各位大虾，我买的瑞星单机版怎么不能用？在线求助！ bbs.ikaka.com

哎！什么都不懂哦 - 2007-4-29 9:32:00

昨天刚买的最新瑞星单机版，安装后英文提示什么损坏的配置文件等等。运行画面如图。附扫描报告。在线求助！谢谢

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\windows\System32\ctfmon.exe> [(Verified)Microsoft Windows XP Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<sun><C:\windows\SysSun2\svchost.exe> []
<wm><C:\windows\Syswm7\svchost.exe> []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows XP Publisher]
<PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows XP Publisher]
<PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows XP Publisher]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [(Verified)"RealNetworks, Inc."]
<SoundMan><SOUNDMAN.EXE> [(Verified)Microsoft Windows XP Publisher]
<runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe> [Beijing Rising Technology Co., Ltd.]
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
<pxdnd><C:\DOCUME~1\feifei\LOCALS~1\Temp\1261.exe> []
<mppds><C:\windows\mppds.exe> []
<mscrt><C:\windows\mscrt.exe> []
<cmdbcs><C:\windows\cmdbcs.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<MSDEG32 ><LYLoader.exe> []
<twin><C:\windows\System32\ctfnom.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows XP Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows XP Publisher]
<UIHost><logonui.exe> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{A6011F8F-A7F8-49AA-9ADA-49127D43138F}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.bmp> []
<{754FB7D8-B8FE-4810-B363-A788CD060F1F}><C:\Program Files\Internet Explorer\PLUGINS\System64.sys> []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

附件: 871624200742992257.bmp

哎！什么都不懂哦 - 2007-4-29 9:33:00

【<MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background> [(Verified)Microsoft Windows XP Publisher]
<QQDownload><; "C:\Program Files\Tencent\QQDownload\QQDownload.exe" autostart> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<SKYNET Personal FireWall><; C:\PROGRA~1\SKYNET\FIREWALL\pfw.exe> [N/A]

==================================
启动文件夹
[Microsoft Office]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk --> C:\PROGRA~1\MICROS~3\Office\OSA9.EXE [Microsoft Corporation]><N>

==================================
服务
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\windows\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[IMAPI CD-Burning COM Service / ImapiService][Stopped/Manual Start]
<C:\WINDOWS\System32\imapi.exe><Microsoft Corporation>
[MSSQLSERVER / MSSQLSERVER][Running/Auto Start]
<C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -sMSSQLSERVER><Microsoft Corporation>
[MSSQLServerADHelper / MSSQLServerADHelper][Stopped/Manual Start]
<C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe><Microsoft Corporation>
[Rising Proxy Service / RfwProxySrv][Stopped/Manual Start]
<c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
<c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
<"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[SQLSERVERAGENT / SQLSERVERAGENT][Stopped/Manual Start]
<C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE -i MSSQLSERVER><Microsoft Corporation>

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[ATSpy / ATSpy][Stopped/Manual Start]
<\??\C:\windows\System32\ATSpy.sys><N/A>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[EagleNT / EagleNT][Stopped/Manual Start]
<\??\C:\windows\System32\drivers\EagleNT.sys><N/A>
[ExpScaner / ExpScaner][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[HookCont / HookCont][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
<\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[lesdsa / lesdsa][Running/Boot Start]

哎！什么都不懂哦 - 2007-4-29 9:35:00

<\SystemRoot\\SystemRoot\System32\drivers\lesdsa.sys><N/A>
[MEMSCAN / MEMSCAN][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs][Running/Auto Start]
<\??\c:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\d:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsFwDrv / RsFwDrv][Running/Auto Start]
<\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
<System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<System32\DRIVERS\secdrv.sys><N/A>
[SKNFW / SKNFW][Stopped/System Start]
<\??\C:\WINDOWS\System32\Drivers\SKNFW.sys><N/A>
[SkyProcs / SkyProcs][Stopped/Manual Start]
<\??\C:\PROGRA~1\SKYNET\FIREWALL\SkyProcs.sys><N/A>
[RsAntiSpyware / RsAntiSpyware][Stopped/Boot Start]
<\SystemRoot\System32\drivers\RsBoot.sys><Beijing Rising>
[Netgroup Packet Filter / NPF][Running/Manual Start]
<system32\drivers\npf.sys><CACE Technologies>

==================================
浏览器加载项
[QQCycloneHelper Class]
{00000000-12C9-4305-82F9-43058F20E8D2} <C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll, 腾讯公司>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <d:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[Tencent Safety Online Base Module]
{C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <C:\WINDOWS\DOWNLO~1\TSOBase.ocx, Tencent Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[Rising Web Scan Object]
{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[&使用超级旋风下载]
<C:\Program Files\Tencent\QQDownload\geturl.htm, N/A>
[&使用超级旋风下载全部链接]
<C:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>
[上传到QQ网络硬盘]
<D:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
<D:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]

哎！什么都不懂哦 - 2007-4-29 9:35:00

<D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<D:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 496][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 560][\??\C:\windows\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 584][\??\C:\windows\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\system32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\windows\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 628][C:\windows\system32\services.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\System32\LYMANGR.DLL] [N/A, ]
[PID: 640][C:\windows\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 800][C:\windows\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[PID: 864][C:\windows\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 948][C:\windows\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 960][C:\windows\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1080][c:\program files\rising\rfw\rfwsrv.exe] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 33]
[c:\program files\rising\rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 3]
[c:\program files\rising\rfw\rfwlog.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 2]
[c:\program files\rising\rfw\Rfwdrv.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 10]
[c:\program files\rising\rfw\psapi.dll] [Microsoft Corporation, 4.00]
[c:\program files\rising\rfw\MonDrv.dll] [rs, 1, 0, 0, 4]
[c:\program files\rising\rfw\ProcLib.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 5]
[c:\program files\rising\rfw\mPorts.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[PID: 1280][C:\windows\Explorer.EXE] [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[C:\windows\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\windows\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.bmp] [N/A, ]
[C:\DOCUME~1\feifei\LOCALS~1\Temp\pxdnd.dll] [N/A, ]
[C:\windows\System32\mppds.dll] [N/A, ]
[C:\windows\System32\mscrt.dll] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[C:\windows\System32\cmdbcs.dll] [N/A, ]

哎！什么都不懂哦 - 2007-4-29 9:36:00

[PID: 1356][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3760]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[PID: 1364][C:\windows\SOUNDMAN.EXE] [Realtek Semiconductor Corp., 5.0.21]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[PID: 1372][C:\Program Files\Rising\AntiSpyware\runiep.exe] [Beijing Rising Technology Co., Ltd., 1, 0, 1, 6]
[C:\Program Files\Rising\AntiSpyware\iep_ctrl.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[PID: 1388][C:\Program Files\Rising\Rfw\rfwmain.exe] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 70]
[C:\Program Files\Rising\Rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
[C:\Program Files\Rising\Rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\Program Files\Rising\Rfw\RfwCtrl.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
[C:\Program Files\Rising\Rfw\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
[C:\Program Files\Rising\Rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[C:\windows\System32\cmdbcs.dll] [N/A, ]
[C:\windows\System32\mscrt.dll] [N/A, ]
[C:\windows\System32\mppds.dll] [N/A, ]
[C:\DOCUME~1\feifei\LOCALS~1\Temp\pxdnd.dll] [N/A, ]
[PID: 1404][C:\windows\System32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[PID: 1848][C:\windows\System32\wuauclt.exe] [Microsoft Corporation, 5.4.2600.0 (XPClient.010817-1148)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[PID: 848][C:\windows\System32\conime.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[PID: 2036][C:\Program Files\Rising\AntiSpyware\Update\Rsaupd.exe] [Beijing Rising Technology Co., Ltd., 2, 0, 4, 4]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[PID: 976][C:\Program Files\Rising\AntiSpyware\Ras.exe] [Beijing Rising Technology Co., Ltd., 1, 0, 6, 1]
[C:\Program Files\Rising\AntiSpyware\RasGui.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 19]
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.bmp] [N/A, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]

哎！什么都不懂哦 - 2007-4-29 9:37:00

[PID: 1096][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
[C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll] [腾讯公司, 1, 1, 0, 5]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\WINDOWS\System32\Macromed\Flash\Flash9c.ocx] [Adobe Systems, Inc., 9,0,45,0]
[C:\windows\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\windows\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\DOCUME~1\feifei\LOCALS~1\Temp\pxdnd.dll] [N/A, ]
[C:\windows\System32\mppds.dll] [N/A, ]
[C:\windows\System32\mscrt.dll] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[C:\windows\System32\cmdbcs.dll] [N/A, ]
[PID: 1624][C:\Program Files\Real\RealPlayer\RealPlay.exe] [RealNetworks, Inc., 6.0.12.1741]
[C:\windows\System32\PNCRT.dll] [Real Networks, Inc, 6.0.0.0]
[C:\Program Files\Common Files\Real\Update_OB\rnms3270.dll] [RealNetworks, Inc., 7.0.1.3584]
[C:\Program Files\Common Files\Real\Common\objb3201.dll] [RealNetworks, Inc., 0.1.0.6726]
[C:\Program Files\Common Files\Real\RCAPlugins\uisy3201.dll] [RealNetworks, Inc., 0.1.0.4083]
[C:\Program Files\Real\RealPlayer\lang\gemctl_cn.dll] [RealNetworks, Inc., 6.0.12.298]
[C:\Program Files\Common Files\Real\Common\pnrs3260.dll] [RealNetworks, Inc., 6.0.9.4317]
[C:\Program Files\Common Files\Real\Update_OB\rnad3201.dll] [RealNetworks, Inc., 0.1.0.3760]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[C:\Program Files\Common Files\Real\Update_OB\rnqu3270.dll] [RealNetworks, Inc., 7.0.0.4153]
[C:\Program Files\Common Files\Real\Update_OB\setu3270.dll] [RealNetworks, Inc., 7.0.0.4619]
[C:\Program Files\Common Files\Real\Plugins\httpfsys.dll] [RealNetworks, Inc., 10.0.0.3032]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[PID: 1020][C:\Program Files\Real\RealPlayer\RealPlay.exe] [RealNetworks, Inc., 6.0.12.1741]
[C:\windows\System32\PNCRT.dll] [Real Networks, Inc, 6.0.0.0]
[C:\Program Files\Common Files\Real\Update_OB\upgr3270.dll] [RealNetworks, Inc., 7.0.0.3985]
[C:\Program Files\Common Files\Real\Common\objb3201.dll] [RealNetworks, Inc., 0.1.0.6726]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[C:\Program Files\Common Files\Real\Update_OB\setu3270.dll] [RealNetworks, Inc., 7.0.0.4619]
[C:\Program Files\Common Files\Real\Update_OB\rnqu3270.dll] [RealNetworks, Inc., 7.0.0.4153]
[C:\Program Files\Common Files\Real\Update_OB\rnup3270.dll] [RealNetworks, Inc., 7.0.0.3334]
[C:\Program Files\Common Files\Real\Update_OB\faus3270.dll] [RealNetworks, Inc., 7.0.0.3457]
[C:\Program Files\Common Files\Real\Common\pnrs3260.dll] [RealNetworks, Inc., 6.0.9.4317]
[C:\Program Files\Common Files\Real\Update_OB\rnad3201.dll] [RealNetworks, Inc., 0.1.0.3760]
[C:\Program Files\Common Files\Real\Update_OB\pnmi3270.dll] [RealNetworks, Inc., 7.0.0.2157]
[C:\Program Files\Common Files\Real\Update_OB\rnms3270.dll] [RealNetworks, Inc., 7.0.1.3584]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[C:\Program Files\Common Files\Real\Plugins\httpfsys.dll] [RealNetworks, Inc., 10.0.0.3032]

哎！什么都不懂哦 - 2007-4-29 9:37:00

[PID: 2436][C:\windows\System32\systemm.exe] [N/A, ]
[C:\windows\System32\WPCAP.DLL] [CACE Technologies, 3, 1, 0, 27]
[C:\windows\System32\packet.dll] [CACE Technologies, 3, 1, 0, 27]
[C:\windows\System32\WanPacket.dll] [CACE Technologies, 3, 1, 0, 27]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[PID: 2616][C:\Program Files\WinRAR\WinRAR.exe] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[C:\windows\System32\cmdbcs.dll] [N/A, ]
[C:\windows\System32\mscrt.dll] [N/A, ]
[C:\windows\System32\mppds.dll] [N/A, ]
[C:\DOCUME~1\feifei\LOCALS~1\Temp\pxdnd.dll] [N/A, ]
[PID: 2680][C:\DOCUME~1\feifei\LOCALS~1\Temp\Rar$EX00.313\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[C:\windows\System32\cmdbcs.dll] [N/A, ]
[C:\windows\System32\mscrt.dll] [N/A, ]
[C:\windows\System32\mppds.dll] [N/A, ]
[C:\DOCUME~1\feifei\LOCALS~1\Temp\pxdnd.dll] [N/A, ]

==================================
文件关联
.TXT Error. [C:\windows\notepad.exe %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. ["hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI Error. [C:\windows\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

8897603 - 2007-4-29 9:38:00

毒窝！
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<sun><C:\windows\SysSun2\svchost.exe> []
<wm><C:\windows\Syswm7\svchost.exe> []

<pxdnd><C:\DOCUME~1\feifei\LOCALS~1\Temp\1261.exe> []
<mppds><C:\windows\mppds.exe> []
<mscrt><C:\windows\mscrt.exe> []
<cmdbcs><C:\windows\cmdbcs.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<MSDEG32 ><LYLoader.exe> []
<twin><C:\windows\System32\ctfnom.exe> [Microsoft Corporation]

[C:\DOCUME~1\feifei\LOCALS~1\Temp\pxdnd.dll] [N/A, ]
[C:\windows\System32\mppds.dll] [N/A, ]
[C:\windows\System32\mscrt.dll] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[C:\windows\System32\cmdbcs.dll] [N/A, ]

桃子CiCi - 2007-4-29 9:41:00

楼上正解
呵呵

哎！什么都不懂哦 - 2007-4-29 9:43:00

啊~ - -|||。。。那该怎么办呢？

桃子CiCi - 2007-4-29 10:40:00

Icesword v1.20
最新版本下载地址：
中文：http://202.38.64.10/~jfpan/download/IceSword120_cn.zip MD5 :cfb8514add1fbfb510b0084e837e561c
==========================================================================
清空临时文件夹：具体路径： C:\documents and settings\feifei\LOCALS~1\Temp
进到安全模式下[安全模式进入方法:重启电脑时按住F8 选择进入安全模式],
==========================================================================
用冰刃修改注册表：
启动项目需删除的：
1、[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]分支下的如下二键值：
<sun><C:\windows\SysSun2\svchost.exe> []
<wm><C:\windows\Syswm7\svchost.exe> []
2、[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]分支下的如下键值：
<pxdnd><C:\DOCUME~1\feifei\LOCALS~1\Temp\1261.exe> []
<mppds><C:\windows\mppds.exe> []
<mscrt><C:\windows\mscrt.exe> []
<cmdbcs><C:\windows\cmdbcs.exe> []
3、[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]分支下的如下键值
<MSDEG32 ><LYLoader.exe> []

==========================================================================
运行SREng-在"启动项目->服务->"Win32服务应用程序"选中"隐藏已认证的微软服务" 然后将下面名称的服务删除（选中有问题的服务后，点“删除服务”，点“设置”按钮即可。注意弹出的窗口中要点 “NO 否”才是确认删除服务）(不能删除的就禁用:启动类型改为disabled,点中修改启动类型，点设置):
[lesdsa / lesdsa][Running/Boot Start]
<\SystemRoot\\SystemRoot\System32\drivers\lesdsa.sys><N/A>

==========================================================================
下载冰刃后运行，结束进程：
文件-设置-勾选“禁止进程创建”选中以[PID]开头的进程（千万不要结束），右键-模块信息-卸载或强制解除(所插入的子进程)
[PID: 628][C:\windows\system32\services.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows\System32\LYMANGR.DLL] [N/A, ]（如本例为所要强制解除的子进程）
[PID: 800][C:\windows\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[PID: 1280][C:\windows\Explorer.EXE] [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
[C:\DOCUME~1\feifei\LOCALS~1\Temp\pxdnd.dll] [N/A, ]
[C:\windows\System32\mppds.dll] [N/A, ]
[C:\windows\System32\mscrt.dll] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[C:\windows\System32\cmdbcs.dll] [N/A, ]
[PID: 1356][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3760]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[PID: 1364][C:\windows\SOUNDMAN.EXE] [Realtek Semiconductor Corp., 5.0.21]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[PID: 1388][C:\Program Files\Rising\Rfw\rfwmain.exe] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 70]

[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[C:\windows\System32\cmdbcs.dll] [N/A, ]
[C:\windows\System32\mscrt.dll] [N/A, ]
[C:\windows\System32\mppds.dll] [N/A, ]
[C:\DOCUME~1\feifei\LOCALS~1\Temp\pxdnd.dll] [N/A, ]
[PID: 1404][C:\windows\System32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[PID: 1848][C:\windows\System32\wuauclt.exe] [Microsoft Corporation, 5.4.2600.0 (XPClient.010817-1148)]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
PID: 1848][C:\windows\System32\wuauclt.exe] [Microsoft Corporation, 5.4.2600.0 (XPClient.010817-1148)]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]

[PID: 1404][C:\windows\System32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[PID: 848][C:\windows\System32\conime.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[PID: 2036][C:\Program Files\Rising\AntiSpyware\Update\Rsaupd.exe]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[PID: 976][C:\Program Files\Rising\AntiSpyware\Ras.exe] [Beijing Rising Technology Co., Ltd., 1, 0, 6, 1]

[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[PID: 1096][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]

[C:\DOCUME~1\feifei\LOCALS~1\Temp\pxdnd.dll] [N/A, ]
[C:\windows\System32\mppds.dll] [N/A, ]
[C:\windows\System32\mscrt.dll] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[C:\windows\System32\cmdbcs.dll] [N/A, ]
[PID: 1624][C:\Program Files\Real\RealPlayer\RealPlay.exe] [RealNetworks, Inc., 6.0.12.1741]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[PID: 1020][C:\Program Files\Real\RealPlayer\RealPlay.exe] [RealNetworks, Inc., 6.0.12.1741]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[PID: 2436][C:\windows\System32\systemm.exe] [N/A, ]---该进程要用冰刃全部结束！！！

[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]
[PID: 2616][C:\Program Files\WinRAR\WinRAR.exe] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]

[C:\windows\System32\cmdbcs.dll] [N/A, ]
[C:\windows\System32\mscrt.dll] [N/A, ]
[C:\windows\System32\mppds.dll] [N/A, ]
[C:\DOCUME~1\feifei\LOCALS~1\Temp\pxdnd.dll] [N/A, ]
[PID: 2680][C:\DOCUME~1\feifei\LOCALS~1\Temp\Rar$EX00.313\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]
[C:\Program Files\Internet Explorer\PLUGINS\System64.sys] [N/A, ]

[C:\windows\System32\cmdbcs.dll] [N/A, ]
[C:\windows\System32\mscrt.dll] [N/A, ]
[C:\windows\System32\mppds.dll] [N/A, ]
[C:\DOCUME~1\feifei\LOCALS~1\Temp\pxdnd.dll] [N/A, ]

==========================================================================
用冰刃删除文件：
依次删除如下:
C:\Program Files\Internet Explorer\PLUGINS\System64.sys
C:\windows\System32\cmdbcs.dll
C:\windows\System32\mscrt.dll
C:\windows\System32\mppds.dll
C:\DOCUME~1\feifei\LOCALS~1\Temp\pxdnd.dll
C:\windows\SysSun2\svchost.exe
C:\windows\Syswm7\svchost.exe
C:\windows\System32\systemm.exe

=========================================================================
在删除所对应的文件之后清理注册表；运行-regedit-我的电脑-编辑-查找-依次输入
System64.sys、cmdbcs.dll、mscrt.dll、mppds.dll、pxdnd.dll、systemm.exe

LYLoader.exe（用winrar搜索该关键字，找到所有相关的都删掉）

按F3继续，直到搜索完毕，凡查找到的一律删除！
重启计算机。

瑞星卡卡安全论坛