【求助】瑞星的所有监控已经禁用 bbs.ikaka.com

yexinn - 2006-6-19 14:48:00

瑞星刚才在线升级，正常，可监控伞还是关闭的，打不开任何一个监控
请3楼的朋友帮忙看看
Logfile of HijackThis v1.99.1
Scan saved at 14:37:40, on 2006-06-19
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

ÔËÐÐ½ø³Ì:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
E:\Program Files\Rising\Rav\RavTask.exe
E:\Program Files\Ð¡Ð¡¹¤¾ßºÐ\ToolBox.exe
D:\WINDOWS\System32\ctfmon.exe
E:\Program Files\Rising\Rav\Ravmon.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\rundll32.exe
E:\Program Files\åÛÓÎ(Maxthon) v1.5.2 ÂÌÉ«¼ÓÇ¿°æ By RunHao\Maxthon.exe
E:\Program Files\Rising\Rav\Rav.exe
D:\Documents and Settings\yexin\My Documents\HijackThis v1.99.1 ºº»¯°æ\HijackThis.exe
D:\WINDOWS\System32\wuauclt.exe

O3 - Toolbar: ½ðÉ½¿ìÒë(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - E:\Program Files\Kingsoft\FastAIT 2005\IEBand.dll
O3 - Toolbar: TotalSize Bar - {66FBBF2F-A36F-434F-AAB9-590C0BE6EC53} - e:\Program Files\TotalSize\ExplorerBar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IRUSERSUR] E:\PROGRA~1\IRESEA~1\ICLICK\iResearchiClick.exe -d 120
O4 - HKLM\..\Run: [RavTask] "e:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\RunOnce: [Rav] "e:\Program Files\Rising\Rav\Update\Setup.exe" /UPDATE /ONCE
O4 - HKCU\..\Run: [XKToolBox] E:\Program Files\Ð¡Ð¡¹¤¾ßºÐ\ToolBox.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe
O4 - Startup: systray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Ê¹ÓÃÑ¸À×ÏÂÔØ - D:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - Extra context menu item: &Ê¹ÓÃÑ¸À×ÏÂÔØÈ«²¿Á´½Ó - D:\Program Files\Thunder Network\Thunder\getallurl.htm
O8 - Extra context menu item: Download &All by NetAnts - E:\PROGRA~1\NETANTS\NAGetAll.htm
O8 - Extra context menu item: ÉÏ´«µ½QQÍøÂçÓ²ÅÌ - E:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: Ê¹ÓÃÍø¼Ê¿ì³µÏÂÔØ - E:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Ê¹ÓÃÍø¼Ê¿ì³µÏÂÔØÈ«²¿Á´½Ó - E:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: ²é¿´ Exif ÐÅÏ¢(&V) - res://D:\Program Files\Exif Show\ExShow.dll/EXSHOW.HTML
O8 - Extra context menu item: Ìí¼Óµ½QQ×Ô¶¨ÒåÃæ°å - E:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: Ìí¼Óµ½QQ±íÇé - E:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: Ìí¼Óµ½ÌôÈý¼ðËÄ - RES://D:\WINDOWS\System32\t3j4IEPlus.dll/CONMENU.htm
O8 - Extra context menu item: ÓÃPixHunterÏÂÔØ±¾Ò³ËùÓÐÍ¼Æ¬ - E:\PROGRA~1\Í¼Æ¬ÁÔÈË\GetAllPic.htm
O8 - Extra context menu item: ÓÃPixHunter´Ó±¾Ò³¿ªÊ¼ÏÂÔØÍ¼Æ¬ - E:\PROGRA~1\Í¼Æ¬ÁÔÈË\GetPageUrl.htm
O8 - Extra context menu item: ÓÃÓ°Òô´«ËÍ´øÏÂÔØ - E:\Program Files\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: ÓÃÓ°Òô´«ËÍ´øÏÂÔØÈ«²¿Á´½Ó - E:\Program Files\NetTransport 2\NTAddList.html
O9 - Extra button: ÐÂÀËUC - {2253922F-1B26-4C74-8B57-E3AEE748DBB8} - E:\Program Files\UC\UC.exe
O9 - Extra button: NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - E:\PROGRA~1\NETANTS\NetAnts.exe
O9 - Extra 'Tools' menuitem: &NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - E:\PROGRA~1\NETANTS\NetAnts.exe
O9 - Extra button: ÐÅÏ¢¼ìË÷ - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ½ðÉ½´Ê°Ô - {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} - E:\PROGRA~1\KingSoft\XDict\IEPlugin.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: ÉÁ¿Í¾«Áé - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - e:\Program Files\SourceTec\ÉÁ¿Í¾«Áé\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: ÉÁ¿Í¾«Áé - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - e:\Program Files\SourceTec\ÉÁ¿Í¾«Áé\InternetExplorer.htm
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) - https://www.sz1.cmbchina.com/download/CMBEdit.cab
O16 - DPF: {20C2C286-BDE8-441B-B73D-AFA22D914DA5} (PowerList Control) - http://www.ppstream.com/bin/powerplayer.cab
O16 - DPF: {2354A44B-3CEB-4829-9940-545B03103538} (PowerPlr Control) - http://cge.hn.chinavnet.com/plugin/PowerPlr.ocx
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx
O16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} (WebActivater Control) - http://game.qq.com/QQGame2.cab
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab
O16 - DPF: {E787FD25-8D7C-4693-AE67-9406BC6E22DF} (CPasswordEditCtrl Object) - https://www.tenpay.com/download/qqedit.cab

lansely - 2006-6-19 14:49:00

一般来说是中了病毒病毒把杀毒程序都屏蔽掉的
先把病毒杀了再进行修复
按3楼说的扫日志给他看

mopery - 2006-6-19 14:50:00

..............这么多乱码..................

yexinn - 2006-6-19 14:52:00

Logfile of HijackThis v1.99.1
Scan saved at 14:37:40, on 2006-06-19
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

运行进程:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
E:\Program Files\Rising\Rav\RavTask.exe
E:\Program Files\小小工具盒\ToolBox.exe
D:\WINDOWS\System32\ctfmon.exe
E:\Program Files\Rising\Rav\Ravmon.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\rundll32.exe
E:\Program Files\遨游(Maxthon) v1.5.2 绿色加强版 By RunHao\Maxthon.exe
E:\Program Files\Rising\Rav\Rav.exe
D:\Documents and Settings\yexin\My Documents\HijackThis v1.99.1 汉化版\HijackThis.exe
D:\WINDOWS\System32\wuauclt.exe

O3 - Toolbar: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - E:\Program Files\Kingsoft\FastAIT 2005\IEBand.dll
O3 - Toolbar: TotalSize Bar - {66FBBF2F-A36F-434F-AAB9-590C0BE6EC53} - e:\Program Files\TotalSize\ExplorerBar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IRUSERSUR] E:\PROGRA~1\IRESEA~1\ICLICK\iResearchiClick.exe -d 120
O4 - HKLM\..\Run: [RavTask] "e:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\RunOnce: [Rav] "e:\Program Files\Rising\Rav\Update\Setup.exe" /UPDATE /ONCE
O4 - HKCU\..\Run: [XKToolBox] E:\Program Files\小小工具盒\ToolBox.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe
O4 - Startup: systray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &使用迅雷下载 - D:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - D:\Program Files\Thunder Network\Thunder\getallurl.htm
O8 - Extra context menu item: Download &All by NetAnts - E:\PROGRA~1\NETANTS\NAGetAll.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - E:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用网际快车下载 - E:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - E:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 查看 Exif 信息(&V) - res://D:\Program Files\Exif Show\ExShow.dll/EXSHOW.HTML
O8 - Extra context menu item: 添加到QQ自定义面板 - E:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 添加到挑三拣四 - RES://D:\WINDOWS\System32\t3j4IEPlus.dll/CONMENU.htm
O8 - Extra context menu item: 用PixHunter下载本页所有图片 - E:\PROGRA~1\图片猎人\GetAllPic.htm
O8 - Extra context menu item: 用PixHunter从本页开始下载图片 - E:\PROGRA~1\图片猎人\GetPageUrl.htm
O8 - Extra context menu item: 用影音传送带下载 - E:\Program Files\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: 用影音传送带下载全部链接 - E:\Program Files\NetTransport 2\NTAddList.html
O9 - Extra button: 新浪UC - {2253922F-1B26-4C74-8B57-E3AEE748DBB8} - E:\Program Files\UC\UC.exe
O9 - Extra button: NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - E:\PROGRA~1\NETANTS\NetAnts.exe
O9 - Extra 'Tools' menuitem: &NetAnts - {57E91B47-F40A-11D1-B792-444553540000} - E:\PROGRA~1\NETANTS\NetAnts.exe
O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: 金山词霸 - {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} - E:\PROGRA~1\KingSoft\XDict\IEPlugin.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: 闪客精灵 - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - e:\Program Files\SourceTec\闪客精灵\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: 闪客精灵 - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - e:\Program Files\SourceTec\闪客精灵\InternetExplorer.htm
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) - https://www.sz1.cmbchina.com/download/CMBEdit.cab
O16 - DPF: {20C2C286-BDE8-441B-B73D-AFA22D914DA5} (PowerList Control) - http://www.ppstream.com/bin/powerplayer.cab
O16 - DPF: {2354A44B-3CEB-4829-9940-545B03103538} (PowerPlr Control) - http://cge.hn.chinavnet.com/plugin/PowerPlr.ocx
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.tvkoo.com/update/KooPlayer.ocx
O16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} (WebActivater Control) - http://game.qq.com/QQGame2.cab
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab
O16 - DPF: {E787FD25-8D7C-4693-AE67-9406BC6E22DF} (CPasswordEditCtrl Object) - https://www.tenpay.com/download/qqedit.cab

mopery - 2006-6-19 14:53:00

修复

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

日志没了?

yexinn - 2006-6-19 14:53:00

不好意思，已经转换好了。
已经杀毒，重启后还是不能打开监控

yexinn - 2006-6-19 14:53:00

日志就这些

yexinn - 2006-6-19 14:57:00

修复了06，还是没效果

另外，任务栏右下脚的“找到新硬件”图标，无论如何都没法关闭

附件: 7013552006619144946.JPG

mopery - 2006-6-19 14:58:00

http://forum.ikaka.com/topic.asp?board=28&artid=6979213第4楼下载System Repair Engineer导出全部日志

yexinn - 2006-6-19 15:08:00

智能扫描后
2006-06-19,14:56:03

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 1 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<XKToolBox><E:\Program Files\小小工具盒\ToolBox.exe> [温州市恒古软件工作室作者:胡明湖]
<ctfmon.exe><D:\WINDOWS\System32\ctfmon.exe> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<NvCplDaemon><RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup> [NVIDIA Corporation]
<IRUSERSUR><E:\PROGRA~1\IRESEA~1\ICLICK\iResearchiClick.exe -d 120> [iResearch]
<RavTask><"e:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<Rav><"e:\Program Files\Rising\Rav\Update\Setup.exe" /UPDATE /ONCE> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><D:\WINDOWS\system32\userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><D:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<SysTray><> []
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><D:\WINDOWS\System32\FLOWERZ.SCR> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<AGBMonitor><; e:\Program Files\Antiy Labs\AGB4\Monitor.exe\Monitor.exe> []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<autoRunZgsq><; F:\tools\gls\社区游戏伴侣\社区游戏伴侣 V1.1.exe h> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<BigDogPath><; D:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x> []
<ccenter><; E:\Program Files\rising\Rav\CCenter.exe> [Beijing Rising Technology Co., Ltd.]
<CMESys><; "D:\Program Files\Common Files\CMEII\CMESys.exe"> [The Gator Corporation]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><; D:\WINDOWS\System32\ctfmon.exe> [Microsoft Corporation]
<cu><; e:\Program Files\SeeYou\cu.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<ExFilter><; Rundll32.exe "D:\PROGRA~1\CNNIC\Cdn\cdnspie.dll,ExecFilter solo"> []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<Gadwin PrintScreen 2.6><; E:\Program Files\PrintScreen\PrintScreen.exe /nosplash> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<HealthSystem><; D:\WINDOWS\System32\webidea.exe> []
<HTime><; D:\Program Files\HTime\HTime.exe> []
<IMJPMIG8.1><; "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> []
<Internet Explorer><; IExplorer.exe> []
<ISC><; > []
<ISC_UpDate><; > []
<JrRClean><; D:\Documents and Settings\yexin\My Documents\内存整理圣手 V11.8.exe> []
<KAVRUN><; E:\Program Files\KAV4U金山毒霸绿色移动版 2.0\KAVRUN.EXE> []
<MS-4011 Memory Patch><; F:\tools\Windows XP更新\瑞星独家发布内存补丁.exe -Patch> []
<MyIM><; E:\Program Files\MyIM\MyIM.exe> []
<MyIMLite><; > []
<MyIMLite_UpDate><; > []
<NTdhcp><; D:\WINDOWS\System32\NTdhcp.exe> []
<NvCplDaemon><; RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup> [NVIDIA Corporation]
<NvMediaCenter><; RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit> [NVIDIA Corporation]
<nwiz><; nwiz.exe /install> [NVIDIA Corporation]
<OKPlayer><; NULL> []
<PHIME2002A><; D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation]
<PHIME2002ASync><; D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation]
<popo2004><; > []
<PP><; E:\Program Files\PP\Pp.exe /A> []
<QuickTime Task><; "E:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Computer, Inc.]
<RavMon><; E:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM> [Beijing Rising Technology Co., Ltd.]
<RavTimer><; e:\program files\rising\rav\RavTimer.exe> []
<SoundMan><; SOUNDMAN.EXE> [Avance Logic, Inc.]
<SyGateManager><; E:\Program Files\SyGate\SHN\Sygate.exe> [赛格特（Sygate）技术有限公司]
<TkBellExe><; "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<Trickler><; "d:\documents and settings\yexin\local settings\temp\~vis0000\fsg_4104.exe"> []
<VDRun><; D:\Documents and Settings\yexin\My Documents\虚拟分区魔术师 V2.0\VDMagic\VDMagic.exe /Run> []
<WangWang><; "e:\Program Files\淘宝网\淘宝旺旺\WangWang.EXE"> [淘宝（中国）软件有限公司]
<WindowsUpdate><; D:\WINDOWS\System32\WindowsUpdate.exe> []
<winup><; D:\WINDOWS\System32\winup.exe> []
<WMC_AutoUpdate><; > []
<xFamilyAlarm><; e:\Program Files\xSoft\xFamily\Alarm.exe> []
<zhuying><; F:\tools\视听工具\幻真随心听 V3.6 注册版\幻真随心听 V3.7\hzsxt.exe> []

==================================
启动文件夹
[systray]
<D:\Documents and Settings\yexin\「开始」菜单\程序\启动\systray.exe><N>

==================================
服务
[Adobe LM Service / Adobe LM Service]
<"D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><N/A>
[chatserver88 / chatserver88]
<E:\program files\LTDVAQ\\Chatroom.exe -c:chatserver88 -y><N/A>
[Macromedia Licensing Service / Macromedia Licensing Service]
<"D:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"><N/A>
[NVIDIA Display Driver Service / NVSvc]
<D:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation>
[Remote Packet Capture Protocol v.0 (experimental) / rpcapd]
<"D:\Program Files\WinPcap\rpcapd.exe" -d -f "D:\Program Files\WinPcap\rpcapd.ini"><N/A>
[Rising Process Communication Center / RsCCenter]
<"e:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[SyGateService / SaService]
<E:\Program Files\SyGate\SHN\sgserv.exe><Sygate technologies Inc.>
[SeeYouRC / SeeYouRC]
<"e:\Program Files\SeeYou\rcsvr.exe" -service><N/A>
[3721 / Windows Management Instrumenta]
<D:\WINDOWS\System32\SVCH0ST.EXE -NetSata><N/A>

yexinn - 2006-6-19 15:08:00

==================================
浏览器加载项
[新浪UC]
{2253922F-1B26-4C74-8B57-E3AEE748DBB8} <E:\Program Files\UC\UC.exe, 北京新浪信息技术有限公司>
[NetAnts]
{57E91B47-F40A-11D1-B792-444553540000} <E:\PROGRA~1\NETANTS\NetAnts.exe, >
[信息检索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[JoyoCtrl Class]
{C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} <E:\PROGRA~1\KingSoft\XDict\IEPlugin.dll, >
[FlashGet]
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <E:\PROGRA~1\FLASHGET\flashget.exe, Amaze Soft>
[闪客精灵]
{E19ADC6E-3909-43E4-9A89-B7B676377EE3} <, N/A>
[金山快译(&K)]
{6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} <E:\Program Files\Kingsoft\FastAIT 2005\IEBand.dll, 金山软件股份有限公司>
[TotalSize Bar]
{66FBBF2F-A36F-434F-AAB9-590C0BE6EC53} <e:\Program Files\TotalSize\ExplorerBar.dll, Movax>
[&Radio]
{8E718888-423F-11D2-876E-00A0C9082467} <D:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>
[Edit Class]
{0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <D:\WINDOWS\System32\CMBEdit.dll, >
[PowerList Control]
{20C2C286-BDE8-441B-B73D-AFA22D914DA5} <e:\PROGRA~1\ppStream\POWERL~1.OCX, PPStream.com>
[PowerPlr Control]
{2354A44B-3CEB-4829-9940-545B03103538} <D:\WINDOWS\DOWNLO~1\PowerPlr.ocx, Powerise Digital>
[KooPlayer Control]
{39D420B3-E0EB-424C-89AA-C24F8DE7EF79} <D:\WINDOWS\DOWNLO~1\KOOPLA~1.OCX, viviMedia>
[WebActivater Control]
{3D8F74EE-8692-4F8F-B8D2-7522E732519E} <D:\WINDOWS\System32\WEBACT~1.OCX, QQ>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <D:\WINDOWS\System32\Macromed\Flash\Flash8a.ocx, Macromedia, Inc.>
[Rising Web Scan Object]
{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <D:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[CPasswordEditCtrl Object]
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <D:\WINDOWS\System32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
[&使用迅雷下载]
<D:\Program Files\Thunder Network\Thunder\geturl.htm, N/A>
[&使用迅雷下载全部链接]
<D:\Program Files\Thunder Network\Thunder\getallurl.htm, N/A>
[Download &All by NetAnts]
<E:\PROGRA~1\NETANTS\NAGetAll.htm, N/A>
[上传到QQ网络硬盘]
<E:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[使用网际快车下载]
<E:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
<E:\Program Files\FlashGet\jc_all.htm, N/A>
[查看 Exif 信息(&V)]
<res://D:\Program Files\Exif Show\ExShow.dll/EXSHOW.HTML, N/A>
[添加到QQ自定义面板]
<E:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<E:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[添加到挑三拣四]
<RES://D:\WINDOWS\System32\t3j4IEPlus.dll/CONMENU.htm, N/A>
[用PixHunter下载本页所有图片]
<E:\PROGRA~1\图片猎人\GetAllPic.htm, N/A>
[用PixHunter从本页开始下载图片]
<E:\PROGRA~1\图片猎人\GetPageUrl.htm, N/A>
[用影音传送带下载]
<E:\Program Files\NetTransport 2\NTAddLink.html, N/A>
[用影音传送带下载全部链接]
<E:\Program Files\NetTransport 2\NTAddList.html, N/A>

==================================
正在运行的进程
[PID: 324][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 380][\??\D:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 404][\??\D:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 448][D:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 460][D:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 616][D:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 640][D:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 716][D:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 728][D:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 912][D:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.1699 (xpsp2.050610-1533)>
[PID: 1148][D:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2800.1221 (xpsp2.030511-1403)>
[D:\WINDOWS\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
[e:\Program Files\Antiy Labs\AGB4\AGBCM.dll] <Antiy Labs><3, 0, 0, 0>
[E:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[F:\tools\little\WhoLockMe104\WhoLockMe.dll] <Bitmind><1, 0, 3, 0>
[E:\Program Files\UltraEdit\ue32ctmn.dll] <><1.0>
[e:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[E:\Program Files\MyIM\MyIMSM.dll] <N/A><N/A>
[e:\Program Files\TotalSize\vfs.dll] <Moveax><3.42>
[E:\PROGRA~1\BaiduX\xext.dll] <Baidu><1, 0, 0, 40>
[PID: 1288][E:\Program Files\Rising\Rav\RavTask.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
[E:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[E:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[E:\Program Files\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[E:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[PID: 1304][D:\WINDOWS\System32\ctfmon.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 1320][E:\Program Files\Rising\Rav\Ravmon.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 1, 19>
[E:\Program Files\Rising\Rav\RsGuiLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 24>
[E:\Program Files\Rising\Rav\BWList.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 18>
[E:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[E:\Program Files\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[E:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[E:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[E:\Program Files\Rising\Rav\PngDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 1536][D:\WINDOWS\System32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.7190>
[D:\WINDOWS\System32\NVRSZHC.DLL] <NVIDIA Corporation><6.14.10.7190>
[PID: 1568][D:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 1596][D:\WINDOWS\System32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)>
[PID: 348][D:\WINDOWS\system32\rundll32.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 1016][E:\Program Files\遨游(Maxthon) v1.5.2 绿色加强版 By RunHao\Maxthon.exe] <Maxthon International Ltd.><1, 5, 2, 21>
[E:\Program Files\遨游(Maxthon) v1.5.2 绿色加强版 By RunHao\maxzlib.dll] < ><1, 0, 0, 2>
[E:\Program Files\遨游(Maxthon) v1.5.2 绿色加强版 By RunHao\Services\RealTime\real_time.dll] <><1, 0, 0, 1>
[E:\Program Files\淘宝网\淘宝旺旺\WangWangX.dll] <><1, 0, 0, 1>
[D:\WINDOWS\System32\Macromed\Flash\Flash8a.ocx] <Macromedia, Inc.><8,0,24,0>
[D:\WINDOWS\System32\UNISPIM.IME] <北京清华紫光软件股份有限公司><3.0.0.3045>
[D:\WINDOWS\System32\upengine.dll] <北京清华紫光软件股份有限公司><3.0.0.3045>
[D:\WINDOWS\System32\xunleibho_v14.dll] <Thunder Networking Technologies,LTD><4, 6, 0, 62>
[PID: 2064][E:\Program Files\Rising\Rav\Rav.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 70>
[E:\Program Files\Rising\Rav\PlugIn\RsPgScan.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 17>
[E:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[E:\Program Files\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[E:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[E:\Program Files\Rising\Rav\RavUI.Dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 59>
[E:\Program Files\Rising\Rav\RsGuiLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 24>
[E:\Program Files\Rising\Rav\PngDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[E:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[e:\Program Files\Rising\Rav\Scanner.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 30>
[E:\Program Files\Rising\Rav\BWList.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 18>
[E:\Program Files\Rising\Rav\RavUIMsg.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 24>
[PID: 3464][E:\Program Files\同花顺核新\LiveUpdate.exe] <上海核新软件技术有限公司><2005, 12, 3, 0>
[PID: 4064][D:\WINDOWS\System32\wuauclt.exe] <Microsoft Corporation><5.4.2600.0 (XPClient.010817-1148)>
[PID: 1696][D:\Documents and Settings\yexin\桌面\sreng2\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>

==================================
文件关联
.TXT Error. [NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["D:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

瑞星卡卡安全论坛