查杀了31个病毒,可是重起后还在!高手救我! bbs.ikaka.com

羁旅孤鸿 - 2006-8-29 18:35:00

瑞星也被干掉了,没办法所以我就用手工删除了,还重新装了瑞星,可是却不能升级了.忧闷.所以请大家帮忙啊!以下是日志:
HijackThis_815汉化版扫描日志 V1.99.1
保存于 18:10:59, 日期 2006-8-29
操作系统： Windows XP SP2 (WinNT 5.01.2600)
浏览器： Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程：
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Rising\Rfw\rfwmain.exe
C:\Program Files\Rising\Rav\RavTimer.exe
C:\Program Files\Rising\Rav\RavMon.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe
C:\Program Files\MSN Apps\Updater\01.05.0000.1009\zh-cn\msnappau.exe
C:\Program Files\Rising\Rav\Rav.exe
C:\Program Files\Rising\Rav\RsAgent.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Rising\Rav\CopyRun\RavCopy.exe
D:\临时文件夹\HijackThis1991zww.exe

F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - F:\QQ\QQIEHelper.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - C:\PROGRA~1\KuGoo3\KUGOO3~1.OCX
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\zh-cn\msntb.dll
O3 - IE工具栏增项: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\zh-cn\msntb.dll
O3 - IE工具栏增项: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\windows\system32\kakatool.dll
O4 - 启动项HKLM\\Run: [nwiz] ; nwiz.exe /install
O4 - 启动项HKLM\\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - 启动项HKLM\\Run: [Thunder] "C:\Program Files\Thunder Network\Thunder\Thunder.exe" /s
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - 启动项HKLM\\Run: [Meeting] ; C:\Program Files\群英会\EasyVoice.exe
O4 - 启动项HKLM\\Run: [DataLayer] ; C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - 启动项HKLM\\Run: [PCSuiteTrayApplication] ; C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - 启动项HKLM\\Run: [CnsMHlp.exe] C:\windows\Downloaded Program files\CnsMHlp.exe
O4 - 启动项HKLM\\Run: [Realplayer.exe] C:\windows\system32\Realplayer.exe
O4 - 启动项HKLM\\Run: [wdfmgr32] C:\windows\system32\wdfmgr32.exe
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: [RfwMain] C:\Program Files\Rising\Rfw\rfwmain.exe
O4 - 启动项HKLM\\Run: [RavTimer] C:\Program Files\Rising\Rav\RavTimer.exe
O4 - 启动项HKLM\\Run: [RavMon] C:\Program Files\Rising\Rav\RavMon.exe -system
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] ; C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [msnmsgr] ; "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Realplayer.exe] C:\windows\system32\Realplayer.exe
O4 - Startup: 腾讯QQ.lnk = F:\QQ\QQ.exe
O4 - Global Startup: AutoCAD 启动加速器.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - F:\QQ\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - F:\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - F:\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - F:\QQ\SendMMS.htm
O9 - 浏览器额外的按钮: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - F:\QQ\QQIEHelper.dll
O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - F:\QQ\QQIEHelper.dll
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\cdnns.dll' missing
O18 - 列举现有的协议: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: DLMon - {590498A3-4131-4D8F-BA4B-36791A0803B1} - C:\WINDOWS\system32\DLMain.dll (file missing)
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - c:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - rising - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe

羁旅孤鸿 - 2006-8-29 18:37:00

智能扫描如下:
2006-08-29,18:14:34

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\windows\system32\ctfmon.exe> [Microsoft Corporation]
<PcSync><; C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog> [Time Information Services Ltd.]
<msnmsgr><; "C:\Program Files\MSN Messenger\msnmsgr.exe" /background> [Microsoft Corporation]
<Realplayer.exe><C:\windows\system32\Realplayer.exe> []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
<run><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<nwiz><; nwiz.exe /install> []
<KernelFaultCheck><%systemroot%\system32\dumprep 0 -k> []
<Thunder><"C:\Program Files\Thunder Network\Thunder\Thunder.exe" /s> [Thunder Networking Technologies,LTD]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<Meeting><; C:\Program Files\群英会\EasyVoice.exe> []
<DataLayer><; C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe> [Nokia Mobile Phones Ltd.]
<PCSuiteTrayApplication><; C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray> [Nokia]
<CnsMHlp.exe><C:\windows\Downloaded Program files\CnsMHlp.exe> [3721.com]
<Realplayer.exe><C:\windows\system32\Realplayer.exe> []
<wdfmgr32><C:\windows\system32\wdfmgr32.exe> []
<NvCplDaemon><RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup> [NVIDIA Corporation]
<RfwMain><C:\Program Files\Rising\Rfw\rfwmain.exe> [Beijing Rising Technology Corporation Limited]
<RavTimer><C:\Program Files\Rising\Rav\RavTimer.exe> [Beijing Rising Technology Co., Ltd.]
<RavMon><C:\Program Files\Rising\Rav\RavMon.exe -system> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<CheckFaultKernel><C:\windows\system32\mswdm.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><"\Program Files\Logonui\Royale.exe"> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<DLMon><C:\WINDOWS\system32\DLMain.dll> []

==================================
启动文件夹
[AutoCAD 启动加速器]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\AutoCAD 启动加速器.lnk><H>
[腾讯QQ]
<C:\Documents and Settings\user\「开始」菜单\程序\启动\腾讯QQ.lnk><N>

==================================
服务
[Rising Personal Firewall Service / RfwService]
<c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Corporation Limited>
[Rising Process Communication Center / RsCCenter]
<C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE><rising>
[RsRavMon Service / RsRavMon]
<C:\PROGRAM FILES\RISING\RAV\Ravmond.exe><Beijing Rising Technology Co., Ltd.>

==================================
浏览器加载项
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx, >
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <F:\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[ST]
{9394EDE7-C8B5-483E-8773-474BF36AF6E4} <C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll, Microsoft Corporation>
[]
{A9930D97-9CF0-42A0-A10D-4F28836579D5} <C:\PROGRA~1\KuGoo3\KUGOO3~1.OCX, N/A>
[MSNToolBandBHO]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\zh-cn\msntb.dll, Microsoft Corporation>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <F:\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[MSN]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\zh-cn\msntb.dll, Microsoft Corporation>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\windows\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx, >
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <F:\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[ST]
{9394EDE7-C8B5-483E-8773-474BF36AF6E4} <C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll, Microsoft Corporation>
[]
{A9930D97-9CF0-42A0-A10D-4F28836579D5} <C:\PROGRA~1\KuGoo3\KUGOO3~1.OCX, N/A>
[卡卡上网安全助手]
{AFF6E516-CBE5-4F8A-9C2F-38A68013E766} <C:\windows\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[MSN]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\zh-cn\msntb.dll, Microsoft Corporation>
[MSNToolBandBHO]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\zh-cn\msntb.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\windows\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[&使用迅雷下载]
<C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
<C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[上传到QQ网络硬盘]
<F:\QQ\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
<F:\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<F:\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<F:\QQ\SendMMS.htm, N/A>

羁旅孤鸿 - 2006-8-29 18:37:00

==================================
正在运行的进程
[PID: 436][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 484][\??\C:\windows\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 508][\??\C:\windows\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 552][C:\windows\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 564][C:\windows\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 716][C:\windows\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 764][C:\windows\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 840][C:\windows\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 892][C:\windows\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 932][C:\windows\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1164][C:\windows\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[PID: 1288][c:\program files\rising\rfw\rfwsrv.exe] <Beijing Rising Technology Corporation Limited><3, 0, 0, 85>
[c:\program files\rising\rfw\Rfwdrv.dll] <Beijing Rising Technology Corporation Limited><3, 0, 1, 0>
[c:\program files\rising\rfw\rfwrule.dll] <Beijing Rising Technology Corporation Limited><3, 0, 0, 80>
[c:\program files\rising\rfw\rfwlog.dll] <Beijing Rising Technology Corporation Limited><3, 0, 0, 81>
[PID: 1324][C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE] <rising><17, 0, 0, 1>
[PID: 1376][C:\PROGRAM FILES\RISING\RAV\Ravmond.exe] <Beijing Rising Technology Co., Ltd.><17, 0, 1, 95>
[C:\PROGRAM FILES\RISING\RAV\guidll.dll] <rising><17, 0, 0, 6>
[C:\PROGRAM FILES\RISING\RAV\RsCommX.dll] <rising><17, 0, 0, 3>
[C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.DLL] <Rising Corp.><17, 0, 0, 5>
[C:\PROGRAM FILES\RISING\RAV\CfgDll.dll] <rising><17, 0, 0, 41>
[C:\Program Files\Rising\Rav\Scanner.dll] <Rising><17, 0, 0, 39>
[C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><17, 0, 0, 17>
[C:\Program Files\Rising\Rav\libload.dll] <Rising><17, 0, 0, 13>
[C:\Program Files\Rising\Rav\VirusLib.dll] <Rising><17, 0, 0, 26>
[C:\PROGRAM FILES\RISING\RAV\MailMon.dll] < ><17, 0, 0, 6>
[C:\Program Files\Rising\Rav\SpamEng.dll] <N/A><17, 0, 0, 5>
[C:\PROGRAM FILES\RISING\RAV\expscan.dll] <N/A><17, 0, 0, 6>
[C:\PROGRAM FILES\RISING\RAV\regmon.dll] < ><17, 0, 0, 12>
[C:\PROGRAM FILES\RISING\RAV\HookWeb.dll] <rising><17, 0, 0, 4>
[C:\PROGRAM FILES\RISING\RAV\MemMon.dll] <北京瑞星><17, 3, 0, 8>
[C:\Program Files\Rising\Rav\engine.dll] <rising><17, 0, 0, 34>
[C:\Program Files\Rising\Rav\UnExe.dll] <Rising><17, 0, 0, 25>
[C:\Program Files\Rising\Rav\ScanEx.dll] <Rising><17, 0, 0, 26>
[C:\Program Files\Rising\Rav\PostTrt.dll] <Rising><17, 0, 0, 12>
[C:\Program Files\Rising\Rav\NvFile.dll] <瑞星><17, 0, 0, 13>
[C:\Program Files\Rising\Rav\ScanMac.dll] <rising><17, 0, 0, 7>
[C:\Program Files\Rising\Rav\ScanSct.dll] <rising><17, 0, 0, 21>
[C:\Program Files\Rising\Rav\ScanExec.dll] <N/A><17, 0, 0, 18>
[C:\Program Files\Rising\Rav\Unpacker.dll] <rising><17, 0, 0, 17>
[C:\PROGRAM FILES\RISING\RAV\mPorts.dll] <Beijing Rising Technology Corporation Limited><3, 0, 0, 3>
[C:\Program Files\Rising\Rav\ExtOLE.dll] <rising><17, 0, 0, 13>
[PID: 1612][C:\windows\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2012][C:\windows\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\AcSignIcon.dll] <Autodesk><16.1.63.0>
[C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] <Autodesk><16.1.63.0>
[C:\WINDOWS\system32\nvcpl.dll] <NVIDIA Corporation><6.14.10.8198>
[C:\windows\system32\NVRSZHC.DLL] <NVIDIA Corporation><6.14.10.8198>
[C:\WINDOWS\system32\nvshell.dll] <N/A><N/A>
[C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll] <Thunder Networking Technologies,LTD><5, 0, 0, 2>
[C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll] <Nokia><6, 60, 15, 3>
[C:\windows\system32\ConnAPI.DLL] <Nokia.><6, 60, 27, 2>
[C:\Program Files\Nokia\Nokia PC Suite 6\PCSCM.dll] <Nokia><6, 60, 45, 4>
[C:\Program Files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_chi-sc.nlr] <Nokia><6, 60, 5, 1>
[C:\Program Files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr] <Nokia><6, 60, 1, 1>
[C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx] <><1, 0, 0, 1>
[C:\PROGRA~1\KuGoo3\KUGOO3~1.OCX] <N/A><N/A>
[PID: 192][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] <RealNetworks, Inc.><0.1.0.3512>
[PID: 236][C:\Program Files\Rising\Rfw\rfwmain.exe] <Beijing Rising Technology Corporation Limited><3, 0, 0, 99>
[C:\Program Files\Rising\Rfw\RsGuiLib.dll] <Beijing Rising Technology Co., Ltd.><17, 0, 0, 33>
[C:\Program Files\Rising\Rfw\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><17, 0, 0, 17>
[C:\Program Files\Rising\Rfw\PngDll.dll] <Rising><17, 0, 0, 2>
[PID: 244][C:\Program Files\Rising\Rav\RavTimer.exe] <Beijing Rising Technology Co., Ltd.><17, 0, 0, 34>
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><17, 0, 0, 17>
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Rising Corp.><17, 0, 0, 5>
[C:\Program Files\Rising\Rav\CfgDll.dll] <rising><17, 0, 0, 41>
[C:\Program Files\Rising\Rav\RsCommX.dll] <rising><17, 0, 0, 3>
[PID: 256][C:\Program Files\Rising\Rav\RavMon.exe] <Beijing Rising Technology Co., Ltd.><17, 0, 1, 0>
[C:\Program Files\Rising\Rav\RsGuiLib.dll] <Beijing Rising Technology Co., Ltd.><17, 0, 0, 33>
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Rising Corp.><17, 0, 0, 5>
[C:\Program Files\Rising\Rav\CfgDll.dll] <rising><17, 0, 0, 41>
[C:\Program Files\Rising\Rav\RsCommX.dll] <rising><17, 0, 0, 3>
[C:\Program Files\Rising\Rav\PngDll.dll] <Rising><17, 0, 0, 2>
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><17, 0, 0, 17>
[PID: 268][C:\windows\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 380][C:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe] <Thunder Networking Technologies,LTD><5.3.0.220>
[C:\Program Files\Thunder Network\Thunder\Program\UpdateDownload.dll] <Thunder Networking Technologies,LTD><1, 0, 1, 8>
[C:\Program Files\Thunder Network\Thunder\Program\download_interface.dll] <Thunder Networking Technologies,LTD><1, 0, 4, 71>
[C:\Program Files\Thunder Network\Thunder\Program\log4cplus.dll] <><1, 0, 2, 1>
[C:\Program Files\Thunder Network\Thunder\Program\stlport_vc646.dll] <STLport Consulting, Inc.><4.6.2003.1031>
[C:\Program Files\Thunder Network\Thunder\Program\asyn_dns.dll] <N/A><N/A>
[C:\Program Files\Thunder Network\Thunder\Program\msgmanage.dll] <Thunder Networking Technologies,LTD><1, 0, 0, 15>
[C:\Program Files\Thunder Network\Thunder\Program\historyinfo_manage.dll] <Thunder Networking Technologies,LTD><5, 2, 0, 148>
[C:\Program Files\Thunder Network\Thunder\Program\RegisterDll.dll] <Thunder Networking Technologies,LTD><2, 1, 0, 18>
[C:\Program Files\Thunder Network\Thunder\Program\FloatBar.dll] <Thunder Networking Technologies,LTD><1, 0, 0, 2>
[C:\Program Files\Thunder Network\Thunder\Plugins\TingTing\TingTing.dll] <Thunder Networking Technologies,LTD><1, 1, 1, 9>
[C:\Program Files\Thunder Network\Thunder\Components\InMedia\iEmbedShell.dll] <　><1, 0, 0, 11>
[C:\Program Files\Thunder Network\Thunder\Components\InMedia\iEmbed04.dll] <　><2, 3, 0, 37>
[C:\Program Files\Thunder Network\Thunder\Components\P4PClient\P4PClient.dll] <Thunder Networking Technologies,LTD><1, 0, 3, 8>
[C:\Program Files\Rising\Rav\RavScrCh.dll] <><17, 0, 0, 6>
[C:\Program Files\Thunder Network\Thunder\Program\iTargetAd.dll] <Thunder Networking Technologies,LTD><1, 0, 1, 55>
[C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx] <Adobe Systems, Inc.><9,0,16,0>
[PID: 2980][C:\Program Files\MSN Apps\Updater\01.05.0000.1009\zh-cn\msnappau.exe] <Microsoft Corporation><01.05.0000.1009>
[PID: 1444][C:\Program Files\Rising\Rav\RsAgent.exe] <Beijing Rising Technology Co., Ltd.><17, 0, 0, 22>
[C:\Program Files\Rising\Rav\RsCommX.dll] <rising><17, 0, 0, 3>
[PID: 1940][C:\WINDOWS\msagent\AgentSvr.exe] <Microsoft Corporation><2.00.0.3422>
[PID: 3668][D:\临时文件夹\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>

羁旅孤鸿 - 2006-8-29 18:38:00

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\windows\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

地区性 - 2006-8-29 18:47:00

去我的网络硬盘

http://free5.ys168.com/?luoyexinqing

打开辅助工具文件夹,下载WinsockxpFix.rar修复一下

地区性 - 2006-8-29 18:48:00

O4 - 启动项HKLM\\Run: [CnsMHlp.exe] C:\windows\Downloaded Program files\CnsMHlp.exe
O4 - 启动项HKLM\\Run: [Realplayer.exe] C:\windows\system32\Realplayer.exe
O4 - 启动项HKLM\\Run: [wdfmgr32] C:\windows\system32\wdfmgr32.exe
这些启动项是病毒

羁旅孤鸿 - 2006-8-29 18:49:00

哦对了　我看资源管理器　　发现SVCHOST.EXE进程有５个！好象不正常啊！还有资源管理器的用户名也没了啊！　　　附图如下：

附件: 7367152006829184113.jpg

地区性 - 2006-8-29 18:53:00

引用:

【羁旅孤鸿的贴子】哦对了　我看资源管理器　　发现SVCHOST.EXE进程有５个！好象不正常啊！还有资源管理器的用户名也没了啊！　　　附图如下：
………………

SVCHOST.EXE很正常

秋日里的蓝天 - 2006-8-29 19:03:00

O4 - 启动项HKLM\\Run: [Realplayer.exe] C:\windows\system32\Realplayer.exe

启动项
C:\WINDOWS\system32\Realplayer.exe
C:\WINDOWS\system32\Realplayer.exe
运行中的程序
C:\WINDOWS\system32\brlmon.dll

解决方法
解决方法如下
双击我的电脑，工具，文件夹选项，查看，单击选取"显示隐藏文件或文件夹"清除"隐藏受保护的操作系统文件（推荐）"复选框。在提示确定更改时，单击“是”，清除“隐藏已知文件类型的扩展名
ALT+CTRL+DELETE调出任务管理器,终止explorer.exe 还有Realplayer.exe的进程
点“文件”“新任务”“浏览”找到C:\WINDOWS\system32\Realplayer.exe
删除Realplayer.exe
点“文件”“新任务”“浏览”找到C:\WINDOWS\explorer.exe,双击打开
运行(双击)System Repair Engineer，使用“启动项目，注册表”来删除以下选项。
C:\WINDOWS\system32\Realplayer.exe
C:\WINDOWS\system32\Realplayer.exe
删除
C:\WINDOWS\system32\brlmon.dll
C:\windows\system32\wdfmgr32.exe
把主页改回来。

地区性 - 2006-8-29 19:10:00

附件: 4803152006829190256.jpg

mopery - 2006-8-29 20:49:00

O4 - HKCU\..\Run: [Realplayer.exe] C:\windows\system32\Realplayer.exe
参考反病毒顶置...

修复

O4 - 启动项HKLM\\Run: [wdfmgr32] C:\windows\system32\wdfmgr32.exe
O4 - 启动项HKLM\\Run: [CnsMHlp.exe] C:\windows\Downloaded Program files\CnsMHlp.exe
O21 - SSODL: DLMon - {590498A3-4131-4D8F-BA4B-36791A0803B1} - C:\WINDOWS\system32\DLMain.dll (file missing)

删除
C:\windows\system32\wdfmgr32.exe
C:\windows\Downloaded Program files\CnsMHlp.exe

mopery - 2006-8-29 20:50:00

打开SRE 启动项目注册表删除
<CheckFaultKernel><C:\windows\system32\mswdm.exe> []
删除
C:\windows\system32\mswdm.exe

我无邪 - 2006-8-29 22:20:00

建议楼主修复后，重启，再扫份日志粘上来。

羁旅孤鸿 - 2006-8-29 22:47:00

【回复“我无邪”的帖子】HijackThis_815汉化版扫描日志 V1.99.1
保存于 22:37:42, 日期 2006-8-29
操作系统： Windows XP SP2 (WinNT 5.01.2600)
浏览器： Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程：
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
C:\windows\system32\ctfmon.exe
c:\program files\rising\rfw\RfwMain.exe
C:\Program Files\Rising\Rav\RavMon.exe
C:\Program Files\Rising\Rav\RsAgent.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Rising\Rav\CopyRun\RavCopy.exe
D:\临时文件夹\HijackThis1991zww.exe

F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - F:\QQ\QQIEHelper.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll
O3 - IE工具栏增项: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\zh-cn\msntb.dll (file missing)
O3 - IE工具栏增项: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\windows\system32\kakatool.dll
O4 - 启动项HKLM\\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - 启动项HKLM\\Run: [Thunder] ; "C:\Program Files\Thunder Network\Thunder\Thunder.exe" /s
O4 - 启动项HKLM\\Run: [TkBellExe] ; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - 启动项HKLM\\Run: [Meeting] ; C:\Program Files\群英会\EasyVoice.exe
O4 - 启动项HKLM\\Run: [NvCplDaemon] ; RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: [RfwMain] ; C:\Program Files\Rising\Rfw\rfwmain.exe
O4 - 启动项HKLM\\Run: [RavTimer] ; C:\Program Files\Rising\Rav\RavTimer.exe
O4 - 启动项HKLM\\Run: [RavMon] ; C:\Program Files\Rising\Rav\RavMon.exe -system
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - Startup: 腾讯QQ.lnk = F:\QQ\QQ.exe
O4 - Global Startup: AutoCAD 启动加速器.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - F:\QQ\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - F:\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - F:\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - F:\QQ\SendMMS.htm
O9 - 浏览器额外的按钮: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - F:\QQ\QQIEHelper.dll
O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - F:\QQ\QQIEHelper.dll
O18 - 列举现有的协议: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - c:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - rising - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe

再请看看6楼的那个问题啊!

羁旅孤鸿 - 2006-8-29 22:56:00

【回复“mopery”的帖子】C:\windows\system32\mswdm.exe 删除
了 <CheckFaultKernel><C:\windows\system32\mswdm.exe> []不对了后面不是mswdm.exe了是dumprep 0 -k 不过我也删了啊

羁旅孤鸿 - 2006-8-29 23:01:00

【回复“羁旅孤鸿”的帖子】HijackThis_815汉化版扫描日志 V1.99.1
保存于 22:50:34, 日期 2006-8-29
操作系统： Windows XP SP2 (WinNT 5.01.2600)
浏览器： Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程：
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
C:\windows\system32\ctfmon.exe
c:\program files\rising\rfw\RfwMain.exe
C:\Program Files\Rising\Rav\RavMon.exe
C:\Program Files\Rising\Rav\RsAgent.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Rising\Rav\Rav.exe
C:\windows\explorer.exe
D:\临时文件夹\HijackThis1991zww.exe

F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - F:\QQ\QQIEHelper.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll
O3 - IE工具栏增项: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\zh-cn\msntb.dll (file missing)
O3 - IE工具栏增项: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\windows\system32\kakatool.dll
O4 - 启动项HKLM\\Run: [Thunder] "C:\Program Files\Thunder Network\Thunder\Thunder.exe" /s
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - 启动项HKLM\\Run: [Meeting] C:\Program Files\群英会\EasyVoice.exe
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: [RfwMain] C:\Program Files\Rising\Rfw\rfwmain.exe
O4 - 启动项HKLM\\Run: [RavTimer] C:\Program Files\Rising\Rav\RavTimer.exe
O4 - 启动项HKLM\\Run: [RavMon] C:\Program Files\Rising\Rav\RavMon.exe -system
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - Startup: 腾讯QQ.lnk = F:\QQ\QQ.exe
O4 - Global Startup: AutoCAD 启动加速器.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - F:\QQ\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - F:\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - F:\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - F:\QQ\SendMMS.htm
O9 - 浏览器额外的按钮: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - F:\QQ\QQIEHelper.dll
O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - F:\QQ\QQIEHelper.dll
O18 - 列举现有的协议: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - c:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - rising - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe

我无邪 - 2006-8-29 23:05:00

删除了都没有关系
建议扫份System Repair Engineer的日志粘上来。

羁旅孤鸿 - 2006-8-29 23:19:00

【回复“我无邪”的帖子】2006-08-29,23:12:30

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\windows\system32\ctfmon.exe> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
<run><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Thunder><"C:\Program Files\Thunder Network\Thunder\Thunder.exe" /s> [Thunder Networking Technologies,LTD]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<Meeting><C:\Program Files\群英会\EasyVoice.exe> []
<NvCplDaemon><RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup> [NVIDIA Corporation]
<RfwMain><C:\Program Files\Rising\Rfw\rfwmain.exe> [Beijing Rising Technology Corporation Limited]
<RavTimer><C:\Program Files\Rising\Rav\RavTimer.exe> [Beijing Rising Technology Co., Ltd.]
<RavMon><C:\Program Files\Rising\Rav\RavMon.exe -system> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><EXPLORER.EXE> [Microsoft Corporation]
<Userinit><userinit.exe,> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><"> []

==================================
启动文件夹
[AutoCAD 启动加速器]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\AutoCAD 启动加速器.lnk><H>
[腾讯QQ]
<C:\Documents and Settings\user\「开始」菜单\程序\启动\腾讯QQ.lnk><N>

==================================
服务
[Rising Personal Firewall Service / RfwService]
<c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Corporation Limited>
[Rising Process Communication Center / RsCCenter]
<C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE><rising>
[RsRavMon Service / RsRavMon]
<C:\PROGRAM FILES\RISING\RAV\Ravmond.exe><Beijing Rising Technology Co., Ltd.>

==================================
浏览器加载项
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx, >
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <F:\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <F:\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[MSN]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\zh-cn\msntb.dll, N/A>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\windows\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx, >
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <F:\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[卡卡上网安全助手]
{AFF6E516-CBE5-4F8A-9C2F-38A68013E766} <C:\windows\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[MSN]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\zh-cn\msntb.dll, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\windows\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[&使用迅雷下载]
<C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
<C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[上传到QQ网络硬盘]
<F:\QQ\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
<F:\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<F:\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<F:\QQ\SendMMS.htm, N/A>

羁旅孤鸿 - 2006-8-29 23:24:00

==================================
正在运行的进程
[PID: 304][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 352][\??\C:\windows\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 376][\??\C:\windows\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 420][C:\windows\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 432][C:\windows\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 584][C:\windows\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 628][C:\windows\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 676][C:\windows\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 732][C:\windows\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 744][C:\windows\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1012][C:\windows\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[PID: 1180][c:\program files\rising\rfw\rfwsrv.exe] <Beijing Rising Technology Corporation Limited><3, 0, 0, 85>
[c:\program files\rising\rfw\Rfwdrv.dll] <Beijing Rising Technology Corporation Limited><3, 0, 1, 0>
[c:\program files\rising\rfw\rfwrule.dll] <Beijing Rising Technology Corporation Limited><3, 0, 0, 80>
[c:\program files\rising\rfw\rfwlog.dll] <Beijing Rising Technology Corporation Limited><3, 0, 0, 81>
[PID: 1228][C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE] <rising><17, 0, 0, 1>
[PID: 1244][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] <RealNetworks, Inc.><0.1.0.3512>
[PID: 1260][C:\Program Files\群英会\EasyVoice.exe] <><1.0.0.0>
[C:\Program Files\群英会\pakintd.dll] <easyvoice><1, 1, 0, 1>
[C:\Program Files\群英会\commapi.dll] <EasyVoice><1, 0, 0, 1>
[C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx] <Adobe Systems, Inc.><9,0,16,0>
[PID: 1268][C:\PROGRAM FILES\RISING\RAV\Ravmond.exe] <Beijing Rising Technology Co., Ltd.><17, 0, 1, 95>
[C:\PROGRAM FILES\RISING\RAV\guidll.dll] <rising><17, 0, 0, 6>
[C:\PROGRAM FILES\RISING\RAV\RsCommX.dll] <rising><17, 0, 0, 3>
[C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.DLL] <Rising Corp.><17, 0, 0, 5>
[C:\PROGRAM FILES\RISING\RAV\CfgDll.dll] <rising><17, 0, 0, 41>
[C:\Program Files\Rising\Rav\Scanner.dll] <Rising><17, 0, 0, 39>
[C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><17, 0, 0, 17>
[C:\Program Files\Rising\Rav\libload.dll] <Rising><17, 0, 0, 13>
[C:\Program Files\Rising\Rav\VirusLib.dll] <Rising><17, 0, 0, 26>
[C:\PROGRAM FILES\RISING\RAV\MailMon.dll] < ><17, 0, 0, 6>
[C:\Program Files\Rising\Rav\SpamEng.dll] <N/A><17, 0, 0, 5>
[C:\PROGRAM FILES\RISING\RAV\expscan.dll] <N/A><17, 0, 0, 6>
[C:\PROGRAM FILES\RISING\RAV\regmon.dll] < ><17, 0, 0, 12>
[C:\PROGRAM FILES\RISING\RAV\HookWeb.dll] <rising><17, 0, 0, 4>
[C:\PROGRAM FILES\RISING\RAV\MemMon.dll] <北京瑞星><17, 3, 0, 8>
[C:\Program Files\Rising\Rav\PostTrt.dll] <Rising><17, 0, 0, 12>
[C:\Program Files\Rising\Rav\engine.dll] <rising><17, 0, 0, 34>
[C:\Program Files\Rising\Rav\UnExe.dll] <Rising><17, 0, 0, 25>
[C:\Program Files\Rising\Rav\ScanEx.dll] <Rising><17, 0, 0, 26>
[C:\Program Files\Rising\Rav\NvFile.dll] <瑞星><17, 0, 0, 13>
[C:\Program Files\Rising\Rav\ScanMac.dll] <rising><17, 0, 0, 7>
[C:\Program Files\Rising\Rav\ScanSct.dll] <rising><17, 0, 0, 21>
[C:\Program Files\Rising\Rav\ScanExec.dll] <N/A><17, 0, 0, 18>
[C:\PROGRAM FILES\RISING\RAV\mPorts.dll] <Beijing Rising Technology Corporation Limited><3, 0, 0, 3>
[C:\Program Files\Rising\Rav\Unpacker.dll] <rising><17, 0, 0, 17>
[C:\Program Files\Rising\Rav\ExtOLE.dll] <rising><17, 0, 0, 13>
[PID: 1364][C:\Program Files\Rising\Rfw\rfwmain.exe] <Beijing Rising Technology Corporation Limited><3, 0, 0, 99>
[C:\Program Files\Rising\Rfw\RsGuiLib.dll] <Beijing Rising Technology Co., Ltd.><17, 0, 0, 33>
[C:\Program Files\Rising\Rfw\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><17, 0, 0, 17>
[C:\Program Files\Rising\Rfw\PngDll.dll] <Rising><17, 0, 0, 2>
[PID: 1372][C:\Program Files\Rising\Rav\RavTimer.exe] <Beijing Rising Technology Co., Ltd.><17, 0, 0, 34>

羁旅孤鸿 - 2006-8-29 23:24:00

[C:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><17, 0, 0, 17>
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Rising Corp.><17, 0, 0, 5>
[C:\Program Files\Rising\Rav\CfgDll.dll] <rising><17, 0, 0, 41>
[C:\Program Files\Rising\Rav\RsCommX.dll] <rising><17, 0, 0, 3>
[PID: 1380][C:\Program Files\Rising\Rav\RavMon.exe] <Beijing Rising Technology Co., Ltd.><17, 0, 1, 0>
[C:\Program Files\Rising\Rav\RsGuiLib.dll] <Beijing Rising Technology Co., Ltd.><17, 0, 0, 33>
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Rising Corp.><17, 0, 0, 5>
[C:\Program Files\Rising\Rav\CfgDll.dll] <rising><17, 0, 0, 41>
[C:\Program Files\Rising\Rav\RsCommX.dll] <rising><17, 0, 0, 3>
[C:\Program Files\Rising\Rav\PngDll.dll] <Rising><17, 0, 0, 2>
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><17, 0, 0, 17>
[PID: 1436][C:\windows\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1948][C:\windows\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 348][C:\Program Files\Internet Explorer\IEXPLORE.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\AcSignIcon.dll] <Autodesk><16.1.63.0>
[C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx] <><1, 0, 0, 1>
[F:\QQ\QQIEHelper.dll] <深圳市腾讯计算机系统有限公司><1, 1, 0, 5>
[C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll] <Thunder Networking Technologies,LTD><5, 0, 0, 2>
[C:\Program Files\Rising\Rav\RavScrCh.dll] <><17, 0, 0, 6>
[C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx] <Adobe Systems, Inc.><9,0,16,0>
[PID: 1332][F:\QQ\QQ.exe] <TENCENT><0, 0, 0, 0>
[F:\QQ\QQBaseClassInDll.dll] <><1, 0, 0, 1>
[F:\QQ\QQHelperDll.dll] <><1, 0, 0, 1>
[F:\QQ\BasicCtrlDll.dll] <Tencent><5, 0, 200, 160>
[F:\QQ\QQAPI.dll] <><1, 0, 0, 1>
[F:\QQ\TIMProxy.dll] <tencent><0, 3, 2, 4>
[F:\QQ\LoginCtrl.dll] <><1, 0, 0, 1>
[F:\QQ\npkcntc.dll] <INCA Internet Co., Ltd.><2006, 3, 2, 1>
[F:\QQ\npkpdb.dll] <INCA Internet Co., Ltd.><2003, 10, 1, 1>
[F:\QQ\QQRes.dll] <tencent><1, 0, 0, 1>
[F:\QQ\QQMainFrame.dll] <N/A><N/A>
[F:\QQ\CQQApplication.dll] <N/A><N/A>
[F:\QQ\NewSkin.dll] <><1, 0, 0, 1>
[F:\QQ\HostingMgr.dll] <><1, 0, 0, 1>
[F:\QQ\CameraDll.dll] <><1, 0, 0, 1>
[F:\QQ\MailSummary.dll] <><1, 0, 0, 1>
[F:\QQ\QQSpace.dll] <><1, 0, 0, 1>
[C:\windows\system32\msdmo.dll] <N/A><N/A>
[F:\QQ\QQGroupMng.dll] <><1, 0, 0, 1>
[F:\QQ\GroupLive.dll] <N/A><N/A>
[F:\QQ\UserDefinedHead.dll] <><1, 0, 0, 1>
[F:\QQ\QQPlugin.dll] <N/A><N/A>
[F:\QQ\QQAllInOne.dll] <N/A><N/A>
[F:\QQ\SCCore.dll] <N/A><N/A>
[F:\QQ\QQCustomFace.dll] <N/A><N/A>
[F:\QQ\QQPet.dll] <><1, 0, 0, 1>
[F:\QQ\LongConnection.dll] <tencent><5, 0, 200, 160>
[F:\QQ\ShareFiles.dll] <N/A><N/A>
[F:\QQ\QQZip.dll] <tencent><0, 3, 2, 4>
[F:\QQ\QQSysMsgMng.dll] <N/A><N/A>
[F:\QQ\QQConfigPlugin.dll] <><1, 0, 0, 1>
[F:\QQ\FlashAvatarDll.dll] <><1, 4, 0, 1>
[C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx] <Adobe Systems, Inc.><9,0,16,0>
[F:\QQ\QRingMng.dll] <N/A><N/A>
[F:\QQ\QQMagicFace.dll] <><1, 0, 0, 1>
[F:\QQ\QQAvatar.dll] <N/A><N/A>
[F:\QQ\QQSceneMng.dll] <N/A><N/A>
[F:\QQ\PhoneAPI.dll] <><1, 0, 0, 1>
[F:\QQ\DialerAllinOne.dll] <tencent><1, 4, 0, 0>
[C:\windows\system32\PYJJU.IME] <北京六合源软件技术有限公司><2, 2, 0, 4>
[F:\QQ\BQQApplication.dll] <N/A><N/A>
[F:\QQ\GroupConnection.dll] <Tencent><5, 0, 202, 170>
[F:\QQ\CommercesMng.dll] <><1, 0, 0, 1>
[F:\QQ\PersonalDesktop.dll] <深圳市腾讯计算机系统公司QQ工作小组><1, 0, 0, 2>
[F:\QQ\QQAddr.dll] <深圳市腾讯计算机系统有限公司><5, 0, 101, 200>
[F:\QQ\QQPhoneHelper.dll] <腾讯科技（深圳）有限公司><2, 0, 6, 60>
[F:\QQ\ImageOle.dll] <TODO: <Company name>><1.0.0.1>
[C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll] <Nokia><6, 60, 15, 3>
[C:\windows\system32\ConnAPI.DLL] <Nokia.><6, 60, 27, 2>
[C:\Program Files\Nokia\Nokia PC Suite 6\PCSCM.dll] <Nokia><6, 60, 45, 4>
[C:\WINDOWS\system32\AcSignIcon.dll] <Autodesk><16.1.63.0>
[C:\Program Files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_chi-sc.nlr] <Nokia><6, 60, 5, 1>
[C:\Program Files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr] <Nokia><6, 60, 1, 1>
[C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] <Autodesk><16.1.63.0>
[F:\QQ\QQFileTransfer.dll] <Tencent><5, 0, 202, 180>
[PID: 1128][F:\QQ\TIMPlatform.exe] <tencent><0, 3, 1, 8>
[F:\QQ\TIMProxy.dll] <tencent><0, 3, 2, 4>
[PID: 1604][C:\windows\system32\PYINTAU.EXE] <北京六合源软件技术有限公司><2, 2, 1, 4>
[C:\windows\system32\PYCODEU.dll] <北京六合源软件技术有限公司><2, 2, 0, 4>
[C:\windows\system32\PYJJCZU.dll] <北京六合源软件技术有限公司><2, 2, 0, 0>
[PID: 2412][C:\windows\explorer.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\AcSignIcon.dll] <Autodesk><16.1.63.0>
[C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] <Autodesk><16.1.63.0>
[C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx] <><1, 0, 0, 1>
[C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll] <Thunder Networking Technologies,LTD><5, 0, 0, 2>
[PID: 2988][D:\临时文件夹\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\windows\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

瑞星卡卡安全论坛