俺中了一个病毒，用瑞星删除虽然成功，但电脑重启后还是有，感染病毒的文件名称是：C:WINDOWS/SYSTEM32/2FA6FD00.EXE，病毒名称为：Trojan.DL.Mnless.eu,症状是上网上不断弹出无聊的网页，上面显示什么如何阴茎增大，如何性福等等等，偶实在是水平低，不知该如何查杀，感谢大虾帮助。

偶全面杀毒后，重启电脑还是有

感谢鸟儿天上飞的帮助，谢谢。偶正在下载

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <run>< >  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <C:\Documents and Settings\dahai\桌面\awp.e><>  [N/A]
    <RavTask><"D:\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <KKDelay><C:\Program Files\Rising\AntiSpyware\RunOnce.exe>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <Userinit><userinit.exe,>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINDOWS\System32\ravss.scr>  [Rising Corp.]

启动文件夹
N/A

==================================
服务
[69E2D0DC / 69E2D0DC][Stopped/Auto Start]
  <C:\WINDOWS\System32\69E2D0DC.EXE -service><N/A>
[99695634 / 99695634][Stopped/Auto Start]
  <C:\WINDOWS\System32\99695634.EXE -service><Microsoft Corporation>
[Background Intelligent Transfer Service / BITS][Stopped/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->C:\WINDOWS\System32\wiasoervc.dll><N/A>
[CoolWare / CoolWare][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\System32\struts.dll><>
[edfscv / edfscv][Stopped/Auto Start]
  <C:\WINDOWS\System32\fgdfsdf.exe -service><N/A>
[error monitor / EmonSrv][Stopped/Auto Start]
  <C:\WINDOWS\System32\lfrmewrk.exe><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Windows hrss RunThem / hrss][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\PROGRA~1\cmnn\mwxx.dll>< >
[IMAPI CD-Burning COM Service / ImapiService][Stopped/Manual Start]
  <C:\WINDOWS\System32\imapi.exe><Microsoft Corporation>
[kkdj3sdf3 / kkdj3sdf3][Stopped/Auto Start]
  <C:\WINDOWS\System32\kkdj3sdf3.exe -j><Microsoft Corporation>
[kkduusfsd / kkduusfsd][Stopped/Auto Start]
  <C:\WINDOWS\System32\kkduusfsd.exe -service><N/A>
[Rising Proxy  Service / RfwProxySrv][Stopped/Manual Start]
  <d:\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
  <d:\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"D:\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"D:\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Service Transaction Provisioning / Transaction_Service][Stopped/Auto Start]
  <C:\WINDOWS\System32\explorer.exe><N/A>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\System32\mspmsnsv.dll><Microsoft Corporation>

驱动程序
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[basic2 / basic2][Running/Manual Start]
  <System32\DRIVERS\HSF_BSC2.sys><Conexant>
[cdxidd8 / cdxidd88][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\cdxidd88.sys><N/A>
[C-Media WDM Audio Interface / cmuda][Running/Manual Start]
  <system32\drivers\cmuda.sys><C-Media Inc>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\D:\RISING\RAV\ExpScan.sys><>
[fakkxg9 / fakkxg96][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\fakkxg96.sys><N/A>
[Fallback / Fallback][Running/Auto Start]
  <System32\DRIVERS\HSF_FALL.sys><Conexant>
[Fsks / Fsks][Running/Auto Start]
  <System32\DRIVERS\HSF_FSKS.sys><Conexant>
[gcxtli5 / gcxtli59][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\gcxtli59.sys><N/A>
[geeecfbi / geeecfbi][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\geeecfbi.sys><N/A>
[goqxiz2 / goqxiz26][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\goqxiz26.sys><N/A>
[gotesf3 / gotesf37][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\gotesf37.sys><N/A>
[HOOKAPI / HOOKAPI][Stopped/Auto Start]
  <\??\E:\PROGRAM FILES\RISING\RAV\HOOKAPI.SYS><N/A>
[HookCont / HookCont][Running/Auto Start]
  <\??\D:\RISING\RAV\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\D:\RISING\RAV\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\D:\RISING\RAV\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\D:\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[hrnipt6 / hrnipt60][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\hrnipt60.sys><N/A>
[hsf_msft / hsf_msft][Running/Manual Start]
  <System32\DRIVERS\HSF_MSFT.sys><Conexant>
[iiujqe7 / iiujqe72][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\iiujqe72.sys><N/A>
[iylxfk8 / iylxfk87][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\iylxfk87.sys><N/A>
[K56 / K56][Running/Auto Start]
  <System32\DRIVERS\HSF_K56K.sys><Conexant>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\D:\RISING\RAV\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs][Running/Auto Start]
  <\??\d:\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[netshels / netshels][Stopped/Boot Start]
  <\SystemRoot\system32\\drivers\\netshels.sys><Microsoft Corporation>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
  <System32\DRIVERS\npf.sys><CACE Technologies>
[npkcrypt / npkcrypt][Stopped/Auto Start]
  <\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><N/A>
[npkycryp / npkycryp][Stopped/Manual Start]
  <\??\C:\Program Files\Tencent\QQ\npkycryp.sys><N/A>
[Efficient Networks Enternet P.P.P.o.E LAN  Miniport Driver / NTSPPPOE][Stopped/Manual Start]
  <System32\DRIVERS\ntspppoe.sys><Efficient Networks, Inc.>
[okrkfk9 / okrkfk99][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\okrkfk99.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[qndsrc7 / qndsrc74][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\qndsrc74.sys><N/A>
[RAWESR / RAWESR][Stopped/Manual Start]
  <\??\C:\PROGRA~1\EFFICI~1\ENTERN~1\app\RAWESR.SYS><Microsoft Corporation (Sample)>
[Rksample / Rksample][Running/Manual Start]
  <System32\DRIVERS\HSF_SAMP.sys><Conexant>
[RsFwDrv / RsFwDrv][Running/Auto Start]
  <\??\D:\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\System32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\D:\RISING\RAV\RSPPSYS.sys><Rising>
[rsqblg1 / rsqblg13][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\rsqblg13.sys><N/A>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[SiS AGP Filter / sisagp][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\SISAGPX.sys><Silicon Integrated Systems Corporation>
[SoftFax / SoftFax][Running/Auto Start]
  <System32\DRIVERS\HSF_FAXX.sys><Conexant>
[tcaqlh9 / tcaqlh94][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\tcaqlh94.sys><N/A>
[Tones / Tones][Running/Auto Start]
  <System32\DRIVERS\HSF_TONE.sys><Conexant>
[uhnuyj7 / uhnuyj77][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\uhnuyj77.sys><N/A>
[V124 / V124][Running/Auto Start]
  <System32\DRIVERS\HSF_V124.sys><Conexant>
[welfsu8 / welfsu87][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\welfsu87.sys><N/A>
[WrKPoET2000 / WrKPoET2000][Stopped/Manual Start]
  <\??\C:\Program Files\WinPoET Broadband Connection\WrKPoET2000.sys><N/A>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <System32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[ywkoqp6 / ywkoqp68][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\ywkoqp68.sys><N/A>
[zaucyc6 / zaucyc68][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\zaucyc68.sys><N/A>
[VIMICRO USB PC Camera / ZSMC302][Stopped/Manual Start]
  <System32\Drivers\usbVM31b.sys><VM>
[RsAntiSpyware / RsAntiSpyware][Stopped/Boot Start]
  <\SystemRoot\System32\drivers\RsBoot.sys><Beijing Rising>

浏览器加载项
[TBSB04805 Class]
  {FA91DE7A-D85F-4F35-8204-4D7C957A154B} <C:\PROGRA~1\工具栏~1\wc.dll, >
[工具栏(T)]
  {42A2F05F-E171-4CEF-852F-02475F698C24} <C:\Program Files\工具栏(T)\wc.dll, >
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[访问瑞星网站]
  {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E444} <http://www.rising.com.cn/?u=RSTB, N/A>
[访问卡卡社区]
  {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E445} <http://www.ikaka.com/?u=RSTB, N/A>
[漂漂娱乐网]
  {6713E8D2-850A-101B-AFC0-4210102A8DA7} <http://www32.websamba.com/ppmmpic/c/?a=&b=&c=&d=&e=&f=n2&i=&j=656735&t=10/28/2005&s=bu, N/A>
[领我上上网]
  {7713E8D2-850A-101B-AFC0-4210102A8DA7} <http://cool.05335.com/?f=bu, N/A>
[CaiFuCOM Class]
  {C1F0024B-8278-4999-B7E6-2718426D9FE6} <C:\Program Files\财富通\caif.dll, N/A>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\System32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[工具栏(T)]
  {42A2F05F-E171-4CEF-852F-02475F698C24} <C:\Program Files\工具栏(T)\wc.dll, >
[PowerList Control]
  {20C2C286-BDE8-441B-B73D-AFA22D914DA5} <C:\PROGRA~1\PPStream\POWERL~1.OCX, PPStream.com>
[WebActivater Control]
  {3D8F74EE-8692-4F8F-B8D2-7522E732519E} <C:\WINDOWS\System32\WEBACT~1.OCX, QQ>
[HdwCode Control]
  {52A05F4B-9F0C-4752-BB78-9B6DFD2DE9D5} <C:\WINDOWS\DOWNLO~1\HdwCode.ocx, home>
[WuYou.WySystem]
  {6A9735F1-72AA-49E9-9981-A13C3FD8641B} <C:\WINDOWS\System32\WYSYSTEM.OCX, WuYou>
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, >
[AxSubmitControl Class]
  {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\DOWNLO~1\SUBMIT~1.DLL, >
[GLWebAvt Control]
  {C14D003A-DA41-4FEE-8204-62A94EAA29D1} <C:\WINDOWS\DOWNLO~1\GLWebAvt.ocx, >
[IEDown Class]
  {D0A29C6C-AA71-4423-8C4A-5998B774C448} <C:\WINDOWS\System32\GLIEDown2.dll, 联众公司>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>

正在运行的进程
[PID: 420][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 500][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 524][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\99695634.DLL]  [Microsoft Corporation, 5.2.3790.1830]
    [C:\WINDOWS\System32\kkdj3sdf3.dll]  [Microsoft Corporation, ]
    [c:\progra~1\cmnn\pzaa.dll]  [, 1, 0, 0, 6]
    [c:\progra~1\cmnn\ueff.dll]  [ , 1, 0, 0, 6]
[PID: 568][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 580][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 732][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 772][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [c:\windows\system32\struts.dll]  [, 1, 0, 0, 4]
    [C:\WINDOWS\System32\WINHTTP.dll]  [Microsoft Corporation, 5.1.2600.1039 (xpsp1.020511-1800)]
[PID: 1068][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\99695634.DLL]  [Microsoft Corporation, 5.2.3790.1830]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\kkdj3sdf3.dll]  [Microsoft Corporation, ]
    [c:\progra~1\cmnn\pzaa.dll]  [, 1, 0, 0, 6]
    [c:\progra~1\cmnn\ueff.dll]  [ , 1, 0, 0, 6]
    [D:\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
[PID: 1296][C:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [c:\progra~1\cmnn\pzaa.dll]  [, 1, 0, 0, 6]
    [c:\progra~1\cmnn\ueff.dll]  [ , 1, 0, 0, 6]
[PID: 1420][C:\Program Files\Rising\AntiSpyware\runiep.exe]  [Beijing Rising Technology Co., Ltd., 1, 0, 1, 6]
    [C:\Program Files\Rising\AntiSpyware\iep_ctrl.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [c:\progra~1\cmnn\pzaa.dll]  [, 1, 0, 0, 6]
    [c:\progra~1\cmnn\ueff.dll]  [ , 1, 0, 0, 6]
[PID: 260][C:\WINDOWS\System32\dgd4bs.exe]  [N/A, ]
    [C:\WINDOWS\System32\MSVBVM60.DLL]  [Microsoft Corporation, 6.00.9237]
    [C:\WINDOWS\System32\vb6chs.dll]  [Microsoft Corporation, 6.00.8988]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [c:\progra~1\cmnn\pzaa.dll]  [, 1, 0, 0, 6]
    [c:\progra~1\cmnn\ueff.dll]  [ , 1, 0, 0, 6]
[PID: 344][d:\rising\rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 70]
    [d:\rising\rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
    [d:\rising\rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [d:\rising\rfw\RfwCtrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [d:\rising\rfw\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [d:\rising\rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [c:\progra~1\cmnn\pzaa.dll]  [, 1, 0, 0, 6]
    [c:\progra~1\cmnn\ueff.dll]  [ , 1, 0, 0, 6]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2268][D:\Rising\Rav\RsAgent.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 12]
    [c:\progra~1\cmnn\pzaa.dll]  [, 1, 0, 0, 6]
    [c:\progra~1\cmnn\ueff.dll]  [ , 1, 0, 0, 6]
    [D:\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2284][C:\WINDOWS\msagent\AgentSvr.exe]  [Microsoft Corporation, 2.00.0.3422]
    [c:\progra~1\cmnn\pzaa.dll]  [, 1, 0, 0, 6]
    [c:\progra~1\cmnn\ueff.dll]  [ , 1, 0, 0, 6]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\system32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 3808][C:\WINDOWS\System32\conime.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [c:\progra~1\cmnn\pzaa.dll]  [, 1, 0, 0, 6]
    [c:\progra~1\cmnn\ueff.dll]  [ , 1, 0, 0, 6]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2252][C:\Program Files\Tencent\TT\TTraveler.exe]  [腾讯公司, 3.0.0.238]
    [c:\progra~1\cmnn\pzaa.dll]  [, 1, 0, 0, 6]
    [c:\progra~1\cmnn\ueff.dll]  [ , 1, 0, 0, 6]
    [C:\WINDOWS\System32\kakatool.dll]  [Beijing Rising Technology Co., Ltd., 2, 0, 3, 0]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\Program Files\Tencent\TT\PersonalDesktop.dll]  [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 4]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [D:\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\WINDOWS\System32\WINWB86.IME]  [Microsoft Corporation, 4.00.950]
[PID: 3712][C:\Program Files\ppStream\PPStream.exe]  [PPStream.com, 1, 0, 4, 631]
    [c:\progra~1\cmnn\pzaa.dll]  [, 1, 0, 0, 6]
    [c:\progra~1\cmnn\ueff.dll]  [ , 1, 0, 0, 6]
    [C:\PROGRA~1\PPStream\POWERP~1.DLL]  [PPStream Inc., 1,0,0,1735]
    [C:\PROGRA~1\PPStream\PSNetwork.dll]  [PPStream, inc., 1, 0, 0, 2430]
    [C:\PROGRA~1\PPStream\POWERL~1.OCX]  [PPStream.com, 1, 0, 0, 1335]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [D:\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\WINDOWS\System32\wmp.dll]  [Microsoft Corporation, 9.00.00.2980]
    [C:\WINDOWS\System32\msdmo.dll]  [, ]
[PID: 6004][C:\Program Files\WinRAR\WinRAR.exe]  [N/A, ]
    [c:\progra~1\cmnn\pzaa.dll]  [, 1, 0, 0, 6]
    [c:\progra~1\cmnn\ueff.dll]  [ , 1, 0, 0, 6]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 5388][C:\DOCUME~1\dahai\LOCALS~1\Temp\Rar$EX08.828\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [c:\progra~1\cmnn\pzaa.dll]  [, 1, 0, 0, 6]
    [c:\progra~1\cmnn\ueff.dll]  [ , 1, 0, 0, 6]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 3500][C:\PROGRA~1\INTERN~1\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
    [c:\progra~1\cmnn\pzaa.dll]  [, 1, 0, 0, 6]
    [c:\progra~1\cmnn\ueff.dll]  [ , 1, 0, 0, 6]
    [C:\Program Files\工具栏(T)\wc.dll]  [, 3, 0, 1, 65]
    [C:\Program Files\工具栏(T)\tbhelper.dll]  [, 3, 0, 1, 65]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [D:\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]

==================================
文件关联
.TXT  Error. [NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
[C:\]
[AutoRun]
open=pagefile.pif
shellexecute=pagefile.pif
shell\Auto\command=pagefile.pif
[D:\]
[AutoRun]
open=pagefile.pif
shellexecute=pagefile.pif
shell\Auto\command=pagefile.pif
[E:\]
[AutoRun]
open=pagefile.pif
shellexecute=pagefile.pif
shell\Auto\command=pagefile.pif
[F:\]
[AutoRun]
open=pagefile.pif
shellexecute=pagefile.pif
shell\Auto\command=pagefile.pif

==================================
HOSTS 文件
N/A

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

感谢大虾朋友相助，还有一个现象，就是C盘，D盘，E盘，F盘左键双击打不开，再次感谢