系统活动进程
C:\WINDOWS\SYSTEM32\ALG.EXE
C:\WINDOWS\SYSTEM32\SMSS.EXE
C:\WINDOWS\SYSTEM32\CSRSS.EXE
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\SYSTEM32\ATI2EVXX.DLL
C:\WINDOWS\SYSTEM32\MSACM32.DRV

C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\SYSTEM32\LSASS.EXE
C:\PROGRAM FILES\RISING\RFW\RFWMAIN.EXE
C:\PROGRAM FILES\RISING\RFW\RSGUILIB.DLL
C:\PROGRAM FILES\RISING\RFW\RSCOMMON.DLL
C:\PROGRAM FILES\RISING\RFW\PNGDLL.DLL
C:\PROGRAM FILES\TENCENT\ADPLUS\ADPLUS.DLL
C:\PROGRAM FILES\RISING\RFW\PSAPI.DLL

C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM32\ATI2EDXX.DLL

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\WUPS2.DLL

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\MSAGENT\AGENTSVR.EXE
C:\PROGRAM FILES\TENCENT\ADPLUS\ADPLUS.DLL
C:\WINDOWS\SYSTEM32\MSACM32.DRV

C:\PROGRAM FILES\RISING\RFW\RFWSRV.EXE
C:\PROGRAM FILES\RISING\RFW\RFWRULE.DLL
C:\PROGRAM FILES\RISING\RFW\RFWLOG.DLL
C:\PROGRAM FILES\RISING\RFW\RFWDRV.DLL
C:\PROGRAM FILES\RISING\RFW\PSAPI.DLL
C:\PROGRAM FILES\RISING\RFW\MONDRV.DLL
C:\PROGRAM FILES\RISING\RFW\PROCLIB.DLL
C:\PROGRAM FILES\RISING\RFW\MPORTS.DLL

C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
F:\NEWSCANDRIVE.EXE
F:\FTCAPI.DLL
C:\PROGRAM FILES\TENCENT\ADPLUS\ADPLUS.DLL
C:\WINDOWS\SYSTEM32\AUDIODEV.DLL

C:\WINDOWS\SYSTEM32\CONIME.EXE
C:\PROGRAM FILES\TENCENT\ADPLUS\ADPLUS.DLL

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\TENCENT\ADPLUS\ADPLUS.DLL
C:\PROGRAM FILES\TENCENT\ADPLUS\SSADDR1.DLL
C:\WINDOWS\SYSTEM32\KAKATOOL.DLL
C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL
C:\WINDOWS\SYSTEM32\XUNLEIBHO_V14.DLL
D:\QQ\QQIEHELPER.DLL
C:\PROGRA~1\FLASHGET\JCCATCH.DLL
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE11\MSOHEV.DLL
C:\WINDOWS\SYSTEM32\MSACM32.DRV
C:\PROGRAM FILES\RISING\RAV\RAVSCRCH.DLL
C:\WINDOWS\SYSTEM32\MACROMED\FLASH\FLASH.OCX
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\OFFICE11\MSOXMLMF.DLL

C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\PROGRAM FILES\TENCENT\ADPLUS\ADPLUS.DLL
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPDSXX.DLL
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.CHS
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPDXXX.DLL

C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM32\RAVEXT.DLL
C:\PROGRAM FILES\TENCENT\ADPLUS\ADPLUS.DLL
C:\PROGRAM FILES\TENCENT\ADPLUS\SSADDR1.DLL
C:\WINDOWS\SYSTEM32\MSACM32.DRV
C:\PROGRAM FILES\WINRAR\RAREXT.DLL
C:\WINDOWS\SYSTEM32\XUNLEIBHO_V14.DLL
F:\COMMENU.DLL

C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM32\ATI2EDXX.DLL

C:\WINDOWS\SYSTEM32\CTFMON.EXE
C:\PROGRAM FILES\TENCENT\ADPLUS\ADPLUS.DLL

D:\QQ\QQ.EXE
D:\QQ\QQBASECLASSINDLL.DLL
D:\QQ\QQHELPERDLL.DLL
D:\QQ\BASICCTRLDLL.DLL
D:\QQ\MFC42.DLL
C:\PROGRAM FILES\TENCENT\ADPLUS\ADPLUS.DLL
D:\QQ\RICHED32.DLL
D:\QQ\RICHED20.DLL
D:\QQ\QQAPI.DLL
D:\QQ\TIMPROXY.DLL
D:\QQ\LOGINCTRL.DLL
D:\QQ\NPKCNTC.DLL
D:\QQ\NPKPDB.DLL
D:\QQ\QQRES.DLL
D:\QQ\QQMAINFRAME.DLL
D:\QQ\CQQAPPLICATION.DLL
D:\QQ\NEWSKIN.DLL
D:\QQ\HOSTINGMGR.DLL
D:\QQ\CAMERADLL.DLL
D:\QQ\MAILSUMMARY.DLL
D:\QQ\QQSPACE.DLL
D:\QQ\VBSCRIPT.DLL
D:\QQ\QQGROUPMNG.DLL
D:\QQ\USERDEFINEDHEAD.DLL
D:\QQ\QQPLUGIN.DLL
D:\QQ\QQCONFIGPLUGIN.DLL
D:\QQ\QRINGMNG.DLL
D:\QQ\PHONEAPI.DLL
D:\QQ\DIALERALLINONE.DLL
C:\WINDOWS\SYSTEM32\MSACM32.DRV
D:\QQ\LONGCONNECTION.DLL
D:\QQ\QQSYSMSGMNG.DLL
D:\QQ\QQAVATAR.DLL
D:\QQ\FLASHAVATARDLL.DLL
D:\QQ\QQPET.DLL
D:\QQ\BQQAPPLICATION.DLL
C:\WINDOWS\SYSTEM32\RAVEXT.DLL
C:\WINDOWS\SYSTEM32\MSADP32.ACM
D:\QQ\COMMERCESMNG.DLL
D:\QQ\PERSONALDESKTOP.DLL
D:\QQ\QQUDPGETFILELIB.DLL
D:\QQ\QQALLINONE.DLL
D:\QQ\SCCORE.DLL
D:\QQ\GDIPLUS.DLL
D:\QQ\QQCUSTOMFACE.DLL
C:\WINDOWS\SYSTEM32\MACROMED\FLASH\FLASH.OCX
D:\QQ\QQSCENEMNG.DLL
D:\QQ\QQADDR.DLL
D:\QQ\GROUPCONNECTION.DLL
D:\QQ\QQPHONEHELPER.DLL
D:\QQ\IMAGEOLE.DLL
D:\QQ\QQZIP.DLL
C:\WINDOWS\SYSTEM32\WINWB86.IME
D:\QQ\QQMAGICFACE.DLL
D:\QQ\QQFILETRANSFER.DLL

D:\QQ\TIMPLATFORM.EXE
C:\PROGRAM FILES\TENCENT\ADPLUS\ADPLUS.DLL
D:\QQ\TIMPROXY.DLL

C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\9KZXPZHY\RSDETECT[1].EXE
C:\PROGRAM FILES\TENCENT\ADPLUS\ADPLUS.DLL


普通自启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SoundMan = SOUNDMAN.EXE
ATIPTA = "C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE"
RfwMain = "C:\PROGRAM FILES\RISING\RFW\RFWMAIN.EXE" -STARTUP
RavTask = "C:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE" -SYSTEM
AddrPlus3 = C:\PROGRA~1\TENCENT\ADPLUS\STUP.EXE C:\PROGRA~1\TENCENT\ADPLUS\ADPLUS.DLL RUNDLL32
stup.exe = C:\PROGRA~1\TENCENT\ADPLUS\STUP.EXE

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe = C:\WINDOWS\SYSTEM32\CTFMON.EXE


AppInit_DLLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs =


系统文件关联
.exe ==> exefile = "%1" %*
.com ==> comfile = "%1" %*
.cmd ==> cmdfile = "%1" %*
.bat ==> batfile = "%1" %*
.txt ==> txtfile = %SystemRoot%\system32\NOTEPAD.EXE %1
.scr ==> scrfile = "%1" /S
.reg ==> regfile = regedit.exe "%1"
.doc ==> Word.Document.8 = "C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE" /n /dde

其它启动项
WIN.INI
无信息

SYSTEM.INI
SHELL = Explorer.exe
SCRNSAVE.EXE = C:\WINDOWS\system32\RAVSS.SCR


Winlogon 启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
AtiExtEvent = ATI2EVXX.DLL
crypt32chain = CRYPT32.DLL
cryptnet = CRYPTNET.DLL
cscdll = CSCDLL.DLL
ScCertProp = WLNOTIFY.DLL
Schedule = WLNOTIFY.DLL
sclgntfy = SCLGNTFY.DLL
SensLogn = WLNOTIFY.DLL
termsrv = WLNOTIFY.DLL
wlballoon = WLNOTIFY.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit = C:\WINDOWS\SYSTEM32\USERINIT.EXE,
shell = EXPLORER.EXE

IE - BHO
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{0005A87D-D626-4B3A-84F9-1D9571695F55} = C:\WINDOWS\system32\xunleibho_v14.dll
{0C7C23EF-A848-485B-873C-0ED954731014} = C:\Program Files\TENCENT\Adplus\SSAddr1.dll
{54EBD53A-9BC1-480B-966A-843A333CA162} = D:\qq\QQIEHelper.dll
{A5366673-E8CA-11D3-9CD9-0090271D075B} = C:\PROGRA~1\FLASHGET\jccatch.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} = c:\program files\google\googletoolbar2.dll


Winsock SPI
MSAFD Tcpip [TCP/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [UDP/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [RAW/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
RSVP UDP Service Provider = C:\WINDOWS\SYSTEM32\RSVPSP.DLL
RSVP TCP Service Provider = C:\WINDOWS\SYSTEM32\RSVPSP.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{AE319460-5C80-4153-BC57-4150AF493281}] SEQPACKET 0 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{AE319460-5C80-4153-BC57-4150AF493281}] DATAGRAM 0 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{30648E6F-DE54-4351-9FA8-D097E1F41A2A}] SEQPACKET 3 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{30648E6F-DE54-4351-9FA8-D097E1F41A2A}] DATAGRAM 3 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{A15FE80C-B952-4DDD-BCE4-6A00F5695FB2}] SEQPACKET 1 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{A15FE80C-B952-4DDD-BCE4-6A00F5695FB2}] DATAGRAM 1 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{4DAFA87D-7ED3-4416-99F7-F0CA25413912}] SEQPACKET 2 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{4DAFA87D-7ED3-4416-99F7-F0CA25413912}] DATAGRAM 2 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{6A183ABC-B30E-4E90-A8E6-3217C57E9118}] SEQPACKET 4 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{6A183ABC-B30E-4E90-A8E6-3217C57E9118}] DATAGRAM 4 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{A7D78C19-14CC-44A0-87CB-B20E15FCF838}] SEQPACKET 5 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{A7D78C19-14CC-44A0-87CB-B20E15FCF838}] DATAGRAM 5 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL

【回复“要爱浪漫”的帖子】
病毒文件名称与路径？