前几日中了病毒，开机速度奇慢，又经常死机，常弹出“IExporer出错”的提示框，后来查看“Windows 任务管理器”，发现有“SVOHOST.EXE”运行，用瑞星杀毒，杀了30个，包括“Backdoor.Agent.djg”,“Trojan.Psw.QQPass.Pod”，“Trojan.Psw.QQPass.Ppx”，“Trojan.Psw.QQPass.gen”病毒。

后来发现还有病毒，就用瑞星的专杀工具杀毒（安全模式），后来发现在正常模式下，“SVOHOST.EXE”依然运行，我反复用专杀工具杀毒都没效，心淡


望斑竹，各路高人指点，拯救我这个无助的受害者！

以下是我的扫描日记：
HijackThis_815汉化版扫描日志 V1.99.1
保存于      18:33:51, 日期 2006-08-12
操作系统：  Windows XP SP2 (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\rising\rfw\RfwMain.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\intenet.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\Program Files\ChinaNet\VnetClient.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Thunder Network\Thunder\Thunder.exe
C:\Program Files\Rising\Rav\RsAgent.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\user\LOCALS~1\Temp\Rar$EX00.172\HijackThis1991zww.exe

R3 - URLSearchHook: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll
R3 - URLSearchHook: (no name) - {090E64FB-402F-4D64-8AE4-6399E7CB6CB4} - C:\WINDOWS\system32\Kkynl.dll (file missing)
R3 - URLSearchHook: (no name) - {6BD45EFC-865D-444B-989B-B02D4225AEC8} - C:\WINDOWS\system32\Kpxiw.dll (file missing)
R3 - URLSearchHook: (no name) - {8B299D65-7544-424C-8D06-DB53D7BE35AA} - C:\WINDOWS\system32\Jzoc.dll
R3 - URLSearchHook: (no name) - {3F965624-0D44-4087-9128-B53D756665BA} - C:\WINDOWS\system32\Ilfg.dll
R3 - URLSearchHook: (no name) - {7A3921AA-4A80-40A9-840A-2750F7893E8E} - C:\WINDOWS\system32\Qwtx.dll
R3 - URLSearchHook: (no name) - {B453A798-9C5A-49AC-8CA4-6561A3B1D38B} - C:\WINDOWS\system32\Lkav.dll (file missing)
R3 - URLSearchHook: (no name) - {A92095D3-6ADE-49E3-9822-2FEF9D1DDE21} - C:\WINDOWS\system32\Ajith.dll (file missing)
R3 - URLSearchHook: (no name) - {24A81D5F-709F-4D14-A60B-0A862565D31C} - C:\WINDOWS\system32\Qeel.dll (file missing)
R3 - URLSearchHook: (no name) - {C61C3B89-893E-4530-A69A-7B2C20772FDD} - C:\WINDOWS\system32\Afawr.dll (file missing)
R3 - URLSearchHook: (no name) - {6CF1C065-0714-4AD6-8121-AE528D341280} - C:\WINDOWS\system32\Zvokxw.dll (file missing)
R3 - URLSearchHook: (no name) - {F903291B-AC01-4C54-AF5B-155ABF5EE9D2} - C:\WINDOWS\system32\Bvlt.dll (file missing)
R3 - URLSearchHook: (no name) - {4DD94C39-98D8-4C11-AD73-5FB1955B55AD} - C:\WINDOWS\system32\Olqjtr.dll (file missing)
R3 - URLSearchHook: (no name) - {93AA8AD1-B02D-48AA-8131-0ECE901887E7} - C:\WINDOWS\system32\Xwhpd.dll (file missing)
R3 - URLSearchHook: (no name) - {C7125EC4-E6E9-449E-9342-D08E37FC8468} - C:\WINDOWS\system32\Kvufxw.dll (file missing)
R3 - URLSearchHook: (no name) - {648C4499-D6D4-43FB-9888-FB8B5F9C87E4} - C:\WINDOWS\system32\Zynam.dll (file missing)
R3 - URLSearchHook: (no name) - {964297FF-7E3A-46C6-969C-604A1DB25DD8} - C:\WINDOWS\system32\Qazov.dll (file missing)
R3 - URLSearchHook: (no name) - {0EB8AF41-71EC-42D6-B457-A654FFD3C009} - C:\WINDOWS\system32\Eitcl.dll (file missing)
R3 - URLSearchHook: (no name) - {7E94FA0D-5CC7-4221-B3C1-3F0A1096E274} - C:\WINDOWS\system32\Yxxvd.dll
R3 - URLSearchHook: (no name) - {F8CAF375-7F0E-42E3-A49F-5F630414372A} - C:\WINDOWS\system32\Atqg.dll
R3 - URLSearchHook: (no name) - {D14D7FAF-8ABC-4230-8CEB-05E41B0071E7} - C:\WINDOWS\system32\Yrlfh.dll
R3 - URLSearchHook: (no name) - {225416E0-67B4-4406-9010-02657444A395} - C:\WINDOWS\system32\Abni.dll
R3 - URLSearchHook: (no name) - {CCB83C84-62E1-4083-9FAF-C3B6AE327240} - C:\WINDOWS\system32\Dqhse.dll
R3 - URLSearchHook: (no name) - {F421DAC9-35E0-43BF-9198-28B578CABE7E} - C:\WINDOWS\system32\Agcxeu.dll
R3 - URLSearchHook: (no name) - {ECB90875-C673-4F8F-AD40-FDDD3AB05418} - C:\WINDOWS\system32\Rgtlty.dll
R3 - URLSearchHook: Tencent SearchHook - {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - C:\Program Files\TENCENT\Adplus\SSAddr.dll
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v14.dll
O2 - BHO: (no name) - {090E64FB-402F-4D64-8AE4-6399E7CB6CB4} - C:\WINDOWS\system32\Kkynl.dll (file missing)
O2 - BHO: 搜搜地址栏搜索 - {0C7C23EF-A848-485B-873C-0ED954731014} - C:\Program Files\TENCENT\Adplus\SSAddr.dll
O2 - BHO: (no name) - {0EB8AF41-71EC-42D6-B457-A654FFD3C009} - C:\WINDOWS\system32\Eitcl.dll (file missing)
O2 - BHO: (no name) - {225416E0-67B4-4406-9010-02657444A395} - C:\WINDOWS\system32\Abni.dll
O2 - BHO: (no name) - {24A81D5F-709F-4D14-A60B-0A862565D31C} - C:\WINDOWS\system32\Qeel.dll (file missing)
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll
O2 - BHO: CNNIC_IDN - {35980F6E-A137-4E50-953D-813BB8556899} - C:\PROGRA~1\CNNIC\Cdn\cdniehlp.dll
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll
O2 - BHO: (no name) - {3F965624-0D44-4087-9128-B53D756665BA} - C:\WINDOWS\system32\Ilfg.dll
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll
O2 - BHO: (no name) - {4DD94C39-98D8-4C11-AD73-5FB1955B55AD} - C:\WINDOWS\system32\Olqjtr.dll (file missing)
O2 - BHO: VnetCookie Class - {4E83D567-4697-4F7B-B1F0-A513B01DB89A} - c:\PROGRA~1\chinanet\VNETTR~1.DLL
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
O2 - BHO: (no name) - {648C4499-D6D4-43FB-9888-FB8B5F9C87E4} - C:\WINDOWS\system32\Zynam.dll (file missing)
O2 - BHO: (no name) - {669751ED-D558-49AE-B01A-3B374CC7910E} - C:\WINDOWS\system32\ssup.dll
O2 - BHO: (no name) - {6BD45EFC-865D-444B-989B-B02D4225AEC8} - C:\WINDOWS\system32\Kpxiw.dll (file missing)
O2 - BHO: (no name) - {6CF1C065-0714-4AD6-8121-AE528D341280} - C:\WINDOWS\system32\Zvokxw.dll (file missing)
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dll
O2 - BHO: (no name) - {7A3921AA-4A80-40A9-840A-2750F7893E8E} - C:\WINDOWS\system32\Qwtx.dll
O2 - BHO: (no name) - {7E94FA0D-5CC7-4221-B3C1-3F0A1096E274} - C:\WINDOWS\system32\Yxxvd.dll
O2 - BHO: (no name) - {8B299D65-7544-424C-8D06-DB53D7BE35AA} - C:\WINDOWS\system32\Jzoc.dll
O2 - BHO: (no name) - {93AA8AD1-B02D-48AA-8131-0ECE901887E7} - C:\WINDOWS\system32\Xwhpd.dll (file missing)
O2 - BHO: (no name) - {964297FF-7E3A-46C6-969C-604A1DB25DD8} - C:\WINDOWS\system32\Qazov.dll (file missing)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: (no name) - {A92095D3-6ADE-49E3-9822-2FEF9D1DDE21} - C:\WINDOWS\system32\Ajith.dll (file missing)
O2 - BHO: (no name) - {B453A798-9C5A-49AC-8CA4-6561A3B1D38B} - C:\WINDOWS\system32\Lkav.dll (file missing)
O2 - BHO: (no name) - {C61C3B89-893E-4530-A69A-7B2C20772FDD} - C:\WINDOWS\system32\Afawr.dll (file missing)
O2 - BHO: (no name) - {C7125EC4-E6E9-449E-9342-D08E37FC8468} - C:\WINDOWS\system32\Kvufxw.dll (file missing)
O2 - BHO: (no name) - {CCB83C84-62E1-4083-9FAF-C3B6AE327240} - C:\WINDOWS\system32\Dqhse.dll
O2 - BHO: (no name) - {D14D7FAF-8ABC-4230-8CEB-05E41B0071E7} - C:\WINDOWS\system32\Yrlfh.dll
O2 - BHO: (no name) - {ECB90875-C673-4F8F-AD40-FDDD3AB05418} - C:\WINDOWS\system32\Rgtlty.dll
O2 - BHO: (no name) - {F421DAC9-35E0-43BF-9198-28B578CABE7E} - C:\WINDOWS\system32\Agcxeu.dll
O2 - BHO: WMHlprObj Class - {F5824EFB-728A-4726-A5A5-85A68B20EDC3} - C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll
O2 - BHO: (no name) - {F8CAF375-7F0E-42E3-A49F-5F630414372A} - C:\WINDOWS\system32\Atqg.dll
O2 - BHO: (no name) - {F903291B-AC01-4C54-AF5B-155ABF5EE9D2} - C:\WINDOWS\system32\Bvlt.dll (file missing)
O3 - IE工具栏增项: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - IE工具栏增项: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - C:\Program Files\Kingsoft\FastAIT 2005\IEBand.dll
O3 - IE工具栏增项: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll
O3 - IE工具栏增项: MSN 工具栏 - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\zh-cn\msntb.dll
O3 - IE工具栏增项: BitComet工具栏 - {3F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Program Files\BitComet\BitCometBar\BitCometBar0.5.dll
O3 - IE工具栏增项: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\baidubar.dll

O4 - 启动项HKLM\\Run: [SoundMan] SOUNDMAN.EXE
O4 - 启动项HKLM\\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - 启动项HKLM\\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - 启动项HKLM\\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - 启动项HKLM\\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - 启动项HKLM\\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - 启动项HKLM\\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - 启动项HKLM\\Run: [stup.exe] C:\PROGRA~1\TENCENT\Adplus\stup.exe
O4 - 启动项HKLM\\Run: [intenet] C:\WINDOWS\system32\intenet.exe
O4 - 启动项HKLM\\RunOnce: [RavStub] "C:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: 腾讯QQ.lnk = C:\Program Files\Tencent\QQ\QQ.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: 星空极速.lnk = C:\Program Files\ChinaNet\VnetClient.exe
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\getallurl.htm
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - IE右键菜单中的新增项目: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 添加到雅虎订阅(&Y) - res://C:\Program Files\Yahoo!\Assistant\Assist\yrss.dll/YRSSMENUEXT
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - IE右键菜单中的新增项目: 解霸实时播放 - C:\HEROSOFT\Hero3000\MPURLGET.HTM
O8 - IE右键菜单中的新增项目: 访问通用网址 - C:\Program Files\CNNIC\Cdn\cnnic.htm
O8 - IE右键菜单中的新增项目: 雅虎搜索 - res://C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll/246
O9 - 浏览器额外的按钮: 中文上网 - {35980F6E-A137-4E50-953D-813BB8556899} - C:\PROGRA~1\CNNIC\Cdn\cdniehlp.dll
O9 - 浏览器额外的“工具”菜单项: 中文上网 - {35980F6E-A137-4E50-953D-813BB8556899} - C:\PROGRA~1\CNNIC\Cdn\cdniehlp.dll
O9 - 浏览器额外的按钮: 解霸 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\HEROSOFT\Hero3000\MPLAYER.EXE
O9 - 浏览器额外的“工具”菜单项: 超级解霸 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\HEROSOFT\Hero3000\MPLAYER.EXE
O9 - 浏览器额外的按钮: 番茄花园 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://tomatolei.com (file missing)
O9 - 浏览器额外的按钮: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的按钮: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - 浏览器额外的“工具”菜单项: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - 浏览器额外的按钮: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O10 - 未知的文件在 Winsock LSP: c:\windows\system32\cdnns.dll
O11 - Options group: [TBH] 搜搜地址栏搜索
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1155140727062
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab
O16 - DPF: {EDEDED2E-A0A6-4085-BC52-A95255A96DBD} (CyImgChinaCtl Class) - http://fs1.cyworld.com.cn/common/activex/CyImgChina.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6BB2096B-EB15-4C13-A151-E429F305E92A}: NameServer = 61.144.56.101 202.96.128.166
O18 - 列举现有的协议: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - NT 服务: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe

2006-08-12,20:04:23

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <SoundMan><SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]
    <IgfxTray><C:\WINDOWS\system32\igfxtray.exe>  [Intel Corporation]
    <HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe>  [Intel Corporation]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <NeroFilterCheck><C:\WINDOWS\system32\NeroCheck.exe>  [Ahead Software Gmbh]
    <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [Microsoft Corporation]
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  []
    <stup.exe><C:\PROGRA~1\TENCENT\Adplus\stup.exe>  [Tencent]
    <intenet><C:\WINDOWS\system32\intenet.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <RavStub><"C:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><EXPLORER.EXE>  [Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\Userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><"\Program Files\Logonui\Royale.exe">  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
    <{090E64FB-402F-4D64-8AE4-6399E7CB6CB4}><C:\WINDOWS\system32\Kkynl.dll>  []
    <{6BD45EFC-865D-444B-989B-B02D4225AEC8}><C:\WINDOWS\system32\Kpxiw.dll>  []
    <{8B299D65-7544-424C-8D06-DB53D7BE35AA}><C:\WINDOWS\system32\Jzoc.dll>  []
    <{3F965624-0D44-4087-9128-B53D756665BA}><C:\WINDOWS\system32\Ilfg.dll>  []
    <{7A3921AA-4A80-40A9-840A-2750F7893E8E}><C:\WINDOWS\system32\Qwtx.dll>  []
    <{B453A798-9C5A-49AC-8CA4-6561A3B1D38B}><C:\WINDOWS\system32\Lkav.dll>  []
    <{A92095D3-6ADE-49E3-9822-2FEF9D1DDE21}><C:\WINDOWS\system32\Ajith.dll>  []
    <{24A81D5F-709F-4D14-A60B-0A862565D31C}><C:\WINDOWS\system32\Qeel.dll>  []
    <{C61C3B89-893E-4530-A69A-7B2C20772FDD}><C:\WINDOWS\system32\Afawr.dll>  []
    <{6CF1C065-0714-4AD6-8121-AE528D341280}><C:\WINDOWS\system32\Zvokxw.dll>  []
    <{F903291B-AC01-4C54-AF5B-155ABF5EE9D2}><C:\WINDOWS\system32\Bvlt.dll>  []
    <{4DD94C39-98D8-4C11-AD73-5FB1955B55AD}><C:\WINDOWS\system32\Olqjtr.dll>  []
    <{93AA8AD1-B02D-48AA-8131-0ECE901887E7}><C:\WINDOWS\system32\Xwhpd.dll>  []
    <{C7125EC4-E6E9-449E-9342-D08E37FC8468}><C:\WINDOWS\system32\Kvufxw.dll>  []
    <{648C4499-D6D4-43FB-9888-FB8B5F9C87E4}><C:\WINDOWS\system32\Zynam.dll>  []
    <{964297FF-7E3A-46C6-969C-604A1DB25DD8}><C:\WINDOWS\system32\Qazov.dll>  []
    <{0EB8AF41-71EC-42D6-B457-A654FFD3C009}><C:\WINDOWS\system32\Eitcl.dll>  []
    <{7E94FA0D-5CC7-4221-B3C1-3F0A1096E274}><C:\WINDOWS\system32\Yxxvd.dll>  []
    <{F8CAF375-7F0E-42E3-A49F-5F630414372A}><C:\WINDOWS\system32\Atqg.dll>  []
    <{D14D7FAF-8ABC-4230-8CEB-05E41B0071E7}><C:\WINDOWS\system32\Yrlfh.dll>  []
    <{225416E0-67B4-4406-9010-02657444A395}><C:\WINDOWS\system32\Abni.dll>  []
    <{CCB83C84-62E1-4083-9FAF-C3B6AE327240}><C:\WINDOWS\system32\Dqhse.dll>  []
    <{F421DAC9-35E0-43BF-9198-28B578CABE7E}><C:\WINDOWS\system32\Agcxeu.dll>  []
    <{ECB90875-C673-4F8F-AD40-FDDD3AB05418}><C:\WINDOWS\system32\Rgtlty.dll>  []
    <{F3D0D422-CE6D-47B3-9CE6-C54DD63F1ADB}><C:\Program Files\Internet Explorer\PLUGINS\new123.sys>  []
    <{1A404685-7563-4d02-B0F6-58B308A406A9}><c:\program files\cnnic\cdn\vulgoqgg.dll>  []
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINDOWS\LOTRHO~1.SCR>  [MacSourcery]

2006-08-12,20:04:23

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <SoundMan><SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]
    <IgfxTray><C:\WINDOWS\system32\igfxtray.exe>  [Intel Corporation]
    <HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe>  [Intel Corporation]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <NeroFilterCheck><C:\WINDOWS\system32\NeroCheck.exe>  [Ahead Software Gmbh]
    <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [Microsoft Corporation]
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  []
    <stup.exe><C:\PROGRA~1\TENCENT\Adplus\stup.exe>  [Tencent]
    <intenet><C:\WINDOWS\system32\intenet.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <RavStub><"C:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><EXPLORER.EXE>  [Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\Userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><"\Program Files\Logonui\Royale.exe">  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
    <{090E64FB-402F-4D64-8AE4-6399E7CB6CB4}><C:\WINDOWS\system32\Kkynl.dll>  []
    <{6BD45EFC-865D-444B-989B-B02D4225AEC8}><C:\WINDOWS\system32\Kpxiw.dll>  []
    <{8B299D65-7544-424C-8D06-DB53D7BE35AA}><C:\WINDOWS\system32\Jzoc.dll>  []
    <{3F965624-0D44-4087-9128-B53D756665BA}><C:\WINDOWS\system32\Ilfg.dll>  []
    <{7A3921AA-4A80-40A9-840A-2750F7893E8E}><C:\WINDOWS\system32\Qwtx.dll>  []
    <{B453A798-9C5A-49AC-8CA4-6561A3B1D38B}><C:\WINDOWS\system32\Lkav.dll>  []
    <{A92095D3-6ADE-49E3-9822-2FEF9D1DDE21}><C:\WINDOWS\system32\Ajith.dll>  []
    <{24A81D5F-709F-4D14-A60B-0A862565D31C}><C:\WINDOWS\system32\Qeel.dll>  []
    <{C61C3B89-893E-4530-A69A-7B2C20772FDD}><C:\WINDOWS\system32\Afawr.dll>  []
    <{6CF1C065-0714-4AD6-8121-AE528D341280}><C:\WINDOWS\system32\Zvokxw.dll>  []
    <{F903291B-AC01-4C54-AF5B-155ABF5EE9D2}><C:\WINDOWS\system32\Bvlt.dll>  []
    <{4DD94C39-98D8-4C11-AD73-5FB1955B55AD}><C:\WINDOWS\system32\Olqjtr.dll>  []
    <{93AA8AD1-B02D-48AA-8131-0ECE901887E7}><C:\WINDOWS\system32\Xwhpd.dll>  []
    <{C7125EC4-E6E9-449E-9342-D08E37FC8468}><C:\WINDOWS\system32\Kvufxw.dll>  []
    <{648C4499-D6D4-43FB-9888-FB8B5F9C87E4}><C:\WINDOWS\system32\Zynam.dll>  []
    <{964297FF-7E3A-46C6-969C-604A1DB25DD8}><C:\WINDOWS\system32\Qazov.dll>  []
    <{0EB8AF41-71EC-42D6-B457-A654FFD3C009}><C:\WINDOWS\system32\Eitcl.dll>  []
    <{7E94FA0D-5CC7-4221-B3C1-3F0A1096E274}><C:\WINDOWS\system32\Yxxvd.dll>  []
    <{F8CAF375-7F0E-42E3-A49F-5F630414372A}><C:\WINDOWS\system32\Atqg.dll>  []
    <{D14D7FAF-8ABC-4230-8CEB-05E41B0071E7}><C:\WINDOWS\system32\Yrlfh.dll>  []
    <{225416E0-67B4-4406-9010-02657444A395}><C:\WINDOWS\system32\Abni.dll>  []
    <{CCB83C84-62E1-4083-9FAF-C3B6AE327240}><C:\WINDOWS\system32\Dqhse.dll>  []
    <{F421DAC9-35E0-43BF-9198-28B578CABE7E}><C:\WINDOWS\system32\Agcxeu.dll>  []
    <{ECB90875-C673-4F8F-AD40-FDDD3AB05418}><C:\WINDOWS\system32\Rgtlty.dll>  []
    <{F3D0D422-CE6D-47B3-9CE6-C54DD63F1ADB}><C:\Program Files\Internet Explorer\PLUGINS\new123.sys>  []
    <{1A404685-7563-4d02-B0F6-58B308A406A9}><c:\program files\cnnic\cdn\vulgoqgg.dll>  []
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINDOWS\LOTRHO~1.SCR>  [MacSourcery]