打开ie，瑞星提示病毒Trojan.dl.vbs.agent.r bbs.ikaka.com

花露水7575 - 2006-10-17 14:08:00

这是日志，请高手看看，帮我下！

2006-10-17,13:25:09

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVe

rsion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>

[(Verified)Microsoft Corporation]
<bgswitch><C:\WINDOWS\system32\bgswitch.exe> [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows

NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentV

ersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE"

/Spoil /RemAdvDef /Migration32> [(Verified)Microsoft

Corporation]
<PHIME2002ASync><C:\WINDOWS\system32

\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft

Corporation]
<PHIME2002A><C:\WINDOWS\system32

\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)

Microsoft Corporation]
<SKYNET Personal FireWall><C:\PROGRA~1

\SKYNET\FIREWALL\pfw.exe> [广州众达天网技术有限公司]
<HPDJ Taskbar Utility><C:\WINDOWS\system32

\spool\drivers\w32x86\3\hpztsb11.exe> [(Verified)HP]
<HPHUPD06><D:\Program Files\HP\{AAC4FC36-8F89-4587

-8DD3-EBC57C83374D}\hphupd06.exe> [Hewlett-Packard]
<HP Software Update><"D:\Program Files\HP\HP

Software Update\HPWuSchd2.exe"> [Hewlett-Packard

Company]
<HP Component Manager><"C:\Program

Files\HP\hpcoretech\hpcmpmgr.exe"> [Hewlett-Packard

Company]
<HPHmon06><C:\WINDOWS\system32\hphmon06.exe>

[Hewlett-Packard]
<SoundMAXPnP><C:\Program Files\Analog

Devices\SoundMAX\SMax4PNP.exe> [Analog Devices, Inc.]
<SoundMAX><"C:\Program Files\Analog

Devices\SoundMAX\Smax4.exe" /tray> [Analog Devices,

Inc.]
<FastTVSync><"C:\Program Files\Common

Files\InterVideo\FastTVSync\FastTVSync.exe"> [N/A]
<NeroFilterCheck><C:\WINDOWS\system32

\NeroCheck.exe> [Ahead Software Gmbh]
<stup.exe><C:\PROGRA~1\TENCENT\Adplus\stup.exe>

[Tencent]
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe"

-system> [Beijing Rising Technology Co., Ltd.]
<SunJavaUpdateSched><C:\Program

Files\Java\j2re1.4.2_12\bin\jusched.exe> [N/A]
<TkBellExe><"C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot>

[RealNetworks, Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows

NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft

Corporation]
<Userinit><userinit.exe,> [(Verified)Microsoft

Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows

NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows

NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft

Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentV

ersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}

><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising

Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentV

ersion\ShellServiceObjectDelayLoad]
<DelayRun><C:\WINDOWS\239d7230.dll> [N/A]

==================================
启动文件夹
[HP Digital Imaging Monitor]
<C:\Documents and Settings\All Users\「开始」菜单\程

序\启动\HP Digital Imaging Monitor.lnk --> D:\PROGRA~1

\HP\DIGITA~1\bin\hpqtra08.exe [Hewlett-Packard Co.]><N>
[HP Image Zone 快速启动 ]
<C:\Documents and Settings\All Users\「开始」菜单\程

序\启动\HP Image Zone 快速启动 .lnk --> D:\PROGRA~1

\HP\DIGITA~1\bin\hpqthb08.exe [Hewlett-Packard Co.]><N>
[InterVideo Scheduler server]
<C:\Documents and Settings\All Users\「开始」菜单\程

序\启动\InterVideo Scheduler server.lnk -->

C:\PROGRA~1\INTERV~1\WINDVD~1\SchSvr.exe [InterVideo

Inc.]><N>
[InterVideo WinCinema Manager]
<C:\Documents and Settings\All Users\「开始」菜单\程

序\启动\InterVideo WinCinema Manager.lnk -->

C:\PROGRA~1\INTERV~1\Common\Bin\WINCIN~1.EXE []><N>
[腾讯QQ]
<C:\Documents and Settings\Administrator\「开始」菜单

\程序\启动\腾讯QQ.lnk --> D:\PROGRA~1\qq\QQ.exe

[TENCENT]><N>

==================================
服务
[ASP.NET State Service / aspnet_state]
<C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322

\aspnet_state.exe><Microsoft Corporation>
[Human Interface Device Access / HidServ]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%

SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT]
<"C:\Program Files\Common

Files\InstallShield\Driver\1050\Intel 32

\IDriverT.exe"><Macrovision Corporation>
[Pml Driver HPZ12 / Pml Driver HPZ12]
<C:\WINDOWS\system32\HPZipm12.exe><HP>
[Rising Process Communication Center / RsCCenter]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing

Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
<"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing

Rising Technology Co., Ltd.>
[SoundMAX Agent Service / SoundMAX Agent Service

(default)]
<C:\Program Files\Analog

Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>
[Ulead Burning Helper / UleadBurningHelper]
<C:\Program Files\Common Files\Ulead

Systems\DVD\ULCDRSvr.exe><Ulead Systems, Inc.>
[Massacre / windows tmassacre]
<C:\WINDOWS\system32\help\ZTlass.exe><N/A>

==================================
驱动程序
[03855 / 03855]
<\SystemRoot\system32\drivers\03855.sys><N/A>
[84256 / 84256]
<\SystemRoot\system32\drivers\84256.sys><N/A>
[ADProt / ADProt]
<\SystemRoot\system32\drivers\ADProt.sys><腾讯科技（

深圳）有限公司>
[aeaudio / aeaudio]
<system32\drivers\aeaudio.sys><Andrea Electronics

Corporation>
[BaseTDI / BaseTDI]
<\??\C:\WINDOWS\system32\drivers\basetdi.sys><Beijing

Rising Technology Co., Ltd.>
[cda1000 / cda1000]
<C:\WINDOWS\SYSTEM32\DRIVERS\cda1000.SYS><Adaptec,

Inc.>
[ExpScaner / ExpScaner]
<\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[HookCont / HookCont]
<\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising

tech Co. ltd>
[HookReg / HookReg]
<\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys]
<\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[IEEE-1284.4 Driver HPZid412 / HPZid412]
<system32\DRIVERS\HPZid412.sys><HP>
[Print Class Driver for IEEE-1284.4 HPZipr12 /

HPZipr12]
<system32\DRIVERS\HPZipr12.sys><HP>
[USB to IEEE-1284.4 Translation Driver HPZius12 /

HPZius12]
<system32\DRIVERS\HPZius12.sys><HP>
[MEMSCAN / MEMSCAN]
<\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软

件有限公司>
[MidiSyn / MidiSyn]
<system32\drivers\MidiSyn.sys><Analog Devices Inc>
[npkcrypt / npkcrypt]
<\??\D:\Program Files\qq\npkcrypt.sys><N/A>
[npkycryp / npkycryp]
<\??\D:\Program Files\qq\npkycryp.sys><N/A>
[nv / nv]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Padus ASPI Shell / pfc]
<system32\drivers\pfc.sys><Padus, Inc.>
[Direct Parallel Link Driver / Ptilink]
<system32\DRIVERS\ptilink.sys><Parallel Technologies,

Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter

NT Driver / rtl8139]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor

Corporation>
[Secdrv / Secdrv]
<system32\DRIVERS\secdrv.sys><N/A>
[SFI Service / sf]
<system32\drivers\sf.sys><Sonic Focus, Inc>
[SKNFW / SKNFW]
<\??\C:\WINDOWS\system32\Drivers\SKNFW.sys><N/A>
[Intel (R) System Management BIOS Service / SMBios]
<system32\DRIVERS\SMBios.sys><Intel Corporation>
[smwdm / smwdm]
<system32\drivers\smwdm.sys><Analog Devices, Inc.>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1]
<system32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[Samsung Mobile USB Device 1.0 driver (WDM) / ss_bus]
<system32\DRIVERS\ss_bus.sys><MCCI>
[SAMSUNG Mobile USB Modem 1.0 Filter / ss_mdfl]
<system32\DRIVERS\ss_mdfl.sys><MCCI>
[SAMSUNG Mobile USB Modem 1.0 Drivers / ss_mdm]
<system32\DRIVERS\ss_mdm.sys><MCCI>

花露水7575 - 2006-10-17 14:09:00

=================================
浏览器加载项
[Tencent Browser Helper]
{0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program

Files\TENCENT\Adplus\SSAddr.dll, Tencent>
[IeCatch5 Class]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <C:\PROGRA~1

\FLASHGET\JCCATCH.DLL, FlashGet>
[]
{34E99254-95FC-46DB-AB95-7EA4CFAE7D94}

<C:\WINDOWS\system32\Qxsi.dll, N/A>
[雅虎助手]
{406F94F0-504F-4a40-8DFD-58B0666ABEBD} <C:\PROGRA~1

\Yahoo!\ASSIST~1\Assist\yasbar.dll, Yahoo!>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <D:\Program

Files\qq\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[]
{669751ED-D558-49AE-B01A-3B374CC7910E}

<C:\WINDOWS\system32\ssup.dll, TENCENT>
[]
{7C0F7046-1E13-4B50-91CA-87BA316730FF}

<C:\WINDOWS\system32\Ajrf.dll, N/A>
[]
{A1F3D22E-7FD3-4038-B70F-91FD9A878EEC}

<C:\WINDOWS\system32\Qbpj.dll, N/A>
[Google Toolbar Helper]
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program

files\google\googletoolbar2.dll, Google Inc.>
[Web Browser Applet Control]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}

<C:\WINDOWS\system32\msjava.dll, Microsoft Corporation>
[番茄花园]
{6096E38F-5AC1-4391-8EC4-75DFA92FB32F}

<http://www.tomatolei.com, N/A>
[中国建投证券交易客户端]
{902E3F13-F3C2-11D3-B8AD-00062950CE21} <D:\中投证券

\NfTradeClient.exe, N/A>
[易趣购物]
{BE9C13C3-9E46-4db1-BC05-BD8DA44599F2}

<http://adfarm.mediaplex.com/ad/ck/4080-22910-9640-

151?cn=song;icon;hp&mpro=http://www.ebay.com.cn, N/A>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\Program

Files\qq\QQ.EXE, TENCENT>
[FlashGet]
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\PROGRA~1

\FLASHGET\flashget.exe, FlashGet.com>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <D:\Program

Files\qq\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[雅虎助手]
{406F94F0-504F-4a40-8DFD-58B0666ABEBD} <C:\PROGRA~1

\Yahoo!\ASSIST~1\Assist\yasbar.dll, Yahoo!>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C}

<C:\WINDOWS\system32\KakaTool.dll, N/A>
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1

\FLASHGET\fgiebar.dll, Amaze Soft>
[&Google]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program

files\google\googletoolbar2.dll, Google Inc.>
[Yahoo! 导航条]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} <C:\Program

Files\Yahoo!\Companion\Installs\cpn\yt.dll, Yahoo!

Inc.>
[Java Plug-in 1.4.2_12]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program

Files\Java\j2re1.4.2_12\bin\npjpi142_12.dll, JavaSoft /

Sun Microsystems, Inc.>
[Java Plug-in 1.4.2_12]
{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA} <C:\Program

Files\Java\j2re1.4.2_12\bin\npjpi142_12.dll, JavaSoft /

Sun Microsystems, Inc.>
[Web Browser Applet Control]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}

<C:\WINDOWS\system32\msjava.dll, Microsoft Corporation>
[Tencent Browser Helper]
{0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program

Files\TENCENT\Adplus\SSAddr.dll, Tencent>
[&Google]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program

files\google\googletoolbar2.dll, Google Inc.>
[IeCatch5 Class]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <C:\PROGRA~1

\FLASHGET\JCCATCH.DLL, FlashGet>
[]
{34E99254-95FC-46DB-AB95-7EA4CFAE7D94}

<C:\WINDOWS\system32\Qxsi.dll, N/A>
[雅虎助手]
{406F94F0-504F-4A40-8DFD-58B0666ABEBD} <C:\PROGRA~1

\Yahoo!\ASSIST~1\Assist\yasbar.dll, Yahoo!>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <D:\Program

Files\qq\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[]

花露水7575 - 2006-10-17 14:10:00

{669751ED-D558-49AE-B01A-3B374CC7910E}

<C:\WINDOWS\system32\ssup.dll, TENCENT>
[]
{7C0F7046-1E13-4B50-91CA-87BA316730FF}

<C:\WINDOWS\system32\Ajrf.dll, N/A>
[]
{A1F3D22E-7FD3-4038-B70F-91FD9A878EEC}

<C:\WINDOWS\system32\Qbpj.dll, N/A>
[Google Toolbar Helper]
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program

files\google\googletoolbar2.dll, Google Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000}

<C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx,

Macromedia, Inc.>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C}

<C:\WINDOWS\system32\KakaTool.dll, N/A>
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1

\FLASHGET\fgiebar.dll, Amaze Soft>
[Yahoo! 导航条]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} <C:\Program

Files\Yahoo!\Companion\Installs\cpn\yt.dll, Yahoo!

Inc.>
[Google 搜索(&G)]
<res://c:\program

files\google\GoogleToolbar2.dll/cmsearch.html, N/A>
[上传到QQ网络硬盘]
<D:\Program Files\qq\AddToNetDisk.htm, N/A>
[使用网际快车下载]
<C:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
<C:\Program Files\FlashGet\jc_all.htm, N/A>
[反向链接]
<res://c:\program

files\google\GoogleToolbar2.dll/cmbacklinks.html, N/A>
[添加到QQ自定义面板]
<D:\Program Files\qq\AddPanel.htm, N/A>
[添加到QQ表情]
<D:\Program Files\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<D:\Program Files\qq\SendMMS.htm, N/A>
[类似网页]
<res://c:\program

files\google\GoogleToolbar2.dll/cmsimilar.html, N/A>
[缓存的网页快照]
<res://c:\program

files\google\GoogleToolbar2.dll/cmcache.html, N/A>
[翻译英文字词(&T)]
<res://c:\program

files\google\GoogleToolbar2.dll/cmwordtrans.html, N/A>
[雅虎搜索]
<res://C:\PROGRA~1\Yahoo!\ASSIST~1

\Assist\yasbar.dll/246, N/A>

==================================
正在运行的进程
[PID: 444][\SystemRoot\System32\smss.exe] [Microsoft

Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 496][\??\C:\WINDOWS\system32\csrss.exe]

[Microsoft Corporation, 5.1.2600.2180

(xpsp_sp2_rtm.040803-2158)]
[PID: 520][\??\C:\WINDOWS\system32\winlogon.exe]

[Microsoft Corporation, 5.1.2600.2180

(xpsp_sp2_rtm.040803-2158)]
[PID: 564][C:\WINDOWS\system32\services.exe]

[Microsoft Corporation, 5.1.2600.2180

(xpsp_sp2_rtm.040803-2158)]
[PID: 576][C:\WINDOWS\system32\lsass.exe] [Microsoft

Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 724][C:\WINDOWS\system32\svchost.exe] [Microsoft

Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 784][C:\WINDOWS\system32\svchost.exe] [Microsoft

Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 852][C:\Program Files\Rising\Rav\CCenter.exe]

[Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 868][C:\WINDOWS\System32\svchost.exe] [Microsoft

Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 936][C:\WINDOWS\system32\svchost.exe] [Microsoft

Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 996][C:\WINDOWS\system32\svchost.exe] [Microsoft

Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1008][C:\Program Files\Rising\Rav\Ravmond.exe]

[Beijing Rising Technology Co., Ltd., 18, 0, 1, 35]
[C:\Program Files\Rising\Rav\BWList.dll] [Beijing

Rising Technology Co., Ltd., 18, 0, 0, 19]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising,

18, 0, 0, 1]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL]

[Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing

Rising Technology Co., Ltd., 18, 0, 0, 11]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL]

[Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\Program Files\Rising\Rav\RsLog.dll] [Beijing

Rising Technology Co., Ltd., 18, 0, 0, 20]
[C:\Program Files\Rising\Rav\HOOKSYS.dll] [Beijing

Rising Technology Co., Ltd., 18, 1, 0, 11]
[C:\Program Files\Rising\Rav\Scanner.dll] [Beijing

Rising Technology Co., Ltd., 18, 0, 0, 32]
[C:\Program Files\Rising\Rav\libload.dll] [Beijing

Rising Technology Co., Ltd., 18, 0, 0, 10]
[C:\Program Files\Rising\Rav\VirusLib.dll]

[Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
[C:\Program Files\Rising\Rav\regmon.dll] [Beijing

Rising Technology Co., Ltd., 18, 0, 0, 6]
[C:\Program Files\Rising\Rav\HookWeb.dll] [rising,

18, 0, 0, 2]
[C:\Program Files\Rising\Rav\MemMon.dll] [Beijing

Rising Technology Co., Ltd., 18, 0, 0, 10]
[C:\Program Files\Rising\Rav\expscan.dll] [Beijing

Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\Program Files\Rising\Rav\mPorts.dll] [Beijing

Rising Technology Co., Ltd., 4, 0, 0, 3]
[C:\Program Files\Rising\Rav\MailMon.dll] [Beijing

Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\Program Files\Rising\Rav\SpamEng.dll] [N/A,

18, 0, 0, 6]
[C:\Program Files\Rising\Rav\engine.dll] [Beijing

Rising Technology Co., Ltd., 18, 0, 0, 34]

花露水7575 - 2006-10-17 14:10:00

[C:\Program Files\Rising\Rav\PostTrt.dll] [Beijing

Rising Technology Co., Ltd., 18, 0, 0, 17]
[C:\Program Files\Rising\Rav\UnExe.dll] [Beijing

Rising Technology Co., Ltd., 18, 0, 0, 11]
[C:\Program Files\Rising\Rav\ScanExec.dll]

[Beijing Rising Technology Co., Ltd., 18, 0, 0, 15]
[C:\Program Files\Rising\Rav\ScanEx.dll] [Beijing

Rising Technology Co., Ltd., 18, 0, 0, 30]
[C:\Program Files\Rising\Rav\RSUnpack.dll]

[Beijing Rising Technology Co., Ltd., 1, 0, 0, 18]
[C:\Program Files\Rising\Rav\NvFile.dll] [Beijing

Rising Technology Co., Ltd., 18, 0, 0, 7]
[C:\Program Files\Rising\Rav\ScanMac.dll] [Beijing

Rising Technology Co., Ltd., 18, 0, 0, 10]
[C:\Program Files\Rising\Rav\ScanSct.dll] [Beijing

Rising Technology Co., Ltd., 18, 0, 0, 19]
[C:\Program Files\Rising\Rav\Unpacker.dll]

[Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\Program Files\Rising\Rav\ScanNet.dll] [Beijing

Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\Program Files\Rising\Rav\ExtOLE.dll] [Beijing

Rising Technology Co., Ltd., 18, 0, 0, 6]
[PID: 1256][C:\Program Files\Rising\Rav\RavStub.exe]

[Beijing Rising Technology Co., Ltd., 18, 0, 0, 16]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising,

18, 0, 0, 1]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL]

[Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 1344][C:\WINDOWS\system32\spoolsv.exe]

[Microsoft Corporation, 5.1.2600.2696

(xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\hpzlnt11.dll] [HP, 2.327.1.0]
[PID: 1516][C:\WINDOWS\Explorer.EXE] [Microsoft

Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising

Technology Co., Ltd., 18, 0, 0, 21]
[C:\WINDOWS\downlo~1\Yvcvxb.dll] [Tencent, 4, 2,

9, 90]
[C:\PROGRA~1\FLASHGET\JCCATCH.DLL] [FlashGet, 1,

1, 5, 0]
[C:\WINDOWS\system32\Qxsi.dll] [N/A, N/A]
[C:\WINDOWS\system32\Ajrf.dll] [N/A, N/A]
[C:\WINDOWS\system32\Qbpj.dll] [N/A, N/A]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL]

[Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\Program Files\WinRAR\rarext.dll] [N/A, N/A]
[C:\WINDOWS\downlo~1\Stbsbo.dll] [Tencent, 4, 2,

9, 90]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll]

[Yahoo!, 2, 0, 3, 1023]
[C:\WINDOWS\system32\ssup.dll] [TENCENT, 4, 2, 9,

90]
[PID: 1736][C:\PROGRA~1\SKYNET\FIREWALL\pfw.exe] [广州

众达天网技术有限公司, 2.7.5.1001]
[C:\PROGRA~1\SKYNET\FIREWALL\SKYMISC.DLL] [N/A,

N/A]
[C:\WINDOWS\downlo~1\Yvcvxb.dll] [Tencent, 4, 2,

9, 90]
[PID: 1744][C:\WINDOWS\system32\spool\drivers\w32x86\3

\hpztsb11.exe] [HP, 2.327.1.0]
[C:\WINDOWS\system32\spool\drivers\w32x86\3

\HPZR3211.dll] [HP, 2.327.1.0]
[C:\WINDOWS\downlo~1\Yvcvxb.dll] [Tencent, 4, 2,

9, 90]
[PID: 1760][D:\Program Files\HP\HP Software

Update\HPWuSchd2.exe] [Hewlett-Packard Company, 2, 0,

39, 0]
[PID: 1780][C:\Program

Files\HP\hpcoretech\hpcmpmgr.exe] [Hewlett-Packard

Company, 2.1.1.0]
[C:\WINDOWS\downlo~1\Yvcvxb.dll] [Tencent, 4, 2,

9, 90]
[PID: 1848][C:\WINDOWS\system32\hphmon06.exe]

[Hewlett-Packard, 6,0,72]
[C:\WINDOWS\system32\hpzjrd01.dll] [Hewlett

Packard, 1, 0, 0, 4]
[C:\WINDOWS\system32\HPZJSN01.dll] [Hewlett

Packard Company, 1, 0, 0, 3]
[C:\WINDOWS\system32\hpzIPR12.dll] [HP, 8, 0, 0,

0]
[D:\Program Files\HP\Digital

Imaging\bin\hpqcxm08.dll] [Hewlett-Packard Co.,

43.1.5.000]
[C:\WINDOWS\downlo~1\Yvcvxb.dll] [Tencent, 4, 2,

9, 90]
[PID: 1972][C:\Program Files\Analog

Devices\SoundMAX\SMax4PNP.exe] [Analog Devices, Inc.,

4, 0, 4, 11]
[C:\Program Files\Analog

Devices\SoundMAX\SMWDMIF.dll] [Analog Device, Inc., 1,

0, 22, 26]
[PID: 2020][C:\Program Files\Analog

Devices\SoundMAX\Smax4.exe] [Analog Devices, Inc., 4,

0, 4, 25]
[C:\WINDOWS\downlo~1\Yvcvxb.dll] [Tencent, 4, 2,

9, 90]
[PID: 2036][C:\Program Files\Common

Files\InterVideo\FastTVSync\FastTVSync.exe] [, 1, 0,

0, 1]
[PID: 184][C:\Program Files\Rising\Rav\RavTask.exe]

[Beijing Rising Technology Co., Ltd., 18, 0, 0, 22]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL]

[Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL]

[Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing

Rising Technology Co., Ltd., 18, 0, 0, 11]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising,

18, 0, 0, 1]
[PID: 208][C:\Program Files\Java\j2re1.4.2_12

\bin\jusched.exe] [N/A, N/A]
[PID: 224][C:\Program Files\Rising\Rav\Ravmon.exe]

[Beijing Rising Technology Co., Ltd., 18, 0, 1, 33]
[C:\Program Files\Rising\Rav\RsGuiLib.dll]

[Beijing Rising Technology Co., Ltd., 18, 0, 0, 26]
[C:\Program Files\Rising\Rav\BWList.dll] [Beijing

Rising Technology Co., Ltd., 18, 0, 0, 19]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL]

[Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing

Rising Technology Co., Ltd., 18, 0, 0, 11]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL]

[Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising,

18, 0, 0, 1]
[C:\Program Files\Rising\Rav\PngDll.dll] [Beijing

Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\WINDOWS\downlo~1\Yvcvxb.dll] [Tencent, 4, 2,

9, 90]
[PID: 260][C:\Program Files\Common

Files\Real\Update_OB\realsched.exe] [RealNetworks,

Inc., 0.1.0.3512]
[PID: 276][C:\WINDOWS\system32\ctfmon.exe] [Microsoft

Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 396][C:\Program

Files\InterVideo\WinDVD4PR\SchSvr.exe] [InterVideo

Inc., 3.0.59.0]
[PID: 404][C:\Program

Files\InterVideo\Common\Bin\WinCinemaMgr.exe] [, 1.0]
[C:\WINDOWS\downlo~1\Yvcvxb.dll] [Tencent, 4, 2,

9, 90]
[PID: 900][D:\Program Files\HP\Digital

Imaging\bin\hpqgalry.exe] [Hewlett-Packard Co.,

043.001.005.000]
[c:\windows\assembly\nativeimages1_v1.1.4322

\mscorlib\1.0.5000.0__b77a5c561934e089_2e6131b8

\mscorlib.dll] [N/A, N/A]

花露水7575 - 2006-10-17 14:11:00

[c:\windows\assembly\gac\hpqiface\3.0.0.0__a53cf5803f4c

3827\hpqiface.dll] [Hewlett-Packard Co.,

043.001.005.000]
[c:\windows\assembly\nativeimages1_v1.1.4322

\system.windows.forms\1.0.5000.0__b77a5c561934e089_a7aa

46e8\system.windows.forms.dll] [N/A, N/A]
[c:\windows\assembly\nativeimages1_v1.1.4322

\system\1.0.5000.0__b77a5c561934e089_0a997a7b\system.dl

l] [N/A, N/A]

[c:\windows\assembly\gac\hpqutils\3.0.0.0__a53cf5803f4c

3827\hpqutils.dll] [Hewlett-Packard Co.,

043.001.005.000]

[c:\windows\assembly\gac\hpqfmrsc\3.0.0.0__a53cf5803f4c

3827\hpqfmrsc.dll] [Hewlett-Packard Co.,

043.001.005.000]

[c:\windows\assembly\gac\hpqgldlg\3.0.0.0__a53cf5803f4c

3827\hpqgldlg.dll] [Hewlett-Packard Co.,

043.001.005.000]

[c:\windows\assembly\gac\hpqtray\3.0.0.0__a53cf5803f4c3

827\hpqtray.dll] [Hewlett-Packard Co.,

043.001.005.000]

[c:\windows\assembly\gac\hpqgskin\3.0.0.0__a53cf5803f4c

3827\hpqgskin.dll] [Hewlett-Packard Co.,

043.001.005.000]
[c:\windows\assembly\nativeimages1_v1.1.4322

\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_35b464e6

\system.drawing.dll] [N/A, N/A]
[d:\program files\hp\digital imaging\bin\zh-

chs\hpqgalry.resources.dll] [ , 5.40.53.0]

[c:\windows\assembly\gac\hpqptfnd\3.0.0.0__a53cf5803f4c

3827\hpqptfnd.dll] [Hewlett-Packard Co.,

043.001.005.000]
[c:\windows\assembly\gac\interop.hpqcxm08

\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll] [ ,

3.0.0.0]
[D:\Program Files\HP\Digital

Imaging\bin\hpqcxm08.dll] [Hewlett-Packard Co.,

43.1.5.000]
[c:\windows\assembly\nativeimages1_v1.1.4322

\system.xml\1.0.5000.0__b77a5c561934e089_35829c6c\syste

m.xml.dll] [N/A, N/A]

花露水7575 - 2006-10-17 14:11:00

[c:\windows\assembly\gac\lead\13.0.0.66__9cf889f53ea9b9

07\lead.dll] [LEAD Technologies, Inc., 13.0.0.66]

[c:\windows\assembly\gac\lead.wrapper\13.0.0.66__9cf889

f53ea9b907\lead.wrapper.dll] [LEAD Technologies, Inc.,

13.0.0.66]
[D:\Program Files\HP\Digital

Imaging\bin\ltkrn13n.dll] [LEAD Technologies, Inc.,

13.0.0.066]

[c:\windows\assembly\gac\hpqimgrc\3.0.0.0__a53cf5803f4c

3827\hpqimgrc.dll] [Hewlett-Packard Co.,

043.001.005.000]

[c:\windows\assembly\gac\hpqcmctl\3.0.0.0__a53cf5803f4c

3827\hpqcmctl.dll] [Hewlett-Packard Co.,

043.001.005.000]

[c:\windows\assembly\gac\hpqtray.resources\3.0.0.0_zh-

chs_a53cf5803f4c3827\hpqtray.resources.dll] [ ,

5.40.53.0]

[c:\windows\assembly\gac\lead.windows.forms\13.0.0.66__

9cf889f53ea9b907\lead.windows.forms.dll] [LEAD

Technologies, Inc., 13.0.0.66]

[c:\windows\assembly\gac\lead.drawing\13.0.0.66__9cf889

f53ea9b907\lead.drawing.dll] [LEAD Technologies, Inc.,

13.0.0.66]

[c:\windows\assembly\gac\hpqfmrsc.resources\3.0.0.0_zh

-chs_a53cf5803f4c3827\hpqfmrsc.resources.dll] [ ,

5.40.53.0]

[c:\windows\assembly\gac\interop.hpqimgr\1.0.0.0__a53cf

5803f4c3827\interop.hpqimgr.dll] [ , 1.0.0.0]
[D:\Program Files\HP\Digital

Imaging\Bin\hpqimgr.dll] [Hewlett-Packard Co.,

43.1.5.000]

[c:\windows\assembly\gac\hpqasset\3.0.0.0__a53cf5803f4c

3827\hpqasset.dll] [Hewlett-Packard Co.,

043.001.005.000]

[c:\windows\assembly\gac\hpqccrsc\3.0.0.0__a53cf5803f4c

3827\hpqccrsc.dll] [Hewlett-Packard Co.,

043.001.005.000]
[d:\program files\hp\digital

imaging\bin\hpqmirsc.dll] [Hewlett-Packard Co.,

043.001.005.000]
[d:\program files\hp\digital imaging\bin\zh-

chs\hpqmirsc.resources.dll] [ , 5.40.53.0]

[c:\windows\assembly\gac\hpqietpz\3.0.0.0__a53cf5803f4c

3827\hpqietpz.dll] [Hewlett-Packard Co.,

043.001.005.000]

[c:\windows\assembly\gac\hpqietpz.resources\3.0.0.0_zh

-chs_a53cf5803f4c3827\hpqietpz.resources.dll]

[Hewlett-Packard Co., 43.1.5.0]

[c:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c

3827\hpqcprsc.dll] [Hewlett-Packard Co.,

043.001.005.000]

[c:\windows\assembly\gac\hpqcprsc.resources\3.0.0.0_zh

-chs_a53cf5803f4c3827\hpqcprsc.resources.dll] [ ,

5.40.53.0]

[c:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c

3827\hpqisrtb.dll] [Hewlett-Packard, 4.0.0.0]

[c:\windows\assembly\gac\hpqisrtb.resources\4.0.0.0_zh

-chs_a53cf5803f4c3827\hpqisrtb.resources.dll]

[Hewlett-Packard, 4.0.0.0]

[c:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c

3827\hpqthumb.dll] [Hewlett-Packard Co.,

043.001.005.000]
[PID: 1408][C:\Program Files\Analog

Devices\SoundMAX\SMAgent.exe] [Analog Devices, Inc.,

3, 2, 6, 0]
[PID: 1084][C:\Program Files\Common Files\Ulead

Systems\DVD\ULCDRSvr.exe] [Ulead Systems, Inc., 1, 0,

0, 4]
[PID: 1672][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft

Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 2080][C:\WINDOWS\system32\HPZipm12.exe] [HP, 8,

0, 0, 0]
[C:\WINDOWS\system32\HPZidr12.dll] [HP, 8, 0, 0,

0]
[PID: 2492][C:\WINDOWS\System32\alg.exe] [Microsoft

Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3632][C:\Program Files\Internet

Explorer\iexplore.exe] [Microsoft Corporation,

6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\downlo~1\Yvcvxb.dll] [Tencent, 4, 2,

9, 90]
[C:\WINDOWS\downlo~1\Stbsbo.dll] [Tencent, 4, 2,

9, 90]
[C:\PROGRA~1\FLASHGET\JCCATCH.DLL] [FlashGet, 1,

1, 5, 0]
[C:\WINDOWS\system32\Qxsi.dll] [N/A, N/A]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll]

[Yahoo!, 2, 0, 3, 1023]
[D:\Program Files\qq\QQIEHelper.dll] [深圳市腾讯计

算机系统有限公司, 1, 1, 0, 5]
[C:\WINDOWS\system32\ssup.dll] [TENCENT, 4, 2, 9,

90]
[C:\WINDOWS\system32\Ajrf.dll] [N/A, N/A]
[C:\WINDOWS\system32\Qbpj.dll] [N/A, N/A]
[c:\program files\google\googletoolbar2.dll]

[Google Inc., 3, 0, 131, 0]
[C:\Program Files\Rising\Rav\RavScrCh.dll]

[Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx]

[Macromedia, Inc., 8,0,22,0]
[PID: 844][C:\Program Files\FlashGet\flashget.exe]

[FlashGet.com, 1, 7, 2, 0]
[C:\WINDOWS\downlo~1\Yvcvxb.dll] [Tencent, 4, 2,

9, 90]
[PID: 3356][C:\Jcb_htzq\TdxW.exe] [, ]
[C:\Jcb_htzq\TCalc.dll] [, 1, 0, 0, 1]
[C:\Jcb_htzq\Viewthem.dll] [, 1, 0, 0, 1]
[C:\Jcb_htzq\invest.dll] [, 1.15]
[C:\Jcb_htzq\Dbf.dll] [N/A, N/A]
[C:\Jcb_htzq\Secure.dll] [通达信, 1.00.00]
[C:\Jcb_htzq\TList.dll] [, 1, 0, 0, 1]
[C:\Jcb_htzq\calcer.dll] [, 1, 0, 0, 1]
[C:\Jcb_htzq\Advhq.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\downlo~1\Yvcvxb.dll] [Tencent, 4, 2,

9, 90]
[PID: 3044][C:\Program Files\WinRAR\WinRAR.exe] [N/A,

N/A]
[C:\WINDOWS\downlo~1\Yvcvxb.dll] [Tencent, 4, 2,

9, 90]
[PID: 3124][C:\DOCUME~1\ADMINI~1\LOCALS~1

\Temp\Rar$EX00.891\SREng\SREng.exe] [Smallfrogs

Studio, 2.2.6.605]
[C:\WINDOWS\downlo~1\Yvcvxb.dll] [Tencent, 4, 2,

9, 90]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost

瑞星卡卡安全论坛