发现一个很牛b的病毒~75976m.bmp付日志~ bbs.ikaka.com

酒醉的小强 - 2006-11-20 9:36:00

2006-11-20,09:23:30

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 1 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe> [(Verified)Microsoft Corporation]
<Super Rabbit IEPro><D:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE /LOAD> [Super Rabbit Soft]
<SDO2005><C:\Program Files\盛大圈圈\SDOClient.exe> [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<NiceMs><C:\Program Files\Internet Explorer\PLUGINS\temp.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<PHIME2002A><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<PHIME2002ASync><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<RavTask><"c:\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<load><C:\WINDOWS\uninstall\rundl132.exe> [N/A]
<r><C:\WINDOWS\down\rundll32.exe> [N/A]
<xy><C:\WINDOWS\Download\svhost32.exe> [N/A]
<rzt><C:\WINDOWS\Intel\rundll32.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<RavStub><"c:\Rising\Rav\ravstub.exe" /RUNONCE> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\SYSTEM32\Userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><75976M.BMP> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]

==================================
启动文件夹
N/A

==================================
服务
[Application Management / AppMgmt]
<C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[Human Interface Device Access / HidServ]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Process Communication Center / RsCCenter]
<"c:\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
<"c:\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[UStorage Server Service / UStorage Server Service]
<C:\WINDOWS\system32\UStorSrv.exe /Service><OTi>

酒醉的小强 - 2006-11-20 9:37:00

==================================
驱动程序
[AEGIS Protocol (IEEE 802.1x) v3.4.5.0 / AegisP]
<System32\DRIVERS\AegisP.sys><Meetinghouse Data Communications>
[Aero-Info PCI JScard / AIPCI_Device]
<System32\Drivers\AIPCI.sys><Your Corporation>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Rising TDI Base Driver / BaseTDI]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[ExpScaner / ExpScaner]
<\??\c:\Rising\Rav\ExpScan.sys><>
[HookCont / HookCont]
<\??\c:\Rising\Rav\HOOKCONT.sys><Rising tech Co. ltd>
[HookReg / HookReg]
<\??\c:\Rising\Rav\HookReg.sys><>
[HookSys / HookSys]
<\??\c:\Rising\Rav\HookSys.sys><Rising>
[IEEE-1284.4 Driver HPZid412 / HPZid412]
<System32\DRIVERS\HPZid412.sys><HP>
[Print Class Driver for IEEE-1284.4 HPZipr12 / HPZipr12]
<System32\DRIVERS\HPZipr12.sys><HP>
[USB to IEEE-1284.4 Translation Driver HPZius12 / HPZius12]
<System32\DRIVERS\HPZius12.sys><HP>
[ialm / ialm]
<System32\DRIVERS\ialmnt5.sys><Intel Corporation>
[MEMSCAN / MEMSCAN]
<\??\c:\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[npkcrypt / npkcrypt]
<\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><N/A>
[StarForce Protection Environment Driver v6 / prodrv06]
<\SystemRoot\System32\drivers\prodrv06.sys><StarForce Technologies, Inc.>
[StarForce Protection Helper Driver v2 / prohlp02]
<\SystemRoot\System32\drivers\prohlp02.sys><StarForce Technologies, Inc.>
[StarForce Protection Synchronization Driver v1 / prosync1]
<\SystemRoot\System32\drivers\prosync1.sys><StarForce Technologies, Inc.>
[Direct Parallel Link Driver / Ptilink]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
<System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv]
<System32\DRIVERS\secdrv.sys><N/A>
[Sentinel / Sentinel]
<\SystemRoot\System32\Drivers\SENTINEL.SYS><N/A>
[StarForce Protection Helper Driver / sfhlp01]
<\SystemRoot\System32\drivers\sfhlp01.sys><StarForce Technologies, Inc.>

==================================
浏览器加载项
[超级兔子上网精灵]
{7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <D:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[启动迅雷]
{0062C9BD-B349-40DE-91A0-755F37ACD559} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, N/A>
[超级兔子上网精灵]
{43869BB3-22FD-4F15-9B46-238106BA2F4E} <D:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[金山快译(&K)]
{6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} <d:\PROGRA~1\Kingsoft\FastAIT\IEBand.dll, >
[CEditCtrl Object]
{488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\System32\aliedit\AliEdit.dll, www.alipay.com>
[&使用迅雷下载]
<C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
<C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[上传到QQ网络硬盘]
<C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
<C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

酒醉的小强 - 2006-11-20 9:37:00

==================================
正在运行的进程
[PID: 504][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 560][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 584][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 628][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 640][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 812][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 916][c:\Rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 932][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1112][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1152][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1384][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll] [Thunder Networking Technologies,LTD, 5, 0, 0, 2]
[D:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[C:\WINDOWS\RichDll.dll] [N/A, N/A]
[C:\Program Files\Internet Explorer\PLUGINS\sb.dll] [N/A, N/A]
[C:\WINDOWS\rxdll.dll] [N/A, N/A]
[C:\WINDOWS\System32\xydll.dll] [N/A, N/A]
[C:\WINDOWS\System32\wldll.dll] [N/A, N/A]
[C:\WINDOWS\System32\igfxpph.dll] [Intel Corporation, 3,0,0,2104]
[C:\WINDOWS\System32\hccutils.DLL] [Intel Corporation, 3,0,0,2104]
[C:\WINDOWS\System32\igfxres.dll] [Intel Corporation, 3,0,0,2104]
[C:\WINDOWS\System32\ztdll.dll] [N/A, N/A]
[C:\WINDOWS\System32\dllwm.dll] [N/A, N/A]
[PID: 1472][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\WINDOWS\system32\hpzsnt09.dll] [HP, 2.240.0.0]
[PID: 1652][c:\Rising\Rav\RavStub.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 16]
[c:\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[c:\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 1776][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 1816][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE] [Microsoft Corporation, 7.00.9466]
[PID: 1872][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\hpgwiamd.dll] [Hewlett-Packard, 3.2.2.553]
[C:\WINDOWS\System32\hpotscl.dll] [, 1, 0, 0,553]
[PID: 1228][C:\Rising\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 22]
[C:\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
[C:\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\WINDOWS\System32\xydll.dll] [N/A, N/A]
[C:\WINDOWS\rxdll.dll] [N/A, N/A]
[C:\WINDOWS\System32\wldll.dll] [N/A, N/A]
[C:\WINDOWS\System32\ztdll.dll] [N/A, N/A]
[PID: 1248][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3510]
[C:\WINDOWS\System32\wldll.dll] [N/A, N/A]
[C:\WINDOWS\System32\xydll.dll] [N/A, N/A]
[C:\WINDOWS\rxdll.dll] [N/A, N/A]
[C:\WINDOWS\System32\ztdll.dll] [N/A, N/A]
[PID: 1260][C:\WINDOWS\System32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\rxdll.dll] [N/A, N/A]
[C:\WINDOWS\System32\wldll.dll] [N/A, N/A]
[C:\WINDOWS\System32\xydll.dll] [N/A, N/A]
[C:\WINDOWS\System32\ztdll.dll] [N/A, N/A]
[PID: 1284][D:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE] [Super Rabbit Soft, 7.82]
[D:\PROGRA~1\SUPERR~1\MagicSet\shlobj71.ocx] [Sky Software (http://www.ssware.com), 7, 1, 0, 0]
[C:\WINDOWS\rxdll.dll] [N/A, N/A]
[C:\WINDOWS\System32\xydll.dll] [N/A, N/A]
[C:\WINDOWS\System32\wldll.dll] [N/A, N/A]
[C:\WINDOWS\System32\ztdll.dll] [N/A, N/A]
[PID: 1364][C:\WINDOWS\System32\conime.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\wldll.dll] [N/A, N/A]
[C:\WINDOWS\System32\xydll.dll] [N/A, N/A]
[C:\WINDOWS\rxdll.dll] [N/A, N/A]
[C:\WINDOWS\System32\ztdll.dll] [N/A, N/A]
[PID: 1712][C:\WINDOWS\Logo1_.exe] [N/A, N/A]
[PID: 564][C:\WINDOWS\SVCHOST.EXE] [N/A, N/A]
[C:\WINDOWS\System32\ztdll.dll] [N/A, N/A]
[C:\WINDOWS\System32\wldll.dll] [N/A, N/A]
[C:\WINDOWS\System32\xydll.dll] [N/A, N/A]
[C:\WINDOWS\rxdll.dll] [N/A, N/A]
[PID: 416][C:\WINDOWS\SERVICES.EXE] [N/A, N/A]
[C:\WINDOWS\rxdll.dll] [N/A, N/A]
[C:\WINDOWS\System32\ztdll.dll] [N/A, N/A]
[C:\WINDOWS\System32\wldll.dll] [N/A, N/A]
[C:\WINDOWS\System32\xydll.dll] [N/A, N/A]
[PID: 144][C:\WINDOWS\WINLOGON.EXE] [N/A, N/A]
[C:\WINDOWS\System32\xydll.dll] [N/A, N/A]
[C:\WINDOWS\System32\wldll.dll] [N/A, N/A]
[C:\WINDOWS\rxdll.dll] [N/A, N/A]
[C:\WINDOWS\System32\ztdll.dll] [N/A, N/A]
[PID: 604][C:\WINDOWS\RUNDLL32.exe] [N/A, N/A]
[C:\WINDOWS\System32\wldll.dll] [N/A, N/A]
[C:\WINDOWS\System32\xydll.dll] [N/A, N/A]
[C:\WINDOWS\rxdll.dll] [N/A, N/A]
[C:\WINDOWS\System32\ztdll.dll] [N/A, N/A]
[PID: 756][C:\Program Files\svhost32.exe] [N/A, N/A]
[C:\WINDOWS\System32\dllwm.dll] [N/A, N/A]
[C:\WINDOWS\System32\ztdll.dll] [N/A, N/A]
[C:\WINDOWS\System32\wldll.dll] [N/A, N/A]
[C:\WINDOWS\System32\xydll.dll] [N/A, N/A]
[C:\WINDOWS\rxdll.dll] [N/A, N/A]
[PID: 1084][C:\WINDOWS\8Sy.exe] [N/A, N/A]
[C:\WINDOWS\75976M.BMP] [N/A, N/A]
[PID: 824][C:\WINDOWS\System32\cmd.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\75976M.BMP] [N/A, N/A]
[PID: 1188][D:\新建文件夹\sreng2\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605]
[C:\WINDOWS\75976M.BMP] [N/A, N/A]
[C:\WINDOWS\System32\ztdll.dll] [N/A, N/A]
[C:\WINDOWS\System32\wldll.dll] [N/A, N/A]
[C:\WINDOWS\System32\xydll.dll] [N/A, N/A]
[C:\WINDOWS\rxdll.dll] [N/A, N/A]
[C:\WINDOWS\System32\dllwm.dll] [N/A, N/A]
[PID: 784][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\75976M.BMP] [N/A, N/A]
[D:\Program Files\Super Rabbit\MagicSet\haokanbar.dll] [Xiang Feng Technology, 2, 2, 0, 1612]
[C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll] [Thunder Networking Technologies,LTD, 5, 0, 0, 2]
[C:\WINDOWS\System32\ztdll.dll] [N/A, N/A]
[C:\WINDOWS\System32\wldll.dll] [N/A, N/A]
[C:\WINDOWS\System32\xydll.dll] [N/A, N/A]
[C:\WINDOWS\rxdll.dll] [N/A, N/A]
[C:\WINDOWS\System32\dllwm.dll] [N/A, N/A]
[C:\WINDOWS\System32\Macromed\Flash\Flash8b.ocx] [Macromedia, Inc., 8,0,24,0]

酒醉的小强 - 2006-11-20 9:38:00

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================

酒醉的小强 - 2006-11-20 9:39:00

HijackThis日志
Logfile of HijackThis v1.99.1
Scan saved at 9:27:54, on 2006-11-20
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\Rising\Rav\RavStub.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Rising\Rav\RavTask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
D:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE
C:\WINDOWS\System32\conime.exe
C:\WINDOWS\SVCHOST.EXE
C:\WINDOWS\SERVICES.EXE
C:\WINDOWS\WINLOGON.EXE
C:\WINDOWS\RUNDLL32.exe
C:\Program Files\svhost32.exe
C:\WINDOWS\8Sy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\新建文件夹\248783200522382732\HijackThis.exe

O2 - BHO: 超级兔子上网精灵 - {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} - D:\Program Files\Super Rabbit\MagicSet\haokanbar.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll
O3 - Toolbar: 超级兔子上网精灵 - {43869BB3-22FD-4F15-9B46-238106BA2F4E} - D:\Program Files\Super Rabbit\MagicSet\haokanbar.dll
O3 - Toolbar: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - d:\PROGRA~1\Kingsoft\FastAIT\IEBand.dll
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\System32\kakatool.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002A] ; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PHIME2002ASync] ; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [RavTask] "c:\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [load] C:\WINDOWS\uninstall\rundl132.exe
O4 - HKLM\..\Run: [r] C:\WINDOWS\down\rundll32.exe
O4 - HKLM\..\Run: [xy] C:\WINDOWS\Download\svhost32.exe
O4 - HKLM\..\Run: [rzt] C:\WINDOWS\Intel\rundll32.exe
O4 - HKLM\..\RunOnce: [RavStub] "c:\Rising\Rav\ravstub.exe" /RUNONCE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Super Rabbit IEPro] D:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE /LOAD
O4 - HKCU\..\Run: [SDO2005] C:\Program Files\盛大圈圈\SDOClient.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/1007/aliedit.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{57ADCBB5-58CB-4168-9F1B-6A760339FE33}: NameServer = 202.96.128.166,202.96.134.133
O20 - AppInit_DLLs: 75976M.BMP
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - c:\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - c:\Rising\Rav\Ravmond.exe

瑞星卡卡安全论坛