神啊，救救我吧！！
  瑞星被攻击，又瘫痪了!
[CODE]

2008-04-17,23:03:40

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 1 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows XP Publisher]
    <PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows XP Publisher]
    <SoundMan><SoundMan.exe>  [1]
    <WSockDrv32><C:\WINDOWS\WSockDrv32.exe>  []
    <MsIMMs32><C:\WINDOWS\MsIMMs32.exE>  []
    <mppds><C:\WINDOWS\mppds.EXE>  []
    <AVPSrv><C:\WINDOWS\AVPSrv.exE>  []
    <upxdnd><C:\WINDOWS\upxdnd.exe>  []
    <tciocp32><C:\WINDOWS\tciocp32.exe>  []
    <fmsbbqi><C:\WINDOWS\fmsbbqi.exe>  []
    <msccrt><C:\WINDOWS\msccrt.exe>  []
    <DbgHlp32><C:\WINDOWS\DbgHlp32.exe>  []
    <cmdbcs><C:\WINDOWS\cmdbcs.exe>  []
    <sclzslvv><C:\WINDOWS\czlvibfe.exe>  []
    <PTSShell><C:\WINDOWS\PTSShell.exe>  []
    <LotusHlp><C:\WINDOWS\LotusHlp.exe>  []
    <SHAProc><C:\WINDOWS\SHAProc.exe>  []
    <Kvsc3><C:\WINDOWS\Kvsc3.exE>  []
    <mfchlp32><C:\WINDOWS\mfchlp32.exe>  []
    <dndsioc><C:\WINDOWS\dndsioc.exe>  []
    <WINSvr32><C:\WINDOWS\WINSvr32.exE>  []
    <fmbiost><C:\WINDOWS\fmbiost.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows XP Publisher]
    <Userinit><C:\WINDOWS\System32\UserInit.exe,>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><msosmhfp01.dll,msoscqit01.dll,msosdohs01.dll,msosmnsf01.dll,msosptfs01.dll,msosping01.dll,msosfmsq01.dll,msosjtio00.dll,msosdrop00.dll>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{ED561258-45F3-A451-F908-A258458226DE}><C:\WINDOWS\Fonts\kvdxsnma.dll>  [N/A]
    <{F34345F1-DACF-3452-CB7D-4620F34A153F}><C:\WINDOWS\Fonts\rsztopm.dll>  [N/A]
    <{892FADFA-BCDE-ACDF-CDEF-21054865CBA8}><C:\WINDOWS\Fonts\wsmsfzx.dll>  [N/A]
    <{6A57CAD1-412F-9547-713F-9641FA3FC7A6}><C:\WINDOWS\Fonts\okmhfzy.dll>  [N/A]
    <{57650011-3344-6688-4899-345FABCD1575}><C:\WINDOWS\Fonts\ratbtpi.dll>  [N/A]
    <{CB681598-AD5F-BC8C-77DC-748FAC8D3FBC}><C:\WINDOWS\Fonts\kafylzy.dll>  [N/A]
    <{C4783410-4F90-34A0-7820-3230ACD05F4C}><C:\WINDOWS\Fonts\raqjlpi.dll>  [N/A]
    <{D9FA4178-7749-A8D9-F5C8-88645525769D}><C:\WINDOWS\Fonts\kashmzy.dll>  [N/A]
    <{55679330-4034-9021-7012-909856721375}><C:\WINDOWS\Fonts\wszjezx.dll>  [N/A]
    <{A960356A-458E-DE24-BD50-268F589A56AA}><C:\WINDOWS\Fonts\avwljmn.dll>  [N/A]
    <{E859245F-345D-BC13-AC4F-145D47DA34FE}><C:\WINDOWS\Fonts\avzxnmn.dll>  [N/A]
    <{9A1247C1-53DA-FF43-ABD3-345F323A48D9}><C:\WINDOWS\Fonts\avwgimn.dll>  [N/A]
    <{A8907901-1416-3389-9981-37217856998A}><C:\WINDOWS\Fonts\kawdjzy.dll>  [N/A]
    <{4FA10261-B890-F432-A453-69F1023513F4}><C:\WINDOWS\Fonts\gjcsdyc.dll>  [N/A]
    <{3A098324-8631-9087-7650-8907643562A3}><C:\WINDOWS\Fonts\jsqscyc.dll>  [N/A]
    <{6598FF45-DA60-F48A-BC43-10AC47853D56}><C:\WINDOWS\Fonts\rarjfpi.dll>  [N/A]
    <{BE32FA58-3453-FA2D-BC49-F340348ACCEB}><C:\WINDOWS\Fonts\rsmykpm.dll>  [N/A]
    <{2D098345-9012-8750-8910-9128098134D2}><C:\WINDOWS\Fonts\jsqxbyc.dll>  [N/A]
    <{595fc807-9d7f-4889-8194-b0fb4af7ba4c}><C:\WINDOWS\System32\IGB_GFSJ_1001.dll>  [N/A]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
    <{6FC63358-5E38-4583-914B-119CA485A53C}><C:\Program Files\Internet Explorer\PLUGINS\Nt_Sys32.Sys>  []
    <{50632D5C-B71B-4ba0-B012-3DC6F15C011B}><C:\WINDOWS\System32\msosiocp.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player 6.4><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub.NT>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{306D6C21-C1B6-4629-986C-E59E1875B8AF}]
    <N/A><"C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Install.PerUser>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player 8><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Loader.exe]
    <IFEO[360Loader.exe]><svchost.exe>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe]
    <IFEO[ctfmon.exe]><SoundMan.exe>  [1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IceSword]
    <IFEO[IceSword]><svchost.exe>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ras]
    <IFEO[ras]><svchost.exe>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\runiep]
    <IFEO[runiep]><svchost.exe>  [(Verified)Microsoft Windows XP Publisher]

==================================

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; MAXTHON 2.0)

启动文件夹
N/A

==================================
服务
[Help and Support / helpsvc][Stopped/Auto Start]
  <C:\WINDOWS\System32\interne.exe-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><Microsoft Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Proxy  Service / RfwProxySrv][Stopped/Manual Start]
  <d:\rising杀毒软件\防火墙\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Stopped/Auto Start]
  <d:\rising杀毒软件\防火墙\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Stopped/Auto Start]
  <"D:\Rising杀毒软件\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
  <"D:\RISING杀毒软件\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
驱动程序
[RAS Asynchronous Media Driver / AsyncMac][Stopped/Auto Start]
  <system32\DRIVERS\msconkt.sys><N/A>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[basic2 / basic2][Running/Manual Start]
  <System32\DRIVERS\HSF_BSC2.sys><Conexant>
[Conexant Riptide WDM Audio Driver / crtaud][Running/Manual Start]
  <system32\drivers\crtaud.sys><Conexant Systems Inc.>
[ExpScaner / ExpScaner][Stopped/Auto Start]
  <\??\D:\RISING杀毒软件\RISING\RAV\ExpScan.sys><N/A>
[Fallback / Fallback][Running/Auto Start]
  <System32\DRIVERS\HSF_FALL.sys><Conexant>
[Fsks / Fsks][Running/Auto Start]
  <System32\DRIVERS\HSF_FSKS.sys><Conexant>
[HookCont / HookCont][Running/System Start]
  <\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Technology Co., Ltd>
[HookNtos / HookNtos][Running/System Start]
  <\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Technology Co., Ltd>
[HookReg / HookReg][Running/System Start]
  <\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Technology Co., Ltd>
[HookSys / HookSys][Running/System Start]
  <\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Technology Co., Ltd>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\D:\Rising杀毒软件\防火墙\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[hsf_msft / hsf_msft][Running/Manual Start]
  <System32\DRIVERS\HSF_MSFT.sys><Conexant>
[K56 / K56][Running/Auto Start]
  <System32\DRIVERS\HSF_K56K.sys><Conexant>
[MEMSCAN / MEMSCAN][Stopped/Auto Start]
  <\??\D:\RISING杀毒软件\RISING\RAV\MEMSCAN.sys><N/A>
[mnsf / mnsf][Stopped/Auto Start]
  <\??\C:\DOCUME~1\WUCHAN~1\LOCALS~1\Temp\tmp1C.tmp><N/A>
[mProcRs / mProcRs][Running/Auto Start]
  <\??\d:\rising杀毒软件\防火墙\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[MS / MS][Stopped/Manual Start]
  <\??\C:\DOCUME~1\WUCHAN~1\LOCALS~1\Temp\tmp74.tmp><N/A>
[mseqsy / mseqsy][Stopped/Auto Start]
  <system32\DRIVERS\msacpe.sys><N/A>
[msfpfis64 / msfpfis64][Running/Auto Start]
  <\??\C:\WINDOWS\System32\drivers\msosmsfpfis64.sys><N/A>
[npkcusb / npkcusb][Stopped/Manual Start]
  <\??\C:\WINDOWS\System32\npkcusb.sys><N/A>
[nv / nv][Running/Manual Start]
  <System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[ptfs / ptfs][Stopped/Auto Start]
  <\??\C:\DOCUME~1\WUCHAN~1\LOCALS~1\Temp\tmp24.tmp><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Rksample / Rksample][Running/Manual Start]
  <System32\DRIVERS\HSF_SAMP.sys><Conexant>
[Conexant Riptide Dummy Driver / rpfun][Running/Manual Start]
  <system32\drivers\rpfun.sys><Conexant Systems Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\System32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
[RsFwDrv / RsFwDrv][Running/Auto Start]
  <\??\D:\Rising杀毒软件\防火墙\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\System32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Stopped/Auto Start]
  <\??\D:\RISING杀毒软件\RISING\RAV\RSPPSYS.sys><N/A>
[Conexant Riptide Bus / Firmware Downloader / rthwcls][Running/Manual Start]
  <system32\drivers\rthwcls.sys><Conexant Systems Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[USB2.0 PC Camera (SNP2UVC) / SNP2UVC][Stopped/Manual Start]
  <System32\DRIVERS\snp2uvc.sys><>
[SoftFax / SoftFax][Running/Auto Start]
  <System32\DRIVERS\HSF_FAXX.sys><Conexant>
[SpeakerPhone / SpeakerPhone][Running/Auto Start]
  <System32\DRIVERS\HSF_SPKP.sys><Conexant>
[Tones / Tones][Running/Auto Start]
  <System32\DRIVERS\HSF_TONE.sys><Conexant>
[V124 / V124][Running/Auto Start]
  <System32\DRIVERS\HSF_V124.sys><Conexant>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <System32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[mhfp / mhfp][Stopped/Auto Start]
  <\??\C:\DOCUME~1\WUCHAN~1\LOCALS~1\Temp\tmp20.tmp><N/A>
[dohs / dohs][Stopped/Auto Start]
  <\??\C:\DOCUME~1\WUCHAN~1\LOCALS~1\Temp\tmp28.tmp><N/A>
[fmsq / fmsq][Stopped/Auto Start]
  <\??\C:\DOCUME~1\WUCHAN~1\LOCALS~1\Temp\tmp48.tmp><N/A>

==================================

浏览器加载项
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\System32\xunleibho_v8.dll, >
[]
  {471B15AD-7A9C-491D-9C19-4E15B12DCE00} <C:\Program Files\Internet Explorer\PLUGINS\NvSys_55.Sys, N/A>
[]
  {6FC63358-5E38-4583-914B-119CA485A53C} <C:\Program Files\Internet Explorer\PLUGINS\Nt_Sys32.Sys, N/A>
[]
  {9963387B-212E-4643-B207-82DAEA0E713D} <C:\Program Files\Internet Explorer\PLUGINS\Wn_Sys8x.Sys, N/A>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\System32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[iTrusPTA Class]
  {1E0DFFCF-27FF-4574-849B-55007349FEDA} <C:\WINDOWS\System32\aliedit\pta.dll, >
[GDGetTokenInfo Class]
  {3AA9CF07-DF20-48FF-98BE-DED276E40146} <C:\WINDOWS\System32\GDREAD~1.DLL, >
[InfoSecNetSign Class]
  {5CB840B5-A94E-4AD9-B785-4866E3B04476} <C:\WINDOWS\DOWNLO~1\ICBCNE~1.DLL, Infosec Technologies Co., Ltd.>
[Filetran Control]
  {88734439-46D0-42C0-A13F-7E881EE550CF} <C:\PROGRA~1\Bluesky\BLUESK~1\filetran.ocx, Bluesky Studio(http://www.bluesky.cn)>
[iChatX Object]
  {C07405FD-84D1-4A25-94E8-68609EA8335B} <C:\WINDOWS\Downloaded Program Files\ichatx.dll, 深圳市东方博雅科技有限公司>
[QQChatInstallerHelper Class]
  {C4DC211B-EDED-4EE1-9821-48E807DAF121} <C:\WINDOWS\System32\QQChatInstaller.dll, TODO: <Company name>>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>
[Recorder Control]
  {2423AB16-9F42-457B-A337-FE3B11964DB0} <C:\PROGRA~1\Bluesky\BLUESK~1\recorder.ocx, Bluesky Studio (http://www.bluesky.cn)>
[BlueskyVideo Control]
  {2EA6D939-4445-43F1-A12B-8CB3DDA8B855} <C:\PROGRA~1\Bluesky\BLUESK~1\v2.ocx, Bluesky Studio (http://www.bluesky.cn)>
[Ppd Control]
  {2F2BA87D-385E-4922-B41C-06E190B06AA9} <C:\PROGRA~1\Bluesky\BLUESK~1\ppd.ocx, Bluesky Studio(http://www.bluesky.cn)>
[Share Control]
  {3072B1F1-0C4D-4E76-A7C6-FBAF129DBCC9} <C:\PROGRA~1\Bluesky\BLUESK~1\share.ocx, Bluesky Studio (http://www.bluesky.cn)>
[Traceppd Control]
  {5910C66C-F9BA-4306-8175-C098B7F0ED62} <C:\PROGRA~1\Bluesky\BLUESK~1\traceppd.ocx, BlueskyStudio(http://www.bluesky.cn)>
[PP Control]
  {616DACC1-C5E6-4646-B36A-3FA4FC726BAD} <C:\PROGRA~1\Bluesky\BLUESK~1\ppc.ocx, Bluesky Studio (http://www.bluesky.cn)>
[WangWangObj Class]
  {6E213FC7-DD5A-4115-B7E6-D4C7838C361E} <D:\Program Files\淘宝网\淘宝旺旺\WangWangX4.dll, 阿里巴巴软件(上海)有限公司>
[Videohelp Control]
  {75B75D86-D88B-4BEA-BC59-BFD9D7300518} <C:\PROGRA~1\Bluesky\BLUESK~1\VIDEOH~1.OCX, Bluesky Studio(http://www.bluesky.cn)>
[Filetran Control]
  {88734439-46D0-42C0-A13F-7E881EE550CF} <C:\PROGRA~1\Bluesky\BLUESK~1\filetran.ocx, Bluesky Studio(http://www.bluesky.cn)>
[Chat Control]
  {94EFE58C-E678-4808-AD65-24CE4B94C1FE} <C:\PROGRA~1\Bluesky\BLUESK~1\chat.ocx, Bluesky Studio(http://www.bluesky.cn)>
[Blueskyvoice Control]
  {991481A7-4669-4e15-8C24-100404E1F5CB} <C:\PROGRA~1\Bluesky\BLUESK~1\BLUESK~2.OCX, Bluesky Studio (http://www.bluesky.cn)>
[Display Control]
  {A1D97DB3-E564-4743-B2E7-6F5182CBF406} <C:\PROGRA~1\Bluesky\BLUESK~1\display.ocx, Bluesky Studio (http://www.bluesky.cn)>
[Tracechat Control]
  {A40335C4-D3D1-4E7B-9130-039CDA5B603C} <C:\PROGRA~1\Bluesky\BLUESK~1\TRACEC~1.OCX, Bluesky Studio(http://www.bluesky.cn)>
[Imgsend Control]
  {AA1561BF-D290-4060-919B-499849629205} <C:\PROGRA~1\Bluesky\BLUESK~1\imgsend.ocx, Bluesky Studio (http://www.bluesky.cn)>
[PPChat Control]
  {AFB97F16-B7E8-4EB1-8133-FBD5AA2EBB3B} <C:\PROGRA~1\Bluesky\BLUESK~1\ppchat.ocx, Bluesky Studio(http://www.bluesky.cn)>
[Blueskyvoice Control]
  {BA0F088C-72C1-475a-92F8-42391DEF6961} <C:\PROGRA~1\Bluesky\BLUESK~1\BLUESK~1.OCX, 蓝天工作室(http://www.bluesky.cn)>
[Client Control]
  {C7B0C764-5D4E-433E-A854-591F28520577} <C:\PROGRA~1\Bluesky\BLUESK~1\client.ocx, BlueskyStudio(http://www.bluesky.cn)>
[Play Control]
  {CC20DDA1-9A21-4DEC-B5BE-E61E0351FCA9} <C:\PROGRA~1\Bluesky\BLUESK~1\play.ocx, Bluesky Studio (http://www.bluesky.cn)>
[&使用迅雷下载]
  <D:\迅雷5\可删\geturl.htm, N/A>
[&使用迅雷下载全部链接]
  <D:\迅雷5\可删\getallurl.htm, N/A>

==================================

正在运行的进程
[PID: 416 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 488 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 512 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\SOGOUPY.IME]  [Sohu.com Inc., 3, 1, 0, 0]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 584 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 596 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 748 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 780 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 892 / NETWORK SERVICE][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 928 / LOCAL SERVICE][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1268 / wuchangyuan][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\SOGOUPY.IME]  [Sohu.com Inc., 3, 1, 0, 0]
    [D:\搜狗拼音输入法 V3.1 正式版\可删\Plugin\SgImeWord.dll]  [, 1, 0, 0, 31]
    [D:\搜狗拼音输入法 V3.1 正式版\可删\ZipLib.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\Nt_Sys32.Sys]  [N/A, ]
    [C:\WINDOWS\System32\msosiocp.dll]  [N/A, ]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\WSockDrv32.dll]  [N/A, ]
    [C:\WINDOWS\System32\MsIMMs32.dll]  [N/A, ]
    [C:\WINDOWS\System32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\System32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\System32\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\System32\tciocp32.dll]  [N/A, ]
    [C:\WINDOWS\System32\fmsbbqi.dll]  [N/A, ]
    [C:\WINDOWS\System32\msccrt.dll]  [N/A, ]
    [C:\WINDOWS\System32\DbgHlp32.dlL]  [N/A, ]
    [C:\WINDOWS\System32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS\System32\jlklvvrb.dll]  [N/A, ]
    [C:\WINDOWS\System32\PTSShell.dll]  [N/A, ]
    [C:\WINDOWS\System32\LotusHlp.dll]  [N/A, ]
    [C:\WINDOWS\System32\SHAProc.dat]  [N/A, ]
    [C:\WINDOWS\System32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\System32\mfchlp32.dll]  [N/A, ]
    [C:\WINDOWS\System32\dndsioc.dll]  [N/A, ]
    [C:\WINDOWS\System32\WINSvr32.dll]  [N/A, ]
    [C:\WINDOWS\System32\fmbiost.dll]  [N/A, ]
[PID: 1288 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[PID: 1580 / SYSTEM][C:\WINDOWS\SoundMan.exe]  [1, 1.00]
    [C:\WINDOWS\System32\MSVBVM60.DLL]  [Microsoft Corporation, 6.00.9237]
[PID: 1772 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 228 / wuchangyuan][D:\Rising杀毒软件\Rising\Rav\RavMon.exe]  [Beijing Rising Technology Co., Ltd., 20.0.01.08]
    [C:\WINDOWS\System32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\System32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\System32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [D:\Rising杀毒软件\Rising\Rav\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [D:\Rising杀毒软件\Rising\Rav\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [D:\Rising杀毒软件\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [D:\Rising杀毒软件\Rising\Rav\recomp.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 22]
    [D:\Rising杀毒软件\Rising\Rav\refs.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 12]
    [D:\Rising杀毒软件\Rising\Rav\viruslib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [D:\Rising杀毒软件\Rising\Rav\relibldr.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 13]
    [D:\Rising杀毒软件\Rising\Rav\RSAPPMGR.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [D:\Rising杀毒软件\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.10]
    [D:\Rising杀毒软件\Rising\Rav\MonRule.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.24]
    [D:\Rising杀毒软件\Rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [C:\Program Files\Internet Explorer\PLUGINS\Nt_Sys32.Sys]  [N/A, ]
    [C:\WINDOWS\System32\SOGOUPY.IME]  [Sohu.com Inc., 3, 1, 0, 0]
    [D:\搜狗拼音输入法 V3.1 正式版\可删\Plugin\SgImeWord.dll]  [, 1, 0, 0, 31]
    [D:\Rising杀毒软件\Rising\Rav\Rsguilib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 79]
    [D:\Rising杀毒软件\Rising\Rav\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0]
    [C:\WINDOWS\System32\PTSShell.dll]  [N/A, ]
    [C:\WINDOWS\System32\SHAProc.dat]  [N/A, ]
[PID: 1040 / wuchangyuan][D:\傲游浏览器6.10\Maxthon2222\Maxthon.exe]  [Maxthon International ltd., 2, 0, 2, 615]
    [D:\傲游浏览器6.10\Maxthon2222\mxpp.dll]  [Maxthon, 1, 0, 0, 50]
    [D:\傲游浏览器6.10\Maxthon2222\MxSk.dll]  [Maxthon, 1, 0, 0, 119]
    [D:\傲游浏览器6.10\Maxthon2222\MxProxy2.dll]  [, 1, 0, 0, 3115]
    [C:\Program Files\Internet Explorer\PLUGINS\Nt_Sys32.Sys]  [N/A, ]
    [C:\WINDOWS\System32\SOGOUPY.IME]  [Sohu.com Inc., 3, 1, 0, 0]
    [D:\搜狗拼音输入法 V3.1 正式版\可删\Plugin\SgImeWord.dll]  [, 1, 0, 0, 31]
    [D:\傲游浏览器6.10\Maxthon2222\MxFav.dll]  [Maxthon, 1, 0, 0, 186]
    [D:\傲游浏览器6.10\Maxthon2222\maxzlib.dll]  [, 1.2.3]
    [D:\傲游浏览器6.10\Maxthon2222\mxtool.dll]  [, 1, 0, 0, 1]
    [D:\傲游浏览器6.10\Maxthon2222\mxfeedU.dll]  [, 1, 0, 45, 45]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [D:\Rising杀毒软件\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [C:\WINDOWS\System32\Macromed\Flash\Flash9e.ocx]  [Adobe Systems, Inc., 9,0,115,0]
    [C:\WINDOWS\System32\MsIMMs32.dll]  [N/A, ]
    [C:\WINDOWS\System32\WSockDrv32.dll]  [N/A, ]
    [C:\WINDOWS\System32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\System32\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\System32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\System32\tciocp32.dll]  [N/A, ]
    [C:\WINDOWS\System32\fmsbbqi.dll]  [N/A, ]
    [C:\WINDOWS\System32\msccrt.dll]  [N/A, ]
    [C:\WINDOWS\System32\DbgHlp32.dlL]  [N/A, ]
    [C:\WINDOWS\System32\jlklvvrb.dll]  [N/A, ]
    [C:\WINDOWS\System32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS\System32\PTSShell.dll]  [N/A, ]
    [C:\WINDOWS\System32\LotusHlp.dll]  [N/A, ]
    [C:\WINDOWS\System32\SHAProc.dat]  [N/A, ]
    [C:\WINDOWS\System32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\System32\mfchlp32.dll]  [N/A, ]
    [C:\WINDOWS\System32\dndsioc.dll]  [N/A, ]
    [C:\WINDOWS\System32\WINSvr32.dll]  [N/A, ]
    [C:\WINDOWS\System32\fmbiost.dll]  [N/A, ]
[PID: 3520 / wuchangyuan][C:\WINDOWS\System32\conime.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\Program Files\Internet Explorer\PLUGINS\Nt_Sys32.Sys]  [N/A, ]
    [C:\WINDOWS\System32\SOGOUPY.IME]  [Sohu.com Inc., 3, 1, 0, 0]
    [D:\搜狗拼音输入法 V3.1 正式版\可删\Plugin\SgImeWord.dll]  [, 1, 0, 0, 31]
    [C:\WINDOWS\System32\SHAProc.dat]  [N/A, ]
    [C:\WINDOWS\System32\PTSShell.dll]  [N/A, ]
[PID: 5264 / wuchangyuan][D:\杀毒\sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\Program Files\Internet Explorer\PLUGINS\Nt_Sys32.Sys]  [N/A, ]
    [C:\WINDOWS\System32\SOGOUPY.IME]  [Sohu.com Inc., 3, 1, 0, 0]
    [D:\搜狗拼音输入法 V3.1 正式版\可删\Plugin\SgImeWord.dll]  [, 1, 0, 0, 31]
    [C:\WINDOWS\System32\SHAProc.dat]  [N/A, ]
    [C:\WINDOWS\System32\PTSShell.dll]  [N/A, ]
    [D:\杀毒\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
    [C:\WINDOWS\System32\fmbiost.dll]  [N/A, ]
    [C:\WINDOWS\System32\WINSvr32.dll]  [N/A, ]
    [C:\WINDOWS\System32\dndsioc.dll]  [N/A, ]
    [C:\WINDOWS\System32\mfchlp32.dll]  [N/A, ]
    [C:\WINDOWS\System32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\System32\LotusHlp.dll]  [N/A, ]
    [C:\WINDOWS\System32\jlklvvrb.dll]  [N/A, ]
    [C:\WINDOWS\System32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS\System32\DbgHlp32.dlL]  [N/A, ]
    [C:\WINDOWS\System32\msccrt.dll]  [N/A, ]
    [C:\WINDOWS\System32\fmsbbqi.dll]  [N/A, ]
    [C:\WINDOWS\System32\tciocp32.dll]  [N/A, ]
    [C:\WINDOWS\System32\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\System32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\System32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\System32\MsIMMs32.dll]  [N/A, ]
    [C:\WINDOWS\System32\WSockDrv32.dll]  [N/A, ]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
进程特权扫描
特殊特权被允许： SeSystemtimePrivilege [PID = 1580, C:\WINDOWS\SOUNDMAN.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 1040, D:\傲游浏览器6.10\MAXTHON2222\MAXTHON.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1040, D:\傲游浏览器6.10\MAXTHON2222\MAXTHON.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

能否把日志作为附加发上来

C:\WINDOWS\System32\fmbiost.dll] [N/A, ]
[C:\WINDOWS\System32\WINSvr32.dll] [N/A, ]
[C:\WINDOWS\System32\dndsioc.dll] [N/A, ]
[C:\WINDOWS\System32\mfchlp32.dll] [N/A, ]
[C:\WINDOWS\System32\Kvsc3.dll] [N/A, ]
[C:\WINDOWS\System32\LotusHlp.dll] [N/A, ]
[C:\WINDOWS\System32\jlklvvrb.dll] [N/A, ]
[C:\WINDOWS\System32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\System32\DbgHlp32.dlL] [N/A, ]
[C:\WINDOWS\System32\msccrt.dll] [N/A, ]
[C:\WINDOWS\System32\fmsbbqi.dll] [N/A, ]
[C:\WINDOWS\System32\tciocp32.dll] [N/A, ]
[C:\WINDOWS\System32\upxdnd.dll] [N/A, ]
[C:\WINDOWS\System32\AVPSrv.dll] [N/A, ]
[C:\WINDOWS\System32\mppds.dll] [N/A, ]
[C:\WINDOWS\System32\MsIMMs32.dll] [N/A, ]
[C:\WINDOWS\System32\WSockDrv32.dll] [N/A, ]

日志 用附件发上来