8.40

http://www.sysinternals.com/Files/Autoruns.zip

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ ALi5289ALiRAID Applicationc:\program files\uli5289\ali5289.exe

+ ATIPTAATI Desktop Control PanelATI Technologies, Inc.c:\program files\ati technologies\ati control panel\atiptaxx.exe

+ BigDogPathBIGDOGBIGDOGc:\windows\vm_sti.exe

+ RavMonRavMon Rising realtime monitor Beijing Rising Technology Co., Ltd.d:\program files\rising\rav\ravmon.exe

+ RavTimerRavTimerBeijing Rising Technology Co., Ltd.d:\program files\rising\rav\ravtimer.exe

+ SoundManRealtek Sound ManagerRealtek Semiconductor Corp.C:\WINDOWS\soundman.exe

+ SysExplrd:\program files\herosoft\hero 9\sysexplr.exe

+ TkBellExeRealNetworks SchedulerRealNetworks, Inc.c:\program files\common files\real\update_ob\realsched.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

+ RavStubRising Rav StubBeijing Rising Technology Co., Ltd.d:\program files\rising\rav\ravstub.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ HyperTerminal Icon ExtHyperTerminal Applet LibraryHilgraeve, Inc.c:\windows\system32\hticons.dll

+ RISINGRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\windows\system32\ravext.dll

+ Shell Extensions for RealOne PlayerRealPlayer Shell ExtensionsRealNetworks, Inc.d:\program files\real\realplayer\rpshell.dll

+ UnlockerShellExtensiond:\program files\unlocker\unlockercom.dll

+ WinRAR shell extensiond:\program files\winrar\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

+ ThunderIEHelper Classxunleibho BHOc:\windows\system32\xunleibho_v8.dll

HKLM\Software\Microsoft\Internet Explorer\Extensions

+ 豪杰超级解霸9Hero Super Player 9Herosoftd:\program files\herosoft\hero 9\sthsdvd.exe

HKLM\System\CurrentControlSet\Services

+ Ati HotKey Pollerc:\windows\system32\ati2evxx.exe

+ ATI SmartATI Smartc:\windows\system32\ati2sgag.exe

+ DriveHealthHard disk S.M.A.R.T. monitoring and failure predicting service.Helexis Software Developmentd:\program files\helexis\drive health\dhcore.exe

+ RfwServiceRising Personal Firewall ServiceBeijing Rising Technology Corporation Limitedd:\program files\rising\rfw\rfwsrv.exe

+ RsCCenterCCenterrisingd:\program files\rising\rav\ccenter.exe

+ RsRavMonRavMonBeijing Rising Technology Co., Ltd.d:\program files\rising\rav\ravmond.exe

+ SSMSSM 可实时追踪系统活动以阻止有害软件的恼人操作。System Safetyd:\program files\system safety monitor\ssmservice.exe

HKLM\System\CurrentControlSet\Services

+ ALCXWDMRealtek AC'97 Audio Driver (WDM)Realtek Semiconductor Corp.c:\windows\system32\drivers\alcxwdm.sys

+ AliIdeALi mini IDE DriverAcer Laboratories Inc.c:\windows\system32\drivers\aliide.sys

+ ati2mtagATI Radeon Miniport DriverATI Technologies Inc.c:\windows\system32\drivers\ati2mtag.sys

+ BaseTDIbasetdiRisingc:\windows\system32\drivers\basetdi.sys

+ d347busPnP BIOS Extension c:\windows\system32\drivers\d347bus.sys

+ d347prtSCSI miniport c:\windows\system32\drivers\d347prt.sys

+ ExpScanerExpScan.sysd:\program files\rising\rav\expscan.sys

+ HookContTDI HOOK DriverRising tech Co. ltdd:\program files\rising\rav\hookcont.sys

+ HookRegd:\program files\rising\rav\hookreg.sys

+ HookSys瑞星d:\program files\rising\rav\hooksys.sys

+ ip100xpIC Plus Corp.                                                                                                                                                                                                                                                c:\windows\system32\drivers\ipfnd51.sys

+ m5289ULi SATA RAID Controller DriverULi Electronics Inc.c:\windows\system32\drivers\m5289.sys

+ mcnahook.sysNative API Filter driver for System Safety MonitorSystem Safetyd:\program files\system safety monitor\mcnahook.sys

+ NPFNPF Driver - TME extensionsPolitecnico di Torinoc:\windows\system32\drivers\npf.sys

+ npkcryptnProtect KeyCrypt DriverINCA Internet Co., Ltd.d:\program files\tencent\qq\npkcrypt.sys

+ oreans32c:\windows\system32\drivers\oreans32.sys

+ PtilinkDirect Parallel Link DriverParallel Technologies, Inc.c:\windows\system32\drivers\ptilink.sys

+ RsFwDrvnt_fwdrvRisingd:\program files\rising\rfw\rsfwdrv.sys

+ SecdrvSafeDisc driverc:\windows\system32\drivers\secdrv.sys

+ uliagpkxULi AGPv3.0 Filter for K8/9 Processor PlatformsULi Electronics Inc.c:\windows\system32\drivers\agpkx.sys

+ ZSMC301bVideo streaming and Capture Device DriverVMc:\windows\system32\drivers\usbvm31b.sys

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

+ AtiExtEventc:\windows\system32\ati2evxx.dll

+ System Safety MonitorSystem Safety Winlogon NotificationSystem Safetyc:\windows\system32\ssmwinlogonex.dll

这个是8.4的

用procexp看看是那个程序启动的那个窗口

工具使用
http://forum.ikaka.com/topic.asp?board=28&artid=7318038&page=1第6楼

有没有试过清空一下临时文件夹~~

关闭IE，
IE》属性》删除文件（包括脱机文件）》确定
然后再重新启动下看看怎样~~？

引用:

【大猩的贴子】高手来看看啊^ ...........................

并，这样试下看看
结束rundll32.exe的运行（用任务管理器来结束）
修复下面这项（在HijackThis日志中）


O4 - 启动项HKLM\\Run: [mscfs] RUNDLL32 C:\WINDOWS\system32\msibm\cfsys.DLL,cfs
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

查找并删除
C:\WINDOWS\system32\msibm\cfsys.DLL

ProcessPIDCPUDescriptionCompany Name
System Idle Process028.79
Interruptsn/a3.03Hardware Interrupts
DPCsn/a4.55Deferred Procedure Calls
System4
  smss.exe460Windows NT Session ManagerMicrosoft Corporation
  csrss.exe516Client Server Runtime ProcessMicrosoft Corporation
  winlogon.exe540Windows NT Logon ApplicationMicrosoft Corporation
    services.exe5841.52Services and Controller appMicrosoft Corporation
    ati2evxx.exe756
    svchost.exe768Generic Host Process for Win32 ServicesMicrosoft Corporation
      UserClient.exe2592UserClient Microsoft 基础类应用程序
      TIMPlatform.exe3024TIMPlatformtencent
    svchost.exe824Generic Host Process for Win32 ServicesMicrosoft Corporation
    svchost.exe892Generic Host Process for Win32 ServicesMicrosoft Corporation
    svchost.exe940Generic Host Process for Win32 ServicesMicrosoft Corporation
    svchost.exe996Generic Host Process for Win32 ServicesMicrosoft Corporation
    RavMonD.exe1136RavMonBeijing Rising Technology Co., Ltd.
      RavStub.exe1400Rising Rav StubBeijing Rising Technology Co., Ltd.
    rfwsrv.exe1380Rising Personal FireWall ServiceBeijing Rising Technology Corporation Limited
      RfwMain.exe1628Rising Personal FireWall Main ProgramBeijing Rising Technology Corporation Limited
    spoolsv.exe1516Spooler SubSystem AppMicrosoft Corporation
    dhcore.exe2032Drive Health (service module)Helexis Software Development
    CCenter.exe180CCenterrising
    SSMService.exe380System Safety Monitor ServiceSystem Safety
      SysSafe.exe404Master ModuleSystem Safety
    svchost.exe392Generic Host Process for Win32 ServicesMicrosoft Corporation
    wdfmgr.exe412Windows User Mode Driver ManagerMicrosoft Corporation
    alg.exe1584Application Layer Gateway ServiceMicrosoft Corporation
    lsass.exe596LSA Shell (Export Version)Microsoft Corporation
    ati2evxx.exe1216
explorer.exe1268Windows ExplorerMicrosoft Corporation
realsched.exe1880RealNetworks SchedulerRealNetworks, Inc.
SysExplr.exe1208
SOUNDMAN.EXE2016Realtek Sound ManagerRealtek Semiconductor Corp.
RavTimer.exe2092RavTimerBeijing Rising Technology Co., Ltd.
RavMon.exe2208RavMon Rising realtime monitor Beijing Rising Technology Co., Ltd.
VM_STI.EXE2260BIGDOGBIGDOG
atiptaxx.exe2268ATI Desktop Control PanelATI Technologies, Inc.
ALi5289.exe2276ALiRAID Application
ctfmon.exe2296CTF LoaderMicrosoft Corporation
TTraveler.exe24523.03Tencent Traveler腾讯公司
QQ.exe3268QQTENCENT
  QQPet.exe3664QQ宠物腾讯公司
dhreport.exe880Drive Health (reporting tool)Helexis Software Development
IceSword.exe2712
TTPlayer.exe17601.52千千静听Alen Soft
BitComet.exe328446.97BitComet - a BitTorrent Clientwww.BitComet.com
Thunder.exe25561.52Thunder Networking Technologies,LTD
conime.exe3892Console IMEMicrosoft Corporation
procexp.exe27086.06Sysinternals Process ExplorerSysinternals

Process: winlogon.exe Pid: 540

打开注册表以DTSERV*.dll搜索，判断是否有对应路径的键值，予以删除

没有诶

搞掉了,注册表里找到那项了,删了后重启就好了
多谢各位的帮忙啊