瑞星打不开.了 bbs.ikaka.com

1beiziaijin - 2009-9-17 3:14:00

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Component Publisher]
<KavPFW><"C:\Program Files\Kingsoft\Kingsoft Internet Security\KPFW32.EXE" -startup> [(Verified)"Zhuhai Kingsoft Software Co.,Ltd"]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<RavTray><"C:\Program Files\Rising\Rav\RsTray.exe" -system> [(Verified)Beijing Rising Information Technology Corporation Limited]
<KavStart><"C:\Program Files\Kingsoft\Kingsoft Internet Security\KAVStart.exe" -startup> [(Verified)"Zhuhai Kingsoft Software Co.,Ltd"]
<SrLoader><C:\Program Files\Super Rabbit\MagicSet\SrLoader.exe> [(Verified)"Beijing Gigabit Times Technology Co., Ltd"]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<ccsnhh><rundll32.exe C:\WINDOWS\system32\mywcc090118.dll bgdll> [File is missing]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Infected) Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{B7D59563-AD35-4D2B-B174-7A61A0BC829B}><C:\WINDOWS\system32\3a5XTcKYzK7KZcrfRE.inf> [File is missing]
<{CD478099-014D-4B3A-A4BB-B518F1019BC7}><C:\WINDOWS\system32\SCEVFJRCmaB7.dll> [File is missing]
<{704C3595-DB85-40F6-A601-8D6F346907BD}><C:\WINDOWS\system32\704C3595.dll> [File is missing]
<{51716C09-6B08-4CCF-B526-718E912C0573}><C:\WINDOWS\system32\PERrGx5DkqSbQdwauCRQH.dll> [File is missing]
<{8708994F-1758-4C2C-9A3F-FA22D6CCCB41}><C:\WINDOWS\fonts\A97CRaCB.fon> [File is missing]
<{5405A7B2-F3F5-446F-8715-2A4EF674E079}><C:\WINDOWS\system32\rfpz9wwyy2np.dll> [File is missing]
<{610B6886-2A1A-475A-A842-65A613C70460}><C:\WINDOWS\system32\SrNRKs5F7Rkv9hp.inf> [File is missing]
<{129067F2-E20A-4D14-8F30-FC3968B9C028}><C:\WINDOWS\Tasks\ybmux4Mu6FUnQJEHWu.inf> [File is missing]
<{23DA65D2-C696-4EE4-BEE8-B4841DEC3E30}><C:\WINDOWS\system32\ndxq9awMc.dll> [File is missing]
<{08223B03-1B38-4A33-A83A-A4D3CC1D6E4E}><C:\WINDOWS\system32\08223B03.dll> [File is missing]
<{2EF0D734-21FD-4225-A1A2-BCD296182AAF}><C:\WINDOWS\system32\2EF0D734.dll> [File is missing]
<{76CBCF38-0583-44C7-A1AE-D463DFE625EC}><C:\WINDOWS\system32\skcfujQ5EDN.dll> [File is missing]
<{5B0C7E2C-3257-4619-8282-A173017B16E2}><C:\WINDOWS\Downloaded Program

1beiziaijin - 2009-9-17 3:14:00

Files\qvSPdARs5PQNKAzvezTuPcs.cur> [File is missing]
<{7488E47D-E8F3-41C0-B2DA-9B2BD8803A80}><C:\WINDOWS\Tasks\EfEPEaD4ZpVMUXrDbS.inf> [File is missing]
<{87DE8A1A-96C5-4420-B222-EF998F697CE7}><C:\WINDOWS\system32\2exJW3dsaTgWrf5uAPadmHN.dll> [File is missing]
<{36AC68E6-0C26-4D39-B98E-54B49DAB6BAA}><C:\WINDOWS\system32\dhDhwS7fFW.dll> [File is missing]
<{1C0D6505-4198-4783-82F4-C6683FF6C4EF}><C:\WINDOWS\Tasks\CxsxepuZefXkXcNY8h.inf> [File is missing]
<{93DA1E7D-7C46-4F90-8674-EC90511FCA72}><C:\WINDOWS\system32\CDuAUVkGy9.dll> [File is missing]
<{CE38B9E6-AF0C-4B93-AFAB-A20C2311FFD0}><C:\WINDOWS\system32\X5T4kV8DNmMbdRXAUx82K.inf> [File is missing]
<{23784612-5FEC-4E07-97FD-D5B5954A4236}><C:\WINDOWS\system32\tfVH2v7ehQBEprqtNm.inf> [File is missing]
<{E16EA4C8-040B-4A12-A0F5-783963AD665D}><C:\WINDOWS\system32\P6VyQtQJUYa3rFan7J.inf> [File is missing]
<{1719B301-B494-4185-9379-242461F9CF02}><C:\WINDOWS\system32\BtmBAnd89jc9PsPq5EKNj.inf> [File is missing]
<{B9D0F4D7-C809-4C27-9CB4-63201DFB3D05}><C:\WINDOWS\Tasks\c2nH4numz9knY5zqnC.inf> [File is missing]
<{41D2953A-CB90-485A-8673-6975088309F7}><C:\WINDOWS\system32\fRWSJda7RbSuR3jFSmMBy.inf> [File is missing]
<{C1B34818-3883-4A0A-9665-189A8A39EAB0}><C:\WINDOWS\system32\B4yNKrEEhEerKFeeA4.inf> [File is missing]
<{72236771-3891-46BF-B185-1D816A09333F}><C:\WINDOWS\system32\CRZfQurd2g58gXVgHSDbNhU.inf> [File is missing]
<{E3531A16-FFEA-416F-82DF-32FEDE02EABF}><C:\WINDOWS\system32\emHnPuBAaF7XjuXBbdxSg.dll> [File is missing]
<{076FB645-17A5-4DE6-B23E-C90FAB741CB0}><C:\WINDOWS\system32\K7zkXuSVDPKyz63k3V.inf> [File is missing]
<{737858A9-9AEA-4838-9B49-54DA731F7F37}><C:\WINDOWS\system32\BMsg6pdMD4ht.dll> [File is missing]
<{66D2E7CF-582B-4146-85B3-93224CB76DC9}><C:\WINDOWS\Tasks\K6xzVUK4MRGJBPE76F.inf> [File is missing]
<{122B901E-493F-4AD9-BC69-7DE8C3E52FCC}><C:\WINDOWS\system32\122B901E.dll> [File is missing]
<{4894F5C2-169D-4DAC-A982-444B9BDB3AC4}><C:\WINDOWS\Downloaded Program Files\UYTbcaZtxE23MEzKGQ.cur> [File is missing]
<{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<PostBootReminder><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]

1beiziaijin - 2009-9-17 3:14:00

<CDBurn><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
<WebCheck><%SystemRoot%\system32\webcheck.dll> [(Verified)Microsoft Windows Component Publisher]
<SysTray><C:\WINDOWS\system32\stobject.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
<WinlogonNotify: crypt32chain><crypt32.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
<WinlogonNotify: cryptnet><cryptnet.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
<WinlogonNotify: cscdll><cscdll.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
<WinlogonNotify: dimsntfy><%SystemRoot%\System32\dimsntfy.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
<WinlogonNotify: ScCertProp><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
<WinlogonNotify: Schedule><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
<WinlogonNotify: sclgntfy><sclgntfy.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
<WinlogonNotify: SensLogn><WlNotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
<WinlogonNotify: termsrv><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
<WinlogonNotify: wlballoon><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
<Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
<浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection

1beiziaijin - 2009-9-17 3:14:00

C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
<Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
<Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360hotfix.exe]
<IFEO[360hotfix.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safebox.exe]
<IFEO[360safebox.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\apvxdwin.exe]
<IFEO[apvxdwin.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ast.exe]
<IFEO[ast.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe]
<IFEO[avcenter.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avengine.exe]
<IFEO[avengine.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe]
<IFEO[avgnt.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.exe]
<IFEO[avguard.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avltmain.exe]
<IFEO[avltmain.exe]><ntsd -d> [N/A]

1beiziaijin - 2009-9-17 3:15:00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp32.exe]
<IFEO[avp32.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avtask.exe]
<IFEO[avtask.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdagent.exe]
<IFEO[bdagent.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdwizreg.exe]
<IFEO[bdwizreg.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boxmod.exe]
<IFEO[boxmod.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccapp.exe]
<IFEO[ccapp.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccevtmgr.exe]
<IFEO[ccevtmgr.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccregvfy.exe]
<IFEO[ccregvfy.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccsetmgr.exe]
<IFEO[ccsetmgr.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cqw32.exe]
<IFEO[cqw32.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DrvAnti.exe]
<IFEO[DrvAnti.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe]
<IFEO[egui.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe]
<IFEO[ekrn.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\enc98.EXE]
<IFEO[enc98.EXE]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\extdb.exe]
<IFEO[extdb.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\frameworkservice.exe]
<IFEO[frameworkservice.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\frwstub.exe]
<IFEO[frwstub.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardfield.exe]
<IFEO[guardfield.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kaccore.exe]
<IFEO[kaccore.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavsvc.exe]
<IFEO[kavsvc.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavsvcui.exe]
<IFEO[kavsvcui.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\knownsvr.exe]
<IFEO[knownsvr.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvfw.exe]
<IFEO[kvfw.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvmonxp.exe]
<IFEO[kvmonxp.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvmonxp.kxp]
<IFEO[kvmonxp.kxp]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvprescan.exe]
<IFEO[kvprescan.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvxp.kxp]
<IFEO[kvxp.kxp]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\livesrv.exe]
<IFEO[livesrv.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcagent.exe]
<IFEO[mcagent.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcdash.exe]
<IFEO[mcdash.exe]><ntsd -d> [N/A]

1beiziaijin - 2009-9-17 3:15:00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcdetect.exe]
<IFEO[mcdetect.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshield.exe]
<IFEO[mcshield.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mctskshd.exe]
<IFEO[mctskshd.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsescn.exe]
<IFEO[mcvsescn.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcvsshld.exe]
<IFEO[mcvsshld.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mghtml.exe]
<IFEO[mghtml.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\naprdmgr.exe]
<IFEO[naprdmgr.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapsvc.exe]
<IFEO[navapsvc.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapw32.exe]
<IFEO[navapw32.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.exe]
<IFEO[navw32.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nmain.exe]
<IFEO[nmain.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe]
<IFEO[nod32.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\npfmntor.exe]
<IFEO[npfmntor.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\oasclnt.exe]
<IFEO[oasclnt.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pavsrv51.exe]
<IFEO[pavsrv51.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psctrls.exe]
<IFEO[psctrls.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psimreal.exe]
<IFEO[psimreal.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\psimsvc.exe]
<IFEO[psimsvc.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qqdoctormain.exe]
<IFEO[qqdoctormain.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rsmain.exe]
<IFEO[rsmain.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rsnetsvr.exe]
<IFEO[rsnetsvr.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rssafety.exe]
<IFEO[rssafety.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstray.exe]
<IFEO[rstray.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safebank.exe]
<IFEO[safebank.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeboxtray.exe]
<IFEO[safeboxtray.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scanfrm.exe]
<IFEO[scanfrm.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sched.exe]
<IFEO[sched.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution

1beiziaijin - 2009-9-17 3:15:00

Options\seccenter.exe]
<IFEO[seccenter.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\secnotifier.exe]
<IFEO[secnotifier.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SetupLD.exe]
<IFEO[SetupLD.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shstat.exe]
<IFEO[shstat.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sndsrvc.exe]
<IFEO[sndsrvc.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spbbcsvc.exe]
<IFEO[spbbcsvc.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tbmon.exe]
<IFEO[tbmon.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ulibcfg.exe]
<IFEO[ulibcfg.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\updaterui.exe]
<IFEO[updaterui.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\uplive.exe]
<IFEO[uplive.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vcr32.exe]
<IFEO[vcr32.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vcrmon.exe]
<IFEO[vcrmon.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vptray.exe]
<IFEO[vptray.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe]
<IFEO[vsserv.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vstskmgr.exe]
<IFEO[vstskmgr.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webproxy.exe]
<IFEO[webproxy.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xcommsvr.exe]
<IFEO[xcommsvr.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xnlscn.exe]
<IFEO[xnlscn.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\修复工具.]
<IFEO[修复工具.]><ntsd -d> [N/A]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\WINDOWS\system32\ssmypics.scr> [(Verified)Microsoft Windows Component Publisher]

==================================
启动文件夹
N/A

==================================
服务
[6to4 / 6to4][Stopped/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\6to4.dll><N/A>
[Contrl Center of Storm Media / ccosm][Stopped/Disabled]
<C:\Program Files\StormII\stormliv.exe /asservice><北京暴风网际科技有限公司>
[HID Input Service / HidServ][Stopped/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Kingsoft Internet Security Common Service / KISSvc][Stopped/Auto Start]
<C:\Program Files\Kingsoft\Kingsoft Internet Security\KISSvc.EXE><Kingsoft Corporation>
[Kingsoft Personal Firewall Service / KPfwSvc][Stopped/Auto Start]
<"C:\Program Files\Kingsoft\Kingsoft Internet Security\KPfwSvc.EXE"><Kingsoft Corporation>
[Kingsoft Antivirus KWatch Service / KWatchSvc][Stopped/Auto Start]
<"C:\Program Files\Kingsoft\Kingsoft Internet Security\KWatch.EXE"><Kingsoft Corporation>
[Rav Process Communication Center / RavCCenter][Stopped/Auto Start]
<C:\Program Files\Rising\Rav\CCENTER.EXE><Beijing Rising Information Technology Co., Ltd.>
[Rising RavTask Manager / RavTask][Stopped/Auto Start]
<"C:\Program Files\Rising\Rav\RavTask.exe" RavTask><Beijing Rising Information Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
<C:\Program Files\Rising\Rav\RavMonD.exe><Beijing Rising Information Technology Co., Ltd.>
[Rising Scan Service / RsScanSrv][Stopped/Auto Start]
<C:\Program Files\Rising\Rav\ScanFrm.exe><Beijing Rising Information Technology Co., Ltd.>

==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
<system32\drivers\ac97intc.sys><Intel Corporation>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AmdK8 Compatible Device / AmdK8][Stopped/Manual Start]
<System32\drivers\amdk8.sys><Advanced Micro Devices>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>

1beiziaijin - 2009-9-17 3:15:00

[cpuz131 / cpuz131][Running/Manual Start]
<\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cpuz131\cpuz_x32.sys><N/A>
[Dritek Keyboard Filter Driver / DKbFltr][Running/Manual Start]
<system32\DRIVERS\DKbFltr.sys><Dritek System Inc.>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
<system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[VIA Rhine Family Fast Ethernet Adapter Driver Service / FETNDISB][Running/Manual Start]
<system32\DRIVERS\fetnd5b.sys><VIA Technologies, Inc.>
[hookcont / hookcont][Running/System Start]
<system32\drivers\HookCont.sys><Beijing Rising Information Technology Co., Ltd.>
[hooksys / hooksys][Running/System Start]
<system32\drivers\HookSys.sys><Beijing Rising Information Technology Co., Ltd.>
[KAVBase / KAVBase][Running/Auto Start]
<\??\C:\WINDOWS\system32\Drivers\KAVBase.sys><Kingsoft Corporation>
[KAVBootC / KAVBootC][Running/Boot Start]
<\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>
[KAVSafe / KAVSafe][Running/Auto Start]
<\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys><Kingsoft Corporation>
[KNetWch / KNetWch][Running/System Start]
<\??\C:\Program Files\Kingsoft\Kingsoft Internet Security\KNetWch.SYS><Kingsoft Corporation>
[KWatch3 / KWatch3][Running/Auto Start]
<\??\C:\WINDOWS\system32\Drivers\KWatch3.sys><Kingsoft Corporation>
[nv / nv][Stopped/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Information Technology Co., Ltd.>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
<system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[TesDrvPt / TesDrvPt][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\TesDrvPt.sys><TENCENT>
[TesSafe / TesSafe][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>
[VIA AGP Filter / viaagp1][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\viaagp1.sys><VIA Technologies, Inc.>
[viagfx / viagfx][Running/Manual Start]
<system32\DRIVERS\vtmini.sys><Copyright (C) VIA/S3 Graphics Co, Ltd.>
[ViBus / ViBus][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\ViBus.sys><VIA Technologies, Inc.>
[VIA SATA IDE Device Driver / ViPrt][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\ViPrt.sys><VIA Technologies, Inc.>
[WmiSvc / WmiSvc][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\WmiSvc.sys><N/A>
[pcidump / pcidump][Running/Disabled]
<\??\C:\WINDOWS\system32\drivers\pcidump.sys><N/A>

==================================
浏览器加载项
[QQCycloneHelper Class]
{00000000-12C9-4305-82F9-43058F20E8D2} <F:\QQDownload2\QQIEHelper01.dll, (Signed) Tencent Technology (Shenzhen) Company Limited>
[HaoKanBar BrowserHelper]
{7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, (Signed) 北京千兆时代科技有限公司>
[超级兔子上网精灵]
{43869BB3-22FD-4F15-9B46-238106BA2F4E} <C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, (Signed) 北京千兆时代科技有限公司>
[QQCycloneHelper Class]
{00000000-12C9-4305-82F9-43058F20E8D2} <F:\QQDownload2\QQIEHelper01.dll, (Signed) Tencent Technology (Shenzhen) Company Limited>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, (Signed) Microsoft Corporation>
[IEBuddyExtControl Class]
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security\IEBuddyExt.DLL, (Signed) Kingsoft Corporation>
[超级兔子上网精灵]
{43869BB3-22FD-4F15-9B46-238106BA2F4E} <C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, (Signed) 北京千兆时代科技有限公司>
[HaoKanBar BrowserHelper]
{7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, (Signed) 北京千兆时代科技有限公司>
[]
{AFF6E516-CBE5-4F8A-9C2F-38A68013E766} <, >
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx,

1beiziaijin - 2009-9-17 3:16:00

(Signed) Adobe Systems, Inc.>
[kingsoft browser shield]
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security\KASBrowserShield.DLL, (Signed) Kingsoft Corporation>
[]
{E2E2DD38-D088-4134-82B7-F2BA38496583} <, >

==================================
正在运行的进程
[PID: 576 / SYSTEM][\SystemRoot\System32\smss.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 644 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rsv1.tmp] [Beijing Rising Tech. Co., Ltd., 1, 3, 0, 0]
[PID: 668 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\COMRes.dll] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rsv1.tmp] [Beijing Rising Tech. Co., Ltd., 1, 3, 0, 0]
[PID: 712 / SYSTEM][C:\WINDOWS\system32\services.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rsv1.tmp] [Beijing Rising Tech. Co., Ltd., 1, 3, 0, 0]
[PID: 724 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rsv1.tmp] [Beijing Rising Tech. Co., Ltd., 1, 3, 0, 0]
[PID: 888 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\COMRes.dll] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rsv1.tmp] [Beijing Rising Tech. Co., Ltd., 1, 3, 0, 0]
[PID: 960 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\COMRes.dll] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rsv1.tmp] [Beijing Rising Tech. Co., Ltd., 1, 3, 0, 0]
[PID: 1076 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\System32\COMRes.dll] [N/A, ]
[c:\windows\system32\6to4.dll] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rsv1.tmp] [Beijing Rising Tech. Co., Ltd., 1, 3, 0, 0]
[PID: 1184 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rsv1.tmp] [Beijing Rising Tech. Co., Ltd., 1, 3, 0, 0]
[PID: 1272 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\COMRes.dll] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rsv1.tmp] [Beijing Rising Tech. Co., Ltd., 1, 3, 0, 0]
[PID: 1668 / Administrator][C:\WINDOWS\explorer.exe] [(Verified) Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\COMRes.dll] [N/A, ]
[C:\WINDOWS\system32\3a5XTcKYzK7KZcrfRE.inf] [N/A, ]
[C:\WINDOWS\system32\SCEVFJRCmaB7.dll] [N/A, ]
[C:\WINDOWS\system32\704C3595.dll] [N/A, ]
[C:\WINDOWS\system32\PERrGx5DkqSbQdwauCRQH.dll] [N/A, ]
[C:\WINDOWS\fonts\A97CRaCB.fon] [N/A, ]
[C:\WINDOWS\system32\rfpz9wwyy2np.dll] [N/A, ]
[C:\WINDOWS\system32\SrNRKs5F7Rkv9hp.inf] [N/A, ]
[C:\WINDOWS\Tasks\ybmux4Mu6FUnQJEHWu.inf] [N/A, ]
[C:\WINDOWS\system32\ndxq9awMc.dll] [N/A, ]
[C:\WINDOWS\system32\08223B03.dll] [N/A, ]
[C:\WINDOWS\system32\2EF0D734.dll] [N/A, ]
[C:\WINDOWS\system32\skcfujQ5EDN.dll] [N/A, ]
[C:\WINDOWS\Downloaded Program Files\qvSPdARs5PQNKAzvezTuPcs.cur] [N/A, ]
[C:\WINDOWS\Tasks\EfEPEaD4ZpVMUXrDbS.inf] [N/A, ]
[C:\WINDOWS\system32\2exJW3dsaTgWrf5uAPadmHN.dll] [N/A, ]
[C:\WINDOWS\system32\dhDhwS7fFW.dll] [N/A, ]
[C:\WINDOWS\Tasks\CxsxepuZefXkXcNY8h.inf] [N/A, ]
[C:\WINDOWS\system32\CDuAUVkGy9.dll] [N/A, ]
[C:\WINDOWS\system32\X5T4kV8DNmMbdRXAUx82K.inf] [N/A, ]
[C:\WINDOWS\system32\K7zkXuSVDPKyz63k3V.inf] [N/A, ]
[C:\WINDOWS\system32\BMsg6pdMD4ht.dll] [N/A, ]
[C:\WINDOWS\Tasks\K6xzVUK4MRGJBPE76F.inf] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rsv1.tmp] [Beijing Rising Tech. Co., Ltd., 1, 3, 0, 0]
[C:\WINDOWS\system32\shdoclc.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\browselc.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1728 / Administrator][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tmp.tmp] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rsv1.tmp] [Beijing Rising Tech. Co., Ltd., 1, 3, 0, 0]
[PID: 1868 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rsv1.tmp] [Beijing Rising Tech. Co., Ltd., 1, 3, 0, 0]
[C:\WINDOWS\system32\COMRes.dll] [N/A, ]
[PID: 344 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rsv1.tmp] [Beijing Rising Tech. Co., Ltd., 1, 3, 0, 0]

1beiziaijin - 2009-9-17 3:16:00

[PID: 728 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\K7zkXuSVDPKyz63k3V.inf] [N/A, ]
[C:\WINDOWS\system32\BMsg6pdMD4ht.dll] [N/A, ]
[C:\WINDOWS\Tasks\K6xzVUK4MRGJBPE76F.inf] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rsv1.tmp] [Beijing Rising Tech. Co., Ltd., 1, 3, 0, 0]
[C:\WINDOWS\Tasks\EfEPEaD4ZpVMUXrDbS.inf] [N/A, ]
[PID: 1028 / Administrator][C:\Documents and Settings\Administrator\桌面\orangeaug.com] [Beijing Rising Tech. Co., Ltd., 1, 8, 2, 0]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\COMRes.dll] [N/A, ]
[C:\WINDOWS\system32\shdoclc.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\K7zkXuSVDPKyz63k3V.inf] [N/A, ]
[PID: 2344 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
[C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\System32\COMRes.dll] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rsv1.tmp] [Beijing Rising Tech. Co., Ltd., 1, 3, 0, 0]
[PID: 2516 / Administrator][C:\Program Files\Super Rabbit\MagicSet\RabbitLobby.exe] [Supper Rabbit, 1.0.0.1]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\Program Files\Super Rabbit\MagicSet\srlog.dll] [北京千兆时代科技有限公司, 1.0.0.3]
[C:\Program Files\Super Rabbit\MagicSet\SrHwMon.dll] [Super Rabbit, 1.0.0.2]
[C:\Documents and Settings\Administrator\Local Settings\Temp\SrMonDir\srhdwlib.dll] [PCPC8, 1, 0, 5, 6]
[C:\WINDOWS\system32\COMRes.dll] [N/A, ]
[C:\WINDOWS\system32\K7zkXuSVDPKyz63k3V.inf] [N/A, ]
[C:\WINDOWS\system32\BMsg6pdMD4ht.dll] [N/A, ]
[C:\WINDOWS\Tasks\K6xzVUK4MRGJBPE76F.inf] [N/A, ]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rsv1.tmp] [Beijing Rising Tech. Co., Ltd., 1, 3, 0, 0]
[C:\WINDOWS\Tasks\EfEPEaD4ZpVMUXrDbS.inf] [N/A, ]
[PID: 1404 / Administrator][C:\WINDOWS\system32\conime.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rsv1.tmp] [Beijing Rising Tech. Co., Ltd., 1, 3, 0, 0]
[PID: 3108 / SYSTEM][RsHide] [N/A, ]
[C:\Program Files\Rising\Rav\combase.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
[C:\Program Files\Rising\Rav\cnt09.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 37]
[C:\Program Files\Rising\Rav\cnt08.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 3132 / SYSTEM][RsHide] [N/A, ]
[C:\Program Files\Rising\Rav\combase.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Rising\Rav\moncomm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13]
[C:\Program Files\Rising\Rav\MonBase.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 6]
[C:\Program Files\Rising\Rav\Rslog.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.41]
[C:\Program Files\Rising\Rav\mondrv.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9]
[C:\Program Files\Rising\Rav\defmon.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 31]
[C:\Program Files\Rising\Rav\moncom08.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
[C:\Program Files\Rising\Rav\MonRule.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9]
[C:\Program Files\Rising\Rav\FileMon.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 28]
[C:\Program Files\Rising\Rav\MailMon.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 24]
[C:\Program Files\Rising\Rav\HookWeb.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
[C:\Program Files\Rising\Rav\proccomm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
[C:\Program Files\Rising\Rav\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.20]
[C:\Program Files\Rising\Rav\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
[C:\Program Files\Rising\Rav\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
[C:\Program Files\Rising\Rav\Hooksys.dll] [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 18]
[C:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[C:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[C:\Program Files\Rising\Rav\HookCont.dll] [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 12]
[C:\Program Files\Rising\Rav\rsnetsvr.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 14]
[C:\Program Files\Rising\Rav\BACore.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 22]
[C:\Program Files\Rising\Rav\recomp.dll] [Beijing Rising Information Technology Co., Ltd.,

1beiziaijin - 2009-9-17 3:16:00

21, 0, 0, 4]
[C:\Program Files\Rising\Rav\refs.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
[C:\Program Files\Rising\Rav\RSStore.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13]
[C:\Program Files\Rising\Rav\ScanAdd.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.19]
[C:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.39]
[C:\Program Files\Rising\Rav\viruslib.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
[C:\Program Files\Rising\Rav\relibldr.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 6]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\COMRes.dll] [N/A, ]
[C:\Program Files\Rising\Rav\ffr.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
[C:\Program Files\Rising\Rav\nvfile.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
[C:\Program Files\Rising\Rav\scanexec.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 6]
[C:\Program Files\Rising\Rav\unexe.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
[C:\Program Files\Rising\Rav\scanex.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 65]
[C:\Program Files\Rising\Rav\pearc.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
[C:\Program Files\Rising\Rav\scanpe.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 14]
[C:\Program Files\Rising\Rav\ur000.dat] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 16]
[C:\Program Files\Rising\Rav\urutils.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
[C:\Program Files\Rising\Rav\methodex.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
[C:\Program Files\Rising\Rav\revm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9]
[C:\Program Files\Rising\Rav\scriptci.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
[C:\Program Files\Rising\Rav\uroutine.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
[C:\Program Files\Rising\Rav\pecompd.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
[C:\Program Files\Rising\Rav\heurex.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
[C:\Program Files\Rising\Rav\extfile.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 16]
[C:\Program Files\Rising\Rav\posttrt.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
[C:\Program Files\Rising\Rav\scansct.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
[C:\Program Files\Rising\Rav\extmail.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
[C:\Program Files\Rising\Rav\ur001.dat] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7]
[PID: 4020 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rsv1.tmp] [Beijing Rising Tech. Co., Ltd., 1, 3, 0, 0]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\browselc.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\COMRes.dll] [N/A, ]
[C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll] [北京千兆时代科技有限公司, 3.5.1.1669]
[C:\Program Files\Super Rabbit\MagicSet\WebSafe.dll] [北京千兆时代科技有限公司, 1.0.0.3]
[C:\Program Files\Super Rabbit\MagicSet\Scan.dll] [N/A, ]
[F:\QQDownload2\QQIEHelper01.dll] [Tencent Technology (Shenzhen) Company Limited, 2, 0, 528, 204]
[C:\WINDOWS\system32\shdoclc.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.5.0.0]
[C:\Program Files\SogouInput\Plugin\SgImeWord.dll] [Sogou.com Inc., 3.5.0.0]
[C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx] [Adobe Systems, Inc., 10,0,12,36]
[PID: 3536 / Administrator][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.438\SREngLdr.EXE] [Smallfrogs Studio, 2.8.1.1279]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rsv1.tmp] [Beijing Rising Tech. Co., Ltd., 1, 3, 0, 0]
[PID: 3640 / Administrator][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.438\SRE5adef2a7.EXE] [Smallfrogs Studio, 2.8.1.1279]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rsv1.tmp] [Beijing Rising Tech. Co., Ltd., 1, 3, 0, 0]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.438\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
[C:\WINDOWS\system32\COMRes.dll] [N/A, ]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 668, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 1028, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\ORANGEAUG.COM]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1028, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\ORANGEAUG.COM]
特殊特权被允许： SeDebugPrivilege [PID = 3536, C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\RAR$EX00.438\SRENGLDR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3536, C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\RAR$EX00.438\SRENGLDR.EXE]

==================================
计划任务
N/A

==================================
Windows 安全更新检查
N/A

==================================
API HOOK
入口点错误：RegCreateKeyExA (危险等级: 高, 被下面模块所HOOK: 0x00DB1FE5)
入口点错误：RegCreateKeyExW (危险等级: 高, 被下面模块所HOOK: 0x00DB20B5)
入口点错误：Process32NextW (危险等级: 高, 被下面模块所HOOK: 0x00DB2325)
入口点错误：Module32FirstW (危险等级: 高, 被下面模块所HOOK: 0x00DB39CD)
入口点错误：TerminateProcess (危险等级: 高, 被下面模块所HOOK: 0x00DB411D)
入口点错误：CreateProcessA (危险等级: 高, 被下面模块所HOOK: 0x00DB2185)
入口点错误：CreateProcessW (危险等级: 高, 被下面模块所HOOK: 0x00DB2255)
入口点错误：FindWindowA (危险等级: 高, 被下面模块所HOOK: 0x00DB3A9D)
入口点错误：FindWindowExA (危险等级: 高, 被下面模块所HOOK: 0x00DB3C3D)
入口点错误：FindWindowExW (危险等级: 高, 被下面模块所HOOK: 0x00DB3D0D)
入口点错误：FindWindowW (危险等级: 高, 被下面模块所HOOK: 0x00DB3B6D)
入口点错误：SendMessageA (危险等级: 高, 被下面模块所HOOK: 0x00DB3DDD)
入口点错误：SendMessageW (危险等级: 高, 被下面模块所HOOK: 0x00DB3EAD)

==================================
隐藏进程
N/A

==================================

[/CODE]

瑞星卡卡安全论坛