[CODE]

2007-09-03,09:17:16

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <Tok-Cirrhatus><"C:\Documents and Settings\Administrator\Local Settings\Application Data\smss.exe">  [ ]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <RavTask><"e:\Program Files\Rising\Rav\RavTask.exe" -system>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
    <Bron-Spizaetus><"C:\WINDOWS\ShellNew\ElnorB.exe">  [ ]
    <IMJPMIG8.1><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32>  [N/A]
    <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [N/A]
    <PHIME2002ASync><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32>  [N/A]
    <racer><; >  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <KKDelay><E:\Program Files\Rising\AntiSpyware\RunOnce.exe>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><EXPLORER.EXE>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\UserInit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]

==================================
启动文件夹
[Empty]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\Empty.pif -->  [N/A]><N>

==================================
服务
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"e:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"E:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[SoundMAX Agent Service / SoundMAX Agent Service (default)][Running/Auto Start]
  <C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>

==================================

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; TencentTraveler )

驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[aeaudio / aeaudio][Running/Manual Start]
  <system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[AliIde / AliIde][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD K8 Processor Driver / AmdK8][Stopped/Manual Start]
  <System32\DRIVERS\amdk8.sys><Advanced Micro Devices>
[ati2mtag / ati2mtag][Running/Manual Start]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[CmdIde / CmdIde][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
  <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[HookCont / HookCont][Running/System Start]
  <\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Technology Co., Ltd>
[HookNtos / HookNtos][Running/System Start]
  <\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Technology Co., Ltd>
[HookReg / HookReg][Running/System Start]
  <\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Technology Co., Ltd>
[HookSys / HookSys][Running/System Start]
  <\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Technology Co., Ltd>
[NetGroup Packet Filter Driver / NPF][Stopped/Manual Start]
  <system32\drivers\npf.sys><CACE Technologies>
[npkcrypt / npkcrypt][Stopped/Auto Start]
  <\??\C:\Program Files\QQ2006\npkcrypt.sys><N/A>
[nv / nv][Stopped/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[obohr / obohr][Running/Boot Start]
  <\SystemRoot\\SystemRoot\System32\drivers\obohr.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[QKeyServiceDisplay / QKeyService][Running/Boot Start]
  <\SystemRoot\system32\KeyCrypt.sys><Tencent Technology (Shenzhen) Company Limited>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp][Running/Manual Start]
  <system32\DRIVERS\Rtnicxp.sys><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[Sentinel / Sentinel][Stopped/Auto Start]
  <\SystemRoot\System32\Drivers\SENTINEL.SYS><>
[smwdm / smwdm][Running/Manual Start]
  <system32\drivers\smwdm.sys><Analog Devices, Inc.>
[TesSafe / TesSafe][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>

==================================
浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <e:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <e:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <e:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[IE搜索工具条]
  {BE830FD4-E393-417F-9F4B-CC70ABB3384C} <C:\WINDOWS\system32\IETool.dll, N/A>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <e:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[PeerDraw Class]
  {10072CEC-8CC1-11D1-986E-00A0C955B42E} <C:\Program Files\Common Files\Microsoft Shared\VGX\vgx.dll, Microsoft Corporation>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <e:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <e:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[IE搜索工具条]
  {BE830FD4-E393-417F-9F4B-CC70ABB3384C} <C:\WINDOWS\system32\IETool.dll, N/A>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>

[Vod Class]
  {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <e:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DapPlayer_Now.dll, XunLei>
[使用迅雷下载]
  <e:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <e:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
正在运行的进程
[PID: 476 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 544 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 568 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 612 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
[PID: 624 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
[PID: 784 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
[PID: 828 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
[PID: 972 / SYSTEM][e:\Program Files\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26]
[PID: 1000 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
[PID: 1064 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
[PID: 1172 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
[PID: 1192 / SYSTEM][E:\PROGRAM FILES\RISING\RAV\Ravmond.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.49]
    [E:\PROGRAM FILES\RISING\RAV\BWList.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.3]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [E:\PROGRAM FILES\RISING\RAV\RSAPPMGR.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [E:\PROGRAM FILES\RISING\RAV\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.4]
    [E:\PROGRAM FILES\RISING\RAV\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.25]
    [E:\PROGRAM FILES\RISING\RAV\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [E:\PROGRAM FILES\RISING\RAV\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 18]
    [E:\PROGRAM FILES\RISING\RAV\MonRule.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.23]
    [E:\PROGRAM FILES\RISING\RAV\Hooksys.dll]  [Beijing Rising Technology Co., Ltd, 22, 0, 0, 6]
    [E:\PROGRAM FILES\RISING\RAV\HookReg.dll]  [Beijing Rising Technology Co., Ltd, 22, 0, 0, 2]
    [E:\PROGRAM FILES\RISING\RAV\HookNtos.dll]  [Beijing Rising Technology Co., Ltd, 22, 0, 0, 2]
    [E:\PROGRAM FILES\RISING\RAV\rswalmon.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 17]
    [e:\Program Files\Rising\Rav\RsStore.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.8]
    [E:\PROGRAM FILES\RISING\RAV\HookCont.dll]  [Beijing Rising Technology Co., Ltd, 22, 0, 0, 1]
    [e:\Program Files\Rising\Rav\fakescan.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.13]
    [e:\Program Files\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.31]
    [e:\Program Files\Rising\Rav\recomp.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 14]
    [e:\Program Files\Rising\Rav\refs.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [e:\Program Files\Rising\Rav\viruslib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 12]
    [e:\Program Files\Rising\Rav\relibldr.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 8]
    [E:\PROGRAM FILES\RISING\RAV\HookWeb.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.2]
    [e:\Program Files\Rising\Rav\ffr.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 7]
    [e:\Program Files\Rising\Rav\nvfile.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [e:\Program Files\Rising\Rav\scanexec.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9]
    [e:\Program Files\Rising\Rav\unexe.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4]
    [e:\Program Files\Rising\Rav\scanex.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 11]
    [e:\Program Files\Rising\Rav\pearc.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 2]

    [e:\Program Files\Rising\Rav\extmail.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 7]
    [e:\Program Files\Rising\Rav\scansct.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4]
[PID: 1504 / SYSTEM][E:\PROGRAM FILES\RISING\RAV\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.6]
    [E:\PROGRAM FILES\RISING\RAV\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [E:\PROGRAM FILES\RISING\RAV\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 18]
    [E:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 15]
[PID: 1724 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
    [C:\WINDOWS\system32\EBPMON2.DLL]  [SEIKO EPSON CORPORATION, 2, 20, 0, 0]
[PID: 1816 / Administrator][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.14]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [e:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.2.9]
    [e:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 3, 11]
    [e:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll]  [, 1, 0, 0, 4]
    [e:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 6]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [e:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [e:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 15]
[PID: 1952 / Administrator][E:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.16]
    [E:\Program Files\Rising\Rav\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [E:\Program Files\Rising\Rav\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 18]
    [E:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 15]
    [E:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [E:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.4]
[PID: 1976 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
[PID: 1972 / Administrator][E:\Program Files\Rising\Rav\Ravmon.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.83]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [E:\Program Files\Rising\Rav\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [E:\Program Files\Rising\Rav\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 18]
    [E:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 15]
    [E:\Program Files\Rising\Rav\recomp.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 14]
    [E:\Program Files\Rising\Rav\refs.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [E:\Program Files\Rising\Rav\viruslib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 12]
    [E:\Program Files\Rising\Rav\relibldr.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 8]
    [E:\Program Files\Rising\Rav\RSAPPMGR.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [E:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.4]
    [E:\Program Files\Rising\Rav\MonRule.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.23]
    [E:\Program Files\Rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [E:\Program Files\Rising\Rav\Rsguilib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 53]
    [E:\Program Files\Rising\Rav\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0]
[PID: 864 / Administrator][C:\Documents and Settings\Administrator\Local Settings\Application Data\winlogon.exe]  [ , 1.00.0004]
    [C:\WINDOWS\system32\MSVBVM60.DLL]  [Microsoft Corporation, 6.00.9690]
[PID: 932 / Administrator][C:\Documents and Settings\Administrator\Local Settings\Application Data\services.exe]  [ , 1.00.0004]
    [C:\WINDOWS\system32\MSVBVM60.DLL]  [Microsoft Corporation, 6.00.9690]
[PID: 944 / Administrator][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
[PID: 1020 / Administrator][C:\Documents and Settings\Administrator\Local Settings\Application Data\winlogon.exe]  [ , 1.00.0004]
    [C:\WINDOWS\system32\MSVBVM60.DLL]  [Microsoft Corporation, 6.00.9690]
[PID: 1116 / Administrator][C:\Documents and Settings\Administrator\Local Settings\Application Data\lsass.exe]  [ , 1.00.0004]
    [C:\WINDOWS\system32\MSVBVM60.DLL]  [Microsoft Corporation, 6.00.9690]
[PID: 1140 / Administrator][C:\Documents and Settings\Administrator\Local Settings\Application Data\services.exe]  [ , 1.00.0004]
    [C:\WINDOWS\system32\MSVBVM60.DLL]  [Microsoft Corporation, 6.00.9690]
[PID: 1212 / Administrator][C:\Documents and Settings\Administrator\Local Settings\Application Data\winlogon.exe]  [ , 1.00.0004]
    [C:\WINDOWS\system32\MSVBVM60.DLL]  [Microsoft Corporation, 6.00.9690]
[PID: 1256 / Administrator][C:\Documents and Settings\Administrator\Local Settings\Application Data\lsass.exe]  [ , 1.00.0004]
    [C:\WINDOWS\system32\MSVBVM60.DLL]  [Microsoft Corporation, 6.00.9690]
[PID: 1248 / Administrator][C:\Documents and Settings\Administrator\Local Settings\Application Data\services.exe]  [ , 1.00.0004]
    [C:\WINDOWS\system32\MSVBVM60.DLL]  [Microsoft Corporation, 6.00.9690]
[PID: 1572 / Administrator][C:\Documents and Settings\Administrator\Local Settings\Application Data\lsass.exe]  [ , 1.00.0004]
    [C:\WINDOWS\system32\MSVBVM60.DLL]  [Microsoft Corporation, 6.00.9690]
[PID: 2004 / SYSTEM][C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe]  [Analog Devices, Inc., 3, 2, 6, 0]
[PID: 176 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 2224 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[C:\WINDOWS\System32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
[PID: 2512 / Administrator][H:\网络工具\sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
    [H:\网络工具\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
[PID: 2616 / SYSTEM][C:\WINDOWS\system32\wuauclt.exe]  [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<script LANGUAGE="JavaScript">
<!--
if (window != top)
top.location.href = location.href;
// -->
</script>
<title>Site Unavailable</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css">
body{text-align:center;}
.geohead {font-family:Verdana, Arial, Helvetica, sans-serif; font-size:10px;width:750px;margin:10px 0 10px 0;height:35px;}
.geohead #geologo {width:270px;display:block; float:left; }
.geohead #rightside {width:480px;display:block; float:right;border-bottom:1px solid #999999; height:27px;}
.geohead #rightside #welcome {width:50%;display:block; float:left; text-align:left;}
.geohead #rightside #wlinks {width:50%;display:block; float:right; text-align:right;}
.ftr { margin:0px; color:#404040; font:x-small Arial,sans-serif; text-align:center; width:750px;}
.bodywrap{display:block;height:470px;}
.bodycnt{width:510px; display:block; float:left; background-color:#EEE9F5; height:auto; text-align:left; font-family:Arial, Helvetica, sans-serif;font-size:13px; color:#000000; padding:20px 20px 35px 20px;}
.title { font-family:Arial, Helvetica, sans-serif; font-weight:bold; font-size:24px; color:#7C56A9}
.adcnt{width:172px; display:block; float:right; text-align:left;cursor:pointer;cursor:hand;}
.adcnt td {text-align:left;}
.adsubt{font-size:10px; font-family:verdana; font-weight:bold; color:#b4b4b4; cursor:default;margin-top:5px;}
.ybadge { font-family: Verdana, Arial, Helvetica, sans-serif; font-size:10px; color: #666666; margin-top:10px;}
.ybadge img {margin-top:6px;}
.adtable {font-family:Verdana, Arial, Helvetica, sans-serif; font-size:10px;border: 1px solid #d6dbe7; background-color:#eff7ff; padding:3px; margin-bottom:10px; width:172px;}
.adttl{font-weight:bold;margin-bottom:3px;}
.addescr{color:#6b6b6b; margin-bottom:3px;}
.adlink a {color:#008200; text-decoration:none;}
</style>
</head>
<body>
<!-- following code added by server. PLEASE REMOVE -->
<!-- preceding code added by server. PLEASE REMOVE -->
<div id="maincnt">
<div class="geohead"><div id="geologo"><a href="http://geocities.yahoo.com"><img height=33 alt="Yahoo! GeoCities" src="http://us.i1.yimg.com/us.yimg.com/i/us/nt/ma/ma_geo_1.gif" width=259 border=0></a></div>
<div id="rightside"><div id="wlinks"><a href="http://geocities.yahoo.com">GeoCities Home</a> - <a href="http://www.yahoo.com">Yahoo!</a> - <a href="http://help.yahoo.com/help/us/geo/">Help</a></div>
</div></div>
<div class="bodywrap">
<div class="bodycnt">
<div class="title">Sorry, this GeoCities site is currently unavailable.</div>
<p>The GeoCities web site you were trying to view has temporarily exceeded its  data transfer limit. Please try again later. </p>
<p>Are you the site owner?

 
Avoid service interruptions in the future by increasing your data transfer limit!
<a href="http://help.yahoo.com/help/us/geo/transfer/transfer-05.html" target="_blank">Find out how.</a> </p>
<p><a href="http://help.yahoo.com/help/us/geo/transfer/" target="_blank">Learn more about data transfer.</a></p>
</div>
<div class="adcnt">
<a target="_top" href="http://geocities.yahoo.com"><img src="http://us.i1.yimg.com/us.yimg.com/i/us/smbiz/b/geo_mast_small2.gif" alt="Yahoo! GeoCities" border="0" height="15" hspace="0" vspace="0" width="141"></a>
<div class="adsubt">SPONSORED LINKS</div>
<!--<table width="172" border="0" bgcolor="#FFFFFF" class="adtable"><tr><td align=left>-->
<div class="adtable">
<div class="adttl" title="Reliable plans include domain & 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27166/*http://smallbusiness.yahoo.com/webhosting" target="_blank">Yahoo! Web Hosting<br>
$25 Setup Waived</a></div>
<div class="addescr" title="Reliable plans include domain & 24x7 support.">Reliable plans include domain & 24x7 support.</div>
<div class="adlink" title="Reliable plans include domain & 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27166/*http://smallbusiness.yahoo.com/webhosting" target="_blank">webhosting.yahoo.com</a></div>
</div>
<div class="adtable">
<div class="adttl" title="Reliable plans include domain & 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27176/*http://smallbusiness.yahoo.com/domains/" target="_blank">Domain Names from Yahoo! only $9.95/yr</a></div>
<div class="addescr" title="Includes starter web page, email & domain forwarding, 24x7 support.">Includes starter web page, email & domain forwarding, 24x7 support.</div>
<div class="adlink" title="Includes starter web page, email & domain forwarding, 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27176/*http://smallbusiness.yahoo.com/domains/" target="_blank">domains.yahoo.com</a></div>
</div>
<div class="adtable">
<div class="adttl" title="Setup fee waived. Up to 10 emails, SpamGuard, forwarding & virus scanning."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27184/*http://smallbusiness.yahoo.com/mail" target="_blank">Yahoo! Business Email<br> Domain Included</a></div>
<div class="addescr" title="Setup fee waived. Up to 10 emails, SpamGuard, forwarding & virus scanning.">Setup fee waived. Up to 10 emails, SpamGuard, forwarding & virus scanning.</div>
<div class="adlink" title="Setup fee waived. Up to 10 emails, SpamGuard, forwarding & virus scanning."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27184/*http://smallbusiness.yahoo.com/mail" target="_blank">smallbusiness.yahoo.com</a></div>
</div>
<div class="adtable">
<div class="adttl" title="$50 setup fee waived. A reliable ecommerce plan, 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=/27190/*http://smallbusiness.yahoo.com/merchant" target="_blank">Ecommerce from Yahoo!<br> 1 Month Free</a></div>
<div class="addescr" title="$50 setup fee waived. A reliable ecommerce plan, 24x7 support.">$50 setup fee waived. A reliable ecommerce plan, 24x7 support.</div>
<div class="adlink" title="$50 setup fee waived. A reliable ecommerce plan, 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=/27190/*http://smallbusiness.yahoo.com/merchant" target="_blank">smallbusiness.yahoo.com</a></div>
</div>
<div class="ybadge">
Get your own web site at <br><a target="_top" href="http://geocities.yahoo.com">Yahoo! GeoCities</a>
<a href="http://smallbusiness.yahoo.com/webhosting/" target="_top"><img src="http://us.i1.yimg.com/us.yimg.com/i/us/wh/gr/badge_hostedby_purp_2.gif" alt="Hosted by Yahoo! Web Hosting" align="middle" border="0" height="31" width="88"></a>
</div>
</div>
</div>
<div class=ftr>
<hr size=1 width=100%>
Copyright ©
2005 Yahoo! Inc. All rights reserved<br>
<a href="http://privacy.yahoo.com/privacy/us/geo/">Privacy Policy</a>
- <a href="http://docs.yahoo.com/info/copyright/copyright.html">Copyright Policy</a>
- <a href="http://docs.yahoo.com/info/guidelines/community.html">Guidelines</a>
- <a href="http://docs.yahoo.com/info/terms/geoterms.html">Terms of Service</a>
- <a href="http://help.yahoo.com/help/us/geo/">Help</a>
</div>
</div>
</body>
</html>
<!-- text below generated by server. PLEASE REMOVE --></object></layer></div></span></style></noscript></table></script></applet>
<IMG SRC="http://geo.yahoo.com/serv?s=19190039&t=1188725045&f=us-w69" ALT=1 WIDTH=1 HEIGHT=1>

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 864, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\WINLOGON.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 932, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\SERVICES.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1020, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\WINLOGON.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1116, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\LSASS.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1140, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\SERVICES.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1212, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\WINLOGON.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1256, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\LSASS.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1248, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\SERVICES.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1572, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\LSASS.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

电脑比较卡……进程多了好多……
用卡卡可以查出未知病毒```
但清不掉``
2008根本查不出```
求救```怎么办``~？

http://download.rising.com.cn/for_down/kakatool/kakasetupv4.exe下载卡卡上网安全助手4.0
1 运行瑞星卡卡上网安全助手
2 诊断求助=》电脑诊断日志
3 选择"文件详细信息"、"文件名相似分析"2个选项
4 开始扫描＝》导出信息，导成txt格式（也可以是htm格式方便自己看，不过论坛不能上传htm格式）
5 把日志中的报告完整拷贝贴上来(附件形式发上来也可以)，不要修改（一次发不完请分次发上来）
6 扫日志的时候尽量把不必要的软件关闭 如QQ TM 迅雷等
7 把扫描出来的可疑文件上传给瑞星http://up.rising.com.cn/webmail/uploadnew.htm

瑞星卡卡电脑诊断日志 v1.30 (2007-9-3 13:17:11)  北京瑞星科技股份有限公司

注释:[A]表示该文件存在自启动关联;
[M]表示该文件在内存中;

+ 注册表自运行项目
  + 系统服务
    + HKLM\System\CurrentControlSet\Services
      ose
        [A ] 1. c:\program files\common files\microsoft shared\source engine\ose.exe
          Microsoft Corporation
          Office Source Engine
          .text,.data,.rsrc,


      RsCCenter
        [AM] 2. e:\program files\rising\rav\ccenter.exe
          Beijing Rising Technology Co., Ltd.
          CCenter
          .text,.rdata,.data,.rsrc,


      RsRavMon
        [AM] 3. e:\program files\rising\rav\ravmond.exe
          Beijing Rising Technology Co., Ltd.
          Rising Realtime Moniter
          .text,.rdata,.data,.rsrc,


      SoundMAX Agent Service (default)
        [AM] 4. c:\program files\analog devices\soundmax\smagent.exe
          Analog Devices, Inc.
          SoundMAX service agent component
          .text,.rdata,.data,.rsrc,


      UMWdf
        [AM] 5. c:\windows\system32\wdfmgr.exe
          Microsoft Corporation
          Windows User Mode Driver Manager
          .text,.data,.rsrc,




  + 内核驱动
    + HKLM\System\CurrentControlSet\Services
      aeaudio
        [A ] 6. c:\windows\system32\drivers\aeaudio.sys
          Andrea Electronics Corporation
          Andrea Audio Stub Driver
          .text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,


      AmdK8
        [A ] 7. c:\windows\system32\drivers\amdk8.sys
          Advanced Micro Devices
          AMD Processor Driver
          .text,.rdata,.data,PAGE,PAGELK,INIT,.rsrc,.reloc,


      HookCont
        [A ] 8. c:\windows\system32\drivers\hookcont.sys
          Beijing Rising Technology Co., Ltd
          HookCont
          .text,.rdata,.data,INIT,.rsrc,.reloc,


      HookNtos
        [A ] 9. c:\windows\system32\drivers\hookntos.sys
          Beijing Rising Technology Co., Ltd
          HookNtos
          .text,.rdata,.data,INIT,.rsrc,.reloc,


      HookReg
        [A ] 10. c:\windows\system32\drivers\hookreg.sys
          Beijing Rising Technology Co., Ltd
          HookReg
          .text,.rdata,.data,INIT,.rsrc,.reloc,


      HookSys
        [A ] 11. c:\windows\system32\drivers\hooksys.sys
          Beijing Rising Technology Co., Ltd
          Hooksys
          .text,.rdata,.data,INIT,.rsrc,.reloc,


      NPF
        [A ] 12. c:\windows\system32\drivers\npf.sys
          CACE Technologies
          npf
          .text,.rdata,.data,INIT,.rsrc,.reloc,


      npkcrypt
        [A ] 13. c:\program files\qq2006\npkcrypt.sys


      obohr
        [A ] 14. c:\windows\system32\drivers\obohr.sys
          北京三七二一科技有限公司
          sys 应用程序
          .text,.rdata,.data,INIT,.rsrc,.reloc,


      QKeyService
        [A ] 15. c:\windows\system32\keycrypt.sys
          Tencent Technology (Shenzhen) Company Limited
          KeyCrypt Device Driver
          .text,.rdata,.data,.CRT,.STL,INIT,.rsrc,.reloc,

      RsAntiSpyware
        [A ] 16. c:\windows\system32\drivers\rsboot.sys
          Beijing Rising Technology Co., Ltd.
          Anti-RootKit Driver
          .text,.rdata,.data,INIT,.rsrc,.reloc,


      RsNTGDI
        [A ] 17. c:\windows\system32\drivers\rsntgdi.sys
          Beijing Rising Technology Co., Ltd.
          RsNTGDI
          .text,.rdata,INIT,.rsrc,.reloc,


      RTL8023xp
        [A ] 18. c:\windows\system32\drivers\rtnicxp.sys
          Realtek Semiconductor Corporation                         
          Realtek 10/100/1000 NDIS 5.1 Driver                       
          .text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,


      Secdrv
        [A ] 19. c:\windows\system32\drivers\secdrv.sys
          .text,.data,INIT,.reloc,


      Sentinel
        [A ] 20. c:\windows\system32\drivers\sentinel.sys
          .text,.bss,.rsrc,.data,.idata,.reloc,


      smwdm
        [A ] 21. c:\windows\system32\drivers\smwdm.sys
          Analog Devices, Inc.
          SoundMAX Integrated Digital Audio
          .text,_LTEXT,_PTEXT,.rdata,.data,_LDATA,_PDATA,.data1,.CRT,PAGE,PAGED,INIT,.rsrc,.reloc,


      TesSafe
        [A ] 22. c:\windows\system32\tessafe.sys
          TENCENT
          TesSafe NT Driver
          .text,.rdata,.data,INIT,.rsrc,.reloc,




  + IE浏览器加载模块
    + HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar
      {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C}
        [A ] 23. c:\windows\system32\kakatool.dll
          Beijing Rising Technology Co., Ltd.
          Rising AntiSpyware Toolbar
          .text,.rdata,.data,MonitorS,.rsrc,.reloc,



    + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
      {01443AEC-0FD1-40fd-9C87-E93D1494C233}
        [AM] 24. e:\program files\thunder network\thunder\comdlls\tdatonce_now.dll
          Thunder Networking Technologies,LTD
          迅雷浏览器高级特性支持模块
          .text,.rdata,.data,.rsrc,.reloc,


      {889D2FEB-5411-4565-8998-1DD2C5261283}
        [AM] 25. e:\program files\thunder network\thunder\comdlls\xunleibho_now.dll
          Thunder Networking Technologies,LTD
          XunLeiBHO
          .text,.rdata,.data,.rsrc,.reloc,



    + HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
      Exec
        [A ] 26. e:\program files\thunder network\thunder\thunder.exe
          Thunder Networking Technologies,LTD
          .text,.rdata,.data,.rsrc,




  + 资源管理器加载模块
    + HKLM\SOFTWARE\Classes\PROTOCOLS\Filter
      text/xml
        [A ] 27. c:\program files\common files\microsoft shared\office11\msoxmlmf.dll
          Microsoft Corporation
          Microsoft Office XML MIME Filter
          .text,.data,.rsrc,.reloc,



    + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
      HyperTerminal Icon Ext
        [A ] 28. c:\windows\system32\hticons.dll
          Hilgraeve, Inc.
          HyperTerminal Applet Library
          .text,.data,.rsrc,.reloc,


      Shell Extensions for RealOne Player
        [A ] 29. f:\program files\real\realplayer\rpshell.dll
          RealNetworks, Inc.
          RealPlayer Shell Extensions
          .text,.rdata,.data,.rsrc,.reloc,


      Microsoft Office HTML Icon Handler
        [AM] 30. c:\program files\microsoft office\office11\msohev.dll
          Microsoft Corporation
          Microsoft Office 2003 component
          .text,.data,.rsrc,.reloc,


      Web Folders
        [A ] 31. c:\program files\common files\microsoft shared\web folders\msonsext.dll
          Microsoft Corporation
          Microsoft Web Folders
          .text,.data,.rsrc,.reloc,


      Portable Media Devices
        [A ] 32. c:\windows\system32\audiodev.dll
          Microsoft Corporation
          便携媒体设备命令行解释器扩展
          .text,.data,.rsrc,.reloc,


      Portable Media Devices Menu
        [A ] 32. c:\windows\system32\audiodev.dll
          Microsoft Corporation
          便携媒体设备命令行解释器扩展
          .text,.data,.rsrc,.reloc,


      RISING
        [AM] 33. c:\windows\system32\ravext.dll
          Beijing Rising Technology Co., Ltd.
          Rising Shell Ext Module
          .text,.rdata,.data,.rsrc,.reloc,


      WinRAR shell extension
        [AM] 34. e:\program files\winrar\rarext.dll
          .text,.data,.tls,.idata,.edata,.rsrc,.reloc,



    + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
      {32CD708B-60A7-4C00-9377-D73EAA495F0F}
        [AM] 33. c:\windows\system32\ravext.dll
          Beijing Rising Technology Co., Ltd.
          Rising Shell Ext Module
          .text,.rdata,.data,.rsrc,.reloc,




  + 用户登陆自运行项目
    + HKCU\Software\Microsoft\Windows\CurrentVersion\Run
      Tok-Cirrhatus
        [A ] 35. c:\documents and settings\administrator\local settings\application data\smss.exe
         
          .text,.data,.rsrc,
          入口点在最后一个节;



    + HKLM\Software\Microsoft\Windows\CurrentVersion\Run
      RavTask
        [AM] 36. e:\program files\rising\rav\ravtask.exe
          Beijing Rising Technology Co., Ltd.
          RavTimer
          .text,.rdata,.data,.rsrc,


      Bron-Spizaetus
        [A ] 37. c:\windows\shellnew\elnorb.exe
         
          .text,.data,.rsrc,
          入口点在最后一个节;



    + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
      KKDelay
        [A ] 38. e:\program files\rising\antispyware\runonce.exe
          Beijing Rising Technology Co., Ltd.
          RunOnce Application
          .text,.rdata,.data,.rsrc,




  + 开机执行
    + HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
      BootExecute
        [A ] 39. c:\windows\system32\bsmain.exe
          Beijing Rising Technology Co., Ltd.
          Rising Antivirus 2008
          .text,.rdata,.data,.rsrc,.reloc,

        [A ] 40. c:\windows\system32\kknative.exe
          Beijing Rising Technology Co., Ltd.
          NativeAp
          .text,.data,.rsrc,.reloc,




  + 映像劫持
    + HKCR\.html
      htmlfile\Edit\Command
        [A ] 41. c:\program files\microsoft office\office11\msohtmed.exe
          Microsoft Corporation
          Microsoft Office 2003 component
          .text,.data,.rsrc,


      htmlfile\open\Command
        [AM] 42. f:\program files\tencent\tt\ttraveler.exe
          Tencent
          Tencent Traveler
          .text,.rdata,.data,.rsrc,


      htmlfile\Print\Command
        [A ] 41. c:\program files\microsoft office\office11\msohtmed.exe
          Microsoft Corporation
          Microsoft Office 2003 component
          .text,.data,.rsrc,


      htmlfile\TencentTraveler\Command
        [AM] 42. f:\program files\tencent\tt\ttraveler.exe
          Tencent
          Tencent Traveler
          .text,.rdata,.data,.rsrc,



    + HKCR\.htm
      htmlfile\Edit\Command
        [A ] 41. c:\program files\microsoft office\office11\msohtmed.exe
          Microsoft Corporation
          Microsoft Office 2003 component
          .text,.data,.rsrc,


      htmlfile\open\Command
        [AM] 42. f:\program files\tencent\tt\ttraveler.exe
          Tencent
          Tencent Traveler
          .text,.rdata,.data,.rsrc,