网吧机器中病毒了 瑞星2008可以查出来可杀完了 重起机器连上网线病毒又有拉 是不是自动下载啊 好象中了ARP病毒了 现在机器上都有病毒了 杂办啊
2000-11-06,20:26:42

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 1 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>  [(Verified)Microsoft Windows XP Publisher]
    <svc><C:\DOCUME~1\as\LOCALS~1\Temp\tomons.exe>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <wxClient><C:\WINDOWS\System32\Clsmn.exe>  []
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <SoundMan><SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]
    <IgfxTray><C:\WINDOWS\System32\igfxtray.exe>  [(Verified)Microsoft Windows XP Publisher]
    <HotKeysCmds><C:\WINDOWS\System32\hkcmd.exe>  [(Verified)Microsoft Windows XP Publisher]
    <HDDGMon><C:\program files\YuanZhi\Recovery Genius 21st\WinNT\HDDGMon.exe>  []
    <upxdnd><C:\WINDOWS\upxdnd.exe>  []
    <Kvsc3><C:\WINDOWS\Kvsc3.exe>  []
    <WinForm><C:\WINDOWS\WinForm.exE>  []
    <runeip><"D:\rav\runiep.exe" /startup>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <KKDelay><D:\rav\RunOnce.exe>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows XP Publisher]
    <Userinit><userinit.exe,>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><kvmxdma.dll>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <GinaDLL><C:\WINDOWS\system32\LogUser.dll>  []
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{3C87A354-ABC3-DEDE-FF33-3213FD7447C3}><C:\WINDOWS\System32\kvdxcma.dll>  []
    <{3E32FA58-3453-FA2D-BC49-F340348ACCE3}><C:\WINDOWS\System32\rsmycpm.dll>  []
    <{4D47B341-43DF-4563-753F-345FFA3157D4}><C:\WINDOWS\System32\kvmxdma.dll>  []
    <{5859245F-345D-BC13-AC4F-145D47DA34F5}><C:\WINDOWS\System32\avzxemn.dll>  []
    <{5A1247C1-53DA-FF43-ABD3-345F323A48D5}><C:\WINDOWS\System32\avwgemn.dll>  []
    <{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\System32\shlhook.dll>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{306D6C21-C1B6-4629-986C-E59E1875B8AF}]
    <N/A><"C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Install.PerUser>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows XP Publisher]
    <NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <NvMediaCenter><; RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit>  [(Verified)Microsoft Windows XP Publisher]
    <nwiz><; nwiz.exe /install>  [NVIDIA Corporation]
    <PHIME2002A><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows XP Publisher]
    <PHIME2002ASync><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows XP Publisher]
    <Refresh><; C:\WINDOWS\System32\Refresh_Service.exe>  []
    <runeip><; D:\rav\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
    <SoundMan><; SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]
    <TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <VTTimer><; VTTimer.exe>  [(Verified)Microsoft Windows XP Publisher]
    <VTTrayp><; VTtrayp.exe>  [(Verified)Microsoft Windows XP Publisher]
    <wxClient><; C:\WINDOWS\System32\Clsmn.exe>  []

==================================

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)

==================================
启动文件夹
N/A

==================================
服务
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NVIDIA Display Driver Service / NVSvc][Stopped/Auto Start]
  <C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation>
[Sicent Network File Synchronization / sicentnetsync][Running/Auto Start]
  <C:\WINDOWS\System32\wxsyncli.exe><成都吉胜科技有限公司>

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[EagleNT / EagleNT][Stopped/Manual Start]
  <\??\C:\WINDOWS\System32\drivers\EagleNT.sys><N/A>
[ialm / ialm][Running/Manual Start]
  <System32\DRIVERS\ialmnt5.sys><Intel Corporation>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\D:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Stopped/Manual Start]
  <System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\System32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
[Realtek 10/100/1000 PCI NIC Family NDIS XP Driver / RTL8023xp][Stopped/Manual Start]
  <System32\DRIVERS\Rtnicxp.sys><Realtek Semiconductor Corporation>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[VIA AGP Filter / viaagp1][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\viaagp1.sys><VIA Technologies, Inc.>
[viagfx / viagfx][Stopped/Manual Start]
  <System32\DRIVERS\vtmini.sys><Copyright (C) VIA/S3 Graphics Co, Ltd.>
[wxNDA / wxNDA][Running/Boot Start]
  <\SystemRoot\System32\drivers\wxNDA.sys><成都吉胜科技>
[Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Running/Manual Start]
  <system32\drivers\ialmsbw.sys><Intel Corporation>
[Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Running/Manual Start]
  <system32\drivers\ialmkchw.sys><Intel Corporation>
[Netgroup Packet Filter / NPF][Running/Manual Start]
  <System32\DRIVERS\npf.sys><CACE Technologies>

==================================
浏览器加载项
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <d:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <d:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[浩方对战平台]
  {0A155D3C-68E2-4215-A47A-E800A446447A} <E:\网络游戏\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <d:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[&使用迅雷下载]
  <d:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
  <d:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[添加到QQ自定义面板]
  <d:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <d:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <d:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

==================================

==================================
正在运行的进程
[PID: 524 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 588 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 612 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\rsmycpm.dll]  [N/A, ]
    [C:\WINDOWS\system32\LogUser.dll]  [N/A, ]
    [C:\WINDOWS\System32\msrav.dll]  [N/A, ]
[PID: 660 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\rsmycpm.dll]  [N/A, ]
[PID: 672 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\system32\rsmycpm.dll]  [N/A, ]
[PID: 844 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\rsmycpm.dll]  [N/A, ]
    [C:\WINDOWS\System32\msrav.dll]  [N/A, ]
[PID: 896 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\rsmycpm.dll]  [N/A, ]
    [C:\WINDOWS\System32\msrav.dll]  [N/A, ]
[PID: 1056 / NETWORK SERVICE][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\rsmycpm.dll]  [N/A, ]
[PID: 1068 / LOCAL SERVICE][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\rsmycpm.dll]  [N/A, ]
    [C:\WINDOWS\System32\msrav.dll]  [N/A, ]
    [C:\WINDOWS\System32\kvmxdma.dll]  [N/A, ]
[PID: 1572 / as][C:\WINDOWS\Explorer.exe]  [Microsoft Corporation, 6.00.2800.1221 (xpsp2.030511-1403)]
    [C:\WINDOWS\System32\rsmycpm.dll]  [N/A, ]
    [C:\WINDOWS\System32\kvdxcma.dll]  [N/A, ]
    [C:\WINDOWS\System32\kvmxdma.dll]  [N/A, ]
    [C:\WINDOWS\System32\msrav.dll]  [N/A, ]
    [C:\WINDOWS\System32\ravztmon.dll]  [N/A, ]
    [C:\WINDOWS\System32\ravmsmon.dll]  [N/A, ]
    [C:\WINDOWS\System32\ravwdmon.dll]  [N/A, ]
    [C:\WINDOWS\System32\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\System32\avzxemn.dll]  [N/A, ]
    [C:\WINDOWS\System32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\System32\WinForm.dll]  [N/A, ]
    [C:\WINDOWS\System32\sqmapi32.dll]  [N/A, ]
    [C:\WINDOWS\System32\djatl.dll]  [N/A, ]
    [C:\WINDOWS\System32\avwgemn.dll]  [N/A, ]
    [D:\rav\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
    [C:\WINDOWS\System32\shlhook.dll]  [Beijing Rising Technology Co., Ltd., 4.0.0.9]
[PID: 1688 / as][C:\WINDOWS\System32\Clsmn.exe]  [, 16.3.12.598]
    [C:\WINDOWS\System32\RegCode.dll]  [N/A, ]
    [C:\WINDOWS\System32\ravwdmon.dll]  [N/A, ]
    [C:\WINDOWS\System32\ravmsmon.dll]  [N/A, ]
    [C:\WINDOWS\System32\ravztmon.dll]  [N/A, ]
    [C:\WINDOWS\System32\msrav.dll]  [N/A, ]
    [C:\WINDOWS\System32\kvmxdma.dll]  [N/A, ]
    [C:\WINDOWS\System32\kvdxcma.dll]  [N/A, ]
    [C:\WINDOWS\System32\rsmycpm.dll]  [N/A, ]
    [C:\WINDOWS\System32\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\System32\WinForm.dll]  [N/A, ]
    [C:\WINDOWS\System32\Kvsc3.dll]  [N/A, ]
    [D:\rav\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
    [C:\WINDOWS\System32\djatl.dll]  [N/A, ]
[PID: 1704 / as][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5, 1, 0, 46]
    [C:\WINDOWS\System32\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\System32\kvmxdma.dll]  [N/A, ]
    [C:\WINDOWS\System32\kvdxcma.dll]  [N/A, ]
    [C:\WINDOWS\System32\rsmycpm.dll]  [N/A, ]
    [C:\WINDOWS\System32\WinForm.dll]  [N/A, ]
    [C:\WINDOWS\System32\Kvsc3.dll]  [N/A, ]
    [D:\rav\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[PID: 1712 / as][C:\WINDOWS\System32\igfxtray.exe]  [Intel Corporation, 3,0,0,2104]
    [C:\WINDOWS\System32\hccutils.DLL]  [Intel Corporation, 3,0,0,2104]
    [C:\WINDOWS\System32\igfxdev.dll]  [Intel Corporation, 3,0,0,2104]
    [C:\WINDOWS\System32\ravwdmon.dll]  [N/A, ]
    [C:\WINDOWS\System32\ravmsmon.dll]  [N/A, ]
    [C:\WINDOWS\System32\ravztmon.dll]  [N/A, ]
    [C:\WINDOWS\System32\kvmxdma.dll]  [N/A, ]
    [C:\WINDOWS\System32\kvdxcma.dll]  [N/A, ]
    [C:\WINDOWS\System32\rsmycpm.dll]  [N/A, ]
    [C:\WINDOWS\System32\igfxsrvc.dll]  [Intel Corporation, 3,0,0,2104]
    [C:\WINDOWS\System32\igfxres.dll]  [Intel Corporation, 3,0,0,2104]
    [C:\WINDOWS\System32\igfxress.dll]  [Intel Corporation, 3,0,0,2104]
    [C:\WINDOWS\System32\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\System32\WinForm.dll]  [N/A, ]
    [C:\WINDOWS\System32\Kvsc3.dll]  [N/A, ]
    [D:\rav\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[PID: 1720 / as][C:\WINDOWS\System32\hkcmd.exe]  [Intel Corporation, 3,0,0,2104]
    [C:\WINDOWS\System32\hccutils.DLL]  [Intel Corporation, 3,0,0,2104]
    [C:\WINDOWS\System32\igfxdev.dll]  [Intel Corporation, 3,0,0,2104]
    [C:\WINDOWS\System32\ravwdmon.dll]  [N/A, ]
    [C:\WINDOWS\System32\ravmsmon.dll]  [N/A, ]
    [C:\WINDOWS\System32\ravztmon.dll]  [N/A, ]
    [C:\WINDOWS\System32\igfxsrvc.dll]  [Intel Corporation, 3,0,0,2104]
    [C:\WINDOWS\System32\kvmxdma.dll]  [N/A, ]
    [C:\WINDOWS\System32\kvdxcma.dll]  [N/A, ]
    [C:\WINDOWS\System32\rsmycpm.dll]  [N/A, ]
    [C:\WINDOWS\System32\igfxhk.dll]  [Intel Corporation, 3,0,0,2104]
    [C:\WINDOWS\System32\igfxres.dll]  [Intel Corporation, 3,0,0,2104]
    [C:\WINDOWS\System32\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\System32\WinForm.dll]  [N/A, ]
    [C:\WINDOWS\System32\Kvsc3.dll]  [N/A, ]
    [D:\rav\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[PID: 1736 / as][C:\program files\YuanZhi\Recovery Genius 21st\WinNT\HDDGMon.exe]  [, 5, 0, 0, 350]
    [C:\program files\YuanZhi\Recovery Genius 21st\WinNT\SimCom.dll]  [N/A, ]
    [C:\program files\YuanZhi\Recovery Genius 21st\WinNT\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [C:\program files\YuanZhi\Recovery Genius 21st\WinNT\HMRes.dll]  [, 5, 0, 0, 350]
    [C:\WINDOWS\System32\ravwdmon.dll]  [N/A, ]
    [C:\WINDOWS\System32\ravmsmon.dll]  [N/A, ]
    [C:\WINDOWS\System32\ravztmon.dll]  [N/A, ]
    [C:\WINDOWS\System32\kvmxdma.dll]  [N/A, ]
    [C:\WINDOWS\System32\kvdxcma.dll]  [N/A, ]
    [C:\WINDOWS\System32\rsmycpm.dll]  [N/A, ]
    [C:\WINDOWS\System32\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\System32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\System32\WinForm.dll]  [N/A, ]
    [D:\rav\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[PID: 1744 / as][C:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\ravwdmon.dll]  [N/A, ]
    [C:\WINDOWS\System32\ravmsmon.dll]  [N/A, ]
    [C:\WINDOWS\System32\ravztmon.dll]  [N/A, ]
    [C:\WINDOWS\System32\kvmxdma.dll]  [N/A, ]
    [C:\WINDOWS\System32\kvdxcma.dll]  [N/A, ]
    [C:\WINDOWS\System32\rsmycpm.dll]  [N/A, ]
    [C:\WINDOWS\System32\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\System32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\System32\WinForm.dll]  [N/A, ]
    [D:\rav\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[PID: 1760 / as][C:\DOCUME~1\as\LOCALS~1\Temp\tomons.exe]  [, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\rsmycpm.dll]  [N/A, ]
    [C:\DOCUME~1\as\LOCALS~1\Temp\packet.dll]  [CACE Technologies, 3, 1, 0, 27]
    [C:\DOCUME~1\as\LOCALS~1\Temp\WanPacket.dll]  [CACE Technologies, 3, 1, 0, 27]
    [C:\DOCUME~1\as\LOCALS~1\Temp\NPPTools.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\ravwdmon.dll]  [N/A, ]
    [C:\WINDOWS\System32\ravmsmon.dll]  [N/A, ]
    [C:\WINDOWS\System32\ravztmon.dll]  [N/A, ]
[PID: 228 / as][C:\WINDOWS\System32\conime.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\ravwdmon.dll]  [N/A, ]
    [C:\WINDOWS\System32\ravmsmon.dll]  [N/A, ]
    [C:\WINDOWS\System32\ravztmon.dll]  [N/A, ]
    [C:\WINDOWS\System32\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\System32\kvmxdma.dll]  [N/A, ]
    [C:\WINDOWS\System32\kvdxcma.dll]  [N/A, ]
    [C:\WINDOWS\System32\rsmycpm.dll]  [N/A, ]
    [C:\WINDOWS\System32\WinForm.dll]  [N/A, ]
    [C:\WINDOWS\System32\Kvsc3.dll]  [N/A, ]
    [D:\rav\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[PID: 292 / SYSTEM][C:\WINDOWS\System32\wxsyncli.exe]  [成都吉胜科技有限公司, 1.0.1.259]
[PID: 736 / LOCAL SERVICE][C:\WINDOWS\System32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
    [C:\WINDOWS\System32\kvmxdma.dll]  [N/A, ]
[PID: 1528 / as][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\kvmxdma.dll]  [N/A, ]
    [C:\WINDOWS\System32\ravwdmon.dll]  [N/A, ]
    [C:\WINDOWS\System32\ravmsmon.dll]  [N/A, ]
    [C:\WINDOWS\System32\ravztmon.dll]  [N/A, ]
    [d:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll]  [Thunder Networking Technologies,LTD, 5, 0, 1, 4]
    [C:\WINDOWS\System32\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\System32\kvdxcma.dll]  [N/A, ]
    [C:\WINDOWS\System32\rsmycpm.dll]  [N/A, ]
    [C:\WINDOWS\System32\avzxemn.dll]  [N/A, ]
    [C:\WINDOWS\System32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\System32\WinForm.dll]  [N/A, ]
    [D:\rav\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
    [C:\WINDOWS\System32\djatl.dll]  [N/A, ]
    [C:\WINDOWS\System32\avwgemn.dll]  [N/A, ]
    [C:\WINDOWS\System32\sqmapi32.dll]  [N/A, ]
    [C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]

[PID: 2196 / as][C:\WINDOWS\System32\conime.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\kvmxdma.dll]  [N/A, ]
[PID: 2668 / as][d:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe]  [Thunder Networking Technologies,LTD, 5, 5, 5, 269]
    [C:\WINDOWS\System32\ravwdmon.dll]  [N/A, ]
    [C:\WINDOWS\System32\ravmsmon.dll]  [N/A, ]
    [C:\WINDOWS\System32\ravztmon.dll]  [N/A, ]
    [d:\Program Files\Thunder Network\Thunder\Program\TaskManager.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 14]
    [d:\Program Files\Thunder Network\Thunder\Program\download_interface.dll]  [Thunder Networking Technologies,LTD, 2, 12, 2, 46]
    [d:\Program Files\Thunder Network\Thunder\Program\asyn_dns.dll]  [Thunder Networking Technologies,LTD, 2, 12, 2, 46]
    [C:\WINDOWS\System32\msrav.dll]  [N/A, ]
    [d:\Program Files\Thunder Network\Thunder\Program\BHOStub.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 8]
    [C:\WINDOWS\System32\WinForm.dll]  [N/A, ]
    [C:\WINDOWS\System32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\System32\kvmxdma.dll]  [N/A, ]
    [C:\WINDOWS\System32\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\System32\kvdxcma.dll]  [N/A, ]
    [C:\WINDOWS\System32\rsmycpm.dll]  [N/A, ]
    [C:\WINDOWS\System32\avzxemn.dll]  [N/A, ]
    [d:\Program Files\Thunder Network\Thunder\Program\iTargetAD.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 15]
    [C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [d:\Program Files\Thunder Network\Thunder\Components\DiagnoseHelper\DiagnoseHelper.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 10]
    [d:\Program Files\Thunder Network\Thunder\Components\PortVerify\PortVerify.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 1]
    [d:\Program Files\Thunder Network\Thunder\Components\ExplorerHelper\ExplorerHelper.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 1]
    [d:\Program Files\Thunder Network\Thunder\Components\DTAG\DTAG.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 1]
    [d:\Program Files\Thunder Network\Thunder\Program\LiveUpdate.dll]  [, 1, 0, 1, 17]
    [d:\Program Files\Thunder Network\Thunder\Components\InMedia\iEmbedShell.dll]  [　, 1, 0, 0, 15]
    [d:\Program Files\Thunder Network\Thunder\Components\InMedia\iEmbed08.dll]  [　, 3, 2, 0, 63]
    [d:\Program Files\Thunder Network\Thunder\Components\Community\XLCommunity.dll]  [Thunder Networking Technologies,LTD, 1, 0, 3, 14]
    [d:\Program Files\Thunder Network\Thunder\Program\RegisterDll.dll]  [Thunder Networking Technologies,LTD, 2, 2, 1, 43]
    [d:\Program Files\Thunder Network\Thunder\Components\Search\XLSearch.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 7]
    [d:\Program Files\Thunder Network\Thunder\Program\msgmanage.dll]  [Thunder Networking Technologies,LTD, 2, 0, 1, 38]
    [d:\Program Files\Thunder Network\Thunder\Components\P4PClient\P4PClient.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 13]
    [d:\Program Files\Thunder Network\Thunder\Components\VPSHELL\VPSHELL.dll]  [, 1, 0, 0, 1]
    [d:\Program Files\Thunder Network\Thunder\Components\VPSHELL\VideoPicture.dll]  [XunLei, 1, 0, 0, 1]
    [d:\Program Files\Thunder Network\Thunder\Plugins\BhoAdv\bho_adv.dll]  [深圳市迅雷网络技术有限公司, 1.0.1.0]
    [C:\WINDOWS\System32\sqmapi32.dll]  [N/A, ]
    [d:\Program Files\Thunder Network\Thunder\Components\P4PClient\GZipDll.dll]  [N/A, ]
    [C:\WINDOWS\System32\djatl.dll]  [N/A, ]
    [C:\WINDOWS\System32\avwgemn.dll]  [N/A, ]
    [D:\rav\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[PID: 3552 / as][D:\rav\runiep.exe]  [Beijing Rising Technology Co., Ltd., 4.0.0.18]
    [C:\WINDOWS\System32\djatl.dll]  [N/A, ]
    [C:\WINDOWS\System32\ravwdmon.dll]  [N/A, ]
    [C:\WINDOWS\System32\ravmsmon.dll]  [N/A, ]
    [C:\WINDOWS\System32\ravztmon.dll]  [N/A, ]
    [D:\rav\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
    [C:\WINDOWS\System32\kvmxdma.dll]  [N/A, ]
    [C:\WINDOWS\System32\WinForm.dll]  [N/A, ]
    [C:\WINDOWS\System32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\System32\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\System32\kvdxcma.dll]  [N/A, ]
    [C:\WINDOWS\System32\rsmycpm.dll]  [N/A, ]
    [C:\WINDOWS\System32\avwgemn.dll]  [N/A, ]
    [C:\WINDOWS\System32\avzxemn.dll]  [N/A, ]
[PID: 836 / as][C:\WINDOWS\system32\NOTEPAD.EXE]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\djatl.dll]  [N/A, ]
    [C:\WINDOWS\System32\ravwdmon.dll]  [N/A, ]
    [C:\WINDOWS\System32\ravmsmon.dll]  [N/A, ]
    [C:\WINDOWS\System32\ravztmon.dll]  [N/A, ]
    [D:\rav\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
    [C:\WINDOWS\System32\kvmxdma.dll]  [N/A, ]
    [C:\WINDOWS\System32\WinForm.dll]  [N/A, ]
    [C:\WINDOWS\System32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\System32\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\System32\kvdxcma.dll]  [N/A, ]
    [C:\WINDOWS\System32\rsmycpm.dll]  [N/A, ]
    [C:\WINDOWS\System32\avzxemn.dll]  [N/A, ]
    [C:\WINDOWS\System32\avwgemn.dll]  [N/A, ]
[PID: 1420 / as][C:\WINDOWS\system32\NOTEPAD.EXE]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\djatl.dll]  [N/A, ]
    [C:\WINDOWS\System32\ravwdmon.dll]  [N/A, ]
    [C:\WINDOWS\System32\ravmsmon.dll]  [N/A, ]
    [C:\WINDOWS\System32\ravztmon.dll]  [N/A, ]
    [D:\rav\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
    [C:\WINDOWS\System32\kvmxdma.dll]  [N/A, ]
    [C:\WINDOWS\System32\WinForm.dll]  [N/A, ]
    [C:\WINDOWS\System32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\System32\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\System32\kvdxcma.dll]  [N/A, ]
    [C:\WINDOWS\System32\rsmycpm.dll]  [N/A, ]
    [C:\WINDOWS\System32\avwgemn.dll]  [N/A, ]
    [C:\WINDOWS\System32\avzxemn.dll]  [N/A, ]
[PID: 2904 / as][C:\Documents and Settings\as\桌面\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\WINDOWS\System32\avwgemn.dll]  [N/A, ]
    [C:\WINDOWS\System32\djatl.dll]  [N/A, ]
    [C:\WINDOWS\System32\ravwdmon.dll]  [N/A, ]
    [C:\WINDOWS\System32\ravmsmon.dll]  [N/A, ]
    [C:\WINDOWS\System32\ravztmon.dll]  [N/A, ]
    [C:\WINDOWS\System32\kvmxdma.dll]  [N/A, ]
    [D:\rav\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
    [C:\WINDOWS\System32\WinForm.dll]  [N/A, ]
    [C:\WINDOWS\System32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\System32\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\System32\kvdxcma.dll]  [N/A, ]
    [C:\WINDOWS\System32\rsmycpm.dll]  [N/A, ]
    [C:\WINDOWS\System32\avzxemn.dll]  [N/A, ]
    [C:\Documents and Settings\as\桌面\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
    [C:\WINDOWS\System32\sqmapi32.dll]  [N/A, ]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
MSAPI Tcpip [TCP/IP]
    C:\WINDOWS\System32\sqmapi32.dll(, N/A)
MSAPI Tcpip [UDP/IP]
    C:\WINDOWS\System32\sqmapi32.dll(, N/A)

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
进程特权扫描
特殊特权被允许： SeDebugPrivilege [PID = 1688, C:\WINDOWS\SYSTEM32\CLSMN.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 1704, C:\WINDOWS\SOUNDMAN.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1704, C:\WINDOWS\SOUNDMAN.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 1736, C:\PROGRAM FILES\YUANZHI\RECOVERY GENIUS 21ST\WINNT\HDDGMON.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 1760, C:\DOCUME~1\AS\LOCALS~1\TEMP\TOMONS.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 2668, D:\PROGRAM FILES\THUNDER NETWORK\THUNDER\PROGRAM\THUNDER5.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2668, D:\PROGRAM FILES\THUNDER NETWORK\THUNDER\PROGRAM\THUNDER5.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 3552, D:\RAV\RUNIEP.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3552, D:\RAV\RUNIEP.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================

先下载XDelbox1.5删除工具: http://www.i170.com/attach/97670969-F47C-4A8B-9529-F0F602EFA902
打开XDelbox1.5勾选“抑制再生”、“备份文件”（为误操作留条后路）。把以下路径添加进去(或者复制下面路径然后点xdelbox右键"从剪贴板导入),然后点右键,立即重启并删除.(如果提示不存在点确定就是)
C:\DOCUME~1\as\LOCALS~1\Temp\tomons.exe
C:\WINDOWS\upxdnd.exe
C:\WINDOWS\Kvsc3.exe
C:\WINDOWS\WinForm.exE
C:\WINDOWS\System32\kvdxcma.dll
C:\WINDOWS\System32\rsmycpm.dll
C:\WINDOWS\System32\kvmxdma.dll
C:\WINDOWS\System32\avzxemn.dll
C:\WINDOWS\System32\avwgemn.dll
C:\WINDOWS\System32\sqmapi32.dll
C:\WINDOWS\System32\ravwdmon.dll
C:\WINDOWS\System32\ravmsmon.dll
C:\WINDOWS\System32\ravztmon.dll
C:\WINDOWS\System32\djatl.dll
C:\WINDOWS\System32\WinForm.dll
C:\WINDOWS\System32\Kvsc3.dll
C:\WINDOWS\System32\upxdnd.dll
C:\WINDOWS\System32\avzxemn.dll
重启电脑后，让电脑自动进入“GO XDELBOX***”杀灭以上文件后登陆系统（中途不要干涉），
删除完后重启计算机时按F8进入安全模式:
(如果进不了就进正常模式)
打开sreng
启动项目--注册表--删除如下项目:
<svc><C:\DOCUME~1\as\LOCALS~1\Temp\tomons.exe> []
<upxdnd><C:\WINDOWS\upxdnd.exe> []
<Kvsc3><C:\WINDOWS\Kvsc3.exe> []
<WinForm><C:\WINDOWS\WinForm.exE> []
<{3C87A354-ABC3-DEDE-FF33-3213FD7447C3}><C:\WINDOWS\System32\kvdxcma.dll> []
<{3E32FA58-3453-FA2D-BC49-F340348ACCE3}><C:\WINDOWS\System32\rsmycpm.dll> []
<{4D47B341-43DF-4563-753F-345FFA3157D4}><C:\WINDOWS\System32\kvmxdma.dll> []
<{5859245F-345D-BC13-AC4F-145D47DA34F5}><C:\WINDOWS\System32\avzxemn.dll> []
<{5A1247C1-53DA-FF43-ABD3-345F323A48D5}><C:\WINDOWS\System32\avwgemn.dll> []
双击<Userinit>把<userinit.exe,> 改为<C:\WINDOWS\system32\userinit.exe,>
双击<AppInit_DLLs>把><kvmxdma.dll>删除掉.确定.
打开sreng--系统修复--Winsock 提供者--删除
MSAPI Tcpip [TCP/IP]
C:\WINDOWS\System32\sqmapi32.dll(, N/A)
MSAPI Tcpip [UDP/IP]
C:\WINDOWS\System32\sqmapi32.dll(, N/A)

下载 arswp清理助手: http://www.arswp.com/
打开arswp--高级模式--清理相关--临时文件--开始清理
打开arswp--高级模式--定制扫描--完整扫描,扫描所有文件--开始扫描.