可恨的是是查也查不到……

无语……

我可怜的电脑与人民币

文件全部找出来删掉了
但还会自动生成
装了瑞星以后就变本加利了，本来不到10条文件，在装瑞星的过程中他就大量繁殖，现在已经超过100条了
无语……
俺买的可是正版的……

图片看不清楚的，可以点击放大，或者另存为 谢谢

日志 没做任何修改，没什么好修改的，电脑中除了电影和资料，基本没什么秘密

谢谢各位高手挺身而出


2006-06-11,12:55:43

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows Millennium Edition -

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <Torjan Program><C:\WINDOWS\WINLOGON.EXE>  [XMZ]
    <shoket><C:\WINDOWS\SYSTEM\SHELLEXT\SPOOLSV.EXE>  []
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
    <Torjan Program><C:\WINDOWS\WINLOGON.EXE>  [XMZ]
    <Intnet><C:\WINDOWS\Intnet.exe>  []
    <RsCcenter><"C:\Program Files\Rising\Rav\CCenter.exe">  [Beijing Rising Technology Co., Ltd.]
    <RavMond><"C:\Program Files\Rising\Rav\RavMond.exe">  [Beijing Rising Technology Co., Ltd.]
    <RavMon><"C:\Program Files\Rising\Rav\RavMon.exe" -system>  [Beijing Rising Technology Co., Ltd.]

==================================
启动文件夹
服务

==================================
浏览器加载项
[NTIECatcher Class]
  {C56CB6B0-0D96-11D6-8C65-B2868B609932} <C:\PROGRAM FILES\XI\NETTRANSPORT 2\NTIEHELPER.DLL, Xi>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\ACROBAT\ACTIVEX\ACROIEHELPER.OCX, (>
[DragSearch BHO]
  {62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\YAHOO!\ASSIST~1\ASSIST\YDRAGS~1.DLL, N/A>
[]
  {A9930D97-9CF0-42A0-A10D-4F28836579D5} <G:\音乐库\KuGoo3\KuGoo3DownXControl.ocx, N/A>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\PROGRA~1\MESSEN~1\MSMSGS.EXE, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH8B.OCX, Macromedia, Inc.>
[使用影音传送带下载]
  <C:\Program Files\Xi\NetTransport 2\NTAddLink.html, N/A>
[使用影音传送带下载全部链接]
  <C:\Program Files\Xi\NetTransport 2\NTAddList.html, N/A>
[使用KuGoo3下载(&K)]
  <G:\音乐库\KUGOO3\KuGoo3DownX.htm, N/A>

==================================
正在运行的进程
    [C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\MSINFO.RX]  <N/A><N/A>
[PID: 4294964521][C:\WINDOWS\SYSTEM\MPREXE.EXE]  <Microsoft Corporation><4.90.3000>
    [C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\MSINFO.RX]  <N/A><N/A>
    [C:\PROGRAM FILES\RISING\RAV\RAVSCRCH.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
    [C:\WINDOWS\SYSTEM\DHCPCSVC.DLL]  <N/A><N/A>
    [C:\WINDOWS\SYSTEM\NETBIOS.DLL]  <N/A><N/A>
[PID: 4294844861][C:\WINDOWS\WINLOGON.EXE]  <XMZ><0.00.0072>
    [C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\MSINFO.RX]  <N/A><N/A>
[PID: 4294843985][C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
    [C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\MSINFO.RX]  <N/A><N/A>
    [C:\PROGRAM FILES\RISING\RAV\EXTOLE.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [C:\PROGRAM FILES\RISING\RAV\UNPACKER.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
    [C:\PROGRAM FILES\RISING\RAV\SCANEXEC.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
    [C:\PROGRAM FILES\RISING\RAV\SCANSCT.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
    [C:\PROGRAM FILES\RISING\RAV\SCANMAC.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
    [C:\PROGRAM FILES\RISING\RAV\NVFILE.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
    [C:\PROGRAM FILES\RISING\RAV\SCANEX.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [C:\PROGRAM FILES\RISING\RAV\UNEXE.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
    [C:\PROGRAM FILES\RISING\RAV\POSTTRT.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [C:\PROGRAM FILES\RISING\RAV\ENGINE.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 26>
    [C:\PROGRAM FILES\RISING\RAV\SPAMENG.DLL]  <N/A><18, 0, 0, 6>
    [C:\PROGRAM FILES\RISING\RAV\MAILMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [C:\PROGRAM FILES\RISING\RAV\MEMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 8>
    [C:\PROGRAM FILES\RISING\RAV\HOOKWEB.DLL]  <rising><18, 0, 0, 1>
    [C:\PROGRAM FILES\RISING\RAV\REGMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
    [C:\PROGRAM FILES\RISING\RAV\VIRUSLIB.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [C:\PROGRAM FILES\RISING\RAV\LIBLOAD.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [C:\PROGRAM FILES\RISING\RAV\SCANNER.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 28>
    [C:\PROGRAM FILES\RISING\RAV\HOOKSYS.DLL]  <Rising><18, 1, 0, 9>
    [C:\PROGRAM FILES\RISING\RAV\RSLOG.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 18>
    [C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\PROGRAM FILES\RISING\RAV\CFGDLL.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [C:\PROGRAM FILES\RISING\RAV\RSCOMMX.DLL]  <rising><18, 0, 0, 1>
[PID: 4294863565][C:\PROGRAM FILES\RISING\RAV\RAVMOND.EXE]  <Beijing Rising Technology Co., Ltd.><18, 0, 1, 16>
    [C:\PROGRAM FILES\RISING\RAV\BWLIST.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 16>
    [C:\WINDOWS\SYSTEM\NETBIOS.DLL]  <N/A><N/A>
    [C:\WINDOWS\SYSTEM\DHCPCSVC.DLL]  <N/A><N/A>
    [C:\WINDOWS\HELP\MSHOOK.DLL]  <N/A><N/A>
    [C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\MSINFO.RX]  <N/A><N/A>
    [C:\PROGRAM FILES\RISING\RAV\PNGDLL.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [C:\PROGRAM FILES\RISING\RAV\RSCOMMX.DLL]  <rising><18, 0, 0, 1>
    [C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\PROGRAM FILES\RISING\RAV\CFGDLL.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[PID: 4294857665][C:\PROGRAM FILES\RISING\RAV\RAVMON.EXE]  <Beijing Rising Technology Co., Ltd.><18, 0, 1, 16>
    [C:\PROGRAM FILES\RISING\RAV\BWLIST.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 16>
    [C:\WINDOWS\SYSTEM\NETBIOS.DLL]  <N/A><N/A>
    [C:\PROGRAM FILES\RISING\RAV\RSGUILIB.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 23>
    [C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\MSINFO.RX]  <N/A><N/A>
    [G:\音乐库\KUGOO3\KUGOO3DOWNXCONTROL.OCX]  <N/A><N/A>
    [C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\ACROBAT\ACTIVEX\ACROIEHELPER.OCX]  <(><1, 0, 0, 1>
    [C:\PROGRAM FILES\XI\NETTRANSPORT 2\NTIEHELPER.DLL]  <Xi><1.91.12>
    [C:\PROGRAM FILES\WINRAR\RAREXT.DLL]  <N/A><N/A>
    [C:\WINDOWS\SYSTEM\RAVEXT.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
    [C:\WINDOWS\HELP\MSHOOK.DLL]  <N/A><N/A>
    [C:\WINDOWS\SYSTEM\DCIMAN32.DLL]  <Intel(R) Corp., Microsoft Corp.><4.90.3000>
    [C:\PROGRAM FILES\RISING\RAV\RAVSCRCH.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
    [C:\WINDOWS\SYSTEM\DHCPCSVC.DLL]  <N/A><N/A>
    [C:\WINDOWS\SYSTEM\NETBIOS.DLL]  <N/A><N/A>
    [C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\MSINFO.RX]  <N/A><N/A>
[PID: 4294963949][C:\WINDOWS\EXPLORER.EXE]  <Microsoft Corporation><5.50.4134.100>
    [C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\MSINFO.RX]  <N/A><N/A>
    [C:\WINDOWS\SYSTEM\DHCPCSVC.DLL]  <N/A><N/A>
    [C:\WINDOWS\SYSTEM\NETBIOS.DLL]  <N/A><N/A>
[PID: 4294962313][C:\WINDOWS\SYSTEM\RPCSS.EXE]  <Microsoft Corporation><4.71.3328>
    [C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\MSINFO.RX]  <N/A><N/A>
    [C:\PROGRAM FILES\RISING\RAV\RSCOMMX.DLL]  <rising><18, 0, 0, 1>
    [C:\PROGRAM FILES\RISING\RAV\CFGDLL.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[PID: 4293981657][C:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
    [C:\PROGRAM FILES\RISING\RAV\RSCOMMX.DLL]  <rising><18, 0, 0, 1>
    [C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\MSINFO.RX]  <N/A><N/A>
[PID: 4172167413][C:\PROGRAM FILES\RISING\RAV\RSAGENT.EXE]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 12>
    [C:\WINDOWS\SYSTEM\DHCPCSVC.DLL]  <N/A><N/A>
    [C:\WINDOWS\HELP\MSHOOK.DLL]  <N/A><N/A>
    [C:\WINDOWS\SYSTEM\NETBIOS.DLL]  <N/A><N/A>
    [C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\MSINFO.RX]  <N/A><N/A>
[PID: 4172172041][C:\WINDOWS\MSAGENT\AGENTSVR.EXE]  <Microsoft Corporation><2.00.0.2202>
    [C:\WINDOWS\SYSTEM\MACROMED\COMMON\SWSUPPORT.DLL]  <Macromedia, Inc.><8.0r196>
    [C:\WINDOWS\HELP\MSHOOK.DLL]  <N/A><N/A>
    [C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH8B.OCX]  <Macromedia, Inc.><8,0,24,0>
    [C:\PROGRAM FILES\RISING\RAV\RAVSCRCH.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
    [C:\WINDOWS\SYSTEM\DHCPCSVC.DLL]  <N/A><N/A>
    [C:\WINDOWS\SYSTEM\NETBIOS.DLL]  <N/A><N/A>
    [G:\音乐库\KUGOO3\KUGOO3DOWNXCONTROL.OCX]  <N/A><N/A>
    [C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\ACROBAT\ACTIVEX\ACROIEHELPER.OCX]  <(><1, 0, 0, 1>
    [C:\PROGRAM FILES\XI\NETTRANSPORT 2\NTIEHELPER.DLL]  <Xi><1.91.12>
    [C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\MSINFO.RX]  <N/A><N/A>
[PID: 4186412605][C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE]  <Microsoft Corporation><6.00.2800.1106>
    [C:\WINDOWS\SYSTEM\I81XDD.DLL]  <Intel Corporation><4.12.01.2570>
    [C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\MSINFO.RX]  <N/A><N/A>
[PID: 4184460865][C:\WINDOWS\SYSTEM\DDHELP.EXE]  <Microsoft Corporation><4.08.01.0881>
    [C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\MSINFO.RX]  <N/A><N/A>
    [C:\WINDOWS\HELP\ZTHOOK.DLL]  <N/A><N/A>
    [C:\WINDOWS\SYSTEM\NETBIOS.DLL]  <N/A><N/A>
[PID: 4082754725][C:\WINDOWS\TEMP\1.EXE]  <N/A><N/A>
    [C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\MSINFO.RX]  <N/A><N/A>
    [C:\WINDOWS\HELP\MSHOOK.DLL]  <N/A><N/A>
    [C:\WINDOWS\SYSTEM\NETBIOS.DLL]  <N/A><N/A>
[PID: 4078807785][C:\WINDOWS\TEMP\2.EXE]  <N/A><N/A>
[PID: 4028638573][C:\WINDOWS\SYSTEM\PSTORES.EXE]  <Microsoft Corporation><5.00.2133.2>
    [C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\MSINFO.RX]  <N/A><N/A>
[PID: 4008257353][C:\WINDOWS\SYSTEM\STIMON.EXE]  <Microsoft Corporation><4.90.3000.1>
    [C:\WINDOWS\SYSTEM\DHCPCSVC.DLL]  <N/A><N/A>
    [C:\WINDOWS\HELP\MSHOOK.DLL]  <N/A><N/A>
    [C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\MSINFO.RX]  <N/A><N/A>
[PID: 4181908205][C:\WINDOWS\DESKTOP\SRENG2\SRENG2\SRENG.EXE]  <Smallfrogs Studio><2.0.21.505>
    [C:\WINDOWS\SYSTEM\NETBIOS.DLL]  <N/A><N/A>
    [C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\MSINFO.RX]  <N/A><N/A>
[PID: 4078200753][C:\WINDOWS\RUNDLL32.EXE]  <Microsoft Corporation><4.90.3000>

==================================
文件关联
.TXT  OK. [C:\WINDOWS\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [C:\WINDOWS\winhlp32.exe %1]
.INI  OK. [C:\WINDOWS\NOTEPAD.EXE %1]
.INF  OK. [C:\WINDOWS\NOTEPAD.EXE %1]
.VBS  OK. [C:\WINDOWS\WScript.exe "%1" %*]
.JS  OK. [C:\WINDOWS\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

这个Intnet.exe文件他就是罪魁祸首（删不掉）DOS下删了，重起就有，下面的文件也一样
Intnet.bak Intnet.log Intnet.sav
1.com 2.exe……
这些文件删了根本没用

哭！我技术最差，为什么每次中的病毒都是最厉害
好不容易下定决心去买个正版的，结果好没有任何作用
看来以后不必买什么杀毒软件了，直接FORMAT算了
失败的同时也失望……

假如是新病毒的话，有谁要原文件做研究的话，可以加我QQ：510725230 我想办法提出来传给他，没人要就格式化了  哭死……