启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <yu22llxv><C:\DOCUME~1\xr\LOCALS~1\Temp\expiorer.exe>  [N/A]
    <yu22llxv><C:\DOCUME~1\xr\LOCALS~1\Temp\expiorer.exe>  [N/A]
    <02veqrhu120><C:\DOCUME~1\xr\LOCALS~1\Temp\iexp1ore.exe>  [N/A]
    <bcge3brcy5vbrk2><C:\DOCUME~1\xr\LOCALS~1\Temp\lexplore.exe>  [N/A]
    <8fg35v77u5w><C:\DOCUME~1\xr\LOCALS~1\Temp\iexpl0re.exe>  [N/A]
    <kw8jxf55k><C:\DOCUME~1\xr\LOCALS~1\Temp\expiorer.exe>  [N/A]
    <sym1g45yi1f1m8><C:\DOCUME~1\xr\LOCALS~1\Temp\iexp1ore.exe>  [N/A]
    <ubmuu5uc221h><C:\DOCUME~1\xr\LOCALS~1\Temp\lexplore.exe>  [N/A]
    <l4zbvzg10b6td><C:\DOCUME~1\xr\LOCALS~1\Temp\iexpl0re.exe>  [N/A]
    <fxwu049480q70b><C:\DOCUME~1\xr\LOCALS~1\Temp\lexplore.exe>  [N/A]
    <hysgv29l9ftr3i3><C:\DOCUME~1\xr\LOCALS~1\Temp\lexplore.exe>  [N/A]
    <h0lk9k2l><C:\DOCUME~1\xr\LOCALS~1\Temp\lexplore.exe>  [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <CnxDslTaskBar><C:\Program Files\OEM\AccessRunner ADSL\CnxDslTb.exe>  [Conexant Systems Inc.]
    <BigDogPath><C:\WINDOWS\VM_STI.EXE USB PC Camera 301P>  [N/A]
    <WinnetManager><C:\WINDOWS\system32\WinnetManager.exe>  [N/A]
    <SOUNDM><win32smd.exe>  [N/A]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <System><C:\Program Files\Common Files\System\Updaterun.exe>  [N/A]
    <IEBarUp><RunDll32 "C:\WINDOWS\system32\IeBar1.dll",Run>  [Microsoft Corporation]
    <CdnCtr><C:\Program Files\CNNIC\Cdn\cdnup.exe>  [N/A]
    <Desktop><"C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\NTService32.dll",Run>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><684745M.BMP>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{B8A170A8-7AD3-4678-B2FE-F2D7381CC1B5}><C:\Program Files\Internet Explorer\Connection Wizard\isignup.sys>  [N/A]

==================================
启动文件夹
N/A

==================================

服务
[4B439620 / 4B439620]
  <C:\WINDOWS\system32\4B439620.EXE -service><Microsoft Corporation>
[Human Interface Device Access / HidServ]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Process Communication Center / RsCCenter]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Windows DHCP Service / WinDHCPsvc]
  <C:\WINDOWS\system32\rundll32.exe windhcp.ocx,start><Microsoft Corporation>

==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[BaseTDI / BaseTDI]
  <\??\C:\WINDOWS\system32\drivers\basetdi.sys><Beijing Rising Technology Co., Ltd.>
[USB ADSL WAN Adapter Filter Driver / CnxEtP]
  <system32\DRIVERS\CnxEtP.sys><Conexant>
[USB ADSL 设备驱动 / CnxEtU]
  <system32\DRIVERS\CnxEtU.sys><Conexant>
[USB ADSL WAN Adapter Driver / CnxTgN]
  <system32\DRIVERS\CnxTgN.sys><Conexant Systems Inc.>
[ExpScaner / ExpScaner]
  <\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[HookCont / HookCont]
  <\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising tech Co. ltd>
[HookReg / HookReg]
  <\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys]
  <\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[MEMSCAN / MEMSCAN]
  <\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[Netgroup Packet Filter / NPF]
  <system32\DRIVERS\npf.sys><CACE Technologies>
[npkcrypt / npkcrypt]
  <\??\C:\Program Files\Tencent\qq\npkcrypt.sys><N/A>
[nv / nv]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Secdrv / Secdrv]
  <system32\DRIVERS\secdrv.sys><N/A>

==================================

浏览器加载项
[QQCycloneHelper Class]
  {00000000-12C9-4305-82F9-43058F20E8D2} <C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll, 腾讯公司>
[IEMonitor Class]
  {08A312BB-5409-49FC-9347-54BB7D069AC6} <C:\WINDOWS\system32\IESHEL~1.DLL, >
[Tencent Browser Helper]
  {0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\Adplus\SSAddr1.dll, Tencent>
[Info cache]
  {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll, 金泰丰(广州)科技有限公司>
[Flash 7]
  {492B8F66-B8CF-4F7A-B0EE-B7383B92F5BA} <C:\WINDOWS\system\IceHBO.dll, N/A>
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[实用搜索]
  {6CFD436C-7AAD-4e50-992F-C0C87A94CAD2} <C:\Program Files\superutilbar\superutilbar.dll, www.shiyongsousuo.com>
[cnwin Class]
  {EC497BD8-460F-44F0-B2A4-8C2B2198035B} <C:\WINDOWS\system32\cnwin.dll, 深圳市卓众网络有限公司>
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\qq\QQ.EXE, TENCENT>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[实用搜索工具条2.0]
  {03465FF5-00AE-411a-9C34-960ED566EC03} <C:\Program Files\superutilbar\superutilbar.dll, www.shiyongsousuo.com>
[QQCycloneHelper Class]
  {00000000-12C9-4305-82F9-43058F20E8D2} <C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll, 腾讯公司>
[实用搜索工具条2.0]
  {03465FF5-00AE-411A-9C34-960ED566EC03} <C:\Program Files\superutilbar\superutilbar.dll, www.shiyongsousuo.com>
[IEMonitor Class]
  {08A312BB-5409-49FC-9347-54BB7D069AC6} <C:\WINDOWS\system32\IESHEL~1.DLL, >
[Tencent Browser Helper]
  {0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\Adplus\SSAddr1.dll, Tencent>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[Info cache]
  {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll, 金泰丰(广州)科技有限公司>
[Flash 7]
  {492B8F66-B8CF-4F7A-B0EE-B7383B92F5BA} <C:\WINDOWS\system\IceHBO.dll, N/A>
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[实用搜索]
  {6CFD436C-7AAD-4E50-992F-C0C87A94CAD2} <C:\Program Files\superutilbar\superutilbar.dll, www.shiyongsousuo.com>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
  {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[cnwin Class]
  {EC497BD8-460F-44F0-B2A4-8C2B2198035B} <C:\WINDOWS\system32\cnwin.dll, 深圳市卓众网络有限公司>
[&使用超级旋风下载]
  <C:\Program Files\Tencent\QQDownload\geturl.htm, N/A>
[&使用超级旋风下载全部链接]
  <C:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>
[上传到QQ网络硬盘]
  <C:\Program Files\Tencent\qq\AddToNetDisk.htm, N/A>
[添加QQ网络收藏夹]
  <C:\Program Files\Tencent\TT\NAF.htm, N/A>
[添加到QQ自定义面板]
  <C:\Program Files\Tencent\qq\AddPanel.htm, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <C:\Program Files\Tencent\qq\SendMMS.htm, N/A>
[访问通用网址]
  <C:\Program Files\CNNIC\Cdn\cnnic.htm, N/A>

==================================

正在运行的进程
[PID: 360][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2096 (xpsp_sp2_rc1.040311-2315)]
[PID: 436][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2096 (xpsp_sp2_rc1.040311-2315)]
[PID: 460][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2096 (xpsp_sp2_rc1.040311-2315)]
    [C:\WINDOWS\684745M.BMP]  [N/A, N/A]
[PID: 512][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2096 (xpsp_sp2_rc1.040311-2315)]
    [C:\WINDOWS\684745M.BMP]  [N/A, N/A]
[PID: 524][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2096 (xpsp_sp2_rc1.040311-2315)]
    [C:\WINDOWS\684745M.BMP]  [N/A, N/A]
[PID: 692][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2096 (xpsp_sp2_rc1.040311-2315)]
    [C:\WINDOWS\684745M.BMP]  [N/A, N/A]
[PID: 736][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2096 (xpsp_sp2_rc1.040311-2315)]
    [C:\WINDOWS\684745M.BMP]  [N/A, N/A]
[PID: 784][C:\Program Files\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
    [C:\WINDOWS\684745M.BMP]  [N/A, N/A]
[PID: 820][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2096 (xpsp_sp2_rc1.040311-2315)]
    [C:\WINDOWS\684745M.BMP]  [N/A, N/A]
[PID: 872][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2096 (xpsp_sp2_rc1.040311-2315)]
    [C:\WINDOWS\684745M.BMP]  [N/A, N/A]
[PID: 944][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2096 (xpsp_sp2_rc1.040311-2315)]
    [C:\WINDOWS\684745M.BMP]  [N/A, N/A]
[PID: 1012][C:\Program Files\Rising\Rav\Ravmond.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 1, 19]
    [C:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 16]
    [C:\WINDOWS\684745M.BMP]  [N/A, N/A]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\Program Files\Rising\Rav\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 18]
    [C:\Program Files\Rising\Rav\HOOKSYS.dll]  [Rising, 18, 1, 0, 9]
    [C:\Program Files\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 28]
    [C:\Program Files\Rising\Rav\libload.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
    [C:\Program Files\Rising\Rav\VirusLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
    [C:\Program Files\Rising\Rav\regmon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [C:\Program Files\Rising\Rav\HookWeb.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\MemMon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 8]
    [C:\Program Files\Rising\Rav\expscan.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\Program Files\Rising\Rav\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
    [C:\Program Files\Rising\Rav\MailMon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\Program Files\Rising\Rav\SpamEng.dll]  [N/A, 18, 0, 0, 6]
    [C:\Program Files\Rising\Rav\engine.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 26]
    [C:\Program Files\Rising\Rav\PostTrt.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 9]
    [C:\Program Files\Rising\Rav\UnExe.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [C:\Program Files\Rising\Rav\ScanExec.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
    [C:\Program Files\Rising\Rav\ScanEx.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 7]
    [C:\Program Files\Rising\Rav\NvFile.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 7]
    [C:\Program Files\Rising\Rav\ScanMac.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 7]
    [C:\Program Files\Rising\Rav\ScanSct.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\Unpacker.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
    [C:\Program Files\Rising\Rav\ScanNet.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\Program Files\Rising\Rav\ExtOLE.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RsStore.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]

[PID: 1076][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2096 (xpsp_sp2_rc1.040311-2315)]
    [C:\WINDOWS\684745M.BMP]  [N/A, N/A]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMs.Ime]  [N/A, N/A]
    [C:\Program Files\Internet Explorer\Connection Wizard\isignup.sys]  [N/A, N/A]
    [C:\Program Files\Internet Explorer\PLUGINS\CDown.sys]  [N/A, N/A]
    [C:\WINDOWS\system32\KB6847456.LOG]  [N/A, N/A]
    [C:\WINDOWS\system32\wsvbs.dll]  [N/A, N/A]
    [C:\DOCUME~1\xr\LOCALS~1\Temp\LgSyl.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\WINDOWS\system32\windhcp.ocx]  [N/A, N/A]
    [C:\Program Files\superutilbar\superutilbar.dll]  [www.shiyongsousuo.com, 2, 1, 8, 24]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 0, 0, 2]
    [C:\WINDOWS\Downloaded Program Files\916040\ExDLL.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\webpageparser.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\Charset.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\CreateDomTree.dll]  [N/A, N/A]
    [C:\WINDOWS\Downloaded Program Files\916040\fshook.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\IESHEL~1.DLL]  [, 5.1.2600.0]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
    [C:\WINDOWS\system32\JPWB.IME]  [长江软件工作室, 4.00.950]
[PID: 1248][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2096 (xpsp_sp2_rc1.040311-2315)]
    [C:\WINDOWS\684745M.BMP]  [N/A, N/A]
[PID: 1640][C:\Program Files\Rising\Rav\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\WINDOWS\684745M.BMP]  [N/A, N/A]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 852][C:\WINDOWS\logo1_.exe]  [N/A, N/A]
    [C:\WINDOWS\684745M.BMP]  [N/A, N/A]
    [C:\Program Files\Internet Explorer\Connection Wizard\isignup.sys]  [N/A, N/A]
[PID: 1416][C:\Program Files\OEM\AccessRunner ADSL\CnxDslTb.exe]  [Conexant Systems Inc., 2.099.056.000]
    [C:\WINDOWS\684745M.BMP]  [N/A, N/A]
    [C:\Program Files\OEM\AccessRunner ADSL\CnxDslWz.dll]  [Conexant Systems Inc., 2.099.056.000]
    [C:\Program Files\Internet Explorer\Connection Wizard\isignup.sys]  [N/A, N/A]
    [C:\WINDOWS\system32\CnxHwIo.dll]  [Conexant Systems Inc., 2.099.056.000]
[PID: 1456][C:\WINDOWS\VM_STI.EXE]  [VM., 4.2.610.4]
    [C:\WINDOWS\684745M.BMP]  [N/A, N/A]
    [C:\Program Files\Internet Explorer\Connection Wizard\isignup.sys]  [N/A, N/A]
    [C:\WINDOWS\system32\msdmo.dll]  [N/A, N/A]
[PID: 952][C:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 22]
    [C:\WINDOWS\684745M.BMP]  [N/A, N/A]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Internet Explorer\Connection Wizard\isignup.sys]  [N/A, N/A]
[PID: 1512][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2096 (xpsp_sp2_rc1.040311-2315)]
    [C:\WINDOWS\684745M.BMP]  [N/A, N/A]
    [C:\Program Files\Internet Explorer\Connection Wizard\isignup.sys]  [N/A, N/A]
[PID: 2136][C:\WINDOWS\system32\lexplore.exe]  [N/A, N/A]
    [C:\WINDOWS\684745M.BMP]  [N/A, N/A]
    [C:\DOCUME~1\xr\LOCALS~1\Temp\LgSyl.dll]  [N/A, N/A]
[PID: 2280][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2096 (xpsp_sp2_rc1.040311-2315)]
    [C:\WINDOWS\684745M.BMP]  [N/A, N/A]
[PID: 2532][C:\WINDOWS\system32\wuauclt.exe]  [Microsoft Corporation, 5.4.3790.2096 (xpsp_sp2_rc1.040311-2315)]
    [C:\WINDOWS\684745M.BMP]  [N/A, N/A]
[PID: 2640][C:\WINDOWS\system\taskmgr.exe]  [N/A, N/A]
    [C:\WINDOWS\684745M.BMP]  [N/A, N/A]
    [C:\Program Files\Internet Explorer\Connection Wizard\isignup.sys]  [N/A, N/A]
[PID: 2860][C:\WINDOWS\system\conime.exe]  [N/A, N/A]
    [C:\WINDOWS\684745M.BMP]  [N/A, N/A]
    [C:\Program Files\Internet Explorer\Connection Wizard\isignup.sys]  [N/A, N/A]
[PID: 3700][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2096 (xpsp_sp2_rc1.040311-2315)]
    [C:\WINDOWS\684745M.BMP]  [N/A, N/A]
    [C:\Program Files\Internet Explorer\Connection Wizard\isignup.sys]  [N/A, N/A]
[PID: 3324][C:\WINDOWS\SYSTEM32\RUNDLL32.EXE]  [Microsoft Corporation, 5.1.2600.2096 (xpsp_sp2_rc1.040311-2315)]
    [C:\WINDOWS\684745M.BMP]  [N/A, N/A]
[PID: 1392][C:\DOCUME~1\xr\LOCALS~1\Temp\wincabb.exe]  [N/A, N/A]
    [C:\WINDOWS\system32\windhcp.ocx]  [N/A, N/A]
    [C:\WINDOWS\684745M.BMP]  [N/A, N/A]
    [C:\Program Files\Internet Explorer\Connection Wizard\isignup.sys]  [N/A, N/A]
[PID: 2880][C:\Program Files\CNNIC\Cdn\cdnup.exe]  [, 2, 4, 0, 6]
    [C:\WINDOWS\684745M.BMP]  [N/A, N/A]
    [C:\WINDOWS\system32\windhcp.ocx]  [N/A, N/A]
    [C:\Program Files\Internet Explorer\Connection Wizard\isignup.sys]  [N/A, N/A]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 0, 0, 2]
[PID: 1852][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2096 (xpsp_sp2_rc1.040311-2315)]
    [C:\WINDOWS\684745M.BMP]  [N/A, N/A]
    [C:\WINDOWS\system32\windhcp.ocx]  [N/A, N/A]
[PID: 716][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2096 (xpsp_sp2_rc1.040311-2315)]
    [C:\WINDOWS\684745M.BMP]  [N/A, N/A]
    [C:\WINDOWS\system32\windhcp.ocx]  [N/A, N/A]
[PID: 2684][C:\Program Files\Tencent\TT\TTraveler.exe]  [深圳市腾讯计算机系统有限公司, 1. 3. 1. 52]
    [C:\WINDOWS\684745M.BMP]  [N/A, N/A]
    [C:\WINDOWS\system32\windhcp.ocx]  [N/A, N/A]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 0, 0, 2]
    [C:\Program Files\Internet Explorer\Connection Wizard\isignup.sys]  [N/A, N/A]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
    [C:\DOCUME~1\xr\LOCALS~1\Temp\LgSyl.dll]  [N/A, N/A]
    [C:\Program Files\Tencent\TT\PersonalDesktop.dll]  [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 2]
    [C:\WINDOWS\system32\JPWB.IME]  [长江软件工作室, 4.00.950]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
[PID: 3092][C:\WINDOWS\system32\cmd.exe]  [Microsoft Corporation, 5.1.2600.2096 (xpsp_sp2_rc1.040311-2315)]
    [C:\WINDOWS\684745M.BMP]  [N/A, N/A]
    [C:\WINDOWS\system32\windhcp.ocx]  [N/A, N/A]
[PID: 4088][C:\WINDOWS\logo1_.exe]  [N/A, N/A]
    [C:\WINDOWS\684745M.BMP]  [N/A, N/A]
    [C:\WINDOWS\system32\windhcp.ocx]  [N/A, N/A]
[PID: 3456][F:\sreng2\SREng\1.bat.exe]  [Smallfrogs Studio, 2.2.6.605]
    [C:\WINDOWS\684745M.BMP]  [N/A, N/A]
    [C:\WINDOWS\system32\windhcp.ocx]  [N/A, N/A]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 0, 0, 2]
    [C:\Program Files\Internet Explorer\Connection Wizard\isignup.sys]  [N/A, N/A]
    [C:\DOCUME~1\xr\LOCALS~1\Temp\LgSyl.dll]  [N/A, N/A]

==================================

文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
[C:\]
[AutoRun]
open=iexplore.exe
shellexecute=iexplore.exe
shell\Auto\command=iexplore.exe
[D:\]
[AutoRun]
open=iexplore.exe
shellexecute=iexplore.exe
shell\Auto\command=iexplore.exe
[E:\]
[AutoRun]
open=iexplore.exe
shellexecute=iexplore.exe
shell\Auto\command=iexplore.exe
[F:\]
[AutoRun]
open=iexplore.exe
shellexecute=iexplore.exe
shell\Auto\command=iexplore.exe
[G:\]
[AutoRun]
open=iexplore.exe
shellexecute=iexplore.exe
shell\Auto\command=iexplore.exe

==================================
HOSTS 文件
61.152.108.76  www.work009.com
61.152.108.76  my.m365m.com
61.152.108.76  www.mh578.com

================================

流氓+病毒集于一身


楼主重装系统吧!最少比你修复的时间要快.


装系统之前要确定其它盘是否被病毒感染.