[PID: 512 / tzp][C:\WINDOWS\system32\Rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\DOWNLO~1\BDPlugin.dll]  [, 1, 0, 1, 1]
    [D:\Downloads\卡卡\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[PID: 1632 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2040 / tzp][C:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\WINDOWS\DOWNLO~1\BDPlugin.dll]  [, 1, 0, 1, 1]
    [D:\Downloads\卡卡\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[PID: 1136 / tzp][C:\Program Files\Rising\Rav\Ravmon.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 45]
    [C:\Program Files\Rising\Rav\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
    [C:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [C:\Program Files\Rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\WINDOWS\DOWNLO~1\BDPlugin.dll]  [, 1, 0, 1, 1]
    [D:\Downloads\卡卡\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[PID: 932 / tzp][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3249]
    [C:\WINDOWS\DOWNLO~1\BDPlugin.dll]  [, 1, 0, 1, 1]
    [D:\Downloads\卡卡\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[PID: 1436 / tzp][C:\WINDOWS\VM_STI.EXE]  [VM., 4.2.610.4]
    [C:\WINDOWS\DOWNLO~1\BDPlugin.dll]  [, 1, 0, 1, 1]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [C:\WINDOWS\system32\VM31bPrp.Ax]  [VM, 4.2.711.31]
    [D:\Downloads\卡卡\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[PID: 1636 / tzp][C:\Program Files\OCINS\idnsvr.exe]  [中国互联网信息中心(CNNIC), 2, 6, 0, 0]
    [C:\WINDOWS\DOWNLO~1\BDPlugin.dll]  [, 1, 0, 1, 1]
    [C:\Program Files\OCINS\idnsvr.dll]  [中国互联网信息中心(CNNIC), 2, 6, 0, 2]
    [D:\Downloads\卡卡\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[PID: 1824 / tzp][D:\Downloads\卡卡\runiep.exe]  [Beijing Rising Technology Co., Ltd., 4.0.0.18]
    [C:\WINDOWS\DOWNLO~1\BDPlugin.dll]  [, 1, 0, 1, 1]
    [D:\Downloads\卡卡\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[PID: 1244 / tzp][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\DOWNLO~1\BDPlugin.dll]  [, 1, 0, 1, 1]
    [D:\Downloads\卡卡\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[PID: 2244 / tzp][C:\Program Files\Rising\Rav\Rav.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 36]
    [C:\Program Files\Rising\Rav\PlugIn\RsPgScan.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 17]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\RavUI.Dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 30]
    [C:\Program Files\Rising\Rav\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
    [C:\Program Files\Rising\Rav\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [C:\WINDOWS\DOWNLO~1\BDPlugin.dll]  [, 1, 0, 1, 1]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [D:\Downloads\卡卡\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
    [C:\Program Files\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 15]
    [C:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [C:\WINDOWS\system32\shdocvw32.dll]  [Microsoft Corporation, 6.00.3790.2783 ]
    [C:\Program Files\Rising\Rav\psapi.dll]  [Microsoft Corporation, 4.00]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\Program Files\Rising\Rav\libload.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
    [C:\Program Files\Rising\Rav\VirusLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 15]
    [C:\Program Files\Rising\Rav\MVEngine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 20]
    [C:\Program Files\Rising\Rav\Engine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 30]
    [C:\Program Files\Rising\Rav\ScanExec.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
    [C:\Program Files\Rising\Rav\Unpacker.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 22]
    [C:\Program Files\Rising\Rav\UnExe.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [C:\Program Files\Rising\Rav\ScanEx.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 84]
    [C:\Program Files\Rising\Rav\ExtFile.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 36]
    [C:\Program Files\Rising\Rav\PostTrt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 17]
    [C:\Program Files\Rising\Rav\ScanMac.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 17]
    [C:\Program Files\Rising\Rav\ScanSct.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 20]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\WINDOWS\system32\shlhook.dll]  [Beijing Rising Technology Co., Ltd., 4.0.0.9]
    [C:\Program Files\Rising\Rav\NvFile.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
    [C:\Program Files\Rising\Rav\ExtMail.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 14]
    [C:\Program Files\Rising\Rav\ExtOLE.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 14]
    [C:\Program Files\Rising\Rav\ScanPack.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 25]
    [C:\Program Files\Rising\Rav\RsVM.dll]  [, 19, 0, 0, 22]
    [C:\Program Files\Rising\Rav\Uroutine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 59]
[PID: 3512 / tzp][C:\Program Files\Real\RealPlayer\realplay.exe]  [RealNetworks, Inc., 6.0.12.1059]
    [C:\WINDOWS\system32\PNCRT.dll]  [Real Networks, Inc, 6.0.0.0]
    [C:\Program Files\Common Files\Real\Update_OB\rnms3270.dll]  [RealNetworks, Inc., 7.0.1.3075]
    [C:\Program Files\Common Files\Real\Common\objb3201.dll]  [RealNetworks, Inc., 0.1.0.6066]
    [C:\Program Files\Common Files\Real\RCAPlugins\uisy3201.dll]  [RealNetworks, Inc., 0.1.0.3571]
    [C:\Program Files\Real\RealPlayer\lang\gemctl_cn.dll]  [RealNetworks, Inc., 6.0.12.298]
    [C:\Program Files\Common Files\Real\Common\pnrs3260.dll]  [RealNetworks, Inc., 6.0.9.3809]
    [C:\Program Files\Common Files\Real\Update_OB\rnad3201.dll]  [RealNetworks, Inc., 0.1.0.3249]
    [C:\WINDOWS\DOWNLO~1\BDPlugin.dll]  [, 1, 0, 1, 1]
    [D:\Downloads\卡卡\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
    [C:\Program Files\Common Files\Real\Update_OB\rnqu3270.dll]  [RealNetworks, Inc., 7.0.0.3495]
    [C:\Program Files\Common Files\Real\Update_OB\setu3270.dll]  [RealNetworks, Inc., 7.0.0.4107]
    [C:\Program Files\Common Files\Real\Plugins\httpfsys.dll]  [RealNetworks, Inc., 10.0.0.2115]
[PID: 2236 / tzp][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\DOWNLO~1\BDPlugin.dll]  [, 1, 0, 1, 1]
    [C:\WINDOWS\system32\shdocvw32.dll]  [Microsoft Corporation, 6.00.3790.2783 ]
    [C:\PROGRA~1\baidu\bar\baidubar.dll]  [Baidu.com, Inc., 2, 0, 2, 145]
    [C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 6.0.0.2003051500]
    [C:\Program Files\FlashGet\jccatch.dll]  [www.flashget.com, 1, 8, 1, 1006]
    [C:\PROGRA~1\OCINS\ieaux.dll]  [中国互联网络信息中心(CNNIC), 2, 6, 0, 2]
    [C:\PROGRA~1\OCINS\idnsvr.dll]  [中国互联网信息中心(CNNIC), 2, 6, 0, 2]
    [C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll]  [Microsoft Corporation, 4.100.313.1]
    [D:\Downloads\卡卡\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
    [C:\Program Files\FlashGet\getflash.dll]  [www.flashget.com, 1, 8, 1, 1002]
    [C:\Program Files\Common Files\Microsoft Shared\Windows Live\msidcrl40.dll]  [Microsoft Corporation, 4.100.313.1]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx]  [Adobe Systems, Inc., 9,0,45,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL]  [Microsoft Corporation, 11.0.5510]
[PID: 3104 / tzp][C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe]  [Microsoft Corporation, 4.100.313.1]
    [C:\WINDOWS\DOWNLO~1\BDPlugin.dll]  [, 1, 0, 1, 1]
    [C:\Program Files\Common Files\Microsoft Shared\Windows Live\msidcrl40.dll]  [Microsoft Corporation, 4.100.313.1]
    [D:\Downloads\卡卡\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[PID: 2940 / tzp][C:\DOCUME~1\tzp\LOCALS~1\Temp\Rar$EX00.234\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\WINDOWS\DOWNLO~1\BDPlugin.dll]  [, 1, 0, 1, 1]
    [D:\Downloads\卡卡\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
    [C:\DOCUME~1\tzp\LOCALS~1\Temp\Rar$EX00.234\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================

文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
进程特权扫描
特殊特权被允许： SeDebugPrivilege [PID = 2040, C:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2040, C:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 1136, C:\PROGRAM FILES\RISING\RAV\RAVMON.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1136, C:\PROGRAM FILES\RISING\RAV\RAVMON.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 932, C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 932, C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 1436, C:\WINDOWS\VM_STI.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1436, C:\WINDOWS\VM_STI.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 1824, D:\DOWNLOADS\卡卡\RUNIEP.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1824, D:\DOWNLOADS\卡卡\RUNIEP.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2244, C:\PROGRAM FILES\RISING\RAV\RAV.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 3512, C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3512, C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 2740, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2740, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

打开SREng->启动项目->服务->"Win32服务应用程序"选中"隐藏已认证的微软服务" 然后将下面名称的服务删除（选中有问题的服务后，点“删除服务”，点“设置”按钮即可。  注意弹出的窗口中要点 “NO 否”才是确认删除服务）(不能删除的就禁用:启动类型改为disabled,点中修改启动类型，点设置):
[Fax 2Client / ms_2fax][Running/Auto Start]
<C:\WINDOWS\system32\a6cf1.exe><N/A>

打开SREng->启动项目->服务->驱动程序"选中"隐藏已认证的微软服务" 然后将下面名称的服务删除（选中有问题的服务后，点“删除服务”，点“设置”按钮即可。  注意弹出的窗口中要点 “NO 否”才是确认删除服务）(不能删除的就禁用:启动类型改为disabled,点中修改启动类型，点设置):
[3nqn / 3nqn][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\3nqn.sys><N/A>
[idnaux / idnaux][Running/Auto Start]
<system32\drivers\idnaux.sys><中国互联网络信息中心(CNNIC)>
[mxdispdr / mxdispdr][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\mxdispdr.sys><N/A>
[cnprov / cnprov][Running/Boot Start]
<\SystemRoot\system32\drivers\cnprov.sys><中国互联网络信息中心(CNNIC)>
[hn706f / hn706ff][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\hn706ff.sys><N/A>

SRE--系统修复--浏览器加载项-删除
[ff Class]
{B9751A53-4494-4D7C-9732-AE3058D8145F} <C:\WINDOWS\system32\7a61.dll, N/A>

重启 显示隐藏文件后删除以下文件
C:\WINDOWS\system32\msplrct.dll
C:\WINDOWS\system32\7a61.dll
C:\WINDOWS\system32\drivers\3nqn.sys
C:\WINDOWS\system32\drivers\idnaux.sys
C:\WINDOWS\system32\drivers\mxdispdr.sys
C:\WINDOWS\system32\drivers\cnprov.sys
C:\WINDOWS\System32\DRIVERS\hn706ff.sys
C:\WINDOWS\system32\a6cf1.exe

删不掉的用冰刃删除
http://www.crsky.com/soft/6947.html

下载arswp(Windows清理助手)清理下
http://www.arswp.com/download/arswp/arswp.rar

还有问题再扫个日志上来

谢谢啦~~我也很喜欢火影忍者，呵呵~~

也不怕吓死人...这么多.