[CODE]

2008-07-31,09:16:32

System Repair Engineer 2..4
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <360Safebox><"D:\Program Files\360Safebox\safeboxTray.exe" /r>  [N/A]
    <360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <kvonreboot><C:\WINDOWS\system32\360Kill.bat>  [N/A]
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe,lbf18.exe,,rt17.exe,wnj17.exe,guwf17.exe,kdqn17.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><userinit.exe,EXPLORER.EXE>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><zsqf.dll,ytfa.dll,ytfb.dll,ytfc.dll>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
    <{004E654C-E519-4187-ADF4-B4E313A99947}><>  [N/A]
    <{2876D76C-CAAA-4313-AF97-8D1D9A2A1087}><C:\WINDOWS\system32\dpvvoxmh.dll>  []
    <{C0595A7E-2E2F-4B34-A83A-019270A0A464}><C:\WINDOWS\system32\tdffdl.dll>  [N/A]
    <{00180018-0018-0018-0018-00180018BB15}><C:\WINDOWS\system32\mstimewd.dll>  []
    <{A9895933-6636-4281-BC58-EE6DE2AF96E3}><C:\WINDOWS\system32\ddserh.dll>  [N/A]
    <{E0F3526A-4165-4589-80CD-50B6FBAC3BDA}><C:\WINDOWS\system32\adsntzt.dll>  []
    <{71A78CD4-E470-4a18-8457-E0E0283DD507}><C:\WINDOWS\system32\lweurqhx.dll>  []
    <{8C41B7F7-3168-400D-A702-0E7EFE0BA304}><C:\WINDOWS\system32\sgdewg.dll>  [N/A]
    <{7A6DF30E-D0F2-446f-B4F0-BF4232D60E07}><C:\WINDOWS\system32\cliconfgzx.dll>  []
    <{50A8A8C4-EDC9-4ABD-A0A2-2E2418982189}><C:\WINDOWS\system32\kgfghd.dll>  [N/A]
    <{00060006-0006-0006-0006-00060006BB15}><C:\WINDOWS\system32\dispexcb.dll>  []
    <{D3112B69-A745-4805-874E-ABD480EA1299}><C:\WINDOWS\system32\bootvidgj.dll>  []
    <{00020002-0002-0002-0002-00020002BB15}><C:\WINDOWS\system32\avicapwm.dll>  []
    <{45AADFAA-DD36-42AB-83AD-0521BBF58C24}><C:\WINDOWS\system32\zycdex.dll>  [N/A]
    <{D47A61B8-0EAB-417F-8DF4-5C949982A2AF}><C:\Program Files\Internet Explorer\PLUGINS\Windows64.Sys>  [N/A]
    <{841529CB-7F77-4B99-A895-B5441E0D302F}><C:\WINDOWS\system32\jfrwdh.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <Adobe Reader Speed Launcher><; "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe">  [(Verified)"Adobe Systems, Incorporated"]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <EXPLORER.EXE><; EXPLORER.EXE>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <HBmhly><; "C:\WINDOWS\system32\HBmhly.exe" -r>  [N/A]
    <RavTask><; "D:\Program Files\Rising\Rav\RavTask.exe" -system>  [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <TudouVAStart><; D:\飞速Tudou\TudouVa.exe>  [土豆网(www.tudou.com)]
    <wsctf.exe><; wsctf.exe>  [N/A]

==================================
启动文件夹
N/A

==================================
服务
[BlueSoleil Hid Service / BlueSoleil Hid Service][Running/Auto Start]
  <C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe><N/A>
[Contrl Center of Storm Media / ccosm][Running/Auto Start]
  <C:\Program Files\StormII\stormliv.exe /asservice><北京暴风网际科技有限公司>
[Cmb WebProtect Support / CMBWPS][Running/Auto Start]
  <C:\Program Files\CMBCHINA\WebProtect\WPService.exe /start><China Merchants Bank>
[servplay / cname][Stopped/Auto Start]
  <><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Internet Statistics / Internet Statistics][Stopped/Auto Start]
  <"C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mszstb.dll", Run><Microsoft Corporation>
[Network Remote Assistant / netra][Stopped/Auto Start]
  <C:\WINDOWS\system32\drivers\svchost.exe><N/A>
[PnpWMmng / PnpWMmng][Running/Auto Start]
  <D:\KILLVI~1\06_完~1\PnpWMmng.exe><完美卸载组件>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"D:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
  <"D:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><N/A>

==================================
驱动程序
[2ygdgm / 2ygdgm][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\2ygdgm.sys><N/A>
[360TimeProt / 360TimeProt][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\360TimeProt.sys><N/A>
[6ljjin3e / 6ljjin3e][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\6ljjin3e.sys><N/A>
[aeaudio / aeaudio][Running/Manual Start]
  <system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[bfebaije / bfebaije][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\bfebaije.sys><N/A>
[Bluetooth Audio Service / BlueletAudio][Running/Manual Start]
  <system32\DRIVERS\blueletaudio.sys><IVT Corporation>
[Bluetooth PAN Network Adapter / BT][Stopped/Manual Start]
  <system32\DRIVERS\btnetdrv.sys><IVT Corporation>
[Bluetooth USB For Bluetooth Service / Btcsrusb][Stopped/Manual Start]
  <System32\Drivers\btcusb.sys><IVT Corporation>
[Bluetooth HID Enumerator / BTHidEnum][Running/Manual Start]
  <system32\DRIVERS\vbtenum.sys><N/A>
[Bluetooth HID Manager Service / BTHidMgr][Running/Boot Start]
  <\SystemRoot\System32\Drivers\BTHidMgr.sys><IVT Corporation>
[Intel(R) PRO Adapter Driver / E100B][Running/Manual Start]
  <system32\DRIVERS\e100b325.sys><Intel Corporation>
[ehefcdcc / ehefcdcc][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\ehefcdcc.sys><N/A>
[f2gb2be / f2gb2be][Stopped/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\f2gb2be.sys><N/A>
[HBKernel Driver / HBKernel][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\HBKernel.sys><N/A>
[HiddFldy / HiddFldy][Running/Auto Start]
  <\??\C:\WINDOWS\system32\d32dx9.sys><N/A>
[hkzsleivm / hkzsleivm][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\hkzsleivm.sys><N/A>
[HookCont / HookCont][Running/System Start]
  <\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Technology Co., Ltd>
[HookNtos / HookNtos][Running/System Start]
  <\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Technology Co., Ltd>
[HookReg / HookReg][Running/System Start]
  <\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Technology Co., Ltd>
[HookSys / HookSys][Running/System Start]
  <\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Technology Co., Ltd>
[htmoagfs / htmoagfs][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\htmoagfs.sys><N/A>
[hxun / hxun][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\hxun.sys><N/A>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[imz4y / imz4yd][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\imz4yd.sys><N/A>
[KAVBootC / KAVBootC][Stopped/Boot Start]
  <\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>
[KAVSafe / KAVSafe][Stopped/Auto Start]
  <\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys><Kingsoft Corporation>
[n3f89ox2nd / n3f89ox2nd][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\n3f89ox2nd.sys><N/A>
[PnpWmkDrv / PnpWmkDrv][Stopped/System Start]
  <\??\C:\WINDOWS\system32\drivers\PnpWmkDrv.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
  <\??\D:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[smwdm / smwdm][Running/Manual Start]
  <system32\drivers\smwdm.sys><Analog Devices, Inc.>
[TL / TL][Stopped/Manual Start]
  <\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp1CF.tmp><N/A>
[Virtual Serial port driver / VComm][Running/Manual Start]
  <system32\DRIVERS\VComm.sys><IVT Corporation>
[Bluetooth VComm Manager Service / VcommMgr][Running/Manual Start]
  <System32\Drivers\VcommMgr.sys><IVT Corporation>
[Bluetooth HID Device Service / VHidMinidrv][Running/Manual Start]
  <system32\drivers\VHIDMini.sys><IVT Corporation>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>

==================================
浏览器加载项
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[FGCatchUrl]
  {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <, N/A>
[WebProtect]
  {53763D1D-9CA8-4C7C-9756-A8E6B8FC063B} <C:\Program Files\CMBCHINA\WebProtect\WebProtect.dll, China Merchants Bank>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>
[]
  {D47A61B8-0EAB-417F-8DF4-5C949982A2AF} <C:\Program Files\Internet Explorer\PLUGINS\Windows64.Sys, N/A>
[Edit Class]
  {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\system32\CMBEdit.dll, >
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, >
[Windows Live Photo Upload Control]
  {7FC1B346-83E6-4774-8D20-1A6B09B0E737} <C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, Microsoft? Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
[QuickTime Object]
  {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <C:\Program Files\Ringz Studio\Storm Codec\QTSystem\QTPlugin.ocx, Apple Computer, Inc.>
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Edit Class]
  {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\system32\CMBEdit.dll, >
[PeerDraw Class]
  {10072CEC-8CC1-11D1-986E-00A0C955B42E} <C:\WINDOWS\system32\dllcache\vgx.dll, Microsoft Corporation>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\WINDOWS\system32\dllcache\dhtmled.ocx, Microsoft Corporation>
[FGCatchUrl]
  {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <, N/A>
[RealPlayer RAM Download Handler]
  {2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <C:\Program Files\StormII\Codec\rmoc3260.dll, RealNetworks, Inc.>
[HtmlDlgSafeHelper Class]
  {3050F819-98B5-11CF-BB82-00AA00BDCE0B} <C:\WINDOWS\system32\mshtmled.dll, Microsoft Corporation>
[Tabular Data Control]
  {333C7BC4-460F-11D0-BC04-0080C7055A83} <C:\WINDOWS\system32\tdc.ocx, Microsoft Corporation>
[HHCtrl Object]
  {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[WebProtect]
  {53763D1D-9CA8-4C7C-9756-A8E6B8FC063B} <C:\Program Files\CMBCHINA\WebProtect\WebProtect.dll, China Merchants Bank>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[StormPlayer Object]
  {6BE52E1D-E586-474F-A6E2-1A85A9B4D9FB} <C:\Program Files\StormII\mps.dll, 北京暴风网际科技有限公司>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, >
[Windows Live Photo Upload Control]
  {7FC1B346-83E6-4774-8D20-1A6B09B0E737} <C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, Microsoft? Corporation>
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360.cn>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[AxSubmitControl Class]
  {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\DOWNLO~1\SUBMIT~1.DLL, >
[RMGetLicense Class]
  {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
  {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\Program Files\StormII\Codec\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
[]
  {D47A61B8-0EAB-417F-8DF4-5C949982A2AF} <C:\Program Files\Internet Explorer\PLUGINS\Windows64.Sys, N/A>
[FGAutoLive]
  {F90D830D-C175-4bbe-82C7-FF94669A4C42} <C:\Program Files\FlashGet\fgupdate.dll, www.flashget.com>
[FGCatchUrl]
  {FB5DA724-162B-11D3-8B9B-AA70B4B0B524} <, N/A>
[&使用快车(FlashGet)下载]
  <C:\Program Files\FlashGet\jc_link.htm, N/A>
[&使用快车(FlashGet)下载全部链接]
  <C:\Program Files\FlashGet\jc_all.htm, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>

==================================
正在运行的进程
[PID: 624][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 800][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 888][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\zsqf.dll]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1016][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\zsqf.dll]  [N/A, ]
[PID: 1028][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\zsqf.dll]  [N/A, ]
[PID: 1224][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\zsqf.dll]  [N/A, ]
[PID: 1320][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\zsqf.dll]  [N/A, ]
[PID: 1420][D:\Program Files\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.28]
    [C:\WINDOWS\system32\zsqf.dll]  [N/A, ]
[PID: 1456][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\zsqf.dll]  [N/A, ]
    [C:\WINDOWS\system32\wups2.dll]  [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[PID: 1996][C:\WINDOWS\EXPLORER.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\zsqf.dll]  [N/A, ]
    [c:\documents and settings\administrator\application data\ppstream\bin\1.0.0.2\vodrc.dll]  [ppstream.com, 1.0.0.2]
    [C:\WINDOWS\system32\dpvvoxmh.dll]  [N/A, ]
    [C:\WINDOWS\system32\mstimewd.dll]  [N/A, ]
    [C:\WINDOWS\system32\adsntzt.dll]  [N/A, ]
    [C:\WINDOWS\system32\lweurqhx.dll]  [N/A, ]
    [C:\WINDOWS\system32\cliconfgzx.dll]  [N/A, ]
    [C:\WINDOWS\system32\dispexcb.dll]  [N/A, ]
    [C:\WINDOWS\system32\bootvidgj.dll]  [N/A, ]
    [C:\WINDOWS\system32\avicapwm.dll]  [N/A, ]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.CHS]  [Adobe Systems, Inc., 8.0.0.0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\slcvcypst.dll]  [N/A, ]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.17]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [D:\killvirustools\延迟删除_Unlocker_1.8.5\UnlockerCOM.dll]  [N/A, ]
    [D:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [D:\FlashPaper2.2\FlashPaperContextMenu.dll]  [, 2.02.2302.0]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 8.0.0.2006102200]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 8.1.0.0]
[PID: 796][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\zsqf.dll]  [N/A, ]
    [C:\WINDOWS\system32\avicapwm.dll]  [N/A, ]
    [C:\WINDOWS\system32\bootvidgj.dll]  [N/A, ]
    [C:\WINDOWS\system32\dispexcb.dll]  [N/A, ]
    [C:\WINDOWS\system32\cliconfgzx.dll]  [N/A, ]
    [C:\WINDOWS\system32\lweurqhx.dll]  [N/A, ]
    [C:\WINDOWS\system32\adsntzt.dll]  [N/A, ]
    [C:\WINDOWS\system32\mstimewd.dll]  [N/A, ]
    [C:\WINDOWS\system32\dpvvoxmh.dll]  [N/A, ]
[PID: 2316][C:\Program Files\MSN Messenger\msnmsgr.exe]  [Microsoft Corporation, 8.1.0178.00]
    [C:\Program Files\MSN Messenger\MSNCore.dll]  [Microsoft Corporation, 8.1.0178.00]
    [C:\Program Files\MSN Messenger\msidcrl40.dll]  [Microsoft Corporation, 4.100.313.1]
    [C:\Program Files\MSN Messenger\ContactsUX.dll]  [Microsoft Corporation, 8.1.0178.00]
    [C:\WINDOWS\system32\zsqf.dll]  [N/A, ]
    [C:\WINDOWS\system32\slcvcypst.dll]  [N/A, ]
    [C:\WINDOWS\system32\kdunuqhkl.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\wpgzgctwx.dll]  [Microsoft Corporation, 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301)]
    [C:\WINDOWS\system32\avicapwm.dll]  [N/A, ]
    [C:\WINDOWS\system32\bootvidgj.dll]  [N/A, ]
    [C:\WINDOWS\system32\dispexcb.dll]  [N/A, ]
    [C:\WINDOWS\system32\cliconfgzx.dll]  [N/A, ]
    [C:\WINDOWS\system32\lweurqhx.dll]  [N/A, ]
    [C:\WINDOWS\system32\adsntzt.dll]  [N/A, ]
    [C:\WINDOWS\system32\mstimewd.dll]  [N/A, ]
    [C:\WINDOWS\system32\dpvvoxmh.dll]  [N/A, ]
    [C:\Program Files\MSN Messenger\msgslang.8.1.0178.00.dll]  [Microsoft Corporation, 8.1.0178.00]
    [C:\Program Files\MSN Messenger\msgsres.dll]  [Microsoft Corporation, 8.1.0178.00]
    [C:\Program Files\MSN Messenger\MSGSWCAM.dll]  [Microsoft Corporation, 8.1.0178.00]
    [C:\WINDOWS\system32\sirenacm.dll]  [Microsoft Corp., 8.1.0178.00]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [C:\Program Files\MSN Messenger\lmcdata.dll]  [Microsoft Corporation, 8.1.0178.00]
    [C:\Program Files\MSN Messenger\contact.dll]  [Microsoft Corporation, 8.1.0178.00]
    [C:\Program Files\MSN Messenger\dfsr.dll]  [Microsoft Corporation, 8.1.0178.00]
    [C:\Program Files\MSN Messenger\usnsvcps.dll]  [Microsoft Corporation, 8.1.0178.00]
    [C:\Program Files\MSN Messenger\custsat.dll]  [Microsoft Corporation, 9.0.3790.2428 (srv03_sp1_qfe.050422-1043)]
    [C:\Program Files\MSN Messenger\abssm.dll]  [Microsoft Corporation, 8.1.0178.00]
    [c:\documents and settings\administrator\application data\ppstream\bin\1.0.0.2\vodrc.dll]  [ppstream.com, 1.0.0.2]
    [C:\Program Files\Common Files\Microsoft Shared\INK\PENCHS.DLL]  [Microsoft Corporation, 1.0.1038.0]
    [D:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx]  [Adobe Systems, Inc., 9,0,124,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\IMSC40A.IME]  [Microsoft Corporation, 6.0.0.2527]
    [C:\PROGRA~1\COMMON~1\MICROS~1\IME\SHARED2.0\MSCAND20.DLL]  [Microsoft Corporation, 9.0.5510.0]
[PID: 2144][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\zsqf.dll]  [N/A, ]
    [C:\WINDOWS\system32\slcvcypst.dll]  [N/A, ]
    [C:\WINDOWS\system32\kdunuqhkl.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\wpgzgctwx.dll]  [Microsoft Corporation, 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301)]
    [C:\WINDOWS\system32\avicapwm.dll]  [N/A, ]
    [C:\WINDOWS\system32\bootvidgj.dll]  [N/A, ]
    [C:\WINDOWS\system32\dispexcb.dll]  [N/A, ]
    [C:\WINDOWS\system32\cliconfgzx.dll]  [N/A, ]
    [C:\WINDOWS\system32\lweurqhx.dll]  [N/A, ]
    [C:\WINDOWS\system32\adsntzt.dll]  [N/A, ]
    [C:\WINDOWS\system32\mstimewd.dll]  [N/A, ]
    [C:\WINDOWS\system32\dpvvoxmh.dll]  [N/A, ]
    [c:\documents and settings\administrator\application data\ppstream\bin\1.0.0.2\vodrc.dll]  [ppstream.com, 1.0.0.2]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 8.0.0.2006102200]
    [C:\Program Files\CMBCHINA\WebProtect\WebProtect.dll]  [China Merchants Bank, 1, 0, 0, 1]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [C:\Program Files\Common Files\Microsoft Shared\INK\PENCHS.DLL]  [Microsoft Corporation, 1.0.1038.0]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [D:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx]  [Adobe Systems, Inc., 9,0,124,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\xpsp3res.dll]  [Microsoft Corporation, 5.1.2600.3157 (xpsp_sp2_gdr.070614-0013)]
    [C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL]  [Microsoft Corporation, 11.0.5510]
[PID: 608][C:\Program Files\WinRAR\WinRAR.exe]  [N/A, ]
    [C:\WINDOWS\system32\zsqf.dll]  [N/A, ]
    [C:\WINDOWS\system32\slcvcypst.dll]  [N/A, ]
    [C:\WINDOWS\system32\kdunuqhkl.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\wpgzgctwx.dll]  [Microsoft Corporation, 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301)]
    [C:\WINDOWS\system32\avicapwm.dll]  [N/A, ]
    [C:\WINDOWS\system32\bootvidgj.dll]  [N/A, ]
    [C:\WINDOWS\system32\dispexcb.dll]  [N/A, ]
    [C:\WINDOWS\system32\cliconfgzx.dll]  [N/A, ]
    [C:\WINDOWS\system32\lweurqhx.dll]  [N/A, ]
    [C:\WINDOWS\system32\adsntzt.dll]  [N/A, ]
    [C:\WINDOWS\system32\mstimewd.dll]  [N/A, ]
    [C:\WINDOWS\system32\dpvvoxmh.dll]  [N/A, ]
    [c:\documents and settings\administrator\application data\ppstream\bin\1.0.0.2\vodrc.dll]  [ppstream.com, 1.0.0.2]
[PID: 3368][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX06.500\修改的2.4版.EXE]  [1111, 2..4]
    [C:\WINDOWS\system32\zsqf.dll]  [N/A, ]
    [C:\WINDOWS\system32\slcvcypst.dll]  [N/A, ]
    [C:\WINDOWS\system32\kdunuqhkl.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\wpgzgctwx.dll]  [Microsoft Corporation, 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301)]
    [C:\WINDOWS\system32\avicapwm.dll]  [N/A, ]
    [C:\WINDOWS\system32\bootvidgj.dll]  [N/A, ]
    [C:\WINDOWS\system32\dispexcb.dll]  [N/A, ]
    [C:\WINDOWS\system32\cliconfgzx.dll]  [N/A, ]
    [C:\WINDOWS\system32\lweurqhx.dll]  [N/A, ]
    [C:\WINDOWS\system32\adsntzt.dll]  [N/A, ]
    [C:\WINDOWS\system32\mstimewd.dll]  [N/A, ]
    [C:\WINDOWS\system32\dpvvoxmh.dll]  [N/A, ]

==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================
API HOOK
入口点错误：RegEnumValueA (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\slcvcypst.dll)
入口点错误：RegEnumValueW (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\slcvcypst.dll)
入口点错误：RegOpenKeyExA (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\slcvcypst.dll)
入口点错误：CreateServiceA (危险等级: 高,  被下面模块所HOOK: Dest Addr: 0x001352AC)
入口点错误：CreateFileA (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\slcvcypst.dll)
入口点错误：CreateFileW (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\slcvcypst.dll)

==================================
隐藏进程
N/A

==================================


[/CODE]