为啥又个IE进程啊 bbs.ikaka.com

偶是高达 - 2006-4-27 11:31:00

用autoruns查看的
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ DAEMON Tools File not found: ;

+ nwiz File not found: ;

+ RavTask RavTimer Beijing Rising Technology Co., Ltd. c:\program files\rising\rav\ravtask.exe

+ SoundMan File not found: ;

+ StormCodec_Helper File not found: ;

+ TkBellExe RealNetworks Scheduler RealNetworks, Inc. c:\program files\common files\real\update_ob\realsched.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

+ Rising Execute File Exts hook Rising Shell Ext Module Beijing Rising Technology Co., Ltd. c:\windows\system32\ravext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ Desktop Explorer NVIDIA Desktop Explorer, Version 56.72 NVIDIA Corporation c:\windows\system32\nvshell.dll

+ Desktop Explorer Menu NVIDIA Desktop Explorer, Version 56.72 NVIDIA Corporation c:\windows\system32\nvshell.dll

+ Display Panning CPL Extension File not found: deskpan.dll

+ HyperTerminal Icon Ext HyperTerminal Applet Library Hilgraeve, Inc. c:\windows\system32\hticons.dll

+ NvCpl DesktopContext Class NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dll

+ nView Desktop Context Menu NVIDIA Desktop Explorer, Version 56.72 NVIDIA Corporation c:\windows\system32\nvshell.dll

+ PicaView PicaView 系统扩展 DLL ACD Systems, Ltd. c:\program files\acdsee\picaview.dll

+ Play on my TV helper NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dll

+ RISING Rising Shell Ext Module Beijing Rising Technology Co., Ltd. c:\windows\system32\ravext.dll

+ Shell Extensions for RealOne Player RealPlayer Shell Extensions RealNetworks, Inc. c:\program files\real\realplayer\rpshell.dll

+ WinRAR shell extension c:\program files\winrar\rarext.dll

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ Web 文件夹 c:\program files\common files\microsoft shared\web folders\msonsext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

+ IeCatch2 Class jccatch Module Amaze Soft c:\program files\flashget\jccatch.dll

+ QQBrowserHelperObject Class QQIEHelper Module 深圳市腾讯计算机系统有限公司 d:\tencent\qq\qqiehelper.dll

+ ThunderIEHelper Class xunleibho BHO Thunder Networking Technologies,LTD c:\windows\system32\xunleibho_v13.dll

HKLM\Software\Microsoft\Internet Explorer\Toolbar

+ FlashGet Bar FlashGet IE Bar Amaze Soft c:\program files\flashget\fgiebar.dll

HKLM\System\CurrentControlSet\Services

+ NVSvc Provides system and desktop level support to the NVIDIA display driver NVIDIA Corporation c:\windows\system32\nvsvc32.exe

+ RsCCenter CCenter Beijing Rising Technology Co., Ltd. c:\program files\rising\rav\ccenter.exe

+ RsRavMon RavMond Beijing Rising Technology Co., Ltd. c:\program files\rising\rav\ravmond.exe

HKLM\System\CurrentControlSet\Services

+ a320raid Adaptec HostRAID for Ultra320 SCSI Adaptec, Inc. c:\windows\system32\drivers\a320raid.sys

+ aar1210 Adaptec HostRAID for Serial ATA Adaptec, Inc. c:\windows\system32\drivers\aar1210.sys

+ adpu320 Adaptec Win2K/XP/Server2003 Ultra320 SCSI Driver Adaptec, Inc. c:\windows\system32\drivers\adpu320.sys

+ aec6210 ACARD Technology Corp. c:\windows\system32\drivers\aec6210.sys

+ aec6260 ID=0006, 0007 ACARD Technology Corp. c:\windows\system32\drivers\aec6260.sys

+ aec6280 AEC6280 Miniport Driver ACARD Technology Corp. c:\windows\system32\drivers\aec6280.sys

+ AEC6890 AEC6880/90 PCI Ultra ATA133 RAID Adapter Driver ACARD Technology Corp. c:\windows\system32\drivers\aec6890.sys

+ aec68x5 AEC6885/95/96 PCI ATA133 4 Channel RAID Adapter Driver ACARD Technology Corp. c:\windows\system32\drivers\aec68x5.sys

+ ALCXWDM Realtek AC'97 Audio Driver (WDM) Realtek Semiconductor Corp. c:\windows\system32\drivers\alcxwdm.sys

+ AliIde File not found: System32\DRIVERS\aliide.sys

+ asc AdvanSys SCSI Controller Driver Advanced System Products, Inc. c:\windows\system32\drivers\asc.sys

+ asc3550 AdvanSys Ultra-Wide PCI SCSI Driver Advanced System Products, Inc. c:\windows\system32\drivers\asc3550.sys

+ ati2mtag ATI Radeon WindowsNT Miniport Driver ATI Technologies Inc. c:\windows\system32\drivers\ati2mtag.sys

+ BaseTDI basetdi Beijing Rising Technology Co., Ltd. c:\windows\system32\drivers\basetdi.sys

+ CmdIde CMD PCI IDE Bus Driver CMD Technology, Inc. c:\windows\system32\drivers\cmdide.sys

+ dac2w2k Mylex Disk Array Controller Driver Mylex Corporation c:\windows\system32\drivers\dac2w2k.sys

+ dpti2o File not found: System32\DRIVERS\dpti2o.sys

+ dtscsi c:\windows\system32\drivers\dtscsi.sys

+ ExpScaner ExpScan.sys c:\program files\rising\rav\expscan.sys

+ fasttrak Promise FastTrak Series Driver for WinXP Promise Technology, Inc. c:\windows\system32\drivers\fasttrak.sys

+ fasttx2k Promise Driver for Windows XP Promise Technology, Inc. c:\windows\system32\drivers\fasttx2k.sys

+ fasttx2k2 Promise FastTrak Series Driver for WindowsXP Promise Technology, Inc. c:\windows\system32\drivers\fasttx2k2.sys

+ FETNDISB NDIS 5.0 miniport driver VIA Technologies, Inc. c:\windows\system32\drivers\fetnd5b.sys

+ GMSIPCI File not found: G:\INSTALL\GMSIPCI.SYS

+ HookCont TDI HOOK Driver Rising tech Co. ltd c:\program files\rising\rav\hookcont.sys

+ HookReg c:\program files\rising\rav\hookreg.sys

+ HookSys Hooksys Rising c:\program files\rising\rav\hooksys.sys

+ HPT371 HPT3xx Miniport Driver HighPoint Technologies, Inc. c:\windows\system32\drivers\hpt371.sys

+ hpt374 HPT374 Miniport Driver HighPoint Technologies, Inc. c:\windows\system32\drivers\hpt374.sys

+ hpt3xx HPT3xx Miniport Driver HighPoint Technologies, Inc. c:\windows\system32\drivers\hpt3xx.sys

+ hptmv hptmv Miniport Driver HighPoint Technologies, Inc. c:\windows\system32\drivers\hptmv.sys

+ hptpro Hptpro HighPoint Technologies, Inc. c:\windows\system32\drivers\hptpro.sys

+ iaStor Intel Application Accelerator driver Intel Corporation c:\windows\system32\drivers\iastor.sys

+ iteraid ITE IT8212 ATA RAID SCSI miniport Integrated Technology Express, Inc. c:\windows\system32\drivers\iteraid.sys

+ m5228 M5228 ATA RAID Controller Driver ALi Corporation. c:\windows\system32\drivers\m5228.sys

+ m5281 M5281 SATA RAID Controller Driver ALi Corporation c:\windows\system32\drivers\m5281.sys

+ MegaIDE LSI MegaRAID IDE Driver LSI Logic Corporation. c:\windows\system32\drivers\megaide.sys

+ MEMSCAN MemScan Driver 瑞星软件有限公司 c:\program files\rising\rav\memscan.sys

+ mraid2k MEGARAID SCSI Controller Driver for Windows 2000 PAE American Megatrends, Inc. c:\windows\system32\drivers\mraid2k.sys

+ mraid35x MegaRAID RAID Controller Driver for Windows Whistler 32 American Megatrends Inc. c:\windows\system32\drivers\mraid35x.sys

+ npkcrypt nProtect KeyCrypt Driver INCA Internet Co., Ltd. d:\tencent\qq\npkcrypt.sys

+ nv NVIDIA Compatible Windows 2000 Miniport Driver, Version 56.72 NVIDIA Corporation c:\windows\system32\drivers\nv4_mini.sys

+ Pnp680 DMA capable ATA miniport driver Silicon Image, Inc. c:\windows\system32\drivers\pnp680.sys

+ Pnp680r DMA capable ATA RAID miniport driver Silicon Image, Inc c:\windows\system32\drivers\pnp680r.sys

+ Ptilink Direct Parallel Link Driver Parallel Technologies, Inc. c:\windows\system32\drivers\ptilink.sys

+ ql1080 Miniport Driver for QLogic ISP PCI Adapters QLogic Corporation c:\windows\system32\drivers\ql1080.sys

+ ql12160 Miniport Driver for QLogic ISP PCI Adapters QLogic Corporation c:\windows\system32\drivers\ql12160.sys

+ ql1280 Miniport Driver for QLogic ISP PCI Adapters QLogic Corporation c:\windows\system32\drivers\ql1280.sys

+ rtl8139 Realtek RTL8139 NDIS 5.0 Driver Realtek Semiconductor Corporation c:\windows\system32\drivers\rtl8139.sys

+ Secdrv SafeDisc driver Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. c:\windows\system32\drivers\secdrv.sys

+ SI3112 Serial ATA miniport driver Silicon Image, Inc. c:\windows\system32\drivers\si3112.sys

+ SI3112r Serial ATA RAID Miniport Driver Silicon Image, Inc c:\windows\system32\drivers\si3112r.sys

+ SI3114 Serial ATA miniport driver Silicon Image, Inc. c:\windows\system32\drivers\si3114.sys

+ SI3114r SATARAID Miniport Driver Silicon Image, Inc c:\windows\system32\drivers\si3114r.sys

+ SI3124 Serial ATA miniport driver Silicon Image, Inc. c:\windows\system32\drivers\si3124.sys

+ SI3124r SATARAID miniport driver (PRE-RELEASE) Silicon Image, Inc c:\windows\system32\drivers\si3124r.sys

+ SiFilter Windows Accelerator Driver Silicon Image, Inc. c:\windows\system32\drivers\siwinacc.sys

+ SiSRaid SiS RAID Miniport Driver Silicon Integrated Systems c:\windows\system32\drivers\sisraid.sys

+ SiSRaid1 SiS RAID Miniport Driver Silicon Integrated Systems c:\windows\system32\drivers\sisraid1.sys

+ sparrow Adaptec AIC-6x60 series SCSI miniport Adaptec, Inc. c:\windows\system32\drivers\sparrow.sys

+ sptd c:\windows\system32\drivers\sptd.sys

+ sptrak Promise SuperTrak Family Driver for WindowsNT Promise Technology, Inc. c:\windows\system32\drivers\sptrak.sys

+ sym_hi Symbios Hi-Perf SCSI Miniport Driver LSI Logic c:\windows\system32\drivers\sym_hi.sys

+ sym_u3 Symbios Ultra3 SCSI Miniport Driver LSI Logic c:\windows\system32\drivers\sym_u3.sys

+ symc810 Symbios Logic Inc. SCSI Miniport Driver Symbios Logic Inc. c:\windows\system32\drivers\symc810.sys

+ symc8xx Symbios 8XX SCSI Miniport Driver LSI Logic c:\windows\system32\drivers\symc8xx.sys

+ UlSata Promise Ultra/Sata Series Driver for WinXP Promise Technology, Inc. c:\windows\system32\drivers\ulsata.sys

+ ultra Promise Ultra66 Miniport 驱动程序 Promise Technology, Inc. c:\windows\system32\drivers\ultra.sys

+ viamraid VIA RAID DRIVER FOR WIN 2000/XP/2003IA32 VIA Technologies inc,.ltd c:\windows\system32\drivers\viamraid.sys

+ viapdsk VIA VT4149 PATA Driver VIA Technologies, Inc. c:\windows\system32\drivers\viapdsk.sys

+ viaraid VT6410 RAID DRIVER FOR WINXP VIA Technologies inc,.ltd c:\windows\system32\drivers\viaraid.sys

+ viasraid VIA SATA RAID DRIVER FOR WINXP VIA Technologies inc,.ltd c:\windows\system32\drivers\viasraid.sys

+ vmscsi VMware SCSI Controller VMware, Inc. c:\windows\system32\drivers\vmscsi.sys

+ WINIO File not found: G:\winio.sys

HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute

+ autocheck autochk * File not found: autocheck

HKCU\Control Panel\Desktop\Scrnsave.exe

+ E:\Shanda\疯狂赛车\data\GUI\mov\kartss.scr e:\shanda\疯狂赛车\data\gui\mov\kartss.scr

偶是高达 - 2006-4-27 11:32:00

有啥不正常的吗版主吗

zq77 - 2006-4-27 12:11:00

【回复“偶是高达”的帖子】
你打开一个IE就出现2个吗

不言放弃 - 2006-4-27 12:13:00

【回复“偶是高达”的帖子】
没有发现问题

偶是高达 - 2006-4-27 12:27:00

每打开一个IE图标就多出一个IE进程,关掉就没了咋回事啊,高手帮忙啊

偶是高达 - 2006-4-27 12:28:00

引用:

【zq77的贴子】【回复“偶是高达”的帖子】
你打开一个IE就出现2个吗
...........................

打开一个IE就只有1个IE进程

zq77 - 2006-4-27 12:29:00

引用:

【偶是高达的贴子】每打开一个IE图标就多出一个IE进程,关掉就没了咋回事啊,高手帮忙啊
...........................

那是正常的你吃饭不得一人一个碗啊

救命啊！！！！！苍天啊~~~~~

偶是高达 - 2006-4-27 12:44:00

正常的吗每开一个IE冰剑就会多查到个IE进程吗,以前好像不管开几个都只能查到一个IE进程啊哎

不言放弃 - 2006-4-27 12:47:00

引用:

【zq77的贴子】
那是正常的你吃饭不得一人一个碗啊救命啊！！！！！苍天啊~~~~~
...........................

狂晕暴汗

什么逻辑？

偶是高达 - 2006-4-27 13:02:00

是啊到底有没有插进木马病毒啊

偶是高达 - 2006-4-27 13:11:00

版主高手看下有没有啥WT,帮下忙啊谢了啊

zq77 - 2006-4-27 13:13:00

下载HijackThis1.99.1 导出全部日志

偶是高达 - 2006-4-27 13:14:00

为啥会出现2个以上IE进程,是木马做怪吗

zq77 - 2006-4-27 13:17:00

先扫日志不然怎么知道偶有没有开天眼

偶是高达 - 2006-4-27 13:20:00

HijackThis_815汉化版扫描日志 V1.99.1
保存于 13:18:56, 日期 2006-4-27
操作系统： Windows XP SP2 (WinNT 5.01.2600)
浏览器： Unable to get Internet Explorer version!

当前运行的进程：
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wuauclt.exe
D:\BitComet\BitComet.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Sandai Technologies Inc\讯雷下载\游戏\HijackThis_815汉化版\HijackThis1991zww.exe

O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v13.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\Tencent\QQ\QQIEHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O3 - IE工具栏增项: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O4 - 启动项HKLM\\Run: [NvCplDaemon] ; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: [nwiz] ; nwiz.exe /install
O4 - 启动项HKLM\\Run: [NvMediaCenter] ; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - 启动项HKLM\\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [StormCodec_Helper] ; "D:\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - 启动项HKLM\\Run: [DAEMON Tools] ; "d:\DAEMON Tools\daemon.exe" -lang 1033
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - 启动项HKLM\\Run: [SoundMan] ; SOUNDMAN.EXE
O4 - 启动项HKLM\\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - 启动项HKLM\\RunOnce: [RavStub] "C:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - D:\Tencent\QQ\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - D:\Tencent\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\Tencent\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - D:\Tencent\QQ\SendMMS.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{6891F74D-B4D4-49E0-AD12-F6EC3045B351}: NameServer = 220.189.127.108 220.189.127.107
O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe

来了日志

不言放弃 - 2006-4-27 13:23:00

【回复“偶是高达”的帖子】
日志是没有问题

再说日志也只有一个IE进程啊

zq77 - 2006-4-27 13:25:00

这个没问题
下载System Repair Engineer 导出全部日志

不言放弃 - 2006-4-27 13:28:00

引用:

【zq77的贴子】这个没问题
下载System Repair Engineer 导出全部日志
...........................

这个就没有必要导出了吧
一是楼主的机器或许没有问题
二是这个日志看着累人

或许这个方法倒是简单的：
http://forum.ikaka.com/topic.asp?board=28&artid=6979213
下载icesword
用icesword查看iexplore.exe的进程模块
是否有可疑文件插入

zq77 - 2006-4-27 13:30:00

【回复“不言放弃”的帖子】
金山那边的傻管理员就爱System Repair Engineer

不言放弃 - 2006-4-27 13:31:00

引用:

【zq77的贴子】【回复“不言放弃”的帖子】
金山那边的傻管理员就爱System Repair Engineer

...........................

用这个也有他们的道理　
毕竟System Repair Engineer 日志要比HIJACKTHIS日志详细的多
不过看着累人

zq77 - 2006-4-27 13:37:00

【回复“不言放弃”的帖子】
不过楼猪的看上去没问题不会又遇到偏执狂了吧你记不记得上星期的也IE问题的汗呐菜鸟到不怕就怕偏执狂

不言放弃 - 2006-4-27 13:39:00

引用:

【zq77的贴子】【回复“不言放弃”的帖子】
不过楼猪的看上去没问题不会又遇到偏执狂了吧你记不记得上星期的也IE问题的汗呐菜鸟到不怕就怕偏执狂
...........................

中毒都中怕了

偶是高达 - 2006-4-27 13:45:00

是的中的毒太多了.都是莫名其妙的就中标了

zq77 - 2006-4-27 13:47:00

【回复“偶是高达”的帖子】
中了那么多标还不装防火墙

偶是高达 - 2006-4-27 13:48:00

多开个IE图标就多出个IE进程了啊
当前运行的进程：
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Sandai Technologies Inc\讯雷下载\游戏\HijackThis_815汉化版\HijackThis1991zww.exe

轩辕小聪 - 2006-4-27 13:49:00

看System Repair Engineer日志的确很累。如果用HijackThis就能解决，一般就不用System Repair Engineer，而如果有Icesword，就不如用Icesword查看系统服务的方便。除非是一些注入太多进程的灰鸽子和木马，必须要看它插入了多少进程，有没有插入核心进程等，这时SREng才显示出它详细的好处。

偶是高达 - 2006-4-27 13:53:00

SRE的报告看有没有插入可疑进程不是很专常大家看下了:
2006-04-27,13:51:12

System Repair Engineer 2.0.12.350 (2.0 RC 1)
Windows XP Professional Service Pack 2 - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<nwiz><; nwiz.exe /install>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<NvMediaCenter><; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<StormCodec_Helper><; "D:\Ringz Studio\Storm Codec\StormSet.exe" /S /opti>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<DAEMON Tools><; "d:\DAEMON Tools\daemon.exe" -lang 1033>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<SoundMan><; SOUNDMAN.EXE>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<RavStub><"C:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<Userinit><C:\WINDOWS\system32\userinit.exe,>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><>

==================================
启动文件夹
服务
[NVIDIA Display Driver Service / NVSvc]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Rising Process Communication Center / RsCCenter]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
<"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
浏览器加载项
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v13.dll, Thunder Networking Technologies,LTD>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <D:\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[IeCatch2 Class]
{A5366673-E8CA-11D3-9CD9-0090271D075B} <C:\PROGRA~1\FLASHGET\jccatch.dll, Amaze Soft>
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft>
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v13.dll, Thunder Networking Technologies,LTD>
[Web Browser Applet Control]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\msjava.dll, Microsoft Corporation>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <D:\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[IeCatch2 Class]
{A5366673-E8CA-11D3-9CD9-0090271D075B} <C:\PROGRA~1\FLASHGET\jccatch.dll, Amaze Soft>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft>
[Windows Script Host Shell Object]
{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B} <C:\WINDOWS\system32\wshom.ocx, Microsoft Corporation>
[&使用迅雷下载]
<C:\Program Files\Thunder Network\Thunder\geturl.htm, N/A>
[上传到QQ网络硬盘]
<D:\Tencent\QQ\AddToNetDisk.htm, N/A>
[使用网际快车下载]
<C:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
<C:\Program Files\FlashGet\jc_all.htm, N/A>
[添加到QQ自定义面板]
<D:\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<D:\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<D:\Tencent\QQ\SendMMS.htm, N/A>

瑞星卡卡安全论坛