不知道为什么,我的电脑总出现这个系列的病毒,每次关机之前总能扫描到30个,个个打不死的,很着急呀,现在人在国外,都没有人能帮忙的,希望大家能帮帮我.下面是我的日志.太长了，不好意思，我是菜鸟。。
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><; C:\WINDOWS\System32\ctfmon.exe>  [Microsoft Corporation]
    <Java Runtime Value><runjava.exe>  []
    <msnmsgr><; "C:\Program Files\MSN Messenger\msnmsgr.exe" /background>  [Microsoft Corporation]
    <svc><C:\WINDOWS\svchost.exe>  []
    <Skype><"D:\DownLoads\Phone\Skype.exe" /nosplash /minimized>  []
    <MSNShell><D:\DownLoads\MSNShell\BIN\MSNShell.exe autorun>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices]
    <Java Runtime Value><runjava.exe>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [Microsoft Corporation]
    <Cmaudio><RunDll32 cmicnfg.cpl,CMICtrlWnd>  []
    <SoundMAXPnP><C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe>  [Analog Devices, Inc.]
    <SoundMAX><"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray>  [Analog Devices, Inc.]
    <ATIPTA><rem C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe>  []
    <SynTPLpr><C:\Program Files\Synaptics\SynTP\SynTPLpr.exe>  [Synaptics, Inc.]
    <SynTPEnh><C:\Program Files\Synaptics\SynTP\SynTPEnh.exe>  [Synaptics, Inc.]
    <YDTMain.exe><rem C:\PROGRA~1\YDT\YDTMain.exe>  []
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <yassistse><"C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe">  [Yahoo!]
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  []
    <spoolsv><C:\WINDOWS\System32\spoolsv\spoolsv.exe -printer>  [广州傲讯信息科技有限公司]
    <mscfs><RUNDLL32 C:\WINDOWS\System32\msibm\cfsys.dll,cfs>  []
    <kc32update><rundll32 C:\WINDOWS\System32\kc32update.dll,AppMain>  []
    <SurfAccuracy><C:\Program Files\SurfAccuracy\SAcc.exe>  []
    <ReJf5vH><C:\WINDOWS\rybyndev.exe>  []
    <BigDog303><C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)>  []
    <RavTask><"D:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <SVCHOST><C:\WINDOWS\System32\SVCH0ST.EXE>  []
    <17lelestart><C:\Program Files\VisionNet\17lele\system\play.exe 17LELEMIN>  []
    <RichMedia><C:\WINDOWS\System32\Rundll32.exe  "C:\PROGRA~1\hbclient\HBHelper.dll",WaitWindows>  [Shanghai Henbang Technology Co., Ltd]
    <CnsMin><Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32>  [北京三七二一科技有限公司]
    <YLive.exe><C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe>  [ ]
    <system><C:\WINDOWS\System32\inetlnfo.exe>  []
    <helper.dll><C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <DTService><rundll32.exe C:\DOCUME~1\vivi\LOCALS~1\Temp\XP158T~1.DLL,Load>  []
    <ip_sec><rundll32.exe C:\PROGRA~1\COMMON~1\system\msdc32.dll,_S1>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><EXPLORER.EXE>  [Microsoft Corporation]
    <Userinit><C:\WINDOWS\System32\Userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><TopThemesLogonUI.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
    <{74F8B7BF-1576-4268-B90C-B77BDB6B783A}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\MsInfo.rr>  []
    <{08315C1A-9BA9-4B7C-A432-26885F78DF28}><>  []
    <{5EED7056-B89D-4DE8-A060-D285EA746799}><C:\SPY_WOOOL\SPY_DLL.dll>  []
    <{7A238B14-A6F1-11E0-9A84-00C04FD8DBF8}><C:\WINDOWS\System32\RunCpl.DLL>  []
    <{99F1D023-7CEB-4586-80F7-BB1A98DB7602}><C:\Program Files\Internet Explorer\IEXPLORE.Sys>  []
    <{CF49F9F2-A8D3-464F-83EC-6AFC6573C267}><C:\WINDOWS\System32\inetinfo.dll>  []
    <{7A238B14-A6F1-11E0-9A84-00C04FD8DBD8}><C:\WINDOWS\System32\system.dll>  []
    <{D157330A-9EF3-49F8-9A67-4141AC41ADD4}><C:\WINDOWS\downlo~1\CnsHook.dll>  [北京三七二一科技有限公司]

==================================
启动文件夹
[Microsoft Office]
  <C:\Documents and Settings\All Users.WINDOWS\「开始」菜单\程序\启动\Microsoft Office.lnk><N>

==================================
服务
[ACU Configuration Service / ACS]
  <C:\WINDOWS\System32\acs.exe><N/A>
[Ati HotKey Poller / Ati HotKey Poller]
  <C:\WINDOWS\System32\Ati2evxx.exe><N/A>
[Cisco Systems, Inc. VPN Service / CVPND]
  <D:\DownLoads\cvpnd.exe><Cisco Systems, Inc.>
[System Event Logger / DiRVIn]
  <C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A>
[IBM PM Service / IBMPMSVC]
  <C:\WINDOWS\System32\ibmpmsvc.exe><N/A>
[ClipManage / MouTALS]
  <C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A>
[RegSrvc / RegSrvc]
  <C:\WINDOWS\System32\RegSrvc.exe><Intel Corporation>
[Remote Lo / Remote Log]
  <system32\ServeHost.exee><N/A>
[Rising Process Communication Center / RsCCenter]
  <"D:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
  <"D:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Spectrum24 Event Monitor / S24EventMonitor]
  <C:\WINDOWS\System32\S24EvMon.exe><Intel Corporation>
[SoundMAX Agent Service / SoundMAX Agent Service (default)]
  <C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>
[IBM KCU Service / TpKmpSVC]
  <C:\WINDOWS\system32\TpKmpSVC.exe><N/A>

==================================

==================================
浏览器加载项
[wmpdrm]
  {0E674588-66B7-4E19-9D0E-2053B800F69F} <C:\WINDOWS\System32\wmpdrm.dll, N/A>
[AntiFish Class]
  {38928D50-8A48-44C2-945F-D2F23F771410} <C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll, Yahoo.>
[DragSearch BHO]
  {62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, >
[]
  {A9930D97-9CF0-42A0-A10D-4F28836579D5} <E:\KuGoo3DownXControl.ocx, N/A>
[HBObject Class]
  {AE22AFE5-1EF4-4D25-9E23-D2825FB17DA1} <C:\PROGRA~1\hbclient\HBHelper.dll, Shanghai Henbang Technology Co., Ltd>
[Webacc Class]
  {CAC068F3-A608-406B-8581-458788A67694} <C:\WINDOWS\System32\svchost.dll, >
[CnsHook Class]
  {D157330A-9EF3-49F8-9A67-4141AC41ADD4} <C:\WINDOWS\downlo~1\CnsHook.dll, 北京三七二一科技有限公司>
[]
  {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair, N/A>
[]
  {FD00D911-7529-4084-9946-A29F1BDF4FE5} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean, N/A>
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\System32\LegitCheckControl.DLL, Microsoft Corporation>
[YInstStarter Class]
  {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} <C:\Program Files\Yahoo!\Common\yinsthelper.dll, Yahoo! Inc.>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\System32\wuweb.dll, Microsoft Corporation>
[MUWebControl Class]
  {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\System32\muweb.dll, Microsoft Corporation>
[HbtInstObj]
  {8C875948-9C60-4381-9248-0DF180542D53} <C:\WINDOWS\Downloaded Program Files\HbInstIE.dll, Hotbar.com Inc.>
[MsnMessengerSetupDownloadControl Class]
  {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} <C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[SAIX]
  {DECEAAA2-370A-49BB-9362-68C3A58DDC62} <C:\WINDOWS\Downloaded Program Files\SAIX.dll, N/A>
[使用KuGoo3下载(&K)]
  <E:\KuGoo3DownX.htm, N/A>

==================================
正在运行的进程
[PID: 1224][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 1368][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 1392][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.1557 (xpsp2_gdr.040517-1325)>
[PID: 1436][C:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 1448][C:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 1620][C:\WINDOWS\System32\ibmpmsvc.exe]  <N/A><N/A>
[PID: 1688][C:\WINDOWS\System32\Ati2evxx.exe]  <N/A><N/A>
[PID: 1724][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 200][D:\Program Files\Rising\Rav\CCenter.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 240][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 364][C:\WINDOWS\System32\S24EvMon.exe]  <Intel Corporation ><8, 1, 0, 49a>
[PID: 476][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 916][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 976][D:\Program Files\Rising\Rav\Ravmond.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 1, 22>
    [D:\Program Files\Rising\Rav\BWList.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 18>
    [D:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [D:\Program Files\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [D:\Program Files\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [D:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [D:\Program Files\Rising\Rav\RsLog.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 20>
    [D:\Program Files\Rising\Rav\HOOKSYS.dll]  <Rising><18, 1, 0, 9>
    [D:\Program Files\Rising\Rav\Scanner.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 30>
    [D:\Program Files\Rising\Rav\libload.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [D:\Program Files\Rising\Rav\VirusLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [D:\Program Files\Rising\Rav\regmon.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
    [D:\Program Files\Rising\Rav\HookWeb.dll]  <rising><18, 0, 0, 1>
    [D:\Program Files\Rising\Rav\MemMon.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9>
    [D:\Program Files\Rising\Rav\expscan.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [D:\Program Files\Rising\Rav\mPorts.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 3>
    [D:\Program Files\Rising\Rav\MailMon.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [D:\Program Files\Rising\Rav\SpamEng.dll]  <N/A><18, 0, 0, 6>
    [D:\Program Files\Rising\Rav\engine.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 28>
    [D:\Program Files\Rising\Rav\PostTrt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9>
    [D:\Program Files\Rising\Rav\UnExe.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [D:\Program Files\Rising\Rav\ScanExec.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [D:\Program Files\Rising\Rav\ScanEx.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [D:\Program Files\Rising\Rav\NvFile.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
    [D:\Program Files\Rising\Rav\ScanMac.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
    [D:\Program Files\Rising\Rav\ScanSct.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 15>
    [D:\Program Files\Rising\Rav\Unpacker.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
    [D:\Program Files\Rising\Rav\RsStore.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [D:\Program Files\Rising\Rav\ExtOLE.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
    [D:\Program Files\Rising\Rav\ExtMail.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
[PID: 1592][C:\WINDOWS\system32\spoolsv.exe]  <Microsoft Corporation><5.1.2600.1699 (xpsp2.050610-1533)>
    [C:\WINDOWS\system32\CNMLM75.DLL]  <CANON INC.><1.90.2.20>
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD75.DLL]  <CANON INC.><1.90.2.20>
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNMUI75.DLL]  <CANON INC.><1.90.2.20>
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNMDR75.DLL]  <CANON INC.><1.90.2.20>
[PID: 1276][C:\WINDOWS\System32\Rundll32.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
    [C:\WINDOWS\downlo~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 2>
    [C:\WINDOWS\downlo~1\CnsMinIO.dll]  <北京三七二一科技有限公司><1, 0, 3, 6>
    [C:\WINDOWS\downlo~1\cnsio.dll]  <北京三七二一科技有限公司><1, 0, 2, 7>
[PID: 1808][C:\WINDOWS\Explorer.exe]  <Microsoft Corporation><6.00.2800.1106 (xpsp1.020828-1920)>
    [C:\WINDOWS\downlo~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 2>
    [C:\WINDOWS\system32\RavExt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
    [C:\WINDOWS\downlo~1\CnsHook.dll]  <北京三七二一科技有限公司><1, 0, 2, 7>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasnoad.dll]  <><1, 1, 4, 1006>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yzsNetProto.dll]  <Yahoo><1, 0, 0, 1>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
    [C:\WINDOWS\System32\msicn\msibm.dll]  <广州傲讯信息科技有限公司><2, 0, 0, 1>
    [C:\WINDOWS\System32\svchost.dll]  <><1, 0, 0, 1>
    [C:\WINDOWS\System32\msicn\plugins\bse.dll]  <广州傲讯信息科技有限公司><2, 0, 0, 1>
    [C:\WINDOWS\System32\msicn\plugins\lup.dll]  <N/A><N/A>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrepair.dll]  <Yahoo><1, 0, 6, 1319>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasfsks.dll]  <3721.com><2, 1, 1, 87>
    [c:\progra~1\yahoo!\assist~1\assist\yadfil~1.dll]  < ><1, 0, 3, 1002>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yoptimum.dll]  <Yahoo><1, 0, 1, 1001>
    [C:\PROGRA~1\yahoo!\assistant\Shell\yAssecblk.dll]  <Yahoo><1, 0, 2, 1002>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yXPStyle.dll]  <Yahoo><1, 0, 2, 1309>
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNMUI75.DLL]  <CANON INC.><1.90.2.20>
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNMDR75.DLL]  <CANON INC.><1.90.2.20>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\YAlive.dll]  <><2, 1, 5, 1045>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ywiper.dll]  <N/A><1, 0, 1, 1014>
    [C:\PROGRA~1\Yahoo!\Common\ymmapi.dll]  <Yahoo! Inc.><2004, 11, 23, 1>
    [C:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]  < ><2, 0, 1, 1007>
    [D:\DownLoads\MSNShell\BIN\ShellDll.dll]  <N/A><N/A>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL]  <><1, 2, 7, 1006>
    [E:\KuGoo3DownXControl.ocx]  <N/A><N/A>
    [D:\Program Files\ActiveX\PDFShell.dll]  <Adobe Systems, Inc.><7.0.0.0>
[PID: 1920][D:\DownLoads\cvpnd.exe]  <Cisco Systems, Inc.><4.8.00.0440>
    [C:\WINDOWS\System32\vsdata.dll]  <Zone Labs LLC><5.5.062.011>
    [C:\WINDOWS\System32\VSINIT.dll]  <Zone Labs LLC><5.5.062.011>
[PID: 656][C:\WINDOWS\SYSTEM32\RUNDLL32.EXE]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 672][C:\WINDOWS\SYSTEM32\RUNDLL32.EXE]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 940][C:\WINDOWS\System32\RegSrvc.exe]  <Intel Corporation><8, 1, 0, 49a>
[PID: 304][C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe]  <Analog Devices, Inc.><3, 2, 6, 0>
[PID: 540][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 624][C:\WINDOWS\system32\TpKmpSVC.exe]  <N/A><N/A>
[PID: 636][C:\WINDOWS\System32\wdfmgr.exe]  <Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)>
[PID: 196][D:\Program Files\Rising\Rav\RsAgent.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 12>
    [C:\WINDOWS\downlo~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 2>

[D:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
    [C:\WINDOWS\system32\RavExt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
    [C:\WINDOWS\downlo~1\CnsHook.dll]  <北京三七二一科技有限公司><1, 0, 2, 7>
[PID: 1660][C:\WINDOWS\msagent\AgentSvr.exe]  <Microsoft Corporation><2.00.0.3422>
    [C:\WINDOWS\downlo~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 2>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
    [D:\DownLoads\MSNShell\BIN\ShellDll.dll]  <N/A><N/A>
[PID: 2844][C:\WINDOWS\System32\ctfmon.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
    [C:\WINDOWS\downlo~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 2>
    [C:\WINDOWS\System32\msicn\msibm.dll]  <广州傲讯信息科技有限公司><2, 0, 0, 1>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
[PID: 1156][D:\Program Files\Rising\Rav\RavMon.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 1, 19>
    [D:\Program Files\Rising\Rav\RsGuiLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 24>
    [D:\Program Files\Rising\Rav\BWList.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 18>
    [D:\Program Files\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [D:\Program Files\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [D:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [D:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [D:\Program Files\Rising\Rav\PngDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [C:\WINDOWS\downlo~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 2>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
[PID: 1912][C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe]  < ><2, 0, 0, 1002>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
    [C:\WINDOWS\downlo~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 2>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\YAlive.dll]  <><2, 1, 5, 1045>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]  < ><2, 0, 1, 1007>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Ynotifier.dll]  <><1, 0, 0, 5>
    [D:\DownLoads\MSNShell\BIN\ShellDll.dll]  <N/A><N/A>
[PID: 4072][C:\WINDOWS\System32\Rundll32.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
    [C:\PROGRA~1\hbclient\HBHelper.dll]  <Shanghai Henbang Technology Co., Ltd><1, 1, 3, 3>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
    [C:\WINDOWS\downlo~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 2>
[PID: 804][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 2272][D:\DownLoads\MSNShell\BIN\MSNShell.exe]  <N/A><N/A>
    [D:\DownLoads\MSNShell\BIN\ShellDll.dll]  <N/A><N/A>
    [C:\WINDOWS\downlo~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 2>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
[PID: 3276][E:\Storm Codec\mplayerc.exe]  <Gabest><6, 4, 8, 4>
    [C:\WINDOWS\downlo~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 2>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
    [C:\WINDOWS\System32\msdmo.dll]  <N/A><N/A>
    [C:\WINDOWS\System32\ffdshow.ax]  <N/A><1.0.2.24>
    [E:\Storm Codec\Codecs\VSFilter.dll]  <Gabest><1, 0, 0, 9>
    [E:\Storm Codec\Codecs\mlcom.ax]  <Moonlight Cordless Ltd><1, 5, 173, 41217>
    [C:\WINDOWS\System32\DivXa32.acm]  <Hacked With Joy !><4.1.00.3920>
    [D:\DownLoads\MSNShell\BIN\ShellDll.dll]  <N/A><N/A>
[PID: 2944][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  <Microsoft Corporation><6.00.2800.1106 (xpsp1.020828-1920)>
    [D:\DownLoads\MSNShell\BIN\ShellDll.dll]  <N/A><N/A>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\yscrblock.dll]  <Yahoo><1, 0, 2, 1002>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\YAlive.dll]  <><2, 1, 5, 1045>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]  < ><2, 0, 1, 1007>
    [C:\WINDOWS\System32\wmpdrm.dll]  <N/A><2.0.0.1>
    [C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll]  <Yahoo.><1, 0, 2, 1002>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL]  <><1, 2, 7, 1006>
    [E:\KuGoo3DownXControl.ocx]  <N/A><N/A>
    [C:\PROGRA~1\hbclient\HBHelper.dll]  <Shanghai Henbang Technology Co., Ltd><1, 1, 3, 3>
    [C:\WINDOWS\System32\svchost.dll]  <><1, 0, 0, 1>
    [C:\WINDOWS\downlo~1\CnsHook.dll]  <北京三七二一科技有限公司><1, 0, 2, 7>
    [C:\WINDOWS\System32\msicn\msibm.dll]  <广州傲讯信息科技有限公司><2, 0, 0, 1>
[PID: 2664][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  <Microsoft Corporation><6.00.2800.1106 (xpsp1.020828-1920)>
    [D:\DownLoads\MSNShell\BIN\ShellDll.dll]  <N/A><N/A>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\yscrblock.dll]  <Yahoo><1, 0, 2, 1002>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\YAlive.dll]  <><2, 1, 5, 1045>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]  < ><2, 0, 1, 1007>
    [C:\WINDOWS\System32\wmpdrm.dll]  <N/A><2.0.0.1>
    [C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll]  <Yahoo.><1, 0, 2, 1002>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL]  <><1, 2, 7, 1006>
    [E:\KuGoo3DownXControl.ocx]  <N/A><N/A>
    [C:\PROGRA~1\hbclient\HBHelper.dll]  <Shanghai Henbang Technology Co., Ltd><1, 1, 3, 3>
    [C:\WINDOWS\System32\svchost.dll]  <><1, 0, 0, 1>
    [C:\WINDOWS\downlo~1\CnsHook.dll]  <北京三七二一科技有限公司><1, 0, 2, 7>
[PID: 3964][C:\Program Files\WinRAR\WinRAR.exe]  <N/A><N/A>
    [D:\DownLoads\MSNShell\BIN\ShellDll.dll]  <N/A><N/A>
    [C:\WINDOWS\downlo~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 2>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
[PID: 3976][C:\DOCUME~1\vivi\LOCALS~1\Temp\Rar$EX00.174\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>
    [D:\DownLoads\MSNShell\BIN\ShellDll.dll]  <N/A><N/A>
    [C:\WINDOWS\downlo~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 2>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

可以下个木马杀客试试,www.skycn.com有下载可以试

很乐意帮忙 不过能扫个HijackThis么?
http://forum.ikaka.com/topic.asp?board=28&artid=8105899
下载HijackThis...把日志帖上来..

[ACU Configuration Service / ACS]
<C:\WINDOWS\System32\acs.exe><N/A>
[IBM PM Service / IBMPMSVC]
<C:\WINDOWS\System32\ibmpmsvc.exe><N/A>
[Remote Lo / Remote Log]
<system32\ServeHost.exee><N/A>
[IBM KCU Service / TpKmpSVC]
<C:\WINDOWS\system32\TpKmpSVC.exe><N/A>

安全模式...打开注册表编辑器，展开：HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
搜索 ACS        IBMPMSVC        Remote Log    TpKmpSVC  删除...

删除
C:\WINDOWS\System32\acs.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\ServeHost.exee
C:\WINDOWS\system32\TpKmpSVC.exe

[System Event Logger / DiRVIn]
<C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A>
安全模式...打开注册表编辑器，展开：HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
搜索DiRVIn  删除..

删除
C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL

安全模式下 删除 c:\winnt\system32\wbem\irjit.dll

<spoolsv><C:\WINDOWS\System32\spoolsv\spoolsv.exe -printer> [广州傲讯信息科技有限公司]
<mscfs><RUNDLL32 C:\WINDOWS\System32\msibm\cfsys.dll,cfs> []
参考：http://forum.ikaka.com/topic.asp?board=28&artid=7948848

还有其他问题 扫个 HijackThis...