前几天下载了一个小软件，发现自己机器中了若干病毒。用瑞星在安全模式下完全查杀了几次。都是这样效果！求教如何彻底清除此木马。

2006-12-26,09:45:49

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <msnmsgr><; "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background>  [(Verified)Microsoft Corporation]
    <MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <S3TRAY2><; S3Tray2.exe>  [(Verified)S3 Graphics, Inc.]
    <TP4EX><; tp4ex.exe>  [Lenovo Group Limited]
    <ATIPTA><; C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe>  [ATI Technologies, Inc.]
    <StorageGuard><; "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r>  [Sonic Solutions]
    <BigDogPath><; C:\WINDOWS\VM_STI.EXE USB PC Camera 301P>  [N/A]
    <TPHOTKEY><; C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe>  [N/A]
    <SoundMAXPnP><; C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe>  [Analog Devices, Inc.]
    <RfwMain><; "d:\Program Files\Rising\Rav\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <RavTask><"d:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <runeip><; C:\Program Files\Rising\AntiSpyware\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
    <MSConfig><; C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto>  [(Verified)Microsoft Corporation]
    <BluetoothAuthenticationAgent><; rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent>  [(Verified)Microsoft Corporation]
    <BMMGAG><; RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor>  [IBM Corp.]
    <BMMLREF><; C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE>  [N/A]
    <dla><; C:\WINDOWS\system32\dla\tfswctrl.exe>  [Sonic Solutions]
    <EZEJMNAP><; C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe>  [Lenovo Group Limited]
    <ibmmessages><; C:\Program Files\IBM\Messages By IBM\ibmmessages.exe>  [IBM]
    <IMEKRMIG6.1><; C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE>  [(Verified)Microsoft Corporation]
    <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <IMSCMIG40W><; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG.EXE /SetPreload /Log>  [Microsoft Corporation]
    <MSPY2002><; C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC>  [(Verified)N/A]
    <PDService.exe><; "C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe">  [Utimaco Safeware AG]
    <PHIME2002A><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PRONoMgrWired><; C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe>  [Intel(R) Corporation]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <TPKMAPHELPER><; C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper>  [Lenovo]
    <TpShocks><; TpShocks.exe>  [Lenovo, Ltd. and IBM Corporation.]
    <MemKing check><E:\Program Files\英语\check.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
    <GinaDLL><tvt_gina.dll>  [(Verified)Lenovo]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ACNotify]
    <WinlogonNotify: ACNotify><ACNotify.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2]
    <WinlogonNotify: tpfnf2><notifyf2.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
    <WinlogonNotify: tphotkey><tphklock.dll>  [N/A]

启动文件夹
N/A

==================================
服务
[Ac Profile Manager Service / AcPrfMgrSvc]
  <C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe><N/A>
[Access Connections Main Service / AcSvc]
  <C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe><Lenovo>
[Application Management / AppMgmt]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[ASP.NET State Service / aspnet_state]
  <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Ati HotKey Poller / Ati HotKey Poller]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[F3FA63CC / F3FA63CC]
  <C:\WINDOWS\system32\F3FA63CC.EXE -service><N/A>
[Human Interface Device Access / HidServ]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[ThinkPad PM Service / IBMPMSVC]
  <C:\WINDOWS\system32\ibmpmsvc.exe><N/A>
[InstallDriver Table Manager / IDriverT]
  <"C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe"><Macrovision Corporation>
[System Security / License]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\vudkg.dll><Microsoft Corporation>
[Intel NCS NetService / NetSvc]
  <C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe><Intel(R) Corporation>
[O&O Defrag / O&O Defrag]
  <C:\WINDOWS\system32\oodag.exe><O&O Software GmbH>
[IBM PSA Access Driver Control / PsaSrv]
  <C:\WINDOWS\system32\PsaSrv.exe><N/A>
[RegSrvc / RegSrvc]
  <C:\WINDOWS\System32\RegSrvc.exe><Intel Corporation>
[Rising Personal Firewall Service / RfwService]
  <d:\program files\rising\rav\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
  <"d:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon]
  <"d:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Spectrum24 Event Monitor / S24EventMonitor]
  <C:\WINDOWS\System32\S24EvMon.exe><Intel Corporation>
[SoundMAX Agent Service / SoundMAX Agent Service (default)]
  <C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>
[System Update / SUService]
  <c:\program files\lenovo\system update\suservice.exe><>
[ThinkVantage Registry Monitor Service / ThinkVantage Registry Monitor Service]
  <"C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe"><N/A>
[ThinkPad HDD APS Logging Service / TPHDEXLGSVC]
  <System32\TPHDEXLG.EXE><N/A>
[IBM KCU Service / TpKmpSVC]
  <C:\WINDOWS\system32\TpKmpSVC.exe><N/A>
[TSS Core Service / TSSCoreService]
  <"C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe"><IBM>
[TVT Scheduler / TVT Scheduler]
  <"C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe"><Lenovo Group Limited>

我去试验下一直用正版瑞星别的很少用