6月中旬以来,一用瑞星杀毒就会死机,安全模式也进不了,重启也会死机;但其他情况无死机出现.为什么呢?
我把死机时的文件抄下来:
c\...\professional_3_2052.dat.bak>> query_0000009,高手看看.还有系统时间被改到2000年,在这个时间的文件有:krco2.exe,ueil3.exe被我删除了.

用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Avant Browser; Avant Browser)

别的杀毒软件能不能用啊

使用System Repair Engineer扫描日志,保存为文件，将日志作为附件上传上来。
下载页面：http://www.kztechs.com/sreng/download.html
操作方法：
1、下载后解压缩，运行SREngPS.EXE；
2、如果无法打开尝试把SREngPS.EXE改名为123.com，并复制到c:\windows目录下运行；
3、依次点击【智能扫描】-【扫描】，耐心等待，扫描结束后点击【保存报告】；
4、选择保存路径，文件名保持默认，直接点击【保存】；
6、将“保存的LOG文件”作为附件上传
注意：扫描前无用的应用程序都要关闭。


下载附件中的A8A9
解压后按照说明

对任务管理器中的系统进程进行验证

[CODE]

2008-07-09,16:28:14

System Repair Engineer 2.6.11.992
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <bgswitch><C:\WINDOWS\system32\bgswitch.exe>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <MSPY2002><C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <nwiz><nwiz.exe /install>  []
    <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <SoundMan><SOUNDMAN.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <RavTask><"D:\杀毒\Rising\Rav\RavTask.exe" -system>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <wscripte><C:\WINDOWS\system32\msnlive.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
    <{00070007-0007-0007-0007-00070007BB15}><C:\WINDOWS\system32\dpvvoxmh.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <dpvvoxmh.dll><C:\WINDOWS\system32\dpvvoxmh.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <LGODDFU><; "C:\Program Files\lg_fwupdate\fwupdate.exe">  [CST]
    <NeroFilterCheck><; C:\WINDOWS\system32\NeroCheck.exe>  [Ahead Software Gmbh]
    <RemoteControl><; "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe">  [Cyberlink Corp.]
    <stup.exe><; Rundll32.exe C:\PROGRA~1\TENCENT\SSPlus\SPlus.dll,Rundll32 R>  [File is missing]
    <TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <tvmaster><; C:\Program Files\10Moons\10Moons TV Baby\Exe\SystemTray.exe>  []

==================================
启动文件夹
N/A

==================================
服务
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"D:\杀毒\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
  <"D:\杀毒\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Security Control / secctrl][Stopped/Auto Start]
  <c:\windows\system32\rundll32.exe vmvreg32.dll,scan><Microsoft Corporation>

==================================
驱动程序
[321e36246cf4abf6 / 321e36246cf4abf6][Stopped/Manual Start]
  <\??\C:\321e36246cf4abf6.dat><N/A>
[578450c403e06e80 / 578450c403e06e80][Stopped/Manual Start]
  <\??\C:\578450c403e06e80.dat><N/A>
[6ca3839897a56857 / 6ca3839897a56857][Stopped/Manual Start]
  <\??\C:\6ca3839897a56857.dat><N/A>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[10Moons TV Baby, WDM Video Captures / Cap7134][Running/Manual Start]
  <system32\DRIVERS\Cap7134.sys><SHENZHEN DIGITAL GRAPHICS CO., LTD.>
[gdrv / gdrv][Stopped/Manual Start]
  <\??\C:\WINDOWS\gdrv.sys><N/A>
[gwiopm / gwiopm][Stopped/Manual Start]
  <\??\C:\Program Files\Wom\gwiopm.sys><N/A>
[HookCont / HookCont][Running/System Start]
  <\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Technology Co., Ltd>
[HookNtos / HookNtos][Running/System Start]
  <\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Technology Co., Ltd>
[HookReg / HookReg][Running/System Start]
  <\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Technology Co., Ltd>
[HookSys / HookSys][Running/System Start]
  <\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Technology Co., Ltd>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[nvata / nvata][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\nvata.sys><NVIDIA Corporation>
[NVIDIA nForce Networking Controller Driver / NVENETFD][Running/Manual Start]
  <system32\DRIVERS\NVENETFD.sys><NVIDIA Corporation>
[NVIDIA Network Bus Enumerator / nvnetbus][Running/Manual Start]
  <system32\DRIVERS\nvnetbus.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[SAMSUNG Mobile USB Device II 1.0 driver (WDM) / ssm_bus][Stopped/Manual Start]
  <system32\DRIVERS\ssm_bus.sys><MCCI>
[SAMSUNG Mobile USB Modem II 1.0 Filter / ssm_mdfl][Stopped/Manual Start]
  <system32\DRIVERS\ssm_mdfl.sys><MCCI>
[SAMSUNG Mobile USB Modem II 1.0 Drivers / ssm_mdm][Stopped/Manual Start]
  <system32\DRIVERS\ssm_mdm.sys><MCCI>
[SAMSUNG Mobile USB Device 1.0 driver (WDM) / ss_bus][Stopped/Manual Start]
  <system32\DRIVERS\ss_bus.sys><MCCI>
[SAMSUNG Mobile USB Modem 1.0 Filter / ss_mdfl][Stopped/Manual Start]
  <system32\DRIVERS\ss_mdfl.sys><MCCI>
[SAMSUNG Mobile USB Modem 1.0 Drivers / ss_mdm][Stopped/Manual Start]
  <system32\DRIVERS\ss_mdm.sys><MCCI>
[WINIO / WINIO][Stopped/Manual Start]
  <\??\G:\winio.sys><N/A>
[XNGAnti / XNGAnti][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\ReloadAnti.sys><N/A>

==================================
浏览器加载项
[QQCycloneHelper Class]
  {00000000-12C9-4305-82F9-43058F20E8D2} <D:\QQDownload\QQIEHelper02.dll, 腾讯公司>
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v13.dll, Thunder Networking Technologies,LTD>
[]
  {25671234-7890-ABCD-CDEF-567801237652} <C:\WINDOWS\system32\yxcsbhlp.dll, N/A>
[]
  {25694105-5108-9405-3695-954187462152} <C:\WINDOWS\system32\mpwdbapi.dll, N/A>
[]
  {328DF602-9541-A985-210A-984A698C6F23} <C:\WINDOWS\system32\ptjhchlp.dll, N/A>
[]
  {398C9B84-4EF7-47B5-9862-DE29543B3C42} <C:\Program Files\Internet Explorer\PLUGINS\Nt_Sys32.Sys, N/A>
[]
  {40AF1289-F140-A140-D012-C1458759FC04} <C:\WINDOWS\system32\ypcqchlp.dll, N/A>
[]
  {4A041F13-A111-12A3-B0CF-F99818AA68A4} <C:\WINDOWS\system32\zxmsawin.dll, N/A>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
[QQCycloneHelper Class]
  {00000000-12C9-4305-82F9-43058F20E8D2} <D:\QQDownload\QQIEHelper02.dll, 腾讯公司>
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v13.dll, Thunder Networking Technologies,LTD>
[Tencent Browser Helper]
  {0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\SSPlus\SAddr1.dll, N/A>
[]
  {25671234-7890-ABCD-CDEF-567801237652} <C:\WINDOWS\system32\yxcsbhlp.dll, N/A>
[]
  {25694105-5108-9405-3695-954187462152} <C:\WINDOWS\system32\mpwdbapi.dll, N/A>
[]
  {328DF602-9541-A985-210A-984A698C6F23} <C:\WINDOWS\system32\ptjhchlp.dll, N/A>
[]
  {398C9B84-4EF7-47B5-9862-DE29543B3C42} <C:\Program Files\Internet Explorer\PLUGINS\Nt_Sys32.Sys, N/A>
[]
  {40AF1289-F140-A140-D012-C1458759FC04} <C:\WINDOWS\system32\ypcqchlp.dll, N/A>
[]
  {4A041F13-A111-12A3-B0CF-F99818AA68A4} <C:\WINDOWS\system32\zxmsawin.dll, N/A>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[卡卡上网安全助手]
  {AFF6E516-CBE5-4F8A-9C2F-38A68013E766} <C:\WINDOWS\system32\kakatool.dll, N/A>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, N/A>
[&使用迅雷下载]
  <C:\Program Files\Thunder Network\Thunder\geturl.htm, N/A>
[&使用迅雷下载全部链接]
  <C:\Program Files\Thunder Network\Thunder\getallurl.htm, N/A>
[在新的 Avant Browser 中打开]
  <D:\应用软件\Avant Browser\OpenInNewBrowser.htm, N/A>
[将所有来自这个服务器的图片添加到广告黑名单]
  <D:\应用软件\Avant Browser\AddAllToADBlackList.htm, N/A>
[打开这个网页中的所有链接...]
  <D:\应用软件\Avant Browser\OpenAllLinks.htm, N/A>
[搜索]

附件: SREngLOG.log (2008-7-9 16:34:07, 24.75 K)
该附件被下载次数 129

<D:\应用软件\Avant Browser\Search.htm, N/A>
[添加到QQ表情]
  <D:\应用软件\AddEmotion.htm, N/A>
[添加到广告黑名单]
  <D:\应用软件\Avant Browser\AddToADBlackList.htm, N/A>
[高亮度显示]
  <D:\应用软件\Avant Browser\Highlight.htm, N/A>

==================================
正在运行的进程
[PID: 576 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 636 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 660 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 704 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 716 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 884 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 932 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1040 / SYSTEM][D:\杀毒\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.28]
[PID: 1056 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1164 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1264 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1384 / SYSTEM][D:\杀毒\RISING\RAV\ravmond.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.76]
    [D:\杀毒\RISING\RAV\BWList.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.4]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [D:\应用软件\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [D:\杀毒\RISING\RAV\RSAPPMGR.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [D:\杀毒\RISING\RAV\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.18]
    [D:\杀毒\RISING\RAV\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.35]
    [D:\杀毒\RISING\RAV\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [D:\杀毒\RISING\RAV\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [D:\杀毒\RISING\RAV\MonRule.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.29]
    [D:\杀毒\RISING\RAV\Hooksys.dll]  [Beijing Rising Technology Co., Ltd, 22, 0, 0, 9]
    [D:\杀毒\RISING\RAV\HookReg.dll]  [Beijing Rising Technology Co., Ltd, 22, 0, 0, 4]
    [D:\杀毒\RISING\RAV\HookNtos.dll]  [Beijing Rising Technology Co., Ltd, 22, 0, 0, 2]
    [D:\杀毒\RISING\RAV\rswalmon.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 22]
    [D:\杀毒\RISING\RAV\recomp.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 39]
    [D:\杀毒\RISING\RAV\refs.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 17]
    [D:\杀毒\RISING\RAV\ffr.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 15]
    [D:\杀毒\Rising\Rav\RsStore.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.8]
    [D:\杀毒\RISING\RAV\extfile.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 29]
    [D:\杀毒\RISING\RAV\HookCont.dll]  [Beijing Rising Technology Co., Ltd, 22, 0, 0, 1]
    [D:\杀毒\RISING\RAV\pearc.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 5]
    [D:\杀毒\Rising\Rav\fakescan.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.13]
    [D:\杀毒\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.36]
    [D:\杀毒\RISING\RAV\viruslib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26]
    [D:\杀毒\RISING\RAV\relibldr.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [D:\杀毒\RISING\RAV\HookWeb.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.2]
    [D:\杀毒\RISING\RAV\nvfile.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 6]
    [D:\杀毒\RISING\RAV\scanexec.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [D:\杀毒\RISING\RAV\unexe.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 5]
    [D:\杀毒\RISING\RAV\scanex.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 79]
    [D:\杀毒\RISING\RAV\scanpack.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9]
    [D:\杀毒\RISING\RAV\revm.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 8]
    [D:\杀毒\RISING\RAV\urutils.dll]  [, 20, 0, 0, 6]
    [D:\杀毒\RISING\RAV\ur000.dat]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 18]
    [D:\杀毒\RISING\RAV\scriptci.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [D:\杀毒\RISING\RAV\uroutine.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26]
    [D:\杀毒\RISING\RAV\scansct.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9]
    [D:\杀毒\RISING\RAV\posttrt.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 22]
    [D:\杀毒\RISING\RAV\extmail.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 9]
    [D:\杀毒\RISING\RAV\ur001.dat]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [D:\杀毒\RISING\RAV\ur023.dat]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 1]
[PID: 1588 / Administrator][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.17]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [D:\杀毒\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [D:\杀毒\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [C:\WINDOWS\system32\msadp32.acm]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Audiodev.dll]  [Microsoft Corporation, 5.2.3802.3802 built by: dnsrv(bld4act)]
    [C:\WINDOWS\system32\nvcpl.dll]  [NVIDIA Corporation, 6.14.10.8186]
    [C:\WINDOWS\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.8186]
    [C:\WINDOWS\system32\nvshell.dll]  [, ]
[PID: 1784 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\mdimon.dll]  [Microsoft Corporation, 11.3.1897.0]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll]  [Microsoft Corporation, 11.3.1897.0]
[PID: 1964 / SYSTEM][D:\杀毒\RISING\RAV\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.9]
    [D:\杀毒\RISING\RAV\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [D:\杀毒\RISING\RAV\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [D:\杀毒\RISING\RAV\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[PID: 276 / Administrator][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5, 1, 0, 45]
[PID: 296 / Administrator][D:\杀毒\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.23]
    [D:\杀毒\Rising\Rav\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [D:\杀毒\Rising\Rav\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [D:\杀毒\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [D:\杀毒\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [D:\杀毒\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.18]
[PID: 324 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 328 / Administrator][D:\杀毒\Rising\Rav\Ravmon.exe]  [Beijing Rising Technology Co., Ltd., 20.0.01.19]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [D:\应用软件\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [D:\杀毒\Rising\Rav\ProcCom.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [D:\杀毒\Rising\Rav\RsCommX2.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 19]
    [D:\杀毒\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [D:\杀毒\Rising\Rav\recomp.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 39]
    [D:\杀毒\Rising\Rav\refs.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 17]
    [D:\杀毒\Rising\Rav\viruslib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 26]
    [D:\杀毒\Rising\Rav\relibldr.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
    [D:\杀毒\Rising\Rav\RSAPPMGR.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.0]
    [D:\杀毒\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.18]
    [D:\杀毒\Rising\Rav\MonRule.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.29]
    [D:\杀毒\Rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 4]
    [D:\杀毒\Rising\Rav\Rsguilib.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 89]
    [D:\杀毒\Rising\Rav\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 0]
[PID: 464 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.8186]
[PID: 1456 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 140 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2604 / Administrator][D:\应用软件\dzh\internet\hypwise.exe]  [大智慧, 1, 0, 0, 1]
    [D:\应用软件\dzh\internet\MFC42.DLL]  [Microsoft Corporation, 6.00.8447.0]
[PID: 2624 / Administrator][D:\应用软件\dzh\internet\hypmain.exe]  [GreatWise, 5.6.0.2660]
    [D:\应用软件\dzh\internet\borlndmm.dll]  [Inprise Corporation, 5.0.6.18]
    [D:\应用软件\dzh\internet\zlib.dll]  [N/A, ]
    [D:\应用软件\dzh\internet\tcpip.dll]  [, 1, 0, 0, 1]
    [D:\应用软件\dzh\internet\hypdown.dll]  [, 1, 0, 0, 1]
    [D:\应用软件\dzh\internet\MFC42.DLL]  [Microsoft Corporation, 6.00.8447.0]
    [D:\应用软件\dzh\internet\investdll.dll]  [, 1, 0, 0, 3]
    [D:\应用软件\dzh\internet\wgdll.dll]  [N/A, ]
    [D:\应用软件\dzh\internet\olepro32.dll]  [Microsoft Corporation, 5.0.4275]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx]  [Adobe Systems, Inc., 9,0,124,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 2580 / Administrator][D:\应用软件\Avant Browser\avant.exe]  [, 10.2.0.52]
    [C:\WINDOWS\system32\msxml4.dll]  [Microsoft Corporation, 4.10.9404.0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx]  [Adobe Systems, Inc., 9,0,124,0]
    [D:\杀毒\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [C:\WINDOWS\system32\JPWB.IME]  [常诚研制, 4.00.950]
    [C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL]  [Microsoft Corporation, 11.0.5510]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.17]
    [C:\WINDOWS\system32\xunleibho_v13.dll]  [Thunder Networking Technologies,LTD, 4, 6, 0, 48]
    [D:\QQDownload\QQIEHelper02.dll]  [腾讯公司, 1, 1, 0, 5]
[PID: 1408 / Administrator][D:\下载\软件\SREng 2.6\SREngLdr.EXE]  [Smallfrogs Studio, 2.6.11.992]
[PID: 2744 / Administrator][D:\下载\软件\SREng 2.6\SRE41294e9.EXE]  [Smallfrogs Studio, 2.6.11.992]
    [D:\下载\软件\SREng 2.6\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost
221.238.195.125    cao.caonima01.com

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 2604, D:\应用软件\DZH\INTERNET\HYPWISE.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2624, D:\应用软件\DZH\INTERNET\HYPMAIN.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2580, D:\应用软件\AVANT BROWSER\AVANT.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1408, D:\下载\软件\SRENG 2.6\SRENGLDR.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

下载使用XDELBOX删除下面的文件

c:\windows\system32\bgswitch.exe
c:\windows\system32\dpvvoxmh.dll
c:\windows\system32\rundll32.exe vmvreg32.dll,scan
c:\321e36246cf4abf6.dat
c:\578450c403e06e80.dat
c:\6ca3839897a56857.dat
c:\windows\system32\drivers\reloadanti.sys
c:\program files\wom\gwiopm.sys
c:\windows\system32\zxmsawin.dll
c:\windows\system32\ypcqchlp.dll
c:\program files\internet explorer\plugins\nt_sys32.sys
c:\windows\system32\ptjhchlp.dll
c:\windows\system32\mpwdbapi.dll
c:\windows\system32\yxcsbhlp.dll

删除重启后使用SREng修复下面各项
    启动项目 －－ 注册表之如下项删除：
[bgswitch]    <C:\WINDOWS\system32\bgswitch.exe>
[{00070007-0007-0007-0007-00070007BB15}]    <C:\WINDOWS\system32\dpvvoxmh.dll>
[dpvvoxmh.dll]    <C:\WINDOWS\system32\dpvvoxmh.dll>

    启动项目 －－ 服务 －－ Win32服务应用程序之如下项禁用：
[Security Control / secctrl]    <c:\windows\system32\rundll32.exe vmvreg32.dll,scan>

    启动项目 －－ 服务－－ 驱动程序之如下项禁用：
[321e36246cf4abf6 / 321e36246cf4abf6]    <\??\C:\321e36246cf4abf6.dat>
[578450c403e06e80 / 578450c403e06e80]    <\??\C:\578450c403e06e80.dat>
[6ca3839897a56857 / 6ca3839897a56857]    <\??\C:\6ca3839897a56857.dat>
[XNGAnti / XNGAnti]    <\??\C:\WINDOWS\system32\drivers\ReloadAnti.sys>
[gwiopm / gwiopm]    <\??\C:\Program Files\Wom\gwiopm.sys>

    系统修复－－　浏览器加载项之如下项删除：
[]    <C:\WINDOWS\system32\zxmsawin.dll>
[]    <C:\WINDOWS\system32\ypcqchlp.dll>
[]    <C:\Program Files\Internet Explorer\PLUGINS\Nt_Sys32.Sys>
[]    <C:\WINDOWS\system32\ptjhchlp.dll>
[]    <C:\WINDOWS\system32\mpwdbapi.dll>
[]    <C:\WINDOWS\system32\yxcsbhlp.dll>
[]    <C:\WINDOWS\system32\zxmsawin.dll>
[]    <C:\WINDOWS\system32\ypcqchlp.dll>
[]    <C:\Program Files\Internet Explorer\PLUGINS\Nt_Sys32.Sys>
[]    <C:\WINDOWS\system32\ptjhchlp.dll>
[]    <C:\WINDOWS\system32\mpwdbapi.dll>
[]    <C:\WINDOWS\system32\yxcsbhlp.dll>


谢谢楼下，这两个，众说纷纭，如果清理上面的没问题
就不用修复这两个了
c:\windows\system32\drivers\secdrv.sys
c:\windows\gdrv.sys

c:\windows\system32\drivers\secdrv.sys
[Secdrv / Secdrv]    <system32\DRIVERS\secdrv.sys>
良民不建议删除
[gdrv / gdrv][Stopped/Manual Start]
  <\??\C:\WINDOWS\gdrv.sys><N/A>
hd高清声卡驱动

照高手指点删了,但机子不能复位重启,手动关机后,还是能再启动.

今天又遇zmbp.exe,死机,删后恢复重装,杀毒,还是死在 query_0000009,真没辙了.