我电脑里的EXE文件都是变成白框,没有花
C盘里出现Logo1_.EXE
用瑞星和农夫威金专杀都查不出问题.........瑞星监控也正常
而且我在打开XXX.EXE的时候会突然出现一个XXX.EXE.exe然后又消失掉



[CODE]

2007-01-11,23:22:10

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
    <ATIPTA><C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe>  [ATI Technologies, Inc.]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <RfwMain><"E:\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <RavTask><"E:\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <BigDogPath><C:\WINDOWS\VM_STI.EXE ZSMC USB PC Camera>  [N/A]
    <StormCodec_Helper><; "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti>  [N/A]
    <ISUSPM Startup><C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup>  [InstallShield Software Corporation]
    <ISUSScheduler><"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start>  [InstallShield Software Corporation]
    <load><C:\WINDOWS\uninstall\rundl132.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <RavStub><"E:\Rising\Rav\ravstub.exe" /RUNONCE>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <twin><C:\WINDOWS\system32\twunk32.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Corporation]

==================================
启动文件夹
N/A

==================================
服务
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
  <C:\WINDOWS\system32\Ati2evxx.exe><N/A>
[ATI Smart / ATI Smart][Stopped/Auto Start]
  <C:\WINDOWS\system32\ati2sgag.exe><>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Proxy  Service / RfwProxySrv][Stopped/Manual Start]
  <e:\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
  <e:\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"E:\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"E:\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Windows Media Player 网络共享服务 / WMPNetworkSvc][Stopped/Manual Start]
  <C:\Program Files\Windows Media Player\WMPNetwk.exe><Microsoft Corporation>

==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[ADProt / ADProt][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\ADProt.sys><N/A>
[ati2mtag / ati2mtag][Running/Manual Start]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[dtscsi / dtscsi][Running/Manual Start]
  <\SystemRoot\System32\Drivers\dtscsi.sys><N/A>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\E:\Rising\Rav\ExpScan.sys><>
[GMSIPCI / GMSIPCI][Stopped/Manual Start]
  <\??\D:\INSTALL\GMSIPCI.SYS><N/A>
[HookCont / HookCont][Running/Auto Start]
  <\??\E:\Rising\Rav\HOOKCONT.sys><Rising tech Co. ltd>
[HookReg / HookReg][Running/Auto Start]
  <\??\E:\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\E:\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\E:\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[kmsinput / kmsinput][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\kmsinput.sys><N/A>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\E:\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs][Running/Auto Start]
  <\??\e:\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\E:\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsFwDrv / RsFwDrv][Running/Auto Start]
  <\??\E:\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\E:\RISING\RAV\RSPPSYS.sys><Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Running/Auto Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[sptd / sptd][Running/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[ZSMC USB PC Camera / ZSMC301b][Stopped/Manual Start]
  <System32\Drivers\usbVM31b.sys><VM>

==================================
浏览器加载项
[NetAnts.IE.Monitor]
  {57E91B41-F40A-11D1-B792-444553540000} <C:\Program Files\NetAnts\AntAPI.dll, >
[浩方对战平台]
  {0A155D3C-68E2-4215-A47A-E800A446447A} <F:\HFGame3\Gameclient.exe, 上海浩方在线信息技术有限公司>
[NetAnts]
  {57E91B47-F40A-11D1-B792-444553540000} <C:\PROGRA~1\NETANTS\NetAnts.exe, N/A>
[联想]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.lenovo.com, N/A>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <E:\QQ\QQ.EXE, N/A>
[易趣购物]
  {DE607145-AC19-425e-862A-2D70ABDF119A} <http://click2.ad4all.net/url2/urlmanage/url.asp?id=5, N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[MMCPlayer Class]
  {05C1004E-2596-48E5-8E26-39362985EEB9} <C:\WINDOWS\Downloaded Program Files\MMCShell.dll, Sohu.com Inc.>
[Nexon Package Manager Control]
  {2931566C-B8A6-46C5-BF4D-E6AB9251E953} <C:\WINDOWS\nxpm.ocx, (c) Nexon>
[CEditCtrl Object]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com>
[MabinogiWebAvatarRenderer Class]
  {7623BE59-D4CF-4379-ABC4-B39E11854D66} <C:\WINDOWS\Downloaded Program Files\mabiwebframe.dll, devcat>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[MMCPlayer Class]
  {05C1004E-2596-48E5-8E26-39362985EEB9} <C:\WINDOWS\Downloaded Program Files\MMCShell.dll, Sohu.com Inc.>
[CEnroll Class]
  {127698E4-E730-4E5C-A2B1-21490A70C8A1} <C:\WINDOWS\system32\xenroll.dll, Microsoft Corporation>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[CNxConnCtrl Object]
  {25142CCA-6788-434C-80BB-B9026F4273A1} <C:\WINDOWS\nxconn3.ocx, Nexon>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[ctl4RA Class]
  {27984DB8-C851-439E-B625-81740482BE7C} <C:\WINDOWS\system32\PRINTC~1.DLL, INFOSEC Tech. corp>
[Nexon Package Manager Control]
  {2931566C-B8A6-46C5-BF4D-E6AB9251E953} <C:\WINDOWS\nxpm.ocx, (c) Nexon>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[Tabular Data Control]
  {333C7BC4-460F-11D0-BC04-0080C7055A83} <C:\WINDOWS\system32\tdc.ocx, Microsoft Corporation>
[HHCtrl Object]
  {41B23C28-488E-4E5C-ACE2-BB0BBABE99E8} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, N/A>
[CEditCtrl Object]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com>
[NetAnts.IE.Monitor]
  {57E91B41-F40A-11D1-B792-444553540000} <C:\Program Files\NetAnts\AntAPI.dll, >
[InfoSecNetSign Class]
  {62B938C4-4190-4F37-8CF0-A92B0A91CC77} <C:\WINDOWS\system32\NetSign.dll, Infosec Technologies Co., Ltd.>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[CCtInf Class]
  {6DBB2904-082D-4DB0-944A-21C22BA121F4} <C:\WINDOWS\system32\BANKCE~1.DLL, >
[MabinogiWebAvatarRenderer Class]
  {7623BE59-D4CF-4379-ABC4-B39E11854D66} <C:\WINDOWS\Downloaded Program Files\mabiwebframe.dll, devcat>
[RestrictWordCtrl Class]
  {7B030E2F-E210-4A1D-9837-861E9CB3B42A} <C:\WINDOWS\restrictword.ocx, TODO: <?? ??>>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[日历控件 11.0]
  {8E27C92B-1264-101C-8A2F-040224009C02} <C:\Program Files\Microsoft Office\OFFICE11\MSCAL.OCX, Microsoft Corporation>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
  {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
  {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[CPasswordEditCtrl Object]
  {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
[&Download by NetAnts]
  <C:\PROGRA~1\NETANTS\NAGet.htm, N/A>
[Download &All by NetAnts]
  <C:\PROGRA~1\NETANTS\NAGetAll.htm, N/A>
[上传到QQ网络硬盘]
  <E:\QQ\AddToNetDisk.htm, N/A>
[下载页面上的ED2(&K)链接]
  <E:\eMule\ed2k.html, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
  <E:\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <E:\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <E:\QQ\SendMMS.htm, N/A>
[用比特精灵下载(&B)]
  <F:\BitSpirit\bsurl.htm, N/A>

==================================
正在运行的进程
[PID: 488][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 544][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 568][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Ati2evxx.dll]  [N/A, N/A]
[PID: 616][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 628][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\w2pxdrv.dll]  [Proxy Labs, 3, 0, 0, 3]
[PID: 808][C:\WINDOWS\system32\Ati2evxx.exe]  [N/A, N/A]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2494]
[PID: 820][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 872][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\w2pxdrv.dll]  [Proxy Labs, 3, 0, 0, 3]
[PID: 940][E:\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 956][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\w2pxdrv.dll]  [Proxy Labs, 3, 0, 0, 3]
[PID: 1008][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\w2pxdrv.dll]  [Proxy Labs, 3, 0, 0, 3]
[PID: 1128][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\w2pxdrv.dll]  [Proxy Labs, 3, 0, 0, 3]
[PID: 1180][E:\Rising\Rav\Ravmond.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 1, 47]
    [E:\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [E:\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [E:\Rising\Rav\RsPPsys.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
    [E:\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [E:\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [E:\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [E:\Rising\Rav\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [E:\Rising\Rav\HOOKSYS.dll]  [Beijing Rising Technology Co., Ltd., 18, 1, 0, 12]
    [E:\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 33]
    [E:\Rising\Rav\libload.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
    [E:\Rising\Rav\VirusLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [E:\Rising\Rav\regmon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [E:\Rising\Rav\HookWeb.dll]  [rising, 18, 0, 0, 2]
    [E:\Rising\Rav\MemMon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
    [E:\Rising\Rav\expscan.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [E:\Rising\Rav\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
    [E:\Rising\Rav\MailMon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [E:\Rising\Rav\SpamEng.dll]  [N/A, 18, 0, 0, 6]
    [E:\Rising\Rav\engine.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 35]
    [C:\WINDOWS\system32\w2pxdrv.dll]  [Proxy Labs, 3, 0, 0, 3]
    [E:\Rising\Rav\PostTrt.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 18]
    [E:\Rising\Rav\UnExe.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [E:\Rising\Rav\ScanExec.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 16]
    [E:\Rising\Rav\ScanEx.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 44]
    [E:\Rising\Rav\RSUnpack.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 21]
    [E:\Rising\Rav\ExtFile.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 24]
    [E:\Rising\Rav\NvFile.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 7]
    [E:\Rising\Rav\ScanMac.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
    [E:\Rising\Rav\ScanSct.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 21]
    [E:\Rising\Rav\Unpacker.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 7]
    [E:\Rising\Rav\ScanNet.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [E:\Rising\Rav\ExtOLE.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [E:\Rising\Rav\ExtMail.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[PID: 1248][C:\WINDOWS\system32\Ati2evxx.exe]  [N/A, N/A]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2494]
[PID: 1304][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\NetAnts\AntAPI.dll]  [, 1, 25, 1, 0]
    [C:\WINDOWS\RichDll.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\w2pxdrv.dll]  [Proxy Labs, 3, 0, 0, 3]
    [E:\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 21]
    [C:\WINDOWS\system32\msdmo.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\tssoft32.acm]  [DSP GROUP, INC., 1.01]
    [C:\WINDOWS\system32\tsd32.dll]  [N/A, N/A]
[PID: 1392][e:\rising\rfw\rfwsrv.exe]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 33]
    [e:\rising\rfw\RfwRule.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 13]
    [e:\rising\rfw\rfwlog.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 6]
    [e:\rising\rfw\Rfwdrv.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 21]
    [e:\rising\rfw\MonDrv.dll]  [rs, 1, 0, 0, 4]
    [e:\rising\rfw\ProcLib.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 9]
[PID: 1520][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\vprproc.dll]  [Windows (R) 2000 DDK provider, 5.00.2195.1620]
[PID: 1620][E:\Rising\Rav\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 16]
    [E:\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [E:\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 1964][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 476][C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe]  [ATI Technologies, Inc., 6.14.10.5113]
    [C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll]  [ATI Technologies, Inc., 6.14.10.5113]
    [C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.CHS]  [ATI Technologies, Inc., 6.14.10.5113]
    [C:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll]  [ATI Technologies, Inc., 6.14.10.5113]
[PID: 984][E:\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 22]
    [E:\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [E:\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [E:\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [E:\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
[PID: 1004][C:\WINDOWS\VM_STI.EXE]  [VM., 4.2.610.4]
    [C:\WINDOWS\system32\msdmo.dll]  [N/A, N/A]
[PID: 1204][C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe]  [InstallShield Software Corporation, 3, 10, 100, 1146]
[PID: 1228][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2272][C:\WINDOWS\system32\wscntfy.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2292][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\w2pxdrv.dll]  [Proxy Labs, 3, 0, 0, 3]
[PID: 3444][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 592][E:\证券软件\国泰君安大智慧\internet\hypwise.exe]  [N/A, N/A]
    [C:\WINDOWS\system32\w2pxdrv.dll]  [Proxy Labs, 3, 0, 0, 3]
[PID: 3252][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3536]
[PID: 4048][E:\Rising\Rfw\rfwmain.exe]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 52]
    [E:\Rising\Rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 23]
    [E:\Rising\Rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [E:\Rising\Rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[PID: 1068][C:\WINDOWS\Logo1_.exe]  [N/A, N/A]
[PID: 4484][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\NetAnts\AntAPI.dll]  [, 1, 25, 1, 0]
    [C:\WINDOWS\system32\w2pxdrv.dll]  [Proxy Labs, 3, 0, 0, 3]
    [E:\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx]  [Adobe Systems, Inc., 9,0,16,0]
[PID: 1568][C:\WINDOWS\system32\cmd.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 5036][E:\Rising\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]
    [C:\WINDOWS\system32\w2pxdrv.dll]  [Proxy Labs, 3, 0, 0, 3]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
PROXYCAP MSAFD Tcpip [TCP/IP]
    w2pxdrv.dll(Proxy Labs, Winsock2 Proxy Driver)
PROXYCAP MSAFD Tcpip [UDP/IP]
    w2pxdrv.dll(Proxy Labs, Winsock2 Proxy Driver)
PROXYCAP RSVP UDP Service Provider
    w2pxdrv.dll(Proxy Labs, Winsock2 Proxy Driver)
PROXYCAP RSVP TCP Service Provider
    w2pxdrv.dll(Proxy Labs, Winsock2 Proxy Driver)
PROXYCAP LSP
    w2pxdrv.dll(Proxy Labs, Winsock2 Proxy Driver)

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
N/A

==================================


[/CODE]

试过了,没用的........一个毒都没查出来,只是清理了个.INI而已

瑞星(今天更新的)没用,专杀没用.........
看来真是新变种........

http://forum.ikaka.com/topic.asp?board=28&artid=8244813
关于里面提到的软件的下载点和使用方法能否说明下.....

我这里好象没发现
C:\WINDOWS\SYSTEM32.vxd
C:\WINDOWS\SYSTEM32.TMP
C:\WINDOWS\SYSTEM32.vxd.dat
X:\go.exe

引用:

【mopery的贴子】C:\WINDOWS\uninstall\rundl132.exe 压缩 发送 bin59420@yahoo.com.cn ………………

刚发了.........
估计我这里的可能又是一种新品种.....表现形不同