前天征途账号被盗,我开始杀木马,分别用瑞星 卡巴斯基 还有AVG查出6-8个木马都已经删除了,但还是不放心所以请各位高手在帮忙看看我机器还有危险没,我实在是不想在查毒了,我160G硬盘有140都是满的,杀毒一次瑞星5-6个小时,卡巴斯基5个小时,AVG还要4-5小时,基本2天什么也干不了,还请各位帮我仔细检查一下,感激不禁
以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <STYLEXP><C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide>  [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <Smapp><C:\Program Files\Analog Devices\SoundMAX\SMTray.exe>  [Analog Devices, Inc.]
    <Super Rabbit SafeEdit><C:\Program Files\Super Rabbit\MagicSet\SRFC.EXE /Load>  [Super Rabbit Soft]
    <RavTask><"C:\Program Files\rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <ISUSPM Startup><"c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup>  [Macrovision Corporation]
    <ISUSScheduler><"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start>  [Macrovision Corporation]
    <!AVG Anti-Spyware><"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized>  [Anti-Malware Development a.s.]
    <kis><"I:\Kaspersky Internet Security 6.0\avp.exe">  [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><I:\KASPER~1.0\adialhk.dll>  [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><LogonUI.EXE>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
    <WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll>  [Kaspersky Lab]

==================================
启动文件夹
[Microsoft Office]
  <C:\Documents and Settings\All Users.WINDOWS\「开始」菜单\程序\启动\Microsoft Office.lnk --> I:\Office\Office10\OSA.EXE [Microsoft Corporation]><N>
[LCDPlayer]
  <C:\Documents and Settings\All Users.WINDOWS\「开始」菜单\程序\启动\LCDPlayer.lnk --> C:\PROGRA~1\SPACEI~1\CDSPAC~1\LCDPlyer.exe [Space International, Inc.]><H>
[TeamTalk语音社区]
  <C:\Documents and Settings\All Users.WINDOWS\「开始」菜单\程序\启动\TeamTalk语音社区.Lnk --> I:\TeamTalk\TeamTalk.exe []><H>
[Adobe Reader Speed Launch]
  <C:\Documents and Settings\All Users.WINDOWS\「开始」菜单\程序\启动\Adobe Reader Speed Launch.lnk --> C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [Adobe Systems Incorporated]><H>
[CPUCooL]
  <C:\Documents and Settings\Bolton.Z\「开始」菜单\程序\启动\CPUCooL.lnk --> C:\PROGRA~1\CPUCooL\CPUCooL.exe []><H>
[Adobe Gamma]
  <C:\Documents and Settings\Bolton.Z\「开始」菜单\程序\启动\Adobe Gamma.lnk --> C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.]><H>
[USServer]
  <C:\Documents and Settings\Bolton.Z\「开始」菜单\程序\启动\USServer.lnk --> I:\USServer\USServer.exe [新浪信息技术有限公司]><H>
[PowerReg Scheduler]
  <C:\Documents and Settings\Bolton.Z\「开始」菜单\程序\启动\PowerReg Scheduler.exe -->  [N/A]><H>
[新浪点点通阅读器]
  <C:\Documents and Settings\Bolton.Z\「开始」菜单\程序\启动\新浪点点通阅读器.lnk --> C:\PROGRA~1\sina\RSSREA~1\RSSREA~1.EXE [北京新浪信息技术有限公司]><H>
[腾讯QQ]
  <C:\Documents and Settings\Bolton.Z\「开始」菜单\程序\启动\腾讯QQ.lnk --> I:\QQ2005\QQ.exe [TENCENT]><N>
[UTalk]
  <C:\Documents and Settings\Bolton.Z\「开始」菜单\程序\启动\UTalk.lnk --> I:\UTalk\UTalk.exe [2005-  新浪信息技术有限公司]><N>

==================================
服务
[Adobe LM Service / Adobe LM Service]
  <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[ASP.NET State Service / aspnet_state]
  <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Autodesk Licensing Service / Autodesk Licensing Service]
  <"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"><Autodesk>
[AVG Anti-Spyware Guard / AVG Anti-Spyware Guard]
  <C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe><Anti-Malware Development a.s.>
[卡巴斯基互联网安全套装 6.0 / AVP]
  <"I:\Kaspersky Internet Security 6.0\avp.exe" -r><Kaspersky Lab>
[CPUCooLServer Service / CPUCooLServer]
  <"C:\Program Files\CPUCooL\CooLSrv.exe"><N/A>
[Human Interface Device Access / HidServ]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT]
  <"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[RaySat_3dsmax8 Server / mi-raysat_3dsmax8]
  <F:\3D\mentalray\satellite\raysat_3dsmax8server.exe><N/A>
[npkcsvc / npkcsvc]
  <C:\WINDOWS\system32\npkcsvc.exe><INCA Internet Co., Ltd.>
[NVIDIA Display Driver Service / NVSvc]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Rising Proxy  Service / RfwProxySrv]
  <c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
  <c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
  <"C:\Program Files\rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon]
  <"C:\Program Files\rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[SoundMAX Agent Service / SoundMAX Agent Service (default)]
  <C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>
[StyleXPService / StyleXPService]
  <"C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe"><>

==================================
驱动程序
[64549 / 64549]
  <\SystemRoot\system32\drivers\64549.sys><N/A>
[aeaudio / aeaudio]
  <system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[aslm75 / aslm75]
  <\??\C:\WINDOWS\system32\drivers\aslm75.sys><N/A>
[AVG Anti-Spyware Driver / AVG Anti-Spyware Driver]
  <\??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys><N/A>
[AVG Anti-Spyware Clean Driver / AvgAsCln]
  <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
[Rising TDI Base Driver / BaseTDI]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[BM Win32 Network Adapter / bmnadapter]
  <system32\DRIVERS\bmnet.sys><The OpenVPN Project>
[cdspacex / cdspacex]
  <system32\DRIVERS\CDSPACEX.sys><SPACE INT'L, Inc.>
[Cdsys / Cdsys]
  <\??\C:\WINDOWS\system32\cdcd.sys><N/A>
[d347bus / d347bus]
  <\SystemRoot\system32\DRIVERS\d347bus.sys><>
[d347prt / d347prt]
  <\SystemRoot\System32\Drivers\d347prt.sys><>
[ExpScaner / ExpScaner]
  <\??\C:\Program Files\rising\Rav\ExpScan.sys><>
[HookCont / HookCont]
  <\??\C:\Program Files\rising\Rav\HOOKCONT.sys><Rising tech Co. ltd>
[HookReg / HookReg]
  <\??\C:\Program Files\rising\Rav\HookReg.sys><>
[HookSys / HookSys]
  <\??\C:\Program Files\rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl]
  <\??\C:\Program Files\rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[kl1 / kl1]
  <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[kmsinput / kmsinput]
  <\??\C:\WINDOWS\system32\drivers\kmsinput.sys><N/A>
[lredbooo / lredbooo]
  <\??\C:\DOCUME~1\Bolton.Z\LOCALS~1\Temp\lredbooo.sys><N/A>
[MEMSCAN / MEMSCAN]
  <\??\C:\Program Files\rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs]
  <\??\c:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[New0 / New0]
  <\??\C:\WINDOWS\system32\new.sys><N/A>
[npkcrypt / npkcrypt]
  <\??\I:\QQ2005\npkcrypt.sys><INCA Internet Co., Ltd.>
[npkycryp / npkycryp]
  <\??\I:\QQ2005\npkycryp.sys><N/A>
[ntiowp / ntiowp]
  <C:\WINDOWS\SYSTEM32\DRIVERS\ntiowp.SYS><>
[nv / nv]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[QuakeDRV / QuakeDRV]
  <\SystemRoot\system32\DRIVERS\quakedrv.sys><N/A>
[RsFwDrv / RsFwDrv]
  <\??\C:\Program Files\rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS]
  <\??\C:\PROGRAM FILES\RISING\RAV\RSPPSYS.sys><Rising>
[Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver / rtl8139]
  <system32\DRIVERS\R8139n51.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv]
  <system32\DRIVERS\secdrv.sys><Macrovision Europe Ltd>
[StarForce Protection Environment Driver (version 1.x) / sfdrv01]
  <\SystemRoot\System32\drivers\sfdrv01.sys><Protection Technology>
[StarForce Protection Helper Driver (version 2.x) / sfhlp02]
  <\SystemRoot\System32\drivers\sfhlp02.sys><Protection Technology>
[StarForce Protection Synchronization Driver (version 2.x) / sfsync02]
  <\SystemRoot\System32\drivers\sfsync02.sys><Protection Technology>
[smwdm / smwdm]
  <system32\drivers\smwdm.sys><Analog Devices, Inc.>
[StyleXPHelper / StyleXPHelper]
  <\??\C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe><Windows (R) 2000 DDK provider>
[TCP/IP Protocol Driver / Tcpip]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[Two Rabbits Live Bus / TwoRabts]
  <system32\DRIVERS\TwoRabts.sys><Two Rabbits, Inc.>

==================================

==================================
浏览器加载项
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Tencent Browser Helper]
  {0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\Adplus\SSAddr.dll, Tencent>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <I:\QQ2005\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <I:\XL\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[Windows Live Sign-in Helper]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[]
  {A9930D97-9CF0-42A0-A10D-4F28836579D5} <I:\搜狗\KuGoo_gf\KuGoo\KuGoo3DownXControl.ocx, N/A>
[启动迅雷]
  {0062C9BD-B349-40DE-91A0-755F37ACD559} <I:\XL\Thunder.exe, Thunder Networking Technologies,LTD>
[Web反病毒保护]
  {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <I:\Kaspersky Internet Security 6.0\scieplugin.dll, Kaspersky Lab>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <I:\QQ2005\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <I:\QQ2005\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <I:\FLASHG~1\fgiebar.dll, Amaze Soft>
[金山快译(&K)]
  {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} <I:\金山快译2006\IEBand.dll, 金山软件股份有限公司>
[GDHidCtrl Class]
  {220ED87A-CB03-45A8-A81E-1C5597E11186} <C:\WINDOWS\system32\GDHidUsr\GDHidUsr.dll, >
[WebActivater Control]
  {3D8F74EE-8692-4F8F-B8D2-7522E732519E} <C:\WINDOWS\system32\WEBACT~1.OCX, QQ>
[PortalCom Control 2.0]
  {48038521-20FB-11D8-BC64-00B0D07A8A19} <C:\WINDOWS\PortalAX02.ocx, Huawei Co. Ltd.>
[CEditCtrl Object]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com>
[MSN Photo Upload Tool]
  {4F1E5B1A-2A80-42CA-8532-2D05CB959537} <C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, Microsoft? Corporation>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\system32\INPUTC~1.DLL, >
[Npv Control]
  {9675ABBF-8D0B-4956-868C-934B5A7928D4} <C:\WINDOWS\system32\npv.ocx, ?????>
[Submit Class]
  {A3CD7F74-93C9-4BC4-B892-CCDF1514F714} <C:\WINDOWS\Downloaded Program Files\safein.dll, Beijing eChannels Century Technology Co.,Ltd>
[KSHScan Control]
  {ACFE8232-03C5-4AEC-AF5E-42B806724096} <C:\WINDOWS\system32\kingsoft\ONLINE~1\KSHScan.ocx, kingsoft>
[MsnMessengerSetupDownloadControl Class]
  {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} <C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx, Microsoft Corporation>
[WebActivater Control]
  {C661F36D-DF85-4EF4-83C7-E107B83D04B1} <C:\WINDOWS\system32\3DShowVM.ocx, QQ>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[DwnlAgent Control]
  {E239C445-BF41-472B-8916-402D648A6356} <C:\WINDOWS\DOWNLO~1\DWNLAG~1.OCX, Viewtran Inc.>
[CPasswordEditCtrl Object]
  {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Tencent Browser Helper]
  {0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\Adplus\SSAddr.dll, Tencent>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <I:\QQ2005\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[金山快译(&K)]
  {6C3797D2-3FEF-4CD4-B654-D3AE55B4128C} <I:\金山快译2006\IEBand.dll, 金山软件股份有限公司>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <I:\XL\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[Windows Live Sign-in Helper]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[]
  {A9930D97-9CF0-42A0-A10D-4F28836579D5} <I:\搜狗\KuGoo_gf\KuGoo\KuGoo3DownXControl.ocx, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <I:\FLASHG~1\fgiebar.dll, Amaze Soft>
[&使用迅雷下载]
  <I:\XL\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
  <I:\XL\Program\GetAllUrl.htm, N/A>
[上传到QQ网络硬盘]
  <I:\QQ2005\AddToNetDisk.htm, N/A>
[使用网际快车下载]
  <I:\FlashGetZ\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <I:\FlashGetZ\jc_all.htm, N/A>
[在Foxmail中添加该RSS频道/频道组]
  <res://C:\WINDOWS\system32\fmrsslink.dll/201, N/A>
[导出到 Microsoft Excel(&x)]
  <res://I:\Office\Office10\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
  <I:\QQ2005\AddPanel.htm, N/A>
[添加到QQ表情]
  <I:\QQ2005\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <I:\QQ2005\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 704][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 784][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 808][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
    [C:\WINDOWS\system32\klogon.dll]  [Kaspersky Lab, 6.0.0.299]
[PID: 852][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
[PID: 864][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
    [C:\WINDOWS\system32\w2pxdrv.dll]  [Proxy Labs, 3, 0, 0, 3]
[PID: 1036][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
[PID: 1092][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
    [C:\WINDOWS\system32\w2pxdrv.dll]  [Proxy Labs, 3, 0, 0, 3]
[PID: 1184][C:\Program Files\rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 1216][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
    [C:\WINDOWS\System32\w2pxdrv.dll]  [Proxy Labs, 3, 0, 0, 3]
    [I:\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
[PID: 1244][C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe]  [, 0, 20, 0, 3000]
[PID: 1380][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
    [C:\WINDOWS\system32\w2pxdrv.dll]  [Proxy Labs, 3, 0, 0, 3]
[PID: 1444][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
[PID: 1488][C:\Program Files\rising\Rav\Ravmond.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 1, 47]
    [C:\Program Files\rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [C:\Program Files\rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\rising\Rav\RsPPsys.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
    [C:\Program Files\rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [C:\Program Files\rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\Program Files\rising\Rav\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [C:\Program Files\rising\Rav\HOOKSYS.dll]  [Beijing Rising Technology Co., Ltd., 18, 1, 0, 12]
    [C:\Program Files\rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 33]
    [C:\Program Files\rising\Rav\libload.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
    [C:\Program Files\rising\Rav\VirusLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
    [C:\Program Files\rising\Rav\regmon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [C:\Program Files\rising\Rav\HookWeb.dll]  [rising, 18, 0, 0, 2]
    [C:\Program Files\rising\Rav\MemMon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
    [C:\Program Files\rising\Rav\expscan.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\Program Files\rising\Rav\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
    [C:\Program Files\rising\Rav\MailMon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\Program Files\rising\Rav\SpamEng.dll]  [N/A, 18, 0, 0, 6]
    [C:\Program Files\rising\Rav\engine.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 35]
    [C:\WINDOWS\system32\w2pxdrv.dll]  [Proxy Labs, 3, 0, 0, 3]
    [C:\Program Files\rising\Rav\PostTrt.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 18]
    [C:\Program Files\rising\Rav\UnExe.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [C:\Program Files\rising\Rav\ScanExec.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 15]
    [C:\Program Files\rising\Rav\ScanEx.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 30]
    [C:\Program Files\rising\Rav\RSUnpack.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 19]
    [C:\Program Files\rising\Rav\ExtFile.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 24]
    [C:\Program Files\rising\Rav\NvFile.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 7]
    [C:\Program Files\rising\Rav\ScanMac.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
    [C:\Program Files\rising\Rav\ScanSct.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [C:\Program Files\rising\Rav\Unpacker.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\Program Files\rising\Rav\ExtOLE.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [C:\Program Files\rising\Rav\ScanNet.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[PID: 1556][c:\program files\rising\rfw\rfwsrv.exe]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 33]
    [c:\program files\rising\rfw\RfwRule.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 13]
    [c:\program files\rising\rfw\rfwlog.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 6]
    [c:\program files\rising\rfw\Rfwdrv.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 21]
    [c:\program files\rising\rfw\MonDrv.dll]  [rs, 1, 0, 0, 4]
    [c:\program files\rising\rfw\ProcLib.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 9]

[PID: 1720][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\vprproc.dll]  [Windows (R) 2000 DDK provider, 5.00.2195.1620]
[PID: 1820][C:\Program Files\rising\Rav\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 16]
    [C:\Program Files\rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 192][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
    [I:\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.5.2005092300]
    [I:\XL\ComDlls\XunLeiBHO_002.dll]  [Thunder Networking Technologies,LTD, 5, 0, 0, 2]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
    [C:\Program Files\rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 240][c:\program files\rising\rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 52]
    [c:\program files\rising\rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 23]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
    [c:\program files\rising\rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [c:\program files\rising\rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[PID: 348][C:\Program Files\Analog Devices\SoundMAX\SMTray.exe]  [Analog Devices, Inc., 3, 2, 17, 0]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
[PID: 556][C:\Program Files\rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 22]
    [C:\Program Files\rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\Program Files\rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [C:\Program Files\rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
[PID: 572][C:\Program Files\rising\Rav\Ravmon.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 1, 39]
    [C:\Program Files\rising\Rav\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 26]
    [C:\Program Files\rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [C:\Program Files\rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [C:\Program Files\rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\Program Files\rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[PID: 788][C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe]  [Macrovision Corporation, 4, 60, 100, 37068]
    [I:\KASPER~1.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
[PID: 1412][C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe]  [Anti-Malware Development a.s., 7, 5, 0, 50]
    [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll]  [Anti-Malware Development a.s., 4, 2, 0, 15]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
    [C:\WINDOWS\system32\w2pxdrv.dll]  [Proxy Labs, 3, 0, 0, 3]
[PID: 1452][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
[PID: 1992][I:\QQ2005\TIMPlatform.exe]  [tencent, 0, 3, 1, 8]
    [I:\QQ2005\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
[PID: 336][C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe]  [Autodesk, 2.66.000]
[PID: 488][C:\Program Files\CPUCooL\CooLSrv.exe]  [N/A, N/A]
[PID: 1172][C:\WINDOWS\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.7184]
    [C:\WINDOWS\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.7184]
[PID: 1348][C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe]  [Analog Devices, Inc., 3, 2, 6, 0]
[PID: 1372][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 2336][C:\WINDOWS\system32\wscntfy.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2344][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
    [C:\WINDOWS\System32\w2pxdrv.dll]  [Proxy Labs, 3, 0, 0, 3]
[PID: 3868][I:\QQ2005\QQ.exe]  [TENCENT, 0, 0, 0, 0]
    [I:\QQ2005\QQBaseClassInDll.dll]  [, 1, 0, 0, 1]
    [I:\QQ2005\QQHelperDll.dll]  [, 1, 0, 0, 1]
    [I:\QQ2005\BasicCtrlDll.dll]  [Tencent, 5, 0, 200, 370]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
    [I:\QQ2005\QQAPI.dll]  [, 1, 0, 0, 1]
    [I:\QQ2005\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
    [I:\QQ2005\LoginCtrl.dll]  [, 1, 0, 0, 1]
    [I:\QQ2005\npkcntc.dll]  [INCA Internet Co., Ltd., 2006, 6, 27, 1]
    [I:\QQ2005\npkpdb.dll]  [INCA Internet Co., Ltd., 2003, 10, 1, 1]
    [I:\QQ2005\QQRes.dll]  [tencent, 1, 0, 0, 1]
    [I:\QQ2005\QQMainFrame.dll]  [N/A, N/A]
    [I:\QQ2005\CQQApplication.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\w2pxdrv.dll]  [Proxy Labs, 3, 0, 0, 3]
    [I:\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
    [I:\QQ2005\NewSkin.dll]  [, 1, 0, 0, 1]
    [I:\QQ2005\HostingMgr.dll]  [, 1, 0, 0, 1]
    [I:\QQ2005\CameraDll.dll]  [, 1, 0, 0, 1]
    [I:\QQ2005\MailSummary.dll]  [, 1, 0, 0, 1]
    [I:\QQ2005\QQSpace.dll]  [, 1, 0, 0, 1]
    [I:\QQ2005\QQAllInOne.dll]  [N/A, N/A]
    [I:\QQ2005\GroupLive.dll]  [N/A, N/A]
    [I:\QQ2005\SCCore.dll]  [TENCENT, 2, 0, 0, 1]
    [C:\WINDOWS\system32\msdmo.dll]  [N/A, N/A]
    [I:\QQ2005\QQGroupMng.dll]  [, 1, 0, 0, 1]
    [I:\QQ2005\QQSysMsgMng.dll]  [N/A, N/A]
    [I:\QQ2005\UserDefinedHead.dll]  [, 1, 0, 0, 1]
    [I:\QQ2005\QQPlugin.dll]  [N/A, N/A]
    [I:\QQ2005\QQConfigPlugin.dll]  [, 1, 0, 0, 1]
    [I:\QQ2005\QRingMng.dll]  [N/A, N/A]
    [I:\QQ2005\PhoneAPI.dll]  [, 1, 0, 0, 1]
    [I:\QQ2005\DialerAllinOne.dll]  [tencent, 1, 4, 0, 0]
    [I:\QQ2005\VPortal.dll]  [, 1, 0, 0, 4]
    [I:\QQ2005\QQAvatar.dll]  [N/A, N/A]
    [I:\QQ2005\FlashAvatarDll.dll]  [, 1, 4, 0, 1]
    [I:\QQ2005\LongConnection.dll]  [tencent, 5, 0, 200, 160]
    [I:\QQ2005\QQPet.dll]  [, 1, 0, 0, 1]
    [I:\QQ2005\BQQApplication.dll]  [N/A, N/A]
    [I:\QQ2005\PersonalDesktop.dll]  [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 2]
    [I:\QQ2005\CommercesMng.dll]  [, 1, 0, 0, 1]
    [I:\QQ2005\QQAddr.dll]  [深圳市腾讯计算机系统有限公司, 5, 0, 101, 240]
    [I:\QQ2005\QQSceneMng.dll]  [N/A, N/A]
    [I:\QQ2005\QQCustomFace.dll]  [N/A, N/A]
    [I:\QQ2005\ImageOle.dll]  [TODO: <Company name>, 1.0.0.1]
    [C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx]  [Macromedia, Inc., 8,0,24,0]
    [I:\QQ2005\QQMagicFace.dll]  [, 1, 0, 0, 1]
    [I:\QQ2005\GroupConnection.dll]  [Tencent, 0, 3, 3, 5]
    [I:\QQ2005\QQSettingCtrl.dll]  [, 1, 0, 0, 1]
    [I:\QQ2005\QQPhoneHelper.dll]  [腾讯科技（深圳）有限公司, 2, 0, 6, 60]
    [I:\QQ2005\QQZip.dll]  [tencent, 0, 3, 2, 4]
    [C:\WINDOWS\system32\WINABCX.IME]  [PKUETI, 5.22.216]
    [I:\QQ2005\VqqModule.dll]  [, 1, 0, 0, 1]
    [I:\QQ2005\VqqAllInOne.dll]  [Tencent, 1, 6, 0, 0]
    [I:\QQ2005\InPlus.dll]  [Tencent, 1, 6, 0, 0]
    [I:\QQ2005\tencent-proto1.dll]  [tencent, 1, 6, 0, 0]
    [I:\QQ2005\tencent-comlib.dll]  [tencent, 1, 6, 0, 0]
    [I:\QQ2005\tencent-proto2.dll]  [tencent, 1, 6, 0, 0]
    [I:\QQ2005\ShareFiles.dll]  [N/A, N/A]
    [I:\QQ2005\audioengine.dll]  [TENCENT, 1, 6, 0, 0]
    [I:\QQ2005\GIPSVoiceEngineDLL.dll]  [Global IP Sound, 2, 0, 4, 0]
[PID: 3908][I:\TT\TCPlus.exe]  [腾讯公司, 1, 0, 0, 5]
    [I:\TT\QQDownload.dll]  [Tencent Technology (Shenzhen) Company Limited, 1, 0, 101, 28]
    [I:\TT\TNProxy.dll]  [Tencent Technology(Shenzhen) Company Limited, 2, 1, 101, 60]
    [C:\WINDOWS\system32\w2pxdrv.dll]  [Proxy Labs, 3, 0, 0, 3]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
    [I:\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
[PID: 3788][F:\下载\sreng2\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]
    [C:\WINDOWS\system32\w2pxdrv.dll]  [Proxy Labs, 3, 0, 0, 3]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
    [I:\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]

==================================

文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  Error. [winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  Error. [超级解霸3000]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
PROXYCAP MSAFD Tcpip [TCP/IP]
    w2pxdrv.dll(Proxy Labs, Winsock2 Proxy Driver)
PROXYCAP MSAFD Tcpip [UDP/IP]
    w2pxdrv.dll(Proxy Labs, Winsock2 Proxy Driver)
PROXYCAP RSVP UDP Service Provider
    w2pxdrv.dll(Proxy Labs, Winsock2 Proxy Driver)
PROXYCAP RSVP TCP Service Provider
    w2pxdrv.dll(Proxy Labs, Winsock2 Proxy Driver)
PROXYCAP LSP
    w2pxdrv.dll(Proxy Labs, Winsock2 Proxy Driver)

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================

HijackThis_zww汉化版扫描日志 V1.99.1
保存于      12:02:34, 日期 2006-11-08
操作系统：  Windows XP SP2 (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\rising\Rav\Ravmond.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\rising\Rav\RavStub.exe
C:\WINDOWS\Explorer.EXE
c:\program files\rising\rfw\RfwMain.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\rising\Rav\RavTask.exe
C:\Program Files\rising\Rav\Ravmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
I:\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
I:\QQ2005\TIMPlatform.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
I:\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\CPUCooL\CooLSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wscntfy.exe
I:\QQ2005\QQ.exe
I:\TT\TCPlus.exe
F:\下载\sreng2\SREng\SREng.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackTHis\HijackThis1991汉化版\HijackThis1991zww.exe

R3 - URLSearchHook: Tencent SearchHook - {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - C:\Program Files\TENCENT\Adplus\SSAddr.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: 搜搜地址栏搜索 - {0C7C23EF-A848-485B-873C-0ED954731014} - C:\Program Files\TENCENT\Adplus\SSAddr.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - I:\QQ2005\QQIEHelper.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - I:\XL\ComDlls\XunLeiBHO_002.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - I:\搜狗\KuGoo_gf\KuGoo\KuGoo3DownXControl.ocx
O3 - IE工具栏增项: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - I:\FLASHG~1\fgiebar.dll
O3 - IE工具栏增项: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - I:\金山快译2006\IEBand.dll
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - 启动项HKLM\\Run: [Super Rabbit SafeEdit] C:\Program Files\Super Rabbit\MagicSet\SRFC.EXE /Load
O4 - 启动项HKLM\\Run: [RavTask] "C:\Program Files\rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - 启动项HKLM\\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - 启动项HKLM\\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - 启动项HKLM\\Run: [kis] "I:\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Startup: CPUCooL.lnk = C:\Program Files\CPUCooL\CPUCooL.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: USServer.lnk = I:\USServer\USServer.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: 新浪点点通阅读器.lnk = C:\Program Files\sina\RssReader\rssreader.exe
O4 - Startup: 腾讯QQ.lnk = I:\QQ2005\QQ.exe
O4 - Startup: UTalk.lnk = I:\UTalk\UTalk.exe
O4 - Global Startup: Microsoft Office.lnk = I:\Office\Office10\OSA.EXE
O4 - Global Startup: LCDPlayer.lnk = ?
O4 - Global Startup: TeamTalk语音社区.Lnk = I:\TeamTalk\TeamTalk.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - I:\XL\Program\GetUrl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - I:\XL\Program\GetAllUrl.htm
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - I:\QQ2005\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - I:\FlashGetZ\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - I:\FlashGetZ\jc_all.htm
O8 - IE右键菜单中的新增项目: 在Foxmail中添加该RSS频道/频道组 - res://C:\WINDOWS\system32\fmrsslink.dll/201
O8 - IE右键菜单中的新增项目: 导出到 Microsoft Excel(&x) - res://I:\Office\Office10\EXCEL.EXE/3000
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - I:\QQ2005\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - I:\QQ2005\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - I:\QQ2005\SendMMS.htm
O9 - 浏览器额外的按钮: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - I:\XL\Thunder.exe
O9 - 浏览器额外的“工具”菜单项: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - I:\XL\Thunder.exe
O9 - 浏览器额外的按钮: Web反病毒保护 - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - I:\Kaspersky Internet Security 6.0\scieplugin.dll

O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - I:\QQ2005\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - I:\QQ2005\QQ.EXE
O9 - 浏览器额外的按钮: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - I:\QQ2005\QQIEHelper.dll
O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - I:\QQ2005\QQIEHelper.dll
O10 - Broken Internet access because of LSP provider 'w2pxdrv.dll' missing
O11 - Options group: [TBH] 搜搜地址栏搜索
O15 - “受信任的站点”中添加项: http://www.icbc.com.cn
O16 - DPF: {220ED87A-CB03-45A8-A81E-1C5597E11186} (GDHidCtrl Class) - http://esales.qq.com/cab/GDHidUsr.cab
O16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} (WebActivater Control) - http://game.qq.com/QQGame2.cab
O16 - DPF: {48038521-20FB-11D8-BC64-00B0D07A8A19} (PortalCom Control 2.0) - http://221.208.250.138/PortalAX02.cab
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/1007/aliedit.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://azraelmission.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120809633140
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {9675ABBF-8D0B-4956-868C-934B5A7928D4} (Npv Control) - https://nprotect.lineage2.com.cn/nprotect/nprotect2004/ncsoft/npv.cab
O16 - DPF: {A3CD7F74-93C9-4BC4-B892-CCDF1514F714} (Submit Class) - https://pbank.95559.com.cn/personbank/ocx/safe.cab
O16 - DPF: {ACFE8232-03C5-4AEC-AF5E-42B806724096} (KSHScan Control) - http://safe.qq.com/scan/KAllScan.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C661F36D-DF85-4EF4-83C7-E107B83D04B1} (WebActivater Control) - http://dl_dir.qq.com/3dshow/3DShowVM.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - https://nprotect.lineage2.com.cn/nprotect/keycrypt/npkcx.cab
O16 - DPF: {E239C445-BF41-472B-8916-402D648A6356} (DwnlAgent Control) - http://vchat.kdhlj.net/binary/DwnlAgent.cab
O16 - DPF: {E787FD25-8D7C-4693-AE67-9406BC6E22DF} (CPasswordEditCtrl Object) - https://www.tenpay.com/download/qqedit.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{859F0012-6F68-4F89-AEBA-4C3A2216765E}: NameServer = 202.97.224.69 202.97.224.68
O18 - 列举现有的协议: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - 列举现有的协议: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: I:\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - NT 服务: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - NT 服务: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - NT 服务: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - NT 服务: 卡巴斯基互联网安全套装 6.0 (AVP) - Unknown owner - I:\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - NT 服务: CPUCooLServer Service (CPUCooLServer) - Unknown owner - C:\Program Files\CPUCooL\CooLSrv.exe
O23 - NT 服务: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - NT 服务: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - F:\3D\mentalray\satellite\raysat_3dsmax8server.exe
O23 - NT 服务: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - NT 服务: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\rising\Rav\CCenter.exe
O23 - NT 服务: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\rising\Rav\Ravmond.exe
O23 - NT 服务: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - NT 服务: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

还有个疑问瑞星居然能在AVG安装文件里杀出个木马,我百思不得其解,因为AVG为是在官方下载的

一下是卡巴斯基的报告

已检测
------
状态对象
--------
已删除: 广告程序 not-a-virus:AdWare.Win32.BHO.ay文件: C:\WINDOWS\vchelper.dll
已删除: 广告程序 not-a-virus:AdWare.Win32.Navi文件: C:\WINDOWS\system32\NaviHelper.dll/PE_Patch.PECompact/PecBundle/PECompact
已删除: 木马程序 Backdoor.Win32.PcClient.ox文件: C:\WINDOWS\Temp\ys0123\RF_Loader.BIN/PE_Patch
已删除: 广告程序 not-a-virus:AdWare.Win32.BHO.ay文件: C:\WINDOWS\vcbar\vchelper.dll
已删除: 广告程序 not-a-virus:AdWare.Win32.Navi文件: C:\Documents and Settings\zy\Local Settings\Temp\mdm.exe/WISE0004.BIN
已删除: 广告程序 not-a-virus:AdWare.Win32.Navi文件: C:\Program Files\HijackTHis\HijackThis1991汉化版\backups\backup-20050714-120853-842.dll
已删除: 广告程序 not-a-virus:AdWare.Win32.Navi文件: C:\Program Files\HijackTHis\HijackThis1991汉化版\backups\backup-20050722-213859-973.dll
已删除: 广告程序 not-a-virus:AdWare.Win32.Navi文件: C:\Program Files\HijackTHis\HijackThis1991汉化版\backups\backup-20051025-000457-822.dll
已删除: 广告程序 not-a-virus:AdWare.Win32.Navi文件: C:\Program Files\HijackTHis\HijackThis1991汉化版\backups\backup-20051228-142408-801.dll/PE_Patch.PECompact/PecBundle/PECompact
已删除: 广告程序 not-a-virus:AdWare.Win32.AdMedia.a文件: C:\Program Files\HijackTHis\HijackThis1991汉化版\backups\backup-20051228-142408-223.dll
已删除: 广告程序 not-a-virus:AdWare.Win32.Dudu.e文件: F:\下载\虚拟视频安装&汉化\HB-CamtasiaStudio302-moming.exe/WISE0012.BIN
已删除: 广告程序 not-a-virus:AdWare.Win32.Dudu.e文件: F:\下载\虚拟视频安装&汉化\HB-CamtasiaStudio302-moming.rar\HB-CamtasiaStudio302-moming.exe
已删除: 广告程序 not-a-virus:AdWare.Win32.Boran.k文件: F:\下载\豪杰\FlashPlayer_10.exe/data0004/data0003/UPX
已删除: 木马程序 Trojan-Downloader.NSIS.Agent.k文件: F:\下载\豪杰\FlashPlayer_10.exe/data0006/stream/Script
已删除: 木马程序 Trojan-Downloader.NSIS.Agent.r文件: F:\下载\ProxyCap\HA_ProxyCap_30_FIX\setup.exe/Stream/data0006/stream/Script
已删除: 广告程序 not-a-virus:AdWare.Win32.Hengbang.k文件: F:\浩方对战平台\cgahap.exe/SetupHAP.exe
已删除: 广告程序 not-a-virus:AdWare.Win32.Hengbang.f文件: F:\浩方对战平台\cgahap.exe/HBHelper.dll
已删除: 广告程序 not-a-virus:AdWare.Win32.Accoona.a文件: F:\浩方对战平台\Accoona.exe/WiseSFX Dropper/WISE0001.BIN

瑞星杀出来的