谢谢楼主了!!到目前为止还没复发过 应该是解决掉了!
在次感谢~!!!!

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ ATIPTAATI Desktop Control PanelATI Technologies, Inc.c:\program files\ati technologies\ati control panel\atiptaxx.exe

+ CameraFixerCameraFixer MFC Applicationc:\windows\camerafixer.exe

+ Dell QuickSetQuickSet MFC Applicationc:\program files\dell\quickset\quickset.exe

+ IntelWirelessIntel Framework MFC ApplicationIntel Corporationc:\program files\intel\wireless\bin\ifrmewrk.exe

+ KAVPersonal50Kaspersky Anti-Virus GUI PartKaspersky Labc:\program files\kaspersky lab\kaspersky anti-virus personal\kav.exe

+ NeroFilterCheckNeroCheckAhead Software Gmbhc:\windows\system32\nerocheck.exe

+ RavTaskRavTimerBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravtask.exe

+ RfwMainRising Personal FireWall Main ProgramBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\rfwmain.exe

+ snpstd3CameraMonitor Applicationc:\windows\vsnpstd3.exe

+ spoolsv傲讯浏览器辅助工具广州傲讯信息科技有限公司c:\windows\system32\spoolsv\spoolsv.exe

HKLM\SOFTWARE\Classes\Protocols\Handler

+ ic32ppc:\windows\wc98pp.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

+ Rising Execute File Exts hookRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\windows\system32\ravext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ RISINGRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\windows\system32\ravext.dll

+ Shell Extensions for RealOne PlayerRealPlayer Shell ExtensionsRealNetworks, Inc.c:\program files\real\realplayer\rpshell.dll

+ WinRAR shell extensionc:\program files\winrar\rarext.dll

HKLM\Software\Classes\Folder\Shellex\ColumnHandlers

+ PDF Shell ExtensionPDF Shell ExtensionAdobe Systems, Inc.c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

+ Google Toolbar HelperGoogle IE 客户端工具栏Google Inc.c:\program files\google\googletoolbar1.dll

+ wmpdrm傲讯浏览器辅助工具Allsum Info. Tech. Ltd.c:\windows\system32\wmpdrm.dll

HKLM\Software\Microsoft\Internet Explorer\Toolbar

+ googletoolbar1.dllGoogle IE 客户端工具栏Google Inc.c:\program files\google\googletoolbar1.dll

+ kakatool.dllBeijing Rising Technology Co., Ltd.c:\windows\system32\kakatool.dll

HKLM\System\CurrentControlSet\Services

+ Ati HotKey PollerATI External Event Utility EXE ModuleATI Technologies Inc.c:\windows\system32\ati2evxx.exe

+ C-DillaCdaC11BAMacrovision RTS ServiceMacrovisionc:\windows\system32\drivers\cdac11ba.exe

+ EvtEngIntel Event Trace ManagerIntel Corporationc:\program files\intel\wireless\bin\evteng.exe

+ kavsvcKaspersky Anti-Virus ServiceKaspersky Labc:\program files\kaspersky lab\kaspersky anti-virus personal\kavsvc.exe

+ NICCONFIGSVC配置内部网卡电源管理设置。Dell Inc.c:\program files\dell\nicconfigsvc\nicconfigsvc.exe

+ RegSrvcIntel Registry ServiceIntel Corporationc:\program files\intel\wireless\bin\regsrvc.exe

+ RfwServiceRising Personal Firewall ServiceBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\rfwsrv.exe

+ RsCCenterCCenterBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ccenter.exe

+ RsRavMonRavMondBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravmond.exe

+ S24EventMonitorHandles the Spectrum24 NDIS TrafficIntel Corporation c:\program files\intel\wireless\bin\s24evmon.exe

+ WLANKEEPERProvides Profile Switching Service for SSO Feature SetIntel? Corporationc:\program files\intel\wireless\bin\wlkeeper.exe

HKLM\System\CurrentControlSet\Services

+ AegisPAEGIS Protocol (IEEE 802.1x) v3.1.0.1Meetinghouse Data Communicationsc:\windows\system32\drivers\aegisp.sys

+ APPDRVApp Support DriverDell Incc:\windows\system32\drivers\appdrv.sys

+ ati2mtagATI Radeon WindowsNT Miniport DriverATI Technologies Inc.c:\windows\system32\drivers\ati2mtag.sys

+ b57w2kBroadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver.Broadcom Corporationc:\windows\system32\drivers\b57xp32.sys

+ BaseTDIbasetdiBeijing Rising Technology Co., Ltd.c:\windows\system32\drivers\basetdi.sys

+ busenumVirtualcom Bus Enumeratorc:\windows\system32\drivers\busenum.sys

+ CdaC15BAMacrovision SECURITY DriverMacrovision Europe Ltdc:\windows\system32\drivers\cdac15ba.sys

+ EthComm2kc:\windows\system32\drivers\ethcomm2k.sys

+ ExpScanerExpScan.sysc:\program files\rising\rav\expscan.sys

+ giveioc:\windows\system32\giveio.sys

+ GTIPCI21Texas Instruments PCI GemCore IFD HandlerTexas Instrumentsc:\windows\system32\drivers\gtipci21.sys

+ HookContTDI HOOK DriverRising tech Co. ltdc:\program files\rising\rav\hookcont.sys

+ HookRegc:\program files\rising\rav\hookreg.sys

+ HookSysHooksysRisingc:\program files\rising\rav\hooksys.sys

+ HookUrlHookUrlBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\hookurl.sys

+ HSF_DPHSF_DP driverConexant Systems, Inc.c:\windows\system32\drivers\hsf_dp.sys

+ HSF_DPVHSF_DP driverConexant Systems, Inc.c:\windows\system32\drivers\hsf_dpv.sys

+ HSFHWICHHSFHWICH WDM driverConexant Systems, Inc.c:\windows\system32\drivers\hsfhwich.sys

+ imagedrvNERO IMAGEDRIVE SCSI miniportAhead Software AGc:\windows\system32\drivers\imagedrv.sys

+ imagesrvNero Image ServerAhead Software AGc:\windows\system32\drivers\imagesrv.sys

+ io.sysc:\windows\system32\drivers\io.sys

+ IWCAIntel Wireless Connection AgentIntel Corporationc:\windows\system32\drivers\iwca.sys

+ Kl1Kaspersky Anti-Hacker Only DriverKaspersky Labc:\windows\system32\drivers\kl1.sys

+ Klifspuper-ptorKaspersky Labsc:\windows\system32\drivers\klif.sys

+ KlmcKaspersky Anti-Virus Mail Checker ProxyKaspersky Labc:\windows\system32\drivers\klmc.sys

+ kmsinputc:\windows\system32\drivers\kmsinput.sys

+ mdmxsdkDiagnostic Interface DRIVERConexantc:\windows\system32\drivers\mdmxsdk.sys

+ MEMSCANMemScan Driver瑞星软件有限公司c:\program files\rising\rav\memscan.sys

+ mProcRsRising Personal FireWall  mprocrs.sysBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\mprocrs.sys

+ NPFNPF Driver - TME extensionsPolitecnico di Torinoc:\windows\system32\drivers\npf.sys

+ npkcryptnProtect KeyCrypt DriverINCA Internet Co., Ltd.c:\program files\tencent\qq\npkcrypt.sys

+ OMCIOMCI Device DriverDell Computer Corporationc:\windows\system32\drivers\omci.sys

+ PortTalkPortTalk - Beyond Logic I/O Port DriverBeyond Logic http://www.beyondlogic.orgc:\windows\system32\drivers\porttalk.sys

+ PtilinkDirect Parallel Link DriverParallel Technologies, Inc.c:\windows\system32\drivers\ptilink.sys

+ PxHelp20Px Engine Device Driver for Windows 2000/XPSonic Solutionsc:\windows\system32\drivers\pxhelp20.sys

+ RsFwDrvnt_fwdrvBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\rsfwdrv.sys

+ s24transWLAN TransportIntel Corporationc:\windows\system32\drivers\s24trans.sys

+ SecdrvSafeDisc driverc:\windows\system32\drivers\secdrv.sys

+ SentinelSentinel System Driver (NT Parallel driver)Rainbow Technologies, Inc.c:\windows\system32\drivers\sentinel.sys

+ Ser2plUSB-to-Serial Cable DriverProlific Technology Inc.c:\windows\system32\drivers\ser2pl.sys

+ SNPSTD3PC Camera driverc:\windows\system32\drivers\snpstd3.sys

+ STAC97SigmaTel Audio Driver (WDM)SigmaTel, Inc.c:\windows\system32\drivers\stac97.sys

+ UIUSysFile not found: system32\drivers\UIUSys.sys

+ w29n51Intel? Wireless LAN DriverIntel? Corporationc:\windows\system32\drivers\w29n51.sys

+ winachsfHSF_CNXT driverConexant Systems, Inc.c:\windows\system32\drivers\hsf_cnxt.sys

+ WinDriver6WinDriver Device Driver 6.02Jungoc:\windows\system32\drivers\windrvr6.sys

+ XELTEKXeusbanchor chipsc:\windows\system32\drivers\xeusb.sys

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

+ AtiExtEventATI External Event Utility DLL ModuleATI Technologies Inc.c:\windows\system32\ati2evxx.dll

+ IntelWirelessLogonNotify DLLIntel Corporationc:\program files\intel\wireless\bin\lgnotify.dll

楼主,我按你的说了做了,但是怎么一连进网络在杀毒,就有跑出来了啊!

小聪说得没错，广州傲迅这个流氓处理也不是很难


顶，支持原创．

【回复“bingquan”的帖子】
用Autoruns（既然是用这个扫的日志，就顺便用这个解决了）找到并禁用（最好删除）这两个启动项。
+spoolsv傲讯浏览器辅助工具广州傲讯信息科技有限公司c:\windows\system32\spoolsv\spoolsv.exe
+ wmpdrm傲讯浏览器辅助工具Allsum Info. Tech. Ltd.c:\windows\system32\wmpdrm.dll

双击C:\WINDOWS\system32\msibm\下的uninstall程序
卸载清除C:\WINDOWS\system32\msibm\

删除
C:\Windows\System32\mscache\(表示整个文件夹，下同）
C:\WINDOWS\system32\msibm\
C:\WINDOWS\system32\msicn\
C:\WINDOWS\system32\bakcfs\
C:\WINDOWS\system32\spoolsv\
C:\WINDOWS\system32\wmpdrm.dll
注意查找上述文件时要选择不隐藏操作系统文件并显示所有文件和文件夹

如果是在HijackThis的日志里，有关的项目则为：
O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\WINDOWS\system32\wmpdrm.dll
O4 - HKLM\..\Run: [spoolsv] C:\WINDOWS\system32\spoolsv\spoolsv.exe -printer
O2 - BHO: CBHelper Object - {8A4280AD-9B37-4922-A51D-73F3C3A32AF7} - C:\WINDOWS\system32\msibm\cfsbho.dll
O4 - HKLM\..\Run: [mscfs] RUNDLL32 C:\WINDOWS\system32\msibm\cfsys.dll,cfs

以上几项不一定会同时出现，一般只会看到一两项，但即使如此，其清除方法也应是：
先修复所找到的有关项目；
双击C:\WINDOWS\system32\msibm\下的uninstall程序
卸载清除C:\WINDOWS\system32\msibm\

重启后删除：
C:\Windows\System32\mscache\(表示整个文件夹，下同）
C:\WINDOWS\system32\msibm\
C:\WINDOWS\system32\msicn\
C:\WINDOWS\system32\bakcfs\
C:\WINDOWS\system32\spoolsv\
C:\WINDOWS\system32\wmpdrm.dll
注意查找上述文件时要选择不隐藏操作系统文件并显示所有文件和文件夹

我只找到 O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\WINDOWS\system32\wmpdrm.dll 这一项
而且
C:\WINDOWS\system32\msibm\
C:\WINDOWS\system32\msicn\
C:\WINDOWS\system32\bakcfs\
C:\WINDOWS\system32\wmpdrm.dll
这些都找不到,还有C:\WINDOWS\system32\spoolsv\删除不了
真的好烦
我之前按照楼主的方法做了一次已经删除了mscache,虽然好像病毒已经杀了但是我的ie好卡好慢啊,哪位能帮一下我呢???help!!!

还是这样!

谢谢楼主,我照此执行后,到现在(5个小时)没有发现病毒了,估计成功了

xiexie 谢谢  终于搞定.  谢谢谢谢  要不我又要一键还原了~~~~~~~~