从启动项到服务、驱动到处有，愿意就重装吧。

我今晚没空整理了。

可惜！

不知他们都怎么了。

估计各盘文件也感染了，暂时别乱用原机任何文件了。

我也有这样的情况，也不知道源头在哪里，哪位高手帮帮忙吧。

一下是我杀毒的情况
Trojan.PSW.Zhengtu.jzk 删除成功 C:\WINDOWS\system32 ztinetzt.exe>>upack0.39
Trojan.PSW.XYOnline.qc 重新启动计算机后删除文件 C:\WINDOWS\system32 LYMANGR.DLL>>upack0.34
Trojan.PSW.XYOnline.qe 删除成功 C:\WINDOWS\system32 MSDEG32.DLL>>upack0.34
Trojan.PSW.Agent.kao 重新启动计算机后删除文件 C:\WINDOWS\system32 windhcp.ocx>>pecompact2x-a
Trojan.PSW.OnlineGames.cdk    删除成功    C:\WINDOWS\system32 until.ttc>>upack0.34
Trojan.PSW.Zhengtu.jzk 重新启动计算机后删除文件 C:\WINDOWS\system32 ztinetzt.dll
Trojan.PSW.OnlineGames.cdk    删除成功    C:\WINDOWS\system32 msacn.dll>>upack0.34
Trojan.PSW.OnlineGames.cdk    删除成功    C:\WINDOWS\system32 msport.dll>>upack0.34
Trojan.PSW.OnlineGames.cdk    重新启动计算机后删除文件 C:\WINDOWS\system32    wscsv.dll>>upack0.34
Trojan.PSW.OnlineGames.cdk    重新启动计算机后删除文件 C:\WINDOWS\system32    fksdy.dll>>upack0.34
Trojan.PSW.OnlineGames.cdk    重新启动计算机后删除文件 C:\WINDOWS\system32    wgptl.dll>>upack0.34
Trojan.PSW.OnlineGames.cdk    重新启动计算机后删除文件 C:\WINDOWS\system32    wtrmm.dll>>upack0.34
Trojan.PSW.OnlineGames.cdk    重新启动计算机后删除文件 C:\WINDOWS\system32    hreax.dll>>upack0.34
Trojan.PSW.OnlineGames.cdk    重新启动计算机后删除文件 C:\WINDOWS\system32    wfdrd.dll>>upack0.34
Trojan.PSW.OnlineGames.cdk    重新启动计算机后删除文件 C:\WINDOWS\system32    zkjjx.dll>>upack0.34
Trojan.Mnless.mid    重新启动计算机后删除文件 C:\WINDOWS\system32    netsrvcs.dll
Trojan.PSW.OnlineGames.ccy    删除成功    C:\WINDOWS\system32 LYLOADMR.EXE
Trojan.PSW.AskTao.u 删除成功 C:\WINDOWS\system32 nwizAsktao.exe>>upack0.39
Trojan.PSW.AskTao.u 重新启动计算机后删除文件    C:\WINDOWS\system32 nwizAsktao.dll
Trojan.Proxy.Agent.tle 重新启动计算机后删除文件 C:\WINDOWS\system32 WMIApiSrv.dll
Trojan.PSW.OnlineGames.cda    删除成功    C:\WINDOWS\system32 nwizwmgjs.exe
Trojan.PSW.OnlineGames.cda    重新启动计算机后删除文件 C:\WINDOWS\system32    nwizwmgjs.dll
Worm.Agent.wt 删除成功 C:\WINDOWS\system32 visin.exe
Trojan.PSW.OnlineGames.cdb    重新启动计算机后删除文件 C:\WINDOWS\system32    SHQMANGR.DLL>>upack0.34
Trojan.PSW.OnlineGames.cdb    删除成功    C:\WINDOWS\system32 SHQ.DLL
Trojan.DL.Mnless.ajt 重新启动计算机后删除文件    C:\WINDOWS\system32 msdebug.dll
Trojan.PSW.XYOnline.qe 删除成功 C:\WINDOWS\system32 LYLOADER.EXE>>upack0.39
Trojan.MnLess.mdy    删除成功     C:\WINDOWS SERVICES.EXE
Trojan.PSW.XYOnline.qc 删除成功 C:\Documents and Settings\Administrator\Local Settings\Temp LYMANGR.DLL>>upack0.34
Trojan.PSW.XYOnline.qe    删除成功    C:\Documents and Settings\Administrator\Local Settings\Temp    LYLOADER.EXE>>upack0.39

根据你那个SRENG日志，

在安全模式下，用扫日志的SRENG工具删除下面注册表项，

启动项目
注册表
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{1496D5ED-7A09-46D0-8C92-B8E71A4304DF}><C:\WINDOWS\System32\scandisk.dll> [N/A] (这个不完全确定，也可以不删。）
<{754FB7D8-B8FE-4810-B363-A788CD060F1F}><C:\Program Files\Internet Explorer\PLUGINS\System64.Sys> [N/A]
——————————————————————————————
用冰刃强行删除下面文件：
C:\WINDOWS\System32\scandisk.dll  (这个不完全确定，也可以不删。）
C:\Program Files\Internet Explorer\PLUGINS\System64.Sys
——————————————————————————————
用扫日志的SRENG工具将下面的各项启动类型改为“Disabled”，

服务
[283C1FD2 / 283C1FD2][Stopped/Auto Start]
<C:\WINDOWS\System32\1A7AFEDC.EXE -k><Microsoft Corporation>

[Windows DHCP Service / WinDHCPsvc][Stopped/Auto Start]
<C:\WINDOWS\System32\rundll32.exe windhcp.ocx,input><Microsoft Corporation>

[Wireless Service / WZCSRVC][Stopped/Auto Start]
<C:\WINDOWS\System32\rundll32.exe netsrvcs.dll,input><Microsoft Corporation>
————————————————————————————
下面这个不常见，随便你啦。

浏览器加载项
[(&X)X163]
<C:/WINDOWS/Web/X163.htm, N/A>
——————————————————————————————
做完重启试试

呵呵！！！！！！！

C:\WINDOWS\System32\1A7AFEDC.EXE
C:\WINDOWS\System32\windhcp.ocx
C:\WINDOWS\System32\netsrvcs.dll

这些文件，就随便你啦，愿意就删了吧。

还有你那还杀出病毒，可能系统也有点别的变化了，你先做了，以后重启，再扫个日志吧。

等他们看看。

Trojan.PSW.XYOnline.qe 删除成功 C:\Documents and Settings\Administrator\Local Settings\Temp MSDEG32.DLL>>upack0.34
Trojan.PSW.OnlineGames.ccy    删除成功    C:\Documents and Settings\Administrator\Local Settings\Temp    LYLOADMR.EXE
Trojan.PSW.OnlineGames.cdb    删除成功    C:\Documents and Settings\Administrator\Local Settings\Temp    SHQMANGR.DLL>>upack0.34
Trojan.PSW.OnlineGames.cdb    删除成功    C:\Documents and Settings\Administrator\Local Settings\Temp    SHQ.DLL
Trojan.PSW.OnlineGames.cdk    重新启动计算机后删除文件 C:\Documents and Settings\Administrator\Local Settings\Temp ~SM2.tmp>>upack0.34
Trojan.PSW.OnlineGames.cdk    重新启动计算机后删除文件 C:\Documents and Settings\Administrator\Local Settings\Temp ~SM3.tmp>>upack0.34
Trojan.PSW.OnlineGames.cdk    重新启动计算机后删除文件 C:\Documents and Settings\Administrator\Local Settings\Temp ~SM4.tmp>>upack0.34
Trojan.PSW.OnlineGames.cdk    重新启动计算机后删除文件 C:\Documents and Settings\Administrator\Local Settings\Temp  ~SM5.tmp>>upack0.34
Trojan.PSW.OnlineGames.cdk    重新启动计算机后删除文件    C:\Documents and Settings\Administrator\Local Settings\Temp     ~SM6.tmp>>upack0.34
Trojan.PSW.OnlineGames.cdk     重新启动计算机后删除文件    C:\Documents and Settings\Administrator\Local Settings\Temp     ~SM7.tmp>>upack0.34
Trojan.PSW.OnlineGames.cdk    删除成功     C:\Documents and Settings\Administrator\Local Settings\Temp     ~SMA.tmp>>upack0.34
Trojan.PSW.OnlineGames.cdk    删除成功  C:\Documents and Settings\Administrator\Local Settings\Temp    ~SMB.tmp>>upack0.34
Trojan.PSW.OnlineGames.cdk    删除成功     C:\Documents and Settings\Administrator\Local Settings\Temp    ~SMC.tmp>>upack0.34
Trojan.PSW.OnlineGames.cdk    删除成功     C:\Documents and Settings\Administrator\Local Settings\Temp     ~SMD.tmp>>upack0.34
Trojan.PSW.OnlineGames.cdk    删除成功     C:\Documents and Settings\Administrator\Local Settings\Temp     ~SME.tmp>>upack0.34
Trojan.PSW.OnlineGames.cdk    删除成功     C:\Documents and Settings\Administrator\Local Settings\Temp    ~SMF.tmp>>upack0.34
Trojan.PSW.Zhengtu.jzk  删除成功  C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\30EP07BI 163a[1].exe>>upack0.39
Trojan.PSW.Agent.kas 删除成功  C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\30EP07BI    1631[1].exe
Trojan.PSW.OnlineGames.bzh    删除成功     C:\Documents and Settings\Administrator\Local Settings\Temporary Internet  Files\Content.IE5\30EP07BI  1636[1].exe
Trojan.PSW.OnlineGames.cbc     删除成功     C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\2VSZNKDO  163e[1].exe>>upack0.34
Trojan.MnLess.mdy    删除成功     C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\32ZL1LZN    1632[1].exe
Trojan.Proxy.Agent.tle  删除成功  C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\T3VHZLBS  1638[1].exe
Trojan.DL.JS.Agent.lep  删除成功  C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\T3VHZLBS  b[1].js
Trojan.PSW.Agent.kas  删除成功  C:\Program Files\Internet Explorer  SVCHOST.EXE
Trojan.MnLess.mdy    删除成功     C:\Program Files\Internet Explorer     SERVICES.EXE
Trojan.PSW.Zhengtu.jzk  删除成功  C:\System Volume Information\_restore{3E8D42CF-E4AF-45A3-90C0-1403C765A910}\RP78    A0029707.dll
Trojan.PSW.AskTao.u  删除成功  C:\System Volume Information\_restore{3E8D42CF-E4AF-45A3-90C0-1403C765A910}\RP78    A0029708.dll
Trojan.PSW.OnlineGames.cda     删除成功  C:\System Volume Information\_restore{3E8D42CF-E4AF-45A3-90C0-1403C765A910}\RP78  A0029710.dll
Trojan.PSW.XYOnline.qe  删除成功  C:\System Volume Information\_restore{3E8D42CF-E4AF-45A3-90C0-1403C765A910}\RP78  A0029712.exe>>upack0.39
Trojan.PSW.XYOnline.qc  删除成功  C:\System Volume Information\_restore{3E8D42CF-E4AF-45A3-90C0-1403C765A910}\RP78     A0029713.DLL>>upack0.34
Trojan.PSW.XYOnline.qe  删除成功  C:\System Volume Information\_restore{3E8D42CF-E4AF-45A3-90C0-1403C765A910}\RP78     A0029715.DLL>>upack0.34
Trojan.PSW.Zhengtu.jzk  删除成功  C:\System Volume Information\_restore{3E8D42CF-E4AF-45A3-90C0-1403C765A910}\RP78  A0029719.exe>>upack0.39
Trojan.PSW.OnlineGames.cda    删除成功     C:\System Volume Information\_restore{3E8D42CF-E4AF-45A3-90C0-1403C765A910}\RP78  A0029721.exe
Trojan.PSW.OnlineGames.cdk    删除成功     C:\System Volume Information\_restore{3E8D42CF-E4AF-45A3-90C0-1403C765A910}\RP78  A0029722.dll>>upack0.34
Trojan.PSW.OnlineGames.cdk     删除成功     C:\System Volume Information\_restore{3E8D42CF-E4AF-45A3-90C0-1403C765A910}\RP78  A0029723.dll>>upack0.34
Trojan.PSW.OnlineGames.cdk    删除成功     C:\System Volume Information\_restore{3E8D42CF-E4AF-45A3-90C0-1403C765A910}\RP78  A0029724.dll>>upack0.34
Trojan.PSW.OnlineGames.cdk    删除成功     C:\System Volume Information\_restore{3E8D42CF-E4AF-45A3-90C0-1403C765A910}\RP78  A0029725.dll>>upack0.34
Trojan.PSW.OnlineGames.cdk    删除成功     C:\System Volume Information\_restore{3E8D42CF-E4AF-45A3-90C0-1403C765A910}\RP78  A0029726.dll>>upack0.34
Trojan.PSW.OnlineGames.cdk    删除成功     C:\System Volume Information\_restore{3E8D42CF-E4AF-45A3-90C0-1403C765A910}\RP78  A0029727.dll>>upack0.34
Trojan.PSW.OnlineGames.cdk    删除成功     C:\System Volume Information\_restore{3E8D42CF-E4AF-45A3-90C0-1403C765A910}\RP78  A0029728.dll>>upack0.34
Trojan.PSW.OnlineGames.cdk     删除成功     C:\System Volume Information\_restore{3E8D42CF-E4AF-45A3-90C0-1403C765A910}\RP78  A0029729.dll>>upack0.34
Trojan.PSW.OnlineGames.cdk    删除成功     C:\System Volume Information\_restore{3E8D42CF-E4AF-45A3-90C0-1403C765A910}\RP78  A0029730.dll>>upack0.34
Trojan.PSW.XYOnline.qe  删除成功  C:\System Volume Information\_restore{3E8D42CF-E4AF-45A3-90C0-1403C765A910}\RP78     A0029733.EXE>>upack0.39
Trojan.PSW.AskTao.u  删除成功  C:\System Volume Information\_restore{3E8D42CF-E4AF-45A3-90C0-1403C765A910}\RP78    A0029734.exe>>upack0.39
Worm.Agent.wt  删除成功    C:\System Volume Information\_restore{3E8D42CF-E4AF-45A3-90C0-1403C765A910}\RP78  A0029735.exe
Trojan.PSW.XYOnline.qe  删除成功  C:\System Volume Information\_restore{3E8D42CF-E4AF-45A3-90C0-1403C765A910}\RP78    A0029746.exe>>upack0.39
Trojan.PSW.XYOnline.qc  删除成功  C:\System Volume Information\_restore{3E8D42CF-E4AF-45A3-90C0-1403C765A910}\RP78     A0029747.DLL>>upack0.34
Trojan.PSW.XYOnline.qe  删除成功  C:\System Volume Information\_restore{3E8D42CF-E4AF-45A3-90C0-1403C765A910}\RP78  A0029748.DLL>>upack0.34
Trojan.PSW.OnlineGames.ccy    删除成功     C:\System Volume Information\_restore{3E8D42CF-E4AF-45A3-90C0-1403C765A910}\RP78  A0029750.exe
Trojan.PSW.OnlineGames.cdb    删除成功     C:\System Volume Information\_restore{3E8D42CF-E4AF-45A3-90C0-1403C765A910}\RP78  A0029751.DLL>>upack0.34
Trojan.PSW.OnlineGames.cdb    删除成功     C:\System Volume Information\_restore{3E8D42CF-E4AF-45A3-90C0-1403C75A910}\RP78  A0029752.DLL
Trojan.PSW.XYOnline.qe  删除成功    C:\System Volume Information\_restore{3E8D42CF-E4AF-45A3-90C0-1403C765A910}\RP78  A0029756.exe>>upack0.39
Trojan.PSW.Zhengtu.jzk  删除成功    C:\System Volume Information\_restore{3E8D42CF-E4AF-45A3-90C0-1403C765A910}\RP78  A0029759.exe>>upack0.39
Trojan.PSW.Zhengtu.jzk  删除成功    C:\System Volume Information\_restore{3E8D42CF-E4AF-45A3-90C0-1403C765A910}\RP78  A0029760.dll
Trojan.PSW.OnlineGames.cda    删除成功     C:\System Volume Information\_restore{3E8D42CF-E4AF-45A3-90C0-1403C765A910}\RP78  A0029763.exe
Trojan.PSW.OnlineGames.cdk    删除成功     C:\System Volume Information\_restore{3E8D42CF-E4AF-45A3-90C0-1403C765A910}\RP78  A0029764.dll>>upack0.34
Trojan.PSW.OnlineGames.cdk     删除成功     C:\System Volume Information\_restore{3E8D42CF-E4AF-45A3-90C0-1403C765A910}\RP78  A0029765.dll>>upack0.34
Trojan.PSW.OnlineGames.cdk     删除成功     C:\System Volume Information\_restore{3E8D42CF-E4AF-45A3-90C0-1403C765A910}\RP78  A0029766.dll>>upack0.34
Trojan.PSW.OnlineGames.cdk    删除成功       C:\System Volume Information\_restore{3E8D42CF-E4AF-45A3-90C0-1403C765A910}\RP78  A0029767.dll>>upack0.34
Trojan.PSW.OnlineGames.cdk    删除成功       C:\System Volume Information\_restore{3E8D42CF-E4AF-45A3-90C0-1403C765A910}\RP78  A0029768.dll>>upack0.34
Trojan.PSW.OnlineGames.cdk    删除成功       C:\System Volume Information\_restore{3E8D42CF-E4AF-45A3-90C0-1403C765A910}\RP78  A0029769.dll>>upack0.34
Trojan.PSW.OnlineGames.cda    删除成功     C:\System Volume Information\_restore{3E8D42CF-E4AF-45A3-90C0-1403C765A910}\RP78  A0029770.dll
Trojan.PSW.AskTao.u  删除成功  C:\System Volume Information\_restore{3E8D42CF-E4AF-45A3-90C0-1403C765A910}\RP78    A0029781.exe>>upack0.39
Trojan.PSW.AskTao.u  删除成功  C:\System Volume Information\_restore{3E8D42CF-E4AF-45A3-90C0-1403C765A910}\RP78    A0029782.dll
Worm.Agent.wt  删除成功    C:\System Volume Information\_restore{3E8D42CF-E4AF-45A3-90C0-1403C765A910}\RP78  A0029783.exe
Trojan.PSW.OnlineGames.cdk    删除成功     C:\System Volume Information\_restore{3E8D42CF-E4AF-45A3-90C0-1403C765A910}\RP78  A0029856.dll>>upack0.34
Trojan.PSW.OnlineGames.cdk    删除成功     C:\System Volume Information\_restore{3E8D42CF-E4AF-45A3-90C0-1403C765A910}\RP78  A0029857.dll>>upack0.34
Trojan.PSW.OnlineGames.ccy    删除成功     C:\System Volume Information\_restore{3E8D42CF-E4AF-45A3-90C0-1403C765A910}\RP78  A0029858.EXE
Trojan.PSW.Agent.kas  删除成功  C:\System Volume Information\_restore{3E8D42CF-E4AF-45A3-90C0-1403C765A910}\RP78  A0029859.EXE
Trojan.MnLess.mdy    删除成功     C:\System Volume Information\_restore{3E8D42CF-E4AF-45A3-90C0-1403C765A910}\RP78  A0029860.EXE
Worm.Agent.wt  删除成功  D:\System Volume Information\_restore{3E8D42CF-E4AF-45A3-90C0-1403C765A910}\RP78  A0029714.exe
Worm.Agent.wt  删除成功     D:\System Volume Information\_restore{3E8D42CF-E4AF-45A3-90C0-1403C765A910}\RP78  A0029757.exe

看你这杀毒结果，建议关闭系统还原。

用WinRAR打开C:\Documents and Settings\Administrator\Local Settings\Temp文件夹，删除里面所有东西，一个不留。

用WinRAR打开C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5文件夹，删除里面的所有文件夹，（只是文件夹哦）

还有我的日志
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <RavTask><"D:\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <RfwMain><"D:\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <BigDogPath><C:\WINDOWS\VM_STI.EXE 新泰超级摄像头>  [N/A]
    <RTHDCPL><RTHDCPL.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><EXPLORER.EXE>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\UserInit.exe,>  [(Verified)Microsoft Windows Publisher]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]

==================================
启动文件夹
N/A

==================================
服务
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[Rising Proxy  Service / RfwProxySrv][Stopped/Manual Start]
  <d:\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
  <d:\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"D:\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"D:\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Windows User Mode Driver Framework / UMWdf][Stopped/Auto Start]
  <><N/A>
[WinZXServiceNow / WinZXServiceNow][Stopped/Auto Start]
  <C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RAVZX.EXE><N/A>

==================================
驱动程序
[ati2mtag / ati2mtag][Running/Manual Start]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\D:\Rising\Rav\ExpScan.sys><>
[Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HOOKAPI / HOOKAPI][Stopped/Auto Start]
  <\??\D:\RISING\RAV\HookApi.Sys><瑞星软件有限公司>
[HookCont / HookCont][Running/Auto Start]
  <\??\D:\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\D:\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\D:\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\D:\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
  <system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\D:\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs][Running/Auto Start]
  <\??\d:\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[ATK0100 ACPI UTILITY / MTsensor][Running/Manual Start]
  <system32\DRIVERS\ATKACPI.sys><>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
  <system32\DRIVERS\npf.sys><CACE Technologies>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\H:\mxd\mxd\npkcrypt.sys><INCA Internet Co., Ltd.>
[npkcusb / npkcusb][Running/Manual Start]
  <\??\C:\WINDOWS\system32\qqedit\npkcusb.sys><INCA Internet Co., Ltd.>
[nv / nv][Stopped/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Motorola USB Device / P2k][Stopped/Manual Start]
  <system32\DRIVERS\P2k.sys><Motorola Inc>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[rimsptsk / rimsptsk][Running/Manual Start]
  <system32\DRIVERS\rimsptsk.sys><REDC>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[RsFwDrv / RsFwDrv][Running/Auto Start]
  <\??\D:\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\D:\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp][Running/Manual Start]
  <system32\DRIVERS\Rtenicxp.sys><Realtek Semiconductor Corporation>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[SIS AGP Bus Filter / sisagp][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\sisagp.sys><Silicon Integrated Systems Corporation>
[smserial / smserial][Stopped/Manual Start]
  <system32\DRIVERS\smserial.sys><N/A>
[SVKP / SVKP][Running/Auto Start]
  <\??\C:\WINDOWS\system32\SVKP.sys><AntiCracking>
[WINIO / WINIO][Stopped/Manual Start]
  <\??\H:\采矿\简单游\winio.sys><N/A>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[新泰超级摄像头 / ZSMC301b][Stopped/Manual Start]
  <System32\Drivers\usbVM31b.sys><VM>

浏览器加载项
[WebThunder Browser Helper]
  {00000AAA-A363-466E-BEF5-9BB68697AA7F} <D:\web\WebThunderBHO_Now.dll, Thunder Networking Technologies,LTD>
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\pdf\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[]
  {105E4D0C-5E21-41ED-90F9-013EEF271BD6} <C:\WINDOWS\system32\widgetdownload.dll, 鱼鱼桌面秀widget插件下载工具>
[FGCatchUrl]
  {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <D:\FlashGet\jccatch.dll, www.flashget.com>
[FlashGet GetFlash Class]
  {F156768E-81EF-470C-9057-481BA8380DBA} <D:\FlashGet\getflash.dll, www.flashget.com>
[浩方对战平台]
  {0A155D3C-68E2-4215-A47A-E800A446447A} <H:\HFsetup\浩方对战平台\GameClient.exe, N/A>
[启动Web迅雷]
  {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\QQ\QQ.EXE, TENCENT>
[简单游官方网站]
  {CE164F14-75B5-46be-AE02-CD5CACC8352D} <http://act.jdyou.com/zmjdyou3.html, N/A>
[快车]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <D:\FlashGet\FlashGet.exe, FlashGet.com>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[WebThunder Browser Helper]
  {00000AAA-A363-466E-BEF5-9BB68697AA7F} <D:\web\WebThunderBHO_Now.dll, Thunder Networking Technologies,LTD>
[WebThunder Class]
  {03507A1A-E0C5-4404-AA26-205385C0892D} <, N/A>
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\pdf\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Web Browser Applet Control]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\msjava.dll, Microsoft Corporation>
[]
  {105E4D0C-5E21-41ED-90F9-013EEF271BD6} <C:\WINDOWS\system32\widgetdownload.dll, 鱼鱼桌面秀widget插件下载工具>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[FGCatchUrl]
  {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <D:\FlashGet\jccatch.dll, www.flashget.com>
[PowerPlayer Control]
  {5EC7C511-CD0F-42E6-830C-1BD9882F3458} <D:\PPStream\POWERP~1.DLL, PPStream Inc.>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
  {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[CPasswordEditCtrl Object]
  {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
[FlashGet GetFlash Class]
  {F156768E-81EF-470C-9057-481BA8380DBA} <D:\FlashGet\getflash.dll, www.flashget.com>
[FGAutoLive]
  {F90D830D-C175-4bbe-82C7-FF94669A4C42} <D:\FlashGet\fgupdate.dll, www.flashget.com>
[FGCatchUrl]
  {FB5DA724-162B-11D3-8B9B-AA70B4B0B524} <D:\FlashGet\jccatch.dll, www.flashget.com>
[&使用快车(FlashGet)下载]
  <D:\FlashGet\jc_link.htm, N/A>
[&使用快车(FlashGet)下载全部链接]
  <D:\FlashGet\jc_all.htm, N/A>
[上传到QQ网络硬盘]
  <D:\QQ\AddToNetDisk.htm, N/A>
[使用Web迅雷下载]
  <D:\web\GetUrl.htm, N/A>
[使用Web迅雷下载全部链接]
  <D:\web\GetAllUrl.htm, N/A>
[加入POCO网摘(&K)]
  <http://my.poco.cn/fav/rightClick.php, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[我的POCO网摘(&O)]
  <http://my.poco.cn/fav/open_myfav.php, N/A>
[添加到QQ自定义面板]
  <D:\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\QQ\SendMMS.htm, N/A>

【回复“celery0926”的帖子】


用扫日志的SRENG工具将下面的各项启动类型改为“Disabled”，
==================================
服务

[Windows User Mode Driver Framework / UMWdf][Stopped/Auto Start]
<><N/A>
[WinZXServiceNow / WinZXServiceNow][Stopped/Auto Start]
<C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RAVZX.EXE><N/A>

==================================
驱动程序

[Netgroup Packet Filter / NPF][Stopped/Manual Start]
<system32\DRIVERS\npf.sys><CACE Technologies>

[SVKP / SVKP][Running/Auto Start]
<\??\C:\WINDOWS\system32\SVKP.sys><AntiCracking>

——————————————————————————————
只看到这些，做了后，重启试试吧。