[CODE]

2009-01-17,16:22:59

System Repair Engineer 2.7.0.1210
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描
    计划任务
    API HOOK
    隐藏进程


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Infected) Microsoft Corporation]
    <QQDownload><"C:\Program Files\Tencent\QQDownload\QQDownload.exe" autostart>  [File is missing]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <SoundMAXPnP><C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe>  [Analog Devices, Inc.]
    <SoundMAX><"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray>  [Analog Devices, Inc.]
    <igfxtray><C:\WINDOWS\system32\igfxtray.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <igfxhkcmd><C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <igfxpers><C:\WINDOWS\system32\igfxpers.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <stup.exe><Rundll32.exe C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll,Rundll32 R>  [(Verified)Tencent Technology(Shenzhen) Company Limited]
    <runeip><"C:\Program Files\Rising\AntiSpyware\rstray.exe" /startup>  [(Verified)Beijing Rising Information Technology Corporation Limited]
    <racer><C:\Program Files\racer-ccn-racerpc-ha\racer.exe>  [Putian Runway]
    <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [(Verified)Beijing Rising Information Technology Corporation Limited]
    <RavTray><"C:\Program Files\Rising\Rav\RsTray.exe" -system>  [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <KKDelay><C:\Program Files\Rising\AntiSpyware\RunOnce.exe>  [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <Alcmtr><anymie360.exe>  []
    <ctfn><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\604807>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><kmon.dll,HBCHIBI.dll,ippipigg.dll,mlggdpec.dll,fhbneeol.dll,mifnemdm.dll,hhjkfjkm.dll,ekhbfknl.dll,fopccdgn.dll,npgkglgk.dll,cbbnkbcb.dll,bkkcihbi.dll,cpahilii.dll,ilnbnmfn.dll,hakcijpj.dll>  [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Information Technology Corporation Limited]
    <{29929200-876E-42EC-B098-86ADE6C86479}><C:\WINDOWS\system32\ippipigg.dll>  []
    <{6500D9EC-09E5-4D05-AFB8-EB503A875D1C}><C:\WINDOWS\system32\mlggdpec.dll>  []
    <{F1B7EE85-0C2C-438B-811E-1710A8C6F7B7}><C:\WINDOWS\system32\fhbneeol.dll>  []
    <{62F7E6D6-1FA8-4731-B578-7CC5E26784AE}><C:\WINDOWS\system32\mifnemdm.dll>  []
    <{1134F346-D2AE-40B3-89D8-0D7BB1C4F67E}><C:\WINDOWS\system32\hhjkfjkm.dll>  []
    <{E41BF475-C513-44AF-B53D-5C3F20217409}><C:\WINDOWS\system32\ekhbfknl.dll>  []
    <{F89CCD07-ACE9-4140-93D2-735193EA4309}><C:\WINDOWS\system32\fopccdgn.dll>  []
    <{79040504-31C5-4D4C-8464-170E33B7A17D}><C:\WINDOWS\system32\npgkglgk.dll>  []
    <{CBB74BCB-ED5A-4572-8F01-0597EF45CC93}><C:\WINDOWS\system32\cbbnkbcb.dll>  []
    <{B44C21B2-87AD-47A3-ADC2-4BDC2AF92282}><C:\WINDOWS\system32\bkkcihbi.dll>  []
    <{C9A12522-01C1-43BC-85C3-0A7332492057}><C:\WINDOWS\system32\cpahilii.dll>  []
    <{257B76F7-C18B-447D-8CAE-A3047188EFFA}><C:\WINDOWS\system32\ilnbnmfn.dll>  []
    <{1A4C2393-3166-41BF-83EC-3BFC98A52EC0}><C:\WINDOWS\system32\hakcijpj.dll>  []
    <{47665FA5-FCF5-4444-B552-DF6549ECCA27}><C:\Program Files\Internet Explorer\UzsKtNt.Zs3>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <WebCheck><%SystemRoot%\system32\webcheck.dll>  [(Verified)Microsoft Windows Publisher]
    <SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Publisher]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Component Publisher]
    <29929200><C:\WINDOWS\system32\ippipigg.dll>  []
    <6500D9EC><C:\WINDOWS\system32\mlggdpec.dll>  []
    <F1B7EE85><C:\WINDOWS\system32\fhbneeol.dll>  []
    <62F7E6D6><C:\WINDOWS\system32\mifnemdm.dll>  []
    <1134F346><C:\WINDOWS\system32\hhjkfjkm.dll>  []
    <E41BF475><C:\WINDOWS\system32\ekhbfknl.dll>  []
    <F89CCD07><C:\WINDOWS\system32\fopccdgn.dll>  []
    <79040504><C:\WINDOWS\system32\npgkglgk.dll>  []
    <CBB74BCB><C:\WINDOWS\system32\cbbnkbcb.dll>  []
    <B44C21B2><C:\WINDOWS\system32\bkkcihbi.dll>  []
    <C9A12522><C:\WINDOWS\system32\cpahilii.dll>  []
    <257B76F7><C:\WINDOWS\system32\ilnbnmfn.dll>  []
    <1A4C2393><C:\WINDOWS\system32\hakcijpj.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    <WinlogonNotify: igfxcui><igfxdev.dll>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
    <浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RFWSTUB.EXE]
    <IFEO[RFWSTUB.EXE]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Thunder5.exe]
    <IFEO[Thunder5.exe]><svchost.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINDOWS\system32\ssmypics.scr>  [(Verified)Microsoft Windows Publisher]

==================================
启动文件夹
[核新SSL通讯安全代理]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\核新SSL通讯安全代理.lnk --> C:\中国银~1\SSLProxy\SSLCnt.exe [杭州核新软件技术有限公司]><N>
[腾讯QQ]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\腾讯QQ.lnk --> C:\PROGRA~1\Tencent\QQ\QQ.exe [TENCENT]><N>
[QQ游戏启动加速程序]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> D:\QQGAME\Accel.exe [深圳市腾讯计算机系统有限公司]><N>

==================================
服务
[DCOM Server Process Launcher / DcomLaunch][Running/Auto Start]
  <C:\WINDOWS\system32\svchost -k DcomLaunch-->%SystemRoot%\system32\rpcss.dll><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Qvod Terminal / Qvod Terminal][Stopped/Auto Start]
  <F:\1\金鹰卫星电视\QvodPlayer\QvodTerminal.exe><(File is missing)>
[Rav Process Communication Center / RavCCenter][Stopped/Auto Start]
  <C:\Program Files\Rising\Rav\CCENTER.EXE><Beijing Rising Information Technology Co., Ltd.>
[Rising RavTask Manager / RavTask][Stopped/Auto Start]
  <"C:\Program Files\Rising\Rav\RavTask.exe" RavTask><Beijing Rising Information Technology Co., Ltd.>
[Rising Proxy  Service / RfwProxySrv][Running/Auto Start]
  <C:\Program Files\Rising\Rfw\rfwProxy.exe><Beijing Rising Information Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Stopped/Auto Start]
  <C:\Program Files\Rising\Rfw\rfwsrv.exe><Beijing Rising Information Technology Co., Ltd.>
[Remote Procedure Call (RPC) / RpcSs][Running/Auto Start]
  <C:\WINDOWS\system32\svchost -k rpcss-->c:\windows\system32\rpcss.dll><N/A>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
  <C:\Program Files\Rising\Rav\RavMonD.exe><Beijing Rising Information Technology Co., Ltd.>
[Rising Scan Service / RsScanSrv][Stopped/Auto Start]
  <C:\Program Files\Rising\Rav\ScanFrm.exe><Beijing Rising Information Technology Co., Ltd.>
[SoundMAX Agent Service / SoundMAX Agent Service (default)][Running/Auto Start]
  <C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>
[Windows Media Connect Service / WMConnectCDS][Stopped/Manual Start]
  <C:\Program Files\Windows Media Connect 2\wmccds.exe><Microsoft Corporation>
[Windows Driver Foundation - User-mode Driver Framework / WudfSvc][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup-->%SystemRoot%\System32\WUDFSvc.dll><Microsoft Corporation>

==================================
驱动程序
[aeaudio / aeaudio][Running/Manual Start]
  <system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[AMD K8 Processor Driver / AmdK8][Stopped/Manual Start]
  <System32\DRIVERS\amdk8.sys><Advanced Micro Devices>
[BdGuard / BdGuard][Running/Boot Start]
  <\SystemRoot\system32\drivers\BDGuard.SYS><>
[Creative SB16/AWE32/AWE64 Driver (WDM) / ctlsb16][Stopped/Manual Start]
  <system32\drivers\ctlsb16.sys><Copyright (C) Creative Technology Ltd. 1994-2001>
[DC21x4 Based Network Adapter Driver / DC21x4][Stopped/Manual Start]
  <system32\DRIVERS\dc21x4.sys><Intel Corporation.>
[ENUS_NDIS_DRIVER / ENUS_NDIS_DRIVER][Running/Boot Start]
  <\SystemRoot\system32\enusndis.sys><N/A>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Information Technology Co., Ltd.>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[MidiSyn / MidiSyn][Stopped/Manual Start]
  <system32\drivers\MidiSyn.sys><Analog Devices, Inc.>
[NetGroup Packet Filter Driver / NPF][Running/Manual Start]
  <system32\drivers\npf.sys><CACE Technologies>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[QKeyServiceDisplay / QKeyService][Running/Boot Start]
  <\SystemRoot\system32\KeyCrypt.sys><Tencent Technology (Shenzhen) Company Limited>
[Rising  Rfwbase Driver / RfwBase][Running/Auto Start]
  <System32\DRIVERS\rfwbase.SYS><Beijing Rising Information Technology Co., Ltd.>
[RsFwDrv / RsFwDrv][Running/System Start]
  <\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Information Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Information Technology Co., Ltd.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Safe Mon 360 / SafeMon0][Running/System Start]
  <\??\C:\WINDOWS\system32\F31A42C5.dat><N/A>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[senfilt / senfilt][Running/Manual Start]
  <system32\drivers\senfilt.sys><Sensaura>
[smwdm / smwdm][Running/Manual Start]
  <system32\drivers\smwdm.sys><Analog Devices, Inc.>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[TesSafe / TesSafe][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>
[Windows Driver Foundation - User-mode Driver Framework Platform Driver / WudfPf][Stopped/Manual Start]
  <system32\DRIVERS\WudfPf.sys><Microsoft Corporation>
[Windows Driver Foundation - User-mode Driver Framework Reflector / WudfRd][Stopped/Manual Start]
  <system32\DRIVERS\wudfrd.sys><Microsoft Corporation>
[NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller / yukonwxp][Running/Manual Start]
  <system32\DRIVERS\yk51x86.sys><Marvell>
[Kisstusb / Kisstusb][Running/]
  <2 - 系统找不到指定的文件。
><N/A>
[msiffei / msiffei][Stopped/Manual Start]
  <System32\Drivers\msiffei.sys><N/A>

==================================
浏览器加载项
[QQCycloneHelper Class]
  {00000000-12C9-4305-82F9-43058F20E8D2} <C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll, (Signed) 腾讯公司>
[Tencent Browser Helper]
  {0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\SSPlus\SAddr.dll, (Signed) 腾讯>
[QQToolbar]
  {29CF293A-1E7D-4069-9E11-E39698D0AF95} <C:\Program Files\Tencent\QQToolbar\IEBar.dll, (Signed) TENCENT>
[]
  {47665FA5-FCF5-4444-B552-DF6549ECCA27} <C:\Program Files\Internet Explorer\UzsKtNt.Zs3, N/A>
[BandIE Class]
  {77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\PROGRA~1\baidu\bar\baidubar.dll, (Signed) Baidu.com, Inc.>
[卡卡上网安全助手]
  {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} <C:\WINDOWS\system32\UrlFilter.dll, (Signed) Beijing Rising Information Technology Co., Ltd.>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, (Signed) Microsoft Corporation>
[QQToolbar]
  {29CF293A-1E7D-4069-9E11-E39698D0AF95} <C:\Program Files\Tencent\QQToolbar\IEBar.dll, (Signed) TENCENT>
[百度工具栏]
  {B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\baidubar.dll, (Signed) Baidu.com, Inc.>
[WebActivater Control]
  {C661F36D-DF85-4EF4-83C7-E107B83D04B1} <C:\WINDOWS\system32\3DShowVM.ocx, QQ>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, (Signed) Adobe Systems, Inc.>
[QQCycloneHelper Class]
  {00000000-12C9-4305-82F9-43058F20E8D2} <C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll, (Signed) 腾讯公司>
[]
  {00000AAA-A363-466E-BEF5-9BB68697AA7F} <, >
[]
  {03507A1A-E0C5-4404-AA26-205385C0892D} <, >
[Tencent Browser Helper]
  {0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\SSPlus\SAddr.dll, (Signed) 腾讯>
[]
  {116BA71C-8187-4F15-9A1F-C9D6289155D1} <, >
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, (Signed) N/A>
[]
  {2974c985-8151-4de5-b23c-b875f0a8522f} <, >
[QQToolbar]
  {29CF293A-1E7D-4069-9E11-E39698D0AF95} <C:\Program Files\Tencent\QQToolbar\IEBar.dll, (Signed) TENCENT>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, (Signed) Microsoft Corporation>
[]
  {2EEDA47E-8D5C-4d7e-B4B6-E16E19218555} <, >
[]
  {367E0A21-8601-4986-9C9A-153BF5ACA118} <, >
[]
  {47665FA5-FCF5-4444-B552-DF6549ECCA27} <C:\Program Files\Internet Explorer\UzsKtNt.Zs3, N/A>
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[XMP Class]
  {6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
[XDRM]
  {693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[Active Desktop Mover]
  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, (Signed) N/A>
[]
  {77962960-536E-47EC-9DDB-52651519705F} <, >
[BandIE Class]
  {77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\PROGRA~1\baidu\bar\baidubar.dll, (Signed) Baidu.com, Inc.>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, (Signed) Microsoft Corporation>
[]
  {962EFB8E-2683-42D4-AC74-AAA4C759B9C6} <, >
[卡卡上网安全助手]
  {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} <C:\WINDOWS\system32\UrlFilter.dll, (Signed) Beijing Rising Information Technology Co., Ltd.>
[]
  {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <, >
[]
  {B070D3E3-FEC0-47D9-8E8A-99D4EEB3D3B0} <, >
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A>
[百度工具栏]
  {B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\baidubar.dll, (Signed) Baidu.com, Inc.>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, (Signed) Microsoft Corporation>
[WebActivater Control]
  {C661F36D-DF85-4EF4-83C7-E107B83D04B1} <C:\WINDOWS\system32\3DShowVM.ocx, QQ>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, (Signed) Adobe Systems, Inc.>
[TencentVmpCtl Class]
  {D9819BD5-422B-4281-8523-726466ED692B} <C:\Program Files\Tencent\Viewpoint Media Player\AxMetaStream.dll, Viewpoint Corporation>
[PlayerCtrl Class]
  {E05BC2A3-9A46-4A32-80C9-023A473F5B23} <C:\Program Files\Tencent\QQ\QzoneMusic.dll, (Signed) 深圳腾讯科技>
[PasswordEditCtrl Class]
  {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, (Signed) 腾讯科技（深圳）有限公司>
[]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <, >
[]
  {FB5DA724-162B-11D3-8B9B-AA70B4B0B524} <, >
[]
  {FB5DA724-162B-11D3-8B9B-AA70B4B0B525} <, >
[]
  {FB5F1910-F110-11D2-BB9E-00C04F795683} <, >
[&使用超级旋风下载]
  <C:\Program Files\Tencent\QQDownload\geturl.htm, N/A>
[&使用超级旋风下载全部链接]
  <C:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>

==================================
正在运行的进程
[PID: 576 / SYSTEM][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 660 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\csrss.dll]  [N/A, ]
    [C:\WINDOWS\system32\sh05022.dll]  [N/A, ]
[PID: 684 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\kopiebpj.dll]  [N/A, ]
    [C:\WINDOWS\system32\ijgkkbmf.dll]  [N/A, ]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 728 / SYSTEM][C:\WINDOWS\system32\services.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\kopiebpj.dll]  [N/A, ]
    [C:\WINDOWS\system32\ijgkkbmf.dll]  [N/A, ]
[PID: 740 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\kopiebpj.dll]  [N/A, ]
    [C:\WINDOWS\system32\ijgkkbmf.dll]  [N/A, ]
[PID: 896 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\kopiebpj.dll]  [N/A, ]
    [C:\WINDOWS\system32\ijgkkbmf.dll]  [N/A, ]
    [c:\windows\system32\rpcss.dll]  [N/A, ]
    [C:\WINDOWS\system32\anymie360.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\UzsKtNt.Zs3]  [N/A, ]
[PID: 984 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\kopiebpj.dll]  [N/A, ]
    [C:\WINDOWS\system32\ijgkkbmf.dll]  [N/A, ]
    [c:\windows\system32\rpcss.dll]  [N/A, ]
[PID: 1092 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\kopiebpj.dll]  [N/A, ]
    [C:\WINDOWS\System32\ijgkkbmf.dll]  [N/A, ]
[PID: 1240 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\kopiebpj.dll]  [N/A, ]
    [C:\WINDOWS\system32\ijgkkbmf.dll]  [N/A, ]
[PID: 1324 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\kopiebpj.dll]  [N/A, ]
    [C:\WINDOWS\system32\ijgkkbmf.dll]  [N/A, ]
[PID: 1372 / SYSTEM][C:\Program Files\Rising\Rfw\rfwProxy.exe]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.37]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\WINDOWS\system32\kopiebpj.dll]  [N/A, ]
    [C:\WINDOWS\system32\ijgkkbmf.dll]  [N/A, ]
    [C:\Program Files\Rising\Rfw\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\Program Files\Rising\Rfw\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\Program Files\Rising\Rfw\RfwRule.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.17]
    [C:\Program Files\Rising\Rfw\urlrule.dll]  [Beijing Rising Information Technology Co., Ltd., 1.0.0.15]
    [C:\Program Files\Rising\Rfw\MonMid.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.6]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1624 / Administrator][C:\WINDOWS\system32\conime.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\WINDOWS\system32\kopiebpj.dll]  [N/A, ]
    [C:\WINDOWS\system32\ijgkkbmf.dll]  [N/A, ]
    [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll]  [腾讯, 5, 0, 4, 15]
    [C:\Program Files\Internet Explorer\UzsKtNt.Zs3]  [N/A, ]
[PID: 1716 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\kopiebpj.dll]  [N/A, ]
    [C:\WINDOWS\system32\ijgkkbmf.dll]  [N/A, ]
[PID: 1116 / SYSTEM][C:\Program Files\Rising\Rav\ScanFrm.exe]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.11]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\WINDOWS\system32\kopiebpj.dll]  [N/A, ]
    [C:\WINDOWS\system32\ijgkkbmf.dll]  [N/A, ]
    [C:\Program Files\Rising\Rav\combase.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
    [C:\Program Files\Rising\Rav\moncomm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
    [C:\Program Files\Rising\Rav\scansrvp.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.11]
    [C:\Program Files\Rising\Rav\proccomm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [C:\Program Files\Rising\Rav\ScanSrv.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.9]
    [C:\Program Files\Rising\Rav\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [C:\Program Files\Rising\Rav\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Rising\Rav\ScanRavT.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.23]
    [C:\Program Files\Rising\Rav\ScanBT.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.36]
    [C:\Program Files\Rising\Rav\ScanStub.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.8]
    [C:\Program Files\Rising\Rav\RsLog.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.32]
    [C:\Program Files\Rising\Rav\ScanAdd.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.14]
    [C:\Program Files\Rising\Rav\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.13]
    [C:\Program Files\Rising\Rav\Scanner.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.32]
    [C:\Program Files\Rising\Rav\recomp.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [C:\Program Files\Rising\Rav\refs.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [C:\Program Files\Rising\Rav\viruslib.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [C:\Program Files\Rising\Rav\relibldr.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [C:\Program Files\Rising\Rav\mvengine.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [C:\Program Files\Rising\Rav\SysMail.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.5]
    [C:\Program Files\Rising\Rav\posttrt.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [C:\Program Files\Rising\Rav\ffr.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [C:\Program Files\Rising\Rav\nvfile.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [C:\Program Files\Rising\Rav\scanexec.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [C:\Program Files\Rising\Rav\unexe.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
    [C:\Program Files\Rising\Rav\scanex.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 17]
    [C:\Program Files\Rising\Rav\pearc.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [C:\Program Files\Rising\Rav\scanpe.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7]
    [C:\Program Files\Rising\Rav\ur000.dat]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
    [C:\Program Files\Rising\Rav\extfile.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
    [C:\Program Files\Rising\Rav\revm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [C:\Program Files\Rising\Rav\urutils.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [C:\Program Files\Rising\Rav\scriptci.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
    [C:\Program Files\Rising\Rav\uroutine.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [C:\Program Files\Rising\Rav\ur001.dat]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [C:\Program Files\Rising\Rav\rsstore.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9]
    [C:\Program Files\Rising\Rav\scansct.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [C:\Program Files\Rising\Rav\ur025.dat]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
    [C:\Program Files\Rising\Rav\extole.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
    [C:\Program Files\Rising\Rav\extmail.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
[PID: 1148 / SYSTEM][C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe]  [Analog Devices, Inc., 3, 2, 6, 0]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\WINDOWS\system32\kopiebpj.dll]  [N/A, ]
    [C:\WINDOWS\system32\ijgkkbmf.dll]  [N/A, ]
[PID: 1164 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\kopiebpj.dll]  [N/A, ]
    [C:\WINDOWS\system32\ijgkkbmf.dll]  [N/A, ]
[PID: 1904 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\WINDOWS\System32\kopiebpj.dll]  [N/A, ]
    [C:\WINDOWS\System32\ijgkkbmf.dll]  [N/A, ]
[PID: 1828 / Administrator][C:\Program Files\Rising\Rav\rsnetsvr.exe]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
    [C:\Program Files\Rising\Rav\NComm.dll]  [Beijing Rising Information Technology Co., Ltd., 6.0.0.9]
    [C:\Program Files\Rising\Rav\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\WINDOWS\system32\kopiebpj.dll]  [N/A, ]
    [C:\WINDOWS\system32\ijgkkbmf.dll]  [N/A, ]
    [C:\Program Files\Rising\Rav\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [C:\Program Files\Rising\Rav\ProcComm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll]  [腾讯, 5, 0, 4, 15]
    [C:\Program Files\Internet Explorer\UzsKtNt.Zs3]  [N/A, ]
[PID: 1368 / Administrator][C:\Program Files\Rising\Rav\RsMain.exe]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\WINDOWS\system32\kopiebpj.dll]  [N/A, ]
    [C:\WINDOWS\system32\ijgkkbmf.dll]  [N/A, ]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Rising\Rav\rspalmgr.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.29]
    [C:\Program Files\Rising\Rav\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [C:\Program Files\Rising\Rav\RSXML.DLL]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Rising\Rav\RsGuiLib.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 70]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Rising\Rav\rslang.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 27]
    [C:\Program Files\Rising\Rav\ravbmenu.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 15]
    [C:\Program Files\Rising\Rav\rsconf.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [C:\Program Files\Rising\Rav\rspalvd.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.21]
    [C:\Program Files\Rising\Rav\ravppops.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
    [C:\Program Files\Rising\Rav\ravbintl.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 25]
    [C:\Program Files\Rising\Rav\ravpsafe.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.24]
    [C:\Program Files\Rising\Rav\MonState.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7]
    [C:\Program Files\Rising\Rav\ScanPrxy.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.13]
    [C:\Program Files\Rising\Rav\psafecfg.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.17]
    [C:\Program Files\Rising\Rav\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.13]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
    [C:\Program Files\Rising\Rav\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [C:\Program Files\Rising\Rav\ProcComm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [C:\Program Files\Rising\Rav\ravxpage.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 81]
    [C:\Program Files\Rising\Rav\ravxmons.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 24]
    [C:\Program Files\Rising\Rav\ravptool.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.20]
    [C:\Program Files\Rising\Rav\log2file.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.5]
    [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll]  [腾讯, 5, 0, 4, 15]
    [C:\Program Files\Rising\Rav\PngDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [C:\Program Files\Rising\Rav\htmllib.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
    [C:\Program Files\Rising\Rav\rsvrinfo.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
    [C:\Program Files\Rising\Rav\recomp.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [C:\Program Files\Rising\Rav\refs.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [C:\Program Files\Rising\Rav\viruslib.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [C:\Program Files\Rising\Rav\relibldr.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [C:\WINDOWS\system32\ippipigg.dll]  [N/A, ]
    [C:\WINDOWS\system32\mlggdpec.dll]  [N/A, ]
    [C:\WINDOWS\system32\fhbneeol.dll]  [N/A, ]
    [C:\WINDOWS\system32\mifnemdm.dll]  [N/A, ]
    [C:\WINDOWS\system32\hhjkfjkm.dll]  [N/A, ]
    [C:\WINDOWS\system32\ekhbfknl.dll]  [N/A, ]
    [C:\WINDOWS\system32\fopccdgn.dll]  [N/A, ]
    [C:\WINDOWS\system32\npgkglgk.dll]  [N/A, ]
    [C:\WINDOWS\system32\cbbnkbcb.dll]  [N/A, ]
    [C:\WINDOWS\system32\hakcijpj.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\UzsKtNt.Zs3]  [N/A, ]
[PID: 1044 / Administrator][C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe]  [Analog Devices, Inc., 5, 0, 2, 2]
    [C:\Program Files\Analog Devices\SoundMAX\SMWDMIF.dll]  [Analog Devices, Inc., 5, 0, 3, 001]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\WINDOWS\system32\kopiebpj.dll]  [N/A, ]
    [C:\WINDOWS\system32\ijgkkbmf.dll]  [N/A, ]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll]  [腾讯, 5, 0, 4, 15]
    [C:\Program Files\Internet Explorer\UzsKtNt.Zs3]  [N/A, ]
[PID: 1392 / Administrator][C:\WINDOWS\system32\hkcmd.exe]  [Intel Corporation, 3.0.0.4396]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.4396]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\WINDOWS\system32\kopiebpj.dll]  [N/A, ]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4396]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.4396]
    [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll]  [腾讯, 5, 0, 4, 15]
    [C:\Program Files\Internet Explorer\UzsKtNt.Zs3]  [N/A, ]
[PID: 892 / Administrator][C:\WINDOWS\system32\igfxpers.exe]  [Intel Corporation, 3.0.0.4396]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\WINDOWS\system32\kopiebpj.dll]  [N/A, ]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4396]
    [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll]  [腾讯, 5, 0, 4, 15]
    [C:\Program Files\Internet Explorer\UzsKtNt.Zs3]  [N/A, ]
[PID: 1140 / Administrator][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3510]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\WINDOWS\system32\kopiebpj.dll]  [N/A, ]
    [C:\WINDOWS\system32\ijgkkbmf.dll]  [N/A, ]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll]  [腾讯, 5, 0, 4, 15]
    [C:\Program Files\Internet Explorer\UzsKtNt.Zs3]  [N/A, ]
[PID: 1132 / Administrator][C:\WINDOWS\system32\Rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\WINDOWS\system32\kopiebpj.dll]  [N/A, ]
    [C:\WINDOWS\system32\ijgkkbmf.dll]  [N/A, ]
    [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll]  [腾讯, 5, 0, 4, 15]
    [C:\Program Files\Internet Explorer\UzsKtNt.Zs3]  [N/A, ]
[PID: 1568 / Administrator][C:\Program Files\racer-ccn-racerpc-ha\racer.exe]  [Putian Runway, 3,3,130,306]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\WINDOWS\system32\kopiebpj.dll]  [N/A, ]
    [C:\WINDOWS\system32\ijgkkbmf.dll]  [N/A, ]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\racer-ccn-racerpc-ha\rwxre.dll]  [Putian Runway, 3,3,130,306]
    [C:\Program Files\racer-ccn-racerpc-ha\nspr4.dll]  [Netscape Communications Corporation, 4.6.1]
    [C:\Program Files\racer-ccn-racerpc-ha\xpcom_core.dll]  [Mozilla Foundation, Personal]
    [C:\Program Files\racer-ccn-racerpc-ha\plc4.dll]  [Netscape Communications Corporation, 4.6.1]
    [C:\Program Files\racer-ccn-racerpc-ha\plds4.dll]  [Netscape Communications Corporation, 4.6.1]
    [C:\Program Files\racer-ccn-racerpc-ha\nss3.dll]  [Netscape Communications Corporation, 3.10.2]
    [C:\Program Files\racer-ccn-racerpc-ha\softokn3.dll]  [Netscape Communications Corporation, 3.10.2]
    [C:\Program Files\racer-ccn-racerpc-ha\js3250.dll]  [Netscape Communications Corporation, 4.0]
    [C:\Program Files\racer-ccn-racerpc-ha\gkgfx.dll]  [Mozilla Foundation, Personal]
    [C:\Program Files\racer-ccn-racerpc-ha\xpcom_compat.dll]  [Mozilla Foundation, Personal]
    [C:\Program Files\racer-ccn-racerpc-ha\smime3.dll]  [Netscape Communications Corporation, 3.10.2]
    [C:\Program Files\racer-ccn-racerpc-ha\ssl3.dll]  [Netscape Communications Corporation, 3.10.2]
    [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll]  [腾讯, 5, 0, 4, 15]
    [C:\Program Files\racer-ccn-racerpc-ha\components\racer_base_comp.dll]  [Putian Runway, 3,3,130,306]
    [C:\Program Files\racer-ccn-racerpc-ha\racer_base.dll]  [Putian Runway, 3,3,130,306]
    [C:\Program Files\racer-ccn-racerpc-ha\kbdhook.dll]  [Putian Runway, 3,3,130,306]
    [C:\Program Files\racer-ccn-racerpc-ha\components\jar50.dll]  [Mozilla Foundation, Personal]
    [C:\Program Files\racer-ccn-racerpc-ha\components\gklayout.dll]  [Mozilla Foundation, Personal]
    [C:\Program Files\racer-ccn-racerpc-ha\nssckbi.dll]  [Netscape Communications Corporation, 1.53]
    [C:\Program Files\racer-ccn-racerpc-ha\components\racer_ad_comp.dll]  [Putian Runway, 3,3,130,306]
    [C:\Program Files\racer-ccn-racerpc-ha\components\racer_access_pppoe.dll]  [Putian Runway, 3,3,130,325]
    [C:\Program Files\racer-ccn-racerpc-ha\pppoe.dll]  [北京润汇科技有限公司, 9, 0, 22, 50]
    [C:\Program Files\racer-ccn-racerpc-ha\components\racer_nss4_comp.dll]  [Putian Runway, 3,3,130,306]
    [C:\Program Files\racer-ccn-racerpc-ha\nss4.dll]  [北京润汇科技有限公司, 1, 0, 0, 4]
    [C:\Program Files\racer-ccn-racerpc-ha\wpcap.dll]  [CACE Technologies, 3, 2, 0, 29]
    [C:\Program Files\racer-ccn-racerpc-ha\packet.dll]  [CACE Technologies, 3, 2, 0, 29]
    [C:\Program Files\racer-ccn-racerpc-ha\WanPacket.dll]  [CACE Technologies, 3, 2, 0, 29]
    [C:\Program Files\racer-ccn-racerpc-ha\plugins\NPSWF32.dll]  [, ]
    [C:\Program Files\Internet Explorer\UzsKtNt.Zs3]  [N/A, ]
[PID: 1812 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [(Infected) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\WINDOWS\system32\kopiebpj.dll]  [N/A, ]
    [C:\WINDOWS\system32\ijgkkbmf.dll]  [N/A, ]
    [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll]  [腾讯, 5, 0, 4, 15]
[PID: 2204 / Administrator][C:\中国银河证券双子星\SSLProxy\SSLCnt.exe]  [杭州核新软件技术有限公司, 1.98.2003.0210]
    [C:\中国银河证券双子星\SSLProxy\crypteng.dll]  [杭州核新软件技术有限公司, 1.42.2001.0303]
    [C:\中国银河证券双子星\SSLProxy\sslproxy.dll]  [杭州核新软件技术有限公司, 1.52.2002.326]
    [C:\中国银河证券双子星\SSLProxy\CAsAPI.dll]  [杭州核新软件技术有限公司, 1.49.2002.422]
    [C:\中国银河证券双子星\SSLProxy\Scard.dll]  [杭州核新软件技术有限公司, 1.02.2001.0529]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\WINDOWS\system32\kopiebpj.dll]  [N/A, ]
    [C:\WINDOWS\system32\ijgkkbmf.dll]  [N/A, ]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll]  [腾讯, 5, 0, 4, 15]
    [C:\中国银河证券双子星\SSLProxy\CAs\CTCA.dll]  [杭州核新软件技术有限公司, 1.05.2001.1116]
    [C:\中国银河证券双子星\SSLProxy\CAs\Sheca.dll]  [杭州核新软件技术有限公司, 1.07.2001.0706]
    [C:\Program Files\Internet Explorer\UzsKtNt.Zs3]  [N/A, ]
[PID: 2948 / Administrator][C:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\WINDOWS\system32\kopiebpj.dll]  [N/A, ]
    [C:\WINDOWS\system32\ijgkkbmf.dll]  [N/A, ]
    [C:\Program Files\Rising\AntiSpyware\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [C:\Program Files\Rising\AntiSpyware\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [C:\PROGRA~1\RACER-~1\pppoe.dll]  [北京润汇科技有限公司, 9, 0, 22, 50]
    [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll]  [腾讯, 5, 0, 4, 15]
    [C:\Program Files\Internet Explorer\UzsKtNt.Zs3]  [N/A, ]
[PID: 3080 / Administrator][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\191333]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\WINDOWS\system32\kopiebpj.dll]  [N/A, ]
    [C:\WINDOWS\system32\ijgkkbmf.dll]  [N/A, ]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll]  [腾讯, 5, 0, 4, 15]
[PID: 3480 / Administrator][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\523366]  [N/A, ]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\WINDOWS\system32\HBCHIBI.dll]  [N/A, ]
    [C:\WINDOWS\system32\ippipigg.dll]  [N/A, ]
    [C:\WINDOWS\system32\mlggdpec.dll]  [N/A, ]
    [C:\WINDOWS\system32\hjdlhpem.dll]  [N/A, ]
    [C:\WINDOWS\system32\nkiebgcf.dll]  [N/A, ]
    [C:\WINDOWS\system32\kffhdglf.dll]  [N/A, ]
    [C:\WINDOWS\system32\fhbneeol.dll]  [N/A, ]
    [C:\WINDOWS\system32\mocnmlef.dll]  [N/A, ]
    [C:\WINDOWS\system32\mifnemdm.dll]  [N/A, ]
    [C:\WINDOWS\system32\aocldokj.dll]  [N/A, ]
    [C:\WINDOWS\system32\hhjkfjkm.dll]  [N/A, ]
    [C:\WINDOWS\system32\mlddncjm.dll]  [N/A, ]
    [C:\WINDOWS\system32\ekhbfknl.dll]  [N/A, ]
[PID: 332 / Administrator][C:\WINDOWS\explorer.exe]  [(Verified) Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\WINDOWS\system32\HBCHIBI.dll]  [N/A, ]
    [C:\WINDOWS\system32\ippipigg.dll]  [N/A, ]
    [C:\WINDOWS\system32\mlggdpec.dll]  [N/A, ]
    [C:\WINDOWS\system32\nkiebgcf.dll]  [N/A, ]
    [C:\WINDOWS\system32\kffhdglf.dll]  [N/A, ]
    [C:\WINDOWS\system32\fhbneeol.dll]  [N/A, ]
    [C:\WINDOWS\system32\mocnmlef.dll]  [N/A, ]
    [C:\WINDOWS\system32\mifnemdm.dll]  [N/A, ]
    [C:\WINDOWS\system32\aocldokj.dll]  [N/A, ]
    [C:\WINDOWS\system32\hhjkfjkm.dll]  [N/A, ]
    [C:\WINDOWS\system32\mlddncjm.dll]  [N/A, ]
    [C:\WINDOWS\system32\ekhbfknl.dll]  [N/A, ]
    [C:\WINDOWS\system32\fopccdgn.dll]  [N/A, ]
    [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll]  [腾讯, 5, 0, 4, 15]
    [C:\WINDOWS\system32\npgkglgk.dll]  [N/A, ]
    [C:\WINDOWS\system32\cbbnkbcb.dll]  [N/A, ]
    [C:\WINDOWS\system32\anymie360.dll]  [N/A, ]
    [C:\WINDOWS\system32\hakcijpj.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\UzsKtNt.Zs3]  [N/A, ]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
[PID: 204 / Administrator][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\604807]  [N/A, ]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\WINDOWS\system32\ippipigg.dll]  [N/A, ]
    [C:\WINDOWS\system32\mlggdpec.dll]  [N/A, ]
    [C:\WINDOWS\system32\fhbneeol.dll]  [N/A, ]
    [C:\WINDOWS\system32\mifnemdm.dll]  [N/A, ]
    [C:\WINDOWS\system32\aocldokj.dll]  [N/A, ]
    [C:\WINDOWS\system32\hhjkfjkm.dll]  [N/A, ]
    [C:\WINDOWS\system32\mlddncjm.dll]  [N/A, ]
    [C:\WINDOWS\system32\ekhbfknl.dll]  [N/A, ]
    [C:\WINDOWS\system32\fopccdgn.dll]  [N/A, ]
    [C:\WINDOWS\system32\npgkglgk.dll]  [N/A, ]
    [C:\WINDOWS\system32\lnnahjfl.dll]  [N/A, ]
    [C:\WINDOWS\system32\cbbnkbcb.dll]  [N/A, ]
    [C:\WINDOWS\system32\bkkcihbi.dll]  [N/A, ]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll]  [腾讯, 5, 0, 4, 15]
    [C:\Program Files\Internet Explorer\UzsKtNt.Zs3]  [N/A, ]
[PID: 2924 / Administrator][c:\program files\internet explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\WINDOWS\system32\HBCHIBI.dll]  [N/A, ]
    [C:\WINDOWS\system32\ippipigg.dll]  [N/A, ]
    [C:\WINDOWS\system32\mlggdpec.dll]  [N/A, ]
    [C:\WINDOWS\system32\fhbneeol.dll]  [N/A, ]
    [C:\WINDOWS\system32\mifnemdm.dll]  [N/A, ]
    [C:\WINDOWS\system32\hhjkfjkm.dll]  [N/A, ]
    [C:\WINDOWS\system32\ekhbfknl.dll]  [N/A, ]
    [C:\WINDOWS\system32\fopccdgn.dll]  [N/A, ]
    [C:\WINDOWS\system32\npgkglgk.dll]  [N/A, ]
    [C:\WINDOWS\system32\cbbnkbcb.dll]  [N/A, ]
    [C:\WINDOWS\system32\bkkcihbi.dll]  [N/A, ]
    [C:\WINDOWS\system32\cpahilii.dll]  [N/A, ]
    [C:\WINDOWS\system32\ilnbnmfn.dll]  [N/A, ]
    [C:\WINDOWS\system32\hakcijpj.dll]  [N/A, ]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll]  [腾讯, 5, 0, 4, 15]
    [C:\WINDOWS\downlo~1\Ixhdaa.dll]  [腾讯, 5, 1, 3, 15]
    [C:\Program Files\Internet Explorer\UzsKtNt.Zs3]  [N/A, ]
    [C:\Program Files\Tencent\QQToolbar\IEBar.dll]  [TENCENT, 3, 0, 9, 11]
    [C:\Documents and Settings\Administrator\Application Data\TENCENT\QQToolbar\buttons\Toolbar.dll]  [TENCENT, 3, 0, 9, 11]
    [C:\Documents and Settings\Administrator\Application Data\TENCENT\QQToolbar\buttons\TBAddr.dll]  [TENCENT, 3, 0, 3, 10]
    [C:\Documents and Settings\Administrator\Application Data\TENCENT\QQToolbar\buttons\QQMail.dll]  [TENCENT, 3, 0, 5, 11]
    [C:\Documents and Settings\Administrator\Application Data\TENCENT\QQToolbar\buttons\Shuqian.dll]  [TENCENT, 3, 0, 7, 10]
    [C:\Documents and Settings\Administrator\Application Data\TENCENT\QQToolbar\buttons\Wenwen.dll]  [TENCENT, 3, 0, 3, 11]
    [C:\Documents and Settings\Administrator\Application Data\TENCENT\QQToolbar\buttons\Weather.dll]  [TENCENT, 3, 0, 2, 11]
    [C:\Documents and Settings\Administrator\Application Data\TENCENT\QQToolbar\buttons\Paipai.dll]  [TENCENT, 3, 0, 3, 11]
    [C:\Documents and Settings\Administrator\Application Data\TENCENT\QQToolbar\buttons\Qzone.dll]  [TENCENT, 3, 0, 5, 14]
    [C:\Documents and Settings\Administrator\Application Data\TENCENT\QQToolbar\buttons\MusicBox.dll]  [TENCENT, 3, 0, 4, 10]
    [C:\PROGRA~1\baidu\bar\baidubar.dll]  [Baidu.com, Inc., 2, 0, 2, 181]
    [C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll]  [腾讯公司, 1, 9, 252, 252]
    [C:\Program Files\TENCENT\SSPlus\SAddr.dll]  [腾讯, 5, 1, 3, 15]
    [C:\WINDOWS\system32\UrlFilter.dll]  [Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 15]
    [C:\Program Files\Rising\AntiSpyware\UrlRule.dll]  [Beijing Rising Information Technology Co., Ltd., 1.0.0.15]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.55]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx]  [Adobe Systems, Inc., 9,0,124,0]
[PID: 3216 / Administrator][E:\1\SREngLdr.EXE]  [Smallfrogs Studio, 2.7.0.1210]
    [E:\1\USP10.dll]  [Microsoft Corporation, 1.0420.2600.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\mifnemdm.dll]  [N/A, ]
    [C:\WINDOWS\system32\fhbneeol.dll]  [N/A, ]
    [C:\WINDOWS\system32\npgkglgk.dll]  [N/A, ]
    [C:\WINDOWS\system32\mlggdpec.dll]  [N/A, ]
    [C:\WINDOWS\system32\ippipigg.dll]  [N/A, ]
    [C:\WINDOWS\system32\fopccdgn.dll]  [N/A, ]
    [C:\WINDOWS\system32\ekhbfknl.dll]  [N/A, ]
    [C:\WINDOWS\system32\hakcijpj.dll]  [N/A, ]
    [C:\WINDOWS\system32\cbbnkbcb.dll]  [N/A, ]
    [C:\WINDOWS\system32\hhjkfjkm.dll]  [N/A, ]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll]  [腾讯, 5, 0, 4, 15]
    [C:\Program Files\Internet Explorer\UzsKtNt.Zs3]  [N/A, ]
[PID: 2280 / Administrator][E:\1\SREfd3caee2.EXE]  [Smallfrogs Studio, 2.7.0.1210]
    [E:\1\USP10.dll]  [Microsoft Corporation, 1.0420.2600.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\mifnemdm.dll]  [N/A, ]
    [C:\WINDOWS\system32\fhbneeol.dll]  [N/A, ]
    [C:\WINDOWS\system32\npgkglgk.dll]  [N/A, ]
    [C:\WINDOWS\system32\mlggdpec.dll]  [N/A, ]
    [C:\WINDOWS\system32\ippipigg.dll]  [N/A, ]
    [C:\WINDOWS\system32\fopccdgn.dll]  [N/A, ]
    [C:\WINDOWS\system32\ekhbfknl.dll]  [N/A, ]
    [C:\WINDOWS\system32\hakcijpj.dll]  [N/A, ]
    [C:\WINDOWS\system32\cbbnkbcb.dll]  [N/A, ]
    [C:\WINDOWS\system32\hhjkfjkm.dll]  [N/A, ]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll]  [腾讯, 5, 0, 4, 15]
    [C:\Program Files\Internet Explorer\UzsKtNt.Zs3]  [N/A, ]
    [E:\1\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
[D:\]
[AutoRun]
Open=weiai.exe
Shell\Open=打开(&O)
Shell\Open\Command=weiai.exe
Shell\Open\Default=1
Shell\Explore=资源管理器(&X)
Shell\Explore\Command=weiai.exe

==================================
HOSTS 文件
127.0.0.1       v.onondown.com.cn
127.0.0.2       ymsdasdw1.cn
127.0.0.3       h96b.info
127.0.0.0       fuck.zttwp.cn
127.0.0.0       www.hackerbf.cn
127.0.0.0       ww.popdm.cn
127.1.1.1       bbt.etimes888.com
127.1.1.1       219.147.13.53
127.1.1.1       20068080.cn
127.1.1.1       l.neter888.cn
127.1.1.1       stat.untang.com
127.1.1.1       www.ikdy.cn
127.0.0.0       geekbyfeng.cn
127.0.0.0       121.14.101.68
127.0.0.0       ppp.etimes888.com
127.0.0.0       www.bypk.com
127.0.0.0       CSC3-2004-crl.verisign.com
127.0.0.1       va9sdhun23.cn
127.0.0.0       udp.hjob123.com
127.1.1.1       999.hfdy2828.com
127.1.1.1       www.hfdy2929.com
127.1.1.1       www.xiazaide1.cn
127.1.1.1       www.vuf51579.cn
127.1.1.1       wm.eo2q.cn
127.1.1.1       d.www-263.com
127.1.1.1       www.ssy1688.cn
127.1.1.1       121.12.173.218
127.1.1.1       qq.18i16.net
127.1.1.1       a.baidu-6661.com
127.1.1.1       www.vuf51579.cn
127.1.1.1       www.1079223105.cn
127.1.1.1       home.xzx6.cn
127.1.1.1       top.fgc3.cn
127.1.1.1       165.246.44.228
127.1.1.1       wwww.ttfafa.com
127.1.1.1       pa.tt-09.com
127.0.0.2       bnasnd83nd.cn
127.0.0.0       www.gamehacker.com.cn
127.0.0.0       gamehacker.com.cn
127.1.1.1       www.cctv-100008.cn
127.1.1.1       222.73.208.141
127.0.0.3       adlaji.cn
127.1.1.1       aiyyw.com
127.0.0.1       858656.com
127.1.1.1       bnasnd83nd.cn
127.0.0.1       my123.com
127.0.0.0       user1.12-27.net
127.0.0.1       8749.com
127.0.0.0       fengent.cn
127.0.0.1       4199.com
127.0.0.1       user1.16-22.net
127.0.0.1       7379.com
127.0.0.1       2be37c5f.3f6e2cc5f0b.com
127.0.0.1       7255.com
127.0.0.1       user1.23-12.net
127.0.0.1       3448.com
127.0.0.1       www.guccia.net
127.0.0.1       7939.com
127.0.0.1       a.o1o1o1.nEt
127.0.0.1       8009.com
127.0.0.1       user1.12-73.cn
127.0.0.1       piaoxue.com
127.0.0.1       3n8nlasd.cn
127.0.0.1       kzdh.com
127.0.0.0       www.sony888.cn
127.0.0.1       about.blank.la
127.0.0.0       user1.asp-33.cn
127.0.0.1       6781.com
127.0.0.0       www.netkwek.cn
127.0.0.1       7322.com
127.0.0.0       ymsdkad6.cn
127.0.0.1       localhost
127.0.0.0       www.lkwueir.cn
127.0.0.1       06.jacai.com
127.0.1.1       user1.23-17.net
127.0.0.1       1.jopenkk.com
127.0.0.0       upa.luzhiai.net
127.0.0.1       1.jopenqc.com
127.0.0.0       www.guccia.net
127.0.0.1       1.joppnqq.com
127.0.0.0       4m9mnlmi.cn
127.0.0.1       1.xqhgm.com
127.0.0.0       mm119mkssd.cn
127.0.0.1       100.332233.com
127.0.0.0       61.128.171.115:8080
127.0.0.1       121.11.90.79
127.0.0.0       www.1119111.com
127.0.0.1       121565.net
127.0.0.0       win.nihao69.cn
127.0.0.1       125.90.88.38
127.0.0.1       16888.6to23.com
127.0.0.1       2.joppnqq.com
127.0.0.0       puc.lianxiac.net
127.0.0.1       204.177.92.68
127.0.0.0       pud.lianxiac.net
127.0.0.1       210.74.145.236
127.0.0.0       210.76.0.133
127.0.0.1       219.129.239.220
127.0.0.0       61.166.32.2
127.0.0.1       219.153.40.221
127.0.0.0       218.92.186.27
127.0.0.1       219.153.46.27
127.0.0.0       www.fsfsfag.cn
127.0.0.1       219.153.52.123
127.0.0.0       ovo.ovovov.cn
127.0.0.1       221.195.42.71
127.0.0.0       dw.com.com
127.0.0.1       222.73.218.115
127.0.0.1       203.110.168.233:80
127.0.0.1       3.joppnqq.com
127.0.0.1       203.110.168.221:80
127.0.0.1       363xx.com
127.0.0.1       www1.ip10086.com.cm
127.0.0.1       4199.com
127.0.0.1       blog.ip10086.com.cn
127.0.0.1       43242.com
127.0.0.1       www.ccji68.cn
127.0.0.1       5.xqhgm.com
127.0.0.0       t.myblank.cn
127.0.0.1       520.mm5208.com
127.0.0.0       x.myblank.cn
127.0.0.1       59.34.131.54
127.0.0.1       210.51.45.5
127.0.0.1       59.34.198.228
127.0.0.1       www.ew1q.cn
127.0.0.1       59.34.198.88
127.0.0.1       59.34.198.97
127.0.0.1       60.190.114.101
127.0.0.1       60.190.218.34
127.0.0.0       qq-xing.com.cn
127.0.0.1       60.191.124.252
127.0.0.1       61.145.117.212
127.0.0.1       61.157.109.222
127.0.0.1       75.126.3.216
127.0.0.1       220.250.64.21
127.0.0.1       75.126.3.217
127.0.0.1       75.126.3.218
127.0.0.0       59.125.231.177:17777
127.0.0.1       75.126.3.220
127.0.0.1       75.126.3.221
127.0.0.1       75.126.3.222
127.0.0.1       772630.com
127.0.0.1       832823.cn
127.0.0.1       8749.com
127.0.0.1       888.jopenqc.com
127.0.0.1       89382.cn
127.0.0.1       8v8.biz
127.0.0.1       97725.com
127.0.0.1       9gg.biz
127.0.0.1       www.9000music.com
127.0.0.1       test.591jx.com
127.0.0.1       a.topxxxx.cn
127.0.0.1       picon.chinaren.com
127.0.0.1       www.5566.net
127.0.0.1       p.qqkx.com
127.0.0.1       news.netandtv.com
127.0.0.1       z.neter888.cn
127.0.0.1       b.myblank.cn
127.0.0.1       wvw.wokutu.com
127.0.0.1       unionch.qyule.com
127.0.0.1       www.qyule.com
127.0.0.1       it.itjc.cn
127.0.0.1       www.linkwww.com
127.0.0.1       vod.kaicn.com
127.0.0.1       www.tx8688.com
127.0.0.1       b.neter888.cn
127.0.0.1       promote.huanqiu.com
127.0.0.1       www.huanqiu.com
127.0.0.1       www.haokanla.com
127.0.0.1       play.unionsky.cn
127.0.0.1       www.52v.com
127.0.0.1       www.gghka.cn
127.0.0.1       icon.ajiang.net
127.0.0.1       new.ete.cn
127.0.0.1       www.stiae.cn
127.0.0.1       o.neter888.cn
127.0.0.1       comm.jinti.com
127.0.0.1       www.google-analytics.com
127.0.0.1       hz.mmstat.com
127.0.0.1       www.game175.cn
127.0.0.1       x.neter888.cn
127.0.0.1       z.neter888.cn
127.0.0.1       p.etimes888.com
127.0.0.1       hx.etimes888.com
127.0.0.1       abc.qqkx.com
127.0.0.1       dm.popdm.cn
127.0.0.1       www.yl9999.com
127.0.0.1       www.dajiadoushe.cn
127.0.0.1       v.onondown.com.cn
127.0.0.1       www.interoo.net
127.0.0.1       bally1.bally-bally.net
127.0.0.1       www.bao5605509.cn
127.0.0.1       www.rty456.cn
127.0.0.1       www.werqwer.cn
127.0.0.1       1.360-1.cn
127.0.0.1       user1.23-16.net
127.0.0.1       www.guccia.net
127.0.0.1       www.interoo.net
127.0.0.1       upa.netsool.net
127.0.0.1       js.users.51.la
127.0.0.1       vip2.51.la
127.0.0.1       web.51.la
127.0.0.1       qq.gong2008.com
127.0.0.1       2008tl.copyip.com
127.0.0.1       tla.laozihuolaile.cn
127.0.0.1       www.tx6868.cn
127.0.0.1       p001.tiloaiai.com
127.0.0.1       s1.tl8tl.com
127.0.0.1       s1.gong2008.com
127.0.0.1       4b3ce56f9g.3f6e2cc5f0b.com
127.0.0.1       2be37c5f.3f6e2cc5f0b.com

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 1044, C:\PROGRAM FILES\ANALOG DEVICES\SOUNDMAX\SMAX4PNP.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1140, C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1568, C:\PROGRAM FILES\RACER-CCN-RACERPC-HA\RACER.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 3080, C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\191333]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3080, C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\191333]
特殊特权被允许： SeDebugPrivilege [PID = 3216, E:\1\SRENGLDR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3216, E:\1\SRENGLDR.EXE]

==================================
计划任务
[已启用] SogouImeMgr.job
        C:\PROGRA~1\SOGOUI~1\360~1.165\PinyinRepair.exe 

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]