Igxgzo.dell  C:\WINDOWS\system32  Trojan.Agent.ddj
Bpwqdb.dll
Quyeeb.dll
Ikveh.dll
Hshvr.dll
Kpaz.dll
Mlcsm.dll
Oixd.dll
Cvku.dll
Ctnwe.dll
Bctns.dll
Mxgyy.dll
Gpwq.dll

请下载 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完，分次粘完，请不要修改。谢谢．．．

2006-09-02,19:06:22

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 1 (Build 2600)
- ¹ÜÀíȨÏÞÓû§ - ÍêÕû¹¦ÄÜ

ÒÔÏÂÄÚÈݱ»Ñ¡ÖУº
    ËùÓеÄÆô¶¯ÏîÄ¿£¨°üÀ¨×¢²á±í¡¢Æô¶¯Îļþ¼Ð¡¢·þÎñµÈ£©
    ä¯ÀÀÆ÷¼ÓÔØÏî
    ÕýÔÚÔËÐеĽø³Ì£¨°üÀ¨½ø³ÌÄ£¿éÐÅÏ¢£©
    Îļþ¹ØÁª


Æô¶¯ÏîÄ¿
×¢²á±í
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>  [Microsoft Corporation]
    <MsnMsgr><"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background>  [Microsoft Corporation]
    <MSMSGS><"C:\Program Files\Messenger\MSMSGS.EXE" /background>  [Microsoft Corporation]
    <H/PC Connection Agent><"C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE">  [Microsoft Corporation]
    <Skype><"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [Microsoft Corporation]
    <YLive.exe><C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe>  [ ]
    <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [Microsoft Corporation]
    <BigDog303><C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)>  []
    <stup.exe><C:\PROGRA~1\TENCENT\Adplus\stup.exe>  [Tencent]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <WebThunder><C:\Program Files\Thunder Network\WebThunder\WebThunder.exe>  [ÉîÛÚÊÐѸÀ×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾]
    <keyboard><C:\\kybrdff_15.exe>  [wjrjwhf8er87eererr9re8re8re98re89re]
    <defender><C:\\dfndrff_15.exe>  [rewfd qfec w4trfdck,65oidvfjui65jtu]
    <newname><C:\\nwnmff_15.exe>  [rtgtrgfrfugiv8ui6rf8954986783]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{D3383470-0462-4272-9395-226CB110D8DF}><C:\WINDOWS\System32\Igxgzo.dll>  []
    <{B0CD1884-C6A7-477E-9A9A-03071D32D93D}><C:\WINDOWS\System32\Bpwqdb.dll>  []
    <{1ABFF8A0-5FB9-41A2-AA23-29E55EEA0F83}><C:\WINDOWS\System32\Quyeeb.dll>  []
    <{AA1DAF7B-EAB7-47AB-930B-766D45CAA86C}><C:\WINDOWS\System32\Ikveh.dll>  []
    <{BD83EE75-8B5E-4BC8-AD34-030297DB3633}><C:\WINDOWS\System32\Hshvr.dll>  []
    <{2C3A3130-1E7C-43DD-B5DC-95AADD90EE72}><C:\WINDOWS\System32\Kpaz.dll>  []
    <{C4CACEBB-E8DB-4DA6-9E30-CEE398C35DBC}><C:\WINDOWS\System32\Mlcsm.dll>  []
    <{E8529D2A-90F7-4A99-8808-06CE682BB5EF}><C:\WINDOWS\System32\Oixd.dll>  []
    <{94EE129B-8E7A-49B6-91E1-7E3F5A7E0DFF}><C:\WINDOWS\System32\Cvku.dll>  []
    <{D2D7D24E-99C6-4491-8505-7766F8FAD677}><C:\WINDOWS\System32\Ctnwe.dll>  []
    <{9DB9D7B8-C937-4ECB-97EE-B368AFAB349F}><C:\WINDOWS\System32\Bctns.dll>  []
    <{BB25BA76-A087-413B-A688-93EFF148EB19}><C:\WINDOWS\System32\Mxgyy.dll>  []
    <{791FE7C6-0129-466B-B766-688202D5508F}><C:\WINDOWS\System32\Gpwq.dll>  []
    <{39071F9A-7C4E-48BF-8D3D-1A4F51BFF1D8}><C:\WINDOWS\System32\Hfeg.dll>  []
    <{3F671DD7-6083-4377-97C0-3CCB636D04BD}><C:\WINDOWS\System32\Isids.dll>  []
    <{30A42E24-0A48-4C80-B971-9ADFB2D59F91}><C:\WINDOWS\System32\Duivu.dll>  []
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IME]
    <WinlogonNotify: IME><C:\WINDOWS\system32\ktr8l79u1.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Syncmgr]
    <WinlogonNotify: Syncmgr><C:\WINDOWS\system32\sqrrnchs.dll>  []

Æô¶¯Îļþ¼Ð
[ÌÚѶQQ]
  <C:\Documents and Settings\chenrong.IMAGE\¡¸¿ªÊ¼¡¹²Ëµ¥\³ÌÐò\Æô¶¯\ÌÚѶQQ.lnk><N>

==================================
·þÎñ
[Remote Reader Machine / Remote Reader Machine]
  <"C:\WINDOWS\system32\ssmc.exe"><N/A>

==================================
ä¯ÀÀÆ÷¼ÓÔØÏî
[bho Class]
  {ED8DFC5C-10EF-45AB-9DC2-0639AFF5A270} <C:\PROGRA~1\COMMON~1\Wnwb\wnwbio.dll, ÉîÛÚÊÀÇ¿Èí¼þ¿ª·¢²¿>
[Create Mobile Favorite]
  {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} <C:\Program Files\Microsoft ActiveSync\INetRepl.dll, Microsoft Corporation>
[Create Mobile Favorite]
  {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} <C:\Program Files\Microsoft ActiveSync\INetRepl.dll, Microsoft Corporation>
[ÐÅÏ¢¼ìË÷(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[Æô¶¯WebѸÀ×]
  {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[FlashGet]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\flashget.exe, Amaze Soft>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, ÉîÛÚÊÐÌÚѶ¼ÆËã»úϵͳÓÐÏÞ¹«Ë¾>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\MSMSGS.EXE, Microsoft Corporation>
[µç̨(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft>
[ÑÅ»¢ÖúÊÖ]
  {406F94F0-504F-4a40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll, Yahoo!>
[CopySo¿½±´ËÑ]
  {40987A5C-6AB8-4977-8BE9-A8889DE2EDCC} <C:\Program Files\Copyso\CopysoIE.dll, ÉîÛÚÊÀÇ¿Èí¼þ¿ª·¢²¿ www.CopySo.com >
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[ÉÏ´«µ½QQÍøÂçÓ²ÅÌ]
  <C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[ʹÓÃWebѸÀ×ÏÂÔØ]
  <C:\Program Files\Thunder Network\WebThunder\GetUrl.htm, N/A>
[ʹÓÃWebѸÀ×ÏÂÔØÈ«²¿Á´½Ó]
  <C:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm, N/A>
[ʹÓÃÍø¼Ê¿ì³µÏÂÔØ]
  <C:\PROGRA~1\FLASHGET\jc_link.htm, N/A>
[ʹÓÃÍø¼Ê¿ì³µÏÂÔØÈ«²¿Á´½Ó]
  <C:\PROGRA~1\FLASHGET\jc_all.htm, N/A>
[µ¼³öµ½ Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[Ìí¼Óµ½QQ×Ô¶¨ÒåÃæ°å]
  <C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[Ìí¼Óµ½QQ±íÇé]
  <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[Ìí¼Óµ½ÑÅ»¢¶©ÔÄ(&Y)]
  <res://C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yrss.dll/YRSSMENUEXT, N/A>
[ÓÃQQ²ÊÐÅ·¢Ë͸ÃͼƬ]
  <C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>
[ÑÅ»¢ËÑË÷]
  <res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/246, N/A>

ÕýÔÚÔËÐеĽø³Ì
[PID: 1216][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.2800.1106 (xpsp1.020828-1920)>
    [C:\WINDOWS\System32\Igxgzo.dll]  <N/A><N/A>
    [C:\WINDOWS\System32\Bpwqdb.dll]  <N/A><N/A>
    [C:\WINDOWS\System32\Quyeeb.dll]  <N/A><N/A>
    [C:\WINDOWS\System32\Ikveh.dll]  <N/A><N/A>
    [C:\WINDOWS\System32\Hshvr.dll]  <N/A><N/A>
    [C:\WINDOWS\System32\Kpaz.dll]  <N/A><N/A>
    [C:\WINDOWS\System32\Mlcsm.dll]  <N/A><N/A>
    [C:\WINDOWS\System32\Oixd.dll]  <N/A><N/A>
    [C:\WINDOWS\System32\Cvku.dll]  <N/A><N/A>
    [C:\WINDOWS\System32\Ctnwe.dll]  <N/A><N/A>
    [C:\WINDOWS\System32\Bctns.dll]  <N/A><N/A>
    [C:\WINDOWS\System32\Mxgyy.dll]  <N/A><N/A>
    [C:\WINDOWS\downlo~1\Cgeru.dll]  <Tencent><4, 2, 2, 21>
    [C:\WINDOWS\System32\Gpwq.dll]  <N/A><N/A>
    [C:\WINDOWS\System32\Hfeg.dll]  <N/A><N/A>
    [C:\WINDOWS\System32\Isids.dll]  <N/A><N/A>
    [C:\WINDOWS\System32\Duivu.dll]  <N/A><N/A>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 5, 1022>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\YAlive.dll]  <><2, 0, 5, 1031>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]  < ><2, 0, 1, 1007>
    [C:\WINDOWS\downlo~1\Qyzrtr.dll]  <Tencent><4, 2, 2, 21>
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><19, 0, 0, 2>
    [C:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\RavExt.dll]  <Beijing Rising Technology Co., Ltd.><19, 0, 0, 7>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ywiper.dll]  <N/A><1, 0, 1, 1014>
[PID: 344][C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe]  < ><2, 0, 0, 1002>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 5, 1022>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\YAlive.dll]  <><2, 0, 5, 1031>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]  < ><2, 0, 1, 1007>
    [C:\WINDOWS\downlo~1\Cgeru.dll]  <Tencent><4, 2, 2, 21>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Ynotifier.dll]  <><1, 0, 0, 5>
[PID: 1496][C:\WINDOWS\VM303_STI.EXE]  <Vimicro><4, 3, 625, 61>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 5, 1022>
    [C:\WINDOWS\System32\msdmo.dll]  <N/A><N/A>
    [C:\WINDOWS\downlo~1\Cgeru.dll]  <Tencent><4, 2, 2, 21>
[PID: 388][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  <RealNetworks, Inc.><0.1.0.3512>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 5, 1022>
[PID: 1592][C:\kybrdff_15.exe]  <wjrjwhf8er87eererr9re8re8re98re89re><1.00.0168>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 5, 1022>
    [C:\WINDOWS\downlo~1\Cgeru.dll]  <Tencent><4, 2, 2, 21>
[PID: 1372][C:\nwnmff_15.exe]  <rtgtrgfrfugiv8ui6rf8954986783><1.00.0362>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 5, 1022>
    [C:\WINDOWS\downlo~1\Cgeru.dll]  <Tencent><4, 2, 2, 21>
[PID: 1316][C:\WINDOWS\System32\ctfmon.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
    [C:\WINDOWS\downlo~1\Cgeru.dll]  <Tencent><4, 2, 2, 21>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 5, 1022>
[PID: 3016][C:\Program Files\Messenger\MSMSGS.EXE]  <Microsoft Corporation><4.7.2009>
    [C:\WINDOWS\downlo~1\Cgeru.dll]  <Tencent><4, 2, 2, 21>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 5, 1022>
    [C:\WINDOWS\System32\msdmo.dll]  <N/A><N/A>
[PID: 3276][C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE]  <Microsoft Corporation><3.7.1.4034>
    [C:\WINDOWS\downlo~1\Cgeru.dll]  <Tencent><4, 2, 2, 21>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 5, 1022>
[PID: 2864][C:\Program Files\Rising\Rav\RavTask.exe]  <Beijing Rising Technology Co., Ltd.><19, 0, 0, 4>
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><19, 0, 0, 2>
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [C:\Program Files\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 12>
    [C:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [C:\WINDOWS\downlo~1\Cgeru.dll]  <Tencent><4, 2, 2, 21>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 5, 1022>

[PID: 3068][C:\Program Files\Rising\Rav\Rav.exe]  <Beijing Rising Technology Co., Ltd.><19, 0, 0, 20>
    [C:\Program Files\Rising\Rav\PlugIn\RsPgScan.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 17>
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [C:\Program Files\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 12>
    [C:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [C:\Program Files\Rising\Rav\RavUI.Dll]  <Beijing Rising Technology Co., Ltd.><19, 0, 0, 20>
    [C:\Program Files\Rising\Rav\RsGuiLib.dll]  <Beijing Rising Technology Co., Ltd.><19, 0, 0, 19>
    [C:\Program Files\Rising\Rav\RsXML.dll]  <Beijing Rising Technology Co., Ltd.><19, 0, 0, 2>
    [C:\WINDOWS\downlo~1\Cgeru.dll]  <Tencent><4, 2, 2, 21>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 5, 1022>
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><19, 0, 0, 2>
    [C:\Program Files\Rising\Rav\Scanner.dll]  <Beijing Rising Technology Co., Ltd.><19, 0, 0, 6>
    [C:\Program Files\Rising\Rav\BWList.dll]  <Beijing Rising Technology Co., Ltd.><19, 0, 0, 5>
    [C:\Program Files\Rising\Rav\libload.dll]  <Beijing Rising Technology Co., Ltd.><19, 0, 0, 8>
    [C:\Program Files\Rising\Rav\VirusLib.dll]  <Beijing Rising Technology Co., Ltd.><19, 0, 0, 5>
    [C:\Program Files\Rising\Rav\MVEngine.dll]  <Beijing Rising Technology Co., Ltd.><19, 0, 0, 7>
    [C:\Program Files\Rising\Rav\Engine.dll]  <Beijing Rising Technology Co., Ltd.><19, 0, 0, 14>
    [C:\Program Files\Rising\Rav\ScanExec.dll]  <Beijing Rising Technology Co., Ltd.><19, 0, 0, 7>
    [C:\Program Files\Rising\Rav\Unpacker.dll]  <Beijing Rising Technology Co., Ltd.><19, 0, 0, 7>
    [C:\Program Files\Rising\Rav\UnExe.dll]  <Beijing Rising Technology Co., Ltd.><19, 0, 0, 5>
    [C:\Program Files\Rising\Rav\ScanEx.dll]  <Beijing Rising Technology Co., Ltd.><19, 0, 0, 8>
    [C:\Program Files\Rising\Rav\PostTrt.dll]  <Beijing Rising Technology Co., Ltd.><19, 0, 0, 4>
    [C:\Program Files\Rising\Rav\NvFile.dll]  <Beijing Rising Technology Co., Ltd.><19, 0, 0, 7>
    [C:\Program Files\Rising\Rav\ScanMac.dll]  <Beijing Rising Technology Co., Ltd.><19, 0, 0, 7>
    [C:\Program Files\Rising\Rav\ScanSct.dll]  <Beijing Rising Technology Co., Ltd.><19, 0, 0, 8>
    [C:\Program Files\Rising\Rav\ExtMail.dll]  <Beijing Rising Technology Co., Ltd.><19, 0, 0, 9>
    [C:\Program Files\Rising\Rav\ExtOLE.dll]  <Beijing Rising Technology Co., Ltd.><19, 0, 0, 7>
    [C:\Program Files\Rising\Rav\ExtFile.dll]  <Beijing Rising Technology Co., Ltd.><19, 0, 0, 14>
    [C:\Program Files\Rising\Rav\ScanPack.dll]  <Beijing Rising Technology Co., Ltd.><19, 0, 0, 9>
    [C:\Program Files\Rising\Rav\RsVM.dll]  <N/A><19, 0, 0, 3>
    [C:\Program Files\Rising\Rav\RsStore.dll]  <Beijing Rising Technology Co., Ltd.><19, 0, 0, 2>
    [C:\Program Files\Rising\Rav\RsLog.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 20>
    [C:\Program Files\Rising\Rav\ScanNet.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [C:\Program Files\Rising\Rav\Uscript.dll]  <Beijing Rising Technology Co., Ltd.><19, 0, 0, 10>
    [C:\Program Files\Rising\Rav\Uroutine.dll]  <Beijing Rising Technology Co., Ltd.><19, 0, 0, 8>
    [C:\WINDOWS\System32\Igxgzo.dll]  <N/A><N/A>
    [C:\WINDOWS\System32\Bpwqdb.dll]  <N/A><N/A>
    [C:\WINDOWS\System32\Quyeeb.dll]  <N/A><N/A>
    [C:\WINDOWS\System32\Ikveh.dll]  <N/A><N/A>
    [C:\WINDOWS\System32\Hshvr.dll]  <N/A><N/A>
    [C:\WINDOWS\System32\Kpaz.dll]  <N/A><N/A>
    [C:\WINDOWS\System32\Mlcsm.dll]  <N/A><N/A>
    [C:\WINDOWS\System32\Oixd.dll]  <N/A><N/A>
    [C:\WINDOWS\System32\Cvku.dll]  <N/A><N/A>
    [C:\WINDOWS\System32\Ctnwe.dll]  <N/A><N/A>
    [C:\WINDOWS\System32\Bctns.dll]  <N/A><N/A>
    [C:\WINDOWS\System32\Mxgyy.dll]  <N/A><N/A>
    [C:\WINDOWS\System32\Gpwq.dll]  <N/A><N/A>
    [C:\WINDOWS\System32\Hfeg.dll]  <N/A><N/A>
    [C:\WINDOWS\System32\Isids.dll]  <N/A><N/A>
    [C:\WINDOWS\System32\Duivu.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\RavExt.dll]  <Beijing Rising Technology Co., Ltd.><19, 0, 0, 7>
    [C:\Program Files\Rising\Rav\ScanElf.dll]  <Beijing Rising Technology Co., Ltd.><19, 0, 0, 7>
[PID: 2960][C:\Program Files\Rising\Rav\RavMon.exe]  <Beijing Rising Technology Co., Ltd.><19, 0, 0, 20>
    [C:\Program Files\Rising\Rav\RsGuiLib.dll]  <Beijing Rising Technology Co., Ltd.><19, 0, 0, 19>
    [C:\Program Files\Rising\Rav\BWList.dll]  <Beijing Rising Technology Co., Ltd.><19, 0, 0, 5>
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [C:\Program Files\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 12>
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><19, 0, 0, 2>
    [C:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [C:\Program Files\Rising\Rav\RsXML.dll]  <Beijing Rising Technology Co., Ltd.><19, 0, 0, 2>
    [C:\Program Files\Rising\Rav\PngDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [C:\WINDOWS\downlo~1\Cgeru.dll]  <Tencent><4, 2, 2, 21>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 5, 1022>
[PID: 684][C:\Program Files\Rising\Rav\RsAgent.exe]  <Beijing Rising Technology Co., Ltd.><19, 0, 0, 5>
    [C:\WINDOWS\downlo~1\Cgeru.dll]  <Tencent><4, 2, 2, 21>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 5, 1022>
    [C:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
[PID: 1960][C:\WINDOWS\msagent\AgentSvr.exe]  <Microsoft Corporation><2.00.0.3422>
    [C:\WINDOWS\downlo~1\Cgeru.dll]  <Tencent><4, 2, 2, 21>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 5, 1022>
[PID: 620][C:\Program Files\Rising\Rav\FileDsty.exe]  <Beijing Rising Technology Co., Ltd.><19, 0, 0, 17>
    [C:\Program Files\Rising\Rav\RsGuiLib.dll]  <Beijing Rising Technology Co., Ltd.><19, 0, 0, 19>
    [C:\Program Files\Rising\Rav\RsCommx.dll]  <rising><18, 0, 0, 1>
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><19, 0, 0, 2>
    [C:\Program Files\Rising\Rav\RsXML.dll]  <Beijing Rising Technology Co., Ltd.><19, 0, 0, 2>
    [C:\Program Files\Rising\Rav\PngDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [C:\WINDOWS\downlo~1\Cgeru.dll]  <Tencent><4, 2, 2, 21>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 5, 1022>
[PID: 3560][C:\Program Files\Internet Explorer\iexplore.exe]  <Microsoft Corporation><6.00.2800.1106 (xpsp1.020828-1920)>
    [C:\WINDOWS\downlo~1\Cgeru.dll]  <Tencent><4, 2, 2, 21>
    [C:\WINDOWS\downlo~1\Qyzrtr.dll]  <Tencent><4, 2, 2, 21>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 5, 1022>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\yscrblock.dll]  <Yahoo><1, 0, 2, 1002>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\YAlive.dll]  <><2, 0, 5, 1031>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]  < ><2, 0, 1, 1007>
    [C:\Program Files\Copyso\CopysoIE.dll]  <ÉîÛÚÊÀÇ¿Èí¼þ¿ª·¢²¿ www.CopySo.com ><2005, 8, 16, 1>
    [C:\PROGRA~1\COMMON~1\Wnwb\wnwbio.dll]  <ÉîÛÚÊÀÇ¿Èí¼þ¿ª·¢²¿><2005, 8, 30, 1>
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\WINDOWS\System32\Macromed\Flash\Flash8.ocx]  <Macromedia, Inc.><8,0,22,0>
    [C:\WINDOWS\System32\WNWBIO.IME]  <ÉîÛÚÊÀÇ¿Èí¼þ¿ª·¢²¿ www.wnwb.com ><2005, 1, 31, 1>
    [C:\WINDOWS\System32\WNWB.IME]  <ÉîÛÚÊÀÇ¿Èí¼þ¿ª·¢²¿ www.wnwb.com ><2005, 7, 5, 1>
    [C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_013.dll]  <Thunder Networking Technologies,LTD><6, 0, 0, 4>
[PID: 3568][C:\Program Files\Thunder Network\WebThunder\WebThunder.exe]  <ÉîÛÚÊÐѸÀ×ÍøÂç¼¼ÊõÓÐÏÞ¹«Ë¾><1, 2, 3, 52>
    [C:\Program Files\Thunder Network\WebThunder\taskmanage.dll]  <Thunder Networking Technologies,LTD><1, 1, 0, 45>
    [C:\Program Files\Thunder Network\WebThunder\download_interface.dll]  <Thunder Networking Technologies,LTD><1, 0, 4, 71>
    [C:\Program Files\Thunder Network\WebThunder\asyn_dns.dll]  <N/A><N/A>
    [C:\Program Files\Thunder Network\WebThunder\RegisterDll.dll]  <Thunder Networking Technologies,LTD><2, 1, 0, 24>
    [C:\WINDOWS\downlo~1\Cgeru.dll]  <Tencent><4, 2, 2, 21>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 5, 1022>
    [C:\Program Files\Thunder Network\WebThunder\historyinfo_manage.dll]  <Thunder Networking Technologies,LTD><5, 2, 0, 150>
    [C:\Program Files\Thunder Network\WebThunder\UpdateDownload.dll]  <Thunder Networking Technologies,LTD><1, 0, 1, 8>
    [C:\Program Files\Thunder Network\WebThunder\UpdateExec.dll]  <Thunder Networking Technologies,LTD><1, 0, 1, 5>
    [C:\Program Files\Thunder Network\WebThunder\iEmbedShell.dll]  <¡¡><1, 0, 0, 10>
    [C:\Program Files\Thunder Network\WebThunder\iEmbed03.dll]  <¡¡><2, 2, 1, 33>
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[PID: 3884][C:\Program Files\WinRAR\WinRAR.exe]  <N/A><N/A>
    [C:\WINDOWS\downlo~1\Cgeru.dll]  <Tencent><4, 2, 2, 21>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 5, 1022>
    [C:\WINDOWS\System32\Hfeg.dll]  <N/A><N/A>
    [C:\WINDOWS\System32\Isids.dll]  <N/A><N/A>
    [C:\WINDOWS\System32\Duivu.dll]  <N/A><N/A>
[PID: 3092][C:\DOCUME~1\CHENRO~1.IMA\LOCALS~1\Temp\Rar$EX04.999\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>
    [C:\WINDOWS\downlo~1\Cgeru.dll]  <Tencent><4, 2, 2, 21>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 5, 1022>

Îļþ¹ØÁª
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock ÌṩÕß

- ¹ÜÀíȨÏÞÓû§ - ÍêÕû¹¦ÄÜ

ÒÔÏÂÄÚÈݱ»Ñ¡ÖУº
ËùÓеÄÆô¶¯ÏîÄ¿£¨°üÀ¨×¢²á±í¡¢Æô¶¯Îļþ¼Ð¡¢·þÎñµÈ£©
ä¯ÀÀÆ÷¼ÓÔØÏî
ÕýÔÚÔËÐеĽø³Ì£¨°üÀ¨½ø³ÌÄ£¿éÐÅÏ¢£©
Îļþ¹ØÁª


Æô¶¯ÏîÄ¿
×¢²á±í
楼主的系统被破坏得很严重,很多乱码

<{D3383470-0462-4272-9395-226CB110D8DF}><C:\WINDOWS\System32\Igxgzo.dll> []
<{B0CD1884-C6A7-477E-9A9A-03071D32D93D}><C:\WINDOWS\System32\Bpwqdb.dll> []
<{1ABFF8A0-5FB9-41A2-AA23-29E55EEA0F83}><C:\WINDOWS\System32\Quyeeb.dll> []
<{AA1DAF7B-EAB7-47AB-930B-766D45CAA86C}><C:\WINDOWS\System32\Ikveh.dll> []
<{BD83EE75-8B5E-4BC8-AD34-030297DB3633}><C:\WINDOWS\System32\Hshvr.dll> []
<{2C3A3130-1E7C-43DD-B5DC-95AADD90EE72}><C:\WINDOWS\System32\Kpaz.dll> []
<{C4CACEBB-E8DB-4DA6-9E30-CEE398C35DBC}><C:\WINDOWS\System32\Mlcsm.dll> []
<{E8529D2A-90F7-4A99-8808-06CE682BB5EF}><C:\WINDOWS\System32\Oixd.dll> []
<{94EE129B-8E7A-49B6-91E1-7E3F5A7E0DFF}><C:\WINDOWS\System32\Cvku.dll> []
<{D2D7D24E-99C6-4491-8505-7766F8FAD677}><C:\WINDOWS\System32\Ctnwe.dll> []
<{9DB9D7B8-C937-4ECB-97EE-B368AFAB349F}><C:\WINDOWS\System32\Bctns.dll> []
<{BB25BA76-A087-413B-A688-93EFF148EB19}><C:\WINDOWS\System32\Mxgyy.dll> []
<{791FE7C6-0129-466B-B766-688202D5508F}><C:\WINDOWS\System32\Gpwq.dll> []
<{39071F9A-7C4E-48BF-8D3D-1A4F51BFF1D8}><C:\WINDOWS\System32\Hfeg.dll> []
<{3F671DD7-6083-4377-97C0-3CCB636D04BD}><C:\WINDOWS\System32\Isids.dll> []
<{30A42E24-0A48-4C80-B971-9ADFB2D59F91}><C:\WINDOWS\System32\Duivu.dll> []
这么多病毒...
建议楼主重装,这样来得快,又干净

安全模式下sha