最近我的系统里面多了几个进程，
nidmsrv.exe
nisvcloc.exe
lktsrv.exe
lkads.exe
lkcidtdl.exe
请问：（1）这些是什么进程呢，是木马么？
（2）怎么禁止进程在开机时自动加载？

请下载 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完，分次粘完，请不要修改。

HijackThis_815汉化版扫描日志 V1.99.1
保存于      0:01:40, 日期 2006-6-14
操作系统：  Windows XP SP2 (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
d:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
d:\Program Files\Rising\Rav\Ravmond.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\lkcitdl.exe
D:\Program Files\拼音加加4.0\jj4\jjsvr4.exe
c:\program files\rising\rfw\RfwMain.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
D:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\WINDOWS\system32\hkcmd.exe
D:\Program Files\Rising\Rav\RavTask.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Rising\Rav\Ravmon.exe
D:\Program Files\Rising\Rav\RsAgent.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Thunder Network\Thunder\Thunder.exe
D:\Download\Hijackthis1991zww\HijackThis1991zww.exe

O2 - BHO: ThunderIEHelper - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v14.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - d:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - D:\PROGRA~1\KuGoo3\KUGOO3~1.OCX
O3 - IE工具栏增项: 系统标准按钮(&E) - {6B2455FD-3669-4555-8DF8-69FD5BC846F8} - C:\WINDOWS\system32\SystemToolbar.dll
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - 启动项HKLM\\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - 启动项HKLM\\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - 启动项HKLM\\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\Run: [RavTask] "d:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [pyjj] D:\Program Files\拼音加加4.0\jj4\jjsvr4.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - D:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - D:\Program Files\Thunder Network\Thunder\getallurl.htm
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - D:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 使用KuGoo3下载(&K) - D:\Program Files\KuGoo3\KuGoo3DownX.htm
O8 - IE右键菜单中的新增项目: 使用迅雷下载  - d:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - IE右键菜单中的新增项目: 导入当前页到超星阅览器(&A) - d:\Program Files\SSREADER36\ss_all.htm
O8 - IE右键菜单中的新增项目: 导入选中部分到超星阅览器(&S) - d:\Program Files\SSREADER36\ss_select.htm
O8 - IE右键菜单中的新增项目: 导出到 Microsoft Office Excel(&X) - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - IE右键菜单中的新增项目: 导出当前页到超星阅览器(&A) - D:\Program Files\SSREADER36\ss_all.htm
O8 - IE右键菜单中的新增项目: 导出选中部分到超星阅览器(&S) - D:\Program Files\SSREADER36\ss_select.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O9 - 浏览器额外的按钮: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - 浏览器额外的“工具”菜单项: Sun Java 控制台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - 浏览器额外的按钮: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll
O9 - 浏览器额外的“工具”菜单项: MMSAssist工具条设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll
O9 - 浏览器额外的按钮: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - d:\Program Files\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - d:\Program Files\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的按钮: 易趣购物 - {DE607141-AC19-421e-868A-8D70ABDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=5 (file missing)
O9 - 浏览器额外的“工具”菜单项: 易趣购物 - {DE607141-AC19-421e-868A-8D70ABDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=5 (file missing)
O9 - 浏览器额外的按钮: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - 浏览器额外的按钮: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - d:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - 浏览器额外的“工具”菜单项: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - d:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - 浏览器额外的按钮: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - 浏览器额外的“工具”菜单项: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1146489238750
O17 - HKLM\System\CCS\Services\Tcpip\..\{1A9D1402-847A-4028-A7BA-0A0303C1877F}: NameServer = 61.134.1.4,61.134.1.9
O17 - HKLM\System\CS1\Services\Tcpip\..\{1A9D1402-847A-4028-A7BA-0A0303C1877F}: NameServer = 61.134.1.4,61.134.1.9
O17 - HKLM\System\CS2\Services\Tcpip\..\{1A9D1402-847A-4028-A7BA-0A0303C1877F}: NameServer = 61.134.1.4,61.134.1.9
O18 - 列举现有的协议: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - NT 服务: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - NT 服务: Apache Tomcat 4.1 - Alexandria Software Consulting - d:\Program Files\Apache Group\Tomcat 4.1\bin\tomcat.exe
O23 - NT 服务: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - NT 服务: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - NT 服务: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - NT 服务: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - NT 服务: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - NT 服务: MATLAB Server (matlabserver) - Unknown owner - d:\Program Files\MATLAB71\webserver\bin\win32\matlabserver.exe
O23 - NT 服务: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - D:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - NT 服务: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - NT 服务: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - d:\Program Files\Rising\Rav\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - d:\Program Files\Rising\Rav\Ravmond.exe
O23 - NT 服务: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

是这个么？

2006-06-14,00:05:01

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [Microsoft Corporation]
    <pyjj><D:\Program Files\拼音加加4.0\jj4\jjsvr4.exe>  [加加开发组]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [Microsoft Corporation]
    <IgfxTray><C:\WINDOWS\system32\igfxtray.exe>  [Intel Corporation]
    <HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe>  [Intel Corporation]
    <spoolsv><>  []
    <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [Microsoft Corporation]
    <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <RavTask><"d:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]

==================================
启动文件夹
服务
[Adobe LM Service / Adobe LM Service]
  <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[Apache Tomcat 4.1 / Apache Tomcat 4.1]
  <d:\Program Files\Apache Group\Tomcat 4.1\bin\tomcat.exe><Alexandria Software Consulting>
[Autodesk Licensing Service / Autodesk Licensing Service]
  <"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"><Autodesk>
[Print Manager / BRGNS]
  <C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A>
[Lookout Citadel Server / LkCitadelServer]
  <C:\WINDOWS\system32\lkcitdl.exe><National Instruments, Inc.>
[National Instruments PSP Server Locator / lkClassAds]
  <C:\WINDOWS\system32\lkads.exe><National Instruments, Inc.>
[National Instruments Time Synchronization / lkTimeSync]
  <C:\WINDOWS\system32\lktsrv.exe><National Instruments, Inc.>
[Macromedia Licensing Service / Macromedia Licensing Service]
  <"C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"><Macromedia>
[MATLAB Server / matlabserver]
  <d:\Program Files\MATLAB71\webserver\bin\win32\matlabserver.exe><N/A>
[National Instruments Domain Service / NIDomainService]
  <"D:\Program Files\National Instruments\Shared\Security\nidmsrv.exe"><National Instruments, Inc.>
[NI Service Locator / niSvcLoc]
  <C:\WINDOWS\system32\nisvcloc.exe -s><National Instruments Corp.>
[Rising Proxy  Service / RfwProxySrv]
  <c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
  <c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Remote Packet Capture Protocol v.0 (experimental) / rpcapd]
  <"C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini"><N/A>
[Rising Process Communication Center / RsCCenter]
  <"d:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
  <"d:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[StarWind iSCSI Service / StarWindService]
  <D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe><Rocket Division Software>

==================================

请高手帮我看一下日志文件,今天中了"Backdoor.Gpigeon.wgi"已杀过毒.

HijackThis@Qoo的扫描日志  V1.97.7
Scan saved at 23:48:03, on 2006-6-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
D:\Program Files\Rising\Rav\Ravmond.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Rising\Rav\RavStub.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Rising\Rav\RavTask.exe
D:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\ctfmon.exe
E:\666666\海通大智慧2005专业版\internet\hypwise.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Internet Explorer\iexplore.exe
F:\抓图工具\抓图式具.exe
D:\HijackThis.exe

O2 - BHO: (no name) - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll (file missing)
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL (file missing)
O2 - BHO: (no name) - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\JCCATCH.DLL
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\DOWNLO~1\CnsHook.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: ????? - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\baidubar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [RavTask] "D:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [词霸Online自启动] D:\jing shan\iciba\Iciba.exe
O4 - HKLM\..\RunOnce: [RavStub] "D:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE
O4 - Startup: ntuser.dat
O4 - Startup: NTUSER.DAT.LOG
O4 - Startup: ntuser.ini
O4 - Global Startup: ntuser.dat.LOG
O4 - Global Startup: ntuser.dat.bak
O4 - Global Startup: ntuser.dat
O8 - Extra context menu item: 上传到QQ网络硬盘 - F:\qq11\AddToNetDisk.htm
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - F:\qq11\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - F:\qq11\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - F:\qq11\SendMMS.htm
O8 - Extra context menu item: 百度-搜索MP3 - res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUMP3.HTM
O8 - Extra context menu item: 百度-搜索图片 - res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUIMG.HTM
O8 - Extra context menu item: 百度-搜索新闻 - res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUNEWS.HTM
O8 - Extra context menu item: 百度-搜索歌词 - res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDULYRIC.HTM
O8 - Extra context menu item: 百度-搜索网页 - res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUSEARCH.HTM
O8 - Extra context menu item: 百度-搜索贴吧 - res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUPOST.HTM
O8 - Extra context menu item: 百度-词典搜索 - res://C:\PROGRA~1\baidu\bar\baidubar.dll/BAIDU_DIC.HTM
O11 - Options group: [!CNS] 
O16 - DPF: {2354A44B-3CEB-4829-9940-545B03103538} (PowerPlr Control) - http://www.3way.cn/plugin/PowerPlr.ocx
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121692294343
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3D8A92A-E115-4631-8E55-02B3319C4392}: NameServer = 192.168.2.1

自启动项
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\Currentversion\Run
IMJPMIG8.1 = "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
PHIME2002ASync = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
SoundMan = SOUNDMAN.EXE
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
RavTask = "D:\Program Files\Rising\Rav\RavTask.exe" -system

HKEY_CURRENT_USER Software\Microsoft\Windows\Currentversion\Run
ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
词霸Online自启动 = D:\jing shan\iciba\Iciba.exe

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\Currentversion\RunOnce
RavStub = "D:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
shell32.dll = "D:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE
C:\WINDOWS\DOWNLO~1\CnsHook.dll= "D:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE
C:\WINDOWS\system32\RavExt.dll= Rising Execute File Exts hook

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
PostBootReminder = %SystemRoot%\system32\SHELL32.dll
CDBurn = %SystemRoot%\system32\SHELL32.dll
WebCheck = %SystemRoot%\system32\webcheck.dll
SysTray = C:\WINDOWS\system32\stobject.dll

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
%SystemRoot%\system32\browseui.dll= Browseui 预加载程序
%SystemRoot%\system32\browseui.dll= 组件类别缓存程序


SYSTEM.INI BOOT SHELL Explorer.exe

其他相关项
HKEY_LOCAL_MACHINE Software\Microsoft\Internet Explorer\Main start page ----> http://www.sina.com.cn
HKEY_CURRENT_USER Software\Microsoft\Internet Explorer\Main start page ----> http://www.sina.com.cn/
HKEY_LOCAL_MACHINE Software\Microsoft\Windows NT\CurrentVersion\Winlogon DefaultUserName ----> ids
HKEY_LOCAL_MACHINE Software\Microsoft\Windows NT\CurrentVersion\Winlogon AltDefaultUserName ----> ids
HKEY_LOCAL_MACHINE Software\Microsoft\Windows NT\CurrentVersion\Winlogon Userinit ----> C:\WINDOWS\system32\userinit.exe,
HKEY_USERS .Default\Software\Microsoft\Internet Explorer\Main search bar ----> http://www.google.com/intl/zh-CN/


WININIT.INI
[rename]
NUL=C:\DOCUME~1\ids\LOCALS~1\Temp\ginstall.dll

Hosts
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

进程列表

[System Process]
System
C:\WINDOWS\SOUNDMAN.EXE (Made by Realtek Semiconductor Corp.)

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
D:\Program Files\Rising\Rav\Ravmond.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Rising\Rav\RavStub.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Rising\Rav\RavTask.exe
D:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\ctfmon.exe
E:\666666\海通大智慧2005专业版\internet\hypwise.exe
C:\Downloads\瑞星听诊器”\RavDetect.exe

进程详细信息


C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\SOUNDMAN.EXE (made by Realtek Semiconductor Corp.)

SUVWh|
ptPf=}
$t(f=}
L$ PQj
D$ RPj
T$ QRj
L$$PQj
D$$RPj
L$$PQj
D$h_^][
Vtcf=4
pt2f=H
T$$Rhd
D$$Phd
D$DjPPQR
f=Ast~f=Bstxf=Estrf=
ttlf=1ttff=
ut`f=PutZf=`utTf=putNf=
D$DUPQ
D$(RPj
pt.f=H
L$(PQj
D$(PSh
L$4PQR
f9l$ umf
L$hPQR
L$hPQR
T$ QRj
T$$QRj
T$*vb3
D$LUV3
D$(UPV
L$ @QPV
L$(PQV
L$HPQV
L$(PQV
D$,UPVS
T$8VRS
L$0QRS
D$0PSj
T$4QRS
D$0PSj
D$ _^]
HSUVWh
t.;t$$t(
VC20XC00U
D$(PWSUQ
VPWSUQ
D$8QVRh
L$ RQP
jjjjjjh
ALSMTray
ALSMTrayClass
ALCMTrayMutex
Software\Avance\AC97 Audio\ALSMTray
Layout
Software\Avance\AC97 Audio
ShowIcon
ChCfg.EXE 8
InitCH
Software\Realtek\InitAP
UIO3Type
UIO2Type
UIO1Type
AutoNextTime
UAJStatus
Software\Realtek\UAJ
RTLCPL.EXE
rundll32.exe shell32.dll,Control_RunDLL alsndmgr.c
SNDVOL32.EXE
rundll32.exe shell32.dll,Control_RunDLL mmsys.cpl,
SNDREC32.EXE
rundll32.exe shell32.dll,Control_RunDLL alsndmgr.c
RTLCPL.EXE 8
AutoType
Software\Realtek\Jack Sense
rundll32.exe shell32.dll,Control_RunDLL alsndmgr.c
RTLCPL.EXE 10
AutoPopup
mplayer.exe
mplayer2.exe
wmplayer.exe
Installation Directory
Software\Microsoft\MediaPlayer
REALTEK
AVANCE
LineStates
\Software\Microsoft\Windows\CurrentVersion\Applets
SYSTEM\CurrentControlSet\Control\MediaCategories\
{185FEDF9-9905-11D1-95A9-00C04FB925D3}
{4548F87B-32C7-46c7-B2E3-7AD500166A5E}
.DEFAULT
Migrate
Software\Microsoft\Protected Storage System Provid
nVidia audio controller
ATI audio controller
ALi audio controller
AMD-8111 audio controller
AMD audio controller
SiS 7012
SiS 7018
VIA 8233
VIA 686A/B/8231
INTEL MX
INTEL (25A6)
INTEL(ICH6) for Azalia
INTEL(ICH6) for AC97
INTEL ICH5
INTEL ICH4
INTEL ICH3
INTEL 82801BA
INTEL 82801AB
INTEL 82801AA
PCI\VEN_10DE&DEV_00EA
PCI\VEN_10DE&DEV_008A
PCI\VEN_10DE&DEV_00DA
PCI\VEN_10DE&DEV_006A
PCI\VEN_10DE&DEV_01B1
PCI\VEN_1002&DEV_4361
PCI\VEN_1002&DEV_4341
PCI\VEN_10B9&DEV_5455
PCI\VEN_10B9&DEV_5451
PCI\VEN_1022&DEV_746D
PCI\VEN_1022&DEV_7445
PCI\VEN_1039&DEV_7012
PCI\VEN_1039&DEV_7018
PCI\VEN_1106&DEV_3059
PCI\VEN_1106&DEV_3058
PCI\VEN_8086&DEV_7195
PCI\VEN_8086&DEV_25A6
PCI\VEN_8086&DEV_2668
PCI\VEN_8086&DEV_266E
PCI\VEN_8086&DEV_24D5
PCI\VEN_8086&DEV_24C5
PCI\VEN_8086&DEV_2485
PCI\VEN_8086&DEV_2445
PCI\VEN_8086&DEV_2425
PCI\VEN_8086&DEV_2415
C:\WINDOWS\SOUNDMAN.EXE
((((((((((((((((((((((((((
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
Sound Effect
Sound Effect
Service Pack 2
Sound Effect
((((( H