瑞星最新版也不能杀掉这个病毒，系统启动后，总是出现病毒，我看临时文件夹里老出现一个文本文件，如下：

[DOWNLOADNUMS]

updatetm=4
downfile=5
killproc=0
removreg=0

[STARTHTMPAGE]

mainpage=http://www.sina.com.cn

[DOWNMAINLIST]

mainfile=http://222.77.185.140/zl.exe

[DOWNFILELIST]

downfile1=http://222.77.178.218/zl/qq.exe
downfile2=http://222.77.178.218/zl/mh.exe
downfile3=http://222.77.178.218/zl/wl.exe
downfile4=http://222.77.178.218/zl/zt.exe
downfile5=http://222.77.178.218/zl/jh.exe
downfile6=http://222.77.178.218/zl/cs.exe
downfile7=http://222.77.178.218/zl/ms.exe

[DOWNKILLLIST]

killproc1=CDPLAYER.EXE

[REMOVREGLIST]

removreg1=HKEY_LOCAL_MACHINE\SOFTWARE\C07ft5Y\WinXP*test



这个病毒如何查杀，请高手指点

mizuki.ys168.com下载System Repair Engineer扫个日志上来，一次贴不完分次贴，不要修改

谢谢，你看这个行么？



006-12-11,16:14:03

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><D:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <ravshell><D:\Progra~1\Eset\rund1132.exe>  [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <IgfxTray><D:\WINDOWS\system32\igfxtray.exe>  [(Verified)Intel Corporation]
    <RavTask><"D:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <RavStub><"D:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><D:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <WPDShServiceObj><D:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <TkBellExe><; "D:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]

==================================
启动文件夹
[核新SSL通讯安全代理]
  <D:\Documents and Settings\All Users\「开始」菜单\程序\启动\核新SSL通讯安全代理.lnk --> D:\PROGRA~1\hexin\sslproxy\SSLCnt.exe [杭州核新软件技术有限公司]><N>

==================================
服务
[Human Interface Device Access / HidServ]
  <D:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Proxy  Service / RfwProxySrv]
  <d:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
  <d:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
  <"D:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon]
  <"D:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Windows DHCP Service / WinDHCPsvc]
  <D:\WINDOWS\system32\rundll32.exe windhcp.ocx,start><Microsoft Corporation>

==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[Rising TDI Base Driver / BaseTDI]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[CnsMinKP / CnsMinKP]
  <\SystemRoot\system32\drivers\CnsMinKP.sys><Copyright (C) 3721 Corporation.>
[ExpScaner / ExpScaner]
  <\??\D:\Program Files\Rising\Rav\ExpScan.sys><>
[HookCont / HookCont]
  <\??\D:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg]
  <\??\D:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys]
  <\??\D:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl]
  <\??\D:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[i81x / i81x]
  <system32\DRIVERS\i81xnt5.sys><Intel(R) Corporation>
[iAimFP0 / iAimFP0]
  <system32\DRIVERS\wADV01nt.sys><Intel(R) Corporation>
[iAimFP1 / iAimFP1]
  <system32\DRIVERS\wADV02NT.sys><Intel(R) Corporation>
[iAimFP2 / iAimFP2]
  <system32\DRIVERS\wADV05NT.sys><Intel(R) Corporation>
[iAimFP3 / iAimFP3]
  <system32\DRIVERS\wSiINTxx.sys><Intel(R) Corporation>
[iAimFP4 / iAimFP4]
  <system32\DRIVERS\wVchNTxx.sys><Intel(R) Corporation>
[iAimFP5 / iAimFP5]
  <system32\DRIVERS\wADV07nt.sys><Intel(R) Corporation>
[iAimFP6 / iAimFP6]
  <system32\DRIVERS\wADV08nt.sys><Intel(R) Corporation>
[iAimFP7 / iAimFP7]
  <system32\DRIVERS\wADV09nt.sys><Intel(R) Corporation>
[iAimFP8 / iAimFP8]
  <system32\DRIVERS\wADV11nt.sys><Intel(R) Corporation>
[iAimTV0 / iAimTV0]
  <system32\DRIVERS\wATV01nt.sys><Intel(R) Corporation>
[iAimTV1 / iAimTV1]
  <system32\DRIVERS\wATV02NT.sys><Intel(R) Corporation>
[iAimTV3 / iAimTV3]
  <system32\DRIVERS\wATV04nt.sys><Intel(R) Corporation>
[iAimTV4 / iAimTV4]
  <system32\DRIVERS\wCh7xxNT.sys><Intel(R) Corporation>
[iAimTV5 / iAimTV5]
  <system32\DRIVERS\wATV10nt.sys><Intel(R) Corporation>
[iAimTV6 / iAimTV6]
  <system32\DRIVERS\wATV06nt.sys><Intel(R) Corporation>
[MEMSCAN / MEMSCAN]
  <\??\D:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs]
  <\??\d:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[npkcrypt / npkcrypt]
  <\??\E:\程序安装\winxp\qq\npkcrypt.sys><N/A>
[nv / nv]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[PStrip / PStrip]
  <D:\WINDOWS\SYSTEM32\DRIVERS\PStrip.SYS><EnTech Taiwan>
[Direct Parallel Link Driver / Ptilink]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsFwDrv / RsFwDrv]
  <\??\D:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS]
  <\??\D:\PROGRAM FILES\RISING\RAV\RSPPSYS.sys><Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv]
  <system32\DRIVERS\secdrv.sys><N/A>
[Sentinel / Sentinel]
  <\SystemRoot\System32\Drivers\SENTINEL.SYS><N/A>
[TCP/IP Protocol Driver / Tcpip]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>

==================================
浏览器加载项
[CAdLogic Object]
  {11F09AFD-75AD-4E51-AB43-E09E9351CE16} <D:\Program Files\Common Files\CPUSH\cpush.dll, N/A>
[Flashget Catch Url Class]
  {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <D:\Program Files\FlashGet\jccatch.dll, www.flashget.com>
[AntiFish Class]
  {38928D50-8A48-44C2-945F-D2F23F771410} <D:\PROGRA~1\Yahoo!\ASSIST~1\assist\yangling.dll, yahoo! china>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <E:\程序安装\winxp\qq\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[assist]
  {FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} <D:\PROGRA~1\Yahoo!\ASSIST~1\assist\yassist.dll, Yahoo! China>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <E:\程序安装\winxp\qq\QQ.EXE, TENCENT>
[快车]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <D:\PROGRA~1\FLASHGET\flashget.exe, FlashGet.com>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <E:\程序安装\winxp\qq\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[快车(FlashGet)]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <D:\Program Files\FlashGet\fgiebar.dll, Amaze Soft>
[金山快译(&K)]
  {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} <E:\程序安装\winxp\金山快译\IEBand.dll, 金山软件股份有限公司>
[CAdLogic Object]
  {11F09AFD-75AD-4E51-AB43-E09E9351CE16} <D:\Program Files\Common Files\CPUSH\cpush.dll, N/A>
[Flashget Catch Url Class]
  {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <D:\Program Files\FlashGet\jccatch.dll, www.flashget.com>
[Tabular Data Control]
  {333C7BC4-460F-11D0-BC04-0080C7055A83} <D:\WINDOWS\system32\tdc.ocx, Microsoft Corporation>
[Yahoo!Photo]
  {33BBE430-0E42-4F12-B075-8D21ACB10DCB} <D:\PROGRA~1\Yahoo!\ASSIST~1\assist\yphtb.dll, Yahoo! China>
[AntiFish Class]
  {38928D50-8A48-44C2-945F-D2F23F771410} <D:\PROGRA~1\Yahoo!\ASSIST~1\assist\yangling.dll, yahoo! china>
[雅虎助手]
  {406F94F0-504F-4A40-8DFD-58B0666ABEBD} <D:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll, yahoo! china>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <E:\程序安装\winxp\qq\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Yahoo!Live]
  {57421194-58FB-49AE-9B4F-FD48869B9AD4} <D:\PROGRA~1\Yahoo!\ASSIST~1\YAlive.dll, yahoo! china>
[DragSearch BHO]
  {62EED7C6-9F02-42F9-B634-98E2899E147B} <D:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL, yahoo! china>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <D:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[金山快译(&K)]
  {6C3797D2-3FEF-4CD4-B654-D3AE55B4128C} <E:\程序安装\winxp\金山快译\IEBand.dll, 金山软件股份有限公司>
[AutoLive]
  {7CA83CF1-3AEA-42D0-A4E3-1594FC6E48B2} <D:\PROGRA~1\3721\autolive.dll, >
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <D:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <D:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <D:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[快车(FlashGet)]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <D:\Program Files\FlashGet\fgiebar.dll, Amaze Soft>
[gFlash Class]
  {F156768E-81EF-470C-9057-481BA8380DBA} <D:\Program Files\FlashGet\getflash.dll, >
[assist]
  {FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} <D:\PROGRA~1\Yahoo!\ASSIST~1\assist\yassist.dll, Yahoo! China>
[&使用快车(FlashGet)下载]
  <D:\Program Files\FlashGet\jc_link.htm, N/A>
[&使用快车(FlashGet)下载全部链接]
  <D:\Program Files\FlashGet\jc_all.htm, N/A>
[上传到QQ网络硬盘]
  <E:\程序安装\winxp\qq\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
  <E:\程序安装\winxp\qq\AddPanel.htm, N/A>
[添加到QQ表情]
  <E:\程序安装\winxp\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <E:\程序安装\winxp\qq\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 412][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 476][\??\D:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 500][\??\D:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 544][D:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 556][D:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 712][D:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 756][D:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 820][D:\Program Files\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 840][D:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.26

[PID: 880][D:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 932][D:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1016][D:\Program Files\Rising\Rav\Ravmond.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 39]
    [D:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 6]
    [D:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [D:\Program Files\Rising\Rav\rfwctrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [D:\Program Files\Rising\Rav\RsPPsys.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
    [D:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [D:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [D:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [D:\Program Files\Rising\Rav\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [D:\Program Files\Rising\Rav\HOOKSYS.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 0]
    [D:\Program Files\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 8]
    [D:\Program Files\Rising\Rav\libload.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 15]
    [D:\Program Files\Rising\Rav\VirusLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [D:\Program Files\Rising\Rav\regmon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [D:\Program Files\Rising\Rav\HookWeb.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
    [D:\Program Files\Rising\Rav\MemMon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
    [D:\Program Files\Rising\Rav\expscan.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [D:\Program Files\Rising\Rav\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
    [D:\Program Files\Rising\Rav\HookCont.dll]  [Rising, 19, 0, 0, 0]
    [D:\Program Files\Rising\Rav\SpamEng.dll]  [N/A, 18, 0, 0, 6]
    [D:\Program Files\Rising\Rav\engine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 20]
    [D:\Program Files\Rising\Rav\PostTrt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 8]
    [D:\Program Files\Rising\Rav\UnExe.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [D:\Program Files\Rising\Rav\ScanExec.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 15]
    [D:\Program Files\Rising\Rav\ScanEx.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 26]
    [D:\Program Files\Rising\Rav\ExtFile.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 22]
    [D:\Program Files\Rising\Rav\NvFile.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
    [D:\Program Files\Rising\Rav\ScanMac.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 12]
    [D:\Program Files\Rising\Rav\ScanSct.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 15]
    [D:\Program Files\Rising\Rav\Unpacker.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 17]
    [D:\Program Files\Rising\Rav\ScanPack.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
    [D:\Program Files\Rising\Rav\RsVM.dll]  [N/A, 19, 0, 0, 9]
    [D:\Program Files\Rising\Rav\RsStore.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [D:\Program Files\Rising\Rav\Uscript.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 17]
    [D:\Program Files\Rising\Rav\Uroutine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
[PID: 1208][D:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\PROGRA~1\3721\helper.dll]  [, 1, 1, 1, 1327]
    [D:\WINDOWS\system32\lockfileqy.dll]  [N/A, N/A]
    [D:\DOCUME~1\CIT\LOCALS~1\Temp\ud.dll]  [N/A, N/A]
    [D:\Program Files\PowerStrip\pshook.dll]  [EnTech Taiwan, 4.10.3.11]
    [D:\Program Files\FlashGet\fgmgr.dll]  [www.flashget.com, 1, 8, 0, 1001]
[PID: 1224][d:\program files\rising\rfw\rfwsrv.exe]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 30]
    [d:\program files\rising\rfw\RfwRule.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 12]
    [d:\program files\rising\rfw\rfwlog.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 6]
    [d:\program files\rising\rfw\Rfwdrv.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 21]
    [d:\program files\rising\rfw\MonDrv.dll]  [rs, 1, 0, 0, 4]
    [d:\program files\rising\rfw\ProcLib.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 9]
[PID: 1356][D:\Program Files\Rising\Rav\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
    [D:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [D:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 1516][d:\program files\rising\rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 48]
    [d:\program files\rising\rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 23]
    [D:\WINDOWS\system32\DrvTrNTm.dll]  [High Criteria inc., 4, 2, 0, 1]
    [D:\WINDOWS\system32\DrvTrNTl.dll]  [N/A, N/A]
    [d:\program files\rising\rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]

[d:\program files\rising\rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [D:\DOCUME~1\CIT\LOCALS~1\Temp\ud.dll]  [N/A, N/A]
    [D:\PROGRA~1\3721\helper.dll]  [, 1, 1, 1, 1327]
    [D:\Program Files\FlashGet\fgmgr.dll]  [www.flashget.com, 1, 8, 0, 1001]
    [D:\Program Files\PowerStrip\pshook.dll]  [EnTech Taiwan, 4.10.3.11]
[PID: 1704][D:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [D:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [D:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [D:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [D:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [D:\DOCUME~1\CIT\LOCALS~1\Temp\ud.dll]  [N/A, N/A]
[PID: 1720][D:\Program Files\Rising\Rav\Ravmon.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 36]
    [D:\Program Files\Rising\Rav\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 28]
    [D:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 6]
    [D:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [D:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [D:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [D:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [D:\Program Files\Rising\Rav\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [D:\Program Files\Rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [D:\PROGRA~1\3721\helper.dll]  [, 1, 1, 1, 1327]
    [D:\DOCUME~1\CIT\LOCALS~1\Temp\ud.dll]  [N/A, N/A]
    [D:\Program Files\PowerStrip\pshook.dll]  [EnTech Taiwan, 4.10.3.11]
    [D:\Program Files\FlashGet\fgmgr.dll]  [www.flashget.com, 1, 8, 0, 1001]
[PID: 1728][D:\PROGRA~1\Yahoo!\Assistant\yassistse.exe]  [Yahoo! China, 3, 0, 4, 1005]
    [D:\PROGRA~1\Yahoo!\Assistant\shell\yAssecblk.dll]  [Yahoo! China, 3, 0, 1, 1003]
    [D:\PROGRA~1\Yahoo!\Assistant\shell\yAsMenu.dll]  [Yahoo! China, 3, 0, 1, 1002]
    [D:\PROGRA~1\Yahoo!\Assistant\shell\yMenuInfo.dll]  [Yahoo! China, 3, 0, 1, 1001]
    [D:\PROGRA~1\Yahoo!\Assistant\shell\yIEAngel.dll]  [Yahoo! China, 3, 0, 2, 1002]
    [D:\DOCUME~1\CIT\LOCALS~1\Temp\ud.dll]  [N/A, N/A]
[PID: 1788][D:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\WINDOWS\system32\DrvTrNTm.dll]  [High Criteria inc., 4, 2, 0, 1]
    [D:\WINDOWS\system32\DrvTrNTl.dll]  [N/A, N/A]
    [D:\PROGRA~1\3721\helper.dll]  [, 1, 1, 1, 1327]
    [D:\PROGRA~1\3721\autolive.dll]  [, 1, 1, 9, 1329]
    [D:\DOCUME~1\CIT\LOCALS~1\Temp\ud.dll]  [N/A, N/A]
    [D:\Program Files\FlashGet\fgmgr.dll]  [www.flashget.com, 1, 8, 0, 1001]
[PID: 1820][D:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\WINDOWS\system32\DrvTrNTm.dll]  [High Criteria inc., 4, 2, 0, 1]
    [D:\WINDOWS\system32\DrvTrNTl.dll]  [N/A, N/A]
    [D:\PROGRA~1\3721\helper.dll]  [, 1, 1, 1, 1327]
    [D:\DOCUME~1\CIT\LOCALS~1\Temp\ud.dll]  [N/A, N/A]
[PID: 1876][D:\Progra~1\Eset\rund1132.exe]  [N/A, N/A]
    [D:\DOCUME~1\CIT\LOCALS~1\Temp\ud.dll]  [N/A, N/A]
[PID: 1984][D:\Program Files\hexin\sslproxy\SSLCnt.exe]  [杭州核新软件技术有限公司, 1.103.2004.0218]
    [D:\Program Files\hexin\sslproxy\crypteng.dll]  [杭州核新软件技术有限公司, 1.44.2003.0426]
    [D:\Program Files\hexin\sslproxy\sslproxy.dll]  [杭州核新软件技术有限公司, 1.52.2002.326]
    [D:\Program Files\hexin\sslproxy\CAsAPI.dll]  [杭州核新软件技术有限公司, 1.49.2002.422]
    [D:\Program Files\hexin\sslproxy\Scard.dll]  [杭州核新软件技术有限公司, 1.02.2001.0529]
    [D:\PROGRA~1\3721\helper.dll]  [, 1, 1, 1, 1327]
    [D:\WINDOWS\system32\DrvTrNTm.dll]  [High Criteria inc., 4, 2, 0, 1]
    [D:\WINDOWS\system32\DrvTrNTl.dll]  [N/A, N/A]
    [D:\Program Files\hexin\sslproxy\MapProxy.dll]  [核新软件技术有限公司, 1.00.2003.0613]
    [D:\DOCUME~1\CIT\LOCALS~1\Temp\ud.dll]  [N/A, N/A]
[PID: 444][D:\WINDOWS\system32\notepad.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\WINDOWS\system32\DrvTrNTm.dll]  [High Criteria inc., 4, 2, 0, 1]
    [D:\WINDOWS\system32\DrvTrNTl.dll]  [N/A, N/A]
    [D:\PROGRA~1\3721\helper.dll]  [, 1, 1, 1, 1327]
    [D:\DOCUME~1\CIT\LOCALS~1\Temp\ud.dll]  [N/A, N/A]
    [D:\Program Files\FlashGet\fgmgr.dll]  [www.flashget.com, 1, 8, 0, 1001]
    [D:\Program Files\PowerStrip\pshook.dll]  [EnTech Taiwan, 4.10.3.11]
[PID: 660][D:\Program Files\PowerStrip\pstrip.exe]  [EnTech Taiwan, 4.10.03.50]
    [D:\Program Files\PowerStrip\psdesk.dll]  [EnTech Taiwan, 4.10.3.12]
    [D:\WINDOWS\system32\DrvTrNTm.dll]  [High Criteria inc., 4, 2, 0, 1]
    [D:\WINDOWS\system32\DrvTrNTl.dll]  [N/A, N/A]
    [D:\PROGRA~1\3721\helper.dll]  [, 1, 1, 1, 1327]
    [D:\DOCUME~1\CIT\LOCALS~1\Temp\ud.dll]  [N/A, N/A]
    [D:\Program Files\PowerStrip\pshook.dll]  [EnTech Taiwan, 4.10.3.11]
[PID: 404][I:\软件库\浏览器\myie32c\MyIE.exe]  [, 3, 2, 0, 475]
    [D:\PROGRA~1\3721\helper.dll]  [, 1, 1, 1, 1327]
    [D:\Program Files\PowerStrip\pshook.dll]  [EnTech Taiwan, 4.10.3.11]
    [D:\WINDOWS\system32\DrvTrNTm.dll]  [High Criteria inc., 4, 2, 0, 1]
    [D:\WINDOWS\system32\DrvTrNTl.dll]  [N/A, N/A]
    [D:\DOCUME~1\CIT\LOCALS~1\Temp\ud.dll]  [N/A, N/A]
    [D:\PROGRA~1\3721\autolive.dll]  [, 1, 1, 9, 1329]
    [D:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [D:\Program Files\FlashGet\fgmgr.dll]  [www.flashget.com, 1, 8, 0, 1001]
    [D:\WINDOWS\system32\Macromed\Flash\Flash9.ocx]  [Adobe Systems, Inc., 9,0,16,0]
[PID: 2356][D:\Program Files\Rising\Rav\Rav.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 28]
    [D:\Program Files\Rising\Rav\PlugIn\RsPgScan.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 17]
    [D:\WINDOWS\system32\DrvTrNTm.dll]  [High Criteria inc., 4, 2, 0, 1]
    [D:\WINDOWS\system32\DrvTrNTl.dll]  [N/A, N/A]
    [D:\PROGRA~1\3721\helper.dll]  [, 1, 1, 1, 1327]
    [D:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [D:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [D:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [D:\Program Files\Rising\Rav\RavUI.Dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 30]
    [D:\Program Files\Rising\Rav\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 28]
    [D:\Program Files\Rising\Rav\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [D:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [D:\Program Files\PowerStrip\pshook.dll]  [EnTech Taiwan, 4.10.3.11]
    [D:\DOCUME~1\CIT\LOCALS~1\Temp\ud.dll]  [N/A, N/A]
    [D:\Program Files\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 8]
    [D:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 6]
    [D:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [D:\Program Files\FlashGet\fgmgr.dll]  [www.flashget.com, 1, 8, 0, 1001]
[PID: 2912][D:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\PROGRA~1\3721\helper.dll]  [, 1, 1, 1, 1327]
    [D:\PROGRA~1\3721\autolive.dll]  [, 1, 1, 9, 1329]
    [D:\Program Files\PowerStrip\pshook.dll]  [EnTech Taiwan, 4.10.3.11]
    [D:\Program Files\FlashGet\jccatch.dll]  [www.flashget.com, 1, 8, 0, 1001]
    [D:\PROGRA~1\Yahoo!\ASSIST~1\assist\yangling.dll]  [yahoo! china, 3, 0, 1, 1002]
    [D:\WINDOWS\system32\DrvTrNTm.dll]  [High Criteria inc., 4, 2, 0, 1]
    [D:\WINDOWS\system32\DrvTrNTl.dll]  [N/A, N/A]
    [E:\程序安装\winxp\qq\QQIEHelper.dll]  [深圳市腾讯计算机系统有限公司, 1, 1, 0, 5]
    [D:\Program Files\FlashGet\fgmgr.dll]  [www.flashget.com, 1, 8, 0, 1001]
    [D:\PROGRA~1\Yahoo!\ASSIST~1\assist\yassist.dll]  [Yahoo! China, 3, 1, 2, 1017]
    [D:\DOCUME~1\CIT\LOCALS~1\Temp\ud.dll]  [N/A, N/A]
    [D:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 3820][D:\Program Files\WinRAR\WinRAR.exe]  [N/A, N/A]
    [D:\Program Files\FlashGet\fgmgr.dll]  [www.flashget.com, 1, 8, 0, 1001]
    [D:\PROGRA~1\3721\helper.dll]  [, 1, 1, 1, 1327]
    [D:\Program Files\PowerStrip\pshook.dll]  [EnTech Taiwan, 4.10.3.11]
    [D:\WINDOWS\system32\DrvTrNTm.dll]  [High Criteria inc., 4, 2, 0, 1]
    [D:\WINDOWS\system32\DrvTrNTl.dll]  [N/A, N/A]
    [D:\DOCUME~1\CIT\LOCALS~1\Temp\ud.dll]  [N/A, N/A]
[PID: 480][D:\DOCUME~1\CIT\LOCALS~1\Temp\Rar$EX00.069\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]
    [D:\Program Files\FlashGet\fgmgr.dll]  [www.flashget.com, 1, 8, 0, 1001]
    [D:\PROGRA~1\3721\helper.dll]  [, 1, 1, 1, 1327]
    [D:\Program Files\PowerStrip\pshook.dll]  [EnTech Taiwan, 4.10.3.11]
    [D:\DOCUME~1\CIT\LOCALS~1\Temp\ud.dll]  [N/A, N/A]
    [D:\WINDOWS\system32\DrvTrNTm.dll]  [High Criteria inc., 4, 2, 0, 1]
    [D:\WINDOWS\system32\DrvTrNTl.dll]  [N/A, N/A]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["D:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

用sreng
删除启动项目=>注册表
<ravshell><D:\Progra~1\Eset\rund1132.exe> [N/A]
删除
D:\Progra~1\Eset\rund1132.exe

安全模式清空
D:\DOCUME~1\CIT\LOCALS~1\Temp\

http://download4.pctutu.com/soft/winspeed792.zip
用超级兔子清理王在安全模式下卸载流氓软件...

好，我试试，谢谢你

运行System Repair Engineer 启动项目，注册表，删除
ravshell><D:\Progra~1\Eset\rund1132.exe> [N/A]
服务,win32服务应用程序，勾选隐藏微软服务后删除
Windows DHCP Service / WinDHCPsvc]
<D:\WINDOWS\system32\rundll32.exe windhcp.ocx,start><Microsoft Corporation>
安全模式下我的电脑，工具，文件夹选项，查看，显示所有文件和文件夹，把“隐藏受保护的系统文件”的勾去掉删除
D:\Progra~1\Eset\rund1132.exe
D:\WINDOWS\system32\windhcp.ocx
这个文件夹所有文件D:\DOCUME~1\CIT\LOCALS~1\Temp
http://www.pctutu.com/下载超级兔子清理流氓软件