[CODE]
2000-07-23,07:38:45
System Repair Engineer 2..4
Smallfrogs (http://www.KZTechs.com)
Windows XP Home Edition Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
    <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [(Verified)BEIJING RISING SCIENCE AND TECHNOLOGY CORPORATION LIMITED]
    <ISUSScheduler><; "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start>  [InstallShield Software Corporation]
    <Acrobat Assistant 7.0><; "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe">  [Adobe Systems Inc.]
    <ATICCC><; "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay>  [N/A]
    <CSMContext><; C:\WINDOWS\system32\CSMContext.exe>  [N/A]
    <DLA><; C:\WINDOWS\System32\DLA\DLACTRLW.EXE>  [Sonic Solutions]
    <DVDLauncher><; "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe">  [CyberLink Corp.]
    <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <IMSCMig><; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
    <ISUSPM Startup><; C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup>  [InstallShield Software Corporation]
    <KernelFaultCheck><; %systemroot%\system32\dumprep 0 -k>  [N/A]
    <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <kvonreboot><; C:\WINDOWS\system32\360Kill.bat>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe,kssh16.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><tisqatyu.dll,nhmxcjkl.dll myusemt.dll wcnonpe.dll msspcyn.dll joliom.dll woswelc.dll welycz.dll irotiyy.dll xfimer.dll soeehy.dll>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{00070007-0007-0007-0007-00070007BB15}><C:\WINDOWS\system32\dpvvoxmh.dll>  [N/A]
    <{28766E1C-74B0-4417-8C75-F12AE309EF35}><C:\WINDOWS\system32\wzcfsw.dll>  []
    <{00170017-0017-0017-0017-00170017BB15}><C:\WINDOWS\system32\msobjstl.dll>  [N/A]
    <{00010001-0001-0001-0001-00010001BB15}><C:\WINDOWS\system32\adsntzt.dll>  [N/A]
    <{00270027-0027-0027-0027-00270027BB15}><C:\WINDOWS\system32\lweurqhx.dll>  [N/A]
    <{8FD45A54-9875-698F-E56E-65102358FDF8}><C:\WINDOWS\system32\apsghjba.dll>  [N/A]
    <{4D698451-2015-6358-9871-2015987452D4}><C:\WINDOWS\system32\apzhdtde.dll>  [N/A]
    <{00030003-0003-0003-0003-00030003BB15}><C:\WINDOWS\system32\bootvidgj.dll>  [N/A]
    <{841529CB-7F77-4B99-A895-B5441E0D302F}><C:\WINDOWS\system32\jfrwdh.dll>  []
    <{6A069845-2036-6084-9054-6087502480A6}><C:\WINDOWS\system32\ozfyfbyt.dll>  [N/A]
    <{D47A61B8-0EAB-417F-8DF4-5C949982A2AF}><C:\Program Files\Internet Explorer\PLUGINS\Windows64.Sys>  []
==================================
启动文件夹
[AutoCAD 启动加速器]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\AutoCAD 启动加速器.lnk --> C:\PROGRA~1\COMMON~1\AUTODE~1\ACSTAR~1.EXE [Autodesk, Inc]><N>
[EPSON Status Monitor 3 Environment Check(3)]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\EPSON Status Monitor 3 Environment Check(3).lnk --> C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE [SEIKO EPSON CORPORATION]><N>
[QQ游戏启动加速程序]
  <C:\Documents and Settings\sj\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> C:\PROGRA~1\TENCENT\QQGAME\Accel.exe [深圳市腾讯计算机系统有限公司]><N>
==================================
服务
[Application Management / AppMgmt][Stopped/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[Broadcom ASF IP Monitor / ASFIPmon][Running/Auto Start]
  <"C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe" -service><Broadcom Corporation>
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
  <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[Autodesk Licensing Service / Autodesk Licensing Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"><Autodesk>
[Backbone Service / BBDemon][Running/Auto Start]
  <"C:\Program Files\Dassault Systemes\B18\intel_a\code\bin\CATSysDemon.exe" -service><Dassault Systemes>
[EpsonBidirectionalService / EpsonBidirectionalService][Running/Auto Start]
  <C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe><N/A>
[FLEXlm server for PTC / FLEXlm server for PTC][Stopped/Disabled]
  <"C:\Program Files\flexnet\i486_nt\obj\lmgrd.exe"><Macrovision Corporation>
[Rising Proxy  Service / RfwProxySrv][Running/Auto Start]
  <c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
  <c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
  <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)

驱动程序
[abp480n5 / abp480n5][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\ABP480N5.SYS><Microsoft Corporation>
[adpu160m / adpu160m][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\adpu160m.sys><Microsoft Corporation>
[Aha154x / Aha154x][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\aha154x.sys><Microsoft Corporation>
[aic78u2 / aic78u2][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\aic78u2.sys><Microsoft Corporation>
[aic78xx / aic78xx][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\aic78xx.sys><Microsoft Corporation>
[AliIde / AliIde][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD AGP Bus Filter Driver / amdagp][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\amdagp.sys><Advanced Micro Devices, Inc.>
[amdfix / amdfix][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\amdfix.sys><Microsoft Corporation>
[AMD Processor Driver / AmdK8][Running/System Start]
  <system32\DRIVERS\AmdK8.sys><Advanced Micro Devices>
[asc / asc][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\asc.sys><Advanced System Products, Inc.>
[asc3350p / asc3350p][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\asc3350p.sys><Microsoft Corporation>
[asc3550 / asc3550][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\asc3550.sys><Advanced System Products, Inc.>
[ati2mtag / ati2mtag][Running/Manual Start]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Broadcom NetXtreme Gigabit Ethernet / b57w2k][Running/Manual Start]
  <system32\DRIVERS\b57xp32.sys><Broadcom Corporation>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[BASFND / BASFND][Running/Auto Start]
  <\??\C:\Program Files\Broadcom\ASFIPMon\BASFND.sys><Broadcom Corporation>
[cd20xrnt / cd20xrnt][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\cd20xrnt.sys><Microsoft Corporation>
[CmdIde / CmdIde][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[dac2w2k / dac2w2k][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\dac2w2k.sys><Mylex Corporation>
[DLABOIOM / DLABOIOM][Running/Auto Start]
  <System32\DLA\DLABOIOM.SYS><Sonic Solutions>
[DLACDBHM / DLACDBHM][Running/System Start]
  <System32\Drivers\DLACDBHM.SYS><Sonic Solutions>
[DLADResN / DLADResN][Running/Auto Start]
  <System32\DLA\DLADResN.SYS><Sonic Solutions>
[DLAIFS_M / DLAIFS_M][Running/Auto Start]
  <System32\DLA\DLAIFS_M.SYS><Sonic Solutions>
[DLAOPIOM / DLAOPIOM][Running/Auto Start]
  <System32\DLA\DLAOPIOM.SYS><Sonic Solutions>
[DLAPoolM / DLAPoolM][Running/Auto Start]
  <System32\DLA\DLAPoolM.SYS><Sonic Solutions>
[DLARTL_N / DLARTL_N][Running/System Start]
  <System32\Drivers\DLARTL_N.SYS><Sonic Solutions>
[DLAUDFAM / DLAUDFAM][Running/Auto Start]
  <System32\DLA\DLAUDFAM.SYS><Sonic Solutions>
[DLAUDF_M / DLAUDF_M][Running/Auto Start]
  <System32\DLA\DLAUDF_M.SYS><Sonic Solutions>
[dpti2o / dpti2o][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\dpti2o.sys><Microsoft Corporation>
[DRVMCDB / DRVMCDB][Running/Boot Start]
  <\SystemRoot\System32\Drivers\DRVMCDB.SYS><Sonic Solutions>
[DRVNDDM / DRVNDDM][Running/Auto Start]
  <System32\Drivers\DRVNDDM.SYS><Sonic Solutions>
[Intel(R) PRO Adapter Driver / E100B][Stopped/Manual Start]
  <system32\DRIVERS\e100b325.sys><Intel Corporation>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HookCont / HookCont][Running/System Start]
  <\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Technology Co., Ltd>
[HookNtos / HookNtos][Running/System Start]
  <\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Technology Co., Ltd>
[HookReg / HookReg][Running/System Start]
  <\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Technology Co., Ltd>
[HookSys / HookSys][Running/System Start]
  <\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Technology Co., Ltd>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[ini910u / ini910u][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\ini910u.sys><Microsoft Corporation>
[LUMDriver / LUMDriver][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\LUMDriver.sys><IBM>
[mraid35x / mraid35x][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\mraid35x.sys><American Megatrends Inc.>
[npkcrypt / npkcrypt][Stopped/Auto Start]
  <\??\G:\Program Files\Tencent\QQ\npkcrypt.sys><N/A>
[npkcusb / npkcusb][Stopped/Manual Start]
  <\??\G:\Program Files\Tencent\QQ\npkcusb.sys><N/A>
[nv / nv][Stopped/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[ql1080 / ql1080][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\ql1080.sys><QLogic Corporation>
[Ql10wnt / Ql10wnt][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\ql10wnt.sys><Microsoft Corporation>
[ql12160 / ql12160][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\ql12160.sys><QLogic Corporation>
[ql1280 / ql1280][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\ql1280.sys><QLogic Corporation>
[Rising  Rfwbase Driver / RfwBase][Running/Auto Start]
  <System32\DRIVERS\rfwbase.SYS><Beijing Rising Technology Co., Ltd.>
[RsFwDrv / RsFwDrv][Running/System Start]
  <\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[rspp / rspp][Running/System Start]
  <\??\C:\WINDOWS\system32\Drivers\Rspp.sys><Beijing Rising Technology Co., Ltd>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SIS AGP Bus Filter / sisagp][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\sisagp.sys><Silicon Integrated Systems Corporation>
[Sparrow / Sparrow][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\sparrow.sys><Adaptec, Inc.>
[SigmaTel High Definition Audio CODEC / STHDA][Running/Manual Start]
  <system32\drivers\sthda.sys><SigmaTel, Inc.>
[symc810 / symc810][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\symc810.sys><Symbios Logic Inc.>
[symc8xx / symc8xx][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\symc8xx.sys><LSI Logic>
[sym_hi / sym_hi][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\sym_hi.sys><LSI Logic>
[sym_u3 / sym_u3][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\sym_u3.sys><LSI Logic>
[TosIde / TosIde][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\toside.sys><Microsoft Corporation>
[ultra / ultra][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\ultra.sys><Promise Technology, Inc.>
[ViaIde / ViaIde][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[xinstall / xinstall][Stopped/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\xinstall.sys><N/A>
[HBKernel Driver / HBKernel][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\HBKernel.sys><N/A>
[HiddFldy / HiddFldy][Running/Auto Start]
  <\??\C:\WINDOWS\system32\d32dx9.sys><N/A>

浏览器加载项
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[DriveLetterAccess]
  {5CA3D70E-1895-11CF-8E15-001234567890} <C:\WINDOWS\System32\DLA\DLASHX_W.DLL, Sonic Solutions>
[Yodao Toolbar Helper]
  {6516E5BB-1186-4E2B-B8B8-2DC0E35AB1FA} <C:\Program Files\Yodao\Toolbar\ydtbv1.01\YodaoToolbar.dll, 网易公司>
[]
  {6FD45A54-9875-698F-E56E-65102358FDF6} <C:\WINDOWS\system32\apsgfjba.dll, N/A>
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>
[]
  {D47A61B8-0EAB-417F-8DF4-5C949982A2AF} <C:\Program Files\Internet Explorer\PLUGINS\Windows64.Sys, N/A>
[Java Plug-in]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Adobe PDF]
  {47833539-D0C5-4125-9FA8-0819E2EAAC93} <C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, N/A>
[有道工具栏]
  {7B434A2A-9E4C-48F2-8373-5801F316A4D5} <C:\Program Files\Yodao\Toolbar\ydtbv1.01\YodaoToolbar.dll, 网易公司>
[Java Plug-in]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in]
  {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_06]
  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll, Sun Microsystems, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[PeerDraw Class]
  {10072CEC-8CC1-11D1-986E-00A0C955B42E} <C:\Program Files\Common Files\Microsoft Shared\VGX\vgx.dll, Microsoft Corporation>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[IETag Factory]
  {38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, Microsoft Corporation>
[Adobe PDF]
  {47833539-D0C5-4125-9FA8-0819E2EAAC93} <C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, N/A>
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, N/A>
[HHCtrl Object]
  {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[DriveLetterAccess]



[/CODE]

{5CA3D70E-1895-11CF-8E15-001234567890} <C:\WINDOWS\System32\DLA\DLASHX_W.DLL, Sonic Solutions>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Yodao Toolbar Helper]
  {6516E5BB-1186-4E2B-B8B8-2DC0E35AB1FA} <C:\Program Files\Yodao\Toolbar\ydtbv1.01\YodaoToolbar.dll, 网易公司>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[]
  {6FD45A54-9875-698F-E56E-65102358FDF6} <C:\WINDOWS\system32\apsgfjba.dll, N/A>
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[有道工具栏]
  {7B434A2A-9E4C-48F2-8373-5801F316A4D5} <C:\Program Files\Yodao\Toolbar\ydtbv1.01\YodaoToolbar.dll, 网易公司>
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360.cn>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[AcroIEContextMenuHelper Class]
  {8AD0743E-113B-4E26-BA21-1E9A71098F41} <C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, N/A>
[IEAnimBehaviorFactory Class]
  {A4639D2F-774E-11D3-A490-00C04F6843FB} <C:\PROGRA~1\COMMON~1\MICROS~1\MSORUN\MSORUN.DLL, Microsoft Corporation>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[AcroIEToolbarHelper Class]
  {AE7CD045-E861-484F-8273-0445EE161910} <C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, N/A>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Messenger Object]
  {B69003B3-C55E-4B48-836C-BC5946FC3B28} <C:\Program Files\Messenger\msgsc.dll, Microsoft Corporation>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[AUDIO__MID Moniker Class]
  {CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__WAV Moniker Class]
  {CD3AFA7B-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
  {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
  {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
[]
  {D47A61B8-0EAB-417F-8DF4-5C949982A2AF} <C:\Program Files\Internet Explorer\PLUGINS\Windows64.Sys, N/A>
[Messenger Application]
  {FB7199AB-79BF-11D2-8D94-0000F875C541} <C:\Program Files\Messenger\msgsc.dll, Microsoft Corporation>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
  <G:\Program Files\Tencent\AddEmotion.htm, N/A>
[转换为 Adobe PDF]
  <res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[转换为现有 PDF]
  <res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[转换选定的链接为 Adobe PDF]
  <res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html, N/A>
[转换选定的链接为现有 PDF]
  <res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html, N/A>
[转换选项为 Adobe PDF]
  <res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[转换选项为现有 PDF]
  <res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[转换链接目标为 Adobe PDF]
  <res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[转换链接目标为现有 PDF]
  <res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>

==================================
正在运行的进程
[PID: 624][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 680][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.18]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 708][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.18]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\WINDOWS\system32\WNWB.IME]  [深圳世强软件开发部 www.wn51.com , 2006, 10, 20, 1]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1596][c:\program files\rising\rfw\rfwstub.exe]  [Beijing Rising Technology Co., Ltd., 7.0.0.10]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.18]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [c:\program files\rising\rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[PID: 164][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
    [C:\WINDOWS\system32\WNWB.IME]  [深圳世强软件开发部 www.wn51.com , 2006, 10, 20, 1]
    [C:\WINDOWS\system32\AcSignIcon.dll]  [Autodesk, 16.2.54.0]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.18]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll]  [Autodesk, 16.2.54.0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\sfu.dll]  [N/A, ]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.CHS]  [Adobe Systems, Inc., 7.0.0.0]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.0.2004121400]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\System32\DLA\DLASHX_W.DLL]  [Sonic Solutions, 5.20.08a]
    [C:\WINDOWS\system32\DLAAPI_W.DLL]  [Sonic Solutions, 5.20.08a]
    [C:\WINDOWS\System32\DLA\DLACResW.dll]  [Sonic Solutions, 5.20.08a]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 5, 1001]
    [C:\Program Files\Internet Explorer\PLUGINS\Windows64.Sys]  [N/A, ]
    [G:\Program Files\Tencent\qdshm.dll]  [, 1, 0, 101, 20]
    [G:\Program Files\Tencent\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.17]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll]  [Adobe Systems Inc., 7.0.0.2004121400\0]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.chs]  [Adobe Systems Inc., 7.0.0.2004121400\0]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [C:\WINDOWS\system32\mscoree.dll]  [Microsoft Corporation, 2.0.50727.253 (QFE.050727-2500)]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Shfusion.dll]  [Microsoft Corporation, 1.1.4322.573]
    [C:\WINDOWS\system32\wzcfsw.dll]  [N/A, ]
    [C:\WINDOWS\system32\jfrwdh.dll]  [N/A, ]
[PID: 296][c:\program files\rising\rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 7.0.1.67]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [c:\program files\rising\rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 88]
    [C:\WINDOWS\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Rising\Rfw\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [c:\program files\rising\rfw\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [c:\program files\rising\rfw\RSAPPMGR.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [c:\program files\rising\rfw\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.16]
    [c:\program files\rising\rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [c:\program files\rising\rfw\RfwCtrl.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.7]
    [c:\program files\rising\rfw\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0]
    [c:\program files\rising\rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.18]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [c:\program files\rising\rfw\RfwRule.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.13]
[PID: 472][C:\WINDOWS\system32\sqlypkk\lsass.exe]  [N/A, ]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.18]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
[PID: 896][C:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.23]
    [C:\Program Files\Rising\Rav\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\Program Files\Rising\Rav\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.18]
    [C:\WINDOWS\system32\WNWB.IME]  [深圳世强软件开发部 www.wn51.com , 2006, 10, 20, 1]
[PID: 1148][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.18]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\WINDOWS\system32\WNWB.IME]  [深圳世强软件开发部 www.wn51.com , 2006, 10, 20, 1]
[PID: 1448][C:\Program Files\Rising\Rav\Ravmon.exe]  [Beijing Rising Technology Co., Ltd., 20.0.01.20]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Rising\Rav\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\Program Files\Rising\Rav\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [C:\Program Files\Rising\Rav\recomp.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 39]
    [C:\Program Files\Rising\Rav\refs.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 17]
    [C:\Program Files\Rising\Rav\viruslib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26]
    [C:\Program Files\Rising\Rav\relibldr.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [C:\Program Files\Rising\Rav\RSAPPMGR.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.18]
    [C:\Program Files\Rising\Rav\MonRule.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.29]
    [C:\Program Files\Rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4]
    [C:\WINDOWS\system32\WNWB.IME]  [深圳世强软件开发部 www.wn51.com , 2006, 10, 20, 1]
    [C:\Program Files\Rising\Rav\Rsguilib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 89]
    [C:\Program Files\Rising\Rav\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0]
[PID: 3480][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\sfu.dll]  [N/A, ]
    [C:\WINDOWS\system32\kxm.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\wjy.dll]  [Microsoft Corporation, 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301)]
    [C:\WINDOWS\system32\WNWB.IME]  [深圳世强软件开发部 www.wn51.com , 2006, 10, 20, 1]
    [C:\WINDOWS\system32\10177.dat]  [N/A, ]
    [C:\WINDOWS\system32\msobjstl.dll]  [N/A, ]
    [C:\WINDOWS\system32\mstimewd.dll]  [N/A, ]
    [C:\WINDOWS\system32\adsntzt.dll]  [N/A, ]
    [C:\WINDOWS\system32\lweurqhx.dll]  [N/A, ]
    [C:\WINDOWS\system32\bootvidgj.dll]  [N/A, ]
    [C:\WINDOWS\system32\dispexcb.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\Windows64.Sys]  [N/A, ]
    [C:\WINDOWS\system32\wzcfsw.dll]  [N/A, ]
    [C:\WINDOWS\system32\jfrwdh.dll]  [N/A, ]
[PID: 5888][C:\123.exe.EXE]  [1111, 2..4]
    [c:\program files\rising\rfw\ijt_base.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.18]
    [c:\program files\rising\rfw\olemon.dll]  [Beijing Rising Technology Co., Ltd., 7.0.0.6]
    [C:\Program Files\Internet Explorer\PLUGINS\Windows64.Sys]  [N/A, ]
    [C:\WINDOWS\system32\10177.dat]  [N/A, ]
    [C:\WINDOWS\system32\kxm.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\wjy.dll]  [Microsoft Corporation, 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301)]
    [C:\WINDOWS\system32\sfu.dll]  [N/A, ]
    [C:\WINDOWS\system32\WNWB.IME]  [深圳世强软件开发部 www.wn51.com , 2006, 10, 20, 1]
    [C:\WINDOWS\system32\wzcfsw.dll]  [N/A, ]
    [C:\WINDOWS\system32\jfrwdh.dll]  [N/A, ]
    [C:\PROGRA~1\MICROS~2\OFFICE11\MCPS.DLL]  [Microsoft Corporation, 11.0.5510]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================
API HOOK
入口点错误：RegEnumValueA (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\10177.dat)
入口点错误：RegEnumValueW (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\10177.dat)
入口点错误：RegOpenKeyExA (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\10177.dat)
入口点错误：CreateServiceA (危险等级: 高,  被下面模块所HOOK: Dest Addr: 0x001452AC)
入口点错误：CreateFileA (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\10177.dat)
入口点错误：CreateFileW (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\10177.dat)
入口点错误：CreateProcessA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0x00DC1FFD)
入口点错误：CreateProcessW (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0x00DC20E5)

==================================
隐藏进程
    [2860] C:\WINDOWS\system32\kssh16.exe

==================================

C:\WINDOWS\system32\CSMContext.exe
自己测下http://www.virscan.org/
操作方法见我的签名，手工杀毒的操作方法
删除启动项
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]下注册表项目及对应文件
  <kvonreboot><; C:\WINDOWS\system32\360Kill.bat>  []
修改注册表
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe,kssh16.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
改为
  <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
改注册表
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><tisqatyu.dll,nhmxcjkl.dll myusemt.dll wcnonpe.dll msspcyn.dll joliom.dll woswelc.dll welycz.dll irotiyy.dll xfimer.dll soeehy.dll>  [N/A]
为<AppInit_DLLs><>

删除启动项

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]下以下注册表项目及对应文件
    <{00070007-0007-0007-0007-00070007BB15}><C:\WINDOWS\system32\dpvvoxmh.dll>  [N/A]
    <{28766E1C-74B0-4417-8C75-F12AE309EF35}><C:\WINDOWS\system32\wzcfsw.dll>  []
    <{00170017-0017-0017-0017-00170017BB15}><C:\WINDOWS\system32\msobjstl.dll>  [N/A]
    <{00010001-0001-0001-0001-00010001BB15}><C:\WINDOWS\system32\adsntzt.dll>  [N/A]
    <{00270027-0027-0027-0027-00270027BB15}><C:\WINDOWS\system32\lweurqhx.dll>  [N/A]
    <{8FD45A54-9875-698F-E56E-65102358FDF8}><C:\WINDOWS\system32\apsghjba.dll>  [N/A]
    <{4D698451-2015-6358-9871-2015987452D4}><C:\WINDOWS\system32\apzhdtde.dll>  [N/A]
    <{00030003-0003-0003-0003-00030003BB15}><C:\WINDOWS\system32\bootvidgj.dll>  [N/A]
    <{841529CB-7F77-4B99-A895-B5441E0D302F}><C:\WINDOWS\system32\jfrwdh.dll>  []
    <{6A069845-2036-6084-9054-6087502480A6}><C:\WINDOWS\system32\ozfyfbyt.dll>  [N/A]
    <{D47A61B8-0EAB-417F-8DF4-5C949982A2AF}><C:\Program Files\Internet Explorer\PLUGINS\Windows64.Sys>  []

删除驱动及对应文件
[HBKernel Driver / HBKernel][Running/Boot Start]
  <C:windos\system32\DRIVERS\HBKernel.sys><N/A>
[HiddFldy / HiddFldy][Running/Auto Start]
  <\??\C:\WINDOWS\system32\d32dx9.sys><N/A>

删除浏览器加载项
[]
  {6FD45A54-9875-698F-E56E-65102358FDF6} <C:\WINDOWS\system32\apsgfjba.dll, N/A>
[]
  {D47A61B8-0EAB-417F-8DF4-5C949982A2AF} <C:\Program Files\Internet Explorer\PLUGINS\Windows64.Sys, N/A>
[]
  {6FD45A54-9875-698F-E56E-65102358FDF6} <C:\WINDOWS\system32\apsgfjba.dll, N/A>

[]
  {D47A61B8-0EAB-417F-8DF4-5C949982A2AF} <C:\Program Files\Internet Explorer\PLUGINS\Windows64.Sys, N/A>

并删除以下文件
C:\123.exe.EXE
C:\WINDOWS\system32\10177.dat

C:Windos\system32\tisqatyu.dll
C:Windos\system32\nhmxcjkl.dll
C:Windos\system32\myusemt.dll
C:Windos\system32\wcnonpe.dll
C:Windos\system32\msspcyn.dll
C:Windos\system32\joliom.dll
C:Windos\system32\woswelc.dll
C:Windos\system32\welycz.dll
C:Windos\system32\irotiyy.dll
C:Windos\system32\xfimer.dll
C:Windos\system32\soeehy.dll