendMMS.htm, N/A>
[Download All by FlashGet]
  <D:\Tool\flashget\jc_all.htm, N/A>
[Download using FlashGet]
  <D:\Tool\flashget\jc_link.htm, N/A>
[上传到QQ网络硬盘]
  <D:\Tool\qq2005\AddToNetDisk.htm, N/A>
[使用影音传送带下载]
  <D:\Tool\NetTransport 2\NTAddLink.html, N/A>
[使用影音传送带下载全部链接]
  <D:\Tool\NetTransport 2\NTAddList.html, N/A>
[添加到QQ自定义面板]
  <D:\Tool\qq2005\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\Tool\qq2005\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\Tool\qq2005\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 728][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 816][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 840][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\ftpsapi6.dll]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\winlib .dll]  [N/A, ]
[PID: 884][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 896][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1064][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1152][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1260][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\windows\system32\evpyo.dll]  [Microsoft Corporation, 5.1.2600.0]
[PID: 256][C:\WINDOWS\Explorer.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [CNNIC, 2, 2, 0, 1]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 11]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [CNNIC, 2, 5, 0, 0]
    [C:\WINDOWS\system32\javascript.dll]  [, 1.1.1.163]
    [C:\Syswm1i\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\winform.dll]  [N/A, ]
    [C:\WINDOWS\system32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\system32\msccrt.dll]  [N/A, ]
    [C:\DOCUME~1\TANYI~1\LOCALS~1\Temp\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\system32\cmdbc.dll]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\HelpIE.dll]  [TODO: <公司名>, 1.0.0.1]
    [D:\Tool\迅雷\ComDlls\XunLeiBHO_001.dll]  [Thunder Networking Technologies,LTD, 5, 0, 0, 1]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll]  [Nero AG, 2, 7, 3, 1]
    [C:\Program Files\Nero\Nero 7\Nero BackItUp\MFC71U.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Nero\Nero 7\Nero BackItUp\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Nero\Nero 7\Nero BackItUp\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [c:\windows\system32\evpyo.dll]  [Microsoft Corporation, 5.1.2600.0]
[PID: 312][C:\Program Files\CNNIC\Cdn\cdnup.exe]  [CNNIC, 2, 5, 0, 8]
    [C:\Program Files\CNNIC\Cdn\cdnuplib.dll]  [CNNIC, 2, 5, 0, 11]
    [C:\Program Files\CNNIC\Cdn\cdnprh.dll]  [CNNIC, 2, 4, 0, 7]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [CNNIC, 2, 5, 0, 0]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 11]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [CNNIC, 2, 2, 0, 1]
    [C:\Syswm1i\Ghook.dll]  [N/A, ]
[PID: 352][C:\program files\internet explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [CNNIC, 2, 2, 0, 1]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 11]
    [C:\Program Files\CNNIC\Cdn\cdnuplib.dll]  [CNNIC, 2, 5, 0, 11]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [CNNIC, 2, 5, 0, 0]
    [F:\BitComet0.70\tools\BitCometBHO.dll]  [BitComet, 20061213]
    [D:\Tool\qq2005\QQIEHelper.dll]  [深圳市腾讯计算机系统有限公司, 1, 1, 0, 5]
    [C:\WINDOWS\system32\HelpIE.dll]  [TODO: <公司名>, 1.0.0.1]
    [C:\WINDOWS\system32\winsys32_070402.dll]  [N/A, ]
    [D:\Tool\迅雷\ComDlls\XunLeiBHO_001.dll]  [Thunder Networking Technologies,LTD, 5, 0, 0, 1]
    [C:\Syswm1i\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\cmdbc.dll]  [N/A, ]
    [C:\WINDOWS\system32\winform.dll]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx]  [Macromedia, Inc., 8,0,24,0]
[PID: 1928][C:\WINDOWS\system32\MSRundll.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\player.dll]  [  , 1, 0, 0, 3]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [CNNIC, 2, 2, 0, 1]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 11]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [CNNIC, 2, 5, 0, 0]
    [C:\Syswm1i\Ghook.dll]  [N/A, ]
[PID: 1072][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5.1.0.19]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [CNNIC, 2, 2, 0, 1]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 11]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [CNNIC, 2, 5, 0, 0]
    [C:\Syswm1i\Ghook.dll]  [N/A, ]
[PID: 1060][D:\Tool\DAEMON Tools\daemon.exe]  [DT Soft Ltd., 4.06.0.0]
    [D:\Tool\DAEMON Tools\daemon.dll]  [DT Soft Ltd., 4.06.0.0]
    [D:\Tool\DAEMON Tools\PFCTOC.DLL]  [Padus(R), Inc., 1, 0, 0, 12]
    [D:\Tool\DAEMON Tools\Plugins\Images\bw5mount.dll]  [, 1.1.0.0]
    [D:\Tool\DAEMON Tools\Plugins\Images\ccdmount.dll]  [GENERIC, 1.10.0.0]
    [D:\Tool\DAEMON Tools\Plugins\Images\cuemount.dll]  [DT Soft Ltd., 1.0.0.0]
    [D:\Tool\DAEMON Tools\Plugins\Images\mdsmount.dll]  [DT Soft Ltd., 1.16.0.0]
    [D:\Tool\DAEMON Tools\Plugins\Images\nrgmount.dll]  [GENERIC, 1.11.0.0]
    [D:\Tool\DAEMON Tools\Plugins\Images\pdimount.dll]  [GENERIC, 1.01.0.0]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [CNNIC, 2, 2, 0, 1]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 11]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [CNNIC, 2, 5, 0, 0]
    [C:\Syswm1i\Ghook.dll]  [N/A, ]
[PID: 1424][C:\WINDOWS\system32\RUNDLL32.EXE]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\NvMcTray.dll]  [NVIDIA Corporation, 6.14.10.7801]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [CNNIC, 2, 2, 0, 1]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 11]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [CNNIC, 2, 5, 0, 0]
    [C:\Syswm1i\Ghook.dll]  [N/A, ]
[PID: 2144][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [CNNIC, 2, 2, 0, 1]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 11]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [CNNIC, 2, 5, 0, 0]
    [C:\Syswm1i\Ghook.dll]  [N/A, ]
[PID: 2368][C:\Syswm1i\svchost.exe]  [N/A, ]
    [C:\Syswm1i\Ghook.dll]  [N/A, ]
[PID: 2384][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [CNNIC, 2, 2, 0, 1]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 11]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [CNNIC, 2, 5, 0, 0]
    [C:\Syswm1i\Ghook.dll]  [N/A, ]
[PID: 2424][C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe]  [Nero AG, 1, 5, 13, 0]
    [C:\Program Files\Common Files\Ahead\Lib\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Common Files\Ahead\Lib\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [CNNIC, 2, 2, 0, 1]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 11]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [CNNIC, 2, 5, 0, 0]
    [C:\Program Files\Common Files\Ahead\Lib\AdvrCntr2.dll]  [Nero AG, 5,22,2, 10400]
    [C:\Syswm1i\Ghook.dll]  [N/A, ]
    [C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvrPS.dll]  [Nero AG, 1, 5, 13, 0]
    [C:\Program Files\Common Files\Ahead\Lib\NMDataServices.dll]  [Nero AG, 1, 5, 13, 0]
[PID: 2884][C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe]  [Nero AG, 1, 5, 13, 0]
    [C:\Program Files\Common Files\Ahead\Lib\NMSQLDB.dll]  [Nero AG, 1, 5, 13, 0]
    [C:\Program Files\Common Files\Ahead\Lib\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Common Files\Ahead\Lib\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [CNNIC, 2, 2, 0, 1]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 11]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [CNNIC, 2, 5, 0, 0]
    [C:\Program Files\Common Files\Ahead\Lib\NMLogCxx.dll]  [Nero AG, 1, 5, 13, 0]
    [C:\Program Files\Common Files\Ahead\Lib\log4cxx.dll]  [Nero AG, 1, 0, 0, 0]
    [C:\Program Files\Common Files\Ahead\Lib\NMCoFoundation.dll]  [Nero AG, 1, 5, 13, 0]
    [C:\Program Files\Common Files\Ahead\Lib\NMPluginBase.dll]  [Nero AG, 1, 5, 13, 0]
    [C:\Program Files\Common Files\Ahead\Lib\NMFullTextExtraction.dll]  [Nero AG, 1, 5, 13, 0]
    [C:\Program Files\Common Files\Ahead\Lib\NMSearchPluginSimilarImages.dll]  [Nero AG, 1, 5, 13, 0]
    [C:\Program Files\Common Files\Ahead\Lib\NeroIPP.dll]  [Nero AG, 4,5,17,1]
    [C:\Program Files\Common Files\Ahead\Lib\NMDataServices.dll]  [Nero AG, 1, 5, 13, 0]
    [C:\Program Files\Common Files\Ahead\Lib\NMIndexingServicePS.dll]  [Nero AG, 1, 5, 13, 0]
    [C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvrPS.dll]  [Nero AG, 1, 5, 13, 0]
    [C:\Syswm1i\Ghook.dll]  [N/A, ]

[PID: 3412][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [CNNIC, 2, 2, 0, 1]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 11]
    [C:\Program Files\CNNIC\Cdn\cdnuplib.dll]  [CNNIC, 2, 5, 0, 11]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [CNNIC, 2, 5, 0, 0]
    [F:\BitComet0.70\tools\BitCometBHO.dll]  [BitComet, 20061213]
    [D:\Tool\qq2005\QQIEHelper.dll]  [深圳市腾讯计算机系统有限公司, 1, 1, 0, 5]
    [C:\WINDOWS\system32\HelpIE.dll]  [TODO: <公司名>, 1.0.0.1]
    [D:\Tool\迅雷\ComDlls\XunLeiBHO_001.dll]  [Thunder Networking Technologies,LTD, 5, 0, 0, 1]
    [C:\Syswm1i\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\cmdbc.dll]  [N/A, ]
    [C:\WINDOWS\system32\winform.dll]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx]  [Macromedia, Inc., 8,0,24,0]
    [C:\WINDOWS\DOWNLO~1\OL2005.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 7]
    [C:\WINDOWS\system32\xpsp3res.dll]  [Microsoft Corporation, 5.1.2600.2937 (xpsp_sp2_gdr.060623-0002)]
    [C:\WINDOWS\system32\CHENHU4.IME]  [chenhu, 5.8]
    [C:\Program Files\Rising\RavWeb\libload.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
    [C:\Program Files\Rising\RavWeb\VirusLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [C:\Program Files\Rising\RavWeb\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\RavWeb\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\RavWeb\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 12]
    [C:\Program Files\Rising\RavWeb\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [C:\Program Files\Rising\RavWeb\MVEngine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
    [C:\Program Files\Rising\RavWeb\Engine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 27]
    [C:\Program Files\Rising\RavWeb\ScanExec.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
    [C:\Program Files\Rising\RavWeb\Unpacker.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
    [C:\Program Files\Rising\RavWeb\UnExe.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [C:\Program Files\Rising\RavWeb\ScanEx.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 44]
    [C:\Program Files\Rising\RavWeb\ExtFile.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 25]
    [C:\Program Files\Rising\RavWeb\PostTrt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 13]
    [C:\Program Files\Rising\RavWeb\ScanMac.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 13]
    [C:\Program Files\Rising\RavWeb\ScanSct.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
    [C:\Program Files\Rising\RavWeb\ScanPack.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 22]
    [C:\Program Files\Rising\RavWeb\RsVM.dll]  [, 19, 0, 0, 16]
    [C:\Program Files\Rising\RavWeb\Uroutine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 25]
    [C:\Program Files\Rising\RavWeb\NvFile.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
    [C:\Program Files\Rising\RavWeb\ExtMail.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 13]
    [C:\Program Files\Rising\RavWeb\ExtOLE.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 12]
    [C:\Program Files\Rising\RavWeb\Uscript.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 18]
    [C:\Program Files\Rising\RavWeb\ScanNet.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\Program Files\Rising\RavWeb\ScanElf.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
[PID: 3812][D:\Tool\迅雷\Program\Thunder5.exe]  [Thunder Networking Technologies,LTD, 5.1.6.198]
    [D:\Tool\迅雷\Program\UpdateDownload.dll]  [Thunder Networking Technologies,LTD, 1, 0, 1, 3]
    [D:\Tool\迅雷\Program\download_interface.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 69]
    [D:\Tool\迅雷\Program\log4cplus.dll]  [, 1, 0, 2, 1]
    [D:\Tool\迅雷\Program\stlport_vc646.dll]  [STLport Consulting, Inc., 4.6.2003.1031]
    [D:\Tool\迅雷\Program\asyn_dns.dll]  [N/A, ]
    [D:\Tool\迅雷\Program\msgmanage.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 15]
    [D:\Tool\迅雷\Program\historyinfo_manage.dll]  [Thunder Networking Technologies,LTD, 5, 2, 0, 148]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [CNNIC, 2, 2, 0, 1]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 11]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [CNNIC, 2, 5, 0, 0]
    [D:\Tool\迅雷\Program\RegisterDll.dll]  [Thunder Networking Technologies,LTD, 1, 2, 0, 7]
    [D:\Tool\迅雷\Program\FloatBar.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
    [D:\Tool\迅雷\Components\InMedia\iEmbedShell.dll]  [　, 1, 0, 0, 5]
    [D:\Tool\迅雷\Components\InMedia\iEmbed.dll]  [　, 2, 1, 0, 29]
    [D:\Tool\迅雷\Components\P4PClient\P4PClient.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 4]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [D:\Tool\迅雷\Program\iTargetAd.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 60]
    [C:\Syswm1i\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx]  [Macromedia, Inc., 8,0,24,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\cmdbc.dll]  [N/A, ]
    [C:\WINDOWS\system32\winform.dll]  [N/A, ]
[PID: 2200][C:\Documents and Settings\Tan Yi\桌面\新建文件夹\SREng1.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [CNNIC, 2, 2, 0, 1]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 11]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [CNNIC, 2, 5, 0, 0]
    [C:\Syswm1i\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\cmdbc.dll]  [N/A, ]
    [C:\WINDOWS\system32\winform.dll]  [N/A, ]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost
61.188.38.107      www.9605899.com
61.188.38.107      hyap98.com
61.188.38.107      www.hyap98.com
61.188.38.107      82087871.com
61.188.38.107      www.82087871.com
61.188.38.107      47555.cn
61.188.38.107      nc.47555.cn
61.188.38.107      cn.47555.cn
61.188.38.107      crsky.47555.cn
61.188.38.107      www.47555.cn

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

中毒太多了，建议你重装系统

只想把瑞星救回来。。手动清掉一些毒后现在系统还是比较正常。。就是没有监控实在用的不放心。。

求救啊。。怎么办。。

救命。。。