我好象中了9505,7939,7b等病毒,主页被锁定成9505,内存似乎不够用了,玩大一点的游戏如san11玩不了(双击了san11后半天没反应,进不去),打开任务管理器,物理内存可用数比以前少很多,只有不到1万.刚刚学会用hj扫了一下,但自己不会处理.请高手帮忙.

HijackThis_815汉化版扫描日志 V1.99.1
保存于      2:20:53, 日期 2006-10-6
操作系统：  Windows 2000 SP4 (WinNT 5.00.2195)
浏览器：    Internet Explorer v6.00 SP1 (6.00.2800.1106)

当前运行的进程：         
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\rising\Rav\CCenter.exe
C:\Program Files\rising\Rav\Ravmond.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\rising\Rav\RavStub.exe
C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
C:\WINNT\system32\MSTask.exe
d:\Shihua-ds\pcservice.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
c:\program files\rising\rfw\RfwMain.exe
G:\Program Files\AlfaClock\AlfaClock.exe
C:\Program Files\rising\Rav\RavTask.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\internat.exe
C:\Program Files\rising\Rav\Ravmon.exe
I:\反病毒软件\hijackthis\Hijackthis1991zww\HijackThis1991zww.exe

R3 - URLSearchHook: (no name) - {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - (no

file)
O1 - Hosts: 219.139.58.97 www.hao123.com
O1 - Hosts: 219.139.58.97 hao123.com
O1 - Hosts: 219.139.58.97 www.7b.com.cn
O1 - Hosts: 219.139.58.97 7b.com.cn
O1 - Hosts: 219.139.58.97 www.7939.com
O1 - Hosts: 219.139.58.97 7939.com
O1 - Hosts: 219.139.58.97 www.maohehe.com
O1 - Hosts: 219.139.58.97 maohehe.com
O1 - Hosts: 219.139.58.97 www.sina-baidu.com
O1 - Hosts: 219.139.58.97 sina-baidu.com
O1 - Hosts: 219.139.58.97 60.191.60.107
O1 - Hosts: 219.139.58.97 www.maipao.com
O1 - Hosts: 219.139.58.97 maipao.com
O1 - Hosts: 219.139.58.97 update.virussky.com
O1 - Hosts: 219.139.58.97 down.virussky.com
O1 - Hosts: 219.139.58.97 219.139.58.97
O1 - Hosts: 219.139.58.97 59.34.148.81
O1 - Hosts: 219.139.58.97 60.191.60.114
O1 - Hosts: 219.139.58.97 www.ycdy.com
O1 - Hosts: 219.139.58.97 ycdy.com
O1 - Hosts: 219.139.58.97 www.2tu.cn
O1 - Hosts: 219.139.58.97 2tu.cn
O1 - Hosts: 219.139.58.97 www.91tu.cn
O1 - Hosts: 219.139.58.97 91tu.cn
O1 - Hosts: 219.139.58.97 www.haotop.com
O1 - Hosts: 219.139.58.97 news01.virussky.com
O1 - Hosts: 219.139.58.97 news02.virussky.com
O1 - Hosts: 219.139.58.97 news03.virussky.com
O1 - Hosts: 219.139.58.97 news04.virussky.com
O1 - Hosts: 219.139.58.97 www.an85.com
O1 - Hosts: 219.139.58.97 an85.com
O2 - BHO: 超级兔子上网精灵 - {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} -

C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll
O3 - IE工具栏增项: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} -

G:\PROGRA~1\FlashGet\fgiebar.dll
O3 - IE工具栏增项: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINNT\System32\msdxm.ocx
O3 - IE工具栏增项: (no name) - {F60C7D81-8471-4D40-AAFE-56D318F34C2D} - (no

file)
O3 - IE工具栏增项: 超级兔子上网精灵 - {43869BB3-22FD-4F15-9B46-238106BA2F4E}

- C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll
O4 - 启动项HKLM\\Run: [WheelMouse] ; g:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - 启动项HKLM\\Run: [Synchronization Manager] ; mobsync.exe /logon
O4 - 启动项HKLM\\Run: [DAEMON Tools-1033] ; "C:\Program

Files\D-Tools\daemon.exe"  -lang 1033
O4 - 启动项HKLM\\Run: [100% Clock] G:\Program Files\AlfaClock\AlfaClock.exe
O4 - 启动项HKLM\\Run: [RfwMain] "C:\Program Files\rising\Rfw\rfwmain.exe"

-Startup
O4 - 启动项HKLM\\Run: [TkBellExe] ; "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe"  -osboot
O4 - 启动项HKLM\\Run: [LZDDZ.exe] ; G:\Program Files\联众斗地主记牌器

\LZDDZ.exe
O4 - 启动项HKLM\\Run: [POPO2004] ;
O4 - 启动项HKLM\\Run: [RavTask] "C:\Program Files\rising\Rav\RavTask.exe"

-system
O4 - 启动项HKLM\\Run: [Install Alitalk] ; C:\WINNT\temp\alitalk\alitalk.exe

-hideframe
O4 - 启动项HKLM\\Run: [R] C:\WINNT\system32\rundll32.exe radm.dll s
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [updatereal] ; C:\WINNT\realupdate.exe other
O4 - HKCU\..\Run: [msnnt] ; C:\WINNT\winampb.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program

Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - G:\Program Files\Thunder

Network\Thunder\Program\GetUrl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - G:\Program Files\Thunder

Network\Thunder\Program\GetAllUrl.htm
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - G:\Program

Files\Tencent\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - G:\Program

Files\FlashGet\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - G:\Program

Files\FlashGet\jc_all.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - G:\Program

Files\Tencent\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - G:\Program

Files\Tencent\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - G:\Program

Files\Tencent\SendMMS.htm
O9 - 浏览器额外的按钮: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} -

G:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - 浏览器额外的“工具”菜单项: 启动迅雷 -

{0062C9BD-B349-40DE-91A0-755F37ACD559} - G:\Program Files\Thunder

Network\Thunder\Thunder.exe
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -

C:\WINNT\web\related.htm
O9 - 浏览器额外的“工具”菜单项: Show &Related Links -

{c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} -

G:\Program Files\Tencent\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ -

{c95fe080-8f5d-11d2-a20b-00aa003c157b} - G:\Program Files\Tencent\QQ.EXE
O9 - 浏览器额外的按钮: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

(no file)
O9 - 浏览器额外的按钮: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -

G:\PROGRA~1\FlashGet\flashget.exe
O9 - 浏览器额外的“工具”菜单项: &FlashGet -

{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\PROGRA~1\FlashGet\flashget.exe
O9 - 浏览器额外的按钮: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} -

http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - 浏览器额外的“工具”菜单项: 修复浏览器 -

{ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} -

http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - 浏览器额外的按钮: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} -

http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O9 - 浏览器额外的“工具”菜单项: 清理上网记录 -

{FD00D911-7529-4084-9946-A29F1BDF4FE5} -

http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) -

https://www.sz1.cmbchina.com/download/CMBEdit.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) -

http://www.china-test.com/ScriptX.cab
O16 - DPF: {2EA6D939-4445-43F1-A12B-8CB3DDA8B855} -

http://www.bluesky.cn/download/v2_53.cab
O16 - DPF: {48FE89A0-486C-48DF-9DEC-BED22BDC6057} (XIsOro Control) -

http://www.sinago.com/download/OroCheck.cab
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) -

http://www2.hongweb.com:8888/talk.cab
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) -

https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {7D177A14-2BC4-46C4-A91F-9894273DD4A8} (BlueskyAudio Class) -

http://202.96.140.88/vchat/blueskyvoicee.dll
O16 - DPF: {9A0527C1-4D5F-4E45-9D28-6257F75EDDB1} -

http://download.imuweb.com/client/chatatwill/ie/imuiepls.cab
O16 - DPF: {9F19BEAE-816A-11D7-89F3-000021C0065E} (rdhdsn Class) -

http://www.dadou.cn/rs.cab
O16 - DPF: {A6FF8D1E-E687-497B-96AC-F5B359663440} (XLecture Control) -

http://www.sinago.com/lectureview/lectureview.cab
O16 - DPF: {A9E58728-1FA7-46CE-845D-44694EB11602} (XGiboView Control) -

http://www.sinago.com/giboview/giboview.cab
O16 - DPF: {ABA7CC7F-019D-47DB-A0D2-B3C2B3AC1B44} (Fc2Boot Class) -

http://219.146.1.213/world/system/fc2boot.cab
O16 - DPF: {AC036CB4-328D-4DB4-A707-4147B6C20266} -

http://manage.et66.com/chatroom/download/Launcher.cab
O16 - DPF: {BA0F088C-72C1-475A-92F8-42391DEF6961} -

http://www.bluesky.cn/download/blueskyvoice_26.cab
O16 - DPF: {C0C13879-6A17-429E-80F1-60B23FC1F720} (FcBoot Class) -

http://www.kele8.com/game/system/activex/fcboot.cab
O16 - DPF: {CF051549-EDE1-40F5-B440-BCD646CF2C25} (Ppinstall Control) -

http://www.163.com/wwwimages/sms/ppinstall22.cab
O16 - DPF: {EF9F1C48-1A63-495A-9317-B7B71B34A9CF} (Msp Class) -

http://ddddl.dudu.com/ddd/update/plugin/sinamsp.cab
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O23 - NT 服务: DefWatch - Unknown owner - G:\Program Files\NavNT\defwatch.exe

(file missing)
O23 - NT 服务: Logical Disk Manager Administrative Service (dmadmin) -

VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - NT 服务: Microsoft    NetWork  FireWall  Services - Unknown owner -

Net_Services.exe (file missing)
O23 - NT 服务: Microsoft NetWork FireWall Services - Unknown owner -

NetServices.exe (file missing)
O23 - NT 服务: PPPoE Service (PPPoEService) - Unknown owner -

C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe
O23 - NT 服务: Rising Proxy  Service (RfwProxySrv) - Beijing Rising

Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising

Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing

Rising Technology Co., Ltd. - C:\Program Files\rising\Rav\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co.,

Ltd. - C:\Program Files\rising\Rav\Ravmond.exe
O23 - NT 服务: Shihua Http Proxy Service (SHPS) - Unknown owner -

d:\Shihua-ds\pcservice.exe

另外分两次附上System Repair Engineer 2.2.6.605的扫描报告:


2006-10-06,02:41:24

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional Service Pack 4 (Build 2195)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <internat.exe><internat.exe>  [(Verified)Microsoft Corporation]
    <updatereal><; C:\WINNT\realupdate.exe other>  [N/A]
    <msnnt><; C:\WINNT\winampb.exe>  [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <boss><C:\WINNT\system32\friends.exe>  [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <WheelMouse><; g:\PROGRA~1\A4Tech\Mouse\Amoumain.exe>  [A4Tech Co.,Ltd.]
    <Synchronization Manager><; mobsync.exe /logon>  [(Verified)Microsoft Corporation]
    <DAEMON Tools-1033><; "C:\Program Files\D-Tools\daemon.exe"  -lang 1033>  [DAEMON'S HOME]
    <100% Clock><G:\Program Files\AlfaClock\AlfaClock.exe>  [AlfaSoft Research Labs]
    <RfwMain><"C:\Program Files\rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <LZDDZ.exe><; G:\Program Files\联众斗地主记牌器\LZDDZ.exe>  [N/A]
    <POPO2004><; >  [N/A]
    <RavTask><"C:\Program Files\rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <Install Alitalk><; C:\WINNT\temp\alitalk\alitalk.exe -hideframe>  [N/A]
    <R><C:\WINNT\system32\rundll32.exe radm.dll s>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINNT\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
    <WinlogonNotify: NavLogon><C:\WINNT\System32\NavLogon.dll>  [N/A]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINNT\system32\ssbezier.scr>  [(Verified)Microsoft Corporation]

==================================
启动文件夹
[Adobe Reader Speed Launch]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Reader Speed Launch.lnk --> C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE [Adobe Systems Incorporated]><H>

==================================
服务
[DefWatch / DefWatch]
  <G:\Program Files\NavNT\defwatch.exe><N/A>
[Logical Disk Manager Administrative Service / dmadmin]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Microsoft    NetWork  FireWall  Services / Microsoft    NetWork  FireWall  Services]
  <Net_Services.exe><N/A>
[Microsoft NetWork FireWall Services / Microsoft NetWork FireWall Services]
  <NetServices.exe><N/A>
[PPPoE Service / PPPoEService]
  <C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe><N/A>
[Rising Proxy  Service / RfwProxySrv]
  <c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
  <c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
  <"C:\Program Files\rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
  <"C:\Program Files\rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Shihua Http Proxy Service / SHPS]
  <d:\Shihua-ds\pcservice.exe><N/A>
[Portable Media Serial Number Service / WmdmPmSN]
  <C:\WINNT\System32\svchost.exe -k netsvcs-->C:\WINNT\System32\mspmsnsv.dll><Microsoft Corporation>

==================================
驱动程序
[A4Tech PS/2 Port Mouse Driver / Amps2prt]
  <System32\DRIVERS\Amps2prt.sys><A4Tech Co.,Ltd.>
[Standard IDE/ESDI Hard Disk Controller / atapi]
  <\SystemRoot\System32\DRIVERS\atapi.sys><N/A>
[Rising TDI Base Driver / BaseTDI]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[CDGscsi / CDGscsi]
  <\SystemRoot\System32\Drivers\cdgscsi.sys><N/A>
[Cdr4_2K / Cdr4_2K]
  <C:\WINNT\SYSTEM32\DRIVERS\Cdr4_2K.SYS><Roxio>
[Cdralw2k / Cdralw2k]
  <C:\WINNT\SYSTEM32\DRIVERS\Cdralw2k.SYS><Roxio>
[d346bus / d346bus]
  <\SystemRoot\system32\DRIVERS\d346bus.sys><>
[d346prt / d346prt]
  <\SystemRoot\System32\Drivers\d346prt.sys><>
[dmboot / dmboot]
  <System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio]
  <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload]
  <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[ElbyVCD / ElbyVCD]
  <\SystemRoot\System32\DRIVERS\ElbyVCD.sys><N/A>
[ENIMSR / ENIMSR]
  <\??\C:\PROGRA~1\EFFICI~1\ENTERN~1\app\ENIMSR.SYS><Microsoft Corporation>
[ExpScaner / ExpScaner]
  <\??\C:\Program Files\rising\Rav\ExpScan.sys><>
[Filter Service / FilterService]
  <System32\Drivers\nusbd.sys><OWC>
[GMSIPCI / GMSIPCI]
  <\??\F:\INSTALL\GMSIPCI.SYS><N/A>
[HookCont / HookCont]
  <\??\C:\Program Files\rising\Rav\HOOKCONT.sys><Rising tech Co. ltd>
[HookReg / HookReg]
  <\??\C:\Program Files\rising\Rav\HookReg.sys><>
[HookSys / HookSys]
  <\??\C:\Program Files\rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl]
  <\??\C:\Program Files\rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[jswmidin / jswmidin]
  <\??\C:\DOCUME~1\qlx\LOCALS~1\Temp\jswmidin.sys><N/A>
[MEMSCAN / MEMSCAN]
  <\??\C:\Program Files\rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs]
  <\??\c:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[NAVAPEL / NAVAPEL]
  <\??\G:\Program Files\NavNT\NAVAPEL.SYS><N/A>
[NEC PCI to USB Enhanced Host Controller / NECEHCD]
  <System32\Drivers\NEHCD.sys><OWC>
[New0 / New0]
  <\??\C:\WINNT\System32\new.sys><N/A>
[npkcrypt / npkcrypt]
  <\??\G:\Program Files\Tencent\npkcrypt.sys><INCA Internet Co., Ltd.>
[Efficient Networks Enternet P.P.P.o.E LAN  Miniport Driver / NTSPPPOE]
  <system32\DRIVERS\ntspppoe.sys><Microsoft Corporation>
[NTSTAP1 / NTSTAP1]
  <\??\C:\PROGRA~1\EFFICI~1\ENTERN~1\app\NTSTAP1.SYS><Network TeleSystems, Inc.>
[nv4 / nv4]
  <System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Star Force copy protection driver v4 / prodrv04]
  <\SystemRoot\System32\drivers\prodrv04.sys><Protection Technology Co.>
[StarForce Protection Environment Driver v6 / prodrv06]
  <\SystemRoot\System32\drivers\prodrv06.sys><Protection Technology>
[StarForce Protection Helper Driver v2 / prohlp02]
  <\SystemRoot\System32\drivers\prohlp02.sys><Protection Technology>
[StarForce Protection Synchronization Driver v1 / prosync1]
  <\SystemRoot\System32\drivers\prosync1.sys><Protection Technology>
[Direct Parallel Link Driver / Ptilink]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RAWESR / RAWESR]
  <\??\C:\PROGRA~1\EFFICI~1\ENTERN~1\app\RAWESR.SYS><Microsoft Corporation>
[RsFwDrv / RsFwDrv]
  <\??\C:\Program Files\rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[Realtek RTL8139-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
  <System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Sound Blaster PCI128 Driver (WDM) / sbpci]
  <system32\drivers\sbpci.sys><Creative Technology Ltd.>
[SecDrv / SecDrv]
  <\??\C:\WINNT\System32\drivers\SECDRV.SYS><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[StarForce Protection Helper Driver / sfhlp01]
  <\SystemRoot\System32\drivers\sfhlp01.sys><Protection Technology>
[STV0680 Camera / STV680]
  <system32\drivers\STV680.sys><STMicroelectronics>
[SymEvent / SymEvent]
  <\??\C:\Program Files\Symantec\SYMEVENT.SYS><N/A>
[TAPBIND / TAPBIND]
  <\??\C:\PROGRA~1\EFFICI~1\ENTERN~1\app\TAPBIND1.SYS><Network TeleSystems, Inc.>

==================================

浏览器加载项
[超级兔子上网精灵]
  {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[启动迅雷]
  {0062C9BD-B349-40DE-91A0-755F37ACD559} <G:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <G:\Program Files\Tencent\QQ.EXE, TENCENT>
[FlashGet]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <G:\PROGRA~1\FlashGet\flashget.exe, Amaze Soft>
[]
  {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair, N/A>
[]
  {FD00D911-7529-4084-9946-A29F1BDF4FE5} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean, N/A>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <G:\PROGRA~1\FlashGet\fgiebar.dll, Amaze Soft>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\System32\msdxm.ocx, Microsoft Corporation>
[超级兔子上网精灵]
  {43869BB3-22FD-4F15-9B46-238106BA2F4E} <C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll, Xiang Feng Technology>
[Edit Class]
  {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINNT\system32\CMBEdit.dll, >
[MeadCo ScriptX]
  {1663ed61-23eb-11d2-b92f-008048fdd814} <C:\WINNT\System32\MCScripX.dll, Mead & Co Limited>
[XIsOro Control]
  {48FE89A0-486C-48DF-9DEC-BED22BDC6057} <C:\WINNT\DOWNLO~1\XISORO~1.OCX, >
[IMCv1 Control]
  {6924091F-CD97-41E1-B1D4-D9079409D413} <C:\WINNT\DOWNLO~1\imcv1.dll, 网哑音讯有限公司 WebYa Voice Chat (http://www.webya.com)>
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINNT\DOWNLO~1\INPUTC~1.DLL, >
[BlueskyAudio Class]
  {7D177A14-2BC4-46C4-A91F-9894273DD4A8} <C:\WINNT\Downloaded Program Files\blueskyvoicee.dll, 蓝天工作室(http://www.bluesky.com.cn)>
[rdhdsn Class]
  {9F19BEAE-816A-11D7-89F3-000021C0065E} <C:\WINNT\DOWNLO~1\readhdsn.dll, >
[Update Class]
  {9F1C11AA-197B-4942-BA54-47A8489BB47F} <C:\WINNT\System32\iuctl.dll, Microsoft Corporation>
[XLecture Control]
  {A6FF8D1E-E687-497B-96AC-F5B359663440} <C:\WINNT\DOWNLO~1\XLECTU~1.OCX, >
[XGiboView Control]
  {A9E58728-1FA7-46CE-845D-44694EB11602} <C:\WINNT\DOWNLO~1\XGIBOV~1.OCX, >
[Fc2Boot Class]
  {ABA7CC7F-019D-47DB-A0D2-B3C2B3AC1B44} <C:\WINNT\DOWNLO~1\fc2boot.dll, ±±??????í¨?????a·￠óD?T1???>
[FcBoot Class]
  {C0C13879-6A17-429E-80F1-60B23FC1F720} <C:\WINNT\Downloaded Program Files\fcboot.dll, XXT>
[Ppinstall Control]
  {CF051549-EDE1-40F5-B440-BCD646CF2C25} <C:\WINNT\DOWNLO~1\PPINST~1.OCX, 网易 NetEase>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[Msp Class]
  {EF9F1C48-1A63-495A-9317-B7B71B34A9CF} <C:\WINNT\Downloaded Program Files\dddmsp.dll, >
[&使用迅雷下载]
  <G:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
  <G:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[上传到QQ网络硬盘]
  <G:\Program Files\Tencent\AddToNetDisk.htm, N/A>
[使用网际快车下载]
  <G:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <G:\Program Files\FlashGet\jc_all.htm, N/A>
[添加到QQ自定义面板]
  <G:\Program Files\Tencent\AddPanel.htm, N/A>
[添加到QQ表情]
  <G:\Program Files\Tencent\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <G:\Program Files\Tencent\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 164][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 192][\??\C:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 212][\??\C:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.00.2195.6970]
    [C:\WINNT\System32\NavLogon.dll]  [N/A, N/A]
[PID: 240][C:\WINNT\system32\services.exe]  [Microsoft Corporation, 5.00.2195.6700]
    [C:\WINNT\system32\dmserver.dll]  [VERITAS Software Corp., 2195.6605.297.3]
[PID: 252][C:\WINNT\system32\lsass.exe]  [Microsoft Corporation, 5.00.2195.6902]
[PID: 412][c:\program files\rising\rfw\rfwsrv.exe]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 33]
    [c:\program files\rising\rfw\RfwRule.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 13]
    [c:\program files\rising\rfw\rfwlog.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 6]
    [c:\program files\rising\rfw\Rfwdrv.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 21]
    [c:\program files\rising\rfw\MonDrv.dll]  [rs, 1, 0, 0, 4]
    [c:\program files\rising\rfw\ProcLib.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 9]
[PID: 424][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 452][C:\Program Files\rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 468][C:\Program Files\rising\Rav\Ravmond.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 1, 35]
    [C:\Program Files\rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 19]
    [C:\Program Files\rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [C:\Program Files\rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\Program Files\rising\Rav\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [C:\Program Files\rising\Rav\HOOKSYS.dll]  [Beijing Rising Technology Co., Ltd., 18, 1, 0, 11]
    [C:\Program Files\rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 32]
    [C:\Program Files\rising\Rav\libload.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
    [C:\Program Files\rising\Rav\VirusLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
    [C:\Program Files\rising\Rav\regmon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [C:\Program Files\rising\Rav\HookWeb.dll]  [rising, 18, 0, 0, 2]
    [C:\Program Files\rising\Rav\MemMon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
    [C:\Program Files\rising\Rav\expscan.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\Program Files\rising\Rav\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
    [C:\Program Files\rising\Rav\MailMon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\Program Files\rising\Rav\SpamEng.dll]  [N/A, 18, 0, 0, 6]
    [C:\Program Files\rising\Rav\engine.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 34]
    [C:\Program Files\rising\Rav\PostTrt.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 16]
    [C:\Program Files\rising\Rav\UnExe.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [C:\Program Files\rising\Rav\ScanExec.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [C:\Program Files\rising\Rav\ScanEx.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 27]
    [C:\Program Files\rising\Rav\RSUnpack.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17]
    [C:\Program Files\rising\Rav\NvFile.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 7]
    [C:\Program Files\rising\Rav\ScanMac.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
    [C:\Program Files\rising\Rav\ScanSct.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 19]
    [C:\Program Files\rising\Rav\Unpacker.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\Program Files\rising\Rav\ExtOLE.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
[PID: 560][C:\WINNT\system32\spoolsv.exe]  [Microsoft Corporation, 5.00.2195.7059]
[PID: 592][C:\WINNT\System32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 684][C:\Program Files\rising\Rav\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 16]
    [C:\Program Files\rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 768][C:\PROGRA~1\EFFICI~1\ENTERN~1\app\pppoeservice.exe]  [N/A, N/A]
[PID: 324][C:\WINNT\system32\MSTask.exe]  [Microsoft Corporation, 4.71.2195.6920]
[PID: 832][d:\Shihua-ds\pcservice.exe]  [N/A, N/A]
    [d:\Shihua-ds\proxy.dll]  [, 1, 0, 0, 1]
[PID: 896][C:\WINNT\System32\WBEM\WinMgmt.exe]  [Microsoft Corporation, 1.50.1085.0100]
[PID: 916][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 928][C:\WINNT\Explorer.EXE]  [Microsoft Corporation, 5.00.3700.6690]
    [G:\Program Files\AlfaClock\TrayClock.dll]  [N/A, N/A]
    [C:\WINNT\system32\dpery.dll]  [N/A, N/A]
    [C:\WINNT\system32\radm.dll]  [N/A, N/A]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
[PID: 1004][c:\program files\rising\rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 52]
    [c:\program files\rising\rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 23]
    [c:\program files\rising\rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [c:\program files\rising\rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\WINNT\system32\radm.dll]  [N/A, N/A]
[PID: 1184][G:\Program Files\AlfaClock\AlfaClock.exe]  [AlfaSoft Research Labs, 1.6.0.418]
    [G:\Program Files\AlfaClock\TrayClock.dll]  [N/A, N/A]
    [C:\WINNT\system32\radm.dll]  [N/A, N/A]
[PID: 1260][C:\Program Files\rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 22]
    [C:\Program Files\rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\Program Files\rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [C:\Program Files\rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\WINNT\system32\radm.dll]  [N/A, N/A]
[PID: 1280][C:\WINNT\system32\rundll32.exe]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\radm.dll]  [N/A, N/A]
[PID: 1300][C:\WINNT\system32\internat.exe]  [Microsoft Corporation, 5.00.2920.0000]
    [C:\WINNT\system32\radm.dll]  [N/A, N/A]
[PID: 1312][C:\Program Files\rising\Rav\Ravmon.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 1, 33]
    [C:\Program Files\rising\Rav\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 26]
    [C:\Program Files\rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 19]
    [C:\Program Files\rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [C:\Program Files\rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\Program Files\rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\WINNT\system32\radm.dll]  [N/A, N/A]
[PID: 1228][C:\PROGRA~1\EFFICI~1\ENTERN~1\app\EnterNet.exe]  [N/A, N/A]
    [C:\PROGRA~1\EFFICI~1\ENTERN~1\app\PacketLog.dll]  [Efficient Networks, Inc., 1, 6, 0, 7]
    [C:\PROGRA~1\EFFICI~1\ENTERN~1\app\DSLAPI32.dll]  [Efficient Networks Inc., 1, 6, 0, 7]
    [C:\PROGRA~1\EFFICI~1\ENTERN~1\app\ResMsgENU.dll]  [Efficient Networks, Inc., 1, 6, 0, 7]
    [C:\PROGRA~1\EFFICI~1\ENTERN~1\app\ResENU.dll]  [Efficient Networks, Inc., 1, 6, 0, 7]
[PID: 1428][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2800.1106]
    [C:\WINNT\system32\radm.dll]  [N/A, N/A]
    [C:\Program Files\Super Rabbit\MagicSet\haokanbar.dll]  [Xiang Feng Technology, 2, 1, 0, 1463]
    [C:\Program Files\rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINNT\system32\Macromed\Flash\Flash8.ocx]  [Macromedia, Inc., 8,0,22,0]
    [C:\WINNT\system32\SUJI.IME]  [suji, 4.00.950]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
[PID: 280][I:\反病毒软件\system repair engeneer\sreng2\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]
    [C:\WINNT\system32\radm.dll]  [N/A, N/A]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  Error. [C:\WINNT\System32\WScript.exe "%1" %*]
.JS  Error. [C:\WINNT\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost
219.139.58.97  www.hao123.com
219.139.58.97  hao123.com
219.139.58.97  www.7b.com.cn
219.139.58.97  7b.com.cn
219.139.58.97  www.7939.com
219.139.58.97  7939.com
219.139.58.97  www.maohehe.com
219.139.58.97  maohehe.com
219.139.58.97  www.sina-baidu.com
219.139.58.97  sina-baidu.com
219.139.58.97  60.191.60.107
219.139.58.97  www.maipao.com
219.139.58.97  maipao.com
219.139.58.97  update.virussky.com
219.139.58.97  down.virussky.com
219.139.58.97  219.139.58.97
219.139.58.97  59.34.148.81
219.139.58.97  60.191.60.114
219.139.58.97  www.ycdy.com
219.139.58.97  ycdy.com
219.139.58.97  www.2tu.cn
219.139.58.97  2tu.cn
219.139.58.97  www.91tu.cn
219.139.58.97  91tu.cn
219.139.58.97  www.haotop.com
219.139.58.97  news01.virussky.com
219.139.58.97  news02.virussky.com
219.139.58.97  news03.virussky.com
219.139.58.97  news04.virussky.com
219.139.58.97  www.an85.com
219.139.58.97  an85.com

==================================

<updatereal><; C:\WINNT\realupdate.exe other> [N/A]
<msnnt><; C:\WINNT\winampb.exe> [N/A]
boss><C:\WINNT\system32\friends.exe> [N/A]
.VBS Error. [C:\WINNT\System32\WScript.exe "%1" %*]
.JS Error. [C:\WINNT\System32\WScript.exe "%1" %*]
219.139.58.97 www.hao123.com
219.139.58.97 hao123.com
219.139.58.97 www.7b.com.cn
219.139.58.97 7b.com.cn
219.139.58.97 www.7939.com
219.139.58.97 7939.com
219.139.58.97 www.maohehe.com
219.139.58.97 maohehe.com
219.139.58.97 www.sina-baidu.com
219.139.58.97 sina-baidu.com
219.139.58.97 60.191.60.107
219.139.58.97 www.maipao.com
219.139.58.97 maipao.com
219.139.58.97 update.virussky.com
219.139.58.97 down.virussky.com
219.139.58.97 219.139.58.97
219.139.58.97 59.34.148.81
219.139.58.97 60.191.60.114
219.139.58.97 www.ycdy.com
219.139.58.97 ycdy.com
219.139.58.97 www.2tu.cn
219.139.58.97 2tu.cn
219.139.58.97 www.91tu.cn
219.139.58.97 91tu.cn
219.139.58.97 www.haotop.com
219.139.58.97 news01.virussky.com
219.139.58.97 news02.virussky.com
219.139.58.97 news03.virussky.com
219.139.58.97 news04.virussky.com
219.139.58.97 www.an85.com
219.139.58.97 an85.com
修复上面各项

谢谢建能,我的系统已经好了.开始修复了一次 ,主页没改过来.后来在安全模式下又修复了一次,彻底好了.