一会某个进程cpu100%，瑞星安全模式下杀不尽，启动项莫名一堆，sreng提示AppInit_DLLs数据非正常值，kaka也升不到6.0下载失败，盗版补丁也不敢打，晕。。。只好贴个日志请论坛高手帮我看看直接告诉我怎么改，谢谢！！
2008-11-01,16:06:25

System Repair Engineer 2.7.0.1210
Smallfrogs (http://www.KZTechs.com)

见附件！！！

附件: SREngLOG.log (2008-11-1 16:34:54, 48.13 K)
该附件被下载次数 292

用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)

C:\WINDOWS\system32\imbs.exe
文件，发上来看看

1.结束进程IMBS.EXE
下载附件S5.RAR，解压到桌面，运行SMTDEL.EXE，点开始处理
会自动重启删除，中间提示输入，输入Y即可



2.删除重启后使用SREng修复下面各项：

    启动项目 －－ 注册表之如下项删除：
[{189F087F-4378-405F-85FA-37D955AD7A8C}]    <C:\WINDOWS\system32\mtewdh.dll>
[{DC3D30AE-0380-4151-8934-EE98A34B0370}]    <C:\WINDOWS\system32\mfdesy.dll>
[{C0595A7E-2E2F-4B34-A83A-019270A0A464}]    <C:\WINDOWS\system32\tdffdl.dll>
[{021F087F-4378-545F-74FA-37D345AD7A8C}]    <C:\WINDOWS\system32\mttwfh.dll>
[{E8A3B193-77E3-4FB3-986D-F4FA4828BAFC}]    <C:\WINDOWS\system32\wklsdd.dll>
[{84143967-B645-4BFF-B873-DA1DC886E9A7}]    <C:\WINDOWS\system32\cedafb.dll>
[{50A8A8C4-EDC9-4ABD-A0A2-2E2418982189}]    <C:\WINDOWS\system32\kgfghd.dll>
[{259BF3CF-194D-4FE6-9ADB-DE6544B098B6}]    <C:\WINDOWS\system32\dndsaf.dll>
[{00010001-0001-0001-0001-00010001BB15}]    <C:\WINDOWS\system32\adsntzt.dll>
[{00150015-0015-0015-0015-00150015BB15}]    <C:\WINDOWS\system32\ztvbdigg.dll>
[adsntzt.dll]    <C:\WINDOWS\system32\adsntzt.dll>
[ztvbdigg.dll]    <C:\WINDOWS\system32\ztvbdigg.dll>

    启动项目 －－ 服务 －－ Win32服务应用程序之如下项删除：
[imbs / imbs]    <C:\WINDOWS\system32\imbs.exe>
[MS Media Control Center2122344 / MediaCenter11223322]    <C:\WINDOWS\System32\svchost.exe -k krnlsrvc-->C:\WINDOWS\system32\RxmutnC.dll>

    启动项目 －－ 服务－－ 驱动程序之如下项删除：
[ca22c62885f9c933 / ca22c62885f9c933]    <\??\C:\ca22c62885f9c933.dat>
[5329ed20cba38711 / 5329ed20cba38711]    <\??\C:\5329ed20cba38711.dat>
[9164ded830954209 / 9164ded830954209]    <\??\C:\9164ded830954209.dat>
[95bf427cf3311eff / 95bf427cf3311eff]    <\??\C:\95bf427cf3311eff.dat>
[sys_flt / sys_flt]    <\??\C:\DOCUME~1\ZJ00\LOCALS~1\Temp\~25.tmp>
[R2A / R2A]    <\??\C:\WINDOWS\system32a2.sys>


将与SMTDEL在一起的BACKUP文件夹压缩为RAR，上传到可疑文件交流区
然后删除BACKUP文件夹所有内容

天云斑竹我照你上面说的做了，但是还不太行，而且好象被劫持的很严重，sreng一打开就自动被删除，网页特别是ikaka根本打不开，侥幸又扫描了一份，帮忙看急谢谢了！！！

回帖中也不知道怎么上传附件，只好贴出来！！！
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <Super Rabbit Desktop Search><D:\工具软件\MagicSet\srsearch.exe>  []
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <MINI_BFYY><D:\工具软件\Storm Downloader\StormDownloader.exe>  [深圳市三代科技开发有限公司]
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [File is missing]
    <BigDogPath><C:\WINDOWS\VM_STI.EXE USB PC Camera 301P>  [File is missing]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><EXPLORER.EXE>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\UserInit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><kmon.dll>  [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{17DFD111-BF3A-4CB4-ADB0-88FCBFE69821}><>  [N/A]
    <{EB71E0B3-E97D-4D30-8733-E28266467617}><>  [N/A]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Information Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <WebCheck><%SystemRoot%\system32\webcheck.dll>  [(Verified)Microsoft Windows Publisher]
    <SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Publisher]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /HideWMP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
    <浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [Microsoft Corporation]

==================================
启动文件夹
N/A

==================================
服务
[Windows Audioservers / AudioServers][Stopped/Auto Start]
  <C:\WINDOWS\system32\sorcke.exe><N/A>
[BoBoTurbo / BoBoTurbo][Stopped/Disabled]
  <C:\WINDOWS\system32\BoBoTurbo\BoBoTurbo.exe><广州易播信息科技有限公司>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[imbs / imbs][Stopped/Disabled]
  <C:\WINDOWS\system32\imbs.exe><(File is missing)>
[mch / mch][Stopped/Disabled]
  <C:\WINDOWS\system32\mch.exe><N/A>
[MS Media Control Center2122344 / MediaCenter11223322][Stopped/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k krnlsrvc-->C:\WINDOWS\system32\RxmutnC.dll><N/A>
[nbs / nbs][Stopped/Disabled]
  <C:\WINDOWS\system32\nbs.exe><N/A>
[NVIDIA Driver Helper Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[RiSing KaKa Driver11111 / RiSingKaKa1111][Stopped/Auto Start]
  <C:\WINDOWS\system32\bootini.exe><N/A>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Information Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
  <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Information Technology Co., Ltd.>
[windows upda / windows upda][Running/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k netservice-->C:\WINDOWS\system32\\System64.dll><Microsoft Corporation>

==================================
驱动程序
[0001c985 / 0001c985][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\Drivers\0001c985.sys><N/A>
[0002f8dd / 0002f8dd][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\Drivers\0002f8dd.sys><N/A>
[000313e7 / 000313e7][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\Drivers\000313e7.sys><N/A>
[00033951 / 00033951][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\Drivers\00033951.sys><N/A>
[00762e65 / 00762e65][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\Drivers\00762e65.sys><N/A>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Apaidi / Apaidi][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\Apaidi.sys><N/A>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[NETDVR TV Capture WDM Video Captures / Cap7134][Running/Manual Start]
  <system32\DRIVERS\Cap7134.sys><SHENZHEN DIGITAL GRAPHICS CO., LTD.>
[CdnHook / CdnHook][Running/System Start]
  <System32\drivers\cdnhook.sys><N/A>
[compbatcDrv / compbatcDrv][Running/Manual Start]
  <\??\C:\WINDOWS\system32\compbatc.sys><N/A>
[HookCont / HookCont][Running/System Start]
  <\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Information Technology Co., Ltd.>
[HookNtos / HookNtos][Running/System Start]
  <\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Information Technology Co., Ltd.>
[HookReg / HookReg][Running/System Start]
  <\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Information Technology Co., Ltd.>
[HookSys / HookSys][Running/System Start]
  <\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Information Technology Co., Ltd.>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
  <system32\DRIVERS\npf.sys><CACE Technologies>
[npkcrypt / npkcrypt][Stopped/Auto Start]
  <\??\D:\工具软件\qq\npkcrypt.sys><N/A>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[oreans32 / oreans32][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\oreans32.sys><N/A>
[NETDVR TV Value, WDM TVTuner / PhTVTune][Running/Manual Start]
  <system32\DRIVERS\PhTVTune.sys><Philips Semiconductors>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Information Technology Co., Ltd.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[sptd / sptd][Running/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[USB PC Camera 301P / ZSMC301b][Stopped/Manual Start]
  <System32\Drivers\usbVM31b.sys><VM>
[0002f67b / 0002f67b][Running/Manual Start]
  <\??\C:\WINDOWS\system32\Drivers\0002f67b.sys><N/A>

浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <D:\工具软件\Thunder5.8.2.515\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[FG2CatchUrl]
  {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} <C:\Program Files\FlashGet Network\Flashget\ComDlls\bhoCATCH.dll, (Signed) FlashGet>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\工具软件\Thunder5.8.2.515\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[卡卡上网安全助手]
  {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} <C:\WINDOWS\system32\UrlFilter.dll, (Signed) Beijing Rising Information Technology Co., Ltd.>
[]
  {05C1004E-2596-48E5-8E26-39362985EEB9} <, >
[DLoader Class]
  {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} <C:\WINDOWS\Downloaded Program Files\downloader.dll, Sina Com>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, (Signed) Adobe Systems, Inc.>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <D:\工具软件\Thunder5.8.2.515\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <, >
[FG2CatchUrl]
  {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} <C:\Program Files\FlashGet Network\Flashget\ComDlls\bhoCATCH.dll, (Signed) FlashGet>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\WINDOWS\system32\dllcache\dhtmled.ocx, (Signed) Microsoft Corporation>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <D:\工具软件\Thunder5.8.2.515\ComDlls\ThunderAgent_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\工具软件\Thunder5.8.2.515\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[卡卡上网安全助手]
  {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} <C:\WINDOWS\system32\UrlFilter.dll, (Signed) Beijing Rising Information Technology Co., Ltd.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, (Signed) Adobe Systems, Inc.>
[&使用快车(FlashGet)下载]
  <C:\Program Files\FlashGet Network\Flashget\ComDlls\Bholink.htm, N/A>
[&使用快车(FlashGet)下载全部链接]
  <C:\Program Files\FlashGet Network\Flashget\ComDlls\Bhoall.htm, N/A>
[&使用暴风下载器下载]
  <D:\工具软件\Storm Downloader\geturl.htm, N/A>
[使用“文语通”朗读选定内容]
  <C:\Program Files\iFly Info Tek\iReader2.0\\ir_Select.htm, N/A>
[使用“文语通”朗读链接]
  <C:\Program Files\iFly Info Tek\iReader2.0\\ir_Link.htm, N/A>
[使用迅雷下载]
  <D:\工具软件\Thunder5.8.2.515\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <D:\工具软件\Thunder5.8.2.515\Program\getallurl.htm, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\qq\AddEmotion.htm, N/A>

==================================
正在运行的进程
[PID: 484 / SYSTEM][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 552 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 576 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 620 / SYSTEM][C:\WINDOWS\system32\services.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 640 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 796 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 860 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 960 / SYSTEM][C:\Program Files\Rising\Rav\CCenter.exe]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.33]
[PID: 976 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1020 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1084 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1160 / SYSTEM][C:\PROGRAM FILES\RISING\RAV\ravmond.exe]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.80]
    [C:\PROGRAM FILES\RISING\RAV\BWList.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.5]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.1]
    [C:\PROGRAM FILES\RISING\RAV\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.19]
    [C:\PROGRAM FILES\RISING\RAV\RsLog.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.36]
    [C:\PROGRAM FILES\RISING\RAV\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\PROGRAM FILES\RISING\RAV\MonRule.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.29]
    [C:\PROGRAM FILES\RISING\RAV\Hooksys.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 12]
    [C:\PROGRAM FILES\RISING\RAV\HookReg.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6]
    [C:\PROGRAM FILES\RISING\RAV\HookNtos.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5]
    [C:\PROGRAM FILES\RISING\RAV\rswalmon.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 24]
    [C:\PROGRAM FILES\RISING\RAV\recomp.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 41]
    [C:\PROGRAM FILES\RISING\RAV\refs.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18]
    [C:\PROGRAM FILES\RISING\RAV\ffr.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
    [C:\Program Files\Rising\Rav\RsStore.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.9]
    [C:\PROGRAM FILES\RISING\RAV\HookCont.dll]  [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3]
    [C:\Program Files\Rising\Rav\fakescan.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.14]
    [C:\Program Files\Rising\Rav\Scanner.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.39]
    [C:\PROGRAM FILES\RISING\RAV\viruslib.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27]
    [C:\PROGRAM FILES\RISING\RAV\relibldr.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
    [C:\PROGRAM FILES\RISING\RAV\HookWeb.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.3]
    [C:\PROGRAM FILES\RISING\RAV\nvfile.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 7]
    [C:\PROGRAM FILES\RISING\RAV\extfile.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 32]
    [C:\PROGRAM FILES\RISING\RAV\pearc.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 8]
    [C:\PROGRAM FILES\RISING\RAV\scanexec.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 22]
    [C:\PROGRAM FILES\RISING\RAV\unexe.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 6]
    [C:\PROGRAM FILES\RISING\RAV\scanex.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 96]
    [C:\PROGRAM FILES\RISING\RAV\scanpack.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 10]
    [C:\PROGRAM FILES\RISING\RAV\revm.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 11]
    [C:\PROGRAM FILES\RISING\RAV\scansct.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 11]
[PID: 1268 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1456 / SYSTEM][C:\PROGRAM FILES\RISING\RAV\RavStub.exe]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.10]
    [C:\PROGRAM FILES\RISING\RAV\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
[PID: 1716 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.4403]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
[PID: 1760 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1780 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\windows\system32\system64.dll]  [Microsoft Corporation, 1. 0. 0. 1]
[PID: 1576 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
[PID: 256 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\compbatc.ocx]  [N/A, ]
    [C:\WINDOWS\system32\compbatc.zip]  [奇虎网, 3, 6, 4, 1001]
[PID: 936 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\compbatc.ocx]  [N/A, ]
    [C:\WINDOWS\system32\compbatc.zip]  [奇虎网, 3, 6, 4, 1001]
[PID: 2424 / ZJ00][C:\WINDOWS\Explorer.EXE]  [(Verified) Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.18]
    [D:\工具软件\Thunder5.8.2.515\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.29]
    [D:\工具软件\Thunder5.8.2.515\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 96]
    [D:\工具软件\Thunder5.8.2.515\Components\ResWorker\DsBho_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 20]
    [D:\工具软件\Thunder5.8.2.515\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
    [D:\工具软件\WinRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
[PID: 2496 / ZJ00][D:\工具软件\Storm Downloader\StormDownloader.exe]  [深圳市三代科技开发有限公司, 1, 1, 0, 4]
    [D:\工具软件\Storm Downloader\boost_thread-vc6-mt-1_31.dll]  [N/A, ]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
[PID: 2524 / ZJ00][C:\WINDOWS\VM_STI.EXE]  [VM., 4.2.610.4]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
[PID: 2520 / ZJ00][C:\PROGRAM FILES\RISING\RAV\RavMon.exe]  [Beijing Rising Information Technology Co., Ltd., 20.0.01.27]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\PROGRAM FILES\RISING\RAV\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\PROGRAM FILES\RISING\RAV\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
    [C:\PROGRAM FILES\RISING\RAV\recomp.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 41]
    [C:\PROGRAM FILES\RISING\RAV\refs.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 18]
    [C:\PROGRAM FILES\RISING\RAV\viruslib.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 27]
    [C:\PROGRAM FILES\RISING\RAV\relibldr.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
    [C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.1]
    [C:\PROGRAM FILES\RISING\RAV\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.19]
    [C:\PROGRAM FILES\RISING\RAV\MonRule.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.29]
    [C:\PROGRAM FILES\RISING\RAV\PngDll.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5]
    [C:\PROGRAM FILES\RISING\RAV\Rsguilib.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 90]
    [C:\PROGRAM FILES\RISING\RAV\RsXML.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 2]
[PID: 2536 / ZJ00][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3275]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
[PID: 2552 / ZJ00][C:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.24]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
    [C:\Program Files\Rising\Rav\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\Program Files\Rising\Rav\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.1]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.19]
[PID: 2576 / ZJ00][C:\WINDOWS\system32\ctfmon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\kmon.dll]  [Beijing Rising Information Technology Co., Ltd., 1, 0, 0, 33]
[PID: 624 / ZJ00][D:\waigua\2.7.版本\SREngLdr.EXE]  [Smallfrogs Studio, 2.7.0.1210]
[PID: 3088 / ZJ00][D:\waigua\2.7.版本\SREb133eb65.EXE]  [Smallfrogs Studio, 2.7.0.1210]
    [D:\waigua\2.7.版本\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 2524, C:\WINDOWS\VM_STI.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2536, C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 624, D:\WAIGUA\2.7.版本\SRENGLDR.EXE]

==================================
计划任务
[已启用] AppleSoftwareUpdate.job
        C:\Program Files\Apple Software Update\SoftwareUpdate.exe

既然你已经操作过一次

那么这些再来一次吧

尽量进安全模式下操作


==================================
服务
[Windows Audioservers / AudioServers][Stopped/Auto Start]
  <C:\WINDOWS\system32\sorcke.exe><N/A>

[BoBoTurbo / BoBoTurbo][Stopped/Disabled]
  <C:\WINDOWS\system32\BoBoTurbo\BoBoTurbo.exe><广州易播信息科技有限公司>

[imbs / imbs][Stopped/Disabled]
  <C:\WINDOWS\system32\imbs.exe><(File is missing)>

[mch / mch][Stopped/Disabled]
  <C:\WINDOWS\system32\mch.exe><N/A>

[MS Media Control Center2122344 / MediaCenter11223322][Stopped/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k krnlsrvc-->C:\WINDOWS\system32\RxmutnC.dll><N/A>

[nbs / nbs][Stopped/Disabled]
  <C:\WINDOWS\system32\nbs.exe><N/A>

[RiSing KaKa Driver11111 / RiSingKaKa1111][Stopped/Auto Start]
  <C:\WINDOWS\system32\bootini.exe><N/A>

[windows upda / windows upda][Running/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k netservice-->C:\WINDOWS\system32\\System64.dll><Microsoft Corporation>

==================================
驱动程序
[0001c985 / 0001c985][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\Drivers\0001c985.sys><N/A>

[0002f8dd / 0002f8dd][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\Drivers\0002f8dd.sys><N/A>

[000313e7 / 000313e7][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\Drivers\000313e7.sys><N/A>

[00033951 / 00033951][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\Drivers\00033951.sys><N/A>

[00762e65 / 00762e65][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\Drivers\00762e65.sys><N/A>

[Apaidi / Apaidi][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\Apaidi.sys><N/A>

[CdnHook / CdnHook][Running/System Start]
  <System32\drivers\cdnhook.sys><N/A>
[compbatcDrv / compbatcDrv][Running/Manual Start]
  <\??\C:\WINDOWS\system32\compbatc.sys><N/A>

[oreans32 / oreans32][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\oreans32.sys><N/A>

[0002f67b / 0002f67b][Running/Manual Start]
  <\??\C:\WINDOWS\system32\Drivers\0002f67b.sys><N/A>

还有点击我这贴右下角的“引用”或最右下角的那个较大的“回复”然后就应该知道怎么发附件了。不要随意开多贴求助，随意开多贴求助，将被删除多余求助贴。

附件S11.RAR解压到桌面,断网，运行SD.exe继续重启删除

完后SRENG改名运行，删除天月来了版主所说那些服务和驱动项目



点右下回复大按钮