开机就提示瑞星杀毒软件出问题需要关闭,但防火墙可以正常工作,然后偶手动打开瑞星杀毒软件,可以打开界面,但是按杀毒没有反映,按在线升级出来提示:读取升级配置文件失败,请使用安装程序的修复功能修复后再升级.
偶就把安装盘放入,然后按了启动注册表修复, 又出来提示:RegClean.exe遇到问题需要关闭
之后偶按安装瑞星杀毒软件,出来提示:Rising Setup Application遇到问题需要关闭
下面是偶用卡卡扫描的结果,大大帮偶看看~~~~偶真是头晕S拉~~~~~~~~到底怎么回事啊~~~~~!不让偶杀毒了...怎么办啊....

Logfile of Kaka v2. 0. 3. 0 Scan Module v1. 0. 6. 1
Scan saved at 20:46:06, on 2007-07-05
Platform: Microsoft Windows XP Professional Service Pack 2 (Build 2600)
MSIE: Internet Explorer v6.00 SP2; (6.00.2900.2180 (xpsp_sp2_rtm.040803-2158))


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=%SystemRoot%\system32\blank.htm
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: WebThunder Browser Helper - {00000AAA-A363-466E-BEF5-9BB68697AA7F} - C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_Now.dll
O2 - BHO: ThunderAtOnce Class - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder2\ComDlls\TDAtOnce_Now.dll
O2 - BHO: Thunder Browser Helper - {06849E9E-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Thunder Network\Thunder2\ComDlls\xunleiBHO_Now.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar:  (file missing)
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [foxy] "C:\Program Files\摩力游下载器\Foxy.exe" -tray
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RfwMain] "F:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [BHDCRegC] C:\WINDOWS\system32\BHDCRegC.exe
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [RavTask] "F:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [WinampAgent] rem C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [miniqqlive] "C:\Program Files\Tencent\QQLive\MiniQQLive.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Ringz Studio\Storm Codec\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [runeip] C:\Program Files\Rising\AntiSpyware\runiep.exe
O4 - HKLM\..\RunOnce: [KKDelay] C:\Program Files\Rising\AntiSpyware\RunOnce.exe
O4 - Startup: desktop.ini =
O4 - Startup: QQ游戏启动加速程序.lnk = C:\Program Files\Tencent\QQGAME\Accel.exe
O4 - Global Startup: desktop.ini =
O8 - Extra context menu item: 上传到QQ网络硬盘 - F:\Program Files\Tencent\qq\AddToNetDisk.htm
O8 - Extra context menu item: 使用Web迅雷下载 - C:\Program Files\Thunder Network\WebThunder\GetUrl.htm
O8 - Extra context menu item: 使用Web迅雷下载全部链接 - C:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm
O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder2\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder2\Program\getallurl.htm
O8 - Extra context menu item: 导出到 Microsoft Excel(&x) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra Button: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder2\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder2\Thunder.exe
O9 - Extra Button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - C:\Program Files\浩方对战平台\GameClient.exe
O9 - Extra Button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra Button: 启动Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)
O9 - Extra 'Tools' menuitem: 启动Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\cdnns.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
O15 - Trusted Zone: mybank.icbc.com.cn
O15 - Trusted Zone: http://www.icbc.com.cn
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (EditCtrl Class) - https://img.alipay.com/download/1101/aliedit.cab
O16 - DPF: {62B938C4-4190-4F37-8CF0-A92B0A91CC77} (InfoSecNetSign Class) - https://mybank.icbc.com.cn/icbc/NetSign.dll
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {BF8C499A-AC6E-4F58-82EA-9E5FCC41C34B} (PicUploadCtrl Class) - http://tb.sogou.com/PicUpload.cab?pp
O16 - DPF: {E787FD25-8D7C-4693-AE67-9406BC6E22DF} (PasswordEditCtrl Class) - https://password.qq.com/download/qqedit2.cab
O16 - DPF: {E847C78C-C210-4195-8799-FBF3BF89797D} (金山毒霸在线产品升级) - http://scan.www.duba.net/duba/download/install/onlinescan/KOSInit.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{133EF494-3D8B-4A56-8B0E-299B97D96F8D}: NameServer = 202.96.209.134 202.96.209.6
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\Mshtml.dll
O18 - Protocol: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\Mshtml.dll
O18 - Protocol: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\Mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll
O18 - Protocol: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\Mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\Mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\Mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O20 - Winlogon Notify: PCANotify
O20 - Winlogon Notify: WgaLogon
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Symantec pcAnywhere Host Service (awhost32) - Symantec Corporation - F:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Human Interface Device Access (HidServ) -  - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: iPod ??? (iPod Service) - Apple Inc. - "C:\Program Files\iPod\bin\iPodService.exe"
O23 - Service: LiveUpdate (LiveUpdate) - Symantec Corporation - "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - f:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - F:\Program Files\Rising\Rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - "F:\Program Files\Rising\Rav\CCenter.exe"
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - "F:\Program Files\Rising\Rav\Ravmond.exe"

此毒够狠！！！！！！！！！========Content========
http://www.kztechs.com/sreng/download.html 下载System Repair Engineer
1 解压缩sreng2.zip
2 运行SREng.exe
3 智能扫描=》扫描=》保存报告
4 把日志中的报告完整拷贝贴上来，不要修改（一次发不完请分贴发上来）
5 扫日志的时候尽量把不必要的软件关闭 如QQ TM等
！！！！！！！！！！！！！！！！

2007-07-05,21:22:32

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描


启动项目


注册表

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
(ctfmon.exe)(C:\WINDOWS\system32\ctfmon.exe) [(Verified)Microsoft Windows Publisher]
(foxy)("C:\Program Files\摩力游下载器\Foxy.exe" -tray) [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
(IMJPMIG8.1)("C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32) [(Verified)Microsoft Windows Publisher]
(PHIME2002ASync)(C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC) [(Verified)Microsoft Windows Publisher]
(PHIME2002A)(C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName) [(Verified)Microsoft Windows Publisher]
(RfwMain)("F:\Program Files\Rising\Rfw\rfwmain.exe" -Startup) [Beijing Rising Technology Co., Ltd.]
(StormCodec_Helper)("C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti) []
(BHDCRegC)(C:\WINDOWS\system32\BHDCRegC.exe) [SHHIC]
(IMSCMig)(C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload) [(Verified)Microsoft Corporation]
(DAEMON Tools)("C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033) [(Verified)DAEMON Tools Code Signing Services]
(RavTask)("F:\Program Files\Rising\Rav\RavTask.exe" -system) [Beijing Rising Technology Co., Ltd.]
(WinampAgent)(rem C:\Program Files\Winamp\winampa.exe) [N/A]
(miniqqlive)("C:\Program Files\Tencent\QQLive\MiniQQLive.exe") [N/A]
(QuickTime Task)("C:\Program Files\Ringz Studio\Storm Codec\qttask.exe" -atboottime) [Apple Computer, Inc.]
(iTunesHelper)("C:\Program Files\iTunes\iTunesHelper.exe") [(Verified)"Apple Computer, Inc."]
(runeip)(C:\Program Files\Rising\AntiSpyware\runiep.exe) [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
(KKDelay)(C:\Program Files\Rising\AntiSpyware\RunOnce.exe) [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(shell)(Explorer.exe) [(Verified)Microsoft Windows Publisher]
(Userinit)(C:\WINDOWS\system32\userinit.exe,) [(Verified)Microsoft Windows Publisher]
(UIHost)(logonui.exe) [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
({32CD708B-60A7-4C00-9377-D73EAA495F0F})(C:\WINDOWS\system32\RavExt.dll) [Beijing Rising Technology Co., Ltd.]
({AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A})(C:\WINDOWS\system32\shlhook.dll) [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
(WPDShServiceObj)(C:\WINDOWS\system32\WPDShServiceObj.dll) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PCANotify]
(WinlogonNotify: PCANotify)(PCANotify.dll) [Symantec Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\){26923b43-4d38-484f-9b9e-de460746276c}]
(Internet Explorer)(%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\){881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
(Outlook Express)(%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
(Themes Setup)(%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
(Microsoft Outlook Express 6)("%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
(NetMeeting 3.01)(rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT) [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
(Windows Messenger 4.7)(rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser) [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
(Microsoft Windows Media Player)(rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub) [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
(通讯簿 6)("%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install) [N/A]




--------------------------------------------------------------------------------



启动文件夹

[QQ游戏启动加速程序]
(C:\Documents and Settings\mori\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --) C:\PROGRA~1\Tencent\QQGAME\Accel.exe [深圳市腾讯计算机系统有限公司])(N)



--------------------------------------------------------------------------------

服务

[Symantec pcAnywhere Host Service / awhost32][Stopped/Manual Start]
(F:\Program Files\Symantec\pcAnywhere\awhost32.exe)(Symantec Corporation)
[Human Interface Device Access / HidServ][Stopped/Disabled]
(C:\WINDOWS\System32\svchost.exe -k netsvcs--)%SystemRoot%\System32\hidserv.dll)(N/A)
[iPod ??? / iPod Service][Running/Manual Start]
("C:\Program Files\iPod\bin\iPodService.exe")(Apple Inc.)
[LiveUpdate / LiveUpdate][Stopped/Manual Start]
("C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE")(Symantec Corporation)
[Rising Proxy Service / RfwProxySrv][Stopped/Manual Start]
(f:\program files\rising\rfw\rfwproxy.exe)(Beijing Rising Technology Co., Ltd.)
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
(F:\Program Files\Rising\Rfw\rfwsrv.exe)(Beijing Rising Technology Co., Ltd.)
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
("F:\Program Files\Rising\Rav\CCenter.exe")(Beijing Rising Technology Co., Ltd.)
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
("F:\Program Files\Rising\Rav\Ravmond.exe")(Beijing Rising Technology Co., Ltd.)



--------------------------------------------------------------------------------



驱动程序

[ATSpy / ATSpy][Stopped/Manual Start]
(\??\C:\WINDOWS\system32\ATSpy.sys)(N/A)
[awecho / awecho][Running/System Start]
(system32\drivers\awechomd.sys)(Symantec Corporation)
[awlegacy / awlegacy][Running/System Start]
(\SystemRoot\System32\Drivers\awlegacy.sys)(Symantec Corporation)
[AW_HOST / AW_HOST][Running/System Start]
(system32\drivers\aw_host5.sys)(Symantec Corporation)
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
(System32\DRIVERS\BaseTDI.SYS)(Beijing Rising Technology Co., Ltd.)
[BHDCKEY / BHDCKEY][Running/Manual Start]
(System32\Drivers\usbdriver.sys)(BHDC)
[Creative AudioPCI (ES1371,ES1373) (WDM) / es1371][Running/Manual Start]
(system32\drivers\es1371mp.sys)(Creative Technology Ltd.)
[ExpScaner / ExpScaner][Running/Auto Start]
(\??\F:\Program Files\Rising\Rav\ExpScan.sys)()
[GEARAspiWDM / GEARAspiWDM][Running/Manual Start]
(System32\Drivers\GEARAspiWDM.sys)(GEAR Software Inc.)
[HookCont / HookCont][Running/Auto Start]
(\??\F:\Program Files\Rising\Rav\HOOKCONT.sys)(Rising)
[HookReg / HookReg][Running/Auto Start]
(\??\F:\Program Files\Rising\Rav\HookReg.sys)()
[HookSys / HookSys][Running/Auto Start]
(\??\F:\Program Files\Rising\Rav\HookSys.sys)(Rising)
[HookUrl / HookUrl][Running/Auto Start]
(\??\F:\Program Files\Rising\Rfw\HookUrl.sys)(Beijing Rising Technology Co., Ltd.)
[jjaifhbb / jjaifhbb][Stopped/Boot Start]
(\SystemRoot\system32\drivers\jjaifhbb.sys)(N/A)
[kmsinput / kmsinput][Stopped/Manual Start]
(\??\C:\WINDOWS\system32\drivers\kmsinput.sys)(N/A)
[MEMSCAN / MEMSCAN][Running/Auto Start]
(\??\F:\Program Files\Rising\Rav\MEMSCAN.sys)(瑞星软件有限公司)
[mProcRs / mProcRs][Running/Auto Start]
(\??\f:\program files\rising\rfw\mProcRs.sys)(Beijing Rising Technology Co., Ltd.)
[mxdispdr / mxdispdr][Running/Auto Start]
(\??\C:\WINDOWS\system32\drivers\mxdispdr.sys)(N/A)
[npkcrypt / npkcrypt][Running/Auto Start]
(\??\F:\Program Files\Tencent\qq\npkcrypt.sys)(INCA Internet Co., Ltd.)
[nv / nv][Running/Manual Start]
(system32\DRIVERS\nv4_mini.sys)(NVIDIA Corporation)
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
(system32\DRIVERS\ptilink.sys)(Parallel Technologies, Inc.)
[QuakeDRV / QuakeDRV][Running/Boot Start]
(\SystemRoot\system32\DRIVERS\quakedrv.sys)(N/A)
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
(\SystemRoot\system32\drivers\RsBoot.sys)(Beijing Rising Technology Co., Ltd.)
[RsFwDrv / RsFwDrv][Running/Auto Start]
(\??\F:\Program Files\Rising\Rfw\RsFwDrv.sys)(Beijing Rising Technology Co., Ltd.)
[RsNTGDI / RsNTGDI][Running/Boot Start]
(\SystemRoot\system32\Drivers\RsNTGdi.sys)(Beijing Rising Technology Co., Ltd.)
[RSPPSYS / RSPPSYS][Running/Auto Start]
(\??\F:\Program Files\Rising\Rav\RSPPSYS.sys)(Rising)
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
(system32\DRIVERS\RTL8139.SYS)(Realtek Semiconductor Corporation)
[Secdrv / Secdrv][Running/Auto Start]
(system32\DRIVERS\secdrv.sys)(N/A)
[StarForce Protection Environment Driver (version 1.x.a) / sfdrv01a][Running/Boot Start]
(\SystemRoot\System32\drivers\sfdrv01a.sys)(Protection Technology (StarForce))
[StarForce Protection Helper Driver (version 2.x) / sfhlp02][Running/Boot Start]
(\SystemRoot\System32\drivers\sfhlp02.sys)(Protection Technology (StarForce))
[StarForce Protection Synchronization Driver (version 4.x) / sfsync04][Running/Boot Start]
(\SystemRoot\System32\drivers\sfsync04.sys)(Protection Technology (StarForce))
[sptd / sptd][Running/Boot Start]
(\SystemRoot\System32\Drivers\sptd.sys)(N/A)
[vhiowo4 / vhiowo40][Stopped/Boot Start]
(\SystemRoot\System32\DRIVERS\vhiowo40.sys)(N/A)



--------------------------------------------------------------------------------

浏览器加载项

[WebThunder Browser Helper]
{00000AAA-A363-466E-BEF5-9BB68697AA7F} (C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_Now.dll, Thunder Networking Technologies,LTD)
[ThunderAtOnce Class]
{01443AEC-0FD1-40fd-9C87-E93D1494C233} (C:\Program Files\Thunder Network\Thunder2\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD)
[Thunder Browser Helper]
{06849E9E-C8D7-4D59-B87D-784B7D6BE0B3} (C:\Program Files\Thunder Network\Thunder2\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD)
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated)
[启动迅雷5]
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} (C:\Program Files\Thunder Network\Thunder2\Thunder.exe, Thunder Networking Technologies,LTD)
[浩方对战平台]
{0A155D3C-68E2-4215-A47A-E800A446447A} (C:\Program Files\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司)
[信息检索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} (C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation)
[启动Web迅雷]
{962EFB8E-2683-42d4-AC74-AAA4C759B9C6} (http://my.xunlei.com, N/A)
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} (C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation)
[EditCtrl Class]
{488A4255-3236-44B3-8F27-FA1AECAA8844} (C:\WINDOWS\system32\aliedit\aliedit.dll, )
[InfoSecNetSign Class]
{62B938C4-4190-4F37-8CF0-A92B0A91CC77} (C:\WINDOWS\system32\NetSign.dll, Infosec Technologies Co., Ltd.)
[AxInputControl Class]
{73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (C:\WINDOWS\system32\INPUTC~1.DLL, )
[PicUploadCtrl Class]
{BF8C499A-AC6E-4F58-82EA-9E5FCC41C34B} (C:\WINDOWS\Downloaded Program Files\PicUpload.dll, Sohu.com Inc.)
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} (C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.)
[PasswordEditCtrl Class]
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} (C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司)
[金山毒霸在线产品升级]
{E847C78C-C210-4195-8799-FBF3BF89797D} (C:\PROGRA~1\KOS\KOSInit.OCX, 金山软件股份有限公司)
[WebThunder Browser Helper]
{00000AAA-A363-466E-BEF5-9BB68697AA7F} (C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_Now.dll, Thunder Networking Technologies,LTD)
[ThunderAtOnce Class]
{01443AEC-0FD1-40FD-9C87-E93D1494C233} (C:\Program Files\Thunder Network\Thunder2\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD)
[WebThunder Class]
{03507A1A-E0C5-4404-AA26-205385C0892D} (, N/A)
[Thunder Browser Helper]
{06849E9E-C8D7-4D59-B87D-784B7D6BE0B3} (C:\Program Files\Thunder Network\Thunder2\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD)
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated)
[IeHelper Class]
{0D42E1BD-09DD-4873-A826-9C7E793EB7B6} (C:\Program Files\Thunder Network\Thunder2\Components\ResWorker\DSIeHelper.dll, Thunder Networking Technologies,LTD)
[InfosecCertInstall Class]
{0EB487C8-E9AC-43A6-8C4C-083999B0622F} (C:\WINDOWS\system32\certInStall.dll, )
[PeerDraw Class]
{10072CEC-8CC1-11D1-986E-00A0C955B42E} (C:\Program Files\Common Files\Microsoft Shared\VGX\vgx.dll, Microsoft Corporation)
[iTrusPTA Class]
{1E0DFFCF-27FF-4574-849B-55007349FEDA} (C:\WINDOWS\system32\aliedit\pta.dll, )
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} (C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation)
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} (%SystemRoot%\system32\Mshtml.dll, N/A)
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} (C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation)
[Tabular Data Control]
{333C7BC4-460F-11D0-BC04-0080C7055A83} (C:\WINDOWS\system32\tdc.ocx, Microsoft Corporation)
[Thunder Agent Class]
{485463B7-8FB2-4B3B-B29B-8B919B0EACCE} (C:\Program Files\Thunder Network\Thunder2\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD)
[EditCtrl Class]
{488A4255-3236-44B3-8F27-FA1AECAA8844} (C:\WINDOWS\system32\aliedit\aliedit.dll, )
[金山毒霸在线杀毒]
{577A1997-6FD0-4972-B234-885DA583F9CE} (C:\PROGRA~1\KOS\KOSClean.OCX, 金山软件股份有限公司)
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} (C:\WINDOWS\system32\wmp.dll, Microsoft Corporation)
[AxInputControl Class]
{73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (C:\WINDOWS\system32\INPUTC~1.DLL, )
[MediaComm Class]
{7670648D-461B-42AF-BDFE-46D26AF5EFF2} (C:\Program Files\Thunder Network\Thunder2\Components\InMedia\MediaAddin13.dll, Thunder Networking Technologies,LTD)
[360SafeLive]
{87515F61-A66C-4319-A0E0-D416CB8059E3} (F:\Program Files\360safe\live.dll, 360safe.com)
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} (C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation)
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} (C:\Program Files\Thunder Network\Thunder2\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD)
[AxSubmitControl Class]
{8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (C:\WINDOWS\system32\SUBMIT~1.DLL, )
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} (C:\WINDOWS\system32\Mshtml.dll, Microsoft Corporation)
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} (%SystemRoot%\system32\shdocvw.dll, N/A)
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} (C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation)
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} (C:\WINDOWS\system32\wmp.dll, Microsoft Corporation)
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} (C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.)
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} (C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.)
[PasswordEditCtrl Class]
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} (C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司)
[金山毒霸在线产品升级]
{E847C78C-C210-4195-8799-FBF3BF89797D} (C:\PROGRA~1\KOS\KOSInit.OCX, 金山软件股份有限公司)
[Vod Class]
{EEDD6FF9-13DE-496B-9A1C-D78B3215E266} (C:\Program Files\Thunder Network\Thunder2\Components\DownAndPlay\DapPlayer1.0.0.41.dll, XunLei)
[上传到QQ网络硬盘]
(F:\Program Files\Tencent\qq\AddToNetDisk.htm, N/A)
[使用Web迅雷下载]
(C:\Program Files\Thunder Network\WebThunder\GetUrl.htm, N/A)
[使用Web迅雷下载全部链接]
(C:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm, N/A)
[使用迅雷下载]
(C:\Program Files\Thunder Network\Thunder2\Program\geturl.htm, N/A)
[使用迅雷下载全部链接]
(C:\Program Files\Thunder Network\Thunder2\Program\getallurl.htm, N/A)
[导出到 Microsoft Excel(&x)]
(res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000, N/A)
[导出到 Microsoft Office Excel(&X)]
(res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A)



--------------------------------------------------------------------------------

正在运行的进程

[PID: 484 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 560 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 584 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\PCANotify.dll] [Symantec Corporation, 12.0.0.66]
[C:\WINDOWS\system32\MSVCR70.dll] [Microsoft Corporation, 7.00.9466.0]
[C:\WINDOWS\system32\msplrct.dll] [N/A, ]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 628 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)]
[PID: 640 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 804 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 852 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 952 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.374 (winmain(wmbla).070416-2057)]
[PID: 1020 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1144 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1400 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.2175.0]
[C:\WINDOWS\system32\awmon.dll] [Symantec Corporation, 12.0.0.11]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.2175.0]
[PID: 1448 / LOCAL SERVICE][C:\WINDOWS\System32\SCardSvr.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1944 / mori][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[C:\WINDOWS\system32\shlhook.dll] [Beijing Rising Technology Co., Ltd., 4.0.0.7]
[C:\WINDOWS\system32\WPDShServiceObj.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\PortableDeviceTypes.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 6.0.1.2003110300]
[F:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 188 / mori][F:\Program Files\Rising\Rfw\RfwMain.exe] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 72]
[F:\Program Files\Rising\Rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
[F:\Program Files\Rising\Rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[F:\Program Files\Rising\Rfw\RfwCtrl.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
[F:\Program Files\Rising\Rfw\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
[F:\Program Files\Rising\Rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 280 / mori][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 384 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1640 / mori][C:\WINDOWS\system32\BHDCRegC.exe] [SHHIC, 1.01]
[C:\WINDOWS\system32\MSVBVM60.DLL] [Microsoft Corporation, 6.00.9690]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1608 / mori][C:\Program Files\iTunes\iTunesHelper.exe] [Apple Inc., 7.1.0.59]
[C:\Program Files\iTunes\iTunesHelper.Resources\zh_CN.lproj\iTunesHelperLocalized.DLL] [Apple Inc., 7.1.0.43]
[C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL] [Apple Inc., 7.1.0.59]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2124 / mori][C:\Program Files\Rising\AntiSpyware\runiep.exe] [Beijing Rising Technology Co., Ltd., 1, 0, 1, 6]
[C:\Program Files\Rising\AntiSpyware\iep_ctrl.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2148 / mori][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2232 / SYSTEM][C:\Program Files\iPod\bin\iPodService.exe] [Apple Inc., 7.1.0.59]
[C:\Program Files\iPod\bin\iPodService.Resources\zh_CN.lproj\iPodServiceLocalized.DLL] [Apple Inc., 7.1.0.43]
[C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL] [Apple Inc., 7.1.0.59]
[PID: 888 / mori][C:\Program Files\Maxthon\Maxthon.exe] [MY Soft Technology, 1, 1, 0, 50]
[C:\Program Files\Maxthon\zlib.dll] [N/A, ]
[C:\Program Files\Maxthon\Plugin\FloatBar\FloatBar.dll] [, 1, 8, 0, 0]
[C:\Program Files\Thunder Network\Thunder2\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 3, 11]
[C:\Program Files\Thunder Network\Thunder2\Components\ResWorker\DsBho_00.dll] [, 1, 0, 0, 4]
[C:\Program Files\Thunder Network\Thunder2\Components\ResWorker\DataProcessor_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 6]
[C:\WINDOWS\system32\odbcbcp.dll] [Microsoft Corporation, 2000.085.1117.00 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\COMMON~1\SYSTEM\MSMAPI\2052\MSMAPI32.DLL] [Microsoft Corporation, 11.0.6361]
[C:\Program Files\Common Files\Microsoft Shared\office11\mso.dll] [Microsoft Corporation, 11.0.6360]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\Program Files\Maxthon\Services\RealTime\real_time.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\淘宝网\淘宝旺旺\WangWangX.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[PID: 3940 / mori][C:\Program Files\Maxthon\Maxthon.exe] [MY Soft Technology, 1, 1, 0, 50]
[C:\Program Files\Maxthon\zlib.dll] [N/A, ]
[C:\Program Files\Maxthon\Plugin\FloatBar\FloatBar.dll] [, 1, 8, 0, 0]
[C:\Program Files\Thunder Network\Thunder2\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 3, 11]
[C:\Program Files\Thunder Network\Thunder2\Components\ResWorker\DsBho_00.dll] [, 1, 0, 0, 4]
[C:\Program Files\Thunder Network\Thunder2\Components\ResWorker\DataProcessor_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 6]
[C:\WINDOWS\system32\odbcbcp.dll] [Microsoft Corporation, 2000.085.1117.00 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\COMMON~1\SYSTEM\MSMAPI\2052\MSMAPI32.DLL] [Microsoft Corporation, 11.0.6361]
[C:\Program Files\Common Files\Microsoft Shared\office11\mso.dll] [Microsoft Corporation, 11.0.6360]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\Program Files\Maxthon\Services\RealTime\real_time.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[PID: 1556 / mori][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 2, 10]
[C:\Program Files\Thunder Network\Thunder2\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.2.9]
[C:\Program Files\Thunder Network\Thunder2\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 3, 11]
[C:\Program Files\Thunder Network\Thunder2\Components\ResWorker\DsBho_00.dll] [, 1, 0, 0, 4]
[C:\Program Files\Thunder Network\Thunder2\Components\ResWorker\DataProcessor_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 6]
[C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 6.0.1.2003110300]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1604 / mori][C:\WINDOWS\system32\notepad.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2844 / SYSTEM][C:\WINDOWS\system32\wuauclt.exe] [Microsoft Corporation, 7.0.6000.374 (winmain(wmbla).070416-2057)]
[C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.374 (winmain(wmbla).070416-2057)]
[PID: 2572 / mori][C:\WINDOWS\system32\wuauclt.exe] [Microsoft Corporation, 7.0.6000.374 (winmain(wmbla).070416-2057)]
[C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.374 (winmain(wmbla).070416-2057)]
[PID: 3952 / mori][C:\Program Files\WinRAR\WinRAR.exe] [N/A, ]
[C:\WINDOWS\system32\wpdshext.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\Audiodev.dll] [Microsoft Corporation, 5.2.3790.3646 built by: DNSRV(bld4act)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 4000 / mori][C:\DOCUME~1\mori\LOCALS~1\Temp\Rar$EX00.922\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\DOCUME~1\mori\LOCALS~1\Temp\Rar$EX00.922\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]



--------------------------------------------------------------------------------

文件关联

.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]



--------------------------------------------------------------------------------



Winsock 提供者

N/A



--------------------------------------------------------------------------------



Autorun.inf

N/A



--------------------------------------------------------------------------------



HOSTS 文件

127.0.0.1 localhost



--------------------------------------------------------------------------------



进程特权扫描

特殊特权被允许： SeLoadDriverPrivilege [PID = 1640, C:\WINDOWS\SYSTEM32\BHDCREGC.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2124, C:\PROGRAM FILES\RISING\ANTISPYWARE\RUNIEP.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 888, C:\PROGRAM FILES\MAXTHON\MAXTHON.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3940, C:\PROGRAM FILES\MAXTHON\MAXTHON.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3952, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]



--------------------------------------------------------------------------------



API HOOK

N/A



--------------------------------------------------------------------------------



隐藏进程

N/A



--------------------------------------------------------------------------------

全部发完~~~~大大帮帮偶~~~~~~T.T

没人来帮帮偶么~~~555555555555555555555

up~~~~!!!!!