不知道病毒藏在哪里,请高手看看我的扫描日志.请指点迷津..



[CODE]

2007-10-08,19:46:56

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional  (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>  [(Verified)Microsoft Windows XP Publisher]
    <swg><C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe>  [(Verified)Google Inc]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <w><%SystemRoot%\WinRaR.exe>  [N/A]
    <mm><%SystemRoot%\sourro.exe>  [N/A]
    <zx><%SystemRoot%\winadr.exe>  [N/A]
    <aa><%SystemRoot%\SVchont.exe>  [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <TkBellExe><rem "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [N/A]
    <nwiz><nwiz.exe /install>  [NVIDIA Corporation]
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [N/A]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <LbKeyBoard><C:\WINDOWS\System32\LbKeyBoard\LbKeyBoard.exe>  []
    <runeip><"C:\Program Files\Rising\KakaToolBar\runiep.exe" /startup>  [Beijing Rising Technology Co., Ltd.]
    <AVPSrv><C:\WINDOWS\AVPSrv.exe>  [N/A]
    <KVP><C:\WINDOWS\System32\drivers\svchost.exe>  [N/A]
    <WinSys><C:\WINDOWS\IGW.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <RavStub><"C:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE>  [Beijing Rising Technology Co., Ltd.]
    <KKDelay><C:\Program Files\Rising\KakaToolBar\RunOnce.exe>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <MSDCG32    ><LYLeador.exe>  [N/A]
    <main><rundll32.exe "C:\program files\internet explorer\use071005.dll" mymain>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows XP Publisher]
    <Userinit><C:\WINDOWS\System32\Userinit.exe,>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><kvdxcma.dll>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91974}><winfoams.dll>  [N/A]
    <{0EA66AD2-CF26-2E23-532B-B292E22F3266}><>  [N/A]
    <{1AB09B3F-A6D0-4B55-B87D-264934EBEAED}><C:\Program Files\Internet Explorer\PLUGINS\WinSys84.Sys>  [N/A]
    <{18847374-8323-FADC-B443-4732ABCD3781}><C:\WINDOWS\System32\sidjazy.dll>  [N/A]
    <{2960356A-458E-DE24-BD50-268F589A56A2}><C:\WINDOWS\System32\avwlbmn.dll>  [N/A]
    <{40E504F9-FECE-459C-BEB5-9F0BB7797322}><C:\WINDOWS\System32\rxavpw0.dll>  [N/A]
    <{2A321487-4977-D98A-C8D5-6488257545A2}><C:\WINDOWS\System32\kapjbzy.dll>  []
    <{A158698F-435B-CD34-FA34-59875412025A}><\\.\c:\com1\com1.dll>  []
    <{39659854-7415-1025-5982-789541250193}><C:\WINDOWS\System32\SysWln74_3.dll>  []
    <{5D47B341-43DF-4563-753F-345FFA3157D5}><C:\WINDOWS\System32\kvmxema.dll>  []
    <{334345F1-DACF-3452-CB7D-4620F34A1533}><C:\WINDOWS\System32\rsztcpm.dll>  []
    <{2598FF45-DA60-F48A-BC43-10AC47853D52}><C:\WINDOWS\System32\rarjbpi.dll>  []
    <{4E32FA58-3453-FA2D-BC49-F340348ACCE4}><C:\WINDOWS\System32\rsmydpm.dll>  []
    <{5B681598-AD5F-BC8C-77DC-748FAC8D3FB5}><C:\WINDOWS\System32\kafyezy.dll>  []
    <{57D81718-1314-5200-2597-587901018075}><C:\WINDOWS\System32\kaqhezy.dll>  []
    <{3C87A354-ABC3-DEDE-FF33-3213FD7447C3}><C:\WINDOWS\System32\kvdxcma.dll>  []
    <{C5E87A05-F463-4841-B19E-DD3EC3862368}><C:\Program Files\Internet Explorer\IEXPLORE32.Sys>  [N/A]
    <{EE12D60D-AD9A-4095-B839-3BE6862679FD}><C:\Program Files\Internet Explorer\IEXPLORE32.Dat>  [N/A]
    <{A45B2C37-01D0-4D3E-BE5E-CC119B17BE9E}><C:\Program Files\Internet Explorer\IEXPLORE32.win>  [N/A]
    <{E418E9ED-9221-4661-B1F3-4AA35BD83832}><C:\Program Files\Internet Explorer\PLUGINS\WinSys88.Sys>  [N/A]
    <{4859245F-345D-BC13-AC4F-145D47DA34F4}><C:\WINDOWS\System32\avzxdmn.dll>  [N/A]

==================================

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)

启动文件夹
N/A

==================================
服务
[26579BC4 / 26579BC4][Stopped/Auto Start]
  <C:\WINDOWS\System32\B2DDE2C2.EXE -d><N/A>
[9E6B168C / 9E6B168C][Stopped/Auto Start]
  <C:\WINDOWS\System32\C7415D24.EXE -k><N/A>
[Google Updater Service / gusvc][Stopped/Manual Start]
  <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[TCP/IP Check / Hello Download][Stopped/Auto Start]
  <C:\Program Files\Common Files\System\wab32res.exe><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[IMAPI CD-Burning COM Service / ImapiService][Stopped/Manual Start]
  <C:\WINDOWS\System32\imapi.exe><Microsoft Corporation>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
  <c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Program Files\rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Ulead Burning Helper / UleadBurningHelper][Running/Auto Start]
  <C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe><Ulead Systems, Inc.>

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[basic2 / basic2][Stopped/Manual Start]
  <System32\DRIVERS\HSF_BSC2.sys><Conexant>
[bootdrv / bootdrv][Stopped/Boot Start]
  <\SystemRoot\System32\Drivers\bootdrv.sys><N/A>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[Fallback / Fallback][Running/Auto Start]
  <System32\DRIVERS\HSF_FALL.sys><Conexant>
[Fsks / Fsks][Running/Auto Start]
  <System32\DRIVERS\HSF_FSKS.sys><Conexant>
[HOOKAPI / HOOKAPI][Stopped/Manual Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\HOOKAPI.SYS><瑞星软件有限公司>
[HookCont / HookCont][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[HOSTNT / HOSTNT][Stopped/Auto Start]
  <\??\C:\WINDOWS\System32\drivers\hostnt.sys><N/A>
[hsf_msft / hsf_msft][Stopped/Manual Start]
  <System32\DRIVERS\HSF_MSFT.sys><Conexant>
[K56 / K56][Running/Auto Start]
  <System32\DRIVERS\HSF_K56K.sys><Conexant>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><Beijing Rising Technology Co., Ltd.>
[MHDRV / MHDRV][Running/Auto Start]
  <\??\C:\WINDOWS\System32\drivers\mhdrv.sys><Rainbow China Co., Ltd.>
[mProcRs / mProcRs][Running/Auto Start]
  <\??\c:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
  <system32\drivers\npf.sys><CACE Technologies>
[npkcrypt / npkcrypt][Stopped/Auto Start]
  <\??\E:\QQ程序\QQ\npkcrypt.sys><N/A>
[npkycryp / npkycryp][Stopped/Manual Start]
  <\??\E:\QQ程序\QQ\npkycryp.sys><N/A>
[nv / nv][Running/Manual Start]
  <System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RCMHDOG / RCMHDOG][Running/Auto Start]
  <\??\C:\WINDOWS\System32\drivers\rcmhdog.sys><Rainbow China Co., Ltd.>
[Rksample / Rksample][Stopped/Manual Start]
  <System32\DRIVERS\HSF_SAMP.sys><Conexant>
[Feitian ROCKEY4 Device Service / ROCKEYNT][Running/Manual Start]
  <System32\DRIVERS\Rockey4.sys><Feitian Technologies Co., Ltd.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\System32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
[RsFwDrv / RsFwDrv][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\System32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[Senselock EliteIV v2.x Service / sense4v2][Stopped/Manual Start]
  <System32\Drivers\sense4v2.sys><Beijing Senselock Corp.>
[SoftFax / SoftFax][Running/Auto Start]
  <System32\DRIVERS\HSF_FAXX.sys><Conexant>
[TDDI / TDDI][Running/Auto Start]
  <\??\C:\WINDOWS\System32\drivers\tddi.sys><Microsoft Corporation>
[Tones / Tones][Running/Auto Start]
  <System32\DRIVERS\HSF_TONE.sys><Conexant>
[Microsoft USB 2.0 Enhanced Host Controller Miniport Driver / usbehci][Running/Manual Start]
  <System32\DRIVERS\usbehci.sys><Microsoft Corporation>
[V124 / V124][Running/Auto Start]
  <System32\DRIVERS\HSF_V124.sys><Conexant>

==================================
浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <E:\迅雷\迅雷5\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
  {06849E9E-C8D7-4D59-B87D-784B7D6BE0B3} <E:\迅雷\迅雷5\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <E:\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Yahoo!Photo]
  {33BBE430-0E42-4f12-B075-8D21ACB10DCB} <C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yphtb.dll, Yahoo! China>
[AntiFish Class]
  {38928D50-8A48-44C2-945F-D2F23F771410} <C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yangling.dll, yahoo! china>
[VnetCookie Class]
  {4E83D567-4697-4F7B-B1F0-A513B01DB89A} <c:\PROGRA~1\chinanet\VNETTR~1.DLL, >
[DragSearch BHO]
  {62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL, yahoo! china>
[Google Toolbar Helper]
  {AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <E:\迅雷\迅雷5\Thunder.exe, Thunder Networking Technologies,LTD>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[&Google]
  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\System32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[PowerPlr Control]
  {2354A44B-3CEB-4829-9940-545B03103538} <C:\WINDOWS\DOWNLO~1\PowerPlr.ocx, 创智数码科技股份有限公司>
[ACNSTAT Class]
  {79312BD7-AB1A-4730-829F-F43C984D0A9D} <C:\WINDOWS\System32\ACNSTAT.dll, >
[BtecKView Class]
  {B5E3187F-6130-11D5-BF70-0050BA6E0CA5} <C:\WINDOWS\DOWNLO~1\BK_paper.dll, Beijing BtecK Co, .Ltd(CHINA)>
[Tencent Safety Online Base Module]
  {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <C:\WINDOWS\DOWNLO~1\TSOBase.ocx, Tencent Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[Rising Web Scan Object]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[金山毒霸在线产品升级]
  {E847C78C-C210-4195-8799-FBF3BF89797D} <C:\PROGRA~1\KOS\KOSInit.OCX, 金山软件股份有限公司>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <E:\迅雷\迅雷5\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[PP Control]
  {616DACC1-C5E6-4646-B36A-3FA4FC726BAD} <E:\biliao\BLUESK~1\ppc.ocx, N/A>
[Tracechat Control]
  {A40335C4-D3D1-4E7B-9130-039CDA5B603C} <E:\biliao\BLUESK~1\TRACEC~1.OCX, N/A>
[Vod Class]
  {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <E:\迅雷\迅雷5\Components\DownAndPlay\DapPlayer_Now.dll, XunLei>
[使用迅雷下载]
  <E:\迅雷\迅雷5\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <E:\迅雷\迅雷5\Program\getallurl.htm, N/A>
[添加到QQ表情]
  <D:\QQ文件\QQ\AddEmotion.htm, N/A>
[添加到雅虎订阅(&Y)]
  <res://C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yrss.dll/YRSSMENUEXT, N/A>

==================================

正在运行的进程
[PID: 440][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 520][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 544][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\kapjbzy.dll]  [N/A, ]
    [C:\WINDOWS\system32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 592][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\kapjbzy.dll]  [N/A, ]
[PID: 604][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\kapjbzy.dll]  [N/A, ]
[PID: 764][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\kapjbzy.dll]  [N/A, ]
[PID: 812][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\kapjbzy.dll]  [N/A, ]
[PID: 940][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\kapjbzy.dll]  [N/A, ]
[PID: 952][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\kapjbzy.dll]  [N/A, ]
[PID: 1180][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\kapjbzy.dll]  [N/A, ]
    [\\.\c:\com1\com1.dll]  [N/A, ]
    [C:\WINDOWS\System32\SysWln74_3.dll]  [N/A, ]
    [C:\WINDOWS\System32\kvmxema.dll]  [N/A, ]
    [C:\WINDOWS\System32\rsztcpm.dll]  [N/A, ]
    [C:\WINDOWS\System32\rarjbpi.dll]  [N/A, ]
    [C:\WINDOWS\System32\rsmydpm.dll]  [N/A, ]
    [C:\WINDOWS\System32\kafyezy.dll]  [N/A, ]
    [C:\WINDOWS\System32\kaqhezy.dll]  [N/A, ]
    [C:\WINDOWS\System32\kvdxcma.dll]  [N/A, ]
    [C:\Program Files\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\nvcpl.dll]  [NVIDIA Corporation, 6.14.10.5664]
    [C:\WINDOWS\System32\nvshell.dll]  [NVIDIA Corporation, 6.14.10.5664]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ywiper.dll]  [Yahoo! China, 3, 0, 5, 1009]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [E:\迅雷\迅雷5\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.2.9]
    [E:\迅雷\迅雷5\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 3, 11]
    [E:\迅雷\迅雷5\Components\ResWorker\DsBho_00.dll]  [, 1, 0, 0, 4]
    [E:\迅雷\迅雷5\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 6]
    [E:\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.0.2004121400]
    [C:\WINDOWS\System32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yphtb.dll]  [Yahoo! China, 3, 0, 8, 1010]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL]  [yahoo! china, 3, 0, 6, 1008]
    [C:\Program Files\Microsoft Office\Office10\msohev.dll]  [Microsoft Corporation, 10.0.2609]
[PID: 1348][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\system32\kapjbzy.dll]  [N/A, ]
[PID: 1468][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\kapjbzy.dll]  [N/A, ]
[PID: 1516][C:\WINDOWS\System32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.5664]
[PID: 1532][C:\Program Files\Rising\Rav\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 1580][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\kapjbzy.dll]  [N/A, ]
[PID: 1604][C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe]  [Ulead Systems, Inc., 1, 0, 0, 4]
[PID: 1644][C:\WINDOWS\System32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: DNSRV(bld4act)]
    [C:\WINDOWS\System32\kapjbzy.dll]  [N/A, ]
[PID: 1748][c:\program files\rising\rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 72]
    [c:\program files\rising\rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
    [c:\program files\rising\rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [c:\program files\rising\rfw\RfwCtrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [c:\program files\rising\rfw\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [c:\program files\rising\rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [\\.\c:\com1\com1.dll]  [N/A, ]
    [C:\Program Files\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[PID: 1052][C:\WINDOWS\System32\LbKeyBoard\LbKeyBoard.exe]  [N/A, ]
    [C:\WINDOWS\System32\LbKeyBoard\LbKeyTrans.dll]  [, ]
    [\\.\c:\com1\com1.dll]  [N/A, ]
    [C:\Program Files\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[PID: 1096][C:\Program Files\Rising\KakaToolBar\runiep.exe]  [Beijing Rising Technology Co., Ltd., 4.0.0.18]
    [C:\Program Files\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
    [\\.\c:\com1\com1.dll]  [N/A, ]
    [C:\WINDOWS\system32\kapjbzy.dll]  [N/A, ]
    [C:\WINDOWS\System32\kvdxcma.dll]  [N/A, ]
    [C:\WINDOWS\System32\kaqhezy.dll]  [N/A, ]
    [C:\WINDOWS\System32\kafyezy.dll]  [N/A, ]
    [C:\WINDOWS\System32\rsmydpm.dll]  [N/A, ]
    [C:\WINDOWS\System32\rarjbpi.dll]  [N/A, ]
    [C:\WINDOWS\System32\rsztcpm.dll]  [N/A, ]
    [C:\WINDOWS\System32\kvmxema.dll]  [N/A, ]
    [C:\WINDOWS\System32\SysWln74_3.dll]  [N/A, ]
[PID: 1116][C:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\kapjbzy.dll]  [N/A, ]
    [C:\Program Files\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
    [\\.\c:\com1\com1.dll]  [N/A, ]
[PID: 1044][C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe]  [Google Inc., 1, 2, 1128, 5462]
    [C:\WINDOWS\System32\kapjbzy.dll]  [N/A, ]
    [C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\res_zh-CN.dll]  [Google Inc., 1, 2, 1128, 5462]
    [C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\swg.dll]  [Google Inc., 1, 2, 1128, 5462]
    [\\.\c:\com1\com1.dll]  [N/A, ]
    [C:\Program Files\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[PID: 2600][C:\Program Files\ChinaNet\VnetClient.exe]  [, 2005, 3, 7, 1]
    [C:\Program Files\ChinaNet\Communicate.dll]  [0, 2005, 3, 3, 1]
    [C:\Program Files\ChinaNet\DialModule.dll]  [, 2005, 3, 22, 1]
    [C:\Program Files\ChinaNet\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [C:\PROGRA~1\ChinaNet\CLIENT~1.DLL]  [, 2004, 2, 28, 1]
    [C:\PROGRA~1\ChinaNet\PLUGIN~1.OCX]  [, 2005, 3, 7, 1]
    [C:\PROGRA~1\ChinaNet\sign.dll]  [0, 2004, 12, 1, 1]
    [C:\PROGRA~1\ChinaNet\PostPlug.dll]  [, 2004, 12, 16, 2]
    [C:\PROGRA~1\ChinaNet\ADVERT~1.OCX]  [, 2004, 12, 30, 0]
    [C:\PROGRA~1\ChinaNet\VnetBs.ocx]  [, 2004, 11, 18, 1]
    [C:\PROGRA~1\ChinaNet\ACCOUN~2.DLL]  [, 2005, 3, 3, 1]
    [C:\PROGRA~1\ChinaNet\AccountMgr.dll]  [, 2005, 3, 7, 2]
    [C:\PROGRA~1\ChinaNet\PLUGIN~2.OCX]  [, 2005, 2, 24, 1]
    [C:\PROGRA~1\ChinaNet\NEWMES~1.DLL]  [, 2004, 11, 25, 0]
    [C:\PROGRA~1\ChinaNet\PassCtrl.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\System32\wpcap.dll]  [CACE Technologies, 3, 1, 0, 27]
    [C:\WINDOWS\System32\packet.dll]  [CACE Technologies, 3, 1, 0, 27]
    [C:\WINDOWS\System32\WanPacket.dll]  [CACE Technologies, 3, 1, 0, 27]
    [C:\PROGRA~1\ChinaNet\PlugPush.dll]  [, 2004, 12, 21, 1]
    [C:\PROGRA~1\ChinaNet\ALLINT~1.DLL]  [, 2004, 11, 23, 1]
    [C:\PROGRA~1\ChinaNet\VNETLO~1.OCX]  [, 2005, 3, 1, 1]
    [C:\PROGRA~1\ChinaNet\StatNum.dll]  [, 2004, 11, 18, 1]
    [C:\PROGRA~1\ChinaNet\VNETON~1.OCX]  [, 2005, 3, 2, 1]
    [C:\PROGRA~1\ChinaNet\ALLFUN~1.DLL]  [, 2005, 3, 9, 1]
    [C:\PROGRA~1\ChinaNet\VnetOptLog.dll]  [, 2004, 11, 23, 1]
    [C:\PROGRA~1\ChinaNet\DialogStyle.dll]  [, 1, 0, 0, 1]
    [C:\PROGRA~1\ChinaNet\Timer.ocx]  [, 2004, 11, 25, 1]
    [C:\PROGRA~1\ChinaNet\VnetSkin.ocx]  [GDDC, 1, 0, 0, 1]
    [C:\PROGRA~1\ChinaNet\VNETUP~1.OCX]  [, 1, 0, 0, 1]
    [C:\Program Files\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
    [\\.\c:\com1\com1.dll]  [N/A, ]
    [C:\Program Files\Common Files\Microsoft Shared\Ink\PENCHS.DLL]  [Microsoft Corporation, 1.0.1038.0]
    [C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx]  [Adobe Systems, Inc., 9,0,16,0]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\SysWln74_3.dll]  [N/A, ]
    [C:\WINDOWS\System32\rsmydpm.dll]  [N/A, ]
    [C:\WINDOWS\System32\rarjbpi.dll]  [N/A, ]
    [C:\WINDOWS\System32\rsztcpm.dll]  [N/A, ]
    [C:\WINDOWS\System32\kvmxema.dll]  [N/A, ]
    [C:\WINDOWS\System32\kafyezy.dll]  [N/A, ]
    [C:\WINDOWS\System32\kvdxcma.dll]  [N/A, ]
    [C:\WINDOWS\System32\kaqhezy.dll]  [N/A, ]
    [C:\WINDOWS\system32\kapjbzy.dll]  [N/A, ]
    [C:\PROGRA~1\ChinaNet\DlgSkin.ocx]  [, 1, 0, 0, 1]
[PID: 3284][E:\查杀病毒软件\病毒扫描\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\WINDOWS\System32\kapjbzy.dll]  [N/A, ]
    [\\.\c:\com1\com1.dll]  [N/A, ]
    [C:\Program Files\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
    [C:\WINDOWS\System32\kaqhezy.dll]  [N/A, ]
    [C:\WINDOWS\System32\kvdxcma.dll]  [N/A, ]
    [C:\WINDOWS\System32\kafyezy.dll]  [N/A, ]
    [C:\WINDOWS\System32\rsmydpm.dll]  [N/A, ]
    [C:\WINDOWS\System32\rarjbpi.dll]  [N/A, ]
    [C:\WINDOWS\System32\rsztcpm.dll]  [N/A, ]
    [C:\WINDOWS\System32\kvmxema.dll]  [N/A, ]
    [C:\WINDOWS\System32\SysWln74_3.dll]  [N/A, ]

文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

【回复“lu999”的帖子】
1、用XDelbox删除下列文件(可以参考置顶帖）：
C:\WINDOWS\system32\kapjbzy.dll
\\.\c:\com1\com1.dll
C:\WINDOWS\System32\SysWln74_3.dll
C:\WINDOWS\System32\kvmxema.dll
C:\WINDOWS\System32\rsztcpm.dll
C:\WINDOWS\System32\rarjbpi.dll
C:\WINDOWS\System32\rsmydpm.dll
C:\WINDOWS\System32\kafyezy.dll
C:\WINDOWS\System32\kaqhezy.dll
C:\WINDOWS\System32\kvdxcma.dll
C:\WINDOWS\WinRaR.exe
C:\WINDOWS\sourro.exe
C:\WINDOWS\winadr.exe
C:\WINDOWS\SVchont.exe
C:\WINDOWS\AVPSrv.exe
C:\WINDOWS\System32\drivers\svchost.exe
C:\WINDOWS\IGW.exe
C:\WINDOWS\System32\LYLeador.exe
C:\program files\internet explorer\use071005.dll
C:\WINDOWS\System32\kvdxcma.dll
C:\WINDOWS\System32\winfoams.dll
C:\Program Files\Internet Explorer\PLUGINS\WinSys84.Sys
C:\WINDOWS\System32\sidjazy.dll
C:\WINDOWS\System32\avwlbmn.dll
C:\WINDOWS\System32\rxavpw0.dll
C:\WINDOWS\System32\kapjbzy.dll
\\.\c:\com1\com1.dll
C:\Program Files\Internet Explorer\IEXPLORE32.Sys
C:\Program Files\Internet Explorer\IEXPLORE32.Dat
C:\Program Files\Internet Explorer\IEXPLORE32.win
C:\Program Files\Internet Explorer\PLUGINS\WinSys88.Sys
C:\WINDOWS\System32\avzxdmn.dll
C:\WINDOWS\System32\B2DDE2C2.EXE
C:\WINDOWS\System32\C7415D24.EXE
C:\Program Files\Common Files\System\wab32res.exe
C:\WINDOWS\System32\drivers\hostnt.sys

2、重启后删除下列注册表内容：
启动项目
注册表

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<w><%SystemRoot%\WinRaR.exe> [N/A]
<mm><%SystemRoot%\sourro.exe> [N/A]
<zx><%SystemRoot%\winadr.exe> [N/A]
<aa><%SystemRoot%\SVchont.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<AVPSrv><C:\WINDOWS\AVPSrv.exe> [N/A]
<KVP><C:\WINDOWS\System32\drivers\svchost.exe> [N/A]
<WinSys><C:\WINDOWS\IGW.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<MSDCG32 ><LYLeador.exe> [N/A]
<main><rundll32.exe "C:\program files\internet explorer\use071005.dll" mymain> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><kvdxcma.dll> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{AEB6717E-7E19-11d0-97EE-00C04FD91974}><winfoams.dll> [N/A]
<{0EA66AD2-CF26-2E23-532B-B292E22F3266}><> [N/A]
<{1AB09B3F-A6D0-4B55-B87D-264934EBEAED}><C:\Program Files\Internet Explorer\PLUGINS\WinSys84.Sys> [N/A]
<{18847374-8323-FADC-B443-4732ABCD3781}><C:\WINDOWS\System32\sidjazy.dll> [N/A]
<{2960356A-458E-DE24-BD50-268F589A56A2}><C:\WINDOWS\System32\avwlbmn.dll> [N/A]
<{40E504F9-FECE-459C-BEB5-9F0BB7797322}><C:\WINDOWS\System32\rxavpw0.dll> [N/A]
<{2A321487-4977-D98A-C8D5-6488257545A2}><C:\WINDOWS\System32\kapjbzy.dll> []
<{A158698F-435B-CD34-FA34-59875412025A}><\\.\c:\com1\com1.dll> []
<{39659854-7415-1025-5982-789541250193}><C:\WINDOWS\System32\SysWln74_3.dll> []
<{5D47B341-43DF-4563-753F-345FFA3157D5}><C:\WINDOWS\System32\kvmxema.dll> []
<{334345F1-DACF-3452-CB7D-4620F34A1533}><C:\WINDOWS\System32\rsztcpm.dll> []
<{2598FF45-DA60-F48A-BC43-10AC47853D52}><C:\WINDOWS\System32\rarjbpi.dll> []
<{4E32FA58-3453-FA2D-BC49-F340348ACCE4}><C:\WINDOWS\System32\rsmydpm.dll> []
<{5B681598-AD5F-BC8C-77DC-748FAC8D3FB5}><C:\WINDOWS\System32\kafyezy.dll> []
<{57D81718-1314-5200-2597-587901018075}><C:\WINDOWS\System32\kaqhezy.dll> []
<{3C87A354-ABC3-DEDE-FF33-3213FD7447C3}><C:\WINDOWS\System32\kvdxcma.dll> []
<{C5E87A05-F463-4841-B19E-DD3EC3862368}><C:\Program Files\Internet Explorer\IEXPLORE32.Sys> [N/A]
<{EE12D60D-AD9A-4095-B839-3BE6862679FD}><C:\Program Files\Internet Explorer\IEXPLORE32.Dat> [N/A]
<{A45B2C37-01D0-4D3E-BE5E-CC119B17BE9E}><C:\Program Files\Internet Explorer\IEXPLORE32.win> [N/A]
<{E418E9ED-9221-4661-B1F3-4AA35BD83832}><C:\Program Files\Internet Explorer\PLUGINS\WinSys88.Sys> [N/A]
<{4859245F-345D-BC13-AC4F-145D47DA34F4}><C:\WINDOWS\System32\avzxdmn.dll> [N/A]
服务
[26579BC4 / 26579BC4][Stopped/Auto Start]
<C:\WINDOWS\System32\B2DDE2C2.EXE -d><N/A>
[9E6B168C / 9E6B168C][Stopped/Auto Start]
<C:\WINDOWS\System32\C7415D24.EXE -k><N/A>
[TCP/IP Check / Hello Download][Stopped/Auto Start]
<C:\Program Files\Common Files\System\wab32res.exe><N/A>
驱动程序
[HOSTNT / HOSTNT][Stopped/Auto Start]
<\??\C:\WINDOWS\System32\drivers\hostnt.sys><N/A>
——————————————————

下列驱动不认识。怎么处理？自己决定。
驱动程序
[bootdrv / bootdrv][Stopped/Boot Start]
<\SystemRoot\System32\Drivers\bootdrv.sys><N/A>
[Fallback / Fallback][Running/Auto Start]
<System32\DRIVERS\HSF_FALL.sys><Conexant>
[Fsks / Fsks][Running/Auto Start]
<System32\DRIVERS\HSF_FSKS.sys><Conexant>
[Tones / Tones][Running/Auto Start]
<System32\DRIVERS\HSF_TONE.sys><Conexant>
[hsf_msft / hsf_msft][Stopped/Manual Start]
<System32\DRIVERS\HSF_MSFT.sys><Conexant>
[K56 / K56][Running/Auto Start]
<System32\DRIVERS\HSF_K56K.sys><Conexant>