瑞星监控被禁用，小伞电脑开机是显示绿色的，几秒钟后就成了红伞，半分钟左右后变成黄伞，只有网页监控可用，试了很多方法了都不行，重装了瑞星还是这样，请高手帮忙解决，谢谢。


[CODE]

2007-07-07,21:17:11

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <BHDCRegC><C:\WINDOWS\system32\BHDCRegC.exe>  [SHHIC]
    <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <runeip><"D:\Rising\Rising\runiep.exe" /startup>  [Beijing Rising Technology Co., Ltd.]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <KKDelay><D:\Rising\Rising\RunOnce.exe>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
    <WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll>  [Kaspersky Lab]

==================================
启动文件夹
N/A

==================================
服务
[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
  <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Kaspersky Anti-Virus 6.0 / AVP][Stopped/Manual Start]
  <"d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r><Kaspersky Lab>
[GrayPigeon_Hacker.com.cn / GrayPigeon_Hacker.com.cn][Stopped/Auto Start]
  <><N/A>
[Google Updater Service / gusvc][Stopped/Manual Start]
  <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Proxy  Service / RfwProxySrv][Stopped/Manual Start]
  <c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Stopped/Auto Start]
  <c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Cyberlink RichVideo Service(CRVS) / RichVideo][Running/Auto Start]
  <"C:\Program Files\CyberLink\Shared Files\RichVideo.exe"><>
[Remote Procedure Call System(RPCS) / RpcS][Running/Auto Start]
  <C:\WINDOWS\system32\RpcS.exe><Microsoft Corporation>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[StarWind iSCSI Service / StarWindService][Running/Auto Start]
  <d:\Alcohol 120\StarWind\StarWindService.exe><Rocket Division Software>
[Ulead Burning Helper / UleadBurningHelper][Running/Auto Start]
  <C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe><Ulead Systems, Inc.>
[Windows Media Connect Service / WMConnectCDS][Stopped/Manual Start]
  <C:\Program Files\Windows Media Connect 2\wmccds.exe><Microsoft Corporation>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\mspmsnsv.dll><Microsoft Corporation>

==================================
驱动程序
[Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]
  <system32\drivers\ALCXSENS.SYS><Sensaura>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[arp8023 / arp8023][Stopped/Manual Start]
  <\SystemRoot\system32\drivers\arp8023.sys><N/A>
[Rising TDI Base Driver / BaseTDI][Stopped/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[BHDCKEY / BHDCKEY][Running/Manual Start]
  <System32\Drivers\usbdriver.sys><BHDC>
[Creative AudioPCI (ES1371,ES1373) (WDM) / es1371][Running/Manual Start]
  <system32\drivers\es1371mp.sys><Creative Technology Ltd.>
[ExpScaner / ExpScaner][Stopped/Auto Start]
  <\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[HookCont / HookCont][Stopped/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Stopped/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Stopped/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[kl1 / kl1][Running/Boot Start]
  <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif][Stopped/System Start]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><N/A>
[MEMSCAN / MEMSCAN][Stopped/Auto Start]
  <\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[nbfy / nbfyy][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\nbfyy.sys><N/A>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
  <system32\drivers\npf.sys><CACE Technologies>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\C:\WINDOWS\system32\qqedit\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Padus ASPI Shell / pfc][Running/Manual Start]
  <system32\drivers\pfc.sys><Padus, Inc.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
[RsFwDrv / RsFwDrv][Stopped/Auto Start]
  <\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Stopped/Auto Start]
  <\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[SiS PCI Fast Ethernet Adapter Driver / SISNIC][Running/Manual Start]
  <system32\DRIVERS\sisnic.sys><SiS Corporation>
[USB PC Camera (SNPSTD3) / SNPSTD3][Running/Manual Start]
  <system32\DRIVERS\snpstd3.sys><>
[sptd / sptd][Running/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[SVKP / SVKP][Running/Auto Start]
  <\??\C:\WINDOWS\system32\SVKP.sys><AntiCracking>
[syswav / syswav][Stopped/System Start]
  <\SystemRoot\system32\drivers\syswav.sys><N/A>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[TSP / TSP][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><N/A>
[USB to Serial Bridge Controller / usb2vcom][Stopped/Manual Start]
  <system32\DRIVERS\usb2vcom.sys><Ark Pioneer Microelectronics Ltd.>
[vaxscsi / vaxscsi][Running/Manual Start]
  <\SystemRoot\System32\Drivers\vaxscsi.sys><N/A>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>

==================================
浏览器加载项
[Edit Class]
  {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\system32\CMBEdit.dll, >
[WebActivater Control]
  {3D8F74EE-8692-4F8F-B8D2-7522E732519E} <C:\WINDOWS\system32\WEBACT~1.OCX, QQ>
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, >
[Timer Object]
  {59CCB4A0-727D-11CF-AC36-00AA00A47DD2} <C:\WINDOWS\Downloaded Program Files\ietimer.ocx, Microsoft Corporation>
[InfoSecNetSign Class]
  {62B938C4-4190-4F37-8CF0-A92B0A91CC77} <C:\WINDOWS\system32\NetSign.dll, Infosec Technologies Co., Ltd.>
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\system32\INPUTC~1.DLL, >
[Java Plug-in]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, N/A>
[Java Plug-in]
  {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, N/A>
[Java Plug-in 1.5.0_06]
  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll, Sun Microsystems, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[AxUSBKey Class]
  {DA215190-98B2-47DE-AE24-DA95481DFFBA} <C:\WINDOWS\system32\USBKey.dll, >
[WebThunder Browser Helper]
  {00000AAA-A363-466E-BEF5-9BB68697AA7F} <D:\Thunder Network\WebThunder\WebThunderBHO_Now.dll, Thunder Networking Technologies,LTD>
[Google Script Object]
  {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <, N/A>
[WebThunder Class]
  {03507A1A-E0C5-4404-AA26-205385C0892D} <, N/A>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, N/A>

[Edit Class]
  {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\system32\CMBEdit.dll, >
[InfosecCertInstall Class]
  {0EB487C8-E9AC-43A6-8C4C-083999B0622F} <C:\WINDOWS\system32\certInStall.dll, >
[CEnroll Class]
  {127698E4-E730-4E5C-A2B1-21490A70C8A1} <C:\WINDOWS\system32\xenroll.dll, Microsoft Corporation>
[iTrusPTA Class]
  {1E0DFFCF-27FF-4574-849B-55007349FEDA} <C:\WINDOWS\system32\aliedit\pta.dll, >
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[&Google]
  {2318C2B1-4965-11D4-9B18-009027A5CD4F} <, N/A>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[Vod Class]
  {2EEDA47E-8D5C-4d7e-B4B6-E16E19218555} <D:\Thunder Network\WebThunder\DownAndPlay\DapPlayer1.1.0.46.dll, XunLei>
[IETag Factory]
  {38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, Microsoft Corporation>
[AliAntiFish Class]
  {38938D50-8A48-44C2-945F-D2F23F771410} <C:\Program Files\Alisoft\Toolbar\Assist\yAngling.dll, Alibaba>
[WebActivater Control]
  {3D8F74EE-8692-4F8F-B8D2-7522E732519E} <C:\WINDOWS\system32\WEBACT~1.OCX, QQ>
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, >
[HHCtrl Object]
  {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[Timer Object]
  {59CCB4A0-727D-11CF-AC36-00AA00A47DD2} <C:\WINDOWS\Downloaded Program Files\ietimer.ocx, Microsoft Corporation>
[InfoSecNetSign Class]
  {62B938C4-4190-4F37-8CF0-A92B0A91CC77} <C:\WINDOWS\system32\NetSign.dll, Infosec Technologies Co., Ltd.>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[WangWangObj Class]
  {6E213FC7-DD5A-4115-B7E6-D4C7838C361E} <D:\Program Files\淘宝网\淘宝旺旺\WangWangX4.dll, 阿里软件（中国）有限公司>
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\system32\INPUTC~1.DLL, >
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, N/A>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[AxSubmitControl Class]
  {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\system32\SUBMIT~1.DLL, >
[Google Toolbar Helper]
  {AA58ED58-01DD-4D91-8333-CF10577473F7} <, N/A>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Adobe Acrobat Control for ActiveX]
  {CA8A9780-280D-11CF-A24D-444553540000} <D:\ACROBA~1.0\Reader\ActiveX\pdf.ocx, Adobe Systems Incorporated>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__MPEGURL Moniker Class]
  {CD3AFA78-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
  {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__AVI Moniker Class]
  {CD3AFA88-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
  {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[assist]
  {FE3FCAE7-0A37-4506-8A7D-3CC9A04D2CA8} <C:\Program Files\Alisoft\Toolbar\Assist\yassist.dll, Alibaba>

==================================
正在运行的进程
[PID: 584][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 644][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 672][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\klogon.dll]  [Kaspersky Lab, 6.0.2.614]
[PID: 716][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 728][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 892][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 952][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1036][C:\Program Files\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 1056][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1104][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1128][C:\Program Files\Rising\Rav\Ravmond.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 49]
    [C:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\rfwctrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [C:\Program Files\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 15]
    [C:\Program Files\Rising\Rav\libload.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
    [C:\Program Files\Rising\Rav\VirusLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 15]
    [C:\Program Files\Rising\Rav\HookWeb.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
    [C:\Program Files\Rising\Rav\SpamEng.dll]  [N/A, 18, 0, 0, 6]
    [C:\Program Files\Rising\Rav\engine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 30]
[PID: 1384][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\rsswz.dll]  [N/A, N/A]
    [D:\Rising\Rising\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1396][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1456][C:\WINDOWS\System32\SCardSvr.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1664][C:\WINDOWS\system32\BHDCRegC.exe]  [SHHIC, 1.01]
    [D:\Rising\Rising\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1700][D:\Rising\Rising\runiep.exe]  [Beijing Rising Technology Co., Ltd., 4.0.0.15]
    [D:\Rising\Rising\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1708][C:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [D:\Rising\Rising\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1772][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\Rising\Rising\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1784][C:\Program Files\CyberLink\Shared Files\RichVideo.exe]  [, 1.1.1006  ]
[PID: 1828][C:\Program Files\Rising\Rav\Ravmon.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 45]
    [C:\Program Files\Rising\Rav\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
    [C:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [C:\Program Files\Rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [D:\Rising\Rising\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 244][d:\Alcohol 120\StarWind\StarWindService.exe]  [Rocket Division Software, 2.6.1 Build 0x20050401]
[PID: 288][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 304][C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe]  [Ulead Systems, Inc., 1, 0, 0, 4]
[PID: 356][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 636][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3200][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\Rising\Rising\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll]  [Kaspersky Lab, 6.0.2.614]
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll]  [Kaspersky Lab, 6.0.2.614]
    [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll]  [Kaspersky Lab, 6.0.2.614]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\WINDOWS\system32\UNISPIM5.IME]  [北京紫光华宇软件股份有限公司, 5.0.0.5076]
[PID: 2892][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\Rising\Rising\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll]  [Kaspersky Lab, 6.0.2.614]
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll]  [Kaspersky Lab, 6.0.2.614]
    [D:\Program Files\淘宝网\淘宝旺旺\WangWangX4.dll]  [阿里软件（中国）有限公司, 1, 0, 0, 1]
    [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll]  [Kaspersky Lab, 6.0.2.614]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\WINDOWS\system32\UNISPIM5.IME]  [北京紫光华宇软件股份有限公司, 5.0.0.5076]
[PID: 3076][D:\Program Files\淘宝网\淘宝旺旺\WangWang.exe]  [阿里巴巴软件（上海）有限公司, 5, 1, 0, 9]
    [D:\Program Files\淘宝网\淘宝旺旺\AliSkin.dll]  [阿里巴巴软件（上海）有限公司, 1.0.0.1]
    [D:\Program Files\淘宝网\淘宝旺旺\zlib.dll]  [N/A, 1.2.3]
    [D:\Program Files\淘宝网\淘宝旺旺\Ali_Res.DLL]  [N/A, N/A]
    [D:\Program Files\淘宝网\淘宝旺旺\WangWangX4.dll]  [阿里软件（中国）有限公司, 1, 0, 0, 1]
    [D:\Program Files\淘宝网\淘宝旺旺\RichOne.dll]  [阿里巴巴软件（上海）有限公司, 1.0.0.1]
    [D:\Program Files\淘宝网\淘宝旺旺\TBProgress.dll]  [阿里巴巴软件（上海）有限公司, 1.0.0.1]
    [D:\Program Files\淘宝网\淘宝旺旺\MessageNotify.dll]  [, 1, 0, 0, 1]
    [D:\Rising\Rising\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [D:\Program Files\淘宝网\淘宝旺旺\ww_network.dll]  [N/A, 1, 0, 1, 23]
    [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll]  [Kaspersky Lab, 6.0.2.614]
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll]  [Kaspersky Lab, 6.0.2.614]
    [D:\Program Files\淘宝网\淘宝旺旺\AliViewMedia.dll]  [阿里巴巴软件（上海）有限公司, 1, 0, 0, 2]
    [D:\Program Files\淘宝网\淘宝旺旺\VLNetwork.dll]  [阿里巴巴软件（上海）有限公司, 1, 0, 0, 6]
    [D:\Program Files\淘宝网\淘宝旺旺\VideoCap.dll]  [, 1, 0, 0, 4]
    [D:\Program Files\淘宝网\淘宝旺旺\VLAudio.dll]  [阿里巴巴软件（上海）有限公司, 1, 0, 0, 5]
    [D:\Program Files\淘宝网\淘宝旺旺\JsmShow.dll]  [阿里巴巴软件（上海）有限公司, 1, 0, 0, 4]
    [C:\WINDOWS\system32\msdmo.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\UNISPIM5.IME]  [北京紫光华宇软件股份有限公司, 5.0.0.5076]
[PID: 2544][F:\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]
    [D:\Rising\Rising\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. [hh.exe %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [notepad.exe %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
N/A

==================================


[/CODE]

先试试看

还是不行啊，再扫一次
2007-07-08,23:09:12

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <BHDCRegC><C:\WINDOWS\system32\BHDCRegC.exe>  [SHHIC]
    <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <runeip><"D:\Rising\Rising\runiep.exe" /startup>  [Beijing Rising Technology Co., Ltd.]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]

==================================
启动文件夹
N/A

==================================
服务
[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
  <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[GrayPigeon_Hacker.com.cn / GrayPigeon_Hacker.com.cn][Stopped/Disabled]
  <><N/A>
[Google Updater Service / gusvc][Stopped/Manual Start]
  <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Proxy  Service / RfwProxySrv][Stopped/Manual Start]
  <c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Stopped/Auto Start]
  <c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Cyberlink RichVideo Service(CRVS) / RichVideo][Running/Auto Start]
  <"C:\Program Files\CyberLink\Shared Files\RichVideo.exe"><>
[Remote Procedure Call System(RPCS) / RpcS][Stopped/Disabled]
  <C:\WINDOWS\system32\RpcS.exe><Microsoft Corporation>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[StarWind iSCSI Service / StarWindService][Running/Auto Start]
  <d:\Alcohol 120\StarWind\StarWindService.exe><Rocket Division Software>
[Ulead Burning Helper / UleadBurningHelper][Running/Auto Start]
  <C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe><Ulead Systems, Inc.>
[Windows Media Connect Service / WMConnectCDS][Stopped/Manual Start]
  <C:\Program Files\Windows Media Connect 2\wmccds.exe><Microsoft Corporation>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\mspmsnsv.dll><Microsoft Corporation>

==================================
驱动程序
[Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]
  <system32\drivers\ALCXSENS.SYS><Sensaura>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[arp8023 / arp8023][Stopped/Disabled]
  <\SystemRoot\system32\drivers\arp8023.sys><N/A>
[Rising TDI Base Driver / BaseTDI][Stopped/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[BHDCKEY / BHDCKEY][Running/Manual Start]
  <System32\Drivers\usbdriver.sys><BHDC>
[Creative AudioPCI (ES1371,ES1373) (WDM) / es1371][Running/Manual Start]
  <system32\drivers\es1371mp.sys><Creative Technology Ltd.>
[ExpScaner / ExpScaner][Stopped/Auto Start]
  <\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[HookCont / HookCont][Stopped/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Stopped/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Stopped/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[MEMSCAN / MEMSCAN][Stopped/Auto Start]
  <\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[nbfy / nbfyy][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\nbfyy.sys><N/A>
[Netgroup Packet Filter / NPF][Stopped/Disabled]
  <system32\drivers\npf.sys><CACE Technologies>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\C:\WINDOWS\system32\qqedit\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Padus ASPI Shell / pfc][Running/Manual Start]
  <system32\drivers\pfc.sys><Padus, Inc.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
[RsFwDrv / RsFwDrv][Stopped/Auto Start]
  <\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Stopped/Auto Start]
  <\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[SiS PCI Fast Ethernet Adapter Driver / SISNIC][Running/Manual Start]
  <system32\DRIVERS\sisnic.sys><SiS Corporation>
[USB PC Camera (SNPSTD3) / SNPSTD3][Running/Manual Start]
  <system32\DRIVERS\snpstd3.sys><>
[sptd / sptd][Running/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[SVKP / SVKP][Stopped/Disabled]
  <\??\C:\WINDOWS\system32\SVKP.sys><AntiCracking>
[syswav / syswav][Stopped/Disabled]
  <\SystemRoot\system32\drivers\syswav.sys><N/A>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[TSP / TSP][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><N/A>
[USB to Serial Bridge Controller / usb2vcom][Stopped/Manual Start]
  <system32\DRIVERS\usb2vcom.sys><Ark Pioneer Microelectronics Ltd.>
[vaxscsi / vaxscsi][Stopped/Disabled]
  <\SystemRoot\System32\Drivers\vaxscsi.sys><Alcohol Soft Co., Ltd.>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>

浏览器加载项
[Edit Class]
  {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\system32\CMBEdit.dll, >
[WebActivater Control]
  {3D8F74EE-8692-4F8F-B8D2-7522E732519E} <C:\WINDOWS\system32\WEBACT~1.OCX, QQ>
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, >
[Timer Object]
  {59CCB4A0-727D-11CF-AC36-00AA00A47DD2} <C:\WINDOWS\Downloaded Program Files\ietimer.ocx, Microsoft Corporation>
[InfoSecNetSign Class]
  {62B938C4-4190-4F37-8CF0-A92B0A91CC77} <C:\WINDOWS\system32\NetSign.dll, Infosec Technologies Co., Ltd.>
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\system32\INPUTC~1.DLL, >
[Java Plug-in]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, N/A>
[Java Plug-in]
  {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, N/A>
[Java Plug-in 1.5.0_06]
  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll, Sun Microsystems, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[AxUSBKey Class]
  {DA215190-98B2-47DE-AE24-DA95481DFFBA} <C:\WINDOWS\system32\USBKey.dll, >
[WebThunder Browser Helper]
  {00000AAA-A363-466E-BEF5-9BB68697AA7F} <D:\Thunder Network\WebThunder\WebThunderBHO_Now.dll, Thunder Networking Technologies,LTD>
[Google Script Object]
  {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <, N/A>
[WebThunder Class]
  {03507A1A-E0C5-4404-AA26-205385C0892D} <, N/A>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, N/A>
[Edit Class]
  {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\system32\CMBEdit.dll, >
[InfosecCertInstall Class]
  {0EB487C8-E9AC-43A6-8C4C-083999B0622F} <C:\WINDOWS\system32\certInStall.dll, >
[CEnroll Class]
  {127698E4-E730-4E5C-A2B1-21490A70C8A1} <C:\WINDOWS\system32\xenroll.dll, Microsoft Corporation>
[iTrusPTA Class]
  {1E0DFFCF-27FF-4574-849B-55007349FEDA} <C:\WINDOWS\system32\aliedit\pta.dll, >
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[&Google]
  {2318C2B1-4965-11D4-9B18-009027A5CD4F} <, N/A>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[Vod Class]
  {2EEDA47E-8D5C-4d7e-B4B6-E16E19218555} <D:\Thunder Network\WebThunder\DownAndPlay\DapPlayer1.1.0.46.dll, XunLei>
[IETag Factory]
  {38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, Microsoft Corporation>
[AliAntiFish Class]
  {38938D50-8A48-44C2-945F-D2F23F771410} <C:\Program Files\Alisoft\Toolbar\Assist\yAngling.dll, Alibaba>
[WebActivater Control]
  {3D8F74EE-8692-4F8F-B8D2-7522E732519E} <C:\WINDOWS\system32\WEBACT~1.OCX, QQ>
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, >
[HHCtrl Object]
  {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[Timer Object]
  {59CCB4A0-727D-11CF-AC36-00AA00A47DD2} <C:\WINDOWS\Downloaded Program Files\ietimer.ocx, Microsoft Corporation>
[InfoSecNetSign Class]
  {62B938C4-4190-4F37-8CF0-A92B0A91CC77} <C:\WINDOWS\system32\NetSign.dll, Infosec Technologies Co., Ltd.>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[WangWangObj Class]
  {6E213FC7-DD5A-4115-B7E6-D4C7838C361E} <D:\Program Files\淘宝网\淘宝旺旺\WangWangX4.dll, 阿里软件（中国）有限公司>
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\system32\INPUTC~1.DLL, >
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, N/A>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[AxSubmitControl Class]
  {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\system32\SUBMIT~1.DLL, >
[Google Toolbar Helper]
  {AA58ED58-01DD-4D91-8333-CF10577473F7} <, N/A>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Adobe Acrobat Control for ActiveX]
  {CA8A9780-280D-11CF-A24D-444553540000} <D:\ACROBA~1.0\Reader\ActiveX\pdf.ocx, Adobe Systems Incorporated>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__MPEGURL Moniker Class]
  {CD3AFA78-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
  {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__AVI Moniker Class]
  {CD3AFA88-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
  {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[assist]
  {FE3FCAE7-0A37-4506-8A7D-3CC9A04D2CA8} <C:\Program Files\Alisoft\Toolbar\Assist\yassist.dll, Alibaba>

正在运行的进程
[PID: 540][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 600][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 624][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 672][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 684][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 844][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 908][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 992][C:\Program Files\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 1012][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1052][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1088][C:\Program Files\Rising\Rav\Ravmond.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 49]
    [C:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\rfwctrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [C:\Program Files\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 15]
    [C:\Program Files\Rising\Rav\libload.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
    [C:\Program Files\Rising\Rav\VirusLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 15]
    [C:\Program Files\Rising\Rav\HookWeb.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
    [C:\Program Files\Rising\Rav\SpamEng.dll]  [N/A, 18, 0, 0, 6]
    [C:\Program Files\Rising\Rav\engine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 30]
[PID: 1292][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1376][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\rsswz.dll]  [N/A, N/A]
    [D:\Rising\Rising\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1396][C:\WINDOWS\System32\SCardSvr.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1600][C:\WINDOWS\system32\BHDCRegC.exe]  [SHHIC, 1.01]
    [D:\Rising\Rising\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1616][D:\Rising\Rising\runiep.exe]  [Beijing Rising Technology Co., Ltd., 4.0.0.15]
    [D:\Rising\Rising\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1624][C:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [D:\Rising\Rising\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1644][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\Rising\Rising\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1720][C:\Program Files\Rising\Rav\Ravmon.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 45]
    [C:\Program Files\Rising\Rav\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
    [C:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [C:\Program Files\Rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [D:\Rising\Rising\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1728][C:\Program Files\CyberLink\Shared Files\RichVideo.exe]  [, 1.1.1006  ]
[PID: 1776][d:\Alcohol 120\StarWind\StarWindService.exe]  [Rocket Division Software, 2.6.1 Build 0x20050401]
[PID: 1796][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1808][C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe]  [Ulead Systems, Inc., 1, 0, 0, 4]
[PID: 1824][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 300][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1848][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\Rising\Rising\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\WINDOWS\system32\UNISPIM5.IME]  [北京紫光华宇软件股份有限公司, 5.0.0.5076]
[PID: 1872][C:\WINDOWS\system32\wuauclt.exe]  [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
[PID: 596][F:\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]
    [D:\Rising\Rising\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
N/A

==================================


[/CODE]

瑞星卡卡电脑诊断日志 v1.20 (2007-7-9 17:0:39)  北京瑞星科技股份有限公司

注释:[A]表示该文件存在自启动关联;
[M]表示该文件在内存中;

+ 注册表自运行项目
  + Win32 Services
    + HKLM\System\CurrentControlSet\Services
      Adobe LM Service
        [A ] 1. c:\program files\common files\adobe systems shared\service\adobelmsvc.exe
          Adobe Systems
          System Level Service Utility
          .text,.rdata,.data,.rsrc,
          55 8B EC 6A FF 68 20 E2 40 00 68 08 75 40 00 64
      aspnet_state
        [A ] 2. c:\windows\microsoft.net\framework\v1.1.4322\aspnet_state.exe
          Microsoft Corporation
          aspnet_state.exe
          .text,.data,.rsrc,
          6A 28 68 F0 11 42 00 E8 D3 02 00 00 33 FF 57 FF
      gusvc
        [A ] 3. c:\program files\google\common\google updater\googleupdaterservice.exe
          Google
          gusvc
          .text,.rdata,.data,.rsrc,
          6A 60 68 20 95 41 00 E8 40 03 00 00 BF 94 00 00
      ose
        [A ] 4. c:\program files\common files\microsoft shared\source engine\ose.exe
          Microsoft Corporation
          Office Source Engine
          .text,.data,.rsrc,
          6A 74 68 60 2E 00 30 E8 23 04 00 00 33 DB 89 5D
      RfwProxySrv
        [A ] 5. c:\program files\rising\rfw\rfwproxy.exe
          Beijing Rising Technology Co., Ltd.
          Rising Personal Proxy Service
          .text,.rdata,.data,.rsrc,
          55 8B EC 6A FF 68 60 94 40 00 68 40 85 40 00 64
      RfwService
        [A ] 6. c:\program files\rising\rfw\rfwsrv.exe
          Beijing Rising Technology Co., Ltd.
          Rising Personal FireWall Service
          .text,.rdata,.data,.rsrc,
          55 8B EC 6A FF 68 70 AC 41 00 68 F0 90 41 00 64
      RichVideo
        [AM] 7. c:\program files\cyberlink\shared files\richvideo.exe
          RichVideo Module
          .text,.rdata,.data,.rsrc,
          55 8B EC 6A FF 68 08 02 42 00 68 72 B2 41 00 64
      RpcS
        [A ] 8. c:\windows\system32\rpcs.exe
          Microsoft Corporation
          Generic Host Process for Win32 Services
            ,.rsrc,.idata  ,Themida ,
      RsCCenter
        [AM] 9. c:\program files\rising\rav\ccenter.exe
          Beijing Rising Technology Co., Ltd.
          CCenter
          .text,.rdata,.data,.rsrc,
          55 8B EC 6A FF 68 C8 26 41 00 68 D8 AB 40 00 64
      RsRavMon
        [AM] 10. c:\program files\rising\rav\ravmond.exe
          Beijing Rising Technology Co., Ltd.
          RavMond
          .text,.rdata,.data,.rsrc,
          55 8B EC 6A FF 68 F8 D7 42 00 68 C4 E4 41 00 64
      StarWindService
        [AM] 11. d:\alcohol 120\starwind\starwindservice.exe
          Rocket Division Software
          StarWind iSCSI Target (Alcohol Edition)
          .text,.data,.rsrc,
          6A 18 68 F0 AF 40 00 E8 EF 0C 00 00 BB 94 00 00
      UleadBurningHelper
        [AM] 12. c:\program files\common files\ulead systems\dvd\ulcdrsvr.exe
          Ulead Systems, Inc.
          ULCDRSvr
          .text,.rdata,.data,.rsrc,
          55 8B EC 6A FF 68 90 71 40 00 68 F8 2E 40 00 64
      UMWdf
        [AM] 13. c:\windows\system32\wdfmgr.exe
          Microsoft Corporation
          Windows User Mode Driver Manager
          .text,.data,.rsrc,
          6A 28 68 30 26 00 01 E8 A5 01 00 00 66 81 3D 00
      WMConnectCDS
        [A ] 14. c:\program files\windows media connect 2\wmccds.exe
          Microsoft Corporation
          Windows Media Connect
          .text,.data,.rsrc,
          6A 70 68 C0 7F 00 01 E8 E5 01 00 00 33 FF 57 FF
  + Kernel Drivers
    + HKLM\System\CurrentControlSet\Services
      ALCXSENS
        [A ] 15. c:\windows\system32\drivers\alcxsens.sys
          Sensaura
          Sensaura WDM 3D Audio Driver
          .text,page,init,.data,.CRT,init,INIT,.rsrc,.reloc,
          E8 6B 69 FB FF E9 76 FF FF FF CC CC CC CC CC CC
      ALCXWDM
        [A ] 16. c:\windows\system32\drivers\alcxwdm.sys
          Realtek Semiconductor Corp.
          Realtek AC'97 Audio Driver (WDM)
          .text,.rdata,.data,.CRT,.data1,PAGE,INIT,.rsrc,.reloc,
          53 56 57 8B 7C 24 10 68 4E 0B 01 00 FF 74 24 18
      arp8023
        [A ] 17. c:\windows\system32\drivers\arp8023.sys
          .text,.rdata,.data,INIT,.reloc,
          55 8B EC 81 EC 78 02 00 00 53 57 6A 1B 59 33 C0
      BaseTDI
        [A ] 18. c:\windows\system32\drivers\basetdi.sys
          Beijing Rising Technology Co., Ltd.
          basetdi
          .text,.rdata,.data,INIT,.rsrc,.reloc,
          55 8B EC 83 EC 14 53 56 57 E8 13 04 00 00 8B 35
      BHDCKEY
        [A ] 19. c:\windows\system32\drivers\usbdriver.sys
          BHDC
          BHDC
          .text,.rdata,.data,INIT,.rsrc,.reloc,
          8B 44 24 04 B9 DE 0D 01 00 C7 40 34 30 10 01 00
      ExpScaner
        [A ] 20. c:\program files\rising\rav\expscan.sys
          ExpScan.sys
          .text,.rdata,.data,INIT,.rsrc,.reloc,
          55 8B EC 51 68 88 38 02 00 FF 15 70 1F 01 00 83
      HookCont
        [A ] 21. c:\program files\rising\rav\hookcont.sys
          Rising
          HookCont
          .text,.rdata,.data,INIT,.rsrc,.reloc,
          55 8B EC 83 EC 14 53 56 57 68 70 20 00 00 E8 F7
      HookReg
        [A ] 22. c:\program files\rising\rav\hookreg.sys
          .text,.rdata,.data,INIT,.rsrc,.reloc,
          55 8B EC 83 EC 64 56 57 C7 45 AC 00 00 00 00 B9
      HookSys
        [A ] 23. c:\program files\rising\rav\hooksys.sys
          Rising
          Hooksys
          .text,.rdata,.data,INIT,.rsrc,.reloc,
          55 8B EC 83 EC 14 53 56 57 E8 8A 08 00 00 68 FC
      HookUrl
        [A ] 24. c:\program files\rising\rfw\hookurl.sys
          Beijing Rising Technology Co., Ltd.
          HookUrl
          .text,.rdata,.data,INIT,.rsrc,.reloc,
          55 8B EC 83 EC 10 53 56 8B 75 08 57 6A 1B B8 8C
      MEMSCAN
        [A ] 25. c:\program files\rising\rav\memscan.sys
          瑞星软件有限公司
          MemScan Driver
          .text,.rdata,.data,INIT,.rsrc,.reloc,
          55 8B EC 83 EC 14 56 8B 35 DC 0C 01 00 57 8D 45
      nbfyy
        [A ] 26. c:\windows\system32\drivers\nbfyy.sys
          .text,.data,INIT,.reloc,
          55 8B EC 83 EC 0C 68 D4 10 01 00 E8 78 04 00 00
      NPF
        [A ] 27. c:\windows\system32\drivers\npf.sys
          CACE Technologies
          npf
          .text,.rdata,.data,INIT,.rsrc,.reloc,
          55 8B EC 81 EC 80 00 00 00 53 56 57 8B 7D 0C 33
      npkcrypt
        [A ] 28. c:\windows\system32\qqedit\npkcrypt.sys
          INCA Internet Co., Ltd.
          nProtect KeyCrypt Driver
          .text,.rdata,.data,INIT,.rsrc,.reloc,
          51 53 56 E8 47 2A 00 00 A3 28 36 01 00 E8 C4 29
      pfc
        [A ] 29. c:\windows\system32\drivers\pfc.sys
          Padus, Inc.
          Padus(R) ASPI Shell
          .text,.rdata,.data,INIT,.rsrc,.reloc,
          55 8B EC 83 EC 14 56 68 00 1F 01 00 8D 45 F4 50
      RsAntiSpyware
        [A ] 30. c:\windows\system32\drivers\rsboot.sys
          Beijing Rising Technology Co., Ltd.
          Anti-RootKit Driver
          .text,.rdata,.data,INIT,.rsrc,.reloc,
          B8 00 00 00 00 C2 08 00 33 F6 57 89 75 F4 60 8D
      RsFwDrv
        [A ] 31. c:\program files\rising\rfw\rsfwdrv.sys
          Beijing Rising Technology Co., Ltd.
          nt_fwdrv
          .text,.rdata,.data,INIT,.rsrc,.reloc,
          55 8B EC 83 EC 14 53 56 57 E8 74 CA FF FF 84 C0
      RsNTGDI
        [A ] 32. c:\windows\system32\drivers\rsntgdi.sys
          Beijing Rising Technology Co., Ltd.
          RsNTGDI
          .text,.rdata,INIT,.rsrc,.reloc,
          55 8B EC 83 EC 10 56 8B 75 08 57 8B 3D 58 05 01
      RSPPSYS
        [A ] 33. c:\program files\rising\rav\rsppsys.sys
          Rising
          RSPPSYS.SYS
          .text,.rdata,.data,INIT,.rsrc,.reloc,
          55 8B EC 83 EC 14 53 6A 5C E8 EE FB FF FF 33 DB
      Secdrv
        [A ] 34. c:\windows\system32\drivers\secdrv.sys
          .text,.data,INIT,.reloc,
          55 8B EC 83 EC 10 53 56 57 E8 E4 A3 FF FF 89 45
      SNPSTD3
        [A ] 35. c:\windows\system32\drivers\snpstd3.sys
          PC Camera driver
          .text,.rdata,.data,INIT,.rsrc,.reloc,
          55 8B EC 83 EC 3C 57 6A 0F 59 33 C0 6A 28 8D 7D
      sptd
        [A ] 36. c:\windows\system32\drivers\sptd.sys
      SVKP
        [A ] 37. c:\windows\system32\svkp.sys
          AntiCracking
          SVKP driver for NT
          .text,.data,INIT,.rsrc,.reloc,
          55 8B EC 83 C4 F4 53 56 57 8D 7D F4 68 00 04 01
      syswav
        [A ] 38. c:\windows\system32\drivers\syswav.sys
      TSP
        [A ] 39. c:\windows\system32\drivers\klif.sys
      usb2vcom
        [A ] 40. c:\windows\system32\drivers\usb2vcom.sys
          Ark Pioneer Microelectronics Ltd.
          USB to Serial Bridge Controller Driver
          .text,.data,INIT,.rsrc,.reloc,
          8B 44 24 04 8B 48 18 C7 41 04 3A 28 01 00 83 60
      vaxscsi
        [A ] 41. c:\windows\system32\drivers\vaxscsi.sys
          Alcohol Soft Co., Ltd.
          SCSI miniport
          .text,.edata,.edata,.data,INIT,.const,.rsrc,.vax0,.reloc,
          55 8B EC 5D E9 FB FB FF FF CC 68 8A D8 02 00 E9

+ Explorer
    + HKLM\SOFTWARE\Classes\PROTOCOLS\Filter
      application/octet-stream
        [A ] 42. c:\windows\system32\mscoree.dll
          Microsoft Corporation
          Microsoft .NET Runtime Execution Engine
          .text,.data,.rsrc,.reloc,
          6A 0C 68 B8 21 17 79 E8 84 FF FF FF 33 C0 40 89
      application/x-complus
        [A ] 42. c:\windows\system32\mscoree.dll
          Microsoft Corporation
          Microsoft .NET Runtime Execution Engine
          .text,.data,.rsrc,.reloc,
          6A 0C 68 B8 21 17 79 E8 84 FF FF FF 33 C0 40 89
      application/x-msdownload
        [A ] 42. c:\windows\system32\mscoree.dll
          Microsoft Corporation
          Microsoft .NET Runtime Execution Engine
          .text,.data,.rsrc,.reloc,
          6A 0C 68 B8 21 17 79 E8 84 FF FF FF 33 C0 40 89
      text/xml
        [A ] 43. c:\program files\common files\microsoft shared\office11\msoxmlmf.dll
          Microsoft Corporation
          Microsoft Office XML MIME Filter
          .text,.data,.rsrc,.reloc,
          6A 0C 68 70 22 40 00 E8 FD 01 00 00 33 C0 40 89
    + HKLM\SOFTWARE\Classes\PROTOCOLS\Handler
      mso-offdap
        [A ] 44. c:\program files\common files\microsoft shared\web components\10\owc10.dll
          Microsoft Corporation
          Microsoft Office XP Web Components
          .text,.data,.rtext,.bootdat,msoconst,Shared,.rsrc,.reloc,
          55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
    + HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
      HyperTerminal Icon Ext
        [A ] 45. c:\windows\system32\hticons.dll
          Hilgraeve, Inc.
          HyperTerminal Applet Library
          .text,.data,.rsrc,.reloc,
      Fusion Cache
        [A ] 42. c:\windows\system32\mscoree.dll
          Microsoft Corporation
          Microsoft .NET Runtime Execution Engine
          .text,.data,.rsrc,.reloc,
          6A 0C 68 B8 21 17 79 E8 84 FF FF FF 33 C0 40 89
      WinRAR shell extension
        [A ] 46. d:\winrar\rarext.dll
          .text,.data,.tls,.idata,.edata,.rsrc,.reloc,
      Microsoft Office HTML Icon Handler
        [AM] 47. d:\microsoft office\office11\msohev.dll
          Microsoft Corporation
          Microsoft Office 2003 component
          .text,.data,.rsrc,.reloc,
          6A 0C 68 A8 41 5C 32 E8 B5 00 00 00 33 C0 40 89
      Web Folders
        [A ] 48. c:\program files\common files\microsoft shared\web folders\msonsext.dll
          Microsoft Corporation
          Microsoft Web Folders
          .text,.data,.rsrc,.reloc,
          6A 0C 68 B0 AC 0A 49 E8 DA 00 00 00 33 C0 40 89
      AlcoholShellEx
        [A ] 49. d:\alcohol 120\axshlex.dll
          Alcohol Soft Development Team
          AXShlEx.dll
          UPX0,UPX1,.rsrc,
          80 7C 24 08 01 0F 85 E2 01 00 00 60 BE 00 30 48
      RISING
        [A ] 50. c:\windows\system32\ravext.dll
          Beijing Rising Technology Co., Ltd.
          Rising Shell Ext Module
          .text,.rdata,.data,.rsrc,.reloc,
          55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
  + Logon
    + HKLM\Software\Microsoft\Windows\CurrentVersion\Run
      BHDCRegC
        [AM] 51. c:\windows\system32\bhdcregc.exe
          SHHIC
          .text,.data,.rsrc,
          68 5C 18 40 00 E8 EE FF FF FF 00 00 00 00 00 00
      RfwMain
        [A ] 52. c:\program files\rising\rfw\rfwmain.exe
          Beijing Rising Technology Co., Ltd.
          Rising Personal FireWall Main Program
          .text,.rdata,.data,.rsrc,
          55 8B EC 6A FF 68 28 EB 41 00 68 E0 AD 41 00 64
      runeip
        [AM] 53. d:\rising\rising\runiep.exe
          Beijing Rising Technology Co., Ltd.
          Rising AntiSpyware Monitor
          .text,.rdata,.data,.rsrc,
          55 8B EC 6A FF 68 E0 6B 40 00 68 40 52 40 00 64
      RavTask
        [AM] 54. c:\program files\rising\rav\ravtask.exe
          Beijing Rising Technology Co., Ltd.
          RavTimer
          .text,.rdata,.data,.rsrc,
          55 8B EC 6A FF 68 50 E3 40 00 68 D4 90 40 00 64
  + Boot Execute
    + HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
      BootExecute
        [A ] 55. c:\windows\system32\bsmain.exe
          Beijing Rising Technology Co., Ltd.
          BootScan
          .text,.data,.rsrc,.reloc,
          55 8B EC 6A FF 68 F0 27 00 01 68 74 9E 00 01 64
  + Image Hijacks
    + HKCR\.html
      htmlfile\Edit\Command
        [A ] 56. d:\microsoft office\office11\msohtmed.exe
          Microsoft Corporation
          Microsoft Office 2003 component
          .text,.data,.rsrc,
          6A 74 68 58 26 00 30 E8 A8 FF FF FF 33 DB 89 5D
      htmlfile\Print\Command
        [A ] 56. d:\microsoft office\office11\msohtmed.exe
          Microsoft Corporation
          Microsoft Office 2003 component
          .text,.data,.rsrc,
          6A 74 68 58 26 00 30 E8 A8 FF FF FF 33 DB 89 5D
    + HKCR\.htm
      htmlfile\Edit\Command
        [A ] 56. d:\microsoft office\office11\msohtmed.exe
          Microsoft Corporation
          Microsoft Office 2003 component
          .text,.data,.rsrc,
          6A 74 68 58 26 00 30 E8 A8 FF FF FF 33 DB 89 5D
      htmlfile\Print\Command
        [A ] 56. d:\microsoft office\office11\msohtmed.exe
          Microsoft Corporation
          Microsoft Office 2003 component
          .text,.data,.rsrc,
          6A 74 68 58 26 00 30 E8 A8 FF FF FF 33 DB 89 5D
+ 系统活动模块
  + 000000e8(232) RichVideo.exe
    00400000[0002A000]
      [AM] 7. c:\program files\cyberlink\shared files\richvideo.exe
        RichVideo Module
        .text,.rdata,.data,.rsrc,
        55 8B EC 6A FF 68 08 02 42 00 68 72 B2 41 00 64
  + 00000100(256) StarWindService.exe
    00400000[00043000]
      [AM] 11. d:\alcohol 120\starwind\starwindservice.exe
        Rocket Division Software
        StarWind iSCSI Target (Alcohol Edition)
        .text,.data,.rsrc,
        6A 18 68 F0 AF 40 00 E8 EF 0C 00 00 BB 94 00 00
  + 00000108(264) ULCDRSvr.exe
    00400000[0000E000]
      [AM] 12. c:\program files\common files\ulead systems\dvd\ulcdrsvr.exe
        Ulead Systems, Inc.
        ULCDRSvr
        .text,.rdata,.data,.rsrc,
        55 8B EC 6A FF 68 90 71 40 00 68 F8 2E 40 00 64
  + 00000114(276) svchost.exe
  + 00000134(308) wdfmgr.exe
    01000000[0000C000]
      [AM] 13. c:\windows\system32\wdfmgr.exe
        Microsoft Corporation
        Windows User Mode Driver Manager
        .text,.data,.rsrc,
        6A 28 68 30 26 00 01 E8 A5 01 00 00 66 81 3D 00
  + 00000220(544) smss.exe
  + 0000025c(604) csrss.exe
  + 00000274(628) winlogon.exe
    72C80000[00008000]
      [ M] 57. c:\windows\system32\msacm32.drv
        Microsoft Corporation
        Microsoft Sound Mapper
        .text,.data,.rsrc,.reloc,
        8B 44 24 08 83 E8 00 74 30 48 75 3A 56 8B 74 24
  + 000002a4(676) services.exe
  + 000002b0(688) lsass.exe
  + 000002d0(720) IEXPLORE.EXE
    10000000[0001B000]
      [ M] 58. d:\rising\rising\ieprot.dll
        Beijing Rising Technology Co., Ltd.
        IE Protector
        .text,.rdata,.data,.rsrc,.reloc,
        6A 0C 68 00 CD 70 01 E8 BD 02 00 00 33 C0 40 89
    325C0000[00012000]
      [AM] 47. d:\microsoft office\office11\msohev.dll
        Microsoft Corporation
        Microsoft Office 2003 component
        .text,.data,.rsrc,.reloc,
        6A 0C 68 A8 41 5C 32 E8 B5 00 00 00 33 C0 40 89
    72C80000[00008000]
      [ M] 57. c:\windows\system32\msacm32.drv
        Microsoft Corporation
        Microsoft Sound Mapper
        .text,.data,.rsrc,.reloc,
        8B 44 24 08 83 E8 00 74 30 48 75 3A 56 8B 74 24
    03940000[00022000]
      [ M] 59. d:\program files\淘宝网\淘宝旺旺\wangwangx4.dll
        阿里软件（中国）有限公司
        WangWangX Module
        .text,.rdata,.data,.rsrc,.reloc,
        83 7C 24 08 01 75 05 E8 D4 41 00 00 FF 74 24 04
    30000000[002EE000]
      [ M] 60. c:\windows\system32\macromed\flash\flash9b.ocx
        Adobe Systems, Inc.
        Adobe Flash Player 9.0  r28
        .text,.rdata,.data,.rsrc,.reloc,
        6A 0C 68 C8 B9 1C 30 E8 67 EB FF FF 33 C0 40 89
    03CB0000[00020000]
      [ M] 61. c:\windows\system32\aliedit\pta.dll
        PTA Module
        UPX0,UPX1,.rsrc,
        80 7C 24 08 01 0F 85 C2 01 00 00 60 BE 00 40 01
    08DF0000[001D0000]
      [ M] 62. c:\windows\system32\unispim5.ime
        北京紫光华宇软件股份有限公司
        紫光华宇拼音输入法V5

.text,.rdata,.data,.share_d,.rsrc,.reloc,
        83 7C 24 08 01 75 05 E8 DF 97 00 00 FF 74 24 04
  + 00000350(848) svchost.exe
  + 00000360(864) svchost.exe
  + 00000390(912) svchost.exe
  + 000003e4(996) CCenter.exe
    00400000[0001E000]
      [AM] 9. c:\program files\rising\rav\ccenter.exe
        Beijing Rising Technology Co., Ltd.
        CCenter
        .text,.rdata,.data,.rsrc,
        55 8B EC 6A FF 68 C8 26 41 00 68 D8 AB 40 00 64
  + 000003f8(1016) svchost.exe
  + 00000420(1056) svchost.exe
  + 00000440(1088) Ravmond.exe
    00400000[0004E000]
      [AM] 10. c:\program files\rising\rav\ravmond.exe
        Beijing Rising Technology Co., Ltd.
        RavMond
        .text,.rdata,.data,.rsrc,
        55 8B EC 6A FF 68 F8 D7 42 00 68 C4 E4 41 00 64
    10000000[0002E000]
      [ M] 63. c:\program files\rising\rav\bwlist.dll
        Beijing Rising Technology Co., Ltd.
        BWList DLL
        .text,.rdata,.data,.rsrc,.reloc,
        55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
    00730000[0001B000]
      [ M] 64. c:\program files\rising\rav\rscommx.dll
        rising
        RsCommX
        .text,.rdata,.data,.rsrc,.reloc,
        55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
    00B60000[0000F000]
      [ M] 65. c:\program files\rising\rav\rfwctrl.dll
        Beijing Rising Technology Co., Ltd.
        RfwCtrl DLL
        .text,.rdata,.data,.rsrc,.reloc,
        55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
    00B70000[0000E000]
      [ M] 66. c:\program files\rising\rav\rsappmgr.dll
        Beijing Rising Technology Co., Ltd.
        Rising Application Manager
        .text,.rdata,.data,.rsrc,.reloc,
        55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
    08D90000[0002F000]
      [ M] 67. c:\program files\rising\rav\cfgdll.dll
        Beijing Rising Technology Co., Ltd.
        CfgDll
        .text,.rdata,.data,.rsrc,.reloc,
        55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
    23700000[0001A000]
      [ M] 68. c:\program files\rising\rav\rscommon.dll
        Beijing Rising Technology Co., Ltd.
        Rising Common Function Dynamic Link Library
        .text,.rdata,.data,.rsrc,.reloc,
        55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
    09030000[0000B000]
      [ M] 69. c:\program files\rising\rav\rslog.dll
        Beijing Rising Technology Co., Ltd.
        RsLog DLL
        .text,.rdata,.data,.rsrc,.reloc,
        55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
    09040000[00029000]
      [ M] 70. c:\program files\rising\rav\scanner.dll
        Beijing Rising Technology Co., Ltd.
        RsScanner
        .text,.rdata,.data,.rsrc,.reloc,
        55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
    13100000[0002E000]
      [ M] 71. c:\program files\rising\rav\libload.dll
        Beijing Rising Technology Co., Ltd.
        LibLoad
        .text,.rdata,.data,.rsrc,.reloc,
        6A 0C 68 C0 1C 12 13 E8 17 13 00 00 33 C0 40 89
    091A0000[0002C000]
      [ M] 72. c:\program files\rising\rav\viruslib.dll
        Beijing Rising Technology Co., Ltd.
        VirusLib
        .text,.rdata,.data,.rsrc,.reloc,
        6A 0C 68 90 18 02 10 E8 16 13 00 00 33 C0 40 89
    09090000[0000D000]
      [ M] 73. c:\program files\rising\rav\hookweb.dll
        Beijing Rising Technology Co., Ltd.
        HookWeb
        .text,.rdata,.data,.rsrc,.reloc,
        55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
    09420000[00085000]
      [ M] 74. c:\program files\rising\rav\spameng.dll
        SpamEng Dynamic Link Library
        .text,.rdata,.data,.rsrc,.reloc,
        6A 0C 68 50 98 07 10 E8 18 1D 00 00 33 C0 40 89
    094C0000[0003C000]
      [ M] 75. c:\program files\rising\rav\engine.dll
        Beijing Rising Technology Co., Ltd.
        engine
        .text,.rdata,.data,.rsrc,.reloc,
        6A 0C 68 48 0B 03 10 E8 8C 12 00 00 33 C0 40 89
  + 000004f8(1272) spoolsv.exe
  + 00000524(1316) IEXPLORE.EXE
    10000000[0001B000]
      [ M] 58. d:\rising\rising\ieprot.dll
        Beijing Rising Technology Co., Ltd.
        IE Protector
        .text,.rdata,.data,.rsrc,.reloc,
        6A 0C 68 00 CD 70 01 E8 BD 02 00 00 33 C0 40 89
    325C0000[00012000]
      [AM] 47. d:\microsoft office\office11\msohev.dll
        Microsoft Corporation
        Microsoft Office 2003 component
        .text,.data,.rsrc,.reloc,
        6A 0C 68 A8 41 5C 32 E8 B5 00 00 00 33 C0 40 89
    72C80000[00008000]
      [ M] 57. c:\windows\system32\msacm32.drv
        Microsoft Corporation
        Microsoft Sound Mapper
        .text,.data,.rsrc,.reloc,
        8B 44 24 08 83 E8 00 74 30 48 75 3A 56 8B 74 24
  + 0000054c(1356) Explorer.EXE
    10000000[00010000]
      [ M] 76. c:\windows\system32\rsswz.dll
        .data,.reloc,
        6A 0C 68 F8 1F 00 10 E8 92 05 00 00 33 C0 40 89
    00C40000[0001B000]
      [ M] 58. d:\rising\rising\ieprot.dll
        Beijing Rising Technology Co., Ltd.
        IE Protector
        .text,.rdata,.data,.rsrc,.reloc,
        6A 0C 68 00 CD 70 01 E8 BD 02 00 00 33 C0 40 89
    72C80000[00008000]
      [ M] 57. c:\windows\system32\msacm32.drv
        Microsoft Corporation
        Microsoft Sound Mapper
        .text,.data,.rsrc,.reloc,
        8B 44 24 08 83 E8 00 74 30 48 75 3A 56 8B 74 24
  + 00000560(1376) SCardSvr.exe
  + 00000620(1568) BHDCRegC.exe
    00400000[0000C000]