瑞星卡卡安全论坛

6点的时候发过一个帖子(http://forum.ikaka.com/topic.asp?board=28&artid=8288987)有人看但没人回,那个日志是在安全模式下扫的,现在正常进入扫了个,高人帮帮忙,机器超级慢,冰刃的文件夹打开后立刻自动关闭,我尝试修改文件夹名字后能打开了,但不能运行冰刃,有个提示一闪而过,好象是说什么恶意代码所为,并且还正在使用,SRENG打开注册表提示SHELL值被修改,我点自动修复,刷新下就还和原来一样,还有提示被修改,还有一开机就自动弹网页,不断的弹,我真的很无奈,升级的瑞星查不出毒来
[CODE]

2007-03-29,19:34:00

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 1 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>  [(Verified)Microsoft Windows XP Publisher]
    <IpWins><C:\Program Files\Ipwindows\ipwins.exe>  [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <{3A6812FD-0707-2052-0621-020813020056}><"C:\Program Files\Common Files\{3A6812FD-0707-2052-0621-020813020056}\Update.exe" te-110-12-0000321>  [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows XP Publisher]
    <PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows XP Publisher]
    <PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows XP Publisher]
    <CdnCtr><C:\Program Files\CNNIC\Cdn\cdnup.exe>  [CNNIC]
    <runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
    <RavTask><"D:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe realsled.exe>  []
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rpcc]
    <WinlogonNotify: rpcc><C:\WINDOWS\System32\rpcc.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{623D33B3-1E70-4705-88E9-649522AF6268}><>  [N/A]

==================================
启动文件夹
[AutoCAD 启动加速器]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\AutoCAD 启动加速器.lnk --> C:\PROGRA~1\COMMON~1\AUTODE~1\ACSTAR~1.EXE [Autodesk, Inc]><N>
[Acrobat Assistant]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Acrobat Assistant.lnk --> D:\ACROBA~1.0\Distillr\AcroTray.exe [Adobe Systems Inc.]><N>

==================================
服务
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
  <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Autodesk Licensing Service / Autodesk Licensing Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"><Autodesk, Inc.>
[B76DD14A / B76DD14A][Stopped/Auto Start]
  <C:\WINDOWS\System32\B76DD14A.EXE -service><N/A>
[Routing Protect Access / BKMARKS][Running/Auto Start]
  <C:\WINDOWS\SYSTEM32\RUNDLL2000.EXE C:\WINDOWS\SYSTEM32\WBEM\DQNFR.DLL,Export 1087><Microsoft Corporation>
[C#_NET_HowTo_TimeTrackerService / C#_NET_HowTo_TimeTrackerService][Stopped/Manual Start]
  <c:\program files\clarity consulting\c#.net how-to windows service - time track\how-to windows service demo.exe><Microsoft Corporation>
[Client IP-IPX / Client IP-IPX][Running/Auto Start]
  <"C:\WINDOWS\System32\svchosts.exe" -e te-110-12-0000321><N/A>
[HTTP Secure Manager / Hardware][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\System32\fdbop.dll><Microsoft Corporation>
[Navoct / Navoct][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\Program Files\iesnap\navoct.dll>< >
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"D:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"D:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Unigraphics Plot Server (ugiipqd) / ugiipqd][Running/Auto Start]
  <C:\WINDOWS\System32\spool\ugplot\ugiipqd.exe><Unigraphics Solutions, Inc>
[Unigraphics License Server (uglmd) / Unigraphics License Server (uglmd)][Running/Auto Start]
  <D:\UGS\License Servers\UGNXFLEXlm\lmgrd.exe><Macrovision Corporation>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\System32\mspmsnsv.dll><Microsoft Corporation>

==================================
驱动程序
[a347bus / a347bus][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\a347bus.sys><>
[a347scsi / a347scsi][Running/Boot Start]
  <\SystemRoot\System32\Drivers\a347scsi.sys><>
[acpidisk / acpidisk][Running/Auto Start]
  <\??\C:\WINDOWS\System32\drivers\acpidisk.sys><N/A>
[标准 IDE/ESDI 硬盘控制器 / atapi][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\atapi.sys><N/A>
[BaseTDI / BaseTDI][Running/Auto Start]
  <\??\C:\WINDOWS\System32\drivers\basetdi.sys><Beijing Rising Technology Co., Ltd.>
[CdaC15BA / CdaC15BA][Running/Auto Start]
  <\??\C:\WINDOWS\System32\drivers\CDAC15BA.SYS><Macrovision Europe Ltd>
[cdnprot / cdnprot][Running/Boot Start]
  <\SystemRoot\system32\drivers\cdnprot.sys><中国互联网络信息中心(CNNIC)>
[cdntran / cdntran][Running/Auto Start]
  <system32\drivers\cdntran.sys><CNNIC>
[Creative SBLive! Gameport / ctljystk][Stopped/Manual Start]
  <System32\DRIVERS\ctljystk.sys><Creative Technology Ltd.>
[dhbjcdjh / dhbjcdjh][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\dhbjcdjh.sys><N/A>
[dminbi9 / dminbi90][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\dminbi90.sys><N/A>
[Intel(R) PRO Adapter Driver / E100B][Running/Manual Start]
  <System32\DRIVERS\e100b325.sys><Intel Corporation>
[Creative SB Live! (WDM) / emu10k][Stopped/Manual Start]
  <system32\drivers\emu10k1m.sys><Creative Technology Ltd.>
[Creative Interface Manager Driver (WDM) / emu10k1][Stopped/Manual Start]
  <system32\drivers\ctlfacem.sys><Creative Technology Ltd.>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\D:\Program Files\Rising\Rav\ExpScan.sys><>
[HookCont / HookCont][Running/Auto Start]
  <\??\D:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\D:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\D:\Program Files\Rising\Rav\HookSys.sys><Rising>
[lqfxxy2 / lqfxxy29][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\lqfxxy29.sys><N/A>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\D:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
  <System32\DRIVERS\npf.sys><CACE Technologies>
[nv / nv][Running/Manual Start]
  <System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[PCANDIS5 NDIS Protocol Driver / PCANDIS5][Stopped/Manual Start]
  <\??\C:\WINDOWS\System32\PCANDIS5.SYS><Printing Communications Assoc., Inc. (PCAUSA)>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[rnkouu6 / rnkouu63][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\rnkouu63.sys><N/A>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\System32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\D:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
  <System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[Sentinel / Sentinel][Running/Auto Start]
  <\SystemRoot\System32\Drivers\SENTINEL.SYS><Rainbow Technologies, Inc.>
[Creative SoundFont Manager Driver (WDM) / sfman][Stopped/Manual Start]
  <system32\drivers\sfmanm.sys><Creative Technology Ltd.>
[Audio Driver (WDM) - SigmaTel CODEC / STAC97][Running/Manual Start]
  <system32\drivers\STAC97.sys><SigmaTel, Inc.>
[yaskp / yaskp][Stopped/Disabled]
  <???\C:\WINDOWS\SYSTEM32\DRIVERS\YASKP.SYS><N/A>
[ygqijx4 / ygqijx43][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ygqijx43.sys><N/A>
[zufupbxd / zufupbxd][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\zufupbxd.sys><Yahoo! China Corporation>
[xpsp2tdi / xpsp2tdi][Running/]
  <2 - 系统找不到指定的文件。
><N/A>
[xpsp2reg / xpsp2reg][Running/]
  <2 - 系统找不到指定的文件。
><N/A>

==================================

==================================
浏览器加载项
[WebThunder Browser Helper]
  {00000AAA-A363-466E-BEF5-9BB68697AA7F} <d:\WebThunder\WebThunderBHO_016.dll, Thunder Networking Technologies,LTD>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <d:\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx, >
[IEMonitor Class]
  {08A312BB-5409-49FC-9347-54BB7D069AC6} <C:\Program Files\DeskAdTop\deskipn.dll, >
[CAdLogic Object]
  {11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\CPUSH\cpush.dll, >
[Yahoo!Photo]
  {33BBE430-0E42-4f12-B075-8D21ACB10DCB} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll, Yahoo! China>
[Cbho Object]
  {352E3B3A-CAB5-4DBC-B940-C7F84D0447D8} <C:\PROGRA~1\CNNIC\Cdn\cdndrag.dll, CNNIC>
[Sodui Search]
  {35EC0410-555E-4402-B372-D9A6E0BF6795} <C:\WINDOWS\System32\winnbi90.dll, N/A>
[Info cache]
  {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll, 金泰丰(广州)科技有限公司>
[AntiFish Class]
  {38928D50-8A48-44C2-945F-D2F23F771410} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll, yahoo! china>
[WinMyFavor Class]
  {5537AA9F-7FE5-40E1-AEC7-D3B7E01FCA73} <C:\WINDOWS\System32\MyFavor64.dll, N/A>
[IEInit Class]
  {5B02EBA1-EFDD-477D-A37F-05383165C9C0} <C:\WINDOWS\System32\drivers\usrinit.dll, N/A>
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[DragSearch BHO]
  {62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, yahoo! china>
[实用搜索]
  {6CFD436C-7AAD-4e50-992F-C0C87A94CAD2} <C:\Program Files\superutilbar\superutilbar.dll, www.shiyongsousuo.com>
[browser Class]
  {C86488AF-13D5-4FEF-9DDF-9FB88698CFC1} <C:\Documents and Settings\All Users\Application Data\Microsoft\Office\USERDATA\BVhDLN0aRO_2002.dll, Microsoft Corporation>
[FavHook Class]
  {CD8BFE70-5809-4C73-9EEE-E5672C2B79D7} <C:\Program Files\Deepdo\DeepdoBar\Favorite\FavBlock.dll, Deepdo.com,  Inc.>
[WMHlprObj Class]
  {F5824EFB-728A-4726-A5A5-85A68B20EDC3} <C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll, CNNIC>
[assist]
  {FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yassist.dll, Yahoo! China>
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[雅虎助手]
  {5D73EE86-05F1-49ed-B850-E423120EC338} <http://cn.zs.yahoo.com/start.htm?source=yzs_icon&btn=yassistnew, N/A>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <D:\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[启动Web迅雷]
  {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[CaiFuCOM Class]
  {C1F0024B-8278-4999-B7E6-2718426D9FE6} <C:\Program Files\财富通\caif.dll, N/A>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[雅虎助手]
  {406F94F0-504F-4A40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar0.dll, yahoo! china>
[实用搜索工具条2.0]
  {03465FF5-00AE-411a-9C34-960ED566EC03} <C:\Program Files\superutilbar\superutilbar.dll, www.shiyongsousuo.com>
[Update Class]
  {9F1C11AA-197B-4942-BA54-47A8489BB47F} <C:\WINDOWS\System32\iuctl.dll, Microsoft Corporation>
[&使用比邻下载(&B)]
  <C:\Documents and Settings\Fantasy\blin\ctxmenu.htm, N/A>
[使用Web迅雷下载]
  <d:\WebThunder\GetUrl.htm, N/A>
[使用Web迅雷下载全部链接]
  <d:\WebThunder\GetAllUrl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://D:\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到雅虎订阅(&Y)]
  <res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrss.dll/YRSSMENUEXT, N/A>
[访问通用网址]
  <C:\Program Files\CNNIC\Cdn\cnnic.htm, N/A>
[雅虎搜索]
  <res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar0.dll/203, N/A>

==================================
正在运行的进程
[PID: 600][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 676][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 700][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\winlib .dll]  [N/A, ]
    [C:\WINDOWS\System32\cdnns.dll]  [CNNIC, 2, 0, 0, 0]
    [c:\PROGRA~1\iesnap\navstub.dll]  [, 1, 0, 1, 1]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 744][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 756][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 920][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\cdnns.dll]  [CNNIC, 2, 0, 0, 0]
[PID: 972][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [c:\program files\iesnap\navoct.dll]  [ , 1, 0, 1, 1]
    [c:\PROGRA~1\iesnap\navstub.dll]  [, 1, 0, 1, 1]
    [c:\windows\system32\fdbop.dll]  [Microsoft Corporation, 5.1.2600.0]
    [C:\WINDOWS\System32\cdnns.dll]  [CNNIC, 2, 0, 0, 0]
[PID: 1152][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1208][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1272][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\cdnns.dll]  [CNNIC, 2, 0, 0, 0]
[PID: 1632][C:\WINDOWS\SYSTEM32\RUNDLL2000.EXE]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINDOWS\SYSTEM32\WBEM\DQNFR.DLL]  [Microsoft Corporation, 5, 1, 2600, 2709]
[PID: 276][C:\WINDOWS\Explorer.exe]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [c:\PROGRA~1\iesnap\navstub.dll]  [, 1, 0, 1, 1]
    [C:\WINDOWS\System32\AcSignIcon.dll]  [Autodesk, 16.1.63.0]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [CNNIC, 2, 5, 0, 0]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 11]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [CNNIC, 2, 2, 0, 1]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\WINDOWS\System32\ntdl1.dll]  [, 1.1.1.137]
    [C:\WINDOWS\System32\cdnns.dll]  [CNNIC, 2, 0, 0, 0]
    [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll]  [Autodesk, 16.1.63.0]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [d:\WinRAR\rarext.dll]  [N/A, ]
    [d:\WebThunder\WebThunderBHO_016.dll]  [Thunder Networking Technologies,LTD, 6, 0, 0, 5]
    [d:\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx]  [, 1, 0, 0, 1]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll]  [Yahoo! China, 3, 0, 8, 1010]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL]  [yahoo! china, 3, 0, 4, 1006]
    [C:\Program Files\superutilbar\superutilbar.dll]  [www.shiyongsousuo.com, 2, 1, 8, 24]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yassist.dll]  [Yahoo! China, 3, 1, 6, 1021]
    [D:\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
[PID: 420][C:\Program Files\CNNIC\Cdn\cdnup.exe]  [CNNIC, 2, 5, 0, 8]
    [c:\PROGRA~1\iesnap\navstub.dll]  [, 1, 0, 1, 1]
    [C:\Program Files\CNNIC\Cdn\cdnuplib.dll]  [CNNIC, 2, 5, 0, 11]
    [C:\Program Files\CNNIC\Cdn\cdnprh.dll]  [CNNIC, 2, 4, 0, 7]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [CNNIC, 2, 5, 0, 0]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 11]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [CNNIC, 2, 2, 0, 1]
    [C:\Program Files\CNNIC\Cdn\cdntdns.dll]  [CNNIC, 2, 2, 0, 3]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 524][C:\WINDOWS\System32\conime.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]

[C:\Program Files\CNNIC\Cdn\imaoe.dll]  [CNNIC, 2, 2, 0, 1]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 11]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [CNNIC, 2, 5, 0, 0]
    [c:\PROGRA~1\iesnap\navstub.dll]  [, 1, 0, 1, 1]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 1056][C:\Program Files\Rising\AntiSpyware\runiep.exe]  [Beijing Rising Technology Co., Ltd., 1, 0, 1, 4]
    [C:\Program Files\Rising\AntiSpyware\iep_ctrl.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [CNNIC, 2, 2, 0, 1]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 11]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [CNNIC, 2, 5, 0, 0]
    [c:\PROGRA~1\iesnap\navstub.dll]  [, 1, 0, 1, 1]
[PID: 1296][C:\Program Files\Common Files\{3A6812FD-0707-2052-0621-020813020056}\Update.exe]  [N/A, ]
    [C:\Program Files\Common Files\{3A6812FD-0707-2052-0621-020813020056}\System.dll]  [N/A, ]
[PID: 892][C:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [CNNIC, 2, 2, 0, 1]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 11]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [CNNIC, 2, 5, 0, 0]
    [c:\PROGRA~1\iesnap\navstub.dll]  [, 1, 0, 1, 1]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 2036][D:\Acrobat 5.0\Distillr\AcroTray.exe]  [Adobe Systems Inc., 5, 0, 0, 0]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [CNNIC, 2, 2, 0, 1]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 11]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [CNNIC, 2, 5, 0, 0]
    [c:\PROGRA~1\iesnap\navstub.dll]  [, 1, 0, 1, 1]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 1940][c:\PROGRA~1\iesnap\navplay.exe]  [, 1, 0, 1, 1]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [CNNIC, 2, 2, 0, 1]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 11]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [CNNIC, 2, 5, 0, 0]
    [c:\PROGRA~1\iesnap\navstub.dll]  [, 1, 0, 1, 1]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 904][J:\常用软件原文件\新的\se\123.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [CNNIC, 2, 2, 0, 1]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 11]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [CNNIC, 2, 5, 0, 0]
    [c:\PROGRA~1\iesnap\navstub.dll]  [, 1, 0, 1, 1]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
N/A

==================================
隐藏进程
    [216] C:\Program Files\Internet Explorer\IEXPLORE.EXE
    [2044] C:\Program Files\Common Files\xp2update.exe

==================================


[/CODE]

奇怪,好象没有安全模式下扫描的多,正常吗?
高人快点来帮帮忙把.555555555555

IpWins><C:\Program Files\Ipwindows\ipwins.exe> [N/A]
<{3A6812FD-0707-2052-0621-020813020056}><"C:\Program Files\Common Files\{3A6812FD-0707-2052-0621-020813020056}\Update.exe" te-110-12-0000321> [N/A]
shell><Explorer.exe realsled.exe> []

WinlogonNotify: rpcc><C:\WINDOWS\System32\rpcc.dll> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{623D33B3-1E70-4705-88E9-649522AF6268}><> [N/A
[B76DD14A / B76DD14A][Stopped/Auto Start]
<C:\WINDOWS\System32\B76DD14A.EXE -service><N/A>
[Routing Protect Access / BKMARKS][Running/Auto Start]
<C:\WINDOWS\SYSTEM32\RUNDLL2000.EXE C:\WINDOWS\SYSTEM32\WBEM\DQNFR.DLL,Export 1087><Microsoft Corporation>
[Client IP-IPX / Client IP-IPX][Running/Auto Start]
<"C:\WINDOWS\System32\svchosts.exe" -e te-110-12-0000321><N/A>
[HTTP Secure Manager / Hardware][Running/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\System32\fdbop.dll><Microsoft Corporation>
[Navoct / Navoct][Running/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\Program Files\iesnap\navoct.dll>< >[xpsp2tdi / xpsp2tdi][Running/]
<2 - 系统找不到指定的文件。
><N/A>
[xpsp2reg / xpsp2reg][Running/]
<2 - 系统找不到指定的文件。
><N/A>

什么意思上面的都删除吗?

怎么没人管我,顶上去555555555

高人都 住在山上呢! 不知道么 今天瑞星 有网络会议!

5555555555

别5555555555了。


先备份他说的那些个注册项和对应的文件，用SRENG删除，删除不了的用冰刃。

重新启动后，再有异常，请在不打开任何程序的情况下，再扫SRENG日志。

C:\WINDOWS\System32\rpcc.dll>

这个是不应该有的...

C:\WINDOWS\System32\rpcc.dll>
shell><Explorer.exe realsled.exe>
根本就删除不了,删除后刷新或者我不刷新的时候他自己就有变回原来的拉,那个RPCC.DLL文件也删除不了,
冰刃根本就用不了,默认文件夹名的话,一打开文件夹就关了,我改了个名字,能大开,但是不能运行冰刃,提示有恶意代码,
一开几就会弹出网页,
高人,你如果找到什么好的方法还希望写的再清楚点,4楼的那位仁兄的我有点不是很明白,5555
谢谢,

C:\WINDOWS\System32\rpcc.dll>
shell><Explorer.exe realsled.exe>
根本就删除不了,删除后刷新或者我不刷新的时候他自己就有变回原来的拉,那个RPCC.DLL文件也删除不了,
冰刃根本就用不了,默认文件夹名的话,一打开文件夹就关了,我改了个名字,能大开,但是不能运行冰刃,提示有恶意代码,
一开几就会弹出网页,
高人,你如果找到什么好的方法还希望写的再清楚点,4楼的那位仁兄的我有点不是很明白,5555
谢谢,

用Unlocker删除文件rpcc.dll

再用SRENG删除注册项，删除不了的，再试Procexp和Autoruns两个工具。

文件删除不了的，再换Pocket KillBox

以上工具这里下-----http://forum.ikaka.com/topic.asp?board=28&artid=6979213

安全模式下
运行SRENG删除启动项注册表：
<IpWins><C:\Program Files\Ipwindows\ipwins.exe> [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<{3A6812FD-0707-2052-0621-020813020056}><"C:\Program Files\Common Files\{3A6812FD-0707-2052-0621-020813020056}\Update.exe" te-110-12-0000321> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rpcc]
<WinlogonNotify: rpcc><C:\WINDOWS\System32\rpcc.dll> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{623D33B3-1E70-4705-88E9-649522AF6268}><> [N/A]
修改注册表值：
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe realsled.exe> []把Explorer.exe后面的删除

删除服务：
[B76DD14A / B76DD14A][Stopped/Auto Start]
<C:\WINDOWS\System32\B76DD14A.EXE -service><N/A>
[Routing Protect Access / BKMARKS][Running/Auto Start]
<C:\WINDOWS\SYSTEM32\RUNDLL2000.EXE C:\WINDOWS\SYSTEM32\WBEM\DQNFR.DLL,Export 1087><Microsoft Corporation>
[C#_NET_HowTo_TimeTrackerService / C#_NET_HowTo_TimeTrackerService][Stopped/Manual Start]
<c:\program files\clarity consulting\c#.net how-to windows service - time track\how-to windows service demo.exe><Microsoft Corporation>
[Client IP-IPX / Client IP-IPX][Running/Auto Start]
<"C:\WINDOWS\System32\svchosts.exe" -e te-110-12-0000321><N/A>
[HTTP Secure Manager / Hardware][Running/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\System32\fdbop.dll><Microsoft Corporation>
[Navoct / Navoct][Running/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\Program Files\iesnap\navoct.dll>< >
可疑服务：下面的服务请自己确认下，不是自己开的，请删除
[Unigraphics Plot Server (ugiipqd) / ugiipqd][Running/Auto Start]
<C:\WINDOWS\System32\spool\ugplot\ugiipqd.exe><Unigraphics Solutions, Inc>
[Unigraphics License Server (uglmd) / Unigraphics License Server (uglmd)][Running/Auto Start]
<D:\UGS\License Servers\UGNXFLEXlm\lmgrd.exe><Macrovision Corporation>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]


删除驱动服务：
[Creative SBLive! Gameport / ctljystk][Stopped/Manual Start]
<System32\DRIVERS\ctljystk.sys><Creative Technology Ltd.>
[dhbjcdjh / dhbjcdjh][Stopped/Boot Start]
<\SystemRoot\system32\drivers\dhbjcdjh.sys><N/A>
[dminbi9 / dminbi90][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\dminbi90.sys><N/A>
[lqfxxy2 / lqfxxy29][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\lqfxxy29.sys><N/A>
[rnkouu6 / rnkouu63][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\rnkouu63.sys><N/A>
[ygqijx4 / ygqijx43][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\ygqijx43.sys><N/A>
[xpsp2tdi / xpsp2tdi][Running/]
<2 - 系统找不到指定的文件。
><N/A>
[xpsp2reg / xpsp2reg][Running/]
<2 - 系统找不到指定的文件。
><N/A>

删除浏览器加载项：
[IEMonitor Class]
{08A312BB-5409-49FC-9347-54BB7D069AC6} <C:\Program Files\DeskAdTop\deskipn.dll
[CAdLogic Object]
{11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\CPUSH\cpush.dll
Sodui Search]
{35EC0410-555E-4402-B372-D9A6E0BF6795} <C:\WINDOWS\System32\winnbi90.dll
[WinMyFavor Class]
{5537AA9F-7FE5-40E1-AEC7-D3B7E01FCA73} <C:\WINDOWS\System32\MyFavor64.dll
[实用搜索]
{6CFD436C-7AAD-4e50-992F-C0C87A94CAD2} <C:\Program Files\superutilbar\superutilbar.dll, www.shiyongsousuo.com>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>

结束进程：[PID: 1940][c:\PROGRA~1\iesnap\navplay.exe] [, 1, 0, 1, 1]
[PID: 904][J:\常用软件原文件\新的\se\123.EXE] [Smallfrogs Studio, 2.4.12.806]可疑。。
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\xp2update.exe

删除文件：
C:\WINDOWS\System32\winlib .dll] [N/A, ]
c:\PROGRA~1\iesnap\navstub.dll
c:\windows\system32\fdbop.dll
C:\WINDOWS\System32\ntdl1.dll
C:\Program Files\Common Files\xp2update.exe
C:\Program Files\Ipwindows\ipwins.exe
C:\Program Files\Common Files\{3A6812FD-0707-2052-0621-020813020056}\Update.exe
C:\WINDOWS\System32\rpcc.dll
C:\WINDOWS\System32\B76DD14A.EXE
C:\WINDOWS\SYSTEM32\RUNDLL2000.EXE
C:\WINDOWS\SYSTEM32\WBEM\DQNFR.DLL
c:\program files\clarity consulting\c#.net 这个请核实后删除。。
C:\WINDOWS\System32\svchosts.exe
C:\WINDOWS\System32\fdbop.dll
C:\Program Files\iesnap\navoct.dll
System32\DRIVERS\ctljystk.sys
SystemRoot\system32\drivers\dhbjcdjh.sys
\SystemRoot\System32\DRIVERS\dminbi90.sys
\SystemRoot\System32\DRIVERS\ygqijx43.sys
\SystemRoot\System32\DRIVERS\rnkouu63.sys
\SystemRoot\System32\DRIVERS\lqfxxy29.sys
C:\Program Files\DeskAdTop\deskipn.dll
C:\Program Files\Common Files\CPUSH\cpush.dll
C:\WINDOWS\System32\winnbi90.dll
C:\WINDOWS\System32\MyFavor64.dll

**如果SRENG删除后再出现，请下载ICESWORLD在安全模式下处理
再不行的话，再下载SSM配合ICESWORLD使用一定可以的，有关软件的使用方法请在社区内找找。。。**

首先谢谢楼上的几位哥哥,谢谢帮忙!我现在就参考你们的去修改下!

我刚才豁出去了,自己动手删除的删除,停止的停止,现在好象没什么问题(因为什么也没做呢,光开机和关机,没用什么软件也没上网呢还所以不知道好没好),我又扫描了个日志,我担心我把系统的文件给删除了,你们有空的话再帮我看看,谢谢!!!
以后跟着你们多学习呵呵
007-03-30,13:06:41

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 1 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>  [(Verified)Microsoft Windows XP Publisher]
    <IpWins><C:\Program Files\Ipwindows\ipwins.exe>  [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows XP Publisher]
    <PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows XP Publisher]
    <PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows XP Publisher]
    <CdnCtr><C:\Program Files\CNNIC\Cdn\cdnup.exe>  [CNNIC]
    <runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
    <RavTask><"D:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows XP Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]

==================================
启动文件夹
[AutoCAD 启动加速器]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\AutoCAD 启动加速器.lnk --> C:\PROGRA~1\COMMON~1\AUTODE~1\ACSTAR~1.EXE [Autodesk, Inc]><N>
[Acrobat Assistant]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Acrobat Assistant.lnk --> D:\ACROBA~1.0\Distillr\AcroTray.exe [Adobe Systems Inc.]><N>

==================================
服务
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
  <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Autodesk Licensing Service / Autodesk Licensing Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"><Autodesk, Inc.>
[B76DD14A / B76DD14A][Stopped/Disabled]
  <C:\WINDOWS\System32\B76DD14A.EXE -service><N/A>
[Routing Protect Access / BKMARKS][Stopped/Disabled]
  <C:\WINDOWS\SYSTEM32\RUNDLL2000.EXE C:\WINDOWS\SYSTEM32\WBEM\DQNFR.DLL,Export 1087><Microsoft Corporation>
[C#_NET_HowTo_TimeTrackerService / C#_NET_HowTo_TimeTrackerService][Stopped/Disabled]
  <c:\program files\clarity consulting\c#.net how-to windows service - time track\how-to windows service demo.exe><Microsoft Corporation>
[Client IP-IPX / Client IP-IPX][Stopped/Disabled]
  <"C:\WINDOWS\System32\svchosts.exe" -e te-110-12-0000321><N/A>
[HTTP Secure Manager / Hardware][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\System32\fdbop.dll><Microsoft Corporation>
[Navoct / Navoct][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\Program Files\iesnap\navoct.dll>< >
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"D:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"D:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Unigraphics Plot Server (ugiipqd) / ugiipqd][Running/Auto Start]
  <C:\WINDOWS\System32\spool\ugplot\ugiipqd.exe><Unigraphics Solutions, Inc>
[Unigraphics License Server (uglmd) / Unigraphics License Server (uglmd)][Running/Auto Start]
  <D:\UGS\License Servers\UGNXFLEXlm\lmgrd.exe><Macrovision Corporation>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\System32\mspmsnsv.dll><Microsoft Corporation>

==================================

有些病毒的启动项和服务以及文件还在
请在核实一遍

==================================
驱动程序
[a347bus / a347bus][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\a347bus.sys><>
[a347scsi / a347scsi][Running/Boot Start]
  <\SystemRoot\System32\Drivers\a347scsi.sys><>
[acpidisk / acpidisk][Running/Auto Start]
  <\??\C:\WINDOWS\System32\drivers\acpidisk.sys><N/A>
[标准 IDE/ESDI 硬盘控制器 / atapi][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\atapi.sys><N/A>
[BaseTDI / BaseTDI][Running/Auto Start]
  <\??\C:\WINDOWS\System32\drivers\basetdi.sys><Beijing Rising Technology Co., Ltd.>
[CdaC15BA / CdaC15BA][Running/Auto Start]
  <\??\C:\WINDOWS\System32\drivers\CDAC15BA.SYS><Macrovision Europe Ltd>
[cdnprot / cdnprot][Running/Boot Start]
  <\SystemRoot\system32\drivers\cdnprot.sys><中国互联网络信息中心(CNNIC)>
[cdntran / cdntran][Running/Auto Start]
  <system32\drivers\cdntran.sys><CNNIC>
[Creative SBLive! Gameport / ctljystk][Stopped/Manual Start]
  <System32\DRIVERS\ctljystk.sys><Creative Technology Ltd.>
[dhbjcdjh / dhbjcdjh][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\dhbjcdjh.sys><N/A>
[dminbi9 / dminbi90][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\dminbi90.sys><N/A>
[Intel(R) PRO Adapter Driver / E100B][Running/Manual Start]
  <System32\DRIVERS\e100b325.sys><Intel Corporation>
[Creative SB Live! (WDM) / emu10k][Stopped/Manual Start]
  <system32\drivers\emu10k1m.sys><Creative Technology Ltd.>
[Creative Interface Manager Driver (WDM) / emu10k1][Stopped/Manual Start]
  <system32\drivers\ctlfacem.sys><Creative Technology Ltd.>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\D:\Program Files\Rising\Rav\ExpScan.sys><>
[HookCont / HookCont][Running/Auto Start]
  <\??\D:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\D:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\D:\Program Files\Rising\Rav\HookSys.sys><Rising>
[lqfxxy2 / lqfxxy29][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\lqfxxy29.sys><N/A>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\D:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
  <System32\DRIVERS\npf.sys><CACE Technologies>
[nv / nv][Running/Manual Start]
  <System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[PCANDIS5 NDIS Protocol Driver / PCANDIS5][Stopped/Manual Start]
  <\??\C:\WINDOWS\System32\PCANDIS5.SYS><Printing Communications Assoc., Inc. (PCAUSA)>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[rnkouu6 / rnkouu63][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\rnkouu63.sys><N/A>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\System32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\D:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
  <System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[Sentinel / Sentinel][Running/Auto Start]
  <\SystemRoot\System32\Drivers\SENTINEL.SYS><Rainbow Technologies, Inc.>
[Creative SoundFont Manager Driver (WDM) / sfman][Stopped/Manual Start]
  <system32\drivers\sfmanm.sys><Creative Technology Ltd.>
[Audio Driver (WDM) - SigmaTel CODEC / STAC97][Running/Manual Start]
  <system32\drivers\STAC97.sys><SigmaTel, Inc.>
[yaskp / yaskp][Stopped/Disabled]
  <???\C:\WINDOWS\SYSTEM32\DRIVERS\YASKP.SYS><N/A>
[ygqijx4 / ygqijx43][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ygqijx43.sys><N/A>
[zufupbxd / zufupbxd][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\zufupbxd.sys><Yahoo! China Corporation>

==================================
浏览器加载项
[WebThunder Browser Helper]
  {00000AAA-A363-466E-BEF5-9BB68697AA7F} <d:\WebThunder\WebThunderBHO_016.dll, Thunder Networking Technologies,LTD>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <d:\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx, >
[IEMonitor Class]
  {08A312BB-5409-49FC-9347-54BB7D069AC6} <C:\Program Files\DeskAdTop\deskipn.dll, >
[CAdLogic Object]
  {11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\CPUSH\cpush.dll, >
[Yahoo!Photo]
  {33BBE430-0E42-4f12-B075-8D21ACB10DCB} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll, N/A>
[Cbho Object]
  {352E3B3A-CAB5-4DBC-B940-C7F84D0447D8} <C:\PROGRA~1\CNNIC\Cdn\cdndrag.dll, CNNIC>
[Sodui Search]
  {35EC0410-555E-4402-B372-D9A6E0BF6795} <C:\WINDOWS\System32\winnbi90.dll, N/A>
[Info cache]
  {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll, 金泰丰(广州)科技有限公司>
[AntiFish Class]
  {38928D50-8A48-44C2-945F-D2F23F771410} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll, N/A>
[WinMyFavor Class]
  {5537AA9F-7FE5-40E1-AEC7-D3B7E01FCA73} <C:\WINDOWS\System32\MyFavor64.dll, N/A>
[IEInit Class]
  {5B02EBA1-EFDD-477D-A37F-05383165C9C0} <C:\WINDOWS\System32\drivers\usrinit.dll, N/A>
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[DragSearch BHO]
  {62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, N/A>
[实用搜索]
  {6CFD436C-7AAD-4e50-992F-C0C87A94CAD2} <C:\Program Files\superutilbar\superutilbar.dll, www.shiyongsousuo.com>
[browser Class]
  {C86488AF-13D5-4FEF-9DDF-9FB88698CFC1} <C:\Documents and Settings\All Users\Application Data\Microsoft\Office\USERDATA\BVhDLN0aRO_2002.dll, Microsoft Corporation>
[FavHook Class]
  {CD8BFE70-5809-4C73-9EEE-E5672C2B79D7} <C:\Program Files\Deepdo\DeepdoBar\Favorite\FavBlock.dll, Deepdo.com,  Inc.>
[WMHlprObj Class]
  {F5824EFB-728A-4726-A5A5-85A68B20EDC3} <C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll, CNNIC>
[assist]
  {FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yassist.dll, N/A>
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[雅虎助手]
  {5D73EE86-05F1-49ed-B850-E423120EC338} <http://cn.zs.yahoo.com/start.htm?source=yzs_icon&btn=yassistnew, N/A>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <D:\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[启动Web迅雷]
  {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[CaiFuCOM Class]
  {C1F0024B-8278-4999-B7E6-2718426D9FE6} <C:\Program Files\财富通\caif.dll, N/A>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[雅虎助手]
  {406F94F0-504F-4A40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar0.dll, N/A>
[实用搜索工具条2.0]
  {03465FF5-00AE-411a-9C34-960ED566EC03} <C:\Program Files\superutilbar\superutilbar.dll, www.shiyongsousuo.com>
[Update Class]
  {9F1C11AA-197B-4942-BA54-47A8489BB47F} <C:\WINDOWS\System32\iuctl.dll, Microsoft Corporation>
[&使用比邻下载(&B)]
  <C:\Documents and Settings\Fantasy\blin\ctxmenu.htm, N/A>
[使用Web迅雷下载]
  <d:\WebThunder\GetUrl.htm, N/A>
[使用Web迅雷下载全部链接]
  <d:\WebThunder\GetAllUrl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://D:\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到雅虎订阅(&Y)]
  <res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrss.dll/YRSSMENUEXT, N/A>
[访问通用网址]
  <C:\Program Files\CNNIC\Cdn\cnnic.htm, N/A>
[雅虎搜索]
  <res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar0.dll/203, N/A>

==================================

==================================
驱动程序
[a347bus / a347bus][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\a347bus.sys><>
[a347scsi / a347scsi][Running/Boot Start]
  <\SystemRoot\System32\Drivers\a347scsi.sys><>
[acpidisk / acpidisk][Running/Auto Start]
  <\??\C:\WINDOWS\System32\drivers\acpidisk.sys><N/A>
[标准 IDE/ESDI 硬盘控制器 / atapi][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\atapi.sys><N/A>
[BaseTDI / BaseTDI][Running/Auto Start]
  <\??\C:\WINDOWS\System32\drivers\basetdi.sys><Beijing Rising Technology Co., Ltd.>
[CdaC15BA / CdaC15BA][Running/Auto Start]
  <\??\C:\WINDOWS\System32\drivers\CDAC15BA.SYS><Macrovision Europe Ltd>
[cdnprot / cdnprot][Running/Boot Start]
  <\SystemRoot\system32\drivers\cdnprot.sys><中国互联网络信息中心(CNNIC)>
[cdntran / cdntran][Running/Auto Start]
  <system32\drivers\cdntran.sys><CNNIC>
[Creative SBLive! Gameport / ctljystk][Stopped/Manual Start]
  <System32\DRIVERS\ctljystk.sys><Creative Technology Ltd.>
[dhbjcdjh / dhbjcdjh][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\dhbjcdjh.sys><N/A>
[dminbi9 / dminbi90][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\dminbi90.sys><N/A>
[Intel(R) PRO Adapter Driver / E100B][Running/Manual Start]
  <System32\DRIVERS\e100b325.sys><Intel Corporation>
[Creative SB Live! (WDM) / emu10k][Stopped/Manual Start]
  <system32\drivers\emu10k1m.sys><Creative Technology Ltd.>
[Creative Interface Manager Driver (WDM) / emu10k1][Stopped/Manual Start]
  <system32\drivers\ctlfacem.sys><Creative Technology Ltd.>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\D:\Program Files\Rising\Rav\ExpScan.sys><>
[HookCont / HookCont][Running/Auto Start]
  <\??\D:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\D:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\D:\Program Files\Rising\Rav\HookSys.sys><Rising>
[lqfxxy2 / lqfxxy29][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\lqfxxy29.sys><N/A>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\D:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
  <System32\DRIVERS\npf.sys><CACE Technologies>
[nv / nv][Running/Manual Start]
  <System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[PCANDIS5 NDIS Protocol Driver / PCANDIS5][Stopped/Manual Start]
  <\??\C:\WINDOWS\System32\PCANDIS5.SYS><Printing Communications Assoc., Inc. (PCAUSA)>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[rnkouu6 / rnkouu63][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\rnkouu63.sys><N/A>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\System32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\D:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
  <System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[Sentinel / Sentinel][Running/Auto Start]
  <\SystemRoot\System32\Drivers\SENTINEL.SYS><Rainbow Technologies, Inc.>
[Creative SoundFont Manager Driver (WDM) / sfman][Stopped/Manual Start]
  <system32\drivers\sfmanm.sys><Creative Technology Ltd.>
[Audio Driver (WDM) - SigmaTel CODEC / STAC97][Running/Manual Start]
  <system32\drivers\STAC97.sys><SigmaTel, Inc.>
[yaskp / yaskp][Stopped/Disabled]
  <???\C:\WINDOWS\SYSTEM32\DRIVERS\YASKP.SYS><N/A>
[ygqijx4 / ygqijx43][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ygqijx43.sys><N/A>
[zufupbxd / zufupbxd][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\zufupbxd.sys><Yahoo! China Corporation>

==================================
浏览器加载项
[WebThunder Browser Helper]
  {00000AAA-A363-466E-BEF5-9BB68697AA7F} <d:\WebThunder\WebThunderBHO_016.dll, Thunder Networking Technologies,LTD>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <d:\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx, >
[IEMonitor Class]
  {08A312BB-5409-49FC-9347-54BB7D069AC6} <C:\Program Files\DeskAdTop\deskipn.dll, >
[CAdLogic Object]
  {11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\CPUSH\cpush.dll, >
[Yahoo!Photo]
  {33BBE430-0E42-4f12-B075-8D21ACB10DCB} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll, N/A>
[Cbho Object]
  {352E3B3A-CAB5-4DBC-B940-C7F84D0447D8} <C:\PROGRA~1\CNNIC\Cdn\cdndrag.dll, CNNIC>
[Sodui Search]
  {35EC0410-555E-4402-B372-D9A6E0BF6795} <C:\WINDOWS\System32\winnbi90.dll, N/A>
[Info cache]
  {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll, 金泰丰(广州)科技有限公司>
[AntiFish Class]
  {38928D50-8A48-44C2-945F-D2F23F771410} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll, N/A>
[WinMyFavor Class]
  {5537AA9F-7FE5-40E1-AEC7-D3B7E01FCA73} <C:\WINDOWS\System32\MyFavor64.dll, N/A>
[IEInit Class]
  {5B02EBA1-EFDD-477D-A37F-05383165C9C0} <C:\WINDOWS\System32\drivers\usrinit.dll, N/A>
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[DragSearch BHO]
  {62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, N/A>
[实用搜索]
  {6CFD436C-7AAD-4e50-992F-C0C87A94CAD2} <C:\Program Files\superutilbar\superutilbar.dll, www.shiyongsousuo.com>
[browser Class]
  {C86488AF-13D5-4FEF-9DDF-9FB88698CFC1} <C:\Documents and Settings\All Users\Application Data\Microsoft\Office\USERDATA\BVhDLN0aRO_2002.dll, Microsoft Corporation>
[FavHook Class]
  {CD8BFE70-5809-4C73-9EEE-E5672C2B79D7} <C:\Program Files\Deepdo\DeepdoBar\Favorite\FavBlock.dll, Deepdo.com,  Inc.>
[WMHlprObj Class]
  {F5824EFB-728A-4726-A5A5-85A68B20EDC3} <C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll, CNNIC>
[assist]
  {FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yassist.dll, N/A>
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[雅虎助手]
  {5D73EE86-05F1-49ed-B850-E423120EC338} <http://cn.zs.yahoo.com/start.htm?source=yzs_icon&btn=yassistnew, N/A>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <D:\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[启动Web迅雷]
  {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[CaiFuCOM Class]
  {C1F0024B-8278-4999-B7E6-2718426D9FE6} <C:\Program Files\财富通\caif.dll, N/A>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[雅虎助手]
  {406F94F0-504F-4A40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar0.dll, N/A>
[实用搜索工具条2.0]
  {03465FF5-00AE-411a-9C34-960ED566EC03} <C:\Program Files\superutilbar\superutilbar.dll, www.shiyongsousuo.com>
[Update Class]
  {9F1C11AA-197B-4942-BA54-47A8489BB47F} <C:\WINDOWS\System32\iuctl.dll, Microsoft Corporation>
[&使用比邻下载(&B)]
  <C:\Documents and Settings\Fantasy\blin\ctxmenu.htm, N/A>
[使用Web迅雷下载]
  <d:\WebThunder\GetUrl.htm, N/A>
[使用Web迅雷下载全部链接]
  <d:\WebThunder\GetAllUrl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://D:\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到雅虎订阅(&Y)]
  <res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrss.dll/YRSSMENUEXT, N/A>
[访问通用网址]
  <C:\Program Files\CNNIC\Cdn\cnnic.htm, N/A>
[雅虎搜索]
  <res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar0.dll/203, N/A>

==================================

==================================
正在运行的进程
[PID: 600][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 676][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 700][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\winlib .dll]  [N/A, ]
    [C:\WINDOWS\System32\cdnns.dll]  [CNNIC, 2, 0, 0, 0]
[PID: 364][C:\WINDOWS\Explorer.exe]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\AcSignIcon.dll]  [Autodesk, 16.1.63.0]
    [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll]  [Autodesk, 16.1.63.0]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [CNNIC, 2, 2, 0, 1]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 11]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [CNNIC, 2, 5, 0, 0]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [d:\WinRAR\rarext.dll]  [N/A, ]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [d:\WebThunder\WebThunderBHO_016.dll]  [Thunder Networking Technologies,LTD, 6, 0, 0, 5]
    [d:\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx]  [, 1, 0, 0, 1]
    [C:\Program Files\superutilbar\superutilbar.dll]  [www.shiyongsousuo.com, 2, 1, 8, 24]
[PID: 412][C:\Program Files\CNNIC\Cdn\cdnup.exe]  [CNNIC, 2, 5, 0, 8]
    [C:\Program Files\CNNIC\Cdn\cdnuplib.dll]  [CNNIC, 2, 5, 0, 11]
    [C:\Program Files\CNNIC\Cdn\cdnprh.dll]  [CNNIC, 2, 4, 0, 7]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [CNNIC, 2, 5, 0, 0]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 11]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [CNNIC, 2, 2, 0, 1]
    [C:\Program Files\CNNIC\Cdn\cdntdns.dll]  [CNNIC, 2, 2, 0, 3]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 520][C:\Program Files\Rising\AntiSpyware\runiep.exe]  [Beijing Rising Technology Co., Ltd., 1, 0, 1, 4]
    [C:\Program Files\Rising\AntiSpyware\iep_ctrl.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [CNNIC, 2, 2, 0, 1]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 11]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [CNNIC, 2, 5, 0, 0]
[PID: 596][C:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [CNNIC, 2, 2, 0, 1]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 11]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [CNNIC, 2, 5, 0, 0]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 1260][D:\Acrobat 5.0\Distillr\AcroTray.exe]  [Adobe Systems Inc., 5, 0, 0, 0]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [CNNIC, 2, 2, 0, 1]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 11]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [CNNIC, 2, 5, 0, 0]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 1908][J:\常用软件原文件\新的\se\123.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [CNNIC, 2, 2, 0, 1]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 11]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [CNNIC, 2, 5, 0, 0]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

好我立刻去核实
谢谢

以下都在安全模式中操作

备份以下各项和对应文件，用SRENG删除以下各项和对应文件。删除不了的，用我前面说的工具试删除。
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe> [(Verified)Microsoft Windows XP Publisher]
<IpWins><C:\Program Files\Ipwindows\ipwins.exe> [N/A]

服务
[B76DD14A / B76DD14A][Stopped/Disabled]
<C:\WINDOWS\System32\B76DD14A.EXE -service><N/A>

驱动程序
[dhbjcdjh / dhbjcdjh][Stopped/Boot Start]
<\SystemRoot\system32\drivers\dhbjcdjh.sys><N/A>
[dminbi9 / dminbi90][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\dminbi90.sys><N/A>
[lqfxxy2 / lqfxxy29][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\lqfxxy29.sys><N/A>
[rnkouu6 / rnkouu63][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\rnkouu63.sys><N/A>
[ygqijx4 / ygqijx43][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\ygqijx43.sys><N/A>

浏览器加载项
[Sodui Search]
{35EC0410-555E-4402-B372-D9A6E0BF6795} <C:\WINDOWS\System32\winnbi90.dll, N/A>
[IEMonitor Class]
{08A312BB-5409-49FC-9347-54BB7D069AC6} <C:\Program Files\DeskAdTop\deskipn.dll, >
----------------------------------------------------------------------
用SRENG停止下面进程，并用我前面说的工具删除对应的文件。
正在运行的进程
[C:\WINDOWS\System32\winlib .dll] [N/A, ]
-----------------------------------------------------
另以下文件和各项不明。
请备份各注册项和对应文件，删除。

正在运行的进程
[PID: 1908][J:\常用软件原文件\新的\se\123.EXE] [Smallfrogs Studio, 2.4.12.806]

服务
[C#_NET_HowTo_TimeTrackerService / C#_NET_HowTo_TimeTrackerService][Stopped/Disabled]
<c:\program files\clarity consulting\c#.net how-to windows service - time track\how-to windows service demo.exe><Microsoft Corporation>

[Client IP-IPX / Client IP-IPX][Stopped/Disabled]
<"C:\WINDOWS\System32\svchosts.exe" -e te-110-12-0000321><N/A>

[HTTP Secure Manager / Hardware][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\System32\fdbop.dll><Microsoft Corporation>

[Navoct / Navoct][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\Program Files\iesnap\navoct.dll>< >

驱动程序
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
<System32\DRIVERS\npf.sys><CACE Technologies>
---------------------------------------------------------
重启电脑进入正常系统。
自己扫SRENG日志，也别发上来了，自己看吧。
如果大多注册项和对应文件仍然出现，就全格磁盘，重装系统吧。
如果不想全格，可以将各盘文件转移入最后一个磁盘，并且全部压缩。
删除原文件。
在重装系统时格掉其他各盘。在新系统启动后不要打开最后磁盘。
安装SSM，在这论坛学习使用方法。并且安装杀毒软件升级最新版本。
然后去解压缩你那些宝贝文件吧。
------------------------------------------------------------
还得记得新系统安装好后，啥事都别做，先去GHOST备份一下。