日志
Running processes:
[smss.exe]
CommandLine =
[csrss.exe]
CommandLine = C:\WINDOWS\system32\csrss.exe
ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
[winlogon.exe]
CommandLine = winlogon.exe
[SERVICES.EXE]
CommandLine = C:\WINDOWS\system32\services.exe
[LSASS.EXE]
CommandLine = C:\WINDOWS\system32\lsass.exe
[Ati2evxx.exe]
CommandLine = C:\WINDOWS\system32\Ati2evxx.exe
[SVCHOST.EXE]
CommandLine = C:\WINDOWS\system32\svchost -k DcomLaunch
[SVCHOST.EXE]
CommandLine = C:\WINDOWS\system32\svchost -k rpcss
[CCenter.exe]
CommandLine = "G:\Rising\Rav\CCenter.exe"
[SVCHOST.EXE]
CommandLine = C:\WINDOWS\System32\svchost.exe -k netsvcs
[SVCHOST.EXE]
CommandLine = C:\WINDOWS\system32\svchost.exe -k NetworkService
[SVCHOST.EXE]
CommandLine = C:\WINDOWS\system32\svchost.exe -k LocalService
[RavMonD.exe]
CommandLine = "G:\Rising\Rav\Ravmond.exe"
[Ati2evxx.exe]
CommandLine = Ati2evxx.exe -Client
[rfwsrv.exe]
CommandLine = g:\rising\rfw\rfwsrv.exe
[spoolsv.exe]
CommandLine = C:\WINDOWS\system32\spoolsv.exe
[RavStub.exe]
CommandLine = G:\Rising\Rav\RavStub.exe /RAVMOND
[RFWMAIN.EXE]
CommandLine = -StartUp
[kavsvc.exe]
CommandLine = C:\WINDOWS\system\kavsvc.exe
[StarWindService.exe]
CommandLine = "C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe"
[wdfmgr.exe]
CommandLine = C:\WINDOWS\system32\wdfmgr.exe
[uphclean.exe]
CommandLine = "C:\Program Files\UPHClean\uphclean.exe"
[alg.exe]
CommandLine = C:\WINDOWS\System32\alg.exe
[ctfmon.exe]
CommandLine = "C:\WINDOWS\system32\ctfmon.exe"
[RavMon.exe]
CommandLine = "G:\Rising\Rav\RavMon.exe" -monset
[QQ.EXE]
CommandLine = E:\QQ\QQ.exe
[TIMPlatform.exe]
CommandLine = E:\QQ\TIMPlatform.exe -Embedding
[EXPLORER.EXE]
CommandLine = "C:\WINDOWS\explorer.exe"
[iexplore.exe]
CommandLine = "C:\Program Files\Internet Explorer\iexplore.exe"
[KkScan.exe]
CommandLine = "G:\Rising\Raw\KkScan.exe"
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.hao123.com/
R3 - Default URLSearchHook is missing
O2 - BHO: MyIEHelper Class - {16B770A0-0E87-4278-B748-2460D64A8386} - (file missing)
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\KakaTool.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{197DE6C4-925C-423E-A6EF-6C707BE1D2A4}: NameServer = 202.99.166.4 202.99.160.68
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O20 - Winlogon Notify: AtiExtEvent
O23 - Service: Ati HotKey Poller (Ati HotKey Poller) - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart (ATI Smart) - - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Distributed Link Tracking Clientr (dltc1) - - C:\WINDOWS\system\kavsvc.exe
O23 - Service: Human Interface Device Access (HidServ) - - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - g:\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - g:\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - "G:\Rising\Rav\CCenter.exe"
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - "G:\Rising\Rav\Ravmond.exe"
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
