rocess PID CPU Description Company Name
System Idle Process 0
Interrupts n/a 0.91 Hardware Interrupts
DPCs n/a 0.91 Deferred Procedure Calls
System 4
smss.exe 680 Windows NT Session Manager Microsoft Corporation
csrss.exe 732 0.91 Client Server Runtime Process Microsoft Corporation
winlogon.exe 756 Windows NT Logon Application Microsoft Corporation
services.exe 800 1.82 Services and Controller app Microsoft Corporation
ibmpmsvc.exe 972
svchost.exe 1028 Generic Host Process for Win32 Services Microsoft Corporation
TIMPlatform.exe 3976 TIMPlatform tencent
svchost.exe 1104 Generic Host Process for Win32 Services Microsoft Corporation
CCenter.exe 1200 CCenter Beijing Rising Technology Co., Ltd.
svchost.exe 1216 Generic Host Process for Win32 Services Microsoft Corporation
wuauclt.exe 3408 Automatic Updates Microsoft Corporation
svchost.exe 1412 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1604 Generic Host Process for Win32 Services Microsoft Corporation
RavMonD.exe 1700 RavMond Beijing Rising Technology Co., Ltd.
RavStub.exe 260 Rising RavStub Beijing Rising Technology Co., Ltd.
rfwsrv.exe 1740 Rising Personal FireWall Service Beijing Rising Technology Co., Ltd.
rfwmain.exe 488 Rising Personal FireWall Main Program Beijing Rising Technology Co., Ltd.
spoolsv.exe 184 Spooler SubSystem App Microsoft Corporation
ati2evxx.exe 620
QCONSVC.EXE 708
rundll32.exe 1144 Run a DLL as an App Microsoft Corporation
svchost.exe 1360 Generic Host Process for Win32 Services Microsoft Corporation
wdfmgr.exe 1684 Windows User Mode Driver Manager Microsoft Corporation
MsPMSPSv.exe 1812 WMDM PMSP Service Microsoft Corporation
alg.exe 436 Application Layer Gateway Service Microsoft Corporation
lsass.exe 812 LSA Shell (Export Version) Microsoft Corporation
explorer.exe 1540 85.45 Windows Explorer Microsoft Corporation
tp4serv.exe 2060 IBM PS/2 TrackPoint Daemon IBM Corporation
TPHKMGR.exe 2328
RavTask.exe 2396 RavTimer Beijing Rising Technology Co., Ltd.
RavMon.exe 2440 RavMon Beijing Rising Technology Co., Ltd.
rundll32.exe 2464 Run a DLL as an App Microsoft Corporation
realsched.exe 2476 RealNetworks Scheduler RealNetworks, Inc.
ctfmon.exe 2556 CTF Loader Microsoft Corporation
sde.exe 3156 sde 北京兴华基业软件技术有限公司
procexp.exe 2312 10.00 Sysinternals Process Explorer Sysinternals
QQ.exe 1336 QQ TENCENT

Process: Pid: 1540

Type Name
Desktop \Default
Directory \Windows
Directory \BaseNamedObjects
Directory \KnownDlls
Event \BaseNamedObjects\crypt32LogoffEvent
Event \BaseNamedObjects\ShellReadyEvent
Event \BaseNamedObjects\HPlugEjectEvent
Event \BaseNamedObjects\mixercallback
Event \BaseNamedObjects\hardwaremixercallback
Event \BaseNamedObjects\userenv: User Profile setup event
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9
File C:\Documents and Settings\use\桌面
File \Device\Tcp
File C:\Documents and Settings\use\Local Settings\Application Data\Microsoft\CD Burning
File C:\Documents and Settings\All Users\桌面
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9
File C:\Documents and Settings\use\「开始」菜单
File \Device\Netbios
File \Device\0000008f
File C:\Documents and Settings\use\Application Data\Microsoft\Internet Explorer\Quick Launch
File C:\Documents and Settings\All Users\「开始」菜单
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9
File C:\Documents and Settings\use\NetHood
File \Device\Tcp
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9
File \Device\Tcp
File \Device\Ip
File \Device\Ip
File \Device\Ip
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9
File \Device\KsecDD
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9
File \Device\0000008e
File \Device\KSENUM#00000001\{9B365890-165F-11D0-A195-0020AFD156E4}
File \Device\WMIDataDevice
File C:\Documents and Settings\use\PrintHood
File C:\Documents and Settings\use\Cookies\index.dat
File C:\Documents and Settings\use\Local Settings\Temporary Internet Files\Content.IE5\index.dat
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9
File C:\Documents and Settings\use\Local Settings\History\History.IE5\index.dat
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9
File \Device\NamedPipe\ROUTER
File \Device\NamedPipe\ROUTER
File \Device\Afd\AsyncConnectHlp
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9
File \Device\Afd\Endpoint
File \Device\Udp
File \Dfs
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9
File C:\Documents and Settings\use\Local Settings\Temp\SQL.LOG
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9
File \Device\NamedPipe\ROUTER
File \Device\Afd\Endpoint
File \Device\Tcp
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82
File \Device\Tcp
File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9
File C:\Documents and Settings\use
Key HKCR
Key HKLM\SOFTWARE\Microsoft\COM3
Key HKU
Key HKLM\SOFTWARE\Microsoft\COM3
Key HKLM\SOFTWARE\Microsoft\COM3
Key HKCR\CLSID
Key HKCU\Software\Classes
Key HKCU\Software\Classes
Key HKCU\Software\Microsoft\Plus!\Themes\Apply
Key HKCU\Software\Classes
Key HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts
Key HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Blocked
Key HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
Key HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
Key HKCU\Software\Classes
Key HKCU\Software\Classes
Key HKCU\Software\Microsoft\Windows\ShellNoRoam
Key HKLM
Key HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache
Key HKCU\Software\Classes
Key HKCU\Software\Microsoft\Internet Explorer\Security\P3Global
Key HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700
-EF1F-11D0-9888-006097DEACF9}\Count
KeyHKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count
KeyHKCU\Software\Classes
KeyHKCU\Software\Classes
KeyHKCR\http\shell
KeyHKLM\SYSTEM\ControlSet003\Control\Nls\Locale
KeyHKLM\SYSTEM\ControlSet003\Control\Nls\Locale\Alternate Sorts
KeyHKLM\SYSTEM\ControlSet003\Control\Nls\Language Groups
KeyHKCU\Software\Classes
KeyHKCU\Software\Classes
KeyHKCU\Software\Classes
KeyHKCU\Software\Classes
KeyHKCU\Software\Classes
KeyHKCU\Software\Microsoft\Windows\Shell\Bags\1\Desktop
KeyHKCU\Software\Classes
KeyHKU
KeyHKCU\Software\Classes
KeyHKCU\Software\Microsoft\Internet Explorer\Security\P3Sites
KeyHKCU\Software\Classes\CLSID
KeyHKCU\Software\Microsoft\Windows\Shell
KeyHKCU\Software\Classes
KeyHKCU\Software\Classes
KeyHKCU\Software\Classes
KeyHKCU\Software\Classes
KeyHKCU\Software\Classes
KeyHKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units
KeyHKCU\Software\Classes
KeyHKCU\Software\Classes
KeyHKCU\Software\Classes
KeyHKCU\Software\Classes
KeyHKCU\Software\Classes
KeyHKCU\Software\Classes
KeyHKLM\SYSTEM\ControlSet003\Services\Tcpip\Linkage
KeyHKLM\SYSTEM\ControlSet003\Services\Tcpip\Parameters
KeyHKLM\SYSTEM\ControlSet003\Services\NetBT\Parameters\Interfaces
KeyHKLM\SYSTEM\ControlSet003\Services\NetBT\Parameters
KeyHKCU\Software\Classes
KeyHKCU\Software\Classes
KeyHKLM\SOFTWARE\Microsoft\Tracing\NETSHELL
KeyHKCU\Software\Classes
KeyHKCU\Software\Classes
KeyHKCU\Software\Classes
KeyHKCU\Software\Classes
KeyHKCU\Software\Classes
KeyHKCU\Software\Microsoft\Internet Explorer\Security\P3Global
KeyHKCU\Software\Classes
KeyHKCU\Software\Classes
KeyHKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units
KeyHKCU\Software\Classes
KeyHKLM\SOFTWARE\Microsoft\Tracing\RASAPI32
KeyHKLM\SYSTEM\ControlSet003\Services\WinSock2\Parameters\Protocol_Catalog9
KeyHKLM\SYSTEM\ControlSet003\Services\WinSock2\Parameters\NameSpace_Catalog5
KeyHKCU
KeyHKLM\SYSTEM\ControlSet003\Hardware Profiles\0001

KeyHKCU
KeyHKCU\Software\Classes
KeyHKCU\Software\Classes
KeyHKLM\SYSTEM\Setup
KeyHKCU\Software\Microsoft\Internet Explorer\Security\P3Sites
KeyHKLM\SOFTWARE\Microsoft\Tracing\RASDLG
KeyHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
KeyHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
KeyHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
KeyHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
KeyHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
KeyHKCU\Software\Classes
KeyHKCU\Software\Classes
KeyHKCU\Software\Classes
KeyHKCU\Software\Classes
KeyHKLM\SOFTWARE\Microsoft\Windows\Shell
KeyHKCU\Software\Classes
KeyHKLM\SYSTEM\ControlSet003\Control\NetworkProvider\HwOrder
KeyHKCU\Software\Classes
KeyHKCU\Software\Classes
KeyHKCU\Software\Classes
KeyHKCU\Software\Classes
KeyHKCU\Software\Microsoft\Windows\Shell\Bags\1\Desktop
KeyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32
KeyHKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java
KeyHKCU\Software\Classes
KeyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WOW\NonWindowsApp
KeyHKCU\Software\Microsoft\Windows\CurrentVersion\Explorer
KeyHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
KeyHKCU\Software\Microsoft\Windows\CurrentVersion\Explorer
KeyHKCR
KeyHKCU\Software\Classes
KeyHKLM\SOFTWARE\Microsoft\COM3
KeyHKU
KeyHKCR
KeyHKU
KeyHKLM\SOFTWARE\Microsoft\COM3
KeyHKLM\SOFTWARE\Microsoft\COM3
KeyHKCR\CLSID
KeyedEvent\KernelObjects\CritSecOutOfMemoryEvent
Mutant\BaseNamedObjects\ZonesCounterMutex
Mutant\BaseNamedObjects\ZonesCacheCounterMutex
Mutant\BaseNamedObjects\ZonesLockedCacheCounterMutex
Mutant\BaseNamedObjects\_SHuassist.mtx
Mutant\BaseNamedObjects\CTF.LBES.MutexDefaultS-1-5-21-1484400983-2589800181-2619313026-1005
Mutant\BaseNamedObjects\CTF.Compart.MutexDefaultS-1-5-21-1484400983-2589800181-2619313026-1005
Mutant\BaseNamedObjects\CTF.Asm.MutexDefaultS-1-5-21-1484400983-2589800181-2619313026-1005
Mutant\BaseNamedObjects\CTF.Layouts.MutexDefaultS-1-5-21-1484400983-2589800181-2619313026-1005
Mutant\BaseNamedObjects\CTF.TMD.MutexDefaultS-1-5-21-1484400983-2589800181-2619313026-1005
Mutant\BaseNamedObjects\{26604741-79E2-4b28-B080-2EBB5875BFDC}_stdup_timer_ad
Mutant\BaseNamedObjects\MSCTF.Shared.MUTEX.MKH
Mutant\BaseNamedObjects\MidiMapper_Configure
Mutant\BaseNamedObjects\MidiMapper_modLongMessage_RefCnt
Mutant\BaseNamedObjects\CTF.TimListCache.FMPDefaultS-1-5-21-1484400983-2589800181-2619313026-1005MUTEX.DefaultS-1-5-21-1484400983-2589800181-2619313026-1005
Mutant\BaseNamedObjects\c:!documents and settings!use!local settings!history!history.ie5!
Mutant\BaseNamedObjects\c:!documents and settings!use!cookies!
Mutant\BaseNamedObjects\_!MSFTHISTORY!_
Mutant\BaseNamedObjects\MSCTF.Shared.MUTEX.MKH
Mutant\BaseNamedObjects\WininetStartupMutex
Mutant\BaseNamedObjects\c:!documents and settings!use!local settings!temporary internet files!content.ie5!
Mutant\BaseNamedObjects\WininetConnectionMutex
Mutant\BaseNamedObjects\WininetProxyRegistryMutex
Mutant\BaseNamedObjects\RasPbFile
Mutant\BaseNamedObjects\{B5F4AF01-6236-4b7d-A038-91FDB25DC9A0}-ad-GetAdIni
Mutant\BaseNamedObjects\MSCTF.Shared.MUTEX.IAG
Mutant\BaseNamedObjects\MSCTF.Shared.MUTEX.APL
Mutant\BaseNamedObjects\MSCTF.Shared.MUTEX.IAG
Mutant\BaseNamedObjects\DBWinMutex
Mutant\BaseNamedObjects\RasPbFile
Mutant\BaseNamedObjects\MSCTF.Shared.MUTEX.EDH
Mutant\BaseNamedObjects\MSCTF.Shared.MUTEX.MKH
Mutant\BaseNamedObjects\MSCTF.Shared.MUTEX.ANL
Mutant\BaseNamedObjects\ExplorerIsShellMutex
Mutant\BaseNamedObjects\ShimCacheMutex
Port\RPC Control\OLE8C4CE0C6782D4409A3E404315DB3
Section\BaseNamedObjects\UrlZonesSM_use
Section\BaseNamedObjects\CiceroSharedMemDefaultS-1-5-21-1484400983-2589800181-2619313026-1005
Section\BaseNamedObjects\MSCTF.MarshalInterface.FileMap.MKH.AB.IJHME
Section\BaseNamedObjects\MSCTF.MarshalInterface.FileMap.MKH.BB.IJHME
Section\BaseNamedObjects\MSCTF.Shared.SFM.APL
Section\BaseNamedObjects\mmGlobalPnpInfo
Section\BaseNamedObjects\WDMAUD_Callbacks
Section\BaseNamedObjects\CTF.TimListCache.FMPDefaultS-1-5-21-1484400983-2589800181-2619313026-1005SFM.DefaultS-1-5-21-1484400983-2589800181-2619313026-1005
Section\BaseNamedObjects\MSCTF.Shared.SFM.MKH
Section\BaseNamedObjects\MSCTF.Shared.SFM.MKH
Section\BaseNamedObjects\MSCTF.MarshalInterface.FileMap.MKH.E.IBNBB
Section\BaseNamedObjects\C:_Documents and Settings_use_Local Settings_Temporary Internet Files_Content.IE5_index.dat_2097152
Section\BaseNamedObjects\C:_Documents and Settings_use_Local Settings_History_History.IE5_index.dat_245760
Section\BaseNamedObjects\C:_Documents and Settings_use_Cookies_index.dat_49152
Section\BaseNamedObjects\SENS Information Cache
Section\BaseNamedObjects\MSCTF.Shared.SFM.IAG
Section\BaseNamedObjects\MSCTF.MarshalInterface.FileMap.MKH.P.IJHME
Section\BaseNamedObjects\MSCTF.Shared.SFM.IAG
Section\BaseNamedObjects\MSCTF.MarshalInterface.FileMap.MKH.CB.IIPDF
Section\BaseNamedObjects\MSCTF.Shared.SFM.MKH
Section\BaseNamedObjects\MSCTF.MarshalInterface.FileMap.MKH.EB.IIPDF
Section\BaseNamedObjects\MSCTF.Shared.SFM.EDH
Section\BaseNamedObjects\MSCTF.MarshalInterface.FileMap.MKH.H.IDFFD
Section\BaseNamedObjects\MSCTF.MarshalInterface.FileMap.MKH.DB.IIPDF
Section\BaseNamedObjects\MSCTF.Shared.SFM.ANL
Section\BaseNamedObjects\ShimSharedMemory
Semaphore\BaseNamedObjects\shell.{090851A5-EB96-11D2-8BE4-00C04FA31A66}
Semaphore\BaseNamedObjects\shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}
Semaphore\BaseNamedObjects\shell.{7CB834F0-527B-11D2-9D1F-0000F805CA57}
Semaphore\BaseNamedObjects\shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}
Semaphore\BaseNamedObjects\shell.{A48F1A32-A340-11D1-BC6B-00A0C90312E1}
Semaphore\BaseNamedObjects\PowerProfileRegistrySemaphore
Semaphore\BaseNamedObjects\shell.{6D5313C0-8C62-11D1-B2CD-006097DF8C11}
Semaphore\BaseNamedObjects\shell.{210A4BA0-3AEA-1069-A2D9-08002B30309D}
Thread(1540): 1544
Thread(1540): 1956
Thread(1540): 1964
Thread(1540): 1968
Thread(1540): 1976
Thread(1540): 1980
Thread(1540): 1980
Thread(1540): 1960
Thread(1540): 2036
Thread(1540): 1368
Thread(1540): 2452
Thread(1540): 2604
Thread(1540): 2484
Thread(1540): 2800
Thread(1540): 2800
Thread(1540): 2076
Thread(1540): 3104
Thread(1540): 3104
Thread(1540): 1368
TokenNT AUTHORITY\NETWORK SERVICE
TokenNT AUTHORITY\SYSTEM
WindowStation\Windows\WindowStations\WinSta0
WindowStation\Windows\WindowStations\WinSta0

不知中了什么病毒，使计算机慢死了，请教各位老大帮帮忙忙好吗

http://forum.ikaka.com/topic.asp?board=28&artid=6979213第1楼下载HijackThis导出全部日志发上来。