Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:06:45, on 2007-06-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Rising\Rav\RavStub.exe
c:\ltdrv\srvany.exe
C:\MaxUser\MaxClient.exe
C:\MaxUser\MaxClient.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
D:\hrims_statistic\mysql\bin\mysqld-nt.exe
D:\hrims_statistic\tomcat5.0\bin\tomcat5.exe
C:\Program Files\Rising\AntiSpyware\runiep.exe
C:\Program Files\Rising\Rav\RavTask.exe
D:\Baidu Disk Search\BaiduDiskSearch.exe
C:\Program Files\DuDu\Speed\DuDuAcc.exe
C:\Program Files\DuDu\Speed\dudupros.exe
D:\Baidu Disk Search\BaiduCrawl.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dddupapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
d:\My Documents\HiJackThis_v2_PConline.exe

F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: DuDu.com - {00018593-C6BD-46F7-9349-DBA1AA674C90} - C:\Program Files\DuDu\Speed\dddiemon.dll
O2 - BHO: IeCapture Class - {67B6599D-1ACF-4EA9-9EAB-578DF0FE6F78} - C:\Program Files\Common Files\Baidu\Disk Search\dsie.dll
O2 - BHO: iebar - {F3A84AA2-A658-42A6-B701-6E43EF08C6C6} - C:\WINDOWS\system32\Ndvdsapi32.dll (file missing)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [runeip] C:\Program Files\Rising\AntiSpyware\runiep.exe
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKCU\..\Run: [BaiduDS] D:\Baidu Disk Search\BaiduDiskSearch.exe -NoOpen
O4 - HKCU\..\Run: [127bg0jqf] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\c0nime.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DuDu下载加速器.lnk = C:\Program Files\DuDu\Speed\DuDuAcc.exe
O4 - Global Startup: zjcdik.lnk = ?
O4 - Global Startup: ~jdchi.lnk = C:\Program Files\FlashGet\~jdchil.exe
O4 - Global Startup: jdejl.lnk = ?
O8 - Extra context menu item: &使用DuDu下载 - res://C:\Program Files\DuDu\Speed\dddmext.dll/202
O8 - Extra context menu item: &使用DuDu下载全部链接 - res://C:\Program Files\DuDu\Speed\dddmext.dll/203
O8 - Extra context menu item: &使用DuDu下载选择链接 - res://C:\Program Files\DuDu\Speed\dddmext.dll/204
O8 - Extra context menu item: &使用DuDu捕获页面视频 - res://C:\Program Files\DuDu\Speed\dddmext.dll/205
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\qq\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\qq\SendMMS.htm
O8 - Extra context menu item: 百度Flash搜索 - res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/FLASHSEARCH.HTM
O8 - Extra context menu item: 百度mp3搜索 - res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUMP3.HTM
O8 - Extra context menu item: 百度信息快递搜索 - res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUIE.HTM
O8 - Extra context menu item: 百度图片搜索 - res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUIMG.HTM
O8 - Extra context menu item: 百度搜索 - res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUSEARCH.HTM
O8 - Extra context menu item: 百度新闻搜索 - res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUNEWS.HTM
O9 - Extra button: 番茄花园 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://tomatolei.com (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{19A02677-7C68-4FEF-96BF-061C0BBD6525}: NameServer = 218.201.4.3,61.128.128.68
O17 - HKLM\System\CCS\Services\Tcpip\..\{64CCEEE1-04A1-400D-A316-C61C5C20B467}: NameServer = 10.10.2.1
O22 - SharedTaskScheduler: Browseui 预加载程序 - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: 组件类别缓存程序 - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ltdrv - Unknown owner - c:\ltdrv\srvany.exe
O23 - Service: MService - Unknown owner - C:\MaxUser\MaxClient.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: tjmysql - Unknown owner - D:\hrims_statistic\mysql\bin\mysqld-nt.exe
O23 - Service: tjtomcat - Apache Software Foundation - D:\hrims_statistic\tomcat5.0\bin\tomcat5.exe

--
End of file - 5468 bytes

我的AutoRuns日志
HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms
+ rdpclipRDP Clip MonitorMicrosoft Corporationc:\windows\system32\rdpclip.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
+ userinit.exeUserinit Logon ApplicationMicrosoft Corporationc:\windows\system32\userinit.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
+ Explorer.exeWindows ExplorerMicrosoft Corporationc:\windows\explorer.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ RavTaskRavTimerBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravtask.exe
+ runeipRising AntiSpyware MonitorBeijing Rising Technology Co., Ltd.c:\program files\rising\antispyware\runiep.exe
C:\Documents and Settings\All Users\「开始」菜单\程序\启动
+ DuDu下载加速器.lnkDuDu Speed Module

DuDu.comc:\program files\dudu\speed\duduacc.exe
+ zjcdik.lnk文件未找到:    C:\Program Files\Microsoft Office\zjcdikc.exe
+ ~jdchi.lnk文件未找到:    C:\Program Files\FlashGet\~jdchil.exe
+ jdejl.lnk文件未找到:    C:\Program Files\Tencent\jdejld.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
+ 127bg0jqfc:\documents and settings\administrator\local settings\temp\c0nime.exe
+ BaiduDS百度硬盘搜索Baidu.com, Inc.d:\baidu disk search\baidudisksearch.exe
HKLM\SOFTWARE\Classes\Protocols\Filter
+ Class Install HandlerOLE32 Extensions for Win32Microsoft Corporationc:\windows\system32\urlmon.dll
+ deflateOLE32 Extensions for Win32Microsoft Corporationc:\windows\system32\urlmon.dll
+ gzipOLE32 Extensions for Win32Microsoft Corporationc:\windows\system32\urlmon.dll
+ lzdhtmlOLE32 Extensions for Win32Microsoft Corporationc:\windows\system32\urlmon.dll
+ text/webviewhtmlWindows Shell Common DllMicrosoft Corporationc:\windows\system32\shell32.dll
HKLM\SOFTWARE\Classes\Protocols\Handler
+ aboutMicrosoft (R) HTML ViewerMicrosoft Corporationc:\windows\system32\mshtml.dll
+ cdlOLE32 Extensions for Win32Microsoft Corporationc:\windows\system32\urlmon.dll
+ dvdActiveX control for streaming videoMicrosoft Corporationc:\windows\system32\msvidctl.dll
+ fileOLE32 Extensions for Win32Microsoft Corporationc:\windows\system32\urlmon.dll
+ ftpOLE32 Extensions for Win32Microsoft Corporationc:\windows\system32\urlmon.dll
+ gopherOLE32 Extensions for Win32Microsoft Corporationc:\windows\system32\urlmon.dll
+ httpOLE32 Extensions for Win32Microsoft Corporationc:\windows\system32\urlmon.dll
+ httpsOLE32 Extensions for Win32Microsoft Corporationc:\windows\system32\urlmon.dll
+ itsMicrosoft? InfoTech Storage System LibraryMicrosoft Corporationc:\windows\system32\itss.dll
+ javascriptMicrosoft (R) HTML ViewerMicrosoft Corporationc:\windows\system32\mshtml.dll
+ localOLE32 Extensions for Win32Microsoft Corporationc:\windows\system32\urlmon.dll
+ mailtoMicrosoft (R) HTML ViewerMicrosoft Corporationc:\windows\system32\mshtml.dll
+ mhtmlMicrosoft Internet Messaging APIMicrosoft Corporationc:\windows\system32\inetcomm.dll
+ mkOLE32 Extensions for Win32Microsoft Corporationc:\windows\system32\urlmon.dll
+ ms-itsMicrosoft? InfoTech Storage System LibraryMicrosoft Corporationc:\windows\system32\itss.dll
+ resMicrosoft (R) HTML ViewerMicrosoft Corporationc:\windows\system32\mshtml.dll
+ sysimageMicrosoft (R) HTML ViewerMicrosoft Corporationc:\windows\system32\mshtml.dll
+ tvActiveX control for streaming videoMicrosoft Corporationc:\windows\system32\msvidctl.dll
+ vbscriptMicrosoft (R) HTML ViewerMicrosoft Corporationc:\windows\system32\mshtml.dll
+ wiaWIA Scripting LayerMicrosoft Corporationc:\windows\system32\wiascr.dll
HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
+ 0文件未找到:    About:Home
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
+ Internet ExplorerWindows NT User Data Migration ToolMicrosoft Corporationc:\windows\system32\shmgrate.exe
+ Internet Explorer 6IE 5.0 Per-User Install UtilityMicrosoft Corporationc:\windows\system32\ie4uinit.exe
+ Microsoft Outlook Express 6Outlook Express Setup LibraryMicrosoft Corporationc:\program files\outlook express\setup50.exe
+ Microsoft Windows Media PlayerMicrosoft Windows Media Player 安装实用程序Microsoft Corporationc:\windows\inf\unregmp2.exe
+ Microsoft Windows Media PlayerADVPACKMicrosoft Corporationc:\windows\system32\advpack.dll
+ NetMeeting 3.01ADVPACKMicrosoft Corporationc:\windows\system32\advpack.dll
+ Outlook ExpressWindows NT User Data Migration ToolMicrosoft Corporationc:\windows\system32\shmgrate.exe
+ Themes SetupMicrosoft(C) Register ServerMicrosoft Corporationc:\windows\system32\regsvr32.exe
+ Windows Messenger 4.7ADVPACKMicrosoft Corporationc:\windows\system32\advpack.dll
+ Windows 桌面更新Microsoft(C) Register ServerMicrosoft Corporationc:\windows\system32\regsvr32.exe
+ 通讯簿 6Outlook Express Setup LibraryMicrosoft Corporationc:\program files\outlook express\setup50.exe
+ 浏览器自定义组件Microsoft Internet Explorer Customization DLLMicrosoft Corporationc:\windows\system32\iedkcs32.dll
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
+ Browseui 预加载程序Shell Browser UI LibraryMicrosoft Corporationc:\windows\system32\browseui.dll
+ 组件类别缓存程序Shell Browser UI LibraryMicrosoft Corporationc:\windows\system32\browseui.dll
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
+ CDBurnWindows Shell Common DllMicrosoft Corporationc:\windows\system32\shell32.dll
+ PostBootReminderWindows Shell Common DllMicrosoft Corporationc:\windows\system32\shell32.dll
+ SysTraySystray shell service objectMicrosoft Corporationc:\windows\system32\stobject.dll
+ WebCheckWeb Site MonitorMicrosoft Corporationc:\windows\system32\webcheck.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
+ Rising Execute File Exts hookRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\windows\system32\ravext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ Microsoft 数据链接Microsoft Data Access - OLE DB Core ServicesMicrosoft Corporationc:\program files\common files\system\ole db\oledb32.dll
+ RISINGRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\windows\system32\ravext.dll
HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ Web 文件夹c:\program files\common files\microsoft shared\web folders\msonsext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ dddmont ClassdddiemonDuDu.comc:\program files\dudu\speed\dddiemon.dll
+ iebar文件未找到:    C:\WINDOWS\system32\Ndvdsapi32.dll
+ IeCapture ClassBaidu Corp.c:\program files\common files\baidu\disk search\dsie.dll
HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks
+ shdocvw.dllShell Doc Object and Control LibraryMicrosoft Corporationc:\windows\system32\shdocvw.dll
HKLM\Software\Microsoft\Internet Explorer\Extensions
+ Windows MessengerWindows MessengerMicrosoft Corporationc:\program files\messenger\msmsgs.exe
+ 番茄花园文件未找到:    http://tomatolei.com

HKLM\System\CurrentControlSet\Services
+ AudioSrvWindows Audio ServiceMicrosoft Corporationc:\windows\system32\audiosrv.dll
+ BrowserComputer Browser Service DLLMicrosoft Corporationc:\windows\system32\browser.dll
+ CryptSvcCryptographic ServicesMicrosoft Corporationc:\windows\system32\cryptsvc.dll
+ DcomLaunchDistributed COM ServicesMicrosoft Corporationc:\windows\system32\rpcss.dll
+ DhcpDHCP Client ServiceMicrosoft Corporationc:\windows\system32\dhcpcsvc.dll
+ dmserverLogical Disk Manager service dllMicrosoft Corp.c:\windows\system32\dmserver.dll
+ DnscacheDNS Caching Resolver ServiceMicrosoft Corporationc:\windows\system32\dnsrslvr.dll
+ ERSvcWindows Error Reporting ServiceMicrosoft Corporationc:\windows\system32\ersvc.dll
+ EventlogServices and Controller appMicrosoft Corporationc:\windows\system32\services.exe
+ FrameworkGeneric Host Process for Win32 ServicesMicrosoft Corporationc:\windows\system32\svchost.exe
+ helpsvcMicrosoft PCHealth Service HolderMicrosoft Corporationc:\windows\pchealth\helpctr\binaries\pchsvc.dll
+ IrmonInfrared MonitorMicrosoft Corporationc:\windows\system32\irmon.dll
+ lanmanserverServer Service DLLMicrosoft Corporationc:\windows\system32\srvsvc.dll
+ lanmanworkstationWorkstation Service DLLMicrosoft Corporationc:\windows\system32\wkssvc.dll
+ LmHostsTCPIP NetBios Transport Services DLLMicrosoft Corporationc:\windows\system32\lmhsvc.dll
+ ltdrvc:\ltdrv\srvany.exe
+ MServicec:\maxuser\maxclient.exe
+ PlugPlayServices and Controller appMicrosoft Corporationc:\windows\system32\services.exe
+ PolicyAgentLSA Shell (Export Version)Microsoft Corporationc:\windows\system32\lsass.exe
+ ProtectedStorageLSA Shell (Export Version)Microsoft Corporationc:\windows\system32\lsass.exe
+ RemoteRegistryRemote Registry ServiceMicrosoft Corporationc:\windows\system32\regsvc.dll
+ RpcSsDistributed COM ServicesMicrosoft Corporationc:\windows\system32\rpcss.dll
+ RsCCenterCCenterBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ccenter.exe
+ RsRavMonRavMondBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravmond.exe
+ SamSsLSA Shell (Export Version)Microsoft Corporationc:\windows\system32\lsass.exe
+ ScheduleTask Scheduler EngineMicrosoft Corporationc:\windows\system32\schedsvc.dll
+ seclogonSecondary Logon Service DLLMicrosoft Corporationc:\windows\system32\seclogon.dll
+ SENSSystem Event Notification Service (SENS)Microsoft Corporationc:\windows\system32\sens.dll
+ SharedAccessMicrosoft NAT Helper ComponentsMicrosoft Corporationc:\windows\system32\ipnathlp.dll
+ ShellHWDetectionWindows Shell Services DllMicrosoft Corporationc:\windows\system32\shsvcs.dll
+ SoundMAX Agent Service (default)SoundMAX service agent componentAnalog Devices, Inc.c:\program files\analog devices\soundmax\smagent.exe
+ SpoolerSpooler SubSystem AppMicrosoft Corporationc:\windows\system32\spoolsv.exe
+ srserviceSystem Restore ServiceMicrosoft Corporationc:\windows\system32\srsvc.dll
+ ThemesWindows Shell Services DllMicrosoft Corporationc:\windows\system32\shsvcs.dll
+ tjmysqld:\hrims_statistic\mysql\bin\mysqld-nt.exe
+ tjtomcatService RunnerApache Software Foundationd:\hrims_statistic\tomcat5.0\bin\tomcat5.exe
+ TrkWksDistributed Link Tracking ClientMicrosoft Corporationc:\windows\system32\trkwks.dll
+ UMWdfWindows User Mode Driver ManagerMicrosoft Corporationc:\windows\system32\wdfmgr.exe
+ W32TimeWindows Time ServiceMicrosoft Corporationc:\windows\system32\w32time.dll
+ WebClientWeb DAV Service DLLMicrosoft Corporationc:\windows\system32\webclnt.dll
+ winmgmtWMIMicrosoft Corporationc:\windows\system32\wbem\wmisvc.dll
+ wscsvcWindows Security Center ServiceMicrosoft Corporationc:\windows\system32\wscsvc.dll
+ WZCSVCWireless Zero Configuration ServiceMicrosoft Corporationc:\windows\system32\wzcsvc.dll
HKLM\System\CurrentControlSet\Services
+ ACPIACPI Driver for NTMicrosoft Corporationc:\windows\system32\drivers\acpi.sys
+ aecMicrosoft Acoustic Echo CancellerMicrosoft Corporationc:\windows\system32\drivers\aec.sys
+ AFDAncillary Function Driver for WinSockMicrosoft Corporationc:\windows\system32\drivers\afd.sys
+ ALCXSENSSensaura WDM 3D Audio DriverSensaura Ltdc:\windows\system32\drivers\alcxsens.sys
+ ALCXWDMRealtek AC'97 Audio Driver (WDM)Realtek Semiconductor Corp.c:\windows\system32\drivers\alcxwdm.sys
+ AsyncMacMS Remote Access serial network driverMicrosoft Corporationc:\windows\system32\drivers\asyncmac.sys
+ atapiIDE/ATAPI Port DriverMicrosoft Corporationc:\windows\system32\drivers\atapi.sys
+ AtmarpcIP/ATM Arp ClientMicrosoft Corporationc:\windows\system32\drivers\atmarpc.sys
+ audstubAudStub DriverMicrosoft Corporationc:\windows\system32\drivers\audstub.sys
+ BaseTDIbasetdiBeijing Rising Technology Co., Ltd.c:\windows\system32\drivers\basetdi.sys
+ CCDECODEWDM Closed Caption VBI CodecMicrosoft Corporationc:\windows\system32\drivers\ccdecode.sys
+ CdromSCSI CD-ROM DriverMicrosoft Corporationc:\windows\system32\drivers\cdrom.sys
+ DgiVecpWindows NT 4.0 IEEE-1284 parallel class driver for ECP, Byte, and Nibble modesDeviceGuys, Inc.c:\windows\system32\drivers\dgivecp.sys
+ DiskPnP Disk DriverMicrosoft Corporationc:\windows\system32\drivers\disk.sys
+ dmioNT Disk Manager I/O DriverMicrosoft Corp., Veritas Softwarec:\windows\system32\drivers\dmio.sys
+ dmloadNT Disk Manager Startup DriverMicrosoft Corp., Veritas Software.c:\windows\system32\drivers\dmload.sys
+ DMusicMicrosoft Kernel DLS SynthesizerMicrosoft Corporationc:\windows\system32\drivers\dmusic.sys
+ drmkaudMicrosoft Kernel DRM Audio Descrambler FilterMicrosoft Corporationc:\windows\system32\drivers\drmkaud.sys
+ ExpScanerExpScan.sysc:\program files\rising\rav\expscan.sys
+ FdcFloppy Disk Controller DriverMicrosoft Corporationc:\windows\system32\drivers\fdc.sys
+ FlpydiskFloppy DriverMicrosoft Corporationc:\windows\system32\drivers\flpydisk.sys
+ FsVgaFull Screen Video DriverMicrosoft Corporationc:\windows\system32\drivers\fsvga.sys
+ FtdiskFT Disk DriverMicrosoft Corporationc:\windows\system32\drivers\ftdisk.sys
+ gameenumGame Port EnumeratorMicrosoft Corporationc:\windows\system32\drivers\gameenum.sys
+ GpcMS General Packet ClassifierMicrosoft Corporationc:\windows\system32\drivers\msgpc.sys
+ HOOKAPIHOOKAPI Driver瑞星软件有限公司c:\program files\rising\rav\hookapi.sys
+ HookContHookContRisingc:\program files\rising\rav\hookcont.sys
+ HookRegc:\program files\rising\rav\hookreg.sys
+ HookSysHooksysRisingc:\program files\rising\rav\hooksys.sys

+ HTTPHTTP Protocol StackMicrosoft Corporationc:\windows\system32\drivers\http.sys
+ i8042prti8042 Port DriverMicrosoft Corporationc:\windows\system32\drivers\i8042prt.sys
+ ialmIntel Graphics Miniport DriverIntel Corporationc:\windows\system32\drivers\ialmnt5.sys
+ IdeBusDrIntel Application Accelerator DriverIntel Corporationc:\windows\system32\drivers\idebusdr.sys
+ IdeChnDrIntel Application Accelerator DriverIntel Corporationc:\windows\system32\drivers\idechndr.sys
+ ImapiIMAPI Kernel DriverMicrosoft Corporationc:\windows\system32\drivers\imapi.sys
+ IntelIdeIntel PCI IDE DriverMicrosoft Corporationc:\windows\system32\drivers\intelide.sys
+ intelppmProcessor Device DriverMicrosoft Corporationc:\windows\system32\drivers\intelppm.sys
+ Ip6FwIPv6 Windows Firewall DriverMicrosoft Corporationc:\windows\system32\drivers\ip6fw.sys
+ IpFilterDriverIP FILTER DRIVERMicrosoft Corporationc:\windows\system32\drivers\ipfltdrv.sys
+ IpInIpIP in IP Encapsulation DriverMicrosoft Corporationc:\windows\system32\drivers\ipinip.sys
+ IpNatIP Network Address TranslatorMicrosoft Corporationc:\windows\system32\drivers\ipnat.sys
+ IPSecIPSec DriverMicrosoft Corporationc:\windows\system32\drivers\ipsec.sys
+ irdaIRDA Protocol DriverMicrosoft Corporationc:\windows\system32\drivers\irda.sys
+ IRENUMInfra-Red Bus EnumeratorMicrosoft Corporationc:\windows\system32\drivers\irenum.sys
+ irsirSerial Infrared DriverMicrosoft Corporationc:\windows\system32\drivers\irsir.sys
+ isapnpPNP ISA Bus DriverMicrosoft Corporationc:\windows\system32\drivers\isapnp.sys
+ KbdclassKeyboard Class DriverMicrosoft Corporationc:\windows\system32\drivers\kbdclass.sys
+ kmixerKernel Mode Audio MixerMicrosoft Corporationc:\windows\system32\drivers\kmixer.sys
+ MEMSCANMemScan Driver瑞星软件有限公司c:\program files\rising\rav\memscan.sys
+ MidiSynAnalog Devices Kernel DLS SynthesizerAnalog Devices Incc:\windows\system32\drivers\midisyn.sys
+ MouclassMouse Class DriverMicrosoft Corporationc:\windows\system32\drivers\mouclass.sys
+ MSKSSRVMS KS ServerMicrosoft Corporationc:\windows\system32\drivers\mskssrv.sys
+ MSPCLOCKMS Proxy ClockMicrosoft Corporationc:\windows\system32\drivers\mspclock.sys
+ MSPQMMS Proxy Quality ManagerMicrosoft Corporationc:\windows\system32\drivers\mspqm.sys
+ mssmbiosSystem Management BIOS DriverMicrosoft Corporationc:\windows\system32\drivers\mssmbios.sys
+ MSTEEWDM Tee/Communication Transform Filter Microsoft Corporationc:\windows\system32\drivers\mstee.sys
+ NABTSFECWDM NABTS/FEC VBI CodecMicrosoft Corporationc:\windows\system32\drivers\nabtsfec.sys
+ NdisIPMicrosoft IP DriverMicrosoft Corporationc:\windows\system32\drivers\ndisip.sys
+ NdisTapiNDIS 3.0 connection wrapper driverMicrosoft Corporationc:\windows\system32\drivers\ndistapi.sys
+ NdisuioNDIS User mode I/O DriverMicrosoft Corporationc:\windows\system32\drivers\ndisuio.sys
+ NdisWanMS PPP Framing Driver (Strong Encryption)Microsoft Corporationc:\windows\system32\drivers\ndiswan.sys
+ NetBTMBT Transport driverMicrosoft Corporationc:\windows\system32\drivers\netbt.sys
+ New0c:\windows\system32\new.sys
+ npkcryptnProtect KeyCrypt DriverINCA Internet Co., Ltd.d:\qq\npkcrypt.sys
+ npkycryp文件未找到:    D:\qq\npkycryp.sys
+ NwlnkFltNWLINK2 Traffic Filter DriverMicrosoft Corporationc:\windows\system32\drivers\nwlnkflt.sys
+ NwlnkFwdNWLINK2 Forwarder DriverMicrosoft Corporationc:\windows\system32\drivers\nwlnkfwd.sys
+ NwlnkIpxNWLINK2 IPX Protocol DriverMicrosoft Corporationc:\windows\system32\drivers\nwlnkipx.sys
+ NwlnkNbNWLINK2 IPX Netbios Protocol DriverMicrosoft Corporationc:\windows\system32\drivers\nwlnknb.sys
+ NwlnkSpxNWLINK2 SPX Protocol DriverMicrosoft Corporationc:\windows\system32\drivers\nwlnkspx.sys
+ ParportParallel Port DriverMicrosoft Corporationc:\windows\system32\drivers\parport.sys
+ PCINT Plug and Play PCI EnumeratorMicrosoft Corporationc:\windows\system32\drivers\pci.sys
+ PCIIdeGeneric PCI IDE Bus DriverMicrosoft Corporationc:\windows\system32\drivers\pciide.sys
+ PptpMiniportPeer-to-Peer Tunneling ProtocolMicrosoft Corporationc:\windows\system32\drivers\raspptp.sys
+ PSchedMS QoS Packet SchedulerMicrosoft Corporationc:\windows\system32\drivers\psched.sys
+ PtilinkParallel Technologies DirectParallel IO LibraryParallel Technologies, Inc.c:\windows\system32\drivers\ptilink.sys
+ RasAcdRAS Automatic Connection DriverMicrosoft Corporationc:\windows\system32\drivers\rasacd.sys
+ RasirdaIrDA WAN Miniport DriverMicrosoft Corporationc:\windows\system32\drivers\rasirda.sys
+ Rasl2tpRAS L2TP mini-port/call-manager driverMicrosoft Corporationc:\windows\system32\drivers\rasl2tp.sys
+ RasPppoeRAS PPPoE mini-port/call-manager driverMicrosoft Corporationc:\windows\system32\drivers\raspppoe.sys
+ RasptiPTI DirectParallel(R) mini-port/call-manager driverMicrosoft Corporationc:\windows\system32\drivers\raspti.sys
+ RDPCDDRDP MiniportMicrosoft Corporationc:\windows\system32\drivers\rdpcdd.sys
+ rdpdrMicrosoft RDP Device redirectorMicrosoft Corporationc:\windows\system32\drivers\rdpdr.sys
+ redbookRedbook Audio Filter DriverMicrosoft Corporationc:\windows\system32\drivers\redbook.sys
+ RsAntiSpywareRsBootBeijing Risingc:\windows\system32\drivers\rsboot.sys
+ RsNTGDIRsNTGDIBeijing Rising Technology Co., Ltd.c:\windows\system32\drivers\rsntgdi.sys
+ RSPPSYSRSPPSYS.SYSRisingc:\program files\rising\rav\rsppsys.sys
+ rtl8139NDIS 5.0 driver                                                                  Realtek Semiconductor Corporation                                                c:\windows\system32\drivers\rtl8139.sys
+ Secdrvc:\windows\system32\drivers\secdrv.sys
+ senfiltSensaura WDM 3D Audio DriverSensaurac:\windows\system32\drivers\senfilt.sys
+ serenumSerial Port EnumeratorMicrosoft Corporationc:\windows\system32\drivers\serenum.sys
+ SerialSerial Device DriverMicrosoft Corporationc:\windows\system32\drivers\serial.sys
+ SLIPMicrosoft Slip Deframing Filter MinidriverMicrosoft Corporationc:\windows\system32\drivers\slip.sys
+ smwdmSoundMAX Integrated Digital Audio Analog Devices, Inc.c:\windows\system32\drivers\smwdm.sys
+ splitterMicrosoft Kernel Audio SplitterMicrosoft Corporationc:\windows\system32\drivers\splitter.sys
+ streamipMicrosoft IP Test DriverMicrosoft Corporationc:\windows\system32\drivers\streamip.sys
+ swenumPlug and Play Software Device EnumeratorMicrosoft Corporationc:\windows\system32\drivers\swenum.sys
+ swmidiMicrosoft GS Wavetable SynthesizerMicrosoft Corporationc:\windows\system32\drivers\swmidi.sys
+ sysaudioSystem Audio WDM FilterMicrosoft Corporationc:\windows\system32\drivers\sysaudio.sys
+ TcpipTCP/IP Protocol DriverMicrosoft Corporationc:\windows\system32\drivers\tcpip.sys
+ TDDISoftDog driverSafeNet China Ltd.c:\windows\system32\drivers\tddi.sys
+ TermDDTerminal Server DriverMicrosoft Corporationc:\windows\system32\drivers\termdd.sys
+ UpdateUpdate DriverMicrosoft Corporationc:\windows\system32\drivers\update.sys
+ usbehciEHCI eUSB Miniport DriverMicrosoft Corporationc:\windows\system32\drivers\usbehci.sys
+ usbhubDefault Hub Driver for USBMicrosoft Corporationc:\windows\system32\drivers\usbhub.sys
+ usbprintUSB Printer driverMicrosoft Corporationc:\windows\system32\drivers\usbprint.sys
+ USBSTORUSB Mass Storage Class DriverMicrosoft Corporationc:\windows\system32\drivers\usbstor.sys
+ usbuhciUHCI USB Miniport DriverMicrosoft Corporationc:\windows\system32\drivers\usbuhci.sys
+ VgaSaveVGA/Super VGA Video DriverMicrosoft Corporationc:\windows\system32\drivers\vga.sys
+ WanarpMS Remote Access and Routing ARP DriverMicrosoft Corporationc:\windows\system32\drivers\wanarp.sys
+ wdmaudMMSYSTEM Wave/Midi API mapperMicrosoft Corporationc:\windows\system32\drivers\wdmaud.sys
+ WSTCODECWDM WST Codec DriverMicrosoft Corporationc:\windows\system32\drivers\wstcodec.sys
+ ZSMC301bVideo streaming and Capture Device DriverVMc:\windows\system32\drivers\usbvm31b.sys
HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute
+ autocheck autochk *Auto Check UtilityMicrosoft Corporationc:\windows\system32\autochk.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
+ Your Image File Name Here without a pathSymbolic Debugger for Windows 2000Microsoft Corporationc:\windows\system32\ntsd.exe
HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls

+ advapi32Advanced Windows 32 Base APIMicrosoft Corporationc:\windows\system32\advapi32.dll
+ comdlg32Common Dialogs DLLMicrosoft Corporationc:\windows\system32\comdlg32.dll
+ gdi32GDI Client DLLMicrosoft Corporationc:\windows\system32\gdi32.dll
+ imagehlpWindows NT Image HelperMicrosoft Corporationc:\windows\system32\imagehlp.dll
+ kernel32Windows NT BASE API Client DLLMicrosoft Corporationc:\windows\system32\kernel32.dll
+ lz32LZ Expand/Compress API DLLMicrosoft Corporationc:\windows\system32\lz32.dll
+ ole32Microsoft OLE for WindowsMicrosoft Corporationc:\windows\system32\ole32.dll
+ oleaut32Microsoft Corporationc:\windows\system32\oleaut32.dll
+ olecli32Object Linking and Embedding Client LibraryMicrosoft Corporationc:\windows\system32\olecli32.dll
+ olecnv32Microsoft OLE for WindowsMicrosoft Corporationc:\windows\system32\olecnv32.dll
+ olesvr32Object Linking and Embedding Server LibraryMicrosoft Corporationc:\windows\system32\olesvr32.dll
+ olethk32Microsoft OLE for WindowsMicrosoft Corporationc:\windows\system32\olethk32.dll
+ rpcrt4Remote Procedure Call RuntimeMicrosoft Corporationc:\windows\system32\rpcrt4.dll
+ shell32Windows Shell Common DllMicrosoft Corporationc:\windows\system32\shell32.dll
+ urlInternet Shortcut Shell Extension DLLMicrosoft Corporationc:\windows\system32\url.dll
+ urlmonOLE32 Extensions for Win32Microsoft Corporationc:\windows\system32\urlmon.dll
+ user32Windows XP USER API Client DLLMicrosoft Corporationc:\windows\system32\user32.dll
+ versionVersion Checking and File Installation LibrariesMicrosoft Corporationc:\windows\system32\version.dll
+ wininetInternet Extensions for Win32Microsoft Corporationc:\windows\system32\wininet.dll
+ wldap32Win32 LDAP API DLLMicrosoft Corporationc:\windows\system32\wldap32.dll
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UIHost
+ logonui.exeWindows Logon UIMicrosoft Corporationc:\windows\system32\logonui.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
+ crypt32chainCrypto API32Microsoft Corporationc:\windows\system32\crypt32.dll
+ cryptnetCrypto Network Related APIMicrosoft Corporationc:\windows\system32\cryptnet.dll
+ cscdllOffline Network AgentMicrosoft Corporationc:\windows\system32\cscdll.dll
+ igfxcuiigfxsrvc ModuleIntel Corporationc:\windows\system32\igfxsrvc.dll
+ ScCertPropCommon DLL to receive Winlogon notificationsMicrosoft Corporationc:\windows\system32\wlnotify.dll
+ ScheduleCommon DLL to receive Winlogon notificationsMicrosoft Corporationc:\windows\system32\wlnotify.dll
+ sclgntfySecondary Logon Service Notification DLLMicrosoft Corporationc:\windows\system32\sclgntfy.dll
+ SensLognCommon DLL to receive Winlogon notificationsMicrosoft Corporationc:\windows\system32\wlnotify.dll
+ termsrvCommon DLL to receive Winlogon notificationsMicrosoft Corporationc:\windows\system32\wlnotify.dll
+ wlballoonCommon DLL to receive Winlogon notificationsMicrosoft Corporationc:\windows\system32\wlnotify.dll
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9
+ MSAFD Irda [IrDA]Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{125CB960-FB76-4847-867B-04F211833F9F}] DATAGRAM 3Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{125CB960-FB76-4847-867B-04F211833F9F}] SEQPACKET 3Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{19A02677-7C68-4FEF-96BF-061C0BBD6525}] DATAGRAM 0Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{19A02677-7C68-4FEF-96BF-061C0BBD6525}] SEQPACKET 0Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{34278704-29E7-4938-9A5B-BF3C2C1CE5C2}] DATAGRAM 4Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{34278704-29E7-4938-9A5B-BF3C2C1CE5C2}] SEQPACKET 4Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{64CCEEE1-04A1-400D-A316-C61C5C20B467}] DATAGRAM 6Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{64CCEEE1-04A1-400D-A316-C61C5C20B467}] SEQPACKET 6Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{78CB8E4C-1AB5-45F8-8E31-2F6D573C452E}] DATAGRAM 1Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{78CB8E4C-1AB5-45F8-8E31-2F6D573C452E}] SEQPACKET 1Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{F0004BAF-AAE8-4514-90D9-62E74B39FE55}] DATAGRAM 2Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{F0004BAF-AAE8-4514-90D9-62E74B39FE55}] SEQPACKET 2Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NwlnkNb] DATAGRAM 5Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll
+ MSAFD NetBIOS [\Device\NwlnkNb] SEQPACKET 5Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll
+ MSAFD nwlnkipx [IPX]Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll
+ MSAFD nwlnkspx [SPX II]Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll
+ MSAFD nwlnkspx [SPX II] [Pseudo Stream]Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll
+ MSAFD nwlnkspx [SPX]Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll
+ MSAFD nwlnkspx [SPX] [Pseudo Stream]Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll
+ MSAFD Tcpip [RAW/IP]Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll
+ MSAFD Tcpip [TCP/IP]Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll
+ MSAFD Tcpip [UDP/IP]Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll
+ RSVP TCP Service ProviderMicrosoft Windows Rsvp 1.0 Service ProviderMicrosoft Corporationc:\windows\system32\rsvpsp.dll
+ RSVP UDP Service ProviderMicrosoft Windows Rsvp 1.0 Service ProviderMicrosoft Corporationc:\windows\system32\rsvpsp.dll
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
+ BJ Language MonitorLangage Monitor for Canon Bubble-Jet PrinterMicrosoft Corporationc:\windows\system32\cnbjmon.dll
+ Local PortLocal Spooler DLLMicrosoft Corporationc:\windows\system32\localspl.dll
+ OLFax PortsSymantec Fax Starter Edition Monitor DLLMicrosoft Corporationc:\windows\system32\olfmnt40.dll
+ PJL Language MonitorPJL Language monitorMicrosoft Corporationc:\windows\system32\pjlmon.dll
+ Standard TCP/IP PortStandard TCP/IP Port Monitor DLLMicrosoft Corporationc:\windows\system32\tcpmon.dll
+ SUGS1 LangmonLanguage Monitor for Status MonitorSamsung Electronics.c:\windows\system32\sugs1lmk.dll
+ USB MonitorStandard Dynamic Printing Port Monitor DLLMicrosoft Corporationc:\windows\system32\usbmon.dll
HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders
+ digest.dllDigest SSPI Authentication PackageMicrosoft Corporationc:\windows\system32\digest.dll
+ msapsspc.dllDPA Client for 32 bit platformsMicrosoft Corporationc:\windows\system32\msapsspc.dll
+ msnsspc.dllMSN Internet AccessMicrosoft Corporationc:\windows\system32\msnsspc.dll
+ schannel.dllTLS / SSL Security ProviderMicrosoft Corporationc:\windows\system32\schannel.dll
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages
+ msv1_0Microsoft Authentication Package v1.0Microsoft Corporationc:\windows\system32\msv1_0.dll
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notification Packages
+ scecliWindows Security Configuration Editor Client EngineMicrosoft Corporationc:\windows\system32\scecli.dll
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security Packages
+ kerberosKerberos Security PackageMicrosoft Corporationc:\windows\system32\kerberos.dll
+ msv1_0Microsoft Authentication Package v1.0Microsoft Corporationc:\windows\system32\msv1_0.dll
+ schannelTLS / SSL Security ProviderMicrosoft Corporationc:\windows\system32\schannel.dll
+ wdigestMicrosoft Digest AccessMicrosoft Corporationc:\windows\system32\wdigest.dll
HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
+ LanmanWorkstationMicrosoft Windows NetworkMicrosoft Corporationc:\windows\system32\ntlanman.dll
+ RDPNPMicrosoft Terminal ServicesMicrosoft Corporationc:\windows\system32\drprov.dll
+ WebClientWeb Client NetworkMicrosoft Corporationc:\windows\system32\davclnt.dll