本来是2006版瑞星，自动升级到2007后，某天开机之后小伞没有了，从程序开始运行瑞星杀毒软件，显示文件或目录\windows\prefetch\rav.exe-00c623bc.pf已损坏且无法读取。我想卸载重装，但是卸载不了。安全模式一进去就蓝屏。怎么办啊，各位达人帮忙啊！
HijackThis_815汉化版扫描日志 V1.99.1
保存于      16:12:13, 日期 2006-12-25
操作系统：  Windows XP SP2 (WinNT 5.01.2600)
浏览器：    Unable to get Internet Explorer version!

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\rising\rfw\RfwMain.exe
C:\PROGRA~1\M&WXMI~1\CertRegX.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Rising\AntiSpyware\runiep.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ntfis.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
c:\windows\imapi.exe
C:\Program Files\Rising\AntiSpyware\Ras.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\user\桌面\HijackThis1991zww.exe

O1 - Hosts: 127.0.0.2 localhost
O2 - BHO: (no name) - RsAutorunsDisabled - (no file)
O2 - BHO: (no name) - {C14393E1-95FF-4DFF-9BE0-EA008D4EF930} - (no file)
O3 - IE工具栏增项: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\windows\system32\KakaTool.dll
O4 - 启动项HKLM\\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - 启动项HKLM\\Run: [ekeyman_csp_user] C:\PROGRA~1\M&WXMI~1\CertRegX.exe
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - 启动项HKLM\\Run: [nwiz] nwiz.exe /install
O4 - 启动项HKLM\\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - 启动项HKLM\\Run: [runeip] C:\Program Files\Rising\AntiSpyware\runiep.exe
O4 - 启动项HKLM\\RunOnce: [KKDelay] C:\Program Files\Rising\AntiSpyware\RunOnce.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - 浏览器额外的按钮: 番茄花园 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://tomatolei.com (file missing)
O9 - 浏览器额外的按钮: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - 浏览器额外的“工具”菜单项: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) - https://www.sz1.cmbchina.com/download/CMBEdit.cab
O16 - DPF: {26BCA338-BB94-4E8F-A082-3E5735875B79} (CMBSafeHelper Class) - http://www.sz1.cmbchina.com/download/CMBGUARD.cab
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/1007/aliedit.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://zebrap.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab
O18 - 列举现有的协议: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - NT 服务: Performance Moniter (MOVEESS) - Unknown owner - C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE (file missing)
O23 - NT 服务: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - NT 服务: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - NT 服务: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe

引用:

【水树雨下的贴子】c:\windows\imapi.exe 扫System Repair Engineer日志上来 ………………

在线查毒发现imapi.exe有病毒阿。另外System Repair Engineer日志怎么扫描？？

2006-12-26,08:55:44

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件


启动项目


注册表

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
(ctfmon.exe)(C:\WINDOWS\system32\ctfmon.exe) [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
(load)() [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
(NeroCheck)(C:\WINDOWS\system32\NeroCheck.exe) [Ahead Software Gmbh]
(ekeyman_csp_user)(C:\PROGRA~1\M&WXMI~1\CertRegX.exe) [M&W]
(TkBellExe)("C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot) [RealNetworks, Inc.]
(nwiz)(nwiz.exe /install) [(Verified)NVIDIA Corporation]
(RfwMain)("C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup) [Beijing Rising Technology Co., Ltd.]
(RavTask)("C:\Program Files\Rising\Rav\RavTask.exe" -system) [Beijing Rising Technology Co., Ltd.]
(KernelFaultCheck)(%systemroot%\system32\dumprep 0 -k) [N/A]
(runeip)(C:\Program Files\Rising\AntiSpyware\runiep.exe) [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(shell)(Explorer.exe) [(Verified)Microsoft Corporation]
(Userinit)(C:\WINDOWS\system32\userinit.exe,) [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
(AppInit_DLLs)() [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(UIHost)("\Program Files\Logonui\Royale.exe") [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
({32CD708B-60A7-4C00-9377-D73EAA495F0F})(C:\windows\system32\RavExt.dll) [Beijing Rising Technology Co., Ltd.]

启动文件夹

[Adobe Gamma Loader]
(C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Gamma Loader.lnk --) C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.])(N)



--------------------------------------------------------------------------------



服务

[File Replication / File Replication][Running/Auto Start]
(C:\WINDOWS\system32\ntfis.exe)(Microsoft Corporation)
[Human Interface Device Access / HidServ][Stopped/Disabled]
(C:\WINDOWS\System32\svchost.exe -k netsvcs--)%SystemRoot%\System32\hidserv.dll)(N/A)
[Spectrum24 Events Monitor / IPRIP][Stopped/Auto Start]
(C:\WINDOWS\System32\svchost.exe -k netsvcs--)C:\WINDOWS\system32\acss.dll)(N/A)
[Performance Moniter / MOVEESS][Stopped/Auto Start]
(C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE C:\WINDOWS\SYSTEM32\WBEM\WEUMEX98.DLL,Export 1087)(N/A)
[Storage Center / NtStub][Stopped/Auto Start]
(C:\WINDOWS\System32\svchost.exe -k netsvcs--)C:\WINDOWS\system32\bnvceb73.dll)(N/A)
[NVIDIA Driver Helper Service / NVSvc][Running/Auto Start]
(C:\WINDOWS\system32\nvsvc32.exe)(NVIDIA Corporation)
[Rising Proxy Service / RfwProxySrv][Stopped/Manual Start]
(c:\program files\rising\rfw\rfwproxy.exe)(Beijing Rising Technology Co., Ltd.)
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
(c:\program files\rising\rfw\rfwsrv.exe)(Beijing Rising Technology Co., Ltd.)
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
("C:\Program Files\Rising\Rav\CCenter.exe")(Beijing Rising Technology Co., Ltd.)
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
("C:\Program Files\Rising\Rav\Ravmond.exe")(Beijing Rising Technology Co., Ltd.)



--------------------------------------------------------------------------------



驱动程序

[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]
(system32\drivers\ac97intc.sys)(Intel Corporation)
[ADProt / ADProt][Stopped/System Start]
(\SystemRoot\system32\drivers\ADProt.sys)(N/A)
[AliIde / AliIde][Stopped/Boot Start]
(\SystemRoot\System32\DRIVERS\aliide.sys)(N/A)
[aswbxx97 / aswbxx97][Stopped/Manual Start]
(\??\C:\WINDOWS\system32\drivers\aswbxx97.sys)(N/A)
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
(System32\DRIVERS\BaseTDI.SYS)(Beijing Rising Technology Co., Ltd.)
[benntu20 / benntu20][Stopped/Manual Start]
(\??\C:\WINDOWS\system32\drivers\benntu20.sys)(N/A)
[CmdIde / CmdIde][Running/Boot Start]
(\SystemRoot\System32\DRIVERS\cmdide.sys)(CMD Technology, Inc.)
[ExpScaner / ExpScaner][Running/Auto Start]
(\??\C:\Program Files\Rising\Rav\ExpScan.sys)()
[D-Link DFE-530TX PCI Fast Ethernet Adapter Driver Service / FETNDISB][Running/Manual Start]
(system32\DRIVERS\dlkfet5b.sys)(D-Link)
[HookCont / HookCont][Running/Auto Start]
(\??\C:\Program Files\Rising\Rav\HOOKCONT.sys)(Rising)
[HookReg / HookReg][Running/Auto Start]
(\??\C:\Program Files\Rising\Rav\HookReg.sys)()
[HookSys / HookSys][Running/Auto Start]
(\??\C:\Program Files\Rising\Rav\HookSys.sys)(Rising)
[HookUrl / HookUrl][Running/Auto Start]
(\??\C:\Program Files\Rising\Rfw\HookUrl.sys)(Beijing Rising Technology Co., Ltd.)
[MegaIDE / MegaIDE][Running/Boot Start]
(\SystemRoot\System32\DRIVERS\MegaIDE.sys)(LSI Logic Corporation.)
[MEMSCAN / MEMSCAN][Running/Auto Start]
(\??\C:\Program Files\Rising\Rav\MEMSCAN.sys)(瑞星软件有限公司)
[mProcRs / mProcRs][Running/Auto Start]
(\??\c:\program files\rising\rfw\mProcRs.sys)(Beijing Rising Technology Co., Ltd.)
[npkcrypt / npkcrypt][Running/Auto Start]
(\??\C:\Program Files\Tencent\QQ\npkcrypt.sys)(INCA Internet Co., Ltd.)
[nv / nv][Running/Manual Start]
(system32\DRIVERS\nv4_mini.sys)(NVIDIA Corporation)
[pacdcacm / pacdcacm][Stopped/Manual Start]
(system32\DRIVERS\pacdcacm.sys)(Panasonic)
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
(system32\DRIVERS\ptilink.sys)(Parallel Technologies, Inc.)
[RsFwDrv / RsFwDrv][Running/Auto Start]
(\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys)(Beijing Rising Technology Co., Ltd.)
[RsNTGDI / RsNTGDI][Running/Boot Start]
(\SystemRoot\system32\Drivers\RsNTGdi.sys)(Beijing Rising Technology Co., Ltd.)
[RSPPSYS / RSPPSYS][Running/Auto Start]
(\??\C:\Program Files\Rising\Rav\RSPPSYS.sys)(Rising)
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
(system32\DRIVERS\RTL8139.SYS)(Realtek Semiconductor Corporation)
[Secdrv / Secdrv][Stopped/Manual Start]
(system32\DRIVERS\secdrv.sys)(N/A)
[StarForce Protection Environment Driver (version 1.x) / sfdrv01][Running/Boot Start]
(\SystemRoot\System32\drivers\sfdrv01.sys)(Protection Technology (StarForce))
[StarForce Protection Helper Driver (version 2.x) / sfhlp02][Running/Boot Start]
(\SystemRoot\System32\drivers\sfhlp02.sys)(Protection Technology (StarForce))
[StarForce Protection Synchronization Driver (version 4.x) / sfsync04][Running/Boot Start]
(\SystemRoot\System32\drivers\sfsync04.sys)(Protection Technology (StarForce))
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
(system32\DRIVERS\SONYPVU1.SYS)(Sony Corporation)
[squell1 / squell1][Stopped/Manual Start]
(\??\C:\DOCUME~1\user\LOCALS~1\Temp\winrar.sys)(N/A)
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
(system32\DRIVERS\tcpip.sys)(Microsoft Corporation)
[USB eKey / UsbKDev][Stopped/Manual Start]
(system32\DRIVERS\UsbKDev.sys)(Mingwah Aohan High Technology Corp.)
[ViaIde / ViaIde][Running/Boot Start]
(\SystemRoot\system32\DRIVERS\viaide.sys)(Microsoft Corporation)
[xfjhdl75 / xfjhdl75][Stopped/Manual Start]
(\??\C:\WINDOWS\system32\drivers\xfjhdl75.sys)(N/A)
[XPROTECTOR / XPROTECTOR][Running/System Start]
(\??\C:\WINDOWS\system32\drivers\Oreans.sys)(N/A)

浏览器加载项

[番茄花园]
{6096E38F-5AC1-4391-8EC4-75DFA92FB32F} (http://tomatolei.com, N/A)
[FlashGet]
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} (C:\PROGRA~1\FLASHGET\flashget.exe, Amaze Soft)
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} (C:\windows\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.)
[Edit Class]
{0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (C:\WINDOWS\system32\CMBEdit.dll, )
[CMBSafeHelper Class]
{26BCA338-BB94-4E8F-A082-3E5735875B79} (C:\windows\system32\CMBGUARD.dll, )
[CEditCtrl Object]
{488A4255-3236-44B3-8F27-FA1AECAA8844} (C:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com)
[MSN Photo Upload Tool]
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} (C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, Microsoft? Corporation)
[Rising Web Scan Object]
{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.)
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} (C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation)
[卡卡上网安全助手]
{AFF6E516-CBE5-4F8A-9C2F-38A68013E766} (C:\windows\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.)
[Adobe Acrobat Control for ActiveX]
{CA8A9780-280D-11CF-A24D-444553540000} (C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\ActiveX\pdf.ocx, Adobe Systems Incorporated)
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} (C:\windows\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.)
[Rising Web Scan Object]
{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.)



--------------------------------------------------------------------------------



正在运行的进程

[PID: 544][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 620][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 656][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 700][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 712][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 872][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 940][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1080][C:\Program Files\Rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 1096][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1176][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1224][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1252][C:\Program Files\Rising\Rav\Ravmond.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 39]
[C:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 6]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\Rav\RsPPsys.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 1456][c:\program files\rising\rfw\rfwsrv.exe] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 33]
[c:\program files\rising\rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 13]
[c:\program files\rising\rfw\rfwlog.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 6]
[c:\program files\rising\rfw\Rfwdrv.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 21]
[c:\program files\rising\rfw\MonDrv.dll] [rs, 1, 0, 0, 4]
[c:\program files\rising\rfw\ProcLib.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 9]
[PID: 1604][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
[C:\Program Files\WinRAR\rarext.dll] [N/A, N/A]
[C:\Program Files\ACDSee\picaview.dll] [ACD Systems, Ltd., 2, 0, 0, 78]
[C:\Program Files\ACDSee\PlugIns\IDE_ACDStd.apl] [ACD Systems, Ltd., 1, 3, 4, 22]
[PID: 1724][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1776][C:\WINDOWS\System32\SCardSvr.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1960][C:\PROGRA~1\M&WXMI~1\CertRegX.exe] [M&W, 2, 0, 0, 1]
[C:\WINDOWS\system32\xcsp_eclib.dll] [M&W L.t.d, 2, 4, 14, 9]
[C:\WINDOWS\system32\HookDev.dll] [mw, 2, 3, 14, 2]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
[PID: 1972][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.1622]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
[PID: 1996][C:\Program Files\Rising\Rfw\rfwmain.exe] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 52]
[C:\Program Files\Rising\Rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 23]
[C:\Program Files\Rising\Rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\Program Files\Rising\Rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
[PID: 2032][C:\Program Files\Rising\AntiSpyware\runiep.exe] [Beijing Rising Technology Co., Ltd., 1, 0, 1, 3]
[C:\Program Files\Rising\AntiSpyware\iep_ctrl.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
[PID: 104][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
[PID: 428][C:\WINDOWS\system32\ntfis.exe] [Microsoft Corporation, 5, 2, 3790, 1830]
[PID: 472][C:\WINDOWS\system32\nvsvc32.exe] [NVIDIA Corporation, 6.13.10.2942]
[PID: 504][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1368][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3748][c:\windows\imapi.exe] [Microsoft Corporation, 1.0.0.1]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
[PID: 4048][C:\Program Files\Common Files\Real\Update_OB\realevent.exe] [RealNetworks, Inc., 0.1.0.1622]
[C:\WINDOWS\system32\PNCRT.dll] [Real Networks, Inc, 6.0.0.0]
[C:\Program Files\Common Files\Real\Update_OB\rnms3270.dll] [RealNetworks, Inc., 7.0.0.1452]
[C:\Program Files\Common Files\Real\Common\objb3201.dll] [RealNetworks, Inc., 0.1.0.3389]
[C:\Program Files\Common Files\Real\RCAPlugins\uisy3201.dll] [RealNetworks, Inc., 0.1.0.1760]
[C:\Program Files\Common Files\Real\Update_OB\rnad3201.dll] [RealNetworks, Inc., 0.1.0.1622]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
[C:\Program Files\Common Files\Real\Update_OB\rnqu3270.dll] [RealNetworks, Inc., 7.0.0.1685]
[C:\Program Files\Common Files\Real\Update_OB\setu3270.dll] [RealNetworks, Inc., 7.0.0.2311]
[C:\Program Files\Common Files\Real\Plugins\http3260.dll] [RealNetworks, Inc., 6.0.7.4278]
[PID: 2472][C:\Documents and Settings\user\桌面\sreng2\SREng.EXE] [Smallfrogs Studio, 2.3.13.690]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]



--------------------------------------------------------------------------------



文件关联

.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]



--------------------------------------------------------------------------------



Winsock 提供者

N/A



--------------------------------------------------------------------------------



Autorun.inf

N/A

在线查到好多木马病毒阿，但是瑞星死翘翘阿！

怎么办啊~~~~~~~~~~~~~~~~~~~~~~~~~~~~

救救我啊！

救命啊！！！！各位高人！！！！！救我瑞星啊！！！！

引用:

【afkp4e7的贴子】你要确定毒已杀掉 用瑞星自己的修复功能修一下就好了 如果修完扇还不绿去检查瑞星那两龇袷欠袷亲远刺? ………………

没有杀掉毒，因为瑞星都没有用了，我拿什么杀？？？？？？