注册表能修复吗？（中过橙色八月Ⅱ） bbs.ikaka.com

cc300cc300 - 2006-8-25 22:35:00

尊敬的客户，您好！
您的邮件已经收到，感谢您对瑞星的支持。希望下面提供的信息或方案能带给你帮助：

请您先将您的瑞星软件升级到最新版本并且打开监控中心全盘杀毒，在正常情况下无法杀死，请到安全模式下查杀。然后请您进入安全模式，把文件夹选项设置成：勾选“显示所有文件和文件夹”，并把“隐藏受保护的操作系统文件”之前的小勾去掉，全盘查找以下文件：
MSWSA32.EXE
C:\WINDOWS\WINAMPA.EXE
C:\WINDOWS\SYSTEM32\DATETIME1.EXE

搜索文件的步骤如下：
1、在windows任务栏上，单击“开始”>“搜索”
2、单击“所有文件和文件夹”
3、在“全部或部分文件名”框中，键入所要查找的文件名
4、确定“搜索范围”设置为“本地硬盘”
5、展开“更多高级选项”，勾选“搜索系统文件夹”，勾选“搜索隐藏的文件夹”，勾选“搜索子文件夹”
6、单击“搜索”
7、如果要求查找的文件不止一个，请重复步骤3－6找出其他文件
8、请您将查找到的全部文件，通过登陆『邮件服务中心』(http://up.rising.com.cn/webmail/index.htm)进行提交，谢谢您的合作！

更多产品支持,请登陆客户服务网站:http://csc.rising.com.cn
提醒：为保证收到您的来信，请勿直接回复本邮件!!!
------------------------------------------------------
服务单位：瑞星·客户服务中心
工程师：CSC025
电话服务：(010)82678800
发送邮件：请用IE等浏览器访问网址 http://csc.rising.com.cn
------------------------------------------------------

> 您在来信中提到的问题：
=============================================================

cc300cc300 - 2006-8-25 22:36:00

那个DATETIME1.EXE已经被杀了瑞星版本的更新我是作了贡献的啊

cc300cc300 - 2006-8-25 22:38:00

斑竹要是工程师就交交我把，免得我还要等到明天，咨询，这两天你不知道我的辛苦啊？

cc300cc300 - 2006-8-25 22:39:00

要是懂点注册表的来发表一下也行啊

cc300cc300 - 2006-8-25 22:42:00

晕，这里就斑竹一个人啊，都是只看看旧走的人。。。。

cc300cc300 - 2006-8-25 22:43:00

学学QQ论坛啊，我再怎么说也是是支持正版瑞星的用户啊。

cc300cc300 - 2006-8-25 22:50:00

html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>瑞星听诊器4.3 分析信息</title>
</head>
<body style="HEIGHT: 800px" leftMargin=0 topMargin=0 text=#30A040 bgcolor=#000000 link=#00c0c0 vlink=#00e0e0 alink=#00FFFF > 未知家族病毒分析 扫描结果:<blockquote>无可疑文件 </blockquote> 系统活动进程 C:\windows\SYSTEM32\SMSS.EXE<blockquote></blockquote>C:\WINDOWS\SYSTEM32\CSRSS.EXE<blockquote></blockquote>C:\WINDOWS\SYSTEM32\WINLOGON.EXE<blockquote>C:\WINDOWS\SYSTEM32\WDMAUD.DRV C:\WINDOWS\SYSTEM32\MSACM32.DRV </blockquote>C:\WINDOWS\SYSTEM32\SERVICES.EXE<blockquote></blockquote>C:\WINDOWS\SYSTEM32\LSASS.EXE<blockquote></blockquote>C:\WINDOWS\SYSTEM32\SVCHOST.EXE<blockquote></blockquote>C:\WINDOWS\SYSTEM32\SVCHOST.EXE<blockquote></blockquote>C:\WINDOWS\SYSTEM32\SVCHOST.EXE<blockquote></blockquote>C:\WINDOWS\EXPLORER.EXE<blockquote>C:\WINDOWS\SYSTEM32\WDMAUD.DRV C:\WINDOWS\SYSTEM32\MSACM32.DRV C:\WINDOWS\SYSTEM32\MP3INFP.DLL C:\WINDOWS\SYSTEM32\NVCPL.DLL C:\WINDOWS\SYSTEM32\NVSHELL.DLL C:\WINDOWS\SYSTEM32\NVWRSZHC.DLL D:\迅雷5\COMDLLS\XUNLEIBHO_002.DLL C:\WINDOWS\SYSTEM32\RAVEXT.DLL C:\PROGRAM FILES\WINRAR\RAREXT.DLL </blockquote>C:\PROGRAM FILES\RISING\RFW\RFWSRV.EXE<blockquote>C:\PROGRAM FILES\RISING\RFW\RFWRULE.DLL C:\PROGRAM FILES\RISING\RFW\RFWLOG.DLL C:\PROGRAM FILES\RISING\RFW\RFWDRV.DLL C:\PROGRAM FILES\RISING\RFW\PSAPI.DLL C:\PROGRAM FILES\RISING\RFW\MONDRV.DLL C:\PROGRAM FILES\RISING\RFW\PROCLIB.DLL C:\PROGRAM FILES\RISING\RFW\MPORTS.DLL </blockquote>C:\PROGRAM FILES\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.EXE<blockquote></blockquote>C:\PROGRAM FILES\RISING\RFW\RFWMAIN.EXE<blockquote>C:\PROGRAM FILES\RISING\RFW\RSGUILIB.DLL C:\PROGRAM FILES\RISING\RFW\RSCOMMON.DLL C:\PROGRAM FILES\RISING\RFW\PNGDLL.DLL C:\PROGRAM FILES\RISING\RFW\PSAPI.DLL </blockquote>C:\WINDOWS\SYSTEM32\SPOOLSV.EXE<blockquote></blockquote>C:\WINDOWS\SYSTEM32\NVSVC32.EXE<blockquote></blockquote>D:\QQ2006\QQPET\QQPET.EXE<blockquote>C:\WINDOWS\SYSTEM32\ODBCBCP.DLL D:\QQ2006\QQPET\QQPETRESDOWNLOAD.DLL D:\QQ2006\QQPET\QQPETCOMMUNITY.DLL C:\WINDOWS\SYSTEM32\MACROMED\FLASH\FLASH8B.OCX C:\WINDOWS\SYSTEM32\WDMAUD.DRV C:\WINDOWS\SYSTEM32\MSACM32.DRV E:\瑞星\RISING\RAV\RAVSCRCH.DLL </blockquote>D:\QQ2006\QQ.EXE<blockquote>D:\QQ2006\QQBASECLASSINDLL.DLL D:\QQ2006\QQHELPERDLL.DLL D:\QQ2006\BASICCTRLDLL.DLL D:\QQ2006\MFC42.DLL D:\QQ2006\RICHED32.DLL D:\QQ2006\RICHED20.DLL D:\QQ2006\QQAPI.DLL D:\QQ2006\TIMPROXY.DLL D:\QQ2006\LOGINCTRL.DLL D:\QQ2006\NPKCNTC.DLL D:\QQ2006\NPKPDB.DLL D:\QQ2006\QQRES.DLL D:\QQ2006\QQMAINFRAME.DLL D:\QQ2006\CQQAPPLICATION.DLL D:\QQ2006\NEWSKIN.DLL D:\QQ2006\HOSTINGMGR.DLL D:\QQ2006\CAMERADLL.DLL D:\QQ2006\MAILSUMMARY.DLL D:\QQ2006\QQSPACE.DLL D:\QQ2006\VBSCRIPT.DLL D:\QQ2006\QQGROUPMNG.DLL D:\QQ2006\GROUPLIVE.DLL D:\QQ2006\USERDEFINEDHEAD.DLL D:\QQ2006\QQPLUGIN.DLL D:\QQ2006\QQCONFIGPLUGIN.DLL D:\QQ2006\QQAVATAR.DLL D:\QQ2006\FLASHAVATARDLL.DLL D:\QQ2006\QRINGMNG.DLL D:\QQ2006\PHONEAPI.DLL D:\QQ2006\DIALERALLINONE.DLL C:\WINDOWS\SYSTEM32\WDMAUD.DRV C:\WINDOWS\SYSTEM32\MSACM32.DRV D:\QQ2006\LONGCONNECTION.DLL D:\QQ2006\QQPET.DLL C:\WINDOWS\SYSTEM32\RAVEXT.DLL D:\QQ2006\QQSYSMSGMNG.DLL D:\QQ2006\BQQAPPLICATION.DLL D:\QQ2006\QQALLINONE.DLL D:\QQ2006\SCCORE.DLL D:\QQ2006\QQCUSTOMFACE.DLL D:\QQ2006\GDIPLUS.DLL C:\WINDOWS\SYSTEM32\MSADP32.ACM D:\QQ2006\COMMERCESMNG.DLL D:\QQ2006\PERSONALDESKTOP.DLL D:\QQ2006\QQUDPGETFILELIB.DLL D:\QQ2006\QQADDR.DLL D:\QQ2006\QQSCENEMNG.DLL D:\QQ2006\QQPHONEHELPER.DLL D:\QQ2006\IMAGEOLE.DLL C:\WINDOWS\SYSTEM32\MACROMED\FLASH\FLASH8B.OCX D:\QQ2006\GROUPCONNECTION.DLL </blockquote>D:\QQ2006\TIMPLATFORM.EXE<blockquote>D:\QQ2006\TIMPROXY.DLL </blockquote>C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE<blockquote>C:\WINDOWS\SYSTEM32\KAKATOOL.DLL D:\QQ2006\QQIEHELPER.DLL D:\迅雷5\COMDLLS\XUNLEIBHO_002.DLL E:\瑞星\RISING\RAV\RAVSCRCH.DLL C:\WINDOWS\SYSTEM32\WDMAUD.DRV C:\WINDOWS\SYSTEM32\MSACM32.DRV C:\WINDOWS\SYSTEM32\MACROMED\FLASH\FLASH8B.OCX </blockquote>E:\RAV\RSDETECT.EXE<blockquote></blockquote> 普通自启动项

cc300cc300 - 2006-8-25 22:50:00

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run<blockquote>PHIME2002ASync = C:\WINDOWS\SYSTEM32\IME\TINTLGNT\TINTSETP.EXE /SYNC PHIME2002A = C:\WINDOWS\SYSTEM32\IME\TINTLGNT\TINTSETP.EXE /IMENAME nwiz = NWIZ.EXE /INSTALL SpeedTouch USB Diagnostics = "C:\PROGRAM FILES\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.EXE" /ICON RavTask = "E:\瑞星\RISING\RAV\RAVTASK.EXE" -SYSTEM RfwMain = "C:\PROGRAM FILES\RISING\RFW\RFWMAIN.EXE" -STARTUP NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\SYSTEM32\NVCPL.DLL,NVSTARTUP </blockquote>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices<blockquote>MS Windows System Alert = MSWSA32.EXE </blockquote> AppInit_DLLs HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows<blockquote>AppInit_DLLs = </blockquote> 系统文件关联 .exe ==> exefile = "%1" %* .com ==> comfile = "%1" %* .cmd ==> cmdfile = "%1" %* .bat ==> batfile = "%1" %* .txt ==> txtfile = %SystemRoot%\system32\NOTEPAD.EXE %1 .scr ==> scrfile = "%1" /S .reg ==> regfile = regedit.exe "%1" .doc ==> WordPad.Document.1 = "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" 其它启动项 WIN.INI<blockquote>无信息 </blockquote>SYSTEM.INI<blockquote>SHELL = EXPLORER.EXE </blockquote> Winlogon 启动项 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify<blockquote>crypt32chain = CRYPT32.DLL cryptnet = CRYPTNET.DLL cscdll = CSCDLL.DLL ScCertProp = WLNOTIFY.DLL Schedule = WLNOTIFY.DLL sclgntfy = SCLGNTFY.DLL SensLogn = WLNOTIFY.DLL termsrv = WLNOTIFY.DLL wlballoon = WLNOTIFY.DLL </blockquote>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon<blockquote>Userinit = "C:\WINDOWS\SYSTEM32\USERINIT.EXE," shell = EXPLORER.EXE </blockquote> IE - BHO HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects<blockquote>{54EBD53A-9BC1-480B-966A-843A333CA162} = D:\QQ2006\QQIEHelper.dll {889D2FEB-5411-4565-8998-1DD2C5261283} = D:\迅雷5\ComDlls\XunLeiBHO_002.dll </blockquote> Winsock SPI MSAFD Tcpip [TCP/IP] = C:\windows\SYSTEM32\MSWSOCK.DLL MSAFD Tcpip [UDP/IP] = C:\windows\SYSTEM32\MSWSOCK.DLL MSAFD Tcpip [RAW/IP] = C:\windows\SYSTEM32\MSWSOCK.DLL RSVP UDP Service Provider = C:\windows\SYSTEM32\RSVPSP.DLL RSVP TCP Service Provider = C:\windows\SYSTEM32\RSVPSP.DLL MSAFD NetBIOS [\Device\NetBT_Tcpip_{77F05A38-FAE6-42AB-93CF-B25A96023110}] SEQPACKET 3 = C:\windows\SYSTEM32\MSWSOCK.DLL MSAFD NetBIOS [\Device\NetBT_Tcpip_{77F05A38-FAE6-42AB-93CF-B25A96023110}] DATAGRAM 3 = C:\windows\SYSTEM32\MSWSOCK.DLL MSAFD NetBIOS [\Device\NetBT_Tcpip_{3B638374-D4DF-4F0C-BC27-E1A1B62C8790}] SEQPACKET 0 = C:\windows\SYSTEM32\MSWSOCK.DLL MSAFD NetBIOS [\Device\NetBT_Tcpip_{3B638374-D4DF-4F0C-BC27-E1A1B62C8790}] DATAGRAM 0 = C:\windows\SYSTEM32\MSWSOCK.DLL MSAFD NetBIOS [\Device\NetBT_Tcpip_{8813B67C-6EDD-42B0-B560-45286D4B79FF}] SEQPACKET 1 = C:\windows\SYSTEM32\MSWSOCK.DLL MSAFD NetBIOS [\Device\NetBT_Tcpip_{8813B67C-6EDD-42B0-B560-45286D4B79FF}] DATAGRAM 1 = C:\windows\SYSTEM32\MSWSOCK.DLL MSAFD NetBIOS [\Device\NetBT_Tcpip_{12FA444C-42D3-4ED7-A260-FA4D3368C704}] SEQPACKET 2 = C:\windows\SYSTEM32\MSWSOCK.DLL MSAFD NetBIOS [\Device\NetBT_Tcpip_{12FA444C-42D3-4ED7-A260-FA4D3368C704}] DATAGRAM 2 = C:\windows\SYSTEM32\MSWSOCK.DLL MSAFD NetBIOS [\Device\NetBT_Tcpip_{B4425B74-7BE7-476E-85F8-5BBBDCA5097F}] SEQPACKET 4 = C:\windows\SYSTEM32\MSWSOCK.DLL MSAFD NetBIOS [\Device\NetBT_Tcpip_{B4425B74-7BE7-476E-85F8-5BBBDCA5097F}] DATAGRAM 4 = C:\windows\SYSTEM32\MSWSOCK.DLL MSAFD NetBIOS [\Device\NetBT_Tcpip_{FA03788C-9E99-4237-8042-04B131F08224}] SEQPACKET 5 = C:\windows\SYSTEM32\MSWSOCK.DLL MSAFD NetBIOS [\Device\NetBT_Tcpip_{FA03788C-9E99-4237-8042-04B131F08224}] DATAGRAM 5 = C:\windows\SYSTEM32\MSWSOCK.DLL 系统服务项 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services<blockquote>Alerter = C:\windows\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE ALG = C:\windows\SYSTEM32\ALG.EXE AppMgmt = C:\windows\SYSTEM32\SVCHOST.EXE -K NETSVCS AudioSrv = C:\windows\SYSTEM32\SVCHOST.EXE -K NETSVCS BITS = C:\windows\SYSTEM32\SVCHOST.EXE -K NETSVCS BlueSoleil Hid Service = C:\PROGRAM FILES\IVT CORPORATION\BLUESOLEIL\BTNTSERVICE.EXE Browser = C:\windows\SYSTEM32\SVCHOST.EXE -K NETSVCS CiSvc = C:\windows\SYSTEM32\CISVC.EXE ClipSrv = C:\windows\SYSTEM32\CLIPSRV.EXE COMSysApp = C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{02D4B3F1-FD88-11D1-960D-00805FC79235} CryptSvc = C:\windows\SYSTEM32\SVCHOST.EXE -K NETSVCS Dhcp = C:\windows\SYSTEM32\SVCHOST.EXE -K NETSVCS dmadmin = C:\windows\SYSTEM32\DMADMIN.EXE /COM dmserver = C:\windows\SYSTEM32\SVCHOST.EXE -K NETSVCS Dnscache = C:\windows\SYSTEM32\SVCHOST.EXE -K NETWORKSERVICE ERSvc = C:\windows\SYSTEM32\SVCHOST.EXE -K NETSVCS Eventlog = C:\windows\SYSTEM32\SERVICES.EXE EventSystem = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS FastUserSwitchingCompatibility = C:\windows\SYSTEM32\SVCHOST.EXE -K NETSVCS HidServ = C:\windows\SYSTEM32\SVCHOST.EXE -K NETSVCS IDriverT = C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\DRIVER\11\INTEL 32\IDRIVERT.EXE ImapiService = C:\WINDOWS\SYSTEM32\IMAPI.EXE lanmanserver = C:\windows\SYSTEM32\SVCHOST.EXE -K NETSVCS lanmanworkstation = C:\windows\SYSTEM32\SVCHOST.EXE -K NETSVCS LmHosts = C:\windows\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE Messenger =

cc300cc300 - 2006-8-25 22:51:00

C:\windows\SYSTEM32\SVCHOST.EXE -K NETSVCS mnmsrvc = C:\WINDOWS\SYSTEM32\MNMSRVC.EXE MSDTC = C:\WINDOWS\SYSTEM32\MSDTC.EXE MSIServer = C:\WINDOWS\SYSTEM32\MSIEXEC.EXE /V NetDDE = C:\windows\SYSTEM32\NETDDE.EXE NetDDEdsdm = C:\windows\SYSTEM32\NETDDE.EXE Netlogon = C:\windows\SYSTEM32\LSASS.EXE Netman = C:\windows\SYSTEM32\SVCHOST.EXE -K NETSVCS Nla = C:\windows\SYSTEM32\SVCHOST.EXE -K NETSVCS NtLmSsp = C:\windows\SYSTEM32\LSASS.EXE NtmsSvc = C:\windows\SYSTEM32\SVCHOST.EXE -K NETSVCS NVSvc = C:\windows\SYSTEM32\NVSVC32.EXE PlugPlay = C:\windows\SYSTEM32\SERVICES.EXE PolicyAgent = C:\windows\SYSTEM32\LSASS.EXE ProtectedStorage = C:\windows\SYSTEM32\LSASS.EXE RasAuto = C:\windows\SYSTEM32\SVCHOST.EXE -K NETSVCS RasMan = C:\windows\SYSTEM32\SVCHOST.EXE -K NETSVCS RDSessMgr = C:\WINDOWS\SYSTEM32\SESSMGR.EXE RemoteAccess = C:\windows\SYSTEM32\SVCHOST.EXE -K NETSVCS RemoteRegistry = C:\windows\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE RfwService = C:\PROGRAM FILES\RISING\RFW\RFWSRV.EXE RpcLocator = C:\windows\SYSTEM32\LOCATOR.EXE RpcSs = C:\windows\SYSTEM32\SVCHOST -K RPCSS RsCCenter = "E:\瑞星\RISING\RAV\CCENTER.EXE" RsRavMon = "E:\瑞星\RISING\RAV\RAVMOND.EXE" RSVP = C:\windows\SYSTEM32\RSVP.EXE SamSs = C:\windows\SYSTEM32\LSASS.EXE SCardDrv = C:\windows\SYSTEM32\SCARDSVR.EXE SCardSvr = C:\windows\SYSTEM32\SCARDSVR.EXE Schedule = C:\windows\SYSTEM32\SVCHOST.EXE -K NETSVCS seclogon = C:\windows\SYSTEM32\SVCHOST.EXE -K NETSVCS SENS = C:\windows\SYSTEM32\SVCHOST.EXE -K NETSVCS SharedAccess = C:\windows\SYSTEM32\SVCHOST.EXE -K NETSVCS ShellHWDetection = C:\windows\SYSTEM32\SVCHOST.EXE -K NETSVCS Spooler = C:\windows\SYSTEM32\SPOOLSV.EXE srservice = C:\windows\SYSTEM32\SVCHOST.EXE -K NETSVCS SSDPSRV = C:\windows\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE stisvc = C:\windows\SYSTEM32\SVCHOST.EXE -K IMGSVC SwPrv = C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{F3614788-2EEC-4412-A007-4CA637A44C7F} SysmonLog = C:\windows\SYSTEM32\SMLOGSVC.EXE TapiSrv = C:\windows\SYSTEM32\SVCHOST.EXE -K NETSVCS TermService = C:\windows\SYSTEM32\SVCHOST.EXE -K NETSVCS Themes = C:\windows\SYSTEM32\SVCHOST.EXE -K NETSVCS TlntSvr = C:\WINDOWS\SYSTEM32\TLNTSVR.EXE TrkWks = C:\windows\SYSTEM32\SVCHOST.EXE -K NETSVCS upnphost = C:\windows\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE UPS = C:\windows\SYSTEM32\UPS.EXE usprserv = C:\windows\SYSTEM32\SVCHOST.EXE -K NETSVCS VSS = C:\windows\SYSTEM32\VSSVC.EXE W32Time = C:\windows\SYSTEM32\SVCHOST.EXE -K NETSVCS WebClient = C:\windows\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE winmgmt = C:\windows\SYSTEM32\SVCHOST.EXE -K NETSVCS WmdmPmSp = C:\windows\SYSTEM32\SVCHOST.EXE -K NETSVCS Wmi = C:\windows\SYSTEM32\SVCHOST.EXE -K NETSVCS WmiApSrv = C:\WINDOWS\SYSTEM32\WBEM\WMIAPSRV.EXE wuauserv = C:\windows\SYSTEM32\SVCHOST.EXE -K NETSVCS WZCSVC = C:\windows\SYSTEM32\SVCHOST.EXE -K NETSVCS </blockquote> 文件驱动 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services<blockquote>MRxDAV = C:\windows\SYSTEM32\DRIVERS\MRXDAV.SYS MRxSmb = C:\windows\SYSTEM32\DRIVERS\MRXSMB.SYS NetBIOS = C:\windows\SYSTEM32\DRIVERS\NETBIOS.SYS Rdbss = C:\windows\SYSTEM32\DRIVERS\RDBSS.SYS sr = C:\windows\SYSTEM32\DRIVERS\SR.SYS Srv = C:\windows\SYSTEM32\DRIVERS\SRV.SYS </blockquote> 系统驱动项 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services<blockquote>aec = C:\windows\SYSTEM32\DRIVERS\AEC.SYS AFD = C:\windows\SYSTEM32\DRIVERS\AFD.SYS alcan5wn = C:\windows\SYSTEM32\DRIVERS\ALCAN5WN.SYS alcaudsl = C:\windows\SYSTEM32\DRIVERS\ALCAUDSL.SYS AsyncMac = C:\windows\SYSTEM32\DRIVERS\ASYNCMAC.SYS atapi = C:\windows\SYSTEM32

cc300cc300 - 2006-8-25 22:51:00

\DRIVERS\ATAPI.SYS Atmarpc = C:\windows\SYSTEM32\DRIVERS\ATMARPC.SYS audstub = C:\windows\SYSTEM32\DRIVERS\AUDSTUB.SYS BaseTDI = C:\windows\SYSTEM32\DRIVERS\BASETDI.SYS BlueletAudio = C:\windows\SYSTEM32\DRIVERS\BLUELETAUDIO.SYS BT = C:\windows\SYSTEM32\DRIVERS\BTNETDRV.SYS Btcsrusb = C:\windows\SYSTEM32\DRIVERS\BTCUSB.SYS BTHidEnum = C:\windows\SYSTEM32\DRIVERS\VBTENUM.SYS BTHidMgr = C:\windows\SYSTEM32\DRIVERS\BTHIDMGR.SYS BTNetFilter = C:\WINDOWS\SYSTEM32\DRIVERS\BTNETFILTER.SYS CCDECODE = C:\windows\SYSTEM32\DRIVERS\CCDECODE.SYS Cdrom = C:\windows\SYSTEM32\DRIVERS\CDROM.SYS Cdsys = C:\WINDOWS\SYSTEM32\CDCD.SYS Disk = C:\windows\SYSTEM32\DRIVERS\DISK.SYS dmboot = C:\windows\SYSTEM32\DRIVERS\DMBOOT.SYS dmio = C:\windows\SYSTEM32\DRIVERS\DMIO.SYS dmload = C:\windows\SYSTEM32\DRIVERS\DMLOAD.SYS DMusic = C:\windows\SYSTEM32\DRIVERS\DMUSIC.SYS drmkaud = C:\windows\SYSTEM32\DRIVERS\DRMKAUD.SYS ExpScaner = E:\瑞星\RISING\RAV\EXPSCAN.SYS Fdc = C:\windows\SYSTEM32\DRIVERS\FDC.SYS Flpydisk = C:\windows\SYSTEM32\DRIVERS\FLPYDISK.SYS FsVga = C:\windows\SYSTEM32\DRIVERS\FSVGA.SYS Ftdisk = C:\windows\SYSTEM32\DRIVERS\FTDISK.SYS gameenum = C:\windows\SYSTEM32\DRIVERS\GAMEENUM.SYS Gpc = C:\windows\SYSTEM32\DRIVERS\MSGPC.SYS HidUsb = C:\windows\SYSTEM32\DRIVERS\HIDUSB.SYS HookCont = E:\瑞星\RISING\RAV\HOOKCONT.SYS HookReg = E:\瑞星\RISING\RAV\HOOKREG.SYS HookSys = E:\瑞星\RISING\RAV\HOOKSYS.SYS HookUrl = C:\PROGRAM FILES\RISING\RFW\HOOKURL.SYS i8042prt = C:\windows\SYSTEM32\DRIVERS\I8042PRT.SYS Imapi = C:\windows\SYSTEM32\DRIVERS\IMAPI.SYS IpFilterDriver = C:\WINDOWS\SYSTEM32\DRIVERS\IPFLTDRV.SYS IpInIp = C:\windows\SYSTEM32\DRIVERS\IPINIP.SYS IpNat = C:\windows\SYSTEM32\DRIVERS\IPNAT.SYS IPSec = C:\windows\SYSTEM32\DRIVERS\IPSEC.SYS IRENUM = C:\windows\SYSTEM32\DRIVERS\IRENUM.SYS isapnp = C:\windows\SYSTEM32\DRIVERS\ISAPNP.SYS Kbdclass = C:\windows\SYSTEM32\DRIVERS\KBDCLASS.SYS kmixer = C:\windows\SYSTEM32\DRIVERS\KMIXER.SYS kmsinput = C:\WINDOWS\SYSTEM32\DRIVERS\KMSINPUT.SYS KRegEx = C:\KV2006\KREGEX.SYS KvMemon = C:\KV2006\KVMEMON.SYS MEMSCAN = E:\瑞星\RISING\RAV\MEMSCAN.SYS Mouclass = C:\windows\SYSTEM32\DRIVERS\MOUCLASS.SYS mouhid = C:\windows\SYSTEM32\DRIVERS\MOUHID.SYS mProcRs = C:\PROGRAM FILES\RISING\RFW\MPROCRS.SYS MSKSSRV = C:\windows\SYSTEM32\DRIVERS\MSKSSRV.SYS MSPCLOCK = C:\windows\SYSTEM32\DRIVERS\MSPCLOCK.SYS MSPQM = C:\windows\SYSTEM32\DRIVERS\MSPQM.SYS MSTEE = C:\windows\SYSTEM32\DRIVERS\MSTEE.SYS NABTSFEC = C:\windows\SYSTEM32\DRIVERS\NABTSFEC.SYS NdisIP = C:\windows\SYSTEM32\DRIVERS\NDISIP.SYS NdisTapi = C:\windows\SYSTEM32\DRIVERS\NDISTAPI.SYS Ndisuio = C:\windows\SYSTEM32\DRIVERS\NDISUIO.SYS NdisWan = C:\windows\SYSTEM32\DRIVERS\NDISWAN.SYS NetBT = C:\windows\SYSTEM32\DRIVERS\NETBT.SYS npkcrypt = D:\QQ2006\NPKCRYPT.SYS NtApm = C:\windows\SYSTEM32\DRIVERS\NTAPM.SYS nv = C:\windows\SYSTEM32\DRIVERS\NV4_MINI.SYS NwlnkFlt = C:\windows\SYSTEM32\DRIVERS\NWLNKFLT.SYS NwlnkFwd = C:\windows\SYSTEM32\DRIVERS\NWLNKFWD.SYS oreans32 = C:\WINDOWS\SYSTEM32\DRIVERS\OREANS32.SYS Parport = C:\windows\SYSTEM32\DRIVERS\PARPORT.SYS PCI = C:\windows\SYSTEM32\DRIVERS\PCI.SYS PProtect = C:\KV2006\PPROTECT.SYS PptpMiniport = C:\windows\SYSTEM32\DRIVERS\RASPPTP.SYS prodrv06 = C:\windows\SYSTEM32\DRIVERS\PRODRV06.SYS prohlp02 = C:\windows\SYSTEM32\DRIVERS\PROHLP02.SYS prosync1 = C:\windows\SYSTEM32\DRIVERS\PROSYNC1.SYS PSched = C:\windows\SYSTEM32\DRIVERS\PSCHED.SYS Ptilink = C:\windows\SYSTEM32\DRIVERS\PTILINK.SYS RasAcd = C:\windows\SYSTEM32\DRIVERS\RASACD.SYS Rasl2tp = C:\windows\SYSTEM32\DRIVERS\RASL2TP.SYS RasPppoe = C:\windows\SYSTEM32\DRIVERS\RASPPPOE.SYS Raspti = C:\windows\SYSTEM32\DRIVERS\RASPTI.SYS RDPCDD = C:\windows\SYSTEM32\DRIVERS\RDPCDD.SYS rdpdr = C:\windows\SYSTEM32\DRIVERS\RDPDR.SYS redbook = C:\windows\SYSTEM32\DRIVERS\REDBOOK.SYS ROOTMODEM = C:\windows\SYSTEM32\DRIVERS\ROOTMDM.SYS RsFwDrv = C:\PROGRAM FILES\RISING\RFW\RSFWDRV.SYS Secdrv = C:\windows\SYSTEM32\DRIVERS\SECDRV.SYS serenum = C:\windows\SYSTEM32\DRIVERS\SERENUM.SYS Serial =

cc300cc300 - 2006-8-25 22:52:00

C:\windows\SYSTEM32\DRIVERS\SERIAL.SYS sfhlp01 = C:\windows\SYSTEM32\DRIVERS\SFHLP01.SYS SLIP = C:\windows\SYSTEM32\DRIVERS\SLIP.SYS splitter = C:\windows\SYSTEM32\DRIVERS\SPLITTER.SYS squell = C:\WINDOWS\SYSTEM32\VOOK.SYS streamip = C:\windows\SYSTEM32\DRIVERS\STREAMIP.SYS SVKP = C:\WINDOWS\SYSTEM32\SVKP.SYS swenum = C:\windows\SYSTEM32\DRIVERS\SWENUM.SYS swmidi = C:\windows\SYSTEM32\DRIVERS\SWMIDI.SYS sysaudio = C:\windows\SYSTEM32\DRIVERS\SYSAUDIO.SYS Tcpip = C:\windows\SYSTEM32\DRIVERS\TCPIP.SYS TermDD = C:\windows\SYSTEM32\DRIVERS\TERMDD.SYS Update = C:\windows\SYSTEM32\DRIVERS\UPDATE.SYS usbhub = C:\windows\SYSTEM32\DRIVERS\USBHUB.SYS USBSTOR = C:\windows\SYSTEM32\DRIVERS\USBSTOR.SYS usbuhci = C:\windows\SYSTEM32\DRIVERS\USBUHCI.SYS VComm = C:\windows\SYSTEM32\DRIVERS\VCOMM.SYS VcommMgr = C:\windows\SYSTEM32\DRIVERS\VCOMMMGR.SYS VgaSave = C:\windows\SYSTEM32\DRIVERS\VGA.SYS viaagp = C:\windows\SYSTEM32\DRIVERS\VIAAGP.SYS ViaIde = C:\windows\SYSTEM32\DRIVERS\VIAIDE.SYS VIAudio = C:\windows\SYSTEM32\DRIVERS\AC97VIA.SYS Wanarp = C:\windows\SYSTEM32\DRIVERS\WANARP.SYS wdmaud = C:\windows\SYSTEM32\DRIVERS\WDMAUD.SYS WSTCODEC = C:\windows\SYSTEM32\DRIVERS\WSTCODEC.SYS zlportio = E:\RICHMAN7\STAR\ZLPORTIO.SYS </blockquote></body>
</html>

cc300cc300 - 2006-8-25 22:52:00

斑竹你可承诺要帮我看啊

cc300cc300 - 2006-8-25 22:55:00

.......怎么论坛是这种态度？

cc300cc300 - 2006-8-25 22:56:00

不考虑求助人的辛苦？还有我提议论坛发贴字数太少了

cc300cc300 - 2006-8-25 22:57:00

我的电脑昨天8-24中了橙色八月Ⅱ病毒（防火墙提示）更新瑞星到最新版本，下载橙色八月专杀工具在安全模式下杀了两便本以为能杀干净，可是重起进Xp系统后再杀毒（只针对内存，引导区，邮箱）又发现了个叫Trojan.PSW.QQGame.v的病毒，删除后重起（一直没上网）再杀，终于没有了。但过一段时间有程序自动连接网络（防火墙提示）我点了拒绝，过了一会又有一个好象是后缀名是记事本的乱码程序要修改注册表，还重复了两便，我又点拒绝了，之后电脑恢复了正常，但我总感觉任务管理器中象多了几个不认得的进程，反正也不懂。还有我防火墙启动项里有个红色名为C:\WINDOWS\System32\datetime1.exe的程序删掉又回来，我怀疑是病毒。我现在不敢上QQ害怕密码被偷，我杀毒软件都是正版的，此外我在卡卡论坛下载了个叫System repair engineer2.0.505(2.0 RC 2)的软件，里面系统修复一项提示注册表被病毒改了有2个是红色的： Userinit AppInit_DLLs 此外还有3个蓝的，我按提示编辑注册表把AppInit_DLLs改回来了，但Userinit改不回来-就是前面防火墙启动项那个datetime1.exe的程序。
这之后我通过瑞星专家咨询把以上情况向工程师反映，csc036瑞星工程师跟我发了邮件还给了信息诊断工具(之前我已用专杀工具和18.41.32版本在安全模式下彻底杀毒）我按照提示导出了瑞星杀毒日志和防火墙日志另外运行了那两个诊断工具并生成日志记录（在运行诊断工具期间瑞星监控中心又提示查出病毒！此外总能用防火墙扫描到木马）安全模式下我已经杀了很多次了但病毒总是死灰复燃，我购买使用正版瑞星就是出于对它的信赖，希望瑞星公司能给我这个电脑初学者一个比较满意的答复。谢谢！我的邮箱：cc300cc300@sina.com

cc300cc300 - 2006-8-25 23:03:00

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

+ C:\WINDOWS\System32\datetime1.exec:\windows\system32\datetime1.exe

+ C:\WINDOWS\System32\userinit.exeUserinit Logon ApplicationMicrosoft Corporationc:\windows\system32\userinit.exe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell

+ EXPLORER.EXEWindows ExplorerMicrosoft Corporationc:\windows\explorer.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ KernelFaultCheckWindows Error Reporting Dump Reporting ToolMicrosoft Corporationc:\windows\system32\dumprep.exe

+ keyboardFile not found: ;

+ mousepadFile not found: ;

+ NvCplDaemonNVIDIA Display Properties ExtensionNVIDIA Corporationc:\windows\system32\nvcpl.dll

+ nwizNVIDIA nView Wizard, Version 56.72 NVIDIA Corporationc:\windows\system32\nwiz.exe

+ PHIME2002A微軟新注音輸入法 2002aMicrosoft Corporationc:\windows\system32\ime\tintlgnt\tintsetp.exe

+ PHIME2002ASync微軟新注音輸入法 2002aMicrosoft Corporationc:\windows\system32\ime\tintlgnt\tintsetp.exe

+ RavTaskRavTimerBeijing Rising Technology Co., Ltd.e:\瑞星\rising\rav\ravtask.exe

+ RfwMainRising Personal FireWall Main ProgramBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\rfwmain.exe

+ SpeedTouch USB DiagnosticsSpeedTouch StatisticsTHOMSON multimediac:\program files\alcatel\speedtouch usb\dragdiag.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

+ ctfmon.exeCTF LoaderMicrosoft Corporationc:\windows\system32\ctfmon.exe

+ msnntMicrosoft 基础类应用程序c:\windows\winampa.exe

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components

+ Internet ExplorerWindows NT User Data Migration ToolMicrosoft Corporationc:\windows\system32\shmgrate.exe

+ Internet Explorer 6IE 5.0 Per-User Install UtilityMicrosoft Corporationc:\windows\system32\ie4uinit.exe

+ Microsoft Outlook Express 6Outlook Express Setup LibraryMicrosoft Corporationc:\program files\outlook express\setup50.exe

+ Microsoft Windows Media PlayerMicrosoft Windows Media Player 安装实用程序Microsoft Corporationc:\windows\inf\unregmp2.exe

+ Microsoft Windows Media Player 6.4ADVPACKMicrosoft Corporationc:\windows\system32\advpack.dll

+ Microsoft Windows Media Player 8ADVPACKMicrosoft Corporationc:\windows\system32\advpack.dll

+ NetMeeting 3.01ADVPACKMicrosoft Corporationc:\windows\system32\advpack.dll

+ Outlook ExpressWindows NT User Data Migration ToolMicrosoft Corporationc:\windows\system32\shmgrate.exe

+ Themes SetupMicrosoft(C) Register ServerMicrosoft Corporationc:\windows\system32\regsvr32.exe

+ Windows MessengerADVPACKMicrosoft Corporationc:\windows\system32\advpack.dll

+ Windows 桌面更新Microsoft(C) Register ServerMicrosoft Corporationc:\windows\system32\regsvr32.exe

+ 通讯簿 6Outlook Express Setup LibraryMicrosoft Corporationc:\program files\outlook express\setup50.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler

+ Browseui 预加载程序Shell Browser UI LibraryMicrosoft Corporationc:\windows\system32\browseui.dll

+ 组件类别缓存程序Shell Browser UI LibraryMicrosoft Corporationc:\windows\system32\browseui.dll

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

+ CDBurnWindows Shell Common DllMicrosoft Corporationc:\windows\system32\shell32.dll

+ PostBootReminderWindows Shell Common DllMicrosoft Corporationc:\windows\system32\shell32.dll

+ SysTraySystray shell service objectMicrosoft Corporationc:\windows\system32\stobject.dll

+ WebCheckWeb Site MonitorMicrosoft Corporationc:\windows\system32\webcheck.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

+ Rising Execute File Exts hookRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\windows\system32\ravext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ RISINGRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\windows\system32\ravext.dll

HKLM\Software\Classes\Folder\Shellex\ColumnHandlers

+ mp3infpmp3infp DLLwin32lab.comc:\windows\system32\mp3infp.dll

+ {0D2E74C4-3C34-11d2-A27E-00C04FC30871}Windows Shell Common DllMicrosoft Corporationc:\windows\system32\shell32.dll

+ {24F14F01-7B1C-11d1-838f-0000F80461CF}Windows Shell Common DllMicrosoft Corporationc:\windows\system32\shell32.dll

+ {24F14F02-7B1C-11d1-838f-0000F80461CF}Windows Shell Common DllMicrosoft Corporationc:\windows\system32\shell32.dll

+ {66742402-F9B9-11D1-A202-0000F81FEDEE}Windows Shell Common DllMicrosoft Corporationc:\windows\system32\shell32.dll

HKLM\System\CurrentControlSet\Services

cc300cc300 - 2006-8-25 23:03:00

+ AudioSrv管理基于 Windows 的程序的音频设备。如果此服务被终止，音频设备及其音效将不能正常工作。如果此服务被禁用，任何依赖它的服务将无法启动。Microsoft Corporationc:\windows\system32\svchost.exe

+ Browser维护网络上计算机的更新列表，并将列表提供给计算机指定浏览。如果服务停止，列表不会被更新或维护。如果服务被禁用，任何直接依赖于此服务的服务将无法启动。Microsoft Corporationc:\windows\system32\svchost.exe

+ CryptSvc提供三种管理服务: 编录数据库服务，它确定 Windows 文件的签字; 受保护的根服务，它从此计算机添加和删除受信根证书机构的证书;和密钥(Key)服务，它帮助注册此计算机获取证书。如果此服务被终止，这些管理服务将无法正常运行。如果此服务被禁用，任何依赖它的服务将无法启动。Microsoft Corporationc:\windows\system32\svchost.exe

+ Dhcp通过注册和更改 IP 地址以及 DNS 名称来管理网络配置。Microsoft Corporationc:\windows\system32\svchost.exe

+ dmserver监测和监视新硬盘驱动器并向逻辑磁盘管理器管理服务发送卷的信息以便配置。如果此服务被终止，动态磁盘状态和配置信息会过时。如果此服务被禁用，任何依赖它的服务将无法启动。Microsoft Corporationc:\windows\system32\svchost.exe

+ Dnscache为此计算机解析和缓冲域名系统 (DNS) 名称。如果此服务被停止，计算机将不能解析 DNS 名称并定位 Active Directory 域控制器。如果此服务被禁用，任何明确依赖它的服务将不能启动。Microsoft Corporationc:\windows\system32\svchost.exe

+ ERSvc服务和应用程序在非标准环境下运行时允许错误报告。Microsoft Corporationc:\windows\system32\svchost.exe

+ Eventlog启用在事件查看器查看基于 Windows 的程序和组件颁发的事件日志消息。无法终止此服务。Microsoft Corporationc:\windows\system32\services.exe

+ lanmanserver支持此计算机通过网络的文件、打印、和命名管道共享。如果服务停止，这些功能不可用。如果服务被禁用，任何直接依赖于此服务的服务将无法启动。Microsoft Corporationc:\windows\system32\svchost.exe

+ lanmanworkstation创建和维护到远程服务的客户端网络连接。如果服务停止，这些连接将不可用。如果服务被禁用，任何直接依赖于此服务的服务将无法启动。Microsoft Corporationc:\windows\system32\svchost.exe

+ LmHosts允许对“TCP/IP 上 NetBIOS (NetBT)”服务以及 NetBIOS 名称解析的支持。Microsoft Corporationc:\windows\system32\svchost.exe

+ NVSvcProvides system and desktop level support to the NVIDIA display driverNVIDIA Corporationc:\windows\system32\nvsvc32.exe

+ PlugPlay使计算机在极少或没有用户输入的情况下能识别并适应硬件的更改。终止或禁用此服务会造成系统不稳定。Microsoft Corporationc:\windows\system32\services.exe

+ PolicyAgent管理 IP 安全策略以及启动 ISAKMP/Oakley (IKE) 和 IP 安全驱动程序。Microsoft Corporationc:\windows\system32\lsass.exe

+ ProtectedStorage提供对敏感数据(如私钥)的保护性存储，以便防止未授权的服务，过程或用户对其的非法访问。Microsoft Corporationc:\windows\system32\lsass.exe

+ RfwServiceRising Personal Firewall ServiceBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\rfwsrv.exe

+ RpcSs提供终结点映射程序 (endpoint mapper) 以及其它 RPC 服务。Microsoft Corporationc:\windows\system32\svchost.exe

+ SamSs存储本地用户帐户的安全信息。Microsoft Corporationc:\windows\system32\lsass.exe

+ Schedule使用户能在此计算机上配置和制定自动任务的日程。如果此服务被终止，这些任务将无法在日程时间里运行。如果此服务被禁用，任何依赖它的服务将无法启动。Microsoft Corporationc:\windows\system32\svchost.exe

cc300cc300 - 2006-8-25 23:04:00

+ seclogon启用替换凭据下的启用进程。如果此服务被终止，此类型登录访问将不可用。如果此服务被禁用，任何依赖它的服务将无法启动。Microsoft Corporationc:\windows\system32\svchost.exe

+ SENS跟踪系统事件，如登录 Windows，网络以及电源事件等。将这些事件通知给 COM+ 事件系统 “订阅者(subscriber)”。Microsoft Corporationc:\windows\system32\svchost.exe

+ ShellHWDetectionGeneric Host Process for Win32 ServicesMicrosoft Corporationc:\windows\system32\svchost.exe

+ Spooler将文件加载到内存中以便迟后打印。Microsoft Corporationc:\windows\system32\spoolsv.exe

+ srservice执行系统还原功能。要停止服务，请从“我的电脑”的属性中的系统还原选项卡关闭系统还原Microsoft Corporationc:\windows\system32\svchost.exe

+ systemsystemc:\windows\hacker.com.cn.exe

+ Themes为用户提供使用主题管理的经验。Microsoft Corporationc:\windows\system32\svchost.exe

+ TrkWks在计算机内 NTFS 文件之间保持链接或在网络域中的计算机之间保持链接。Microsoft Corporationc:\windows\system32\svchost.exe

+ W32Time维护在网络上的所有客户端和服务器的时间和日期同步。如果此服务被停止，时间和日期的同步将不可用。如果此服务被禁用，任何明确依赖它的服务都将不能启动。

Microsoft Corporationc:\windows\system32\svchost.exe

+ WebClient使基于 Windows 的程序能创建、访问和修改基于 Internet 的文件。如果此服务被终止，将会失去这些功能。如果此服务被禁用，任何依赖它的服务将无法启动。Microsoft Corporationc:\windows\system32\svchost.exe

+ WmdmPmSpRetrieves the serial number of any portable music player connected to your computerMicrosoft Corporationc:\windows\system32\svchost.exe

+ wuauserv从 Windows Update 启用重要的 Windows 更新的下载和安装。如果禁用该服务，操作系统可以在 Windows Update 网站手动更新。Microsoft Corporationc:\windows\system32\svchost.exe

+ WZCSVC为您的 802.11 适配器提供自动配置Microsoft Corporationc:\windows\system32\svchost.exe

HKLM\System\CurrentControlSet\Services

+ aecMicrosoft Acoustic Echo CancellerMicrosoft Corporationc:\windows\system32\drivers\aec.sys

+ AFDAncillary Function Driver for WinSockMicrosoft Corporationc:\windows\system32\drivers\afd.sys

+ alcan5wnWAN DriverTHOMSON multimediac:\windows\system32\drivers\alcan5wn.sys

+ alcaudslWDM DriverTHOMSON multimediac:\windows\system32\drivers\alcaudsl.sys

+ AsyncMacRAS Asynchronous Media DriverMicrosoft Corporationc:\windows\system32\drivers\asyncmac.sys

+ atapiIDE/ATAPI Port DriverMicrosoft Corporationc:\windows\system32\drivers\atapi.sys

+ AtmarpcATM ARP Client ProtocolMicrosoft Corporationc:\windows\system32\drivers\atmarpc.sys

+ audstubAudStub DriverMicrosoft Corporationc:\windows\system32\drivers\audstub.sys

+ BaseTDIbasetdiBeijing Rising Technology Co., Ltd.c:\windows\system32\drivers\basetdi.sys

+ BlueletAudioBluelet Audio DriverIVT Corporationc:\windows\system32\drivers\blueletaudio.sys

+ BTBluetooth PAN Network Adapter DriverIVT Corporationc:\windows\system32\drivers\btnetdrv.sys

+ BtcsrusbBluetooth USB Device DriverIVT Corporationc:\windows\system32\drivers\btcusb.sys

cc300cc300 - 2006-8-25 23:04:00

+ BTHidEnumc:\windows\system32\drivers\vbtenum.sys

+ BTHidMgrBluetooth HID Manager driverIVT Corporationc:\windows\system32\drivers\bthidmgr.sys

+ BTNetFilterc:\windows\system32\drivers\btnetfilter.sys

+ CCDECODEWDM Closed Caption VBI CodecMicrosoft Corporationc:\windows\system32\drivers\ccdecode.sys

+ CdromSCSI CD-ROM DriverMicrosoft Corporationc:\windows\system32\drivers\cdrom.sys

+ CdsysFile not found: C:\WINDOWS\System32\cdcd.sys

+ DiskPnP Disk DriverMicrosoft Corporationc:\windows\system32\drivers\disk.sys

+ dmioNT Disk Manager I/O DriverMicrosoft Corp., Veritas Softwarec:\windows\system32\drivers\dmio.sys

+ dmloadNT Disk Manager Startup DriverMicrosoft Corp., Veritas Software.c:\windows\system32\drivers\dmload.sys

+ DMusicMicrosoft Kernel DLS SynthesizerMicrosoft Corporationc:\windows\system32\drivers\dmusic.sys

+ drmkaudMicrosoft Kernel DRM Audio Descrambler FilterMicrosoft Corporationc:\windows\system32\drivers\drmkaud.sys

+ FdcFloppy Disk Controller DriverMicrosoft Corporationc:\windows\system32\drivers\fdc.sys

+ FlpydiskFloppy DriverMicrosoft Corporationc:\windows\system32\drivers\flpydisk.sys

+ FsVgaFull Screen Video DriverMicrosoft Corporationc:\windows\system32\drivers\fsvga.sys

+ FtdiskFT Disk DriverMicrosoft Corporationc:\windows\system32\drivers\ftdisk.sys

+ gameenumGame Port EnumeratorMicrosoft Corporationc:\windows\system32\drivers\gameenum.sys

+ GpcGeneric Packet ClassifierMicrosoft Corporationc:\windows\system32\drivers\msgpc.sys

+ HidUsbUSB Miniport Driver for Input DevicesMicrosoft Corporationc:\windows\system32\drivers\hidusb.sys

+ HookUrlHookUrlBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\hookurl.sys

+ i8042prti8042 Port DriverMicrosoft Corporationc:\windows\system32\drivers\i8042prt.sys

+ ImapiIMAPI Kernel DriverMicrosoft Corporationc:\windows\system32\drivers\imapi.sys

+ IpFilterDriverIP Traffic Filter DriverMicrosoft Corporationc:\windows\system32\drivers\ipfltdrv.sys

+ IpInIpIP in IP Tunnel DriverMicrosoft Corporationc:\windows\system32\drivers\ipinip.sys

+ IpNatIP Network Address TranslatorMicrosoft Corporationc:\windows\system32\drivers\ipnat.sys

+ IPSecIPSEC driverMicrosoft Corporationc:\windows\system32\drivers\ipsec.sys

+ IRENUMInfra-Red Bus EnumeratorMicrosoft Corporationc:\windows\system32\drivers\irenum.sys

+ isapnpPNP ISA Bus DriverMicrosoft Corporationc:\windows\system32\drivers\isapnp.sys

+ KbdclassKeyboard Class DriverMicrosoft Corporationc:\windows\system32\drivers\kbdclass.sys

+ kmixerKernel Mode Audio MixerMicrosoft Corporationc:\windows\system32\drivers\kmixer.sys

+ kmsinputc:\windows\system32\drivers\kmsinput.sys

+ MouclassMouse Class DriverMicrosoft Corporationc:\windows\system32\drivers\mouclass.sys

+ mouhidHID Mouse Filter DriverMicrosoft Corporationc:\windows\system32\drivers\mouhid.sys

+ mProcRsRising Personal FireWall mprocrs.sysBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\mprocrs.sys

+ MSKSSRVMS KS ServerMicrosoft Corporationc:\windows\system32\drivers\mskssrv.sys

+ MSPCLOCKMS Proxy ClockMicrosoft Corporationc:\windows\system32\drivers\mspclock.sys

+ MSPQMMS Proxy Quality ManagerMicrosoft Corporationc:\windows\system32\drivers\mspqm.sys

+ MSTEEWDM Tee/Communication Transform Filter Microsoft Corporationc:\windows\system32\drivers\mstee.sys

+ NABTSFECWDM NABTS/FEC VBI CodecMicrosoft Corporationc:\windows\system32\drivers\nabtsfec.sys

+ NdisIPMicrosoft IP DriverMicrosoft Corporationc:\windows\system32\drivers\ndisip.sys

+ NdisTapiRemote Access NDIS TAPI DriverMicrosoft Corporationc:\windows\system32\drivers\ndistapi.sys

+ NdisuioNDIS 用户模式 I/O 协议Microsoft Corporationc:\windows\system32\drivers\ndisuio.sys

+ NdisWanRemote Access NDIS WAN DriverMicrosoft Corporationc:\windows\system32\drivers\ndiswan.sys

+ NetBTNetBios over TcpipMicrosoft Corporationc:\windows\system32\drivers\netbt.sys

+ npkcryptFile not found: D:\qq\npkcrypt.sys

+ NtApmNT Legacy APM Support DriverMicrosoft Corporationc:\windows\system32\drivers\ntapm.sys

+ nvNVIDIA Compatible Windows 2000 Miniport Driver, Version 56.72 NVIDIA Corporationc:\windows\system32\drivers\nv4_mini.sys

+ NwlnkFltIPX Traffic Filter DriverMicrosoft Corporationc:\windows\system32\drivers\nwlnkflt.sys

+ NwlnkFwdIPX Traffic Forwarder DriverMicrosoft Corporationc:\windows\system32\drivers\nwlnkfwd.sys

+ oreans32c:\windows\system32\drivers\oreans32.sys

+ ParportParallel Port DriverMicrosoft Corporationc:\windows\system32

cc300cc300 - 2006-8-25 23:05:00

drivers\parport.sys

+ PCINT Plug and Play PCI EnumeratorMicrosoft Corporationc:\windows\system32\drivers\pci.sys

+ PptpMiniportWAN Miniport (PPTP)Microsoft Corporationc:\windows\system32\drivers\raspptp.sys

+ prodrv06StarForce Protection Environment DriverProtection Technologyc:\windows\system32\drivers\prodrv06.sys

+ prohlp02StarForce Protection Helper DriverProtection Technologyc:\windows\system32\drivers\prohlp02.sys

+ prosync1StarForce Protection Synchronization DriverProtection Technologyc:\windows\system32\drivers\prosync1.sys

+ PSchedQoS Packet SchedulerMicrosoft Corporationc:\windows\system32\drivers\psched.sys

+ PtilinkDirect Parallel Link DriverParallel Technologies, Inc.c:\windows\system32\drivers\ptilink.sys

+ RasAcdRemote Access Auto Connection DriverMicrosoft Corporationc:\windows\system32\drivers\rasacd.sys

+ Rasl2tpWAN Miniport (L2TP)Microsoft Corporationc:\windows\system32\drivers\rasl2tp.sys

+ RasPppoe远程访问 PPPOE 驱动程序Microsoft Corporationc:\windows\system32\drivers\raspppoe.sys

+ RasptiDirect ParallelMicrosoft Corporationc:\windows\system32\drivers\raspti.sys

+ RDPCDDRDP MiniportMicrosoft Corporationc:\windows\system32\drivers\rdpcdd.sys

+ rdpdrMicrosoft RDP Device redirectorMicrosoft Corporationc:\windows\system32\drivers\rdpdr.sys

+ redbookRedbook Audio Filter DriverMicrosoft Corporationc:\windows\system32\drivers\redbook.sys

+ ROOTMODEMLegacy Non-Pnp Modem Device DriverMicrosoft Corporationc:\windows\system32\drivers\rootmdm.sys

+ RsFwDrvnt_fwdrvBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\rsfwdrv.sys

+ SecdrvSafeDisc driverc:\windows\system32\drivers\secdrv.sys

+ serenumSerial Port EnumeratorMicrosoft Corporationc:\windows\system32\drivers\serenum.sys

+ SerialSerial Device DriverMicrosoft Corporationc:\windows\system32\drivers\serial.sys

+ sfhlp01StarForce Protection Helper DriverProtection Technologyc:\windows\system32\drivers\sfhlp01.sys

+ SLIPMicrosoft Slip Deframing Filter MinidriverMicrosoft Corporationc:\windows\system32\drivers\slip.sys

+ splitterMicrosoft Kernel Audio SplitterMicrosoft Corporationc:\windows\system32\drivers\splitter.sys

+ squellFile not found: C:\WINDOWS\System32\vook.sys

+ streamipMicrosoft IP DriverMicrosoft Corporationc:\windows\system32\drivers\streamip.sys

+ SVKPSVKP driver for NTAntiCrackingc:\windows\system32\svkp.sys

+ swenumPlug and Play Software Device EnumeratorMicrosoft Corporationc:\windows\system32\drivers\swenum.sys

+ swmidiMicrosoft GS Wavetable SynthesizerMicrosoft Corporationc:\windows\system32\drivers\swmidi.sys

+ sysaudioSystem Audio WDM FilterMicrosoft Corporationc:\windows\system32\drivers\sysaudio.sys

+ TcpipTCP/IP Protocol DriverMicrosoft Corporationc:\windows\system32\drivers\tcpip.sys

+ TermDDTerminal Server DriverMicrosoft Corporationc:\windows\system32\drivers\termdd.sys

+ UpdateUpdate DriverMicrosoft Corporationc:\windows\system32\drivers\update.sys

+ usbhubDefault Hub Driver for USBMicrosoft Corporationc:\windows\system32\drivers\usbhub.sys

+ USBSTORUSB Mass Storage Class DriverMicrosoft Corporationc:\windows\system32\drivers\usbstor.sys

+ usbuhciUHCI USB Miniport DriverMicrosoft Corporationc:\windows\system32\drivers\usbuhci.sys

cc300cc300 - 2006-8-25 23:05:00

+ VANTIc:\windows\system32\god.sys

+ VCommBluetooth Serial Port DriverIVT Corporationc:\windows\system32\drivers\vcomm.sys

+ VcommMgrBluetooth VcommMgr driverIVT Corporationc:\windows\system32\drivers\vcommmgr.sys

+ VgaSaveVGA/Super VGA Video DriverMicrosoft Corporationc:\windows\system32\drivers\vga.sys

+ viaagpVIA NT AGP FilterMicrosoft Corporationc:\windows\system32\drivers\viaagp.sys

+ ViaIdeGeneric PCI IDE Bus DriverMicrosoft Corporationc:\windows\system32\drivers\viaide.sys

+ VIAudioVIA Audio WDM Driver VIA Technologies, Inc.c:\windows\system32\drivers\ac97via.sys

+ WanarpRemote Access IP ARP DriverMicrosoft Corporationc:\windows\system32\drivers\wanarp.sys

+ wdmaudMMSYSTEM Wave/Midi API mapperMicrosoft Corporationc:\windows\system32\drivers\wdmaud.sys

+ WSTCODECWDM WST Codec DriverMicrosoft Corporationc:\windows\system32\drivers\wstcodec.sys

+ zlportioFile not found: E:\richman7\star\zlportio.sys

HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute

+ autocheck autochk *Auto Check UtilityMicrosoft Corporationc:\windows\system32\autochk.exe

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

+ Your Image File Name Here without a pathSymbolic Debugger for Windows 2000Microsoft Corporationc:\windows\system32\ntsd.exe

HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls

+ advapi32Advanced Windows 32 Base APIMicrosoft Corporationc:\windows\system32\advapi32.dll

+ comdlg32Common Dialogs DLLMicrosoft Corporationc:\windows\system32\comdlg32.dll

+ gdi32GDI Client DLLMicrosoft Corporationc:\windows\system32\gdi32.dll

+ imagehlpWindows NT Image HelperMicrosoft Corporationc:\windows\system32\imagehlp.dll

+ kernel32Windows NT BASE API Client DLLMicrosoft Corporationc:\windows\system32\kernel32.dll

+ lz32LZ Expand/Compress API DLLMicrosoft Corporationc:\windows\system32\lz32.dll

+ ole32Microsoft OLE for WindowsMicrosoft Corporationc:\windows\system32\ole32.dll

+ oleaut32Microsoft OLE 3.50 for Windows NT(TM) and Windows 95(TM) Operating SystemsMicrosoft Corporationc:\windows\system32\oleaut32.dll

+ olecli32Object Linking and Embedding Client LibraryMicrosoft Corporationc:\windows\system32\olecli32.dll

+ olecnv32Microsoft OLE for WindowsMicrosoft Corporationc:\windows\system32\olecnv32.dll

+ olesvr32Object Linking and Embedding Server LibraryMicrosoft Corporationc:\windows\system32\olesvr32.dll

+ olethk32Microsoft OLE for WindowsMicrosoft Corporationc:\windows\system32\olethk32.dll

+ rpcrt4Remote Procedure Call RuntimeMicrosoft Corporationc:\windows\system32\rpcrt4.dll

+ shell32Windows Shell Common DllMicrosoft Corporationc:\windows\system32\shell32.dll

+ urlInternet Shortcut Shell Extension DLLMicrosoft Corporationc:\windows\system32\url.dll

+ urlmonOLE32 Extensions for Win32Microsoft Corporationc:\windows\system32\urlmon.dll

+ user32Windows XP USER API Client DLLMicrosoft Corporationc:\windows\system32\user32.dll

+ versionVersion Checking and File Installation LibrariesMicrosoft Corporationc:\windows\system32\version.dll

+ wininetInternet Extensions for Win32Microsoft Corporationc:\windows\system32\wininet.dll

+ wldap32Win32 LDAP API DLLMicrosoft Corporationc:\windows\system32\wldap32.dll

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

+ crypt32chainCrypto API32Microsoft Corporationc:\windows\system32\crypt32.dll

+ cryptnetCrypto Network Related APIMicrosoft Corporationc:\windows\system32\cryptnet.dll

+ cscdllOffline Network AgentMicrosoft Corporationc:\windows\system32\cscdll.dll

+ ScCertPropCommon DLL to receive Winlogon notificationsMicrosoft Corporationc:\windows\system32\wlnotify.dll

+ ScheduleCommon DLL to receive Winlogon notificationsMicrosoft Corporation

cc300cc300 - 2006-8-25 23:05:00

c:\windows\system32\wlnotify.dll

+ sclgntfySecondary Logon Service Notification DLLMicrosoft Corporationc:\windows\system32\sclgntfy.dll

+ SensLognCommon DLL to receive Winlogon notificationsMicrosoft Corporationc:\windows\system32\wlnotify.dll

+ termsrvCommon DLL to receive Winlogon notificationsMicrosoft Corporationc:\windows\system32\wlnotify.dll

+ wlballoonCommon DLL to receive Winlogon notificationsMicrosoft Corporationc:\windows\system32\wlnotify.dll

HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{12FA444C-42D3-4ED7-A260-FA4D3368C704}] DATAGRAM 2Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{12FA444C-42D3-4ED7-A260-FA4D3368C704}] SEQPACKET 2Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{3B638374-D4DF-4F0C-BC27-E1A1B62C8790}] DATAGRAM 0Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{3B638374-D4DF-4F0C-BC27-E1A1B62C8790}] SEQPACKET 0Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{77F05A38-FAE6-42AB-93CF-B25A96023110}] DATAGRAM 3Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{77F05A38-FAE6-42AB-93CF-B25A96023110}] SEQPACKET 3Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{8813B67C-6EDD-42B0-B560-45286D4B79FF}] DATAGRAM 1Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{8813B67C-6EDD-42B0-B560-45286D4B79FF}] SEQPACKET 1Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{B4425B74-7BE7-476E-85F8-5BBBDCA5097F}] DATAGRAM 4Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{B4425B74-7BE7-476E-85F8-5BBBDCA5097F}] SEQPACKET 4Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{FA03788C-9E99-4237-8042-04B131F08224}] DATAGRAM 5Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll

+ MSAFD NetBIOS [\Device\NetBT_Tcpip_{FA03788C-9E99-4237-8042-04B131F08224}] SEQPACKET 5Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll

+ MSAFD Tcpip [RAW/IP]Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll

+ MSAFD Tcpip [TCP/IP]Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll

+ MSAFD Tcpip [UDP/IP]Microsoft Windows Sockets 2.0 Service ProviderMicrosoft Corporationc:\windows\system32\mswsock.dll

+ RSVP TCP Service ProviderMicrosoft Windows Rsvp 1.0 Service ProviderMicrosoft Corporationc:\windows\system32\rsvpsp.dll

+ RSVP UDP Service ProviderMicrosoft Windows Rsvp 1.0 Service ProviderMicrosoft Corporationc:\windows\system32\rsvpsp.dll

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors

+ BJ Language MonitorLangage Monitor for Canon Bubble-Jet PrinterMicrosoft Corporationc:\windows\system32\cnbjmon.dll

+ Local PortLocal Spooler DLLMicrosoft Corporationc:\windows\system32\localspl.dll

+ PJL Language MonitorPJL Language monitorMicrosoft Corporationc:\windows\system32\pjlmon.dll

+ Standard TCP/IP PortStandard TCP/IP Port Monitor DLLMicrosoft Corporationc:\windows\system32\tcpmon.dll

+ USB MonitorStandard Dynamic Printing Port Monitor DLLMicrosoft Corporationc:\windows\system32\usbmon.dll

cc300cc300 - 2006-8-25 23:07:00

尊敬的客户，您好！
感谢您对瑞星的支持。希望下面提供的信息或方案能带给你帮助：

请您使用两个工具按下列步骤操作：

·RsDetect.exe使用方法
瑞星听诊器（RsDetect.exe）用于检测计算机中是否存在可疑文件，提取出可疑文件并生成扫描日志。请您点击程序主界面“开始扫描”按钮进行扫描（扫描之前确认勾选了“生成日志”），扫描结束后工具所在目录下会自动生成日志文件“瑞星听诊信息.htm”，检测出的可疑文件将保存在VirusUp目录中。瑞星听诊器下载地址http://it.rising.com.cn/service/technology/RS_RavDetect.htm

·AutoRuns.exe使用方法
1、请您下载邮件中的附件（Autoruns.exe）到本地，然后双击运行；
2、选择程序主界面菜单'File'-> 'Save'，保存后的文件为AutoRuns.txt。

请您把用以上工具提取到的文件（即AutoRuns.txt、VirusUp目录、“瑞星听诊信息.htm”）打包压缩之后，通过『邮件服务中心』(http://up.rising.com.cn/webmail/index.htm) 选择『产品支持』－『其他问题』类别进行提交，并描述您计算机的中病毒现象，以便我们尽快帮您解决问题。
另外，为了更好的分析您的问题，请您提供瑞星病毒查杀的历史记录，如果有查杀不干净的病毒文件请直接发给我们。

更多产品支持,请登陆客户服务网站:http://csc.rising.com.cn
提醒：为保证收到您的来信，请勿直接回复本邮件!!!
------------------------------------------------------
服务单位：瑞星·客户服务中心
工程师：CSC036
电话服务：(010)82678800
发送邮件：请用IE等浏览器访问网址 http://csc.rising.com.cn
------------------------------------------------------

瑞星卡卡安全论坛