启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><; C:\WINDOWS\system32\ctfmon.exe>  [File is missing]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <runeip><; "C:\Program Files\Rising\AntiSpyware\runiep.exe" /startup>  [Beijing Rising Technology Co., Ltd.]
    <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <KernelFaultCheck><; %systemroot%\system32\dumprep 0 -k>  [File is missing]
    <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <RfwMain><; "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [(Verified)BEIJING RISING SCIENCE AND TECHNOLOGY CORPORATION LIMITED]
    <TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [File is missing]
    <YLive.exe><; C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <KKDelay><C:\Program Files\rising\AntiSpyware\RunOnce.exe>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  []
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><S,msosptfs01.dll,nhmxbjkl.dll,msosdohs01.dll,msosfmsq01.dll,hfxncp.dll,wipicdec.dll,msosmnsf01.dll,nicozftp01.dll,msosdrop01.dll,msosmhfp01.dll,msosping01.dll,jqjeho.dll,msoscqit01.dll,ubueil.dll,fmsiocps.dll,peeuic.dll,msosjtio01.dll,orjsfq.dll,kbmzxe.dll,ieprot.dll>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Publisher]
    <{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll>  [Beijing Rising Technology Co., Ltd.]
    <?{6C8D1401-A58D-A81C-CD24-A5915C4517C6}><mnmhfsrv.dll>  []
    <?{27AC9076-C898-B098-D098-A18319080972}><nhmxbjkl.dll>  []
    <?{67FD640A-158F-48AC-FD14-1597F14A9776}><mndsfsrv.dll>  []
    <?{4F4F0064-71E0-4f0d-0017-708476C7815F}><>  [N/A]
    <{4F4F0064-71E0-4f0d-0018-708476C7815F}><C:\WINDOWS\system32\midimapwd.dll>  [Microsoft Corporation]
    <{4F4F0064-71E0-4f0d-0017-708476C7815F}><C:\WINDOWS\system32\midimaptl.dll>  [Microsoft Corporation]
    <{27AC9076-C898-B098-D098-A18319080972}><C:\WINDOWS\system32\nhmxbjkl.dll>  []
    <{67FD640A-158F-48AC-FD14-1597F14A9776}><C:\WINDOWS\system32\mndsfsrv.dll>  []
    <{6C8D1401-A58D-A81C-CD24-A5915C4517C6}><C:\WINDOWS\system32\mnmhfsrv.dll>  []
    <{4C648541-1025-9650-9057-6541258720C4}><C:\WINDOWS\system32\mndhddwd.dll>  []
    <{35671234-7890-ABCD-CDEF-567801237653}><C:\WINDOWS\system32\yxcschlp.dll>  []
    <{70AF1289-F140-A140-D012-C1458759FC07}><C:\WINDOWS\system32\ypcqfhlp.dll>  []
    <{4629FF4F-ACDB-5C90-A098-FACB3456A264}><C:\WINDOWS\system32\mpmydapi.dll>  []
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <WebCheck><%SystemRoot%\system32\webcheck.dll>  [(Verified)Microsoft Windows Publisher]
    <SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Publisher]
    <midimaptl><?{4F4F0064-71E0-4f0d-0017-708476C7815F}>  [N/A]
    <midimapwd><?{4F4F0064-71E0-4f0d-0018-708476C7815F}>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    <WinlogonNotify: WgaLogon><WgaLogon.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
    <浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2bf41073-b2b1-21c1-b5c1-0701f4155588}]
    <N/A><C:\Program Files\Web Publish\IDrivers.pif>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe]
    <IFEO[360rpt.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safe.exe]
    <IFEO[360safe.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safebox.exe]
    <IFEO[360safebox.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe]
    <IFEO[360tray.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiArp.exe]
    <IFEO[AntiArp.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe]
    <IFEO[CCenter.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DrvAnti.exe]
    <IFEO[DrvAnti.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\filemon.exe]
    <IFEO[filemon.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFRing3.exe]
    <IFEO[GFRing3.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFUpd.exe]
    <IFEO[GFUpd.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GuardField.exe]
    <IFEO[GuardField.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPPMain.exe]
    <IFEO[KPPMain.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch.exe]
    <IFEO[KWatch.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe]
    <IFEO[procexp.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctor.exe]
    <IFEO[QQDoctor.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQKav.exe]
    <IFEO[QQKav.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMon.exe]
    <IFEO[RavMon.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMonD.exe]
    <IFEO[RavMonD.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RawCopy.exe]
    <IFEO[RawCopy.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe]
    <IFEO[regedit.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regmon.exe]
    <IFEO[regmon.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegTool.exe]
    <IFEO[RegTool.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeboxTray.exe]
    <IFEO[safeboxTray.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe]
    <IFEO[taskmgr.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tqat.exe]
    <IFEO[tqat.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path]
    <IFEO[Your Image File Name Here without a path]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~OllyDBG.EXE]
    <IFEO[~OllyDBG.EXE]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~OllyICE.EXE]
    <IFEO[~OllyICE.EXE]><ntsd -d>  [N/A]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINDOWS\system32\logon.scr>  [(Verified)Microsoft Windows Publisher]

用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

服务
[Machine Debug Manager / MDM][Stopped/Auto Start]
  <"C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"><Microsoft Corporation>
[Windows Installer / MSIServer][Stopped/Manual Start]
  <C:\WINDOWS\system32\msiexec.exe /V><Microsoft Corporation>
[Network DDE / NetDDE][Stopped/Disabled]
  <C:\WINDOWS\system32\netdde.exe><Microsoft Corporation>
[Network DDE DSDM / NetDDEdsdm][Stopped/Disabled]
  <C:\WINDOWS\system32\netdde.exe><Microsoft Corporation>
[Net Logon / Netlogon][Stopped/Manual Start]
  <C:\WINDOWS\system32\lsass.exe><Microsoft Corporation>
[Plug and Play / PlugPlay][Running/Auto Start]
  <C:\WINDOWS\system32\services.exe><Microsoft Corporation>
[IPSEC Services / PolicyAgent][Stopped/Auto Start]
  <C:\WINDOWS\system32\lsass.exe><Microsoft Corporation>
[Remote Desktop Help Session Manager / RDSessMgr][Stopped/Manual Start]
  <C:\WINDOWS\system32\sessmgr.exe><Microsoft Corporation>
[Rising Proxy  Service / RfwProxySrv][Stopped/Auto Start]
  <c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Stopped/Auto Start]
  <c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Remote Procedure Call (RPC) Locator / RpcLocator][Stopped/Manual Start]
  <C:\WINDOWS\system32\locator.exe><Microsoft Corporation>
[Rising Process Communication Center / RsCCenter][Stopped/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
  <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Smart Card / SCardSvr][Stopped/Manual Start]
  <C:\WINDOWS\System32\SCardSvr.exe><Microsoft Corporation>
[Print Spooler / Spooler][Stopped/Auto Start]
  <C:\WINDOWS\system32\spoolsv.exe><Microsoft Corporation>
[Performance Logs and Alerts / SysmonLog][Stopped/Manual Start]
  <C:\WINDOWS\system32\smlogsvc.exe><Microsoft Corporation>
[Telnet / TlntSvr][Stopped/Disabled]
  <C:\WINDOWS\system32\tlntsvr.exe><Microsoft Corporation>
[Windows User Mode Driver Framework / UMWdf][Stopped/Manual Start]
  <C:\WINDOWS\system32\wdfmgr.exe><Microsoft Corporation>
[User Profile Hive Cleanup / UPHClean][Stopped/Auto Start]
  <C:\Program Files\UPHClean\uphclean.exe><Microsoft Corporation>

==================================
驱动程序
[ESS Allegro Audio Driver (WDM) / allegro][Stopped/Manual Start]
  <system32\drivers\es198x.sys><ESS Technology, Inc.>
[Rising TDI Base Driver / BaseTDI][Stopped/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[cqit / cqit][Stopped/Auto Start]
  <\??\C:\DOCUME~1\xuyi\LOCALS~1\Temp\tmp1B.tmp><N/A>
[dohs / dohs][Stopped/Auto Start]
  <\??\C:\DOCUME~1\xuyi\LOCALS~1\Temp\tmp17.tmp><N/A>
[drop / drop][Stopped/Auto Start]
  <\??\C:\DOCUME~1\xuyi\LOCALS~1\Temp\tmp14.tmp><N/A>
[D-Link DFE-530TX PCI Fast Ethernet Adapter Driver Service / FETNDISB][Stopped/Manual Start]
  <system32\DRIVERS\dlkfet5b.sys><D-Link>
[fmsq / fmsq][Stopped/Auto Start]
  <\??\C:\DOCUME~1\xuyi\LOCALS~1\Temp\tmp10.tmp><N/A>
[HookCont / HookCont][Stopped/System Start]
  <\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Technology Co., Ltd>
[HookNtos / HookNtos][Stopped/System Start]
  <\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Technology Co., Ltd>
[HookReg / HookReg][Stopped/System Start]
  <\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Technology Co., Ltd>
[HookSys / HookSys][Stopped/System Start]
  <\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Technology Co., Ltd>
[HookUrl / HookUrl][Stopped/Auto Start]
  <\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[i81x / i81x][Stopped/Manual Start]
  <system32\DRIVERS\i81xnt5.sys><Intel(R) Corporation>
[iAimFP0 / iAimFP0][Stopped/Manual Start]
  <system32\DRIVERS\wADV01nt.sys><Intel(R) Corporation>
[iAimFP1 / iAimFP1][Stopped/Manual Start]
  <system32\DRIVERS\wADV02NT.sys><Intel(R) Corporation>
[iAimFP2 / iAimFP2][Stopped/Manual Start]
  <system32\DRIVERS\wADV05NT.sys><Intel(R) Corporation>
[iAimFP3 / iAimFP3][Stopped/Manual Start]
  <system32\DRIVERS\wSiINTxx.sys><Intel(R) Corporation>
[iAimFP4 / iAimFP4][Stopped/Manual Start]
  <system32\DRIVERS\wVchNTxx.sys><Intel(R) Corporation>
[iAimFP5 / iAimFP5][Stopped/Manual Start]
  <system32\DRIVERS\wADV07nt.sys><Intel(R) Corporation>
[iAimFP6 / iAimFP6][Stopped/Manual Start]
  <system32\DRIVERS\wADV08nt.sys><Intel(R) Corporation>
[iAimFP7 / iAimFP7][Stopped/Manual Start]
  <system32\DRIVERS\wADV09nt.sys><Intel(R) Corporation>
[iAimTV0 / iAimTV0][Stopped/Manual Start]
  <system32\DRIVERS\wATV01nt.sys><Intel(R) Corporation>
[iAimTV1 / iAimTV1][Stopped/Manual Start]
  <system32\DRIVERS\wATV02NT.sys><Intel(R) Corporation>
[iAimTV3 / iAimTV3][Stopped/Manual Start]
  <system32\DRIVERS\wATV04nt.sys><Intel(R) Corporation>
[iAimTV4 / iAimTV4][Stopped/Manual Start]
  <system32\DRIVERS\wCh7xxNT.sys><Intel(R) Corporation>
[iAimTV5 / iAimTV5][Stopped/Manual Start]
  <system32\DRIVERS\wATV10nt.sys><Intel(R) Corporation>
[iAimTV6 / iAimTV6][Stopped/Manual Start]
  <system32\DRIVERS\wATV06nt.sys><Intel(R) Corporation>
[jtio / jtio][Stopped/Auto Start]
  <\??\C:\DOCUME~1\xuyi\LOCALS~1\Temp\tmp12.tmp><N/A>
[liqiqgs / liqiqgs][Running/Boot Start]
  <\SystemRoot\\SystemRoot\System32\drivers\liqiqgs.sys><N/A>
[mhfp / mhfp][Stopped/Auto Start]
  <\??\C:\DOCUME~1\xuyi\LOCALS~1\Temp\tmp5.tmp><N/A>
[mnsf / mnsf][Stopped/Auto Start]
  <\??\C:\DOCUME~1\xuyi\LOCALS~1\Temp\tmpA.tmp><N/A>
[msfpfis64 / msfpfis64][Stopped/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\msosmsfpfis64.sys><N/A>
[msp2p32 / msp2p32][Stopped/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\msosmsp2p32.sys><N/A>
[NDIS 用户模式 I/O 协议 / Ndisuio][Stopped/Manual Start]
  <system32\DRIVERS\ndisuio.sys><Microsoft Corporation>
[Remote Access NDIS WAN Driver / NdisWan][Stopped/Manual Start]
  <system32\DRIVERS\ndiswan.sys><Microsoft Corporation>
[NetBIOS Interface / NetBIOS][Stopped/System Start]
  <system32\DRIVERS\netbios.sys><Microsoft Corporation>
[NetBios over Tcpip / NetBT][Stopped/System Start]
  <system32\DRIVERS\netbt.sys><Microsoft Corporation>
[New0 / New0][Stopped/Auto Start]
  <\??\C:\WINDOWS\system32\new.sys><N/A>
[Parallel port driver / Parport][Stopped/Manual Start]
  <system32\DRIVERS\parport.sys><Microsoft Corporation>
[PCI Bus Driver / PCI][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\pci.sys><Microsoft Corporation>
[ping / ping][Stopped/Auto Start]
  <\??\C:\DOCUME~1\xuyi\LOCALS~1\Temp\tmpE.tmp><N/A>
[ptfs / ptfs][Stopped/Auto Start]
  <\??\C:\DOCUME~1\xuyi\LOCALS~1\Temp\tmpC.tmp><N/A>
[Direct Parallel Link Driver / Ptilink][Stopped/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[qkdysm / qkdysm][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\qkdysm><N/A>
[WAN Miniport (L2TP) / Rasl2tp][Stopped/Manual Start]
  <system32\DRIVERS\rasl2tp.sys><Microsoft Corporation>
[Direct Parallel / Raspti][Stopped/Manual Start]
  <system32\DRIVERS\raspti.sys><Microsoft Corporation>
[Rising  Rfwbase Driver / RfwBase][Stopped/Auto Start]
  <System32\DRIVERS\rfwbase.SYS><Beijing Rising Technology Co., Ltd.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
[RsFwDrv / RsFwDrv][Stopped/System Start]
  <\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[s3m / s3m][Stopped/Manual Start]
  <system32\DRIVERS\s3m.sys><S3 Incorporated>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[System Restore Filter Driver / sr][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\sr.sys><Microsoft Corporation>
[Srv / Srv][Stopped/Manual Start]
  <system32\DRIVERS\srv.sys><Microsoft Corporation>
[Software Bus Driver / swenum][Running/Manual Start]
  <system32\DRIVERS\swenum.sys><Microsoft Corporation>
[Microsoft Kernel System Audio Device / sysaudio][Stopped/Manual Start]
  <system32\drivers\sysaudio.sys><Microsoft Corporation>
[Microsoft USB Generic Parent Driver / usbccgp][Stopped/Manual Start]
  <system32\DRIVERS\usbccgp.sys><Microsoft Corporation>
[Microsoft USB Standard Hub Driver / usbhub][Running/Manual Start]
  <system32\DRIVERS\usbhub.sys><Microsoft Corporation>
[USB 大容量存储设备 / USBSTOR][Running/Manual Start]
  <system32\DRIVERS\USBSTOR.SYS><Microsoft Corporation>
[Microsoft USB Universal Host Controller Miniport Driver / usbuhci][Running/Manual Start]
  <system32\DRIVERS\usbuhci.sys><Microsoft Corporation>
[VgaSave / VgaSave][Running/System Start]
  <\SystemRoot\System32\drivers\vga.sys><Microsoft Corporation>
[Remote Access IP ARP Driver / Wanarp][Stopped/Manual Start]
  <system32\DRIVERS\wanarp.sys><Microsoft Corporation>
[zftp / zftp][Stopped/Auto Start]
  <\??\C:\DOCUME~1\xuyi\LOCALS~1\Temp\tmp5.tmp><N/A>

把完整的日志文件作为附件上传

上传了

我签名处木马群清理。
注意操作方法，必须断网清理，在清理助手提示重启清理前，严格做下面的事。
————————————————————————————————————————
去C:\WINDOWS\system32\dllcache文件夹里找ctfmon.exe和Explorer.exe文件，将Explorer.exe复制到C:\WINDOWS\文件夹里替换。将ctfmon.exe复制到C:\WINDOWS\system32文件夹里替换。
或者这贴里找相关文件下载。
http://bbs.ikaka.com/showtopic-8417665.aspx
替换前先在任务管理器里结束ctfmon.exe和Explorer.exe进程。没进程就直接替换。
操作时按“Ctrl+Alt+Del”键打开任务管理器，结束相关进程。
在任务管理器上点“文件”》“新建任务”》“浏览”  将相关文件复制到相关文件夹里替换。
————————————————————————————————————————
做完以后立即重启让清理助手清理系统。
清理完以后，再扫个最新日志来打扫残余

任务管理器无法打开,文件无法复制,

那这里：
利用PE应付最近流行的感染系统文件病毒
http://bbs.ikaka.com/showtopic.a ... cid=8502100#8619474

安装PE系统备用，然后直接重启清理，清理完，再去做替换文件和别的事。

谢谢,还没下载完 pe,已经基本解决问题,不过还有些担心会不会重来,万分感谢楼上两位的帮助