我机器中毒了，不知道这是什么病毒，瑞星删不下去，也查不出来，它自动安装在windows文件夹下，有四个文件分别是：iexp1ore.exe、iexpl0re.exe、system.exe、winlog0n.exe，文件的图标都为古代的小人拿着剑或者盾，它自己关闭我的瑞星监控，并且在临时文件夹下产生了2.exe和6.exe，并把6.exe放在启动项中，我在安全模式下，把这几个文件都删了，可是我重新开机联网不久，它就又出来了，有哪们大侠遇到过这种情况吗？怎么删除呀？上次就是因为它，我重做了系统，没多久又出来了！55555，帮帮偶吧！

这回那几个文件又没了，又出来个999sky.com，可是我找不到它，我把日志文件复制下来了，帮我看看吧！疯了！5555
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <hb6><C:\WINDOWS\system.exe>  [N/A]
    <svc><C:\DOCUME~1\god\LOCALS~1\Temp\999sky.exe>  [Microsoft Corporation]
    <ekkxrhlxf><C:\WINDOWS\system.exe>  [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <SoundMan><SOUNDMAN.EXE>  [(Verified)Realtek Semiconductor Corp.]
    <ATIPTA><C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe>  [ATI Technologies, Inc.]
    <runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
    <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <BigDogPath><C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera>  [N/A]
    <avast!><C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe>  [N/A]
    <RavNodHelp><C:\DOCUME~1\god\LOCALS~1\Temp\4.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]

==================================
启动文件夹
[Adobe Reader Speed Launch]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Reader Speed Launch.lnk --> C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [Adobe Systems Incorporated]><N>

服务
[avast! iAVS4 Control Service / aswUpdSv][Running/Auto Start]
  <"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"><N/A>
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
  <C:\WINDOWS\System32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart][Stopped/Auto Start]
  <C:\WINDOWS\system32\ati2sgag.exe><>
[avast! Antivirus / avast! Antivirus][Running/Auto Start]
  <"C:\Program Files\Alwil Software\Avast4\ashServ.exe"><N/A>
[avast! Mail Scanner / avast! Mail Scanner][Running/Manual Start]
  <"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service><ALWIL Software>
[avast! Web Scanner / avast! Web Scanner][Running/Manual Start]
  <"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service><ALWIL Software>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[IMAPI CD-Burning COM Service / ImapiService][Stopped/Manual Start]
  <C:\WINDOWS\System32\imapi.exe><Microsoft Corporation>
[Macromedia Licensing Service / Macromedia Licensing Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"><N/A>
[MSSQLSERVER / MSSQLSERVER][Stopped/Manual Start]
  <C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlservr.exe><Microsoft Corporation>
[MSSQLServerADHelper / MSSQLServerADHelper][Stopped/Manual Start]
  <C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe><Microsoft Corporation>
[MSSQLServerOLAPService / MSSQLServerOLAPService][Running/Auto Start]
  <C:\Program Files\Microsoft Analysis Services\Bin\msmdsrv.exe><Microsoft Corporation>
[Rising Proxy  Service / RfwProxySrv][Stopped/Manual Start]
  <c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
  <c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon][Stopped/Auto Start]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[SQLSERVERAGENT / SQLSERVERAGENT][Stopped/Manual Start]
  <C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlagent.exe><Microsoft Corporation>
[Windows DHCP Service / WinDHCPsvc][Stopped/Auto Start]
  <C:\WINDOWS\System32\\rundll32.exe windhcp.ocx,input><Microsoft Corporation>

驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[ati2mtag / ati2mtag][Running/Manual Start]
  <System32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[HookCont / HookCont][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs][Running/Auto Start]
  <\??\c:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[Netgroup Packet Filter / NPF][Running/Manual Start]
  <System32\DRIVERS\npf.sys><CACE Technologies>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsFwDrv / RsFwDrv][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\System32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver / RTL8023xp][Running/Manual Start]
  <System32\DRIVERS\Rtlnicxp.sys><Realtek Semiconductor Corporation>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
  <System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[Microsoft USB 2.0 Enhanced Host Controller Miniport Driver / usbehci][Running/Manual Start]
  <System32\DRIVERS\usbehci.sys><Microsoft Corporation>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <System32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[VIMICRO USB PC Camera / ZSMC302][Stopped/Manual Start]
  <System32\Drivers\usbVM31b.sys><VM>
[squell / squell][Running/]
  <2 - 系统找不到指定的文件。
><N/A>

浏览器加载项
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\System32\xunleibho_v8.dll, Thunder Networking Technologies,LTD>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[&使用迅雷下载]
  <C:\Program Files\Thunder Network\Thunder\geturl.htm, N/A>
[&使用迅雷下载全部链接]
  <C:\Program Files\Thunder Network\Thunder\getallurl.htm, N/A>
[上传到QQ网络硬盘]
  <C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
  <C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

正在运行的进程
[PID: 436][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 492][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 524][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4109]
[PID: 568][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 580][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 736][C:\WINDOWS\System32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4109]
    [C:\WINDOWS\System32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2495]
[PID: 768][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 820][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 896][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 928][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1032][c:\program files\rising\rfw\rfwsrv.exe]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 30]
    [c:\program files\rising\rfw\RfwRule.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 3]
    [c:\program files\rising\rfw\rfwlog.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 2]
    [c:\program files\rising\rfw\Rfwdrv.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 10]
    [c:\program files\rising\rfw\MonDrv.dll]  [rs, 1, 0, 0, 4]
    [c:\program files\rising\rfw\ProcLib.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 5]
    [c:\program files\rising\rfw\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[PID: 1172][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4109]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2495]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
[PID: 1224][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
    [C:\Program Files\Alwil Software\Avast4\ashShell.dll]  [ALWIL Software, 4, 7, 800, 0]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.7.2006011200]
    [C:\WINDOWS\System32\windhcp.ocx]  [N/A, N/A]
    [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll]  [ALWIL Software, 4, 6, 763, 0]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
[PID: 1352][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[PID: 1464][c:\program files\rising\rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 70]
    [c:\program files\rising\rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 31]
    [c:\program files\rising\rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [c:\program files\rising\rfw\RfwCtrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [c:\program files\rising\rfw\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [c:\program files\rising\rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
    [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll]  [ALWIL Software, 4, 6, 763, 0]

========Content========
[PID: 1556][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5.1.0.30]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
[PID: 1564][C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe]  [ATI Technologies, Inc., 6.14.10.5131]
    [C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll]  [ATI Technologies, Inc., 6.14.10.5131]
    [C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.CHS]  [ATI Technologies, Inc., 6.14.10.5131]
    [C:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll]  [ATI Technologies, Inc., 6.14.10.5131]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
[PID: 1572][C:\Program Files\Rising\AntiSpyware\runiep.exe]  [Beijing Rising Technology Co., Ltd., 1, 0, 1, 3]
    [C:\Program Files\Rising\AntiSpyware\iep_ctrl.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
[PID: 1596][C:\WINDOWS\VM_STI.EXE]  [BIGDOG, 4, 2, 610, 4]
    [C:\WINDOWS\System32\msdmo.dll]  [N/A, N/A]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
    [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll]  [ALWIL Software, 4, 6, 763, 0]
[PID: 1604][C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe]  [N/A, 4, 7, 800, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll]  [ALWIL Software, 4, 6, 763, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll]  [ALWIL Software, 4, 7, 800, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll]  [ALWIL Software, 4, 7, 800, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll]  [ALWIL Software, 4, 7, 800, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll]  [ALWIL Software, 4, 7, 800, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll]  [ALWIL Software, 4, 6, 763, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll]  [ALWIL Software, 4, 7, 800, 0]
    [C:\Program Files\Alwil Software\Avast4\ChineseS\Base.dll]  [ALWIL Software, 4, 7, 800, 0]
    [C:\Program Files\Alwil Software\Avast4\ChineseS\Lang.dll]  [ALWIL Software, 4, 7, 800, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\AavmRpch.dll]  [ALWIL Software, 4, 7, 800, 0]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
    [c:\program files\alwil software\avast4\ahruimai.dll]  [ALWIL Software, 4, 7, 800, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\ashUInt.dll]  [ALWIL Software, 4, 7, 800, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\XT1922.dll]  [Codejock Software, 1, 9, 4, 0]
    [c:\program files\alwil software\avast4\ahruimes.dll]  [ALWIL Software, 4, 7, 800, 0]
    [c:\program files\alwil software\avast4\ahruins.dll]  [ALWIL Software, 4, 7, 800, 0]
    [c:\program files\alwil software\avast4\ahruiout.dll]  [ALWIL Software, 4, 7, 800, 0]
    [c:\program files\alwil software\avast4\ahruip2p.dll]  [ALWIL Software, 4, 7, 800, 0]
    [c:\program files\alwil software\avast4\ahruistd.dll]  [ALWIL Software, 4, 7, 800, 0]
    [c:\program files\alwil software\avast4\ahruiws.dll]  [ALWIL Software, 4, 7, 800, 0]
    [c:\program files\alwil software\avast4\ahruijs.dll]  [N/A, 4, 7, 800, 0]
[PID: 1660][C:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
[PID: 1796][C:\WINDOWS\System32\conime.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 232][C:\WINDOWS\System32\taskmgr.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
    [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll]  [ALWIL Software, 4, 6, 763, 0]
[PID: 400][C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe]  [N/A, N/A]
    [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll]  [ALWIL Software, 4, 7, 800, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll]  [ALWIL Software, 4, 6, 763, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll]  [ALWIL Software, 4, 7, 800, 0]
[PID: 336][C:\Program Files\Alwil Software\Avast4\ashServ.exe]  [N/A, 4, 7, 800, 0]
    [C:\Program Files\Alwil Software\Avast4\aswAux.dll]  [ALWIL Software, 4, 6, 763, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll]  [ALWIL Software, 4, 7, 800, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll]  [ALWIL Software, 4, 6, 763, 0]
    [C:\Program Files\Alwil Software\Avast4\aswEngin.dll]  [ALWIL Software, 4, 7, 817, 0]
    [C:\Program Files\Alwil Software\Avast4\aswScan.dll]  [ALWIL Software, 4, 6, 763, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll]  [ALWIL Software, 4, 7, 800, 0]
    [C:\Program Files\Alwil Software\Avast4\ashBase.dll]  [ALWIL Software, 4, 7, 800, 0]
    [C:\Program Files\Alwil Software\Avast4\ashTask.dll]  [ALWIL Software, 4, 7, 800, 0]
    [C:\Program Files\Alwil Software\Avast4\aswInteg.dll]  [ALWIL Software, 4, 6, 763, 0]
    [C:\Program Files\Alwil Software\Avast4\aswIdle.dll]  [ALWIL Software, 4, 6, 665, 0]
    [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll]  [ALWIL Software, 4, 7, 800, 0]
    [C:\Program Files\Alwil Software\Avast4\ChineseS\Base.dll]  [ALWIL Software, 4, 7, 800, 0]
    [C:\Program Files\Alwil Software\Avast4\UNACEV2.DLL]  [N/A, N/A]
    [C:\Program Files\Alwil Software\Avast4\AhResMai.dll]  [ALWIL Software, 4, 7, 800, 0]
    [C:\Program Files\Alwil Software\Avast4\ahResMes.dll]  [ALWIL Software, 4, 7, 800, 0]
    [C:\Program Files\Alwil Software\Avast4\AhResNS.dll]  [ALWIL Software, 4, 7, 800, 0]
    [C:\Program Files\Alwil Software\Avast4\AhResOut.dll]  [ALWIL Software, 4, 7, 800, 0]
    [C:\Program Files\Alwil Software\Avast4\ahResP2P.dll]  [ALWIL Software, 4, 7, 800, 0]
    [C:\Program Files\Alwil Software\Avast4\AhResStd.dll]  [ALWIL Software, 4, 7, 800, 0]
    [C:\Program Files\Alwil Software\Avast4\AhResWS.dll]  [ALWIL Software, 4, 7, 800, 0]
    [C:\Program Files\Alwil Software\Avast4\AhResJs.dll]  [ALWIL Software, 4, 7, 800, 0]
    [C:\Program Files\Alwil Software\Avast4\ashSSqlt.dll]  [ALWIL Software, 4, 6, 763, 0]
    [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll]  [ALWIL Software, 4, 6, 763, 0]
    [C:\Program Files\Alwil Software\Avast4\Setup\SetIFace.dll]  [N/A, N/A]

[PID: 112][C:\Program Files\Microsoft Analysis Services\Bin\msmdsrv.exe]  [Microsoft Corporation, 8.00.194]
[PID: 816][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 2080][C:\Program Files\Alwil Software\Avast4\ashWebSv.exe]  [ALWIL Software, 4, 7, 800, 0]
    [C:\Program Files\Alwil Software\Avast4\ashBase.dll]  [ALWIL Software, 4, 7, 800, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll]  [ALWIL Software, 4, 6, 763, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll]  [ALWIL Software, 4, 7, 800, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll]  [ALWIL Software, 4, 7, 800, 0]
    [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll]  [ALWIL Software, 4, 7, 800, 0]
    [C:\Program Files\Alwil Software\Avast4\ashTask.dll]  [ALWIL Software, 4, 7, 800, 0]
    [C:\Program Files\Alwil Software\Avast4\aswAux.dll]  [ALWIL Software, 4, 6, 763, 0]
    [C:\Program Files\Alwil Software\Avast4\ChineseS\Base.dll]  [ALWIL Software, 4, 7, 800, 0]
    [C:\Program Files\Alwil Software\Avast4\ashWsFtr.dll]  [ALWIL Software, 4, 7, 800, 0]
    [C:\Program Files\Alwil Software\Avast4\aswScan.dll]  [ALWIL Software, 4, 6, 763, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\AhResWs.dll]  [ALWIL Software, 4, 7, 800, 0]
    [C:\Program Files\Alwil Software\Avast4\aswEngin.dll]  [ALWIL Software, 4, 7, 817, 0]
[PID: 2212][C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe]  [ALWIL Software, 4, 7, 800, 0]
    [C:\Program Files\Alwil Software\Avast4\ashUInt.dll]  [ALWIL Software, 4, 7, 800, 0]
    [C:\Program Files\Alwil Software\Avast4\ashBase.dll]  [ALWIL Software, 4, 7, 800, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll]  [ALWIL Software, 4, 6, 763, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll]  [ALWIL Software, 4, 7, 800, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll]  [ALWIL Software, 4, 7, 800, 0]
    [C:\Program Files\Alwil Software\Avast4\XT1922.dll]  [Codejock Software, 1, 9, 4, 0]
    [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll]  [ALWIL Software, 4, 7, 800, 0]
    [C:\Program Files\Alwil Software\Avast4\ashTask.dll]  [ALWIL Software, 4, 7, 800, 0]
    [C:\Program Files\Alwil Software\Avast4\aswAux.dll]  [ALWIL Software, 4, 6, 763, 0]
    [C:\Program Files\Alwil Software\Avast4\AhResMai.dll]  [ALWIL Software, 4, 7, 800, 0]
    [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll]  [ALWIL Software, 4, 6, 763, 0]
    [C:\Program Files\Alwil Software\Avast4\ChineseS\Base.dll]  [ALWIL Software, 4, 7, 800, 0]
    [C:\Program Files\Alwil Software\Avast4\aswEngin.dll]  [ALWIL Software, 4, 7, 817, 0]
    [C:\Program Files\Alwil Software\Avast4\aswScan.dll]  [ALWIL Software, 4, 6, 763, 0]
    [C:\Program Files\Alwil Software\Avast4\ChineseS\Lang.dll]  [ALWIL Software, 4, 7, 800, 0]
    [C:\Program Files\Alwil Software\Avast4\ChineseS\langmai.dll]  [ALWIL Software, 4, 7, 800, 0]
[PID: 3396][C:\WINDOWS\System32\conime.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll]  [ALWIL Software, 4, 6, 763, 0]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
[PID: 4008][c:\program files\rising\rfw\RfwCfg.exe]  [Beijing Rising Technology Co., Ltd., 5, 0, 1, 41]
    [c:\program files\rising\rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 31]
    [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll]  [ALWIL Software, 4, 6, 763, 0]
    [c:\program files\rising\rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [c:\program files\rising\rfw\RfwCtrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [c:\program files\rising\rfw\ProxyCtr.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 2]
    [c:\program files\rising\rfw\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [c:\program files\rising\rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
    [C:\Program Files\Alwil Software\Avast4\AhAScr.dll]  [ALWIL Software, 4, 7, 817, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll]  [ALWIL Software, 4, 7, 800, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll]  [ALWIL Software, 4, 7, 800, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll]  [ALWIL Software, 4, 6, 763, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll]  [ALWIL Software, 4, 7, 800, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll]  [ALWIL Software, 4, 7, 800, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll]  [ALWIL Software, 4, 7, 800, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll]  [ALWIL Software, 4, 6, 763, 0]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 468][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
    [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll]  [ALWIL Software, 4, 6, 763, 0]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.7.2006011200]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
    [C:\Program Files\Alwil Software\Avast4\AhAScr.dll]  [ALWIL Software, 4, 7, 817, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll]  [ALWIL Software, 4, 7, 800, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll]  [ALWIL Software, 4, 7, 800, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll]  [ALWIL Software, 4, 6, 763, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll]  [ALWIL Software, 4, 7, 800, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll]  [ALWIL Software, 4, 7, 800, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll]  [ALWIL Software, 4, 7, 800, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll]  [ALWIL Software, 4, 6, 763, 0]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\Program Files\Alwil Software\Avast4\setup\avast.setup]  [N/A, 4, 7, 0, 0]
    [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll]  [ALWIL Software, 4, 6, 763, 0]
[PID: 3440][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
    [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll]  [ALWIL Software, 4, 6, 763, 0]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.7.2006011200]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
    [C:\Program Files\Alwil Software\Avast4\AhAScr.dll]  [ALWIL Software, 4, 7, 817, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll]  [ALWIL Software, 4, 7, 800, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll]  [ALWIL Software, 4, 7, 800, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll]  [ALWIL Software, 4, 6, 763, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll]  [ALWIL Software, 4, 7, 800, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll]  [ALWIL Software, 4, 7, 800, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll]  [ALWIL Software, 4, 7, 800, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll]  [ALWIL Software, 4, 6, 763, 0]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 1068][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
    [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll]  [ALWIL Software, 4, 6, 763, 0]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.7.2006011200]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
    [C:\Program Files\Alwil Software\Avast4\AhAScr.dll]  [ALWIL Software, 4, 7, 817, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll]  [ALWIL Software, 4, 7, 800, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll]  [ALWIL Software, 4, 7, 800, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll]  [ALWIL Software, 4, 6, 763, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll]  [ALWIL Software, 4, 7, 800, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll]  [ALWIL Software, 4, 7, 800, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll]  [ALWIL Software, 4, 7, 800, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll]  [ALWIL Software, 4, 6, 763, 0]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 3912][C:\Program Files\WinRAR\WinRAR.exe]  [N/A, N/A]
    [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll]  [ALWIL Software, 4, 6, 763, 0]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
[PID: 812][C:\DOCUME~1\god\LOCALS~1\Temp\Rar$EX01.110\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]
    [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll]  [ALWIL Software, 4, 6, 763, 0]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd.,

.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. [Compiled Help Module]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  Error. ["C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1"]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost
60.169.1.178      hyap98.com
60.169.1.178      www.hyap98.com
60.169.1.178      82087871.com
60.169.1.178      www.82087871.com
60.169.1.178      y1599.com
60.169.1.178      www.y1599.com
60.169.1.178      47555.cn
60.169.1.178      nc.47555.cn
60.169.1.178      cn.47555.cn
60.169.1.178      crsky.47555.cn
60.169.1.178      www.47555.cn
60.169.1.178      kirinkwy.com.cn
60.169.1.178      www.kirinkwy.com.cn
60.169.1.178      goujiao.e34.163ns.com
60.169.1.178      sybaby2.c67.zgsj.com
60.169.1.178      jygame88.com
60.169.1.178      sybaby3.a33.zgsj.com
60.169.1.178      baibu.com
60.169.1.178      www.baidu.com
60.169.1.178      www.yy520ly.cn
60.169.1.178      huiyuan.hz09.9iis.com
60.169.1.178      www.888muma.com
60.169.1.178      urlmon.isxv.com
60.169.1.178      www.feifeicqq.com
60.169.1.178      wow.wow88.cn
60.169.1.178      bbs.v369v.com
60.169.1.178      www.58aa.cn

==================================
API HOOK
N/A

==================================

帮我看看吧，谢谢呀！不知道还有没有没睡的呀！