瑞星卡卡安全论坛

附件: SREngLOG.log (2009-4-28 21:44:49, 24.97 K)
该附件被下载次数 160

进程里有以***[1].exe ***[2].exe依次类推的进程 还出现运行游戏杀毒和安全卫士自动关闭情况，提示与内核通讯错误等等 每个盘符下面都有个1.exe的程序，重装了遍程序也不行。。。 我的QQ：390189283

用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; MAXTHON 2.0)

附件是扫描的日志~~~

建议先升级瑞星进安全模式下全盘杀毒。

目前的日志没看出什么

升级杀毒软件至最新版本，全盘杀毒后，还异常吗？？

如果还异常，请在异常的时候扫描日志来看

下面是安全模式下瑞星杀毒以后扫描的日志~~
2009-04-29,15:10:00

System Repair Engineer 2.7.1.1261
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 3 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描
    计划任务
    API HOOK
    隐藏进程


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <amd_dc_opt><C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe>  [AMD]
    <RTHDCPL><RTHDCPL.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <Alcmtr><ALCMTR.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [NVIDIA Corporation]
    <nwiz><nwiz.exe /install>  []
    <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [NVIDIA Corporation]
    <360Safebox><"F:\360safebox\safeboxTray.exe" /r>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <360Safetray><F:\360safe\safemon\360tray.exe /start>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <RFWTray><"F:\Rising\RFW\RsTray.exe" -system>  [(Verified)Beijing Rising Information Technology Corporation Limited]
    <RavTray><"F:\Rising\Rav\RsTray.exe" -system>  [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Component Publisher]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <WebCheck><%SystemRoot%\system32\webcheck.dll>  [(Verified)Microsoft Windows Component Publisher]
    <SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
    <WinlogonNotify: dimsntfy><%SystemRoot%\System32\dimsntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    <WinlogonNotify: WgaLogon><WgaLogon.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
    <浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Remove.PerUser.NT>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [Microsoft Corporation]

==================================
启动文件夹
[VideoCam Suite 2.0]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\VideoCam Suite 2.0.lnk --> F:\PANASO~1\VIDEOC~1\VIDEOC~2.EXE [Panasonic Corporation]><N>

==================================
服务
[AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start]
  <C:\Documents and Settings\Administrator\桌面\AVG Anti-Spyware 7.5\guard.exe><GRISOFT s.r.o.>
[B's Recorder GOLD Library General Service / bgsvcgen][Running/Auto Start]
  <"C:\WINDOWS\system32\bgsvcgen.exe"><B.H.A Corporation>
[Contrl Center of Storm Media / ccosm][Running/Auto Start]
  <F:\StormII\stormliv.exe /asservice><北京暴风网际科技有限公司>
[NetMeeting Remote Desktop Sharing / mnmsrvc][Stopped/Manual Start]
  <C:\WINDOWS\system32\mnmsrvc.exe><(File is missing)>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Rav Process Communication Center / RavCCenter][Stopped/Auto Start]
  <F:\Rising\Rav\CCENTER.EXE><Beijing Rising Information Technology Co., Ltd.>
[Rising RavTask Manager / RavTask][Running/Auto Start]
  <"F:\Rising\Rav\RavTask.exe" RavTask><Beijing Rising Information Technology Co., Ltd.>
[Rfw Process Communication Center / RfwCCenter][Stopped/Auto Start]
  <F:\Rising\RFW\CCENTER.EXE><Beijing Rising Information Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Stopped/Auto Start]
  <F:\Rising\RFW\rfwsrv.exe><Beijing Rising Information Technology Co., Ltd.>
[Rising RfwTask Manager / RfwTask][Running/Auto Start]
  <"F:\Rising\RFW\RavTask.exe" RfwTask><Beijing Rising Information Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
  <F:\Rising\Rav\RavMonD.exe><Beijing Rising Information Technology Co., Ltd.>
[Rising Scan Service / RsScanSrv][Stopped/Auto Start]
  <F:\Rising\Rav\ScanFrm.exe><Beijing Rising Information Technology Co., Ltd.>
[System Restore Service / srservice][Stopped/Disabled]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\srsvc.dll><N/A>

==================================
驱动程序
[001c6d29 / 001c6d29][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\Drivers\001c6d29.sys><N/A>
[AMD Processor Driver / AmdK8][Running/System Start]
  <system32\DRIVERS\AmdK8.sys><Advanced Micro Devices>
[AMD Low Level Device Driver / AmdLLD][Running/Manual Start]
  <system32\DRIVERS\AmdLLD.sys><AMD, Inc.>
[AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Stopped/System Start]
  <\??\C:\Documents and Settings\Administrator\桌面\AVG Anti-Spyware 7.5\guard.sys><N/A>
[AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
  <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
[Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[hookcont / hookcont][Running/System Start]
  <system32\drivers\HookCont.sys><Beijing Rising Information Technology Co., Ltd.>
[hooksys / hooksys][Running/System Start]
  <system32\drivers\HookSys.sys><Beijing Rising Information Technology Co., Ltd.>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
  <system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[pcidump / pcidump][Stopped/Manual Start]
  <System32\DRIVERS\pcidump.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Rising RfwBase Driver / RfwBase9][Running/Manual Start]
  <system32\DRIVERS\rfwbase.sys><Beijing Rising Information Technology Co., Ltd.>
[rfwtdi / rfwtdi][Running/Auto Start]
  <\??\F:\Rising\RFW\rfwtdi.sys><Beijing Rising Information Technology Co., Ltd.>
[rsfwdrv / rsfwdrv][Running/System Start]
  <\??\F:\Rising\RFW\rsfwdrv.sys><Beijing Rising Information Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Information Technology Co., Ltd.>
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
  <\??\C:\WINDOWS\system32\Drivers\safeboxkrnl.sys><360安全中心>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SATALink driver accelerator / SiFilter][Running/Boot Start]
  <\SystemRoot\system32\drivers\SiWinAcc.sys><Silicon Image, Inc.>
[System Restore Filter Driver / sr][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\sr.sys><N/A>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[WINIO / WINIO][Stopped/Manual Start]
  <\??\G:\winio.sys><N/A>
[NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller / yukonwxp][Running/Manual Start]
  <system32\DRIVERS\yk51x86.sys><Marvell>

==================================
浏览器加载项
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <F:\360safe\safemon\safemon.dll, (Signed) 360.CN>
[浩方电竞平台]
  {0A155D3C-68E2-4215-A47A-E800A446447A} <F:\platform 5.0\gameclient.exe, (Signed) 上海浩方在线信息技术有限公司>
[RavOnline Class]
  {9FAFB576-6933-4CCC-AB3D-B988EC43D04E} <C:\WINDOWS\Downloaded Program Files\RavOLCtl.dll, Beijing Rising Information Technology Co., Ltd.>
[]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <, >
[]
  {0A155D3C-68E2-4215-A47A-E800A446447A} <, >
[]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <, >
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <F:\360safe\live.dll, (Signed) 360.cn>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, (Signed) Microsoft Corporation>
[]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <, >
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <F:\360safe\safemon\safemon.dll, (Signed) 360.CN>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, (Signed) Adobe Systems, Inc.>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>

正在运行的进程
[PID: 924 / SYSTEM][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 980 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1004 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\WgaLogon.dll]  [, ]
[PID: 1048 / SYSTEM][C:\WINDOWS\system32\services.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1060 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1240 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1324 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1496 / SYSTEM][F:\Rising\Rav\CCENTER.EXE]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [F:\Rising\Rav\combase.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
    [F:\Rising\Rav\cnt09.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 37]
    [F:\Rising\Rav\cnt08.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1540 / SYSTEM][F:\Rising\RFW\CCENTER.EXE]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [F:\Rising\RFW\combase.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
    [F:\Rising\RFW\cnt09.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 37]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1548 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1616 / SYSTEM][F:\Rising\Rav\RavTask.exe]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 24]
    [F:\Rising\Rav\proccomm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [F:\Rising\Rav\rsconf.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [F:\Rising\Rav\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
    [F:\Rising\Rav\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.19]
    [F:\Rising\Rav\rstask.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 36]
    [F:\Rising\Rav\rsstub.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1632 / SYSTEM][F:\Rising\RFW\RavTask.exe]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 24]
    [F:\Rising\RFW\proccomm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [F:\Rising\RFW\rsconf.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [F:\Rising\RFW\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
    [F:\Rising\RFW\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.19]
    [F:\Rising\RFW\rstask.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 36]
    [F:\Rising\RFW\rsstub.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1724 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1860 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1908 / SYSTEM][F:\Rising\RFW\rfwsrv.exe]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
    [F:\Rising\RFW\combase.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [F:\Rising\RFW\MonBase.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 6]
    [F:\Rising\RFW\MonComm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
    [F:\Rising\RFW\rfwlog.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13]
    [F:\Rising\RFW\rfwrule.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.25]
    [F:\Rising\RFW\rfwsrv.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.84]
    [F:\Rising\RFW\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [F:\Rising\RFW\mPorts.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.0]
    [F:\Rising\RFW\rfwdrvc.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.3]
    [F:\Rising\RFW\Rfwdrv.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.5]
    [F:\Rising\RFW\rsnetsvr.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 14]
    [F:\Rising\RFW\urlrule.dll]  [Beijing Rising Information Technology Co., Ltd., 1.0.0.18]
    [F:\Rising\RFW\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [F:\Rising\RFW\recomp.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [F:\Rising\RFW\refs.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [F:\Rising\RFW\viruslib.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [F:\Rising\RFW\relibldr.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [F:\Rising\RFW\rfwproxy.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.25]
    [F:\Rising\RFW\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
    [F:\Rising\RFW\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.19]
    [F:\Rising\RFW\proccomm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [F:\Rising\RFW\urllib.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
[PID: 1956 / SYSTEM][F:\Rising\Rav\RavMonD.exe]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
    [F:\Rising\Rav\combase.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [F:\Rising\Rav\moncomm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
    [F:\Rising\Rav\MonBase.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 6]
    [F:\Rising\Rav\Rslog.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.36]
    [F:\Rising\Rav\mondrv.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9]
    [F:\Rising\Rav\defmon.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 31]
    [F:\Rising\Rav\moncom08.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
    [F:\Rising\Rav\MonRule.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 9]
    [F:\Rising\Rav\FileMon.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 27]
    [F:\Rising\Rav\MailMon.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 24]
    [F:\Rising\Rav\HookWeb.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
    [F:\Rising\Rav\proccomm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [F:\Rising\Rav\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
    [F:\Rising\Rav\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.19]
    [F:\Rising\Rav\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [F:\Rising\Rav\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [F:\Rising\Rav\Hooksys.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 18]
    [F:\Rising\Rav\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [F:\Rising\Rav\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [F:\Rising\Rav\HookCont.dll]  [Beijing Rising Information Technology Co., Ltd., 23, 0, 0, 12]
    [F:\Rising\Rav\rsnetsvr.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 14]
    [F:\Rising\Rav\BACore.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 22]
    [F:\Rising\Rav\recomp.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [F:\Rising\Rav\refs.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [F:\Rising\Rav\RSStore.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 10]
    [F:\Rising\Rav\ScanAdd.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.17]
    [F:\Rising\Rav\Scanner.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.36]
    [F:\Rising\Rav\viruslib.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [F:\Rising\Rav\relibldr.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [F:\Rising\Rav\extfile.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13]
    [F:\Rising\Rav\ffr.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [F:\Rising\Rav\nvfile.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [F:\Rising\Rav\scanexec.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
    [F:\Rising\Rav\unexe.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
    [F:\Rising\Rav\scanex.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 34]
    [F:\Rising\Rav\pearc.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [F:\Rising\Rav\scanpe.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
    [F:\Rising\Rav\ur000.dat]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
    [F:\Rising\Rav\urutils.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [F:\Rising\Rav\scansct.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [F:\Rising\Rav\revm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [F:\Rising\Rav\extmail.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
[PID: 164 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 264 / SYSTEM][F:\Rising\Rav\rsnetsvr.exe]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 15]
    [F:\Rising\Rav\NComm.dll]  [Beijing Rising Information Technology Co., Ltd., 6.0.0.12]
    [F:\Rising\Rav\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [F:\Rising\Rav\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [F:\Rising\Rav\ProcComm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]

[C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 700 / Administrator][C:\WINDOWS\Explorer.EXE]  [(Verified) Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\shdoclc.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [F:\360safe\safemon\safemon.dll]  [360.CN, 5, 0, 0, 1009]
    [C:\WINDOWS\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.11.5819]
    [C:\WINDOWS\system32\nvapi.dll]  [NVIDIA Corporation, 6.14.11.5819]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
[PID: 744 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 768 / SYSTEM][C:\Documents and Settings\Administrator\桌面\AVG Anti-Spyware 7.5\guard.exe]  [GRISOFT s.r.o., 7, 5, 1, 22]
    [C:\Documents and Settings\Administrator\桌面\AVG Anti-Spyware 7.5\engine.dll]  [GRISOFT s.r.o., 4, 2, 0, 19]
[PID: 788 / SYSTEM][C:\WINDOWS\system32\bgsvcgen.exe]  [B.H.A Corporation, 2, 0, 2, 0]
[PID: 864 / SYSTEM][F:\StormII\stormliv.exe]  [北京暴风网际科技有限公司, 3, 8, 9, 17]
    [F:\StormII\MSVCP60.dll]  [Microsoft Corporation, 6.02.3104.0]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [F:\StormII\bfoptdll.dll]  [北京暴风网际科技有限公司, 3, 8, 7, 16]
[PID: 896 / SYSTEM][C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\system32\mscoree.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1584 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.11.5819]
    [C:\WINDOWS\system32\nvapi.dll]  [NVIDIA Corporation, 6.14.11.5819]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1460 / SYSTEM][F:\Rising\Rav\ScanFrm.exe]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.11]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [F:\Rising\Rav\combase.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
    [F:\Rising\Rav\moncomm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 12]
    [F:\Rising\Rav\scansrvp.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.12]
    [F:\Rising\Rav\proccomm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [F:\Rising\Rav\ScanSrv.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.10]
    [F:\Rising\Rav\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [F:\Rising\Rav\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [F:\Rising\Rav\ScanRavT.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.25]
    [F:\Rising\Rav\ScanBT.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.44]
    [F:\Rising\Rav\ScanStub.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.9]
    [F:\Rising\Rav\RsLog.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.36]
    [F:\Rising\Rav\ScanAdd.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.17]
    [F:\Rising\Rav\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
    [F:\Rising\Rav\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.19]
    [F:\Rising\Rav\Scanner.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.36]
    [F:\Rising\Rav\recomp.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [F:\Rising\Rav\refs.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 3]
    [F:\Rising\Rav\viruslib.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [F:\Rising\Rav\relibldr.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
[PID: 2212 / Administrator][C:\WINDOWS\RTHDCPL.EXE]  [Realtek Semiconductor Corp., 2.1.2.9]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [F:\360safe\safemon\safemon.dll]  [360.CN, 5, 0, 0, 1009]
[PID: 2472 / Administrator][C:\WINDOWS\system32\RUNDLL32.EXE]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\NvMcTray.dll]  [NVIDIA Corporation, 6.14.11.5819]
    [C:\WINDOWS\system32\nvapi.dll]  [NVIDIA Corporation, 6.14.11.5819]
    [C:\WINDOWS\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.11.5819]
[PID: 3020 / Administrator][F:\Rising\RFW\RsTray.exe]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.22]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [F:\Rising\RFW\ComServ.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.49]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [F:\Rising\RFW\rslang.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 28]
    [F:\Rising\RFW\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [F:\Rising\RFW\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [F:\Rising\RFW\rsxml.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [F:\Rising\RFW\ProcComm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [F:\Rising\RFW\MonState.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7]
    [F:\Rising\RFW\rfwrule.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.25]
    [F:\Rising\RFW\rsconf.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [F:\Rising\RFW\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
    [F:\Rising\RFW\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.19]
    [F:\Rising\RFW\rspalvd.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.24]
    [F:\Rising\RFW\rsguilib.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 73]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [F:\Rising\RFW\ravbintl.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 28]
    [F:\Rising\RFW\rsnetsvr.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 14]
    [F:\Rising\RFW\rsmginfo.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
    [F:\Rising\RFW\rfwtray.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 1, 11]
    [F:\Rising\RFW\PngDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [F:\Rising\RFW\rfwlog.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 13]
[PID: 3040 / Administrator][F:\Rising\Rav\RsTray.exe]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.22]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [F:\Rising\Rav\ComServ.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.49]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [F:\Rising\Rav\rslang.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 28]
    [F:\Rising\Rav\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [F:\Rising\Rav\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [F:\Rising\Rav\rsxml.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [F:\Rising\Rav\ProcComm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [F:\Rising\Rav\MonState.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7]
    [F:\Rising\Rav\ScanEvnt.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.14]
    [F:\Rising\Rav\rsguilib.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 73]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [F:\Rising\Rav\rsconf.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [F:\Rising\Rav\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
    [F:\Rising\Rav\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.19]
    [F:\Rising\Rav\rspalvd.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.24]
    [F:\Rising\Rav\ravbintl.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 28]
    [F:\Rising\Rav\mruleui.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 10]
    [F:\Rising\Rav\MonTray.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.1.0]
    [F:\Rising\Rav\PngDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [F:\Rising\Rav\RavITray.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 23]
    [F:\Rising\Rav\ScanPrxy.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.16]
    [F:\Rising\Rav\rsmginfo.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 11]
[PID: 3068 / Administrator][C:\WINDOWS\system32\CTFMON.EXE]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [F:\360safe\safemon\safemon.dll]  [360.CN, 5, 0, 0, 1009]
[PID: 3544 / Administrator][F:\Panasonic\VideoCam Suite 2\VideoCamSuiteAutoStart.exe]  [Panasonic Corporation, 3, 0, 811, 2316]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80CHS.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [F:\360safe\safemon\safemon.dll]  [360.CN, 5, 0, 0, 1009]
    [F:\Panasonic\VideoCam Suite 2\MSResource\MSTextResource.dll]  [, ]
    [F:\Panasonic\VideoCam Suite 2\MSResource\MSDialogResource.dll]  [Panasonic Corporation, 3, 0, 810, 3113]
    [F:\Panasonic\VideoCam Suite 2\MSResource\MSImageResource.dll]  [Panasonic Corporation, 2, 0, 810, 3021]
[PID: 3688 / Administrator][F:\Rising\Rav\rsmain.exe]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 5]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [F:\Rising\Rav\rspalmgr.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.29]
    [F:\Rising\Rav\Syslay.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
    [F:\Rising\Rav\RSXML.DLL]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 2]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [F:\Rising\Rav\RsGuiLib.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 73]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [F:\Rising\Rav\rslang.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 28]
    [F:\Rising\Rav\ravbmenu.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 16]
    [F:\Rising\Rav\rsconf.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [F:\Rising\Rav\rspalvd.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.24]
    [F:\Rising\Rav\ravppops.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 15]
    [F:\Rising\Rav\ravbintl.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 28]
    [F:\Rising\Rav\ravpsafe.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.25]
    [F:\Rising\Rav\MonState.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 7]
    [F:\Rising\Rav\ScanPrxy.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.16]
    [F:\Rising\Rav\psafecfg.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.19]
    [F:\Rising\Rav\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.1]
    [F:\Rising\Rav\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.19]
    [F:\Rising\Rav\comx3.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
    [F:\Rising\Rav\ProcComm.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 46]
    [F:\Rising\Rav\ravxpage.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 86]
    [F:\Rising\Rav\ravxmons.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 24]
    [F:\Rising\Rav\ravptool.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.20]
    [F:\Rising\Rav\log2file.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.10]
    [F:\Rising\Rav\PngDll.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
    [F:\Rising\Rav\htmllib.dll]  [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 1]
[PID: 2680 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [F:\360safe\safemon\safemon.dll]  [360.CN, 5, 0, 0, 1009]
    [C:\WINDOWS\system32\shdoclc.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [F:\360safe\safemon\urlproc.dll]  [360.CN, 1, 0, 0, 1005]
    [F:\Rising\Rav\RavScrCh.dll]  [Beijing Rising Information Technology Co., Ltd., 21.0.0.70]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx]  [Adobe Systems, Inc., 9,0,124,0]
    [C:\WINDOWS\system32\mscoree.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
[PID: 2280 / Administrator][C:\Documents and Settings\Administrator\桌面\sr-engldr.EXE]  [Smallfrogs Studio, 2.7.1.1261]
[PID: 1264 / Administrator][C:\Documents and Settings\Administrator\桌面\SREf0465bfe.EXE]  [Smallfrogs Studio, 2.7.1.1261]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [F:\360safe\safemon\safemon.dll]  [360.CN, 5, 0, 0, 1009]
    [C:\Documents and Settings\Administrator\桌面\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      v.onondown.com.cn
127.0.0.2      ymsdasdw1.cn
127.0.0.3      h96b.info
127.0.0.0      xxx.zttwp.cn
127.0.0.0      www.hackerbf.cn
127.0.0.0      geekbyfeng.cn
127.0.0.0      121.14.101.68
127.0.0.0      ppp.etimes888.com
127.0.0.0      www.bypk.com
127.0.0.0      CSC3-2004-crl.verisign.com
127.0.0.1      va9sdhun23.cn
127.0.0.0      udp.hjob123.com
127.0.0.2      bnasnd83nd.cn
127.0.0.0      www.gamehacker.com.cn
127.0.0.0      gamehacker.com.cn
127.0.0.3      adlaji.cn
127.0.0.1      858656.com
127.1.1.1      bnasnd83nd.cn
127.0.0.1      my123.com
127.0.0.0      user1.12-27.net
127.0.0.1      8749.com
127.0.0.0      fengent.cn
127.0.0.1      4199.com
127.0.0.1      user1.16-22.net
127.0.0.1      7379.com
127.0.0.1      2be37c5f.3f6e2cc5f0b.com
127.0.0.1      7255.com
127.0.0.1      user1.23-12.net
127.0.0.1      3448.com
127.0.0.1      www.guccia.net
127.0.0.1      7939.com
127.0.0.1      a.o1o1o1.nEt
127.0.0.1      8009.com
127.0.0.1      user1.12-73.cn
127.0.0.1      piaoxue.com
127.0.0.1      3n8nlasd.cn
127.0.0.1      kzdh.com
127.0.0.0      www.sony888.cn
127.0.0.1      about.blank.la
127.0.0.0      user1.asp-33.cn
127.0.0.1      6781.com
127.0.0.0      www.netkwek.cn
127.0.0.1      7322.com
127.0.0.0      ymsdkad6.cn
127.0.0.1      localhost
127.0.0.0      www.lkwueir.cn
127.0.0.1      06.jacai.com
127.0.1.1      user1.23-17.net
127.0.0.1      1.jopenkk.com
127.0.0.0      upa.luzhiai.net
127.0.0.1      1.jopenqc.com
127.0.0.0      www.guccia.net
127.0.0.1      1.joppnqq.com
127.0.0.0      4m9mnlmi.cn
127.0.0.1      1.xqhgm.com
127.0.0.0      mm119mkssd.cn
127.0.0.1      100.332233.com
127.0.0.0      61.128.171.115:8080
127.0.0.1      121.11.90.79
127.0.0.0      www.1119111.com
127.0.0.1      121565.net
127.0.0.0      win.nihao69.cn
127.0.0.1      125.90.88.38
127.0.0.1      16888.6to23.com
127.0.0.1      2.joppnqq.com
127.0.0.0      puc.lianxiac.net
127.0.0.1      204.177.92.68
127.0.0.0      pud.lianxiac.net
127.0.0.1      210.74.145.236
127.0.0.0      210.76.0.133
127.0.0.1      219.129.239.220
127.0.0.0      61.166.32.2
127.0.0.1      219.153.40.221
127.0.0.0      218.92.186.27
127.0.0.1      219.153.46.27
127.0.0.0      www.fsfsfag.cn
127.0.0.1      219.153.52.123
127.0.0.0      ovo.ovovov.cn
127.0.0.1      221.195.42.71
127.0.0.0      dw.com.com
127.0.0.1      222.73.218.115
127.0.0.1      203.110.168.233:80
127.0.0.1      3.joppnqq.com
127.0.0.1      203.110.168.221:80
127.0.0.1      363xx.com
127.0.0.1      www1.ip10086.com.cm
127.0.0.1      4199.com
127.0.0.1      blog.ip10086.com.cn
127.0.0.1      43242.com
127.0.0.1      www.ccji68.cn
127.0.0.1      5.xqhgm.com
127.0.0.0      t.myblank.cn
127.0.0.1      520.mm5208.com
127.0.0.0      x.myblank.cn
127.0.0.1      59.34.131.54
127.0.0.1      210.51.45.5
127.0.0.1      59.34.198.228
127.0.0.1      www.ew1q.cn
127.0.0.1      59.34.198.88
127.0.0.1      59.34.198.97
127.0.0.1      60.190.114.101
127.0.0.1      60.190.218.34
127.0.0.0      qq-xing.com.cn
127.0.0.1      60.191.124.252
127.0.0.1      61.145.117.212
127.0.0.1      61.157.109.222
127.0.0.1      75.126.3.216
127.0.0.1      75.126.3.217
127.0.0.1      75.126.3.218
127.0.0.0      59.125.231.177:17777
127.0.0.1      75.126.3.220
127.0.0.1      75.126.3.221
127.0.0.1      75.126.3.222
127.0.0.1      772630.com
127.0.0.1      832823.cn
127.0.0.1      8749.com
127.0.0.1      888.jopenqc.com
127.0.0.1      89382.cn
127.0.0.1      8v8.biz
127.0.0.1      97725.com
127.0.0.1      9gg.biz
127.0.0.1      www.9000music.com
127.0.0.1      test.591jx.com
127.0.0.1      a.topxxxx.cn
127.0.0.1      picon.chinaren.com
127.0.0.1      www.5566.net
127.0.0.1      p.qqkx.com
127.0.0.1      news.netandtv.com
127.0.0.1      z.neter888.cn
127.0.0.1      b.myblank.cn
127.0.0.1      wvw.wokutu.com
127.0.0.1      unionch.qyule.com
127.0.0.1      www.qyule.com
127.0.0.1      it.itjc.cn
127.0.0.1      www.linkwww.com
127.0.0.1      vod.kaicn.com
127.0.0.1      www.tx8688.com
127.0.0.1      b.neter888.cn
127.0.0.1      promote.huanqiu.com
127.0.0.1      www.huanqiu.com
127.0.0.1      www.haokanla.com
127.0.0.1      play.unionsky.cn
127.0.0.1      www.52v.com
127.0.0.1      www.gghka.cn
127.0.0.1      icon.ajiang.net
127.0.0.1      new.ete.cn
127.0.0.1      www.stiae.cn
127.0.0.1      o.neter888.cn
127.0.0.1      comm.jinti.com
127.0.0.1      www.google-analytics.com
127.0.0.1      hz.mmstat.com
127.0.0.1      www.game175.cn
127.0.0.1      x.neter888.cn
127.0.0.1      z.neter888.cn
127.0.0.1      p.etimes888.com
127.0.0.1      hx.etimes888.com
127.0.0.1      abc.qqkx.com
127.0.0.1      dm.popdm.cn
127.0.0.1      www.yl9999.com
127.0.0.1      www.dajiadoushe.cn
127.0.0.1      v.onondown.com.cn
127.0.0.1      www.interoo.net
127.0.0.1      bally1.bally-bally.net
127.0.0.1      www.bao5605509.cn
127.0.0.1      www.rty456.cn
127.0.0.1      www.werqwer.cn
127.0.0.1      1.360-1.cn
127.0.0.1      user1.23-16.net
127.0.0.1      www.guccia.net
127.0.0.1      www.interoo.net
127.0.0.1      upa.netsool.net
127.0.0.1      js.users.51.la
127.0.0.1      vip2.51.la
127.0.0.1      web.51.la
127.0.0.1      qq.gong2008.com
127.0.0.1      2008tl.copyip.com
127.0.0.1      tla.laozihuolaile.cn
127.0.0.1      www.tx6868.cn
127.0.0.1      p001.tiloaiai.com
127.0.0.1      s1.tl8tl.com
127.0.0.1      s1.gong2008.com
127.0.0.1      4b3ce56f9g.3f6e2cc5f0b.com
127.0.0.1      2be37c5f.3f6e2cc5f0b.com
127.0.0.1 c0mo.com
127.0.0.1 gxgxy.net
127.0.0.1 fg.pvs360.com
127.0.0.1 cw.pvs360.com
127.0.0.1 ta.pvs360.com
127.0.0.1 dl.pvs360.com
127.0.0.1 ok.sl8cjs.cn
127.0.0.1 union.daqi.com
127.0.0.1 121.15.247.22
127.0.0.1 61.155.140.4
127.0.0.1 444.gmwo07.com
127.0.0.1 333.gmwo07.com
127.0.0.1 222.gmwo07.com
127.0.0.1 111.gmwo07.com
127.0.0.1 www.zmjjjyy.cn
127.0.0.1 user9.78-10.net
127.0.0.1 haha.yaoyao09.com
127.0.0.1 www.noseqing.cn
127.0.0.1 219.129.239.251
127.0.0.1 61.164.118.208
127.0.0.1 nc.mskess.com
127.0.0.1 idc.windowsupdeta.cn
127.0.0.1 pvs360.com
127.0.0.1 sl8cjs.cn
127.0.0.1 my.531jx.cn
127.0.0.1 nx.51ylb.cn
127.0.0.1 llboss.com
127.0.0.1 windowsupdeta.cn
127.0.0.1 up.22x44.com
127.0.0.1 d2.llsging.com
127.0.0.1 down.malasc.cn
127.0.0.1 wg.47255.com
127.0.0.1 www.tomwg.com
127.0.0.1 tp.shpzhan.cn
127.0.0.1 www.22aaa.com
127.0.0.1 ilove.com
127.0.0.1 xxx.mmma.biz
127.0.0.1 171817.171817.com
127.0.0.1 www.868wg.com
127.0.0.1 yu.8s7.net
127.0.0.1 1.jopmmqq.com
127.0.0.1 cao.kv8.info
127.0.0.1 xtx.kv8.info
127.0.0.1 new.749571.com
127.0.0.1 xxx.vh7.biz
127.0.0.1 d.93se.com
127.0.0.1 3.joppnqq.com
127.0.0.1 xxx.j41m.com
127.0.0.1 xxx.m111.biz
127.0.0.1 down.18dd.net
127.0.0.1 www.333292.com
127.0.0.1 1.jopenqc.com
127.0.0.1 qqq.hao1658.com
127.0.0.1 qqq.dzydhx.com
127.0.0.1 www.cike007.cn
127.0.0.1 www.exiao01.com
127.0.0.1 1.jopanqc.com
127.0.0.1 www.exiao01.com
127.0.0.1 xx.exiao01.com

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 1004, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1584, C:\WINDOWS\SYSTEM32\NVSVC32.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2280, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\SR-ENGLDR.EXE]

==================================
计划任务
N/A

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

C:\WINDOWS\system32\Drivers\001c6d29.sys

上传病毒样本到可疑文件交流区，地址为：http://bbs.ikaka.com/showforum-20002.aspx
或者直接发送给瑞星的邮件服务中心【病毒样本】地址为：http://mailcenter.rising.com.cn/uploadnew.aspx

hosts文件被修改，可使用卡卡助手-高级工具-系统修复来恢复。