瑞星杀毒软件和防火墙都不正常 bbs.ikaka.com

xiaoxiao212 - 2008-12-29 19:49:00

刚刚用瑞星杀出100多个病毒，再次查杀显示无病毒。但重启后右下角的工具栏里没有杀毒软件和防火墙的图标，瑞星杀毒实时监控和实时防御被禁止了，点击开启没有反映。哪位高手指点一下吧，十分感谢！！！

用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)

附件: 卡卡诊断日志.txt

xiaoxiao212 - 2008-12-29 19:55:00

System Repair Engineer 2.7.0.1210
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 1 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描
计划任务
API HOOK
隐藏进程

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe> [(Verified)Microsoft Windows XP Publisher]
<MsnMsgr><"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background> [Microsoft Corporation]
<MINIFLASHGET><"D:\Program Files\FlashGet Network\FlashGet Mini\FlashGetMini.exe" /minimize> [(Verified)Trend Media Corporation Limited]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows XP Publisher]
<PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows XP Publisher]
<PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows XP Publisher]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<nwiz><nwiz.exe /install> [NVIDIA Corporation]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<runeip><"C:\Program Files\Rising\AntiSpyware\rstray.exe" /startup> [(Verified)Beijing Rising Information Technology Corporation Limited]
<MINIFLASHGET><"D:\Program Files\FlashGet Network\FlashGet Mini\FlashGetMini.exe" /minimize> [(Verified)Trend Media Corporation Limited]
<RavTray><"C:\Program Files\Rising\Rav\RsTray.exe" -system> [(Verified)Beijing Rising Information Technology Corporation Limited]
<HBService32><System.exe> [N/A]
<RFWTray><"C:\Program Files\Rising\Rfw\RsTray.exe" -system> [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<KKDelay><C:\Program Files\rising\AntiSpyware\RunOnce.exe> [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows XP Publisher]
<Userinit><C:\WINDOWS\SYSTEM32\Userinit.exe,> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><1A945F4C.dll,89DA3EF0.dll,6A800476.dll,536AFBA3.dll,5A28618F.dll,ECFE41DE.dll,78A8BE79.dll,D6088937.dll,2C4CEFBC.dll,F19ED094.dll,3AD50572.dll,F3B2B992.dll,BFB202C3.dll,492C34D1.dll,519E4852.dll,79C9D3EA.dll,8AC81EB5.dll,6B37ED9F.dll,B96EB327.dll,77E223B7.dll,920DF320.dll,1B589D74.dll,1614C570.dll,861B6E2D.dll,B74E7607.dll,913040A4.dll,HBmhly.dll,HBXY2.dll,HBJXSJ.dll,HBWULIN2.dll,HBKDXY.dll,HBASKTAO.dll,HBZHUXIAN.dll,HBWOW.dll,HBCHIBI.dll,HBZG.dll,HBXMJ.dll,CCA64432.dll,5F9A67ED.dll,4779989E.dll,889A86B4.dll,ED82D494.dll,DF38DD7C.dll,40C14EDA.dll,02B36121.dll,A8C6F3F9.dll,8C565E09.dll,D46E204F.dll,1EE5B866.dll,8A25456D.dll,08C3CC23.dll,D530B934.dll,26F451D5.dll,9FE35C24.dll,1A97EA12.dll,E6D2BBB9.dll,A41D71B4.dll,kmon.dll> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{ECFE41DE-B1A0-41D1-BE1E-E49BCB39309C}><C:\WINDOWS\System32\ECFE41DE.dll> [File is missing]
<{78A8BE79-BF22-4CAF-B397-2FD479A022F7}><C:\WINDOWS\System32\78A8BE79.dll> [File is missing]
<{F19ED094-C7D5-4EF8-82B7-B36BC9BE8EC9}><C:\WINDOWS\System32\F19ED094.dll> [File is missing]
<{2C4CEFBC-3A32-486C-BDB0-B3982CC408EC}><C:\WINDOWS\System32\2C4CEFBC.dll> [File is missing]
<{08223B03-1B38-4A33-A83A-A4D3CC1D6E4E}><08223B03.dll> [N/A]
<{4FBFD5A4-5FE8-4444-8BD9-FD0FAFA64F96}><4FBFD5A4.dll> [N/A]
<{EF8EFC85-0038-479B-BB0E-B0A52A15CECA}><C:\Program Files\Internet Explorer\SysKetNt.Sys> [File is missing]
<{3AD50572-A2AC-4361-8A56-7ECADE74C615}><C:\WINDOWS\System32\3AD50572.dll> [File is missing]
<{5A28618F-3EE1-4A36-B8C2-ECE75B8FF26E}><C:\WINDOWS\System32\5A28618F.dll> [File is missing]
<{536AFBA3-14AF-4499-86DB-EDDCD04379B8}><C:\WINDOWS\System32\536AFBA3.dll> [File is missing]
<{6A800476-C39B-440A-8596-0519C8981DDE}><C:\WINDOWS\System32\6A800476.dll> [File is missing]
<{1A945F4C-01E3-497D-BB3C-E7D240BD801B}><C:\WINDOWS\System32\1A945F4C.dll> [File is missing]
<{913040A4-B893-47AC-839E-5ABB53B92AD2}><C:\WINDOWS\System32\913040A4.dll> [File is missing]
<{B74E7607-B815-4B42-8D10-F7821E151428}><C:\WINDOWS\System32\B74E7607.dll> [File is missing]
<{861B6E2D-87E9-43BB-8544-21782D75525A}><C:\WINDOWS\System32\861B6E2D.dll> [File is missing]
<{1614C570-29DB-44EA-A52F-F2C0D4111373}><C:\WINDOWS\System32\1614C570.dll> [File is missing]
<{1B589D74-D595-47A9-BAA1-71BF32ADBE03}><C:\WINDOWS\System32\1B589D74.dll> [File is missing]
<{920DF320-A50D-4976-A25B-6114BB57E69F}><C:\WINDOWS\System32\920DF320.dll> [File is missing]
<{77E223B7-3642-43E9-82AA-6B93C29EFB55}><C:\WINDOWS\System32\77E223B7.dll> [File is missing]
<{B96EB327-F834-4A68-ADC7-1B8343E5E0CA}><C:\WINDOWS\System32\B96EB327.dll> [File is missing]
<{6B37ED9F-8900-4FE7-B2D8-80D49676430A}><C:\WINDOWS\System32\6B37ED9F.dll> [File is missing]
<{8AC81EB5-4CC0-40AD-9A94-E409129528CC}><C:\WINDOWS\System32\8AC81EB5.dll> [File is missing]
<{79C9D3EA-DC06-4ADD-9A3F-975245A19A5F}><C:\WINDOWS\System32\79C9D3EA.dll> [File is missing]
<{519E4852-D10C-4FDA-8884-0B1E1335D88E}><C:\WINDOWS\System32\519E4852.dll> [File is missing]
<{492C34D1-6CE2-443F-B02C-645FC2BD451E}><C:\WINDOWS\System32\492C34D1.dll> [File is missing]
<{BFB202C3-514D-432B-8571-A69C90883A1A}><C:\WINDOWS\System32\BFB202C3.dll> [File is missing]
<{F3B2B992-50E9-4C1A-A31F-A73BECA85BF4}><C:\WINDOWS\System32\F3B2B992.dll> [File is missing]
<{D6088937-39A9-48EB-9B31-1D9B2A1D3E83}><C:\WINDOWS\System32\D6088937.dll> [File is missing]
<{81719C8D-A324-4C5B-9319-4A68770F35D8}><C:\WINDOWS\System32\81719C8D.dll> [File is missing]
<{89DA3EF0-9195-465F-A935-F16C32109E7D}><C:\WINDOWS\System32\89DA3EF0.dll> [File is missing]
<{82ADEDFE-9A1E-4AB8-9AE2-EC76FC38B901}><C:\WINDOWS\System32\82ADEDFE.dll> [File is missing]
<{CCA64432-B043-4518-876A-B1D5D0426C2C}><C:\WINDOWS\System32\CCA64432.dll> [File is missing]
<{5F9A67ED-089D-4512-8C70-D3D418FC3A7A}><C:\WINDOWS\System32\5F9A67ED.dll> [File is missing]
<{4779989E-398B-46AC-B4F4-2215C8AD429C}><C:\WINDOWS\System32\4779989E.dll> [File is missing]
<{889A86B4-A760-446B-97D0-DCE698F89062}><C:\WINDOWS\System32\889A86B4.dll> [File is missing]
<{ED82D494-2487-47CF-BD86-3A845B70C88A}><C:\WINDOWS\System32\ED82D494.dll> [File is missing]
<{DF38DD7C-1D05-410A-B8F1-D9227C8EECA8}><C:\WINDOWS\System32\DF38DD7C.dll> [File is missing]
<{40C14EDA-6C7E-4EA5-AAD3-861887DDF512}><C:\WINDOWS\System32\40C14EDA.dll> [File is missing]
<{02B36121-505C-4BF9-8CFF-9D818D6F02A8}><C:\WINDOWS\System32\02B36121.dll> [File is missing]
<{A8C6F3F9-0A96-4574-9424-34234D4FD4D8}><C:\WINDOWS\System32\A8C6F3F9.dll> [File is missing]
<{8C565E09-B609-46D2-BAAD-A4C39994A3FF}><C:\WINDOWS\System32\8C565E09.dll> [File is missing]
<{D46E204F-2170-43B4-B265-3B07E2A561F5}><C:\WINDOWS\System32\D46E204F.dll> [File is missing]
<{1EE5B866-C221-4583-9A6B-A9613388C8DC}><C:\WINDOWS\System32\1EE5B866.dll> [File is missing]
<{8A25456D-A442-4D85-9C9A-D1D39350DCAF}><C:\WINDOWS\System32\8A25456D.dll> [File is missing]
<{08C3CC23-D09D-4208-9D1F-21C6C590B513}><C:\WINDOWS\System32\08C3CC23.dll> [File is missing]
<{D530B934-882F-4837-A0CE-7474097ACDB0}><C:\WINDOWS\System32\D530B934.dll> [File is missing]
<{26F451D5-72D9-4364-AC4C-8EF7B0A9A30A}><C:\WINDOWS\System32\26F451D5.dll> [File is missing]
<{9FE35C24-8926-4EFC-B1C5-769715F5091D}><C:\WINDOWS\System32\9FE35C24.dll> [File is missing]
<{1A97EA12-6878-4865-8F42-7B251BF9F4A8}><C:\WINDOWS\System32\1A97EA12.dll> [File is missing]
<{E6D2BBB9-2957-4666-A2D6-61D9025C8DE2}><C:\WINDOWS\System32\E6D2BBB9.dll> [File is missing]
<{A41D71B4-8F4A-4839-A908-EFF3A95799D8}><C:\WINDOWS\System32\A41D71B4.dll> [File is missing]

xiaoxiao212 - 2008-12-29 19:56:00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<PostBootReminder><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows XP Publisher]
<CDBurn><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows XP Publisher]
<WebCheck><%SystemRoot%\System32\webcheck.dll> [(Verified)Microsoft Windows XP Publisher]
<SysTray><C:\WINDOWS\System32\stobject.dll> [(Verified)Microsoft Windows XP Publisher]
<ECFE41DE><C:\WINDOWS\System32\ECFE41DE.dll> [File is missing]
<78A8BE79><C:\WINDOWS\System32\78A8BE79.dll> [File is missing]
<F19ED094><C:\WINDOWS\System32\F19ED094.dll> [File is missing]
<2C4CEFBC><C:\WINDOWS\System32\2C4CEFBC.dll> [File is missing]
<3AD50572><C:\WINDOWS\System32\3AD50572.dll> [File is missing]
<5A28618F><C:\WINDOWS\System32\5A28618F.dll> [File is missing]
<536AFBA3><C:\WINDOWS\System32\536AFBA3.dll> [File is missing]
<6A800476><C:\WINDOWS\System32\6A800476.dll> [File is missing]
<1A945F4C><C:\WINDOWS\System32\1A945F4C.dll> [File is missing]
<913040A4><C:\WINDOWS\System32\913040A4.dll> [File is missing]
<B74E7607><C:\WINDOWS\System32\B74E7607.dll> [File is missing]
<861B6E2D><C:\WINDOWS\System32\861B6E2D.dll> [File is missing]
<1614C570><C:\WINDOWS\System32\1614C570.dll> [File is missing]
<1B589D74><C:\WINDOWS\System32\1B589D74.dll> [File is missing]
<920DF320><C:\WINDOWS\System32\920DF320.dll> [File is missing]
<77E223B7><C:\WINDOWS\System32\77E223B7.dll> [File is missing]
<B96EB327><C:\WINDOWS\System32\B96EB327.dll> [File is missing]
<6B37ED9F><C:\WINDOWS\System32\6B37ED9F.dll> [File is missing]
<8AC81EB5><C:\WINDOWS\System32\8AC81EB5.dll> [File is missing]
<79C9D3EA><C:\WINDOWS\System32\79C9D3EA.dll> [File is missing]
<519E4852><C:\WINDOWS\System32\519E4852.dll> [File is missing]
<492C34D1><C:\WINDOWS\System32\492C34D1.dll> [File is missing]
<BFB202C3><C:\WINDOWS\System32\BFB202C3.dll> [File is missing]
<F3B2B992><C:\WINDOWS\System32\F3B2B992.dll> [File is missing]
<D6088937><C:\WINDOWS\System32\D6088937.dll> [File is missing]
<81719C8D><C:\WINDOWS\System32\81719C8D.dll> [File is missing]
<89DA3EF0><C:\WINDOWS\System32\89DA3EF0.dll> [File is missing]
<82ADEDFE><C:\WINDOWS\System32\82ADEDFE.dll> [File is missing]
<CCA64432><C:\WINDOWS\System32\CCA64432.dll> [File is missing]
<5F9A67ED><C:\WINDOWS\System32\5F9A67ED.dll> [File is missing]
<4779989E><C:\WINDOWS\System32\4779989E.dll> [File is missing]
<889A86B4><C:\WINDOWS\System32\889A86B4.dll> [File is missing]
<ED82D494><C:\WINDOWS\System32\ED82D494.dll> [File is missing]
<DF38DD7C><C:\WINDOWS\System32\DF38DD7C.dll> [File is missing]
<40C14EDA><C:\WINDOWS\System32\40C14EDA.dll> [File is missing]
<02B36121><C:\WINDOWS\System32\02B36121.dll> [File is missing]
<A8C6F3F9><C:\WINDOWS\System32\A8C6F3F9.dll> [File is missing]
<8C565E09><C:\WINDOWS\System32\8C565E09.dll> [File is missing]
<D46E204F><C:\WINDOWS\System32\D46E204F.dll> [File is missing]
<1EE5B866><C:\WINDOWS\System32\1EE5B866.dll> [File is missing]
<8A25456D><C:\WINDOWS\System32\8A25456D.dll> [File is missing]
<08C3CC23><C:\WINDOWS\System32\08C3CC23.dll> [File is missing]
<D530B934><C:\WINDOWS\System32\D530B934.dll> [File is missing]
<26F451D5><C:\WINDOWS\System32\26F451D5.dll> [File is missing]
<9FE35C24><C:\WINDOWS\System32\9FE35C24.dll> [File is missing]
<1A97EA12><C:\WINDOWS\System32\1A97EA12.dll> [File is missing]
<E6D2BBB9><C:\WINDOWS\System32\E6D2BBB9.dll> [File is missing]
<A41D71B4><C:\WINDOWS\System32\A41D71B4.dll> [File is missing]

xiaoxiao212 - 2008-12-29 19:56:00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
<WinlogonNotify: crypt32chain><crypt32.dll> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
<WinlogonNotify: cryptnet><cryptnet.dll> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
<WinlogonNotify: cscdll><cscdll.dll> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
<WinlogonNotify: ScCertProp><wlnotify.dll> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
<WinlogonNotify: Schedule><wlnotify.dll> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
<WinlogonNotify: sclgntfy><sclgntfy.dll> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
<WinlogonNotify: SensLogn><WlNotify.dll> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
<WinlogonNotify: termsrv><wlnotify.dll> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
<WinlogonNotify: wlballoon><wlnotify.dll> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\System32\browseui.dll> [(Verified)Microsoft Windows XP Publisher]
<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\System32\browseui.dll> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
<Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
<浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\msmsgs.inf,BLC.Install.PerUser> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
<Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
<Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safebox.exe]
<IFEO[360safebox.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiArp.exe]
<IFEO[AntiArp.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe]
<IFEO[avcenter.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe]
<IFEO[avgnt.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DrvAnti.exe]
<IFEO[DrvAnti.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\filemon.exe]
<IFEO[filemon.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFRing3.exe]
<IFEO[GFRing3.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFUpd.exe]
<IFEO[GFUpd.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McNASvc.exe]
<IFEO[McNASvc.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McProxy.exe]
<IFEO[McProxy.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Mcshield.exe]
<IFEO[Mcshield.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcsysmon.exe]
<IFEO[mcsysmon.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpfSrv.exe]
<IFEO[MpfSrv.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVSetup.exe]
<IFEO[NAVSetup.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ProcessSafe.exe]
<IFEO[ProcessSafe.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe]
<IFEO[procexp.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctorMain.exe]
<IFEO[QQDoctorMain.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RawCopy.exe]
<IFEO[RawCopy.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regmon.exe]
<IFEO[regmon.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegTool.exe]
<IFEO[RegTool.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwProxy.exe]
<IFEO[rfwProxy.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RFWSTUB.EXE]
<IFEO[RFWSTUB.EXE]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RStray.exe]
<IFEO[RStray.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rtvscan.exe]
<IFEO[Rtvscan.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeboxTray.exe]
<IFEO[safeboxTray.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SelfUpdate.exe]
<IFEO[SelfUpdate.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SuperKiller.exe]
<IFEO[SuperKiller.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Thunder5.exe]
<IFEO[Thunder5.exe]><svchost.exe> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojDie.exe]
<IFEO[TrojDie.exe]><ntsd -d> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zxsweep.exe]
<IFEO[zxsweep.exe]><ntsd -d> [N/A]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\WINDOWS\System32\logon.scr> [(Verified)Microsoft Windows XP Publisher]

xiaoxiao212 - 2008-12-29 19:57:00

启动文件夹
[Adobe Reader Speed Launch]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Reader Speed Launch.lnk --> C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [Adobe Systems Incorporated]><N>

==================================
服务
[GP_CLT_Service / GP_CLT_Service][Running/Auto Start]
<C:\WINDOWS\System32\GP_CLT_Service.exe><>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
<C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation>
[Rav Process Communication Center / RavCCenter][Stopped/Auto Start]
<C:\Program Files\Rising\Rav\CCENTER.EXE><Beijing Rising Information Technology Co., Ltd.>
[Rising RavTask Manager / RavTask][Running/Auto Start]
<"C:\Program Files\Rising\Rav\RavTask.exe" RavTask><Beijing Rising Information Technology Co., Ltd.>
[Rfw Process Communication Center / RfwCCenter][Stopped/Auto Start]
<C:\Program Files\Rising\Rfw\CCENTER.EXE><Beijing Rising Information Technology Co., Ltd.>
[Rising Proxy Service / RfwProxySrv][Stopped/Auto Start]
<C:\Program Files\Rising\Rfw\rfwProxy.exe><(File is missing)>
[Rising Personal Firewall Service / RfwService][Stopped/Auto Start]
<C:\Program Files\Rising\Rfw\rfwsrv.exe><Beijing Rising Information Technology Co., Ltd.>
[Rising RfwTask Manager / RfwTask][Running/Auto Start]
<"C:\Program Files\Rising\Rfw\RavTask.exe" RfwTask><Beijing Rising Information Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
<C:\Program Files\Rising\Rav\RavMonD.exe><Beijing Rising Information Technology Co., Ltd.>
[Rising Scan Service / RsScanSrv][Stopped/Auto Start]
<C:\Program Files\Rising\Rav\ScanFrm.exe><Beijing Rising Information Technology Co., Ltd.>

==================================
驱动程序
[Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]
<system32\drivers\ALCXSENS.SYS><Sensaura>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[aliimz / aliimz][Stopped/Manual Start]
<System32\Drivers\aliimz.sys><N/A>
[Apaidi / Apaidi][Running/Auto Start]
<\??\C:\WINDOWS\System32\drivers\Apaidi.sys><N/A>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[hookcont / hookcont][Running/System Start]
<system32\drivers\HookCont.sys><Beijing Rising Information Technology Co., Ltd.>
[hooksys / hooksys][Stopped/Disabled]
<system32\drivers\HookSys.sys><Beijing Rising Information Technology Co., Ltd.>
[New0 / New0][Stopped/Auto Start]
<\??\C:\WINDOWS\System32\new.sys><N/A>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[npkycryp / npkycryp][Stopped/Manual Start]
<\??\C:\Program Files\Tencent\QQ\npkycryp.sys><N/A>
[nv / nv][Running/Manual Start]
<System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Padus ASPI Shell / pfc][Running/Manual Start]
<system32\drivers\pfc.sys><Padus, Inc.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Rising RfwBase Driver / RfwBase9][Running/Manual Start]
<System32\DRIVERS\rfwbase.sys><Beijing Rising Information Technology Co., Ltd.>
[rfwtdi / rfwtdi][Running/Auto Start]
<\??\C:\Program Files\Rising\Rfw\rfwtdi.sys><Beijing Rising Information Technology Co., Ltd.>
[rsfwdrv / rsfwdrv][Running/System Start]
<\??\C:\Program Files\Rising\Rfw\rsfwdrv.sys><Beijing Rising Information Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\System32\Drivers\RsNTGdi.sys><Beijing Rising Information Technology Co., Ltd.>
[Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver / RTL8023][Running/Manual Start]
<System32\DRIVERS\Rtlnic51.sys><Realtek Semiconductor Corporation>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
<System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<System32\DRIVERS\secdrv.sys><N/A>
[SiS AGP Filter / SISAGP][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\SISAGPX.sys><Silicon Integrated Systems Corporation>
[SiSide / SiSide][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\siside.sys><Silicon Integrated Systems Corp.>
[Add Performance Filter Driver / sisperf][Running/Boot Start]
<\SystemRoot\system32\drivers\sisperf.sys><Silicon Integrated Systems Corp.>
[Sony Digital Imaging Video2 / sonypvs1][Stopped/Manual Start]
<System32\DRIVERS\sonypvs1.sys><Sony Corporation>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
<System32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[播放机恢复设备控制驱动程序 / StMp3Rec][Stopped/Manual Start]
<System32\Drivers\StMp3Rec.sys><Samsung, Inc.>
[TesSafe / TesSafe][Stopped/Manual Start]
<\??\C:\WINDOWS\System32\TesSafe.sys><TENCENT>
[rspp / rspp][Stopped/System Start]
<\??\C:\WINDOWS\system32\Drivers\Rspp.sys><Beijing Rising Information Technology Co., Ltd.>

xiaoxiao212 - 2008-12-29 19:58:00

浏览器加载项
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\System32\xunleibho_v5.dll, >
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[卡卡上网安全助手]
{98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} <C:\WINDOWS\System32\urlFilter.dll, (Signed) Beijing Rising Information Technology Co., Ltd.>
[MiniFlashGetBHO]
{C74E94A7-B7BD-4891-9328-455395BCC7AD} <D:\Program Files\FlashGet Network\FlashGet Mini\libMiniBHO.dll, (Signed) FlashGet Inc>
[]
{EF8EFC85-0038-479B-BB0E-B0A52A15CECA} <C:\Program Files\Internet Explorer\SysKetNt.Sys, N/A>
[豪杰超级解霸V8]
{367E0A21-8601-4986-9C9A-153BF5ACA118} <C:\Herosoft\HeroV8\STHSDVD.EXE, N/A>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, >
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\MSMSGS.EXE, Microsoft Corporation>
[金山快译(&K)]
{6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} <C:\PROGRA~1\Kingsoft\FastAIT\IEBand.dll, >
[电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, (Signed) Microsoft Corporation>
[iTrusPTA Class]
{1E0DFFCF-27FF-4574-849B-55007349FEDA} <C:\WINDOWS\System32\aliedit\pta.dll, (Signed) >
[PowerPlr Control]
{2354A44B-3CEB-4829-9940-545B03103538} <C:\WINDOWS\DOWNLO~1\PowerPlr.ocx, (Signed) 创智数码科技股份有限公司>
[]
{6DBB2904-082D-4DB0-944A-21C22BA121F4} <, >
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9f.ocx, (Signed) Adobe Systems, Inc.>
[IJetCarNetscapeMini Class]
{6C1C7AF0-0DC2-4770-9B27-517416A85F3B} <D:\Program Files\FlashGet Network\FlashGet Mini\libMiniBHO.dll, (Signed) FlashGet Inc>
[WangWangObj Class]
{6E213FC7-DD5A-4115-B7E6-D4C7838C361E} <D:\Program Files\Alisoft\WangWang\WangWangX6.dll, (Signed) 阿里巴巴软件(上海)有限公司>
[使用迷你快车下载]
<D:\Program Files\FlashGet Network\FlashGet Mini\GetUrl.htm, N/A>
[使用迷你快车下载全部链接]
<D:\Program Files\FlashGet Network\FlashGet Mini\GetAllUrl.htm, N/A>
[使用迷你快车下载该网页FLV]
<D:\Program Files\FlashGet Network\FlashGet Mini\FlashGetFlvdetector.htm, N/A>
[导出当前页到超星阅览器(&A)]
<D:\Program file\SSREADER36\ss_all.htm, N/A>
[导出选中部分到超星阅览器(&S)]
<D:\Program file\SSREADER36\ss_select.htm, N/A>
[添加到QQ表情]
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[火狐Flash保存]
<D:\Program Files\FoxFlashplayer\PlugIns\GetFlash.htm, N/A>

xiaoxiao212 - 2008-12-29 19:59:00

=================================
正在运行的进程
[PID: 676 / SYSTEM][\SystemRoot\System32\smss.exe] [(Verified) Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 740 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [(Verified) Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 764 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [(Infected) Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\UNISPIM6.IME] [北京紫光华宇软件股份有限公司, 6.1.0.6240]
[PID: 808 / SYSTEM][C:\WINDOWS\system32\services.exe] [(Verified) Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 824 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [(Verified) Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 1004 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1092 / SYSTEM][C:\Program Files\Rising\Rav\CCENTER.EXE] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
[C:\Program Files\Rising\Rav\combase.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
[C:\WINDOWS\System32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
[C:\Program Files\Rising\Rav\cnt09.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 37]
[C:\Program Files\Rising\Rav\cnt08.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7]
[PID: 1108 / SYSTEM][C:\Program Files\Rising\Rfw\CCENTER.EXE] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
[C:\Program Files\Rising\Rfw\combase.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
[C:\WINDOWS\System32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
[C:\Program Files\Rising\Rfw\cnt09.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 37]
[PID: 1128 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1272 / NETWORK SERVICE][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1304 / LOCAL SERVICE][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1344 / SYSTEM][C:\Program Files\Rising\Rfw\rfwsrv.exe] [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
[C:\Program Files\Rising\Rfw\combase.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
[C:\WINDOWS\System32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
[C:\WINDOWS\System32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\System32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Rising\Rfw\MonBase.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
[C:\Program Files\Rising\Rfw\MonComm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
[C:\Program Files\Rising\Rfw\rfwlog.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9]
[C:\Program Files\Rising\Rfw\rfwrule.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.25]
[C:\Program Files\Rising\Rfw\rfwsrv.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.74]
[C:\Program Files\Rising\Rfw\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
[C:\Program Files\Rising\Rfw\mPorts.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.0]
[C:\Program Files\Rising\Rfw\rfwdrvc.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.3]
[C:\Program Files\Rising\Rfw\Rfwdrv.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.5]
[C:\Program Files\Rising\Rfw\rsnetsvr.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13]
[C:\Program Files\Rising\Rfw\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
[C:\Program Files\Rising\Rfw\urlrule.dll] [Beijing Rising Information Technology Co., Ltd., 1.0.0.18]
[C:\Program Files\Rising\Rfw\recomp.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
[C:\Program Files\Rising\Rfw\refs.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
[C:\Program Files\Rising\Rfw\viruslib.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
[C:\Program Files\Rising\Rfw\relibldr.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
[C:\Program Files\Rising\Rfw\rfwproxy.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.23]
[C:\Program Files\Rising\Rfw\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
[C:\Program Files\Rising\Rfw\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.13]
[C:\Program Files\Rising\Rfw\proccomm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
[C:\WINDOWS\System32\UNISPIM6.IME] [北京紫光华宇软件股份有限公司, 6.1.0.6240]
[C:\Program Files\Rising\Rfw\urllib.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
[PID: 1592 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [(Verified) Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[PID: 1624 / SYSTEM][C:\Program Files\Rising\Rav\rsnetsvr.exe] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
[C:\Program Files\Rising\Rav\NComm.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.9]
[C:\Program Files\Rising\Rav\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
[C:\WINDOWS\System32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
[C:\Program Files\Rising\Rav\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
[C:\Program Files\Rising\Rav\ProcComm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
[C:\WINDOWS\System32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\System32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[PID: 2012 / cc][C:\WINDOWS\Explorer.exe] [(Verified) Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
[C:\WINDOWS\System32\UNISPIM6.IME] [北京紫光华宇软件股份有限公司, 6.1.0.6240]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[C:\WINDOWS\System32\nvshell.dll] [NVIDIA Corporation, 6.14.10.5303]
[C:\WINDOWS\System32\NVWRSZHC.DLL] [NVIDIA Corporation, 6.14.10.5303]
[C:\Herosoft\HeroV8\VCvtShell.dll] [herosoft, 1, 0, 0, 1]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\Program Files\Tencent\RTX\RTXShl.dll] [Tencent, 1, 0, 0, 1]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
[PID: 328 / SYSTEM][C:\WINDOWS\System32\GP_CLT_Service.exe] [, 1, 0, 1, 5]
[C:\WINDOWS\System32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
[PID: 396 / cc][C:\WINDOWS\System32\GP_CLT.exe] [, 2, 0, 0, 1]
[C:\WINDOWS\System32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
[C:\WINDOWS\System32\UNISPIM6.IME] [北京紫光华宇软件股份有限公司, 6.1.0.6240]
[C:\WINDOWS\System32\GP_IFD.dll] [CIDC., 1, 0, 17, 29]
[C:\WINDOWS\System32\GP_COS.dll] [hsic, 2, 0, 0, 1]
[PID: 436 / SYSTEM][C:\WINDOWS\System32\nvsvc32.exe] [NVIDIA Corporation, 6.14.10.5303]
[C:\WINDOWS\System32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
[C:\WINDOWS\System32\UNISPIM6.IME] [北京紫光华宇软件股份有限公司, 6.1.0.6240]
[PID: 484 / cc][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3018]
[C:\WINDOWS\System32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
[C:\WINDOWS\System32\UNISPIM6.IME] [北京紫光华宇软件股份有限公司, 6.1.0.6240]
[PID: 568 / cc][C:\WINDOWS\System32\ctfmon.exe] [(Verified) Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
[C:\WINDOWS\System32\UNISPIM6.IME] [北京紫光华宇软件股份有限公司, 6.1.0.6240]
[PID: 872 / SYSTEM][C:\Program Files\Rising\Rav\RavTask.exe] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 22]
[C:\WINDOWS\System32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
[C:\Program Files\Rising\Rav\rsconf.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
[C:\Program Files\Rising\Rav\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.13]
[C:\Program Files\Rising\Rav\proccomm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
[C:\WINDOWS\System32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\System32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Rising\Rav\rsstub.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
[C:\Program Files\Rising\Rav\rstask.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 33]
[PID: 1188 / SYSTEM][C:\Program Files\Rising\Rfw\RavTask.exe] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 22]
[C:\WINDOWS\System32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
[C:\Program Files\Rising\Rfw\rsconf.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
[C:\Program Files\Rising\Rfw\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
[C:\Program Files\Rising\Rfw\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.13]
[C:\Program Files\Rising\Rfw\proccomm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
[C:\WINDOWS\System32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\System32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Rising\Rfw\rsstub.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
[C:\Program Files\Rising\Rfw\rstask.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 33]
[PID: 1320 / SYSTEM][C:\Program Files\Rising\Rav\ScanFrm.exe] [Beijing Rising Information Technology Co., Ltd., 21.0.0.11]
[C:\WINDOWS\System32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\System32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\System32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
[C:\Program Files\Rising\Rav\combase.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
[C:\Program Files\Rising\Rav\moncomm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
[C:\Program Files\Rising\Rav\scansrvp.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.11]
[C:\Program Files\Rising\Rav\proccomm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
[C:\Program Files\Rising\Rav\ScanSrv.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.9]
[C:\Program Files\Rising\Rav\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
[C:\Program Files\Rising\Rav\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
[C:\WINDOWS\System32\UNISPIM6.IME] [北京紫光华宇软件股份有限公司, 6.1.0.6240]
[C:\Program Files\Rising\Rav\ScanRavT.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.23]
[C:\Program Files\Rising\Rav\ScanBT.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.36]
[C:\Program Files\Rising\Rav\ScanStub.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.8]
[C:\Program Files\Rising\Rav\RsLog.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.32]
[C:\Program Files\Rising\Rav\ScanAdd.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.14]
[C:\Program Files\Rising\Rav\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.13]
[C:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.32]
[C:\Program Files\rising\Rav\recomp.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
[C:\Program Files\rising\Rav\refs.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
[C:\Program Files\rising\Rav\viruslib.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
[C:\Program Files\rising\Rav\relibldr.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
[C:\Program Files\rising\Rav\ffr.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
[C:\Program Files\rising\Rav\nvfile.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
[C:\Program Files\rising\Rav\scanexec.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
[C:\Program Files\rising\Rav\unexe.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
[C:\Program Files\rising\Rav\scanex.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 15]
[C:\Program Files\rising\Rav\extfile.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
[C:\Program Files\rising\Rav\pearc.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
[C:\Program Files\rising\Rav\scanpe.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7]
[C:\Program Files\rising\Rav\ur000.dat] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
[C:\Program Files\rising\Rav\scansct.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
[PID: 1404 / LOCAL SERVICE][C:\WINDOWS\System32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: DNSRV(bld4act)]
[C:\WINDOWS\System32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
[PID: 1228 / cc][C:\Program Files\rising\AntiSpyware\knownsvr.exe] [Beijing Rising Information Technology Co., Ltd., 6.0.0.11]
[C:\Program Files\rising\AntiSpyware\NComm.dll] [Beijing Rising Information Technology Co., Ltd., 6.0.0.6]
[C:\WINDOWS\System32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
[C:\Program Files\rising\AntiSpyware\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
[C:\Program Files\rising\AntiSpyware\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
[PID: 3956 / cc][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\System32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
[C:\WINDOWS\System32\UNISPIM6.IME] [北京紫光华宇软件股份有限公司, 6.1.0.6240]
[C:\PROGRA~1\Kingsoft\FastAIT\IEBand.dll] [, 1, 0, 0, 0]
[C:\WINDOWS\System32\xunleibho_v5.dll] [, 4, 3, 3, 30]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 7.0.7.2006011200]
[C:\WINDOWS\System32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\System32\urlFilter.dll] [Beijing Rising Information Technology Co., Ltd., 6, 0, 0, 15]
[C:\Program Files\Rising\AntiSpyware\UrlRule.dll] [Beijing Rising Information Technology Co., Ltd., 1.0.0.15]
[D:\Program Files\FlashGet Network\FlashGet Mini\libMiniBHO.dll] [FlashGet Inc, 1.0.1.1002]
[D:\Program Files\FlashGet Network\FlashGet Mini\FlashGetExt.dll] [FlashGet Inc, 1, 0, 0, 1]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.48]
[C:\WINDOWS\System32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\System32\Macromed\Flash\Flash9f.ocx] [Adobe Systems, Inc., 9,0,124,0]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[PID: 2996 / cc][C:\Program Files\Rising\Rav\RsAgent.exe] [Beijing Rising Information Technology Co., Ltd., 21.0.0.17]
[C:\WINDOWS\System32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
[C:\WINDOWS\System32\UNISPIM6.IME] [北京紫光华宇软件股份有限公司, 6.1.0.6240]
[C:\Program Files\Rising\Rav\ProcComm.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
[C:\WINDOWS\System32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\System32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Rising\Rav\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
[C:\Program Files\Rising\Rav\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
[C:\Program Files\Rising\Rav\ScanPrxy.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.13]
[PID: 1496 / cc][C:\WINDOWS\msagent\AgentSvr.exe] [(Verified) Microsoft Corporation, 2.00.0.3422]
[C:\WINDOWS\System32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
[C:\WINDOWS\System32\UNISPIM6.IME] [北京紫光华宇软件股份有限公司, 6.1.0.6240]
[PID: 2172 / cc][C:\Program Files\WinRAR\WinRAR.exe] [N/A, ]
[C:\WINDOWS\System32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
[C:\WINDOWS\System32\UNISPIM6.IME] [北京紫光华宇软件股份有限公司, 6.1.0.6240]
[C:\WINDOWS\System32\WMASF.DLL] [Microsoft Corporation, 9.00.00.2980 built by: lab03_dev(bld4act)]
[PID: 2332 / cc][C:\DOCUME~1\cc\LOCALS~1\Temp\Rar$EX00.422\SREngLdr.EXE] [Smallfrogs Studio, 2.7.0.1210]
[C:\WINDOWS\System32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
[PID: 3280 / cc][C:\DOCUME~1\cc\LOCALS~1\Temp\Rar$EX00.422\SRE3a2ecbd6.EXE] [Smallfrogs Studio, 2.7.0.1210]
[C:\WINDOWS\System32\kmon.dll] [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 31]
[C:\WINDOWS\System32\UNISPIM6.IME] [北京紫光华宇软件股份有限公司, 6.1.0.6240]
[C:\DOCUME~1\cc\LOCALS~1\Temp\Rar$EX00.422\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT Error. [C:\WINDOWS\notepad.exe %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. ["hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

xiaoxiao212 - 2008-12-29 20:00:00

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 764, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 396, C:\WINDOWS\SYSTEM32\GP_CLT.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 484, C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2172, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2332, C:\DOCUME~1\CC\LOCALS~1\TEMP\RAR$EX00.422\SRENGLDR.EXE]

==================================
计划任务
N/A

==================================
API HOOK
入口点错误：NtCreateFile (危险等级: 高, 被下面模块所HOOK: 0x003E574D)
入口点错误：NtCreateKey (危险等级: 高, 被下面模块所HOOK: 0x003E58ED)
入口点错误：NtLoadDriver (危险等级: 高, 被下面模块所HOOK: 0x003E603D)
入口点错误：NtSetValueKey (危险等级: 高, 被下面模块所HOOK: 0x003E59BD)
入口点错误：NtWriteFile (危险等级: 高, 被下面模块所HOOK: 0x003E581D)
入口点错误：ZwCreateFile (危险等级: 高, 被下面模块所HOOK: 0x003E574D)
入口点错误：ZwCreateKey (危险等级: 高, 被下面模块所HOOK: 0x003E58ED)
入口点错误：ZwSetValueKey (危险等级: 高, 被下面模块所HOOK: 0x003E59BD)
入口点错误：ZwWriteFile (危险等级: 高, 被下面模块所HOOK: 0x003E581D)
入口点错误：CreateServiceA (危险等级: 高, 被下面模块所HOOK: 0x003E5CFD)
入口点错误：CreateServiceW (危险等级: 高, 被下面模块所HOOK: 0x003E5DCD)
入口点错误：LoadLibraryA (危险等级: 高, 被下面模块所HOOK: 0x003E69FD)
入口点错误：LoadLibraryExW (危险等级: 高, 被下面模块所HOOK: 0x003E55E5)
入口点错误：CreateFileW (危险等级: 高, 被下面模块所HOOK: 0x003E651D)
入口点错误：CreateProcessA (危险等级: 高, 被下面模块所HOOK: 0x003E692D)
入口点错误：CreateProcessW (危险等级: 高, 被下面模块所HOOK: 0x003E678D)

==================================
隐藏进程
N/A

==================================

[/CODE]

瑞星卡卡安全论坛