手动启动卡卡后,扫描木马和恶意软件 都没有扫描到任何东西.但是卡卡确实被关闭了.恶心

扫SRENG日志发反病毒论坛来

下载最新版本的SRENG工具：http://www.kztechs.com/sreng/download.html
操作方法可以看这贴2楼：http://bbs.ikaka.com/showtopic-8442813.aspx

[CODE]

2009-08-10,10:48:58

System Repair Engineer 2.7.1.1261
Smallfrogs (http://www.KZTechs.com)

Windows Server 2003 Enterprise Edition Service Pack 2 (Build 3790) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描
    计划任务
    API HOOK
    隐藏进程


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Component Publisher]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [NVIDIA Corporation]
    <nwiz><nwiz.exe /install>  []
    <NVHotkey><rundll32.exe nvHotkey.dll,Start>  [NVIDIA Corporation]
    <runeip><"C:\Program Files\Rising\AntiSpyware\rstray.exe" /startup>  [(Verified)Beijing Rising Information Technology Corporation Limited]
    <eTCertManger><C:\WINDOWS\system32\eTCrtMng.exe>  [Aladdin Knowledge Systems, Ltd.]
    <Adobe Reader Speed Launcher><"D:\Adobe\Reader 9.0\Reader\Reader_sl.exe">  [(Verified)"Adobe Systems, Incorporated"]
    <Google Quick Search Box><"C:\Program Files\Google\Quick Search Box\qsb.exe"  /autorun>  [(Verified)Google Inc]
    <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
    <RavTray><"C:\Program Files\Rising\Rav\RsTray.exe" -system>  [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <KKDelay><C:\Program Files\Rising\AntiSpyware\RunOnce.exe>  [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><kmon.dll>  [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><%SystemRoot%\system32\logonui.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <WebCheck><%SystemRoot%\system32\webcheck.dll>  [(Verified)Microsoft Windows Component Publisher]
    <SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
    <WinlogonNotify: dimsntfy><dimsntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
    <浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{36BBA8D2-CA5C-4847-81CC-4F807DD86C91}]
    <N/A><%SystemRoot%\system32\regsvr32.exe /s /n /i:IEUpdateUser urlmon.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6D69F546-C1AF-4049-AE9E-28627B91D3F5}]
    <N/A><%SystemRoot%\system32\regsvr32.exe /s /n /i:IEUpdateAdmin urlmon.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}]
    <%IEHARDENADMIN_BASE_DESC%><%SystemRoot%\system32\rundll32.exe iesetup.dll,IEHardenAdmin>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}]
    <%IEHARDENUSER_DESC%><%SystemRoot%\system32\rundll32.exe iesetup.dll,IEHardenUser>  [(Verified)Microsoft Windows Component Publisher]

==================================
启动文件夹
[autodel]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\autodel.bat -->  [File is missing]><N>

==================================
服务
[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[Cmb WebProtect Support / CMBWPS][Running/Auto Start]
  <C:\Program Files\CMBCHINA\WebProtect\WPService.exe /start><China Merchants Bank>
[Cisco Systems, Inc. VPN Service / CVPND][Stopped/Manual Start]
  <"C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe"><Cisco Systems, Inc.>
[eToken Notification Service / ETOKSRV][Running/Manual Start]
  <C:\WINDOWS\system32\eTSrv.exe><Aladdin Knowledge Systems, Ltd.>
[Google Updater Service / gusvc][Stopped/Manual Start]
  <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[HASP License Manager / hasplms][Running/Auto Start]
  <C:\WINDOWS\system32\hasplms.exe  -run><Aladdin Knowledge Systems Ltd.>
[ICBC Daemon Service / ICBC Daemon Service][Stopped/Auto Start]
  <C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\IcbcDaemon.exe><N/A>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
  <"C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"><Macrovision Corporation>
[MU-START / MU-START][Stopped/Manual Start]
  <E:\nec program\mu\LISTEN.EXE><N/A>
[NVIDIA Display Driver Service / NVSvc][Stopped/Disabled]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[OracleDBConsoleNEC / OracleDBConsoleNEC][Running/Auto Start]
  <F:\Oracle10g\bin\nmesrvc.exe><Oracle Corporation>
[OracleJobSchedulerNEC / OracleJobSchedulerNEC][Stopped/Manual Start]
  <f:\oracle10g\Bin\extjob.exe NEC><N/A>
[OracleOraDb10g_home1iSQL*Plus / OracleOraDb10g_home1iSQL*Plus][Stopped/Manual Start]
  <F:\Oracle10g\bin\isqlplussvc.exe><Oracle>
[OracleOraDb10g_home1TNSListener / OracleOraDb10g_home1TNSListener][Running/Auto Start]
  <F:\Oracle10g\BIN\TNSLSNR ><N/A>
[OracleServiceNEC / OracleServiceNEC][Running/Manual Start]
  <f:\oracle10g\bin\ORACLE.EXE NEC><Oracle Corporation>
[Pml Driver HPZ12 / Pml Driver HPZ12][Stopped/Manual Start]
  <C:\WINDOWS\system32\HPZipm12.exe><HP>
[Rav Process Communication Center / RavCCenter][Stopped/Auto Start]
  <C:\Program Files\Rising\Rav\CCENTER.EXE><Beijing Rising Information Technology Co., Ltd.>
[Rising RavTask Manager / RavTask][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\RavTask.exe" RavTask><Beijing Rising Information Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
  <C:\Program Files\Rising\Rav\RavMonD.exe><Beijing Rising Information Technology Co., Ltd.>
[Rising Scan Service / RsScanSrv][Stopped/Auto Start]
  <C:\Program Files\Rising\Rav\ScanFrm.exe><Beijing Rising Information Technology Co., Ltd.>
[Sentinel Protection Server / SentinelProtectionServer][Running/Auto Start]
  <"C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe"><SafeNet, Inc>
[Visual Studio Analyzer RPC bridge / Visual Studio Analyzer RPC bridge][Stopped/Manual Start]
  <C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe><Microsoft Corporation>

==================================
驱动程序
[HASP Fridge / aksfridge][Running/Auto Start]
  <system32\DRIVERS\aksfridge.sys><Aladdin Knowledge Systems Ltd.>
[Aladdin HASP Key / akshasp][Stopped/Manual Start]
  <system32\DRIVERS\akshasp.sys><Aladdin Knowledge Systems Ltd.>
[Aladdin HASP HL Key / akshhl][Stopped/Manual Start]
  <system32\DRIVERS\akshhl.sys><Aladdin Knowledge Systems Ltd.>
[Aladdin IFD Handler / AKSIFDH][Running/Manual Start]
  <system32\DRIVERS\aksifdh.sys><Aladdin Knowledge Systems, Ltd.>
[AKSUP / AKSUP][Stopped/Manual Start]
  <system32\drivers\aksup.sys><Aladdin Knowledge Systems, Ltd.>
[Aladdin USB Key / aksusb][Stopped/Manual Start]
  <system32\DRIVERS\aksusb.sys><Aladdin Knowledge Systems Ltd.>
[Broadcom NetXtreme Gigabit Ethernet / b57w2k][Running/Manual Start]
  <system32\DRIVERS\b57xp32.sys><Broadcom Corporation>
[CMB8100 / CMB8100][Running/Auto Start]
  <\??\C:\WINDOWS\system32\Drivers\CertClient.dat><N/A>
[CMBProtector / CMBProtector][Running/Auto Start]
  <\??\C:\WINDOWS\system32\Drivers\CMBProtector.dat><N/A>
[Cisco Systems VPN Adapter / CVirtA][Stopped/Manual Start]
  <system32\DRIVERS\CVirtA.sys><Cisco Systems, Inc.>
[Cisco Systems IPsec Driver / CVPNDRVA][Running/Auto Start]
  <\??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys><Cisco Systems, Inc.>
[Deterministic Network Enhancer Miniport / DNE][Running/Manual Start]
  <system32\DRIVERS\dne2000.sys><Deterministic Networks, Inc.>
[usb Card Device / ft2kEnum][Running/Manual Start]
  <system32\DRIVERS\ic2kenum.sys><OEM Corporation>
[USB Chip Holder Service / GDBaseSmc][Running/Manual Start]
  <system32\DRIVERS\Chip_smc.sys><OEM>
[Hardlock / Hardlock][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\hardlock.sys><Aladdin Knowledge Systems Ltd.>
[Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[hookcont / hookcont][Running/System Start]
  <system32\drivers\HookCont.sys><Beijing Rising Information Technology Co., Ltd.>
[hooksys / hooksys][Running/System Start]
  <system32\drivers\HookSys.sys><Beijing Rising Information Technology Co., Ltd.>
[HSF_DPV / HSF_DPV][Running/Manual Start]
  <system32\DRIVERS\HSX_DPV.sys><Conexant Systems, Inc.>
[HSXHWAZL / HSXHWAZL][Running/Manual Start]
  <system32\DRIVERS\HSXHWAZL.sys><Conexant Systems, Inc.>
[IP in IP Tunnel Driver / IpInIp][Stopped/Manual Start]
  <system32\DRIVERS\ipinip.sys><N/A>
[mdmxsdk / mdmxsdk][Running/Auto Start]
  <system32\DRIVERS\mdmxsdk.sys><Conexant>
[用于 Windows XP 32 Bit 版的英特尔(R) PRO/无线 3945ABG 适配器驱动程序 / NETw3x32][Stopped/Manual Start]
  <system32\DRIVERS\NETw3x32.sys><Intel? Corporation>
[Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit / NETw5x32][Stopped/Manual Start]
  <system32\DRIVERS\NETw5x32.sys><Intel Corporation>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[SmartCard Reader Device  / Reader_Device][Running/Manual Start]
  <system32\DRIVERS\usbic2k.sys><OEM>
[Ramdisk Driver / RRamdisk][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\rramdisk.sys><gavotte>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Information Technology Co., Ltd.>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[Sentinel / Sentinel][Running/Auto Start]
  <\SystemRoot\System32\Drivers\SENTINEL.SYS><SafeNet, Inc.>
[SafeNet USB SuperPro/UltraPro / SNTNLUSB][Stopped/Manual Start]
  <system32\DRIVERS\SNTNLUSB.SYS><SafeNet, Inc.>
[SigmaTel High Definition Audio CODEC / STHDA][Running/Manual Start]
  <system32\drivers\sthda.sys><SigmaTel, Inc.>
[Conexant Setup API / UIUSys][Stopped/Manual Start]
  <system32\DRIVERS\UIUSYS.SYS><N/A>
[vsdatant / vsdatant][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\vsdatant.sys><Zone Labs Inc.>
[winachsf / winachsf][Running/Manual Start]
  <system32\DRIVERS\HSX_CNXT.sys><Conexant Systems, Inc.>

==================================
浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <d:\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[Adobe PDF Link Helper]
  {18DF081C-E8AD-4283-A596-FA578C2EBDC3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll, (Signed) Adobe Systems Incorporated>
[WebProtect]
  {53763D1D-9CA8-4C7C-9756-A8E6B8FC063B} <C:\Program Files\CMBCHINA\WebProtect\WebProtect.dll, (Signed) China Merchants Bank>
[]
  {7E853D72-626A-48EC-A868-BA8D5E23E045} <, >
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <d:\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[卡卡上网安全助手]
  {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} <C:\WINDOWS\system32\UrlFilter.dll, (Signed) Beijing Rising Information Technology Co., Ltd.>
[Google Toolbar Helper]
  {AA58ED58-01DD-4d91-8333-CF10577473F7} <C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll, (Signed) N/A>
[Google Toolbar Notifier BHO]
  {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll, (Signed) Google Inc.>
[ICBC Anti-Phishing class]
  {BB4491A2-D11A-4c6b-91C0-B53246A3122B} <C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\Icbc_AntiPhishing.dll, (Signed) 中国工商银行>
[Google Dictionary Compression sdch]
  {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} <C:\Program Files\Google\Google Toolbar\Component\fastsearch_9993303B90FE6C1D.dll, (Signed) Google Inc.>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <d:\Thunder\Thunder.exe, (Signed) 深圳市迅雷网络技术有限公司>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <D:\Office\OFFICE11\REFIEBAR.DLL, (Signed) Microsoft Corporation>
[&Google Toolbar]
  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll, (Signed) N/A>
[瑞星卡卡工具条(&R)]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\KakaTool.dll, (Signed) Beijing Rising Information Technology Co., Ltd.>
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, (Signed) >
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, (Signed) Microsoft Corporation>
[DLoader Class]
  {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} <C:\WINDOWS\Downloaded Program Files\downloader.dll, (Signed) Sina Com>
[Submit Class]
  {A3CD7F74-93C9-4BC4-B892-CCDF1514F714} <C:\WINDOWS\Downloaded Program Files\safeInput4jh.dll, Beijing eChannels Century Technology Co.,Ltd>
[CCTVUpdateInstall]
  {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} <C:\Documents and Settings\Administrator\Application Data\CCTV\tv\CCTVUpdateInstall.dll, (Signed) CCTV International Networks Co.,Ltd>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, (Signed) Adobe Systems, Inc.>
[AxUSBKey Class]
  {E4BFF825-2E50-4BCC-8497-6EFDFB6C9B3D} <C:\WINDOWS\system32\ICBCUS~1.DLL, 北京信安世纪公司>
[SDKInstall Class]
  {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} <C:\WINDOWS\sdkinst.dll, (Signed) Microsoft Corporation>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <d:\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <, >
[Adobe PDF Link Helper]
  {18DF081C-E8AD-4283-A596-FA578C2EBDC3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll, (Signed) Adobe Systems Incorporated>
[&Google Toolbar]
  {2318C2B1-4965-11D4-9B18-009027A5CD4F} <C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll, (Signed) N/A>
[WebProtect]
  {53763D1D-9CA8-4C7C-9756-A8E6B8FC063B} <C:\Program Files\CMBCHINA\WebProtect\WebProtect.dll, (Signed) China Merchants Bank>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[]
  {7E853D72-626A-48EC-A868-BA8D5E23E045} <, >
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <d:\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <, >
[卡卡上网安全助手]
  {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} <C:\WINDOWS\system32\UrlFilter.dll, (Signed) Beijing Rising Information Technology Co., Ltd.>
[Google Toolbar Helper]
  {AA58ED58-01DD-4D91-8333-CF10577473F7} <C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll, (Signed) N/A>
[Google Toolbar Notifier BHO]
  {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll, (Signed) Google Inc.>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A>
[ICBC Anti-Phishing class]
  {BB4491A2-D11A-4C6B-91C0-B53246A3122B} <C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\Icbc_AntiPhishing.dll, (Signed) 中国工商银行>
[BrowserHelper.CBrowserHelper]
  {BD08D89E-4614-4204-A61A-1146D73D5F63} <C:\WINDOWS\system32\newsad.dll, Lenovo (Beijing) Limited>
[Google Dictionary Compression sdch]
  {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} <C:\Program Files\Google\Google Toolbar\Component\fastsearch_9993303B90FE6C1D.dll, (Signed) Google Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, (Signed) Adobe Systems, Inc.>
[瑞星卡卡工具条(&R)]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\KakaTool.dll, (Signed) Beijing Rising Information Technology Co., Ltd.>
[使用迅雷下载]
  <d:\Thunder\Program\GetUrl.htm, N/A>
[使用迅雷下载全部链接]
  <d:\Thunder\Program\GetAllUrl.htm, N/A>
[在Foxmail中添加该RSS频道/频道组]
  <res://C:\WINDOWS\system32\fmrsslink.dll/201, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
  <d:\Tencent\QQ\AddEmotion.htm, N/A>
[用维棠下载视频]
  <D:\ViDown\vd_link.htm, N/A>
[设为 Messenger Live 头像]
  <C:\Program Files\MSNShell\Bin\SetMSNDP.htm, N/A>

==================================
正在运行的进程
[PID: 264 / SYSTEM][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
[PID: 328 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 356 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [(Verified) Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
[PID: 404 / SYSTEM][C:\WINDOWS\system32\services.exe]  [(Verified) Microsoft Corporation, 5.2.3790.4455 (srv03_sp2_qfe.090203-1205)]
[PID: 416 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [(Verified) Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 572 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
[PID: 720 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
[PID: 776 / SYSTEM][C:\Program Files\Rising\Rav\CCENTER.EXE]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [C:\Program Files\Rising\Rav\combase.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
    [C:\Program Files\Rising\Rav\cnt09.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 37]
    [C:\Program Files\Rising\Rav\cnt08.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7]
[PID: 800 / SYSTEM][C:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 24]
    [C:\Program Files\Rising\Rav\proccomm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Rising\Rav\rsconf.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [C:\Program Files\Rising\Rav\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.20]
    [C:\Program Files\Rising\Rav\rstask.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 40]
    [C:\Program Files\Rising\Rav\rsstub.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
[PID: 836 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
[PID: 852 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
[PID: 912 / SYSTEM][C:\Program Files\Rising\Rav\RavMonD.exe]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [C:\Program Files\Rising\Rav\combase.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Rising\Rav\moncomm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13]
    [C:\Program Files\Rising\Rav\MonBase.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 6]
    [C:\Program Files\Rising\Rav\Rslog.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [C:\Program Files\Rising\Rav\mondrv.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9]
    [C:\Program Files\Rising\Rav\defmon.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 31]
    [C:\Program Files\Rising\Rav\moncom08.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
    [C:\Program Files\Rising\Rav\MonRule.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9]
    [C:\Program Files\Rising\Rav\FileMon.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 28]
    [C:\Program Files\Rising\Rav\MailMon.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 24]
    [C:\Program Files\Rising\Rav\HookWeb.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
    [C:\Program Files\Rising\Rav\proccomm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [C:\Program Files\Rising\Rav\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.20]
    [C:\Program Files\Rising\Rav\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [C:\Program Files\Rising\Rav\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [C:\Program Files\Rising\Rav\Hooksys.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 18]
    [C:\Program Files\Rising\Rav\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\Program Files\Rising\Rav\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\Program Files\Rising\Rav\HookCont.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 12]
    [C:\Program Files\Rising\Rav\rsnetsvr.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 14]
    [C:\Program Files\Rising\Rav\BACore.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 22]
    [C:\Program Files\Rising\Rav\recomp.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [C:\Program Files\Rising\Rav\refs.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RSStore.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13]
    [C:\Program Files\Rising\Rav\ScanAdd.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.19]
    [C:\Program Files\Rising\Rav\Scanner.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.39]
    [C:\Program Files\Rising\Rav\viruslib.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
    [C:\Program Files\Rising\Rav\relibldr.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 6]
    [C:\Program Files\Rising\Rav\ffr.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [C:\Program Files\Rising\Rav\nvfile.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [C:\Program Files\Rising\Rav\extfile.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 15]
    [C:\Program Files\Rising\Rav\scanexec.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 6]
    [C:\Program Files\Rising\Rav\unexe.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [C:\Program Files\Rising\Rav\scanex.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 57]
    [C:\Program Files\Rising\Rav\pearc.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [C:\Program Files\Rising\Rav\scanpe.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 14]
    [C:\Program Files\Rising\Rav\ur000.dat]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 16]
    [C:\Program Files\Rising\Rav\urutils.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [C:\Program Files\Rising\Rav\methodex.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [C:\Program Files\Rising\Rav\pecompd.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
    [C:\Program Files\Rising\Rav\heurex.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
    [C:\Program Files\Rising\Rav\revm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 8]
    [C:\Program Files\Rising\Rav\scansct.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [C:\Program Files\Rising\Rav\extmail.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
    [C:\Program Files\Rising\Rav\ur001.dat]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7]
    [C:\Program Files\Rising\Rav\ur025.dat]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
[PID: 916 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
[PID: 1160 / SYSTEM][C:\Program Files\Rising\Rav\rsnetsvr.exe]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 15]
    [C:\Program Files\Rising\Rav\NComm.dll]  [Beijing Rising Information Technology Co., Ltd., 6.0.0.12]
    [C:\Program Files\Rising\Rav\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [C:\Program Files\Rising\Rav\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [C:\Program Files\Rising\Rav\ProcComm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
[PID: 1384 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [(Verified) Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
    [C:\WINDOWS\system32\HPBMMON.DLL]  [Hewlett-Packard, 10.00.16]
    [C:\WINDOWS\system32\hppamon0.dll]  [HP, 7, 0, 5, 0]
    [C:\WINDOWS\system32\hpdomon.dll]  [Hewlett-Packard, 03.42.00]
    [C:\WINDOWS\system32\HPBHealr.dll]  [N/A, ]
    [C:\WINDOWS\system32\hptcpmon.dll]  [Hewlett Packard, 2.43.01.004]
    [C:\WINDOWS\system32\HPZJSN01.dll]  [Hewlett Packard Company, 1, 0, 0, 3]
    [C:\WINDOWS\system32\hpzjfw01.dll]  [Hewlett-Packard, 4.02.009.0]
    [C:\WINDOWS\system32\hptcpmib.dll]  [Hewlett Packard, 2.41.01.021]
    [C:\WINDOWS\system32\spool\PRTPROCS\W32X86\hpzpp38q.dll]  [Hewlett-Packard Corporation, 60.042.242.00]
    [C:\WINDOWS\system32\hppadt40.dll]  [HP, 7, 0, 5, 0]
    [C:\WINDOWS\system32\HPZidr12.dll]  [HP, 7, 0, 5, 0]
[PID: 1412 / NETWORK SERVICE][C:\WINDOWS\system32\msdtc.exe]  [(Verified) Microsoft Corporation, 2001.12.4720.4340 (srv03_sp2_gdr.080723-1210)]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 38]
    [F:\Oracle10g\bin\oci.dll]  [Oracle Corporation, 10.2.0.1.0]
[PID: 1544 / SYSTEM][C:\Program Files\CMBCHINA\WebProtect\WPService.exe]  [China Merchants Bank, 1, 0, 0, 1]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 38]
    [C:\Program Files\CMBCHINA\WebProtect\WebProtectPlus.dll]  [China Merchants Bank, 1, 0, 0, 1]
[PID: 1580 / SYSTEM][C:\WINDOWS\system32\Dfssvc.exe]  [(Verified) Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 38]
[PID: 1632 / SYSTEM][C:\WINDOWS\System32\dns.exe]  [(Verified) Microsoft Corporation, 5.2.3790.4460 (srv03_sp2_qfe.090216-1205)]
    [C:\WINDOWS\System32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 38]
[PID: 1652 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
[PID: 1712 / SYSTEM][C:\WINDOWS\system32\hasplms.exe]  [Aladdin Knowledge Systems Ltd., 12.44.1.8199]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 38]
[PID: 1836 / SYSTEM][C:\WINDOWS\system32\inetsrv\inetinfo.exe]  [(Verified) Microsoft Corporation, 6.0.3790.3959 (srv03_sp2_rtm.070216-1710)]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 38]
[PID: 1856 / SYSTEM][C:\WINDOWS\System32\ismserv.exe]  [(Verified) Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
    [C:\WINDOWS\System32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 38]
[PID: 1884 / SYSTEM][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE]  [Microsoft Corporation, 7.00.9466]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 38]
    [C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\2052\mdmui.dll]  [Microsoft Corporation, 7.00.9466]
[PID: 1940 / SYSTEM][C:\WINDOWS\system32\ntfrs.exe]  [(Verified) Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 38]
[PID: 2016 / SYSTEM][F:\Oracle10g\bin\nmesrvc.exe]  [Oracle Corporation, 10.1.0.4.0]
    [F:\Oracle10g\bin\orauts.dll]  [Oracle Corporation, 10.2.0.1.0]

[PID: 2028 / SYSTEM][F:\Oracle10g\BIN\TNSLSNR.exe]  [N/A, ]
    [F:\Oracle10g\BIN\oransgr10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [F:\Oracle10g\BIN\oran10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [F:\Oracle10g\BIN\oranl10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [F:\Oracle10g\BIN\oranldap10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [F:\Oracle10g\BIN\orannzsbb10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [F:\Oracle10g\BIN\oracore10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [F:\Oracle10g\BIN\oranls10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [F:\Oracle10g\BIN\oraunls10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [F:\Oracle10g\BIN\orauts.dll]  [Oracle Corporation, 10.2.0.1.0]
    [F:\Oracle10g\BIN\orageneric10.dll]  [Oracle Corporation, 10.2.0.1.0 Production ]
    [F:\Oracle10g\BIN\orasnls10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [F:\Oracle10g\BIN\oracommon10.dll]  [Oracle Corporation, 10.2.0.1.0 Production ]
    [F:\Oracle10g\BIN\oraclient10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [F:\Oracle10g\BIN\oravsn10.dll]  [Oracle Corporation, 10.2.0.1.0 Production ]
    [F:\Oracle10g\BIN\orancrypt10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [F:\Oracle10g\BIN\oraldapclnt10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [F:\Oracle10g\BIN\oraxml10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [F:\Oracle10g\BIN\oranro10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [F:\Oracle10g\BIN\orapls10.dll]  [Oracle Corporation, 10.2.0.1.0 Production ]
    [F:\Oracle10g\BIN\oraslax10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [F:\Oracle10g\BIN\oraplp10.dll]  [Oracle Corporation, 10.2.0.1.0 Production ]
    [F:\Oracle10g\BIN\orasql10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [F:\Oracle10g\BIN\orantcp10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [F:\Oracle10g\BIN\orahasgen10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [F:\Oracle10g\BIN\oraocr10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [F:\Oracle10g\BIN\oraocrb10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [F:\Oracle10g\BIN\oranhost10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [F:\Oracle10g\BIN\orancds10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [F:\Oracle10g\BIN\orantns10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [F:\Oracle10g\BIN\onsclient.dll]  [N/A, ]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 38]
    [F:\Oracle10g\bin\oranipc10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [F:\Oracle10g\bin\oraocrutl10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [F:\Oracle10g\bin\oraclsra10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [F:\Oracle10g\BIN\oradbcfg10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [F:\Oracle10g\bin\oranbeq10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
[PID: 2288 / SYSTEM][C:\Program Files\Rising\Rav\ScanFrm.exe]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.12]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Rising\Rav\combase.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
    [C:\Program Files\Rising\Rav\moncomm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13]
    [C:\Program Files\Rising\Rav\scansrvp.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.13]
    [C:\Program Files\Rising\Rav\proccomm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [C:\Program Files\Rising\Rav\ScanSrv.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.10]
    [C:\Program Files\Rising\Rav\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [C:\Program Files\Rising\Rav\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [C:\Program Files\Rising\Rav\ScanRavT.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.27]
    [C:\Program Files\Rising\Rav\ScanBT.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.50]
    [C:\Program Files\Rising\Rav\ScanStub.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.9]
    [C:\Program Files\Rising\Rav\RsLog.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [C:\Program Files\Rising\Rav\ScanAdd.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.19]
    [C:\Program Files\Rising\Rav\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.20]
    [C:\Program Files\Rising\Rav\Scanner.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.39]
    [C:\Program Files\Rising\Rav\recomp.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [C:\Program Files\Rising\Rav\refs.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
    [C:\Program Files\Rising\Rav\viruslib.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
    [C:\Program Files\Rising\Rav\relibldr.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 6]
    [C:\Program Files\Rising\Rav\ffr.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [C:\Program Files\Rising\Rav\nvfile.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [C:\Program Files\Rising\Rav\scanexec.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 6]
    [C:\Program Files\Rising\Rav\unexe.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [C:\Program Files\Rising\Rav\scanex.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 57]
    [C:\Program Files\Rising\Rav\pearc.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [C:\Program Files\Rising\Rav\scanpe.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 14]
    [C:\Program Files\Rising\Rav\ur000.dat]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 16]
    [C:\Program Files\Rising\Rav\urutils.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [C:\Program Files\Rising\Rav\methodex.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [C:\Program Files\Rising\Rav\heurex.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
    [C:\Program Files\Rising\Rav\pecompd.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
    [C:\Program Files\Rising\Rav\extfile.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 15]
[PID: 2316 / SYSTEM][C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe]  [SafeNet, Inc, 7, 2, 1]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 38]
    [C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\MD5CHAP.dll]  [SafeNet, Inc., 7, 2, 1, 0]
[PID: 2516 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
[PID: 3092 / SYSTEM][C:\WINDOWS\system32\wbem\wmiprvse.exe]  [(Verified) Microsoft Corporation, 5.2.3790.4455 (srv03_sp2_qfe.090203-1205)]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 38]
[PID: 3284 / SYSTEM][F:\Oracle10g\jdk\bin\java.exe]  [N/A, ]
    [F:\Oracle10g\jdk\jre\bin\server\jvm.dll]  [Sun Microsystems, Inc., 1.4.2.80]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 38]
    [F:\Oracle10g\jdk\jre\bin\hpi.dll]  [N/A, ]
    [F:\Oracle10g\jdk\jre\bin\verify.dll]  [N/A, ]
    [F:\Oracle10g\jdk\jre\bin\java.dll]  [N/A, ]
    [F:\Oracle10g\jdk\jre\bin\zip.dll]  [N/A, ]
    [F:\Oracle10g\jdk\jre\bin\net.dll]  [N/A, ]
    [F:\Oracle10g\jdk\jre\bin\awt.dll]  [N/A, ]
    [F:\Oracle10g\jdk\jre\bin\fontmanager.dll]  [N/A, ]
[PID: 3944 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
[PID: 172 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
[PID: 2896 / Administrator][C:\WINDOWS\Explorer.EXE]  [(Verified) Microsoft Corporation, 6.00.3790.3959 (srv03_sp2_rtm.070216-1710)]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 38]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\PROGRA~1\ULTRAE~1\ue32ctmn.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\AliWangWang\AliIMExt.dll]  [Alibaba software (Shanghai) Corporation., 1.0.0.1]
    [C:\WINDOWS\system32\TudouUpload.dll]  [www.Tudou.com, 1.1.0.0]
    [C:\WINDOWS\system32\contmenu.dll]  [N/A, ]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 9.1.0.2009022700]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6B128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.CHS]  [, ]
    [C:\WINDOWS\system32\nvcpl.dll]  [NVIDIA Corporation, 6.14.11.7637]
    [C:\WINDOWS\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.8469]
    [C:\WINDOWS\system32\nvapi.dll]  [NVIDIA Corporation, 6.14.11.7637]
    [C:\WINDOWS\system32\nvshell.dll]  [, ]
    [C:\WINDOWS\system32\newsad.dll]  [Lenovo (Beijing) Limited, 1.00]
    [C:\WINDOWS\system32\vb6chs.dll]  [Microsoft Corporation, 6.00.8988]
[PID: 2972 / Administrator][C:\WINDOWS\system32\Reg.exe]  [(Verified) Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 38]
[PID: 3032 / Administrator][C:\WINDOWS\system32\conime.exe]  [(Verified) Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 38]
[PID: 2068 / Administrator][C:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 38]
    [C:\WINDOWS\system32\nvHotkey.dll]  [NVIDIA Corporation, 6.14.10.8469]
[PID: 3232 / Administrator][C:\WINDOWS\system32\eTCrtMng.exe]  [Aladdin Knowledge Systems, Ltd., 3.60.116.0]
    [C:\WINDOWS\system32\eTCAPI.dll]  [Aladdin Knowledge Systems, Ltd., 3.60.116.0]
    [C:\WINDOWS\system32\eToken.dll]  [Aladdin Knowledge Systems, Ltd., 3.60.116.0]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 38]
    [C:\WINDOWS\system32\eTUI.dll]  [Aladdin Knowledge Systems, Ltd., 3.60.116.0]
[PID: 1404 / Administrator][C:\Program Files\Rising\Rav\RsTray.exe]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.22]
    [C:\Program Files\Rising\Rav\ComServ.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.49]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Rising\Rav\rslang.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 28]
    [C:\Program Files\Rising\Rav\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [C:\Program Files\Rising\Rav\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [C:\Program Files\Rising\Rav\rsxml.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [C:\Program Files\Rising\Rav\ProcComm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [C:\Program Files\Rising\Rav\MonState.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7]
    [C:\Program Files\Rising\Rav\ScanEvnt.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.14]
    [C:\Program Files\Rising\Rav\rsguilib.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 75]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Rising\Rav\rsconf.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [C:\Program Files\Rising\Rav\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.20]
    [C:\Program Files\Rising\Rav\rspalvd.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.26]
    [C:\Program Files\Rising\Rav\ravbintl.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 29]
    [C:\Program Files\Rising\Rav\mruleui.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 10]
    [C:\Program Files\Rising\Rav\MonTray.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.1.4]
    [C:\Program Files\Rising\Rav\PngDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [C:\Program Files\Rising\Rav\RavITray.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 23]
    [C:\Program Files\Rising\Rav\ScanPrxy.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.17]
    [C:\Program Files\Rising\Rav\rsmginfo.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
[PID: 3064 / LOCAL SERVICE][C:\WINDOWS\System32\SCardSvr.exe]  [(Verified) Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
    [C:\WINDOWS\System32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 38]
[PID: 3624 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [(Verified) Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 38]
[PID: 3620 / SYSTEM][C:\WINDOWS\system32\eTSrv.exe]  [Aladdin Knowledge Systems, Ltd., 3.60.116.0]
    [C:\WINDOWS\system32\eToken.dll]  [Aladdin Knowledge Systems, Ltd., 3.60.116.0]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 38]
[PID: 2832 / SYSTEM][F:\Oracle10g\bin\emagent.exe]  [Oracle Corporation, 10.1.0.4.0]
    [F:\Oracle10g\bin\oranmemso.dll]  [Oracle Corporation, 10.1.0.4.0]
    [F:\Oracle10g\jdk\jre\bin\server\jvm.dll]  [Sun Microsystems, Inc., 1.4.2.80]
    [F:\Oracle10g\bin\oraxml10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [F:\Oracle10g\bin\oranls10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [F:\Oracle10g\bin\oracore10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [F:\Oracle10g\bin\orauts.dll]  [Oracle Corporation, 10.2.0.1.0]
    [F:\Oracle10g\bin\oraunls10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [F:\Oracle10g\bin\orageneric10.dll]  [Oracle Corporation, 10.2.0.1.0 Production ]
    [F:\Oracle10g\bin\orasnls10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [F:\Oracle10g\bin\oracommon10.dll]  [Oracle Corporation, 10.2.0.1.0 Production ]
    [F:\Oracle10g\bin\oraclient10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [F:\Oracle10g\bin\oravsn10.dll]  [Oracle Corporation, 10.2.0.1.0 Production ]
    [F:\Oracle10g\bin\oran10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [F:\Oracle10g\bin\oranl10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [F:\Oracle10g\bin\oranldap10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [F:\Oracle10g\bin\orannzsbb10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [F:\Oracle10g\bin\oraldapclnt10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [F:\Oracle10g\bin\orancrypt10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [F:\Oracle10g\bin\oranro10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [F:\Oracle10g\bin\oranhost10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [F:\Oracle10g\bin\orancds10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [F:\Oracle10g\bin\orantns10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [F:\Oracle10g\bin\orapls10.dll]  [Oracle Corporation, 10.2.0.1.0 Production ]
    [F:\Oracle10g\bin\oraslax10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [F:\Oracle10g\bin\oraplp10.dll]  [Oracle Corporation, 10.2.0.1.0 Production ]
    [F:\Oracle10g\bin\orasql10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [F:\Oracle10g\bin\orantcp10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [F:\Oracle10g\bin\orahasgen10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [F:\Oracle10g\bin\oraocr10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [F:\Oracle10g\bin\oraocrb10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 38]
    [F:\Oracle10g\bin\oranmefos.dll]  [Oracle Corporation, 10.1.0.4.0]
    [F:\Oracle10g\bin\oranmefsql.dll]  [Oracle Corporation, 10.1.0.4.0]
    [F:\Oracle10g\bin\oranmeoci.dll]  [Oracle Corporation, 10.1.0.4.0]
    [F:\Oracle10g\bin\oranmefvr.dll]  [Oracle Corporation, 10.1.0.4.0]
    [F:\Oracle10g\bin\oranmcfhc.dll]  [N/A, ]
    [F:\Oracle10g\bin\oranmevq.dll]  [Oracle Corporation, 10.1.0.4.0]

[PID: 2648 / Administrator][C:\Program Files\Mozilla Firefox\firefox.exe]  [Mozilla Corporation, 1.9.0.10]
    [C:\Program Files\Mozilla Firefox\xul.dll]  [Mozilla Foundation, 1.9.0.10]
    [C:\Program Files\Mozilla Firefox\sqlite3.dll]  [sqlite.org, 3.5.9]
    [C:\Program Files\Mozilla Firefox\MOZCRT19.dll]  [Mozilla Foundation, 8.00.0000]
    [C:\Program Files\Mozilla Firefox\js3250.dll]  [Netscape Communications Corporation, 4.0]
    [C:\Program Files\Mozilla Firefox\nspr4.dll]  [Mozilla Foundation, 4.7.3]
    [C:\Program Files\Mozilla Firefox\smime3.dll]  [Mozilla Foundation, 3.12.2.0 Basic ECC]
    [C:\Program Files\Mozilla Firefox\nss3.dll]  [Mozilla Foundation, 3.12.2.0 Basic ECC]
    [C:\Program Files\Mozilla Firefox\nssutil3.dll]  [Mozilla Foundation, 3.12.2.0 Basic ECC]
    [C:\Program Files\Mozilla Firefox\plc4.dll]  [Mozilla Foundation, 4.7.3]
    [C:\Program Files\Mozilla Firefox\plds4.dll]  [Mozilla Foundation, 4.7.3]
    [C:\Program Files\Mozilla Firefox\ssl3.dll]  [Mozilla Foundation, 3.12.2.0 Basic ECC]
    [C:\Program Files\Mozilla Firefox\xpcom.dll]  [Mozilla Foundation, 1.9.0.10]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 38]
    [C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll]  [Mozilla Foundation, 1.9.0.10]
    [C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll]  [Mozilla Foundation, 1.9.0.10]
    [C:\Program Files\Mozilla Firefox\components\ThunderComponent.dll]  [深圳市迅雷网络技术有限公司, 1, 0, 0, 8]
    [C:\Program Files\Mozilla Firefox\softokn3.dll]  [Mozilla Foundation, 3.12.2.0 Basic ECC]
    [C:\Program Files\Mozilla Firefox\nssdbm3.dll]  [Mozilla Foundation, 3.12.2.0 Basic ECC]
    [C:\Program Files\Mozilla Firefox\freebl3.dll]  [Mozilla Foundation, 3.12.2.0 Basic ECC]
    [C:\Program Files\Mozilla Firefox\nssckbi.dll]  [Mozilla Foundation, 1.73]
    [C:\WINDOWS\system32\UNISPIM6.IME]  [北京紫光华宇软件股份有限公司, 6.1.0.6240]
    [C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll]  [, ]
[PID: 2716 / Administrator][C:\Program Files\Rising\AntiSpyware\knownsvr.exe]  [Beijing Rising Information Technology Co., Ltd., 6.0.0.14]
    [C:\Program Files\Rising\AntiSpyware\NComm.dll]  [Beijing Rising Information Technology Co., Ltd., 6.0.0.11]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 38]
    [C:\Program Files\Rising\AntiSpyware\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [C:\Program Files\Rising\AntiSpyware\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
[PID: 3888 / SYSTEM][f:\oracle10g\bin\ORACLE.EXE]  [Oracle Corporation, 10.2.0.1.0 Production]
    [f:\oracle10g\bin\oraclient10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [f:\oracle10g\bin\oracore10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [f:\oracle10g\bin\oranls10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [f:\oracle10g\bin\oraunls10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [f:\oracle10g\bin\orauts.dll]  [Oracle Corporation, 10.2.0.1.0]
    [f:\oracle10g\bin\oravsn10.dll]  [Oracle Corporation, 10.2.0.1.0 Production ]
    [f:\oracle10g\bin\oracommon10.dll]  [Oracle Corporation, 10.2.0.1.0 Production ]
    [f:\oracle10g\bin\orageneric10.dll]  [Oracle Corporation, 10.2.0.1.0 Production ]
    [f:\oracle10g\bin\orasnls10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [f:\oracle10g\bin\oraxml10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [f:\oracle10g\bin\oran10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [f:\oracle10g\bin\oranl10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [f:\oracle10g\bin\oranldap10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [f:\oracle10g\bin\orannzsbb10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [f:\oracle10g\bin\oraldapclnt10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [f:\oracle10g\bin\orancrypt10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [f:\oracle10g\bin\oranro10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [f:\oracle10g\bin\oranhost10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [f:\oracle10g\bin\orancds10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [f:\oracle10g\bin\orantns10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [f:\oracle10g\bin\orapls10.dll]  [Oracle Corporation, 10.2.0.1.0 Production ]
    [f:\oracle10g\bin\oraslax10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [f:\oracle10g\bin\oraplp10.dll]  [Oracle Corporation, 10.2.0.1.0 Production ]
    [f:\oracle10g\bin\orahasgen10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [f:\oracle10g\bin\oraocr10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [f:\oracle10g\bin\oraocrb10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [f:\oracle10g\bin\orantcp10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [f:\oracle10g\bin\orasql10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [f:\oracle10g\bin\orajox10.dll]  [N/A, ]
    [f:\oracle10g\bin\oransgr10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [f:\oracle10g\bin\dbghelp.dll]  [Microsoft Corporation, 6.2.0013.1 (DbgBuild.030619-2209)]
    [f:\oracle10g\bin\oraclsra10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [f:\oracle10g\bin\oradbcfg10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
    [f:\oracle10g\bin\orawwg.dll]  [Oracle Corporation, 10.1.2.0.0 Production]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 38]
    [F:\Oracle10g\BIN\ORAIMR10.Dll]  [Oracle Corporation, 10, 1, 0, 2]
    [F:\Oracle10g\bin\oranbeq10.dll]  [Oracle Corporation, 10.2.0.1.0 Production]
[PID: 3200 / Administrator][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.3790.3959 (srv03_sp2_rtm.070216-1710)]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 38]
    [C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll]  [N/A, ]
    [C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_9BC4D0486A1D9BC7.dll]  [Google Inc., 6, 0, 1411, 1512]
    [C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll]  [Google Inc., 5, 1, 1309, 3572]
    [C:\WINDOWS\system32\KakaTool.dll]  [Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 3]
    [C:\Program Files\Rising\AntiSpyware\syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [C:\Program Files\Rising\AntiSpyware\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll]  [Adobe Systems Incorporated, 9.1.0.2009022700]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6B128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6B128700\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 9.1.0.2009022700]
    [C:\Program Files\CMBCHINA\WebProtect\WebProtect.dll]  [China Merchants Bank, 1, 0, 0, 1]
    [C:\WINDOWS\system32\UrlFilter.dll]  [Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 15]
    [C:\Program Files\Rising\AntiSpyware\UrlRule.dll]  [Beijing Rising Information Technology Co., Ltd., 1.0.0.15]
    [C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\Icbc_AntiPhishing.dll]  [中国工商银行, 1.0.6.29]
    [C:\Program Files\Google\Google Toolbar\Component\fastsearch_9993303B90FE6C1D.dll]  [Google Inc., 1, 0, 1203, 3368]
    [C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\KeyMonitor.dll]  [N/A, ]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.76]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx]  [Adobe Systems, Inc., 9,0,124,0]
    [C:\WINDOWS\system32\UNISPIM6.IME]  [北京紫光华宇软件股份有限公司, 6.1.0.6240]
    [C:\WINDOWS\system32\eTCapi.dll]  [Aladdin Knowledge Systems, Ltd., 3.60.116.0]
    [C:\WINDOWS\system32\eToken.dll]  [Aladdin Knowledge Systems, Ltd., 3.60.116.0]
    [C:\WINDOWS\system32\eTUi.dll]  [Aladdin Knowledge Systems, Ltd., 3.60.116.0]
    [d:\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 120]
[PID: 2164 / Administrator][C:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin\MSDEV.EXE]  [Microsoft Corporation, 6.00.8168.2]
    [C:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin\devshl.dll]  [Microsoft Corporation, 6.00.8168.0]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 38]
    [C:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin\devedit.pkg]  [Microsoft Corporation, 6.00.8168.0]
    [C:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin\devprj.pkg]  [Microsoft Corporation, 6.00.8168.0]
    [C:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin\IDE\devbld.pkg]  [Microsoft Corporation, 6.00.8168.0]
    [C:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin\IDE\devaut1.pkg]  [Microsoft Corporation, 6.00.8168.0]
    [C:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin\IDE\devbied.pkg]  [Microsoft Corporation, 6.00.8168.0]
    [C:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin\IDE\devclvw.pkg]  [Microsoft Corporation, 6.00.8168.0]
    [C:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin\IDE\devcpp.pkg]  [Microsoft Corporation, 6.00.8168.0]
    [C:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin\IDE\devdbg.pkg]  [Microsoft Corporation, 6.00.8168.0]
    [C:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin\IDE\devdtg.pkg]  [Microsoft Corporation, 6.00.8168.0]
    [C:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin\IDE\devent.pkg]  [Microsoft Corporation, 6.00.8168.0]
    [C:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin\IDE\devgal.pkg]  [Microsoft Corporation, 6.00.8168.0]
    [C:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin\IDE\devhelp.pkg]  [Microsoft Corporation, 6.00.8168.0]
    [C:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin\IDE\devhtmx.pkg]  [Microsoft Corporation, 6.00.8168.0]
    [C:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin\IDE\devncb.pkg]  [Microsoft Corporation, 6.00.8168.0]
    [C:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin\IDE\devodl.pkg]  [Microsoft Corporation, 6.00.8168.0]
    [C:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin\IDE\devres.pkg]  [Microsoft Corporation, 6.00.8168.0]
    [C:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin\IDE\devtool.pkg]  [Microsoft Corporation, 6.00.8168.0]
    [F:\workspace\Code\2F\MU_FIRST\win32\SSSCC.DLL]  [, 06.00.8169]
    [F:\workspace\Code\2F\MU_FIRST\win32\ssus.dll]  [, 06.00.8163]
    [C:\Program Files\Visual Assist X\VAssist.dll]  [Whole Tomato Software, Inc., 0, 0, 0, 0]
    [c:\program files\visual assist x\va_x.dll]  [Whole Tomato Software, Inc., 10, 3, 1559, 0]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.CHS]  [, ]
    [C:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin\mfcclwz.dll]  [Microsoft Corporation, 6.00.8168.0]
    [C:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin\SHSQL.DLL]  [Microsoft Corporation, 6.00.8168.0]
    [C:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin\EESWT.DLL]  [Microsoft Corporation, 6.00.8168.0]
    [C:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin\EECXX.DLL]  [Microsoft Corporation, 6.00.8168.0]
    [C:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin\EESQL.DLL]  [Microsoft Corporation, 6.00.8168.0]
    [C:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin\TLLOC.DLL]  [Microsoft Corporation, 6.00.8168.0]
    [C:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin\EM.DLL]  [Microsoft Corporation, 6.00.8168.0]
    [C:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin\MSDIS110.DLL]  [Microsoft Corporation, 1.10.8126]
    [C:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin\SHCV.DLL]  [Microsoft Corporation, 6.00.8168.0]
    [C:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin\mspdb60.dll]  [Microsoft Corporation, 6.00.8168.0]
    [C:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin\msenc10.dll]  [Microsoft Corporation, 6.00.8168.0]
    [C:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin\msobj10.dll]  [Microsoft Corporation, 6.00.8168.0]
    [C:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin\feacp.dll]  [Microsoft Corporation, 12.00.8168.0]
[PID: 2960 / Administrator][C:\Program Files\Rising\Rav\RsAgent.exe]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.17]
    [C:\Program Files\Rising\Rav\ProcComm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Rising\Rav\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [C:\Program Files\Rising\Rav\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [C:\Program Files\Rising\Rav\ScanPrxy.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.17]
[PID: 2700 / Administrator][C:\WINDOWS\msagent\AgentSvr.exe]  [(Verified) Microsoft Corporation, 5.2.3790.1242]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 38]
[PID: 2888 / Administrator][C:\WINDOWS\system32\taskmgr.exe]  [(Verified) Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 38]
[PID: 2988 / Administrator][I:\SREngLdr.EXE]  [Smallfrogs Studio, 2.7.1.1261]
[PID: 1316 / Administrator][I:\SREb59ef13b.EXE]  [Smallfrogs Studio, 2.7.1.1261]
    [I:\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
    [C:\WINDOWS\system32\eTCapi.dll]  [Aladdin Knowledge Systems, Ltd., 3.60.116.0]
    [C:\WINDOWS\system32\eToken.dll]  [Aladdin Knowledge Systems, Ltd., 3.60.116.0]
    [C:\WINDOWS\system32\eTUi.dll]  [Aladdin Knowledge Systems, Ltd., 3.60.116.0]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
进程特权扫描
特殊特权被允许： SeSystemtimePrivilege [PID = 2164, C:\PROGRAM FILES\MICROSOFT VISUAL STUDIO\COMMON\MSDEV98\BIN\MSDEV.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 2164, C:\PROGRAM FILES\MICROSOFT VISUAL STUDIO\COMMON\MSDEV98\BIN\MSDEV.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2164, C:\PROGRAM FILES\MICROSOFT VISUAL STUDIO\COMMON\MSDEV98\BIN\MSDEV.EXE]

==================================
计划任务
N/A

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

扫描结果传完了. 专家先看看吧.拜托

重装下卡卡试试

hmmapi.dll
iedw.exe
这两个文件好像是正常的东西，日志似乎也没问题

卡卡上周末已经重装过
hmmapi.dll
iedw.exe
我也查了,说是正常的文件.
但是我IE打开后必须访问那个恶心的网站.
我把快捷方式里面的那个网站去掉.启动IE后,快捷方式上又加上了这个网站.
持续了几天了.卡卡一致被 这个垃圾"强奸" 
卡卡的专家也不能坐视不管呀!!!

日志请以附件形式上传


http://www.arswp.com/下载清理助手试试。