用卡卡清除3448后，仍无法运行360安全卫士？有sreng日志！！ bbs.ikaka.com

packet - 2006-11-26 0:32:00

2006-11-26,00:03:43

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<DesktopSprite><"D:\Program Files\DesktopSprite2\DesktopSprite.exe"> [SnowFox Studio.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<PHIME2002ASync><"C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC> [(Verified)Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<KBD><C:\HP\KBD\KBD.EXE> [Hewlett-Packard Company]
<SoundMan><SOUNDMAN.EXE> [Realtek Semiconductor Corp.]
<RfwMain><"D:\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
<Sunkist2k><"C:\Program Files\Multimedia Card Reader\shwicon2k.exe"> [Alcor Micro, Corp.]
<RavTask><"D:\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<!AVG Anti-Spyware><"D:\security suite\AVG Anti-Spyware 7.5\avgas.exe" /minimized> [Anti-Malware Development a.s.]
<PowerOnScan><D:\lmrjzsgj\完美卸载V2006 完整版\CleanTips.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<KKDelay><D:\kaka\RunOnce.exe> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
<{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><D:\security suite\AVG Anti-Spyware 7.5\shellexecutehook.dll> [Anti-Malware Development a.s.]

==================================
启动文件夹
N/A

==================================

packet - 2006-11-26 0:33:00

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[ati2mtag / ati2mtag]
<system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[AVG Anti-Spyware Driver / AVG Anti-Spyware Driver]
<\??\D:\security suite\AVG Anti-Spyware 7.5\guard.sys><N/A>
[AVG Anti-Spyware Clean Driver / AvgAsCln]
<System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
[Rising TDI Base Driver / BaseTDI]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[Conexant's BtPCI WDM Video Capture / BT848]
<system32\DRIVERS\BT848.sys><Illusion & Hope.>
[dtscsi / dtscsi]
<\SystemRoot\System32\Drivers\dtscsi.sys><DT Soft Ltd.>
[ExpScaner / ExpScaner]
<\??\D:\Rising\Rav\ExpScan.sys><>
[HOOKAPI / HOOKAPI]
<\??\D:\RISING\RAV\HOOKAPI.SYS><瑞星软件有限公司>
[HookCont / HookCont]
<\??\D:\Rising\Rav\HOOKCONT.sys><Rising tech Co. ltd>
[HookReg / HookReg]
<\??\D:\Rising\Rav\HookReg.sys><>
[HookSys / HookSys]
<\??\D:\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl]
<\??\D:\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[MEMSCAN / MEMSCAN]
<\??\D:\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs]
<\??\d:\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[npkcrypt / npkcrypt]
<\??\D:\qq\npkcrypt.sys><N/A>
[PnpWmkDrv / PnpWmkDrv]
<\??\C:\WINDOWS\system32\drivers\PnpWmkDrv.sys><N/A>
[Ps2 / Ps2]
<system32\DRIVERS\PS2.sys><Hewlett-Packard Company>
[Direct Parallel Link Driver / Ptilink]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware]
<\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[RsFwDrv / RsFwDrv]
<\??\D:\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS]
<\??\D:\RISING\RAV\RSPPSYS.sys><Rising>
[Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp]
<system32\DRIVERS\Rtlnicxp.sys><Realtek Semiconductor Corporation>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv]
<system32\DRIVERS\secdrv.sys><N/A>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1]
<system32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[sptd / sptd]
<\SystemRoot\System32\Drivers\sptd.sys><N/A>
[Alcor Micro Corp - 9360 / SunkFilt]
<\??\C:\WINDOWS\System32\Drivers\sunkfilt.sys><Alcor Micro Corp.>
[TCP/IP Protocol Driver / Tcpip]
<system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[Vax347b / Vax347b]
<\SystemRoot\system32\DRIVERS\Vax347b.sys><>
[Vax347s / Vax347s]
<\SystemRoot\System32\Drivers\Vax347s.sys><>

packet - 2006-11-26 0:33:00

==================================
浏览器加载项
[IeCatch5 Class]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <D:\FlashGet\jccatch.dll, FlashGet>
[金山快译(&K)]
{6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} <D:\FastAIT 2005\IEBand.dll, 金山软件股份有限公司>
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <D:\FlashGet\fgiebar.dll, Amaze Soft>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[CKAVWebScan Object]
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Anti-Virus Web Scanner\kavwebscan.dll, Kaspersky Lab>
[Shockwave ActiveX Control]
{166B1BCA-3F9C-11CF-8075-444553540000} <C:\WINDOWS\system32\macromed\Director\SwDir.dll, Adobe Systems, Inc.>
[V3ProX Control]
{5DD731E6-D4F0-11D3-BE3F-00105A6FDA50} <C:\WINDOWS\DOWNLO~1\v3prox.ocx, Ahnlab, Inc.>
[趋势科技在线扫毒程序]
{74D05D43-3236-11D4-BDCD-00C04F9A3B61} <C:\WINDOWS\DOWNLO~1\xscan53.ocx, Trend Micro Inc.>
[KSHScan Control]
{ACFE8232-03C5-4AEC-AF5E-42B806724096} <C:\WINDOWS\system32\Kingsoft\ONLINE~1\KSHScan.OCX, kingsoft>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[IeCatch5 Class]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <D:\FlashGet\jccatch.dll, FlashGet>
[金山快译(&K)]
{6C3797D2-3FEF-4CD4-B654-D3AE55B4128C} <D:\FastAIT 2005\IEBand.dll, 金山软件股份有限公司>
[卡卡上网安全助手]
{AFF6E516-CBE5-4F8A-9C2F-38A68013E766} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <D:\FlashGet\fgiebar.dll, Amaze Soft>
[&使用迅雷下载]
<D:\Thunder\Thunder\geturl.htm, N/A>
[&使用迅雷下载全部链接]
<D:\Thunder\Thunder\getallurl.htm, N/A>
[上传到QQ网络硬盘]
<D:\qq\AddToNetDisk.htm, N/A>
[使用影音传送带下载]
<, N/A>
[使用影音传送带下载全部链接]
<, N/A>
[使用网际快车下载]
<D:\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
<D:\FlashGet\jc_all.htm, N/A>
[添加到QQ自定义面板]
<D:\qq\AddPanel.htm, N/A>
[添加到QQ表情]
<D:\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<D:\qq\SendMMS.htm, N/A>

==================================

packet - 2006-11-26 0:34:00

正在运行的进程
[PID: 540][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 624][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 648][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4117]
[PID: 696][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 708][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 856][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4117]
[C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2497]
[PID: 884][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 984][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1024][D:\Rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 1040][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1144][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1176][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1192][D:\Rising\Rav\Ravmond.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 1, 47]
[D:\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
[D:\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[D:\Rising\Rav\RsPPsys.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[D:\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[D:\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
[D:\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[D:\Rising\Rav\RsLog.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
[D:\Rising\Rav\HOOKSYS.dll] [Beijing Rising Technology Co., Ltd., 18, 1, 0, 12]
[D:\Rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 33]
[D:\Rising\Rav\libload.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
[D:\Rising\Rav\VirusLib.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[D:\Rising\Rav\regmon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
[D:\Rising\Rav\psapi.dll] [Microsoft Corporation, 4.00]
[D:\Rising\Rav\HookWeb.dll] [rising, 18, 0, 0, 2]
[D:\Rising\Rav\MemMon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
[D:\Rising\Rav\expscan.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[D:\Rising\Rav\mPorts.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[D:\Rising\Rav\MailMon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[D:\Rising\Rav\SpamEng.dll] [N/A, 18, 0, 0, 6]
[D:\Rising\Rav\engine.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 35]
[D:\Rising\Rav\PostTrt.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 18]
[D:\Rising\Rav\UnExe.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
[D:\Rising\Rav\ScanExec.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 16]
[D:\Rising\Rav\ScanEx.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 34]
[D:\Rising\Rav\RSUnpack.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 21]
[D:\Rising\Rav\ExtFile.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 24]
[D:\Rising\Rav\NvFile.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 7]
[D:\Rising\Rav\ScanMac.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
[D:\Rising\Rav\ScanSct.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
[D:\Rising\Rav\ExtOLE.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
[D:\Rising\Rav\ExtMail.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[D:\Rising\Rav\ScanNet.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[PID: 1232][d:\rising\rfw\rfwsrv.exe] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 33]
[d:\rising\rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 13]
[d:\rising\rfw\rfwlog.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 6]
[d:\rising\rfw\Rfwdrv.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 21]
[d:\rising\rfw\psapi.dll] [Microsoft Corporation, 4.00]
[d:\rising\rfw\MonDrv.dll] [rs, 1, 0, 0, 4]
[d:\rising\rfw\ProcLib.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 9]
[PID: 1404][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1536][D:\Rising\Rav\RavStub.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 16]
[D:\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[D:\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 1992][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 504][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4117]
[C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2497]
[PID: 900][C:\WINDOWS\system32\wscntfy.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 936][d:\rising\rfw\RfwMain.exe] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 52]
[d:\rising\rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 23]
[d:\rising\rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[d:\rising\rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[PID: 1256][C:\HP\KBD\KBD.EXE] [Hewlett-Packard Company, 1.0.2.2.20205]
[C:\HP\KBD\led.dll] [Hewlett-Packard Company, 1.0.2.0]
[C:\HP\KBD\USB.dll] [Hewlett-Packard Company, 1.0.2.2.112404]
[C:\HP\KBD\ps2.dll] [Hewlett-Packard Company, 1.0.2.2.112404]
[C:\HP\KBD\msg.dll] [Hewlett-Packard Company, 1.0.2.2.112404]
[C:\HP\KBD\osd.dll] [Hewlett-Packard Company, 1.0.2.2.112404]
[C:\HP\KBD\sct.dll] [Hewlett-Packard Company, 1.0.2.2.90204]
[C:\HP\KBD\onl.dll] [Hewlett-Packard Company, 1.0.2.0]
[C:\HP\KBD\aol.dll] [Hewlett-Packard Company, 1.0.2.2.122104]
[C:\HP\KBD\url.dll] [Hewlett-Packard Company, 1.0.2.2.92704]
[C:\HP\KBD\cfg.dll] [Hewlett-Packard Company, 1.0.2.1]
[C:\HP\KBD\MSIKBDIF.DLL] [Hewlett-Packard Company, 1.0.2.0]
[PID: 1476][C:\WINDOWS\SOUNDMAN.EXE] [Realtek Semiconductor Corp., 5.1.0.42]
[PID: 1656][C:\Program Files\Multimedia Card Reader\shwicon2k.exe] [Alcor Micro, Corp., 1, 4, 0, 8]
[PID: 1616][D:\Rising\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 22]
[D:\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[D:\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[D:\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
[D:\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[PID: 700][D:\Rising\Rav\Ravmon.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 1, 39]
[D:\Rising\Rav\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 26]
[D:\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
[D:\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[D:\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
[D:\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[D:\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[D:\Rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[PID: 2292][D:\security suite\AVG Anti-Spyware 7.5\avgas.exe] [Anti-Malware Development a.s., 7, 5, 0, 50]
[D:\security suite\AVG Anti-Spyware 7.5\engine.dll] [Anti-Malware Development a.s., 4, 2, 0, 15]
[PID: 1368][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3312][C:\WINDOWS\explorer.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\FlashGet\jccatch.dll] [FlashGet, 1, 1, 5, 0]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 21]
[D:\security suite\AVG Anti-Spyware 7.5\shellexecutehook.dll] [Anti-Malware Development a.s., 7, 5, 0, 47]
[C:\WINDOWS\system32\msdmo.dll] [N/A, N/A]
[C:\Program Files\WinRAR\rarext.dll] [N/A, N/A]
[D:\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[D:\security suite\AVG Anti-Spyware 7.5\context.dll] [Anti-Malware Development a.s., 7, 5, 0, 49]
[PID: 3300][D:\lmrjzsgj\Ad-aware\Ad-Watch.exe] [Lavasoft Sweden, 3.1.2.17]
[D:\lmrjzsgj\Ad-aware\PSAPI.dll] [Microsoft Corporation, 4.00]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 21]
[D:\security suite\AVG Anti-Spyware 7.5\shellexecutehook.dll] [Anti-Malware Development a.s., 7, 5, 0, 47]
[PID: 3668][D:\Program Files\DesktopSprite2\DesktopSprite.exe] [SnowFox Studio., 2.0.0.15]
[PID: 1932][D:\Program Files\TheWorld\TheWorld.exe] [Phoenix Studio, 1, 3, 3, 0]
[C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx] [Macromedia, Inc., 8,0,22,0]
[D:\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\WINDOWS\system32\UNISPIM.IME] [北京清华紫光软件股份有限公司, 3.0.0.3045]
[C:\WINDOWS\system32\upengine.dll] [北京清华紫光软件股份有限公司, 3.0.0.3045]
[C:\WINDOWS\system32\Macromed\Common\SwSupport.dll] [Adobe Systems, Inc., 10.1.4r20]
[PID: 3616][D:\Thunder\Thunder\Thunder.exe] [Thunder Networking Technologies,LTD, 5.0.3.86]
[D:\Thunder\Thunder\historyinfo_manage.dll] [N/A, N/A]
[D:\Thunder\Thunder\UpdateDownload.dll] [N/A, N/A]
[D:\Thunder\Thunder\download_interface.dll] [N/A, N/A]
[D:\Thunder\Thunder\log4cplus.dll] [N/A, N/A]
[D:\Thunder\Thunder\stlport_vc646.dll] [STLport Consulting, Inc., 4.6.2003.1031]
[D:\Thunder\Thunder\iThunder.dll] [迅雷网络, 1, 0, 0, 29]
[D:\Thunder\Thunder\RegisterDll.dll] [N/A, N/A]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 21]
[D:\security suite\AVG Anti-Spyware 7.5\shellexecutehook.dll] [Anti-Malware Development a.s., 7, 5, 0, 47]
[PID: 4080][D:\systemtool\SREng\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605]

packet - 2006-11-26 0:34:00

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost

==================================

OscarSoar - 2006-11-26 1:17:00

没发现有什么异常，你试着重新安装360，按照原来的路径？

packet - 2006-11-26 1:53:00

原来一直使用绿色版本从霏凡软件站下载的没有什么问题，中了3448以后就无法使用，用卡卡清除3448并且删除qq目录，其他专杀流氓软件可以正常使用，360安全卫士仍然无法使用，每次启动360安全卫士一开就自动关闭。每次启动后用卡巴威尔KillBadware扫描总是出现3721、很棒小秘书、完美网译通等流氓软件，实在是找不出什么原因。
rootkitrevealer扫描日志
HKLM\S-1-5-21-1454471165-1078081533-682003330-1003\Software\SmartySoft\SmartReadSDK\Password2006-9-15 23:5515 ByteData mismatch between Windows API and raw hive data.
HKLM\S-1-5-21-1454471165-1078081533-682003330-1003\Software\WinRAR\General\Toolbar\Layout\Band02006-11-26 0:5956 ByteData mismatch between Windows API and raw hive data.
HKLM\S-1-5-21-1454471165-1078081533-682003330-1003\Software\WinRAR\General\Toolbar\Layout\Band12006-11-26 0:5956 ByteData mismatch between Windows API and raw hive data.
HKLM\S-1-5-21-1454471165-1078081533-682003330-1003\Software\WinRAR\General\Toolbar\Layout\Band22006-11-26 0:5956 ByteData mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\s02006-10-26 23:484 ByteHidden from Windows API.
HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\s12006-10-26 23:484 ByteHidden from Windows API.
HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\s22006-10-26 23:484 ByteHidden from Windows API.
HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\g02006-10-26 23:4832 ByteHidden from Windows API.
HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\h02006-10-26 23:484 ByteHidden from Windows API.
HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA42006-8-16 1:120 ByteHidden from Windows API.
HKLM\SYSTEM\ControlSet003\Services\Vax347s\Config\jdgg402006-10-28 21:540 ByteHidden from Windows API.
HKLM\SYSTEM\ControlSet003\Services\Vax347s\Config\jdgg412006-8-16 15:280 ByteHidden from Windows API.
HKLM\SYSTEM\ControlSet003\Services\Vax347s\Config\jdgg422006-8-16 15:280 ByteHidden from Windows API.

packet - 2006-11-26 2:00:00

还有一个奇怪的现象，用卡卡的插件免疫以后3721上网助手、网络实名、CNNIC通用域名、DuDu加速器、很棒小秘书、划词搜索、完美网译通、雅虎助手、易趣工具条、天下搜索工具条，再次打开卡卡就发现状态显示未免疫。又是一个怪现象。

packet - 2006-11-26 2:31:00

改名字的方法试过，目录和exe都试过。真是头疼。

红夜鬼1 - 2006-11-26 10:33:00

下载恶意清理软件助手
http://www.tommsoft.com/Products.aspx?pid=2

packet - 2006-11-27 0:39:00

使用了最新的恶意清理软件助手没有发现恶意软件。但是360安全卫士还是不能用。

红夜鬼1 - 2006-11-27 12:20:00

你是不是用杀软把它放入黑名单了

packet - 2006-11-29 22:20:00

没有，原来一直在使用。

菩提祖师 - 2006-11-29 22:33:00

360安全卫士需要把雅虎清除才可以正常运行的!

packet - 2006-11-29 23:33:00

如果像楼上所说，可是我的卡卡、恶意软件清理助手、KillBadware卡巴威尔、超级兔子清理王、Wopti 流氓软件清除大师这些软件都检查不出有雅虎，请问用那个软件清除好呢？

packet - 2006-11-30 22:51:00

今天我用超级兔子网络卫士扫描出现一个在C:\Documents and Settings\hp\Local Settings\Temp\~nsu.tmp下的一个au_.exe文件，记得上次清理过的又出现了。不知道和360安全卫士无法运行是否有关系。

packet - 2006-12-1 0:35:00

刚刚在360安全卫士的论坛看见别人说发现删除了360安全卫士下目录下的page.mht文件就可以正常运行360安全卫士。用修复工具检查弹出的对话框说没有发现异常。我试了的确可以，不知道这个文件是做什么的，但是只要一升级病毒库以后page这个文件就会自动出现。再打开360安全卫士还是一闪而逝。搞不懂。

红夜鬼1 - 2006-12-1 12:19:00

C:\Documents and Settings\hp\Local Settings\Temp\清理空文件夹

packet - 2006-12-3 1:55:00

清空了，发现只要那个page.mht在360安全卫士的安装目录下就是无法运行，不知道这个文件是做什么的。

apexapex - 2006-12-3 4:29:00

大家快升级IE吧，升级到IE7.0 就安全多了
主要原因是IE7.0和卡卡不兼容
建议大家用360safe 查杀就是厉害

jmbt - 2006-12-3 9:00:00

到我的网盘去下载修复工具：
jmbt.ys168.com

packet - 2006-12-5 23:38:00

去看了一下，不知道下载那个修复工具

packet - 2006-12-8 1:20:00

From: Subject: =?gb2312?B?MzYwsLLIq87Ayr8t1sLQuw==?= Date: Sun, 12 Nov 2006 14:07:51 +0800 MIME-Version: 1.0 Content-Type: multipart/related; type="text/html"; boundary="----=_NextPart_000_0000_01C70663.F0F00820" X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962 This is a multi-part message in MIME format. ------=_NextPart_000_0000_01C70663.F0F00820 Content-Type: text/html; charset="gb2312" Content-Transfer-Encoding: quoted-printable Content-Location: =?gb2312?B?ZmlsZTovL0Q6XHdvcmtcMzYwc2FmZc341b5cMzYwc2FmZTIuMC13ZWJcbWk=?= =?gb2312?B?bmluZGV4My5odG0=?=

my123.com=B2=A1=B6=BE=B4=F3=C3=E6=BB=FD=B1=AC=B7=A2=A3=AC=CA=FD= =D0=A1=CA=B1=C4=DA=C6=B5=B7=B1=B1=E4=D6=D6=A3=BA
360=B0=B2=C8=AB=CE=C0= =CA=BF=B6=C0=BC=D2=B7=A2=B2=BC=D7=A8=C9=B1=B9=A4=BE=DF =B2=E9=BF=B4=CF=EA=C7=E9

<= /TBODY>
------=_NextPart_000_0000_01C70663.F0F00820 Content-Type: image/gif Content-Transfer-Encoding: base64 Content-Location: =?gb2312?B?ZmlsZTovLy9EOi93b3JrLzM2MHNhZmXN+NW+LzM2MHNhZmUyLjAtdw==?= =?gb2312?B?ZWIvaW1nL2ktMi5naWY=?= R0lGODlhFAAUAPf/ACxPj8vi/+Tw/////93r/9Tn/8Ld/+z0/7fX/q/U/7HU/7XW/vr9/+v0/8rh //P5//7//8Hc/46z5o6z5ZKoy3i696Gvw57C4tft//z9/cXe/m+m4myw94SVq5bJ/z2K66Cosni3 /9Hf7dXk9Y7I/ev1/4Ogvtnr/+71/6i1xt3s/8THy/D4/zhdmxxFhrPU//Lz9qbQ/8Xn/8/l/tfp +8/k/8rU3bi9xVeZ8fP8/woqd5CpzPT5/6/S/ePv/pfJ/7LX/+Px/+fy/en5/+Hm7WqCsKvK6G2T wdzh6eDj5rDY/7LV/Tx+2J2otuHv/S5Ghtzq/6XI/HK0/Xay/1in++/x88/l/Pj8/7vP7avN86HJ 9ihLjsbk+2iu/+np6en1/8bh/Uqa/fv7//f5/6LS/uTl5tDs//Dy9ujw+bzZ/ubt9e31/87l/9Lm /9Pm/9Pn/1qQ0sHd/7G1u7O3vPH8/77c/9jq//j5+zpfnLfW/v3+/kiV/q7R/fj7//H4/+P2/4LB /T1hnPHx8ZS84d3s+LrEzOfw/6jX//r//3yUvGKJu36w5G+Pt+fz/6bF6vb29qG32a2/0FNqnvb3 +K7G3bva/2md4HKNrqjA08ve8XyQqoeu45mlsp2rueDt/4C78uDu/7TW/crV5Of3/6LN/6TO/3Kw /8nm/3W0/Mzi/lSo+u/0+K+5wprN/5/M/4am03GXyb7H1PD2+7/a9brd84qx47i8wUBblylIif7+ /srj/yxQkOz9/26q/rTc/5vK84vG/0OR8sTi/9ve4sbg/0+e/6TN9ufo6FGk+fH1+fL2+W+u8+fn 56WxvNzr/0eV99Pu//Lz9djp/+vx+ujq7L/b/vf8/zNQjuz1/2uw/26z/5W63s/l/97q9tLn/8DI 0orA/+r1/1qNz7Ta9cHd/rq/xNTl96HG4a7b/7LU/7PV/sPn/7zd/9nq/9Xn/9fp/wwzfL/k//n6 +rHR8Wyy9vz8/PX4/7jW/kiT/YaVrMXf/2as/zpfm/n7/+Pv/////yH5BAEAAP8ALAAAAAAUABQA AAj/AP8JHKhMhJFB2yjZqDKw4UA08z5VIHEIHZlfFyIlcfgvVyZ6gIR9sUYECYMcf9adK9QQwixV SvoMGADj2pMzMyEMGceqnkBzyNjpGfOAgZpbkpJdecCjHx1a5f7d4fBDzJoSBxogWiWLRYMD2A7Y 44Xp2Agq0lAIENBICIUiibqF87fWkB8utrJI8eGJAAFQTnbowEUoCBS/zgRAa6YFlYp3BQq0sTMq EAAaJ9xEftPOTCdH+2bUCECajTd+AKxwc0DagTsZnESFSRAgggED+nTh2QWGmO04GjAYkxPNUrZq aRDcq3SqxRZhdfIgQJAqngkv/74FC7FggYIlr1zAZoMVSoE6cr4WzRmY4kMXV+l6SNhUawKfF0Ba bQDhMJa4Z9qAU0oCMbjiATDLHHEDR/9QY4EiTPRCiik4wMFIE2UwOJA8WOAzRQcrDDOJhg5FUYwm j5DI0TR7XMKMig5lAEk+gsAYEAA7 ------=_NextPart_000_0000_01C70663.F0F00820 Content-Type: text/css; charset="gb2312" Content-Transfer-Encoding: quoted-printable Content-Location: =?gb2312?B?ZmlsZTovLy9EOi93b3JrLzM2MHNhZmXN+NW+LzM2MHNhZmUyLjAtd2ViL3M=?= =?gb2312?B?dHlsZS8zNjBzYWZlMi5jc3M=?= BODY { FONT-WEIGHT: normal; FONT-SIZE: 12px; MARGIN: 0px; COLOR: #000; = FONT-FAMILY: Arial,"=CB=CE=CC=E5"; TEXT-ALIGN: center } TD { FONT-WEIGHT: normal; FONT-SIZE: 12px; COLOR: #000; FONT-FAMILY: = Arial,"=CB=CE=CC=E5" } FORM { PADDING-RIGHT: 0px; PADDING-LEFT: 0px; PADDING-BOTTOM: 0px; MARGIN: = 0px; PADDING-TOP: 0px } SELECT { PADDING-RIGHT: 0px; PADDING-LEFT: 0px; PADDING-BOTTOM: 0px; MARGIN: = 0px; PADDING-TOP: 0px } OPTION { PADDING-RIGHT: 0px; PADDING-LEFT: 0px; PADDING-BOTTOM: 0px; MARGIN: = 0px; PADDING-TOP: 0px } A { FONT-SIZE: 12px; COLOR: #333; TEXT-DECORATION: none } A:hover { FONT-SIZE: 12px; COLOR: #f60; TEXT-DECORATION: none } .black_14 { FONT-WEIGHT: normal; FONT-SIZE: 14px; COLOR: #000; FONT-FAMILY: = "=CB=CE=CC=E5"; TEXT-DECORATION: none } .black_14:visited { FONT-WEIGHT: normal; FONT-SIZE: 14px; COLOR: #000; FONT-FAMILY: = "=CB=CE=CC=E5"; TEXT-DECORATION: none } .black_14:hover { FONT-WEIGHT: normal; FONT-SIZE: 14px; COLOR: #4f96e2; FONT-FAMILY: = "=CB=CE=CC=E5"; TEXT-DECORATION: none } .gray_12 { COLOR: #666 } .gray_12b { FONT-WEIGHT: bold; COLOR: #666 } .blue_12x { COLOR: #00c; TEXT-DECORATION: underline } .blue_14b { FONT-WEIGHT: bold; FONT-SIZE: 14px; COLOR: #4f96e2 } .blue_12 { FONT-WEIGHT: normal; FONT-SIZE: 12px; COLOR: #4f96e2 } .mgt10 { MARGIN-TOP: 10px } .mgt20 { MARGIN-TOP: 20px } .mgt30 { MARGIN-TOP: 30px } .mgb { MARGIN-BOTTOM: -3px } .td22 { LINE-HEIGHT: 22px; TEXT-ALIGN: left } .td26 { COLOR: #333; LINE-HEIGHT: 26px; FONT-FAMILY: "=CB=CE=CC=E5"; = TEXT-ALIGN: left } .content { BORDER-RIGHT: #e8e7e7 1px solid; PADDING-RIGHT: 25px; PADDING-LEFT: = 25px; BACKGROUND: #fff; PADDING-BOTTOM: 0px; BORDER-LEFT: #e8e7e7 1px = solid; PADDING-TOP: 0px; TEXT-ALIGN: left } .contentpage { BORDER-RIGHT: #e8e7e7 1px solid; PADDING-RIGHT: 16px; PADDING-LEFT: = 16px; BACKGROUND: url(../img/bg360_7_060829.gif) #fff repeat-x 50% top; = PADDING-BOTTOM: 0px; BORDER-LEFT: #e8e7e7 1px solid; PADDING-TOP: 0px; = TEXT-ALIGN: left } .tdtx { PADDING-RIGHT: 0px; BORDER-TOP: #999 1px dashed; PADDING-LEFT: 0px; = PADDING-BOTTOM: 18px; PADDING-TOP: 18px } .tdr { BORDER-RIGHT: #ddd 1px solid } .pcx { BORDER-RIGHT: #666 1px solid; BORDER-TOP: #666 1px solid; BORDER-LEFT: = #666 1px solid; BORDER-BOTTOM: #666 1px solid } .px { BORDER-RIGHT: #e8e8e8 1px solid; BORDER-TOP: #e8e8e8 1px solid; = BORDER-LEFT: #e8e8e8 1px solid; BORDER-BOTTOM: #e8e8e8 1px solid } .tdrlx { BORDER-RIGHT: #e8e8e8 1px solid; BORDER-LEFT: #e8e8e8 1px solid } .tdbluex { PADDING-LEFT: 18px; FONT-WEIGHT: bold; FONT-SIZE: 14px; BACKGROUND: = #e1eefe; COLOR: #4f96e2; LINE-HEIGHT: 24px; FONT-FAMILY: "=CB=CE=CC=E5" } .td22x { BORDER-TOP: #e8e8e8 1px solid; PADDING-LEFT: 18px; LINE-HEIGHT: 22px } .bg_left { PADDING-RIGHT: 10px; PADDING-LEFT: 10px; BACKGROUND: = url(../img/bg_l_060829.gif) no-repeat 50% top; PADDING-BOTTOM: 10px; = PADDING-TOP: 10px; TEXT-ALIGN: left } .newbg { BORDER-RIGHT: #c7c7c7 1px solid; BACKGROUND: = url(../img/360_img10_060717.jpg) #fff repeat-x 50% top; BORDER-LEFT: = #c7c7c7 1px solid } .td28x { PADDING-LEFT: 30px; BACKGROUND: url(../img/ico360_9_060829.gif) = no-repeat left 50%; LINE-HEIGHT: 24px; PADDING-TOP: 4px; BORDER-BOTTOM: = #999 1px dashed; TEXT-ALIGN: left } .tdb { BORDER-TOP: #999 1px dashed } .bottom { PADDING-RIGHT: 0px; PADDING-LEFT: 0px; FONT-SIZE: 12px; BACKGROUND: = url(../img/bottom_060829.gif) no-repeat 50% top; PADDING-BOTTOM: 20px; = COLOR: #666; LINE-HEIGHT: 20px; PADDING-TOP: 38px; TEXT-ALIGN: center } ------=_NextPart_000_0000_01C70663.F0F00820--

瑞星卡卡安全论坛