瑞星卡卡安全论坛

我用HijackThis 扫描的日志，偶看不懂。

ogfile of HijackThis v1.99.1
Scan saved at 7:46:35, on 2006-5-24
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\drivers\CDAC11BA.EXE
C:\WINNT\system32\DRIVERS\CDANTSRV.EXE
C:\WINNT\system32\crypserv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
c:\program files\rising\rfw\RfwMain.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Winamp5\plugins\gac\Global Audio Control.exe
C:\Program Files\Rising\Rav\RavTask.exe
E:\软件下载\下载MP3\PC万能防改精灵.exe
C:\WINNT\system32\internat.exe
C:\Program Files\SnowFox\DesktopSprite2\DesktopSprite.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\WINNT\system32\conime.exe
C:\WINNT\system32\cmd.exe
C:\WINNT\system32\ping.exe
C:\Program Files\Rising\Rav\RsAgent.exe
C:\WINNT\msagent\AgentSvr.exe
C:\Documents and Settings\a\桌面\HijackThis.exe

O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O2 - BHO: 超级兔子上网精灵 - {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} - C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll (file missing)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: (no name) - {F43BD772-ABDD-43b7-A96A-3E9E61946EC0} - (no file)
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: 超级兔子上网精灵 - {43869BB3-22FD-4F15-9B46-238106BA2F4E} - C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll (file missing)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [GAC 全局音量控制] C:\Program Files\Winamp5\plugins\gac\Global Audio Control.exe
O4 - HKLM\..\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [PC防改精灵] E:\软件下载\下载MP3\PC万能防改精灵.exe
O4 - HKLM\..\Run: [LoadEWXD] C:\WINNT\system32\msxml4r.exe
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKCU\..\Run: [DesktopSprite] C:\Program Files\SnowFox\DesktopSprite2\DesktopSprite.exe
O4 - Startup: 腾讯QQ.lnk = C:\Program Files\Tencent\qq\QQ.exe
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\qq\AddToNetDisk.htm
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\qq\SendMMS.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\qq\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\qq\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\qq\QQIEHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\qq\QQIEHelper.dll (file missing)
O11 - Options group: [CDNCLIENT]  中文上网
O16 - DPF: {1F831FA1-42FC-11D4-95A6-0080AD30DCE1} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} (WebActivater Control) - http://game.qq.com/QQGame2.cab
O16 - DPF: {3F618E1F-D981-4905-A757-4D237441B5B3} (GolfInstallCheck2 Class) - http://download.ourgame.com/GolfInstallCheck2.cab
O16 - DPF: {43E839C5-E10F-443A-BC1F-F09CFD2ABC77} (updatePanelX Control) - http://www.uusee.com/jmd/player/updateC.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday 控件) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {ACFE8232-03C5-4AEC-AF5E-42B806724096} (KSHScan Control) - http://scan.kingsoft.com/scan/fangyi/KAllScan.CAB
O16 - DPF: {D0A29C6C-AA71-4423-8C4A-5998B774C448} - http://download.ourgame.com/IEDown4.cab
O16 - DPF: {F138084D-84D7-48CD-BEA8-04772457516E} (VqqSpeedDlProxy Class) - http://218.85.138.27/vqqsdl1009.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE1458D5-4128-4FD3-A431-2AAD1FB89146}: NameServer = 221.6.4.66,218.104.32.106
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINNT\system32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINNT\SYSTEM32\crypserv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - Service: Windows Management NetWork Service Extensions - Unknown owner - NetManager.exe (file missing)

【回复“山间之水”的帖子】
是否使用了相关工具禁止了IE首页修改？

不论怎么改都是被www.369.com给更改了啊，能用的都用了，请大侠帮忙一下，

【回复“山间之水”的帖子】
http://forum.ikaka.com/topic.asp?board=28&artid=6979213
下载System Repair Engineer 2.0.12.350
导出全部日志

用瑞星扫描都没有木马，可用防改精灵木马专杀就说中了木马。启动项目，Cdnctr 和  LoadEWXD 中了啊，不知道怎么删掉他，求教！！！！

【回复“山间之水”的帖子】
参考3楼回贴

OK？

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <Internat.exe><internat.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <load><>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <run><>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <Synchronization Manager><mobsync.exe /logon>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <AudioDeck><C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <GAC 全局音量控制><C:\Program Files\Winamp5\plugins\gac\Global Audio Control.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <CdnCtr><C:\Program Files\CNNIC\Cdn\cdnup.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <PC防改精灵><E:\软件下载\下载MP3\PC万能防改精灵.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <LoadEWXD><C:\WINNT\system32\msxml4r.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
  <Rfw><"C:\Program Files\Rising\Rfw\Update\Setup.exe" /UPDATE /ONCE>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <shell><Explorer.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <Userinit><C:\WINNT\system32\userinit.exe,>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <AppInit_DLLs><APIHookDll.dll>

==================================
启动文件夹
[腾讯QQ]
  <C:\Documents and Settings\a\「开始」菜单\程序\启动\腾讯QQ.lnk><N>

==================================
服务
[C-DillaCdaC11BA / C-DillaCdaC11BA]
  <C:\WINNT\system32\drivers\CDAC11BA.EXE><Macrovision>
[C-DillaSrv / C-DillaSrv]
  <C:\WINNT\system32\DRIVERS\CDANTSRV.EXE><C-Dilla Ltd>
[Crypkey License / Crypkey License]
  <crypserv.exe><Kenonic Controls Ltd.>
[Logical Disk Manager Administrative Service / dmadmin]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Messenger / Messenger]
  <><N/A>
[Rising Personal Firewall Service / RfwService]
  <c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Windows Management NetWork Service Extensions / Windows Management NetWork Service Extensions]
  <NetManager.exe -exe_start><N/A>

==================================
浏览器加载项
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[超级兔子上网精灵]
  {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\qq\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <C:\Program Files\Tencent\qq\QQIEHelper.dll, N/A>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft>
[超级兔子上网精灵]
  {43869BB3-22FD-4F15-9B46-238106BA2F4E} <C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, N/A>
[InstaFred]
  {1F831FA1-42FC-11D4-95A6-0080AD30DCE1} <C:\WINNT\DOWNLO~1\InstFred.ocx, Autodesk, Inc.>
[WebActivater Control]
  {3D8F74EE-8692-4F8F-B8D2-7522E732519E} <C:\WINNT\DOWNLO~1\WEBACT~1.OCX, QQ>
[GolfInstallCheck2 Class]
  {3F618E1F-D981-4905-A757-4D237441B5B3} <C:\WINNT\Downloaded Program Files\CONFLICT.1\GolfInstallCheck2.dll, >
[updatePanelX Control]
  {43E839C5-E10F-443A-BC1F-F09CFD2ABC77} <C:\WINNT\system32\uusee\internet\updateC.ocx, uusee>
[AcDcToday 控件]
  {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} <C:\WINNT\DOWNLO~1\ACDCTO~1.OCX, Autodesk>
[Update Class]
  {9F1C11AA-197B-4942-BA54-47A8489BB47F} <C:\WINNT\System32\iuctl.dll, Microsoft Corporation>
[KSHScan Control]
  {ACFE8232-03C5-4AEC-AF5E-42B806724096} <C:\WINNT\system32\kingsoft\ONLINE~1\KSHScan.ocx, kingsoft>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\macromed\flash\Flash.ocx, Macromedia, Inc.>
[VqqSpeedDlProxy Class]
  {F138084D-84D7-48CD-BEA8-04772457516E} <C:\WINNT\vqqsdl.dll, >
[上传到QQ网络硬盘]
  <C:\Program Files\Tencent\qq\AddToNetDisk.htm, N/A>
[使用网际快车下载]
  <C:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <C:\Program Files\FlashGet\jc_all.htm, N/A>
[添加到QQ自定义面板]
  <C:\Program Files\Tencent\qq\AddPanel.htm, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <C:\Program Files\Tencent\qq\SendMMS.htm, N/A>

正在运行的进程
[PID: 144][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.00.2195.6601>
[PID: 168][\??\C:\WINNT\system32\csrss.exe]  <Microsoft Corporation><5.00.2195.6601>
[PID: 164][\??\C:\WINNT\system32\winlogon.exe]  <Microsoft Corporation><5.00.2195.6997>
[PID: 216][C:\WINNT\system32\services.exe]  <Microsoft Corporation><5.00.2195.7035>
    [C:\WINNT\system32\dmserver.dll]  <VERITAS Software Corp.><2195.6605.297.3>
[PID: 228][C:\WINNT\system32\lsass.exe]  <Microsoft Corporation><5.00.2195.7011>
[PID: 400][c:\program files\rising\rfw\rfwsrv.exe]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 32>
    [c:\program files\rising\rfw\RfwRule.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 13>
    [c:\program files\rising\rfw\rfwlog.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 6>
    [c:\program files\rising\rfw\Rfwdrv.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 21>
    [c:\program files\rising\rfw\MonDrv.dll]  <rs><1, 0, 0, 4>
    [c:\program files\rising\rfw\ProcLib.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 9>
    [c:\program files\rising\rfw\mPorts.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 3>
[PID: 416][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 444][C:\Program Files\Rising\Rav\CCenter.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 624][C:\WINNT\system32\spoolsv.exe]  <Microsoft Corporation><5.00.2195.7059>
    [C:\WINNT\system32\hpwslmn.dll]  <HP><2.233.3.0>
[PID: 660][C:\WINNT\system32\drivers\CDAC11BA.EXE]  <Macrovision><4.20.020>
[PID: 680][C:\WINNT\system32\DRIVERS\CDANTSRV.EXE]  <C-Dilla Ltd><3.24.010>
[PID: 696][C:\WINNT\system32\crypserv.exe]  <Kenonic Controls Ltd.><5.4.0>
[PID: 716][C:\WINNT\System32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 768][C:\WINNT\system32\MSTask.exe]  <Microsoft Corporation><4.71.2195.6972>
[PID: 880][C:\WINNT\System32\WBEM\WinMgmt.exe]  <Microsoft Corporation><1.50.1085.0100>
[PID: 920][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 948][C:\WINNT\Explorer.EXE]  <Microsoft Corporation><5.00.3700.6690>
    [C:\WINNT\system32\AcSignIcon.dll]  <Autodesk><16.0.0.86>
    [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll]  <Autodesk><16.0.0.86>
    [C:\WINNT\Downlo~1\Gladiator.dll]  <中搜在线软件有限公司><1, 0, 0, 1>
    [C:\WINNT\system32\RavExt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
    [C:\WINNT\system32\styleman.cpl]  <Autodesk, Inc.><8.0.16.86>
    [C:\WINNT\system32\plotman.cpl]  <Autodesk, Inc.><8.0.16.86>
    [C:\Program Files\VIAudioi\SBADeck\ExtendDll.dll]  <N/A><N/A>
    [C:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
    [E:\软件下载\下载MP3\hyMenu.dll]  <水晶情缘工作室><2005.00>
[PID: 1108][c:\program files\rising\rfw\RfwMain.exe]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 51>
    [c:\program files\rising\rfw\RsGuiLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 23>
    [c:\program files\rising\rfw\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [c:\program files\rising\rfw\PngDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 1068][C:\Program Files\VIAudioi\SBADeck\ADeck.exe]  <VIA Technologies, Inc.><1.0.0.0>
    [C:\Program Files\VIAudioi\SBADeck\ADECKlib.dll]  <VIA Technologies, Inc><5, 20, 1, 0>
    [C:\Program Files\VIAudioi\SBADeck\ExtendDll.dll]  <N/A><N/A>
[PID: 1164][C:\Program Files\Winamp5\plugins\gac\Global Audio Control.exe]  <TinyTwo Productions><1.08.0001>
    [C:\Program Files\Winamp5\plugins\gac\GAC.dll]  <TinyTwo Productions><1.00.0156>
[PID: 1224][E:\软件下载\下载MP3\PC万能防改精灵.exe]  <水晶情缘工作室制作><8.70>
    [E:\软件下载\下载MP3\pcxp.dll]  <N/A><N/A>
[PID: 1256][C:\WINNT\system32\internat.exe]  <Microsoft Corporation><5.00.2920.0000>
[PID: 212][C:\WINNT\system32\conime.exe]  <Microsoft Corporation><5.00.2195.6655>
[PID: 972][C:\Program Files\Rising\Rav\RsAgent.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 12>
    [C:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
[PID: 616][C:\WINNT\msagent\AgentSvr.exe]  <Microsoft Corporation><2.00.0.3422>
[PID: 1172][C:\Program Files\Rising\Rav\RAVTASK.EXE]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [C:\Program Files\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [C:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
[PID: 332][C:\Program Files\Rising\Rav\Ravmond.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 1, 22>
    [C:\Program Files\Rising\Rav\BWList.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 18>
    [C:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [C:\Program Files\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\Program Files\Rising\Rav\RsLog.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 20>
    [C:\Program Files\Rising\Rav\HOOKSYS.dll]  <Rising><18, 1, 0, 9>
    [C:\Program Files\Rising\Rav\Scanner.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 30>
    [C:\Program Files\Rising\Rav\libload.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [C:\Program Files\Rising\Rav\VirusLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [C:\Program Files\Rising\Rav\regmon.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
    [C:\Program Files\Rising\Rav\HookWeb.dll]  <rising><18, 0, 0, 1>
    [C:\Program Files\Rising\Rav\MemMon.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 8>
    [C:\Program Files\Rising\Rav\expscan.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\Program Files\Rising\Rav\mPorts.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 3>
    [C:\Program Files\Rising\Rav\MailMon.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [C:\Program Files\Rising\Rav\SpamEng.dll]  <N/A><18, 0, 0, 6>
    [C:\Program Files\Rising\Rav\engine.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 28>
    [C:\Program Files\Rising\Rav\UnExe.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [C:\Program Files\Rising\Rav\PostTrt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9>
    [C:\Program Files\Rising\Rav\ScanExec.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [C:\Program Files\Rising\Rav\ScanEx.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 8>
    [C:\Program Files\Rising\Rav\NvFile.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
    [C:\Program Files\Rising\Rav\ScanMac.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
    [C:\Program Files\Rising\Rav\ScanSct.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 15>
    [C:\Program Files\Rising\Rav\Unpacker.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
    [C:\Program Files\Rising\Rav\ExtOLE.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
    [C:\Program Files\Rising\Rav\ScanNet.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 1480][C:\Program Files\Rising\Rav\RAVMON.EXE]  <Beijing Rising Technology Co., Ltd.><18, 0, 1, 19>
    [C:\Program Files\Rising\Rav\RsGuiLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 24>
    [C:\Program Files\Rising\Rav\BWList.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 18>
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [C:\Program Files\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [C:\Program Files\Rising\Rav\PngDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 500][C:\Program Files\Rising\Rav\RavStub.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
    [C:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[PID: 1200][C:\Program Files\Internet Explorer\iexplore.exe]  <Microsoft Corporation><6.00.2800.1106>
    [C:\WINNT\system32\AcSignIcon.dll]  <Autodesk><16.0.0.86>
    [C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll]  <CNNIC><1, 0, 0, 9>
    [C:\Program Files\VIAudioi\SBADeck\ExtendDll.dll]  <N/A><N/A>
[PID: 1500][C:\Program Files\WinRAR\WinRAR.exe]  <N/A><N/A>
    [C:\WINNT\system32\AcSignIcon.dll]  <Autodesk><16.0.0.86>
[PID: 1296][E:\软件下载\sreng2\SREng.exe]  <Smallfrogs Studio><2.0.12.350>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

【回复“山间之水”的帖子】
进入注册表
删除如下项（或直接使用System Repair Engineer修复）：
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<LoadEWXD><C:\WINNT\system32\msxml4r.exe>

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<Rfw><"C:\Program Files\Rising\Rfw\Update\Setup.exe" /UPDATE /ONCE>

＝＝＝＝＝＝＝＝＝

开始－－控制面板－－性能和维护－－管理工具－－服务
禁用如下服务：
[Windows Management NetWork Service Extensions / Windows Management NetWork Service Extensions]


开始－－运行
输入regedit
确定
进入注册表
展开[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]
找到后删除Windows Management NetWork Service Extensions文件夹

＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝

删除
C:\WINNT\system32\msxml4r.exe

＝＝＝＝＝＝＝

重置一下IE首页

直接使用System Repair Engineer修复后也没用啊，
删除[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <LoadEWXD><C:\WINNT\system32\msxml4r.exe>后，在运行注册表<LoadEWXD><C:\WINNT\system32\msxml4r.exe>还是在的啊，删不了。


注册表Windows Management NetWork Service Extensions文件夹也删了，还是不行，救急啊！！！

烦重启后，再扫份报告粘上来。

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <Internat.exe><internat.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <load><>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <run><>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <Synchronization Manager><mobsync.exe /logon>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <AudioDeck><C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <GAC 全局音量控制><C:\Program Files\Winamp5\plugins\gac\Global Audio Control.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <CdnCtr><C:\Program Files\CNNIC\Cdn\cdnup.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <PC防改精灵><E:\软件下载\下载MP3\PC万能防改精灵.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <LoadEWXD><C:\WINNT\system32\msxml4r.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <shell><Explorer.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <Userinit><C:\WINNT\system32\userinit.exe,>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <AppInit_DLLs><>

==================================
启动文件夹
[腾讯QQ]
  <C:\Documents and Settings\a\「开始」菜单\程序\启动\腾讯QQ.lnk><H>

==================================
服务
[C-DillaCdaC11BA / C-DillaCdaC11BA]
  <C:\WINNT\system32\drivers\CDAC11BA.EXE><Macrovision>
[C-DillaSrv / C-DillaSrv]
  <C:\WINNT\system32\DRIVERS\CDANTSRV.EXE><C-Dilla Ltd>
[Crypkey License / Crypkey License]
  <crypserv.exe><Kenonic Controls Ltd.>
[Logical Disk Manager Administrative Service / dmadmin]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Messenger / Messenger]
  <><N/A>
[Rising Personal Firewall Service / RfwService]
  <c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
浏览器加载项
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[超级兔子上网精灵]
  {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\qq\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <C:\Program Files\Tencent\qq\QQIEHelper.dll, N/A>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft>
[超级兔子上网精灵]
  {43869BB3-22FD-4F15-9B46-238106BA2F4E} <C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, N/A>
[InstaFred]
  {1F831FA1-42FC-11D4-95A6-0080AD30DCE1} <C:\WINNT\DOWNLO~1\InstFred.ocx, Autodesk, Inc.>
[WebActivater Control]
  {3D8F74EE-8692-4F8F-B8D2-7522E732519E} <C:\WINNT\DOWNLO~1\WEBACT~1.OCX, QQ>
[GolfInstallCheck2 Class]
  {3F618E1F-D981-4905-A757-4D237441B5B3} <C:\WINNT\Downloaded Program Files\CONFLICT.1\GolfInstallCheck2.dll, >
[updatePanelX Control]
  {43E839C5-E10F-443A-BC1F-F09CFD2ABC77} <C:\WINNT\system32\uusee\internet\updateC.ocx, uusee>
[AcDcToday 控件]
  {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} <C:\WINNT\DOWNLO~1\ACDCTO~1.OCX, Autodesk>
[Update Class]
  {9F1C11AA-197B-4942-BA54-47A8489BB47F} <C:\WINNT\System32\iuctl.dll, Microsoft Corporation>
[KSHScan Control]
  {ACFE8232-03C5-4AEC-AF5E-42B806724096} <C:\WINNT\system32\kingsoft\ONLINE~1\KSHScan.ocx, kingsoft>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\macromed\flash\Flash.ocx, Macromedia, Inc.>
[VqqSpeedDlProxy Class]
  {F138084D-84D7-48CD-BEA8-04772457516E} <C:\WINNT\vqqsdl.dll, >
[上传到QQ网络硬盘]
  <C:\Program Files\Tencent\qq\AddToNetDisk.htm, N/A>
[使用网际快车下载]
  <C:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <C:\Program Files\FlashGet\jc_all.htm, N/A>
[添加到QQ自定义面板]
  <C:\Program Files\Tencent\qq\AddPanel.htm, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <C:\Program Files\Tencent\qq\SendMMS.htm, N/A>
[访问通用网址]
  <, N/A>

正在运行的进程
[PID: 144][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.00.2195.6601>
[PID: 168][\??\C:\WINNT\system32\csrss.exe]  <Microsoft Corporation><5.00.2195.6601>
[PID: 164][\??\C:\WINNT\system32\winlogon.exe]  <Microsoft Corporation><5.00.2195.6997>
[PID: 216][C:\WINNT\system32\services.exe]  <Microsoft Corporation><5.00.2195.7035>
    [C:\WINNT\system32\dmserver.dll]  <VERITAS Software Corp.><2195.6605.297.3>
[PID: 228][C:\WINNT\system32\lsass.exe]  <Microsoft Corporation><5.00.2195.7011>
[PID: 388][c:\program files\rising\rfw\rfwsrv.exe]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 32>
    [c:\program files\rising\rfw\RfwRule.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 13>
    [c:\program files\rising\rfw\rfwlog.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 6>
    [c:\program files\rising\rfw\Rfwdrv.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 21>
    [c:\program files\rising\rfw\MonDrv.dll]  <rs><1, 0, 0, 4>
    [c:\program files\rising\rfw\ProcLib.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 9>
    [c:\program files\rising\rfw\mPorts.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 3>
[PID: 404][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 440][C:\Program Files\Rising\Rav\CCenter.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 488][C:\Program Files\Rising\Rav\Ravmond.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 1, 22>
    [C:\Program Files\Rising\Rav\BWList.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 18>
    [C:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [C:\Program Files\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\Program Files\Rising\Rav\RsLog.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 20>
    [C:\Program Files\Rising\Rav\HOOKSYS.dll]  <Rising><18, 1, 0, 9>
    [C:\Program Files\Rising\Rav\Scanner.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 30>
    [C:\Program Files\Rising\Rav\libload.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [C:\Program Files\Rising\Rav\VirusLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [C:\Program Files\Rising\Rav\regmon.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
    [C:\Program Files\Rising\Rav\HookWeb.dll]  <rising><18, 0, 0, 1>
    [C:\Program Files\Rising\Rav\MemMon.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 8>
    [C:\Program Files\Rising\Rav\expscan.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\Program Files\Rising\Rav\mPorts.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 3>
    [C:\Program Files\Rising\Rav\MailMon.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [C:\Program Files\Rising\Rav\SpamEng.dll]  <N/A><18, 0, 0, 6>
    [C:\Program Files\Rising\Rav\engine.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 28>
    [C:\Program Files\Rising\Rav\PostTrt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9>
    [C:\Program Files\Rising\Rav\UnExe.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [C:\Program Files\Rising\Rav\ScanExec.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [C:\Program Files\Rising\Rav\ScanEx.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 8>
    [C:\Program Files\Rising\Rav\NvFile.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
    [C:\Program Files\Rising\Rav\ScanMac.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
    [C:\Program Files\Rising\Rav\ScanSct.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 15>
    [C:\Program Files\Rising\Rav\Unpacker.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
    [C:\Program Files\Rising\Rav\ExtOLE.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
    [C:\Program Files\Rising\Rav\ScanNet.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 536][C:\WINNT\system32\spoolsv.exe]  <Microsoft Corporation><5.00.2195.7059>
    [C:\WINNT\system32\hpwslmn.dll]  <HP><2.233.3.0>
[PID: 568][C:\WINNT\system32\drivers\CDAC11BA.EXE]  <Macrovision><4.20.020>
[PID: 588][C:\WINNT\system32\DRIVERS\CDANTSRV.EXE]  <C-Dilla Ltd><3.24.010>
[PID: 604][C:\WINNT\system32\crypserv.exe]  <Kenonic Controls Ltd.><5.4.0>
[PID: 624][C:\WINNT\System32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 672][C:\WINNT\system32\MSTask.exe]  <Microsoft Corporation><4.71.2195.6972>
[PID: 768][C:\Program Files\Rising\Rav\RavStub.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
    [C:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[PID: 840][C:\WINNT\System32\WBEM\WinMgmt.exe]  <Microsoft Corporation><1.50.1085.0100>
[PID: 916][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 1068][C:\WINNT\Explorer.EXE]  <Microsoft Corporation><5.00.3700.6690>
    [C:\WINNT\system32\AcSignIcon.dll]  <Autodesk><16.0.0.86>
    [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll]  <Autodesk><16.0.0.86>
    [C:\WINNT\Downlo~1\Gladiator.dll]  <中搜在线软件有限公司><1, 0, 0, 1>
    [E:\软件下载\下载MP3\hyMenu.dll]  <水晶情缘工作室><2005.00>
    [C:\WINNT\system32\RavExt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
    [C:\WINNT\system32\styleman.cpl]  <Autodesk, Inc.><8.0.16.86>
    [C:\WINNT\system32\plotman.cpl]  <Autodesk, Inc.><8.0.16.86>
    [C:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
[PID: 1116][c:\program files\rising\rfw\RfwMain.exe]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 51>
    [c:\program files\rising\rfw\RsGuiLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 23>
    [c:\program files\rising\rfw\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [c:\program files\rising\rfw\PngDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 1100][C:\Program Files\VIAudioi\SBADeck\ADeck.exe]  <VIA Technologies, Inc.><1.0.0.0>
    [C:\Program Files\VIAudioi\SBADeck\ADECKlib.dll]  <VIA Technologies, Inc><5, 20, 1, 0>
    [C:\Program Files\VIAudioi\SBADeck\ExtendDll.dll]  <N/A><N/A>
[PID: 1092][C:\Program Files\Winamp5\plugins\gac\Global Audio Control.exe]  <TinyTwo Productions><1.08.0001>
    [C:\Program Files\Winamp5\plugins\gac\GAC.dll]  <TinyTwo Productions><1.00.0156>
[PID: 1292][C:\Program Files\Rising\Rav\RavTask.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [C:\Program Files\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [C:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>

[PID: 1152][E:\软件下载\下载MP3\PC万能防改精灵.exe]  <水晶情缘工作室制作><8.70>
    [E:\软件下载\下载MP3\pcxp.dll]  <N/A><N/A>
[PID: 1072][C:\Program Files\Rising\Rav\Ravmon.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 1, 19>
    [C:\Program Files\Rising\Rav\RsGuiLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 24>
    [C:\Program Files\Rising\Rav\BWList.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 18>
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [C:\Program Files\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [C:\Program Files\Rising\Rav\PngDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 1308][C:\WINNT\system32\internat.exe]  <Microsoft Corporation><5.00.2920.0000>
[PID: 1284][C:\WINNT\system32\conime.exe]  <Microsoft Corporation><5.00.2195.6655>
[PID: 968][C:\Program Files\AutoCAD 2004\acad.exe]  <Autodesk, Inc.><R16.00.086>
    [C:\Program Files\Common Files\Autodesk Shared\ac1st16.dll]  <Autodesk, Inc.><16.0.0.86>
    [C:\Program Files\Common Files\Autodesk Shared\acdb16.dll]  <Autodesk, Inc.><16.0.0.86>
    [C:\Program Files\Common Files\Autodesk Shared\AcGe16.dll]  <Autodesk, Inc.><16.0.0.86>
    [C:\Program Files\AutoCAD 2004\acui16.dll]  <><16.0.0.86>
    [C:\Program Files\AutoCAD 2004\ANav.dll]  <Autodesk><16.0.0.86>
    [C:\Program Files\AutoCAD 2004\adui16.dll]  <><16.0.0.86>
    [C:\Program Files\AutoCAD 2004\dswhip.dll]  <Autodesk Inc.><16.0.0.86>
    [C:\Program Files\AutoCAD 2004\heidi8.dll]  <Autodesk, Inc.><8.0.16.86>
    [C:\Program Files\AutoCAD 2004\dlint8.dll]  <Autodesk, Inc.><8.0.16.86>
    [C:\Program Files\AutoCAD 2004\SFTTABAC.dll]  <Softel vdm><16.0.0.86>
    [C:\Program Files\AutoCAD 2004\UserData.dll]  <Autodesk><16.0.0.86>
    [C:\Program Files\AutoCAD 2004\adlmdll.dll]  <Autodesk, Inc.><4.0.0.2>
    [C:\Program Files\AutoCAD 2004\adctrls.dll]  <Autodesk, Inc.><16.0.0.86>
    [C:\Program Files\AutoCAD 2004\adui16res.dll]  <><16.0.0.86>
    [C:\Program Files\AutoCAD 2004\AnavRes.dll]  <Autodesk><16.0.0.86>
    [C:\Program Files\AutoCAD 2004\acui16res.dll]  <><16.0.0.86>
    [C:\Program Files\AutoCAD 2004\DsWhipRes.dll]  <Autodesk Inc.><16.0.0.86>
    [C:\Program Files\AutoCAD 2004\sfttabacRes.dll]  <Softel vdm><16.0.0.86>
    [C:\DOCUME~1\a\LOCALS~1\Temp\~ef4c0c\~df394b.tmp]  <N/A><N/A>
    [C:\DOCUME~1\a\LOCALS~1\Temp\~ef4c0c\~de8c3a.tmp]  <N/A><2.20.020>
    [C:\Program Files\AutoCAD 2004\ADCtrlsRes.dll]  <Autodesk, Inc.><16.0.0.86>
    [C:\Program Files\AutoCAD 2004\acadbtn.dll]  <Autodesk><16.0.0.86>
    [C:\Program Files\AutoCAD 2004\acadres.dll]  <Autodesk, Inc.><16.0.0.86>
    [C:\Program Files\AutoCAD 2004\adlmres.dll]  <Autodesk, Inc.><4.0.0.2>
    [C:\Program Files\AutoCAD 2004\PrxyInet.dll]  <Autodesk><16.0.0.86>
    [C:\Program Files\AutoCAD 2004\PrxyInetRes.dll]  <Autodesk><16.0.0.86>
    [C:\Program Files\AutoCAD 2004\oleaprot.arx]  <Autodesk><16.0.0.86>
    [C:\Program Files\AutoCAD 2004\colorRes.dll]  <><16.0.0.86>
    [C:\WINNT\system32\AcSignIcon.dll]  <Autodesk><16.0.0.86>
    [C:\Program Files\AutoCAD 2004\drv\gdi8.hdi]  <Autodesk, Inc.><8.0.16.86>
    [C:\Program Files\AutoCAD 2004\drv\gdi8Res.dll]  <Autodesk, Inc.><8.0.16.86>
    [C:\Program Files\AutoCAD 2004\drv\szb8.hdi]  <Autodesk, Inc.><8.0.16.86>
    [C:\Program Files\AutoCAD 2004\drv\rblast8.hdi]  <Autodesk, Inc.><8.0.16.86>
    [C:\Program Files\AutoCAD 2004\drv\gdifont8.hdi]  <Autodesk, Inc.><8.0.16.86>
    [C:\Program Files\AutoCAD 2004\acgs.dll]  <Autodesk Inc.><16.0.0.86>
    [C:\Program Files\AutoCAD 2004\acgsRes.dll]  <Autodesk Inc.><16.0.0.86>
    [C:\Program Files\AutoCAD 2004\hcreg8.dll]  <Autodesk, Inc.><8.0.16.86>
    [C:\Program Files\AutoCAD 2004\hcreg8Res.dll]  <Autodesk, Inc.><8.0.16.86>
    [C:\Program Files\AutoCAD 2004\vl.arx]  <Autodesk Inc.><16.0.0.86>
    [C:\Program Files\AutoCAD 2004\VLMSG.DLL]  <Autodesk Inc.><16.0.0.86>
    [C:\Program Files\AutoCAD 2004\VLLIB.DLL]  <Autodesk Inc.><16.0.0.86>
    [C:\Program Files\AutoCAD 2004\AcApp.arx]  <Autodesk><16.0.0.86>
    [C:\Program Files\AutoCAD 2004\AcDblClkEdit.arx]  <Autodesk><16.0.0.86>
    [C:\Program Files\AutoCAD 2004\AcDblClkEditPE.arx]  <Autodesk><16.0.0.86>
    [C:\Program Files\AutoCAD 2004\AcDblClkEditRes.dll]  <Autodesk><16.0.0.86>
    [C:\Program Files\AutoCAD 2004\acdim.arx]  <><16.0.0.86>
    [C:\Program Files\AutoCAD 2004\ShareAC.dll]  <Autodesk, Inc><16.0.0.86>
    [C:\Program Files\AutoCAD 2004\ShareMFC.dll]  <Autodesk, Inc><16.0.0.86>
    [C:\Program Files\AutoCAD 2004\AcDimRes.dll]  <><16.0.0.86>
    [C:\Program Files\AutoCAD 2004\aceplotx.arx]  <Autodesk><16.0.0.86>
    [c:\program files\common files\autodesk shared\achapi16.dbx]  <Autodesk, Inc.><16.0.0.86>
    [C:\Program Files\AutoCAD 2004\AcEplotXRes.dll]  <Autodesk><16.0.0.86>
    [C:\Program Files\AutoCAD 2004\achlnkui.arx]  <Autodesk><16.0.0.86>
    [C:\Program Files\AutoCAD 2004\achlnkuiRes.dll]  <Autodesk><16.0.0.86>
    [C:\Program Files\AutoCAD 2004\AcIDropMgr.arx]  <Autodesk><16.0.0.86>
    [C:\Program Files\AutoCAD 2004\AcIDropMgrRes.dll]  <Autodesk><16.0.0.86>
    [C:\Program Files\AutoCAD 2004\AcLayerP.arx]  <Autodesk><16.0.0.86>
    [C:\Program Files\AutoCAD 2004\AcLayerPRes.dll]  <Autodesk, Inc.><16.0.0.86>
    [C:\Program Files\AutoCAD 2004\AcSign.arx]  <Autodesk><16.0.0.86>
    [C:\Program Files\AutoCAD 2004\AcSignRes.dll]  <Autodesk><16.0.0.86>
    [C:\Program Files\AutoCAD 2004\AcSpaceTrans.arx]  <Autodesk><16.0.0.86>
    [C:\Program Files\AutoCAD 2004\AcSpaceTransRes.dll]  <Autodesk, Inc.><16.0.0.86>
    [C:\Program Files\AutoCAD 2004\AcStd.arx]  <Autodesk><16.0.0.86>
    [C:\Program Files\AutoCAD 2004\AcStStdRes.dll]  <Autodesk><16.0.0.86>
    [C:\Program Files\AutoCAD 2004\AcTp.arx]  <Autodesk><16.0.0.86>
    [C:\Program Files\AutoCAD 2004\AcTc.DLL]  <Autodesk><16.0.0.86>
    [C:\Program Files\AutoCAD 2004\AcTcUi.dll]  <Autodesk><16.0.0.86>
    [C:\Program Files\AutoCAD 2004\AcTcRes.dll]  <Autodesk><16.0.0.86>
    [C:\Program Files\AutoCAD 2004\AcTcUiRes.dll]  <Autodesk><16.0.0.86>
    [C:\Program Files\AutoCAD 2004\whohas.arx]  <><16.0.0.86>
    [C:\Program Files\AutoCAD 2004\whohasRes.dll]  <><16.0.0.86>
    [C:\Program Files\AutoCAD 2004\acetlodr.arx]  <Autodesk, Inc.><16.0.0.86>
    [C:\Program Files\AutoCAD 2004\WSCommCntrAcCon.arx]  <Autodesk, Inc.><16.0.0.86>
    [C:\Program Files\AutoCAD 2004\WSCommCntrAcConRes.dll]  <Autodesk><16.0.0.86>
    [C:\DOCUME~1\a\LOCALS~1\Temp\~e5d141.tmp]  <Macrovision Europe Ltd.><1, 0, 0, 1>
[PID: 924][C:\Program Files\Common Files\Autodesk Shared\WSCommCntr1.exe]  <Autodesk, Inc.><1.0.0.1>
    [C:\Program Files\Common Files\Autodesk Shared\WebServices1.dll]  <Autodesk, Inc.><1.0.0.1>
[PID: 1312][C:\Program Files\Microsoft Office\Office\EXCEL.EXE]  <Microsoft Corporation><9.0.2823>
    [C:\WINNT\system32\AcSignIcon.dll]  <Autodesk><16.0.0.86>
    [C:\Program Files\Rising\Rav\RsPlugIn.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 1>
    [C:\Program Files\Rising\Rav\RsGuiLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 24>
    [C:\Program Files\Rising\Rav\PngDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 1428][C:\WINNT\System32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 1372][C:\Program Files\Internet Explorer\iexplore.exe]  <Microsoft Corporation><6.00.2800.1106>
    [C:\WINNT\system32\AcSignIcon.dll]  <Autodesk><16.0.0.86>
    [C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll]  <CNNIC><1, 0, 0, 9>
    [C:\Program Files\VIAudioi\SBADeck\ExtendDll.dll]  <N/A><N/A>
[PID: 948][C:\Documents and Settings\a\桌面\SREng.exe]  <Smallfrogs Studio><2.0.12.350>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

麻烦楼上的帮忙看一下

【回复“山间之水”的帖子】
在安全模式下操作

谢谢楼上的，等会再贴报告

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <Internat.exe><internat.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <load><>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <run><>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <Synchronization Manager><mobsync.exe /logon>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <AudioDeck><C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <GAC 全局音量控制><C:\Program Files\Winamp5\plugins\gac\Global Audio Control.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <PC防改精灵><E:\软件下载\下载MP3\PC万能防改精灵.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <shell><Explorer.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <Userinit><C:\WINNT\system32\userinit.exe,>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <AppInit_DLLs><>

==================================
启动文件夹
[腾讯QQ]
  <C:\Documents and Settings\a\「开始」菜单\程序\启动\腾讯QQ.lnk><H>

==================================
服务
[C-DillaCdaC11BA / C-DillaCdaC11BA]
  <C:\WINNT\system32\drivers\CDAC11BA.EXE><Macrovision>
[C-DillaSrv / C-DillaSrv]
  <C:\WINNT\system32\DRIVERS\CDANTSRV.EXE><C-Dilla Ltd>
[Crypkey License / Crypkey License]
  <crypserv.exe><Kenonic Controls Ltd.>
[Logical Disk Manager Administrative Service / dmadmin]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Messenger / Messenger]
  <><N/A>
[Rising Personal Firewall Service / RfwService]
  <c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
浏览器加载项
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[超级兔子上网精灵]
  {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\qq\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <C:\Program Files\Tencent\qq\QQIEHelper.dll, N/A>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft>
[超级兔子上网精灵]
  {43869BB3-22FD-4F15-9B46-238106BA2F4E} <C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, N/A>
[InstaFred]
  {1F831FA1-42FC-11D4-95A6-0080AD30DCE1} <C:\WINNT\DOWNLO~1\InstFred.ocx, Autodesk, Inc.>
[WebActivater Control]
  {3D8F74EE-8692-4F8F-B8D2-7522E732519E} <C:\WINNT\DOWNLO~1\WEBACT~1.OCX, QQ>
[GolfInstallCheck2 Class]
  {3F618E1F-D981-4905-A757-4D237441B5B3} <C:\WINNT\Downloaded Program Files\CONFLICT.1\GolfInstallCheck2.dll, >
[updatePanelX Control]
  {43E839C5-E10F-443A-BC1F-F09CFD2ABC77} <C:\WINNT\system32\uusee\internet\updateC.ocx, uusee>
[AcDcToday 控件]
  {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} <C:\WINNT\DOWNLO~1\ACDCTO~1.OCX, Autodesk>
[KSHScan Control]
  {ACFE8232-03C5-4AEC-AF5E-42B806724096} <C:\WINNT\system32\kingsoft\ONLINE~1\KSHScan.ocx, kingsoft>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\macromed\flash\Flash.ocx, Macromedia, Inc.>
[VqqSpeedDlProxy Class]
  {F138084D-84D7-48CD-BEA8-04772457516E} <C:\WINNT\vqqsdl.dll, >
[上传到QQ网络硬盘]
  <C:\Program Files\Tencent\qq\AddToNetDisk.htm, N/A>
[使用网际快车下载]
  <C:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <C:\Program Files\FlashGet\jc_all.htm, N/A>
[添加到QQ自定义面板]
  <C:\Program Files\Tencent\qq\AddPanel.htm, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <C:\Program Files\Tencent\qq\SendMMS.htm, N/A>
[访问通用网址]
  <, N/A>

以上半载日志，看不出问题了
再这样修复一下。
运行System Repair Engineer，点“启动项目，服务，勾选“隐藏微软服务”选中病毒服务Messenger，选择“删除所选服务”“否”最后重启

谢谢各位帮忙，现在基本上没有以前的问题出现了。