天月，认真点把这个收拾好.
我去看别人的了

对不起哦，没能一起发现。
这些你都备份一下再删除吧。
包括对应的文件啊。
用冰刃和“Unlocker”

最好所有点出来的在一次中删除，再重启电脑。
包括那些对应的文件啊。

还是不行啊 5555555555555555

我在帖一下日志
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <internat.exe><internat.exe>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <Synchronization Manager><mobsync.exe /logon>  [(Verified)Microsoft Corporation]
    <SoundMan><SOUNDMAN.EXE>  [(Verified)Avance Logic, Inc.]
    <a-winpoet-service><; C:\Program Files\WinPoET\WinPPPoverEthernet.exe>  [Fine Point Technologies, Inc.]
    <Super Rabbit Desktop Set><; F:\MagicSet\DS.EXE /Load>  [Super Rabbit Software]
    <internat.exe><; internat.exe>  [(Verified)Microsoft Corporation]
    <SKYNET Personal FireWall><F:\SKYNET\FIREWALL\pfw.exe>  [广州众达天网技术有限公司]
    <ATIPTA><; C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe>  [ATI Technologies, Inc.]
    <POINTER><; point32.exe>  [N/A]
    <RavTask><"F:\rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <runeip><F:\Rising\KakaToolBar\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
    <stup.exe><C:\PROGRA~1\TENCENT\Adplus\stup.exe>  [Tencent]
    <StormCodec_Helper><"F:\播放ogm\StormSet.exe" /S /opti>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><EXPLORER.EXE>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINNT\SYSTEM32\Userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><APIHookDll.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINNT\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]

==================================
启动文件夹
[ImageFox]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\ImageFox.lnk --> C:\WINNT\Installer\{92E64C51-5096-442F-9A44-61CB2941391D}\NewShortcut1.exe [N/A]><H>
[Adobe Gamma Loader.exe]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Gamma Loader.exe.lnk --> C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.]><H>
[ADSL超频奇兵 V3.06]
  <C:\Documents and Settings\Glacier\「开始」菜单\程序\启动\ADSL超频奇兵 V3.06.lnk --> F:\ADSL超~1.06\ADSLx2.exe [奇兵软件 Worldfax.net]><H>

==================================
服务
[Ati HotKey Poller / Ati HotKey Poller]
  <C:\WINNT\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart]
  <C:\WINNT\system32\ati2sgag.exe><>
[D43557A8 / D43557A8]
  <C:\WINNT\system32\D43557A8.EXE -service><Microsoft Corporation>
[Logical Disk Manager Administrative Service / dmadmin]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Rising Process Communication Center / RsCCenter]
  <"F:\rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon]
  <"F:\rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[ServiceLayer / ServiceLayer]
  <"C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe"><Nokia.>
[WinPPPoverEthernet / WinPPPoverEthernet]
  <C:\Program Files\WinPoET\WrOS.EXE><iVasion, a Routerware Company>
[Portable Media Serial Number Service / WmdmPmSN]
  <C:\WINNT\System32\svchost.exe -k netsvcs-->C:\WINNT\System32\mspmsnsv.dll><Microsoft Corporation>
[XDownloadService / XDownloadService]
  <C:\WINNT\system32\Rundll32.exe "C:\WINNT\Downloader.dll",Run><Microsoft Corporation>

驱动程序
[Service for Avance AC97 Audio (WDM) / ALCXWDM]
  <system32\drivers\ALCXWDM.SYS><Avance Logic, Inc.>
[ati2mtag / ati2mtag]
  <System32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Rising TDI Base Driver / BaseTDI]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[Cdr4_2K / Cdr4_2K]
  <C:\WINNT\SYSTEM32\DRIVERS\Cdr4_2K.SYS><Roxio>
[Cdralw2k / Cdralw2k]
  <C:\WINNT\SYSTEM32\DRIVERS\Cdralw2k.SYS><Roxio>
[Copystar / Copystar]
  <\SystemRoot\System32\DRIVERS\copystar.sys><An Chen Computer>
[dmboot / dmboot]
  <System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio]
  <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload]
  <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[ExpScaner / ExpScaner]
  <\??\F:\rising\Rav\ExpScan.sys><>
[HookCont / HookCont]
  <\??\F:\rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg]
  <\??\F:\rising\Rav\HookReg.sys><>
[HookSys / HookSys]
  <\??\F:\rising\Rav\HookSys.sys><Rising>
[KWATCH / KWATCH]
  <\??\F:\KAV2003\KWATCH.SYS><N/A>
[MEMSCAN / MEMSCAN]
  <\??\F:\rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[Nokia USB Generic / Nokia USB Generic]
  <system32\drivers\nmwcdc.sys><Nokia>
[Nokia USB Modem / Nokia USB Modem]
  <system32\drivers\nmwcdcm.sys><Nokia>
[Nokia USB Phone Parent / Nokia USB Phone Parent]
  <system32\drivers\nmwcd.sys><Nokia>
[npkcrypt / npkcrypt]
  <\??\E:\小兵\npkcrypt.sys><N/A>
[Direct Parallel Link Driver / Ptilink]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[RsNTGDI / RsNTGDI]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS]
  <\??\F:\rising\Rav\RSPPSYS.sys><Rising>
[SKNFW / SKNFW]
  <\??\C:\WINNT\system32\Drivers\SKNFW.sys><N/A>
[SkyProcs / SkyProcs]
  <\??\F:\SKYNET\FIREWALL\SkyProcs.sys><N/A>
[VIA AGP Filter / viaagp1]
  <\SystemRoot\System32\DRIVERS\viaagp1.sys><VIA Technologies, Inc.>
[VIA USB Filter / viafilter]
  <\SystemRoot\System32\Drivers\viausb.sys><VIA Technologies, Inc.>
[viaide / viaide]
  <\SystemRoot\System32\DRIVERS\viaide.sys><VIA Technologies, Inc.>
[VIAPFD / VIAPFD]
  <\SystemRoot\System32\Drivers\VIAPFD.SYS><VIA Technologies. Inc.>
[W89C841 Ethernet Adapter Driver / W841ND]
  <System32\DRIVERS\W841ND.SYS><Winbond Electronics Corporation>
[WrKPoET2000 / WrKPoET2000]
  <\??\C:\Program Files\WinPoET\WrKPoET2000.sys><N/A>

==================================
浏览器加载项
[Tencent Browser Helper]
  {0C7C23EF-A848-485B-873C-0ED954731014} <, N/A>
[IeCatch5 Class]
  {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <F:\FLASHGET\jccatch.dll, FlashGet>
[Google Toolbar Helper]
  {AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[浩方对战平台]
  {0A155D3C-68E2-4215-A47A-E800A446447A} <F:\浩方\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <E:\小兵\QQ.EXE, N/A>
[&Google]
  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\System32\msdxm.ocx, Microsoft Corporation>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINNT\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[updatePanelX Control]
  {43E839C5-E10F-443A-BC1F-F09CFD2ABC77} <C:\WINNT\system32\uusee\internet\updateC.ocx, uusee>
[pcastup Class]
  {87CCFDB0-C4BE-4BC2-A78C-9EAA7CF96667} <C:\WINNT\Downloaded Program Files\pcastupdate.dll, >
[]
  {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} <C:\WINNT\system32\macromed\download\Download.dll, Macromedia, Inc.>
[Fc2Boot Class]
  {ABA7CC7F-019D-47DB-A0D2-B3C2B3AC1B44} <C:\WINNT\DOWNLO~1\fc2boot.dll, ±±??????í¨?????a·￠óD?T1???>
[FcBoot Class]
  {C0C13879-6A17-429E-80F1-60B23FC1F720} <C:\WINNT\Downloaded Program Files\fcboot.dll, XXT>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[NMChatX Control]
  {D7F0CC2E-FB09-4B38-B9A7-6807CBCD4859} <C:\WINNT\DOWNLO~1\NMChatX.ocx, Netmarble>
[Ravonline]
  {DA984A6D-508E-11D6-AA49-0050FF3C628D} <C:\WINNT\Downloaded Program Files\RsOnline.dll, Beijing Rising Tech. Co., Ltd.>
[KATScan Control]
  {DDA166FA-B3EA-4A3B-8EE2-4F552CDEEE81} <C:\WINNT\System32\kingsoft\KATScan\KATScan.OCX, Kingsoft>
[SHLaunch Control]
  {FA463B6E-93D5-4E02-B7F2-E0BA98DA73FC} <C:\WINNT\System32\SHLaunch.ocx, >
[&使用BitComet下载]
  <res://F:\BitComet\BitComet.exe/AddLink.htm, N/A>
[&使用BitComet下载全部链接]
  <res://F:\BitComet\BitComet.exe/AddAllLink.htm, N/A>
[&使用BitComet下载本页视频]
  <res://F:\BitComet\BitComet.exe/AddVideo.htm, N/A>
[Google 搜索(&G)]
  <res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html, N/A>
[使用网际快车下载]
  <F:\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <F:\FlashGet\jc_all.htm, N/A>

正在运行的进程
[PID: 172][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 196][\??\C:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 192][\??\C:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.00.2195.6714]
    [C:\WINNT\system32\APIHookDll.dll]  [N/A, N/A]
    [C:\WINNT\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4116]
[PID: 244][C:\WINNT\system32\services.exe]  [Microsoft Corporation, 5.00.2195.6700]
    [C:\WINNT\system32\APIHookDll.dll]  [N/A, N/A]
    [C:\WINNT\system32\dmserver.dll]  [VERITAS Software Corp., 2195.6605.297.3]
[PID: 256][C:\WINNT\system32\lsass.exe]  [Microsoft Corporation, 5.00.2195.6695]
    [C:\WINNT\system32\APIHookDll.dll]  [N/A, N/A]
[PID: 420][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\APIHookDll.dll]  [N/A, N/A]
[PID: 448][F:\rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
    [C:\WINNT\system32\APIHookDll.dll]  [N/A, N/A]
[PID: 508][C:\WINNT\system32\spoolsv.exe]  [Microsoft Corporation, 5.00.2195.6659]
    [C:\WINNT\system32\APIHookDll.dll]  [N/A, N/A]
[PID: 572][C:\WINNT\System32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\System32\APIHookDll.dll]  [N/A, N/A]
[PID: 616][C:\WINNT\system32\MSTask.exe]  [Microsoft Corporation, 4.71.2195.6704]
    [C:\WINNT\system32\APIHookDll.dll]  [N/A, N/A]
[PID: 704][C:\Program Files\WinPoET\WrOS.EXE]  [iVasion, a Routerware Company, 1, 1, 2, 0]
    [C:\Program Files\WinPoET\WrOSControl.dll]  [N/A, N/A]
    [C:\Program Files\WinPoET\WrFCUtil.dll]  [N/A, N/A]
    [C:\Program Files\WinPoET\WrEventLog.dll]  [N/A, N/A]
    [C:\Program Files\WinPoET\WrRTUtil.dll]  [N/A, N/A]
    [C:\Program Files\WinPoET\WrInterfaceManager.dll]  [N/A, N/A]
    [C:\Program Files\WinPoET\WrConfig.dll]  [N/A, N/A]
    [C:\Program Files\WinPoET\WrNetworkDriver.dll]  [N/A, N/A]
    [C:\WINNT\system32\APIHookDll.dll]  [N/A, N/A]
    [C:\Program Files\WinPoET\Wr_Mac_Frames.DLL]  [N/A, N/A]
    [C:\Program Files\WinPoET\WrPoetDriver.DLL]  [N/A, N/A]
    [C:\Program Files\WinPoET\WrPacketSock.dll]  [N/A, N/A]
[PID: 748][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\APIHookDll.dll]  [N/A, N/A]
[PID: 824][F:\rising\Rav\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
    [C:\WINNT\system32\APIHookDll.dll]  [N/A, N/A]
    [F:\rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [F:\rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 972][C:\WINNT\Explorer.EXE]  [Microsoft Corporation, 5.00.3700.6690]
    [C:\WINNT\system32\APIHookDll.dll]  [N/A, N/A]
    [C:\Program Files\TENCENT\Adplus\Adplus.dll]  [Tencent, 4, 4, 2, 30]
    [F:\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [C:\WINNT\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
    [C:\Program Files\TENCENT\Adplus\SSAddr.dll]  [Tencent, 4, 4, 2, 22]
    [F:\FLASHGET\jccatch.dll]  [FlashGet, 1, 1, 5, 0]
[PID: 1012][C:\WINNT\system32\4E426388.exe]  [N/A, N/A]
    [C:\WINNT\system32\APIHookDll.dll]  [N/A, N/A]
    [C:\Program Files\TENCENT\Adplus\Adplus.dll]  [Tencent, 4, 4, 2, 30]
    [F:\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 1060][C:\WINNT\SOUNDMAN.EXE]  [Avance Logic, Inc., 5.0.02]
    [C:\WINNT\system32\APIHookDll.dll]  [N/A, N/A]
    [F:\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [C:\Program Files\TENCENT\Adplus\Adplus.dll]  [Tencent, 4, 4, 2, 30]
[PID: 1168][C:\WINNT\system32\internat.exe]  [Microsoft Corporation, 5.00.2920.0000]
    [C:\WINNT\system32\APIHookDll.dll]  [N/A, N/A]
    [C:\Program Files\TENCENT\Adplus\Adplus.dll]  [Tencent, 4, 4, 2, 30]
    [F:\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 1400][C:\Documents and Settings\Glacier\桌面\sreng2\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]
    [C:\WINNT\system32\APIHookDll.dll]  [N/A, N/A]
    [C:\Program Files\TENCENT\Adplus\Adplus.dll]  [Tencent, 4, 4, 2, 30]
    [F:\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

删除服务:
[D43557A8 / D43557A8]
<C:\WINNT\system32\D43557A8.EXE -service><Microsoft Corporation>
删除进程:
[C:\WINNT\system32\APIHookDll.dll] [N/A, N/A](你用了木马克星?别用了吧,那个真的很垃圾)

【回复“饭后点心”的帖子】
这个服务删不掉，每次重启都有…………

你试试在安全模式删了那个服务及其文件,然后删掉你说的那个4E426388.EXE,在到注册表里搜索下那2个东西,找到后灭掉.如果找不到文件用RAR找找看