今天上网时,瑞星突然闪了下,感觉不好,中毒了!
然后有个程序 #.exe 要上网,被瑞星防火墙拦截了.
请问 这个#.exe是什么病毒?还是一个病毒下载器??
谢谢

tt

用Autoruns保存一个日志发上来
日志保存方法:选择File->Save菜单项
保存日志时注意选择Options->Hide Microsoft Entries菜单项(设置了这项后点工具栏的刷新按钮)

工具使用参考http://forum.ikaka.com/topic.asp?board=28&artid=7318038第14楼

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit           

+ C:\WINDOWS\system32\userinit.exe    Userinit Logon Application    Microsoft Corporation    c:\windows\system32\userinit.exe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell           

+ Explorer.exe    Windows Explorer    Microsoft Corporation    c:\windows\explorer.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run           

+ ICQ Lite            File not found: ;

+ IMJPMIG8.1    Microsoft IME    Microsoft Corporation    c:\windows\ime\imjp8_1\imjpmig.exe

+ iparmor            File not found: ;

+ KernelFaultCheck    Windows Error Reporting Dump Reporting Tool    Microsoft Corporation    c:\windows\system32\dumprep.exe

+ LenSoft            File not found: ;

+ Lskbdrv            File not found: ;

+ NvCplDaemon    NVIDIA Display Properties Extension    NVIDIA Corporation    c:\windows\system32\nvcpl.dll

+ nwiz    NVIDIA nView Wizard, Version 43.51     NVIDIA Corporation    c:\windows\system32\nwiz.exe

+ PHIME2002A    微軟新注音輸入法 2002a    Microsoft Corporation    c:\windows\system32\ime\tintlgnt\tintsetp.exe

+ PHIME2002ASync    微軟新注音輸入法 2002a    Microsoft Corporation    c:\windows\system32\ime\tintlgnt\tintsetp.exe

+ RavMon    RavMon Rising realtime monitor     Beijing Rising Technology Co., Ltd.    c:\program files\rising\rav\ravmon.exe

+ RavTimer    RavTimer    Beijing Rising Technology Co., Ltd.    c:\program files\rising\rav\ravtimer.exe

+ RfwMain    Rising Personal FireWall Main Program    Beijing Rising Technology Corporation Limited    c:\program files\rising\rfw\rfwmain.exe

+ SoundMan    Realtek Sound Manager    Realtek Semiconductor Corp.    c:\windows\soundman.exe

+ Super Rabbit SafeEdit    Super Rabbit Safe File Client    Super Rabbit Soft    d:\program files\super rabbit\magicset\srfc.exe

+ Super Rabbit SRRestore        Super Rabbit Soft    d:\program files\super rabbit\magicset\srrest.exe

+ TkBellExe    RealNetworks Scheduler    RealNetworks, Inc.    c:\program files\common files\real\update_ob\realsched.exe

C:\Documents and Settings\All Users\「开始」菜单\程序\启动           

+ Adobe Gamma Loader.lnk    Adobe Gamma Loader    Adobe Systems, Inc.    c:\program files\common files\adobe\calibration\adobe gamma loader.exe

+ Microsoft Office.lnk    Microsoft Office 2000 component    Microsoft Corporation    d:\program files\microsoft office\office\osa9.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run           

+ ctfmon.exe    CTF Loader    Microsoft Corporation    c:\windows\system32\ctfmon.exe

+ RoboForm            File not found: ;

HKLM\System\CurrentControlSet\Services           

+ AudioSrv    管理基于 Windows 的程序的音频设备。如果此服务被终止，音频设备及其音效将不能正常工作。如果此服务被禁用，任何依赖它的服务将无法启动。    Microsoft Corporation    c:\windows\system32\svchost.exe

+ Browser    维护网络上计算机的更新列表，并将列表提供给计算机指定浏览。如果服务停止，列表不会被更新或维护。如果服务被禁用，任何直接依赖于此服务的服务将无法启动。    Microsoft Corporation    c:\windows\system32\svchost.exe

+ CryptSvc    提供三种管理服务: 编录数据库服务，它确定 Windows 文件的签字; 受保护的根服务，它从此计算机添加和删除受信根证书机构的证书;和密钥(Key)服务，它帮助注册此计算机获取证书。如果此服务被终止，这些管理服务将无法正常运行。如果此服务被禁用，任何依赖它的服务将无法启动。    Microsoft Corporation    c:\windows\system32\svchost.exe

+ Dhcp    通过注册和更改 IP 地址以及 DNS 名称来管理网络配置。    Microsoft Corporation    c:\windows\system32\svchost.exe

+ Dnscache    为此计算机解析和缓冲域名系统 (DNS) 名称。如果此服务被停止，计算机将不能解析 DNS 名称并定位 Active Directory 域控制器。如果此服务被禁用，任何明确依赖它的服务将不能启动。    Microsoft Corporation    c:\windows\system32\svchost.exe

+ Eventlog    启用在事件查看器查看基于 Windows 的程序和组件颁发的事件日志消息。无法终止此服务。    Microsoft Corporation    c:\windows\system32\services.exe

+ ewido security suite control    ewido control    ewido networks    d:\program files\ewido\security suite\ewidoctrl.exe

+ ewido security suite guard    guard    ewido networks    d:\program files\ewido\security suite\ewidoguard.exe

+ helpsvc    启用在此计算机上运行帮助和支持中心。如果停止服务，帮助和支持中心将不可用。如果禁用服务，任何直接依赖于此服务的服务将无法启动。    Microsoft Corporation    c:\windows\system32\svchost.exe

+ ImapiService    用 Image Mastering Applications Programming Interface (IMAPI) 管理 CD 录制。如果停止该服务，这台计算机将无法录制  CD。如果该服务被停用，任何依靠它的服务都无法启动。    Microsoft Corporation    c:\windows\system32\imapi.exe

+ lanmanserver    支持此计算机通过网络的文件、打印、和命名管道共享。如果服务停止，这些功能不可用。如果服务被禁用，任何直接依赖于此服务的服务将无法启动。    Microsoft Corporation    c:\windows\system32\svchost.exe

+ lanmanworkstation    创建和维护到远程服务的客户端网络连接。如果服务停止，这些连接将不可用。如果服务被禁用，任何直接依赖于此服务的服务将无法启动。    Microsoft Corporation    c:\windows\system32\svchost.exe

+ NVSvc    NVIDIA Driver Helper Service, Version 43.51    NVIDIA Corporation    c:\windows\system32\nvsvc32.exe

+ PlugPlay    使计算机在极少或没有用户输入的情况下能识别并适应硬件的更改。终止或禁用此服务会造成系统不稳定。    Microsoft Corporation    c:\windows\system32\services.exe

+ ProtectedStorage    提供对敏感数据(如私钥)的保护性存储，以便防止未授权的服务，过程或用户对其的非法访问。    Microsoft Corporation    c:\windows\system32\lsass.exe

+ RfwService    Rising Personal Firewall Service    Beijing Rising Technology Corporation Limited    c:\program files\rising\rfw\rfwsrv.exe

+ RpcSs    提供终结点映射程序 (endpoint mapper) 以及其它 RPC 服务。    Microsoft Corporation    c:\windows\system32\svchost.exe

+ RsCCenter    CCenter    rising    c:\program files\rising\rav\ccenter.exe

+ RsRavMon    RavMon    Beijing Rising Technology Co., Ltd.    c:\program files\rising\rav\ravmond.exe

+ SamSs    存储本地用户帐户的安全信息。    Microsoft Corporation    c:\windows\system32\lsass.exe

+ Schedule    使用户能在此计算机上配置和制定自动任务的日程。如果此服务被终止，这些任务将无法在日程时间里运行。如果此服务被禁用，任何依赖它的服务将无法启动。    Microsoft Corporation    c:\windows\system32\svchost.exe

+ SENS    跟踪系统事件，如登录 Windows，网络以及电源事件等。将这些事件通知给 COM+ 事件系统 “订阅者(subscriber)”。    Microsoft Corporation    c:\windows\system32\svchost.exe

+ SharedAccess    为家庭或小型办公网络提供网络地址转换，定址以及名称解析和/或防止入侵服务。    Microsoft Corporation    c:\windows\system32\svchost.exe

+ ShellHWDetection    Generic Host Process for Win32 Services    Microsoft Corporation    c:\windows\system32\svchost.exe

+ srservice    执行系统还原功能。 要停止服务，请从“我的电脑”的属性中的系统还原选项卡关闭系统还原    Microsoft Corporation    c:\windows\system32\svchost.exe

+ Themes    为用户提供使用主题管理的经验。    Microsoft Corporation    c:\windows\system32\svchost.exe

+ winmgmt    提供共同的界面和对象模式以便访问有关操作系统、设备、应用程序和服务的管理信息。如果此服务被终止，多数基于 Windows 的软件将无法正常运行。如果此服务被禁用，任何依赖它的服务将无法启动。    Microsoft Corporation    c:\windows\system32\svchost.exe

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components           

+ Internet Explorer    Windows NT User Data Migration Tool    Microsoft Corporation    c:\windows\system32\shmgrate.exe

+ Internet Explorer 6    IE 5.0 Per-User Install Utility    Microsoft Corporation    c:\windows\system32\ie4uinit.exe

+ Microsoft Outlook Express 6    Outlook Express Setup Library    Microsoft Corporation    c:\program files\outlook express\setup50.exe

+ Microsoft Windows Media Player    Microsoft Windows Media Player 安装实用程序    Microsoft Corporation    c:\windows\inf\unregmp2.exe

+ Microsoft Windows Media Player    ADVPACK    Microsoft Corporation    c:\windows\system32\advpack.dll

+ NetMeeting 3.01    ADVPACK    Microsoft Corporation    c:\windows\system32\advpack.dll

+ Outlook Express    Windows NT User Data Migration Tool    Microsoft Corporation    c:\windows\system32\shmgrate.exe

+ Themes Setup    Microsoft(C) Register Server    Microsoft Corporation    c:\windows\system32\regsvr32.exe

+ Windows Messenger    ADVPACK    Microsoft Corporation    c:\windows\system32\advpack.dll

+ Windows 桌面更新    Microsoft(C) Register Server    Microsoft Corporation    c:\windows\system32\regsvr32.exe

+ 通讯簿 6    Outlook Express Setup Library    Microsoft Corporation    c:\program files\outlook express\setup50.exe

+ 浏览器自定义组件    Microsoft Internet Explorer Customization DLL    Microsoft Corporation    c:\windows\system32\iedkcs32.dll

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler           

+ Browseui 预加载程序    Shell Browser UI Library    Microsoft Corporation    c:\windows\system32\browseui.dll

+ 组件类别缓存程序    Shell Browser UI Library    Microsoft Corporation    c:\windows\system32\browseui.dll

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad           

+ CDBurn    Windows Shell Common Dll    Microsoft Corporation    c:\windows\system32\shell32.dll

+ PostBootReminder    Windows Shell Common Dll    Microsoft Corporation    c:\windows\system32\shell32.dll

+ SysTray    Systray shell service object    Microsoft Corporation    c:\windows\system32\stobject.dll

+ WebCheck    Web Site Monitor    Microsoft Corporation    c:\windows\system32\webcheck.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

+ ewido shell guardd:\program files\ewido\security suite\shellhook.dll

+ shell32.dllWindows Shell Common DllMicrosoft Corporationc:\windows\system32\shell32.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ GDI+ 文件缩略图解压缩程序Windows 图片和传真查看器Microsoft Corporationc:\windows\system32\shimgvw.dll

+ HTML 缩略图的解压缩程序Windows 图片和传真查看器Microsoft Corporationc:\windows\system32\shimgvw.dll

+ PicaViewFile not found: d:\Program Files\ACDSee\picaview.dll

+ ScriptDropShellExtRoboEnhancer ScriptDropShellExt Moduled:\program files\acd systems\roboenhancer\scriptdropshellext.dll

+ Shell Image Data FactoryWindows 图片和传真查看器Microsoft Corporationc:\windows\system32\shimgvw.dll

+ Shell Image Property HandlerWindows 图片和传真查看器Microsoft Corporationc:\windows\system32\shimgvw.dll

+ Shell Image VerbsWindows 图片和传真查看器Microsoft Corporationc:\windows\system32\shimgvw.dll

+ 摘要信息缩略图处理程序(DOCFILES)Windows 图片和传真查看器Microsoft Corporationc:\windows\system32\shimgvw.dll

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ Web 文件夹c:\program files\common files\microsoft shared\web folders\msonsext.dll

HKLM\Software\Classes\Folder\Shellex\ColumnHandlers

+ {0D2E74C4-3C34-11d2-A27E-00C04FC30871}Windows Shell Common DllMicrosoft Corporationc:\windows\system32\shell32.dll

+ {24F14F01-7B1C-11d1-838f-0000F80461CF}Windows Shell Common DllMicrosoft Corporationc:\windows\system32\shell32.dll

+ {24F14F02-7B1C-11d1-838f-0000F80461CF}Windows Shell Common DllMicrosoft Corporationc:\windows\system32\shell32.dll

+ {66742402-F9B9-11D1-A202-0000F81FEDEE}Windows Shell Common DllMicrosoft Corporationc:\windows\system32\shell32.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

+ Google Toolbar HelperGoogle IE 客户端工具栏Google Inc.c:\program files\google\googletoolbar1.dll

+ IeCatch2 Classjccatch ModuleAmaze Softd:\program files\flashget\jccatch.dll

+ ltmenu Classmenu Module北京莲塘软件技术有限公司c:\program files\ltucx\1002\c0.dll

+ QQBrowserHelperObject ClassQQIEHelper Module深圳市腾讯计算机系统有限公司d:\program files\tencent2005\qq\qqiehelper.dll

+ {724d43a9-0d85-11d4-9908-00400523e39a}RoboForm Main ModuleSiber Systemsc:\program files\siber systems\ai roboform\roboform.dll

HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks

+ toolbaru.dllToolbarICQ Inc.d:\program files\icqtoolbar\toolbaru.dll

HKLM\Software\Microsoft\Internet Explorer\Toolbar

+ FlashGet BarFlashGet IE BarAmaze Softd:\program files\flashget\fgiebar.dll

HKLM\Software\Microsoft\Internet Explorer\Extensions

+ &FlashGetFlashGetAmaze Softd:\program files\flashget\flashget.exe

+ ICQ LiteICQLiteICQ Ltd.d:\program files\icqlite\icqlite.exe

+ RoboForm 工具栏(&2)c:\program files\siber systems\ai roboform\roboformcomshowtoolbar.html

+ 视频聊天File not found: http://www.liantang.net

+ 腾讯QQQQTENCENTd:\program files\tencent2005\qq\qq.exe

+ 中学作业File not found: http://www.xunlun.com

HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute

+ autocheck autochk *Auto Check UtilityMicrosoft Corporationc:\windows\system32\autochk.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

+ Your Image File Name Here without a pathSymbolic Debugger for Windows 2000Microsoft Corporationc:\windows\system32\ntsd.exe

HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls

+ advapi32Advanced Windows 32 Base APIMicrosoft Corporationc:\windows\system32\advapi32.dll

+ comdlg32Common Dialogs DLLMicrosoft Corporationc:\windows\system32\comdlg32.dll

+ gdi32GDI Client DLLMicrosoft Corporationc:\windows\system32\gdi32.dll

+ imagehlpWindows NT Image HelperMicrosoft Corporationc:\windows\system32\imagehlp.dll

+ kernel32Windows NT BASE API Client DLLMicrosoft Corporationc:\windows\system32\kernel32.dll

+ lz32LZ Expand/Compress API DLLMicrosoft Corporationc:\windows\system32\lz32.dll

+ ole32Microsoft OLE for WindowsMicrosoft Corporationc:\windows\system32\ole32.dll

+ oleaut32Microsoft OLE 3.50  for Windows NT(TM) and Windows 95(TM) Operating SystemsMicrosoft Corporationc:\windows\system32\oleaut32.dll

+ olecli32Object Linking and Embedding Client LibraryMicrosoft Corporationc:\windows\system32\olecli32.dll

+ olecnv32Microsoft OLE for WindowsMicrosoft Corporationc:\windows\system32\olecnv32.dll

+ olesvr32Object Linking and Embedding Server LibraryMicrosoft Corporationc:\windows\system32\olesvr32.dll

+ olethk32Microsoft OLE for WindowsMicrosoft Corporationc:\windows\system32\olethk32.dll

+ rpcrt4Remote Procedure Call RuntimeMicrosoft Corporationc:\windows\system32\rpcrt4.dll

+ shell32Windows Shell Common DllMicrosoft Corporationc:\windows\system32\shell32.dll

+ urlInternet Shortcut Shell Extension DLLMicrosoft Corporationc:\windows\system32\url.dll

+ urlmonOLE32 Extensions for Win32Microsoft Corporationc:\windows\system32\urlmon.dll

+ user32Windows XP USER API Client DLLMicrosoft Corporationc:\windows\system32\user32.dll

+ versionVersion Checking and File Installation LibrariesMicrosoft Corporationc:\windows\system32\version.dll

+ wininetInternet Extensions for Win32Microsoft Corporationc:\windows\system32\wininet.dll

+ wldap32Win32 LDAP API DLLMicrosoft Corporationc:\windows\system32\wldap32.dll

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

+ cscdllOffline Network AgentMicrosoft Corporationc:\windows\system32\cscdll.dll

+ ScCertPropCommon DLL to receive Winlogon notificationsMicrosoft Corporationc:\windows\system32\wlnotify.dll

+ ScheduleCommon DLL to receive Winlogon notificationsMicrosoft Corporationc:\windows\system32\wlnotify.dll

+ SensLognCommon DLL to receive Winlogon notificationsMicrosoft Corporationc:\windows\system32\wlnotify.dll

+ termsrvCommon DLL to receive Winlogon notificationsMicrosoft Corporationc:\windows\system32\wlnotify.dll

+ wlballoonCommon DLL to receive Winlogon notificationsMicrosoft Corporationc:\windows\system32\wlnotify.dll

HKCU\Control Panel\Desktop\Scrnsave.exe

+ C:\WINDOWS\System32\logon.scrLogon Screen SaverMicrosoft Corporationc:\windows\system32\logon.scr

HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{314C0CB5-8698-4992-BC98-2BEBBE452291}] DATAGRAM 0Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{314C0CB5-8698-4992-BC98-2BEBBE452291}] SEQPACKET 0Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{5EC351DA-18FB-4F39-86ED-AE612DCB14E6}] DATAGRAM 1Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{5EC351DA-18FB-4F39-86ED-AE612DCB14E6}] SEQPACKET 1Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{B3AF8641-66BF-4CB8-951D-B0A65FF71E77}] DATAGRAM 2Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{B3AF8641-66BF-4CB8-951D-B0A65FF71E77}] SEQPACKET 2Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll

+ MSAFD Tcpip [RAW/IP]c:\windows\system32\tcpipdog0.dll

+ MSAFD Tcpip [TCP/IP]c:\windows\system32\tcpipdog0.dll

+ MSAFD Tcpip [UDP/IP]c:\windows\system32\tcpipdog0.dll

+ RSVP TCP Service Providerc:\windows\system32\tcpipdogr0.dll

+ RSVP UDP Service Providerc:\windows\system32\tcpipdogr0.dll

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors

+ BJ Language MonitorLangage Monitor for Canon Bubble-Jet PrinterMicrosoft Corporationc:\windows\system32\cnbjmon.dll

+ Local PortLocal Spooler DLLMicrosoft Corporationc:\windows\system32\localspl.dll

+ PJL Language MonitorPJL Language monitorMicrosoft Corporationc:\windows\system32\pjlmon.dll

+ Standard TCP/IP PortStandard TCP/IP Port Monitor DLLMicrosoft Corporationc:\windows\system32\tcpmon.dll

+ USB MonitorStandard Dynamic Printing Port Monitor DLLMicrosoft Corporationc:\windows\system32\usbmon.dll

保存日志时注意选择Options->Hide Microsoft Entries菜单项(设置了这项后点工具栏的刷新按钮)

sorry 刚刚忘刷新了,从新弄了一下

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ ICQ LiteFile not found: ;

+ iparmorFile not found: ;

+ LenSoftFile not found: ;

+ LskbdrvFile not found: ;

+ NvCplDaemonNVIDIA Display Properties ExtensionNVIDIA Corporationc:\windows\system32\nvcpl.dll

+ nwizNVIDIA nView Wizard, Version 43.51 NVIDIA Corporationc:\windows\system32\nwiz.exe

+ RavMonRavMon Rising realtime monitor Beijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravmon.exe

+ RavTimerRavTimerBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravtimer.exe

+ RfwMainRising Personal FireWall Main ProgramBeijing Rising Technology Corporation Limitedc:\program files\rising\rfw\rfwmain.exe

+ SoundManRealtek Sound ManagerRealtek Semiconductor Corp.c:\windows\soundman.exe

+ Super Rabbit SafeEditSuper Rabbit Safe File ClientSuper Rabbit Softd:\program files\super rabbit\magicset\srfc.exe

+ Super Rabbit SRRestoreSuper Rabbit Softd:\program files\super rabbit\magicset\srrest.exe

+ TkBellExeRealNetworks SchedulerRealNetworks, Inc.c:\program files\common files\real\update_ob\realsched.exe

C:\Documents and Settings\All Users\「开始」菜单\程序\启动

+ Adobe Gamma Loader.lnkAdobe Gamma LoaderAdobe Systems, Inc.c:\program files\common files\adobe\calibration\adobe gamma loader.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

+ RoboFormFile not found: ;

HKLM\System\CurrentControlSet\Services

+ ewido security suite controlewido controlewido networksd:\program files\ewido\security suite\ewidoctrl.exe

+ ewido security suite guardguardewido networksd:\program files\ewido\security suite\ewidoguard.exe

+ NVSvcNVIDIA Driver Helper Service, Version 43.51NVIDIA Corporationc:\windows\system32\nvsvc32.exe

+ RfwServiceRising Personal Firewall ServiceBeijing Rising Technology Corporation Limitedc:\program files\rising\rfw\rfwsrv.exe

+ RsCCenterCCenterrisingc:\program files\rising\rav\ccenter.exe

+ RsRavMonRavMonBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravmond.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

+ ewido shell guardd:\program files\ewido\security suite\shellhook.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ PicaViewFile not found: d:\Program Files\ACDSee\picaview.dll

+ ScriptDropShellExtRoboEnhancer ScriptDropShellExt Moduled:\program files\acd systems\roboenhancer\scriptdropshellext.dll

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ Web 文件夹c:\program files\common files\microsoft shared\web folders\msonsext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

+ Google Toolbar HelperGoogle IE 客户端工具栏Google Inc.c:\program files\google\googletoolbar1.dll

+ IeCatch2 Classjccatch ModuleAmaze Softd:\program files\flashget\jccatch.dll

+ ltmenu Classmenu Module北京莲塘软件技术有限公司c:\program files\ltucx\1002\c0.dll

+ QQBrowserHelperObject ClassQQIEHelper Module深圳市腾讯计算机系统有限公司d:\program files\tencent2005\qq\qqiehelper.dll

+ {724d43a9-0d85-11d4-9908-00400523e39a}RoboForm Main ModuleSiber Systemsc:\program files\siber systems\ai roboform\roboform.dll

HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks

+ toolbaru.dllToolbarICQ Inc.d:\program files\icqtoolbar\toolbaru.dll

HKLM\Software\Microsoft\Internet Explorer\Toolbar

+ FlashGet BarFlashGet IE BarAmaze Softd:\program files\flashget\fgiebar.dll

HKLM\Software\Microsoft\Internet Explorer\Extensions

+ &FlashGetFlashGetAmaze Softd:\program files\flashget\flashget.exe

+ ICQ LiteICQLiteICQ Ltd.d:\program files\icqlite\icqlite.exe

+ RoboForm 工具栏(&2)c:\program files\siber systems\ai roboform\roboformcomshowtoolbar.html

+ 视频聊天File not found: http://www.liantang.net

+ 腾讯QQQQTENCENTd:\program files\tencent2005\qq\qq.exe

+ 中学作业File not found: http://www.xunlun.com

HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9

+ MSAFD Tcpip [RAW/IP]c:\windows\system32\tcpipdog0.dll

+ MSAFD Tcpip [TCP/IP]c:\windows\system32\tcpipdog0.dll

+ MSAFD Tcpip [UDP/IP]c:\windows\system32\tcpipdog0.dll

+ RSVP TCP Service Providerc:\windows\system32\tcpipdogr0.dll

+ RSVP UDP Service Providerc:\windows\system32\tcpipdogr0.dll

未看出来有啥问题
你机子有啥异常

没有任何异常
只是重要的东西 如网络银行等太多
所以格外小心
+ MSAFD Tcpip [RAW/IP]c:\windows\system32\tcpipdog0.dll

+ MSAFD Tcpip [TCP/IP]c:\windows\system32\tcpipdog0.dll

+ MSAFD Tcpip [UDP/IP]c:\windows\system32\tcpipdog0.dll

+ RSVP TCP Service Providerc:\windows\system32\tcpipdogr0.dll

+ RSVP UDP Service Providerc:\windows\system32\tcpipdogr0.dll
这应该是后门程序

我的1025端口老是是被打开的