瑞星监控经常自动关闭，不知怎么回事。斑竹帮忙看看日志。


[CODE]

2007-09-01,13:49:57

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 1 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>  [(Verified)Microsoft Windows XP Publisher]
    <swg><C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe>  [(Verified)Google Inc]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows XP Publisher]
    <PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows XP Publisher]
    <PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows XP Publisher]
    <AME_CSA><rundll32 amecsa.cpl,RUN_DLL>  [Alcatel Microelectronics]
    <BigDogPath><C:\WINDOWS\VM_STI.EXE USB PC Camera 301P>  [N/A]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <nwiz><nwiz.exe /install>  []
    <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <BigDog303><C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)>  [N/A]
    <runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
    <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <SunJavaUpdateSched><C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe>  [Sun Microsystems, Inc.]
    <NeroFilterCheck><C:\WINDOWS\system32\NeroCheck.exe>  [Ahead Software Gmbh]
    <RavTimer><C:\Program Files\rising\Rav\rav\RavTimer.exe>  [N/A]
    <RavMon><C:\Program Files\rising\Rav\rav\RavMon.exe>  [N/A]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <mppds><C:\WINDOWS\mppds.exe>  []
    <WinForm><C:\WINDOWS\WinForm.exe>  []
    <Kvsc3><C:\WINDOWS\Kvsc3.exe>  []
    <AVPSrv><C:\WINDOWS\AVPSrv.exe>  []
    <DiskMan32><C:\WINDOWS\huvcmu.exe>  []
    <cmdbcs><C:\WINDOWS\cmdbcs.exe>  []
    <NVDispDrv><C:\WINDOWS\uqfmad.exe>  []
    <DbgHlp32><C:\WINDOWS\DbgHlp32.exe>  []
    <MsIMMs32><C:\WINDOWS\MsIMMs32.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <RavStub><"C:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
    <RavMon><C:\Program Files\rising\Rav\rav\RavMon.exe /AUTO>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><EXPLORER.EXE>  [(Verified)Microsoft Windows XP Publisher]
    <Userinit><C:\WINDOWS\System32\Userinit.exe,>  [(Verified)Microsoft Windows XP Publisher]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{306D6C21-C1B6-4629-986C-E59E1875B8AF}]
    <N/A><"C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Install.PerUser>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\Program Files\Herosoft\Hero 9\解霸屏保.SCR>  [N/A]

==================================

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; iebar; acc=htpasswd)

启动文件夹
N/A

==================================
服务
[F5E13AD0 / F5E13AD0][Stopped/Auto Start]
  <C:\WINDOWS\System32\F323790.EXE -k><Microsoft Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation>
[Rising Proxy  Service / RfwProxySrv][Stopped/Manual Start]
  <c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
  <C:\Program Files\Rising\Rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\RavMonD.exe"><Beijing Rising Technology Co., Ltd.>
[System Recover Servic / SysreSrv][Stopped/Disabled]
  <sysresrv.exe><N/A>

==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[AmeLanPc / AmeLanPc][Running/Manual Start]
  <System32\DRIVERS\AmeLanPc.sys><Alcatel Microelectronics>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\C:\Program Files\rising\Rav\ExpScan.sys><>
[HookCont / HookCont][Running/Auto Start]
  <\??\C:\Program Files\rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\C:\Program Files\rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\C:\Program Files\rising\Rav\MEMSCAN.sys><Beijing Rising Technology Co., Ltd.>
[Motorola USB CDC ACM Driver / motmodem][Stopped/Manual Start]
  <System32\DRIVERS\motmodem.sys><Motorola>
[mProcRs / mProcRs][Running/Auto Start]
  <\??\c:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
  <system32\drivers\npf.sys><N/A>
[npkcrypt / npkcrypt][Stopped/Auto Start]
  <\??\F:\cyq\npkcrypt.sys><N/A>
[nv / nv][Running/Manual Start]
  <System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Padus ASPI Shell / pfc][Running/Manual Start]
  <system32\drivers\pfc.sys><Padus, Inc.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\System32\drivers\RsBoot.sys><Beijing Rising>
[RsFwDrv / RsFwDrv][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\System32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\C:\Program Files\rising\Rav\RSPPSYS.sys><Rising>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
  <System32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[Motorola USB Modem Driver for MPT XP / usbsermptxp][Stopped/Manual Start]
  <System32\DRIVERS\usbsermptxp.sys><Microsoft Corporation>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <System32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[USB PC Camera 301P / ZSMC301b][Stopped/Manual Start]
  <System32\Drivers\usbVM31b.sys><N/A>
[VIMICRO USB PC Camera (ZC0301PLH) / ZSMC303][Running/Manual Start]
  <System32\Drivers\usbVM303.sys><Vimicro Corporation>

==================================
浏览器加载项
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\System32\xunleibho_v13.dll, Thunder Networking Technologies,LTD>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <D:\迅雷\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\acdsee\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[VnetCookie Class]
  {4E83D567-4697-4F7B-B1F0-A513B01DB89A} <c:\PROGRA~1\chinanet\VNETTR~1.DLL, >
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\迅雷\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[星空极速]
  {8A03D6E7-7FDA-4CE9-95D0-988790911BF0} <C:\WINDOWS\uact1.dll, gd.vnet.cn>
[Google Toolbar Helper]
  {AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar3.dll, Google Inc.>
[Google Toolbar Notifier BHO]
  {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
[Java Plug-in 1.5.0_01]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll, Sun Microsystems, Inc.>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <D:\迅雷\Thunder.exe, Thunder Networking Technologies,LTD>
[豪杰超级解霸9]
  {367E0A21-8601-4986-9C9A-153BF5ACA118} <C:\Program Files\Herosoft\Hero 9\STHSDVD.EXE, Herosoft>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[&Google]
  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar3.dll, Google Inc.>
[Yahoo! 相册轻松上载工具 Class]
  {0150EB11-5FB4-4D9E-85EA-0F155705227E} <C:\WINDOWS\Downloaded Program Files\YDropperCN.dll, Yahoo! Inc.>
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\System32\LegitCheckControl.DLL, Microsoft Corporation>
[Installation Support]
  {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} <C:\Program Files\Yahoo!\Common\Yinsthelper.dll, Yahoo! Inc.>
[Malicious Software Removal Tool]
  {4B48D5DF-9021-45F7-A240-60304302A215} <C:\WINDOWS\Downloaded Program Files\WebCleaner.dll, Microsoft Corporation>
[MSN Photo Upload Tool]
  {4F1E5B1A-2A80-42CA-8532-2D05CB959537} <C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, Microsoft? Corporation>
[Windows Live Safety Center Base Module]
  {5ED80217-570B-4DA9-BF44-BE107C0EC166} <C:\WINDOWS\Downloaded Program Files\wlscBase.dll, Microsoft Corporation>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\System32\wuweb.dll, Microsoft Corporation>
[Windows Live Photo Upload Control]
  {7FC1B346-83E6-4774-8D20-1A6B09B0E737} <C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MsnPUpld.dll, Microsoft? Corporation>
[163Uploader Control]
  {8686F2A6-DC01-4E8F-BDE3-DCC7DBBAD6AE} <C:\WINDOWS\System32\163UPL~1.OCX, 广州网易互动娱乐有限公司>
[Java Plug-in 1.5.0_01]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll, Sun Microsystems, Inc.>
[photo_uploader Control]
  {A984ED9F-E8DA-44E5-BC18-C14B9ABEF79D} <C:\WINDOWS\DOWNLO~1\PHOTO_~1.OCX, >
[MsnMessengerSetupDownloadControl Class]
  {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} <C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx, Microsoft Corporation>
[Java Plug-in 1.5.0_01]
  {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll, Sun Microsystems, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[VqqSpeedDlProxy Class]
  {F138084D-84D7-48CD-BEA8-04772457516E} <C:\WINDOWS\vqqsdl.dll, Tencent>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <D:\迅雷\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[Vod Class]
  {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <D:\迅雷\Components\DownAndPlay\DapPlayer_Now.dll, XunLei>
[Save使用超级解霸播放]
  <C:\Program Files\Herosoft\Hero 9\MPURLGET.HTM, N/A>
[使用超级解霸播放]
  <C:\Program Files\Herosoft\Hero 9\MPURLGET.HTM, N/A>
[使用迅雷下载]
  <D:\迅雷\Program\GetUrl.htm, N/A>
[使用迅雷下载全部链接]
  <D:\迅雷\Program\GetAllUrl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
  <D:\other software\AddEmotion.htm, N/A>

==================================
正在运行的进程
[PID: 388 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 624 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\28CB8BD8.DLL]  [Microsoft Corporation, ]
[PID: 648 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.1557 (xpsp2_gdr.040517-1325)]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\28CB8BD8.DLL]  [Microsoft Corporation, ]
[PID: 692 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\28CB8BD8.DLL]  [Microsoft Corporation, ]
[PID: 704 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\28CB8BD8.DLL]  [Microsoft Corporation, ]
[PID: 860 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\28CB8BD8.DLL]  [Microsoft Corporation, ]
[PID: 900 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\28CB8BD8.DLL]  [Microsoft Corporation, ]
[PID: 1028 / NETWORK SERVICE][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\28CB8BD8.DLL]  [Microsoft Corporation, ]
[PID: 1060 / LOCAL SERVICE][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\28CB8BD8.DLL]  [Microsoft Corporation, ]
[PID: 1296 / ym][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [C:\PROGRA~1\WINDOW~2\wmpband.dll]  [Microsoft Corporation, 10.00.00.3802]
    [C:\WINDOWS\System32\28CB8BD8.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [C:\WINDOWS\System32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\System32\WinForm.dll]  [N/A, ]
    [C:\WINDOWS\System32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\System32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\System32\DbgHlp32.dll]  [N/A, ]
    [C:\WINDOWS\System32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS\System32\NVDispDrv.dll]  [N/A, ]
    [C:\WINDOWS\System32\MsIMMs32.dll]  [N/A, ]
    [C:\WINDOWS\System32\DiskMan32.dll]  [N/A, ]
    [D:\acdsee\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
    [C:\WINDOWS\System32\nvcpl.dll]  [NVIDIA Corporation, 6.14.10.8198]
    [C:\WINDOWS\System32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.8198]
    [C:\WINDOWS\System32\nvshell.dll]  [, ]
    [D:\迅雷\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.2.9]
    [D:\acdsee\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.7.2006011200]
    [C:\WINDOWS\System32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\迅雷\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 3, 11]
    [D:\迅雷\Components\ResWorker\DsBho_00.dll]  [, 1, 0, 0, 4]
    [D:\迅雷\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 6]
    [C:\WINDOWS\uact1.dll]  [gd.vnet.cn, 1.0.0.1]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
[PID: 1432 / SYSTEM][C:\Program Files\Rising\Rav\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\WINDOWS\System32\28CB8BD8.DLL]  [Microsoft Corporation, ]
[PID: 1624 / ym][C:\Program Files\Rising\Rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 72]
    [C:\Program Files\Rising\Rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
    [C:\Program Files\Rising\Rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Rising\Rfw\RfwCtrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [C:\Program Files\Rising\Rfw\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [C:\Program Files\Rising\Rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\WINDOWS\System32\28CB8BD8.DLL]  [Microsoft Corporation, ]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [C:\Program Files\Rising\Rfw\PSAPI.DLL]  [Microsoft Corporation, 4.00]
    [C:\WINDOWS\System32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\System32\WinForm.dll]  [N/A, ]
    [C:\WINDOWS\System32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\System32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\System32\DiskMan32.dll]  [N/A, ]
    [C:\WINDOWS\System32\DbgHlp32.dll]  [N/A, ]
    [C:\WINDOWS\System32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS\System32\NVDispDrv.dll]  [N/A, ]
    [C:\WINDOWS\System32\MsIMMs32.dll]  [N/A, ]
[PID: 1628 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.1699 (xpsp2.050610-1533)]
    [C:\WINDOWS\System32\28CB8BD8.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\system32\mdimon.dll]  [Microsoft Corporation, 11.3.1897.0]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll]  [Microsoft Corporation, 11.3.1897.0]
[PID: 1852 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\28CB8BD8.DLL]  [Microsoft Corporation, ]
[PID: 1932 / SYSTEM][C:\WINDOWS\System32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.8198]
    [C:\WINDOWS\System32\28CB8BD8.DLL]  [Microsoft Corporation, ]
[PID: 2020 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\28CB8BD8.DLL]  [Microsoft Corporation, ]
[PID: 180 / LOCAL SERVICE][C:\WINDOWS\System32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
    [C:\WINDOWS\System32\28CB8BD8.DLL]  [Microsoft Corporation, ]
[PID: 600 / ym][C:\WINDOWS\System32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\amecsa.cpl]  [Alcatel Microelectronics, 2, 0, 0, 25]
    [C:\WINDOWS\System32\MultLang.dll]  [, 5, 0, 0, 1]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [C:\WINDOWS\System32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\System32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\System32\WinForm.dll]  [N/A, ]
    [C:\WINDOWS\System32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\System32\DiskMan32.dll]  [N/A, ]
    [C:\WINDOWS\System32\DbgHlp32.dll]  [N/A, ]
    [C:\WINDOWS\System32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS\System32\NVDispDrv.dll]  [N/A, ]
    [C:\WINDOWS\System32\MsIMMs32.dll]  [N/A, ]
[PID: 1232 / ym][C:\Program Files\Rising\AntiSpyware\runiep.exe]  [Beijing Rising Technology Co., Ltd., 1, 0, 1, 4]
    [C:\Program Files\Rising\AntiSpyware\iep_ctrl.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [C:\WINDOWS\System32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\System32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\System32\WinForm.dll]  [N/A, ]
    [C:\WINDOWS\System32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\System32\DiskMan32.dll]  [N/A, ]
    [C:\WINDOWS\System32\DbgHlp32.dll]  [N/A, ]
    [C:\WINDOWS\System32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS\System32\NVDispDrv.dll]  [N/A, ]
    [C:\WINDOWS\System32\MsIMMs32.dll]  [N/A, ]
[PID: 1744 / ym][C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe]  [Sun Microsystems, Inc., 1.5.0.10]
[PID: 940 / ym][C:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\System32\WinForm.dll]  [N/A, ]
    [C:\WINDOWS\System32\mppds.dll]  [N/A, ]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [C:\WINDOWS\System32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\System32\DiskMan32.dll]  [N/A, ]
    [C:\WINDOWS\System32\DbgHlp32.dll]  [N/A, ]
    [C:\WINDOWS\System32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS\System32\NVDispDrv.dll]  [N/A, ]
    [C:\WINDOWS\System32\MsIMMs32.dll]  [N/A, ]
[PID: 744 / ym][C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe]  [Google Inc., 2, 0, 301, 1654]
    [C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\gtn.dll]  [Google Inc., 2, 0, 301, 7164]
    [C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\res_zh-CN.dll]  [Google Inc., 2, 0, 301, 7164]
    [C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll]  [Google Inc., 2, 0, 301, 7164]
    [C:\WINDOWS\System32\DiskMan32.dll]  [N/A, ]
    [C:\WINDOWS\System32\DbgHlp32.dll]  [N/A, ]
    [C:\WINDOWS\System32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS\System32\NVDispDrv.dll]  [N/A, ]
    [C:\WINDOWS\System32\MsIMMs32.dll]  [N/A, ]
    [C:\WINDOWS\System32\AVPSrv.dll]  [N/A, ]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [C:\WINDOWS\System32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\System32\WinForm.dll]  [N/A, ]
    [C:\WINDOWS\System32\mppds.dll]  [N/A, ]
[PID: 3388 / ym][D:\Hijackthis1991\sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [C:\WINDOWS\System32\DiskMan32.dll]  [N/A, ]
    [C:\WINDOWS\System32\DbgHlp32.dll]  [N/A, ]
    [C:\WINDOWS\System32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS\System32\NVDispDrv.dll]  [N/A, ]
    [C:\WINDOWS\System32\MsIMMs32.dll]  [N/A, ]
    [C:\WINDOWS\System32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\System32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\System32\WinForm.dll]  [N/A, ]
    [C:\WINDOWS\System32\mppds.dll]  [N/A, ]
    [D:\Hijackthis1991\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
[C:\]
[AutoRun]
open=auto.exe
shellexecute=auto.exe
shell\Auto\command=auto.exe
[D:\]
[AutoRun]
open=auto.exe
shellexecute=auto.exe
shell\Auto\command=auto.exe
[E:\]
[AutoRun]
open=auto.exe
shellexecute=auto.exe
shell\Auto\command=auto.exe
[F:\]
[AutoRun]
open=auto.exe
shellexecute=auto.exe
shell\Auto\command=auto.exe

==================================
HOSTS 文件
N/A

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 1232, C:\PROGRAM FILES\RISING\ANTISPYWARE\RUNIEP.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1744, C:\PROGRAM FILES\JAVA\JRE1.5.0_01\BIN\JUSCHED.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]