这两天不知道中了什么病毒，我的瑞星2007实时监控会时常莫名其妙的关闭，为此我特地用GHOST重倒系统，并升级瑞星到最高版本，还是没办法解决，现在看着那个小伞合上，我点打开，过一会又合上，真是不厌其烦～～～～

加我QQ365600799
发日至上来

我的QQ早就被盗啦，真是提起就辛酸～～～
[CODE]

2007-06-30,19:51:16

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <bgswitch><C:\WINDOWS\system32\bgswitch.exe>  []
    <jiajiasr><C:\tools\jj4\jiajiasr.exe>  [加加工作组]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <mmsk><C:\Program Files\木马杀客\mmsk.exe>  [木马杀客]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <Microsoft Autorun5><C:\WINDOWS\system32\mosou.exe>  []
    <Microsoft Autorun7><C:\WINDOWS\system32\nwizqjsj.exe>  []
    <Microsoft Autorun14><C:\WINDOWS\system32\ztinetzt.exe>  []
    <AVPSrv><C:\WINDOWS\AVPSrv.exe>  []
    <Microsoft Autorun10><C:\WINDOWS\system32\nwizwmgjs.exe>  []
    <Microsoft Autorun1><C:\WINDOWS\system32\nwizdh.exe>  []
    <WinForm><C:\WINDOWS\WinForm.exe>  []
    <Microsoft Autorun12><C:\WINDOWS\system32\nwizzhuxians.exe>  []
    <Microsoft Autorun11><C:\WINDOWS\system32\nwizwlwzs.exe>  []
    <TIMHost><C:\WINDOWS\TIMHost.exe>  []
    <MsIMMs32><C:\WINDOWS\MsIMMs32.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <MediaCheck><C:\tools\Kuree\MService.dll>  []

==================================
启动文件夹
N/A

==================================
服务
[541622DA / 541622DA][Stopped/Auto Start]
  <C:\WINDOWS\system32\3EE886AD.EXE -k><Microsoft Corporation>
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Proxy  Service / RfwProxySrv][Stopped/Manual Start]
  <c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
  <c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
驱动程序
[ati2mtag / ati2mtag][Running/Manual Start]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[dtscsi / dtscsi][Running/Manual Start]
  <\SystemRoot\System32\Drivers\dtscsi.sys><N/A>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Running/Manual Start]
  <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[HookCont / HookCont][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[ESS Maestro2E Audio Driver (WDM) / Maestro][Running/Manual Start]
  <system32\drivers\essm2e.sys><ESS Technology, Inc.>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs][Running/Auto Start]
  <\??\c:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
  <system32\drivers\npf.sys><CACE Technologies>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsFwDrv / RsFwDrv][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\RSPPSYS.sys><Rising>
[Secdrv / Secdrv][Running/Auto Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[sptd / sptd][Running/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[ViaIde / ViaIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>

==================================
浏览器加载项
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v4.dll, >
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <C:\tools\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[比特精灵工具栏]
  {B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\Program Files\Baidu\Bar\BaiduBar.dll, >
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <C:\tools\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[比特精灵工具栏]
  {B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\Program Files\Baidu\Bar\BaiduBar.dll, >
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v4.dll, >
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <C:\tools\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[比特精灵工具栏]
  {B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\Program Files\Baidu\Bar\BaiduBar.dll, >
[&使用迷你迅雷下载]
  <C:\tools\Maxthon\Thundermini\geturl.htm, N/A>
[用比特精灵下载(&B)]
  <C:\tools\BitSpirit\bsurl.htm, N/A>

==================================
正在运行的进程
[PID: 492][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 744][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\7D40C749.DLL]  [Microsoft Corporation, ]
[PID: 768][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4113]
    [C:\WINDOWS\system32\7D40C749.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 816][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\7D40C749.DLL]  [Microsoft Corporation, ]
[PID: 828][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\7D40C749.DLL]  [Microsoft Corporation, ]
[PID: 1700][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\7D40C749.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\nwizqjsj.dll]  [N/A, ]
    [C:\WINDOWS\system32\MOSOU.dll]  [N/A, ]
    [C:\WINDOWS\system32\ztinetzt.dll]  [N/A, ]
    [C:\WINDOWS\system32\nwizwlwzs.dll]  [N/A, ]
    [C:\WINDOWS\system32\nwizzhuxians.dll]  [N/A, ]
    [C:\WINDOWS\system32\dh2104.dll]  [N/A, ]
    [C:\WINDOWS\system32\nwizwmgjs.dll]  [N/A, ]
    [C:\WINDOWS\system32\msapi.dll]  [N/A, ]
    [C:\WINDOWS\system32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\system32\WinForm.dll]  [N/A, ]
    [C:\WINDOWS\system32\TIMHost.dll]  [N/A, ]
    [C:\WINDOWS\system32\MsIMMs32.dll]  [N/A, ]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\WINDOWS\system32\xunleibho_v4.dll]  [, 4, 3, 2, 29]
    [C:\Program Files\Baidu\Bar\BaiduBar.dll]  [, 2, 0, 2, 18]
[PID: 692][c:\program files\rising\rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 72]
    [c:\program files\rising\rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
    [c:\program files\rising\rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [c:\program files\rising\rfw\RfwCtrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [c:\program files\rising\rfw\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [c:\program files\rising\rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\WINDOWS\system32\ztinetzt.dll]  [N/A, ]
    [C:\WINDOWS\system32\MOSOU.dll]  [N/A, ]
    [C:\WINDOWS\system32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\system32\MsIMMs32.dll]  [N/A, ]
    [C:\WINDOWS\system32\TIMHost.dll]  [N/A, ]
    [C:\WINDOWS\system32\WinForm.dll]  [N/A, ]
[PID: 2588][C:\tools\Kuree\kpupdate.exe]  [N/A, ]
    [C:\WINDOWS\system32\msapi.dll]  [N/A, ]
[PID: 2656][C:\Program Files\木马杀客\mmsk.exe]  [木马杀客, 2,0,0,7]
    [C:\Program Files\木马杀客\krnln.fnr]  [, 1, 0, 0, 1]
    [C:\Program Files\木马杀客\HYExtLib.fne]  [N/A, ]
    [C:\Program Files\木马杀客\TrayIcon.fne]  [, 1, 0, 0, 1]
    [C:\Program Files\木马杀客\iext2.fne]  [, 1, 0, 0, 1]
    [C:\Program Files\木马杀客\iext.fne]  [, 1, 0, 0, 1]
    [C:\Program Files\木马杀客\HtmlView.fne]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\ztinetzt.dll]  [N/A, ]
    [C:\WINDOWS\system32\MOSOU.dll]  [N/A, ]
    [C:\Program Files\木马杀客\iext3.fne]  [, 1, 0, 0, 1]
    [C:\Program Files\木马杀客\xplib.fne]  [N/A, ]
    [C:\Program Files\木马杀客\mmskskin.dll]  [, 2, 0, 0, 6]
    [C:\Program Files\木马杀客\SkinPPWTL.dll]  [http://www.skinplusplus.com, 2, 1, 0, 0]
    [C:\Program Files\木马杀客\shell.fne]  [N/A, ]
    [C:\Program Files\木马杀客\EThread.fne]  [N/A, ]
    [C:\Program Files\木马杀客\dp1.fne]  [N/A, ]
[PID: 3068][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\ztinetzt.dll]  [N/A, ]
    [C:\WINDOWS\system32\MOSOU.dll]  [N/A, ]
[PID: 3092][C:\tools\jj4\jiajiasr.exe]  [加加工作组, 4, 0, 1, 33]
    [C:\WINDOWS\system32\ztinetzt.dll]  [N/A, ]
    [C:\WINDOWS\system32\MOSOU.dll]  [N/A, ]
    [C:\WINDOWS\system32\msapi.dll]  [N/A, ]
[PID: 2520][C:\tools\Maxthon\Max.exe]  [Maxthon International Ltd., 1, 5, 3, 18]
    [C:\tools\Maxthon\maxzlib.dll]  [ , 1, 0, 0, 2]
    [C:\WINDOWS\system32\ztinetzt.dll]  [N/A, ]
    [C:\WINDOWS\system32\MOSOU.dll]  [N/A, ]
    [C:\WINDOWS\system32\odbcbcp.dll]  [Microsoft Corporation, 2000.085.1117.00 (xpsp_sp2_rtm.040803-2158)]
    [C:\tools\Maxthon\Services\RealTime\real_time.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\system32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\system32\WinForm.dll]  [N/A, ]
    [C:\WINDOWS\system32\PYJJ4.IME]  [加加工作组, 4, 0, 1, 35]
    [C:\WINDOWS\system32\TIMHost.dll]  [N/A, ]
    [C:\WINDOWS\system32\MsIMMs32.dll]  [N/A, ]
    [C:\WINDOWS\system32\msapi.dll]  [N/A, ]
    [C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx]  [Macromedia, Inc., 8,0,22,0]
[PID: 3296][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\ztinetzt.dll]  [N/A, ]
    [C:\WINDOWS\system32\MOSOU.dll]  [N/A, ]
[PID: 888][C:\tools\Maxthon\Thundermini\ThunderMini.exe]  [深圳市三代科技开发有限公司, 1, 1, 0, 4]
    [C:\tools\Maxthon\Thundermini\boost_thread-vc6-mt-1_31.dll]  [N/A, ]
    [C:\WINDOWS\system32\msapi.dll]  [N/A, ]
    [C:\WINDOWS\system32\ztinetzt.dll]  [N/A, ]
    [C:\WINDOWS\system32\MOSOU.dll]  [N/A, ]
    [C:\WINDOWS\system32\MsIMMs32.dll]  [N/A, ]
    [C:\WINDOWS\system32\TIMHost.dll]  [N/A, ]
    [C:\WINDOWS\system32\WinForm.dll]  [N/A, ]
    [C:\WINDOWS\system32\AVPSrv.dll]  [N/A, ]
[PID: 3104][C:\tools\Maxthon\Thundermini\TDUpdate.exe]  [N/A, ]
    [C:\WINDOWS\system32\msapi.dll]  [N/A, ]
[PID: 4036][C:\tools\BitSpirit\BitSpirit.exe]  [LANSPIRIT.NET, 3.2.2.215]
    [C:\tools\BitSpirit\BSOPLIB.DLL]  [, 1, 0, 0, 3]
    [C:\WINDOWS\system32\ztinetzt.dll]  [N/A, ]
    [C:\WINDOWS\system32\MOSOU.dll]  [N/A, ]
    [C:\WINDOWS\system32\MsIMMs32.dll]  [N/A, ]
    [C:\WINDOWS\system32\TIMHost.dll]  [N/A, ]
    [C:\WINDOWS\system32\WinForm.dll]  [N/A, ]
    [C:\WINDOWS\system32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\system32\msapi.dll]  [N/A, ]
[PID: 2620][d:\My Documents\DownLoad\软件区\临时软件\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\WINDOWS\system32\ztinetzt.dll]  [N/A, ]
    [C:\WINDOWS\system32\MOSOU.dll]  [N/A, ]
    [C:\WINDOWS\system32\MsIMMs32.dll]  [N/A, ]
    [C:\WINDOWS\system32\TIMHost.dll]  [N/A, ]
    [C:\WINDOWS\system32\WinForm.dll]  [N/A, ]
    [C:\WINDOWS\system32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\system32\msapi.dll]  [N/A, ]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
MSAPI Tcpip [TCP/IP]
    C:\WINDOWS\system32\msapi.dll(, N/A)
MSAPI Tcpip [UDP/IP]
    C:\WINDOWS\system32\msapi.dll(, N/A)

==================================
Autorun.inf
[C:\]
[AutoRun]
open=auto.exe
shellexecute=auto.exe
shell\Auto\command=auto.exe
[D:\]
[AutoRun]
OPEN=auto.exe
shellexecute=auto.exe
shell\打开(&O)\command=setup.exe
shell\Auto\command=auto.exe
[E:\]
[AutoRun]
OPEN=auto.exe
shellexecute=auto.exe
shell\打开(&O)\command=setup.exe
shell\Auto\command=auto.exe
[F:\]
[AutoRun]
OPEN=auto.exe
shellexecute=auto.exe
shell\打开(&O)\command=setup.exe
shell\Auto\command=auto.exe

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
入口点错误：CreateProcessA (危险等级: 一般,  被下面模块所HOOK: C:\WINDOWS\system32\TIMHost.dll)
入口点错误：CreateProcessW (危险等级: 一般,  被下面模块所HOOK: C:\WINDOWS\system32\TIMHost.dll)

==================================
隐藏进程
N/A

==================================


[/CODE]