[PID: 3220 / 马龙][D:\tianji\Mir2TianjiV1185免费版\Mir2TianjiV1185免费版\Mir2Tianji.Dat]  [N/A, ]
    [E:\Program Files\360safe\safemon\safemon.dll]  [奇虎网, 4, 0, 3, 1003]
[PID: 1064 / 马龙][D:\tianji\Mir2TianjiV1185免费版\Mir2TianjiV1185免费版\Mir2Tianji.Dat]  [N/A, ]
    [E:\Program Files\360safe\safemon\safemon.dll]  [奇虎网, 4, 0, 3, 1003]
[PID: 1348 / 马龙][D:\tianji\Mir2TianjiV1185免费版\Mir2TianjiV1185免费版\Mir2Tianji.Dat]  [N/A, ]
    [E:\Program Files\360safe\safemon\safemon.dll]  [奇虎网, 4, 0, 3, 1003]
[PID: 1204 / 马龙][C:\Program Files\Tencent\QQ\TIMPlatform.exe]  [TENCENT, 7,0,431,1723]
    [E:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [E:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
    [E:\Program Files\360safe\safemon\safemon.dll]  [奇虎网, 4, 0, 3, 1003]
    [C:\Program Files\Tencent\QQ\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
[PID: 3444 / 马龙][E:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 7.00.6000.16608 (vista_gdr.071204-1500)]
    [E:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [E:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
    [E:\Program Files\360safe\safemon\safemon.dll]  [奇虎网, 4, 0, 3, 1003]
    [D:\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.16]
    [D:\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 61]
    [D:\Thunder\Components\ResWorker\DsBho_00.dll]  [, 1, 0, 0, 17]
    [D:\Thunder\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
    [E:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [E:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx]  [Adobe Systems, Inc., 9,0,115,0]
    [D:\Thunder\ComDlls\ThunderAgent_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 4, 23]
    [E:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.17]
[PID: 1712 / 马龙][E:\Program Files\Rising\Rav\Rav.exe]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 65]
    [E:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [E:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
    [E:\Program Files\Rising\Rav\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [E:\Program Files\Rising\Rav\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [E:\Program Files\Rising\Rav\Rsguilib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 88]
    [E:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [E:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [E:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [E:\Program Files\Rising\Rav\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0]
    [E:\Program Files\Rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4]
    [E:\Program Files\Rising\Rav\RsCommon.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [E:\Program Files\Rising\Rav\ravpagem.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 94]
    [E:\Program Files\Rising\Rav\htmllib.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.15]
    [E:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.17]
    [E:\Program Files\Rising\Rav\ravpagew.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 86]
    [E:\Program Files\Rising\Rav\RSAPPMGR.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [E:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.10]
    [E:\Program Files\Rising\Rav\fakescan.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.13]
    [E:\Program Files\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.36]
    [E:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.4]
    [E:\Program Files\Rising\Rav\SysMail.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.10]
[PID: 2872 / 马龙][E:\Documents and Settings\马龙\桌面\sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [E:\Program Files\Rising\Rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [E:\Program Files\Rising\Rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.5]
    [E:\Program Files\360safe\safemon\safemon.dll]  [奇虎网, 4, 0, 3, 1003]
    [E:\Documents and Settings\马龙\桌面\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT  Error. [E:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [E:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost
127.0.0.1  yu.8s7.net
127.0.0.1  1.jopanqc.com
127.0.0.1  2.joppnqq.com
127.0.0.1  wg.47255.com
127.0.0.1  1.joppnqq.com
127.0.0.1  xxx.m111.biz
127.0.0.1  1.jopenqc.com
127.0.0.1  1.jopenkk.com
127.0.0.1  xxx.vh7.biz
127.0.0.1  xxx.j41m.com
127.0.0.1  3.joppnqq.com
127.0.0.1  d.93se.com
127.0.0.1  www.868wg.com
127.0.0.1  xxx.mmma.biz
127.0.0.1  ilove.com
127.0.0.1  tp.shpzhan.cn
127.0.0.1  www.tomwg.com
127.0.0.1  www.cike007.cn
127.0.0.1  www.22aaa.com
127.0.0.1  xx.exiao01.com
127.0.0.1  www.exiao01.com
127.0.0.1  www.exiao01.com
127.0.0.1  new.749571.com
127.0.0.1  xtx.kv8.info

127.0.0.1  cao.kv8.info
127.0.0.1  1.jopmmqq.com
127.0.0.1  171817.171817.com
127.0.0.1  d2.llsging.com
127.0.0.1  down.malasc.cn
127.0.0.1  llboss.com
127.0.0.1  nx.51ylb.cn
127.0.0.1  my.531jx.cn
127.0.0.1  qqq.dzydhx.com
127.0.0.1  qqq.hao1658.com
127.0.0.1  www.333292.com
127.0.0.1  down.18dd.net
127.0.0.1  up.22x44.com

==================================
进程特权扫描
特殊特权被允许： SeDebugPrivilege [PID = 3284, E:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CLI.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3284, E:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CLI.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 3292, E:\PROGRAM FILES\360SAFE\SAFEMON\360TRAY.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3292, E:\PROGRAM FILES\360SAFE\SAFEMON\360TRAY.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 4016, E:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CLI.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 4016, E:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CLI.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 4024, E:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CLI.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 4024, E:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CLI.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 3844, D:\TIANJI\MIR2TIANJIV1185免费版\MIR2TIANJIV1185免费版\MIR2TIANJI.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3844, D:\TIANJI\MIR2TIANJIV1185免费版\MIR2TIANJIV1185免费版\MIR2TIANJI.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 3220, D:\TIANJI\MIR2TIANJIV1185免费版\MIR2TIANJIV1185免费版\MIR2TIANJI.DAT]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3220, D:\TIANJI\MIR2TIANJIV1185免费版\MIR2TIANJIV1185免费版\MIR2TIANJI.DAT]
特殊特权被允许： SeDebugPrivilege [PID = 1064, D:\TIANJI\MIR2TIANJIV1185免费版\MIR2TIANJIV1185免费版\MIR2TIANJI.DAT]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1064, D:\TIANJI\MIR2TIANJIV1185免费版\MIR2TIANJIV1185免费版\MIR2TIANJI.DAT]
特殊特权被允许： SeDebugPrivilege [PID = 1348, D:\TIANJI\MIR2TIANJIV1185免费版\MIR2TIANJIV1185免费版\MIR2TIANJI.DAT]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1348, D:\TIANJI\MIR2TIANJIV1185免费版\MIR2TIANJIV1185免费版\MIR2TIANJI.DAT]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

日志扫完了  发上来了  好长  全是...

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><msosdohs00.dll,msosmhfp00.dll>有两个  不让删除  修改也不行  怎么办呢?  还有就是开启SREngPS以后提示入口点错误:CreateProcessA 入口点错误:CreateProcessW 直接修复说修复成功 但再启动还出 别的都删除了

我在注册表编辑器中找到这3个的位置了  不知道默认值是什么  怎么改?

我改成空的不让  说写入键值出错  另外两个让我删除了.

重命名后可以改成空的了  但不让改回原来的名.

就这么地吧  麻烦你了　有问题我再来问