已上传日志!请帮忙解决!谢谢!

用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

操作方法看我签名

删除启动项

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]下
<NTdhcp><; >  [N/A]
<System><; >  [N/A]
删除服务及<>内exe文件
[Drivers Desktop Management / Drivers Desktop][Stopped/Auto Start]
  <C:\WINDOWS\system32\explore.exe><(File is missing)>

[Win32Serv0 / Win32Serv0][Stopped/Auto Start]
  <><(File is missing)>
[WinntServ / WinntServ][Running/Auto Start]
  <C:\WINDOWS\system32\76eaa.exe><Microsoft Corporation>
Ps：C:\WINDOWS\system32\76eaa.exe这个上传给瑞星吧
删除驱动
[19cmm0uh / 19cmm0uhk][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\19cmm0uhk.sys><N/A>

[ProtectorA / ProtectorA][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\ProtectorA.sys><N/A>

==================================
服务
[Drivers Desktop Management / Drivers Desktop][Stopped/Auto Start]
  <C:\WINDOWS\system32\explore.exe><(File is missing)>

[Event Service / Investor][Stopped/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\pdwio.dll><N/A>
[DCOM Service Process Manager / MSCOManager03][Stopped/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->c:\windows\inf\dev03.inf><N/A>

[OSEvent / OSEvent][Stopped/Auto Start]
  <C:\WINDOWS\system32\s.exe><(File is missing)>

[TechnicSupport / TechnicSupport][Stopped/Auto Start]
  <C:\WINDOWS\system32\76eaa.exe><Microsoft Corporation>
[Win32Serv0 / Win32Serv0][Stopped/Auto Start]
  <><(File is missing)>
[WinntServ / WinntServ][Running/Auto Start]
  <C:\WINDOWS\system32\76eaa.exe><Microsoft Corporation>

==================================
驱动程序
[19cmm0uh / 19cmm0uhk][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\19cmm0uhk.sys><N/A>


[pmcl / pmcli][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\pmcli.sys><N/A>
[Protector / Protector][Running/System Start]
  <system32\drivers\Protector.sys><N/A>
[ProtectorA / ProtectorA][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\ProtectorA.sys><N/A>


==================================
浏览器加载项

[Invoke Class]
  {0E0A0CA7-FB0E-44ab-AEBA-6025B0F530A0} <C:\WINDOWS\system32\b76a.dll, >
[BHO Class]
  {1307E689-5CA1-4a15-9583-F2350790290D} <C:\WINDOWS\system32\krax9v0.dll, N/A>


[Invoke Class]
  {77C79239-0295-45ca-ABB5-467F2879E93F} <C:\WINDOWS\system32\b76a.dll, >

[Invoke Class]
  {0E0A0CA7-FB0E-44AB-AEBA-6025B0F530A0} <C:\WINDOWS\system32\b76a.dll, >
[BHO Class]
  {1307E689-5CA1-4A15-9583-F2350790290D} <C:\WINDOWS\system32\krax9v0.dll, N/A>

[Invoke Class]
  {77C79239-0295-45CA-ABB5-467F2879E93F} <C:\WINDOWS\system32\b76a.dll, >

[WDCCBCtrl Class]
  {CE0460F5-48BD-4DC1-A046-0BDCB5A06CEB} <C:\WINDOWS\system32\WDCCB.dll, >



==================================
正在运行的进程


    [C:\WINDOWS\system32\b76a.dll]  [, 1, 1, 0, 2]


[PID: 3616][C:\WINDOWS\system32\76eaa.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

    [C:\WINDOWS\system32\eba.dll]  [  , 1, 0, 0, 3]

    [C:\WINDOWS\system32\b76a.dll]  [, 1, 1, 0, 2]


==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]

.CHM  Error. ["hh.exe" %1]
.HLP  Error. [C:\WINDOWS\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  Error. [C:\WINDOWS\NOTEPAD.EXE %1]


==================================

普通自启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
RavTask = "C:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE" -SYSTEM
BluetoothAuthenticationAgent = ; RUNDLL32.EXE BTHPROPS.CPL,,BLUETOOTHAUTHENTICATIONAGENT
Cmaudio = ; RUNDLL32 CMICNFG.CPL,CMICTRLWND
KernelFaultCheck = ; %SYSTEMROOT%\SYSTEM32\DUMPREP 0 -K
runeip = "C:\PROGRAM FILES\RISING\ANTISPYWARE\RSTRAY.EXE" /STARTUP

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe = C:\WINDOWS\SYSTEM32\CTFMON.EXE
H/PC Connection Agent = "C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE"


AppInit_DLLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs = kmon.dll


Winlogon 启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
crypt32chain = CRYPT32.DLL
cryptnet = CRYPTNET.DLL
cscdll = CSCDLL.DLL
igfxcui = IGFXSRVC.DLL
ScCertProp = WLNOTIFY.DLL
Schedule = WLNOTIFY.DLL
sclgntfy = SCLGNTFY.DLL
SensLogn = WLNOTIFY.DLL
termsrv = WLNOTIFY.DLL
wlballoon = WLNOTIFY.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit = C:\WINDOWS\SYSTEM32\USERINIT.EXE,
shell = EXPLORER.EXE


IE - BHO
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{BF182DBF-1283-4BD3-86EE-D3239228770C} = C:\Program Files\Tencent\qq\QQZoneHelper.dll


Winsock SPI
MSAFD Tcpip [TCP/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [UDP/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [RAW/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
RSVP UDP Service Provider = C:\WINDOWS\SYSTEM32\RSVPSP.DLL
RSVP TCP Service Provider = C:\WINDOWS\SYSTEM32\RSVPSP.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{E8F1DFC8-2FA1-4069-890C-D15474CEDC9E}] SEQPACKET 0 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{E8F1DFC8-2FA1-4069-890C-D15474CEDC9E}] DATAGRAM 0 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{31E9B3B9-4FC5-454F-980A-065C9A501B73}] SEQPACKET 1 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{31E9B3B9-4FC5-454F-980A-065C9A501B73}] DATAGRAM 1 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{F10512B2-A328-4F57-9DFF-35A5244FE36E}] SEQPACKET 2 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{F10512B2-A328-4F57-9DFF-35A5244FE36E}] DATAGRAM 2 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL

系统服务项
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
Alerter = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
ALG = C:\WINDOWS\SYSTEM32\ALG.EXE
AppMgmt = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
AudioSrv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
BITS = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Browser = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
BthServ = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K BTHSVCS
CiSvc = C:\WINDOWS\SYSTEM32\CISVC.EXE
ClipSrv = C:\WINDOWS\SYSTEM32\CLIPSRV.EXE
COMSysApp = C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{02D4B3F1-FD88-11D1-960D-00805FC79235}
CryptSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
DcomLaunch = C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH
Dhcp = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
dmadmin = C:\WINDOWS\SYSTEM32\DMADMIN.EXE /COM
dmserver = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Dnscache = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETWORKSERVICE
ERSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Eventlog = C:\WINDOWS\SYSTEM32\SERVICES.EXE
EventSystem = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
FastUserSwitchingCompatibility = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
gusvc = "C:\PROGRAM FILES\GOOGLE\COMMON\GOOGLE UPDATER\GOOGLEUPDATERSERVICE.EXE"
helpsvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
HidServ = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
HTTPFilter = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K HTTPFILTER
IDriverT = "C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\DRIVER\1050\INTEL 32\IDRIVERT.EXE"
IISADMIN = C:\WINDOWS\SYSTEM32\INETSRV\INETINFO.EXE
ImapiService = C:\WINDOWS\SYSTEM32\IMAPI.EXE
Investor = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
lanmanworkstation = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
LmHosts = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
MDM = "C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE"
Messenger = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
mnmsrvc = C:\WINDOWS\SYSTEM32\MNMSRVC.EXE
MSCOManager03 = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
MSDTC = C:\WINDOWS\SYSTEM32\MSDTC.EXE
MSIServer = C:\WINDOWS\SYSTEM32\MSIEXEC.EXE /V
NetDDE = C:\WINDOWS\SYSTEM32\NETDDE.EXE
NetDDEdsdm = C:\WINDOWS\SYSTEM32\NETDDE.EXE
Netlogon = C:\WINDOWS\SYSTEM32\LSASS.EXE
Netman = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Nla = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
NtLmSsp = C:\WINDOWS\SYSTEM32\LSASS.EXE
NtmsSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
O&O Defrag = C:\WINDOWS\SYSTEM32\OODAG.EXE
ose = C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\SOURCE ENGINE\OSE.EXE
PlugPlay = C:\WINDOWS\SYSTEM32\SERVICES.EXE
Pml Driver HPZ12 = C:\WINDOWS\SYSTEM32\HPZIPM12.EXE
PolicyAgent = C:\WINDOWS\SYSTEM32\LSASS.EXE
ProtectedStorage = C:\WINDOWS\SYSTEM32\LSASS.EXE
RasAuto = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RasMan = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RDSessMgr = C:\WINDOWS\SYSTEM32\SESSMGR.EXE
RemoteAccess = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RemoteRegistry = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
RpcLocator = C:\WINDOWS\SYSTEM32\LOCATOR.EXE
RpcSs = C:\WINDOWS\SYSTEM32\SVCHOST -K RPCSS
RsCCenter = "C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE"
RsRavMon = "C:\PROGRAM FILES\RISING\RAV\RAVMOND.EXE"
RSVP = C:\WINDOWS\SYSTEM32\RSVP.EXE
SamSs = C:\WINDOWS\SYSTEM32\LSASS.EXE
SCardSvr = C:\WINDOWS\SYSTEM32\SCARDSVR.EXE
Schedule = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
seclogon = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SENS = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SharedAccess = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
ShellHWDetection = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SMTPSVC = C:\WINDOWS\SYSTEM32\INETSRV\INETINFO.EXE
Spooler = C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
srservice = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SSDPSRV = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
stisvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K IMGSVC
SwPrv = C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{7303AE2E-9EB7-457F-92C8-A2124220A38F}
SysmonLog = C:\WINDOWS\SYSTEM32\SMLOGSVC.EXE
TapiSrv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
TermService = C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH
Themes = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
TlntSvr = C:\WINDOWS\SYSTEM32\TLNTSVR.EXE
TrkWks = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
upnphost = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
UPS = C:\WINDOWS\SYSTEM32\UPS.EXE
VSS = C:\WINDOWS\SYSTEM32\VSSVC.EXE
W32Time = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
W3SVC = C:\WINDOWS\SYSTEM32\INETSRV\INETINFO.EXE
WebClient = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
winmgmt = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WmdmPmSN = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Wmi = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WmiApSrv = C:\WINDOWS\SYSTEM32\WBEM\WMIAPSRV.EXE
wscsvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
wuauserv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WZCSVC = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
xmlprov = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS


文件驱动
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
FltMgr = C:\WINDOWS\SYSTEM32\DRIVERS\FLTMGR.SYS
MRxDAV = C:\WINDOWS\SYSTEM32\DRIVERS\MRXDAV.SYS
MRxSmb = C:\WINDOWS\SYSTEM32\DRIVERS\MRXSMB.SYS
NetBIOS = C:\WINDOWS\SYSTEM32\DRIVERS\NETBIOS.SYS
Rdbss = C:\WINDOWS\SYSTEM32\DRIVERS\RDBSS.SYS
sr = C:\WINDOWS\SYSTEM32\DRIVERS\SR.SYS


系统驱动项
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
ACPI = C:\WINDOWS\SYSTEM32\DRIVERS\ACPI.SYS
aec = C:\WINDOWS\SYSTEM32\DRIVERS\AEC.SYS
AFD = C:\WINDOWS\SYSTEM32\DRIVERS\AFD.SYS
AsyncMac = C:\WINDOWS\SYSTEM32\DRIVERS\ASYNCMAC.SYS
atapi = C:\WINDOWS\SYSTEM32\DRIVERS\ATAPI.SYS
Atmarpc = C:\WINDOWS\SYSTEM32\DRIVERS\ATMARPC.SYS
audstub = C:\WINDOWS\SYSTEM32\DRIVERS\AUDSTUB.SYS
BaseTDI = C:\WINDOWS\SYSTEM32\DRIVERS\BASETDI.SYS
BlueletAudio = C:\WINDOWS\SYSTEM32\DRIVERS\BLUELETAUDIO.SYS
BlueletSCOAudio = C:\WINDOWS\SYSTEM32\DRIVERS\BLUELETSCOAUDIO.SYS
BT = C:\WINDOWS\SYSTEM32\DRIVERS\BTNETDRV.SYS
Btcsrusb = C:\WINDOWS\SYSTEM32\DRIVERS\BTCUSB.SYS
BthEnum = C:\WINDOWS\SYSTEM32\DRIVERS\BTHENUM.SYS
BTHidEnum = C:\WINDOWS\SYSTEM32\DRIVERS\VBTENUM.SYS
BTHidMgr = C:\WINDOWS\SYSTEM32\DRIVERS\BTHIDMGR.SYS
BTHMODEM = C:\WINDOWS\SYSTEM32\DRIVERS\BTHMODEM.SYS
BthPan = C:\WINDOWS\SYSTEM32\DRIVERS\BTHPAN.SYS
BTHPORT = C:\WINDOWS\SYSTEM32\DRIVERS\BTHPORT.SYS
BTHUSB = C:\WINDOWS\SYSTEM32\DRIVERS\BTHUSB.SYS
BTNetFilter = C:\PROGRAM FILES\IVT CORPORATION\BLUESOLEIL\DEVICE\WIN2K\BTNETFILTER.SYS
CCDECODE = C:\WINDOWS\SYSTEM32\DRIVERS\CCDECODE.SYS
Cdrom = C:\WINDOWS\SYSTEM32\DRIVERS\CDROM.SYS
cmuda = C:\WINDOWS\SYSTEM32\DRIVERS\CMUDA.SYS
Disk = C:\WINDOWS\SYSTEM32\DRIVERS\DISK.SYS
dmboot = C:\WINDOWS\SYSTEM32\DRIVERS\DMBOOT.SYS
dmio = C:\WINDOWS\SYSTEM32\DRIVERS\DMIO.SYS
dmload = C:\WINDOWS\SYSTEM32\DRIVERS\DMLOAD.SYS
DMusic = C:\WINDOWS\SYSTEM32\DRIVERS\DMUSIC.SYS
drmkaud = C:\WINDOWS\SYSTEM32\DRIVERS\DRMKAUD.SYS
Fdc = C:\WINDOWS\SYSTEM32\DRIVERS\FDC.SYS
Flpydisk = C:\WINDOWS\SYSTEM32\DRIVERS\FLPYDISK.SYS
FsVga = C:\WINDOWS\SYSTEM32\DRIVERS\FSVGA.SYS
Ftdisk = C:\WINDOWS\SYSTEM32\DRIVERS\FTDISK.SYS
gameenum = C:\WINDOWS\SYSTEM32\DRIVERS\GAMEENUM.SYS
Gpc = C:\WINDOWS\SYSTEM32\DRIVERS\MSGPC.SYS
HidUsb = C:\WINDOWS\SYSTEM32\DRIVERS\HIDUSB.SYS
HookCont = C:\WINDOWS\SYSTEM32\DRIVERS\HOOKCONT.SYS
HookNtos = C:\WINDOWS\SYSTEM32\DRIVERS\HOOKNTOS.SYS
HookReg = C:\WINDOWS\SYSTEM32\DRIVERS\HOOKREG.SYS
HookSys = C:\WINDOWS\SYSTEM32\DRIVERS\HOOKSYS.SYS
HTTP = C:\WINDOWS\SYSTEM32\DRIVERS\HTTP.SYS
i8042prt = C:\WINDOWS\SYSTEM32\DRIVERS\I8042PRT.SYS
ialm = C:\WINDOWS\SYSTEM32\DRIVERS\IALMNT5.SYS
Imapi = C:\WINDOWS\SYSTEM32\DRIVERS\IMAPI.SYS
IntelIde = C:\WINDOWS\SYSTEM32\DRIVERS\INTELIDE.SYS
intelppm = C:\WINDOWS\SYSTEM32\DRIVERS\INTELPPM.SYS
ip6fw = C:\WINDOWS\SYSTEM32\DRIVERS\IP6FW.SYS
IpFilterDriver = C:\WINDOWS\SYSTEM32\DRIVERS\IPFLTDRV.SYS
IpInIp = C:\WINDOWS\SYSTEM32\DRIVERS\IPINIP.SYS
IpNat = C:\WINDOWS\SYSTEM32\DRIVERS\IPNAT.SYS
IPSec = C:\WINDOWS\SYSTEM32\DRIVERS\IPSEC.SYS
IRENUM = C:\WINDOWS\SYSTEM32\DRIVERS\IRENUM.SYS
isapnp = C:\WINDOWS\SYSTEM32\DRIVERS\ISAPNP.SYS
KAVBootC = C:\WINDOWS\SYSTEM32\DRIVERS\KAVBOOTC.SYS
KAVSafe = C:\WINDOWS\SYSTEM32\DRIVERS\KAVSAFE.SYS
Kbdclass = C:\WINDOWS\SYSTEM32\DRIVERS\KBDCLASS.SYS
kmixer = C:\WINDOWS\SYSTEM32\DRIVERS\KMIXER.SYS
Mouclass = C:\WINDOWS\SYSTEM32\DRIVERS\MOUCLASS.SYS
MSKSSRV = C:\WINDOWS\SYSTEM32\DRIVERS\MSKSSRV.SYS
MSPCLOCK = C:\WINDOWS\SYSTEM32\DRIVERS\MSPCLOCK.SYS
MSPQM = C:\WINDOWS\SYSTEM32\DRIVERS\MSPQM.SYS
mssmbios = C:\WINDOWS\SYSTEM32\DRIVERS\MSSMBIOS.SYS
MSTEE = C:\WINDOWS\SYSTEM32\DRIVERS\MSTEE.SYS
NABTSFEC = C:\WINDOWS\SYSTEM32\DRIVERS\NABTSFEC.SYS
NdisIP = C:\WINDOWS\SYSTEM32\DRIVERS\NDISIP.SYS
NdisTapi = C:\WINDOWS\SYSTEM32\DRIVERS\NDISTAPI.SYS
Ndisuio = C:\WINDOWS\SYSTEM32\DRIVERS\NDISUIO.SYS
NdisWan = C:\WINDOWS\SYSTEM32\DRIVERS\NDISWAN.SYS
NetBT = C:\WINDOWS\SYSTEM32\DRIVERS\NETBT.SYS
npkcrypt = C:\PROGRAM FILES\TENCENT\QQ\NPKCRYPT.SYS
NwlnkFlt = C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKFLT.SYS
NwlnkFwd = C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKFWD.SYS
Parport = C:\WINDOWS\SYSTEM32\DRIVERS\PARPORT.SYS
PCI = C:\WINDOWS\SYSTEM32\DRIVERS\PCI.SYS
PCIIde = C:\WINDOWS\SYSTEM32\DRIVERS\PCIIDE.SYS
pmcli = C:\WINDOWS\SYSTEM32\DRIVERS\PMCLI.SYS
PptpMiniport = C:\WINDOWS\SYSTEM32\DRIVERS\RASPPTP.SYS
Processor = C:\WINDOWS\SYSTEM32\DRIVERS\PROCESSR.SYS
Protector = C:\WINDOWS\SYSTEM32\DRIVERS\PROTECTOR.SYS
PSched = C:\WINDOWS\SYSTEM32\DRIVERS\PSCHED.SYS
Ptilink = C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS
PxHelp20 = C:\WINDOWS\SYSTEM32\DRIVERS\PXHELP20.SYS
RasAcd = C:\WINDOWS\SYSTEM32\DRIVERS\RASACD.SYS
Rasl2tp = C:\WINDOWS\SYSTEM32\DRIVERS\RASL2TP.SYS
RasPppoe = C:\WINDOWS\SYSTEM32\DRIVERS\RASPPPOE.SYS
Raspti = C:\WINDOWS\SYSTEM32\DRIVERS\RASPTI.SYS
RDPCDD = C:\WINDOWS\SYSTEM32\DRIVERS\RDPCDD.SYS
rdpdr = C:\WINDOWS\SYSTEM32\DRIVERS\RDPDR.SYS
redbook = C:\WINDOWS\SYSTEM32\DRIVERS\REDBOOK.SYS
RFCOMM = C:\WINDOWS\SYSTEM32\DRIVERS\RFCOMM.SYS
ROOTMODEM = C:\WINDOWS\SYSTEM32\DRIVERS\ROOTMDM.SYS
RsNTGDI = C:\WINDOWS\SYSTEM32\DRIVERS\RSNTGDI.SYS
rtl8139 = C:\WINDOWS\SYSTEM32\DRIVERS\RTL8139.SYS
ScsiPort = C:\WINDOWS\SYSTEM32\DRIVERS\SCSIPORT.SYS
Secdrv = C:\WINDOWS\SYSTEM32\DRIVERS\SECDRV.SYS
serenum = C:\WINDOWS\SYSTEM32\DRIVERS\SERENUM.SYS
Serial = C:\WINDOWS\SYSTEM32\DRIVERS\SERIAL.SYS
SLIP = C:\WINDOWS\SYSTEM32\DRIVERS\SLIP.SYS
SONYPVU1 = C:\WINDOWS\SYSTEM32\DRIVERS\SONYPVU1.SYS
splitter = C:\WINDOWS\SYSTEM32\DRIVERS\SPLITTER.SYS
SSFMNT = C:\WINDOWS\SYSTEM32\DRIVERS\SSFMNT.SYS
ssm_bus = C:\WINDOWS\SYSTEM32\DRIVERS\SSM_BUS.SYS
ssm_mdfl = C:\WINDOWS\SYSTEM32\DRIVERS\SSM_MDFL.SYS
ssm_mdm = C:\WINDOWS\SYSTEM32\DRIVERS\SSM_MDM.SYS
streamip = C:\WINDOWS\SYSTEM32\DRIVERS\STREAMIP.SYS
swenum = C:\WINDOWS\SYSTEM32\DRIVERS\SWENUM.SYS
swmidi = C:\WINDOWS\SYSTEM32\DRIVERS\SWMIDI.SYS
sysaudio = C:\WINDOWS\SYSTEM32\DRIVERS\SYSAUDIO.SYS
Tcpip = C:\WINDOWS\SYSTEM32\DRIVERS\TCPIP.SYS
TermDD = C:\WINDOWS\SYSTEM32\DRIVERS\TERMDD.SYS
Update = C:\WINDOWS\SYSTEM32\DRIVERS\UPDATE.SYS
usbbus = C:\WINDOWS\SYSTEM32\DRIVERS\LGUSBBUS.SYS
usbccgp = C:\WINDOWS\SYSTEM32\DRIVERS\USBCCGP.SYS
usbehci = C:\WINDOWS\SYSTEM32\DRIVERS\USBEHCI.SYS
usbhub = C:\WINDOWS\SYSTEM32\DRIVERS\USBHUB.SYS
USBModem = C:\WINDOWS\SYSTEM32\DRIVERS\LGUSBMODEM.SYS
usbprint = C:\WINDOWS\SYSTEM32\DRIVERS\USBPRINT.SYS
usbscan = C:\WINDOWS\SYSTEM32\DRIVERS\USBSCAN.SYS
usbser = C:\WINDOWS\SYSTEM32\DRIVERS\USBSER.SYS
usbsermpt = C:\WINDOWS\SYSTEM32\DRIVERS\USBSERMPT.SYS
USBSTOR = C:\WINDOWS\SYSTEM32\DRIVERS\USBSTOR.SYS
usbuhci = C:\WINDOWS\SYSTEM32\DRIVERS\USBUHCI.SYS
usb_rndisx = C:\WINDOWS\SYSTEM32\DRIVERS\USB8023X.SYS
VComm = C:\WINDOWS\SYSTEM32\DRIVERS\VCOMM.SYS
VcommMgr = C:\WINDOWS\SYSTEM32\DRIVERS\VCOMMMGR.SYS
VgaSave = C:\WINDOWS\SYSTEM32\DRIVERS\VGA.SYS
Wanarp = C:\WINDOWS\SYSTEM32\DRIVERS\WANARP.SYS
wceusbsh = C:\WINDOWS\SYSTEM32\DRIVERS\WCEUSBSH.SYS
wdmaud = C:\WINDOWS\SYSTEM32\DRIVERS\WDMAUD.SYS
WS2IFSL = C:\WINDOWS\SYSTEM32\DRIVERS\WS2IFSL.SYS
WSTCODEC = C:\WINDOWS\SYSTEM32\DRIVERS\WSTCODEC.SYS
ZSMC301b = C:\WINDOWS\SYSTEM32\DRIVERS\USBVM31B.SYS
{6080A529-897E-4629-A488-ABA0C29B635E} = C:\WINDOWS\SYSTEM32\DRIVERS\IALMSBW.SYS
{D31A0762-0CEB-444e-ACFF-B049A1F6FE91} = C:\WINDOWS\SYSTEM32\DRIVERS\IALMKCHW.SYS

系统活动进程
C:\PROGRAM FILES\RISING\RAV\RAVSTUB.EXE
C:\PROGRAM FILES\RISING\RAV\PROCCOM.DLL
C:\PROGRAM FILES\RISING\RAV\RSCOMMX2.DLL
C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL
C:\WINDOWS\SYSTEM32\INETSRV\INETINFO.EXE
C:\WINDOWS\SYSTEM32\KMON.DLL
C:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE
C:\PROGRAM FILES\RISING\RAV\PROCCOM.DLL
C:\PROGRAM FILES\RISING\RAV\RSCOMMX2.DLL
C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL
C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.DLL
C:\PROGRAM FILES\RISING\RAV\CFGDLL.DLL
C:\PROGRAM FILES\RISING\RAV\RAVMON.EXE
C:\WINDOWS\SYSTEM32\MFC71.DLL
C:\WINDOWS\SYSTEM32\MSVCR71.DLL
C:\WINDOWS\SYSTEM32\MSVCP71.DLL
C:\WINDOWS\SYSTEM32\MFC71CHS.DLL
C:\PROGRAM FILES\RISING\RAV\PROCCOM.DLL
C:\PROGRAM FILES\RISING\RAV\RSCOMMX2.DLL
C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL
C:\PROGRAM FILES\RISING\RAV\RECOMP.DLL
C:\PROGRAM FILES\RISING\RAV\REFS.DLL
C:\PROGRAM FILES\RISING\RAV\VIRUSLIB.DLL
C:\PROGRAM FILES\RISING\RAV\RELIBLDR.DLL
C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.DLL
C:\PROGRAM FILES\RISING\RAV\CFGDLL.DLL
C:\PROGRAM FILES\RISING\RAV\MONRULE.DLL
C:\PROGRAM FILES\RISING\RAV\PNGDLL.DLL
C:\PROGRAM FILES\RISING\RAV\RSGUILIB.DLL
C:\PROGRAM FILES\RISING\RAV\RSXML.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\WINDOWS\SYSTEM32\KMON.DLL
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\2052\MDMUI.DLL
C:\WINDOWS\SYSTEM32\SMSS.EXE
C:\WINDOWS\SYSTEM32\CSRSS.EXE
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\SYSTEM32\MSACM32.DRV
C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\SYSTEM32\LSASS.EXE
C:\PROGRAM FILES\RISING\ANTISPYWARE\RSTRAY.EXE
C:\WINDOWS\SYSTEM32\KMON.DLL
C:\PROGRAM FILES\RISING\ANTISPYWARE\RSMGINFO.DLL
C:\PROGRAM FILES\RISING\ANTISPYWARE\RSXML.DLL
C:\PROGRAM FILES\RISING\ANTISPYWARE\MSVCP71.DLL
C:\PROGRAM FILES\RISING\ANTISPYWARE\MSVCR71.DLL
C:\PROGRAM FILES\RISING\ANTISPYWARE\COMSERV.DLL
C:\PROGRAM FILES\RISING\ANTISPYWARE\SYSLAY.DLL
C:\PROGRAM FILES\RISING\ANTISPYWARE\RSCOMMON.DLL
C:\PROGRAM FILES\RISING\ANTISPYWARE\COMX3.DLL
C:\PROGRAM FILES\RISING\ANTISPYWARE\PNGDLL.DLL
C:\PROGRAM FILES\RISING\ANTISPYWARE\RUNIEP.DLL
C:\PROGRAM FILES\RISING\RAV\PROCCOM.DLL
C:\PROGRAM FILES\RISING\RAV\RSCOMMX2.DLL
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\OODAG.EXE
C:\WINDOWS\SYSTEM32\CTFMON.EXE
C:\WINDOWS\SYSTEM32\KMON.DLL
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\WUPS2.DLL
C:\WINDOWS\SYSTEM32\HPZIPM12.EXE
C:\WINDOWS\SYSTEM32\KMON.DLL
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE
C:\WINDOWS\SYSTEM32\CEUTIL.DLL
C:\WINDOWS\SYSTEM32\RAPI.DLL
C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\TCP2UDP.DLL
C:\WINDOWS\SYSTEM32\KMON.DLL
C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\RAPIPROXYSTUB.DLL
C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\DTPTDNS.DLL
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\ALG.EXE
C:\WINDOWS\SYSTEM32\KMON.DLL
C:\PROGRAM FILES\RISING\RAV\RAVMOND.EXE
C:\PROGRAM FILES\RISING\RAV\BWLIST.DLL
C:\WINDOWS\SYSTEM32\MFC71.DLL
C:\WINDOWS\SYSTEM32\MSVCR71.DLL
C:\WINDOWS\SYSTEM32\MSVCP71.DLL
C:\WINDOWS\SYSTEM32\MFC71CHS.DLL
C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.DLL
C:\PROGRAM FILES\RISING\RAV\CFGDLL.DLL
C:\PROGRAM FILES\RISING\RAV\RSLOG.DLL
C:\PROGRAM FILES\RISING\RAV\PROCCOM.DLL
C:\PROGRAM FILES\RISING\RAV\RSCOMMX2.DLL
C:\PROGRAM FILES\RISING\RAV\MONRULE.DLL
C:\PROGRAM FILES\RISING\RAV\HOOKSYS.DLL
C:\PROGRAM FILES\RISING\RAV\HOOKREG.DLL
C:\PROGRAM FILES\RISING\RAV\HOOKNTOS.DLL
C:\PROGRAM FILES\RISING\RAV\RSWALMON.DLL
C:\PROGRAM FILES\RISING\RAV\RECOMP.DLL
C:\PROGRAM FILES\RISING\RAV\REFS.DLL
C:\PROGRAM FILES\RISING\RAV\FFR.DLL
C:\PROGRAM FILES\RISING\RAV\RSSTORE.DLL
C:\PROGRAM FILES\RISING\RAV\HOOKCONT.DLL
C:\PROGRAM FILES\RISING\RAV\FAKESCAN.DLL
C:\PROGRAM FILES\RISING\RAV\SCANNER.DLL
C:\PROGRAM FILES\RISING\RAV\VIRUSLIB.DLL
C:\PROGRAM FILES\RISING\RAV\RELIBLDR.DLL
C:\PROGRAM FILES\RISING\RAV\HOOKWEB.DLL
C:\PROGRAM FILES\RISING\RAV\NVFILE.DLL
C:\PROGRAM FILES\RISING\RAV\SCANEXEC.DLL
C:\PROGRAM FILES\RISING\RAV\UNEXE.DLL
C:\PROGRAM FILES\RISING\RAV\SCANEX.DLL
C:\PROGRAM FILES\RISING\RAV\PEARC.DLL
C:\PROGRAM FILES\RISING\RAV\EXTFILE.DLL
C:\PROGRAM FILES\RISING\RAV\SCANPACK.DLL
C:\PROGRAM FILES\RISING\RAV\REVM.DLL
C:\PROGRAM FILES\RISING\RAV\URUTILS.DLL
C:\PROGRAM FILES\RISING\RAV\UR000.DAT
C:\PROGRAM FILES\RISING\RAV\SCRIPTCI.DLL
C:\PROGRAM FILES\RISING\RAV\UR023.DAT
C:\PROGRAM FILES\RISING\RAV\UROUTINE.DLL
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\SYSTEM32\HPZLNT04.DLL
C:\WINDOWS\SYSTEM32\HPZLL4PI.DLL
C:\WINDOWS\SYSTEM32\MDIMON.DLL
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\HPZPP4PI.DLL
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\MDIPPR.DLL
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM32\KMON.DLL
C:\WINDOWS\SYSTEM32\MSACM32.DRV
C:\PROGRA~1\MI3AA1~1\RAPIMGR.EXE
C:\WINDOWS\SYSTEM32\CEUTIL.DLL
C:\WINDOWS\SYSTEM32\KMON.DLL
C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\RAPIPROXYSTUB.DLL
C:\DOCUMENTS AND SETTINGS\彭健\桌面\RSDETECT.EXE
C:\WINDOWS\SYSTEM32\KMON.DLL
C:\PROGRAM FILES\RISING\ANTISPYWARE\COMX3.DLL
C:\PROGRAM FILES\RISING\ANTISPYWARE\SYSLAY.DLL
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\WINDOWS\SYSTEM32\KMON.DLL
C:\PROGRAM FILES\RISING\ANTISPYWARE\COMX3.DLL
C:\PROGRAM FILES\RISING\ANTISPYWARE\SYSLAY.DLL
C:\WINDOWS\DOWNLO~1\B67AC.DLL

楼主贴这个是何意？

楼主
请按照我们的方法操作
先删除病毒文件并用暴力删除工具（我签名里有介绍抑制再生）
再处理注册表项目等

请再次上传SRENG的日志
谢谢合作

感谢帮助!我是按高手的方法处理的,但仍未解决!上传的日志是处理后生成的,请帮忙看下有没问题!

加载c:\windows\system32\ebb.dll出错,弹出广告仍未解决!重传日志~!请帮忙!

1.这里官网下载费尔木马强力清除助手,勾选“清除，并抑制文件再次生成”后删除以下文件：
(不管文件是否存在，删一次没坏处，如果提示文件不存在，不管他，直接继续下面的修复）。
http://dl.filseclab.com/down/powerrmv.zip

c:\windows\downlo~1\b67sc.dll
c:\windows\system32\76eaa.exe
c:\windows\system32\drivers\pmcli.sys
c:\windows\system32\k5g9ywf.dll
c:\windows\system32\b76a.dll

2.删除重启后使用SREng修复下面各项：

    启动项目 －－ 服务 －－ Win32服务应用程序之如下项删除：
[NCU / NCU] 

    启动项目 －－ 服务－－ 驱动程序之如下项禁用：
[pmcl / pmcli] 

    系统修复－－　浏览器加载项之如下项删除：
[BHO Class]    <C:\WINDOWS\system32\k5g9ywf.dll>
[Invoke Class]    <C:\WINDOWS\system32\b76a.dll>
[Invoke Class]    <C:\WINDOWS\system32\b76a.dll>
[BHO Class]    <C:\WINDOWS\system32\k5g9ywf.dll>
[Invoke Class]    <C:\WINDOWS\system32\b76a.dll>
[Invoke Class]    <C:\WINDOWS\system32\b76a.dll>

做完下载以下软件清理一次并更新杀毒软件至最新进行全盘杀毒一次

清理系统临时文件和IE临时文件夹
http://www.atribune.org/public-beta/ATF-Cleaner.exe
用金山清理专家清理恶意软件
http://www.duba.net/zt/ksc/down.shtml
下载 windows清理助手清理一遍
http://www.arswp.com/download/arswp2/arswp2.zip