【求助】系统变慢，时不时弹出IE保护程序（有图） bbs.ikaka.com

轻轻地来 - 2006-11-25 19:25:00

操作系统：Windows Server 2003 Standard Edition Service Pack 1 (Build 3790)
安装了瑞星最新杀毒、防火墙和卡卡。

1.最近系统在打开、关闭或最小化程序是反应变慢，在一段时间内，鼠标无法移动。用任务管理器查看，在做这些动作时，cpu利用率瞬间偏高，硬盘灯闪烁不停。
2.时不时弹出IE保护程序（见截图，文件都为同一个在dos下查看为da4ds.jpg文件），当第一次出现时先按拒绝执行，但在IE执行黑白名单内2栏都为空白；第2次出现时为了监测，按了执行，但报winrar crc解压出错，但在IE执行黑白名单内2栏也都为空白；最后一次执行，突然系统在后台安装程序，瑞星提示上报日志。

C:\WINDOWS\temp\gjb\tdsetup.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN Desktop C:\WINDOWS\system32\rundll32.exe "C:\Program Files 修改同意修改
D:\Temp\12\setup.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH SearchAssistant http://client.jogo.cn/cdn/browser/sidesearch/sides 修改拒绝修改
D:\Temp\12\setup.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH CustomizeSearch http://client.jogo.cn/cdn/browser/customsearch/cus 修改拒绝修改
D:\Temp\12\setup.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN CdnCtr C:\Program Files\CNNIC\Cdn\cdnup.exe 修改拒绝修改
C:\WINDOWS\system32\rund1l1.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN SysExplr C:\Program Files\herosoft\SuperPLAY3500\SysExplr.e 修改拒绝修改

1的情况前段时间出现过，没办法我重装了系统，当时在安装前我在安全模式下用瑞星和卡卡查杀过，没有任何病毒。在卡卡内删除了流氓软件，删除不用的插件和禁用有用的插件，清理所有痕迹。重启后1的情况还是出现。用windwos优化大师安全监测如下：
扫描木马程序
分析可疑注册表入口
分析可疑文件
发现未知木马
可疑文件：C:\WINDOWS\system32\GLIEDown2.dll
并且在安全模式下也是如此。没办法重装，在重装完所有的应用软件后，用windows优化大师检查过正常。但没想到没用多久，又出现1的情况，后来又有2的情况出现。想到可能版本升级了能杀掉这些，但情况也是如此，没办法解决。上瑞星在线查杀也是如此，没有发现病毒。

并且我的IE执行黑白名单，选项为灰色，不能添加。
有哪位能帮我解决下，附启动选项：
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
<jiajiasr><D:\Program Files\jj4\jiajiasr.exe> [加加工作组]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<IMEKRMIG6.1><C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE> [(Verified)Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<PCTVOICE><pctspk.exe> []
<SoundMan><SOUNDMAN.EXE> [Realtek Semiconductor Corp.]
<RavTask><"D:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<RfwMain><"D:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><%SystemRoot%\system32\logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]

附件: 79112820061125191703.JPG

天健行者 - 2006-11-25 19:36:00

日志不全
下载 System Repair Engineer，
http://www.kztechs.com/sreng/sreng2.zip
1 解压缩sreng2.zip
2 运行SREng.exe
3 智能扫描=》扫描=》保存报告
4 把日志中的报告完整拷贝贴上来，不要修改

轻轻地来 - 2006-11-25 20:24:00

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows Server 2003 Standard Edition Service Pack 1 (Build 3790)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
<jiajiasr><D:\Program Files\jj4\jiajiasr.exe> [加加工作组]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<IMEKRMIG6.1><C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE> [(Verified)Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<PCTVOICE><pctspk.exe> []
<SoundMan><SOUNDMAN.EXE> [Realtek Semiconductor Corp.]
<RavTask><"D:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<RfwMain><"D:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><%SystemRoot%\system32\logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]

==================================
启动文件夹
N/A

==================================
服务
[Human Interface Device Access / HidServ]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[MicroMsgServices / MicroMsgServices]
<C:\WINDOWS\system32\Svchost.exe -k MicroMsgServices-->C:\WINDOWS\system32\MicroService\svchost.dll><N/A>
[Rising Proxy Service / RfwProxySrv]
<d:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
<d:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
<"D:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon]
<"D:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[TP-LINK TL-WN310G/350G 11G Wireless Adapter Service / AR5211]
<system32\DRIVERS\11gAdapter.sys><TP-LINK Technologies Co., Ltd.>
[Rising TDI Base Driver / BaseTDI]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[ExpScaner / ExpScaner]
<\??\D:\Program Files\Rising\Rav\ExpScan.sys><>
[HookCont / HookCont]
<\??\D:\Program Files\Rising\Rav\HOOKCONT.sys><Rising tech Co. ltd>
[HookReg / HookReg]
<\??\D:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys]
<\??\D:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl]
<\??\D:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[IP in IP Tunnel Driver / IpInIp]
<system32\DRIVERS\ipinip.sys><N/A>
[MEMSCAN / MEMSCAN]
<\??\D:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs]
<\??\d:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[npkcrypt / npkcrypt]
<\??\D:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[Direct Parallel Link Driver / Ptilink]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[W2K Pctel Serial Device Driver / Ptserial]
<system32\DRIVERS\ptserial.sys><PCTEL, INC.>
[RsAntiSpyware / RsAntiSpyware]
<\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[RsFwDrv / RsFwDrv]
<\??\D:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS]
<\??\D:\PROGRAM FILES\RISING\RAV\RSPPSYS.sys><Rising>
[Secdrv / Secdrv]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SiS315 / SiS315]
<system32\DRIVERS\sisgrp.sys><Silicon Integrated Systems Corporation>
[SiS PCI Fast Ethernet Adapter Driver / SISNIC]
<system32\DRIVERS\sisnic.sys><SiS Corporation>
[TCP/IP Protocol Driver / Tcpip]
<system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[W2k Vmodem / Vmodem]
<\SystemRoot\system32\DRIVERS\vmodem.sys><PCTEL, INC.>
[W2k Vpctcom / Vpctcom]
<\SystemRoot\system32\DRIVERS\vpctcom.sys><PCtel, Inc.>
[W2k Vvoice / Vvoice]
<\SystemRoot\system32\DRIVERS\vvoice.sys><PCtel, Inc.>
[Winbond Infrared Device Driver / WBFIRDMA]
<system32\DRIVERS\wbfirdma.sys><Winbond Electronics Corp.>

轻轻地来 - 2006-11-25 20:25:00

==================================
浏览器加载项
[启动迅雷5]
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436}? <D:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[Office Update Installation Engine]
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} <C:\WINDOWS\opuc.dll, Microsoft Corporation>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Rising Web Scan Object]
{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[XML DOM Document]
{2933BF90-7B36-11D2-B20E-00C04F983E60} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[Office Update Installation Engine]
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} <C:\WINDOWS\opuc.dll, Microsoft Corporation>
[Active Desktop Mover]
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[Windows Live Sign-in Helper]
{9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[卡卡上网安全助手]
{AFF6E516-CBE5-4F8A-9C2F-38A68013E766} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[Rising Web Scan Object]
{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[XML HTTP Request]
{ED8C108E-4349-11D2-91A4-00C04F7969E8} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[Scripting.Dictionary]
{EE09B103-97E0-11CF-978F-00A02463E06F} <C:\WINDOWS\system32\scrrun.dll, Microsoft Corporation>
[XML DOM Document]
{F6D90F11-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[XML HTTP]
{F6D90F16-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[&使用迅雷下载]
<D:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>

==================================
正在运行的进程
[PID: 384][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 468][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 504][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 548][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 560][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 748][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 828][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 872][D:\Program Files\Rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 888][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 964][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 1008][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 1036][D:\Program Files\Rising\Rav\Ravmond.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 1, 47]
[D:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
[D:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[D:\Program Files\Rising\Rav\RsPPsys.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[D:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[D:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
[D:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[D:\Program Files\Rising\Rav\RsLog.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
[D:\Program Files\Rising\Rav\HOOKSYS.dll] [Beijing Rising Technology Co., Ltd., 18, 1, 0, 12]
[D:\Program Files\Rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 33]
[D:\Program Files\Rising\Rav\libload.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
[D:\Program Files\Rising\Rav\VirusLib.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[D:\Program Files\Rising\Rav\regmon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
[D:\Program Files\Rising\Rav\HookWeb.dll] [rising, 18, 0, 0, 2]
[D:\Program Files\Rising\Rav\MemMon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
[D:\Program Files\Rising\Rav\expscan.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[D:\Program Files\Rising\Rav\mPorts.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[D:\Program Files\Rising\Rav\MailMon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[D:\Program Files\Rising\Rav\SpamEng.dll] [N/A, 18, 0, 0, 6]
[D:\Program Files\Rising\Rav\engine.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 35]
[D:\Program Files\Rising\Rav\PostTrt.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 18]
[D:\Program Files\Rising\Rav\UnExe.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
[D:\Program Files\Rising\Rav\ScanExec.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 16]
[D:\Program Files\Rising\Rav\ScanEx.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 33]
[D:\Program Files\Rising\Rav\RSUnpack.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 21]
[D:\Program Files\Rising\Rav\ExtFile.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 24]
[D:\Program Files\Rising\Rav\NvFile.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 7]
[D:\Program Files\Rising\Rav\ScanMac.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
[D:\Program Files\Rising\Rav\ScanSct.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
[D:\Program Files\Rising\Rav\Unpacker.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[D:\Program Files\Rising\Rav\ExtOLE.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
[D:\Program Files\Rising\Rav\ExtMail.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[PID: 1052][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 1140][d:\program files\rising\rfw\rfwsrv.exe] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 33]

轻轻地来 - 2006-11-25 20:26:00

[d:\program files\rising\rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 13]
[d:\program files\rising\rfw\rfwlog.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 6]
[d:\program files\rising\rfw\Rfwdrv.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 21]
[d:\program files\rising\rfw\MonDrv.dll] [rs, 1, 0, 0, 4]
[d:\program files\rising\rfw\ProcLib.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 9]
[PID: 1340][D:\Program Files\Rising\Rav\RavStub.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 16]
[D:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[D:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 1696][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 1720][C:\WINDOWS\system32\msdtc.exe] [Microsoft Corporation, 2001.12.4720.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 1860][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 1896][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE] [Microsoft Corporation, 7.00.9466]
[PID: 1968][C:\WINDOWS\system32\Svchost.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[c:\windows\system32\microservice\svchost.dll] [N/A, N/A]
[c:\windows\system32\microservice\MsoService.dll] [N/A, N/A]
[PID: 2000][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 1856][C:\WINDOWS\system32\wbem\wmiprvse.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 1640][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.3790.1830 (srv03_sp1_rtm.050324-1447)]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 21]
[PID: 224][d:\program files\rising\rfw\RfwMain.exe] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 52]
[d:\program files\rising\rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 23]
[d:\program files\rising\rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[d:\program files\rising\rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[PID: 1156][C:\WINDOWS\system32\pctspk.exe] [, 1, 0, 0, 1]
[PID: 1760][C:\WINDOWS\SOUNDMAN.EXE] [Realtek Semiconductor Corp., 5, 1, 0, 56]
[PID: 796][D:\Program Files\Rising\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 22]
[D:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[D:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[D:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
[D:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[PID: 1548][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 1580][D:\Program Files\Rising\Rav\Ravmon.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 1, 39]
[D:\Program Files\Rising\Rav\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 26]
[D:\Program Files\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
[D:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[D:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
[D:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[D:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[D:\Program Files\Rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[PID: 1632][D:\Program Files\jj4\jiajiasr.exe] [加加工作组, 4, 0, 1, 33]
[PID: 2180][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 3328][E:\Downloads\sreng2\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost

==================================

Seaweed - 2006-11-25 20:29:00

进程里是不是一直有个IE.exe？。。。我好象和你一样。。系统启动时相当慢。。。

轻轻地来 - 2006-11-26 4:44:00

谁能帮我解决下啊？？？？？？

轻轻地来 - 2006-11-27 3:41:00

以下是我使用AutoRuns的日志，进入后除AutoRuns未运行程序。

轻轻地来 - 2006-11-27 3:42:00

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ RavTaskRavTimer(Not verified) Beijing Rising Technology Co., Ltd.d:\program files\rising\rav\ravtask.exe

+ RfwMainRising Personal FireWall Main Program(Not verified) Beijing Rising Technology Co., Ltd.d:\program files\rising\rfw\rfwmain.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

+ jiajiasr加加输入法 4.01 作者:孙百川(Not verified) 加加工作组d:\program files\jj4\jiajiasr.exe

HKLM\SOFTWARE\Classes\Protocols\Filter

+ application/octet-streamMicrosoft .NET Runtime Execution Engine(Not verified) Microsoft Corporationc:\windows\system32\mscoree.dll

+ application/x-complusMicrosoft .NET Runtime Execution Engine(Not verified) Microsoft Corporationc:\windows\system32\mscoree.dll

+ application/x-msdownloadMicrosoft .NET Runtime Execution Engine(Not verified) Microsoft Corporationc:\windows\system32\mscoree.dll

HKLM\SOFTWARE\Classes\Protocols\Handler

+ ms-itssMicrosoft? InfoTech Storage System Library(Not verified) Microsoft Corporationc:\program files\common files\microsoft shared\information retrieval\msitss.dll

HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components

+ 0File not found: About:Home

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components

+ n/aMicrosoft .NET IE SECURITY REGISTRATION(Not verified) Microsoft Corporationc:\windows\system32\mscories.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

+ Rising Execute File Exts hookRising Shell Ext Module(Not verified) Beijing Rising Technology Co., Ltd.c:\windows\system32\ravext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ Fusion CacheMicrosoft .NET Runtime Execution Engine(Not verified) Microsoft Corporationc:\windows\system32\mscoree.dll

+ HyperTerminal Icon ExtFile not found: hticons.dll

+ RISINGRising Shell Ext Module(Not verified) Beijing Rising Technology Co., Ltd.c:\windows\system32\ravext.dll

+ Shell Icon Handler for Application ReferencesApplication Deployment Support Library(Not verified) Microsoft Corporationc:\windows\system32\dfshim.dll

+ ShellLink for Application ReferencesApplication Deployment Support Library(Not verified) Microsoft Corporationc:\windows\system32\dfshim.dll

+ WinRAR shell extensiond:\program files\winrar\rarext.dll

HKLM\Software\Microsoft\Internet Explorer\Toolbar

+ kakatool.dll(Not verified) Beijing Rising Technology Co., Ltd.c:\windows\system32\kakatool.dll

HKLM\Software\Microsoft\Internet Explorer\Extensions

+ 启动迅雷5(Not verified) Thunder Networking Technologies,LTDd:\program files\thunder network\thunder\thunder.exe

HKLM\System\CurrentControlSet\Services

+ RfwServiceRising Personal Firewall Service(Not verified) Beijing Rising Technology Co., Ltd.d:\program files\rising\rfw\rfwsrv.exe

+ RsCCenterCCenter(Not verified) Beijing Rising Technology Co., Ltd.d:\program files\rising\rav\ccenter.exe

+ RsRavMonRavMond(Not verified) Beijing Rising Technology Co., Ltd.d:\program files\rising\rav\ravmond.exe

HKLM\System\CurrentControlSet\Services

+ AR5211Driver for TP-LINK Wireless Network AdapterAdapter(Not verified) TP-LINK Technologies Co., Ltd.c:\windows\system32\drivers\11gadapter.sys

+ BaseTDIbasetdi(Not verified) Beijing Rising Technology Co., Ltd.c:\windows\system32\drivers\basetdi.sys

+ ExpScanerExpScan.sysd:\program files\rising\rav\expscan.sys

+ GWIOPMd:\program files\wom\gwiopm.sys

+ HookContTDI HOOK Driver(Not verified) Rising tech Co. ltdd:\program files\rising\rav\hookcont.sys

+ HookRegd:\program files\rising\rav\hookreg.sys

+ HookSysHooksys(Not verified) Risingd:\program files\rising\rav\hooksys.sys

+ HookUrlHookUrl(Not verified) Beijing Rising Technology Co., Ltd.d:\program files\rising\rfw\hookurl.sys

+ IpInIpIP in IP Tunnel DriverFile not found: system32\DRIVERS\ipinip.sys

+ MEMSCANMemScan Driver(Not verified) 瑞星软件有限公司d:\program files\rising\rav\memscan.sys

+ mProcRsRising Personal FireWall mprocrs.sys(Not verified) Beijing Rising Technology Co., Ltd.d:\program files\rising\rfw\mprocrs.sys

+ npkcryptnProtect KeyCrypt Driver(Not verified) INCA Internet Co., Ltd.d:\program files\tencent\qq\npkcrypt.sys

+ RsAntiSpywareRsBoot(Not verified) Beijing Risingc:\windows\system32\drivers\rsboot.sys

+ RsFwDrvnt_fwdrv(Not verified) Beijing Rising Technology Co., Ltd.d:\program files\rising\rfw\rsfwdrv.sys

+ RSPPSYSRSPPSYS(Not verified) Risingd:\program files\rising\rav\rsppsys.sys

+ TcpipTCP/IP Protocol Driver(Not verified) Microsoft Corporationc:\windows\system32\drivers\tcpip.sys

轻轻地来 - 2006-11-27 3:43:00

以下是我使用Procexp的日志，进入后除Procexp未运行程序。

轻轻地来 - 2006-11-27 3:43:00

Process PID CPU Description Company Name Verified Signer
System Idle Process 0 93.27
Interrupts n/a 0.96 Hardware Interrupts
DPCs n/a 0.96 Deferred Procedure Calls
System 4
smss.exe 384 Windows NT Session Manager Microsoft Corporation (Verified) Microsoft Windows Publisher
csrss.exe 468 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
winlogon.exe 504 Windows NT Logon Application Microsoft Corporation (Verified) Microsoft Windows Publisher
services.exe 548 1.92 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 764 Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Publisher
wmiprvse.exe 1460 WMI Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 828 Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Publisher
CCenter.exe 872 CCenter Beijing Rising Technology Co., Ltd. (Unable to verify) Beijing Rising Technology Co., Ltd.
svchost.exe 888 Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 964 Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1008 Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Publisher
RavMonD.exe 1036 0.96 RavMond Beijing Rising Technology Co., Ltd. (Unable to verify) Beijing Rising Technology Co., Ltd.
RavStub.exe 1400 Rising RavStub Beijing Rising Technology Co., Ltd. (Unable to verify) Beijing Rising Technology Co., Ltd.
svchost.exe 1052 Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Publisher
rfwsrv.exe 1132 Rising Personal FireWall Service Beijing Rising Technology Co., Ltd. (Unable to verify) Beijing Rising Technology Co., Ltd.
rfwmain.exe 360 Rising Personal FireWall Main Program Beijing Rising Technology Co., Ltd. (Unable to verify) Beijing Rising Technology Co., Ltd.
spoolsv.exe 1716 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows Publisher
msdtc.exe 1744 MS DTCconsole program Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1884 Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Publisher
MDM.EXE 1920 Machine Debug Manager Microsoft Corporation (Verified) Microsoft Corporation
svchost.exe 1992 Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 232 Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2648 Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Publisher
lsass.exe 560 LSA Shell Microsoft Corporation (Verified) Microsoft Windows Publisher
explorer.exe 2028 0.96 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows Publisher
pctspk.exe 2164 pctvoice MFC Application (Verified) Microsoft Windows Hardware Compatibility Publisher
soundman.exe 2228 Realtek Sound Manager Realtek Semiconductor Corp. (Verified) Microsoft Windows Hardware Compatibility Publisher
RavTask.exe 2248 RavTimer Beijing Rising Technology Co., Ltd. (Unable to verify) Beijing Rising Technology Co., Ltd.
RavMon.exe 2324 RavMon Beijing Rising Technology Co., Ltd. (Unable to verify) Beijing Rising Technology Co., Ltd.
ctfmon.exe 2292 CTF Loader Microsoft Corporation (Verified) Microsoft Windows Publisher
jiajiasr.exe 2348 加加输入法 4.01 作者:孙百川加加工作组 (Unable to verify) 加加工作组
procexp.exe 2252 0.96 Sysinternals Process Explorer Sysinternals (Verified) Microsoft Corporation

Process: Pid: 2348

Name Description Company Name Version Path Verified Signer
advapi32.dll Advanced Windows 32 Base API Microsoft Corporation 5.02.3790.1830 C:\WINDOWS\system32\advapi32.dll (Verified) Microsoft Windows Publisher
apphelp.dll Application Compatibility Client Library Microsoft Corporation 5.02.3790.1830 C:\WINDOWS\system32\apphelp.dll (Verified) Microsoft Windows Publisher
comdlg32.dll Common Dialogs DLL Microsoft Corporation 6.00.3790.1830 C:\WINDOWS\system32\comdlg32.dll (Verified) Microsoft Windows Publisher
ctype.nls C:\WINDOWS\system32\ctype.nls
dnsapi.dll DNS Client API DLL Microsoft Corporation 5.02.3790.2745 C:\WINDOWS\system32\dnsapi.dll (Verified) Microsoft Windows Component Publisher
gdi32.dll GDI Client DLL Microsoft Corporation 5.02.3790.2606 C:\WINDOWS\system32\gdi32.dll (Verified) Microsoft Windows Component Publisher
hnetcfg.dll Home Networking Configuration Manager Microsoft Corporation 5.02.3790.1830 C:\WINDOWS\system32\hnetcfg.dll (Verified) Microsoft Windows Publisher
imm32.dll Windows IMM32 API Client DLL Microsoft Corporation 5.02.3790.1830 C:\WINDOWS\system32\imm32.dll (Verified) Microsoft Windows Publisher
kernel32.dll Windows NT BASE API Client DLL Microsoft Corporation 5.02.3790.2756 C:\WINDOWS\system32\kernel32.dll (Verified) Microsoft Windows Component Publisher
locale.nls C:\WINDOWS\system32\locale.nls
lpk.dll Language Pack Microsoft Corporation 5.02.3790.1830 C:\WINDOWS\system32\lpk.dll (Verified) Microsoft Windows Publisher
MSCTF.dll MSCTF Server DLL Microsoft Corporation 5.02.3790.1830 C:\WINDOWS\system32\MSCTF.dll (Verified) Microsoft Windows Publisher
MSCTFIME.IME Microsoft Text Frame Work Service IME Microsoft Corporation 5.02.3790.1830 C:\WINDOWS\system32\MSCTFIME.IME (Verified) Microsoft Windows Publisher
msvcrt.dll Windows NT CRT DLL Microsoft Corporation 7.00.3790.1830 C:\WINDOWS\system32\msvcrt.dll (Verified) Microsoft Windows Publisher
mswsock.dll Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation 5.02.3790.1830 C:\WINDOWS\system32\mswsock.dll (Verified) Microsoft Windows Publisher
ntdll.dll NT Layer DLL Microsoft Corporation 5.02.3790.1830 C:\WINDOWS\system32\ntdll.dll (Verified) Microsoft Windows Publisher
ole32.dll Microsoft OLE for Windows Microsoft Corporation 5.02.3790.2492 C:\WINDOWS\system32\ole32.dll (Verified) Microsoft Windows Publisher
oleaut32.dll Microsoft Corporation 5.02.3790.1830 C:\WINDOWS\system32\oleaut32.dll (Verified) Microsoft Windows Publisher
rasadhlp.dll Remote Access AutoDial Helper Microsoft Corporation 5.02.3790.2745 C:\WINDOWS\system32\rasadhlp.dll (Verified) Microsoft Windows Component Publisher
rpcrt4.dll Remote Procedure Call Runtime Microsoft Corporation 5.02.3790.1830 C:\WINDOWS\system32\rpcrt4.dll (Verified) Microsoft Windows Publisher
secur32.dll Security Support Provider Interface Microsoft Corporation 5.02.3790.1830 C:\WINDOWS\system32\secur32.dll (Verified) Microsoft Windows Publisher
sensapi.dll SENS Connectivity API DLL Microsoft Corporation 5.02.3790.0000 C:\WINDOWS\system32\sensapi.dll (Verified) Microsoft Windows Publisher
shell32.dll Windows Shell Common Dll Microsoft Corporation 6.00.3790.2746 C:\WINDOWS\system32\shell32.dll (Verified) Microsoft Windows Component Publisher
shlwapi.dll Shell Light-weight Utility Library Microsoft Corporation 6.00.3790.2795 C:\WINDOWS\system32\shlwapi.dll (Verified) Microsoft Windows Component Publisher
sortkey.nls C:\WINDOWS\system32\sortkey.nls
sorttbls.nls C:\WINDOWS\system32\sorttbls.nls
unicode.nls C:\WINDOWS\system32\unicode.nls
user32.dll Windows USER API Client DLL Microsoft Corporation 5.02.3790.1830 C:\WINDOWS\system32\user32.dll (Verified) Microsoft Windows Publisher
usp10.dll Uniscribe Unicode script processor Microsoft Corporation 1.422.3790.1830 C:\WINDOWS\system32\usp10.dll (Verified) Microsoft Windows Publisher
uxtheme.dll Microsoft UxTheme Library Microsoft Corporation 6.00.3790.1830 C:\WINDOWS\system32\uxtheme.dll (Unable to verify) Microsoft Corporation
winrnr.dll LDAP RnR Provider DLL Microsoft Corporation 5.02.3790.1830 C:\WINDOWS\system32\winrnr.dll (Verified) Microsoft Windows Publisher
wldap32.dll Win32 LDAP API DLL Microsoft Corporation 5.02.3790.1830 C:\WINDOWS\system32\wldap32.dll (Verified) Microsoft Windows Publisher
ws2_32.dll Windows Socket 2.0 32-Bit DLL Microsoft Corporation 5.02.3790.1830 C:\WINDOWS\system32\ws2_32.dll (Verified) Microsoft Windows Publisher
ws2help.dll Windows Socket 2.0 Helper for Windows NT Microsoft Corporation 5.02.3790.1830 C:\WINDOWS\system32\ws2help.dll (Verified) Microsoft Windows Publisher
wshtcpip.dll Windows Sockets Helper DLL Microsoft Corporation 5.02.3790.0000 C:\WINDOWS\system32\wshtcpip.dll (Verified) Microsoft Windows Publisher
comctl32.dll Common Controls Library Microsoft Corporation 5.82.3790.2778 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_5.82.3790.2778_x-ww_497C098C\comctl32.dll (Verified) Microsoft Windows Component Publisher
comctl32.dll User Experience Controls Library Microsoft Corporation 6.00.3790.2778 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.2778_x-ww_A8F04F11\comctl32.dll (Verified) Microsoft Windows Component Publisher
jiajiasr.exe 加加输入法 4.01 作者:孙百川加加工作组 4.00.0001.0033 D:\Program Files\jj4\jiajiasr.exe (Unable to verify) 加加工作组

終生學習 - 2006-11-27 4:11:00

【回复“轻轻地来”的帖子】
[c:\windows\system32\microservice\svchost.dll] [N/A, N/A]
[c:\windows\system32\microservice\MsoService.dll] [N/A, N/A]
发那么多东西，看到头痛

帅的被贼砍 - 2006-11-27 4:25:00

清理临时文件

轻轻地来 - 2006-11-28 3:54:00

【回复“轻轻地来”的帖子】
什么意思？

轻轻地来 - 2006-11-28 3:55:00

【回复“帅的被贼砍”的帖子】
已经清理过但没什么用？

轻轻地来 - 2006-11-30 5:06:00

尊敬的客户，您好！
您的邮件已经收到，感谢您对瑞星的支持。

我们已经详细分析过您的问题和文件，以下是您上传的文件的分析结果：
1.文件名：MsoService.dll
病毒名：Trojan.DL.Agent.zyb

2.文件名：Register.exe
不是病毒

3.文件名：svchost.dll
不是病毒

4.文件名：unregist.dll
不是病毒

我们将在较新的18.55.22版本中处理解决，请您届时将您的瑞星软件升级到18.55.22版本并且打开监控中心全盘杀毒。如果我们在测试过程中发现问题的话，我们会推迟一到两版本后升级。

瑞星升到18.55.22无法杀死，请求帮助。

轻轻地来 - 2006-12-1 20:00:00

现在能杀了，但系统启动时报错，在日志中查到MicroMsgServices 服务因下列错误而停止:
找不到指定的模块。
怎么解决？？

瑞星卡卡安全论坛