用熊猫烧香专杀杀出个richtx32.exe，在system32里，一转眼又在了，会感染其他程序，占100内存

好像还进不了安全模式了，进去以后在黑屏的地方一直卡住

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <bgswitch><C:\WINDOWS\system32\bgswitch.exe>  []
    <xj3bfb69ctt><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rundl132.exe>  []
    <wbugwt694><; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rundl132.exe>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <ATIPTA><C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe>  [ATI Technologies, Inc.]
    <AGRSMMSG><AGRSMMSG.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <HControl><C:\WINDOWS\ATK0100\HControl.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <RavTask><"d:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <RfwMain><"d:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
    <BHDCRegC><C:\WINDOWS\system32\BHDCRegC.exe>  [SHHIC]
    <StormCodec_Helper><"d:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti>  []
    <kernelmh><C:\WINDOWS\Kernelmh.exe>  []
    <AntiARPStandalone><D:\Program Files\AntiARP Stand-alone Edition\AntiArp.exe>  [www.AntiARP.com]
    <upxdnd><; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\zt.exe>  [N/A]
    <cmdbcs><C:\WINDOWS\SMSS.EXE>  []
    <load><; C:\WINDOWS\uninstall\rundl132.exe>  []
    <LtMoh><; C:\Program Files\ltmoh\Ltmoh.exe>  [Agere Systems]
    <realplayer><; C:\WINDOWS\8Sy.exe>  []
    <SAMSUNG Keydefine><; C:\Program Files\Keydefine\KeyDefin.exe>  []
    <SynTPEnh><; C:\Program Files\Synaptics\SynTP\SynTPEnh.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <SynTPLpr><; C:\Program Files\Synaptics\SynTP\SynTPLpr.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><EXPLORER.EXE>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\UserInit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
    <{A6011F8F-A7F8-49AA-9ADA-49127D43138F}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.rxk>  []

==================================
启动文件夹
N/A

==================================
服务
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[huawei-3com EAD appendix service / H3C_EAD_APX_SVR][Stopped/Manual Start]
  <C:\Program Files\Huawei-3Com\H3C Client\eadApxSvr.exe -startService ><N/A>
[huawei-3com protocol authentication service manage center / H3C_SVR_MNG_SERVICE][Running/Manual Start]
  <C:\Program Files\Huawei-3Com\H3C Client\AuthenMngService.exe -startService ><N/A>
[Rising Proxy  Service / RfwProxySrv][Stopped/Manual Start]
  <d:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
  <d:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"d:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"d:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
驱动程序
[SENS LT56ADW Modem / AgereSoftModem][Running/Manual Start]
  <system32\DRIVERS\AGRSM.sys><Agere Systems>
[AntiARP NDIS Protocol Driver / AntiArpNdisProt][Running/Auto Start]
  <system32\DRIVERS\AntiArpNdisProt.sys><Windows (R) 2000 DDK provider>
[AntiyNF / AntiyNF][Running/Auto Start]
  <system32\drivers\AntiyNF.sys><N/A>
[ati2mtag / ati2mtag][Running/Manual Start]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Broadcom NetLink (TM) Gigabit Ethernet / b57w2k][Running/Manual Start]
  <system32\DRIVERS\b57xp32.sys><Broadcom Corporation>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[BHDCKEY / BHDCKEY][Running/Manual Start]
  <System32\Drivers\usbdriver.sys><BHDC>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\d:\Program Files\Rising\Rav\ExpScan.sys><>
[HOOKAPI / HOOKAPI][Stopped/Auto Start]
  <\??\D:\PROGRAM FILES\RISING\RAV\HookApi.Sys><瑞星软件有限公司>
[HookCont / HookCont][Running/Auto Start]
  <\??\d:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\d:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\d:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\d:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\d:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs][Running/Auto Start]
  <\??\d:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[ATK0100 ACPI UTILITY / MTsensor][Running/Manual Start]
  <system32\DRIVERS\ATKACPI.sys><>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
  <system32\DRIVERS\npf.sys><N/A>
[NSC Infrared Device Driver / NSCIRDA][Running/Manual Start]
  <system32\DRIVERS\nscirda.sys><National Semiconductor Corporation>
[oreans32 / oreans32][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\oreans32.sys><N/A>
[PCAMPR5 NDIS Protocol Driver / PCAMPR5][Running/Manual Start]
  <\??\C:\WINDOWS\system32\PCAMPR5.SYS><Printing Communications Assoc., Inc. (PCAUSA)>
[PCANDIS5 NDIS Protocol Driver / PCANDIS5][Running/Auto Start]
  <\??\C:\WINDOWS\system32\PCANDIS5.SYS><Printing Communications Assoc., Inc. (PCAUSA)>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[R592 / R592][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\R592.sys><REDC>
[RsFwDrv / RsFwDrv][Running/Auto Start]
  <\??\d:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\d:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[SigmaTel C-Major Audio / STAC97][Running/Manual Start]
  <system32\drivers\STAC97.sys><SigmaTel, Inc.>
[Synaptics TouchPad Driver / SynTP][Running/Manual Start]
  <system32\DRIVERS\SynTP.sys><Synaptics, Inc.>
[用于 Windows XP 的英特尔(R) PRO/无线 2200BG 网络连接驱动程序 / w29n51][Stopped/Manual Start]
  <system32\DRIVERS\w29n51.sys><Intel? Corporation>
[xAntiArpSpoof Service / xAntiArp][Running/Manual Start]
  <system32\DRIVERS\xAntiArp.sys><Windows (R) 2000 DDK provider>

==================================
浏览器加载项
[Thunder Browser Helper]
  {06849E9E-C8D7-4D59-B87D-784B7D6BE0B3} <d:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[DragSearch BHO]
  {EF1D17A9-089F-40cc-8D64-7324CDEBA0DB} <C:\PROGRA~1\YiSou\yisoub.dll, >
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <d:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[番茄花园]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.tomatolei.com, N/A>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[一搜工具条]
  {115F6E46-FCBC-41ed-B3B5-3BDDD4AAB5E5} <C:\Program Files\YiSou\yisou.dll, 3721>
[CEditCtrl Object]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com>
[Thunder Browser Helper]
  {06849E9E-C8D7-4D59-B87D-784B7D6BE0B3} <d:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[一搜工具条]
  {115F6E46-FCBC-41ED-B3B5-3BDDD4AAB5E5} <C:\Program Files\YiSou\yisou.dll, 3721>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[DragSearch BHO]
  {EF1D17A9-089F-40CC-8D64-7324CDEBA0DB} <C:\PROGRA~1\YiSou\yisoub.dll, >
[!搜一搜]
  <res://C:\Program Files\YiSou\yisou.dll/232, N/A>
[&使用迅雷下载]
  <d:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[&使用迅雷下载全部链接]
  <d:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A>

==================================

正在运行的进程
[PID: 596][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1372][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1400][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4110]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1444][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 452][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.rxk]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm8.tmp.rom]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm9.tmp..rom]  [N/A, ]
    [C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 6.0.1.2003110300]
    [d:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rav21.dll]  [N/A, ]
    [d:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\WINDOWS\system32\IMSC40A.IME]  [Microsoft Corporation, 6.0.0.2527]
    [C:\WINDOWS\system32\WINWB86.IME]  [Microsoft Corporation, 5.00.2000.3]
    [C:\WINDOWS\RichDll.dll]  [N/A, ]
    [C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS\system32\JJN.IME]  [加加在线, 3.11.0.0]
    [d:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\system32\msadp32.acm]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [d:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll]  [Thunder Networking Technologies,LTD, 5, 0, 1, 4]
    [C:\PROGRA~1\YiSou\yisoub.dll]  [, 1, 2, 5, 1005]
[PID: 944][d:\program files\rising\rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 70]
    [d:\program files\rising\rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
    [d:\program files\rising\rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [d:\program files\rising\rfw\RfwCtrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [d:\program files\rising\rfw\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [d:\program files\rising\rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [d:\program files\rising\rfw\PSAPI.DLL]  [Microsoft Corporation, 4.00]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm8.tmp.rom]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rav21.dll]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm9.tmp..rom]  [N/A, ]
[PID: 1160][C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe]  [ATI Technologies, Inc., 6.14.10.5134]
    [C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll]  [ATI Technologies, Inc., 6.14.10.5134]
    [C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.CHS]  [ATI Technologies, Inc., 6.14.10.5134]
    [C:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll]  [ATI Technologies, Inc., 6.14.10.5134]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm8.tmp.rom]  [N/A, ]
[PID: 1180][C:\WINDOWS\AGRSMMSG.exe]  [Agere Systems, 2.1.46 2.1.46 07/22/2004 13:38:36]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm8.tmp.rom]  [N/A, ]
[PID: 1204][C:\WINDOWS\ATK0100\HControl.exe]  [, 1043, 2, 15, 43]
    [C:\WINDOWS\ATK0100\CMSSC.dll]  [N/A, ]
    [C:\WINDOWS\ATK0100\inter_f2.dll]  [ATK, 1043, 2, 15, 43]
    [C:\WINDOWS\ATK0100\ATKWLIOC.DLL]  [ACTIONTEC Electronics,Inc, 2.01.02]
    [C:\WINDOWS\ATK0100\SiSPkt.dll]  [Silicon Integrated Systems Corp., 1, 0, 0, 39]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm8.tmp.rom]  [N/A, ]
[PID: 2060][C:\WINDOWS\system32\BHDCRegC.exe]  [SHHIC, 1.01]
    [C:\WINDOWS\system32\MSVBVM60.DLL]  [Microsoft Corporation, 6.00.9690]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm8.tmp.rom]  [N/A, ]
[PID: 2220][D:\Program Files\AntiARP Stand-alone Edition\AntiArp.exe]  [www.AntiARP.com, 4.0.0.1]
    [D:\Program Files\AntiARP Stand-alone Edition\xantiarp.dll]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm8.tmp.rom]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm9.tmp..rom]  [N/A, ]
[PID: 2272][C:\WINDOWS\ATK0100\ATKOSD.exe]  [, 1043, 2, 15, 43]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm8.tmp.rom]  [N/A, ]
[PID: 2300][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm8.tmp.rom]  [N/A, ]
[PID: 3132][C:\Program Files\JJOL\IME\JJSvr.EXE]  [加加在线, 3.11.0.1]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm8.tmp.rom]  [N/A, ]
[PID: 3392][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm8.tmp.rom]  [N/A, ]
[PID: 2356][C:\Program Files\Huawei-3Com\H3C Client\H3C Client.exe]  [华为技术有限公司, CH V2.40-0143]
    [C:\WINDOWS\system32\h3c_utility.dll]  [N/A, ]
    [C:\WINDOWS\system32\W32N50.dll]  [Printing Communications Assoc., Inc. (PCAUSA), 5.03.16.56]
    [C:\Program Files\Huawei-3Com\H3C Client\SecurityAuth.dll]  [N/A, ]
    [C:\Program Files\Huawei-3Com\H3C Client\X1Face.dll]  [N/A, ]
    [C:\Program Files\Huawei-3Com\H3C Client\PortalFace.dll]  [, 1, 0, 0, 1]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm8.tmp.rom]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rav21.dll]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm9.tmp..rom]  [N/A, ]
[PID: 1688][D:\Program Files\TheWorld 2.0\TheWorld.exe]  [Phoenix Studio, 2, 0, 2, 2]
    [D:\PROGRA~1\THEWOR~1.0\languages\chs.dll]  [Phoenix Studio, 2, 0, 2, 2]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm8.tmp.rom]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rav21.dll]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm9.tmp..rom]  [N/A, ]
    [d:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.rxk]  [N/A, ]
[PID: 2868][d:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe]  [Thunder Networking Technologies,LTD, 5, 5, 6, 274]
    [d:\Program Files\Thunder Network\Thunder\Program\TaskManager.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 14]
    [d:\Program Files\Thunder Network\Thunder\Program\download_interface.dll]  [Thunder Networking Technologies,LTD, 2, 12, 2, 56]
    [d:\Program Files\Thunder Network\Thunder\Program\asyn_dns.dll]  [Thunder Networking Technologies,LTD, 2, 12, 2, 56]
    [d:\Program Files\Thunder Network\Thunder\Program\BHOStub.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 8]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm8.tmp.rom]  [N/A, ]
    [d:\Program Files\Thunder Network\Thunder\Program\iTargetAD.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 16]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rav21.dll]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm9.tmp..rom]  [N/A, ]
    [d:\Program Files\Thunder Network\Thunder\Components\DiagnoseHelper\DiagnoseHelper.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 10]
    [d:\Program Files\Thunder Network\Thunder\Components\PortVerify\PortVerify.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 1]
    [d:\Program Files\Thunder Network\Thunder\Components\ExplorerHelper\ExplorerHelper.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 1]
    [d:\Program Files\Thunder Network\Thunder\Components\DTAG\DTAG.dll]  [Thunder Networking Technologies,LTD, 1, 1, 0, 2]
    [d:\Program Files\Thunder Network\Thunder\Components\DTAG\ExtractMediaTag.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 1]
    [d:\Program Files\Thunder Network\Thunder\Program\LiveUpdate.dll]  [, 1, 0, 1, 17]
    [d:\Program Files\Thunder Network\Thunder\Components\InMedia\iEmbedShell.dll]  [　, 1, 0, 0, 15]
    [d:\Program Files\Thunder Network\Thunder\Components\InMedia\iEmbed08.dll]  [　, 3, 2, 0, 63]
    [d:\Program Files\Thunder Network\Thunder\Components\Community\XLCommunity.dll]  [Thunder Networking Technologies,LTD, 1, 0, 4, 15]
    [d:\Program Files\Thunder Network\Thunder\Program\RegisterDll.dll]  [Thunder Networking Technologies,LTD, 2, 2, 1, 43]
    [d:\Program Files\Thunder Network\Thunder\Components\Search\XLSearch.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 7]
    [d:\Program Files\Thunder Network\Thunder\Components\P4PClient\P4PClient.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 14]
    [d:\Program Files\Thunder Network\Thunder\Components\VPSHELL\VPSHELL.dll]  [, 1, 1, 0, 4]
    [d:\Program Files\Thunder Network\Thunder\Components\VPSHELL\VideoPicture.dll]  [XunLei, 1, 1, 0, 4]
    [d:\Program Files\Thunder Network\Thunder\Components\Tips\TipsClient.dll]  [Thunder Networking Technologies,LTD, 2, 1, 1, 50]
    [d:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [d:\Program Files\Thunder Network\Thunder\Plugins\TingTing\TingTing.dll]  [Thunder Networking Technologies,LTD, 1, 1, 1, 12]
    [d:\Program Files\Thunder Network\Thunder\Plugins\BhoAdv\bho_adv.dll]  [深圳市迅雷网络技术有限公司, 1.0.1.0]
    [d:\Program Files\Thunder Network\Thunder\Program\FloatBar.dll]  [Giganology Inc., 1, 0, 0, 2]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.rxk]  [N/A, ]
[PID: 3168][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\447376.exe]  [北京江民新科技术有限公司, 4, 0, 7, 124]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm8.tmp.rom]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rav21.dll]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm9.tmp..rom]  [N/A, ]
[PID: 2520][E:\TDdownload\3\sreng2(1)\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm8.tmp.rom]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rav21.dll]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm9.tmp..rom]  [N/A, ]
    [D:\PROGRA~1\MICROS~1\OFFICE11\MCPS.DLL]  [Microsoft Corporation, 11.0.6551]

文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

请大家看看，谢谢

实在太感谢了，我正在按步骤查杀中

另外，我有个问题，我的电脑里还有arp病毒吗？网管说有，所以我昨天格式化过一次，结果今天就碰到了好多病毒（瑞星查不出啊）。而且刚才我开机的时候windows 进入硬盘检测，发现许多bad clusters，replace了许多dllcall里面的dll文件（但是null），好不容易才开了机，是我硬盘破损了，还是病毒呢？