从中午出了问题到现在，折腾了一下午，耽误了不少时间。从坛子上找了许多方法。效果还不理想。

现在的故障是：防火墙打不开，瑞星文件监控“漏洞攻击”项被禁用，手动也无法开启。

另，检查进程时发现可疑进程“c:/windows/system32/lsass.exe”在运行，不知是不是木马。因为杀软没提示。

这是我刚刚扫描计算机的日志，传上来，望高人指教，怎么解决上述问题。

[CODE]

2007-06-11,17:52:56

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <RTHDCPL><RTHDCPL.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <SkyTel><SkyTel.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <Alcmtr><ALCMTR.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <SMSERIAL><C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <nwiz><nwiz.exe /install>  []
    <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <RfwMain><"d:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <runeip><D:\Program Files\Rising\AntiSpyware\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
    <RavTask><"d:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <360Safetray><d:\Program Files\360safe\safemon\360Tray.exe /start>  [奇虎网]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
    <{1496D5ED-7A09-46D0-8C92-B8E71A4304DF}><C:\WINDOWS\system32\msacn.dll>  [N/A]

==================================
启动文件夹
N/A

==================================
服务
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Rising Personal Firewall Service / RfwService][Stopped/Auto Start]
  <D:\Program Files\Rising\Rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"D:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"D:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Syntek AVStream USB2.0 WebCam Service / StkSSrv][Running/Auto Start]
  <C:\WINDOWS\System32\StkCSrv.exe><Syntek America Inc.>

==================================
驱动程序
[CnsStd / CnsStd][Running/Auto Start]
  <\SystemRoot\System32\drivers\CnsStd.sys><北京三七二一科技有限公司>
[ExpScaner / ExpScaner][Stopped/Auto Start]
  <\??\D:\PROGRAM FILES\RISING\RAV\ExpScan.sys><>
[Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HookCont / HookCont][Running/Auto Start]
  <\??\D:\PROGRAM FILES\RISING\RAV\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\D:\PROGRAM FILES\RISING\RAV\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\D:\PROGRAM FILES\RISING\RAV\HookSys.sys><Rising>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
  <system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\D:\PROGRAM FILES\RISING\RAV\MEMSCAN.sys><瑞星软件有限公司>
[mfmili / mfmili][Running/Boot Start]
  <\SystemRoot\\SystemRoot\System32\drivers\mfmili.sys><N/A>
[ATK0100 ACPI UTILITY / MTsensor][Running/Manual Start]
  <system32\DRIVERS\ATKACPI.sys><ATK0100>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
  <system32\drivers\npf.sys><CACE Technologies>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\d:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[NVIDIA nForce Networking Controller Driver / NVENETFD][Running/Manual Start]
  <system32\DRIVERS\NVENETFD.sys><NVIDIA Corporation>
[NVIDIA Network Bus Enumerator / nvnetbus][Running/Manual Start]
  <system32\DRIVERS\nvnetbus.sys><NVIDIA Corporation>
[nvsmu / nvsmu][Running/Manual Start]
  <system32\DRIVERS\nvsmu.sys><NVIDIA Corporation>
[PnpWmkDrv / PnpWmkDrv][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\PnpWmkDrv.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Stopped/Auto Start]
  <\??\D:\PROGRAM FILES\RISING\RAV\RSPPSYS.sys><Rising>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[smserial / smserial][Running/Manual Start]
  <system32\DRIVERS\smserial.sys><Motorola Inc.>
[Syntek AVStream USB2.0 1.3M WebCam / StkCMini][Running/Manual Start]
  <system32\DRIVERS\StkCMini.sys><Syntek>
[ASUS WebCam, 1.3M, USB2.0, FF / SynMini][Stopped/Manual Start]
  <System32\Drivers\SynMini.sys><Syntek America Inc.>
[ASUS WebCam Still Image / SynScan][Stopped/Manual Start]
  <System32\Drivers\SynScan.sys><Syntek America Inc.>
[WmVirualDisk / WmVirualDisk][Stopped/Manual Start]
  <System32\drivers\WmVirualDisk.sys><Bo Brantén>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>

==================================
浏览器加载项
[WebThunder Browser Helper]
  {00000AAA-A363-466E-BEF5-9BB68697AA7F} <d:\Program Files\Thunder Network\WebThunder\WebThunderBHO_Now.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
  {0005A87C-D626-4B3A-84F9-1D9571695F55} <D:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[NavigatMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <d:\Program Files\360safe\safemon\safemon.dll, >
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <d:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[启动Web迅雷]
  {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>

[WebThunder Browser Helper]
  {00000AAA-A363-466E-BEF5-9BB68697AA7F} <d:\Program Files\Thunder Network\WebThunder\WebThunderBHO_Now.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
  {0005A87C-D626-4B3A-84F9-1D9571695F55} <D:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[WebThunder Class]
  {03507A1A-E0C5-4404-AA26-205385C0892D} <, N/A>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[NavigatMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <d:\Program Files\360safe\safemon\safemon.dll, >
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[&使用暴风下载器下载]
  <D:\Program Files\Ringz Studio\Storm Downloader\geturl.htm, N/A>
[&使用迅雷下载]
  <D:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[&使用迅雷下载全部链接]
  <D:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>
[使用Web迅雷下载]
  <d:\Program Files\Thunder Network\WebThunder\GetUrl.htm, N/A>
[使用Web迅雷下载全部链接]
  <d:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
正在运行的进程
[PID: 572][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 636][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 660][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 704][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 716][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1716][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [D:\Program Files\360safe\safemon\safemon.dll]  [, 3, 4, 0, 1001]
    [C:\WINDOWS\system32\StkCWIA.dll]  [Syntek America Inc., 1.0.0.2]
[PID: 1892][C:\WINDOWS\RTHDCPL.EXE]  [Realtek Semiconductor Corp., 2.0.8.7]
    [D:\Program Files\360safe\safemon\safemon.dll]  [, 3, 4, 0, 1001]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [D:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1928][C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe]  [Motorola Inc., 6.11.13.01]
    [C:\Program Files\Motorola\SMSERIAL\sm56eng.dll]  [Motorola Inc., 6.11.13.01]
    [C:\Program Files\Motorola\SMSERIAL\sm56fra.dll]  [Motorola Inc., 6.11.13.01]
    [C:\Program Files\Motorola\SMSERIAL\sm56brz.dll]  [Motorola Inc., 6.11.13.01]
    [C:\Program Files\Motorola\SMSERIAL\sm56chs.dll]  [Motorola Inc., 6.11.13.01]
    [C:\Program Files\Motorola\SMSERIAL\sm56cht.dll]  [Motorola Inc., 6.11.13.01]
    [C:\Program Files\Motorola\SMSERIAL\sm56ger.dll]  [Motorola Inc., 6.11.13.01]
    [C:\Program Files\Motorola\SMSERIAL\sm56ita.dll]  [Motorola Inc., 6.11.13.01]
    [C:\Program Files\Motorola\SMSERIAL\sm56jpn.dll]  [Motorola Inc., 6.11.13.01]
    [C:\Program Files\Motorola\SMSERIAL\sm56esp.dll]  [Motorola Inc., 6.11.13.01]
    [C:\Program Files\Motorola\SMSERIAL\sm56kor.dll]  [Motorola Inc., 6.11.13.01]
    [C:\Program Files\Motorola\SMSERIAL\sm56dnk.dll]  [Motorola Inc., 6.11.13.01]
    [D:\Program Files\360safe\safemon\safemon.dll]  [, 3, 4, 0, 1001]
    [D:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1956][C:\WINDOWS\system32\RUNDLL32.EXE]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\NvMcTray.dll]  [NVIDIA Corporation, 6.14.10.9371]
    [C:\WINDOWS\system32\nvapi.dll]  [N/A, ]
    [D:\Program Files\360safe\safemon\safemon.dll]  [, 3, 4, 0, 1001]
    [C:\WINDOWS\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.9371]
    [D:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2012][D:\Program Files\Rising\AntiSpyware\runiep.exe]  [Beijing Rising Technology Co., Ltd., 1, 0, 1, 6]
    [D:\Program Files\Rising\AntiSpyware\iep_ctrl.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
    [D:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2020][D:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [D:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [D:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [D:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [D:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [D:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2028][D:\Program Files\360safe\safemon\360Tray.exe]  [奇虎网, 3, 4, 0, 1001]
    [D:\Program Files\360safe\safemon\safemon.dll]  [, 3, 4, 0, 1001]
    [D:\Program Files\360safe\safemon\SafeKrnl.dll]  [奇虎网, 3, 4, 0, 1001]
    [D:\Program Files\360safe\AntiAdwa.dll]  [360Safe.com, 3, 4, 0, 1001]
    [D:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 272][D:\Program Files\Rising\Rav\Ravmon.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 45]
    [D:\Program Files\Rising\Rav\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
    [D:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [D:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [D:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [D:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [D:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [D:\Program Files\Rising\Rav\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [D:\Program Files\Rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [D:\Program Files\360safe\safemon\safemon.dll]  [, 3, 4, 0, 1001]
    [D:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1276][C:\WINDOWS\system32\wscntfy.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\Program Files\360safe\safemon\safemon.dll]  [, 3, 4, 0, 1001]
    [D:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 3640][E:\软件备份\安全相关\SRE计算机检测\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [D:\Program Files\360safe\safemon\safemon.dll]  [, 3, 4, 0, 1001]
    [D:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
入口点错误：CreateProcessA (危险等级: 一般,  被下面模块所HOOK: D:\Program Files\360safe\safemon\safemon.dll)
入口点错误：CreateProcessW (危险等级: 一般,  被下面模块所HOOK: D:\Program Files\360safe\safemon\safemon.dll)

==================================
隐藏进程
N/A

==================================


[/CODE]

这是360的诊断报告：


各位高手：
非常感谢您留心我这份系统诊断报告，小菜鸟十万火急等待您的帮助！
该诊断报告由360安全卫士提供 http://www.360safe.com
诊断时间: 2007-06-11  17:20:36
诊断平台: Microsoft Windows XP  Service Pack 2
IE版本: Internet Explorer V6.0.2900.2180 Build:62900.2180
计算机物理内存:959MB - 当前可用内存:635MB

100 - 未知 - Process: RavMonD.exe [RavMond] - D:\PROGRAM FILES\RISING\RAV\Ravmond.exe
100 - 未知 - Process: sm56hlpr.exe [Application executable file] - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
100 - 未知 - Process: runiep.exe [Rising AntiSpyware Monitor] - D:\Program Files\Rising\AntiSpyware\runiep.exe
100 - 未知 - Process: RavTask.exe [RavTimer] - D:\Program Files\Rising\Rav\RavTask.exe
100 - 未知 - Process: RavMon.exe [RavMon] - D:\Program Files\Rising\Rav\Ravmon.exe
100 - 未知 - Process: StkCSrv.exe [Syntek Hardware Snapshot Launch Application Services] - C:\WINDOWS\System32\StkCSrv.exe
100 - 未知 - Process: RavStub.exe [Rising RavStub] - D:\PROGRAM FILES\RISING\RAV\RavStub.exe
O2 - 未知 - BHO: (Thunder Browser Helper) - [XunLeiBHO] - {0005A87C-D626-4B3A-84F9-1D9571695F55} - D:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll
O4 - 未知 - HKLM\..\Run: [SkyTel] [Realtek Voice  Manager] SkyTel.EXE
O8 - 未知 - Extra context menu item: &使用暴风下载器下载 - D:\Program Files\Ringz Studio\Storm Downloader\geturl.htm
O8 - 未知 - Extra context menu item: 使用Web迅雷下载 - d:\Program Files\Thunder Network\WebThunder\GetUrl.htm
O8 - 未知 - Extra context menu item: 使用Web迅雷下载全部链接 - d:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm
O9 - 未知 - Extra button: 启动迅雷5(HKLM) - d:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - 未知 - Extra button: 信息检索(HKLM) - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - 未知 - Extra button: 启动Web迅雷(HKLM) - http://my.xunlei.com
O9 - 未知 - Extra button: QQ炫彩工具条设置(HKLM) - d:\Program Files\Tencent\QQ\QQIEHelper.dll
O21 - 未知 - Protocol Icons: HKCR\http\shell\open\command - "D:\Program Files\Tencent\TT\TTraveler.exe" "%1"
O21 - 未知 - Protocol Icons: HKCR\ftp\shell\open\command - "D:\Program Files\Tencent\TT\TTraveler.exe" "%1"
O21 - 未知 - Protocol Icons: HKCR\https\shell\open\command - "D:\Program Files\Tencent\TT\TTraveler.exe" "%1"
O21 - 未知 - Protocol Icons: HKCR\htmlfile\shell\open\command - "D:\Program Files\Tencent\TT\TTraveler.exe" "%1"
O23 - 未知 - Service: RfwService [Rising Personal Firewall Service] - D:\Program Files\Rising\Rfw\rfwsrv.exe - (not running)
O23 - 未知 - Service: RsCCenter [Rising Process Communication Center] - "D:\Program Files\Rising\Rav\CCenter.exe" - (running)
O23 - 未知 - Service: RsRavMon [Rising RealTime Monitor] - "D:\PROGRAM FILES\RISING\RAV\Ravmond.exe" - (running)
O23 - 未知 - Service: StkSSrv [Syntek AVStream USB2.0 WebCam Service] - C:\WINDOWS\System32\StkCSrv.exe - (running)
O23 - 未知 - Service: spupdsvc [Enables Installer to complete its scheduled post-reboot tasks] - C:\WINDOWS\system32\spupdsvc.exe - (not running)

=======================================

100 - 安全 - Process: smss.exe [进程为会话管理子系统用以初始化系统变量，ms-dos驱动名称类似lpt1以及com，调用win32壳子系统和运行在windows登陆过程。] - C:\WINDOWS\System32\smss.exe
100 - 安全 - Process: csrss.exe [客户端服务子系统，用以控制windows图形相关子系统。] - C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=base
100 - 安全 - Process: winlogon.exe [windows nt用户登陆程序。] - C:\WINDOWS\system32\winlogon.exe
100 - 安全 - Process: services.exe [用于管理windows服务系统进程。] - C:\WINDOWS\system32\services.exe
100 - 安全 - Process: lsass.exe [本地安全权限服务控制windows安全机制。] - C:\WINDOWS\system32\lsass.exe
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost -k DcomLaunch
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost -k rpcss
100 - 安全 - Process: CCenter.exe [瑞星杀毒软件控制台相关程序。] - D:\Program Files\Rising\Rav\CCenter.exe
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\System32\svchost.exe -k netsvcs
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost.exe -k NetworkService
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost.exe -k LocalService
100 - 安全 - Process: spoolsv.exe [windows打印任务控制程序，用以打印机就绪。] - C:\WINDOWS\system32\spoolsv.exe
100 - 安全 - Process: RTHDCPL.exe [瑞昱出品的声卡相关程序。] - C:\WINDOWS\RTHDCPL.EXE
100 - 安全 - Process: nvsvc32.exe [nvidia driver helper service在nvida显卡驱动中被安装。] - C:\WINDOWS\system32\nvsvc32.exe
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost.exe -k imgsvc
100 - 安全 - Process: alg.exe [这是一个应用层网关服务用于网络共享。] - C:\WINDOWS\System32\alg.exe
100 - 安全 - Process: wscntfy.exe [是microsoft windows安全系统和输出当前安全身份的一部分，用于其电脑的稳定性以及安全运行的。] - C:\WINDOWS\system32\wscntfy.exe
100 - 安全 - Process: taskmgr.exe [windows自带的任务管理器程序，用于察看系统中的进程信息。] - C:\WINDOWS\system32\taskmgr.exe
100 - 安全 - Process: 360Safe.exe [360安全卫士] - d:\Program Files\360safe\360Safe.exe
100 - 安全 - Process: conime.exe [console ime ime输入法控制台软件。] - C:\WINDOWS\system32\conime.exe
R1 - 安全 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\system32\blank.htm
R1 - 安全 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\system32\blank.htm
O2 - 安全 - BHO: (WebThunder Browser Helper) - [Web迅雷， 支持多资源超线程技术的下载工具。] - {00000AAA-A363-466E-BEF5-9BB68697AA7F} - d:\Program Files\Thunder Network\WebThunder\WebThunderBHO_Now.dll
O4 - 安全 - HKLM\..\Run: [IMJPMIG8.1] [微软Microsoft输入法编辑器程序。] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 安全 - HKLM\..\Run: [RTHDCPL] [realtek声卡特性设置软件相关程序。] RTHDCPL.EXE
O4 - 安全 - HKLM\..\Run: [Alcmtr] [一款声卡相关程序。] ALCMTR.EXE
O4 - 安全 - HKLM\..\Run: [SMSERIAL] [摩托罗拉motorola sm56调制解调器驱动程序。] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - 安全 - HKLM\..\Run: [NvCplDaemon] [是NVIDIA显示卡相关动态链接库文件。] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - 安全 - HKLM\..\Run: [nwiz] [是NVidia的Nview特性相关程序。该程序用于用户对其特性进行配置，将桌面扩展到多台显示器上。 ] nwiz.exe /install
O4 - 安全 - HKLM\..\Run: [NvMediaCenter] [是NVidia显示卡相关文件。] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - 安全 - HKLM\..\Run: [RfwMain] [瑞星防火墙程序，抵御黑客攻击。] "d:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - 安全 - HKLM\..\Run: [runeip] [卡卡上网安全助手相关程序。] D:\Program Files\Rising\AntiSpyware\runiep.exe
O4 - 安全 - HKLM\..\Run: [RavTask] [瑞星杀毒软件的任务计划程序。] "d:\Program Files\Rising\Rav\RavTask.exe" -system
O8 - 安全 - Extra context menu item: &使用迅雷下载 - D:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - 安全 - Extra context menu item: &使用迅雷下载全部链接 - D:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O8 - 安全 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - 安全 - Extra button: Windows Messenger(HKLM) - C:\Program Files\Messenger\msmsgs.exe
O16 - 安全 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Flash播放器) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - 安全 - Protocol: OFFICE 相关 - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O18 - 安全 - Protocol: OFFICE 相关 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
O23 - 安全 - Service: NVSvc [是NVIDIA显示卡相关程序。] - C:\WINDOWS\system32\nvsvc32.exe - (running)

=======================================

O31 - 未知 - SEApproved: {42071714-76d4-11d1-8b24-00a0c9068ff3} - deskpan.dll -  -  -  - 0 -
O31 - 未知 - SEApproved: 无效的CLSID：Shell extensions for file compression -  -  -  -  - 0 -
O31 - 未知 - SEApproved: 无效的CLSID：加密上下文菜单 -  -  -  -  - 0 -
O31 - 未知 - SEApproved: {0DF44EAA-FF21-4412-828E-260A8728E7F1} -  -  -  -  - 0 -
O31 - 未知 - SEApproved: {00E7B358-F65B-4dcf-83DF-CD026B94BFD4} -  -  -  -  - 0 -
O31 - 未知 - SEApproved: {7A9D77BD-5403-11d2-8785-2E0420524153} -  -  -  -  - 0 -
O31 - 未知 - SEApproved: {B41DB860-8EE4-11D2-9906-E49FADC173CA} - C:\Program Files\WinRAR\rarext.dll -  -  -  - 126464 - 14985b448fe55684b25b0356913c23c1
O31 - 未知 - SEApproved: {1CDB2949-8F65-4355-8456-263E7C208A5D} - C:\WINDOWS\system32\nvshell.dll -  -  - 6.14.10.11060 - 466944 - 4450bbaf1b77f2b87ab9c5ee4e69532c
O31 - 未知 - SEApproved: {1E9B04FB-F9E5-4718-997B-B8DA88302A47} - C:\WINDOWS\system32\nvshell.dll -  -  - 6.14.10.11060 - 466944 - 4450bbaf1b77f2b87ab9c5ee4e69532c
O31 - 未知 - SEApproved: {1E9B04FB-F9E5-4718-997B-B8DA88302A48} - C:\WINDOWS\system32\nvshell.dll -  -  - 6.14.10.11060 - 466944 - 4450bbaf1b77f2b87ab9c5ee4e69532c
O31 - 未知 - SEApproved: 无效的CLSID：粉碎文件 -  -  -  -  - 0 -
O31 - 未知 - SEApproved: {1C7593CB-C1CC-4BA7-BE52-8EEA47F9CB1D} - C:\WINDOWS\system32\RavExt.dll - Beijing Rising Technology Co., Ltd. - Rising Shell Ext Module - 19.0.0.9 - 106496 - fa20734a7acabcfe9d727fb343da4e8a
O31 - 未知 - Directory Menu: {1C7593CB-C1CC-4BA7-BE52-8EEA47F9CB1D} - C:\WINDOWS\system32\RavExt.dll - Beijing Rising Technology Co., Ltd. - Rising Shell Ext Module - 19.0.0.9 - 106496 - fa20734a7acabcfe9d727fb343da4e8a
O31 - 未知 - Directory Menu: {B41DB860-8EE4-11D2-9906-E49FADC173CA} - C:\Program Files\WinRAR\rarext.dll -  -  -  - 126464 - 14985b448fe55684b25b0356913c23c1
O31 - 未知 - BootExecute: bsmain -  -  -  - 0 -
O31 - 未知 - LSA: Security Packages - sv1_0.dll -  -  -  - 0 -
O31 - 未知 - LSA: Security Packages - channel.dll -  -  -  - 0 -

=======================================


=======================================

O41 - HookCont - HookCont - D:\PROGRAM FILES\Rising\Rav\HookCont.sys - (running) - HookCont - Rising - 3926cb7b005564bc77d6b40235c53817
O41 - HookReg - HookReg - D:\PROGRAM FILES\Rising\Rav\HOOKREG.sys - (running) -  -  - 997c395147f8e5b3f714bdd112fe8945
O41 - HookSys - Hooksys - D:\PROGRAM FILES\Rising\Rav\HookSys.sys - (running) - Hooksys - Rising - 265b67f85db6226f2439e13e7c1fa8bf
O41 - MEMSCAN - MemScan Driver - D:\PROGRAM FILES\Rising\Rav\MemScan.sys - (running) - MemScan Driver - 瑞星软件有限公司 - 9811b256023dd985cbc5bad790e5bb84
O41 - mfmili - sys 应用程序 - C:\WINDOWS\system32\drivers\mfmili.sys - (running) - sys 应用程序 - 北京三七二一科技有限公司 - 93192f4bea48a3ceab434af986a798ad
O41 - MTsensor - ATK0100 ACPI Utility - C:\WINDOWS\system32\drivers\ATKACPI.sys - (running) - ATK0100 ACPI Utility - ATK0100 - 97affa9d95ffe20eee6229bc6be166cf
O41 - npkcrypt - nProtect KeyCrypt Driver - d:\Program Files\Tencent\QQ\npkcrypt.sys - (running) - nProtect KeyCrypt Driver - INCA Internet Co., Ltd. - 8bcb281a2540e7aff0cd00f9878fe21f
O41 - PnpWmkDrv - PnpWmkDrv - C:\WINDOWS\system32\drivers\PnpWmkDrv.sys - (running) -  -  - ce5a9ec8892d5dfb09d031f5ad501cac
O41 - RsAntiSpyware - RsBoot - C:\WINDOWS\system32\drivers\RsBoot.sys - (running) - RsBoot - Beijing Rising - ee9f8ad9e3ab3ef3a3c8437388aa5e65
O41 - RsNTGDI - RsNTGDI - C:\WINDOWS\system32\drivers\RsNTGdi.sys - (running) - RsNTGDI - Beijing Rising Technology Co., Ltd. - 17214e7b192cb93ff014fca1484b97ad
O41 - ExpScaner - ExpScan.sys - D:\PROGRAM FILES\Rising\Rav\ExpScan.sys - (not running) - ExpScan.sys -  - 5a690926c7181d5c0b2721016442c9c3
O41 - NPF - npf - C:\WINDOWS\system32\drivers\npf.sys - (not running) - npf - CACE Technologies - d21fee8db254ba762656878168ac1db6
O41 - RSPPSYS - RSPPSYS.SYS - D:\PROGRAM FILES\Rising\Rav\rsppsys.sys - (not running) - RSPPSYS.SYS - Rising - f38c10d8c21626a4878ea16717e971fa
O41 - WmVirualDisk - FileDisk Virtual Disk Driver - C:\WINDOWS\system32\drivers\WmVirualDisk.sys - (not running) - FileDisk Virtual Disk Driver - Bo Brantén - a9ea8d487d0a6199094a0fa79f5df610

=======================================
360Safe.exe=3.4.0.1003
AntiAdwa.dll=3.4.0.1001
AntiEng.dll=3.4.0.1001
AntiActi.dll=2.0.0.3000
CleanHis.dll=3.0.2.1000
live.dll=1.0.1.1015

=======================================
操作历史报告：
----------清理恶评软件历史----------

2007-06-11 16:18
清理恶评软件 - 网络实名 - C:\Program Files\3721
清理恶评软件 - nwizAsktao - HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{63202121-F04D-11cf-64CD-33FF5FE1CF20}
清理恶评软件 - 一搜工具条 - HKCR\TYPELIB\{B37E0A2D-9A61-4A95-A0E0-6D6F6123DAB4}
清理恶评软件 - 天龙八部盗号木马 - C:\WINDOWS\system32\nwiztlbu.exe
清理恶评软件 - dllhost32 - HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{3A202177-913D-112B-54CD-72FF5FE1CF20}

2007-06-11 16:18
清理恶评软件 - KK图铃通 - C:\WINDOWS\system32\KKPRDIY.DLL


----------插件卸载操作历史----------

2007-06-11 16:19
插件管理 - 迷你PP - C:\WINDOWS\system32\XUNLEI~1.DLL
插件管理 - yok搜索工具栏 -

=======================================

360安全卫士，彻底查杀各种流氓软件,全面保护系统安全,并赠送正版卡巴斯基V6.0
最新免费下载：http://www.360safe.com

刚才进安全模式杀毒，已经提示没有病毒，但是我的防火墙依然不能启动，瑞星监控的“漏洞攻击监控”也不能用。这是为什么？

谢谢，看到了 ！我找这个方法试一下