瑞星卡卡安全论坛

HijackThis_zww汉化版扫描日志 V1.99.1
保存于      8:46:23, 日期 2005-11-24
操作系统：  Windows 2000 SP4 (WinNT 5.00.2195)
浏览器：    Internet Explorer v5.00 SP4 (5.00.2920.0000)

当前运行的进程：         
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\netconf32.exe
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
C:\Program Files\CNNIC\Cdn\cdnup.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Analog Devices\Eagle I and Eagle II USB ADSL\dslmon.exe
C:\Program Files\DuDu\DddClient\dudupros.exe
C:\Program Files\Rising\Rav\RsAgent.exe
C:\WINNT\msagent\AgentSvr.exe
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\EnterNetFolder.Exe
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\EnterNet.exe
C:\WINNT\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\瑞星\2535952005811174944\HijackThis1991zww.exe

F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 207.234.225.136 www.halifax-online.co.uk
O1 - Hosts: 207.234.225.136 ibank.barclays.co.uk
O1 - Hosts: 207.234.225.136 online.lloydstsb.co.uk
O1 - Hosts: 207.234.225.136 online-business.lloydstsb.co.uk
O1 - Hosts: 207.234.225.136 www.ukpersonal.hsbc.co.uk
O1 - Hosts: 207.234.225.136 www.nwolb.com
O1 - Hosts: 207.234.225.136 banesnet.banesto.es
O1 - Hosts: 207.234.225.136 extranet.banesto.es
O1 - Hosts: 207.234.225.136 ebanking.bccbrescia.it
O1 - Hosts: 207.234.225.136 www.bankofscotlandhalifax-online.co.uk
O1 - Hosts: 207.234.225.136 www.rbsdigital.com
O1 - Hosts: 207.234.225.136 oi.cajamadrid.es
O1 - Hosts: 207.234.225.136 bancae.caixapenedes.com
O1 - Hosts: 207.234.225.136 banking.postbank.de
O1 - Hosts: 207.234.225.136 meine.deutsche-bank.de
O1 - Hosts: 207.234.225.136 myonlineaccounts2.abbeynational.co.uk
O1 - Hosts: 207.234.225.136 ibank.cahoot.com
O1 - Hosts: 207.234.225.136 webbank.openplan.co.uk
O1 - Hosts: 207.234.225.136 bancopostaonline.poste.it
O1 - Hosts: 207.234.225.136 www.rasbank.it
O1 - Hosts: 207.234.225.136 www.credem.it
O1 - Hosts: 207.234.225.136 mybank.bybank.it
O1 - Hosts: 207.234.225.136 www.bancagenerali.it
O1 - Hosts: 207.234.225.136 www.bancaintesa.it
O1 - Hosts: 207.234.225.136 www.creval.it
O1 - Hosts: 207.234.225.136 ibank.internationalbanking.barclays.com
O1 - Hosts: 207.234.225.136 www.abbeyinternational.com
O1 - Hosts: 207.234.225.136 www.bbvanet.com
O1 - Hosts: 207.234.225.136 www.fineco.it
O1 - Hosts: 207.234.225.136 www.cajamar.es
O1 - Hosts: 207.234.225.136 welcome7.co-operativebank.co.uk
O1 - Hosts: 207.234.225.136 welcome11.co-operativebankonline.co.uk
O2 - BHO: (no name) - {35980F6E-A137-4E50-953D-813BB8556899} - (no file)
O2 - BHO: DuDu.com - {6BDE1669-B490-48E3-B668-456314F2D6C3} - C:\Program Files\DuDu\DddClient\dddiemon.dll
O3 - IE工具栏增项: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - IE工具栏增项: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll
O4 - 启动项HKLM\\Run: [Synchronization Manager] mobsync.exe /logon
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - 启动项HKLM\\Run: [Driv] C:\windows\mrjj.exe
O4 - 启动项HKLM\\Run: [virD] C:\windows\mrjj.exe
O4 - 启动项HKLM\\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - 启动项HKLM\\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - 启动项HKLM\\Run: [MoveSearch] C:\Program Files\wsearch\Search.exe
O4 - 启动项HKLM\\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - 启动项HKLM\\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\RunOnce: [Rfw] "C:\Program Files\Rising\Rfw\Update\setup.exe" /UPDATE /ONCE
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Analog Devices\Eagle I and Eagle II USB ADSL\dslmon.exe
O4 - Global Startup: DuDu下载加速器.lnk = C:\Program Files\DuDu\DddClient\DuDuAcc.exe
O4 - Global Startup: 桌面传媒.lnk = C:\WINNT\system32\rundll32.exe
O8 - IE右键菜单中的新增项目: !搜一搜 - res://C:\WINNT\DOWNLO~1\CnsMinEx.dll/1003
O8 - IE右键菜单中的新增项目: &使用DuDu 加速器下载 - res://C:\Program Files\DuDu\DddClient\dddmext.dll/202
O8 - IE右键菜单中的新增项目: 访问通用网址 - C:\Program Files\CNNIC\Cdn\cnnic.htm
O8 - IE右键菜单中的新增项目: 雅虎搜索 - res://C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll/246
O9 - 浏览器额外的按钮: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm?pid=44822_1006 (file missing)
O9 - 浏览器额外的按钮: 中文上网 - {35980F6E-A137-4E50-953D-813BB8556899} - C:\WINNT\system32\shdocvw.dll
O9 - 浏览器额外的“工具”菜单项: 中文上网 - {35980F6E-A137-4E50-953D-813BB8556899} - C:\WINNT\system32\shdocvw.dll
O9 - 浏览器额外的按钮: 下载管理 - {3DB9F45E-AA74-4373-A466-C18A9F1C500D} - C:\Program Files\DuDu\DddClient\DuDuAcc.exe
O9 - 浏览器额外的“工具”菜单项: 下载管理 - {3DB9F45E-AA74-4373-A466-C18A9F1C500D} - C:\Program Files\DuDu\DddClient\DuDuAcc.exe
O9 - 浏览器额外的按钮: (no name) - {3F686D91-4AFA-4ed1-B43F-F1DB46ED480C} - C:\WINNT\system32\shdocvw.dll
O9 - 浏览器额外的“工具”菜单项: Link Filter - {3F686D91-4AFA-4ed1-B43F-F1DB46ED480C} - C:\WINNT\system32\shdocvw.dll
O9 - 浏览器额外的按钮: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/?source=Cns (file missing)
O9 - 浏览器额外的按钮: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - 浏览器额外的“工具”菜单项: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - 浏览器额外的按钮: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - 浏览器额外的“工具”菜单项: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O11 - Options group: [!CNS]  网络实名
O11 - Options group: [CDNCLIENT]  中文上网
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O15 - “受信任的站点”中添加项: *.media-motor.net
O15 - “受信任的站点”中添加项: *.popuppers.com
O16 - DPF: {28E0FA88-ABA8-4937-A247-3031F1A11165} (Installer Class) - http://pi.51.net/download/diybar2.cab
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/joysaver.cab
O16 - DPF: {9A578C98-3C2F-4630-890B-FC04196EF420} - http://jump.cnnic.cn/stat/stat?sid=0008&debug=false&pid=c_95p&url=http://client.jogo.cn/download/cnnic/cdn.cab
O23 - NT 服务: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - NT 服务: Microsoft Path Finder Service (MSpath) - Unknown owner - C:\WINNT\mspath.exe (file missing)
O23 - NT 服务: netconf32 - Unknown owner - C:\WINNT\netconf32.exe
O23 - NT 服务: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe

F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 207.234.225.136 www.halifax-online.co.uk
O1 - Hosts: 207.234.225.136 ibank.barclays.co.uk
O1 - Hosts: 207.234.225.136 online.lloydstsb.co.uk
O1 - Hosts: 207.234.225.136 online-business.lloydstsb.co.uk
O1 - Hosts: 207.234.225.136 www.ukpersonal.hsbc.co.uk
O1 - Hosts: 207.234.225.136 www.nwolb.com
O1 - Hosts: 207.234.225.136 banesnet.banesto.es
O1 - Hosts: 207.234.225.136 extranet.banesto.es
O1 - Hosts: 207.234.225.136 ebanking.bccbrescia.it
O1 - Hosts: 207.234.225.136 www.bankofscotlandhalifax-online.co.uk
O1 - Hosts: 207.234.225.136 www.rbsdigital.com
O1 - Hosts: 207.234.225.136 oi.cajamadrid.es
O1 - Hosts: 207.234.225.136 bancae.caixapenedes.com
O1 - Hosts: 207.234.225.136 banking.postbank.de
O1 - Hosts: 207.234.225.136 meine.deutsche-bank.de
O1 - Hosts: 207.234.225.136 myonlineaccounts2.abbeynational.co.uk
O1 - Hosts: 207.234.225.136 ibank.cahoot.com
O1 - Hosts: 207.234.225.136 webbank.openplan.co.uk
O1 - Hosts: 207.234.225.136 bancopostaonline.poste.it
O1 - Hosts: 207.234.225.136 www.rasbank.it
O1 - Hosts: 207.234.225.136 www.credem.it
O1 - Hosts: 207.234.225.136 mybank.bybank.it
O1 - Hosts: 207.234.225.136 www.bancagenerali.it
O1 - Hosts: 207.234.225.136 www.bancaintesa.it
O1 - Hosts: 207.234.225.136 www.creval.it
O1 - Hosts: 207.234.225.136 ibank.internationalbanking.barclays.com
O1 - Hosts: 207.234.225.136 www.abbeyinternational.com
O1 - Hosts: 207.234.225.136 www.bbvanet.com
O1 - Hosts: 207.234.225.136 www.fineco.it
O1 - Hosts: 207.234.225.136 www.cajamar.es
O1 - Hosts: 207.234.225.136 welcome7.co-operativebank.co.uk
O1 - Hosts: 207.234.225.136 welcome11.co-operativebankonline.co.uk
O4 - 启动项HKLM\\Run: [Driv] C:\windows\mrjj.exe
O4 - 启动项HKLM\\Run: [virD] C:\windows\mrjj.exe
O11 - Options group: [!CNS] 网络实名
O11 - Options group: [CDNCLIENT] 中文上网
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O15 - “受信任的站点”中添加项: *.media-motor.net
O15 - “受信任的站点”中添加项: *.popuppers.com
O16 - DPF: {28E0FA88-ABA8-4937-A247-3031F1A11165} (Installer Class) - http://pi.51.net/download/diybar2.cab
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/joysaver.cab
O16 - DPF: {9A578C98-3C2F-4630-890B-FC04196EF420} - http://jump.cnnic.cn/stat/stat?sid=0008&debug=false&pid=c_95p&url=http://client.jogo.cn/download/cnnic/cdn.cab
O23 - NT 服务: Microsoft Path Finder Service (MSpath) - Unknown owner - C:\WINNT\mspath.exe (file missing)
修复这几项.
C:\WINNT\netconf32.exe
O23 - NT 服务: netconf32 - Unknown owner - C:\WINNT\netconf32.exe灰鸽子,请查看有关灰鸽子查杀的帖子.
http://forum.ikaka.com/topic.asp?board=28&artid=6202404关于查杀“灰鸽子2005”的一点建议
http://forum.ikaka.com/topic.asp?board=28&artid=5666824灰鸽子查杀方法总结。

偶是菜鸟，不明白

F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 207.234.225.136 www.halifax-online.co.uk
O1 - Hosts: 207.234.225.136 ibank.barclays.co.uk
O1 - Hosts: 207.234.225.136 online.lloydstsb.co.uk
O1 - Hosts: 207.234.225.136 online-business.lloydstsb.co.uk
O1 - Hosts: 207.234.225.136 www.ukpersonal.hsbc.co.uk
O1 - Hosts: 207.234.225.136 www.nwolb.com
O1 - Hosts: 207.234.225.136 banesnet.banesto.es
O1 - Hosts: 207.234.225.136 extranet.banesto.es
O1 - Hosts: 207.234.225.136 ebanking.bccbrescia.it
O1 - Hosts: 207.234.225.136 www.bankofscotlandhalifax-online.co.uk
O1 - Hosts: 207.234.225.136 www.rbsdigital.com
O1 - Hosts: 207.234.225.136 oi.cajamadrid.es
O1 - Hosts: 207.234.225.136 bancae.caixapenedes.com
O1 - Hosts: 207.234.225.136 banking.postbank.de
O1 - Hosts: 207.234.225.136 meine.deutsche-bank.de
O1 - Hosts: 207.234.225.136 myonlineaccounts2.abbeynational.co.uk
O1 - Hosts: 207.234.225.136 ibank.cahoot.com
O1 - Hosts: 207.234.225.136 webbank.openplan.co.uk
O1 - Hosts: 207.234.225.136 bancopostaonline.poste.it
O1 - Hosts: 207.234.225.136 www.rasbank.it
O1 - Hosts: 207.234.225.136 www.credem.it
O1 - Hosts: 207.234.225.136 mybank.bybank.it
O1 - Hosts: 207.234.225.136 www.bancagenerali.it
O1 - Hosts: 207.234.225.136 www.bancaintesa.it
O1 - Hosts: 207.234.225.136 www.creval.it
O1 - Hosts: 207.234.225.136 ibank.internationalbanking.barclays.com
O1 - Hosts: 207.234.225.136 www.abbeyinternational.com
O1 - Hosts: 207.234.225.136 www.bbvanet.com
O1 - Hosts: 207.234.225.136 www.fineco.it
O1 - Hosts: 207.234.225.136 www.cajamar.es
O1 - Hosts: 207.234.225.136 welcome7.co-operativebank.co.uk
O1 - Hosts: 207.234.225.136 welcome11.co-operativebankonline.co.uk
O4 - 启动项HKLM\\Run: [Driv] C:\windows\mrjj.exe
O4 - 启动项HKLM\\Run: [virD] C:\windows\mrjj.exe
O11 - Options group: [!CNS] 网络实名
O11 - Options group: [CDNCLIENT] 中文上网
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O15 - “受信任的站点”中添加项: *.media-motor.net
O15 - “受信任的站点”中添加项: *.popuppers.com
O16 - DPF: {28E0FA88-ABA8-4937-A247-3031F1A11165} (Installer Class) - http://pi.51.net/download/diybar2.cab
O16 - DPF: {7149E79C-DC19-4C5E-A53C-A54DDF75EEE9} (IObjSafety.DemoCtl) - http://cabs.media-motor.net/cabs/joysaver.cab
O16 - DPF: {9A578C98-3C2F-4630-890B-FC04196EF420} - http://jump.cnnic.cn/stat/stat?sid=0008&debug=false&pid=c_95p&url=http://client.jogo.cn/download/cnnic/cdn.cab
这几项直接在扫描工具上修复.

附件: 5220982005112485654.bmp

O23 - NT 服务: Microsoft Path Finder Service (MSpath) - Unknown owner - C:\WINNT\mspath.exe (file missing)这个也是灰鸽子,病毒文件以被删除.
C:\WINNT\netconf32.exe
O23 - NT 服务: netconf32 - Unknown owner - C:\WINNT\netconf32.exe这个灰鸽子.

重启进安全模式,清空IE临时文件夹,打开注册表,定位到HKEY_LOCAL_MACHINE\ SYSTEM \CURRENTCONTROLSET \ SERVICES删除注册表左面菜单下的Microsoft Path Finder Service / MSpath 或netconf32  这个服务项,能找到的都删除,整个删除.
显示系统和隐藏文件,在C:\WINDOWS\文件夹中搜索netconf32 .exe、 netconf32.dll、netconf32 _hook.dll以及 netconf32Key.dll这四个文件,不一定能全找到,找到删除,重启到正常模式,再扫个日志上来看看.

附件: 5220982005112485939.bmp

我找不到 HKEY_LOCAL_MACHINE\ SYSTEM \CURRENTCONTROLSET \ SERVICES  Microsoft Path Finder Service / MSpath 或netconf32 这个服务项,在C:\WINDOWS\ 中没有文件，每次开机C：出现iexplor.exe,删了又来，怎么办？


HijackThis_zww汉化版扫描日志 V1.99.1
保存于      9:43:18, 日期 2005-11-24
操作系统：  Windows 2000 SP4 (WinNT 5.00.2195)
浏览器：    Internet Explorer v5.00 SP4 (5.00.2920.0000)

当前运行的进程：         
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\netconf32.exe
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
c:\program files\rising\rfw\rfwsrv.exe
C:\Program Files\Rising\Rfw\RfwMain.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe
C:\Program Files\CNNIC\Cdn\cdnup.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\Program Files\Analog Devices\Eagle I and Eagle II USB ADSL\dslmon.exe
C:\Program Files\DuDu\DddClient\DuDuAcc.exe
C:\Program Files\DuDu\DddClient\dudupros.exe
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\EnterNetFolder.Exe
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\EnterNet.exe
C:\WINNT\system32\conime.exe
C:\Program Files\Rising\Rav\Rav.exe
C:\Program Files\Rising\Rav\RsAgent.exe
C:\WINNT\msagent\AgentSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\瑞星\2535952005811174944\HijackThis1991zww.exe

O2 - BHO: (no name) - {35980F6E-A137-4E50-953D-813BB8556899} - (no file)
O2 - BHO: DuDu.com - {6BDE1669-B490-48E3-B668-456314F2D6C3} - C:\Program Files\DuDu\DddClient\dddiemon.dll
O3 - IE工具栏增项: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - IE工具栏增项: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll
O4 - 启动项HKLM\\Run: [Synchronization Manager] mobsync.exe /logon
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - 启动项HKLM\\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - 启动项HKLM\\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - 启动项HKLM\\Run: [MoveSearch] C:\Program Files\wsearch\Search.exe
O4 - 启动项HKLM\\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - 启动项HKLM\\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\Analog Devices\Eagle I and Eagle II USB ADSL\dslmon.exe
O4 - Global Startup: DuDu下载加速器.lnk = C:\Program Files\DuDu\DddClient\DuDuAcc.exe
O4 - Global Startup: 桌面传媒.lnk = C:\WINNT\system32\rundll32.exe
O8 - IE右键菜单中的新增项目: !搜一搜 - res://C:\WINNT\DOWNLO~1\CnsMinEx.dll/1003
O8 - IE右键菜单中的新增项目: &使用DuDu 加速器下载 - res://C:\Program Files\DuDu\DddClient\dddmext.dll/202
O8 - IE右键菜单中的新增项目: 访问通用网址 - C:\Program Files\CNNIC\Cdn\cnnic.htm
O8 - IE右键菜单中的新增项目: 雅虎搜索 - res://C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll/246
O9 - 浏览器额外的按钮: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm?pid=44822_1006 (file missing)
O9 - 浏览器额外的按钮: 中文上网 - {35980F6E-A137-4E50-953D-813BB8556899} - C:\WINNT\system32\shdocvw.dll
O9 - 浏览器额外的“工具”菜单项: 中文上网 - {35980F6E-A137-4E50-953D-813BB8556899} - C:\WINNT\system32\shdocvw.dll
O9 - 浏览器额外的按钮: 下载管理 - {3DB9F45E-AA74-4373-A466-C18A9F1C500D} - C:\Program Files\DuDu\DddClient\DuDuAcc.exe
O9 - 浏览器额外的“工具”菜单项: 下载管理 - {3DB9F45E-AA74-4373-A466-C18A9F1C500D} - C:\Program Files\DuDu\DddClient\DuDuAcc.exe
O9 - 浏览器额外的按钮: (no name) - {3F686D91-4AFA-4ed1-B43F-F1DB46ED480C} - C:\WINNT\system32\shdocvw.dll
O9 - 浏览器额外的“工具”菜单项: Link Filter - {3F686D91-4AFA-4ed1-B43F-F1DB46ED480C} - C:\WINNT\system32\shdocvw.dll
O9 - 浏览器额外的按钮: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/?source=Cns (file missing)
O9 - 浏览器额外的按钮: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - 浏览器额外的“工具”菜单项: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - 浏览器额外的按钮: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - 浏览器额外的“工具”菜单项: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O23 - NT 服务: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - NT 服务: Microsoft Path Finder Service (MSpath) - Unknown owner - C:\WINNT\mspath.exe (file missing)
O23 - NT 服务: netconf32 - Unknown owner - C:\WINNT\netconf32.exe
O23 - NT 服务: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe

打开注册表-编辑-查找,Microsoft Path Finder Service / MSpath 或netconf32

注册表中没有,Microsoft Path Finder Service / MSpath 或netconf32

先结束C:\WINNT\netconf32.exe的进程

修复
O4 - Global Startup: 桌面传媒.lnk = C:\WINNT\system32\rundll32.exe
O23 - NT 服务: Microsoft Path Finder Service (MSpath) - Unknown owner - C:\WINNT\mspath.exe (file missing)
O23 - NT 服务: netconf32 - Unknown owner - C:\WINNT\netconf32.exe

删除C:\WINNT\netconf32.exe

无法结束C:\WINNT\netconf32.exe的进程，而且也找不到C:\WINNT\netconf32.exe，我该怎么办