瑞星卡卡安全论坛

病毒用瑞星杀掉之后重启电脑还有。
请大家给个通俗易懂的解决方案，谢谢！
[CODE]

2007-06-10,20:11:49

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional RC 1.1 (Build 2195) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <Internat.exe><internat.exe>  [(Verified)Microsoft Windows 2000 Publisher]
    <svc><D:\DOCUME~1\dd\LOCALS~1\Temp\expseny.exe>  [N/A]
    <jwx078wu6wk3m7><D:\DOCUME~1\dd\LOCALS~1\Temp\iexplorer.exe>  [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <Synchronization Manager><mobsync.exe /logon>  [(Verified)Microsoft Windows 2000 Publisher]
    <SoundMan><SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]
    <NvCplDaemon><RUNDLL32.EXE NvQTwk,NvCplDaemon initialize>  [N/A]
    <RavTask><"D:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <CnsM.dll><Rundll32.exe D:\PROGRA~1\3721\CnsM.dll,Rundll32>  [N/A]
    <YLive.exe><D:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe>  [(Verified)"beijing yahoo consulting and service co., ltd."]
    <TkBellExe><"D:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <wosa><D:\DOCUME~1\dd\LOCALS~1\Temp\woso.exe>  [N/A]
    <rxsa><D:\DOCUME~1\dd\LOCALS~1\Temp\rxso.exe>  [N/A]
    <wdsa><D:\DOCUME~1\dd\LOCALS~1\Temp\wdso.exe>  [N/A]
    <tlsa><D:\DOCUME~1\dd\LOCALS~1\Temp\tlso.exe>  [N/A]
    <dasa><D:\DOCUME~1\dd\LOCALS~1\Temp\daso.exe>  [N/A]
    <runeip><D:\Program Files\Rising\AntiSpyware\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
    <Local Security Authority Service><D:\WINNT\System32\lssas.exe>  [N/A]
    <Advanced DHTML Enable><D:\WINNT\System32\vvbb.exe>  [N/A]
    <RfwMain><"D:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <mhsa><D:\DOCUME~1\dd\LOCALS~1\Temp\mhso.exe>  []
    <fysa><D:\DOCUME~1\dd\LOCALS~1\Temp\fyso.exe>  [N/A]
    <jtsa><D:\DOCUME~1\dd\LOCALS~1\Temp\jtso.exe>  [N/A]
    <wlsa><D:\DOCUME~1\dd\LOCALS~1\Temp\wlso.exe>  [N/A]
    <wgsa><D:\DOCUME~1\dd\LOCALS~1\Temp\wgso.exe>  [N/A]
    <wmsa><D:\DOCUME~1\dd\LOCALS~1\Temp\wmso.exe>  [N/A]
    <qjsa><D:\DOCUME~1\dd\LOCALS~1\Temp\qjso.exe>  [N/A]
    <cmdbcs><D:\WINNT\cmdbcs.exe>  []
    <msccrt><D:\WINNT\msccrt.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <MSDEG32><LYLoader.exe>  [N/A]
    <MSDWG32><LYLoadbr.exe>  [N/A]
    <MSDCG32    ><LYLeador.exe>  [N/A]
    <MSDOG32><LYLoador.exe>  [N/A]
    <MSDSG32><LYLoadar.exe>  [N/A]
    <MSDMG32><LYLoadmr.exe>  []
    <MSDHG32><LYLoadhr.exe>  [N/A]
    <MSDQG32><LYLoadqr.exe>  [N/A]
    <visin><D:\WINNT\System32\visin.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows 2000 Publisher]
    <Userinit><D:\WINNT\system32\userinit.exe,>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><D:\WINNT\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
    <?{D157330A-9EF3-49F8-9A67-4141AC41ADD4}><>  [N/A]
    <?{0CD68AC9-FF63-3E61-626B-B663E62F6236}><>  [N/A]
    <{A6011F8F-A7F8-49AA-9ADA-49127D43138F}><D:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.bmt>  []
    <{1496D5ED-7A09-46D0-8C92-B8E71A4304DF}><D:\WINNT\System32\msacn.dll>  []
    <{754FB7D8-B8FE-4810-B363-A788CD060F1F}><D:\Program Files\Internet Explorer\PLUGINS\System64.Sys>  []
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><D:\WINNT\System32\ssmarque.scr>  [(Verified)Microsoft Windows 2000 Publisher]

==================================
启动文件夹
[腾讯QQ]
  <D:\Documents and Settings\dd\「开始」菜单\程序\启动\腾讯QQ.lnk --> D:\PROGRA~1\Tencent\QQ\QQ.exe [TENCENT]><N>

==================================
服务
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
  <D:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Win32 Debug Service / MSDebugsvc][Stopped/Auto Start]
  <D:\WINNT\System32\rundll32.exe msdebug.dll,input><Microsoft Corporation>
[NVIDIA Driver Helper Service / NVSvc][Stopped/Auto Start]
  <D:\WINNT\System32\nvsvc32.exe><N/A>
[P4P Service / P4P Service][Running/Auto Start]
  <D:\Program Files\Common Files\Sogou PXP\p2psvr.exe><Sohu.com Inc.>
[Remote Debug Service / RemoteDbg][Stopped/Auto Start]
  <D:\WINNT\System32\rundll32.exe RemoteDbg.dll,input><Microsoft Corporation>
[Rising Proxy  Service / RfwProxySrv][Stopped/Manual Start]
  <d:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
  <d:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"D:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"D:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Network DDC / Windowsdate][Stopped/Auto Start]
  <D:\WINNT\System32\servex.exe><N/A>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
  <D:\WINNT\System32\svchost.exe -k netsvcs-->D:\WINNT\System32\mspmsnsv.dll><Microsoft Corporation>
[Wireless Service / WZCSRVC][Stopped/Auto Start]
  <D:\WINNT\System32\rundll32.exe netsrvcs.dll,input><Microsoft Corporation>
[Windows DHCP Service / WinDHCPsvc][Stopped/Auto Start]
  <D:\WINNT\System32\rundll32.exe windhcp.ocx,input><Microsoft Corporation>

==================================
驱动程序
[Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]
  <system32\drivers\ALCXSENS.SYS><Sensaura Ltd>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[dmboot / dmboot][Stopped/Disabled]
  <System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\D:\PROGRAM FILES\RISING\RAV\ExpScan.sys><>
[GMSIPCI / GMSIPCI][Stopped/Manual Start]
  <\??\H:\INSTALL\GMSIPCI.SYS><N/A>
[HookCont / HookCont][Running/Auto Start]
  <\??\D:\PROGRAM FILES\RISING\RAV\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\D:\PROGRAM FILES\RISING\RAV\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\D:\PROGRAM FILES\RISING\RAV\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\D:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\D:\PROGRAM FILES\RISING\RAV\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs][Running/Auto Start]
  <\??\d:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
  <system32\drivers\npf.sys><CACE Technologies>
[NTACCESS / NTACCESS][Stopped/Manual Start]
  <\??\H:\NTACCESS.sys><N/A>
[nv / nv][Running/Manual Start]
  <System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[ohocrbl / ohocrbl][Running/Boot Start]
  <\SystemRoot\\SystemRoot\System32\drivers\ohocrbl.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[WAN 微型端口 (PPP over Ethernet 协议) / RMSPPPOE][Running/Manual Start]
  <System32\DRIVERS\RMSPPPOE.SYS><Robert Schlabbach>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\System32\drivers\RsBoot.sys><Beijing Rising>
[RsFwDrv / RsFwDrv][Running/Auto Start]
  <\??\D:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\System32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\D:\PROGRAM FILES\RISING\RAV\RSPPSYS.sys><Rising>
[Realtek RTL8139/810x Family Fast Etnernet NIC NT Driver / rtl8139][Running/Manual Start]
  <System32\DRIVERS\R8139n5.SYS><Realtek Semiconductor Corporation>
[SetupNTGLM7X / SetupNTGLM7X][Stopped/Manual Start]
  <\??\H:\NTGLM7X.sys><N/A>
[tzlhwfqg / tzlhwfqg][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\tzlhwfqg.sys><Yahoo! China Corporation>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <System32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[yaskp / yaskp][Running/Boot Start]
  <\SystemRoot\System32\drivers\yaskp.sys><Copyright (C) yahoo Corporation.>
[VIMICRO USB PC Camera / ZSMC301b][Running/Manual Start]
  <System32\Drivers\usbVM31b.sys><VM>

==================================

浏览器加载项
[QQCycloneHelper Class]
  {00000000-12C9-4305-82F9-43058F20E8D2} <D:\Program Files\Tencent\QQDownload\QQIEHelper01.dll, 腾讯公司>
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55} <D:\WINNT\System32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[Yahoo!Photo]
  {33BBE430-0E42-4f12-B075-8D21ACB10DCB} <D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll, Yahoo! China>
[AntiFish Class]
  {38928D50-8A48-44C2-945F-D2F23F771410} <D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll, yahoo! china>
[DragSearch BHO]
  {62EED7C6-9F02-42f9-B634-98E2899E147B} <D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, yahoo! china>
[assist]
  {FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} <D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yassist.dll, Yahoo! China>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[@msdxmLC.dll,-1@2052,电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <D:\WINNT\System32\msdxm.ocx, Microsoft Corporation>
[雅虎助手]
  {406F94F0-504F-4A40-8DFD-58B0666ABEBD} <D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, yahoo! china>
[Tencent Safety Online Base Module]
  {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <D:\WINNT\DOWNLO~1\TSOBase.ocx, Tencent Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <D:\WINNT\System32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[&使用超级旋风下载]
  <D:\Program Files\Tencent\QQDownload\geturl.htm, N/A>
[添加到QQ表情]
  <D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[雅虎搜索]
  <res://D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/203, N/A>

==================================
正在运行的进程
[PID: 136][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.00.2170.1]
[PID: 172][\??\D:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.00.2137.1]
[PID: 168][\??\D:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.00.2195.1408]
    [D:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2147.1]
    [D:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
    [D:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 220][D:\WINNT\system32\services.exe]  [Microsoft Corporation, 5.00.2195.2103]
    [D:\WINNT\system32\dmserver.dll]  [VERITAS Software Corp., 2191.1.296.2]
[PID: 1072][D:\WINNT\Explorer.EXE]  [Microsoft Corporation, 5.00.2920.0000]
    [D:\WINNT\System32\msdebug.dll]  [N/A, ]
    [D:\WINNT\System32\RemoteDbg.dll]  [N/A, ]
    [D:\WINNT\System32\netsrvcs.dll]  [N/A, ]
    [D:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.bmt]  [N/A, ]
    [D:\Program Files\Internet Explorer\PLUGINS\System64.Sys]  [N/A, ]
    [D:\WINNT\System32\msport.dll]  [N/A, ]
    [D:\WINNT\System32\wscsv.dll]  [N/A, ]
    [D:\WINNT\System32\fksdy.dll]  [N/A, ]
    [D:\WINNT\System32\wgptl.dll]  [N/A, ]
    [D:\WINNT\System32\wtrmm.dll]  [N/A, ]
    [D:\WINNT\System32\hreax.dll]  [N/A, ]
    [D:\WINNT\System32\wfdrd.dll]  [N/A, ]
    [D:\WINNT\System32\zkjjx.dll]  [N/A, ]
    [D:\WINNT\System32\dh103.dll]  [N/A, ]
    [D:\WINNT\System32\wdmaud.drv]  [Microsoft Corporation, 5.00.2147.1]
    [D:\WINNT\System32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
    [D:\WINNT\System32\SHQMANGR.DLL]  [N/A, ]
    [D:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [D:\DOCUME~1\dd\LOCALS~1\Temp\mhso0.dll]  [N/A, ]
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 0, 5, 1023]
    [D:\WINNT\System32\cjcrli.dll]  [N/A, ]
    [D:\DOCUME~1\dd\LOCALS~1\Temp\zxzo0.dll]  [N/A, ]
    [D:\WINNT\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [D:\WINNT\System32\msacn.dll]  [N/A, ]
    [D:\PROGRA~1\Yahoo!\ASSIST~1\yalive.dll]  [yahoo! china, 3, 7, 0, 1126]
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]  [Yahoo! China, 3, 0, 2, 1011]
    [D:\WINNT\System32\xunleibho_v14.dll]  [Thunder Networking Technologies,LTD, 4, 6, 0, 62]
    [D:\WINNT\System32\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
    [D:\WINNT\System32\msadp32.acm]  [Microsoft Corporation, 5.00.2134.1]
    [D:\WINNT\System32\mh104.dll]  [N/A, ]
    [D:\WINNT\System32\cmdbcs.dll]  [N/A, ]
    [D:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\ywiper.dll]  [Yahoo! China, 3, 0, 5, 1009]
    [D:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 1112][d:\program files\rising\rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 72]
    [D:\WINNT\system32\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
    [d:\program files\rising\rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
    [D:\WINNT\System32\msdebug.dll]  [N/A, ]
    [D:\WINNT\System32\RemoteDbg.dll]  [N/A, ]
    [D:\WINNT\System32\netsrvcs.dll]  [N/A, ]
    [d:\program files\rising\rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [d:\program files\rising\rfw\RfwCtrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [d:\program files\rising\rfw\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [d:\program files\rising\rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [D:\Program Files\Internet Explorer\PLUGINS\System64.Sys]  [N/A, ]
    [D:\WINNT\System32\zkjjx.dll]  [N/A, ]
    [D:\WINNT\System32\wfdrd.dll]  [N/A, ]
    [D:\WINNT\System32\hreax.dll]  [N/A, ]
    [D:\WINNT\System32\wtrmm.dll]  [N/A, ]
    [D:\WINNT\System32\wgptl.dll]  [N/A, ]
    [D:\WINNT\System32\fksdy.dll]  [N/A, ]
    [D:\WINNT\System32\msport.dll]  [N/A, ]
    [D:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [D:\WINNT\System32\cjcrli.dll]  [N/A, ]
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 0, 5, 1023]
    [D:\WINNT\System32\cmdbcs.dll]  [N/A, ]
    [D:\DOCUME~1\dd\LOCALS~1\Temp\zxzo0.dll]  [N/A, ]
    [D:\DOCUME~1\dd\LOCALS~1\Temp\mhso0.dll]  [N/A, ]
[PID: 1232][D:\WINNT\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5.1.10]
    [D:\WINNT\System32\msdebug.dll]  [N/A, ]
    [D:\WINNT\System32\RemoteDbg.dll]  [N/A, ]
    [D:\WINNT\System32\netsrvcs.dll]  [N/A, ]
    [D:\Program Files\Internet Explorer\PLUGINS\System64.Sys]  [N/A, ]
    [D:\WINNT\System32\cjcrli.dll]  [N/A, ]
    [D:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [D:\WINNT\System32\zkjjx.dll]  [N/A, ]
    [D:\WINNT\System32\wfdrd.dll]  [N/A, ]
    [D:\WINNT\System32\hreax.dll]  [N/A, ]
    [D:\WINNT\System32\wtrmm.dll]  [N/A, ]
    [D:\WINNT\System32\wgptl.dll]  [N/A, ]
    [D:\WINNT\System32\fksdy.dll]  [N/A, ]
    [D:\WINNT\System32\msport.dll]  [N/A, ]

加我Qq 通过悄悄话发给你了 帮你弄

[PID: 1256][D:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [D:\WINNT\System32\msdebug.dll]  [N/A, ]
    [D:\WINNT\System32\RemoteDbg.dll]  [N/A, ]
    [D:\WINNT\System32\netsrvcs.dll]  [N/A, ]
    [D:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [D:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [D:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [D:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [D:\Program Files\Internet Explorer\PLUGINS\System64.Sys]  [N/A, ]
    [D:\WINNT\System32\zkjjx.dll]  [N/A, ]
    [D:\WINNT\System32\wfdrd.dll]  [N/A, ]
    [D:\WINNT\System32\hreax.dll]  [N/A, ]
    [D:\WINNT\System32\wtrmm.dll]  [N/A, ]
    [D:\WINNT\System32\wgptl.dll]  [N/A, ]
    [D:\WINNT\System32\fksdy.dll]  [N/A, ]
    [D:\WINNT\System32\msport.dll]  [N/A, ]
    [D:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [D:\WINNT\System32\cjcrli.dll]  [N/A, ]
[PID: 1272][D:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe]  [Yahoo! China, 3, 2, 2, 1028]
    [D:\WINNT\System32\msdebug.dll]  [N/A, ]
    [D:\WINNT\System32\RemoteDbg.dll]  [N/A, ]
    [D:\WINNT\System32\netsrvcs.dll]  [N/A, ]
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 0, 5, 1023]
    [D:\Program Files\Internet Explorer\PLUGINS\System64.Sys]  [N/A, ]
    [D:\PROGRA~1\Yahoo!\ASSIST~1\yalive.dll]  [yahoo! china, 3, 7, 0, 1126]
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]  [Yahoo! China, 3, 0, 2, 1011]
    [D:\WINNT\System32\cjcrli.dll]  [N/A, ]
    [D:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [D:\WINNT\System32\zkjjx.dll]  [N/A, ]
    [D:\WINNT\System32\wfdrd.dll]  [N/A, ]
    [D:\WINNT\System32\hreax.dll]  [N/A, ]
    [D:\WINNT\System32\wtrmm.dll]  [N/A, ]
    [D:\WINNT\System32\wgptl.dll]  [N/A, ]
    [D:\WINNT\System32\fksdy.dll]  [N/A, ]
    [D:\WINNT\System32\msport.dll]  [N/A, ]
    [D:\PROGRA~1\Yahoo!\ASSIST~1\ynotifier.dll]  [yahoo! china, 3, 0, 2, 1002]
[PID: 1304][D:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3018]
    [D:\WINNT\System32\msdebug.dll]  [N/A, ]
    [D:\WINNT\System32\RemoteDbg.dll]  [N/A, ]
    [D:\WINNT\System32\netsrvcs.dll]  [N/A, ]
    [D:\Program Files\Internet Explorer\PLUGINS\System64.Sys]  [N/A, ]
    [D:\WINNT\System32\cjcrli.dll]  [N/A, ]
    [D:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [D:\WINNT\System32\zkjjx.dll]  [N/A, ]
    [D:\WINNT\System32\wfdrd.dll]  [N/A, ]
    [D:\WINNT\System32\hreax.dll]  [N/A, ]
    [D:\WINNT\System32\wtrmm.dll]  [N/A, ]
    [D:\WINNT\System32\wgptl.dll]  [N/A, ]
    [D:\WINNT\System32\fksdy.dll]  [N/A, ]
    [D:\WINNT\System32\msport.dll]  [N/A, ]
[PID: 1456][D:\WINNT\System32\internat.exe]  [Microsoft Corporation, 5.00.2920.0000]
    [D:\WINNT\System32\msdebug.dll]  [N/A, ]
    [D:\WINNT\System32\RemoteDbg.dll]  [N/A, ]
    [D:\WINNT\System32\netsrvcs.dll]  [N/A, ]
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 0, 5, 1023]
    [D:\Program Files\Internet Explorer\PLUGINS\System64.Sys]  [N/A, ]
    [D:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [D:\WINNT\System32\cjcrli.dll]  [N/A, ]
    [D:\WINNT\System32\zkjjx.dll]  [N/A, ]
    [D:\WINNT\System32\wfdrd.dll]  [N/A, ]
    [D:\WINNT\System32\hreax.dll]  [N/A, ]
    [D:\WINNT\System32\wtrmm.dll]  [N/A, ]
    [D:\WINNT\System32\wgptl.dll]  [N/A, ]
    [D:\WINNT\System32\fksdy.dll]  [N/A, ]
    [D:\WINNT\System32\msport.dll]  [N/A, ]
[PID: 1336][D:\Program Files\Tencent\QQ\TIMPlatform.exe]  [TENCENT, 7,0,225,1651]
    [D:\WINNT\System32\msdebug.dll]  [N/A, ]
    [D:\WINNT\System32\RemoteDbg.dll]  [N/A, ]
    [D:\WINNT\System32\netsrvcs.dll]  [N/A, ]
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 0, 5, 1023]
    [D:\Program Files\Internet Explorer\PLUGINS\System64.Sys]  [N/A, ]
    [D:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [D:\WINNT\System32\cjcrli.dll]  [N/A, ]
    [D:\WINNT\System32\zkjjx.dll]  [N/A, ]
    [D:\WINNT\System32\wfdrd.dll]  [N/A, ]
    [D:\WINNT\System32\hreax.dll]  [N/A, ]
    [D:\WINNT\System32\wtrmm.dll]  [N/A, ]
    [D:\WINNT\System32\wgptl.dll]  [N/A, ]
    [D:\WINNT\System32\fksdy.dll]  [N/A, ]
    [D:\WINNT\System32\msport.dll]  [N/A, ]
    [D:\Program Files\Tencent\QQ\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
[PID: 1532][D:\Program Files\Rising\AntiSpyware\runiep.exe]  [Beijing Rising Technology Co., Ltd., 1, 0, 1, 6]
    [D:\WINNT\System32\msdebug.dll]  [N/A, ]
    [D:\WINNT\System32\RemoteDbg.dll]  [N/A, ]
    [D:\WINNT\System32\netsrvcs.dll]  [N/A, ]
    [D:\Program Files\Rising\AntiSpyware\iep_ctrl.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
    [D:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 0, 5, 1023]
    [D:\Program Files\Internet Explorer\PLUGINS\System64.Sys]  [N/A, ]
    [D:\WINNT\System32\cjcrli.dll]  [N/A, ]
    [D:\WINNT\System32\zkjjx.dll]  [N/A, ]
    [D:\WINNT\System32\wfdrd.dll]  [N/A, ]
    [D:\WINNT\System32\hreax.dll]  [N/A, ]
    [D:\WINNT\System32\wtrmm.dll]  [N/A, ]
    [D:\WINNT\System32\wgptl.dll]  [N/A, ]
    [D:\WINNT\System32\fksdy.dll]  [N/A, ]
    [D:\WINNT\System32\msport.dll]  [N/A, ]
[PID: 1352][D:\Program Files\Rising\Rav\RavMon.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 45]
    [D:\Program Files\Rising\Rav\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
    [D:\WINNT\System32\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
    [D:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [D:\WINNT\System32\msdebug.dll]  [N/A, ]
    [D:\WINNT\System32\RemoteDbg.dll]  [N/A, ]
    [D:\WINNT\System32\windhcp.ocx]  [N/A, ]
    [D:\WINNT\System32\netsrvcs.dll]  [N/A, ]
    [D:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [D:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [D:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [D:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [D:\Program Files\Rising\Rav\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [D:\Program Files\Rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 0, 5, 1023]
    [D:\Program Files\Internet Explorer\PLUGINS\System64.Sys]  [N/A, ]
    [D:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [D:\WINNT\System32\cjcrli.dll]  [N/A, ]
    [D:\WINNT\System32\zkjjx.dll]  [N/A, ]
    [D:\WINNT\System32\wfdrd.dll]  [N/A, ]
    [D:\WINNT\System32\hreax.dll]  [N/A, ]
    [D:\WINNT\System32\wtrmm.dll]  [N/A, ]
    [D:\WINNT\System32\wgptl.dll]  [N/A, ]
    [D:\WINNT\System32\fksdy.dll]  [N/A, ]
    [D:\WINNT\System32\msport.dll]  [N/A, ]
    [D:\WINNT\System32\cmdbcs.dll]  [N/A, ]
    [D:\DOCUME~1\dd\LOCALS~1\Temp\zxzo0.dll]  [N/A, ]
    [D:\DOCUME~1\dd\LOCALS~1\Temp\mhso0.dll]  [N/A, ]
[PID: 1788][D:\Documents and Settings\dd\桌面\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [D:\WINNT\System32\msdebug.dll]  [N/A, ]
    [D:\WINNT\System32\RemoteDbg.dll]  [N/A, ]
    [D:\WINNT\System32\windhcp.ocx]  [N/A, ]
    [D:\WINNT\System32\netsrvcs.dll]  [N/A, ]
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 0, 5, 1023]
    [D:\Program Files\Internet Explorer\PLUGINS\System64.Sys]  [N/A, ]
    [D:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [D:\WINNT\System32\cjcrli.dll]  [N/A, ]
    [D:\WINNT\System32\zkjjx.dll]  [N/A, ]
    [D:\WINNT\System32\wfdrd.dll]  [N/A, ]
    [D:\WINNT\System32\hreax.dll]  [N/A, ]
    [D:\WINNT\System32\wtrmm.dll]  [N/A, ]
    [D:\WINNT\System32\wgptl.dll]  [N/A, ]
    [D:\WINNT\System32\fksdy.dll]  [N/A, ]
    [D:\WINNT\System32\cmdbcs.dll]  [N/A, ]
    [D:\DOCUME~1\dd\LOCALS~1\Temp\zxzo0.dll]  [N/A, ]
    [D:\DOCUME~1\dd\LOCALS~1\Temp\mhso0.dll]  [N/A, ]
    [D:\WINNT\System32\msport.dll]  [N/A, ]

==================================
文件关联
.TXT  Error. [D:\WINNT\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [D:\WINNT\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
[E:\]
[AutoRun]
open=SysAuto.exe
shellexecute=SysAuto.exe
shell\打开(&O)\command=SysAuto.exe

==================================
HOSTS 文件
N/A

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

加我Qq 463216947 貌似这个病毒最近很流行

太多了。重装系统吧

重装就能彻底解决吗？

E:\SysAuto.exe这个必须删除 重装以后 否则病毒会卷土重来 并且不能双击和右键打开e盘 从winrar进入

非也，对待美女就要手把手教他杀毒，一下重装好了怎么要得

貌是现在winrar也被病毒盯上了，打开后直接关闭

E:\SysAuto.exe这个不是系统文件吗？删了不会有危险吗？

是病毒！！

如果你能找到那个文件请发给我 谢谢 newcenturymoon1986@yahoo.com.cn
压缩加密123

这个文件上传不到我的邮箱里，说是附件不能是.exe文件

<svc><D:\DOCUME~1\dd\LOCALS~1\Temp\expseny.exe> [N/A]
<jwx078wu6wk3m7><D:\DOCUME~1\dd\LOCALS~1\Temp\iexplorer.exe> [N/A]
<wosa><D:\DOCUME~1\dd\LOCALS~1\Temp\woso.exe> [N/A]
<rxsa><D:\DOCUME~1\dd\LOCALS~1\Temp\rxso.exe> [N/A]
<wdsa><D:\DOCUME~1\dd\LOCALS~1\Temp\wdso.exe> [N/A]
<tlsa><D:\DOCUME~1\dd\LOCALS~1\Temp\tlso.exe> [N/A]
<dasa><D:\DOCUME~1\dd\LOCALS~1\Temp\daso.exe> [N/A]
]<Local Security Authority Service><D:\WINNT\System32\lssas.exe> [N/A]
<Advanced DHTML Enable><D:\WINNT\System32\vvbb.exe> [N/A]
<mhsa><D:\DOCUME~1\dd\LOCALS~1\Temp\mhso.exe> []
<fysa><D:\DOCUME~1\dd\LOCALS~1\Temp\fyso.exe> [N/A]
<jtsa><D:\DOCUME~1\dd\LOCALS~1\Temp\jtso.exe> [N/A]
<wlsa><D:\DOCUME~1\dd\LOCALS~1\Temp\wlso.exe> [N/A]
<wgsa><D:\DOCUME~1\dd\LOCALS~1\Temp\wgso.exe> [N/A]
<wmsa><D:\DOCUME~1\dd\LOCALS~1\Temp\wmso.exe> [N/A]
<qjsa><D:\DOCUME~1\dd\LOCALS~1\Temp\qjso.exe> [N/A]
<cmdbcs><D:\WINNT\cmdbcs.exe> []
<msccrt><D:\WINNT\msccrt.exe> []
<MSDEG32><LYLoader.exe> [N/A]
<MSDWG32><LYLoadbr.exe> [N/A]
<MSDCG32 ><LYLeador.exe> [N/A]
<MSDOG32><LYLoador.exe> [N/A]
<MSDSG32><LYLoadar.exe> [N/A]
<MSDMG32><LYLoadmr.exe> []
<MSDHG32><LYLoadhr.exe> [N/A]
<MSDQG32><LYLoadqr.exe> [N/A]
<visin><D:\WINNT\System32\visin.exe> [Microsoft Corporation]
<?{D157330A-9EF3-49F8-9A67-4141AC41ADD4}><> [N/A]
<?{0CD68AC9-FF63-3E61-626B-B663E62F6236}><> [N/A]
<{A6011F8F-A7F8-49AA-9ADA-49127D43138F}><D:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.bmt> []
<{1496D5ED-7A09-46D0-8C92-B8E71A4304DF}><D:\WINNT\System32\msacn.dll> []
<{754FB7D8-B8FE-4810-B363-A788CD060F1F}><D:\Program Files\Internet Explorer\PLUGINS\System64.Sys> []


[Network DDC / Windowsdate][Stopped/Auto Start]
<D:\WINNT\System32\servex.exe><N/A>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
<D:\WINNT\System32\svchost.exe -k netsvcs-->D:\WINNT\System32\mspmsnsv.dll><Microsoft Corporation>
[Wireless Service / WZCSRVC][Stopped/Auto Start]
<D:\WINNT\System32\rundll32.exe netsrvcs.dll,input><Microsoft Corporation>
[Windows DHCP Service / WinDHCPsvc][Stopped/Auto Start]
<D:\WINNT\System32\rundll32.exe windhcp.ocx,input><Microsoft Corporation>
[Remote Debug Service / RemoteDbg][Stopped/Auto Start]
<D:\WINNT\System32\rundll32.exe RemoteDbg.dll,input><Microsoft Corporation>
[Win32 Debug Service / MSDebugsvc][Stopped/Auto Start]
<D:\WINNT\System32\rundll32.exe msdebug.dll,input><Microsoft Corporation>


[D:\WINNT\System32\msport.dll] [N/A, ]
[D:\WINNT\System32\wscsv.dll] [N/A, ]
[D:\WINNT\System32\fksdy.dll] [N/A, ]
[D:\WINNT\System32\wgptl.dll] [N/A, ]
[D:\WINNT\System32\wtrmm.dll] [N/A, ]
[D:\WINNT\System32\hreax.dll] [N/A, ]
[D:\WINNT\System32\wfdrd.dll] [N/A, ]
[D:\WINNT\System32\zkjjx.dll] [N/A, ]
[D:\WINNT\System32\dh103.dll] [N/A, ]

这些全是病毒..

引用:

【大大的紫葡萄的贴子】这个文件上传不到我的邮箱里，说是附件不能是.exe文件 ………………

右键 添加到压缩文件

唉，这么多病毒啊，看得头都晕了

发给你的文件是什么东西啊？

病毒丫

不是什么后门之类的吗？通过那个可以访问我电脑里的文件

应该是木马下载器 也就是通过他给你下载一堆木马和后门 要不怎么你的qq老被盗呢？

删了就行了吗？

你那个病毒的截图
等等  我测试

附件: 5543452007610220721.jpg

瑞星为什么杀不来呢？

最新版的可以查出来

003D7D8C  push    003D7E50                          /start
003D7D91  push    003D7E60                          qquin:
003D7D99  push    003D7E70                          pwdhash:
003D7DAC  push    003D7E84                          qqpwd:
003D7DBE  mov    ecx, 003D7E94                      /stat:10
003D7DC3  mov    edx, 003D7EA8                      /stat:40
003D7EE2  mov    edx, 003D7F20                    登录
003D7F5B  mov    edx, 003D800C                    edit
003D7F95  mov    edx, 003D8018                    qqet
003D8055  mov    edx, 003D80AC                    edit
003D810C  mov    edx, 003D8170                    edit
003D8218  mov    edx, 003D82EC                    edit
003D8261  mov    edx, 003D82FC                    服务器拒绝

呵呵 那是个盗QQ号的木马
你开始登陆qq时候会提示密码不正确 此后 再次登陆你的qq号就被盗咯

[CODE]

2007-06-10,22:30:57

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional RC 1.1 (Build 2195) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <Internat.exe><internat.exe>  [(Verified)Microsoft Windows 2000 Publisher]
    <svc><D:\DOCUME~1\dd\LOCALS~1\Temp\expseny.exe>  [N/A]
    <jwx078wu6wk3m7><D:\DOCUME~1\dd\LOCALS~1\Temp\iexplorer.exe>  [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <Synchronization Manager><mobsync.exe /logon>  [(Verified)Microsoft Windows 2000 Publisher]
    <SoundMan><SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]
    <NvCplDaemon><RUNDLL32.EXE NvQTwk,NvCplDaemon initialize>  [N/A]
    <RavTask><"D:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <CnsM.dll><Rundll32.exe D:\PROGRA~1\3721\CnsM.dll,Rundll32>  [N/A]
    <YLive.exe><D:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe>  [(Verified)"beijing yahoo consulting and service co., ltd."]
    <TkBellExe><"D:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <wosa><D:\DOCUME~1\dd\LOCALS~1\Temp\woso.exe>  [N/A]
    <rxsa><D:\DOCUME~1\dd\LOCALS~1\Temp\rxso.exe>  [N/A]
    <wdsa><D:\DOCUME~1\dd\LOCALS~1\Temp\wdso.exe>  [N/A]
    <tlsa><D:\DOCUME~1\dd\LOCALS~1\Temp\tlso.exe>  [N/A]
    <dasa><D:\DOCUME~1\dd\LOCALS~1\Temp\daso.exe>  [N/A]
    <runeip><D:\Program Files\Rising\AntiSpyware\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
    <Local Security Authority Service><D:\WINNT\System32\lssas.exe>  [N/A]
    <Advanced DHTML Enable><D:\WINNT\System32\vvbb.exe>  [N/A]
    <RfwMain><"D:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <fysa><D:\DOCUME~1\dd\LOCALS~1\Temp\fyso.exe>  [N/A]
    <jtsa><D:\DOCUME~1\dd\LOCALS~1\Temp\jtso.exe>  [N/A]
    <wlsa><D:\DOCUME~1\dd\LOCALS~1\Temp\wlso.exe>  [N/A]
    <wgsa><D:\DOCUME~1\dd\LOCALS~1\Temp\wgso.exe>  [N/A]
    <wmsa><D:\DOCUME~1\dd\LOCALS~1\Temp\wmso.exe>  [N/A]
    <qjsa><D:\DOCUME~1\dd\LOCALS~1\Temp\qjso.exe>  [N/A]
    <msccrt><D:\WINNT\msccrt.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <MSDEG32><LYLoader.exe>  [N/A]
    <MSDWG32><LYLoadbr.exe>  [N/A]
    <MSDCG32    ><LYLeador.exe>  [N/A]
    <MSDOG32><LYLoador.exe>  [N/A]
    <MSDSG32><LYLoadar.exe>  [N/A]
    <MSDHG32><LYLoadhr.exe>  [N/A]
    <MSDQG32><LYLoadqr.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows 2000 Publisher]
    <Userinit><D:\WINNT\system32\userinit.exe,>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><D:\WINNT\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
    <?{D157330A-9EF3-49F8-9A67-4141AC41ADD4}><>  [N/A]
    <?{0CD68AC9-FF63-3E61-626B-B663E62F6236}><>  [N/A]
    <{A6011F8F-A7F8-49AA-9ADA-49127D43138F}><D:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.bmt>  []
    <{1496D5ED-7A09-46D0-8C92-B8E71A4304DF}><D:\WINNT\System32\msacn.dll>  [N/A]
    <{754FB7D8-B8FE-4810-B363-A788CD060F1F}><D:\Program Files\Internet Explorer\PLUGINS\System64.Sys>  [N/A]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><D:\WINNT\System32\ssmarque.scr>  [(Verified)Microsoft Windows 2000 Publisher]

==================================
启动文件夹
[腾讯QQ]
  <D:\Documents and Settings\dd\「开始」菜单\程序\启动\腾讯QQ.lnk --> D:\PROGRA~1\Tencent\QQ\QQ.exe [TENCENT]><N>

==================================
服务
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
  <D:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Win32 Debug Service / MSDebugsvc][Stopped/Auto Start]
  <D:\WINNT\System32\rundll32.exe msdebug.dll,input><Microsoft Corporation>
[NVIDIA Driver Helper Service / NVSvc][Stopped/Auto Start]
  <D:\WINNT\System32\nvsvc32.exe><N/A>
[P4P Service / P4P Service][Running/Auto Start]
  <D:\Program Files\Common Files\Sogou PXP\p2psvr.exe><Sohu.com Inc.>
[Remote Debug Service / RemoteDbg][Stopped/Auto Start]
  <D:\WINNT\System32\rundll32.exe RemoteDbg.dll,input><Microsoft Corporation>
[Rising Proxy  Service / RfwProxySrv][Stopped/Manual Start]
  <d:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
  <d:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"D:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"D:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Windows DHCP Service / WinDHCPsvc][Stopped/Auto Start]
  <D:\WINNT\System32\rundll32.exe windhcp.ocx,input><Microsoft Corporation>
[Network DDC / Windowsdate][Stopped/Auto Start]
  <D:\WINNT\System32\servex.exe><N/A>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
  <D:\WINNT\System32\svchost.exe -k netsvcs-->D:\WINNT\System32\mspmsnsv.dll><Microsoft Corporation>
[Wireless Service / WZCSRVC][Stopped/Auto Start]
  <D:\WINNT\System32\rundll32.exe netsrvcs.dll,input><Microsoft Corporation>

==================================

驱动程序
[Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]
  <system32\drivers\ALCXSENS.SYS><Sensaura Ltd>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[dmboot / dmboot][Stopped/Disabled]
  <System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\D:\PROGRAM FILES\RISING\RAV\ExpScan.sys><>
[GMSIPCI / GMSIPCI][Stopped/Manual Start]
  <\??\H:\INSTALL\GMSIPCI.SYS><N/A>
[HookCont / HookCont][Running/Auto Start]
  <\??\D:\PROGRAM FILES\RISING\RAV\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\D:\PROGRAM FILES\RISING\RAV\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\D:\PROGRAM FILES\RISING\RAV\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\D:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\D:\PROGRAM FILES\RISING\RAV\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs][Running/Auto Start]
  <\??\d:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
  <system32\drivers\npf.sys><CACE Technologies>
[NTACCESS / NTACCESS][Stopped/Manual Start]
  <\??\H:\NTACCESS.sys><N/A>
[nv / nv][Running/Manual Start]
  <System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[ohocrbl / ohocrbl][Running/Boot Start]
  <\SystemRoot\\SystemRoot\System32\drivers\ohocrbl.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[WAN 微型端口 (PPP over Ethernet 协议) / RMSPPPOE][Running/Manual Start]
  <System32\DRIVERS\RMSPPPOE.SYS><Robert Schlabbach>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\System32\drivers\RsBoot.sys><Beijing Rising>
[RsFwDrv / RsFwDrv][Running/Auto Start]
  <\??\D:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\System32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\D:\PROGRAM FILES\RISING\RAV\RSPPSYS.sys><Rising>
[Realtek RTL8139/810x Family Fast Etnernet NIC NT Driver / rtl8139][Running/Manual Start]
  <System32\DRIVERS\R8139n5.SYS><Realtek Semiconductor Corporation>
[SetupNTGLM7X / SetupNTGLM7X][Stopped/Manual Start]
  <\??\H:\NTGLM7X.sys><N/A>
[tzlhwfqg / tzlhwfqg][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\tzlhwfqg.sys><Yahoo! China Corporation>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <System32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[yaskp / yaskp][Running/Boot Start]
  <\SystemRoot\System32\drivers\yaskp.sys><Copyright (C) yahoo Corporation.>
[VIMICRO USB PC Camera / ZSMC301b][Running/Manual Start]
  <System32\Drivers\usbVM31b.sys><VM>

==================================
浏览器加载项
[QQCycloneHelper Class]
  {00000000-12C9-4305-82F9-43058F20E8D2} <D:\Program Files\Tencent\QQDownload\QQIEHelper01.dll, 腾讯公司>
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55} <D:\WINNT\System32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[Yahoo!Photo]
  {33BBE430-0E42-4f12-B075-8D21ACB10DCB} <D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll, Yahoo! China>
[AntiFish Class]
  {38928D50-8A48-44C2-945F-D2F23F771410} <D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll, yahoo! china>
[DragSearch BHO]
  {62EED7C6-9F02-42f9-B634-98E2899E147B} <D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, yahoo! china>
[assist]
  {FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} <D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yassist.dll, Yahoo! China>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[@msdxmLC.dll,-1@2052,电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <D:\WINNT\System32\msdxm.ocx, Microsoft Corporation>
[雅虎助手]
  {406F94F0-504F-4A40-8DFD-58B0666ABEBD} <D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, yahoo! china>
[Tencent Safety Online Base Module]
  {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <D:\WINNT\DOWNLO~1\TSOBase.ocx, Tencent Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <D:\WINNT\System32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[&使用超级旋风下载]
  <D:\Program Files\Tencent\QQDownload\geturl.htm, N/A>
[添加到QQ表情]
  <D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[雅虎搜索]
  <res://D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/203, N/A>

==================================

正在运行的进程
[PID: 136][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.00.2170.1]
[PID: 172][\??\D:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.00.2137.1]
[PID: 168][\??\D:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.00.2195.1408]
    [D:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2147.1]
    [D:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
[PID: 960][D:\WINNT\Explorer.EXE]  [Microsoft Corporation, 5.00.2920.0000]
    [D:\WINNT\System32\msdebug.dll]  [N/A, ]
    [D:\WINNT\System32\RemoteDbg.dll]  [N/A, ]
    [D:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.bmt]  [N/A, ]
    [D:\WINNT\System32\wdmaud.drv]  [Microsoft Corporation, 5.00.2147.1]
    [D:\WINNT\System32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
    [D:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 0, 5, 1023]
    [D:\WINNT\System32\skyubr.dll]  [N/A, ]
    [D:\WINNT\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [D:\PROGRA~1\Yahoo!\ASSIST~1\yalive.dll]  [yahoo! china, 3, 7, 0, 1126]
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]  [Yahoo! China, 3, 0, 2, 1011]
    [D:\WINNT\System32\xunleibho_v14.dll]  [Thunder Networking Technologies,LTD, 4, 6, 0, 62]
    [D:\WINNT\System32\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll]  [Yahoo! China, 3, 0, 8, 1010]
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL]  [yahoo! china, 3, 0, 6, 1008]
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yassist.dll]  [Yahoo! China, 3, 1, 8, 1023]
[PID: 992][d:\program files\rising\rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 72]
    [D:\WINNT\system32\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
    [d:\program files\rising\rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
    [D:\WINNT\System32\msdebug.dll]  [N/A, ]
    [D:\WINNT\System32\RemoteDbg.dll]  [N/A, ]
    [d:\program files\rising\rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [d:\program files\rising\rfw\RfwCtrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [d:\program files\rising\rfw\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [d:\program files\rising\rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [D:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [D:\WINNT\System32\skyubr.dll]  [N/A, ]
[PID: 1076][D:\WINNT\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5.1.10]
    [D:\WINNT\System32\msdebug.dll]  [N/A, ]
    [D:\WINNT\System32\RemoteDbg.dll]  [N/A, ]
    [D:\WINNT\System32\skyubr.dll]  [N/A, ]
    [D:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1152][D:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe]  [Yahoo! China, 3, 2, 2, 1028]
    [D:\WINNT\System32\msdebug.dll]  [N/A, ]
    [D:\WINNT\System32\RemoteDbg.dll]  [N/A, ]
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 0, 5, 1023]
    [D:\PROGRA~1\Yahoo!\ASSIST~1\yalive.dll]  [yahoo! china, 3, 7, 0, 1126]
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]  [Yahoo! China, 3, 0, 2, 1011]
    [D:\WINNT\System32\skyubr.dll]  [N/A, ]
    [D:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1116][D:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3018]
    [D:\WINNT\System32\msdebug.dll]  [N/A, ]
    [D:\WINNT\System32\RemoteDbg.dll]  [N/A, ]
    [D:\WINNT\System32\skyubr.dll]  [N/A, ]
    [D:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1160][D:\Program Files\Rising\AntiSpyware\runiep.exe]  [Beijing Rising Technology Co., Ltd., 1, 0, 1, 6]
    [D:\WINNT\System32\msdebug.dll]  [N/A, ]
    [D:\WINNT\System32\RemoteDbg.dll]  [N/A, ]
    [D:\Program Files\Rising\AntiSpyware\iep_ctrl.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
    [D:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [D:\WINNT\System32\skyubr.dll]  [N/A, ]
[PID: 1092][D:\WINNT\System32\internat.exe]  [Microsoft Corporation, 5.00.2920.0000]
    [D:\WINNT\System32\msdebug.dll]  [N/A, ]
    [D:\WINNT\System32\RemoteDbg.dll]  [N/A, ]
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 0, 5, 1023]
    [D:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [D:\WINNT\System32\skyubr.dll]  [N/A, ]
[PID: 1408][D:\Documents and Settings\dd\桌面\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [D:\WINNT\System32\msdebug.dll]  [N/A, ]
    [D:\WINNT\System32\RemoteDbg.dll]  [N/A, ]
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 0, 5, 1023]
    [D:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [D:\WINNT\System32\skyubr.dll]  [N/A, ]

==================================
文件关联
.TXT  Error. [D:\WINNT\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [D:\WINNT\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

现在怎么样了？