最近（3月13日开始，每天都有）我的电脑中了毒，是Trojan.click.agent.bcw和Trojan.DL.Mnless.fy，从此我就被无数个广告和无聊网页折磨。网上查阅资料这是一种什么代理点击RE木马程序，它会创建一个定时器并启动IE浏览器，同时在后台频繁点击广告页面，造成计算机速度缓慢甚至死机。用瑞星杀，提示说需要解压缩后才能清除，可我连着两个文件都找不到（连隐藏文件都找过），怎么清除啊！在安全模式下也杀不掉。我刚用卡卡清理了一遍，广告和无聊网页是基本没有了，但我的CPU使用率却还是达到100%，其中占用系统最多的是CMD.EXE（约占70%）和CSRSS.EXE（约占30%），这使我的机子速度非常缓慢，期望高手们能帮我解决！
还有一个棘手问题，也不知道是不是上面那个病毒引起的。我的光电鼠标（USB接口的）最近老是会用了一段时间（时长不一定）就死，换别的鼠标也没用，换另一个接口可以用，但也坚持不了多久（有时甚至一插就死，有时又可以用很久）。我打上面这段文字就拔插了两次，郁闷啊！

[CODE]

2007-04-02,09:29:11

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <MSPY2002><C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC>  [(Verified)Microsoft Windows Publisher]
    <VTTimer><VTTimer.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <VTTrayp><VTtrayp.exe>  [(Verified)Microsoft Windows Publisher]
    <HP Software Update><"C:\Program Files\HP\HP Software Update\HPWuSchd2.exe">  [Hewlett-Packard Company]
    <ToolBoxFX><"C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on>  [HP]
    <HPUsageTracking><C:\Program Files\HP\HP UT\bin\hppusg.exe "C:\Program Files\HP\HP UT\">  [N/A]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\System32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]

==================================
启动文件夹
[Microtek 扫描仪探测器]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microtek 扫描仪探测器.lnk --> C:\PROGRA~1\Microtek\SCANWI~1\SCANNE~1.EXE []><N>
[Adobe Gamma Loader]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Gamma Loader.lnk --> C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.]><N>
[Adobe Reader Speed Launch]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Reader Speed Launch.lnk --> D:\adobe\Reader\READER~1.EXE [Adobe Systems Incorporated]><N>
[ruango]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\ruango.lnk --> C:\WINDOWS\system32\MSRundll.exe [Microsoft Corporation]><N>
[QQ游戏启动加速程序]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> C:\PROGRA~1\Tencent\QQGame\Accel.exe [深圳市腾讯计算机系统有限公司]><N>

==================================
服务
[138123D6 / 138123D6][Stopped/Auto Start]
  <C:\WINDOWS\system32\138123D6.EXE -service><N/A>
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
  <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[C-DillaCdaC11BA / C-DillaCdaC11BA][Running/Auto Start]
  <C:\WINDOWS\system32\drivers\CDAC11BA.EXE><Macrovision>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Pml Driver HPZ12 / Pml Driver HPZ12][Running/Auto Start]
  <C:\WINDOWS\system32\HPZipm12.exe><HP>
[Volume Optimization / Popular][Stopped/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\szdj.dll><N/A>
[Rising Proxy  Service / RfwProxySrv][Stopped/Manual Start]
  <c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
  <c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Security Machine Manager / WalALET][Stopped/Auto Start]
  <C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\SMTPCONFS.DLL,Export 1087><N/A>
[Windows DownService / WindowsDown][Stopped/Auto Start]
  <C:\WINDOWS\system32\servet.exe><N/A>
[Std wivy Service / wivy][Stopped/Auto Start]
  <C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\oaqt\ynad.dll,Service -s><Microsoft Corporation>
[Portable Media / WmdmPWD][Stopped/Manual Start]
  <2 - 系统找不到指定的文件。
><N/A>

==================================
驱动程序
[acpidisk / acpidisk][Running/Boot Start]
  <2 - 系统找不到指定的文件。
><N/A>
[ati2mtag / ati2mtag][Stopped/Manual Start]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[CdaC15BA / CdaC15BA][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS><Macrovision Europe Ltd>
[C-Media WDM Audio Interface / cmuda][Running/Manual Start]
  <system32\drivers\cmuda.sys><C-Media Inc>
[comaddi / comaddiu][Stopped/Disabled]
  <System32\DRIVERS\comaddiu.sys><N/A>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[VIA Rhine Family Fast Ethernet Adapter Driver Service / FETNDISB][Running/Manual Start]
  <system32\DRIVERS\fetnd5b.sys><VIA Technologies, Inc.>
[usb Card Device / ft2kEnum][Running/Manual Start]
  <system32\DRIVERS\ic2kenum.sys><OEM Corporation>
[USB Chip Holder Service / GDBaseSmc][Running/Manual Start]
  <system32\DRIVERS\Chip_smc.sys><OEM>
[USB Chip Service / GD_USB][Stopped/Manual Start]
  <system32\DRIVERS\Chip_usb.sys><>
[HookCont / HookCont][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[HPFXBULK / HPFXBULK][Running/Manual Start]
  <system32\drivers\hpfxbulk.sys><Hewlett Packard>
[IEEE-1284.4 Driver HPZid412 / HPZid412][Running/Manual Start]
  <system32\DRIVERS\HPZid412.sys><HP>
[Print Class Driver for IEEE-1284.4 HPZipr12 / HPZipr12][Running/Manual Start]
  <system32\DRIVERS\HPZipr12.sys><HP>
[USB to IEEE-1284.4 Translation Driver HPZius12 / HPZius12][Running/Manual Start]
  <system32\DRIVERS\HPZius12.sys><HP>
[jasdhbgv / jasdhbgv][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\jasdhbgv.sys><Yahoo! China Corporation>
[kdqgjj / kdqgjj][Stopped/Boot Start]
  <\SystemRoot\\SystemRoot\System32\drivers\kdqgjj.sys><N/A>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs][Running/Auto Start]
  <\??\c:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[npkcrypt / npkcrypt][Stopped/Auto Start]
  <\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><N/A>
[PNP27530 / PNP27530][Running/Boot Start]
  <\SystemRoot\system32\Drivers\pnp27530.sys><Anti Driver>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[SmartCard Reader Device  / Reader_Device][Running/Manual Start]
  <system32\DRIVERS\usbic2k.sys><OEM>
[RsFwDrv / RsFwDrv][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
  <system32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[viagfx / viagfx][Running/Manual Start]
  <system32\DRIVERS\vtmini.sys><Copyright (C) VIA/S3 Graphics Co, Ltd.>
[ViaIde / ViaIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[viamraid / viamraid][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\viamraid.sys><VIA Technologies inc,.ltd>
[vmkdtd9 / vmkdtd96][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\vmkdtd96.sys><N/A>
[wfrtto5 / wfrtto54][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\wfrtto54.sys><N/A>

浏览器加载项
[腾讯QQ]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <C:\WINDOWS\QQIEHelper.dll, N/A>
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[精彩图铃]
  {EE60714F-AC27-427e-861A-FD60CBDF119A} <http://click2.ad4all.net/url2/urlmanage/url.asp?id=162, N/A>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[MMCPlayer Class]
  {05C1004E-2596-48E5-8E26-39362985EEB9} <C:\Program Files\Sogou PXP\MMCShell.dll, Sohu.com Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[byna &BHO]
  {00000011-04FA-11D1-B7DA-00A0C9010000} <C:\Program Files\BiGet\bigetband.dll, N/A>
[MMCPlayer Class]
  {05C1004E-2596-48E5-8E26-39362985EEB9} <C:\Program Files\Sogou PXP\MMCShell.dll, Sohu.com Inc.>
[PeerDraw Class]
  {10072CEC-8CC1-11D1-986E-00A0C955B42E} <C:\Program Files\Common Files\Microsoft Shared\VGX\vgx.dll, Microsoft Corporation>
[CEnroll Class]
  {127698E4-E730-4E5C-A2B1-21490A70C8A1} <C:\WINDOWS\system32\xenroll.dll, Microsoft Corporation>
[EWA Control]
  {18226BF8-DC0B-4D81-80E9-A41AE37BB73A} <C:\PROGRA~1\PPLive\SYNACA~2.OCX, Synacast>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\Mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[Tabular Data Control]
  {333C7BC4-460F-11D0-BC04-0080C7055A83} <C:\WINDOWS\system32\tdc.ocx, Microsoft Corporation>
[HHCtrl Object]
  {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[腾讯QQ]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <C:\WINDOWS\QQIEHelper.dll, N/A>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[InfoSecNetSign Class]
  {62B938C4-4190-4F37-8CF0-A92B0A91CC77} <C:\PROGRA~1\Infosec\Netsign\netsign.dll, Infosec Technologies Co., Ltd.>
[DopStreamer Class]
  {65DEDD9B-24D3-4EDD-A8BA-371A06679A09} <C:\Program Files\dopstreamer\dopcom.dll, 北京闪动科技有限公司>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, N/A>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\Mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
  {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[Byna 搜索(&B)]
  <res://C:\Program Files\BiGet\bigetcatch.dll/bigetsearch.html, N/A>
[上传到QQ网络硬盘]
  <C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
  <C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>
[访问通用网址]
  <C:\Program Files\CNNIC\Cdn\cnnic.htm, N/A>

正在运行的进程
[PID: 572][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 636][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 660][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\winlib .dll]  [N/A, ]
    [C:\WINDOWS\system32\138123D6.DLL]  [Microsoft Corporation, 5.2.3790.1830]
[PID: 704][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 716][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 872][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 956][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1084][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1168][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1372][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2032][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\hppaecpm.dll]  [Hewlett-Packard, 1, 0, 11, 100]
    [C:\WINDOWS\system32\LTKRN11n.dll]  [LEAD Technologies, Inc., 11.5.0.012]
    [C:\WINDOWS\system32\LTFIL11n.DLL]  [LEAD Technologies, Inc., 11.5.0.012]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\hpzpp3y0.DLL]  [Hewlett-Packard Corporation, 60.051.1241.00]
[PID: 188][C:\WINDOWS\System32\SCardSvr.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 324][C:\Program Files\Rising\Rav\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 880][C:\WINDOWS\system32\VTTimer.exe]  [S3 Graphics, Inc., 2.00.01-0307]
[PID: 992][C:\WINDOWS\system32\VTtrayp.exe]  [S3 Graphics Co., Ltd., 2.00.36-0308B]
    [C:\WINDOWS\system32\VTDisply.dll]  [S3 Graphics Co., Ltd., 2.00.58-0523]
    [C:\WINDOWS\system32\VTGamma2.dll]  [S3 Graphics Co., Ltd., 2.00.21-0308B]
    [C:\WINDOWS\system32\VTInfo2.dll]  [S3 Graphics Co., Ltd., 2.00.26-0308B]
    [C:\WINDOWS\system32\VTOvrlay.dll]  [S3 Graphics Co., Ltd., 2.00.23-0308B]
[PID: 1020][C:\Program Files\HP\HP Software Update\HPWuSchd2.exe]  [Hewlett-Packard Company, 5, 0, 0, 0]
[PID: 1052][c:\program files\rising\rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 70]
    [c:\program files\rising\rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
    [c:\program files\rising\rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [c:\program files\rising\rfw\RfwCtrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [c:\program files\rising\rfw\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [c:\program files\rising\rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[PID: 1224][C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe]  [HP, 1.0.126.0]
    [C:\WINDOWS\system32\mscoree.dll]  [Microsoft Corporation, 1.1.4322.573]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll]  [Microsoft Corporation, 1.1.4322.573]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll]  [Microsoft Corporation, 1.1.4322.573]
    [c:\windows\microsoft.net\framework\v1.1.4322\mscorlib.dll]  [Microsoft Corporation, 1.1.4322.573]
    [c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_3c2b0bca\mscorlib.dll]  [N/A, ]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll]  [Microsoft Corporation, 1.1.4322.573]
    [c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll]  [Microsoft Corporation, 1.1.4322.573]
    [c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_c3546748\system.windows.forms.dll]  [N/A, ]
    [c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll]  [Microsoft Corporation, 1.1.4322.573]
    [c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_c1048546\system.dll]  [N/A, ]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSCORJIT.DLL]  [Microsoft Corporation, 1.1.4322.573]
    [c:\program files\hp\toolboxfx\bin\hptools.dll]  [ , 1.0.126.0]
    [c:\program files\hp\toolboxfx\bin\appconstants.dll]  [ , 1.0.126.0]
    [c:\program files\hp\toolboxfx\bin\hpapptools.dll]  [ , 1.0.126.0]
    [c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll]  [Microsoft Corporation, 1.1.4322.573]
    [c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_51893c4b\system.xml.dll]  [N/A, ]
    [c:\program files\hp\toolboxfx\bin\hptoolkit.dll]  [ , 1.0.126.0]
    [c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll]  [Microsoft Corporation, 1.1.4322.573]
    [c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_37f82a5a\system.drawing.dll]  [N/A, ]
    [c:\program files\hp\toolboxfx\bin\enumeration.dll]  [ , 1.0.126.0]
    [c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll]  [Microsoft Corporation, 1.1.4322.573]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll]  [Microsoft Corporation, 1.1.4322.573]
    [c:\windows\assembly\gac\system.runtime.serialization.formatters.soap\1.0.5000.0__b03f5f7f11d50a3a\system.runtime.serialization.formatters.soap.dll]  [Microsoft Corporation, 1.1.4322.573]
    [c:\program files\hp\toolboxfx\bin\alerts.dll]  [ , 1.0.126.0]
    [c:\program files\hp\toolboxfx\bin\hpalertsnotificationstools.dll]  [ , 1.0.126.0]
    [c:\program files\hp\toolboxfx\bin\hpstreamsinterface.dll]  [ , 1.0.126.0]
    [C:\WINDOWS\system32\FXCompChannel.dll]  [Hewlett-Packard, 01.02.08]
    [c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll]  [Microsoft Corporation, 1.1.4322.573]
    [c:\program files\hp\toolboxfx\bin\hpfaxutilities.dll]  [ , 1.0.126.0]
    [c:\program files\hp\toolboxfx\bin\notifications.dll]  [ , 1.0.126.0]
    [c:\program files\hp\toolboxfx\bin\systrayiconmodule.dll]  [ , 1.0.126.0]
    [c:\program files\hp\toolboxfx\bin\hpalertsnotificationsmodules.dll]  [ , 1.0.126.0]
    [c:\program files\hp\toolboxfx\bin\testharness.dll]  [ , 1.0.126.0]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [c:\program files\hp\toolboxfx\bin\namedpipechannel.dll]  [ , 1.0.126.0]
    [c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll]  [Microsoft Corporation, 1.1.4322.573]

[PID: 1244][C:\Program Files\HP\HP UT\bin\hppusg.exe]  [ , 1.0.2075.22349]
    [C:\WINDOWS\system32\mscoree.dll]  [Microsoft Corporation, 1.1.4322.573]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll]  [Microsoft Corporation, 1.1.4322.573]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll]  [Microsoft Corporation, 1.1.4322.573]
    [c:\windows\microsoft.net\framework\v1.1.4322\mscorlib.dll]  [Microsoft Corporation, 1.1.4322.573]
    [c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_3c2b0bca\mscorlib.dll]  [N/A, ]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll]  [Microsoft Corporation, 1.1.4322.573]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSCORJIT.DLL]  [Microsoft Corporation, 1.1.4322.573]
    [c:\program files\hp\hp ut\bin\hpusagetracking.dll]  [ , 1.0.2075.22349]
    [c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll]  [Microsoft Corporation, 1.1.4322.573]
    [c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_c3546748\system.windows.forms.dll]  [N/A, ]
    [c:\program files\hp\hp ut\bin\hptools.dll]  [ , 1.0.2078.16913]
    [c:\program files\hp\hp ut\bin\hptoolkit.dll]  [ , 1.0.2078.16916]
    [c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll]  [Microsoft Corporation, 1.1.4322.573]
    [c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_51893c4b\system.xml.dll]  [N/A, ]
    [c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll]  [Microsoft Corporation, 1.1.4322.573]
    [c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_c1048546\system.dll]  [N/A, ]
    [c:\windows\assembly\gac\interop.hpqusg\3.0.0.0__a53cf5803f4c3827\interop.hpqusg.dll]  [ , 3.0.0.0]
    [c:\windows\assembly\gac\mscorlib.resources\1.0.5000.0_zh-chs_b77a5c561934e089\mscorlib.resources.dll]  [Microsoft Corporation, 1.1.4322.573]
[PID: 1604][C:\WINDOWS\system32\HPZipm12.exe]  [HP, 10, 1, 0, 3]
[PID: 1856][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 892][C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe]  [, 1, 0, 0, 1]
    [C:\Program Files\Microtek\ScanWizard 5\SFRes.dll]  [, 1, 0, 0, 1]
[PID: 784][C:\WINDOWS\system32\MSRundll.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRA~1\COMMON~1\Ruango\Player.dll]  [  , 1, 0, 0, 3]
[PID: 2052][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1808][C:\WINDOWS\explorer.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\Goauld.dll]  [N/A, ]
    [C:\WINDOWS\system32\138123D6.DLL]  [Microsoft Corporation, 5.2.3790.1830]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [D:\adobe\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 3888][C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE]  [Microsoft Corporation, 11.0.8026]
    [C:\Program Files\Common Files\Microsoft Shared\office11\mso.dll]  [Microsoft Corporation, 11.0.8036]
    [C:\Program Files\Common Files\Microsoft Shared\office11\riched20.dll]  [Microsoft Corporation, 5.50.99.2009]
    [C:\Program Files\Rising\Rav\RsPlugIn.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 14]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\UNIDRVUI.DLL]  [Microsoft Corporation, 5.2.3790.120 (srv03_qfe.031205-1652)]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\UNIDRV.DLL]  [Microsoft Corporation, 5.2.3790.184 (srv03_qfe.040410-1236)]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\hpz6r3y0.dll]  [Hewlett-Packard Corporation, 60.051.1241.00]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\pclxl.dll]  [Microsoft Corporation, 5.2.3790.120 (srv03_qfe.031205-1652)]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\hpzst3y0.dll]  [Hewlett-Packard Corporation, 60.051.1241.00]
    [C:\PROGRA~1\MICROS~2\OFFICE11\ADDINS\SYMINPUT.DLL]  [Microsoft Corporation, 1.02]
    [C:\WINDOWS\system32\MSVBVM60.DLL]  [Microsoft Corporation, 6.00.9782]
    [C:\WINDOWS\system32\VB6CHS.DLL]  [Microsoft Corporation, 6.00.8988]
    [C:\WINDOWS\system32\WINWB86.IME]  [Microsoft Corporation, 4.00.950]
    [C:\Program Files\Microsoft Office\OFFICE11\msostyle.dll]  [Microsoft Corporation, 11.0.5510]
[PID: 3596][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\QQIEHelper.dll]  [N/A, ]
    [C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 3]
    [C:\PROGRA~1\CNNIC\Cdn\cdnuplib.dll]  [CNNIC, 2, 5, 0, 5]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 2160][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\QQIEHelper.dll]  [N/A, ]
    [C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 3]
    [C:\PROGRA~1\CNNIC\Cdn\cdnuplib.dll]  [CNNIC, 2, 5, 0, 5]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\WINDOWS\system32\xpsp3res.dll]  [Microsoft Corporation, 5.1.2600.3059 (xpsp_sp2_gdr.070104-0050)]
    [C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL]  [Microsoft Corporation, 11.0.5510]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [C:\WINDOWS\system32\ffdshow.ax]  [, 1, 0, 0, 1]
    [C:\Program Files\Ringz Studio\Storm Codec\Codecs\VSFilter.dll]  [Gabest, 1, 0, 0, 9]
    [C:\WINDOWS\system32\sctongji04.dll]  [www.seecha.com, 1, 0, 1, 3]
[PID: 2364][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\QQIEHelper.dll]  [N/A, ]
    [C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 3]
    [C:\PROGRA~1\CNNIC\Cdn\cdnuplib.dll]  [CNNIC, 2, 5, 0, 5]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\xpsp3res.dll]  [Microsoft Corporation, 5.1.2600.3059 (xpsp_sp2_gdr.070104-0050)]
[PID: 788][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\QQIEHelper.dll]  [N/A, ]
    [C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 3]
    [C:\PROGRA~1\CNNIC\Cdn\cdnuplib.dll]  [CNNIC, 2, 5, 0, 5]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 2964][G:\sreng\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]

文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. [hh.exe %1]
.HLP  Error. [winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost
127.0.0.1 www.powernum123.com
127.0.0.1 www.powernum123.com.cn
127.0.0.1 powernum123.com
127.0.0.1 powernum123.com.cn
127.0.0.1 www.chebl.com
127.0.0.1 www.chebl.cn
127.0.0.1 www.chebl.com.cn
127.0.0.1 chebl.com
127.0.0.1 chebl.com.cn
127.0.0.1 chebl.cn
127.0.0.1 www.chebuluo.com.cn
127.0.0.1 www.chebuluo.com
127.0.0.1 www.chebuluo.cn
127.0.0.1 chebuluo.com.cn
127.0.0.1 chebuluo.com
127.0.0.1 chebuluo.cn
127.0.0.1 www.17sp.com
127.0.0.1 www.17sp.com.cn
127.0.0.1 17sp.com
127.0.0.1 17sp.com.cn
127.0.0.1 www.feikong.com
127.0.0.1 www.feikong.com.cn
127.0.0.1 www.feikong.cn
127.0.0.1 feikong.com
127.0.0.1 feikong.com.cn
127.0.0.1 feikong.cn
127.0.0.1 www.hacong.com
127.0.0.1 hacong.com
127.0.0.1 www.xbxb*****com
127.0.0.1 www.sobt.com
127.0.0.1 www.sobt.com.cn
127.0.0.1 www.sobt.cn
127.0.0.1 www.sobt.net
127.0.0.1 sobt.com
127.0.0.1 sobt.com.cn
127.0.0.1 sobt.cn
127.0.0.1 sobt.net

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

以上是我电脑的日志