我是一个菜鸟,看了楼主的帖子对我帮助很多.谢谢了!

怎么没有说明看日志的方法？但是这篇还是对新手不错的。

不错的贴子，学习了，楼主辛苦了！！1

最后那张图我没有看明白``细点说行么``?谢谢``

[CODE]

2007-05-04,11:16:19

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
N/A

==================================
启动文件夹
N/A

==================================
服务
[Rising Proxy  Service / RfwProxySrv][Stopped/Manual Start]
  <c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
  <c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"D:\瑞星\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"D:\瑞星\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

接住的  谢谢帮忙下

==================================
驱动程序
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[C-Media PCI Audio Driver (WDM) / cmpci][Running/Manual Start]
  <system32\drivers\cmaudio.sys><C-Media Inc>
[CnsMinKP / CnsMinKP][Running/]
  <2 - 系统找不到指定的文件。
><N/A>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\D:\瑞星\RISING\RAV\ExpScan.sys><>
[HOOKAPI / HOOKAPI][Stopped/Manual Start]
  <\??\D:\瑞星\RISING\RAV\HOOKAPI.SYS><瑞星软件有限公司>
[HookCont / HookCont][Running/Auto Start]
  <\??\D:\瑞星\RISING\RAV\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\D:\瑞星\RISING\RAV\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\D:\瑞星\RISING\RAV\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[mdnbohr / mdnbohr][Running/Boot Start]
  <\SystemRoot\\SystemRoot\System32\drivers\mdnbohr.sys><N/A>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\D:\瑞星\RISING\RAV\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs][Running/Auto Start]
  <\??\c:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\D:\IPQQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[NPPTNT2 / NPPTNT2][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\npptNT2.sys><INCA Internet Co., Ltd.>
[oreans32 / oreans32][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\oreans32.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[QKeyServiceDisplay / QKeyService][Running/Boot Start]
  <\SystemRoot\system32\KeyCrypt.sys><Tencent Technology (Shenzhen) Company Limited>
[rkmterhv / rkmterhv][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\rkmterhv.sys><Yahoo! China Corporation>
[RsFwDrv / RsFwDrv][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\D:\瑞星\RISING\RAV\RSPPSYS.sys><Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[yaskp / yaskp][Stopped/Manual Start]
  <2 - 系统找不到指定的文件。
><N/A>
[Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Running/System Start]
  <system32\drivers\ialmsbw.sys><Intel Corporation>
[Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Running/Manual Start]
  <system32\drivers\ialmkchw.sys><Intel Corporation>
[1886312 / 1886312][Running/]
  <2 - 系统找不到指定的文件。
><N/A>

接住的 谢谢帮忙下
==================================
浏览器加载项
N/A

==================================
正在运行的进程
[PID: 432][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 492][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 516][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 560][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 572][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 724][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 772][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 904][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 996][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1104][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1264][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1504][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1536][D:\瑞星\RISING\RAV\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
    [D:\瑞星\RISING\RAV\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [D:\瑞星\RISING\RAV\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 1624][c:\program files\rising\rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 70]
    [c:\program files\rising\rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
    [c:\program files\rising\rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [c:\program files\rising\rfw\RfwCtrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [c:\program files\rising\rfw\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [c:\program files\rising\rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [D:\360安全卫士\360安全卫士\safemon\safemon.dll]  [, 3, 2, 0, 1001]
[PID: 2004][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 1144][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2068][C:\WINDOWS\system32\igfxtray.exe]  [Intel Corporation, 3,0,0,1517]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3,0,0,1517]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3,0,0,1517]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3,0,0,1517]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3,0,0,1517]
    [C:\WINDOWS\system32\igfxress.dll]  [Intel Corporation, 3,0,0,1517]
[PID: 2084][C:\WINDOWS\system32\hkcmd.exe]  [Intel Corporation, 3,0,0,1517]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3,0,0,1517]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3,0,0,1517]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3,0,0,1517]
    [C:\WINDOWS\system32\igfxhk.dll]  [Intel Corporation, 3,0,0,1517]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3,0,0,1517]
[PID: 2104][C:\WINDOWS\Mixer.exe]  [C-Media Electronic Inc. (www.cmedia.com.tw), 1.58]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\cmnprop.dll]  [C-Media Corporation, 5.00.2195.12]
[PID: 2568][D:\IPQQ\QQ.exe]  [TENCENT, 0, 0, 0, 0]
    [D:\IPQQ\QQBaseClassInDll.dll]  [, 1, 0, 0, 1]
    [D:\IPQQ\QQHelperDll.dll]  [, 1, 0, 0, 1]
    [D:\IPQQ\BasicCtrlDll.dll]  [Tencent, 7, 0, 101, 80]
    [D:\IPQQ\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [D:\IPQQ\RICHED32.DLL]  [Microsoft Corporation, 5.00.2134.1]
    [D:\IPQQ\RICHED20.dll]  [Microsoft Corporation, 5.31.23.1218]
    [D:\IPQQ\QQAPI.dll]  [, 1, 0, 0, 1]
    [D:\IPQQ\LoginCtrl.dll]  [N/A, ]
    [D:\IPQQ\npkcntc.dll]  [INCA Internet Co., Ltd., 2006, 6, 27, 1]
    [D:\IPQQ\npkpdb.dll]  [INCA Internet Co., Ltd., 2003, 10, 1, 1]
    [D:\IPQQ\LoginCtrlRes.dll]  [, 1, 0, 0, 1]
    [D:\IPQQ\QQRes.dll]  [tencent, 1, 0, 0, 1]
    [D:\IPQQ\QQMainFrame.dll]  [N/A, ]
    [D:\IPQQ\CQQApplication.dll]  [N/A, ]
    [D:\IPQQ\NewSkin.dll]  [, 1, 0, 0, 1]
    [D:\IPQQ\HostingMgr.dll]  [, 1, 0, 0, 1]
    [D:\IPQQ\CameraDll.dll]  [, 1, 0, 0, 1]
    [D:\IPQQ\MailSummary.dll]  [, 1, 0, 0, 1]
    [D:\IPQQ\QQKnowledgeSearch.dll]  [, 1, 0, 0, 1]
    [D:\IPQQ\QQAllInOne.dll]  [N/A, ]
    [D:\IPQQ\GroupLive.dll]  [N/A, ]
    [D:\IPQQ\SCCore.dll]  [TENCENT, 2, 0, 0, 1]
    [D:\IPQQ\gdiplus.dll]  [Microsoft Corporation, 5.1.3102.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\IPQQ\QQSpace.dll]  [, 1, 0, 0, 1]
    [D:\IPQQ\vbscript.dll]  [Microsoft Corporation, 5.6.0.7426]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [D:\IPQQ\QQGroupMng.dll]  [, 1, 0, 0, 1]
    [D:\IPQQ\QQSysMsgMng.dll]  [N/A, ]
    [D:\IPQQ\UserDefinedHead.dll]  [, 1, 0, 0, 1]
    [D:\IPQQ\QQPlugin.dll]  [N/A, ]
    [D:\IPQQ\QQConfigPlugin.dll]  [, 1, 0, 0, 1]
    [D:\IPQQ\QRingMng.dll]  [N/A, ]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [D:\IPQQ\LongConnection.dll]  [tencent, 5, 0, 200, 160]
    [D:\IPQQ\QQPet.dll]  [, 1, 0, 0, 1]
    [D:\IPQQ\QQAvatar.dll]  [N/A, ]
    [D:\IPQQ\FlashAvatarDll.dll]  [, 1, 4, 0, 1]
    [D:\IPQQ\PhoneAPI.dll]  [, 1, 0, 0, 1]
    [D:\IPQQ\DialerAllinOne.dll]  [tencent, 1, 4, 0, 0]
    [D:\IPQQ\BQQApplication.dll]  [N/A, ]
    [D:\IPQQ\QQCustomFace.dll]  [N/A, ]
    [D:\IPQQ\ImageOle.dll]  [TODO: <Company name>, 1.0.0.1]
    [D:\IPQQ\QQSceneMng.dll]  [N/A, ]
    [D:\IPQQ\CommercesMng.dll]  [, 1, 0, 0, 1]
    [D:\IPQQ\PersonalDesktop.dll]  [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 2]
    [D:\IPQQ\QQAddr.dll]  [深圳市腾讯计算机系统有限公司, 5, 0, 101, 280]
    [C:\WINDOWS\system32\msadp32.acm]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\IPQQ\QQMagicFace.dll]  [, 1, 0, 0, 1]
    [D:\IPQQ\QQPhoneHelper.dll]  [腾讯科技（深圳）有限公司, 2, 1, 8, 81]
    [C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL]  [Microsoft Corporation, 11.0.5510]
    [D:\360安全卫士\360安全卫士\safemon\safemon.dll]  [, 3, 2, 0, 1001]
    [D:\IPQQ\GroupConnection.dll]  [Tencent, 0, 3, 3, 5]
[PID: 3048][D:\千千静听\TTPlayer.exe]  [Alen Soft, 4, 6, 0, 0]
    [D:\千千静听\ttpcomm.dll]  [N/A, ]
    [D:\千千静听\ttpres.dll]  [Alen Soft, 4, 6, 5, 0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [D:\360安全卫士\360安全卫士\safemon\safemon.dll]  [, 3, 2, 0, 1001]
[PID: 260][D:\360安全卫士\360安全卫士\360Safe.exe]  [奇虎网, 3, 3, 0, 1004]
    [D:\360安全卫士\360安全卫士\AntiAdwa.dll]  [360Safe.com, 3, 3, 0, 1004]
    [D:\360安全卫士\360安全卫士\AntiEng.dll]  [360Safe.com, 3, 3, 0, 1001]
    [D:\360安全卫士\360安全卫士\Antispy.dll]  [奇虎网, 3, 3, 0, 1001]
    [D:\360安全卫士\360安全卫士\LeakCheck.dll]  [360Safe.com, 3, 3, 0, 1002]
    [D:\360安全卫士\360安全卫士\CleanHis.dll]  [奇虎网, 3, 0, 2, 1000]
    [D:\360安全卫士\360安全卫士\AntiActi.dll]  [360Safe.com, 2, 0, 0, 3000]
    [D:\360安全卫士\360安全卫士\live.dll]  [360safe.COM, 1, 0, 0, 1012]
    [D:\360安全卫士\360安全卫士\safemon\safemon.dll]  [, 3, 2, 0, 1001]
[PID: 3140][D:\360安全卫士\360安全卫士\safemon\360Tray.exe]  [奇虎网, 3, 3, 0, 1004]
    [D:\360安全卫士\360安全卫士\safemon\safemon.dll]  [, 3, 2, 0, 1001]
    [D:\360安全卫士\360安全卫士\safemon\SafeKrnl.dll]  [奇虎网, 3, 2, 0, 1001]
    [D:\360安全卫士\360安全卫士\AntiAdwa.dll]  [360Safe.com, 3, 3, 0, 1004]
[PID: 296][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\360安全卫士\360安全卫士\safemon\safemon.dll]  [, 3, 2, 0, 1001]
    [D:\webxl\WebThunderBHO_016.dll]  [Thunder Networking Technologies,LTD, 6, 0, 0, 5]
    [C:\WINDOWS\system32\tkdezymk.dll]  [, 1, 0, 0, 4]
    [D:\世荣\讯雷5\ComDlls\XunLeiBHO_007.dll]  [Thunder Networking Technologies,LTD, 5, 0, 1, 4]
    [C:\WINDOWS\system32\nxgmwxjo.dll]  [, 1, 0, 0, 25]
    [C:\PROGRA~1\KuGoo3\KUGOO3~1.OCX]  [N/A, ]
    [D:\office\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll]  [Microsoft Corporation, 8.1.0178.00]
    [C:\WINDOWS\system32\Audiodev.dll]  [Microsoft Corporation, 5.2.3802.3802 built by: dnsrv(bld4act)]
    [C:\WINDOWS\system32\xpsp3res.dll]  [Microsoft Corporation, 5.1.2600.3100 (xpsp_sp2_gdr.070309-0025)]
[PID: 3844][D:\360安全卫士\SREng2\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [D:\360安全卫士\360安全卫士\safemon\safemon.dll]  [, 3, 2, 0, 1001]
    [D:\360安全卫士\SREng2\Plugins\NWMON.SRE]  [Smallfrogs Studio, 1, 0, 0, 8]
[PID: 2784][C:\WINDOWS\explorer.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\360安全卫士\360安全卫士\safemon\safemon.dll]  [, 3, 2, 0, 1001]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]

==================================
文件关联
N/A

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

高手帮忙下 谢谢

该用户帖子内容已被屏蔽

呵呵
好东西