瑞星卡卡安全论坛

我的电脑不幸中毒了,而且中的好象是很有名的ANI漏洞病毒,老有2个内存病毒杀不掉~我很是郁闷,看了不少帖子有不少人和我一样中了这个毒,我把我的系统扫描报告发上来请大家看看吧~~~我已经没办法了~~求你们了!!在线等啊.我只要一开机瑞星就自动隐藏,说什么转入自动处理就不见了,右下角的小绿伞也就不见了~~求救啊~我真的快不行了

置顶中有，自己去看

[CODE]

2007-04-17,10:38:08

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <3lq0><C:\DOCUME~1\XLJ\LOCALS~1\Temp\iexpl0re.exe>  []
    <xwf0huyv><C:\DOCUME~1\XLJ\LOCALS~1\Temp\crasos.exe>  []
    <uii57g6i1><C:\DOCUME~1\XLJ\LOCALS~1\Temp\1explore.exe>  []
    <tkybhl><C:\DOCUME~1\XLJ\LOCALS~1\Temp\rundl132.exe>  [N/A]
    <EXPLORER><C:\Program Files\Common Files\System\wab32res.exe>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <HControl><C:\WINDOWS\ATK0100\HControl.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [NVIDIA Corporation]
    <nwiz><nwiz.exe /install>  []
    <High Definition Audio 属性页快捷方式><HDAShCut.exe>  [(Verified)Microsoft Windows Publisher]
    <Alcmtr><ALCMTR.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <SynTPEnh><C:\Program Files\Synaptics\SynTP\SynTPEnh.exe>  [(Verified)Microsoft Windows Publisher]
    <Wireless Console 2><C:\Program Files\Wireless Console 2\wcourier.exe>  []
    <IntelZeroConfig><"C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe">  [Intel Corporation]
    <IntelWireless><"C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless>  [Intel Corporation]
    <EOUApp><"C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe">  [Intel Corporation]
    <runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
    <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [NVIDIA Corporation]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <High Definition Audio 属性页><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <RavStub><"C:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><anifix1.dll>  [(Verified)eEye Digital Security]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Component Publisher]

==================================
启动文件夹
[eEye Windows Animated Cursor Patch Checker]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\eEye Windows Animated Cursor Patch Checker.lnk --> C:\PROGRA~1\EEYEDI~1\WINDOW~1.ANI\ANIPAT~1.EXE [eEye Digital Security]><N>

==================================
服务
[Intel(R) PROSet/Wireless Event Log / EvtEng][Running/Auto Start]
  <C:\Program Files\Intel\Wireless\Bin\EvtEng.exe><Intel Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Intel(R) PROSet/Wireless Registry Service / RegSrvc][Running/Auto Start]
  <C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe><Intel Corporation>
[Rising Proxy  Service / RfwProxySrv][Stopped/Manual Start]
  <c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
  <c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Intel(R) PROSet/Wireless Service / S24EventMonitor][Running/Auto Start]
  <C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe><Intel Corporation>

==================================

驱动程序
[AEGIS Protocol (IEEE 802.1x) v3.4.9.0 / AegisP][Running/Auto Start]
  <system32\DRIVERS\AegisP.sys><Meetinghouse Data Communications>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[Microsoft 用于 High Definition Audio 服务的 UAA 功能驱动程序 / HdAudAddService][Stopped/Manual Start]
  <system32\drivers\HdAudio.sys><Windows (R) Server 2003 DDK provider>
[Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HookCont / HookCont][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
  <system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs][Running/Auto Start]
  <\??\c:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[ATK0100 ACPI UTILITY / MTsensor][Running/Manual Start]
  <system32\DRIVERS\ATKACPI.sys><>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\D:\Program Files\Tencent\qq\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[rimsptsk / rimsptsk][Running/Manual Start]
  <system32\DRIVERS\rimsptsk.sys><REDC>
[risdptsk / risdptsk][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\risdptsk.sys><REDC>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[RsFwDrv / RsFwDrv][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp][Running/Manual Start]
  <system32\DRIVERS\Rtenicxp.sys><Realtek Semiconductor Corporation>
[WLAN 传输 / s24trans][Running/Auto Start]
  <system32\DRIVERS\s24trans.sys><Intel Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[smserial / smserial][Running/Manual Start]
  <system32\DRIVERS\smserial.sys><Motorola Inc.>
[USB2.0 1.3M Web Cam / SynMini][Running/Manual Start]
  <System32\Drivers\SynMini.sys><Syntek America Inc.>
[USB2.0 1.3M Web Cam Still Image / SynScan][Running/Manual Start]
  <System32\Drivers\SynScan.sys><Syntek America Inc.>
[Synaptics TouchPad Driver / SynTP][Running/Manual Start]
  <system32\DRIVERS\SynTP.sys><Synaptics, Inc.>
[vaxDLb / vaxDLb][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\vaxDLb.sys><>
[vaxDLs / vaxDLs][Running/Boot Start]
  <\SystemRoot\System32\Drivers\vaxDLs.sys><>
[Intel(R) PRO/Wireless 3945ABG Adapter Driver / w39n51][Running/Manual Start]
  <system32\DRIVERS\w39n51.sys><Intel? Corporation>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>

==================================
浏览器加载项
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\必备软件\studa_ls_Thunder\迅雷(Thunder) V5.5.2.252┊附带左右键选择下载功能┊学生大软件免安装特别版\Thunder\ComDlls\XunLeiBHO_006.dll, Thunder Networking Technologies,LTD>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <D:\必备软件\studa_ls_Thunder\迅雷(Thunder) V5.5.2.252┊附带左右键选择下载功能┊学生大软件免安装特别版\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[CKAVWebScan Object]
  {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner Pro\kavwebscan.dll, Kaspersky Lab>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[CKAVWebScan Object]
  {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner Pro\kavwebscan.dll, Kaspersky Lab>
[CKAVReportCtrl Object]
  {6117669B-8C2D-41FA-A6D9-9E484B999CF0} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner Pro\kavwebscan.dll, Kaspersky Lab>
[YOKHttpFilter Class]
  {686D3343-D00D-49A1-96DF-66F3AF62F348} <C:\Program Files\yok\adblock.dll, N/A>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[YOKAdBlock Class]
  {718F4AD3-70D4-425E-9159-5598DFC732ED} <C:\Program Files\yok\adblock.dll, N/A>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\必备软件\studa_ls_Thunder\迅雷(Thunder) V5.5.2.252┊附带左右键选择下载功能┊学生大软件免安装特别版\Thunder\ComDlls\XunLeiBHO_006.dll, Thunder Networking Technologies,LTD>
[Tencent Safety Online Base Module]
  {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <C:\WINDOWS\system32\TSOBase\TSOBase.ocx, Tencent Corporation>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[上传到QQ网络硬盘]
  <D:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[使用迅雷下载]
  <D:\必备软件\studa_ls_Thunder\迅雷(Thunder) V5.5.2.252┊附带左右键选择下载功能┊学生大软件免安装特别版\Thunder\Program\GetUrl.htm, N/A>
[使用迅雷下载全部链接]
  <D:\必备软件\studa_ls_Thunder\迅雷(Thunder) V5.5.2.252┊附带左右键选择下载功能┊学生大软件免安装特别版\Thunder\Program\GetAllUrl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
  <D:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[珊瑚虫超级搜索]
  <C:\Program Files\yok\yoksch.htm, N/A>
[用QQ彩信发送该图片]
  <D:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

正在运行的进程
[PID: 812][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 900][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 928][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\anifix1.dll]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 972][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\AppPatch\AcAdProc.dll]  [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)]
    [C:\WINDOWS\system32\anifix1.dll]  [N/A, ]
[PID: 984][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\anifix1.dll]  [N/A, ]
[PID: 1140][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\anifix1.dll]  [N/A, ]
[PID: 1208][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\anifix1.dll]  [N/A, ]
[PID: 1264][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\anifix1.dll]  [N/A, ]
[PID: 1880][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\anifix1.dll]  [N/A, ]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\system32\WPDShServiceObj.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\PortableDeviceTypes.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\PortableDeviceApi.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.0.2004121400]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\DOCUME~1\XLJ\LOCALS~1\Temp\LgSy1.dll]  [N/A, ]
    [C:\DOCUME~1\XLJ\LOCALS~1\Temp\Msxo0.dll]  [N/A, ]
    [C:\DOCUME~1\XLJ\LOCALS~1\Temp\fyzo0.dll]  [N/A, ]
    [C:\DOCUME~1\XLJ\LOCALS~1\Temp\Rav30.dll]  [N/A, ]
    [C:\DOCUME~1\XLJ\LOCALS~1\Temp\Gjzo0.dll]  [N/A, ]
    [C:\DOCUME~1\XLJ\LOCALS~1\Temp\LgSy2.dll]  [N/A, ]
    [C:\WINDOWS\system32\shualai.dll]  [N/A, ]
[PID: 1760][C:\WINDOWS\ATK0100\HControl.exe]  [, 1043, 2, 15, 53]
    [C:\WINDOWS\ATK0100\CMSSC.dll]  [N/A, ]
    [C:\WINDOWS\ATK0100\inter_f2.dll]  [ATK, 1043, 2, 15, 52]
    [C:\WINDOWS\ATK0100\ATKWLIOC.DLL]  [ACTIONTEC Electronics,Inc, 2.01.02]
    [C:\WINDOWS\ATK0100\SiSPkt.dll]  [Silicon Integrated Systems Corp., 1, 0, 0, 45]
    [C:\WINDOWS\system32\anifix1.dll]  [N/A, ]
    [C:\Program Files\Intel\Wireless\Bin\MurocApi.dll]  [Intel Corporation, 10, 1, 0, 37]
    [C:\Program Files\Intel\Wireless\Bin\S24MUDLL.dll]  [Intel Corporation, 10, 1, 0, 1]
    [C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll]  [Intel Corporation, 10, 1, 0, 2]
    [C:\Program Files\Intel\Wireless\Bin\TraceAPI.DLL]  [Intel Corporation, 10, 1, 0, 5]
    [C:\Program Files\Intel\Wireless\Bin\IntStngs.dll]  [, 10, 1, 0, 3]
    [C:\Program Files\Intel\Wireless\Bin\LIBEAY32.dll]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\SynCOM.dll]  [Synaptics, Inc., 8.2.0 21Oct05]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2000][C:\Program Files\Synaptics\SynTP\SynTPEnh.exe]  [Synaptics, Inc., 8.2.0 21Oct05]
    [C:\WINDOWS\system32\anifix1.dll]  [N/A, ]
    [C:\WINDOWS\system32\SynCOM.dll]  [Synaptics, Inc., 8.2.0 21Oct05]
    [C:\WINDOWS\system32\SynTPAPI.dll]  [Synaptics, Inc., 8.2.0 21Oct05]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 404][C:\Program Files\Wireless Console 2\wcourier.exe]  [, 2, 0, 2, 0]
    [C:\Program Files\Wireless Console 2\MSIMG32.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Wireless Console 2\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\anifix1.dll]  [N/A, ]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 496][C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe]  [Intel Corporation, 10, 1, 0, 42]
    [C:\Program Files\Intel\Wireless\bin\PfMgrApi.dll]  [Intel Corporation, 10, 1, 0, 46]
    [C:\Program Files\Intel\Wireless\bin\TraceAPI.DLL]  [Intel Corporation, 10, 1, 0, 5]
    [C:\Program Files\Intel\Wireless\bin\PsRegApi.dll]  [Intel Corporation, 10, 1, 0, 2]
    [C:\Program Files\Intel\Wireless\bin\DbEngine.dll]  [Intel Corporation, 10, 1, 0, 13]
    [C:\Program Files\Intel\Wireless\bin\LIBEAY32.dll]  [N/A, ]
    [C:\Program Files\Intel\Wireless\bin\IntStngs.dll]  [, 10, 1, 0, 3]
    [C:\Program Files\Intel\Wireless\bin\MurocApi.dll]  [Intel Corporation, 10, 1, 0, 37]
    [C:\Program Files\Intel\Wireless\bin\S24MUDLL.dll]  [Intel Corporation, 10, 1, 0, 1]
    [C:\WINDOWS\system32\anifix1.dll]  [N/A, ]
    [C:\Program Files\Intel\Wireless\Bin\ZcSvcCHS.dll]  [Intel Corporation, 10, 1, 0, 42]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 568][C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe]  [Intel Corporation, 10, 1, 0, 17]
    [C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll]  [Intel Corporation, 10, 1, 0, 2]
    [C:\Program Files\Intel\Wireless\Bin\LIBEAY32.dll]  [N/A, ]
    [C:\Program Files\Intel\Wireless\Bin\IntStngs.dll]  [, 10, 1, 0, 3]
    [C:\Program Files\Intel\Wireless\Bin\TraceAPI.DLL]  [Intel Corporation, 10, 1, 0, 5]
    [C:\WINDOWS\system32\anifix1.dll]  [N/A, ]
    [C:\Program Files\Intel\Wireless\Bin\FrWrkCHS.dll]  [Intel Corporation, 10, 1, 0, 17]
    [C:\Program Files\Intel\Wireless\Bin\FrameworkPlugins\ConnMgr.dll]  [Intel Corporation, 10, 1, 1, 162]
    [C:\Program Files\Intel\Wireless\Bin\MurocApi.dll]  [Intel Corporation, 10, 1, 0, 37]
    [C:\Program Files\Intel\Wireless\Bin\S24MUDLL.dll]  [Intel Corporation, 10, 1, 0, 1]
    [C:\Program Files\Intel\Wireless\Bin\PfMgrApi.dll]  [Intel Corporation, 10, 1, 0, 46]
    [C:\Program Files\Intel\Wireless\Bin\DbEngine.dll]  [Intel Corporation, 10, 1, 0, 13]
    [C:\Program Files\Intel\Wireless\Bin\IntWACHS.dll]  [Intel Corporation, 10, 1, 1, 162]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 776][C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe]  [Intel Corporation, 10, 1, 0, 14]
    [C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll]  [Intel Corporation, 10, 1, 0, 2]
    [C:\Program Files\Intel\Wireless\Bin\MurocApi.dll]  [Intel Corporation, 10, 1, 0, 37]
    [C:\Program Files\Intel\Wireless\Bin\S24MUDLL.dll]  [Intel Corporation, 10, 1, 0, 1]
    [C:\Program Files\Intel\Wireless\Bin\TraceAPI.DLL]  [Intel Corporation, 10, 1, 0, 5]
    [C:\Program Files\Intel\Wireless\Bin\IntStngs.dll]  [, 10, 1, 0, 3]
    [C:\Program Files\Intel\Wireless\Bin\LIBEAY32.dll]  [N/A, ]
    [C:\Program Files\Intel\Wireless\Bin\PfMgrApi.dll]  [Intel Corporation, 10, 1, 0, 46]
    [C:\Program Files\Intel\Wireless\Bin\DbEngine.dll]  [Intel Corporation, 10, 1, 0, 13]
    [C:\WINDOWS\system32\anifix1.dll]  [N/A, ]
    [C:\Program Files\Intel\Wireless\Bin\EOUWzCHS.dll]  [Intel Corporation, 10, 1, 0, 14]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]

[PID: 828][C:\Program Files\Rising\AntiSpyware\runiep.exe]  [Beijing Rising Technology Co., Ltd., 1, 0, 1, 6]
    [C:\WINDOWS\system32\anifix1.dll]  [N/A, ]
    [C:\Program Files\Rising\AntiSpyware\iep_ctrl.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 908][C:\WINDOWS\system32\RUNDLL32.EXE]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\anifix1.dll]  [N/A, ]
    [C:\WINDOWS\system32\NvMcTray.dll]  [NVIDIA Corporation, 6.14.10.9291]
    [C:\WINDOWS\system32\nvapi.dll]  [N/A, ]
    [C:\WINDOWS\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.9291]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 736][C:\WINDOWS\ATK0100\ATKOSD.exe]  [, 1043, 2, 15, 53]
    [C:\WINDOWS\system32\anifix1.dll]  [N/A, ]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2112][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\anifix1.dll]  [N/A, ]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2724][C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe]  [Intel Corporation, 10, 1, 0, 79]
    [C:\PROGRA~1\Intel\Wireless\Bin\acAuth.dll]  [, 4.0.15.0 2005-11-16 13:05:02]
    [C:\PROGRA~1\Intel\Wireless\Bin\C1XStngs.dll]  [Intel Corporation, 10, 1, 0, 31]
    [C:\PROGRA~1\Intel\Wireless\Bin\PsRegApi.dll]  [Intel Corporation, 10, 1, 0, 2]
    [C:\PROGRA~1\Intel\Wireless\Bin\IntStngs.dll]  [, 10, 1, 0, 3]
    [C:\PROGRA~1\Intel\Wireless\Bin\TraceAPI.DLL]  [Intel Corporation, 10, 1, 0, 5]
    [C:\PROGRA~1\Intel\Wireless\Bin\IWMSPROV.DLL]  [N/A, ]
    [C:\WINDOWS\system32\anifix1.dll]  [N/A, ]
    [C:\Program Files\Intel\Wireless\Bin\C8021CHS.dll]  [Intel Corporation, 10, 1, 0, 31]
    [C:\PROGRA~1\Intel\Wireless\Bin\LSAWRAPI.dll]  [Intel Corporation, 10, 1, 0, 1]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\PROGRA~1\Intel\Wireless\Bin\PfMgrApi.dll]  [Intel Corporation, 10, 1, 0, 46]
    [C:\PROGRA~1\Intel\Wireless\Bin\DbEngine.dll]  [Intel Corporation, 10, 1, 0, 13]
    [C:\PROGRA~1\Intel\Wireless\Bin\LIBEAY32.dll]  [N/A, ]
[PID: 588][C:\Program Files\Rising\Rav\ScanBD.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
    [C:\WINDOWS\system32\anifix1.dll]  [N/A, ]
    [C:\Program Files\Rising\Rav\RsCommx.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\Program Files\Rising\Rav\BDEngine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 13]
    [C:\Program Files\Rising\Rav\libload.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
    [C:\Program Files\Rising\Rav\BDEX.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 3]
    [C:\Program Files\Rising\Rav\BDLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 1]
    [C:\DOCUME~1\XLJ\LOCALS~1\Temp\LgSy2.dll]  [N/A, ]
    [C:\DOCUME~1\XLJ\LOCALS~1\Temp\Gjzo0.dll]  [N/A, ]
    [C:\DOCUME~1\XLJ\LOCALS~1\Temp\Rav30.dll]  [N/A, ]
    [C:\DOCUME~1\XLJ\LOCALS~1\Temp\fyzo0.dll]  [N/A, ]
    [C:\DOCUME~1\XLJ\LOCALS~1\Temp\Msxo0.dll]  [N/A, ]
    [C:\DOCUME~1\XLJ\LOCALS~1\Temp\LgSy1.dll]  [N/A, ]
[PID: 868][C:\program files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\anifix1.dll]  [N/A, ]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.0.2004121400]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\必备软件\studa_ls_Thunder\迅雷(Thunder) V5.5.2.252┊附带左右键选择下载功能┊学生大软件免安装特别版\Thunder\ComDlls\XunLeiBHO_006.dll]  [Thunder Networking Technologies,LTD, 5, 0, 0, 3]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [D:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
[PID: 544][C:\program files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\anifix1.dll]  [N/A, ]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.0.2004121400]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\必备软件\studa_ls_Thunder\迅雷(Thunder) V5.5.2.252┊附带左右键选择下载功能┊学生大软件免安装特别版\Thunder\ComDlls\XunLeiBHO_006.dll]  [Thunder Networking Technologies,LTD, 5, 0, 0, 3]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [D:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
[PID: 3236][D:\Program Files\Maxthon\Maxthon.exe]  [Maxthon International Ltd., 1, 5, 9, 80]
    [D:\Program Files\Maxthon\maxzlib.dll]  [ , 1, 0, 0, 2]
    [C:\WINDOWS\system32\anifix1.dll]  [N/A, ]
    [C:\WINDOWS\system32\odbcbcp.dll]  [Microsoft Corporation, 2000.085.1117.00 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\DOCUME~1\XLJ\LOCALS~1\Temp\Msxo0.dll]  [N/A, ]
    [C:\DOCUME~1\XLJ\LOCALS~1\Temp\LgSy1.dll]  [N/A, ]
    [C:\DOCUME~1\XLJ\LOCALS~1\Temp\fyzo0.dll]  [N/A, ]
    [D:\Program Files\Maxthon\Services\RealTime\real_time.dll]  [, 1, 0, 0, 1]
    [C:\DOCUME~1\XLJ\LOCALS~1\Temp\Gjzo0.dll]  [N/A, ]
    [C:\DOCUME~1\XLJ\LOCALS~1\Temp\Rav30.dll]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\DOCUME~1\XLJ\LOCALS~1\Temp\LgSy2.dll]  [N/A, ]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx]  [Adobe Systems, Inc., 9,0,45,0]
[PID: 2160][C:\WINDOWS\shualai.exe]  [N/A, ]
    [C:\WINDOWS\system32\anifix1.dll]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\shualai.dll]  [N/A, ]
[PID: 2648][E:\下载专区\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\WINDOWS\system32\anifix1.dll]  [N/A, ]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\DOCUME~1\XLJ\LOCALS~1\Temp\LgSy2.dll]  [N/A, ]
    [C:\DOCUME~1\XLJ\LOCALS~1\Temp\Gjzo0.dll]  [N/A, ]
    [C:\DOCUME~1\XLJ\LOCALS~1\Temp\Rav30.dll]  [N/A, ]
    [C:\DOCUME~1\XLJ\LOCALS~1\Temp\fyzo0.dll]  [N/A, ]
    [C:\DOCUME~1\XLJ\LOCALS~1\Temp\Msxo0.dll]  [N/A, ]
    [C:\DOCUME~1\XLJ\LOCALS~1\Temp\LgSy1.dll]  [N/A, ]
[PID: 3164][C:\DOCUME~1\XLJ\LOCALS~1\Temp\ScanBD\WindowsXP-KB924496-x86-CHS.exe]  [Microsoft Corporation, 1]
    [C:\WINDOWS\system32\anifix1.dll]  [N/A, ]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]

文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost
127.0.0.1      mmm.caifu18.net
127.0.0.1      www.18dmm.com
127.0.0.1      d.qbbd.com
127.0.0.1      www.5117music.com
127.0.0.1      www.union123.com
127.0.0.1      www.wu7x.cn
127.0.0.1      www.54699.com
127.0.0.1      60.169.0.66
127.0.0.1      60.169.1.29
127.0.0.1      www.97725.com
127.0.0.1      down.97725.com
127.0.0.1      ip.315hack.com
127.0.0.1      ip.54liumang.com
127.0.0.1      www.41ip.com
127.0.0.1      xulao.com
127.0.0.1      www.heixiou.com
127.0.0.1      www.9cyy.com
127.0.0.1      www.hunll.com
127.0.0.1      www.down.hunll.com
127.0.0.1      do.77276.com
127.0.0.1      www.baidulink.com
127.0.0.1      adnx.yygou.cn
127.0.0.1      222.73.220.45
127.0.0.1      www.f5game.com
127.0.0.1      www.guazhan.cn
127.0.0.1      wm,103715.com
127.0.0.1      www.my6688.cn
127.0.0.1      i.96981.com
127.0.0.1      d.77276.com
127.0.0.1      www1.cw988.cn
127.0.0.1      cool.47555.com
127.0.0.1      www.asdwc.com
127.0.0.1      55880.cn
127.0.0.1      61.152.169.234
127.0.0.1      cc.wzxqy.com
127.0.0.1      www.54699.com
127.0.0.1      t.gcuj.com
127.0.0.1      www.puma163.com
127.0.0.1      ceoww.com

==================================
API HOOK
GetVersion (危险等级: ,  被下面模块所HOOK: )
GetVersionExW (危险等级: ,  被下面模块所HOOK: )
DeleteFileW (危险等级: ,  被下面模块所HOOK: )
FindFirstFileExW (危险等级: ,  被下面模块所HOOK: )
TerminateThread (危险等级: ,  被下面模块所HOOK: )
FindFirstChangeNotificationW (危险等级: ,  被下面模块所HOOK: )
GetCurrentProcess (危险等级: ,  被下面模块所HOOK: )
GetCurrentProcessId (危险等级: ,  被下面模块所HOOK: )
GetCurrentThread (危险等级: ,  被下面模块所HOOK: )
GetCurrentThreadId (危险等级: ,  被下面模块所HOOK: )
GetFileSizeEx (危险等级: ,  被下面模块所HOOK: )
GetFileInformationByHandle (危险等级: ,  被下面模块所HOOK: )
GetFileAttributesW (危险等级: ,  被下面模块所HOOK: )
OpenProcess (危险等级: ,  被下面模块所HOOK: )
OpenThread (危险等级: ,  被下面模块所HOOK: )

==================================
隐藏进程
N/A

==================================


[/CODE]

谁99我啊!!!!!!!求你们了

自己去置顶中看吧,有那个的处理方法

http://forum.ikaka.com/topic.asp?board=28&artid=8292648

http://www.cisrt.com/bbs/viewthread.php?tid=944&extra=page%3D1