还是Hack.SuspiciousAni 有诊断【求助】 bbs.ikaka.com

中毒太深11 - 2007-7-19 15:14:00

我的情况基本和你一样~~~不过并不是和那位斑竹说的一样打开任意网页都有~我已经把微软能打的补丁全打了包括MS07-S017的两个版本~补丁打无效重装系统安全杀毒```我甚至还下了个ARP防火墙~下了这个马上打不开卡卡社区和百度知道吧~~不知道是不是ARP被劫持```我也快被折磨疯了```还是搞不定~一中毒就会弹出那个Just.game的那个游戏网址~不知道怎么搞```

附件: 9034242007719150347.txt

中毒太深11 - 2007-7-19 15:17:00

中毒太深11 - 2007-7-19 15:18:00

D:\My Documents\新建文件夹\rslog.htm

中毒太深11 - 2007-7-19 15:20:00

还有

附件: 9034242007719150944.txt

Leoooo - 2007-7-19 15:54:00

日志打不开，重新上传

中毒太深11 - 2007-7-19 15:58:00

~~

附件: 9034242007719154809.txt

中毒太深11 - 2007-7-19 16:01:00

病毒名称处理结果发现日期扫描方式路径文件
Trojan.DL.JS.Agent.liu 跳过脚本 2007-07-18 08:04 网页/脚本监控 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp 248438614728.tmp
Hack.SuspiciousAni 忽略 2007-07-18 08:04 文件监控 C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85GJM5AR ah[1].c
Trojan.VBS.Psyme.f 清除成功 2007-07-18 08:04 文件监控 C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\JVRJP89N vip[1].js
Trojan.DL.JS.Agent.lir 跳过脚本 2007-07-18 08:04 网页/脚本监控 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp 248438614728.tmp
Hack.SuspiciousAni 忽略 2007-07-18 08:05 文件监控 C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85GJM5AR ah[2].c
Hack.SuspiciousAni 删除成功 2007-07-18 08:05 文件监控 C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\85GJM5AR ah[1].c
Hack.SuspiciousAni 忽略 2007-07-19 08:53 文件监控 C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\U741YJ6H ah[1].c
Trojan.DL.JS.Agent.liu 跳过脚本 2007-07-19 08:53 网页/脚本监控 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp 158836714208.tmp
Trojan.VBS.Psyme.f 清除成功 2007-07-19 08:53 文件监控 C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\QL25KNOJ vip[1].js
Trojan.DL.JS.Agent.lir 跳过脚本 2007-07-19 08:53 网页/脚本监控 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp 158836714208.tmp
Hack.SuspiciousAni 重新启动计算机后删除文件2007-07-19 08:53 文件监控 C:\Documents and Settings\Administrator\Local

中毒太深11 - 2007-7-19 16:04:00

瑞星卡卡电脑诊断日志 v1.30 (2007-7-19 9:33:34)

北京瑞星科技股份有限公司

+ 注册表自运行项目 (8)
+ 系统服务(1)
+ HKLM\System\CurrentControlSet\Services(8)
+ NVSvc = NVIDIA Display Driver Service
c:\windows\system32\nvsvc32.exe

+ ose = Office Source Engine
c:\program files\common files\microsoft shared\source engine\ose.exe

+ RfwProxySrv = Rising Proxy Service
c:\program files\rising\rfw\rfwproxy.exe

+ RfwService = Rising Personal Firewall Service
c:\program files\rising\rfw\rfwsrv.exe

+ RsCCenter = Rising Process Communication Center
c:\program files\rising\rav\ccenter.exe

+ RsRavMon = Rising RealTime Monitor
c:\program files\rising\rav\ravmond.exe

+ WMPNetworkSvc = Windows Media Player Network Sharing Service
c:\program files\windows media player\wmpnetwk.exe

+ WudfSvc = Windows Driver Foundation - User-mode Driver Framework
c:\windows\system32\wudfsvc.dll

+ 内核驱动(1)
+ HKLM\System\CurrentControlSet\Services(28)
+ AmdK8 = AMD Processor Driver
c:\windows\system32\drivers\amdk8.sys

+ AntiArpNdisProt = AntiARP NDIS Protocol Driver
c:\windows\system32\drivers\antiarpndisprot.sys

+ ATSpy = ATSpy
c:\windows\system32\atspy.sys

+ BaseTDI = Rising TDI Base Driver
c:\windows\system32\drivers\basetdi.sys

+ EagleNT = EagleNT
c:\windows\system32\drivers\eaglent.sys

+ ExpScaner = ExpScaner
c:\program files\rising\rav\expscan.sys

+ HDAudBus = Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序
c:\windows\system32\drivers\hdaudbus.sys

+ HookCont = HookCont
c:\program files\rising\rav\hookcont.sys

+ HookReg = HookReg
c:\program files\rising\rav\hookreg.sys

+ HookSys = HookSys
c:\program files\rising\rav\hooksys.sys

+ HookUrl = HookUrl
c:\program files\rising\rfw\hookurl.sys

+ IntcAzAudAddService = Service for Realtek HD Audio (WDM)
c:\windows\system32\drivers\rtkhdaud.sys

+ mchInjDrv
c:\docume~1\admini~1\locals~1\temp\mc25.tmp

+ MEMSCAN = MEMSCAN
c:\program files\rising\rav\memscan.sys

+ mProcRs = mProcRs
c:\program files\rising\rfw\mprocrs.sys

+ npkcrypt = npkcrypt
d:\program files\qq2007\npkcrypt.sys

+ nvata
c:\windows\system32\drivers\nvata.sys

+ NVENETFD = NVIDIA nForce Networking Controller Driver
c:\windows\system32\drivers\nvenetfd.sys

+ nvnetbus = NVIDIA Network Bus Enumerator
c:\windows\system32\drivers\nvnetbus.sys

+ oreans32 = oreans32
c:\windows\system32\drivers\oreans32.sys

+ RsAntiSpyware = RsAntiSpyware
c:\windows\system32\drivers\rsboot.sys

+ RsFwDrv = RsFwDrv
c:\program files\rising\rfw\rsfwdrv.sys

+ RsNTGDI = RsNTGDI
c:\windows\system32\drivers\rsntgdi.sys

+ RSPPSYS = RSPPSYS
c:\program files\rising\rav\rsppsys.sys

+ Secdrv = Secdrv
c:\windows\system32\drivers\secdrv.sys

+ WudfPf = Windows Driver Foundation - User-mode Driver Framework Platform Driver
c:\windows\system32\drivers\wudfpf.sys

+ WudfRd = Windows Driver Foundation - User-mode Driver Framework Reflector
c:\windows\system32\drivers\wudfrd.sys

+ xAntiArp = xAntiArpSpoof Service
c:\windows\system32\drivers\xantiarp.sys

+ 系统登陆自运行(1)
+ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon(1)
+ UIHost = C:\WINDOWS\system32\XPSTYLE_ThemePackage\Logonui.exe
c:\windows\system32\xpstyle_themepackage\logonui.exe

+ IE浏览器加载模块(2)
+ HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar(1)
+ {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} = 卡卡上网安全助手
c:\windows\system32\kakatool.dll

+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects(1)
+ {889D2FEB-5411-4565-8998-1DD2C5261283} = Thunder Browser Helper
c:\program files\thunder\comdlls\xunleibho_now.dll

+ 资源管理器加载模块(3)
+ HKLM\SOFTWARE\Classes\PROTOCOLS\Filter(1)
+ text/xml = {807553E5-5146-11D5-A672-00B0D022E945}
c:\program files\common files\microsoft shared\office11\msoxmlmf.dll

+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved(13)
+ HyperTerminal Icon Ext = {88895560-9AA2-1069-930E-00AA0030EBC8}
c:\windows\system32\hticons.dll

+ WinRAR shell extension = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
c:\program files\winrar\rarext.dll

+ Microsoft Office HTML Icon Handler = {42042206-2D85-11D3-8CFF-005004838597}
c:\program files\microsoft office\office11\msohev.dll

+ Web Folders = {BDEADF00-C265-11D0-BCED-00A0C90AB50F}
c:\program files\common files\microsoft shared\web folders\msonsext.dll

+ Portable Media Devices = {640167b4-59b0-47a6-b335-a6b3c0695aea}
c:\windows\system32\audiodev.dll

+ Portable Devices = {35786D3C-B075-49b9-88DD-029876E11C01}
c:\windows\system32\wpdshext.dll

+ Portable Devices Menu = {D6791A63-E7E2-4fee-BF52-5DED8E86E9B8}
c:\windows\system32\wpdshext.dll

+ NvCpl DesktopContext Class = {A70C977A-BF00-412C-90B7-034C51DA2439}
c:\windows\system32\nvcpl.dll

+ Desktop Explorer = {1CDB2949-8F65-4355-8456-263E7C208A5D}
c:\windows\system32\nvshell.dll

+ Desktop Explorer Menu = {1E9B04FB-F9E5-4718-997B-B8DA88302A47}
c:\windows\system32\nvshell.dll

+ nView Desktop Context Menu = {1E9B04FB-F9E5-4718-997B-B8DA88302A48}
c:\windows\system32\nvshell.dll

+ Play on my TV helper = {FFB699E0-306A-11d3-8BD1-00104B6F7516}
c:\windows\system32\nvcpl.dll

+ RISING = {1C7593CB-C1CC-4BA7-BE52-8EEA47F9CB1D}
c:\windows\system32\ravext.dll

+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks(1)
+ {AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A} = Ras Shell Execute Hook
c:\windows\system32\shlhook.dll

+ 用户登陆自运行项目(2)
+ HKLM\Software\Microsoft\Windows\CurrentVersion\Run(2)
+ RavTask = "C:\Program Files\Rising\Rav\RavTask.exe" -system
c:\program files\rising\rav\ravtask.exe

+ runeip = "C:\Program Files\Rising\AntiSpyware\runiep.exe" /startup
c:\program files\rising\antispyware\runiep.exe

+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce(1)
+ RavStub = "C:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE
c:\program files\rising\rav\ravstub.exe

+ 开机执行(1)
+ HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order(1)
+ BootExecute = "autocheck autochk *";" bsmain";
c:\windows\system32\bsmain.exe

+ 映像劫持(4)
+ HKCR\Folder\shell(1)
+ Super Rabbit CDROM Eject = D:\超级兔子\MagicSet\srcd2.exe
d:\超级兔子\magicset\srcd2.exe

+ HKCR\.html(1)
+ htmlfile\Edit\Command = "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1
c:\program files\microsoft office\office11\msohtmed.exe

+ HKCR\.htm(1)
+ htmlfile\Edit\Command = "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1
c:\program files\microsoft office\office11\msohtmed.exe

+ HKCR\.mp3(2)
+ Audio.MP3\open\Command = "C:\Program Files\TTPlayer\TTPlayer.exe" "%1"
c:\program files\ttplayer\ttplayer.exe

+ Audio.MP3\PlayList\Command = "C:\Program Files\TTPlayer\TTPlayer.exe" /a "%1"
c:\program files\ttplayer\ttplayer.exe

中毒太深11 - 2007-7-19 16:07:00

+ 正在运行的进程(22)
- 00000084(132) spoolsv.exe(0)
+ 0000010c(268) Explorer.EXE(14)
+ 10000000[0001B000] = ieprot.dll
c:\program files\rising\antispyware\ieprot.dll

+ 72C80000[00008000] = msacm32.drv
c:\windows\system32\msacm32.drv

+ 01BE0000[0075B000] = nvcpl.dll
c:\windows\system32\nvcpl.dll

+ 01650000[00036000] = NVRSZHC.DLL
c:\windows\system32\nvrszhc.dll

+ 016D0000[00032000] = nvapi.dll
c:\windows\system32\nvapi.dll

+ 01710000[00073000] = nvshell.dll
c:\windows\system32\nvshell.dll

+ 017B0000[00011000] = shlhook.dll
c:\windows\system32\shlhook.dll

+ 029C0000[00057000] = LCODCCMP.DLL
c:\windows\system32\lcodccmp.dll

+ 7F840000[00016000] = asusasv1.dll
c:\windows\system32\asusasv1.dll

+ 02FF0000[0026D000] = asusasv2.dll
c:\windows\system32\asusasv2.dll

+ 23700000[0001A000] = RSCOMMON.DLL
c:\program files\rising\rav\rscommon.dll

+ 024F0000[0001A000] = xunleiBHO_Now.dll
c:\program files\thunder\comdlls\xunleibho_now.dll

+ 10930000[00049000] = PortableDeviceApi.dll
c:\windows\system32\portabledeviceapi.dll

+ 325C0000[00012000] = msohev.dll
c:\program files\microsoft office\office11\msohev.dll

+ 000001b8(440) RavStub.exe(3)
+ 00400000[00018000] = RavStub.exe
c:\program files\rising\rav\ravstub.exe

+ 10000000[0001B000] = RsCommX.dll
c:\program files\rising\rav\rscommx.dll

+ 23700000[0001A000] = RSCOMMON.DLL
c:\program files\rising\rav\rscommon.dll

+ 0000021c(540) RfwMain.exe(8)
+ 00400000[00073000] = RfwMain.exe
c:\program files\rising\rfw\rfwmain.exe

+ 26600000[0007D000] = RsGuiLib.dll
c:\program files\rising\rfw\rsguilib.dll

+ 23700000[0001A000] = RSCOMMON.DLL
c:\program files\rising\rfw\rscommon.dll

+ 10000000[0000F000] = RfwCtrl.dll
c:\program files\rising\rfw\rfwctrl.dll

+ 23800000[0001A000] = RsXML.dll
c:\program files\rising\rfw\rsxml.dll

+ 23900000[00031000] = PngDll.dll
c:\program files\rising\rfw\pngdll.dll

+ 01110000[0001B000] = ieprot.dll
c:\program files\rising\antispyware\ieprot.dll

+ 72C80000[00008000] = msacm32.drv
c:\windows\system32\msacm32.drv

+ 00000278(632) runiep.exe(2)
+ 00400000[00012000] = runiep.exe
c:\program files\rising\antispyware\runiep.exe

+ 00C00000[0001B000] = ieprot.dll
c:\program files\rising\antispyware\ieprot.dll

+ 0000028c(652) ctfmon.exe(1)
+ 10000000[0001B000] = ieprot.dll
c:\program files\rising\antispyware\ieprot.dll

+ 000002d8(728) nvsvc32.exe(2)
+ 00400000[0002C000] = nvsvc32.exe
c:\windows\system32\nvsvc32.exe

+ 009F0000[00032000] = nvapi.dll
c:\windows\system32\nvapi.dll

- 00000398(920) smss.exe(0)
- 000003d8(984) csrss.exe(0)
+ 000003f0(1008) winlogon.exe(1)
+ 72C80000[00008000] = msacm32.drv
c:\windows\system32\msacm32.drv

+ 0000041c(1052) services.exe(1)
+ 47260000[0000F000] = AcAdProc.dll
c:\windows\apppatch\acadproc.dll

- 00000428(1064) lsass.exe(0)
+ 000004c0(1216) RsAgent.exe(3)
+ 00400000[0003A000] = RsAgent.exe
c:\program files\rising\rav\rsagent.exe

+ 10000000[0001B000] = RsCommX.dll
c:\program files\rising\rav\rscommx.dll

+ 00E60000[0001B000] = ieprot.dll
c:\program files\rising\antispyware\ieprot.dll

- 000004d0(1232) svchost.exe(0)
- 0000050c(1292) svchost.exe(0)
- 0000058c(1420) svchost.exe(0)
- 00000620(1568) svchost.exe(0)
- 00000680(1664) svchost.exe(0)
+ 000006a8(1704) iexplore.exe(8)
+ 10000000[0001A000] = xunleiBHO_Now.dll
c:\program files\thunder\comdlls\xunleibho_now.dll

+ 011B0000[0001B000] = ieprot.dll
c:\program files\rising\antispyware\ieprot.dll

+ 325C0000[00012000] = msohev.dll
c:\program files\microsoft office\office11\msohev.dll

+ 01220000[00019000] = RavScrCh.dll
c:\program files\rising\rav\ravscrch.dll

+ 30000000[002EE000] = Flash9b.ocx
c:\windows\system32\macromed\flash\flash9b.ocx

+ 72C80000[00008000] = msacm32.drv
c:\windows\system32\msacm32.drv

+ 04200000[0000B000] = MSOXMLMF.DLL
c:\program files\common files\microsoft shared\office11\msoxmlmf.dll

+ 73200000[00031000] = WINWB86.IME
c:\windows\system32\winwb86.ime

- 0000082c(2092) alg.exe(0)
+ 00000a14(2580) Ras.exe(3)
+ 00400000[0013F000] = Ras.exe
c:\program files\rising\antispyware\ras.exe

+ 10000000[000A3000] = RasGui.dll
c:\program files\rising\antispyware\rasgui.dll

+ 01500000[0001B000] = ieprot.dll
c:\program files\rising\antispyware\ieprot.dll

+ 00000b84(2948) AgentSvr.exe(2)
+ 10000000[0001B000] = ieprot.dll
c:\program files\rising\antispyware\ieprot.dll

+ 72C80000[00008000] = msacm32.drv
c:\windows\system32\msacm32.drv

相关文件信息列表(点击文件名Google一下)

注释: [A]表示该文件存在自启动关联;[M]表示该文件在内存中;

31. [A ] c:\windows\system32\drivers\rsntgdi.sys
Beijing Rising Technology Co., Ltd.
RsNTGDI
.text,.rdata,INIT,.rsrc,.reloc,
44. [A ] c:\program files\common files\microsoft shared\web folders\msonsext.dll
Microsoft Corporation
Microsoft Web Folders
.text,.data,.rsrc,.reloc,
13. [A ] c:\windows\system32\drivers\eaglent.sys
79. [ M] c:\program files\rising\antispyware\ras.exe
Beijing Rising Technology Co., Ltd.
Rising AntiSpyware
.text,.rdata,.data,.rsrc,
49. [A ] c:\windows\system32\ravext.dll
Beijing Rising Technology Co., Ltd.
Rising Shell Ext Module
.text,.rdata,.data,.rsrc,.reloc,
58. [ M] c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
80. [ M] c:\program files\rising\antispyware\rasgui.dll
Beijing Rising Technology Co., Ltd.
RasGUI
.text,.rdata,.data,.rsrc,.reloc,
61. [ M] c:\windows\system32\nvapi.dll
.text,.rdata,.data,.idata,.rsrc,.reloc,
55. [A ] d:\超级兔子\magicset\srcd2.exe
Super Rabbit Software
UPX0,UPX1,.rsrc,
75. [ M] c:\program files\rising\rav\rsagent.exe
Beijing Rising Technology Co., Ltd.
RsAgent Application
.text,.rdata,.data,.rsrc,
40. [AM] c:\program files\common files\microsoft shared\office11\msoxmlmf.dll
Microsoft Corporation
Microsoft Office XML MIME Filter
.text,.data,.rsrc,.reloc,
2. [A ] c:\program files\common files\microsoft shared\source engine\ose.exe
Microsoft Corporation
Office Source Engine
.text,.data,.rsrc,
56. [A ] c:\program files\microsoft office\office11\msohtmed.exe
Microsoft Corporation
Microsoft Office 2003 component
.text,.data,.rsrc,
64. [ M] c:\windows\system32\asusasv2.dll
ASUSTeK COMPTER INC.
ASUS ASV2 Video CODEC
.text,.rdata,.data,.rsrc,.reloc,
5. [A ] c:\program files\rising\rav\ccenter.exe
Beijing Rising Technology Co., Ltd.
CCenter
.text,.rdata,.data,.rsrc,
12. [A ] c:\windows\system32\drivers\basetdi.sys
Beijing Rising Technology Co., Ltd.
basetdi
.text,.rdata,.data,INIT,.rsrc,.reloc,
42. [A ] c:\program files\winrar\rarext.dll
.text,.data,.tls,.idata,.edata,.rsrc,.reloc,
36. [A ] c:\windows\system32\drivers\xantiarp.sys
Windows (R) 2000 DDK provider
Sample NDIS 4.0 Intermediate Miniport Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
77. [ M] c:\windows\system32\macromed\flash\flash9b.ocx
Adobe Systems, Inc.
Adobe Flash Player 9.0 r28
.text,.rdata,.data,.rsrc,.reloc,
25. [A ] c:\windows\system32\drivers\nvata.sys
NVIDIA Corporation
NVIDIA? nForce(TM) IDE Performance Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
43. [AM] c:\program files\microsoft office\office11\msohev.dll
Microsoft Corporation
Microsoft Office 2003 component
.text,.data,.rsrc,.reloc,
33. [A ] c:\windows\system32\drivers\secdrv.sys
.text,.data,INIT,.reloc,
47. [AM] c:\windows\system32\nvcpl.dll
NVIDIA Corporation
NVIDIA Display Properties Extension
.text,.rdata,.data,CONST,.rsrc,.reloc,
53. [AM] c:\program files\rising\rav\ravstub.exe
Beijing Rising Technology Co., Ltd.
Rising RavStub
.text,.rdata,.data,.rsrc,
34. [A ] c:\windows\system32\drivers\wudfpf.sys
Microsoft Corporation
Windows Driver Foundation - User-mode Driver Framework Platform Driver
.text,.rdata,.data,PAGE,.edata,INIT,.rsrc,.reloc,
48. [AM] c:\windows\system32\nvshell.dll
.text,.rdata,.data,.idata,.shared,.rsrc,.reloc,
69. [ M] c:\program files\rising\rfw\rsguilib.dll
Beijing Rising Technology Co., Ltd.
Rising GUI Library Loader
.text,.rdata,.data,.rsrc,.reloc,
70. [ M] c:\program files\rising\rfw\rscommon.dll
Beijing Rising Technology Co., Ltd.
Rising Common Function Dynamic Link Library
.text,.rdata,.data,.rsrc,.reloc,

中毒太深11 - 2007-7-19 16:08:00

76. [ M] c:\program files\rising\rav\ravscrch.dll
Beijing Rising Technology Co., Ltd.
RavScrCh Module
.text,.rdata,.data,.rsrc,.reloc,
9. [A ] c:\windows\system32\drivers\amdk8.sys
Microsoft Corporation
Processor Device Driver
.text,.rdata,.data,PAGE,PAGELK,INIT,.rsrc,.reloc,
65. [ M] c:\program files\rising\rav\rscommon.dll
Beijing Rising Technology Co., Ltd.
Rising Common Function Dynamic Link Library
.text,.rdata,.data,.rsrc,.reloc,
72. [ M] c:\program files\rising\rfw\rsxml.dll
Beijing Rising Technology Co., Ltd.
RsXML
.text,.rdata,.data,.rsrc,.reloc,
21. [A ] c:\docume~1\admini~1\locals~1\temp\mc25.tmp
15. [A ] c:\windows\system32\drivers\hdaudbus.sys
Windows (R) Server 2003 DDK provider
High Definition Audio Bus Driver v1.0a
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
22. [A ] c:\program files\rising\rav\memscan.sys
瑞星软件有限公司
MemScan Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
23. [A ] c:\program files\rising\rfw\mprocrs.sys
Beijing Rising Technology Co., Ltd.
Rising Personal FireWall mprocrs.sys
.text,.rdata,.data,INIT,.rsrc,.reloc,
27. [A ] c:\windows\system32\drivers\nvnetbus.sys
NVIDIA Corporation
NVIDIA Networking Bus Driver.
.text,.rdata,.data,INIT,.rsrc,.reloc,
35. [A ] c:\windows\system32\drivers\wudfrd.sys
Microsoft Corporation
Windows Driver Foundation - User-mode Driver Framework Reflector
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
14. [A ] c:\program files\rising\rav\expscan.sys
ExpScan.sys
.text,.rdata,.data,INIT,.rsrc,.reloc,
52. [AM] c:\program files\rising\antispyware\runiep.exe
Beijing Rising Technology Co., Ltd.
Rising AntiSpyware Monitor
.text,.rdata,.data,.rsrc,
46. [A ] c:\windows\system32\wpdshext.dll
Microsoft Corporation
Portable Devices Shell Extension
.text,.data,.rsrc,.reloc,
1. [AM] c:\windows\system32\nvsvc32.exe
NVIDIA Corporation
NVIDIA Driver Helper Service, Version 91.47
.text,.rdata,.data,.rsrc,
63. [ M] c:\windows\system32\asusasv1.dll
ASUSTeK COMPTER INC.
ASUS Video Compressor
.text,.rdata,.data,.idata,.rsrc,.reloc,
3. [A ] c:\program files\rising\rfw\rfwproxy.exe
Beijing Rising Technology Co., Ltd.
Rising Personal Proxy Service
.text,.rdata,.data,.rsrc,
24. [A ] d:\program files\qq2007\npkcrypt.sys
INCA Internet Co., Ltd.
nProtect KeyCrypt Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
39. [AM] c:\program files\thunder\comdlls\xunleibho_now.dll
Thunder Networking Technologies,LTD
XunLeiBHO
.text,.rdata,.data,.rsrc,.reloc,
28. [A ] c:\windows\system32\drivers\oreans32.sys
.text,.rdata,.data,INIT,.reloc,
29. [A ] c:\windows\system32\drivers\rsboot.sys
Beijing Rising Technology Co., Ltd.
Anti-RootKit Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
74. [ M] c:\windows\apppatch\acadproc.dll
Microsoft Corporation
Windows Compatibility DLL
.text,.data,.rsrc,.reloc,
32. [A ] c:\program files\rising\rav\rsppsys.sys
Rising
RSPPSYS.SYS
.text,.rdata,.data,INIT,.rsrc,.reloc,
71. [ M] c:\program files\rising\rfw\rfwctrl.dll
Beijing Rising Technology Co., Ltd.
RfwCtrl DLL
.text,.rdata,.data,.rsrc,.reloc,
16. [A ] c:\program files\rising\rav\hookcont.sys
Rising
HookCont
.text,.rdata,.data,INIT,.rsrc,.reloc,
59. [ M] c:\windows\system32\msacm32.drv
Microsoft Corporation
Microsoft Sound Mapper
.text,.data,.rsrc,.reloc,
8. [A ] c:\windows\system32\wudfsvc.dll
Microsoft Corporation
Windows Driver Foundation - User-mode Driver Framework Service
.text,.data,.rsrc,.reloc,
62. [ M] c:\windows\system32\lcodccmp.dll
LEAD Technologies, Inc.
LEAD MCMP/MJPEG Codec
.text,.rdata,.data,.rsrc,.reloc,
4. [A ] c:\program files\rising\rfw\rfwsrv.exe
Beijing Rising Technology Co., Ltd.
Rising Personal FireWall Service
.text,.rdata,.data,.rsrc,
37. [A ] c:\windows\system32\xpstyle_themepackage\logonui.exe
Microsoft Corporation
Windows Logon UI
.text,.data,.rsrc,
38. [A ] c:\windows\system32\kakatool.dll
Beijing Rising Technology Co., Ltd.
Rising AntiSpyware Toolbar
.text,.rdata,.data,MonitorS,.rsrc,.reloc,
6. [A ] c:\program files\rising\rav\ravmond.exe
Beijing Rising Technology Co., Ltd.
RavMond
.text,.rdata,.data,.rsrc,
18. [A ] c:\program files\rising\rav\hooksys.sys
Rising
Hooksys
.text,.rdata,.data,INIT,.rsrc,.reloc,
51. [A ] c:\program files\rising\rav\ravtask.exe
Beijing Rising Technology Co., Ltd.
RavTimer
.text,.rdata,.data,.rsrc,
73. [ M] c:\program files\rising\rfw\pngdll.dll
Beijing Rising Technology Co., Ltd.
Rising .Png File Loader Dynamic Link Library
.text,.rdata,.data,.rsrc,.reloc,
45. [A ] c:\windows\system32\audiodev.dll
Microsoft Corporation
Portable Media Devices Shell Extension
.text,.data,.rsrc,.reloc,
11. [A ] c:\windows\system32\atspy.sys
20. [A ] c:\windows\system32\drivers\rtkhdaud.sys
Realtek Semiconductor Corp.
Realtek(r) High Definition Audio Function Driver
.text,CODE,.rdata,.data,.data1,PAGE,INIT,.rsrc,.reloc,
67. [ M] c:\program files\rising\rav\rscommx.dll
rising
RsCommX
.text,.rdata,.data,.rsrc,.reloc,
10. [A ] c:\windows\system32\drivers\antiarpndisprot.sys
Windows (R) 2000 DDK provider
NDIS User mode I/O Driver
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
66. [ M] c:\windows\system32\portabledeviceapi.dll
Microsoft Corporation
Windows Portable Device API Components
.text,.orpc,.data,.rsrc,.reloc,
54. [A ] c:\windows\system32\bsmain.exe
Beijing Rising Technology Co., Ltd.
BootScan
.text,.data,.rsrc,.reloc,
41. [A ] c:\windows\system32\hticons.dll
Hilgraeve, Inc.
HyperTerminal Applet Library
.text,.data,.rsrc,.reloc,
57. [A ] c:\program files\ttplayer\ttplayer.exe
Alen Soft
千千静听
.text,.rdata,.data,.rsrc,
78. [ M] c:\windows\system32\winwb86.ime
Microsoft Corporation
王码五笔型输入法86版
.text,.rdata,.data,.ShareDa,.sgroup,.rsrc,.reloc,
30. [A ] c:\program files\rising\rfw\rsfwdrv.sys
Beijing Rising Technology Co., Ltd.
nt_fwdrv
.text,.rdata,.data,INIT,.rsrc,.reloc,
17. [A ] c:\program files\rising\rav\hookreg.sys
.text,.rdata,.data,INIT,.rsrc,.reloc,
68. [ M] c:\program files\rising\rfw\rfwmain.exe
Beijing Rising Technology Co., Ltd.
Rising Personal FireWall Main Program
.text,.rdata,.data,.rsrc,
50. [AM] c:\windows\system32\shlhook.dll
Beijing Rising Technology Co., Ltd.
shlhook Module
.text,.rdata,.data,.rsrc,.reloc,
60. [ M] c:\windows\system32\nvrszhc.dll
NVIDIA Corporation
NVIDIA Simplified Chinese language resource library
.rsrc,.reloc,
19. [A ] c:\program files\rising\rfw\hookurl.sys
Beijing Rising Technology Co., Ltd.
HookUrl
.text,.rdata,.data,INIT,.rsrc,.reloc,
7. [A ] c:\program files\windows media player\wmpnetwk.exe
Microsoft Corporation
Windows Media Player 网络共享服务
.text,.data,.rsrc,.reloc,
26. [A ] c:\windows\system32\drivers\nvenetfd.sys
NVIDIA Corporation
NVIDIA Networking Function Driver.
.text,.rdata,.data,INIT,.rsrc,.reloc,

中毒太深11 - 2007-7-19 16:38:00

另外想请教下用GHOST系统还原会把补丁还原掉吗?

中毒太深11 - 2007-7-20 20:53:00

能有高手看下吗~

Enao2005 - 2007-7-20 21:07:00

安全模式删除C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp 下所有文件

GHOST后恢复到你当时备份的饿系统环境，之后打的补丁完全没了..

瑞星卡卡安全论坛