<\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\MEMSCAN.sys><Beijing Rising Technology Co., Ltd.>
[mProcRs / mProcRs][Running/Auto Start]
  <\??\c:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
  <system32\drivers\npf.sys><CACE Technologies>
[npkcrypt / npkcrypt][Stopped/Manual Start]
  <\??\C:\WINDOWS\System32\qqedit\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
  <System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\System32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
[RsFwDrv / RsFwDrv][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\System32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\RSPPSYS.sys><Rising>
[Realtek RTL8029(AS)-based PCI Ethernet Adapter NT Driver / rtl8029][Stopped/Manual Start]
  <System32\DRIVERS\RTL8029.SYS><Realtek Semiconductor Corporation>
[Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver / rtl8139][Running/Manual Start]
  <System32\DRIVERS\R8139n51.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[VIA AC'97 Audio Controller (WDM) / VIAudio][Stopped/Manual Start]
  <system32\drivers\ac97via.sys><VIA Technologies, Inc.>

==================================
浏览器加载项
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Windows Live Sign-in Helper]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[IeCatch2 Class]
  {A5366673-E8CA-11D3-9CD9-0090271D075B} <C:\PROGRA~1\FLASHGET\jccatch.dll, Amaze Soft>
[Google Toolbar Helper]
  {AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar3.dll, Google Inc.>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[FlashGet]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\flashget.exe, Amaze Soft>
[FlashGet Bar]

{E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft>
[&Google]
  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar3.dll, Google Inc.>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\System32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[iTrusPTA Class]
  {1E0DFFCF-27FF-4574-849B-55007349FEDA} <C:\WINDOWS\System32\aliedit\pta.dll, >
[WebActivater Control]
  {3D8F74EE-8692-4F8F-B8D2-7522E732519E} <C:\WINDOWS\System32\WEBACT~1.OCX, QQ>
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\System32\aliedit\AliEdit.dll, >
[MSN Photo Upload Tool]
  {4F1E5B1A-2A80-42CA-8532-2D05CB959537} <C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, Microsoft? Corporation>
[RdxIE Class]
  {56336BCB-3D8A-11D6-A00B-0050DA18DE71} <C:\WINDOWS\Downloaded Program Files\RdxIE.dll, RealNetworks, Inc.>
[AxSubmitControl Class]
  {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\DOWNLO~1\SUBMIT~1.DLL, >
[VqqSpeedDlProxy Class]
  {9ADACAA6-533E-4383-AFA7-F0A66650B6D8} <C:\WINDOWS\vqqsdl10.dll, Tencent Technology (Shenzhen) Company Limited>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[Rising Web Scan Object]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[PasswordEditCtrl Class]
  {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\System32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
[VqqSpeedDlProxy Class]
  {F138084D-84D7-48CD-BEA8-04772457516E} <C:\WINDOWS\vqqsdl.dll, Tencent>
[Add to Windows &Live Favorites]
  <http://favorites.live.com/quickadd.aspx, N/A>
[使用网际快车下载]
  <C:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <C:\Program Files\FlashGet\jc_all.htm, N/A>
[添加到QQ表情]
  <D:\qq\QQ\AddEmotion.htm, N/A>

==================================
正在运行的进程
[PID: 308 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 364 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 388 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\zinforms.dll]  [N/A, ]
[PID: 432 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\zinforms.dll]  [N/A, ]
    [C:\WINDOWS\System32\LYMANGR.DLL]  [N/A, ]
[PID: 444 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\system32\zinforms.dll]  [N/A, ]
[PID: 688 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\zinforms.dll]  [N/A, ]
[PID: 728 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\zinforms.dll]  [N/A, ]

[PID: 800 / NETWORK SERVICE][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\zinforms.dll]  [N/A, ]
[PID: 812 / LOCAL SERVICE][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\zinforms.dll]  [N/A, ]
[PID: 1084 / Bluewater][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\zinforms.dll]  [N/A, ]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\WINDOWS\System32\shlhook.dll]  [Beijing Rising Technology Co., Ltd., 4.0.0.9]
    [C:\PROGRA~1\FLASHGET\jccatch.dll]  [Amaze Soft, 1, 1, 4, 0]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.CHS]  [Adobe Systems, Inc., 8.0.0.0]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 8.1.0.0]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\System32\rsztcpm.dll]  [N/A, ]
    [C:\WINDOWS\System32\avwgdmn.dll]  [N/A, ]
    [C:\WINDOWS\System32\rarjbpi.dll]  [N/A, ]
    [C:\WINDOWS\System32\raqjbpi.dll]  [N/A, ]
    [C:\WINDOWS\System32\kvdxsbma.dll]  [N/A, ]
    [C:\WINDOWS\System32\LYMANGR.DLL]  [N/A, ]
    [C:\WINDOWS\System32\kawdbzy.dll]  [N/A, ]
    [C:\WINDOWS\System32\rsmydpm.dll]  [N/A, ]
    [C:\WINDOWS\System32\kvdxcma.dll]  [N/A, ]
    [C:\WINDOWS\System32\avwlbmn.dll]  [N/A, ]
    [C:\WINDOWS\System32\ratbfpi.dll]  [N/A, ]
    [C:\WINDOWS\System32\kaqhezy.dll]  [N/A, ]
    [C:\WINDOWS\System32\rsjzbpm.dll]  [N/A, ]
    [C:\WINDOWS\System32\kapjbzy.dll]  [N/A, ]
    [C:\WINDOWS\System32\sidjazy.dll]  [N/A, ]
    [C:\WINDOWS\System32\avzxdmn.dll]  [N/A, ]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 8.0.0.2006102200]
[PID: 1232 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\system32\zinforms.dll]  [N/A, ]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\vprproc.dll]  [Windows (R) 2000 DDK provider, 5.00.2195.1620]
[PID: 1304 / SYSTEM][C:\PROGRAM FILES\RISING\RAV\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
    [C:\PROGRAM FILES\RISING\RAV\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 1544 / Bluewater][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5.1.0.24]

[C:\WINDOWS\System32\zinforms.dll]  [N/A, ]
[PID: 1640 / Bluewater][C:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\zinforms.dll]  [N/A, ]
[PID: 1676 / Bluewater][D:\CASIO\Photo Loader\Plauto.exe]  [CASIO COMPUTER CO.,LTD., 2.1.4E]
    [C:\WINDOWS\System32\zinforms.dll]  [N/A, ]
[PID: 1776 / SYSTEM][C:\WINDOWS\System32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.5216]
[PID: 1812 / LOCAL SERVICE][C:\WINDOWS\System32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
    [C:\WINDOWS\System32\zinforms.dll]  [N/A, ]
[PID: 3392 / Bluewater][C:\WINDOWS\System32\conime.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\zinforms.dll]  [N/A, ]
[PID: 3864 / Bluewater][C:\WINDOWS\IGW.exe]  [N/A, ]
[PID: 2776 / Bluewater][C:\WINDOWS\IGW.exe]  [N/A, ]
[PID: 1800 / Bluewater][C:\WINDOWS\IGW.exe]  [N/A, ]
[PID: 2164 / Bluewater][C:\Program Files\WinRAR\WinRAR.exe]  [N/A, ]
    [C:\WINDOWS\System32\kvdxsbma.dll]  [N/A, ]
    [C:\WINDOWS\System32\raqjbpi.dll]  [N/A, ]
    [C:\WINDOWS\System32\rarjbpi.dll]  [N/A, ]
    [C:\WINDOWS\System32\rsztcpm.dll]  [N/A, ]
    [C:\WINDOWS\System32\avwgdmn.dll]  [N/A, ]
[PID: 3836 / Bluewater][C:\Program Files\INTERNET EXPLORER\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [c:\program files\google\googletoolbar3.dll]  [Google Inc., 4, 0, 1020, 3054]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 8.0.0.2006102200]
    [C:\PROGRA~1\FLASHGET\jccatch.dll]  [Amaze Soft, 1, 1, 4, 0]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\System32\avwgdmn.dll]  [N/A, ]
    [C:\WINDOWS\System32\rsztcpm.dll]  [N/A, ]
    [C:\WINDOWS\System32\rarjbpi.dll]  [N/A, ]
    [C:\WINDOWS\System32\raqjbpi.dll]  [N/A, ]
    [C:\WINDOWS\System32\kvdxsbma.dll]  [N/A, ]
    [C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 8.1.0.0]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.CHS]  [Adobe Systems, Inc., 8.0.0.0]
[PID: 3988 / Bluewater][C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe]  [Microsoft Corporation, 4.100.313.1]
[PID: 1072 / Bluewater][C:\Program Files\INTERNET EXPLORER\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [c:\program files\google\googletoolbar3.dll]  [Google Inc., 4, 0, 1020, 3054]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 8.0.0.2006102200]
    [C:\PROGRA~1\FLASHGET\jccatch.dll]  [Amaze Soft, 1, 1, 4, 0]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\System32\avwgdmn.dll]  [N/A, ]
    [C:\WINDOWS\System32\rsztcpm.dll]  [N/A, ]
    [C:\WINDOWS\System32\kvdxsbma.dll]  [N/A, ]
    [C:\WINDOWS\System32\raqjbpi.dll]  [N/A, ]
    [C:\WINDOWS\System32\rarjbpi.dll]  [N/A, ]
    [C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
[PID: 2500 / Bluewater][C:\DOCUME~1\BLUEWA~1\LOCALS~1\Temp\Rar$EX41.672\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\WINDOWS\System32\rarjbpi.dll]  [N/A, ]
    [C:\DOCUME~1\BLUEWA~1\LOCALS~1\Temp\Rar$EX41.672\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
    [C:\WINDOWS\System32\raqjbpi.dll]  [N/A, ]
    [C:\WINDOWS\System32\kvdxsbma.dll]  [N/A, ]
    [C:\WINDOWS\System32\avwgdmn.dll]  [N/A, ]
    [C:\WINDOWS\System32\rsztcpm.dll]  [N/A, ]

==================================

文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 1544, C:\WINDOWS\SOUNDMAN.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 3864, C:\WINDOWS\IGW.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3864, C:\WINDOWS\IGW.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 2776, C:\WINDOWS\IGW.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2776, C:\WINDOWS\IGW.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 1800, C:\WINDOWS\IGW.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1800, C:\WINDOWS\IGW.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 2164, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2164, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================

先下载XDelbox1.5删除工具: http://www.i170.com/attach/97670969-F47C-4A8B-9529-F0F602EFA902
打开XDelbox1.5勾选“抑制再生”、“备份文件”（为误操作留条后路）。把以下路径添加进去(或者复制下面路径然后点xdelbox右键"从剪贴板导入),然后点右键,立即重启并删除.
C:\WINDOWS\System32\rsmydpm.dll
C:\WINDOWS\System32\rsztcpm.dll
C:\WINDOWS\System32\kawdbzy.dll
C:\WINDOWS\System32\rarjbpi.dll
C:\WINDOWS\System32\avzxdmn.dll
C:\WINDOWS\System32\raqjbpi.dll
C:\WINDOWS\System32\avwgdmn.dll
C:\WINDOWS\System32\sidjazy.dll
C:\WINDOWS\System32\kapjbzy.dll
C:\WINDOWS\System32\kaqhezy.dll
C:\WINDOWS\System32\avwlbmn.dll
C:\WINDOWS\System32\ratbfpi.dll
C:\WINDOWS\System32\rsjzbpm.dll
C:\WINDOWS\System32\kvdxsbma.dll
C:\WINDOWS\System32\kvdxcma.dll
C:\WINDOWS\IGW.exe
C:\WINDOWS\System32\zinforms.dll
C:\WINDOWS\System32\LYMANGR.DLL
删除完后重启计算机时按F8进入安全模式:(进不了就进正常模式)
打开sreng
启动项目--注册表--删除如下项目:
<WinSys><C:\WINDOWS\IGW.exe> []
<MSDWG32><LYLoadbr.exe> [N/A]
<MSDCG32 ><LYLeador.exe> [N/A]
<MSDOG32><LYLoador.exe> [N/A]
<MSDSG32><LYLoadar.exe> [N/A]
<MSDMG32><LYLoadmr.exe> [N/A]
<MSDHG32><LYLoadhr.exe> [N/A]
<MSDQG32><LYLoadqr.exe> [N/A]
<{AEB6717E-7E19-11d0-97EE-00C04FD91974}><winforms.dll> [N/A]
<{AEB6717E-7E19-11d0-97EE-00C04FD91975}><zinforms.dll> []
<{4E32FA58-3453-FA2D-BC49-F340348ACCE4}><C:\WINDOWS\System32\rsmydpm.dll> []
<{334345F1-DACF-3452-CB7D-4620F34A1533}><C:\WINDOWS\System32\rsztcpm.dll> []
<{28907901-1416-3389-9981-372178569982}><C:\WINDOWS\System32\kawdbzy.dll> []
<{2598FF45-DA60-F48A-BC43-10AC47853D52}><C:\WINDOWS\System32\rarjbpi.dll> []
<{4859245F-345D-BC13-AC4F-145D47DA34F4}><C:\WINDOWS\System32\avzxdmn.dll> []
<{24783410-4F90-34A0-7820-3230ACD05F42}><C:\WINDOWS\System32\raqjbpi.dll> []
<{4A1247C1-53DA-FF43-ABD3-345F323A48D4}><C:\WINDOWS\System32\avwgdmn.dll> []
<{18847374-8323-FADC-B443-4732ABCD3781}><C:\WINDOWS\System32\sidjazy.dll> []
<{2A321487-4977-D98A-C8D5-6488257545A2}><C:\WINDOWS\System32\kapjbzy.dll> []
<{57D81718-1314-5200-2597-587901018075}><C:\WINDOWS\System32\kaqhezy.dll> []
<{2960356A-458E-DE24-BD50-268F589A56A2}><C:\WINDOWS\System32\avwlbmn.dll> []
<{66650011-3344-6688-4899-345FABCD1566}><C:\WINDOWS\System32\ratbfpi.dll> []
<{22FAACDE-34DA-CCD4-AB4D-DA34485A3422}><C:\WINDOWS\System32\rsjzbpm.dll> []
<{2D561258-45F3-A451-F908-A258458226D2}><C:\WINDOWS\System32\kvdxsbma.dll> []
<{3C87A354-ABC3-DEDE-FF33-3213FD7447C3}><C:\WINDOWS\System32\kvdxcma.dll> []
双击<AppInit_DLLs>把><raqjbpi.dll>删除掉.确定.
打开sreng
点击启动项目--服务--Win32服务应用程序-- 勾选“隐藏经认证的微软项目”
等待列表出来之后点击以下项目.然后选中下面的 “删除服务” 并单击设置按钮
在弹出的框中点“否”
[Telephotsgoogle / Winownes][Stopped/Auto Start]
<2 - 系统找不到指定的文件。
><N/A>

驱动程序[GMSIPCI / GMSIPCI][Stopped/Manual Start]
<\??\G:\INSTALL\GMSIPCI.SYS><N/A>
可疑自己看着办吧.
下载 arswp清理助手: http://www.arswp.com/
打开arswp--高级模式--定制扫描--完整扫描,扫描所有文件--开始扫描.

病毒真变态,不管是计算机上的还是人身上的。

对vista来说,趋势还是最可信赖的了。