杀软被禁用，进程里开机就50多个进程项，未名进程多不胜数，求高手指教

用户系统信息：Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727)

瑞星无法打开，可先下载木马群专杀和橙色八月专杀工具以及“建立安全环境工具”查杀。这些工具除了可以清除病毒外，还可以起到修复瑞星和建立瑞星正常运行环境的作用。
这些工具扫描完，瑞星可启动，启动瑞星后，升级瑞星至最新版本，断网杀毒，问题可解决，专杀工具下载地址为：http://dl.rising.com.cn/DownLoadInfo/VirusTools_More.shtml
下载“建立安全环境工具”的链接地址：http://bbs.ikaka.com/showtopic-8547280.aspx

前几天用专杀还提出了一些木马，今天连木马群专杀及修复都不能用了，开机提示加载C：windows\system32\killdll.dll 时出错，内存分配访问无效。

用户系统信息：Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727)

开机时进程项多达90个了，我已经手动关了那些垃圾木马。可一开机还是有

用橙色八月提取，结果内存使用高达100%，进度一直停留在内存程序上

安全模式下用专杀查杀。
同时设置msconfig为诊断模式启动。
之后回到正常模式下，再次查杀。

在安全模式下，木马进程依然跳着玩 ，而且关于那个查杀木马群的家伙也不好用了，打不开，说正在被另一个程序使用，完，肯定又是＇进水＇了，另外刚刚一个系统提示，我觉得还是说一下比较好，plugin
run-time error
-2147023838(80070422) automation error the service cannot be started,either beacuse it is disabled or beacuse it has no enabled devices associated with it.

扫SRENG日志发这论坛来先看看吧。
下载SRENG2.6版工具：http://www.kztechs.com/sreng/download.html
SRENG工具的扫描日志操作，看这贴2楼：http://bbs.ikaka.com/showtopic-8442813.aspx

[code]2009-04-08,12:06:32
System Repair Engineer 2.7.1.1261
Smallfrogs (http://www.KZTechs.com)
Windows XP Home Edition Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描
    计划任务
    API HOOK
    隐藏进程

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><; C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <LiveUpdate_UIServer><; C:\Program Files\Lenovo\LiveUpdate\UiServer.exe>  []
    <MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <MSConfig><C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto>  [(Verified)Microsoft Windows Publisher]
    <a360><; C:\WINDOWS\system32\scvhost.exe>  []
    <360Safebox><; "C:\Program Files\360\360safebox\safeboxTray.exe" /r>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <360Safetray><; C:\Program Files\360\360Safe\safemon\360tray.exe /start>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <Alcmtr><; ALCMTR.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <BtTray><; "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe" -startup>  []
    <cabinetLaunch><; C:\Program Files\lenovo\Lenovo Yangtian Data Security Management\launch.exe>  [Lenovo(Beijing) Company, Ltd.]
    <CCenterIM><; "C:\Program Files\Lenovo\联想通讯中心6.0\CCenterIM.exe" /Auto>  []
    <Ferrari><; C:\WINDOWS\system32\scvhost.exe>  []
    <Funshion><; D:\Program Files\Funshion Online\Funshion\Funshion.exe /tray>  []
    <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <KBDaemon><; C:\Program Files\Lenovo\联想功能键盘驱动\KBDaemon.exe>  []
    <LenovoTT><; C:\Program Files\Lenovo\Lenovo Trust Technology\LenovoTT.exe>  [skyware]
    <multitray><; C:\Program Files\Lenovo\MultiRecover\loadtray.exe>  [(Verified)"Xi'an Saming Technology Co., Ltd."]
    <NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <NvMediaCenter><; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <nwiz><; nwiz.exe /install>  [N/A]
    <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <RavTray><; "C:\Program Files\Rising\Rav\RsTray.exe" -system>  [(Verified)Beijing Rising Information Technology Corporation Limited]
    <RfwMain><; "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
    <RTHDCPL><; RTHDCPL.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <runeip><; "C:\Program Files\Rising\AntiSpyware\rstray.exe" /startup>  [(Verified)Beijing Rising Information Technology Corporation Limited]
    <StartCCC><; C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <qq2983><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\131796_xeex.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  []
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><kmon.dll>  [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows XP Publisher]
    <{B70A8AAD-F18A-465E-8240-184DD5845D2D}><C:\WINDOWS\fonts\X7s7xgtP.fon>  [File is missing]
    <{47018D3A-8682-4D30-AC5E-F74B84189AB3}><C:\WINDOWS\fonts\crrp2mDP.fon>  [File is missing]
    <{704C3595-DB85-40F6-A601-8D6F346907BD}><C:\WINDOWS\system32\704C3595.dll>  []
    <{C10D41C6-4D17-4808-87CE-40612862A1BB}><C:\WINDOWS\system32\XR5nPhu9.dll>  []
    <{A1A6BC2E-C6A1-43C1-8884-A31D772F42B8}><C:\WINDOWS\system32\A1A6BC2E.dll>  [File is missing]
    <{028A997C-4262-4107-BD46-2ABBC6143E8C}><C:\WINDOWS\system32\efc0c52cc1.dll>  []
    <{CC0EC2C9-432D-4DCC-91E7-A7C5CEA748D8}><C:\WINDOWS\system32\CC0EC2C9.dll>  [File is missing]
    <{08223B03-1B38-4A33-A83A-A4D3CC1D6E4E}><C:\WINDOWS\system32\08223B03.dll>  []
    <{737858A9-9AEA-4838-9B49-54DA731F7F37}><C:\WINDOWS\system32\BMsg6pdMD4ht.dll>  []
    <{FEACAF74-8D58-42F4-AB39-1CDA51437347}><C:\WINDOWS\system32\etGBJk2YCXnM.dll>  [File is missing]
    <{CC2B89B8-6A27-4D4A-BBBE-D2CD655A47C2}><C:\WINDOWS\system32\d7eb91606b0.dll>  []
    <{A2A0F1E3-5A22-4952-8A3E-25C5E9CFC302}><C:\WINDOWS\system32\MGmdqtJZG47.dll>  [File is missing]
    <{1FB0C5FF-4FA0-49B6-9C16-6E7A15ED3CC2}><C:\WINDOWS\system32\hfbgclff.dll>  [File is missing]
    <{7F90BCCD-8208-418A-AE04-A854328EE6CF}><C:\WINDOWS\system32\nfpgbccd.dll>  [File is missing]
    <{3261172B-A309-4F94-AB03-9105CD41894B}><C:\WINDOWS\system32\jimhhnib.dll>  [File is missing]
    <{1779203F-7B22-403D-A2E7-41B39A65370F}><C:\WINDOWS\system32\hnnpigjf.dll>  [File is missing]
    <{49762F37-EF1F-447D-A27A-967C9520A3F8}><C:\WINDOWS\fonts\sJbQjtY7bc.fon>  [File is missing]
    <{3F8A57D2-00D4-4204-B7A0-91FB4C2446DF}><C:\WINDOWS\system32\jfoalndi.dll>  [File is missing]
    <{3A5700C3-2847-4CBE-A3E5-F0C394690C9A}><C:\WINDOWS\system32\wS0GWMZ.dll>  [File is missing]
    <{DE00760F-DC9F-46C2-9D4E-61B5BB810C51}><C:\WINDOWS\system32\STG4WdmetW2FP.dll>  []
    <{609758CB-54E6-4C21-B57C-3407D9E232E8}><C:\WINDOWS\system32\YbKeaDWhb3vF4pe.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows XP Publisher]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows XP Publisher]
    <WebCheck><C:\WINDOWS\system32\webcheck.dll>  [(Verified)Microsoft Windows]
    <SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Publisher]
    <1FB0C5FF><C:\WINDOWS\system32\hfbgclff.dll>  [File is missing]
    <7F90BCCD><C:\WINDOWS\system32\nfpgbccd.dll>  [File is missing]
    <3261172B><C:\WINDOWS\system32\jimhhnib.dll>  [File is missing]
    <1779203F><C:\WINDOWS\system32\hnnpigjf.dll>  [File is missing]
    <3F8A57D2><C:\WINDOWS\system32\jfoalndi.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\uklognf]
    <WinlogonNotify: uklognf><uklognf.dll>  [Lenovo Co. LTD]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
    <IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    <Browser Customizations><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -BaseSettings>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608}]
    <Fax><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DrRtp.exe]
    <IFEO[DrRtp.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe]
    <IFEO[egui.exe]><services.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctor.exe]
    <IFEO[QQDoctor.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RStray.exe]
    <IFEO[RStray.exe]><C:\WINDOWS\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINDOWS\System32\logon.scr>  [(Verified)Microsoft Windows Publisher]
==================================
启动文件夹
N/A
==================================
服务
[Application Management / AppMgmt][Stopped/Disabled]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[Ati HotKey Poller / Ati HotKey Poller][Stopped/Disabled]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[BlueSoleilCS / BlueSoleilCS][Stopped/Disabled]
  <C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe><>
[BsHelpCS / BsHelpCS][Stopped/Disabled]
  <C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe><>
[CCommWDSSearch / CCommWDSSearch][Stopped/Disabled]

用户系统信息：Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727)

<"C:\Program Files\lenovo\联想通讯中心6.0\CCommWDSSearch.exe"><TODO: <公司名>>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[IGRS / IGRS][Stopped/Disabled]
  <"C:\Program Files\Common Files\Lenovo Shared\AnyComm\IGRS.exe"><联想集团有限公司>
[lenovo live update / Lenovo Upgrade Service.bis.release][Stopped/Disabled]
  <C:\Program Files\lenovo\LiveUpdate\liveupdate.exe><新思软件技术有限公司>
[NVIDIA Display Driver Service / NVSvc][Stopped/Disabled]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[OKAV Agent Service / OKAV Agent Service][Stopped/Disabled]
  <C:\Program Files\Trend Micro\OKAVAgent\OKAVAgent.exe><Trend Micro Inc.>
[Rav Process Communication Center / RavCCenter][Stopped/Disabled]
  <C:\Program Files\Rising\Rav\CCENTER.EXE><Beijing Rising Information Technology Co., Ltd.>
[Rising RavTask Manager / RavTask][Stopped/Disabled]
  <"C:\Program Files\Rising\Rav\RavTask.exe" RavTask><Beijing Rising Information Technology Co., Ltd.>
[Rising Proxy  Service / RfwProxySrv][Stopped/Disabled]
  <c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Stopped/Disabled]
  <c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Disabled]
  <C:\Program Files\Rising\Rav\RavMonD.exe><Beijing Rising Information Technology Co., Ltd.>
[Rising Scan Service / RsScanSrv][Stopped/Disabled]
  <C:\Program Files\Rising\Rav\ScanFrm.exe><Beijing Rising Information Technology Co., Ltd.>
[Lenovo file service / secsvr][Stopped/Disabled]
  <C:\WINDOWS\secsvr.exe><Lenovo Co. LTD>
[system privilege agent / sysagent][Stopped/Disabled]
  <C:\WINDOWS\system32\sysagent.exe><lenovo>
[Lenovo auto login helper / usblogon][Stopped/Disabled]
  <C:\WINDOWS\usblogon.exe><Lenovo Co. LTD>
==================================
驱动程序
[Microsoft Kernel Acoustic Echo Canceller / aec][Stopped/Manual Start]
  <system32\drivers\aec.sys><N/A>
[AliIde / AliIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD AGP Bus Filter Driver / amdagp][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\amdagp.sys><Advanced Micro Devices, Inc.>
[asc / asc][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\asc.sys><Advanced System Products, Inc.>
[asc3550 / asc3550][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\asc3550.sys><Advanced System Products, Inc.>
[RAS Asynchronous Media Driver / AsyncMac][Stopped/Manual Start]
  <system32\DRIVERS\asyncmac.sys><N/A>
[ati2mtag / ati2mtag][Stopped/Manual Start]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[BdGuard / BdGuard][Running/Boot Start]
  <\SystemRoot\system32\drivers\BDGuard.SYS><>
[Bluetooth Audio Service / BlueletAudio][Stopped/Manual Start]
  <system32\DRIVERS\blueletaudio.sys><IVT Corporation.>
[Bluetooth SCO Audio Service / BlueletSCOAudio][Stopped/Manual Start]
  <system32\DRIVERS\BlueletSCOAudio.sys><IVT Corporation.>
[BREGDRV / BREGDRV][Stopped/Manual Start]
  <\??\D:\TDDOWNLOAD\BREGDRV.sys><N/A>
[Bluetooth PAN Network Adapter / BT][Stopped/Manual Start]
  <system32\DRIVERS\btnetdrv.sys><IVT Corporation.>
[Bluetooth HID Enumerator / BTHidEnum][Running/Boot Start]
  <\SystemRoot\System32\Drivers\vbtenum.sys><IVT Corporation.>
[Bluetooth HID Manager Service / BTHidMgr][Running/Boot Start]
  <\SystemRoot\System32\Drivers\BTHidMgr.sys><IVT Corporation.>
[CmdIde / CmdIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[dac2w2k / dac2w2k][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\dac2w2k.sys><Mylex Corporation>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[hookcont / hookcont][Stopped/System Start]
  <system32\drivers\HookCont.sys><Beijing Rising Information Technology Co., Ltd.>
[hooksys / hooksys][Stopped/System Start]
  <system32\drivers\HookSys.sys><Beijing Rising Information Technology Co., Ltd.>
[HookUrl / HookUrl][Stopped/Auto Start]
  <\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Stopped/Manual Start]
  <system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[mraid35x / mraid35x][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\mraid35x.sys><American Megatrends Inc.>
[nv / nv][Stopped/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[pcidump / pcidump][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\pcidump.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[ql1080 / ql1080][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\ql1080.sys><QLogic Corporation>
[ql12160 / ql12160][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\ql12160.sys><QLogic Corporation>
[ql1280 / ql1280][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\ql1280.sys><QLogic Corporation>
[Rising  Rfwbase Driver / RfwBase][Stopped/Auto Start]
  <System32\DRIVERS\rfwbase.SYS><Beijing Rising Technology Co., Ltd.>
[RsFwDrv / RsFwDrv][Stopped/System Start]
  <\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Information Technology Co., Ltd.>
[rspp / rspp][Stopped/System Start]
  <\??\C:\WINDOWS\system32\Drivers\Rspp.sys><Beijing Rising Information Technology Co., Ltd.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[SafeBoxKrnl / SafeBoxKrnl][Stopped/System Start]
  <\??\C:\WINDOWS\system32\drivers\SafeBoxKrnl.sys><360安全中心>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[SIS AGP Bus Filter / sisagp][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\sisagp.sys><Silicon Integrated Systems Corporation>
[Sparrow / Sparrow][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\sparrow.sys><Adaptec, Inc.>
[symc810 / symc810][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\symc810.sys><Symbios Logic Inc.>
[symc8xx / symc8xx][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\symc8xx.sys><LSI Logic>
[sym_hi / sym_hi][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\sym_hi.sys><LSI Logic>
[sym_u3 / sym_u3][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\sym_u3.sys><LSI Logic>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[ultra / ultra][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\ultra.sys><Promise Technology, Inc.>
[UPDATEDATA / UPDATEDATA][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\acpiec.sys><N/A>
[Virtual Serial port driver / VComm][Stopped/Manual Start]
  <system32\DRIVERS\VComm.sys><IVT Corporation.>
[Bluetooth VComm Manager Service / VcommMgr][Stopped/Manual Start]
  <System32\Drivers\VcommMgr.sys><IVT Corporation.>
[VDProtect / VDProtect][Stopped/System Start]
  <\SystemRoot\system32\drivers\VDProtect.sys><Lenovo>
[NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller / yukonwxp][Running/Manual Start]
  <system32\DRIVERS\yk51x86.sys><Marvell>
[zx / zx][Stopped/Manual Start]
  <\??\C:\DOCUME~1\lenovo\LOCALS~1\Temp\~bc80.tmp><N/A>
==================================
浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[BandIE Class]
  {77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\PROGRA~1\baidu\bar\baidubar.dll, (Signed) Baidu.com, Inc.>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[卡卡上网安全助手]
  {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} <C:\WINDOWS\system32\UrlFilter.dll, (Signed) Beijing Rising Information Technology Co., Ltd.>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360\360Safe\safemon\safemon.dll, (Signed) 360.CN>
[Windows Live Toolbar Helper]
  {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, (Signed) Microsoft Corporation>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, (Signed) Thunder Networking Technologies,LTD>
[联想]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.lenovo.com, N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, (Signed) Microsoft Corporation>
[Windows Live Toolbar]
  {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, (Signed) Microsoft Corporation>
[百度工具栏]
  {B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\baidubar.dll, (Signed) Baidu.com, Inc.>
[AxSubmitControl Class]
  {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\DOWNLO~1\SUBMIT~1.DLL, >
[]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <, >
[]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <, >
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360\360Safe\live.dll, (Signed) 360.cn>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, (Signed) Adobe Systems, Inc.>
[]
  {FB5F1910-F110-11D2-BB9E-00C04F795683} <, >
==================================
正在运行的进程
[PID: 524][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 580][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 604][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4162]
    [C:\WINDOWS\system32\uklognf.dll]  [Lenovo Co. LTD, 1, 0, 0, 1]
    [C:\WINDOWS\system32\mangdrive.dll]  [Lenovo Co. LTD, 1, 0, 0, 1]
    [C:\WINDOWS\system32\COMRes.dll]  [N/A, ]
    [C:\WINDOWS\fonts\gth16502.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth19506.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth24504.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth26507.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth30511.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth33503.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth39513.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth41501.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth43508.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth60335.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth62333.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth68327.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth77327.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth80327.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth83325.ttf]  [N/A, ]
[PID: 648][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 660][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 800][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\COMRes.dll]  [N/A, ]
    [C:\WINDOWS\fonts\gth16502.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth19506.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth24504.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth26507.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth30511.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth33503.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth39513.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth41501.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth43508.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth60335.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth62333.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth68327.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth77327.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth80327.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth83325.ttf]  [N/A, ]
[PID: 904][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\COMRes.dll]  [N/A, ]
    [C:\WINDOWS\fonts\gth16502.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth19506.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth24504.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth26507.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth30511.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth33503.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth39513.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth41501.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth43508.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth60335.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth62333.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth68327.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth77327.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth80327.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth83325.ttf]  [N/A, ]
[PID: 1168][C:\WINDOWS\system32\userinit.exe]  [N/A, ]
    [C:\WINDOWS\system32\COMRes.dll]  [N/A, ]
    [C:\WINDOWS\fonts\gth16502.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth19506.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth24504.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth26507.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth30511.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth33503.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth39513.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth41501.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth43508.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth60335.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth62333.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth68327.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth77327.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth80327.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth83325.ttf]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\msdfjsadfjd.dat]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jxinit.dat]  [N/A, ]
    [C:\WINDOWS\system32\STG4WdmetW2FP.dll]  [N/A, ]
[PID: 1192][C:\WINDOWS\explorer.exe]  [N/A, ]
    [C:\WINDOWSupdate.dll]  [N/A, ]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\WINDOWS\system32\COMRes.dll]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jxinit.dat]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\msdfjsadfjd.dat]  [N/A, ]
    [C:\WINDOWS\fonts\gth16502.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth19506.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth24504.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth26507.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth30511.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth33503.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth39513.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth41501.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth43508.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth60335.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth62333.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth68327.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth77327.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth80327.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth83325.ttf]  [N/A, ]
    [C:\WINDOWS\system32\STG4WdmetW2FP.dll]  [N/A, ]
[PID: 1292][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\WINDOWS\system32\COMRes.dll]  [N/A, ]
    [C:\WINDOWS\fonts\gth16502.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth19506.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth24504.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth26507.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth30511.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth33503.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth39513.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth41501.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth43508.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth60335.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth62333.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth68327.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth77327.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth80327.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth83325.ttf]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jxinit.dat]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\msdfjsadfjd.dat]  [N/A, ]
    [C:\WINDOWS\system32\d7eb91606b0.dll]  [N/A, ]
    [C:\WINDOWS\system32\BMsg6pdMD4ht.dll]  [N/A, ]
    [C:\WINDOWS\system32\08223B03.dll]  [N/A, ]
    [C:\WINDOWS\system32\efc0c52cc1.dll]  [N/A, ]
    [C:\WINDOWS\system32\XR5nPhu9.dll]  [N/A, ]
    [C:\WINDOWS\system32\704C3595.dll]  [N/A, ]
    [C:\WINDOWS\system32\STG4WdmetW2FP.dll]  [N/A, ]
[PID: 1376][C:\WINDOWS\temp\explorer.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\WINDOWS\system32\COMRes.dll]  [N/A, ]
    [C:\WINDOWS\fonts\gth16502.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth19506.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth24504.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth26507.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth30511.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth33503.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth39513.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth41501.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth43508.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth60335.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth62333.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth68327.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth77327.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth80327.ttf]  [N/A, ]
    [C:\WINDOWS\fonts\gth83325.ttf]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\msdfjsadfjd.dat]  [N/A, ]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jxinit.dat]  [N/A, ]
    [C:\WINDOWS\system32\nvcpl.dll]  [NVIDIA Corporation, 6.14.10.7184]
    [C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll]  [, 2, 0, 0, 0]
    [C:\WINDOWS\system32\STG4WdmetW2FP.dll]  [N/A, ]
    [C:\WINDOWS\system32\704C3595.dll]  [N/A, ]
    [C:\WINDOWS\system32\XR5nPhu9.dll]  [N/A, ]
    [C:\WINDOWS\system32\efc0c52cc1.dll]  [N/A, ]
    [C:\WINDOWS\system32\08223B03.dll]  [N/A, ]
    [C:\WINDOWS\system32\BMsg6pdMD4ht.dll]  [N/A, ]
    [C:\WINDOWS\system32\d7eb91606b0.dll]  [N/A, ]
    [C:\WINDOWS\system32\YbKeaDWhb3vF4pe.dll]  [N/A, ]
    [C:\WINDOWS\system32\ucabinet.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\mangdrive.dll]  [Lenovo Co. LTD, 1, 0, 0, 1]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
[PID: 192][C:\WINDOWS\system32\taskmgr.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\WINDOWS\system32\COMRes.dll]  [N/A, ]