病毒名：
Dropper.Win32.Agent.y
Trojan.DL.MNLess.oq
Trojan.DL.Win32.Agent.wkf
Trojan.DL.Win32.QQHelper.wx
RootKit.Win32.Agent.f
Trojan.PSW.Win32.HXOnline.g
Trojan.StartPage.urn
Trojan.DL.Win32.QQHelp.et
Trojan.DL.Win32.QQHelp.es
Trojan.Win32.Agent.iea

日志：
CODE]

2007-07-08,16:59:12

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 1 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>  [(Verified)Microsoft Windows XP Publisher]
    <MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows XP Publisher]
    <PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows XP Publisher]
    <PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows XP Publisher]
    <SoundMan><SOUNDMAN.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <PROMon.exe><PROMon.exe>  [Intel Corporation]
    <SysExplr><C:\HEROSOFT\Hero3000\SYSEXPLR.EXE>  []
    <CAPON><C:\WINDOWS\System32\Spool\Drivers\w32x86\3\CAPONN.EXE>  [CANON INC.]
    <QuickTime Task><"C:\Program Files\QuickTime\qttask.exe" -atboottime>  [Apple Computer, Inc.]
    <runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <jfproc><C:\Program Files\ppfilm\jfCacheMgr.exe>  [N/A]
    <Microsoft Autorun10><C:\WINDOWS\System32\nwizwmgjs.exe>  [N/A]
    <Microsoft Autorun7><C:\WINDOWS\System32\nwizqjsj.exe>  [N/A]
    <Microsoft Autorun6><C:\WINDOWS\System32\mydata.exe>  [N/A]
    <Microsoft Autorun9><C:\WINDOWS\System32\Ravasktao.exe>  [N/A]
    <hooqaixw><#D;]XJOEPXT]Tztufn43]Svoemm43/fyf#!#D;]XJOEPXT]Tztufn43]deoqsi/emm#-Tubsu>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <RavMon><C:\DOCUME~1\lx\LOCALS~1\Temp\RavMonD.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><EXPLORER.EXE>  [(Verified)]
    <Userinit><userinit.exe,>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><qhbpri.dll>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
    <{5D06580A-08EB-4DD0-8425-DDBB5198B30C}><C:\Program Files\Common Files\Microsoft Shared\MSInfo\IEINFO5.sys>  []
    <{B8A170A8-7AD3-4678-B2FE-F2D7381CC1B5}><C:\Program Files\Internet Explorer\Connection Wizard\isignup.sys>  []
    <{A6011F8F-A7F8-49AA-9ADA-49127D43138F}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.bmt>  [N/A]
    <{754FB7D8-B8FE-4810-B363-A788CD060F1F}><C:\Program Files\Internet Explorer\PLUGINS\System64.Sys>  [N/A]
    <{88A46432-969E-4F5E-913D-3AAF4B6A3051}><C:\WINDOWS\System32\SvTime.dll>  [N/A]
    <{26368135-64FA-BC34-DA32-DCF4FD431C92}><C:\WINDOWS\System32\qhbpri.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player 6.4><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub.NT>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{306D6C21-C1B6-4629-986C-E59E1875B8AF}]
    <N/A><"C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Install.PerUser>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player 8><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINDOWS\广联达~1.SCR>  []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background>  [(Verified)Microsoft Windows XP Publisher]

==================================
启动文件夹
[Canon LBP-810 篈跌怠]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Canon LBP-810 篈跌怠.LNK --> C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE [CANON INC.]><N>

==================================
服务
[Application Management / AppMgmt][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[BrSplService / Brother XP spl Service][Running/Auto Start]
  <C:\WINDOWS\System32\brsvc01a.exe><brother Industries Ltd>
[Indexing Data / DATEING][Running/Auto Start]
  <C:\WINDOWS\SYSTEM32\RUNDLLFOROUR.EXE C:\WINDOWS\SYSTEM32\WBEM\OWJNX.DLL,DllRegisterServer 1087><Microsoft Corporation>
[FTSafe Net Rockey Service / FTSafeNetRockeyService4.0][Stopped/Auto Start]
  <C:\WINDOWS\System32\NrSvr.exe -dispatch><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Office Backup Engine / License][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\System32\ruqdp.dll><Microsoft Corporation>
[Win32 Debug Service / MSDebugsvc][Stopped/Auto Start]
  <C:\WINDOWS\System32\rundll32.exe msdebug.dll,input><Microsoft Corporation>
[Fax 2Client / ms_2fax][Running/Auto Start]
  <C:\WINDOWS\System32\b6c31.exe><N/A>
[Intel(R) NMS / NMSSvc][Running/Auto Start]
  <C:\WINDOWS\System32\NMSSvc.exe><Intel Corporation>
[Pcivsubilu / Pcivsubilu][Stopped/Manual Start]
  <><N/A>
[Windows qvnd RunThem / qvnd][Stopped/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\PROGRA~1\lqiy\vasi.dll><N/A>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Windows DHCP Service / WinDHCPsvc][Stopped/Auto Start]
  <C:\WINDOWS\System32\rundll32.exe windhcp.ocx,input><Microsoft Corporation>

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[atmuni32 / atmuni32][Stopped/Manual Start]
  <\??\C:\WINDOWS\System32\drivers\atmuni32.sys><N/A>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[c59 / c59h][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\c59h.sys><N/A>
[cnprov / cnprov][Running/Boot Start]
  <\SystemRoot\system32\drivers\cnprov.sys><中国互联网络信息中心(CNNIC)>
[Intel(R) PRO Adapter Driver / E100B][Running/Manual Start]
  <System32\DRIVERS\e100b325.sys><Intel Corporation>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\ExpScan.sys><>
[fqgrv / fqgrve][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\fqgrve.sys><N/A>
[HookCont / HookCont][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\HookSys.sys><Rising>
[Senselock USB Lock 1.5S Driver / Lock15S][Running/Auto Start]
  <System32\Drivers\Lock15S.sys><Beijing Senselock Inc>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\MEMSCAN.sys><瑞星软件有限公司>
[New0 / New0][Running/Auto Start]
  <\??\C:\WINDOWS\System32\new.sys><N/A>
[NTGDT / NTGDT][Running/System Start]
  <\??\C:\WINDOWS\System32\Drivers\NTGDT.SYS><N/A>
[nv / nv][Running/Manual Start]
  <System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RapidPort / RapidPort][Running/Auto Start]
  <\??\C:\WINDOWS\System32\Drivers\CAPLPTN.SYS><CANON INC.>
[Feitian ROCKEY4 Device Service / ROCKEYNT][Running/Manual Start]
  <System32\DRIVERS\Rockey4.sys><Feitian Technologies Co., Ltd.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\System32\drivers\RsBoot.sys><Beijing Rising>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\System32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\RSPPSYS.sys><Rising>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[Sense3 / Sense3][Running/Auto Start]
  <\SystemRoot\system32\Drivers\sense3.sys><Beijing Senselock>
[Rainbow China UDA Driver / UDA][Stopped/Manual Start]
  <System32\Drivers\rcudawdm.sys><Rainbow China Co,. Ltd.>
[wtmuni3 / wtmuni32][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\wtmuni32.sys><N/A>
[yhnbdv7 / yhnbdv73][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\yhnbdv73.sys><N/A>
[zwpww2m / zwpww2m][Running/]
  <2 - 系统找不到指定的文件。
><N/A>
[NIC Management Service Configuration Driver / NMSCFG][Running/Manual Start]
  <\??\C:\WINDOWS\System32\drivers\NMSCFG.SYS><Intel Corporation>

==================================
浏览器加载项
[sosHlpr Class]
  {00C104F7-0F5C-470C-ABCF-A5B2E70752F1} <C:\WINDOWS\system32\wcczixp.dll, Microsoft Corporation>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx, >
[ChinaBuy Class]
  {85FAEA13-9C62-4917-8571-B35C563A1943} <C:\WINDOWS\System32\buyunion.dll, >
[FavHook Class]
  {CD8BFE70-5809-4C73-9EEE-E5672C2B79D7} <C:\Program Files\Deepdo\DeepdoBar\Favorite\FavBlock.dll, Deepdo.com,  Inc.>
[ff Class]
  {FAAAC0F6-94BE-4466-934B-7C53666A2F41} <C:\WINDOWS\System32\7b61.dll, N/A>
[联想]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.legend.com, N/A>
[CibaCtrl Class]
  {8DE0FCD4-5EB5-11D3-AD25-00002100131B} <C:\MYEOFF~1\CIBA\IEPlugin.dll, >
[JoyoCtrl Class]
  {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} <C:\MYEOFF~1\CIBA\IEPlugin.dll, >
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[MMCPlayer Class]
  {05C1004E-2596-48E5-8E26-39362985EEB9} <C:\WINDOWS\Downloaded Program Files\MMCShell.dll, Sohu.com Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>

==================================
正在运行的进程
[PID: 552 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 640 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 664 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\qhbpri.dll]  [N/A, ]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 712 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\qhbpri.dll]  [N/A, ]
[PID: 724 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\system32\qhbpri.dll]  [N/A, ]
[PID: 908 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\qhbpri.dll]  [N/A, ]
[PID: 1024 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\qhbpri.dll]  [N/A, ]
    [c:\windows\system32\ruqdp.dll]  [N/A, ]
[PID: 1236 / NETWORK SERVICE][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\qhbpri.dll]  [N/A, ]
[PID: 1284 / LOCAL SERVICE][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\qhbpri.dll]  [N/A, ]
[PID: 1564 / lx][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\qhbpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\Program Files\Common Files\Microsoft Shared\MSInfo\IEINFO5.sys]  [N/A, ]
    [C:\Program Files\Internet Explorer\Connection Wizard\isignup.sys]  [N/A, ]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\WINDOWS\System32\LgdGuard.dll]  [, ]
    [C:\WINDOWS\System32\mainbar\bin\contmenu.dll]  [N/A, ]
    [C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx]  [, 1, 0, 0, 1]
[PID: 1636 / SYSTEM][C:\WINDOWS\System32\brsvc01a.exe]  [brother Industries Ltd, 1, 0, 0, 2]
    [C:\WINDOWS\System32\qhbpri.dll]  [N/A, ]
[PID: 1664 / SYSTEM][C:\WINDOWS\System32\brss01a.exe]  [brother Industries Ltd, 1.004]
    [C:\WINDOWS\system32\spool\PRTPROCS\W32X86\brpp2ka.dll]  [Brother Industries ,Ltd , 1.03]
[PID: 1672 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\system32\qhbpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\CAPMONK.DLL]  [CANON INC., 1.00.1.012]
    [C:\WINDOWS\system32\CAPSMK.DLL]  [CANON INC., 1.00.1.012]
    [C:\WINDOWS\system32\CAPPTMN.DLL]  [CANON INC., 1.00.1.012]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\BRPP2KA.DLL]  [Brother Industries ,Ltd , 1.03]
    [C:\WINDOWS\system32\CAP1EMN.DLL]  [CANON INC., 1.00.1.012]
[PID: 1956 / SYSTEM][C:\WINDOWS\System32\CAPRPCSK.EXE]  [CANON INC., 1.00.1.012]
    [C:\WINDOWS\System32\qhbpri.dll]  [N/A, ]
[PID: 220 / SYSTEM][C:\WINDOWS\SYSTEM32\RUNDLLFOROUR.EXE]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINDOWS\SYSTEM32\WBEM\OWJNX.DLL]  [Microsoft Corporation, 5, 1, 2600, 2709]
[PID: 296 / SYSTEM][C:\WINDOWS\System32\spool\drivers\w32x86\3\CAPPSWK.EXE]  [CANON INC., 1.00.1.012]
    [C:\WINDOWS\System32\spool\drivers\w32x86\3\CAP1PMN.DLL]  [CANON INC., 1.00.1.012]
    [C:\WINDOWS\System32\spool\drivers\w32x86\3\CAPSMK.DLL]  [CANON INC., 1.00.1.012]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 512 / SYSTEM][C:\WINDOWS\System32\b6c31.exe]  [N/A, ]
    [C:\WINDOWS\System32\qhbpri.dll]  [N/A, ]
[PID: 572 / SYSTEM][C:\WINDOWS\System32\NMSSvc.exe]  [Intel Corporation, 2.1.9.0]
    [C:\WINDOWS\System32\NMSSvcPS.DLL]  [Intel Corporation, 2.1.9.0]
[PID: 628 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\qhbpri.dll]  [N/A, ]
[PID: 1324 / lx][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5.0.14]
    [C:\Program Files\Internet Explorer\Connection Wizard\isignup.sys]  [N/A, ]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1508 / lx][C:\WINDOWS\System32\PROMon.exe]  [Intel Corporation, 5.3.7.0]
    [C:\WINDOWS\System32\NMSAPI.DLL]  [Intel Corporation, 2.1.9.0]
    [C:\Program Files\Internet Explorer\Connection Wizard\isignup.sys]  [N/A, ]
    [C:\WINDOWS\System32\NMSSvcPS.DLL]  [Intel Corporation, 2.1.9.0]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1176 / lx][C:\HEROSOFT\Hero3000\SYSEXPLR.EXE]  [N/A, ]
    [C:\HEROSOFT\Hero3000\AVCDROM.dll]  [N/A, ]
    [C:\HEROSOFT\Hero3000\CoolMenu.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\Connection Wizard\isignup.sys]  [N/A, ]
    [C:\HEROSOFT\Hero3000\Sys936.DLL]  [N/A, ]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1832 / lx][C:\Program Files\QuickTime\qttask.exe]  [Apple Computer, Inc., 6.4]
    [C:\Program Files\Internet Explorer\Connection Wizard\isignup.sys]  [N/A, ]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\System32\QuickTime.qts]  [Apple Computer, Inc., 6.4]
    [C:\WINDOWS\system32\QuickTime\QuickTime3GPP.qtx]  [Apple Computer, Inc., 6.4]
    [C:\WINDOWS\system32\QuickTime\QuickTimeAuthoring.qtx]  [Apple Computer, Inc., 6.4]
    [C:\WINDOWS\system32\QuickTime\QuickTimeCapture.qtx]  [Apple Computer, Inc., 6.4]
    [C:\WINDOWS\system32\QuickTime\QuickTimeEffects.qtx]  [Apple Computer, Inc., 6.4]
    [C:\WINDOWS\system32\QuickTime\QuickTimeEssentials.qtx]  [Apple Computer, Inc., 6.4]
    [C:\WINDOWS\system32\QuickTime\QuickTimeImage.qtx]  [Apple Computer, Inc., 6.4]
    [C:\WINDOWS\system32\QuickTime\QuickTimeInternetExtras.qtx]  [Apple Computer, Inc., 6.4]
    [C:\WINDOWS\system32\QuickTime\QuickTimeMPEG.qtx]  [Apple Computer, Inc, 6.4]
    [C:\WINDOWS\system32\QuickTime\QuickTimeMPEG4.qtx]  [Apple Computer, Inc., 6.4]
    [C:\WINDOWS\system32\QuickTime\QuickTimeMPEG4Authoring.qtx]  [Apple Computer, Inc., 6.4]
    [C:\WINDOWS\system32\QuickTime\QuickTimeMusic.qtx]  [Apple Computer, Inc., 6.4]
    [C:\WINDOWS\system32\QuickTime\QuickTimeStreaming.qtx]  [Apple Computer, Inc., 6.4]
    [C:\WINDOWS\system32\QuickTime\QuickTimeStreamingAuthoring.qtx]  [Apple Computer, Inc., 6.4]
    [C:\WINDOWS\system32\QuickTime\QuickTimeStreamingExtras.qtx]  [Apple Computer, Inc., 6.4]

[PID: 1892 / lx][C:\Program Files\Rising\AntiSpyware\runiep.exe]  [Beijing Rising Technology Co., Ltd., 1, 0, 1, 6]
    [C:\Program Files\Rising\AntiSpyware\iep_ctrl.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\Program Files\Internet Explorer\Connection Wizard\isignup.sys]  [N/A, ]
[PID: 456 / lx][C:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\Program Files\Internet Explorer\Connection Wizard\isignup.sys]  [N/A, ]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1196 / lx][C:\Program Files\Messenger\msmsgs.exe]  [Microsoft Corporation, 4.7.0041]
    [C:\Program Files\Internet Explorer\Connection Wizard\isignup.sys]  [N/A, ]
    [C:\Program Files\Messenger\MSGSLANG.DLL]  [Microsoft Corporation, 4.7.0041]
    [C:\PROGRA~1\MESSEN~1\rtcimsp.dll]  [Microsoft Corporation, 4.0.3599.0 (Lab02_N(ntvbl02).020107-1351)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\msdmo.dll]  [, ]
    [C:\WINDOWS\System32\qhbpri.dll]  [N/A, ]
[PID: 1904 / lx][C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE]  [CANON INC., 1.00.1.012]
    [C:\Program Files\Internet Explorer\Connection Wizard\isignup.sys]  [N/A, ]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2016 / lx][C:\Program Files\Rising\Rav\RsAgent.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 12]
    [C:\Program Files\Internet Explorer\Connection Wizard\isignup.sys]  [N/A, ]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2084 / lx][C:\WINDOWS\msagent\AgentSvr.exe]  [Microsoft Corporation, 2.00.0.3422]
    [C:\WINDOWS\System32\qhbpri.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\Connection Wizard\isignup.sys]  [N/A, ]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 452 / SYSTEM][C:\PROGRAM FILES\RISING\RAV\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
    [C:\PROGRAM FILES\RISING\RAV\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 4884 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 10384 / lx][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [C:\Program Files\Internet Explorer\Connection Wizard\isignup.sys]  [N/A, ]
    [C:\WINDOWS\system32\wcczixp.dll]  [Microsoft Corporation, 1, 0, 2, 1]
    [C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx]  [, 1, 0, 0, 1]
    [C:\WINDOWS\System32\buyunion.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Deepdo\DeepdoBar\Favorite\FavBlock.dll]  [Deepdo.com,  Inc., 1, 0, 0, 1]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\Program Files\Common Files\Microsoft Shared\MSInfo\IEINFO5.sys]  [N/A, ]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\Macromed\Flash\Flash9c.ocx]  [Adobe Systems, Inc., 9,0,45,0]
    [C:\WINDOWS\System32\qhbpri.dll]  [N/A, ]
[PID: 13624 / lx][C:\Program Files\WinRAR\WinRAR.exe]  [N/A, ]
    [C:\Program Files\Internet Explorer\Connection Wizard\isignup.sys]  [N/A, ]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\System32\qhbpri.dll]  [N/A, ]
[PID: 14320 / lx][C:\DOCUME~1\lx\LOCALS~1\Temp\Rar$EX00.640\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\Program Files\Internet Explorer\Connection Wizard\isignup.sys]  [N/A, ]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\DOCUME~1\lx\LOCALS~1\Temp\Rar$EX00.640\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
    [C:\WINDOWS\System32\qhbpri.dll]  [N/A, ]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  Error. [超级解霸3000]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 1564, C:\WINDOWS\EXPLORER.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 572, C:\WINDOWS\SYSTEM32\NMSSVC.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1508, C:\WINDOWS\SYSTEM32\PROMON.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1176, C:\HEROSOFT\HERO3000\SYSEXPLR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1832, C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1892, C:\PROGRAM FILES\RISING\ANTISPYWARE\RUNIEP.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1904, C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAPPSWK.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2016, C:\PROGRAM FILES\RISING\RAV\RSAGENT.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 13624, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

下个AVG，去百度帖吧找注册码。
瑞星好象不太杀木马
装个AVG配瑞星。
本人觉得不错