瑞星杀毒查出病毒名为==ROOTKIT.VANTI.MN==
已经将能打的补丁打完尚有8个补丁未打好,3个未无处下载5个瑞星安装后还是不行,搞不明白怎么回事.
现在病毒将瑞星2006网络版的及时监控停掉,从新修复瑞星,从起电脑后自己在次从起挂掉及时监控.
现在只能断掉内网,不能从装系统,有部分软件手头没有不能从做系统.

下附扫描报告:


006-11-01,20:22:27

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 1 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <NiceMs><C:\Program Files\Common Files\Microsoft Shared\MSINFO\Launcher.exe>  [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <SoundMan><SOUNDMAN.EXE>  [(Verified)Realtek Semiconductor Corp.]
    <IgfxTray><C:\WINDOWS\System32\igfxtray.exe>  [(Verified)Intel Corporation]
    <HotKeysCmds><C:\WINDOWS\System32\hkcmd.exe>  [(Verified)Intel Corporation]
    <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
    <RealTray><C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER>  [N/A]
    <RavTray><"C:\Program Files\Rising\Rav\RavTray.exe">  [Rising]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <smsmod><rundll32.exe C:\WINDOWS\System32\smsmod.dll,start>  [N/A]
    <xy><C:\WINDOWS\Download\svhost32.exe>  [N/A]
    <rzt><C:\WINDOWS\Intel\rundll32.exe>  [N/A]
    <Tray><C:\WINDOWS\command\rundll32.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <Nice><C:\Program Files\Common Files\Microsoft Shared\MSINFO\svchost.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PCANotify]
    <WinlogonNotify: PCANotify><PCANotify.dll>  [Symantec Corporation]

==================================

启动文件夹
[通用112测试系统(GTS-II)--测试服务器]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\通用112测试系统(GTS-II)--测试服务器.lnk --> C:\WINDOWS\Installer\{0307FF0F-0C48-4F74-BB92-62953335A95F}\_58b026ca.exe [N/A]><N>

==================================
服务
[pcAnywhere Host Service / awhost32]
  <C:\Program Files\Symantec\pcAnywhere\awhost32.exe><Symantec Corporation>
[Human Interface Device Access / HidServ]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[RavService / RavService]
  <"C:\Program Files\Rising\Rav\RavService.exe" /service><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[awlegacy / awlegacy]
  <\SystemRoot\System32\Drivers\awlegacy.sys><Symantec Corporation>
[AW_HOST / AW_HOST]
  <system32\drivers\aw_host5.sys><Symantec Corporation>
[Rising TDI Base Driver / BaseTDI]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[basic2 / basic2]
  <System32\DRIVERS\HSF_BSC2.sys><Conexant>
[ExpScaner / ExpScaner]
  <\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[Fallback / Fallback]
  <System32\DRIVERS\HSF_FALL.sys><Conexant>
[Fsks / Fsks]
  <System32\DRIVERS\HSF_FSKS.sys><Conexant>
[Gernuwa / Gernuwa]
  <C:\WINDOWS\SYSTEM32\DRIVERS\Gernuwa.SYS><Symantec Corporation>
[hsf_msft / hsf_msft]
  <System32\DRIVERS\HSF_MSFT.sys><Conexant>
[ialm / ialm]
  <System32\DRIVERS\ialmnt5.sys><Intel Corporation>
[K56 / K56]
  <System32\DRIVERS\HSF_K56K.sys><Conexant>
[Direct Parallel Link Driver / Ptilink]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Rksample / Rksample]
  <System32\DRIVERS\HSF_SAMP.sys><Conexant>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
  <System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv]
  <System32\DRIVERS\secdrv.sys><N/A>
[SoftFax / SoftFax]
  <System32\DRIVERS\HSF_FAXX.sys><Conexant>
[SymEvent / SymEvent]
  <\??\C:\Program Files\Symantec\SYMEVENT.SYS><Symantec Corporation>
[Tones / Tones]
  <System32\DRIVERS\HSF_TONE.sys><Conexant>
[V124 / V124]
  <System32\DRIVERS\HSF_V124.sys><Conexant>

==================================
浏览器加载项
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[Real.com]
  {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} <C:\WINDOWS\System32\Shdocvw.dll, Microsoft Corporation>
[ACNSTAT Class]
  {79312BD7-AB1A-4730-829F-F43C984D0A9D} <C:\WINDOWS\System32\ACNSTAT.dll, >
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
正在运行的进程
[PID: 460][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 516][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 540][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.1557 (xpsp2_gdr.040517-1325)]
    [C:\WINDOWS\System32\ODBC32.dll]  [Microsoft Corporation, 3.520.9041.40]
    [C:\WINDOWS\system32\PCANotify.dll]  [Symantec Corporation, 10.5.1.505]
[PID: 592][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 604][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 756][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 780][C:\Program Files\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 796][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 908][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1172][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2800.1221 (xpsp2.030511-1403)]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\mymsok.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\tdll.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\xydll.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\ODBC32.dll]  [Microsoft Corporation, 3.520.9041.40]
    [C:\WINDOWS\System32\WMASF.DLL]  [Microsoft Corporation, 9.00.00.2980 built by: lab03_dev(bld4act)]
    [C:\WINDOWS\System32\igfxpph.dll]  [Intel Corporation, 3.0.0.3929]
    [C:\WINDOWS\System32\hccutils.DLL]  [Intel Corporation, 3.0.0.3929]
    [C:\WINDOWS\System32\igfxres.dll]  [Intel Corporation, 3.0.0.3929]
    [C:\WINDOWS\System32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.3929]
    [C:\WINDOWS\System32\igfxdev.dll]  [Intel Corporation, 3.0.0.3929]
    [C:\Program Files\Common Files\Microsoft Shared\Web Folders\2052\nsextint.dll]  [N/A, N/A]
[PID: 1240][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.1699 (xpsp2.050610-1533)]
    [C:\WINDOWS\system32\EBPMON2.DLL]  [SEIKO EPSON CORPORATION, 2, 20, 0, 0]
    [C:\WINDOWS\system32\mdimon.dll]  [Microsoft Corporation, 11.3.1897.0]
    [C:\WINDOWS\system32\awmon.dll]  [Symantec Corporation, 9.2.1]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll]  [Microsoft Corporation, 11.3.1897.0]
[PID: 1332][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1360][C:\Program Files\Symantec\pcAnywhere\awhost32.exe]  [Symantec Corporation, 10.5.1.505]
    [C:\Program Files\Symantec\pcAnywhere\Util.dll]  [Symantec Corporation, 10.5.1.505]
    [C:\Program Files\Symantec\pcAnywhere\InstData.dll]  [Symantec Corporation, 10.5.1.505]
    [C:\Program Files\Symantec\pcAnywhere\awcfgmgr.dll]  [Symantec Corporation, 10.5.1.505]
    [C:\Program Files\Symantec\pcAnywhere\S32PCAG.DLL]  [Symantec Corporation, 15.0.0.14]
    [C:\Program Files\Symantec\pcAnywhere\AWSES32.dll]  [Symantec Corporation, 10.5.1.505]
    [C:\Program Files\Symantec\pcAnywhere\awofrwrk.dll]  [Symantec Corporation, 10.5.1.505]
    [C:\Program Files\Symantec\pcAnywhere\awio.dll]  [Symantec Corporation, 10.5.1.505]
    [C:\Program Files\Symantec\pcAnywhere\dundata.dll]  [Symantec Corporation, 10.5.1.505]
    [C:\Program Files\Symantec\pcAnywhere\PowerMgr.dll]  [Symantec Corporation, 10.5.1.505]
    [C:\Program Files\Symantec\pcAnywhere\PCACMNDG.dll]  [Symantec Corporation, 10.5.1.505]
    [C:\Program Files\Symantec\pcAnywhere\awgui32.dll]  [Symantec Corporation, 10.5.1.505]
    [C:\Program Files\Symantec\pcAnywhere\AWDS32.dll]  [Symantec Corporation, 10.5.1.505]
    [C:\Program Files\Symantec\pcAnywhere\awcm32.dll]  [Symantec Corporation, 10.5.1.505]
    [C:\Program Files\Symantec\pcAnywhere\crypto.dll]  [Symantec Corporation, 10.5.1.505]
    [C:\Program Files\Symantec\pcAnywhere\awtime32.dll]  [Symantec Corporation, 10.5.1.505]
    [C:\Program Files\Symantec\pcAnywhere\pcaime.dll]  [Symantec Corporation, 10.5.1.505]
    [C:\Program Files\Symantec\pcAnywhere\AWHXPRB.dll]  [Symantec Corporation, 10.5.1.505]
    [C:\Program Files\Symantec\pcAnywhere\AWHPROBEDLL.dll]  [Symantec Corporation, 10.5.1.505]
    [C:\Program Files\Symantec\pcAnywhere\TrayIcon.dll]  [Symantec Corporation, 10.5.1.505]
    [C:\Program Files\Symantec\pcAnywhere\AWDSP32.dll]  [Symantec Corporation, 10.5.1.505]
    [C:\Program Files\Symantec\pcAnywhere\awcp.dll]  [Symantec Corporation, 10.5.1.505]
    [C:\Program Files\Symantec\pcAnywhere\IMPLODE.DLL]  [PKWare, 1, 0, 0, 1]
    [C:\Program Files\Symantec\pcAnywhere\AWHK32.dll]  [Symantec Corporation, 10.5.1.505]
    [C:\Program Files\Symantec\pcAnywhere\awRes-all.dll]  [Symantec Corporation, 10.5.1.505]
    [C:\Program Files\Common Files\Symantec Shared\ehandres.dll]  [Symantec Corporation, 10.5.1.505]
    [C:\Program Files\Symantec\pcAnywhere\awres-host.dll]  [Symantec Corporation, 10.5.1.505]
    [C:\Program Files\Symantec\pcAnywhere\AwioResources.dll]  [Symantec Corporation, 10.5.1.505]
    [C:\Program Files\Symantec\pcAnywhere\AWHPILOT.DLL]  [Symantec Corporation, 10.5.1.505]
    [C:\Program Files\Symantec\pcAnywhere\awlog32.dll]  [Symantec Corporation, 10.5.1.505]
    [C:\Program Files\Symantec\pcAnywhere\snmputil.dll]  [Symantec Corporation, 10.5.1.505]
    [C:\Program Files\Symantec\pcAnywhere\libsnmp.dll]  [Symantec Corporation, 10.5.1.505]
    [C:\Program Files\Symantec\pcAnywhere\AWCONN32.DLL]  [Symantec Corporation, 10.5.1.505]
    [C:\Program Files\Symantec\pcAnywhere\AW32TCP.DLL]  [Symantec Corporation, 10.5.1.505]
[PID: 1384][C:\Program Files\Common Files\Microsoft Shared\MSINFO\svchost.exe]  [N/A, N/A]
[PID: 1392][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5.1.0.30]
    [C:\WINDOWS\System32\tdll.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\xydll.dll]  [N/A, N/A]
[PID: 1400][C:\WINDOWS\System32\igfxtray.exe]  [Intel Corporation, 3.0.0.3929]
    [C:\WINDOWS\System32\hccutils.DLL]  [Intel Corporation, 3.0.0.3929]
    [C:\WINDOWS\System32\igfxdev.dll]  [Intel Corporation, 3.0.0.3929]
    [C:\WINDOWS\System32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.3929]
    [C:\WINDOWS\System32\igfxres.dll]  [Intel Corporation, 3.0.0.3929]
    [C:\WINDOWS\System32\igfxress.dll]  [Intel Corporation, 3.0.0.3929]
    [C:\WINDOWS\System32\tdll.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\xydll.dll]  [N/A, N/A]
[PID: 1408][C:\WINDOWS\System32\hkcmd.exe]  [Intel Corporation, 3.0.0.3929]
    [C:\WINDOWS\System32\hccutils.DLL]  [Intel Corporation, 3.0.0.3929]
    [C:\WINDOWS\System32\igfxdev.dll]  [Intel Corporation, 3.0.0.3929]
    [C:\WINDOWS\System32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.3929]
    [C:\WINDOWS\System32\igfxhk.dll]  [Intel Corporation, 3.0.0.3929]
    [C:\WINDOWS\System32\igfxres.dll]  [Intel Corporation, 3.0.0.3929]
    [C:\WINDOWS\System32\tdll.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\xydll.dll]  [N/A, N/A]

[PID: 1436][C:\Program Files\Real\RealPlayer\RealPlay.exe]  [RealNetworks, Inc., 6.0.9.450]
    [C:\WINDOWS\System32\PNCRT.dll]  [Real Networks, Inc, 6.0.0.0]
    [C:\Program Files\Real\RealPlayer\rpap3260.dll]  [RealNetworks, Inc., 6.0.9.496]
    [C:\Program Files\Common Files\Real\Common\pngu3266.dll]  [RealNetworks, Inc., 6.6.0.338]
    [C:\Program Files\Common Files\Real\Common\pnrs3260.dll]  [RealNetworks, Inc., 6.0.9.699]
    [C:\Program Files\Common Files\Real\Common\rpcl3260.dll]  [RealNetworks, Inc., 6.0.9.589]
    [C:\Program Files\Common Files\Real\Common\pnen3260.dll]  [RealNetworks, Inc., 6.0.7.1503]
    [C:\Program Files\Common Files\Real\Plugins\pnxr3260.dll]  [RealNetworks, Inc., 6.0.7.1630]
    [C:\Program Files\Real\RealPlayer\pngui_cn.dll]  [RealNetworks, Inc., 6.0.4.108]
    [C:\Program Files\Real\RealPlayer\psethvy_cn.dll]  [RealNetworks, Inc., 6.0.4.108]
    [C:\Program Files\Real\RealPlayer\rnath_cn.dll]  [RealNetworks, Inc., 6.0.4.108]
    [C:\Program Files\Real\RealPlayer\rnmsg_cn.dll]  [RealNetworks, Inc., 6.0.4.108]
    [C:\Program Files\Real\RealPlayer\rpclsvc_cn.dll]  [RealNetworks, Inc., 6.0.4.108]
    [C:\Program Files\Real\RealPlayer\rpmnpane_cn.dll]  [RealNetworks, Inc., 6.0.4.108]
    [C:\Program Files\Real\RealPlayer\rpdestpn_cn.dll]  [RealNetworks, Inc., 6.0.4.108]
    [C:\Program Files\Real\RealPlayer\rnereg_cn.dll]  [RealNetworks, Inc., 6.0.4.108]
    [C:\Program Files\Real\RealPlayer\rpapp_cn.dll]  [RealNetworks, Inc., 6.0.4.108]
    [C:\Program Files\Real\RealPlayer\rpclutil_cn.dll]  [RealNetworks, Inc., 6.0.4.108]
    [C:\Program Files\Common Files\Real\Common\rjbviz_cn.dll]  [RealNetworks, Inc., 6.0.4.108]
    [C:\Program Files\Real\RealPlayer\rpplus_cn.dll]  [RealNetworks, Inc., 6.0.4.108]
    [C:\Program Files\Real\RealPlayer\rpupgrd_cn.dll]  [RealNetworks, Inc., 6.0.4.108]
    [C:\Program Files\Real\RealPlayer\embedgui_cn.dll]  [RealNetworks, Inc., 6.0.4.108]
    [C:\Program Files\Real\RealPlayer\rnms3260.dll]  [RealNetworks, Inc., 6.0.8.557]
    [C:\Program Files\Real\RealPlayer\pnmi3260.dll]  [RealNetworks, Inc., 6.0.9.436]
    [C:\Program Files\Common Files\Real\Update\rnqu3260.dll]  [RealNetworks, Inc., 6.0.9.127]
    [C:\Program Files\Common Files\Real\Update\rpup3260.dll]  [RealNetworks, Inc., 6.0.9.503]
    [C:\Program Files\Common Files\Real\Update\upgr3260.dll]  [RealNetworks, Inc., 6.0.9.486]
    [C:\Program Files\Common Files\Real\Update\setu3260.dll]  [RealNetworks, Inc., 6.0.9.607]
    [C:\WINDOWS\System32\xydll.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\tdll.dll]  [N/A, N/A]
[PID: 1444][C:\Program Files\Rising\Rav\RavTray.exe]  [Rising, 18, 0, 0, 35]
    [C:\Program Files\Rising\Rav\RavUILib.dll]  [, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\RavTray936.dll]  [Rising, 18, 0, 0, 35]
    [C:\Program Files\Rising\Rav\RsCommx.dll]  [rising, 18, 0, 0, 1]
    [C:\WINDOWS\System32\tdll.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\xydll.dll]  [N/A, N/A]
[PID: 1456][C:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 22]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\WINDOWS\System32\ODBC32.dll]  [Microsoft Corporation, 3.520.9041.40]
    [C:\WINDOWS\System32\odbccp32.dll]  [Microsoft Corporation, 3.520.9041.40]
    [C:\WINDOWS\System32\tdll.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\xydll.dll]  [N/A, N/A]
[PID: 1556][C:\Program Files\Rising\Rav\RavService.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 43]
    [C:\Program Files\Rising\Rav\DLCenter.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 27]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\WINDOWS\System32\ODBC32.dll]  [Microsoft Corporation, 3.520.9041.40]
    [C:\WINDOWS\System32\odbccp32.dll]  [Microsoft Corporation, 3.520.9041.40]
[PID: 1652][C:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\tdll.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\xydll.dll]  [N/A, N/A]
[PID: 1564][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\xydll.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\tdll.dll]  [N/A, N/A]
[PID: 380][C:\Program Files\Common Files\Microsoft Shared\MSINFO\Sysremf.exe]  [N/A, N/A]
[PID: 868][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\xydll.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\tdll.dll]  [N/A, N/A]
[PID: 1088][C:\Program Files\Common Files\Microsoft Shared\MSINFO\Sysrema.exe]  [N/A, N/A]
    [C:\DOCUME~1\112\LOCALS~1\Temp\cky.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\xydll.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\tdll.dll]  [N/A, N/A]
[PID: 968][C:\Program Files\Common Files\Microsoft Shared\MSINFO\Sysreme.exe]  [N/A, N/A]
    [C:\DOCUME~1\112\LOCALS~1\Temp\ksd2.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\tdll.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\xydll.dll]  [N/A, N/A]
[PID: 3564][C:\WINDOWS\hh.exe]  [Microsoft Corporation, 5.2.3790.315 (srv03_gdr.050421-1728)]
    [C:\WINDOWS\System32\tdll.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\xydll.dll]  [N/A, N/A]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 3736][C:\Program Files\Rising\Rav\Rav.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 67]
    [C:\Program Files\Rising\Rav\PlugIn\RsPgScan.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\RavUI.Dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 59]
    [C:\Program Files\Rising\Rav\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 24]
    [C:\Program Files\Rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\System32\tdll.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\xydll.dll]  [N/A, N/A]
    [C:\Program Files\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 32]
    [C:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 18]
    [C:\Program Files\Rising\Rav\RavUIMsg.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 24]
    [C:\Program Files\Rising\Rav\PSAPI.DLL]  [Microsoft Corporation, 4.00]
    [C:\Program Files\Rising\Rav\RsStore.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\WINDOWS\System32\ODBC32.dll]  [Microsoft Corporation, 3.520.9041.40]
    [C:\WINDOWS\System32\odbccp32.dll]  [Microsoft Corporation, 3.520.9041.40]
    [C:\Program Files\Rising\Rav\RavQu.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 14]
[PID: 1468][C:\Documents and Settings\112\桌面\sreng2\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]
    [C:\WINDOWS\System32\tdll.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\xydll.dll]  [N/A, N/A]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1www.symantec.com
127.0.0.1securityresponse.symantec.com
127.0.0.1symantec.com
127.0.0.1www.sophos.com
127.0.0.1sophos.com
127.0.0.1www.mcafee.com
127.0.0.1mcafee.com
127.0.0.1liveupdate.symantecliveupdate.com
127.0.0.1www.viruslist.com
127.0.0.1viruslist.com
127.0.0.1viruslist.com
127.0.0.1f-secure.com
127.0.0.1www.f-secure.com
127.0.0.1kaspersky.com
127.0.0.1kaspersky-labs.com
127.0.0.1www.kaspersky.com
127.0.0.1www.networkassociates.com
127.0.0.1networkassociates.com
127.0.0.1www.ca.com
127.0.0.1ca.com
127.0.0.1mast.mcafee.com
127.0.0.1my-etrust.com
127.0.0.1www.my-etrust.com
127.0.0.1download.mcafee.com
127.0.0.1dispatch.mcafee.com
127.0.0.1secure.nai.com
127.0.0.1nai.com
127.0.0.1www.nai.com
127.0.0.1update.symantec.com
127.0.0.1updates.symantec.com
127.0.0.1us.mcafee.com
127.0.0.1liveupdate.symantec.com
127.0.0.1customer.symantec.com
127.0.0.1rads.mcafee.com
127.0.0.1trendmicro.com
127.0.0.1pandasoftware.com
127.0.0.1www.pandasoftware.com
127.0.0.1www.trendmicro.com
127.0.0.1www.grisoft.com
127.0.0.1www.microsoft.com
127.0.0.1microsoft.com
127.0.0.1update.microsoft.com
127.0.0.1www.virustotal.com
127.0.0.1virustotal.com
127.0.0.1www.ahnlab.com
127.0.0.1suc.ahnlab.com
127.0.0.1auth.ahnlab.com
127.0.0.1ahnlab.com

==================================

以上前2个回帖为全部扫描报告,请帮忙分析下该如何杀毒;
如对注册表操作应怎么进各项注册表分支
本人菜鸟一个拜托请写详细点

谢谢