[CODE]

2008-02-10,14:55:06

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <switch><c:\windows\system32\壁纸自动换.exe>  []
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Publisher]
    <nwiz><nwiz.exe /install>  []
    <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [(Verified)Microsoft Windows Component Publisher]
    <C-Media Mixer><Mixer.exe /startup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <runeip><"C:\Program Files\Rising\AntiSpyware\runiep.exe" /startup>  [Beijing Rising Technology Co., Ltd.]
    <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
    <RavTask><"F:\Program Files\Rising\Rav\RavTask.exe" -system>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
    <SHAProc><C:\WINDOWS\SHAProc.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <wiasoisao><wiasoisao.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll>  [Beijing Rising Technology Co., Ltd.]
    <{CC3596CB-D6C1-ECA1-AE51-DEEA63F6C21C}><C:\Program Files\Internet Explorer\OnlO0r.dll>  [N/A]
    <{61C1B9CE-1A6F-4994-B4A4-0E7C99AD4C28}><C:\WINDOWS\system32\mndoor0.dll>  []
    <{80F15C30-5E9D-4CB9-BE85-F3D5564C6F83}><C:\WINDOWS\system32\fhdoor0.dll>  []
    <{C26A8AB5-B935-400C-A152-0488714725B1}><C:\WINDOWS\system32\qsdoor0.dll>  []
    <{49C496E9-732D-4F5D-BEE9-EC113FAA1C97}><C:\WINDOWS\system32\qzdoor0.dll>  []
    <{D64AC2E4-95B1-40DD-90D9-0C60F7CA64BF}><C:\WINDOWS\system32\qqdoor0.dll>  []
    <{ABD0935D-B35A-47BD-BA9A-81678DDE74DD}><C:\WINDOWS\system32\qhdoor0.dll>  []
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    <WinlogonNotify: WgaLogon><WgaLogon.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; MAXTHON 2.0)

<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]

==================================
启动文件夹
[木马克星]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\木马克星.lnk --> C:\Program Files\Iparmor\Iparmor.exe [N/A]><N>

==================================
服务
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Rising Proxy  Service / RfwProxySrv][Stopped/Auto Start]
  <c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Stopped/Auto Start]
  <c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Stopped/Auto Start]
  <"F:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
  <"F:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[AliIde / AliIde][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD K8 Processor Driver / AmdK8][Stopped/Manual Start]
  <System32\DRIVERS\amdk8.sys><Advanced Micro Devices>
[ATI2HDDSRV / ATI2HDDSRV][Running/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\ati32srv.sys><N/A>
[CmdIde / CmdIde][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[C-Media PCI Audio Driver (WDM) / cmpci][Running/Manual Start]
  <system32\drivers\cmaudio.sys><C-Media Inc>
[DeepFree Update / DeepFree Update][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\pcihdd2.sys><N/A>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
  <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[VIA Rhine Family Fast Ethernet Adapter Driver Service / FETNDISB][Running/Manual Start]
  <system32\DRIVERS\fetnd5b.sys><VIA Technologies, Inc.>
[HookCont / HookCont][Running/System Start]
  <\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Technology Co., Ltd>
[HookNtos / HookNtos][Running/System Start]
  <\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Technology Co., Ltd>
[HookReg / HookReg][Running/System Start]
  <\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Technology Co., Ltd>
[HookSys / HookSys][Running/System Start]
  <\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Technology Co., Ltd>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[msertk / msertk][Running/Auto Start]
  <system32\drivers\msyecp.sys><N/A>
[msskye / msskye][Running/Auto Start]
  <system32\DRIVERS\msaclue.sys><N/A>
[npkcrypt / npkcrypt][Stopped/Auto Start]
  <\??\C:\Program Files\QQ2006\npkcrypt.sys><N/A>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Rising  Rfwbase Driver / RfwBase][Running/Auto Start]
  <System32\DRIVERS\rfwbase.SYS><Beijing Rising Technology Co., Ltd.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
[RsFwDrv / RsFwDrv][Running/System Start]
  <\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>

==================================
浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[]
  {C2626E66-D21B-E628-C1DF-1DACCFA36ED2} <C:\Program Files\Common Files\fjOs0r.dll, N/A>
[Thunder Browser Helper]
  {F08555AF-9CC3-11D2-AA8E-000000000000} <C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[快捷工具条3.21]
  {BE830FD4-E393-417F-9F4B-CC70ABB3384C} <C:\WINDOWS\system32\IETool.dll, N/A>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[PowerPlr Control]
  {2354A44B-3CEB-4829-9940-545B03103538} <C:\WINDOWS\DOWNLO~1\PowerPlr.ocx, Powerise Digital>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>
[Rising Web Scan Object]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[PowerPlr Control]
  {2354A44B-3CEB-4829-9940-545B03103538} <C:\WINDOWS\DOWNLO~1\PowerPlr.ocx, Powerise Digital>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[RealPlayer RAM Download Handler]
  {2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[同花顺]
  {39852EFE-325B-45EF-9A60-3DBECD2DDDD5} <, N/A>
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, N/A>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <C:\Program Files\Thunder\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[PowerPlayer Control]
  {5EC7C511-CD0F-42E6-830C-1BD9882F3458} <C:\PROGRA~1\PPStream\POWERP~1.DLL, PPStream Inc.>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[WangWangObj Class]
  {6E213FC7-DD5A-4115-B7E6-D4C7838C361E} <C:\Program Files\Alisoft\WangWang\WangWangX4.dll, 阿里巴巴软件(上海)有限公司>
[Active Desktop Mover]
  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[RMGetLicense Class]
  {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[快捷工具条3.21]
  {BE830FD4-E393-417F-9F4B-CC70ABB3384C} <C:\WINDOWS\system32\IETool.dll, N/A>
[]
  {C2626E66-D21B-E628-C1DF-1DACCFA36ED2} <C:\Program Files\Common Files\fjOs0r.dll, N/A>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
  {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[Thunder Browser Helper]
  {F08555AF-9CC3-11D2-AA8E-000000000000} <C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[使用迅雷下载]
  <C:\Program Files\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <C:\Program Files\Thunder\Program\getallurl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
  <d:\Program Files\QQ2007\AddEmotion.htm, N/A>

==================================
正在运行的进程
[PID: 544 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 612 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 636 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 680 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\LYMANGR.DLL]  [N/A, ]
[PID: 692 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 848 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\jqyfouawow.dll]  [Microsoft Corporation, 5.1.2600.3099]
    [C:\WINDOWS\system32\HDDGuard.dll]  [N/A, ]
    [C:\WINDOWS\kiefncol.dll]  [N/A, ]
    [C:\WINDOWS\frhhusyk.dll]  [N/A, ]
    [C:\WINDOWS\system32\suerqd.dll]  [N/A, ]
[PID: 912 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1036 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1100 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1196 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1480 / Administrator][C:\WINDOWS\system32\userinit.exe]  [N/A, ]
    [C:\WINDOWS\system32\HDDGuard.dll]  [N/A, ]
[PID: 1504 / Administrator][C:\windows\explorer.exe]  [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
    [c:\documents and settings\administrator\application data\ppstream\bin\1.0.0.2\vodrc.dll]  [ppstream.com, 1.0.0.2]
    [C:\WINDOWS\system32\mndoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\fhdoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\qsdoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\qzdoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\qqdoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\qhdoor0.dll]  [N/A, ]
    [C:\WINDOWS\kfnrthoh.dll]  [N/A, ]
    [C:\WINDOWS\kiefncol.dll]  [N/A, ]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.16]
    [C:\WINDOWS\system32\nvshell.dll]  [, ]
    [C:\WINDOWS\system32\shlhook.dll]  [Beijing Rising Technology Co., Ltd., 4.0.0.9]
    [F:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [C:\WINDOWS\system32\HDDGuard.dll]  [N/A, ]
    [C:\WINDOWS\frhhusyk.dll]  [N/A, ]
    [C:\WINDOWS\system32\jqyfouawow.dll]  [Microsoft Corporation, 5.1.2600.3099]
    [C:\WINDOWS\system32\suerqd.dll]  [N/A, ]
[PID: 1588 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1996 / Administrator][C:\WINDOWS\system32\RUNDLL32.EXE]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\NvMcTray.dll]  [NVIDIA Corporation, 6.14.10.9136]
    [C:\WINDOWS\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.9136]
    [C:\WINDOWS\kiefncol.dll]  [N/A, ]
    [C:\WINDOWS\kfnrthoh.dll]  [N/A, ]
    [C:\WINDOWS\system32\HDDGuard.dll]  [N/A, ]
    [C:\WINDOWS\frhhusyk.dll]  [N/A, ]
    [C:\WINDOWS\system32\jqyfouawow.dll]  [Microsoft Corporation, 5.1.2600.3099]
    [C:\WINDOWS\system32\suerqd.dll]  [N/A, ]
[PID: 2004 / Administrator][C:\WINDOWS\Mixer.exe]  [C-Media Electronic Inc. (www.cmedia.com.tw), 1.58]
    [C:\WINDOWS\System32\cmnprop.dll]  [C-Media Corporation, 5.00.2195.12]
    [C:\WINDOWS\kiefncol.dll]  [N/A, ]
    [C:\WINDOWS\kfnrthoh.dll]  [N/A, ]
    [C:\WINDOWS\system32\HDDGuard.dll]  [N/A, ]
    [C:\WINDOWS\frhhusyk.dll]  [N/A, ]
    [C:\WINDOWS\system32\jqyfouawow.dll]  [Microsoft Corporation, 5.1.2600.3099]
    [C:\WINDOWS\system32\suerqd.dll]  [N/A, ]
[PID: 2036 / Administrator][F:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.19]
    [F:\Program Files\Rising\Rav\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [F:\Program Files\Rising\Rav\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 18]
    [F:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [F:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [F:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.5]
    [C:\WINDOWS\kiefncol.dll]  [N/A, ]
    [C:\WINDOWS\kfnrthoh.dll]  [N/A, ]
    [C:\WINDOWS\system32\HDDGuard.dll]  [N/A, ]
    [C:\WINDOWS\frhhusyk.dll]  [N/A, ]
    [C:\WINDOWS\system32\jqyfouawow.dll]  [Microsoft Corporation, 5.1.2600.3099]
    [C:\WINDOWS\system32\suerqd.dll]  [N/A, ]
[PID: 160 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\kiefncol.dll]  [N/A, ]
    [C:\WINDOWS\kfnrthoh.dll]  [N/A, ]
    [C:\WINDOWS\system32\HDDGuard.dll]  [N/A, ]
    [C:\WINDOWS\frhhusyk.dll]  [N/A, ]
    [C:\WINDOWS\system32\jqyfouawow.dll]  [Microsoft Corporation, 5.1.2600.3099]
    [C:\WINDOWS\system32\suerqd.dll]  [N/A, ]
[PID: 1364 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.9136]
    [C:\WINDOWS\system32\auhad.dll]  [N/A, ]
    [C:\WINDOWS\system32\gnolnait.dll]  [N/A, ]
    [C:\WINDOWS\system32\naixuhz.dll]  [N/A, ]
    [C:\WINDOWS\system32\naijihzeuyouhz.dll]  [N/A, ]
    [C:\WINDOWS\system32\xhtd.dll]  [N/A, ]
    [C:\WINDOWS\system32\nahzij.dll]  [N/A, ]
    [C:\WINDOWS\system32\ijougiemnaw.dll]  [N/A, ]
    [C:\WINDOWS\system32\iemnaw.dll]  [N/A, ]
    [C:\WINDOWS\system32\hjxr.dll]  [N/A, ]
    [C:\WINDOWS\system32\3auhad.dll]  [N/A, ]
    [C:\WINDOWS\system32\utgnehz.dll]  [N/A, ]
    [C:\WINDOWS\system32\oadnew.dll]  [N/A, ]
    [C:\WINDOWS\system32\vhqq.dll]  [N/A, ]
    [C:\WINDOWS\system32\duygnef.dll]  [N/A, ]
    [C:\WINDOWS\system32\sve.dll]  [N/A, ]
    [C:\WINDOWS\system32\tsqc.dll]  [N/A, ]
    [C:\WINDOWS\system32\knaixnauhuoyizqq.dll]  [N/A, ]
    [C:\WINDOWS\system32\kiluw.dll]  [N/A, ]
[PID: 808 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\auhad.dll]  [N/A, ]
    [C:\WINDOWS\System32\gnolnait.dll]  [N/A, ]
    [C:\WINDOWS\System32\naixuhz.dll]  [N/A, ]
    [C:\WINDOWS\System32\naijihzeuyouhz.dll]  [N/A, ]
    [C:\WINDOWS\System32\xhtd.dll]  [N/A, ]
    [C:\WINDOWS\System32\nahzij.dll]  [N/A, ]
    [C:\WINDOWS\System32\ijougiemnaw.dll]  [N/A, ]
    [C:\WINDOWS\System32\iemnaw.dll]  [N/A, ]
    [C:\WINDOWS\System32\hjxr.dll]  [N/A, ]
    [C:\WINDOWS\System32\3auhad.dll]  [N/A, ]
    [C:\WINDOWS\System32\utgnehz.dll]  [N/A, ]
    [C:\WINDOWS\System32\oadnew.dll]  [N/A, ]
    [C:\WINDOWS\System32\vhqq.dll]  [N/A, ]
    [C:\WINDOWS\System32\duygnef.dll]  [N/A, ]
    [C:\WINDOWS\System32\sve.dll]  [N/A, ]
    [C:\WINDOWS\System32\tsqc.dll]  [N/A, ]
    [C:\WINDOWS\System32\knaixnauhuoyizqq.dll]  [N/A, ]
    [C:\WINDOWS\System32\kiluw.dll]  [N/A, ]

[PID: 3964 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\documents and settings\administrator\application data\ppstream\bin\1.0.0.2\vodrc.dll]  [ppstream.com, 1.0.0.2]
    [C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.15]
    [C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 18]
    [C:\WINDOWS\kiefncol.dll]  [N/A, ]
    [C:\WINDOWS\kfnrthoh.dll]  [N/A, ]
    [C:\WINDOWS\system32\HDDGuard.dll]  [N/A, ]
    [C:\WINDOWS\frhhusyk.dll]  [N/A, ]
    [C:\WINDOWS\system32\jqyfouawow.dll]  [Microsoft Corporation, 5.1.2600.3099]
    [C:\WINDOWS\system32\suerqd.dll]  [N/A, ]
[PID: 3096 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\documents and settings\administrator\application data\ppstream\bin\1.0.0.2\vodrc.dll]  [ppstream.com, 1.0.0.2]
    [C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.15]
    [C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 18]
    [C:\WINDOWS\system32\HDDGuard.dll]  [N/A, ]
    [C:\WINDOWS\kiefncol.dll]  [N/A, ]
    [C:\WINDOWS\kfnrthoh.dll]  [N/A, ]
    [C:\WINDOWS\frhhusyk.dll]  [N/A, ]
    [C:\WINDOWS\system32\jqyfouawow.dll]  [Microsoft Corporation, 5.1.2600.3099]
    [C:\WINDOWS\system32\suerqd.dll]  [N/A, ]
[PID: 3856 / Administrator][C:\WINDOWS\frhhusyk.exe]  [N/A, ]
    [C:\WINDOWS\system32\auhad.dll]  [N/A, ]
    [C:\WINDOWS\system32\gnolnait.dll]  [N/A, ]
    [C:\WINDOWS\system32\naixuhz.dll]  [N/A, ]
    [C:\WINDOWS\system32\naijihzeuyouhz.dll]  [N/A, ]
    [C:\WINDOWS\system32\xhtd.dll]  [N/A, ]
    [C:\WINDOWS\system32\nahzij.dll]  [N/A, ]
    [C:\WINDOWS\system32\ijougiemnaw.dll]  [N/A, ]
    [C:\WINDOWS\system32\iemnaw.dll]  [N/A, ]
    [C:\WINDOWS\system32\hjxr.dll]  [N/A, ]
    [C:\WINDOWS\system32\3auhad.dll]  [N/A, ]
    [C:\WINDOWS\system32\utgnehz.dll]  [N/A, ]
    [C:\WINDOWS\system32\oadnew.dll]  [N/A, ]
    [C:\WINDOWS\system32\vhqq.dll]  [N/A, ]
    [C:\WINDOWS\system32\duygnef.dll]  [N/A, ]
    [C:\WINDOWS\system32\sve.dll]  [N/A, ]
    [C:\WINDOWS\system32\tsqc.dll]  [N/A, ]
    [C:\WINDOWS\system32\knaixnauhuoyizqq.dll]  [N/A, ]
    [C:\WINDOWS\system32\kiluw.dll]  [N/A, ]
    [C:\WINDOWS\frhhusyk.dll]  [N/A, ]
[PID: 4432 / Administrator][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\auhad.dll]  [N/A, ]
    [C:\WINDOWS\system32\gnolnait.dll]  [N/A, ]
    [C:\WINDOWS\system32\naixuhz.dll]  [N/A, ]
    [C:\WINDOWS\system32\naijihzeuyouhz.dll]  [N/A, ]
    [C:\WINDOWS\system32\xhtd.dll]  [N/A, ]
    [C:\WINDOWS\system32\nahzij.dll]  [N/A, ]
    [C:\WINDOWS\system32\ijougiemnaw.dll]  [N/A, ]
    [C:\WINDOWS\system32\iemnaw.dll]  [N/A, ]
    [C:\WINDOWS\system32\hjxr.dll]  [N/A, ]
    [C:\WINDOWS\system32\3auhad.dll]  [N/A, ]
    [C:\WINDOWS\system32\utgnehz.dll]  [N/A, ]
    [C:\WINDOWS\system32\oadnew.dll]  [N/A, ]
    [C:\WINDOWS\system32\vhqq.dll]  [N/A, ]
    [C:\WINDOWS\system32\duygnef.dll]  [N/A, ]
    [C:\WINDOWS\system32\sve.dll]  [N/A, ]
    [C:\WINDOWS\system32\tsqc.dll]  [N/A, ]
    [C:\WINDOWS\system32\knaixnauhuoyizqq.dll]  [N/A, ]
    [C:\WINDOWS\system32\kiluw.dll]  [N/A, ]
    [C:\WINDOWS\system32\jqyfouawow.dll]  [Microsoft Corporation, 5.1.2600.3099]
    [C:\WINDOWS\system32\suerqd.dll]  [N/A, ]
    [C:\WINDOWS\system32\HDDGuard.dll]  [N/A, ]
    [C:\WINDOWS\kiefncol.dll]  [N/A, ]
    [C:\WINDOWS\frhhusyk.dll]  [N/A, ]
[PID: 1536 / Administrator][f:\suspiciousfiles\srengps.exe]  [Smallfrogs Studio, 2.5.16.900]
    [C:\WINDOWS\system32\jqyfouawow.dll]  [Microsoft Corporation, 5.1.2600.3099]
    [C:\WINDOWS\system32\suerqd.dll]  [N/A, ]
    [C:\WINDOWS\system32\HDDGuard.dll]  [N/A, ]
    [C:\WINDOWS\kiefncol.dll]  [N/A, ]
    [C:\WINDOWS\frhhusyk.dll]  [N/A, ]
    [f:\suspiciousfiles\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
    [C:\WINDOWS\system32\mndoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\fhdoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\qhdoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\qqdoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\qzdoor0.dll]  [N/A, ]
    [C:\WINDOWS\system32\qsdoor0.dll]  [N/A, ]
[PID: 5572 / SYSTEM][C:\WINDOWS\system32\wuauclt.exe]  [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]

==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 636, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 3856, C:\WINDOWS\FRHHUSYK.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3856, C:\WINDOWS\FRHHUSYK.EXE]

==================================
API HOOK
入口点错误：CreateProcessW (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\suerqd.dll)

==================================
隐藏进程
N/A

==================================


[/CODE]