瑞星卡卡安全论坛

还有每次删掉Prefetch文件夹下的那个PF文件,重启后瑞星总是有问题.第一次是提示我瑞星出现致命错误,无法运行.第二次是内存监控被禁止,怎么也启动不了...刚我又把哪个SVCHOST.EXE-3530F672.pf文件删了,不知道再重启的话瑞星又会怎样......

谁来帮我看看我的电脑到底怎么了

附上我的进程表:高手帮看看有问题不?
agentsvr.exe li
RsAgent.exe  li
taskmgr.exe  li
svchost.exe  SYSTEM
Dot1XClient.exe li
esplorer.exe li
ADeck.exe    li
notepad.exe  li
spoolsv.exe  SYSTEM
Maxthon.exe  li
rfwsrv.exe  SYSTEM
RavMonD.exe  SYSTEM
svchost.exe  LOCAL SERVICE
svchost.exe  NETWORK SERVICE
svchost.exe  SYSTEM
CCenter.exe  SYSTEM
Ravmon.exe  li
ctfmon.exe  li
Ravtask.exe  li
svchost.exe  NETWORK SERVICE
svchost.exe  SYSTEM
lsass.exe    SYSTEM
services.exe SYSTEM
winlogon.exe SYSTEM
csrss.exe    SYSTEM
svchost.exe  SYSTEM
smss.exe    SYSTEM
wscntfy.exe  li
RavStub.exe  li
rfwmain.exe  li
alg.exe      LOCAL SERVICE
System      SYSTEM
System Idle Process SYSTEM

大侠们都起床了~~~~~~帮我看看我的电脑是不是中病毒了55555
Logfile of Kaka v2. 0. 0. 8 Scan Module v2. 0. 0. 1
Scan saved at 09:04:26, on 2006-03-27
Platform: Microsoft Windows XP Professional Service Pack 2 (Build 2600)
MSIE: Internet Explorer v6.00 SP2; (6.00.2900.2180 (xpsp_sp2_rtm.040803-2158))


Running processes:
[smss.exe]
CommandLine =

[csrss.exe]
CommandLine = C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

[winlogon.exe]
CommandLine = winlogon.exe

[services.exe]
CommandLine = C:\WINDOWS\system32\services.exe

[lsass.exe]
CommandLine = C:\WINDOWS\system32\lsass.exe

[svchost.exe]
CommandLine = C:\WINDOWS\system32\svchost -k DcomLaunch

[svchost.exe]
CommandLine = C:\WINDOWS\system32\svchost -k rpcss

[CCenter.exe]
CommandLine = "d:\Program Files\Rising\Rav\CCenter.exe"

[svchost.exe]
CommandLine = C:\WINDOWS\System32\svchost.exe -k netsvcs

[svchost.exe]
CommandLine = C:\WINDOWS\system32\svchost.exe -k NetworkService

[svchost.exe]
CommandLine = C:\WINDOWS\system32\svchost.exe -k LocalService

[RavMonD.exe]
CommandLine = "d:\Program Files\Rising\Rav\Ravmond.exe"

[rfwsrv.exe]
CommandLine = "g:\Program Files\Rising\Rfw\rfwsrv.exe"

[spoolsv.exe]
CommandLine = C:\WINDOWS\system32\spoolsv.exe

[alg.exe]
CommandLine = C:\WINDOWS\System32\alg.exe

[RavStub.exe]
CommandLine = "d:\Program Files\Rising\Rav\RavStub.exe" /RAVMOND

[svchost.exe]
CommandLine = C:\WINDOWS\System32\svchost.exe -k HTTPFilter

[explorer.exe]
CommandLine = C:\WINDOWS\Explorer.EXE

[rfwmain.exe]
CommandLine =  -StartUp

[wscntfy.exe]
CommandLine = C:\WINDOWS\system32\wscntfy.exe

[ADeck.exe]
CommandLine = "C:\Program Files\VIAudioi\SBADeck\ADeck.exe" 1

[RavTask.exe]
CommandLine = "D:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE" -SYSTEM

[ctfmon.exe]
CommandLine = "C:\WINDOWS\system32\ctfmon.exe"

[RavMon.exe]
CommandLine = "D:\Program Files\Rising\Rav\Ravmon.exe" -SYSTEM

[Dot1XClient.exe]
CommandLine = "C:\Program Files\Huawei-3Com\H3C 802.1X 客户端\Dot1XClient.exe"

[svchost.exe]
CommandLine = C:\WINDOWS\system32\svchost.exe -k imgsvc

[RsAgent.exe]
CommandLine = "d:\Program Files\Rising\Rav\RsAgent.exe"

[agentsvr.exe]
CommandLine = C:\WINDOWS\msagent\AgentSvr.exe -Embedding

[Maxthon.exe]
CommandLine = "G:\Program Files\Maxthon\Maxthon.exe"

[KkScan.exe]
CommandLine = "D:\Program Files\Rising\KakaToolBar\KkScan.exe"

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=%SystemRoot%\system32\blank.htm
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: QQBrowserHelperObject Class - {54EBD53A-9BC1-480B-966A-843A333CA162} - g:\Program Files\Tencent\QQ\QQIEHelper.dll (file missing)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FLASHGET\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\fgiebar.dll (file missing)
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\kakatool.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RfwMain] "g:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [RavTask] "d:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - Startup: desktop.ini =
O4 - Global Startup: desktop.ini =
O8 - Extra context menu item: 使用网际快车下载 - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - D:\Program Files\FlashGet\jc_all.htm
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe (file missing)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra Button: 访问瑞星网站 - {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E444} - http://www.rising.com.cn/?u=RSTB (file missing)
O9 - Extra Button: 访问卡卡社区 - {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E445} - http://www.ikaka.com/?u=RSTB (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AXSafeControls.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1A56C6C-454B-4786-9B58-32FE6381DD3A}: NameServer = 202.103.96.112,202.103.96.68
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll
O18 - Protocol: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O23 - Service: Human Interface Device Access (HidServ) -  - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - g:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - g:\Program Files\Rising\Rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - "d:\Program Files\Rising\Rav\CCenter.exe"
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - "d:\Program Files\Rising\Rav\Ravmond.exe"

高手们帮帮忙啊555555555555555555555555555555555

帮我看看我的电脑到底怎么了5555555555555

【回复“enyahoo”的帖子】
楼主口口声声说中病毒了
病毒文件名称与路径？

Prefetch：预读取文件夹。为了加快文件的访问速度，在WinXP中使用了预读取技术，它会将访问过的文件在该文件夹下生成新的信息（扩展名为PF的文件）。

如果不放心不要管它了！！不过删除了也应该没什么问题吧，至于能不能提高启动速度就不知道了！

我电脑10天前是中病毒了,现在瑞星已经查不出来有病毒了,可是电脑中毒的症状还是没有消失啊,所以我不知道到底是怎么回事???请高手们指点下啊55555

打开网页的速度变慢,游戏无法正常进行,总是进入之后没几分钟就卡住无反应,而通过运行ping ip-t发现网络连接速度没有变化,请教高手如果不是中毒的原因,有可能是电脑那里出问题了?急切盼望高手们的回复!

打开网页的速度变慢,游戏无法正常进行,总是进入之后没几分钟就卡住无反应,而通过运行ping ip-t发现网络连接速度没有变化,请教高手如果不是中毒的原因,有可能是电脑那里出问题了?急切盼望高手们的回复!

Logfile of Kaka v2. 0. 0. 8 Scan Module v2. 0. 0. 1
Scan saved at 14:55:42, on 2006-03-27
Platform: Microsoft Windows XP Professional Service Pack 2 (Build 2600)
MSIE: Internet Explorer v6.00 SP2; (6.00.2900.2180 (xpsp_sp2_rtm.040803-2158))


Running processes:
[smss.exe]
CommandLine =

[csrss.exe]
CommandLine = C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

[winlogon.exe]
CommandLine = winlogon.exe

[services.exe]
CommandLine = C:\WINDOWS\system32\services.exe

[lsass.exe]
CommandLine = C:\WINDOWS\system32\lsass.exe

[svchost.exe]
CommandLine = C:\WINDOWS\system32\svchost -k DcomLaunch

[svchost.exe]
CommandLine = C:\WINDOWS\system32\svchost -k rpcss

[CCenter.exe]
CommandLine = "d:\Program Files\Rising\Rav\CCenter.exe"

[svchost.exe]
CommandLine = C:\WINDOWS\System32\svchost.exe -k netsvcs

[svchost.exe]
CommandLine = C:\WINDOWS\system32\svchost.exe -k NetworkService

[svchost.exe]
CommandLine = C:\WINDOWS\system32\svchost.exe -k LocalService

[RavMonD.exe]
CommandLine = "d:\Program Files\Rising\Rav\Ravmond.exe"

[rfwsrv.exe]
CommandLine = "g:\Program Files\Rising\Rfw\rfwsrv.exe"

[spoolsv.exe]
CommandLine = C:\WINDOWS\system32\spoolsv.exe

[RavStub.exe]
CommandLine = "d:\Program Files\Rising\Rav\RavStub.exe" /RAVMOND

[alg.exe]
CommandLine = C:\WINDOWS\System32\alg.exe

[svchost.exe]
CommandLine = C:\WINDOWS\System32\svchost.exe -k HTTPFilter

[explorer.exe]
CommandLine = C:\WINDOWS\Explorer.EXE

[wscntfy.exe]
CommandLine = C:\WINDOWS\system32\wscntfy.exe

[rfwmain.exe]
CommandLine =  -StartUp

[ADeck.exe]
CommandLine = "C:\Program Files\VIAudioi\SBADeck\ADeck.exe" 1

[RavTask.exe]
CommandLine = "D:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE" -SYSTEM

[RavMon.exe]
CommandLine = "D:\Program Files\Rising\Rav\Ravmon.exe" -SYSTEM

[ctfmon.exe]
CommandLine = "C:\WINDOWS\system32\ctfmon.exe"

[msmsgs.exe]
CommandLine = "C:\Program Files\Messenger\msmsgs.exe" /background

[Dot1XClient.exe]
CommandLine = "D:\Program Files\Huawei-3Com\H3C 802.1X 客户端\Dot1XClient.exe"

[RsAgent.exe]
CommandLine = "D:\Program Files\Rising\Rav\RsAgent.exe"

[agentsvr.exe]
CommandLine = C:\WINDOWS\msagent\AgentSvr.exe -Embedding

[Maxthon.exe]
CommandLine = "G:\Program Files\Maxthon\Maxthon.exe"  "http://www.ikaka.com/"

[KkScan.exe]
CommandLine = "D:\Program Files\Rising\KakaToolBar\KkScan.exe"

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=%SystemRoot%\system32\blank.htm
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: QQBrowserHelperObject Class - {54EBD53A-9BC1-480B-966A-843A333CA162} - g:\Program Files\Tencent\QQ\QQIEHelper.dll (file missing)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FLASHGET\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\fgiebar.dll (file missing)
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\kakatool.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RfwMain] "g:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [RavTask] "d:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - Startup: desktop.ini =
O4 - Global Startup: desktop.ini =
O8 - Extra context menu item: 使用网际快车下载 - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - D:\Program Files\FlashGet\jc_all.htm
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe (file missing)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra Button: 访问瑞星网站 - {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E444} - http://www.rising.com.cn/?u=RSTB (file missing)
O9 - Extra Button: 访问卡卡社区 - {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E445} - http://www.ikaka.com/?u=RSTB (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AXSafeControls.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1A56C6C-454B-4786-9B58-32FE6381DD3A}: NameServer = 202.103.96.112,202.103.96.68
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll
O18 - Protocol: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O23 - Service: Human Interface Device Access (HidServ) -  - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - g:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - g:\Program Files\Rising\Rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - "d:\Program Files\Rising\Rav\CCenter.exe"
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - "d:\Program Files\Rising\Rav\Ravmond.exe"