删除之后再杀马上又有,avtapit.dll bbs.ikaka.com

张小北 - 2008-6-15 16:28:00

各位高手：
非常感谢您留心我这份系统诊断报告，小菜鸟十万火急等待您的帮助！
诊断时间: 2008-06-15 16:23:29
诊断平台: Microsoft Windows XP Service Pack 3, v.3300
IE版本: Internet Explorer V6.0.2900.3300 Build:62900.3300
计算机物理内存:247.48MB - 当前可用内存:121.09MB

100 - 未知 - Process: rfwsrv.exe [Rising Personal FireWall Service] - f:\Program Files\Rising\Rfw\rfwsrv.exe
100 - 未知 - Process: rfwProxy.exe [Rising Personal Proxy Service] - f:\Program Files\Rising\Rfw\rfwProxy.exe
100 - 未知 - Process: rfwstub.exe [Rising Personal FireWall Service Rfwstub ] - f:\Program Files\Rising\Rfw\rfwstub.exe
100 - 未知 - Process: rfwmain.exe [Rising Personal FireWall Main Program] - f:\Program Files\Rising\Rfw\RfwMain.exe
100 - 未知 - Process: ArSwp.exe [ArSwp] - D:\Program Files\arswp\ArSwp.exe
O8 - 未知 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O23 - 未知 - Service: RfwProxySrv [Rising Personal Proxy Service] - f:\Program Files\Rising\Rfw\rfwProxy.exe - (running)
O23 - 未知 - Service: RfwService [Rising Personal Firewall Service] - f:\Program Files\Rising\Rfw\rfwsrv.exe - (running)
O23 - 未知 - Service: WbWin [WbWin] - C:\WINDOWS\avtapit.dll - (starting)

=======================================

100 - 安全 - Process: smss.exe [进程为会话管理子系统用以初始化系统变量，ms-dos驱动名称类似lpt1以及com，调用win32壳子系统和运行在windows登陆过程。] - C:\WINDOWS\System32\smss.exe
100 - 安全 - Process: csrss.exe [客户端服务子系统，用以控制windows图形相关子系统。] - C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=base
100 - 安全 - Process: winlogon.exe [windows nt用户登陆程序。] - C:\WINDOWS\system32\winlogon.exe
100 - 安全 - Process: services.exe [用于管理windows服务系统进程。] - C:\WINDOWS\system32\services.exe
100 - 安全 - Process: lsass.exe [本地安全权限服务控制windows安全机制。] - C:\WINDOWS\system32\lsass.exe
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost -k DcomLaunch
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost -k rpcss
100 - 安全 - Process: CCenter.exe [瑞星杀毒软件控制台相关程序。] - C:\Program Files\Rising\Rav\CCenter.exe
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\System32\svchost.exe -k netsvcs
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost.exe -k NetworkService
100 - 安全 - Process: RavMonD.exe [瑞星杀毒软件的一部分。] - C:\PROGRAM FILES\RISING\RAV\ravmond.exe
100 - 安全 - Process: explorer.exe [windows program manager或者windows explorer用于控制windows图形shell，包括开始菜单、任务栏，桌面和文件管理。] - C:\WINDOWS\Explorer.EXE
100 - 安全 - Process: spoolsv.exe [windows打印任务控制程序，用以打印机就绪。] - C:\WINDOWS\system32\spoolsv.exe
100 - 安全 - Process: HPZipm12.exe [惠普出品的打印机相关驱动程序。] - C:\WINDOWS\system32\HPZipm12.exe
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost.exe -k imgsvc
100 - 安全 - Process: RavStub.exe [瑞星出品的杀毒软件相关程序。] - C:\PROGRAM FILES\RISING\RAV\RavStub.exe
100 - 安全 - Process: RavTask.exe [瑞星出品的杀毒软件相关程序。] - C:\Program Files\Rising\Rav\RavTask.exe
100 - 安全 - Process: runiep.exe [卡卡上网安全助手IE防漏墙相关程序。] - C:\Program Files\Rising\AntiSpyware\runiep.exe
100 - 安全 - Process: ctfmon.exe [office xp输入法图标。] - C:\WINDOWS\system32\ctfmon.exe
100 - 安全 - Process: RavMon.exe [瑞星杀毒软件防火墙。] - C:\Program Files\Rising\Rav\Ravmon.exe
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost.exe -k LocalService
100 - 安全 - Process: alg.exe [这是一个应用层网关服务用于网络共享。] - C:\WINDOWS\System32\alg.exe
100 - 安全 - Process: RsAgent.exe [瑞星助手是瑞星杀毒软件的一部分。] - C:\Program Files\Rising\Rav\RsAgent.exe
100 - 安全 - Process: agentsvr.exe [是一个ActiveX插件，用于多媒体程序。] - C:\WINDOWS\msagent\AgentSvr.exe -Embedding
100 - 安全 - Process: 360Safe.exe [360安全卫士] - F:\360safe\360Safe.exe
100 - 安全 - Process: 360tray.exe [360安全卫士实时保护模块] - F:\360safe\safemon\360Tray.exe
O3 - 安全 - Toolbar: (卡卡上网安全助手) - [卡卡安全助手工具条软件相关程序。] - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\kakatool.dll
O4 - 安全 - HKLM\..\Run: [RavTask] [瑞星杀毒软件的任务计划程序。] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - 安全 - HKLM\..\Run: [runeip] [卡卡上网安全助手相关程序。] "C:\Program Files\Rising\AntiSpyware\runiep.exe" /startup
O4 - 安全 - HKCU\..\Run: [ctfmon.exe] [office xp输入法图标。] C:\WINDOWS\system32\ctfmon.exe
O23 - 安全 - Service: Pml Driver HPZ12 [是惠普PSC 2100、2200、4100和6100系列打印机驱动服务。] - C:\WINDOWS\system32\HPZipm12.exe - (error)
O23 - 安全 - Service: RsCCenter [是瑞星杀毒软件控制台相关程序。] - "C:\Program Files\Rising\Rav\CCenter.exe" - (running)
O23 - 安全 - Service: RsRavMon [是瑞星杀毒软件相关监控程序。] - "C:\PROGRAM FILES\RISING\RAV\Ravmond.exe" - (not running)

=======================================

O31 - 未知 - SEApproved: {42071714-76d4-11d1-8b24-00a0c9068ff3} - deskpan.dll - - - - 0 -
O31 - 未知 - SEApproved: 无效的CLSID：Shell extensions for file compression - - - - - 0 -
O31 - 未知 - SEApproved: 无效的CLSID：加密上下文菜单 - - - - - 0 -
O31 - 未知 - SEApproved: {0DF44EAA-FF21-4412-828E-260A8728E7F1} - - - - - 0 -
O31 - 未知 - SEApproved: {00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - - - - - 0 -
O31 - 未知 - SEApproved: {7A9D77BD-5403-11d2-8785-2E0420524153} - - - - - 0 -
O31 - 未知 - SEApproved: {B41DB860-8EE4-11D2-9906-E49FADC173CA} - C:\Program Files\WinRAR\rarext.dll - - - - 121344 - db85440d8d5cfede55eab0f44edfb16f
O31 - 未知 - Directory Menu: {B41DB860-8EE4-11D2-9906-E49FADC173CA} - C:\Program Files\WinRAR\rarext.dll - - - - 121344 - db85440d8d5cfede55eab0f44edfb16f
O31 - 未知 - BootExecute: bsmain - - - - 0 -
O31 - 未知 - LSA: Security Packages - sv1_0.dll - - - - 0 -
O31 - 未知 - LSA: Security Packages - channel.dll - - - - 0 -

=======================================

O40 - svchost.exe - - c:\windows\avtapit.dll - -

=======================================

O41 - RsAntiSpyware - Anti-RootKit Driver - C:\WINDOWS\system32\drivers\RsBoot.sys - (running) - Anti-RootKit Driver - Beijing Rising Technology Co., Ltd. - f9edc97f228c046832a24b5a76017912
O41 - SiFilter - Windows Accelerator Driver - C:\WINDOWS\system32\drivers\SiWinAcc.sys - (running) - Windows Accelerator Driver - Silicon Image, Inc. - 72cf151fb410e544904dbc7d7f29b796
O41 - ZSMC0305 - Video streaming and Capture Device Driver - C:\WINDOWS\system32\drivers\usbVM305.sys - (running) - Video streaming and Capture Device Driver - Vimicro Corporation - bf67aa64fc08cdb6af1ce96d86f20ea5
O41 - NPF - NPF Driver - TME extensions - C:\WINDOWS\system32\drivers\npf.sys - (not running) - NPF Driver - TME extensions - Politecnico di Torino - f498c5c3399a60933196fc215ef074f9
O41 - TesSafe - TesSafe NT Driver - C:\WINDOWS\system32\TesSafe.sys - (not running) - TesSafe NT Driver - TENCENT - 87a27eb8d05cf79858772c4f0ded95b3
O41 - ZSMC303 - Video streaming and Capture Device Driver - C:\WINDOWS\system32\drivers\usbVM303.sys - (not running) - Video streaming and Capture Device Driver - VM - 7e87c08c7d67490637e88adb970fa50d

=======================================
360Safe.exe=4.1.8.1005
AntiAdwa.dll=4.1.5.1001
AntiEng.dll=4.1.8.1001
AntiActi.dll=2.0.0.3000
CleanHis.dll=4.0.0.1001
live.dll=1.0.1.1027

=======================================
操作历史报告：
----------清理恶评及系统插件历史----------

2008-06-14 17:38
清理恶评软件 - MY123/allxun/飘雪/飞雪 -
2008-06-14 18:02
清理恶评软件 - Cinmus广告程序 -
清理恶评软件 - 机器狗三代BHO盗号木马aind -

2007-08-09 17:02
清理恶评插件 - Cnnic中文上网 - C:\Program Files\CNNIC
2007-08-09 17:03
清理好评插件 - st - C:\Program Files\MSN Apps\ST\01.02.3000.1001\en-xu\stmain.dll
清理好评插件 - MSN 搜索工具栏 - C:\PROGRA~1\MSNAPP~1\MSNTOO~1\010250~1.102\zh-cn\msntb.dll
2007-08-18 10:40
清理好评插件 - 超级旋风下载组件 -
2007-09-24 22:15
清理恶评插件 - Cnnic中文上网 -
2007-12-08 16:39
清理好评插件 - iTudou -
2008-02-03 22:58
清理恶评插件 - pkeusvq(Auto) -
清理恶评插件 - Mseqsy恶意程序 - C:\WINDOWS\system32\auhad.cfg
清理恶评插件 - Msskye木马程序 -
2008-02-03 22:58
清理好评插件 - 系统文件镜像 -
清理好评插件 - BitComet下载组件 -
2008-02-10 10:10
清理恶评插件 - TrojanSys盗号木马 -
清理恶评插件 - 网页嵌入广告程序变种 -
2008-06-12 19:15
清理好评插件 - 豪杰超级解霸3000附带的右键菜单 -
2008-06-14 17:24
清理恶评插件 - Sysloader木马程序 -
清理恶评插件 - MY123/allxun/飘雪/飞雪 - C:\WINDOWS\system32\drivers\5EB4WT~1.SYS
清理恶评插件 - 搜易财富火箭 -
清理恶评插件 - MSN photos木马变种c - C:\WINDOWS\system32\msn.exe
2008-06-14 17:53
清理恶评插件 - Sysloader木马程序 -
清理恶评插件 - Cinmus广告程序 - C:\PROGRA~1\MICROS~2\SYSTEM\apcdli.sys
清理恶评插件 - 机器狗三代BHO盗号木马aind - C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\OFFICE\USERDATA\WEBBRO~1.DLL
2008-06-14 19:01
清理恶评插件 - Sysloader木马程序 - C:\WINDOWS\system32\SYSLOA~1.DLL
清理恶评插件 - mssckets恶意插件 -
2008-06-15 15:57
清理其它插件 - 超级旋风下载组件 -
清理其它插件 - 360safe实时保护功能模块 -

----------全面诊断修复历史----------

2007-08-09 17:18
R0 - 未知 - IE首页 - HKLM\Software\Microsoft\Internet Explorer\Main
R0 - 未知 - IE搜索页 - HKCU\Software\Microsoft\Internet Explorer\Main
R0 - 未知 - IE默认搜索页 - HKLM\Software\Microsoft\Internet Explorer\Main
R1 - 未知 - IE左侧搜索页 - HKCU\Software\Microsoft\Internet Explorer\Main
R1 - 未知 - IE备用搜索引擎 - HKCU\Software\Microsoft\Internet Explorer\Search
R1 - 安全 - IE地址栏缺省搜索引擎 - HKCU\Software\Microsoft\Internet Explorer\SearchURL
R1 - 未知 - 启用备用搜索引擎 - HKCU\Software\Microsoft\Internet Explorer\Main
O8 - 未知 - &使用快车(FlashGet)下载全部链接 - F:\FlashGet\jc_all.htm
O8 - 未知 - 收藏到QQ书签 - http://shuqian.qq.com/favit.html
O8 - 未知 - 添加到QQ表情 - F:\腾讯QQTM\AddEmotion.htm
O9 - 安全 - 卡巴斯基Web反病毒保护插件 - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O16 - 未知 - 下载的ActiveX插件 - C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner Pro\kavwebscan.dll
O16 - 未知 - 下载的ActiveX插件 - C:\WINDOWS\system32\aliedit\aliedit.dll
2007-08-11 15:10
O4 - 安全 - BigDog305 - C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O2 - 安全 - QQCycloneHelper Class - d:\Program Files\Tencent\QQDownload\QQIEHelper01.dll
O3 - 未知 - 第三方IE工具栏 -
O3 - 未知 - 第三方IE工具栏 -
O8 - 未知 - &使用快车(FlashGet)下载全部链接 - F:\FlashGet\jc_all.htm
2007-08-31 12:22
100 - 未知 - TIMPlatform.exe - F:\腾讯QQTM\TIMPlatform.exe
O4 - 安全 - BigDog305 - C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O8 - 未知 - &使用快车(FlashGet)下载全部链接 - F:\FlashGet\jc_all.htm
O18 - 未知 - 网络协议处理器 - C:\WINDOWS\system32\KuGoo3DownXControl.ocx
O18 - 未知 - 网络协议处理器 - C:\WINDOWS\system32\KuGoo3DownXControl.ocx
2007-09-06 09:26
100 - 未知 - TIMPlatform.exe - F:\腾讯QQTM\TIMPlatform.exe
O4 - 安全 - BigDog305 - C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O18 - 未知 - 网络协议处理器 - C:\WINDOWS\system32\KuGoo3DownXControl.ocx
O18 - 未知 - 网络协议处理器 - C:\WINDOWS\system32\KuGoo3DownXControl.ocx
O18 - 未知 - 网络协议处理器 - "C:\PROGRA~1\MSNMES~1\msgrapp.dll"
2007-09-11 10:58
O4 - 安全 - BigDog305 - C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
2007-09-28 10:17
O8 - 未知 - &使用快车(FlashGet)下载全部链接 - F:\FlashGet\jc_all.htm
O8 - 未知 - 添加到QQ表情 - F:\腾讯QQTM\AddEmotion.htm
O16 - 未知 - 下载的ActiveX插件 - C:\WINDOWS\system32\qqedit\qqedit.dll
2008-02-03 23:01
O8 - 未知 - 添加到QQ表情 - F:\qq\AddEmotion.htm
O9 - 未知 - @xpsp3res.dll,-20001 - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O23 - 未知 - usnjsvc - "C:\Program Files\MSN Messenger\usnsvc.exe"
O28 - 未知 - IE链接的参数 - C:\DOCUME~1\ADMINI~1\「开始~1\程序\附件\系统工具\INTERN~2.LNK
2008-02-03 23:01
O23 - 未知 - usnjsvc - "C:\Program Files\MSN Messenger\usnsvc.exe"
2008-03-28 11:57
O23 - 未知 - AVG Anti-Spyware Guard - d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
2008-06-12 19:16
R0 - 未知 - IE首页 - HKLM\Software\Microsoft\Internet Explorer\Main
R0 - 未知 - IE首页 - HKCU\Software\Microsoft\Internet Explorer\Main
2008-06-12 19:17
O9 - 未知 - 超级解霸 - C:\HEROSOFT\Hero3000\MPLAYER.EXE
2008-06-14 17:27
100 - 未知 - 2004.exe - E:\QQDownload\2004.exe
2008-06-14 17:28
O8 - 未知 - 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - 未知 - 添加到QQ表情 - F:\Program Files\Tencent\QQ\AddEmotion.htm
O23 - 未知 - WbWin - C:\WINDOWS\avtapit.dll
2008-06-15 16:00
O4 - 安全 - BigDog305 - C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O2 - 未知 - ThunderAtOnce Class - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - 安全 - VnetCookie Class - c:\PROGRA~1\chinanet\VNETTR~1.DLL
O2 - 安全 - Thunder Browser Helper - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
R1 - 安全 - IE用户指定空白页 - HKLM\Software\Microsoft\Internet Explorer\Main
R1 - 安全 - IE用户指定空白页 - HKCU\Software\Microsoft\Internet Explorer\Main
O9 - 未知 - 启动迅雷5 - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - 未知 - @xpsp3res.dll,-20001 - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O23 - 未知 - WbWin - C:\WINDOWS\avtapit.dll
2008-06-15 16:20
O23 - 未知 - WbWin - C:\WINDOWS\avtapit.dll

就是最下面这个东西.但是奇怪的是,我杀了几遍之后,瑞星却不报病毒了,这个文件还在,而且删掉之后一刷新就会出来.为什么不报了呢??

天月来了 - 2008-6-15 16:31:00

看不懂

扫SRENG日志发这论坛来（注意：如果系统日期年份异常，2.6的SRENG工具启动会异常）
下载SRENG2.6版：http://bbs.ikaka.com/attachment.aspx?attachmentid=399427

1 下载的是压缩包，必须解压缩（建议直接解压到系统Windows文件夹里）
2 运行SREng***.EXE （注意：如果系统日期年份异常，2.6的SRENG工具启动会异常）
3 选择主界面左边的：智能扫描=》扫描=》保存报告
4 把报告保存后，直接将日志文件以附件的形式发这论坛来。

一定以附件形式发这论坛来。
点击你自己的主题贴右下角的“引用”或最右下角的那个较大的“回复”然后就应该知道怎么发了。

（同时注意SRENG工具的入口点提示和那个关于<AppInit_DLLs>项的<ieprot.dll>提示都只是常规提示，可以不管它，请不要为这问题反复询问。）（注意：如果系统日期年份异常，2.6的SRENG工具启动会异常）

SRENG工具的一些操作，看这贴：http://bbs.ikaka.com/showtopic-8442813.aspx

还有这补丁打了么？
http://bbs.ikaka.com/showtopic-8509685.aspx

张小北 - 2008-6-15 16:45:00

我真不知道错在哪里..

不管我把时间调到2006还是2008又或者2009,都是提示过期,需要我输入授权号..我\胡乱输了一下.什么界面都出不来.

谢谢.这个补丁现在装上..

子艳 - 2008-6-15 16:58:00

重新下载一次，在运行之前
把系统时间改为现在当前时间。
如果实在不行就下载这个吧
http://www.kztechs.com/sreng/download.html

天月来了 - 2008-6-15 17:42:00

呵呵！！！

算了

那2.6版的就今天过期

汗死没注意

不好意思了

换2.5版的吧

:default2:

xiapeng007 - 2008-6-24 9:56:00

我的机子也是这样，杀了又出来，请高手指点。扫描报告：
2008-06-24,09:53:29

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 3 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [(Verified)Beijing Rising Science and Technology Corporation Limited]
<MSConfig><C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<360><; C:\WINDOWS\360safe.exe> [N/A]
<ACU><; C:\Program Files\Atheros\ACU\Utility\ACU.exe -nogui> [Atheros Communications, Inc.]
<AGRSMMSG><; AGRSMMSG.exe> [(Verified)Microsoft Windows Component Publisher]
<ATIPTA><; C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe> [ATI Technologies, Inc.]
<Cpqset><; C:\Program Files\HPQ\Default Settings\cpqset.exe> []
<DAEMON Tools-2052><; "D:\Program Files\D-Tools\daemon.exe" -lang 2052> [DAEMON'S HOME]
<eabconfg.cpl><; C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start> [Hewlett-Packard ]
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Publisher]
<LidPolicy><; c:\Program Files\Hewlett-Packard\LidSwitch Policy\pwrschem.exe> [Hewlett-Packard]
<Microsoft Pinyin IME Migration><; C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL> [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<PCSuiteTrayApplication><; C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup> [Nokia]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<PcSync><; C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog> [Time Information Services Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows Publisher]
<PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows Component Publisher]
<RavMonS><; C:\WINDOWS\soni.exe> [N/A]
<SoundMAX><; C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray> [Analog Devices, Inc.]
<SoundMAXPnP><; C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe> [Analog Devices, Inc.]
<StormCodec_Helper><; "d:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti> []
<SynTPEnh><; C:\Program Files\Synaptics\SynTP\SynTPEnh.exe> [(Verified)Microsoft Windows Component Publisher]
<SynTPLpr><; C:\Program Files\Synaptics\SynTP\SynTPLpr.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<usmsvc><; C:\WINDOWS\system32\usmsvc.exe> []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<WangWang><; "D:\Program Files\Alisoft\WangWang\WangWang.exe"> [(Verified)"Alibaba Software(Shanghai)Co,. Ltd"]

==================================
启动文件夹
N/A

==================================
服务
[Atheros Configuration Service / ACS][Running/Auto Start]
<C:\WINDOWS\system32\acs.exe><N/A>
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
<C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[HP WMI Interface / hpqwmi][Stopped/Manual Start]
<C:\Program Files\HPQ\SHARED\HPQWMI.exe><Hewlett-Packard Development Company, L.P.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
<"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[ServiceLayer / ServiceLayer][Stopped/Manual Start]
<"C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe"><Nokia.>
[SoundMAX Agent Service / SoundMAX Agent Service (default)][Running/Auto Start]
<C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>
[WbWin / WbWin][Others/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\avtapit.dll><Microsoft Corporation>

==================================
驱动程序
[30tin / 30tin][Stopped/Boot Start]
<\SystemRoot\system32\drivers\30tin.sys><N/A>
[aeaudio / aeaudio][Running/Manual Start]
<system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[AEGIS Protocol (IEEE 802.1x) v3.2.0.3 / AegisP][Running/Auto Start]
<system32\DRIVERS\AegisP.sys><Meetinghouse Data Communications>
[Agere Systems Soft Modem / AgereSoftModem][Running/Manual Start]
<system32\DRIVERS\AGRSM.sys><Agere Systems>
[apcdli / apcdli][Running/Auto Start]
<\??\C:\Program Files\Microsoft Office\SYSTEM\apcdli.sys><N/A>
[ati2mtag / ati2mtag][Running/Manual Start]
<system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Broadcom NetXtreme Gigabit Ethernet / b57w2k][Running/Manual Start]
<system32\DRIVERS\b57xp32.sys><Broadcom Corporation>
[CONAN / CONAN][Running/Manual Start]
<system32\drivers\o2mmb.sys><O2 Micro>
[d347bus / d347bus][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\d347bus.sys><>
[d347prt / d347prt][Running/Boot Start]
<\SystemRoot\System32\Drivers\d347prt.sys><>
[eabfiltr / eabfiltr][Running/System Start]
<\??\C:\WINDOWS\system32\drivers\EABFiltr.sys><Hewlett-Packard Company>
[eabusb / eabusb][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\drivers\eabusb.sys><Hewlett-Packard Company>
[efgieb / efgiebr][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\efgiebr.sys><>
[HookCont / HookCont][Running/System Start]
<\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Technology Co., Ltd>
[HookNtos / HookNtos][Running/System Start]
<\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Technology Co., Ltd>
[HookReg / HookReg][Running/System Start]
<\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Technology Co., Ltd>
[HookSys / HookSys][Running/System Start]
<\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Technology Co., Ltd>
[MbxStby / MbxStby][Running/Manual Start]
<system32\drivers\MbxStby.sys><O2 Micro>
[Nokia USB Generic / Nokia USB Generic][Stopped/Manual Start]
<system32\drivers\nmwcdc.sys><Nokia>
[Nokia USB Modem / Nokia USB Modem][Stopped/Manual Start]
<system32\drivers\nmwcdcm.sys><Nokia>
[Nokia USB Phone Parent / Nokia USB Phone Parent][Stopped/Manual Start]
<system32\drivers\nmwcd.sys><Nokia>
[Nokia USB Port / Nokia USB Port][Stopped/Manual Start]
<system32\drivers\nmwcdcj.sys><Nokia>
[ntptdb / ntptdb][Running/Auto Start]
<\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys><N/A>
[Protector / Protector][Running/System Start]
<system32\drivers\Protector.sys><N/A>
[ProtectorA / ProtectorA][Running/System Start]
<\??\C:\WINDOWS\system32\drivers\ProtectorA.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SMC IrCC Miniport Device Driver / SMCIRDA][Running/Manual Start]
<system32\DRIVERS\smcirda.sys><SMC>
[smwdm / smwdm][Running/Manual Start]
<system32\drivers\smwdm.sys><Analog Devices, Inc.>
[Synaptics TouchPad Driver / SynTP][Running/Manual Start]
<system32\DRIVERS\SynTP.sys><Synaptics, Inc.>
[HP WLAN W400/W500 Wireless Network Adapter Service / WLAN_400_500_SERVICE][Stopped/Manual Start]
<system32\DRIVERS\ar5211.sys><Atheros Communications, Inc.>

==================================
浏览器加载项
[ThunderAtOnce Class]
{01443AEC-0FD1-40fd-9C87-E93D1494C233} <D:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[CMsgCenter Class]
{6014EABC-B61A-4F07-A32B-440EAE835DF9} <C:\WINDOWS\system32\usmsho.dll, >
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[GotoSurf Objects]
{986488AF-13D5-9DDF-4FEF-9FB88698CFC1} <C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2129.dll, N/A>
[CITICS ProcessProtect Class]
{C37F9D60-975D-41f2-A745-4DC934D319AA} <CITICSPP.dll, ISRA>
[启动迅雷5]
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <D:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>

xiapeng007 - 2008-6-24 9:57:00

[信息检索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL, Microsoft Corporation>
[]
{e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
[ThunderAtOnce Class]
{01443AEC-0FD1-40FD-9C87-E93D1494C233} <D:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\Mshtml.dll, N/A>
[Thunder Agent Class]
{485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <D:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[Microsoft Terminal Services Client Control (redist)]
{4eb89ff4-7f78-4a0f-8b8d-2bf02e94e4b2} <%systemroot%\system32\mstscax.dll, N/A>
[Microsoft Terminal Services Client Control (redist)]
{4EDCB26C-D24C-4e72-AF07-B576699AC0DE} <%systemroot%\system32\mstscax.dll, N/A>
[CMsgCenter Class]
{6014EABC-B61A-4F07-A32B-440EAE835DF9} <C:\WINDOWS\system32\usmsho.dll, >
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[XMP Class]
{6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
[XDRM]
{693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[WangWangObj Class]
{6E213FC7-DD5A-4115-B7E6-D4C7838C361E} <D:\Program Files\Alisoft\WangWang\WangWangX6.dll, 阿里巴巴软件(上海)有限公司>
[Microsoft Terminal Services Client Control (redist)]
{7390f3d8-0439-4c05-91e3-cf5cb290c3d0} <%systemroot%\system32\mstscax.dll, N/A>
[Microsoft Terminal Services Client Control (redist)]
{7584c670-2274-4efb-b00b-d6aaba6d3850} <%systemroot%\system32\mstscax.dll, N/A>
[MediaComm Class]
{7670648D-461B-42AF-BDFE-46D26AF5EFF2} <D:\Program Files\Thunder Network\Thunder\Components\InMedia\MediaAddin14.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[Microsoft Terminal Services Client Control (redist)]
{9059f30f-4eb1-4bd2-9fdc-36f43a218f4a} <%systemroot%\system32\mstscax.dll, N/A>
[GotoSurf Objects]
{986488AF-13D5-9DDF-4FEF-9FB88698CFC1} <C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2129.dll, N/A>
[RMGetLicense Class]
{A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[Thunder DapCtrl]
{ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <D:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DapCtrl1.2.11.14.397.dll, ShenZhen Thunder Networking Technologies Ltd.>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[CITICS ProcessProtect Class]
{C37F9D60-975D-41F2-A745-4DC934D319AA} <CITICSPP.dll, ISRA>
[Microsoft Office 12 Authorization Control]
{C9712B19-838B-45A5-ABF2-9A315DDDED50} <C:\PROGRA~1\MICROS~2\Office12\AUTHZAX.DLL, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
[Thunder DapPlayer]
{EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <D:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DapPlayer3.0.40.64.397.dll, ShenZhen Thunder Networking Technologies Ltd.>
[XPPlayer Class]
{F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\pplayer.dll_1_work, Thunder>
[使用迅雷下载]
<D:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
<D:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>
[导出到 Microsoft Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
<d:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>

==================================
正在运行的进程
[PID: 796 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 876 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 900 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[C:\WINDOWS\system32\Ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4116]
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.3.0.0]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 944 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
[PID: 956 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[PID: 1116 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4116]
[C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2497]
[PID: 1128 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1224 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1316 / SYSTEM][C:\Program Files\Rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.28]
[PID: 1336 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[c:\windows\avtapit.dll] [Microsoft Corporation, 1, 0, 0, 1]
[C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[PID: 1392 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1468 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1580 / SYSTEM][C:\PROGRAM FILES\RISING\RAV\ravmond.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.76]
[C:\PROGRAM FILES\RISING\RAV\BWList.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.4]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.0]
[C:\PROGRAM FILES\RISING\RAV\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.18]
[C:\PROGRAM FILES\RISING\RAV\RsLog.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.35]
[C:\PROGRAM FILES\RISING\RAV\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[C:\PROGRAM FILES\RISING\RAV\MonRule.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.29]
[C:\PROGRAM FILES\RISING\RAV\Hooksys.dll] [Beijing Rising Technology Co., Ltd, 22, 0, 0, 9]
[C:\PROGRAM FILES\RISING\RAV\HookReg.dll] [Beijing Rising Technology Co., Ltd, 22, 0, 0, 4]
[C:\PROGRAM FILES\RISING\RAV\HookNtos.dll] [Beijing Rising Technology Co., Ltd, 22, 0, 0, 2]
[C:\PROGRAM FILES\RISING\RAV\rswalmon.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 22]
[C:\PROGRAM FILES\RISING\RAV\recomp.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 39]
[C:\PROGRAM FILES\RISING\RAV\refs.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 17]
[C:\PROGRAM FILES\RISING\RAV\ffr.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 15]
[C:\Program Files\Rising\Rav\RsStore.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.8]
[C:\PROGRAM FILES\RISING\RAV\HookCont.dll] [Beijing Rising Technology Co., Ltd, 22, 0, 0, 1]
[C:\Program Files\Rising\Rav\fakescan.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.13]
[C:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.36]
[C:\PROGRAM FILES\RISING\RAV\viruslib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26]
[C:\PROGRAM FILES\RISING\RAV\relibldr.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[C:\PROGRAM FILES\RISING\RAV\HookWeb.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.2]
[C:\PROGRAM FILES\RISING\RAV\extfile.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 29]
[C:\PROGRAM FILES\RISING\RAV\pearc.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 5]
[C:\PROGRAM FILES\RISING\RAV\nvfile.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 6]
[C:\PROGRAM FILES\RISING\RAV\scanexec.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[C:\PROGRAM FILES\RISING\RAV\unexe.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 5]
[C:\PROGRAM FILES\RISING\RAV\scanex.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 77]
[C:\PROGRAM FILES\RISING\RAV\extmail.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9]
[C:\PROGRAM FILES\RISING\RAV\scanpack.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9]
[C:\PROGRAM FILES\RISING\RAV\revm.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 8]
[C:\PROGRAM FILES\RISING\RAV\urutils.dll] [, 20, 0, 0, 6]
[C:\PROGRAM FILES\RISING\RAV\ur000.dat] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 18]
[C:\PROGRAM FILES\RISING\RAV\scriptci.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
[C:\PROGRAM FILES\RISING\RAV\ur001.dat] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
[C:\PROGRAM FILES\RISING\RAV\uroutine.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26]
[C:\PROGRAM FILES\RISING\RAV\scansct.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9]
[C:\PROGRAM FILES\RISING\RAV\extole.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 12]
[C:\PROGRAM FILES\RISING\RAV\posttrt.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 22]
[C:\PROGRAM FILES\RISING\RAV\ur023.dat] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 1]
[PID: 1852 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.2175.0]
[PID: 1924 / SYSTEM][C:\WINDOWS\system32\acs.exe] [N/A, ]
[C:\WINDOWS\system32\athcfg11.dll] [Atheros, 4.1.2.82]
[C:\WINDOWS\system32\athcfg11Res.dll] [Atheros Communications, Inc., 4.1.2.82]
[C:\WINDOWS\system32\athcfg11resloc.dll] [Atheros Communications, Inc., 4.1.2.82]
[PID: 572 / name][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4116]
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.3.0.0]
[C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2497]
[PID: 668 / name][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.3.0.0]
[C:\WINDOWS\system32\systemdrv.dll] [, 3, 3, 1, 0]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[D:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 7.0.0.2004121400]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[D:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll] [, 1, 0, 0, 12]
[D:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 13]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[D:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.5.16]
[D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 55]
[C:\Program Files\Microsoft Office\Office12\msohevi.dll] [Microsoft Corporation, 12.0.4518.1014]
[PID: 760 / name][C:\PROGRAM FILES\RISING\RAV\RavMon.exe] [Beijing Rising Technology Co., Ltd., 20.0.01.19]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\PROGRAM FILES\RISING\RAV\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[C:\PROGRAM FILES\RISING\RAV\recomp.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 39]
[C:\PROGRAM FILES\RISING\RAV\refs.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 17]
[C:\PROGRAM FILES\RISING\RAV\viruslib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26]
[C:\PROGRAM FILES\RISING\RAV\relibldr.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.0]
[C:\PROGRAM FILES\RISING\RAV\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.18]
[C:\PROGRAM FILES\RISING\RAV\MonRule.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.29]
[C:\PROGRAM FILES\RISING\RAV\PngDll.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4]
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.3.0.0]
[C:\PROGRAM FILES\RISING\RAV\Rsguilib.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 89]
[C:\PROGRAM FILES\RISING\RAV\RsXML.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0]
[PID: 1292 / name][C:\Program Files\Rising\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 20.0.0.23]
[C:\Program Files\Rising\Rav\ProcCom.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[C:\Program Files\Rising\Rav\RsCommX2.dll] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 20.0.0.0]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 20.0.0.18]
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.3.0.0]
[PID: 1496 / name][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.3.0.0]
[PID: 1772 / SYSTEM][C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe] [Analog Devices, Inc., 3, 2, 6, 0]
[PID: 2940 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
[PID: 2336 / name][C:\Program Files\GreenBrowser\GreenBrowser.exe] [MoreQuick, 4, 4, 129, 0]
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.3.0.0]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx] [Adobe Systems, Inc., 9,0,124,0]
[PID: 3440 / name][C:\Program Files\WinRAR\WinRAR.exe] [Alexander Roshal, 3.70]
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.3.0.0]
[C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll] [Nokia, 6, 80, 37, 4]
[C:\Program Files\Nokia\Nokia PC Suite 6\PCSCM.dll] [Nokia, 6, 80, 66, 0]
[C:\WINDOWS\system32\ConnAPI.DLL] [Nokia., 6, 80, 55, 5]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_chi-sc.nlr] [Nokia, 6, 80, 26, 0]
[C:\Program Files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr] [Nokia, 6, 80, 8, 0]
[PID: 740 / name][C:\DOCUME~1\name\LOCALS~1\Temp\Rar$EX18.856\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 3.3.0.0]
[C:\DOCUME~1\name\LOCALS~1\Temp\Rar$EX18.856\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT Error. [C:\WINDOWS\notepad.exe %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. ["hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 1924, C:\WINDOWS\SYSTEM32\ACS.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2336, C:\PROGRAM FILES\GREENBROWSER\GREENBROWSER.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3440, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================

[/CODE]

瑞星卡卡安全论坛