郁闷中 bbs.ikaka.com

爱心兔子 - 2006-11-27 19:06:00

[Main]
Program=超级兔子IE修复专家
Version=V7.9
WindowsVersion=Windows XP
IEVersion=6.0.2900.2180
WinDir=C:\WINDOWS\
WinSystemDir=C:\WINDOWS\system32\
USERPROFILE=C:\Documents and Settings\Administrator
Admin=1
Detail=1
Date=2006-11-27
Time=18:54:16
Code=,
CDCode=,
Reg=0

[Soft]
Max=0

[IE]
1_HKey=HKEY_CURRENT_USER
1_Key=Software\Microsoft\Internet Explorer\Main
1_Name=Window Title
1_Value=
2_HKey=HKEY_CURRENT_USER
2_Key=Software\Microsoft\Internet Explorer\Main
2_Name=Local Page
2_Value=C:\WINDOWS\system32\blank.htm
3_HKey=HKEY_CURRENT_USER
3_Key=Software\Microsoft\Internet Explorer\Main
3_Name=Search Page
3_Value=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
4_HKey=HKEY_CURRENT_USER
4_Key=Software\Microsoft\Internet Explorer\Main
4_Name=Start Page
4_Value=http://www.whinfo.net.cn/
5_HKey=HKEY_CURRENT_USER
5_Key=Software\Microsoft\Internet Explorer\Main
5_Name=Default_page_url
5_Value=
6_HKey=HKEY_CURRENT_USER
6_Key=Software\Microsoft\Internet Explorer\Main
6_Name=First Home Page
6_Value=
7_HKey=HKEY_LOCAL_MACHINE
7_Key=Software\Microsoft\Internet Explorer\Main
7_Name=Search Page
7_Value=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
8_HKey=HKEY_LOCAL_MACHINE
8_Key=Software\Microsoft\Internet Explorer\Main
8_Name=Start Page
8_Value=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
9_HKey=HKEY_LOCAL_MACHINE
9_Key=Software\Microsoft\Internet Explorer\Main
9_Name=Default_page_url
9_Value=http://www.lenovo.com
10_HKey=HKEY_LOCAL_MACHINE
10_Key=Software\Microsoft\Internet Explorer\Main
10_Name=First Home Page
10_Value=
11_HKey=HKEY_LOCAL_MACHINE
11_Key=Software\Microsoft\Internet Explorer\Main
11_Name=Search Page
11_Value=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
12_HKey=HKEY_LOCAL_MACHINE
12_Key=Software\Microsoft\Internet Explorer\Main
12_Name=Start Page
12_Value=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
Max=12

[IE2]
1_HKey=HKEY_CURRENT_USER
1_Key=Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
1_Name={01E04581-4EEE-11D0-BFE9-00AA005B4383}
1_FileName=%SystemRoot%\system32\browseui.dll
1_FileSize=1022464
1_FileDate=2006-9-14 16:38:30
1_FileVersion=6.0.2900.2995
2_HKey=HKEY_CURRENT_USER
2_Key=Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
2_Name={0E5CBF21-D15F-11D0-8301-00AA005B4383}
2_FileName=%SystemRoot%\system32\SHELL32.dll
2_FileSize=8311296
2_FileDate=2006-7-13 21:34:56
2_FileVersion=6.0.2900.2951
3_HKey=HKEY_CURRENT_USER
3_Key=Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
3_Name={01E04581-4EEE-11D0-BFE9-00AA005B4383}
3_FileName=%SystemRoot%\system32\browseui.dll
3_FileSize=1022464
3_FileDate=2006-9-14 16:38:30
3_FileVersion=6.0.2900.2995
4_HKey=HKEY_LOCAL_MACHINE
4_Key=SOFTWARE\Microsoft\Internet Explorer\Toolbar
4_Name={DB9ECD4F-FB8F-4311-B3CE-90B976C2707C}
4_FileName=C:\WINDOWS\system32\kakatool.dll
4_FileSize=344064
4_FileDate=2006-11-23 17:03:42
4_FileVersion=2.0.2.1
Max=4

[IE3]
1_HKey=HKEY_CURRENT_USER
1_Key=Software\Microsoft\Internet Explorer\MenuExt\&使用迅雷下载
1_FileName=E:\Thunder\Program\GetUrl.htm
1_FileSize=2338
1_FileDate=2006-7-24 15:51:28
1_FileVersion=
2_HKey=HKEY_CURRENT_USER
2_Key=Software\Microsoft\Internet Explorer\MenuExt\&使用迅雷下载全部链接
2_FileName=E:\Thunder\Program\GetAllUrl.htm
2_FileSize=695
2_FileDate=2006-3-8 10:49:10
2_FileVersion=
3_HKey=HKEY_CURRENT_USER
3_Key=Software\Microsoft\Internet Explorer\MenuExt\上传到QQ网络硬盘
3_FileName=D:\QQ\AddToNetDisk.htm
3_FileVersion=
4_HKey=HKEY_CURRENT_USER
4_Key=Software\Microsoft\Internet Explorer\MenuExt\添加到QQ自定义面板
4_FileName=D:\QQ\AddPanel.htm
4_FileVersion=
5_HKey=HKEY_CURRENT_USER
5_Key=Software\Microsoft\Internet Explorer\MenuExt\添加到QQ表情
5_FileName=D:\QQ\AddEmotion.htm
5_FileVersion=
6_HKey=HKEY_CURRENT_USER
6_Key=Software\Microsoft\Internet Explorer\MenuExt\用QQ彩信发送该图片
6_FileName=D:\QQ\SendMMS.htm
6_FileVersion=
7_HKey=HKEY_CURRENT_USER
7_Key=SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping
7_Clsid=
7_ButtonText=
7_MenuText=
7_FileName=
7_FileVersion=
8_HKey=HKEY_LOCAL_MACHINE
8_Key=SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6414512B-B978-451D-A0D8-FCFDF33E833C}
8_Download=http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1164276558484
8_FileName=C:\WINDOWS\Downloaded Program Files\wuweb.inf
8_FileSize=291
8_FileDate=2005-5-26 4:19:32
8_FileVersion=
9_HKey=HKEY_LOCAL_MACHINE
9_Key=SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C661F36D-DF85-4EF4-83C7-E107B83D04B1}
9_Download=http://dl_dir.qq.com/3dshow/3DShowVM.cab
9_FileName=C:\WINDOWS\Downloaded Program Files\3DShowVM.inf
9_FileSize=573
9_FileDate=2006-3-13 14:28:36
9_FileVersion=
10_HKey=HKEY_LOCAL_MACHINE
10_Key=SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{15CA47FC-0B58-433A-A04D-C690F7520D39}
10_NameServer=
10_Clsid=
10_FileName=
10_FileVersion=
11_HKey=HKEY_LOCAL_MACHINE
11_Key=SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{388E72B4-4384-421B-921D-E76DF86D2E8E}
11_NameServer=221.102.145.147,125.147.100.124
11_Clsid=
11_FileName=
11_FileVersion=
12_HKey=HKEY_LOCAL_MACHINE
12_Key=SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6FBA7618-7EBD-4B8B-9A95-0A54BA843E29}
12_NameServer=
12_Clsid=
12_FileName=
12_FileVersion=
13_HKey=HKEY_LOCAL_MACHINE
13_Key=SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7FB8FB76-D008-4659-8EC7-305C3CB7F0B3}
13_NameServer=202.102.154.3 202.102.152.3
13_Clsid=
13_FileName=
13_FileVersion=
14_HKey=HKEY_LOCAL_MACHINE
14_Key=SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A9FD5255-826B-44C1-B3DB-C36DB1091AB8}
14_NameServer=
14_Clsid=
14_FileName=
14_FileVersion=
15_HKey=HKEY_LOCAL_MACHINE
15_Key=SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{EEB0494A-923D-4716-B3EA-36DCAED2307E}
15_NameServer=
15_Clsid=
15_FileName=
15_FileVersion=
Max=15

爱心兔子 - 2006-11-27 19:06:00

[Link]
1_HKey=HKEY_CLASSES_ROOT
1_Key=.exe
1_Name=
1_Value=exefile
1_HKeyLink=HKEY_CLASSES_ROOT
1_KeyLink=exefile\shell\open\command
1_NameLink=
1_ValueLink="%1" %*
2_HKey=HKEY_CLASSES_ROOT
2_Key=.com
2_Name=
2_Value=comfile
2_HKeyLink=HKEY_CLASSES_ROOT
2_KeyLink=comfile\shell\open\command
2_NameLink=
2_ValueLink="%1" %*
3_HKey=HKEY_CLASSES_ROOT
3_Key=.lnk
3_Name=
3_Value=lnkfile
3_HKeyLink=HKEY_CLASSES_ROOT
3_KeyLink=lnkfile\CLSID
3_NameLink=
3_ValueLink={00021401-0000-0000-C000-000000000046}
4_HKey=HKEY_CLASSES_ROOT
4_Key=.txt
4_Name=
4_Value=txtfile
4_HKeyLink=HKEY_CLASSES_ROOT
4_KeyLink=txtfile\shell\open\command
4_NameLink=
4_ValueLink=%SystemRoot%\system32\NOTEPAD.EXE %1
4_FileSizeLink=66560
4_FileDateLink=2004-8-17 12:00:00
4_FileVersionLink=5.1.2600.2180
5_HKey=HKEY_CLASSES_ROOT
5_Key=.htm
5_Name=
5_Value=htmlfile
5_HKeyLink=HKEY_CLASSES_ROOT
5_KeyLink=htmlfile\shell\open\command
5_NameLink=
5_ValueLink="C:\Program Files\Maxthon\maxthon.exe" "%1"
5_FileSizeLink=899584
5_FileDateLink=2006-10-24 23:13:00
5_FileVersionLink=1.5.8.120
6_HKey=HKEY_CLASSES_ROOT
6_Key=.html
6_Name=
6_Value=htmlfile
6_HKeyLink=HKEY_CLASSES_ROOT
6_KeyLink=htmlfile\shell\open\command
6_NameLink=
6_ValueLink="C:\Program Files\Maxthon\maxthon.exe" "%1"
6_FileSizeLink=899584
6_FileDateLink=2006-10-24 23:13:00
6_FileVersionLink=1.5.8.120
7_HKey=HKEY_CLASSES_ROOT
7_Key=.url
7_Name=
7_Value=InternetShortcut
7_HKeyLink=HKEY_CLASSES_ROOT
7_KeyLink=InternetShortcut\shell\open\command
7_NameLink=
7_ValueLink="C:\Program Files\Maxthon\maxthon.exe" "%1"
7_FileSizeLink=899584
7_FileDateLink=2006-10-24 23:13:00
7_FileVersionLink=1.5.8.120
8_HKey=HKEY_CLASSES_ROOT
8_Key=PROTOCOLS\Filter\text/html
8_Name=CLSID
8_Value=
9_HKey=HKEY_CLASSES_ROOT
9_Key=PROTOCOLS\Filter\text/plain
9_Name=CLSID
9_Value=
10_HKey=HKEY_LOCAL_MACHINE
10_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
10_Name=
10_Value=http://
11_HKey=HKEY_LOCAL_MACHINE
11_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes
11_Name=www
11_Value=http://
Max=11

[Notify]
Max=0

[Shdoclc]
1_FileSize=498176
1_FileDate=2004-8-17 12:00:00
1_FileVersion=6.0.2900.2180
Max=1

[AppInit_DLLs]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
1_Name=AppInit_DLLs
1_Value=
2_HKey=HKEY_LOCAL_MACHINE
2_Key=SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
2_Name=Userinit
2_Value=C:\WINDOWS\system32\userinit.exe,
2_FileSize=23552
2_FileDate=2004-8-17 12:00:00
3_HKey=HKEY_LOCAL_MACHINE
3_Key=SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
3_Name=Shell
3_Value=Explorer.exe
4_HKey=HKEY_LOCAL_MACHINE
4_Key=SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
4_Name=System
3_Value=
Max=4

[WinSock2NameSpace]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001
1_Name=DisplayString
1_Value=Tcpip
1_Enabled=1
1_LibraryPath=%SystemRoot%\System32\mswsock.dll
1_FileSize=240640
1_FileDate=2004-8-17 12:00:00
2_HKey=HKEY_LOCAL_MACHINE
2_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002
2_Name=DisplayString
2_Value=NTDS
2_Enabled=1
2_LibraryPath=%SystemRoot%\System32\winrnr.dll
2_FileSize=16896
2_FileDate=2004-8-17 12:00:00
3_HKey=HKEY_LOCAL_MACHINE
3_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003
3_Name=DisplayString
3_Value=网络位置知晓 (NLA) 名称空间
3_Enabled=1
3_LibraryPath=%SystemRoot%\System32\mswsock.dll
3_FileSize=240640
3_FileDate=2004-8-17 12:00:00
Max=3

[WinSock2Protocol]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001
1_Name=PackedCatalogItem
1_FileName=%SystemRoot%\system32\mswsock.dll
2_HKey=HKEY_LOCAL_MACHINE
2_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002
2_Name=PackedCatalogItem
2_FileName=%SystemRoot%\system32\mswsock.dll
3_HKey=HKEY_LOCAL_MACHINE
3_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003
3_Name=PackedCatalogItem
3_FileName=%SystemRoot%\system32\mswsock.dll
4_HKey=HKEY_LOCAL_MACHINE
4_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004
4_Name=PackedCatalogItem
4_FileName=%SystemRoot%\system32\rsvpsp.dll
5_HKey=HKEY_LOCAL_MACHINE
5_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005
5_Name=PackedCatalogItem
5_FileName=%SystemRoot%\system32\rsvpsp.dll
6_HKey=HKEY_LOCAL_MACHINE
6_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006
6_Name=PackedCatalogItem
6_FileName=%SystemRoot%\system32\mswsock.dll
7_HKey=HKEY_LOCAL_MACHINE
7_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007
7_Name=PackedCatalogItem
7_FileName=%SystemRoot%\system32\mswsock.dll
8_HKey=HKEY_LOCAL_MACHINE
8_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008
8_Name=PackedCatalogItem
8_FileName=%SystemRoot%\system32\mswsock.dll
9_HKey=HKEY_LOCAL_MACHINE
9_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009
9_Name=PackedCatalogItem
9_FileName=%SystemRoot%\system32\mswsock.dll
10_HKey=HKEY_LOCAL_MACHINE
10_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010
10_Name=PackedCatalogItem
10_FileName=%SystemRoot%\system32\mswsock.dll
11_HKey=HKEY_LOCAL_MACHINE
11_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011
11_Name=PackedCatalogItem
11_FileName=%SystemRoot%\system32\mswsock.dll
12_HKey=HKEY_LOCAL_MACHINE
12_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012
12_Name=PackedCatalogItem
12_FileName=%SystemRoot%\system32\mswsock.dll
13_HKey=HKEY_LOCAL_MACHINE
13_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013
13_Name=PackedCatalogItem
13_FileName=%SystemRoot%\system32\mswsock.dll
14_HKey=HKEY_LOCAL_MACHINE
14_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014
14_Name=PackedCatalogItem
14_FileName=%SystemRoot%\system32\mswsock.dll
15_HKey=HKEY_LOCAL_MACHINE
15_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015
15_Name=PackedCatalogItem
15_FileName=%SystemRoot%\system32\mswsock.dll
16_HKey=HKEY_LOCAL_MACHINE
16_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016
16_Name=PackedCatalogItem
16_FileName=%SystemRoot%\system32\mswsock.dll
17_HKey=HKEY_LOCAL_MACHINE
17_Key=SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017
17_Name=PackedCatalogItem
17_FileName=%SystemRoot%\system32\mswsock.dll
Max=17

[WinSock2Winsock]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=System\CurrentControlSet\Services\Winsock2\Winsock
1_Name=PathName
1_Value=
1_Found=0
Max=1

仙剑VS景天 - 2006-11-27 19:06:00

什么玩意

爱心兔子 - 2006-11-27 19:07:00

[WOW]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SYSTEM\CurrentControlSet\Control\WOW
1_Name=cmdline
1_Value=%SystemRoot%\system32\ntvdm.exe -o
1_Filename=C:\WINDOWS\SYSTEM32\NTVDM.EXE
1_FileSize=417280
1_FileDate=2004-8-17 12:00:00
2_HKey=HKEY_LOCAL_MACHINE
2_Key=SYSTEM\CurrentControlSet\Control\WOW
2_Name=wowcmdline
2_Value=%SystemRoot%\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386
2_Filename=C:\WINDOWS\SYSTEM32\NTVDM.EXE
2_FileSize=417280
2_FileDate=2004-8-17 12:00:00
Max=2

[ShellExecuteHooks]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
1_Name={AEB6717E-7E19-11d0-97EE-00C04FD91972}
1_ClsidName=URL 执行挂钩
1_FileName=C:\WINDOWS\system32\shell32.dll
1_FileSize=8311296
1_FileDate=2006-7-13 21:34:56
Max=1

[ShellServiceObjectDelayLoad]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
1_Name=PostBootReminder
1_Value={7849596a-48ea-486e-8937-a2a3009f31a9}
1_ClsidName=PostBootReminder 对象
1_FileName=%SystemRoot%\system32\SHELL32.dll
1_FileSize=8311296
1_FileDate=2006-7-13 21:34:56
2_HKey=HKEY_LOCAL_MACHINE
2_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
2_Name=CDBurn
2_Value={fbeb8a05-beee-4442-804e-409d6c4515e9}
2_ClsidName=烧 CD 的 ShellFolder
2_FileName=%SystemRoot%\system32\SHELL32.dll
2_FileSize=8311296
2_FileDate=2006-7-13 21:34:56
3_HKey=HKEY_LOCAL_MACHINE
3_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
3_Name=WebCheck
3_Value={E6FB5E20-DE35-11CF-9C87-00AA005127ED}
3_ClsidName=WebCheck
3_FileName=%SystemRoot%\system32\webcheck.dll
3_FileSize=265728
3_FileDate=2004-8-17 12:00:00
4_HKey=HKEY_LOCAL_MACHINE
4_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
4_Name=SysTray
4_Value={35CEC8A3-2BE6-11D2-8773-92E220524153}
4_ClsidName=SysTray
4_FileName=C:\WINDOWS\system32\stobject.dll
4_FileSize=121344
4_FileDate=2004-8-17 12:00:00
Max=4

[SharedTaskScheduler]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
1_Name={438755C2-A8BA-11D1-B96B-00A0C90312E1}
1_Value=Browseui 预加载程序
1_FileName=%SystemRoot%\system32\browseui.dll
1_FileSize=1022464
1_FileDate=2006-9-14 16:38:30
2_HKey=HKEY_LOCAL_MACHINE
2_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
2_Name={8C7461EF-2B13-11d2-BE35-3078302C2030}
2_Value=组件类别缓存程序
2_FileName=%SystemRoot%\system32\browseui.dll
2_FileSize=1022464
2_FileDate=2006-9-14 16:38:30
Max=2

[ProtocolDefaults]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
1_Name=http
1_Value=3
2_HKey=HKEY_LOCAL_MACHINE
2_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
2_Name=https
2_Value=3
3_HKey=HKEY_LOCAL_MACHINE
3_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
3_Name=ftp
3_Value=3
4_HKey=HKEY_LOCAL_MACHINE
4_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
4_Name=file
4_Value=3
5_HKey=HKEY_LOCAL_MACHINE
5_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
5_Name=@ivt
5_Value=1
6_HKey=HKEY_LOCAL_MACHINE
6_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
6_Name=shell
6_Value=0
Max=6

[BootExecute]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SYSTEM\CurrentControlSet\Control\Session Manager
1_Name=BootExecute
1_Value=autocheck autochk *
Max=1

[Startup]
1_LnkFile=C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\ADSL.lnk
1_ExeFile=ADSL
Max=1

[AutoRun]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=Software\Microsoft\Windows\CurrentVersion\Run
1_Name=NvCplDaemon
1_Value=; rundll32.exe c:\windows\system32\nvcpl.dll,nvstartup
1_FileSize=5537792
1_FileDate=2005-2-24 7:32:00
1_FileVersion=6.14.10.7184
2_HKey=HKEY_LOCAL_MACHINE
2_Key=Software\Microsoft\Windows\CurrentVersion\Run
2_Name=TkBellExe
2_Value="c:\program files\common files\real\update_ob\realsched.exe" -osboot
2_FileSize=185896
2_FileDate=2006-11-23 16:05:36
2_FileVersion=0.1.0.3760
3_HKey=HKEY_LOCAL_MACHINE
3_Key=Software\Microsoft\Windows\CurrentVersion\Run
3_Name=RavTask
3_Value="c:\program files\rising\rav\ravtask.exe" -system
3_FileSize=114688
3_FileDate=2006-11-23 16:40:48
3_FileVersion=18.0.0.22
4_HKey=HKEY_LOCAL_MACHINE
4_Key=Software\Microsoft\Windows\CurrentVersion\Run
4_Name=RfwMain
4_Value="d:\rising\rfw\rfwmain.exe" -startup
4_FileSize=454656
4_FileDate=2006-11-27 14:38:06
4_FileVersion=5.0.0.56
5_HKey=HKEY_LOCAL_MACHINE
5_Key=Software\Microsoft\Windows\CurrentVersion\RunOnce
5_Name=RavStub
5_Value="c:\program files\rising\rav\ravstub.exe" /runonce
5_FileSize=90112
5_FileDate=2006-11-23 16:26:46
5_FileVersion=18.0.0.16
6_HKey=HKEY_LOCAL_MACHINE
6_Key=Software\Microsoft\Windows\CurrentVersion\RunOnce
6_Name=KKDelay
6_Value=d:\kaka\runonce.exe
6_FileSize=61440
6_FileDate=2006-11-23 17:03:42
6_FileVersion=19.0.0.2
7_HKey=HKEY_LOCAL_MACHINE
7_Key=Software\Microsoft\Windows\CurrentVersion\RunOnce
7_Name=Super Rabbit SRCK
7_Value="d:\超级兔子\magicset\srck.exe" /autokill:245
7_FileSize=1789952
7_FileDate=2006-11-23 22:14:14
7_FileVersion=7.90.0.1
8_HKey=HKEY_LOCAL_MACHINE
8_Key=Software\Microsoft\Windows NT\CurrentVersion\Windows
8_Name=load
8_Value=
9_HKey=HKEY_CURRENT_USER
9_Key=Software\Microsoft\Windows\CurrentVersion\Run
9_Name=ctfmon.exe
9_Value=c:\windows\system32\ctfmon.exe
9_FileSize=15360
9_FileDate=2004-8-17 12:00:00
9_FileVersion=5.1.2600.2180
10_HKey=HKEY_CURRENT_USER
10_Key=Software\Microsoft\Windows NT\CurrentVersion\Windows
10_Name=load
10_Value=
Max=10

[ModuleUsage]
1_HKey=HKEY_LOCAL_MACHINE
1_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/3DShowVM.ocx
1_Name=.Owner
1_Value={C661F36D-DF85-4EF4-83C7-E107B83D04B1}
1_Clsid=WebActivater Control
1_FileName=C:\WINDOWS\system32\3DShowVM.ocx
1_FileSize=319488
1_FileDate=2006-3-13 14:00:38
1_FileVersion=1.0.200.50
2_HKey=HKEY_LOCAL_MACHINE
2_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/mfc42.dll
2_Name=.Owner
2_Value=Unknown Owner
2_Clsid=
2_FileName=C:\WINDOWS\system32\mfc42.dll
2_FileSize=1028096
2_FileDate=2004-8-17 12:00:00
2_FileVersion=6.2.4131.0
3_HKey=HKEY_LOCAL_MACHINE
3_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcrt.dll
3_Name=.Owner
3_Value=Unknown Owner
3_Clsid=
3_FileName=C:\WINDOWS\system32\msvcrt.dll
3_FileSize=343040
3_FileDate=2004-8-17 12:00:00
3_FileVersion=7.0.2600.2180
4_HKey=HKEY_LOCAL_MACHINE
4_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/olepro32.dll
4_Name=.Owner
4_Value=Unknown Owner
4_Clsid=
4_FileName=C:\WINDOWS\system32\olepro32.dll
4_FileSize=83456
4_FileDate=2004-8-17 12:00:00
4_FileVersion=5.1.2600.2180
5_HKey=HKEY_LOCAL_MACHINE
5_Key=SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/wuweb.dll
5_Name=.Owner
5_Value=Unknown Owner
5_Clsid=
5_FileName=C:\WINDOWS\system32\wuweb.dll
5_FileSize=173536
5_FileDate=2005-5-26 4:19:32
5_FileVersion=5.8.0.2469
Max=5

[Process]
1_FileName=C:\WINDOWS\SYSTEM32\SMSS.EXE
1_FileSize=50688
1_FileDate=2004-8-17 12:00:00
1_FileVersion=5.1.2600.2180
2_FileName=C:\WINDOWS\SYSTEM32\WINLOGON.EXE
2_FileSize=487424
2_FileDate=2004-8-17 12:00:00
2_FileVersion=5.1.2600.2180
3_FileName=C:\WINDOWS\SYSTEM32\SERVICES.EXE
3_FileSize=108032
3_FileDate=2004-8-17 12:00:00
3_FileVersion=5.1.2600.2180
4_FileName=C:\WINDOWS\SYSTEM32\LSASS.EXE
4_FileSize=13312
4_FileDate=2004-8-17 12:00:00
4_FileVersion=5.1.2600.2180
5_FileName=C:\WINDOWS\SYSTEM32\SVCHOST.EXE
5_FileSize=14336
5_FileDate=2004-8-17 12:00:00
5_FileVersion=5.1.2600.2180
6_FileName=C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
6_FileSize=110592
6_FileDate=2006-11-23 16:40:46
6_FileVersion=18.0.0.3
7_FileName=C:\WINDOWS\SYSTEM32\SVCHOST.EXE
7_FileSize=14336
7_FileDate=2004-8-17 12:00:00
7_FileVersion=5.1.2600.2180
8_FileName=C:\PROGRAM FILES\RISING\RAV\RAVMOND.EXE
8_FileSize=266240
8_FileDate=2006-11-23 16:26:54
8_FileVersion=18.0.1.47
9_FileName=C:\WINDOWS\EXPLORER.EXE
9_FileSize=976896
9_FileDate=2004-8-17 12:00:00
9_FileVersion=6.0.2900.2180
10_FileName=C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
10_FileSize=57856
10_FileDate=2005-6-11 7:53:32
10_FileVersion=5.1.2600.2696
11_FileName=C:\PROGRAM FILES\RISING\RAV\RAVSTUB.EXE
11_FileSize=90112
11_FileDate=2006-11-23 16:26:46
11_FileVersion=18.0.0.16
12_FileName=C:\WINDOWS\SYSTEM32\NVSVC32.EXE
12_FileSize=127043
12_FileDate=2005-2-24 7:32:00
12_FileVersion=6.14.10.7184
13_FileName=C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
13_FileSize=185896
13_FileDate=2006-11-23 16:05:36
13_FileVersion=0.1.0.3760
14_FileName=C:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE
14_FileSize=114688
14_FileDate=2006-11-23 16:40:48
14_FileVersion=18.0.0.22
15_FileName=C:\PROGRAM FILES\RISING\RAV\RAVMON.EXE
15_FileSize=614400
15_FileDate=2006-11-23 16:26:50
15_FileVersion=18.0.1.39
16_FileName=C:\WINDOWS\SYSTEM32\CTFMON.EXE
16_FileSize=15360
16_FileDate=2004-8-17 12:00:00
16_FileVersion=5.1.2600.2180
17_FileName=D:\QQ\TIMPLATFORM.EXE
17_FileSize=69632
17_FileDate=2006-8-31 20:09:00
17_FileVersion=0.3.1.8
18_FileName=D:\QQ\QQ.EXE
18_FileSize=1454080
18_FileDate=2006-9-7 12:21:06
18_FileVersion=0.0.0.0
19_FileName=D:\RISING\RFW\RFWSRV.EXE
19_FileSize=151552
19_FileDate=2006-11-27 14:38:28
19_FileVersion=5.0.0.30
20_FileName=D:\RISING\RFW\RFWMAIN.EXE
20_FileSize=454656
20_FileDate=2006-11-27 14:38:06
20_FileVersion=5.0.0.56
21_FileName=C:\PROGRAM FILES\MAXTHON\MAXTHON.EXE
21_FileSize=899584
21_FileDate=2006-10-24 23:13:00
21_FileVersion=1.5.8.120
22_FileName=C:\WINDOWS\SYSTEM32\SVCHOST.EXE
22_FileSize=14336
22_FileDate=2004-8-17 12:00:00
22_FileVersion=5.1.2600.2180
23_FileName=C:\WINDOWS\SYSTEM32\CONIME.EXE
23_FileSize=27648
23_FileDate=2004-8-17 12:00:00
23_FileVersion=5.1.2600.2180
24_FileName=D:\超级兔子\MAGICSET\SRIEH.EXE
24_FileSize=1368064
24_FileDate=2006-11-23 22:13:58
24_FileVersion=7.90.0.1
25_FileName=[SYSTEM PROCESS]
26_FileName=C:\WINDOWS\system32\CSRSS.EXE
26_FileSize=6144
26_FileDate=2004-8-17 12:00:00
26_FileVersion=5.1.2600.2180
27_FileName=C:\WINDOWS\system32\WDFMGR.EXE
27_FileSize=38912
27_FileDate=2004-8-10 22:05:14
27_FileVersion=5.2.3790.1230
28_FileName=C:\WINDOWS\system32\ALG.EXE
28_FileSize=44544
28_FileDate=2004-8-17 12:00:00
28_FileVersion=5.1.2600.2180
Max=28

爱心兔子 - 2006-11-27 19:07:00

[Hosts]
HostsFile=C:\WINDOWS\system32\Drivers\Etc\Hosts
1_Host=127.0.0.1 localhost
Max=1

[Service]
1_ServiceName=DcomLaunch
1_DisplayName=DCOM Server Process Launcher
1_Description=为 DCOM 服务提供加载功能。
1_Status=已启动
1_StartType=自动
1_ServiceDll=C:\WINDOWS\SYSTEM32\RPCSS.DLL
1_ImagePath=C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH

2_ServiceName=HTTPFilter
2_DisplayName=HTTP SSL
2_Description=此服务通过安全套接字层(SSL)实现 HTTP 服务的安全超文本传送协议(HTTPS)。如果此服务被禁用，任何依赖它的服务将无法启动。
2_Status=停止
2_StartType=手动
2_ServiceDll=C:\WINDOWS\SYSTEM32\W3SSL.DLL
2_ImagePath=C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K HTTPFILTER

3_ServiceName=NetDDEdsdm
3_DisplayName=Network DDE DSDM
3_Description=管理动态数据交换 (DDE) 网络共享。如果此服务终止，DDE 网络共享将不可用。如果此服务被禁用，任何依赖它的服务将无法启动。
3_Status=停止
3_StartType=已禁用
3_ServiceDll=
3_ImagePath=C:\WINDOWS\SYSTEM32\NETDDE.EXE

4_ServiceName=NVSvc
4_DisplayName=NVIDIA Display Driver Service
4_Description=Provides system and desktop level support to the NVIDIA display driver
4_Status=已启动
4_StartType=自动
4_ServiceDll=
4_ImagePath=C:\WINDOWS\SYSTEM32\NVSVC32.EXE

5_ServiceName=RfwProxySrv
5_DisplayName=Rising Proxy Service
5_Description=Rising Personal Proxy Service
5_Status=停止
5_StartType=手动
5_ServiceDll=
5_ImagePath=D:\RISING\RFW\RFWPROXY.EXE

6_ServiceName=RfwService
6_DisplayName=Rising Personal Firewall Service
6_Description=Rising Personal Firewall Service
6_Status=已启动
6_StartType=自动
6_ServiceDll=
6_ImagePath=D:\RISING\RFW\RFWSRV.EXE

7_ServiceName=RsCCenter
7_DisplayName=Rising Process Communication Center
7_Description=
7_Status=已启动
7_StartType=自动
7_ServiceDll=
7_ImagePath="C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE"

8_ServiceName=RsRavMon
8_DisplayName=Rising RealTime Monitor
8_Description=
8_Status=已启动
8_StartType=自动
8_ServiceDll=
8_ImagePath="C:\PROGRAM FILES\RISING\RAV\RAVMOND.EXE"

9_ServiceName=UMWdf
9_DisplayName=Windows User Mode Driver Framework
9_Description=启用 Windows 用户模式驱动程序。
9_Status=已启动
9_StartType=自动
9_ServiceDll=
9_ImagePath=C:\WINDOWS\SYSTEM32\WDFMGR.EXE

10_ServiceName=WmdmPmSN
10_DisplayName=Portable Media Serial Number Service
10_Description=Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.
10_Status=停止
10_StartType=手动
10_ServiceDll=C:\WINDOWS\SYSTEM32\MSPMSNSV.DLL
10_ImagePath=C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS

11_ServiceName=wscsvc
11_DisplayName=Security Center
11_Description=监视系统安全设置和配置。
11_Status=已启动
11_StartType=自动
11_ServiceDll=C:\WINDOWS\SYSTEM32\WSCSVC.DLL
11_ImagePath=C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS

12_ServiceName=xmlprov
12_DisplayName=Network Provisioning Service
12_Description=为自动网络提供管理基于域的 XML 配置文件。
12_Status=停止
12_StartType=手动
12_ServiceDll=C:\WINDOWS\SYSTEM32\XMLPROV.DLL
12_ImagePath=C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS

Max=12

[END]
Max=1

快要瘋了 - 2006-11-27 19:08:00

看不懂

爱心兔子 - 2006-11-27 19:08:00

看的明白的进来哈哈

仙剑VS景天 - 2006-11-27 19:08:00

引用:

【爱心兔子的贴子】看的明白的进来哈哈
………………

爱心兔子 - 2006-11-27 19:13:00

wangjishuole kanbumingbaide minjin

仙剑VS景天 - 2006-11-27 19:15:00

引用:

【爱心兔子的贴子】wangjishuole kanbumingbaide minjin
………………

杰洛 - 2006-11-27 19:18:00

zenmeyouyumenle?

♀恋紫♀ - 2006-11-27 19:23:00

无语！

杰洛 - 2006-11-27 19:25:00

这些都是什么东东？日志？

爱心兔子 - 2006-11-27 19:27:00

引用:

【♀恋紫♀的贴子】无语！
………………

buyongyuyan yongxingdong lai zuizui

红夜鬼1 - 2006-11-27 19:28:00

用超级兔子扫描的日志

爱心兔子 - 2006-11-27 19:28:00

引用:

【杰洛的贴子】这些都是什么东东？日志？
………………

chaojituzide IE rizhi heihei

爱心兔子 - 2006-11-27 19:28:00

fan

杰洛 - 2006-11-27 19:28:00

有问题？

爱心兔子 - 2006-11-27 19:29:00

引用:

【红夜鬼1的贴子】用超级兔子扫描的日志
………………

nani nengkanmingbaima

杰洛 - 2006-11-27 19:35:00

tuzibieyoulianxiangOEMbanruixingle,yihoushengbuliao2007

爱心兔子 - 2006-11-27 19:39:00

引用:

【杰洛的贴子】tuzibieyoulianxiangOEMbanruixingle,yihoushengbuliao2007
………………

yongdao buneng sheng de shihou ouhuangekaba mianfeide nazhong
ou xianglai oushi yongmianfeide
oumeiwenti jiushi yumen fa zhewan

杰洛 - 2006-11-27 19:41:00

还是用中文罢，卡巴我的机子安不了，一安就死

爱心兔子 - 2006-11-27 19:44:00

咔吧+瑞星同时运行卡我20分钟

红夜鬼1 - 2006-11-27 19:45:00

兔子扫描的日志,主要是查看注册表的,但现在过时了,现在很多流氓攻击的是服务
360安全卫士扫描的日志,还比较简单

爱心兔子 - 2006-11-27 19:45:00

单独运行喀吧没试过等我瑞星用不了了试试

杰洛 - 2006-11-27 19:46:00

引用:

【爱心兔子的贴子】咔吧+瑞星同时运行卡我20分钟
………………

你疯了

爱心兔子 - 2006-11-27 19:46:00

引用:

【红夜鬼1的贴子】兔子扫描的日志,主要是查看注册表的,但现在过时了,现在很多流氓攻击的是服务
360安全卫士扫描的日志,还比较简单
………………

那我去扫个来

爱心兔子 - 2006-11-27 19:47:00

各位高手：
非常感谢您留心我这份系统诊断报告，小菜鸟十万火急等待您的帮助！
该诊断报告由360安全卫士提供 http://www.360safe.com
诊断时间: 2006-11-27 19:35:54
诊断平台: Microsoft Windows XP Service Pack 2
IE版本: Internet Explorer V6.0.2900.2180 Build:62900.2180
计算机物理内存:255MB - 当前可用内存:55MB

100 - 未知 - Process: rfwsrv.exe [Rising Personal FireWall Service] - d:\rising\rfw\rfwsrv.exe
100 - 未知 - Process: rfwmain.exe [Rising Personal FireWall Main Program] - d:\rising\rfw\RfwMain.exe
100 - 未知 - Process: RavXP.exe [RavXP] - C:\Program Files\Rising\Rav\RavXP.exe
R0 - 未知 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.whinfo.net.cn/
R0 - 未知 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL=http://www.lenovo.com
R1 - 未知 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://search.fm365.com
O4 - 未知 - Startup folder: [ADSL.lnk] [] C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\ADSL.lnk
O8 - 未知 - Extra context menu item: 上传到QQ网络硬盘 - D:\QQ\AddToNetDisk.htm
O8 - 未知 - Extra context menu item: 添加到QQ自定义面板 - D:\QQ\AddPanel.htm
O8 - 未知 - Extra context menu item: 添加到QQ表情 - D:\QQ\AddEmotion.htm
O8 - 未知 - Extra context menu item: 用QQ彩信发送该图片 - D:\QQ\SendMMS.htm
O16 - 未知 - DPF: {C661F36D-DF85-4EF4-83C7-E107B83D04B1} (WebActivater Control) - http://dl_dir.qq.com/3dshow/3DShowVM.cab
O18 - 未知 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - E:\KuGoo3\InExtend\KuGoo3DownXControl.ocx
O23 - 未知 - Service: RfwProxySrv [Rising Personal Proxy Service] - d:\rising\rfw\rfwproxy.exe - (not running)
O23 - 未知 - Service: RfwService [Rising Personal Firewall Service] - d:\rising\rfw\rfwsrv.exe - (running)

=======================================

100 - 安全 - Process: smss.exe [进程为会话管理子系统用以初始化系统变量，ms-dos驱动名称类似lpt1以及com，调用win32壳子系统和运行在windows登陆过程。] - C:\WINDOWS\System32\smss.exe
100 - 安全 - Process: csrss.exe [客户端服务子系统，用以控制windows图形相关子系统。] - C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=base
100 - 安全 - Process: winlogon.exe [windows nt用户登陆程序。] - C:\WINDOWS\system32\winlogon.exe
100 - 安全 - Process: services.exe [用于管理windows服务系统进程。] - C:\WINDOWS\system32\services.exe
100 - 安全 - Process: lsass.exe [本地安全权限服务控制windows安全机制。] - C:\WINDOWS\system32\lsass.exe
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost -k DcomLaunch
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost -k rpcss
100 - 安全 - Process: CCenter.exe [瑞星杀毒软件控制台相关程序。] - C:\Program Files\Rising\Rav\CCenter.exe
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\System32\svchost.exe -k netsvcs
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost.exe -k NetworkService
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost.exe -k LocalService
100 - 安全 - Process: RavMonD.exe [瑞星杀毒软件的一部分。] - C:\Program Files\Rising\Rav\Ravmond.exe
100 - 安全 - Process: explorer.exe [windows program manager或者windows explorer用于控制windows图形shell，包括开始菜单、任务栏，桌面和文件管理。] - C:\WINDOWS\Explorer.EXE
100 - 安全 - Process: spoolsv.exe [windows打印任务控制程序，用以打印机就绪。] - C:\WINDOWS\system32\spoolsv.exe
100 - 安全 - Process: RavStub.exe [瑞星出品的杀毒软件相关程序。] - C:\Program Files\Rising\Rav\RavStub.exe
100 - 安全 - Process: nvsvc32.exe [nvidia driver helper service在nvida显卡驱动中被安装。] - C:\WINDOWS\system32\nvsvc32.exe
100 - 安全 - Process: wdfmgr.exe [windows media player播放器相关程序。] - C:\WINDOWS\system32\wdfmgr.exe
100 - 安全 - Process: alg.exe [这是一个应用层网关服务用于网络共享。] - C:\WINDOWS\System32\alg.exe
100 - 安全 - Process: realsched.exe [realone播放器安装时附带的升级提醒程序。] - C:\Program Files\Common Files\Real\Update_OB\realsched.exe
100 - 安全 - Process: RavTask.exe [瑞星出品的杀毒软件相关程序。] - C:\Program Files\Rising\Rav\RavTask.exe
100 - 安全 - Process: RavMon.exe [瑞星杀毒软件防火墙。] - C:\Program Files\Rising\Rav\Ravmon.exe
100 - 安全 - Process: ctfmon.exe [office xp输入法图标。] - C:\WINDOWS\system32\ctfmon.exe
100 - 安全 - Process: Maxthon.exe [傲游maxthon浏览器相关程序的一部分。] - C:\Program Files\Maxthon\Maxthon.exe
100 - 安全 - Process: Rav.exe [瑞星杀毒软件。] - C:\Program Files\Rising\Rav\Rav.exe
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost.exe -k imgsvc
100 - 安全 - Process: 360Safe.exe [360安全卫士] - D:\360safe\360Safe.exe
R1 - 安全 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\system32\blank.htm
R1 - 安全 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\system32\blank.htm
O3 - 安全 - Toolbar: (卡卡上网安全助手) - [卡卡安全助手工具条软件相关程序。] - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\kakatool.dll
O4 - 安全 - HKLM\..\Run: [NvCplDaemon] [是NVIDIA显示卡相关动态链接库文件。] ; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - 安全 - HKLM\..\Run: [TkBellExe] [是Real Networks产品定时升级检测程序。] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - 安全 - HKLM\..\Run: [RavTask] [瑞星杀毒软件的任务计划程序。] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - 安全 - HKLM\..\Run: [RfwMain] [瑞星防火墙程序，抵御黑客攻击。] "D:\Rising\Rfw\rfwmain.exe" -Startup
O4 - 安全 - HKLM\..\RunOnce: [RavStub] [是瑞星杀毒软件相关程序。] "C:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE
O4 - 安全 - HKCU\..\Run: [ctfmon.exe] [office xp输入法图标。] C:\WINDOWS\system32\ctfmon.exe
O8 - 安全 - Extra context menu item: &使用迅雷下载 - E:\Thunder\Program\GetUrl.htm
O8 - 安全 - Extra context menu item: &使用迅雷下载全部链接 - E:\Thunder\Program\GetAllUrl.htm
O16 - 安全 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (Windows升级工具V5) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1164276558484
O21 - 安全 - Protocol Icons: HKCR\http\shell\open\command - "C:\Program Files\Maxthon\maxthon.exe" "%1"
O21 - 安全 - Protocol Icons: HKCR\ftp\shell\open\command - "C:\Program Files\Maxthon\maxthon.exe" "%1"
O21 - 安全 - Protocol Icons: HKCR\https\shell\open\command - "C:\Program Files\Maxthon\maxthon.exe" "%1"
O21 - 安全 - Protocol Icons: HKCR\htmlfile\shell\open\command - "C:\Program Files\Maxthon\maxthon.exe" "%1"
O23 - 安全 - Service: NVSvc [是NVIDIA显示卡相关程序。] - C:\WINDOWS\system32\nvsvc32.exe - (running)
O23 - 安全 - Service: RsCCenter [是瑞星杀毒软件控制台相关程序。] - "C:\Program Files\Rising\Rav\CCenter.exe" - (running)
O23 - 安全 - Service: RsRavMon [是瑞星杀毒软件相关监控程序。] - "C:\Program Files\Rising\Rav\Ravmond.exe" - (running)

=======================================

O40 - Explorer.EXE - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\RSCOMMON.DLL - Rising Common Function Dynamic Link Library - 2f0e106190321a12da568520e6b07790

=======================================

O41 - BaseTDI - basetdi - C:\WINDOWS\system32\drivers\basetdi.sys - (running) - basetdi - Beijing Rising Technology Co., Ltd. - 6e311de78c8fa4e03856897b836bc3c4
O41 - CALLKEY_IO - CALLKEY_IO - C:\Program Files\Lenovo\智能维护3.0\CALLKEY.sys - (not running) - - - 4ac679d0bb9374f2ee8b47536dbbaa6f
O41 - ExpScaner - ExpScan.sys - C:\Program Files\Rising\Rav\ExpScan.sys - (running) - ExpScan.sys - - 96cfd8b7a947702443f748e05609193f
O41 - HookCont - TDI HOOK Driver - C:\Program Files\Rising\Rav\HookCont.sys - (running) - TDI HOOK Driver - Rising tech Co. ltd - 286401156f3e2a68e692cac56f21876a
O41 - HookSys - Hooksys - C:\Program Files\Rising\Rav\HookSys.sys - (running) - Hooksys - Rising - 2099bd848a45b34d07535d4bf5c1521b
O41 - HookUrl - HookUrl - D:\Rising\Rfw\HookUrl.sys - (running) - HookUrl - Beijing Rising Technology Co., Ltd. - 93768ab1e576eef2de107eddbc586e9b
O41 - MEMSCAN - MemScan Driver - C:\Program Files\Rising\Rav\MemScan.sys - (running) - MemScan Driver - 瑞星软件有限公司 - 9811b256023dd985cbc5bad790e5bb84
O41 - mProcRs - Rising Personal FireWall mprocrs.sys - d:\Rising\Rfw\mProcRs.sys - (running) - Rising Personal FireWall mprocrs.sys - Beijing Rising Technology Co., Ltd. - f19fe6ccade903d285208247056daf6a
O41 - npkcrypt - nProtect KeyCrypt Driver - D:\QQ\npkcrypt.sys - (running) - nProtect KeyCrypt Driver - INCA Internet Co., Ltd. - 8bcb281a2540e7aff0cd00f9878fe21f
O41 - NTSIM - Network Device Monitor Utility - C:\WINDOWS\system32\ntsim.sys - (not running) - Network Device Monitor Utility - VIA Networking Technologies, Inc. - a568b9a9ffe2d9387222a5c90f86d731
O41 - RsAntiSpyware - RsBoot - C:\WINDOWS\system32\drivers\RsBoot.sys - (running) - RsBoot - Beijing Rising - 73e54c2429fb776e676977c512a85bd9
O41 - RsFwDrv - nt_fwdrv - D:\Rising\Rfw\rsfwdrv.sys - (running) - nt_fwdrv - Beijing Rising Technology Co., Ltd. - 1869e55cfacff0ff786d4ba6d2340ee2
O41 - RSPPSYS - RSPPSYS - C:\Program Files\Rising\Rav\rsppsys.sys - (running) - RSPPSYS - Rising - 4197f8bb3251c22f806c1d7d8d6ca2e1

=======================================
360Safe.exe=2.2.0.1000
AntiAdwa.dll=2.2.0.1000
AntiEng.dll=2.2.0.1000
AntiActi.dll=2.0.0.3000
CleanHis.dll=2.0.0.1001
safelive.exe=1.0.0.2007
live.dll=1.0.0.1011

=======================================

爱心兔子 - 2006-11-27 19:47:00

操作历史报告：
----------查杀恶意软件历史----------

2006-11-19 11:11
查杀恶意软件 - 迷你PP - 安全 -
查杀恶意软件 - Adobe Reader附带的BHO插件 - 安全 -
查杀恶意软件 - 搜搜工具条 - 安全 -
2006-11-23 14:31
查杀恶意软件 - 搜搜工具条 - 安全 -

----------插件卸载操作历史----------

2006-11-18 19:31
插件管理 - 迷你PP - C:\WINDOWS\system32\XUNLEI~1.DLL
插件管理 - Adobe Reader附带的BHO插件 - C:\PROGRA~1\ACROBA~1\ActiveX\ACROIE~1.DLL
插件管理 - MSN 搜索工具栏 -
插件管理 - Windows Live Sign-in Assistant附带的BHO插件 -
插件管理 - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar
2006-11-18 19:31
插件管理 - Windows Live Toolbar -
2006-11-19 09:25
插件管理 - 腾讯QQ附带的QQIEHelper插件 -
2006-11-19 09:30
插件管理 - 搜搜工具条 - C:\PROGRA~1\TENCENT\Adplus\SSAddr.dll
2006-11-19 15:54
插件管理 - 百度超级搜霸 -
插件管理 - Vagaa哇嘎画时代 - C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Vagaa哇嘎画时代.lnk
2006-11-19 15:58
插件管理 - 百度超级搜霸 -
插件管理 - Vagaa哇嘎画时代 - C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Vagaa哇嘎画时代.lnk
2006-11-19 17:29
插件管理 - 卡卡上网安全助手 - C:\WINDOWS\system32\kakatool.dll
2006-11-19 17:31
插件管理 - 腾讯QQ附带的QQIEHelper插件 -
2006-11-19 21:14
插件管理 - 腾讯QQ附带的QQIEHelper插件 -
2006-11-20 11:43
插件管理 - 腾讯QQ附带的QQIEHelper插件 -
2006-11-20 18:53
插件管理 - 腾讯QQ附带的QQIEHelper插件 -
2006-11-21 22:39
插件管理 - 腾讯QQ附带的QQIEHelper插件 -
2006-11-22 17:02
插件管理 - 腾讯QQ附带的QQIEHelper插件 -
2006-11-23 14:27
插件管理 - 腾讯QQ附带的QQIEHelper插件 -
2006-11-23 14:29
插件管理 - 搜搜工具条 - C:\PROGRA~1\TENCENT\Adplus\SSAddr.dll
2006-11-23 18:01
插件管理 - 迷你PP - C:\WINDOWS\system32\XUNLEI~1.DLL
插件管理 - Adobe Reader附带的BHO插件 - C:\PROGRA~1\ACROBA~1\ActiveX\ACROIE~1.DLL
2006-11-23 22:36
插件管理 - 腾讯QQ附带的QQIEHelper插件 -
2006-11-24 20:44
插件管理 - 腾讯QQ附带的QQIEHelper插件 -
2006-11-25 23:51
插件管理 - 超级兔子上网精灵 - C:\Documents and Settings\Administrator\桌面\超级兔子上网精灵.lnk

----------全面诊断修复历史----------

2006-11-20 18:55
O8 - 未知 - 上传到QQ网络硬盘 -
2006-11-21 22:40
O4 - 未知 - Super Rabbit SRCK - "D:\超级兔子\MagicSet\SRCK.exe" /autokill:13
2006-11-21 22:40
O9 - 未知 - 启动迅雷 - e:\Thunder\Thunder.exe
O16 - 未知 - 下载的ActiveX插件 - C:\WINDOWS\system32\muweb.dll
O23 - 未知 - Windows XP Vista - C:\WINDOWS\Hacker.com.cn.ini
2006-11-21 22:41
O23 - 未知 - Windows XP Vista - C:\WINDOWS\Hacker.com.cn.ini
2006-11-21 22:45
O23 - 未知 - Windows XP Vista - C:\WINDOWS\Hacker.com.cn.ini
2006-11-21 23:23
O23 - 未知 - Windows XP Vista -
2006-11-21 23:25
O23 - 未知 - Windows XP Vista -
2006-11-23 14:32
O8 - 未知 - 上传到QQ网络硬盘 - D:\QQ\AddToNetDisk.htm
O8 - 未知 - 添加到QQ自定义面板 - D:\QQ\AddPanel.htm
O8 - 未知 - 添加到QQ表情 - D:\QQ\AddEmotion.htm
O8 - 未知 - 用QQ彩信发送该图片 - D:\QQ\SendMMS.htm
O9 - 未知 - 腾讯QQ - D:\QQ\QQ.EXE
O9 - 未知 - QQ炫彩工具条设置 - D:\QQ\QQIEHelper.dll
2006-11-23 20:44
O3 - 未知 - 第三方IE工具栏 -
O9 - 未知 - 启动迅雷 - E:\Thunder\Thunder.exe
O9 - 未知 - 访问瑞星网站 - http://www.rising.com.cn/?u=RSTB
O9 - 未知 - 访问卡卡社区 - http://www.ikaka.com/?u=RSTB
2006-11-23 20:44
O14 - 未知 - Web原始设置IERESET.INF - C:\WINDOWS\inf\iereset.inf
2006-11-26 18:32
100 - 未知 - rfwsrv.exe - d:\Rising\Rfw\rfwsrv.exe

----------修复IE浏览器操作历史----------

2006-11-20 18:54
O27 - 危险 - 登录提示框标题 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
O27 - 危险 - 登录提示框文字 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
R0 - 危险 - IE首页 - HKCU\Software\Microsoft\Internet Explorer\Main
R0 - 危险 - IE起始页的默认页 - HKLM\Software\Microsoft\Internet Explorer\Main
R1 - 危险 - IE左侧搜索页 - HKCU\Software\Microsoft\Internet Explorer\Main
O14 - 危险 - Web原始设置IERESET.INF - C:\WINDOWS\inf\iereset.inf

=======================================

360安全卫士，彻底查杀各种流氓软件,全面保护系统安全,并赠送正版卡巴斯基V6.0
最新免费下载：http://www.360safe.com

瑞星卡卡安全论坛