瑞星卡卡安全论坛

2006-06-23,11:13:24

System Repair Engineer 2.0.12.350 (2.0 RC 1)
    Windows 2000 Professional Service Pack 4 - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <KuGoo3><; ; "D:\Program Files\KuGoo3\KuGoo.exe">
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <load><>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <Synchronization Manager><; ; mobsync.exe /logon>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <AddrPlus2><; ; RUNDLL32.EXE C:\PROGRA~1\TENCENT\AddrPlus\QAHook.dll,Rundll32>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <BestSoft_Update><; ; C:\Program Files\BestSoft\gsgl\client\GSUP.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <Device Detector><; ; DevDetect.exe -autorun>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <NvCplDaemon><; ; RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <RavTask><; ; "D:\Program Files\Rising\Rav\RavTask.exe" -system>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <shell><EXPLORER.EXE>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <Userinit><C:\WINNT\system32\userinit.exe,>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <AppInit_DLLs><>

log在哪儿？

==================================
启动文件夹
服务
[Aeessdll / Aeess  Bssu]
  <C:\WINNT\vshots.exe><N/A>
[Routing Protect Access / DATEING]
  <C:\WINNT\SYSTEM32\RUNDLL32.EXE C:\WINNT\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A>
[Logical Disk Manager Administrative Service / dmadmin]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>

==================================
浏览器加载项
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx, >
[IeCatch2 Class]
  {A5366673-E8CA-11D3-9CD9-0090271D075B} <C:\PROGRA~1\FLASHGET\jccatch.dll, Amaze Soft>
[扑克]
  {12341234-1234-5678-9012-123456789012} <C:\Documents and Settings\Administrator\「开始」菜单\程序\游戏\开心斗地主--棋牌类游戏.exe, 飞碟网络>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[@msdxmLC.dll,-1@2052,电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\System32\msdxm.ocx, Microsoft Corporation>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINNT\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[Tes Control]
  {13B225B9-387E-445A-A5E8-5355B77822E4} <C:\WINNT\DOWNLO~1\tes.ocx, TCFW>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINNT\system32\wuweb.dll, Microsoft Corporation>
[MUWebControl Class]
  {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINNT\system32\muweb.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\macromed\flash\Flash.ocx, Macromedia, Inc.>
[Ravonline]
  {DA984A6D-508E-11D6-AA49-0050FF3C628D} <C:\WINNT\Downloaded Program Files\RsOnline.dll, Beijing Rising Tech. Co., Ltd.>
[使用网际快车下载]
  <C:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <C:\Program Files\FlashGet\jc_all.htm, N/A>

==================================
正在运行的进程
[PID: 140][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.00.2195.6601>
[PID: 164][\??\C:\WINNT\system32\csrss.exe]  <Microsoft Corporation><5.00.2195.6601>
[PID: 100][\??\C:\WINNT\system32\winlogon.exe]  <Microsoft Corporation><5.00.2195.6898>
[PID: 212][C:\WINNT\system32\services.exe]  <Microsoft Corporation><5.00.2195.6700>
    [C:\WINNT\system32\dmserver.dll]  <VERITAS Software Corp.><2195.6605.297.3>
[PID: 224][C:\WINNT\system32\lsass.exe]  <Microsoft Corporation><5.00.2195.6902>
[PID: 396][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
    [c:\winnt\system32\ddquammh.dll]  <N/A><N/A>
[PID: 444][C:\WINNT\System32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 500][C:\WINNT\system32\spoolsv.exe]  <Microsoft Corporation><5.00.2195.7059>
    [C:\WINNT\system32\spool\DRIVERS\W32X86\3\LEULJ03A.DLL]  <Brother Industries Ltd.><1.66>
    [C:\WINNT\system32\spool\DRIVERS\W32X86\3\LELLJ03A.DLL]  <Brother Industries Ltd.><1.66>
    [C:\WINNT\system32\spool\DRIVERS\W32X86\3\LENLJ03A.DLL]  <Brother Industries Ltd.><1.66>
[PID: 596][C:\WINNT\system32\MSTask.exe]  <Microsoft Corporation><4.71.2195.6704>
[PID: 676][C:\WINNT\system32\stisvc.exe]  <Microsoft Corporation><5.00.2195.6656>
[PID: 736][C:\WINNT\System32\WBEM\WinMgmt.exe]  <Microsoft Corporation><1.50.1085.0100>
[PID: 752][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 308][C:\WINNT\Explorer.EXE]  <Microsoft Corporation><5.00.3700.6690>
    [C:\WINNT\system32\~bNvD5b.dll]  <N/A><N/A>
    [C:\WINNT\system32\RavExt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
    [C:\PROGRA~1\FLASHGET\jccatch.dll]  <Amaze Soft><1, 1, 4, 0>
    [D:\Program Files\Rising\Rav\RavScrCh.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
    [C:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
    [D:\PROGRA~1\3721\ske\contmenu.dll]  <N/A><N/A>
    [C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx]  <><1, 0, 0, 1>
    [C:\WINNT\system32\nvshell.dll]  <NVIDIA Corporation><6.14.10.6681>
[PID: 1096][C:\远程终端\远程终端.EXE]  <N/A><N/A>
    [c:\远程终端\foxcons.dll]  <N/A><N/A>
    [C:\WINNT\system32\~bNvD5b.dll]  <N/A><N/A>
[PID: 1064][C:\Program Files\BestSoft\gsgl\client\gsgl.exe]  <N/A><N/A>
    [C:\Program Files\BestSoft\gsgl\client\PBVM80.dll]  <Sybase Inc.><8.0.3.9704>
    [C:\Program Files\BestSoft\gsgl\client\libjcc.dll]  <N/A><N/A>
    [C:\Program Files\BestSoft\gsgl\client\libjsybHeap.dll]  <N/A><N/A>
    [C:\WINNT\system32\~bNvD5b.dll]  <N/A><N/A>
    [C:\Program Files\BestSoft\gsgl\client\pbO8480.dll]  <Sybase Inc.><8.0.3.9704>
    [C:\Program Files\BestSoft\gsgl\client\ORACLIENT\BIN\OCI.DLL]  <Oracle Corporation><9.2.0.1.0>
    [C:\Program Files\BestSoft\gsgl\client\ORACLIENT\BIN\OraClient9.Dll]  <Oracle Corporation><9.2.0.1.0 Production >
    [C:\Program Files\BestSoft\gsgl\client\ORACLIENT\BIN\oracore9.dll]  <Oracle Corporation><9.2.0.1.0 Production>
    [C:\Program Files\BestSoft\gsgl\client\ORACLIENT\BIN\oranls9.dll]  <Oracle Corporation><9.2.0.1.0 Production>

[C:\Program Files\BestSoft\gsgl\client\ORACLIENT\BIN\oraunls9.dll]  <Oracle Corporation><9.2.0.1.0 Production>
    [C:\Program Files\BestSoft\gsgl\client\ORACLIENT\BIN\oravsn9.dll]  <Oracle Corporation><9.2.0.1.0 Production >
    [C:\Program Files\BestSoft\gsgl\client\ORACLIENT\BIN\oracommon9.dll]  <Oracle Corporation><9.2.0.1.0 Production >
    [C:\Program Files\BestSoft\gsgl\client\ORACLIENT\BIN\orageneric9.dll]  <Oracle Corporation><9.2.0.1.0 Production >
    [C:\Program Files\BestSoft\gsgl\client\ORACLIENT\BIN\oraxml9.dll]  <Oracle Corporation><>
    [C:\Program Files\BestSoft\gsgl\client\ORACLIENT\BIN\oraxsd9.dll]  <Oracle Corporation><>
    [C:\Program Files\BestSoft\gsgl\client\ORACLIENT\BIN\orannzsbb9.dll]  <Oracle Corporation><9.2.0.1.0 Production>
    [C:\Program Files\BestSoft\gsgl\client\ORACLIENT\BIN\oran9.dll]  <Oracle Corporation><9.2.0.1.0 Production>
    [C:\Program Files\BestSoft\gsgl\client\ORACLIENT\BIN\oranl9.dll]  <Oracle Corporation><9.2.0.1.0 Production>
    [C:\Program Files\BestSoft\gsgl\client\ORACLIENT\BIN\oranldap9.dll]  <Oracle Corporation><9.2.0.1.0 Production>
    [C:\Program Files\BestSoft\gsgl\client\ORACLIENT\BIN\oraldapclnt9.dll]  <Oracle Corporation><9.2.0.1.0 Production>
    [C:\Program Files\BestSoft\gsgl\client\ORACLIENT\BIN\orancrypt9.dll]  <Oracle Corporation><9.2.0.1.0 Production>
    [C:\Program Files\BestSoft\gsgl\client\ORACLIENT\BIN\ORATRACE9.dll]  <N/A><N/A>
    [C:\Program Files\BestSoft\gsgl\client\ORACLIENT\BIN\oranro9.dll]  <Oracle Corporation><9.2.0.1.0 Production>
    [C:\Program Files\BestSoft\gsgl\client\ORACLIENT\BIN\oranhost9.dll]  <Oracle Corporation><9.2.0.1.0 Production>
    [C:\Program Files\BestSoft\gsgl\client\ORACLIENT\BIN\oranoname9.dll]  <Oracle Corporation><9.2.0.1.0 Production>
    [C:\Program Files\BestSoft\gsgl\client\ORACLIENT\BIN\orancds9.dll]  <Oracle Corporation><9.2.0.1.0 Production>
    [C:\Program Files\BestSoft\gsgl\client\ORACLIENT\BIN\orantns9.dll]  <Oracle Corporation><9.2.0.1.0 Production>
    [C:\Program Files\BestSoft\gsgl\client\ORACLIENT\BIN\oranms.dll]  <Oracle Corporation><9.2.0.0.0>
    [C:\Program Files\BestSoft\gsgl\client\ORACLIENT\BIN\oranmsp.dll]  <Oracle Corporation><9.2.0.0.0>
    [C:\Program Files\BestSoft\gsgl\client\ORACLIENT\BIN\orapls9.dll]  <Oracle Corporation><9.2.0.1.0 Production >
    [C:\Program Files\BestSoft\gsgl\client\ORACLIENT\BIN\oraslax9.dll]  <Oracle Corporation><9.2.0.1.0 Production>
    [C:\Program Files\BestSoft\gsgl\client\ORACLIENT\BIN\orasnls9.dll]  <Oracle Corporation><9.2.0.1.0 Production>
    [C:\Program Files\BestSoft\gsgl\client\ORACLIENT\BIN\orawtc9.dll]  <Oracle Corporation><9.2.0.1.0 Production >
    [C:\Program Files\BestSoft\gsgl\client\ORACLIENT\BIN\orasql9.dll]  <Oracle Corporation><9.2.0.1.0 Production>
    [C:\Program Files\BestSoft\gsgl\client\ORACLIENT\bin\orantcp9.dll]  <Oracle Corporation><9.2.0.1.0 Production>
[PID: 1132][C:\Program Files\BestSoft\gsgl\client\gsgl_wzgl.exe]  <N/A><N/A>
    [C:\Program Files\BestSoft\gsgl\client\PBVM80.dll]  <Sybase Inc.><8.0.3.9704>
    [C:\Program Files\BestSoft\gsgl\client\libjcc.dll]  <N/A><N/A>
    [C:\Program Files\BestSoft\gsgl\client\libjsybHeap.dll]  <N/A><N/A>
    [C:\WINNT\system32\~bNvD5b.dll]  <N/A><N/A>
    [C:\Program Files\BestSoft\gsgl\client\pbO8480.dll]  <Sybase Inc.><8.0.3.9704>
    [C:\Program Files\BestSoft\gsgl\client\ORACLIENT\BIN\OCI.DLL]  <Oracle Corporation><9.2.0.1.0>
    [C:\Program Files\BestSoft\gsgl\client\ORACLIENT\BIN\OraClient9.Dll]  <Oracle Corporation><9.2.0.1.0 Production >
    [C:\Program Files\BestSoft\gsgl\client\ORACLIENT\BIN\oracore9.dll]  <Oracle Corporation><9.2.0.1.0 Production>
    [C:\Program Files\BestSoft\gsgl\client\ORACLIENT\BIN\oranls9.dll]  <Oracle Corporation><9.2.0.1.0 Production>
    [C:\Program Files\BestSoft\gsgl\client\ORACLIENT\BIN\oraunls9.dll]  <Oracle Corporation><9.2.0.1.0 Production>
    [C:\Program Files\BestSoft\gsgl\client\ORACLIENT\BIN\oravsn9.dll]  <Oracle Corporation><9.2.0.1.0 Production >
    [C:\Program Files\BestSoft\gsgl\client\ORACLIENT\BIN\oracommon9.dll]  <Oracle Corporation><9.2.0.1.0 Production >
    [C:\Program Files\BestSoft\gsgl\client\ORACLIENT\BIN\orageneric9.dll]  <Oracle Corporation><9.2.0.1.0 Production >
    [C:\Program Files\BestSoft\gsgl\client\ORACLIENT\BIN\oraxml9.dll]  <Oracle Corporation><>
    [C:\Program Files\BestSoft\gsgl\client\ORACLIENT\BIN\oraxsd9.dll]  <Oracle Corporation><>
    [C:\Program Files\BestSoft\gsgl\client\ORACLIENT\BIN\orannzsbb9.dll]  <Oracle Corporation><9.2.0.1.0 Production>
    [C:\Program Files\BestSoft\gsgl\client\ORACLIENT\BIN\oran9.dll]  <Oracle Corporation><9.2.0.1.0 Production>
    [C:\Program Files\BestSoft\gsgl\client\ORACLIENT\BIN\oranl9.dll]  <Oracle Corporation><9.2.0.1.0 Production>
    [C:\Program Files\BestSoft\gsgl\client\ORACLIENT\BIN\oranldap9.dll]  <Oracle Corporation><9.2.0.1.0 Production>
    [C:\Program Files\BestSoft\gsgl\client\ORACLIENT\BIN\oraldapclnt9.dll]  <Oracle Corporation><9.2.0.1.0 Production>
    [C:\Program Files\BestSoft\gsgl\client\ORACLIENT\BIN\orancrypt9.dll]  <Oracle Corporation><9.2.0.1.0 Production>
    [C:\Program Files\BestSoft\gsgl\client\ORACLIENT\BIN\ORATRACE9.dll]  <N/A><N/A>
    [C:\Program Files\BestSoft\gsgl\client\ORACLIENT\BIN\oranro9.dll]  <Oracle Corporation><9.2.0.1.0 Production>
    [C:\Program Files\BestSoft\gsgl\client\ORACLIENT\BIN\oranhost9.dll]  <Oracle Corporation><9.2.0.1.0 Production>
    [C:\Program Files\BestSoft\gsgl\client\ORACLIENT\BIN\oranoname9.dll]  <Oracle Corporation><9.2.0.1.0 Production>
    [C:\Program Files\BestSoft\gsgl\client\ORACLIENT\BIN\orancds9.dll]  <Oracle Corporation><9.2.0.1.0 Production>
    [C:\Program Files\BestSoft\gsgl\client\ORACLIENT\BIN\orantns9.dll]  <Oracle Corporation><9.2.0.1.0 Production>
    [C:\Program Files\BestSoft\gsgl\client\ORACLIENT\BIN\oranms.dll]  <Oracle Corporation><9.2.0.0.0>
    [C:\Program Files\BestSoft\gsgl\client\ORACLIENT\BIN\oranmsp.dll]  <Oracle Corporation><9.2.0.0.0>
    [C:\Program Files\BestSoft\gsgl\client\ORACLIENT\BIN\orapls9.dll]  <Oracle Corporation><9.2.0.1.0 Production >
    [C:\Program Files\BestSoft\gsgl\client\ORACLIENT\BIN\oraslax9.dll]  <Oracle Corporation><9.2.0.1.0 Production>
    [C:\Program Files\BestSoft\gsgl\client\ORACLIENT\BIN\orasnls9.dll]  <Oracle Corporation><9.2.0.1.0 Production>
    [C:\Program Files\BestSoft\gsgl\client\ORACLIENT\BIN\orawtc9.dll]  <Oracle Corporation><9.2.0.1.0 Production >
    [C:\Program Files\BestSoft\gsgl\client\ORACLIENT\BIN\orasql9.dll]  <Oracle Corporation><9.2.0.1.0 Production>
    [C:\Program Files\BestSoft\gsgl\client\ORACLIENT\bin\orantcp9.dll]  <Oracle Corporation><9.2.0.1.0 Production>
    [C:\Program Files\BestSoft\gsgl\client\IMW32D40.dll]  <Pegasus Software, LLC.><4.00>
    [C:\Program Files\BestSoft\gsgl\client\pbdwe80.dll]  <Sybase Inc.><8.0.3.9704>
    [C:\WINNT\system32\JPWB.IME]  <常诚研制><4.00.950>
    [C:\WINNT\system32\spool\DRIVERS\W32X86\3\LEULJ03A.DLL]  <Brother Industries Ltd.><1.66>
    [C:\WINNT\system32\spool\DRIVERS\W32X86\3\LELLJ03A.DLL]  <Brother Industries Ltd.><1.66>
    [C:\WINNT\system32\spool\DRIVERS\W32X86\3\LENLJ03A.DLL]  <Brother Industries Ltd.><1.66>
[PID: 1044][C:\远程终端\远程终端.EXE]  <N/A><N/A>
    [C:\WINNT\system32\~bNvD5b.dll]  <N/A><N/A>
    [c:\远程终端\foxcons.dll]  <N/A><N/A>
[PID: 532][C:\远程终端\远程终端.EXE]  <N/A><N/A>
    [c:\远程终端\foxcons.dll]  <N/A><N/A>
    [C:\WINNT\system32\~bNvD5b.dll]  <N/A><N/A>
[PID: 1052][C:\WINNT\system32\wuauclt.exe]  <Microsoft Corporation><5.8.0.2469 built by: lab01_n(wmbla)>
    [C:\WINNT\system32\~bNvD5b.dll]  <N/A><N/A>
[PID: 740][G:\sreng2\SREng.exe]  <Smallfrogs Studio><2.0.12.350>
    [C:\WINNT\system32\~bNvD5b.dll]  <N/A><N/A>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  Error. [超级解霸3000]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

C:\远程终端\远程终端.EXE，这个是否是你安装的？
如果不是，要删除的。
运行System Repair Engineer，点“启动项目，服务，点“Win32服务应用程序”勾选“隐藏微软服务”选中病毒服务Aeessdll，Routing Protect Access 选择“删除服务”点“设置”选择“否”最后重启。（每一个逗号隔开的就是一个病毒的服务，请逐一删除）
重启后
双击我的电脑，工具，文件夹选项，查看，单击选取"显示隐藏文件或文件夹"清除"隐藏受保护的操作系统文件（推荐）"复选框。在提示确定更改时，单击“是”，清除“隐藏已知文件类型的扩展名
删除
C:\WINNT\SYSTEM32\WBEM\IRJIT.DLL
C:\WINNT\vshots.exe

【回复“我无邪”的帖子】找不到C:\WINNT\SYSTEM32\WBEM\IRJIT.DLL
C:\WINNT\vshots.exe这两个文件.

这是最新的扫描结果:2006-06-23,15:14:02

System Repair Engineer 2.0.12.350 (2.0 RC 1)
    Windows 2000 Professional Service Pack 4 - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <KuGoo3><; ; "D:\Program Files\KuGoo3\KuGoo.exe">
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <load><>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <Synchronization Manager><mobsync.exe /logon>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <AddrPlus2><; ; RUNDLL32.EXE C:\PROGRA~1\TENCENT\AddrPlus\QAHook.dll,Rundll32>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <BestSoft_Update><; ; C:\Program Files\BestSoft\gsgl\client\GSUP.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <Device Detector><; ; DevDetect.exe -autorun>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <NvCplDaemon><; ; RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <RavTask><; ; "D:\Program Files\Rising\Rav\RavTask.exe" -system>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <shell><EXPLORER.EXE>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <Userinit><C:\WINNT\system32\userinit.exe,>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <AppInit_DLLs><>

==================================
启动文件夹
服务
[Logical Disk Manager Administrative Service / dmadmin]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>

==================================
浏览器加载项
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx, >
[IeCatch2 Class]
  {A5366673-E8CA-11D3-9CD9-0090271D075B} <C:\PROGRA~1\FLASHGET\jccatch.dll, Amaze Soft>
[扑克]
  {12341234-1234-5678-9012-123456789012} <C:\Documents and Settings\Administrator\「开始」菜单\程序\游戏\开心斗地主--棋牌类游戏.exe, 飞碟网络>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[@msdxmLC.dll,-1@2052,电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\System32\msdxm.ocx, Microsoft Corporation>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft>
[卡卡上网安全助手]

  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINNT\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[Tes Control]
  {13B225B9-387E-445A-A5E8-5355B77822E4} <C:\WINNT\DOWNLO~1\tes.ocx, TCFW>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINNT\system32\wuweb.dll, Microsoft Corporation>
[MUWebControl Class]
  {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINNT\system32\muweb.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\macromed\flash\Flash.ocx, Macromedia, Inc.>
[Ravonline]
  {DA984A6D-508E-11D6-AA49-0050FF3C628D} <C:\WINNT\Downloaded Program Files\RsOnline.dll, Beijing Rising Tech. Co., Ltd.>
[使用网际快车下载]
  <C:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <C:\Program Files\FlashGet\jc_all.htm, N/A>

==================================
正在运行的进程
[PID: 140][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.00.2195.6601>
[PID: 164][\??\C:\WINNT\system32\csrss.exe]  <Microsoft Corporation><5.00.2195.6601>
[PID: 100][\??\C:\WINNT\system32\winlogon.exe]  <Microsoft Corporation><5.00.2195.6898>
[PID: 212][C:\WINNT\system32\services.exe]  <Microsoft Corporation><5.00.2195.6700>
    [C:\WINNT\system32\dmserver.dll]  <VERITAS Software Corp.><2195.6605.297.3>
[PID: 224][C:\WINNT\system32\lsass.exe]  <Microsoft Corporation><5.00.2195.6902>
[PID: 396][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
    [c:\winnt\system32\ddquammh.dll]  <N/A><N/A>
[PID: 444][C:\WINNT\System32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 500][C:\WINNT\system32\spoolsv.exe]  <Microsoft Corporation><5.00.2195.7059>
[PID: 564][C:\WINNT\system32\MSTask.exe]  <Microsoft Corporation><4.71.2195.6704>
[PID: 620][C:\WINNT\system32\stisvc.exe]  <Microsoft Corporation><5.00.2195.6656>
[PID: 692][C:\WINNT\System32\WBEM\WinMgmt.exe]  <Microsoft Corporation><1.50.1085.0100>
[PID: 732][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 968][C:\WINNT\Explorer.EXE]  <Microsoft Corporation><5.00.3700.6690>
    [C:\WINNT\system32\~bNvD5b.dll]  <N/A><N/A>
    [C:\WINNT\system32\nvshell.dll]  <NVIDIA Corporation><6.14.10.6681>
    [C:\WINNT\System\cmicnfg.cpl]  <C-Media Corporation><1, 0, 41, 6>
    [C:\WINNT\system32\nvtuicpl.cpl]  <NVIDIA Corporation><6.14.10.6681>
    [C:\WINNT\system32\NVWRSZHC.DLL]  <NVIDIA Corporation><6.14.10.6681>
    [C:\WINNT\system32\RavExt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
    [C:\PROGRA~1\FLASHGET\jccatch.dll]  <Amaze Soft><1, 1, 4, 0>
    [C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx]  <><1, 0, 0, 1>
[PID: 1012][C:\Program Files\Internet Explorer\iexplore.exe]  <Microsoft Corporation><6.00.2800.1106>
    [C:\WINNT\system32\kakatool.dll]  <Beijing Rising Technology Co., Ltd.><2, 0, 0, 8>
    [C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx]  <><1, 0, 0, 1>
    [C:\PROGRA~1\FLASHGET\jccatch.dll]  <Amaze Soft><1, 1, 4, 0>
    [C:\WINNT\system32\~bNvD5b.dll]  <N/A><N/A>
    [D:\Program Files\Rising\Rav\RavScrCh.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
    [C:\WINNT\system32\macromed\flash\Flash.ocx]  <Macromedia, Inc.><7,0,19,0>
[PID: 1056][G:\sreng2\SREng.exe]  <Smallfrogs Studio><2.0.12.350>
    [C:\WINNT\system32\~bNvD5b.dll]  <N/A><N/A>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  Error. [超级解霸3000]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

似乎没有问题了
你的系统还有什么异常吗

没有异常,谢谢,只是还是任务管理器进不去。

任务管理器的问题
开始，运行，gpedit.msc，到这里找找相关的选项。

请问C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
这三个进程是什么?谢谢

这三个是正常的系统进程，你可以百度一下

谢谢

C:\WINNT\system32\~bNvD5b.dll
c:\winnt\system32\ddquammh.dll

这两个比较可疑？能打包发到我的邮箱吗？

第二个文件找不到,