未知家族病毒分析
扫描结果:
C:\Program Files\Internet Explorer\IEXPLORE.EXE --> 与 Backdoor.Gpigeon 100%相似.


系统活动进程
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
F:\DAEMON\DAEMON.EXE
C:\WINDOWS\DAEMON.DLL
F:\DAEMON\PFCTOC.DLL
F:\DAEMON\PLUGINS\IMAGES\CCDMOUNT.DLL
F:\DAEMON\PLUGINS\IMAGES\MDSMOUNT.DLL
F:\DAEMON\PLUGINS\IMAGES\PDIMOUNT.DLL
F:\DAEMON\PLUGINS\IMAGES\NRGMOUNT.DLL
F:\DAEMON\PLUGINS\IMAGES\BW5MOUNT.DLL

C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\WINDOWS\DOWNLO~1\HBHELPER.DLL

C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\WINDOWS\DOWNLO~1\_IS_0518\_IS_ISC.DLL
C:\WINDOWS\DOWNLO~1\_IS_0518\_IS_LOIE.DLL

C:\WINDOWS\MSAGENT\AGENTSVR.EXE
C:\WINDOWS\SYSTEM32\MSACM32.DRV

C:\WINDOWS\SYSTEM32\CTFMON.EXE
C:\WINDOWS\SYSTEM32\MSICN\MSIBM.DLL

C:\WINDOWS\SYSTEM32\SMSS.EXE
C:\WINDOWS\SYSTEM32\CSRSS.EXE
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\SYSTEM32\MSACM32.DRV

C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\SYSTEM32\LSASS.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM32\MSACM32.DRV

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\WUPS2.DLL

C:\WINDOWS\SYSTEM32\WDFMGR.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\ALG.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM32\RAVEXT.DLL
C:\WINDOWS\SYSTEM32\MSACM32.DRV
C:\WINDOWS\DOWNLO~1\_IS_0518\_IS_LNBK.DLL
C:\WINDOWS\DOWNLO~1\_IS_0518\_IS_UPD.DLL
C:\WINDOWS\DOWNLO~1\_IS_0518\_IS_BSYS.DLL
C:\WINDOWS\DOWNLO~1\_IS_0518\_IS_7ZD.DLL
C:\WINDOWS\SYSTEM32\MSICN\MSIBM.DLL
C:\WINDOWS\SYSTEM32\MSICN\PLUGINS\BSE.DLL
C:\WINDOWS\SYSTEM32\MSICN\PLUGINS\LUP.DLL
C:\WINDOWS\SYSTEM32\MSICN\PLUGINS\BM.DLL
C:\WINDOWS\SYSTEM32\MSICN\PLUGINS\AS.DLL

C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\SYSTEM32\WUAUCLT.EXE
C:\WINDOWS\SYSTEM32\WUPS2.DLL

C:\PROGRAM FILES\TENCENT\TT\TTRAVELER.EXE
C:\PROGRAM FILES\TENCENT\TT\PLUGINS\QQFLOATBAR\QQFLOATBAR4TT2.DLL
C:\PROGRAM FILES\TENCENT\TT\PLUGINS\TWEATHER\TWEATHER.DLL
C:\PROGRAM FILES\TENCENT\TT\PERSONALDESKTOP.DLL
G:\RISING\RAV\RAVSCRCH.DLL
C:\WINDOWS\SYSTEM32\MSACM32.DRV
C:\WINDOWS\SYSTEM32\MSICN\MSIBM.DLL
C:\WINDOWS\SYSTEM32\MACROMED\FLASH\FLASH8B.OCX
C:\WINDOWS\SYSTEM32\MACROMED\COMMON\SWSUPPORT.DLL

C:\PROGRA~1\TENCENT\TT\TCPLUS.EXE
C:\PROGRA~1\TENCENT\TT\TDMANA~1.DLL

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
G:\RSDETECT.EXE
G:\GPDETECT.EXE

普通自启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
TkBellExe = "C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE" -OSBOOT
DAEMON Tools-2052 = "F:\DAEMON\DAEMON.EXE" -LANG 2052
BigDogPath = C:\WINDOWS\VM_STI.EXE VIMICRO USB PC CAMERA
Kavrun = ;
iDuba Personal FireWall = ;
RichMedia = C:\WINDOWS\SYSTEM32\RUNDLL32.EXE "C:\WINDOWS\DOWNLO~1\HBHELPER.DLL",WAITWINDOWS
spoolsv = C:\WINDOWS\SYSTEM32\SPOOLSV\SPOOLSV.EXE -PRINTER
advapi32 = RUNDLL32 C:\WINDOWS\DOWNLO~1\_IS_0518\_IS_ISC.DLL,ISC
RavTask = "G:\RISING\RAV\RAVTASK.EXE" -SYSTEM

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe = C:\WINDOWS\SYSTEM32\CTFMON.EXE
MSMSGS = ; "C:\PROGRAM FILES\MESSENGER\MSMSGS.EXE" /BACKGROUND
iDuba Personal FireWall = ;
SDO2005 = ; D:\PROGRAM FILES\盛大圈圈\SDOCLIENT.EXE
eMuleAutoStart = ; D:\新建文件夹 (2)\新建文件夹\EMULE\EMULE.EXE -AUTOSTART


AppInit_DLLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs =


系统文件关联
.exe ==> exefile = "%1" %*
.com ==> comfile = "%1" %*
.cmd ==> cmdfile = "%1" %*
.bat ==> batfile = "%1" %*
.txt ==> txtfile = %SystemRoot%\system32\NOTEPAD.EXE %1
.scr ==> scrfile = "%1" /S
.reg ==> regfile = regedit.exe "%1"
.doc ==> Word.Document.8 = "C:\Program Files\Microsoft Office\Office\WINWORD.EXE" /n

其它启动项
WIN.INI
无信息

SYSTEM.INI
SHELL = Explorer.exe
SCRNSAVE.EXE = G:\KV2005\KVSCRK~1.SCR


Winlogon 启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
crypt32chain = CRYPT32.DLL
cryptnet = CRYPTNET.DLL
cscdll = CSCDLL.DLL
ScCertProp = WLNOTIFY.DLL
Schedule = WLNOTIFY.DLL
sclgntfy = SCLGNTFY.DLL
SensLogn = WLNOTIFY.DLL
termsrv = WLNOTIFY.DLL
wlballoon = WLNOTIFY.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit = USERINIT.EXE,
shell = EXPLORER.EXE


IE - BHO
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{0E674588-66B7-4E19-9D0E-2053B800F69F} = C:\WINDOWS\system32\wmpdrm.dll
{AE22AFE5-1EF4-4D25-9E23-D2825FB17DA1} = C:\WINDOWS\DOWNLO~1\hbhelper.dll


Winsock SPI
MSAFD Tcpip [TCP/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [UDP/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [RAW/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
RSVP UDP Service Provider = C:\WINDOWS\SYSTEM32\RSVPSP.DLL
RSVP TCP Service Provider = C:\WINDOWS\SYSTEM32\RSVPSP.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{59D7D8BB-B918-44C0-89EB-12D6BF07F5E2}] SEQPACKET 5 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{59D7D8BB-B918-44C0-89EB-12D6BF07F5E2}] DATAGRAM 5 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{D85EBD4B-5540-4DCC-9074-57802F2F64C6}] SEQPACKET 0 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{D85EBD4B-5540-4DCC-9074-57802F2F64C6}] DATAGRAM 0 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{3E1183F7-6C52-4847-89C4-0C67DC626698}] SEQPACKET 1 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{3E1183F7-6C52-4847-89C4-0C67DC626698}] DATAGRAM 1 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{169CBBBC-6AC3-4497-8E16-5552831393BF}] SEQPACKET 2 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{169CBBBC-6AC3-4497-8E16-5552831393BF}] DATAGRAM 2 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{A588393B-1DE5-4CB8-9B22-F6BADAD49A12}] SEQPACKET 3 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{A588393B-1DE5-4CB8-9B22-F6BADAD49A12}] DATAGRAM 3 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{1A19E7E6-9DD0-4AC2-A582-FBEB778D882E}] SEQPACKET 4 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{1A19E7E6-9DD0-4AC2-A582-FBEB778D882E}] DATAGRAM 4 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL

系统服务项
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
Alerter = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
ALG = C:\WINDOWS\SYSTEM32\ALG.EXE
AppMgmt = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Ati HotKey Poller = C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
ATI Smart = C:\WINDOWS\SYSTEM32\ATI2SGAG.EXE
AudioSrv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
BITS = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Browser = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
CiSvc = C:\WINDOWS\SYSTEM32\CISVC.EXE
ClipSrv = C:\WINDOWS\SYSTEM32\CLIPSRV.EXE
COMSysApp = C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{02D4B3F1-FD88-11D1-960D-00805FC79235}
CryptSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
DcomLaunch = C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH
Dhcp = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
dmadmin = C:\WINDOWS\SYSTEM32\DMADMIN.EXE /COM
dmserver = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Dnscache = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETWORKSERVICE
ERSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Eventlog = C:\WINDOWS\SYSTEM32\SERVICES.EXE
EventSystem = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
FastUserSwitchingCompatibility = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
helpsvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
HidServ = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
HTTPFilter = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K HTTPFILTER
ImapiService = C:\WINDOWS\SYSTEM32\IMAPI.EXE
lanmanserver = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
lanmanworkstation = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
LmHosts = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
Messenger = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
mnmsrvc = C:\WINDOWS\SYSTEM32\MNMSRVC.EXE
MOBILL = C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,EXPORT 1087
MSDTC = C:\WINDOWS\SYSTEM32\MSDTC.EXE
MSIServer = C:\WINDOWS\SYSTEM32\MSIEXEC.EXE /V
NetDDE = C:\WINDOWS\SYSTEM32\NETDDE.EXE
NetDDEdsdm = C:\WINDOWS\SYSTEM32\NETDDE.EXE
Netlogon = C:\WINDOWS\SYSTEM32\LSASS.EXE
Netman = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Nla = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Nlm = C:\PROGRAM FILES\NETMEETING\NETWARE.EXE
NSLHA = C:\WINDOWS\SYSTEM32\CONN.EXE
NtLmSsp = C:\WINDOWS\SYSTEM32\LSASS.EXE
NtmsSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
PlugPlay = C:\WINDOWS\SYSTEM32\SERVICES.EXE
PolicyAgent = C:\WINDOWS\SYSTEM32\LSASS.EXE
ProtectedStorage = C:\WINDOWS\SYSTEM32\LSASS.EXE
RasAuto = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RasMan = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RDSessMgr = C:\WINDOWS\SYSTEM32\SESSMGR.EXE
RemoteAccess = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RemoteRegistry = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
RpcLocator = C:\WINDOWS\SYSTEM32\LOCATOR.EXE
RpcSs = C:\WINDOWS\SYSTEM32\SVCHOST -K RPCSS
RsCCenter = "G:\RISING\RAV\CCENTER.EXE"
RsRavMon = "G:\RISING\RAV\RAVMOND.EXE"
RSVP = C:\WINDOWS\SYSTEM32\RSVP.EXE
SamSs = C:\WINDOWS\SYSTEM32\LSASS.EXE
SCardSvr = C:\WINDOWS\SYSTEM32\SCARDSVR.EXE
Schedule = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
seclogon = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Security = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SENS = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SharedAccess = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
ShellHWDetection = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Spooler = C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
srservice = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SSDPSRV = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
stisvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K IMGSVC
svchost.exe = C:\WINDOWS\SVCHOST.EXE
Switching Compatibi1ity = C:\WINDOWS\ALERTEV
SwPrv = C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{14C22421-EDF3-43EA-B0FD-8710C5F29675}
SysmonLog = C:\WINDOWS\SYSTEM32\SMLOGSVC.EXE
TapiSrv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
TermService = C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH
Themes = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
TlntSvr = C:\WINDOWS\SYSTEM32\TLNTSVR.EXE
TrkWks = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
UMWdf = C:\WINDOWS\SYSTEM32\WDFMGR.EXE
upnphost = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
UPS = C:\WINDOWS\SYSTEM32\UPS.EXE
VSS = C:\WINDOWS\SYSTEM32\VSSVC.EXE
W32Time = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WebClient = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
winmgmt = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WmdmPmSN = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Wmi = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WmiApSrv = C:\WINDOWS\SYSTEM32\WBEM\WMIAPSRV.EXE
wscsvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
wuauserv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WZCSVC = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
xmlprov = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS

文件驱动
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
FltMgr = C:\WINDOWS\SYSTEM32\DRIVERS\FLTMGR.SYS
MRxDAV = C:\WINDOWS\SYSTEM32\DRIVERS\MRXDAV.SYS
MRxSmb = C:\WINDOWS\SYSTEM32\DRIVERS\MRXSMB.SYS
NetBIOS = C:\WINDOWS\SYSTEM32\DRIVERS\NETBIOS.SYS
Rdbss = C:\WINDOWS\SYSTEM32\DRIVERS\RDBSS.SYS
sr = C:\WINDOWS\SYSTEM32\DRIVERS\SR.SYS
Srv = C:\WINDOWS\SYSTEM32\DRIVERS\SRV.SYS


系统驱动项
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
ACPI = C:\WINDOWS\SYSTEM32\DRIVERS\ACPI.SYS
aec = C:\WINDOWS\SYSTEM32\DRIVERS\AEC.SYS
AFD = C:\WINDOWS\SYSTEM32\DRIVERS\AFD.SYS
AliIde = C:\WINDOWS\SYSTEM32\DRIVERS\ALIIDE.SYS
AmdK7 = C:\WINDOWS\SYSTEM32\DRIVERS\AMDK7.SYS
AsyncMac = C:\WINDOWS\SYSTEM32\DRIVERS\ASYNCMAC.SYS
atapi = C:\WINDOWS\SYSTEM32\DRIVERS\ATAPI.SYS
ati2mtag = C:\WINDOWS\SYSTEM32\DRIVERS\ATI2MTAG.SYS
Atmarpc = C:\WINDOWS\SYSTEM32\DRIVERS\ATMARPC.SYS
audstub = C:\WINDOWS\SYSTEM32\DRIVERS\AUDSTUB.SYS
BaseTDI = C:\WINDOWS\SYSTEM32\DRIVERS\BASETDI.SYS
CCDECODE = C:\WINDOWS\SYSTEM32\DRIVERS\CCDECODE.SYS
Cdrom = C:\WINDOWS\SYSTEM32\DRIVERS\CDROM.SYS
Cdsys = C:\WINDOWS\SYSTEM32\CDCD.SYS
CmdIde = C:\WINDOWS\SYSTEM32\DRIVERS\CMDIDE.SYS
d347bus = C:\WINDOWS\SYSTEM32\DRIVERS\D347BUS.SYS
d347prt = C:\WINDOWS\SYSTEM32\DRIVERS\D347PRT.SYS
Disk = C:\WINDOWS\SYSTEM32\DRIVERS\DISK.SYS
dmboot = C:\WINDOWS\SYSTEM32\DRIVERS\DMBOOT.SYS
dmio = C:\WINDOWS\SYSTEM32\DRIVERS\DMIO.SYS
dmload = C:\WINDOWS\SYSTEM32\DRIVERS\DMLOAD.SYS
DMusic = C:\WINDOWS\SYSTEM32\DRIVERS\DMUSIC.SYS
drmkaud = C:\WINDOWS\SYSTEM32\DRIVERS\DRMKAUD.SYS
EagleNT = C:\WINDOWS\SYSTEM32\DRIVERS\EAGLENT.SYS
ExpScaner = G:\RISING\RAV\EXPSCAN.SYS
Fdc = C:\WINDOWS\SYSTEM32\DRIVERS\FDC.SYS
FETNDIS = C:\WINDOWS\SYSTEM32\DRIVERS\FETND5.SYS
FETNDISB = C:\WINDOWS\SYSTEM32\DRIVERS\FETND5B.SYS
FsVga = C:\WINDOWS\SYSTEM32\DRIVERS\FSVGA.SYS
Ftdisk = C:\WINDOWS\SYSTEM32\DRIVERS\FTDISK.SYS
gagp30kx = C:\WINDOWS\SYSTEM32\DRIVERS\GAGP30KX.SYS
gameenum = C:\WINDOWS\SYSTEM32\DRIVERS\GAMEENUM.SYS
Gpc = C:\WINDOWS\SYSTEM32\DRIVERS\MSGPC.SYS
HookCont = G:\RISING\RAV\HOOKCONT.SYS
HookReg = G:\RISING\RAV\HOOKREG.SYS
HookSys = G:\RISING\RAV\HOOKSYS.SYS
HTTP = C:\WINDOWS\SYSTEM32\DRIVERS\HTTP.SYS
i8042prt = C:\WINDOWS\SYSTEM32\DRIVERS\I8042PRT.SYS
Imapi = C:\WINDOWS\SYSTEM32\DRIVERS\IMAPI.SYS
IntelIde = C:\WINDOWS\SYSTEM32\DRIVERS\INTELIDE.SYS
Ip6Fw = C:\WINDOWS\SYSTEM32\DRIVERS\IP6FW.SYS
IpFilterDriver = C:\WINDOWS\SYSTEM32\DRIVERS\IPFLTDRV.SYS
IpInIp = C:\WINDOWS\SYSTEM32\DRIVERS\IPINIP.SYS
IpNat = C:\WINDOWS\SYSTEM32\DRIVERS\IPNAT.SYS
IPSec = C:\WINDOWS\SYSTEM32\DRIVERS\IPSEC.SYS
IRENUM = C:\WINDOWS\SYSTEM32\DRIVERS\IRENUM.SYS
isapnp = C:\WINDOWS\SYSTEM32\DRIVERS\ISAPNP.SYS
Kbdclass = C:\WINDOWS\SYSTEM32\DRIVERS\KBDCLASS.SYS
kmixer = C:\WINDOWS\SYSTEM32\DRIVERS\KMIXER.SYS
kmsinput = C:\WINDOWS\SYSTEM32\DRIVERS\KMSINPUT.SYS
KRegEx = C:\WINDOWS\SYSTEM32\DRIVERS\KREGEX.SYS
MegaIDE = C:\WINDOWS\SYSTEM32\DRIVERS\MEGAIDE.SYS
MEMSCAN = G:\RISING\RAV\MEMSCAN.SYS
Mouclass = C:\WINDOWS\SYSTEM32\DRIVERS\MOUCLASS.SYS
MSKSSRV = C:\WINDOWS\SYSTEM32\DRIVERS\MSKSSRV.SYS
MSPCLOCK = C:\WINDOWS\SYSTEM32\DRIVERS\MSPCLOCK.SYS
MSPQM = C:\WINDOWS\SYSTEM32\DRIVERS\MSPQM.SYS
mssmbios = C:\WINDOWS\SYSTEM32\DRIVERS\MSSMBIOS.SYS
MSTEE = C:\WINDOWS\SYSTEM32\DRIVERS\MSTEE.SYS
ms_mpu401 = C:\WINDOWS\SYSTEM32\DRIVERS\MSMPU401.SYS
NABTSFEC = C:\WINDOWS\SYSTEM32\DRIVERS\NABTSFEC.SYS
NdisIP = C:\WINDOWS\SYSTEM32\DRIVERS\NDISIP.SYS
NdisTapi = C:\WINDOWS\SYSTEM32\DRIVERS\NDISTAPI.SYS
Ndisuio = C:\WINDOWS\SYSTEM32\DRIVERS\NDISUIO.SYS
NdisWan = C:\WINDOWS\SYSTEM32\DRIVERS\NDISWAN.SYS
NetBT = C:\WINDOWS\SYSTEM32\DRIVERS\NETBT.SYS
npkcrypt = C:\PROGRAM FILES\TENCENT\QQ\NPKCRYPT.SYS
NTSIM = C:\WINDOWS\SYSTEM32\NTSIM.SYS
nv = C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS
NwlnkFlt = C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKFLT.SYS
NwlnkFwd = C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKFWD.SYS
oreans32 = C:\WINDOWS\SYSTEM32\DRIVERS\OREANS32.SYS
Parport = C:\WINDOWS\SYSTEM32\DRIVERS\PARPORT.SYS
PCI = C:\WINDOWS\SYSTEM32\DRIVERS\PCI.SYS
PCIIde = C:\WINDOWS\SYSTEM32\DRIVERS\PCIIDE.SYS
PptpMiniport = C:\WINDOWS\SYSTEM32\DRIVERS\RASPPTP.SYS
Processor = C:\WINDOWS\SYSTEM32\DRIVERS\PROCESSR.SYS
PSched = C:\WINDOWS\SYSTEM32\DRIVERS\PSCHED.SYS
Ptilink = C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS
PxHelp20 = C:\WINDOWS\SYSTEM32\DRIVERS\PXHELP20.SYS
RasAcd = C:\WINDOWS\SYSTEM32\DRIVERS\RASACD.SYS
Rasl2tp = C:\WINDOWS\SYSTEM32\DRIVERS\RASL2TP.SYS
RasPppoe = C:\WINDOWS\SYSTEM32\DRIVERS\RASPPPOE.SYS
Raspti = C:\WINDOWS\SYSTEM32\DRIVERS\RASPTI.SYS
RDPCDD = C:\WINDOWS\SYSTEM32\DRIVERS\RDPCDD.SYS
rdpdr = C:\WINDOWS\SYSTEM32\DRIVERS\RDPDR.SYS
redbook = C:\WINDOWS\SYSTEM32\DRIVERS\REDBOOK.SYS
rtl8139 = C:\WINDOWS\SYSTEM32\DRIVERS\RTL8139.SYS
Secdrv = C:\WINDOWS\SYSTEM32\DRIVERS\SECDRV.SYS
serenum = C:\WINDOWS\SYSTEM32\DRIVERS\SERENUM.SYS
Serial = C:\WINDOWS\SYSTEM32\DRIVERS\SERIAL.SYS
sfdrv01 = C:\WINDOWS\SYSTEM32\DRIVERS\SFDRV01.SYS
sfhlp02 = C:\WINDOWS\SYSTEM32\DRIVERS\SFHLP02.SYS
sfsync02 = C:\WINDOWS\SYSTEM32\DRIVERS\SFSYNC02.SYS
sfvfs02 = C:\WINDOWS\SYSTEM32\DRIVERS\SFVFS02.SYS
SLIP = C:\WINDOWS\SYSTEM32\DRIVERS\SLIP.SYS
splitter = C:\WINDOWS\SYSTEM32\DRIVERS\SPLITTER.SYS
streamip = C:\WINDOWS\SYSTEM32\DRIVERS\STREAMIP.SYS
SVKP = C:\WINDOWS\SYSTEM32\SVKP.SYS
swenum = C:\WINDOWS\SYSTEM32\DRIVERS\SWENUM.SYS
swmidi = C:\WINDOWS\SYSTEM32\DRIVERS\SWMIDI.SYS
sysaudio = C:\WINDOWS\SYSTEM32\DRIVERS\SYSAUDIO.SYS
Tcpip = C:\WINDOWS\SYSTEM32\DRIVERS\TCPIP.SYS
TermDD = C:\WINDOWS\SYSTEM32\DRIVERS\TERMDD.SYS
Update = C:\WINDOWS\SYSTEM32\DRIVERS\UPDATE.SYS
usbehci = C:\WINDOWS\SYSTEM32\DRIVERS\USBEHCI.SYS
usbhub = C:\WINDOWS\SYSTEM32\DRIVERS\USBHUB.SYS
USBSTOR = C:\WINDOWS\SYSTEM32\DRIVERS\USBSTOR.SYS
usbuhci = C:\WINDOWS\SYSTEM32\DRIVERS\USBUHCI.SYS
VgaSave = C:\WINDOWS\SYSTEM32\DRIVERS\VGA.SYS
viaagp = C:\WINDOWS\SYSTEM32\DRIVERS\VIAAGP.SYS
viaagp1 = C:\WINDOWS\SYSTEM32\DRIVERS\VIAAGP1.SYS
ViaIde = C:\WINDOWS\SYSTEM32\DRIVERS\VIAIDE.SYS
VIAudio = C:\WINDOWS\SYSTEM32\DRIVERS\VIAUDIOS.SYS
Wanarp = C:\WINDOWS\SYSTEM32\DRIVERS\WANARP.SYS
wdmaud = C:\WINDOWS\SYSTEM32\DRIVERS\WDMAUD.SYS
WS2IFSL = C:\WINDOWS\SYSTEM32\DRIVERS\WS2IFSL.SYS
WSTCODEC = C:\WINDOWS\SYSTEM32\DRIVERS\WSTCODEC.SYS
ZSMC302 = C:\WINDOWS\SYSTEM32\DRIVERS\USBVM31B.SYS

不懂~~~~~

问题太多

C:\WINDOWS\DOWNLO~1\_IS_0518\
C:\WINDOWS\SYSTEM32\MSICN\
C:\WINDOWS\SYSTEM32\SPOOLSV\SPOOLSV.EXE
C:\WINDOWS\system32\wmpdrm.dll
C:\WINDOWS\DOWNLO~1\hbhelper.dll
C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL

找到病毒源泉有奖

你刚才说的问题  删除就可以了吗

魔法版主说的都有问题，不过不是灰鸽子，呵呵。
svchost.exe = C:\WINDOWS\SVCHOST.EXE
这项很有可能是。
不过看瑞星听诊器太累了，没有隐藏系统项目，简直像大海捞针。
http://forum.ikaka.com/topic.asp?board=28&artid=6979213第5楼下载System Repair Engineer 2.0.12.350导出全部日志。

【回复“轩辕小聪”的帖子】好的

System Repair Engineer 2.0.12.350 (2.0 RC 1)
    Windows XP Professional Service Pack 2 - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <iDuba Personal FireWall><; >
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <SDO2005><; D:\Program Files\盛大圈圈\SDOClient.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <eMuleAutoStart><; D:\新建文件夹 (2)\新建文件夹\eMule\eMule.exe -AutoStart>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <load><>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <run><>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <DAEMON Tools-2052><"F:\daemon\daemon.exe"  -lang 2052>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <BigDogPath><C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <Kavrun><; >
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <iDuba Personal FireWall><; >
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <RichMedia><C:\WINDOWS\system32\Rundll32.exe  "C:\WINDOWS\DOWNLO~1\hbhelper.dll",WaitWindows>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <spoolsv><C:\WINDOWS\system32\spoolsv\spoolsv.exe -printer>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <advapi32><RUNDLL32 C:\WINDOWS\Downlo~1\_IS_0518\_IS_ISC.dll,isc>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <RavTask><"G:\Rising\Rav\RavTask.exe" -system>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
  <RavStub><"G:\Rising\Rav\ravstub.exe" /RUNONCE>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <shell><Explorer.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <Userinit><userinit.exe,>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <AppInit_DLLs><>

==================================
启动文件夹
[腾讯QQ]
  <C:\Documents and Settings\user\「开始」菜单\程序\启动\腾讯QQ.lnk><H>
[PowerReg Scheduler V3]
  <C:\Documents and Settings\user\「开始」菜单\程序\启动\PowerReg Scheduler V3.exe><N>

==================================
服务
[Ati HotKey Poller / Ati HotKey Poller]
  <C:\WINDOWS\system32\Ati2evxx.exe><N/A>
[ATI Smart / ATI Smart]
  <C:\WINDOWS\system32\ati2sgag.exe><>
[Registry Protector / MOBILL]
  <C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A>
[Rising Process Communication Center / RsCCenter]
  <"G:\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
  <"G:\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[svchost.exe / svchost.exe]
  <C:\WINDOWS\svchost.exe><N/A>
[Switching Compatibi1ity / Switching Compatibi1ity]
  <C:\WINDOWS\Alertev><N/A>

==================================
浏览器加载项
[wmpdrm]
  {0E674588-66B7-4E19-9D0E-2053B800F69F} <C:\WINDOWS\system32\wmpdrm.dll, N/A>
[HBObject Class]
  {AE22AFE5-1EF4-4D25-9E23-D2825FB17DA1} <C:\WINDOWS\DOWNLO~1\hbhelper.dll, Shanghai Henbang Technology Co., Ltd>
[浩方对战平台]
  {0A155D3C-68E2-4215-A47A-E800A446447A} <G:\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司>
[QuickBtn]
  {1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} <C:\Program Files\CoolWebsite\QuickLink.dll, Fengcent>
[Yahoo 1G电邮]
  {507F9113-CD77-4866-BA92-0E86DA3D0B97} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail, N/A>
[寻宝乐趣多]
  {59BC54A2-56B3-44a0-93E5-432D58746E26} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=taobao, N/A>
[雅虎助手]
  {5D73EE86-05F1-49ed-B850-E423120EC338} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist, N/A>
[个人超级助理]
  {87199151-8467-467E-94ED-91192DE87266} <D:\999\个人超级助理\ACatHelper.exe, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\qq\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <C:\Program Files\Tencent\qq\QQIEHelper.dll, N/A>
[情景聊天]
  {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/, N/A>
[修复浏览器]
  {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair, N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[清理上网记录]
  {FD00D911-7529-4084-9946-A29F1BDF4FE5} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean, N/A>
[实用搜索]
  {15ADF205-4C54-4cfe-AC88-1EA0BA6D06A0} <C:\Program Files\ScanToolbar\ScanBar.dll, >
[WEBChatRoomOCX Control]
  {448A5F6B-8C03-4B54-A338-F00237C508AD} <C:\PROGRA~1\Sina\UCWEBC~1\UCWEBC~1.OCX, 北京新浪信息技术有限公司>
[Java Plug-in 1.3.1_13]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <E:\\bin\npjava131_13.dll, N/A>
[Qzone Media Tools]
  {A96C48EA-AA88-4BBD-B58C-7B41146A6EAC} <C:\PROGRA~1\Tencent\qq\QZone\QZONEM~1.OCX, Tencent Technology (Shenzhen) Company Limited>
[WebActivater Control]
  {C661F36D-DF85-4EF4-83C7-E107B83D04B1} <C:\WINDOWS\system32\3DShowVM.ocx, QQ>
[Java Plug-in 1.3.1_13]
  {CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA} <E:\\bin\npjava131_13.dll, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[Rising Web Scan Object]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[CPasswordEditCtrl Object]
  {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
[Ad Engine]
  {077FD0C3-1291-4104-A356-41E36B252682} <C:\Program Files\Yayad\AdCore.dll, CDM>
[wmpdrm]
  {0E674588-66B7-4E19-9D0E-2053B800F69F} <C:\WINDOWS\system32\wmpdrm.dll, N/A>
[实用搜索]
  {15ADF205-4C54-4CFE-AC88-1EA0BA6D06A0} <C:\Program Files\ScanToolbar\ScanBar.dll, >
[QuickBtn]
  {1A199C20-DE2B-4838-AE3F-B5257ECE2B7E} <C:\Program Files\CoolWebsite\QuickLink.dll, Fengcent>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <C:\Program Files\Tencent\qq\QQIEHelper.dll, N/A>
[DragSearch BHO]
  {62EED7C6-9F02-42F9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, N/A>
[BHOHelper Class]
  {8816EA7A-5944-4277-B98E-2C0A46FB36E9} <C:\Program Files\baigoo\bgook.dll, N/A>
[HBObject Class]
  {AE22AFE5-1EF4-4D25-9E23-D2825FB17DA1} <C:\WINDOWS\DOWNLO~1\hbhelper.dll, Shanghai Henbang Technology Co., Ltd>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[&Google Search]
  <res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html, N/A>
[上传到QQ网络硬盘]
  <C:\Program Files\Tencent\qq\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
  <C:\Program Files\Tencent\qq\AddPanel.htm, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <C:\Program Files\Tencent\qq\SendMMS.htm, N/A>
[用比特精灵下载(&B)]
  <G:\BitSpirit\bsurl.htm, N/A>

正在运行的进程
[PID: 588][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 644][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 668][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 712][C:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 724][C:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 880][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 956][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1044][G:\Rising\Rav\CCenter.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 1076][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1168][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1280][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1300][G:\Rising\Rav\Ravmond.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 1, 19>
    [G:\Rising\Rav\BWList.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 16>
    [G:\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [G:\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [G:\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [G:\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [G:\Rising\Rav\RsLog.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 18>
    [G:\Rising\Rav\HOOKSYS.dll]  <Rising><18, 1, 0, 9>
    [G:\Rising\Rav\Scanner.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 28>
    [G:\Rising\Rav\libload.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [G:\Rising\Rav\VirusLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [G:\Rising\Rav\regmon.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
    [G:\Rising\Rav\HookWeb.dll]  <rising><18, 0, 0, 1>
    [G:\Rising\Rav\MemMon.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 8>
    [G:\Rising\Rav\expscan.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [G:\Rising\Rav\mPorts.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 3>
    [G:\Rising\Rav\MailMon.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [G:\Rising\Rav\SpamEng.dll]  <N/A><18, 0, 0, 6>
    [G:\Rising\Rav\engine.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 26>
    [G:\Rising\Rav\PostTrt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9>
    [G:\Rising\Rav\UnExe.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [G:\Rising\Rav\ScanExec.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [G:\Rising\Rav\ScanEx.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
    [G:\Rising\Rav\NvFile.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
    [G:\Rising\Rav\ScanMac.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
    [G:\Rising\Rav\ScanSct.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
    [G:\Rising\Rav\Unpacker.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
    [G:\Rising\Rav\ExtOLE.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 1516][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\RavExt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
    [C:\WINDOWS\system32\msicn\msibm.dll]  <N/A><N/A>
    [C:\WINDOWS\Downlo~1\_IS_0518\_IS_LNBK.dll]  <ISC><5, 0, 1, 2>
    [C:\WINDOWS\system32\msicn\plugins\bse.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\msicn\plugins\lup.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\msicn\plugins\bm.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\msicn\plugins\as.dll]  <N/A><N/A>
    [C:\WINDOWS\Downlo~1\_IS_0518\_IS_UPD.dll]  <N/A><N/A>
    [C:\WINDOWS\Downlo~1\_IS_0518\_IS_BSYS.dll]  <N/A><N/A>
    [C:\WINDOWS\Downlo~1\_IS_0518\_IS_7ZD.DLL]  <N/A><N/A>
[PID: 1628][C:\WINDOWS\system32\spoolsv.exe]  <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[PID: 1724][G:\Rising\Rav\RavStub.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
    [G:\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [G:\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[PID: 1952][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  <RealNetworks, Inc.><0.1.0.3018>
    [C:\WINDOWS\system32\msicn\msibm.dll]  <N/A><N/A>
[PID: 1968][F:\daemon\daemon.exe]  <DAEMON'S HOME><3.47.0.0>
    [C:\WINDOWS\daemon.dll]  <N/A><3.47.0.0>
    [F:\daemon\PFCTOC.DLL]  <Padus(R), Inc.><1, 0, 0, 12>
    [F:\daemon\Plugins\Images\ccdmount.dll]  <GENERIC><1.02.0.0>
    [F:\daemon\Plugins\Images\mdsmount.dll]  <GENERIC><1.01.0.0>
    [F:\daemon\Plugins\Images\pdimount.dll]  <GENERIC><1.01.0.0>
    [F:\daemon\Plugins\Images\nrgmount.dll]  <GENERIC><1.02.0.0>
    [F:\daemon\Plugins\Images\bw5mount.dll]  <N/A><1.0.2.0>
[PID: 212][C:\WINDOWS\system32\Rundll32.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\DOWNLO~1\hbhelper.dll]  <Shanghai Henbang Technology Co., Ltd><1, 1, 3, 3>
[PID: 228][C:\WINDOWS\system32\RUNDLL32.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\Downlo~1\_IS_0518\_IS_ISC.dll]  <ISC><5, 5, 9, 0>
    [C:\WINDOWS\Downlo~1\_IS_0518\_IS_LOIE.dll]  <ISC><5, 0, 1, 0>
[PID: 232][G:\Rising\Rav\RavTask.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
    [G:\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [G:\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [G:\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [G:\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
[PID: 244][G:\Rising\Rav\Ravmon.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 1, 17>
    [G:\Rising\Rav\RsGuiLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 24>
    [G:\Rising\Rav\BWList.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 16>
    [G:\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [G:\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [G:\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [G:\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [G:\Rising\Rav\PngDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 300][C:\WINDOWS\system32\ctfmon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\msicn\msibm.dll]  <N/A><N/A>
[PID: 488][G:\Rising\Rav\rav.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 61>
    [G:\Rising\Rav\PlugIn\RsPgScan.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 17>
    [G:\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [G:\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [G:\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [G:\Rising\Rav\RavUI.Dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 57>
    [G:\Rising\Rav\RsGuiLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 24>
    [G:\Rising\Rav\PngDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [G:\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [G:\Rising\Rav\Scanner.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 28>
    [G:\Rising\Rav\BWList.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 16>
    [G:\Rising\Rav\RavUIMsg.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 23>
    [G:\Rising\Rav\RavQu.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
[PID: 272][G:\Rising\Rav\RsAgent.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 12>
    [G:\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
[PID: 604][C:\WINDOWS\msagent\AgentSvr.exe]  <Microsoft Corporation><2.00.0.3422>
[PID: 1228][C:\WINDOWS\system32\wdfmgr.exe]  <Microsoft Corporation><5.2.3790.1230 built by: DNSRV(bld4act)>
[PID: 464][C:\WINDOWS\System32\alg.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2096][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2336][C:\WINDOWS\system32\wuauclt.exe]  <Microsoft Corporation><5.8.0.2469 built by: lab01_n(wmbla)>
[PID: 3656][C:\Program Files\Tencent\TT\TTraveler.exe]  <腾讯公司><3.0.0.250>
    [C:\Program Files\Tencent\TT\Plugins\QQFloatBar\QQFloatBar4TT2.dll]  <腾讯公司><1, 1, 0, 5>
    [C:\Program Files\Tencent\TT\Plugins\TWeather\TWeather.dll]  <><1, 0, 0, 3>
    [G:\Rising\Rav\RavScrCh.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
    [C:\Program Files\Tencent\TT\PersonalDesktop.dll]  <深圳市腾讯计算机系统公司QQ工作小组><1, 0, 0, 4>
    [C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx]  <Macromedia, Inc.><8,0,24,0>
    [C:\WINDOWS\system32\Macromed\Common\SwSupport.dll]  <Macromedia, Inc.><8.5.1r102>
[PID: 2256][C:\DOCUME~1\user\LOCALS~1\Temp\Rar$EX00.672\SREng.exe]  <Smallfrogs Studio><2.0.12.350>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者