大家帮忙看看啊落 启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe> [(Verified)Microsoft Corporation]
<wi4><C:\WINDOWS\rundl13a.exe> [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<SoundMan><SOUNDMAN.EXE> [(Verified)Avance Logic, Inc.]
<load><C:\WINDOWS\uninstall\rundl132.exe> [N/A]
<RavTask><"D:\杀毒\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<wsvbs><C:\WINDOWS\SMSS.EXE> [N/A]
<upxdnd><C:\DOCUME~1\a\LOCALS~1\Temp\upxdnd.exe> [N/A]
<msccrt><C:\WINDOWS\WINLOGON.EXE> [N/A]
<UserKill><C:\WINDOWS\RUNDLL32.exe> [N/A]
<mppds><C:\WINDOWS\LSASS.EXE> [N/A]
<WhereOU><C:\WINDOWS\CSRSS.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<twin><C:\WINDOWS\System32\ctfnom.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><NVDESK32.DLL> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
<{754FB7D8-B8FE-4810-B363-A788CD060F1F}><C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys> [N/A]

==================================
启动文件夹
N/A

==================================
服务
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\System32\mspmsnsv.dll><Microsoft Corporation>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"D:\杀毒\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon][Running/Auto Start]
<"D:\杀毒\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
<system32\drivers\ac97intc.sys><Intel Corporation>
[Service for Avance AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Avance Logic, Inc.>
[IdeBusDr / IdeBusDr][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\IdeBusDr.sys><Intel Corporation>
[Intel(R) Ultra ATA Controller / IdeChnDr][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\IdeChnDr.sys><Intel Corporation>
[nv / nv][Running/Manual Start]
<System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139/810X Family PCI Fast Ethernet NIC NT Driver / rtl8139][Running/Manual Start]
<System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<System32\DRIVERS\secdrv.sys><N/A>
[RSPPSYS / RSPPSYS][Running/Auto Start]
<\??\D:\杀毒\Rising\Rav\RSPPSYS.sys><Rising>
[ExpScaner / ExpScaner][Running/Auto Start]
<\??\D:\杀毒\Rising\Rav\ExpScan.sys><>
[HookCont / HookCont][Running/Auto Start]
<\??\D:\杀毒\Rising\Rav\HOOKCONT.sys><Rising>
[HookSys / HookSys][Running/Auto Start]
<\??\D:\杀毒\Rising\Rav\HookSys.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
<\??\D:\杀毒\Rising\Rav\HookReg.sys><>
[MEMSCAN / MEMSCAN][Running/Auto Start]
<\??\D:\杀毒\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[Basetdi / Basetdi][Running/Auto Start]
<\??\C:\WINDOWS\System32\drivers\basetdi.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Stopped/Boot Start]
<\SystemRoot\System32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>

==================================
浏览器加载项
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>

正在运行的进程
[PID: 416][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 480][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 504][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 548][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 560][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 724][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 776][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 880][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 960][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1172][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[PID: 1400][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\RichDll.dll] [N/A, N/A]
[C:\WINDOWS\System32\wsvbs.dll] [N/A, N/A]
[C:\DOCUME~1\a\LOCALS~1\Temp\upxdnd.dll] [N/A, N/A]
[C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys] [N/A, N/A]
[C:\WINDOWS\System32\msccrt.dll] [N/A, N/A]
[C:\WINDOWS\System32\mppds.dll] [N/A, N/A]
[C:\WINDOWS\System32\Rav26.dll] [N/A, N/A]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[PID: 1528][C:\WINDOWS\SOUNDMAN.EXE] [Avance Logic, Inc., 5.0]
[PID: 1536][C:\WINDOWS\System32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 1592][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 1700][C:\WINDOWS\System32\conime.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 1300][C:\WINDOWS\Logo1_.exe] [N/A, N/A]
[PID: 1976][D:\杀毒\Rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 1488][C:\WINDOWS\rundl132.exe] [N/A, N/A]
[C:\WINDOWS\System32\Rav26.dll] [N/A, N/A]
[PID: 396][C:\WINDOWS\System32\msiexec.exe] [Microsoft Corporation, 2.0.2600.1106]
[PID: 760][D:\杀毒\Rising\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
[D:\杀毒\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[D:\杀毒\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[D:\杀毒\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[D:\杀毒\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys] [N/A, N/A]
[PID: 1288][D:\杀毒\Rising\Rav\Rav.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 28]
[D:\杀毒\Rising\Rav\PlugIn\RsPgScan.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 17]
[D:\杀毒\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[D:\杀毒\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[D:\杀毒\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[D:\杀毒\Rising\Rav\RavUI.Dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 30]
[D:\杀毒\Rising\Rav\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
[D:\杀毒\Rising\Rav\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
[C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys] [N/A, N/A]
[D:\杀毒\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[D:\杀毒\Rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 12]
[D:\杀毒\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[C:\WINDOWS\System32\Rav26.dll] [N/A, N/A]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[PID: 1896][D:\杀毒\Rising\Rav\Ravmond.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 43]
[D:\杀毒\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[D:\杀毒\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[D:\杀毒\Rising\Rav\rfwctrl.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
[D:\杀毒\Rising\Rav\RsPPsys.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[D:\杀毒\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[D:\杀毒\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[D:\杀毒\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[D:\杀毒\Rising\Rav\RsLog.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
[D:\杀毒\Rising\Rav\HOOKSYS.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 0]
[D:\杀毒\Rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 12]
[D:\杀毒\Rising\Rav\libload.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
[D:\杀毒\Rising\Rav\VirusLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[D:\杀毒\Rising\Rav\regmon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
[D:\杀毒\Rising\Rav\HookWeb.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
[D:\杀毒\Rising\Rav\MemMon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
[D:\杀毒\Rising\Rav\expscan.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[D:\杀毒\Rising\Rav\mPorts.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[D:\杀毒\Rising\Rav\HookCont.dll] [Rising, 19, 0, 0, 0]
[D:\杀毒\Rising\Rav\SpamEng.dll] [N/A, 18, 0, 0, 6]
[D:\杀毒\Rising\Rav\engine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 26]
[D:\杀毒\Rising\Rav\PostTrt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 8]
[D:\杀毒\Rising\Rav\UnExe.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[D:\杀毒\Rising\Rav\ScanExec.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
[D:\杀毒\Rising\Rav\ScanEx.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 41]
[D:\杀毒\Rising\Rav\ExtFile.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 25]
[D:\杀毒\Rising\Rav\NvFile.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
[D:\杀毒\Rising\Rav\ScanMac.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 13]
[D:\杀毒\Rising\Rav\ScanSct.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
[D:\杀毒\Rising\Rav\Unpacker.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
[D:\杀毒\Rising\Rav\ScanPack.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 20]
[D:\杀毒\Rising\Rav\RsVM.dll] [N/A, 19, 0, 0, 15]
[D:\杀毒\Rising\Rav\Uroutine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 23]
[D:\杀毒\Rising\Rav\Uscript.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 18]
[D:\杀毒\Rising\Rav\ScanNet.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[PID: 1508][D:\杀毒\Rising\Rav\RavMon.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 45]
[D:\杀毒\Rising\Rav\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
[D:\杀毒\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[D:\杀毒\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[D:\杀毒\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[D:\杀毒\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[D:\杀毒\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[D:\杀毒\Rising\Rav\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
[D:\杀毒\Rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys] [N/A, N/A]
[C:\WINDOWS\System32\Rav26.dll] [N/A, N/A]
[PID: 1504][D:\杀毒\Rising\Rav\RavStub.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
[D:\杀毒\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[D:\杀毒\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 1844][C:\WINDOWS\System32\cmd.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1860][D:\新建文件夹 (2)\Plugins\SREng.EXE] [Smallfrogs Studio, 2.3.13.690]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================

<wi4><C:\WINDOWS\rundl13a.exe> [N/A]
<load><C:\WINDOWS\uninstall\rundl132.exe> [N/A]
<wsvbs><C:\WINDOWS\SMSS.EXE> [N/A]
<upxdnd><C:\DOCUME~1\a\LOCALS~1\Temp\upxdnd.exe> [N/A]
<msccrt><C:\WINDOWS\WINLOGON.EXE> [N/A]
<UserKill><C:\WINDOWS\RUNDLL32.exe> [N/A]
<mppds><C:\WINDOWS\LSASS.EXE> [N/A]
<WhereOU><C:\WINDOWS\CSRSS.exe> [N/
<AppInit_DLLs><NVDESK32.DLL> [N/A]
[C:\WINDOWS\RichDll.dll] [N/A, N/A]
[C:\WINDOWS\System32\wsvbs.dll] [N/A, N/A]
[C:\DOCUME~1\a\LOCALS~1\Temp\upxdnd.dll] [N/A, N/A]
[C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys] [N/A, N/A]
[C:\WINDOWS\System32\msccrt.dll] [N/A, N/A]
[C:\WINDOWS\System32\mppds.dll] [N/A, N/A]
[C:\WINDOWS\System32\Rav26.dll] [N/A, N/A]
PID: 1300][C:\WINDOWS\Logo1_.exe] [N/A, N/A]
[PID: 1488][C:\WINDOWS\rundl132.exe] [N/A, N/A]

先看出这么多。中威金病毒了，下专杀。
有些DLL如果楼主确认不是病毒，可以无视！

[PID: 396][C:\WINDOWS\System32\msiexec.exe] [Microsoft Corporation, 2.0.2600.1106]
这个不能确定，请楼主自己上百度验证！

自己找到了！

进程文件： msiexec or msiexec.exe
进程名称： Windows Installer Component
进程类别：其他进程
英文描述：
msiexec.exe belongs to the Windows Installer Component and is used to install new programs that use Windows Installer package files (MSI). This program is important for the stable and secure running of your computer and should not be terminated.

出品者：Microsoft Corp.
属于：Windows
系统进程：Yes
后台程序：No
网络相关：No
常见错误：N/A
内存使用：N/A
安全等级 (0-5): 0
间谍软件：No
广告软件：No
病毒：No
木马：No
吃饭去了！从早上到现在饿着肚字，已经不行了！
版主和高手们继续努力！