瑞星的实时监控不打开怎么回事啊!!右下角那个雨伞没了!!

[CODE]
2008-06-06,20:47:03
System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <wallpaper><c:\windows\system32\壁纸自动换.exe>  []
    <AGRSMMSG><AGRSMMSG.exe>  [Agere Systems]
    <ATIModeChange><Ati2mdxx.exe>  [(Verified)Microsoft Windows Publisher]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
    <runeip><"C:\Program Files\Rising\AntiSpyware\runiep.exe" /startup>  [Beijing Rising Technology Co., Ltd.]
    <racer><C:\Program Files\racer-ccn-racerpc-ha\racer.exe>  [Putian Runway]
    <KuGoo3><C:\Program Files\KuGoo2007\KuGoo.exe>  []
    <hefcndy><C:\WINDOWS\hefcndy.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><SysDaJcHv.dll,wipicdec.dll,nicozftp00.dll,msosmhfp00.dll,msosmnsf00.dll,msosdohs00.dll,msosjtio00.dll,msosdrop00.dll,msoscqit00.dll,msosfmsq00.dll,ieprot.dll,lsqwki.dll>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
    <{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll>  [Beijing Rising Technology Co., Ltd.]
    <{C3D16072-2E1B-450B-B843-50EADDC8EB63}><C:\WINDOWS\system32\xcvaver0.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
==================================
启动文件夹
[腾讯QQ]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\腾讯QQ.lnk --> C:\PROGRA~1\QQ2006\QQ.exe [TENCENT]><N>
==================================
服务
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
  <C:\WINDOWS\system32\Ati2evxx.exe><>
[Contrl Center of Storm Media / ccosm][Running/Auto Start]
  <C:\Program Files\StormII\stormliv.exe /asservice><北京暴风网际科技有限公司>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Process Communication Center / RsCCenter][Stopped/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
  <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[Agere Systems Soft Modem / AgereSoftModem][Running/Manual Start]
  <system32\DRIVERS\AGRSM.sys><Agere Systems>
[ALi Audio Accelerator WDM driver / aliadwdm][Running/Manual Start]
  <system32\drivers\ac97ali.sys><Acer Laboratories Inc.>
[AliIde / AliIde][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD K8 Processor Driver / AmdK8][Stopped/Manual Start]
  <System32\DRIVERS\amdk8.sys><Advanced Micro Devices>
[ati2mtag / ati2mtag][Running/Manual Start]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[cqit / cqit][Stopped/Auto Start]
  <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp85.tmp><N/A>
[drop / drop][Stopped/Auto Start]
  <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp87.tmp><N/A>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
  <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[fmsq / fmsq][Stopped/Auto Start]
  <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp8B.tmp><N/A>
[HookCont / HookCont][Running/System Start]
  <\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Technology Co., Ltd>
[HookNtos / HookNtos][Running/System Start]
  <\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Technology Co., Ltd>
[HookReg / HookReg][Running/System Start]
  <\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Technology Co., Ltd>
[HookSys / HookSys][Running/System Start]
  <\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Technology Co., Ltd>
[jtio / jtio][Stopped/Auto Start]
  <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp89.tmp><N/A>
[KAVBootC / KAVBootC][Running/Boot Start]
  <\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>
[KAVSafe / KAVSafe][Running/Auto Start]
  <\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys><Kingsoft Corporation>
[mnsf / mnsf][Stopped/Auto Start]
  <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp83.tmp><N/A>
[msfpfis64 / msfpfis64][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\msosmsfpfis64.sys><N/A>
[msp2p32 / msp2p32][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\msosmsp2p32.sys><N/A>
[NetGroup Packet Filter Driver / NPF][Running/Manual Start]
  <system32\drivers\npf.sys><CACE Technologies>
[npkcrypt / npkcrypt][Stopped/Auto Start]
  <\??\C:\Program Files\QQ2006\npkcrypt.sys><N/A>
[nv / nv][Stopped/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp][Running/Manual Start]
  <system32\DRIVERS\Rtnicxp.sys><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[zftp / zftp][Stopped/Auto Start]
  <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp7F.tmp><N/A>
==================================
浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[]
  {12023698-6984-8541-9654-698745012521} <C:\WINDOWS\system32\skqnabib.dll, N/A>
[]
  {14698742-2059-3025-9058-954023874141} <C:\WINDOWS\system32\jkhxaklo.dll, N/A>
[]
  {1FD45A54-9875-698F-E56E-65102358FDF1} <C:\WINDOWS\system32\apsgajba.dll, N/A>
[]
  {22596546-2036-9451-6058-658402589722} <C:\WINDOWS\system32\opshbbty.dll, N/A>
[]
  {270165F1-9F65-569F-F895-F14F58F41072} <C:\WINDOWS\system32\lofsbjbo.dll, N/A>
[]
  {2D698451-2015-6358-9871-2015987452D2} <C:\WINDOWS\system32\apzhbtde.dll, N/A>
[]
  {2E035987-F585-68D1-AC28-98FA58E459E2} <C:\WINDOWS\system32\apfobdet.dll, N/A>
[]
  {34FAE856-AD58-20CB-A025-CD4895FA6E43} <C:\WINDOWS\system32\pjjxcdwd.dll, N/A>
[]
  {35671234-7890-ABCD-CDEF-567801237653} <C:\WINDOWS\system32\yxcschlp.dll, N/A>
[]
  {35694105-5108-9405-3695-954187462153} <C:\WINDOWS\system32\mpwdcapi.dll, N/A>
[]
  {3A698102-5904-AFD0-20DF-CD1A65829CA3} <C:\WINDOWS\system32\zycbcime.dll, N/A>
[]
  {3C648541-1025-9650-9057-6541258720C3} <C:\WINDOWS\system32\mndhcdwd.dll, N/A>
[]
  {3C8D1401-A58D-A81C-CD24-A5915C4517C3} <C:\WINDOWS\system32\mnmhcsrv.dll, N/A>
[]
  {428DF602-9541-A985-210A-984A698C6F24} <C:\WINDOWS\system32\ptjhdhlp.dll, N/A>
[]
  {4319A1F1-9410-9654-3201-345FFA349134} <C:\WINDOWS\system32\zywmdime.dll, N/A>
[]
  {4629FF4F-ACDB-5C90-A098-FACB3456A264} <C:\WINDOWS\system32\mpmydapi.dll, N/A>
[]
  {4B1AEF69-DDAE-FDAD-DCAB-698F026ABDB4} <C:\WINDOWS\system32\oohxcbyt.dll, N/A>
[]
  {50940F85-F015-14F1-A05F-F69858AC6D05} <C:\WINDOWS\system32\zptlcsys.dll, N/A>
[]
  {50AF1289-F140-A140-D012-C1458759FC05} <C:\WINDOWS\system32\ypcqdhlp.dll, N/A>
[]
  {5A041F13-A111-12A3-B0CF-F99818AA68A5} <C:\WINDOWS\system32\zxmsbwin.dll, N/A>
[]
  {6490415F-65F8-B5C5-D8BA-9405FB120546} <C:\WINDOWS\system32\yzztfmsn.dll, N/A>
[]
  {73BA45AF-FAAA-CDDD-BEEE-BCDE1234AB37} <C:\WINDOWS\system32\yxfhbjpg.dll, N/A>
[]
  {81954FAC-1023-154F-895A-1458258AD818} <C:\WINDOWS\system32\ypdjfbmp.dll, N/A>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[]
  {8A59145F-315D-BC23-AC1F-145DF81A34A8} <C:\WINDOWS\system32\zyzxhime.dll, N/A>
[]
  {91698482-6555-3666-1222-954784129019} <C:\WINDOWS\system32\zxptejpg.dll, N/A>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft Corporation>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[]
  {12023698-6984-8541-9654-698745012521} <C:\WINDOWS\system32\skqnabib.dll, N/A>
[]
  {14698742-2059-3025-9058-954023874141} <C:\WINDOWS\system32\jkhxaklo.dll, N/A>
[]
  {1FD45A54-9875-698F-E56E-65102358FDF1} <C:\WINDOWS\system32\apsgajba.dll, N/A>
[]
  {22596546-2036-9451-6058-658402589722} <C:\WINDOWS\system32\opshbbty.dll, N/A>
[]
  {270165F1-9F65-569F-F895-F14F58F41072} <C:\WINDOWS\system32\lofsbjbo.dll, N/A>
[]
  {2D698451-2015-6358-9871-2015987452D2} <C:\WINDOWS\system32\apzhbtde.dll, N/A>
[]
  {2E035987-F585-68D1-AC28-98FA58E459E2} <C:\WINDOWS\system32\apfobdet.dll, N/A>
[]
  {34FAE856-AD58-20CB-A025-CD4895FA6E43} <C:\WINDOWS\system32\pjjxcdwd.dll, N/A>
[]
  {35671234-7890-ABCD-CDEF-567801237653} <C:\WINDOWS\system32\yxcschlp.dll, N/A>
[]
  {35694105-5108-9405-3695-954187462153} <C:\WINDOWS\system32\mpwdcapi.dll, N/A>
[]
  {3A698102-5904-AFD0-20DF-CD1A65829CA3} <C:\WINDOWS\system32\zycbcime.dll, N/A>
[]
  {3C648541-1025-9650-9057-6541258720C3} <C:\WINDOWS\system32\mndhcdwd.dll, N/A>
[]
  {3C8D1401-A58D-A81C-CD24-A5915C4517C3} <C:\WINDOWS\system32\mnmhcsrv.dll, N/A>
[]
  {428DF602-9541-A985-210A-984A698C6F24} <C:\WINDOWS\system32\ptjhdhlp.dll, N/A>
[]
  {4319A1F1-9410-9654-3201-345FFA349134} <C:\WINDOWS\system32\zywmdime.dll, N/A>
[]
  {4629FF4F-ACDB-5C90-A098-FACB3456A264} <C:\WINDOWS\system32\mpmydapi.dll, N/A>
[]
  {4B1AEF69-DDAE-FDAD-DCAB-698F026ABDB4} <C:\WINDOWS\system32\oohxcbyt.dll, N/A>
[]
  {50940F85-F015-14F1-A05F-F69858AC6D05} <C:\WINDOWS\system32\zptlcsys.dll, N/A>
[]
  {50AF1289-F140-A140-D012-C1458759FC05} <C:\WINDOWS\system32\ypcqdhlp.dll, N/A>
[]
  {5A041F13-A111-12A3-B0CF-F99818AA68A5} <C:\WINDOWS\system32\zxmsbwin.dll, N/A>
[]
  {6490415F-65F8-B5C5-D8BA-9405FB120546} <C:\WINDOWS\system32\yzztfmsn.dll, N/A>
[]
  {73BA45AF-FAAA-CDDD-BEEE-BCDE1234AB37} <C:\WINDOWS\system32\yxfhbjpg.dll, N/A>
[]
  {81954FAC-1023-154F-895A-1458258AD818} <C:\WINDOWS\system32\ypdjfbmp.dll, N/A>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[]
  {8A59145F-315D-BC23-AC1F-145DF81A34A8} <C:\WINDOWS\system32\zyzxhime.dll, N/A>
[]
  {91698482-6555-3666-1222-954784129019} <C:\WINDOWS\system32\zxptejpg.dll, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9a.ocx, Adobe Systems, Inc.>
[使用迅雷下载]
  <C:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
  <C:\Program Files\QQ2006\AddEmotion.htm, N/A>
[添加到雅虎收藏+]
  <http://myweb.cn.yahoo.com/post.html?F=D2_A, N/A>

==================================
正在运行的进程
[PID: 448 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 544 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 568 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SysDaJcHv.dll]  [Microsoft Corporation, 5.1.2600.3099]
    [C:\WINDOWS\system32\wipicdec.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosjtio00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdrop00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msoscqit00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosfmsq00.dll]  [N/A, ]
    [C:\WINDOWS\system32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 18]
    [C:\WINDOWS\system32\lsqwki.dll]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 660 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 672 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 824 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 872 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1000 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1104 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1140 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1416 / Administrator][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SysDaJcHv.dll]  [Microsoft Corporation, 5.1.2600.3099]
    [C:\WINDOWS\system32\wipicdec.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosjtio00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdrop00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msoscqit00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosfmsq00.dll]  [N/A, ]
    [C:\WINDOWS\system32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 18]
    [C:\WINDOWS\system32\lsqwki.dll]  [N/A, ]
    [C:\WINDOWS\system32\xcvaver0.dll]  [N/A, ]
    [C:\WINDOWS\system32\hefcndy.dll]  [N/A, ]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.29]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 96]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 19]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.17]
    [C:\WINDOWS\system32\shlhook.dll]  [Beijing Rising Technology Co., Ltd., 4.0.0.9]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[PID: 1552 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\SysDaJcHv.dll]  [Microsoft Corporation, 5.1.2600.3099]
    [C:\WINDOWS\system32\wipicdec.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosjtio00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdrop00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msoscqit00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosfmsq00.dll]  [N/A, ]
    [C:\WINDOWS\system32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 18]
    [C:\WINDOWS\system32\lsqwki.dll]  [N/A, ]
[PID: 1728 / Administrator][C:\WINDOWS\AGRSMMSG.exe]  [Agere Systems, 2.1.25 2.1.25 02/14/2003 11:58:58]
    [C:\WINDOWS\system32\SysDaJcHv.dll]  [Microsoft Corporation, 5.1.2600.3099]
    [C:\WINDOWS\system32\wipicdec.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosjtio00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdrop00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msoscqit00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosfmsq00.dll]  [N/A, ]
    [C:\WINDOWS\system32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 18]
    [C:\WINDOWS\system32\lsqwki.dll]  [N/A, ]
    [C:\WINDOWS\system32\xcvaver0.dll]  [N/A, ]
[PID: 1776 / Administrator][C:\Program Files\Rising\AntiSpyware\runiep.exe]  [Beijing Rising Technology Co., Ltd., 5.0.0.16]
    [C:\Program Files\Rising\AntiSpyware\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Rising\AntiSpyware\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\SysDaJcHv.dll]  [Microsoft Corporation, 5.1.2600.3099]
    [C:\WINDOWS\system32\wipicdec.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosjtio00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdrop00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msoscqit00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosfmsq00.dll]  [N/A, ]
    [C:\WINDOWS\system32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 18]
    [C:\WINDOWS\system32\lsqwki.dll]  [N/A, ]
    [C:\WINDOWS\system32\xcvaver0.dll]  [N/A, ]
[PID: 1856 / Administrator][C:\Program Files\racer-ccn-racerpc-ha\racer.exe]  [Putian Runway, 3,3,130,306]
    [C:\WINDOWS\system32\SysDaJcHv.dll]  [Microsoft Corporation, 5.1.2600.3099]
    [C:\WINDOWS\system32\wipicdec.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosjtio00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdrop00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msoscqit00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosfmsq00.dll]  [N/A, ]
    [C:\WINDOWS\system32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 18]
    [C:\WINDOWS\system32\lsqwki.dll]  [N/A, ]
    [C:\WINDOWS\system32\xcvaver0.dll]  [N/A, ]
    [C:\Program Files\racer-ccn-racerpc-ha\rwxre.dll]  [Putian Runway, 3,3,130,306]
    [C:\Program Files\racer-ccn-racerpc-ha\nspr4.dll]  [Netscape Communications Corporation, 4.6.1]
    [C:\Program Files\racer-ccn-racerpc-ha\xpcom_core.dll]  [Mozilla Foundation, Personal]
    [C:\Program Files\racer-ccn-racerpc-ha\plc4.dll]  [Netscape Communications Corporation, 4.6.1]
    [C:\Program Files\racer-ccn-racerpc-ha\plds4.dll]  [Netscape Communications Corporation, 4.6.1]
    [C:\Program Files\racer-ccn-racerpc-ha\nss3.dll]  [Netscape Communications Corporation, 3.10.2]
    [C:\Program Files\racer-ccn-racerpc-ha\softokn3.dll]  [Netscape Communications Corporation, 3.10.2]
    [C:\Program Files\racer-ccn-racerpc-ha\js3250.dll]  [Netscape Communications Corporation, 4.0]
    [C:\Program Files\racer-ccn-racerpc-ha\gkgfx.dll]  [Mozilla Foundation, Personal]
    [C:\Program Files\racer-ccn-racerpc-ha\xpcom_compat.dll]  [Mozilla Foundation, Personal]
    [C:\Program Files\racer-ccn-racerpc-ha\smime3.dll]  [Netscape Communications Corporation, 3.10.2]
    [C:\Program Files\racer-ccn-racerpc-ha\ssl3.dll]  [Netscape Communications Corporation, 3.10.2]
    [C:\Program Files\racer-ccn-racerpc-ha\components\racer_base_comp.dll]  [Putian Runway, 3,3,130,306]
    [C:\Program Files\racer-ccn-racerpc-ha\racer_base.dll]  [Putian Runway, 3,3,130,306]
    [C:\Program Files\racer-ccn-racerpc-ha\kbdhook.dll]  [Putian Runway, 3,3,130,306]
    [C:\Program Files\racer-ccn-racerpc-ha\components\jar50.dll]  [Mozilla Foundation, Personal]
    [C:\Program Files\racer-ccn-racerpc-ha\components\gklayout.dll]  [Mozilla Foundation, Personal]
    [C:\Program Files\racer-ccn-racerpc-ha\nssckbi.dll]  [Netscape Communications Corporation, 1.53]
    [C:\Program Files\racer-ccn-racerpc-ha\components\racer_ad_comp.dll]  [Putian Runway, 3,3,130,306]
    [C:\Program Files\racer-ccn-racerpc-ha\components\racer_access_pppoe.dll]  [Putian Runway, 3,3,130,325]
    [C:\Program Files\racer-ccn-racerpc-ha\pppoe.dll]  [北京润汇科技有限公司, 9, 0, 22, 50]
    [C:\WINDOWS\system32\hefcndy.dll]  [N/A, ]
    [C:\Program Files\racer-ccn-racerpc-ha\components\racer_nss4_comp.dll]  [Putian Runway, 3,3,130,306]
    [C:\Program Files\racer-ccn-racerpc-ha\nss4.dll]  [北京润汇科技有限公司, 1, 0, 0, 4]
    [C:\Program Files\racer-ccn-racerpc-ha\wpcap.dll]  [CACE Technologies, 3, 2, 0, 29]
    [C:\Program Files\racer-ccn-racerpc-ha\packet.dll]  [CACE Technologies, 3, 2, 0, 29]
    [C:\Program Files\racer-ccn-racerpc-ha\WanPacket.dll]  [CACE Technologies, 3, 2, 0, 29]
    [C:\Program Files\racer-ccn-racerpc-ha\plugins\NPSWF32.dll]  [, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 2016 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SysDaJcHv.dll]  [Microsoft Corporation, 5.1.2600.3099]
    [C:\WINDOWS\system32\wipicdec.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosjtio00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdrop00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msoscqit00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosfmsq00.dll]  [N/A, ]
    [C:\WINDOWS\system32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 18]
    [C:\WINDOWS\system32\lsqwki.dll]  [N/A, ]
    [C:\WINDOWS\system32\xcvaver0.dll]  [N/A, ]
[PID: 1084 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe]  [, ]
    [C:\WINDOWS\system32\SysDaJcHv.dll]  [Microsoft Corporation, 5.1.2600.3099]
    [C:\WINDOWS\system32\wipicdec.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosjtio00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdrop00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msoscqit00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosfmsq00.dll]  [N/A, ]
    [C:\WINDOWS\system32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 18]
    [C:\WINDOWS\system32\lsqwki.dll]  [N/A, ]
[PID: 1364 / SYSTEM][C:\Program Files\StormII\stormliv.exe]  [北京暴风网际科技有限公司, 3, 8, 3, 15]
    [C:\Program Files\StormII\MSVCP60.dll]  [Microsoft Corporation, 6.02.3104.0]
    [C:\WINDOWS\system32\SysDaJcHv.dll]  [Microsoft Corporation, 5.1.2600.3099]
    [C:\WINDOWS\system32\wipicdec.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosjtio00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdrop00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msoscqit00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosfmsq00.dll]  [N/A, ]
    [C:\WINDOWS\system32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 18]
    [C:\WINDOWS\system32\lsqwki.dll]  [N/A, ]
[PID: 1356 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
    [C:\WINDOWS\system32\SysDaJcHv.dll]  [Microsoft Corporation, 5.1.2600.3099]
    [C:\WINDOWS\system32\wipicdec.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosjtio00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdrop00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msoscqit00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosfmsq00.dll]  [N/A, ]
    [C:\WINDOWS\system32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 18]
    [C:\WINDOWS\system32\lsqwki.dll]  [N/A, ]
[PID: 2672 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\SysDaJcHv.dll]  [Microsoft Corporation, 5.1.2600.3099]
    [C:\WINDOWS\System32\wipicdec.dll]  [N/A, ]
    [C:\WINDOWS\System32\msosjtio00.dll]  [N/A, ]
    [C:\WINDOWS\System32\msosdrop00.dll]  [N/A, ]
    [C:\WINDOWS\System32\msoscqit00.dll]  [N/A, ]
    [C:\WINDOWS\System32\msosfmsq00.dll]  [N/A, ]
    [C:\WINDOWS\System32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 18]
    [C:\WINDOWS\System32\lsqwki.dll]  [N/A, ]
[PID: 3596 / Administrator][C:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SysDaJcHv.dll]  [Microsoft Corporation, 5.1.2600.3099]
    [C:\WINDOWS\system32\wipicdec.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosjtio00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdrop00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msoscqit00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosfmsq00.dll]  [N/A, ]
    [C:\WINDOWS\system32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 18]
    [C:\WINDOWS\system32\lsqwki.dll]  [N/A, ]
    [C:\PROGRA~1\RACER-~1\pppoe.dll]  [北京润汇科技有限公司, 9, 0, 22, 50]
    [C:\WINDOWS\system32\xcvaver0.dll]  [N/A, ]
[PID: 2380 / Administrator][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SysDaJcHv.dll]  [Microsoft Corporation, 5.1.2600.3099]
    [C:\WINDOWS\system32\wipicdec.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosjtio00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdrop00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msoscqit00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosfmsq00.dll]  [N/A, ]
    [C:\WINDOWS\system32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 18]
    [C:\WINDOWS\system32\lsqwki.dll]  [N/A, ]
    [C:\WINDOWS\system32\xcvaver0.dll]  [N/A, ]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.29]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 96]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 19]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\WINDOWS\system32\hefcndy.dll]  [N/A, ]
    [C:\WINDOWS\system32\Audiodev.dll]  [Microsoft Corporation, 5.2.3802.3802 built by: dnsrv(bld4act)]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9a.ocx]  [Adobe Systems, Inc., 9,0,0,296]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\WINWB86.IME]  [Microsoft Corporation, 4.00.950]
    [C:\WINDOWS\system32\WINABCX.IME]  [PKUETI, 5.22.216]
[PID: 1992 / Administrator][E:\吴帅辰的天下\hijackthis\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\WINDOWS\system32\SysDaJcHv.dll]  [Microsoft Corporation, 5.1.2600.3099]
    [C:\WINDOWS\system32\wipicdec.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosjtio00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosdrop00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msoscqit00.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosfmsq00.dll]  [N/A, ]
    [C:\WINDOWS\system32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 18]
    [C:\WINDOWS\system32\lsqwki.dll]  [N/A, ]
    [C:\WINDOWS\system32\xcvaver0.dll]  [N/A, ]
    [C:\WINDOWS\system32\hefcndy.dll]  [N/A, ]
    [E:\吴帅辰的天下\hijackthis\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
进程特权扫描
特殊特权被允许： SeDebugPrivilege [PID = 1728, C:\WINDOWS\AGRSMMSG.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 1776, C:\PROGRAM FILES\RISING\ANTISPYWARE\RUNIEP.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1776, C:\PROGRAM FILES\RISING\ANTISPYWARE\RUNIEP.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 1856, C:\PROGRAM FILES\RACER-CCN-RACERPC-HA\RACER.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1856, C:\PROGRAM FILES\RACER-CCN-RACERPC-HA\RACER.EXE]

==================================
API HOOK
入口点错误：NtCreateFile (危险等级: 高,  被下面模块所HOOK: 0x019742BD)
入口点错误：NtWriteFile (危险等级: 高,  被下面模块所HOOK: 0x0197435D)
入口点错误：ZwCreateFile (危险等级: 高,  被下面模块所HOOK: 0x019742BD)
入口点错误：ZwWriteFile (危险等级: 高,  被下面模块所HOOK: 0x0197435D)

==================================
隐藏进程
N/A

==================================


[/CODE]