[C:\WINDOWS\system32\mscoree.dll]  [Microsoft Corporation, 2.0.50727.1433 (REDBITS.050727-1400)]
    [C:\WINDOWS\system32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17]
    [c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll]  [Microsoft Corporation, 2.0.50727.1433 (REDBITS.050727-1400)]
    [C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\32e6f703c114f3a971cbe706586e3655\mscorlib.ni.dll]  [Microsoft Corporation, 2.0.50727.1433 (REDBITS.050727-1400)]
    [C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDMH.dll]  [ATI Technologies Inc., 3.25.0006]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.5.17.20 14Feb06]
    [C:\WINDOWS\system32\PROCHLP.DLL]  [Lenovo Group Limited, 2, 0, 6, 0]
    [C:\Program Files\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll]  [Lenovo Group Limited, 2.0.0]
    [c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll]  [Microsoft Corporation, 2.0.50727.1433 (REDBITS.050727-1400)]
    [C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\ba0e3a22211ba7343e0116b051f2965a\System.ni.dll]  [Microsoft Corporation, 2.0.50727.1433 (REDBITS.050727-1400)]
    [C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e83aac37b2623f1a24c70979f31dd56\System.Drawing.ni.dll]  [Microsoft Corporation, 2.0.50727.1433 (REDBITS.050727-1400)]
    [C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3d8c79c45aa674e43f075e2e66b8caf5\System.Windows.Forms.ni.dll]  [Microsoft Corporation, 2.0.50727.1433 (REDBITS.050727-1400)]
    [C:\Program Files\China Mobile\Fetion\ImpsControls.dll]  [China Mobile, 3.0.0.0]
    [C:\Program Files\China Mobile\Fetion\ImpsPcBase.dll]  [China Mobile, 3.0.0.0]
    [C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\c98cb65a79cfccb44ea727ebe4593ede\System.Xml.ni.dll]  [Microsoft Corporation, 2.0.50727.1433 (REDBITS.050727-1400)]
    [C:\Program Files\China Mobile\Fetion\ImpsClientBase.dll]  [China Mobile, 3.0.0.0]
    [C:\Program Files\China Mobile\Fetion\ImpsClientUtils.dll]  [China Mobile, 3.0.0.0]
    [C:\Program Files\China Mobile\Fetion\ImpsClientResource.dll]  [China Mobile, 3.0.0.0]
    [C:\Program Files\China Mobile\Fetion\ImpsClientCore.dll]  [China Mobile, 3.0.0.0]
    [C:\Program Files\China Mobile\Fetion\ImpsBase.dll]  [China Mobile, 3.0.0.0]
    [C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\eee9b48577689e92db5a7b5c5de98d9b\System.Configuration.ni.dll]  [Microsoft Corporation, 2.0.50727.1433 (REDBITS.050727-1400)]
    [C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_zh-CHS_b77a5c561934e089\System.Windows.Forms.resources.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\Program Files\China Mobile\Fetion\NCindy.dll]  [China Mobile, 3.0.0.0]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)]
    [C:\Program Files\China Mobile\Fetion\Interop.DynamicGifCtlLib.dll]  [ , 1.0.0.0]
    [C:\WINDOWS\system32\ieframe.dll]  [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)]
    [C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_zh-CHS_b77a5c561934e089\mscorlib.resources.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\Program Files\China Mobile\Fetion\ImpsPcCommLayer.dll]  [China Mobile, 3.0.0.0]
    [C:\Program Files\China Mobile\Fetion\ImpsClientData.dll]  [China Mobile, 3.0.0.0]
    [C:\Program Files\China Mobile\Fetion\SQLite.Interop.DLL]  [, 1.0.44.0]
    [C:\WINDOWS\assembly\GAC_MSIL\System.resources\2.0.0.0_zh-CHS_b77a5c561934e089\System.resources.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\Program Files\China Mobile\Fetion\AxInterop.WMPLib.dll]  [, 1.0.0.0]
    [C:\Program Files\China Mobile\Fetion\Interop.WMPLib.dll]  [ , 1.0.0.0]
    [C:\WINDOWS\system32\MFPlat.DLL]  [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [C:\Program Files\Lenovo\Client Security Solution\tvtpwm_keyboard_hook.dll]  [Lenovo Group Limited, 2.0.0]
    [C:\Program Files\Lenovo\Client Security Solution\tvt_passwordmanager.dll]  [Lenovo Group Limited, 2.0.0]
    [C:\Program Files\Common Files\Lenovo\tvt_banner.dll]  [Lenovo Group Limited, 1.10.0051.00]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sohu.com Inc., 3, 1, 0, 0]
    [C:\Program Files\SogouInput\Plugin\SgImeWord.dll]  [, 1, 0, 0, 31]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll]  [Microsoft Corporation, 8.0.50727.1433 (REDBITS.050727-1400)]
[PID: 8260 / Michelle Du][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)]
    [C:\WINDOWS\system32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\WINDOWS\system32\IEFRAME.dll]  [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)]
    [C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDMH.dll]  [ATI Technologies Inc., 3.25.0006]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.5.17.20 14Feb06]
    [C:\WINDOWS\system32\PROCHLP.DLL]  [Lenovo Group Limited, 2, 0, 6, 0]
    [C:\Program Files\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll]  [Lenovo Group Limited, 2.0.0]
    [C:\WINDOWS\system32\IEUI.dll]  [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
    [C:\WINDOWS\system32\xmllite.dll]  [Microsoft Corporation, 1.00.1018.0]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\Program Files\Internet Explorer\ieproxy.dll]  [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\Program Files\Windows Live Toolbar\msntb.dll]  [Microsoft Corporation, 03.01.0000.0146]
    [C:\Program Files\Windows Live Toolbar\zh-cn\mtbres.dll.mui]  [Microsoft Corporation, 03.00.0001.2012]
    [C:\Program Files\Windows Live Toolbar\mtbres.dll]  [Microsoft Corporation, 03.01.0000.0146]
    [C:\Program Files\Windows Live Toolbar\Tem.dll]  [Microsoft Corporation, 03.01.0000.0146]
    [C:\Program Files\Windows Live Toolbar\zh-cn\searchboxRes.dll.mui]  [Microsoft Corporation, 03.00.0001.2012]
    [C:\Program Files\Windows Live Toolbar\searchboxRes.dll]  [Microsoft Corporation, 03.01.0000.0146]
    [C:\Program Files\Windows Live Toolbar\zh-cn\CMRes.dll.mui]  [Microsoft Corporation, 03.00.0001.2032]
    [C:\Program Files\Windows Live Toolbar\CMRes.dll]  [Microsoft Corporation, 03.01.0000.0146]
    [C:\Program Files\Windows Live Toolbar\zh-cn\msn_slrs.DLL.mui]  [Microsoft Corporation, 03.00.0001.2012]
    [C:\Program Files\Windows Live Toolbar\msn_slrs.DLL]  [Microsoft Corporation, 03.01.0000.0146]
    [C:\Program Files\Windows Live Toolbar\zh-cn\CBRes.dll.mui]  [Microsoft Corporation, 03.01.0000.0146]
    [C:\Program Files\Windows Live Toolbar\CBRes.dll]  [Microsoft Corporation, 03.01.0000.0146]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.16]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.9.2006121800]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\System32\DLA\DLASHX_W.DLL]  [Sonic Solutions, 5.20.19a]
    [C:\WINDOWS\system32\DLAAPI_W.DLL]  [Sonic Solutions, 5.20.19a]
    [C:\WINDOWS\System32\DLA\DLACResW.dll]  [Sonic Solutions, 5.20.19a]
    [C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll]  [Sun Microsystems, Inc., 6.0.20.6]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 55]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll]  [, 1, 0, 0, 12]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 13]
    [C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll]  [Microsoft Corporation, 4.200.520.1]
    [C:\Program Files\Common Files\Microsoft Shared\Windows Live\msidcrl40.dll]  [Microsoft Corporation, 4.200.520.1]
    [C:\Program Files\Windows Live Toolbar\searchbox.dll]  [Microsoft Corporation, 03.01.0000.0146]
    [C:\Program Files\Windows Live Toolbar\stmain.dll]  [Microsoft Corporation, 03.01.0000.0146]
    [C:\Program Files\Windows Live Toolbar\cm.dll]  [Microsoft Corporation, 03.01.0000.0146]
    [C:\Program Files\Windows Live Toolbar\msn_slps.dll]  [Microsoft Corporation, 03.01.0000.0146]
    [C:\Program Files\Windows Live Toolbar\CB.dll]  [Microsoft Corporation, 03.01.0000.0146]
    [C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL]  [Microsoft Corporation, 11.0.5510]
    [C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll]  [Lenovo Group Limited, 2.0.0]
    [C:\Program Files\Lenovo\Client Security Solution\tvt_passwordmanager.dll]  [Lenovo Group Limited, 2.0.0]
    [C:\Program Files\Common Files\Lenovo\tvt_banner.dll]  [Lenovo Group Limited, 1.10.0051.00]
    [C:\WINDOWS\system32\ieapfltr.dll]  [Microsoft Corporation, 7.0.6000.16461]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\msfeeds.dll]  [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [C:\Program Files\Lenovo\Client Security Solution\tvtpwm_keyboard_hook.dll]  [Lenovo Group Limited, 2.0.0]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sohu.com Inc., 3, 1, 0, 0]
    [C:\Program Files\SogouInput\Plugin\SgImeWord.dll]  [, 1, 0, 0, 31]

[C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx]  [Adobe Systems, Inc., 9,0,115,0]
[PID: 9792 / Michelle Du][C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe]  [Microsoft Corporation, 4.200.520.1]
    [C:\WINDOWS\system32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDMH.dll]  [ATI Technologies Inc., 3.25.0006]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.5.17.20 14Feb06]
    [C:\WINDOWS\system32\PROCHLP.DLL]  [Lenovo Group Limited, 2, 0, 6, 0]
    [C:\Program Files\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll]  [Lenovo Group Limited, 2.0.0]
    [C:\Program Files\Common Files\Microsoft Shared\Windows Live\msidcrl40.dll]  [Microsoft Corporation, 4.200.520.1]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)]
[PID: 10572 / Michelle Du][C:\Program Files\SogouInput\PinyinUp.exe]  [N/A, ]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)]
    [C:\Program Files\SogouInput\HWSignature.dll]  [N/A, ]
    [C:\WINDOWS\system32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDMH.dll]  [ATI Technologies Inc., 3.25.0006]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.5.17.20 14Feb06]
    [C:\WINDOWS\system32\PROCHLP.DLL]  [Lenovo Group Limited, 2, 0, 6, 0]
    [C:\Program Files\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll]  [Lenovo Group Limited, 2.0.0]
[PID: 10548 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\windows\system32\sysadsnwt.dll]  [N/A, ]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[PID: 11432 / Michelle Du][C:\Program Files\Windows Live Toolbar\msn_sl.exe]  [Microsoft Corporation, 03.01.0000.0146]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)]
    [C:\WINDOWS\system32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\Program Files\Windows Live Toolbar\MSN_SLrs.dll]  [Microsoft Corporation, 03.01.0000.0146]
    [C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDMH.dll]  [ATI Technologies Inc., 3.25.0006]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.5.17.20 14Feb06]
    [C:\WINDOWS\system32\PROCHLP.DLL]  [Lenovo Group Limited, 2, 0, 6, 0]
    [C:\Program Files\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll]  [Lenovo Group Limited, 2.0.0]
    [C:\Program Files\Windows Live Toolbar\msn_slps.dll]  [Microsoft Corporation, 03.01.0000.0146]
[PID: 13292 / Michelle Du][C:\Documents and Settings\Michelle Du\桌面\sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)]
    [C:\WINDOWS\system32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDMH.dll]  [ATI Technologies Inc., 3.25.0006]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.5.17.20 14Feb06]
    [C:\WINDOWS\system32\PROCHLP.DLL]  [Lenovo Group Limited, 2, 0, 6, 0]
    [C:\Program Files\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll]  [Lenovo Group Limited, 2.0.0]
    [C:\Documents and Settings\Michelle Du\桌面\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
[C:\]
[AutoRun]
open=system2009.exe
shell\open=打开(&O)
shell\open\Command=system2009.exe
shell\open\Default=1
shell\explore=资源管理器(&X)
shell\explore\Command=system2009.exe
[D:\]
[AutoRun]
open=system2009.exe
shell\open=打开(&O)
shell\open\Command=system2009.exe
shell\open\Default=1
shell\explore=资源管理器(&X)
shell\explore\Command=system2009.exe
[E:\]
[AutoRun]
open=system2009.exe
shell\open=打开(&O)
shell\open\Command=system2009.exe
shell\open\Default=1
shell\explore=资源管理器(&X)
shell\explore\Command=system2009.exe
[I:\]
[AutoRun]
open=system2009.exe
shell\open=打开(&O)
shell\open\Command=system2009.exe
shell\open\Default=1
shell\explore=资源管理器(&X)
shell\explore\Command=system2009.exe

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 1028, C:\PROGRAM FILES\INTEL\WIRELESS\BIN\S24EVMON.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2740, C:\PROGRAM FILES\LENOVO\RESCUE AND RECOVERY\RRSERVICE.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2816, C:\PROGRAM FILES\COMMON FILES\LENOVO\SCHEDULER\TVTSCHED.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2900, C:\PROGRAM FILES\THINKPAD\CONNECTUTILITIES\ACSVC.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3248, C:\PROGRAM FILES\COMMON FILES\LENOVO\LOGGER\LOGMON.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3132, C:\PROGRAM FILES\THINKPAD\CONNECTUTILITIES\SVCGUIHLPR.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 4924, C:\PROGRA~1\THINKPAD\UTILIT~1\EZEJMNAP.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 4924, C:\PROGRA~1\THINKPAD\UTILIT~1\EZEJMNAP.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 5324, C:\WINDOWS\SYSTEM32\TPSHOCKS.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 5324, C:\WINDOWS\SYSTEM32\TPSHOCKS.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 5464, C:\PROGRA~1\LENOVO\PKGMGR\HOTKEY\TPHKMGR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 5464, C:\PROGRA~1\LENOVO\PKGMGR\HOTKEY\TPHKMGR.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 5616, C:\PROGRAM FILES\LENOVO\PKGMGR\HOTKEY\TPONSCR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 5616, C:\PROGRAM FILES\LENOVO\PKGMGR\HOTKEY\TPONSCR.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 5640, C:\PROGRAM FILES\LENOVO\PKGMGR\HOTKEY_1\TPSCREX.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 5640, C:\PROGRAM FILES\LENOVO\PKGMGR\HOTKEY_1\TPSCREX.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 5732, C:\PROGRA~1\THINKV~1\PRDCTR\LPMGR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 5732, C:\PROGRA~1\THINKV~1\PRDCTR\LPMGR.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 5796, C:\WINDOWS\SYSTEM32\DLA\DLACTRLW.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 5796, C:\WINDOWS\SYSTEM32\DLA\DLACTRLW.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 5972, C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\ISSCH.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 5972, C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\ISSCH.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 6052, C:\PROGRAM FILES\LENOVO\AWAYTASK\AWAYSCH.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 6052, C:\PROGRAM FILES\LENOVO\AWAYTASK\AWAYSCH.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 6124, C:\PROGRAM FILES\COMMON FILES\LENOVO\SCHEDULER\SCHEDULER_PROXY.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 6124, C:\PROGRAM FILES\COMMON FILES\LENOVO\SCHEDULER\SCHEDULER_PROXY.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 4140, C:\PROGRAM FILES\THINKPAD\CONNECTUTILITIES\ACTRAY.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 4140, C:\PROGRAM FILES\THINKPAD\CONNECTUTILITIES\ACTRAY.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 4160, C:\PROGRAM FILES\THINKPAD\CONNECTUTILITIES\ACWLICON.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 4160, C:\PROGRAM FILES\THINKPAD\CONNECTUTILITIES\ACWLICON.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 4260, C:\PROGRAM FILES\LENOVO\SAFEGUARD PRIVATEDISK\PDSERVICE.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 4260, C:\PROGRAM FILES\LENOVO\SAFEGUARD PRIVATEDISK\PDSERVICE.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 4608, C:\WINDOWS\FIXCAMERA.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 4608, C:\WINDOWS\FIXCAMERA.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 4704, C:\WINDOWS\ZSSNP211.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 4704, C:\WINDOWS\ZSSNP211.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 4740, E:\PROGRAMS\MEMEMPTY\MEMEMPTY.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 4740, E:\PROGRAMS\MEMEMPTY\MEMEMPTY.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 4968, C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI HYDRAVISION\HYDRADM.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 4968, C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI HYDRAVISION\HYDRADM.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 5208, C:\PROGRAM FILES\THUNDER NETWORK\THUNDER\PROGRAM\THUNDER5.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 5208, C:\PROGRAM FILES\THUNDER NETWORK\THUNDER\PROGRAM\THUNDER5.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 5308, C:\WINDOWS\SYSTEM32\BHDCREGC.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 5308, C:\WINDOWS\SYSTEM32\BHDCREGC.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 4284, C:\PROGRAM FILES\DIGITAL LINE DETECT\DLG.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 4284, C:\PROGRAM FILES\DIGITAL LINE DETECT\DLG.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 4272, C:\PROGRAM FILES\NIKON\PICTUREPROJECT\NKBMONITOR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 4272, C:\PROGRAM FILES\NIKON\PICTUREPROJECT\NKBMONITOR.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 1596, C:\PROGRAM FILES\RISING\ANTISPYWARE\RUNIEP.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1596, C:\PROGRAM FILES\RISING\ANTISPYWARE\RUNIEP.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 9824, C:\PROGRAM FILES\CHINA MOBILE\FETION\FETIONFX.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 9824, C:\PROGRAM FILES\CHINA MOBILE\FETION\FETIONFX.EXE]

==================================
API HOOK
入口点错误：NtCreateFile (危险等级: 高,  被下面模块所HOOK: 0x003E3DBD)
入口点错误：NtWriteFile (危险等级: 高,  被下面模块所HOOK: 0x003E3E5D)
入口点错误：ZwCreateFile (危险等级: 高,  被下面模块所HOOK: 0x003E3DBD)
入口点错误：ZwWriteFile (危险等级: 高,  被下面模块所HOOK: 0x003E3E5D)
入口点错误：CreateProcessA (危险等级: 高,  被下面模块所HOOK: 0x011F1FFD)
入口点错误：CreateProcessW (危险等级: 高,  被下面模块所HOOK: 0x011F20E5)

==================================
隐藏进程
N/A

==================================


[/CODE]

重装了电脑也没有解决。。请问，哪位高手有解决方法的吗……？

试过了但是没有用！
请问有别的方法吗？

头疼，真的一点办法都没有了吗……有谁知道呢？