每次啟動打開5個ie窗口,任務管理器不能正常顯示? bbs.ikaka.com

gregory - 2008-11-25 11:27:00

以下是系統掃描日志:[code]2008-11-25,11:11:10
System Repair Engineer 2.6.12.1018
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 2 (Build 2600) - 管理許可權用戶 - 完整功能
以下內容被選中：
所有的啟動項目（包括註冊表、開機檔案夾、服務等）
流覽器載入項
正在運行的進程（包括進程模組資訊）
文件關聯
Winsock 提供者
Autorun.inf
HOSTS 文件
進程特權掃描

啟動專案
註冊表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><D:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Component Publisher]
<MSMSGS><"D:\Program Files\Messenger\msmsgs.exe" /background> [(Verified)Microsoft Windows Component Publisher]
<swg><D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe> [(Verified)Google Inc]
<Skype><"D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized> [(Verified)Skype Technologies SA]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Publisher]
<CJIMETIPSYNC><D:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync> [(Verified)Microsoft Corporation]
<PHIMETIPSYNC><D:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync> [(Verified)Microsoft Corporation]
<Cmaudio><RunDll32 cmicnfg.cpl,CMICtrlWnd> [N/A]
<igfxtray><D:\WINDOWS\system32\igfxtray.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<igfxhkcmd><D:\WINDOWS\system32\hkcmd.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<igfxpers><D:\WINDOWS\system32\igfxpers.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<SysExplr><D:\HEROSOFT\Hero3000\SYSEXPLR.EXE> []
<ISUSPM Startup><D:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup> [InstallShield Software Corporation]
<ISUSScheduler><"D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start> [InstallShield Software Corporation]
<RavTask><"D:\Program Files\Rising\Rav\RavTask.exe" -system> [(Verified)Beijing Rising Information Technology Corporation Limited]
<LogMeIn GUI><"D:\Program Files\LogMeIn\x86\LogMeInSystray.exe"> [(Verified)"LogMeIn, Inc."]
<Cobian Backup 9 interface><"D:\Program Files\Cobian Backup 9\cbInterface.exe" -service> [Luis Cobian]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><EXPLORER.EXE> [(Verified)Microsoft Windows Component Publisher]
<Userinit><D:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><D:\WINDOWS\system32\RavExt.dll> [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
<WinlogonNotify: igfxcui><igfxdev.dll> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
<WinlogonNotify: LMIinit><LMIinit.dll> [(Verified)"LogMeIn, Inc."]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection D:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Address Book 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<stup.exe><; Rundll32.exe D:\PROGRA~1\TENCENT\SSPlus\SPlus.dll,Rundll32 R> [File is missing]
==================================
開機檔案夾
[督昢奪燴]
<D:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\督昢奪燴.lnk --> D:\PROGRA~1\MICROS~4\80\Tools\Binn\sqlmangr.exe [Microsoft Corporation]><N>
==================================
服務
[Cobian Backup 9 服務 / CobianBackupAmanita][Running/Auto Start]
<D:\Program Files\Cobian Backup 9\cbService.exe><Luis Cobian>
[Google Updater Service / gusvc][Stopped/Manual Start]
<"D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<D:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[LogMeIn Maintenance Service / LMIMaint][Stopped/Disabled]
<"D:\Program Files\LogMeIn\x86\RaMaint.exe"><LogMeIn, Inc.>
[LogMeIn / LogMeIn][Stopped/Disabled]
<"D:\Program Files\LogMeIn\x86\LogMeIn.exe"><LogMeIn, Inc.>
[MSSQLSERVER / MSSQLSERVER][Running/Auto Start]
<D:\PROGRA~1\MICROS~4\MSSQL\binn\sqlservr.exe><Microsoft Corporation>
[MSSQLServerADHelper / MSSQLServerADHelper][Stopped/Manual Start]
<D:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe><Microsoft Corporation>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"D:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Information Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
<"D:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Information Technology Co., Ltd.>
[SQLSERVERAGENT / SQLSERVERAGENT][Stopped/Manual Start]
<D:\PROGRA~1\MICROS~4\MSSQL\binn\sqlagent.exe><Microsoft Corporation>
==================================
驅動程式
[C-Media WDM Audio Interface / cmuda][Running/Manual Start]
<system32\drivers\cmuda.sys><C-Media Inc>
[Hamachi Network Interface / hamachi][Stopped/Manual Start]
<system32\DRIVERS\hamachi.sys><LogMeIn, Inc.>
[HookCont / HookCont][Running/System Start]
<\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Information Technology Co., Ltd.>
[HookNtos / HookNtos][Running/System Start]
<\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Information Technology Co., Ltd.>
[HookReg / HookReg][Running/System Start]
<\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Information Technology Co., Ltd.>
[HookSys / HookSys][Running/System Start]
<\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Information Technology Co., Ltd.>
[ialm / ialm][Running/Manual Start]
<system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[LogMeIn Kernel Information Provider / LMIInfo][Running/Auto Start]
<\??\D:\Program Files\LogMeIn\x86\RaInfo.sys><LogMeIn, Inc.>
[lmimirr / lmimirr][Running/Manual Start]
<system32\DRIVERS\lmimirr.sys><LogMeIn, Inc.>
[LogMeIn Remote File System Driver / LMIRfsDriver][Running/Auto Start]
<\??\D:\WINDOWS\system32\drivers\LMIRfsDriver.sys><LogMeIn, Inc.>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\E:\0\0\npkcrypt.sys><INCA Internet Co., Ltd.>
[Padus ASPI Shell / pfc][Running/Manual Start]
<system32\drivers\pfc.sys><Padus, Inc.>
[直接平行連接埠連結驅動程式 / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Stopped/Boot Start]
<\SystemRoot\system32\drivers\RsBoot.sys><N/A>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Information Technology Co., Ltd.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
==================================

用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; User-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; http://bsalsa.com) )

gregory - 2008-11-25 11:30:00

流覽器載入項
[Yodao Toolbar Helper]
{6516E5BB-1186-4E2B-B8B8-2DC0E35AB1FA} <D:\Program Files\Yodao\Toolbar\ydtbv1.01\YodaoToolbar.dll, (Signed) 网易公司>
[Google Toolbar Helper]
{AA58ED58-01DD-4d91-8333-CF10577473F7} <d:\program files\google\googletoolbar2.dll, (Signed) Google Inc.>
[Google Toolbar Notifier BHO]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <D:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll, (Signed) Google Inc.>
[hero player]
{367E0A21-8601-4986-9C9A-153BF5ACA118} <D:\HEROSOFT\Hero3000\MPLAYER.EXE, N/A>
[參考資料(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, (Signed) Microsoft Corporation>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <E:\0\0\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <E:\0\0\QQIEHelper.dll, 深圳市???算机系?有限公司>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <D:\Program Files\Messenger\msmsgs.exe, (Signed) Microsoft Corporation>
[衄耋馱撿戲]
{7B434A2A-9E4C-48F2-8373-5801F316A4D5} <D:\Program Files\Yodao\Toolbar\ydtbv1.01\YodaoToolbar.dll, (Signed) 网易公司>
[&Google]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <d:\program files\google\googletoolbar2.dll, (Signed) Google Inc.>
[]
{00000162-9980-0010-8000-00AA00389B71} <, >
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <D:\WINDOWS\system32\LegitCheckControl.DLL, (Signed) Microsoft Corporation>
[ScreenCapture Class]
{BFB79EE1-04AE-4D4A-B85E-27EE5F30C095} <D:\WINDOWS\system32\TXGYMailActiveX.dll, (Signed) Tencent Inc.>
[Google Script Object]
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <d:\program files\google\googletoolbar2.dll, (Signed) Google Inc.>
[]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <, >
[]
{1345F3CB-7C40-41C2-9AC2-87CF8B68E34E} <, >
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <D:\WINDOWS\system32\LegitCheckControl.DLL, (Signed) Microsoft Corporation>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <D:\WINDOWS\system32\wmpdxm.dll, (Signed) Microsoft Corporation>
[&Google]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <d:\program files\google\googletoolbar2.dll, (Signed) Google Inc.>
[PhotoDraw Class]
{2375BEE5-F175-4F1C-81EC-8E4E2E72E2DD} <D:\Program Files\Tencent\QQ\Qzone\QQPhotoDraw.dll, N/A>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, (Signed) N/A>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <D:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, (Signed) Microsoft Corporation>
[]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <, >
[]
{367E0A21-8601-4986-9C9A-153BF5ACA118} <, >
[IETag Factory]
{38481807-CA0E-42D2-BF39-B33AF135CC4D} <D:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, (Signed) Microsoft Corporation>
[Microsoft Office Control]
{4453D895-F2A1-4A38-A285-1EF9BD3F6D5D} <D:\PROGRA~1\MICROS~2\OFFICE11\AUTHZAX.DLL, (Signed) Microsoft Corporation>
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[HHCtrl Object]
{52A2AAAE-085D-4187-97EA-8C30DB990436} <D:\WINDOWS\system32\hhctrl.ocx, (Signed) Microsoft Corporation>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A>
[Yodao Toolbar Helper]
{6516E5BB-1186-4E2B-B8B8-2DC0E35AB1FA} <D:\Program Files\Yodao\Toolbar\ydtbv1.01\YodaoToolbar.dll, (Signed) 网易公司>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <D:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[Active Desktop Mover]
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, (Signed) N/A>
[衄耋馱撿戲]
{7B434A2A-9E4C-48F2-8373-5801F316A4D5} <D:\Program Files\Yodao\Toolbar\ydtbv1.01\YodaoToolbar.dll, (Signed) 网易公司>
[Microsoft Web Browser]
{8856F961-340A-11D0-A96B-00C04FD705A2} <D:\WINDOWS\system32\shdocvw.dll, (Signed) Microsoft Corporation>
[]
{8CF6E9E0-4FC0-48F6-A744-800A09D79D6B} <, >
[]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <, >
[Google Toolbar Helper]
{AA58ED58-01DD-4D91-8333-CF10577473F7} <d:\program files\google\googletoolbar2.dll, (Signed) Google Inc.>
[Google Toolbar Notifier BHO]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <D:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll, (Signed) Google Inc.>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A>
[Messenger Object]
{B69003B3-C55E-4B48-836C-BC5946FC3B28} <D:\Program Files\Messenger\msgsc.dll, (Signed) Microsoft Corporation>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <D:\Program Files\Common Files\System\msadc\msadco.dll, (Signed) Microsoft Corporation>
[]
{C95FE080-8F5D-11D2-A20B-00AA003C157B} <, >
[VIDEO__X_MS_ASF Moniker Class]
{CD3AFA8F-B84F-48F0-9393-7EDC34128127} <D:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <D:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <D:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, (Signed) Adobe Systems, Inc.>
[]
{D6E814A0-E0C5-11D4-8D29-0050BA6940E3} <, >
[]
{DEDEB80D-FA35-45D9-9460-4983E5A8AFE6} <, >
[]
{F156768E-81EF-470C-9057-481BA8380DBA} <, >
[]
{F3E70CEA-956E-49CC-B444-73AFE593AD7F} <, >
[]
{F90D830D-C175-4bbe-82C7-FF94669A4C42} <, >
[]
{FB5DA724-162B-11D3-8B9B-AA70B4B0B524} <, >
[]
{FB5F1910-F110-11D2-BB9E-00C04F795683} <, >
[&Yodao搜索]
<res://D:\Program Files\Yodao\Toolbar\ydtbv1.01\YodaoToolbar.dll/158.htm, N/A>
[Heroplayer Online]
<D:\HEROSOFT\Hero3000\MPURLGET.HTM, N/A>
[上傳到QQ網路硬碟]
<E:\0\0\AddToNetDisk.htm, N/A>
[匯出至 Microsoft Office Excel(&X)]
<res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[新增到QQ自定義面板]
<E:\0\0\AddPanel.htm, N/A>
[新增到QQ表情]
<E:\0\0\AddEmotion.htm, N/A>
[添加到QQ自定義面板]
<E:\0\0\AddPanel.htm, N/A>
[添加到QQ表情]
<E:\0\0\AddEmotion.htm, N/A>
[用QQ MMS傳送該圖片]
<E:\0\0\SendMMS.htm, N/A>
[用QQ彩信發送該圖片]
<E:\0\0\SendMMS.htm, N/A>
==================================

gregory - 2008-11-25 11:31:00

正在運行的進程
[PID: 460 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 524 / SYSTEM][\??\D:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 548 / SYSTEM][\??\D:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system32\LMIinit.dll] [LogMeIn, Inc., 4.0.734]
[D:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 592 / SYSTEM][D:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 604 / SYSTEM][D:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 756 / SYSTEM][D:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 800 / NETWORK SERVICE][D:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 864 / SYSTEM][D:\Program Files\Rising\Rav\CCenter.exe] [Beijing Rising Information Technology Co., Ltd., 20.0.0.33]
[PID: 884 / SYSTEM][D:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 932 / NETWORK SERVICE][D:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1056 / LOCAL SERVICE][D:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1132 / SYSTEM][D:\PROGRAM FILES\RISING\RAV\ravmond.exe] [Beijing Rising Information Technology Co., Ltd., 20.0.0.80]
[D:\PROGRAM FILES\RISING\RAV\BWList.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.5]
[D:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[D:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[D:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[D:\PROGRAM FILES\RISING\RAV\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.1]
[D:\PROGRAM FILES\RISING\RAV\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.19]
[D:\PROGRAM FILES\RISING\RAV\RsLog.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.36]
[D:\PROGRAM FILES\RISING\RAV\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[D:\PROGRAM FILES\RISING\RAV\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[D:\PROGRAM FILES\RISING\RAV\MonRule.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.29]
[D:\PROGRAM FILES\RISING\RAV\Hooksys.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 12]
[D:\PROGRAM FILES\RISING\RAV\HookReg.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6]
[D:\PROGRAM FILES\RISING\RAV\HookNtos.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5]
[D:\PROGRAM FILES\RISING\RAV\rswalmon.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 24]
[D:\PROGRAM FILES\RISING\RAV\recomp.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 41]
[D:\PROGRAM FILES\RISING\RAV\refs.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18]
[D:\PROGRAM FILES\RISING\RAV\ffr.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
[D:\Program Files\Rising\Rav\RsStore.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.9]
[D:\PROGRAM FILES\RISING\RAV\HookCont.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3]
[D:\Program Files\Rising\Rav\fakescan.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.14]
[D:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.39]
[D:\PROGRAM FILES\RISING\RAV\viruslib.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27]
[D:\PROGRAM FILES\RISING\RAV\relibldr.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
[D:\PROGRAM FILES\RISING\RAV\HookWeb.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.3]
[D:\PROGRAM FILES\RISING\RAV\extfile.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 32]
[D:\PROGRAM FILES\RISING\RAV\pearc.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 8]
[D:\PROGRAM FILES\RISING\RAV\nvfile.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 7]
[D:\PROGRAM FILES\RISING\RAV\scanexec.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 22]
[D:\PROGRAM FILES\RISING\RAV\unexe.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 6]
[D:\PROGRAM FILES\RISING\RAV\scanex.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 99]
[D:\PROGRAM FILES\RISING\RAV\scanpack.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10]
[D:\PROGRAM FILES\RISING\RAV\revm.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 11]
[D:\PROGRAM FILES\RISING\RAV\urutils.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 7]
[D:\PROGRAM FILES\RISING\RAV\ur000.dat] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 22]
[D:\PROGRAM FILES\RISING\RAV\scansct.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 11]
[D:\PROGRAM FILES\RISING\RAV\extmail.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10]
[PID: 1372 / SYSTEM][D:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[D:\WINDOWS\system32\LMIport.dll] [LogMeIn, Inc., 0.2.0.0]
[D:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.1897.0]
[D:\WINDOWS\System32\spool\PRTPROCS\W32X86\LMIproc.dll] [LogMeIn, Inc., 0.3.0.0]
[D:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.1897.0]
[PID: 1528 / SYSTEM][D:\PROGRAM FILES\RISING\RAV\RavStub.exe] [Beijing Rising Information Technology Co., Ltd., 20.0.0.10]
[D:\PROGRAM FILES\RISING\RAV\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[D:\PROGRAM FILES\RISING\RAV\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[D:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
[PID: 1796 / sc001][D:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
[D:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[D:\WINDOWS\system32\LMIRfsClientNP.dll] [LogMeIn, Inc., 2.1.3.0]
[D:\WINDOWS\system32\RavExt.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.18]
[PID: 1944 / sc001][D:\PROGRAM FILES\RISING\RAV\RavMon.exe] [Beijing Rising Information Technology Co., Ltd., 20.0.01.27]
[D:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[D:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[D:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[D:\PROGRAM FILES\RISING\RAV\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[D:\PROGRAM FILES\RISING\RAV\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[D:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
[D:\PROGRAM FILES\RISING\RAV\recomp.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 41]
[D:\PROGRAM FILES\RISING\RAV\refs.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18]
[D:\PROGRAM FILES\RISING\RAV\viruslib.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27]
[D:\PROGRAM FILES\RISING\RAV\relibldr.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
[D:\PROGRAM FILES\RISING\RAV\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.1]
[D:\PROGRAM FILES\RISING\RAV\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.19]
[D:\PROGRAM FILES\RISING\RAV\MonRule.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.29]
[D:\PROGRAM FILES\RISING\RAV\PngDll.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5]
[D:\PROGRAM FILES\RISING\RAV\Rsguilib.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 90]
[D:\PROGRAM FILES\RISING\RAV\RsXML.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2]
[PID: 2020 / sc001][D:\WINDOWS\system32\RunDll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\WINDOWS\system\cmicnfg.cpl] [C-Media Corporation, 1, 0, 41, 16]
[D:\WINDOWS\System32\udaprop.dll] [C-Media Corporation, 1.0.2.2]
[D:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 192 / SYSTEM][D:\Program Files\Cobian Backup 9\cbService.exe] [Luis Cobian, 9.1.1.176]
[D:\Program Files\Cobian Backup 9\cbEngine.dll] [Luis Cobian, 9.1.1.238]
[D:\Program Files\Cobian Backup 9\cbNTSecW.dll] [Luis Cobian, 9.1.1.194]
[PID: 196 / sc001][D:\WINDOWS\system32\hkcmd.exe] [Intel Corporation, 3.0.0.4396]
[D:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3.0.0.4396]
[D:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.4396]
[D:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 3.0.0.4396]
[PID: 180 / sc001][D:\WINDOWS\system32\igfxpers.exe] [Intel Corporation, 3.0.0.4396]
[D:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.4396]
[PID: 212 / sc001][D:\HEROSOFT\Hero3000\SYSEXPLR.EXE] [N/A, ]
[D:\HEROSOFT\Hero3000\AVCDROM.dll] [N/A, ]
[D:\HEROSOFT\Hero3000\CoolMenu.dll] [N/A, ]
[PID: 240 / sc001][D:\Program Files\Common Files\InstallShield\UpdateService\issch.exe] [InstallShield Software Corporation, 3, 00, 100, 1161]
[PID: 248 / sc001][D:\Program Files\Rising\Rav\RavTask.exe] [Beijing Rising Information Technology Co., Ltd., 20.0.0.24]
[D:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[D:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[D:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
[D:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Information Technology Co., Ltd., 20.0.0.1]
[D:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 20.0.0.19]
[PID: 252 / sc001][D:\Program Files\LogMeIn\x86\LogMeInSystray.exe] [LogMeIn, Inc., 3.0.596]
[D:\Program Files\LogMeIn\x86\LogMeInSystray.dll] [LogMeIn, Inc., 4.0.734]
[D:\Program Files\LogMeIn\x86\rntfywnd.dll] [LogMeIn, Inc., 4.0.734]
[PID: 264 / sc001][D:\Program Files\Cobian Backup 9\cbInterface.exe] [Luis Cobian, 9.1.1.178]
[PID: 304 / sc001][D:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 368 / sc001][D:\Program Files\Messenger\msmsgs.exe] [Microsoft Corporation, 4.7.3001]
[PID: 380 / sc001][D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] [Google Inc., 2, 0, 301, 1654]
[D:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\gtn.dll] [Google Inc., 3, 1, 807, 1746]
[D:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll] [Google Inc., 3, 1, 807, 1746]
[PID: 400 / sc001][D:\Program Files\Skype\Phone\Skype.exe] [Skype Technologies S.A., 3.8.4.44]
[D:\Program Files\Skype\Phone\skmsg.dll] [TOM Online Inc., 1, 0, 0, 2]
[D:\Program Files\Skype\Phone\sktransfer.dll] [, 1, 0, 0, 3]
[D:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[D:\WINDOWS\system32\msdmo.dll] [, ]
[D:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5]
[D:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx] [Adobe Systems, Inc., 9,0,115,0]
[PID: 484 / sc001][D:\Program Files\LogMeIn\x86\LMIGuardian.exe] [LogMeIn, Inc., 8.0.734]
[D:\Program Files\LogMeIn\x86\LMIGuardianDll.dll] [LogMeIn, Inc., 8.0.734]
[PID: 1016 / sc001][D:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe] [Microsoft Corporation, 2000.080.0194.00]
[D:\Program Files\Microsoft SQL Server\80\Tools\Binn\W95SCM.dll] [Microsoft Corporation, 2000.080.0194.00]
[D:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLSVC.dll] [Microsoft Corporation, 2000.080.0194.00]
[D:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLRESLD.dll] [Microsoft Corporation, 2000.080.0194.00]
[D:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\1033\SQLSVC.RLL] [Microsoft Corporation, 2000.080.0194.00]
[D:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\1033\sqlmangr.RLL] [Microsoft Corporation, 2000.080.0194.00]
[PID: 1120 / SYSTEM][D:\PROGRA~1\MICROS~4\MSSQL\binn\sqlservr.exe] [Microsoft Corporation, 2000.080.0194.00]
[D:\PROGRA~1\MICROS~4\MSSQL\binn\OPENDS60.DLL] [Microsoft Corporation, 2000.080.0194.00]
[D:\PROGRA~1\MICROS~4\MSSQL\binn\UMS.DLL] [Microsoft Corporation, 2000.080.0194.00]
[D:\PROGRA~1\MICROS~4\MSSQL\binn\SQLSORT.DLL] [Microsoft Corporation, 2000.080.0194.00]
[D:\PROGRA~1\MICROS~4\MSSQL\binn\Resources\1033\sqlevn70.RLL] [Microsoft Corporation, 2000.080.0194.00]
[D:\PROGRA~1\MICROS~4\MSSQL\binn\SSNETLIB.dll] [Microsoft Corporation, 2000.080.0194.00]
[D:\PROGRA~1\MICROS~4\MSSQL\binn\SSNMPN70.dll] [Microsoft Corporation, 2000.080.0194.00]
[D:\PROGRA~1\MICROS~4\MSSQL\binn\SSmsLPCn.dll] [Microsoft Corporation, 2000.080.0194.00]
[PID: 2180 / SYSTEM][D:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2212 / LOCAL SERVICE][D:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 2720 / LOCAL SERVICE][D:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 288 / SYSTEM][D:\WINDOWS\system32\wuauclt.exe] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[PID: 3376 / sc001][J:\tools\sreng2\SREngLdr.EXE] [Smallfrogs Studio, 2.6.12.1018]
[PID: 3396 / sc001][J:\tools\sreng2\SRE2b8d85b4.EXE] [Smallfrogs Studio, 2.6.12.1018]
[J:\tools\sreng2\Lang\1028.DLL] [System Repair Engineer, 2.6.12.1018]
[J:\tools\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
==================================
文件關聯
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["D:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS Error. [HeroVideo]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1 localhost
==================================
進程特權掃描
特殊特權被允許： SeLoadDriverPrivilege [PID = 264, D:\PROGRAM FILES\COBIAN BACKUP 9\CBINTERFACE.EXE]
特殊特權被允許： SeLoadDriverPrivilege [PID = 1016, D:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\SQLMANGR.EXE]
特殊特權被允許： SeLoadDriverPrivilege [PID = 3376, J:\TOOLS\SRENG2\SRENGLDR.EXE]
==================================
API HOOK
N/A
==================================
隱藏進程
N/A
==================================[/code]

瑞星卡卡安全论坛