[C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 8]
[PID: 936][C:\Program Files\Rising\Rav\Ravmon.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 1, 33]
    [C:\Program Files\Rising\Rav\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 26]
    [C:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 19]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 8]
    [C:\PROGRA~1\3721\helper.dll]  [, 1, 1, 0, 1325]
[PID: 620][C:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRA~1\3721\helper.dll]  [, 1, 1, 0, 1325]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 8]
    [C:\PROGRA~1\3721\autolive.dll]  [, 1, 1, 7, 1326]
    [C:\PROGRA~1\3721\notifier.dll]  [, 1, 0, 0, 5]
    [C:\PROGRA~1\3721\alLiveEx.dll]  [ , 1, 0, 3, 1006]
[PID: 1524][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRA~1\3721\helper.dll]  [, 1, 1, 0, 1325]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 8]
[PID: 2488][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRA~1\3721\helper.dll]  [, 1, 1, 0, 1325]
    [C:\PROGRA~1\3721\scrblock.dll]  [3721, 1, 0, 1, 1000]
    [C:\PROGRA~1\3721\alrex.dll]  [, 1, 0, 1, 1001]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 8]
    [C:\WINDOWS\DOWNLO~1\CnsHint.dll]  [3721, 1, 0, 1, 1]
    [C:\PROGRA~1\3721\autolive.dll]  [, 1, 1, 7, 1326]
    [C:\PROGRA~1\3721\alLiveEx.dll]  [ , 1, 0, 3, 1006]
    [C:\WINDOWS\DOWNLO~1\cnsplus.dll]  [3721, 1, 0, 0, 2]
    [C:\PROGRA~1\SUPERR~1\MagicSet\haokanbar.dll]  [Xiang Feng Technology, 2, 2, 0, 1612]
    [C:\WINDOWS\DOWNLO~1\CnsHook.dll]  [北京三七二一科技有限公司, 1, 0, 4, 1]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx]  [Adobe Systems, Inc., 9,0,16,0]
    [C:\WINDOWS\system32\UNISPIM.IME]  [北京清华紫光软件股份有限公司, 3.0.0.3045]
    [C:\WINDOWS\system32\upengine.dll]  [北京清华紫光软件股份有限公司, 3.0.0.3045]
    [C:\WINDOWS\DOWNLO~1\CnsMinIO.dll]  [北京三七二一科技有限公司, 1, 0, 3, 7]
    [C:\WINDOWS\DOWNLO~1\cnsio.dll]  [北京三七二一科技有限公司, 1, 0, 2, 8]
[PID: 3208][F:\download\HijackThis.exe]  [Soeperman Enterprises Ltd., 1.99.0001]
    [C:\PROGRA~1\3721\helper.dll]  [, 1, 1, 0, 1325]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 8]
[PID: 3224][C:\WINDOWS\system32\NOTEPAD.EXE]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRA~1\3721\helper.dll]  [, 1, 1, 0, 1325]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 8]
[PID: 2992][C:\DOCUME~1\CX4\LOCALS~1\Temp\Rar$EX00.329\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]
    [C:\PROGRA~1\3721\helper.dll]  [, 1, 1, 0, 1325]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 8]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  Error. [winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
[E:\]
[AutoRun]
Open=COMMAND.exe
[F:\]

O23 - Service: Simple Mail Transfer Protocol (SMTP) (SMTPSVC) - Unknown owner - C:\WINDOWS\system32\inetsrv\inetinfo.exe (file missing)
O23 - Service: SNMP Service (SNMP) - Unknown owner - C:\WINDOWS\System32\snmp.exe (file missing)
O23 - Service: SNMP Trap Service (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\system32\wdfmgr.exe (file missing)
O23 - Service: IIS Admin (IISADMIN) - Unknown owner - C:\WINDOWS\system32\inetsrv\inetinfo.exe (file missing)
灰鸽子..安全模式...打开注册表编辑器，展开：HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
搜索SMTPSVC
SMTP
SNMP
SNMPTRAP
UMWdf
IISADMIN
删除...

修复
R3 - URLSearchHook: (no name) - {1F28D7AD-73FA-4F69-8024-4F7BBC8CE2EA} - (no file)
R3 - URLSearchHook: (no name) - {429263F6-CAA7-4C01-96B7-BCC465A4E955} - (no file)
R3 - URLSearchHook: (no name) - {F7324A43-9A9D-4D70-8F8A-FEA798BA9E46} - C:\WINDOWS\system32\Aisub.dll (file missing)
R3 - URLSearchHook: (no name) - {5A09E1C7-C297-4676-9371-7CAF4946639C} - (no file)
R3 - URLSearchHook: (no name) - {E6789611-58AC-4B7F-B9EA-317C9395D1F7} - (no file)
R3 - URLSearchHook: (no name) - {F3DFB1D7-E088-40A4-B854-C221D4046178} - (no file)
R3 - URLSearchHook: (no name) - {D7B33463-5C66-4B97-8E25-D90DE28E614F} - (no file)
R3 - URLSearchHook: (no name) - {BF204E77-8034-4122-ADC4-B5A75D61AE4B} - (no file)
R3 - URLSearchHook: (no name) - {6F09D926-DA0E-4285-9BE7-8E82ACD4E227} - (no file)
R3 - URLSearchHook: (no name) - {DBDCB73A-C101-48D6-AB9F-2B07C6761508} - (no file)
R3 - URLSearchHook: (no name) - {853C8B51-8FF3-4F81-9A19-0DC5B07EBB20} - (no file)
R3 - URLSearchHook: (no name) - {7B2A0BA9-9F99-4896-B343-29EF0FA9B6F2} - (no file)
R3 - URLSearchHook: (no name) - {8D5A2F0F-92CD-4544-8DFF-8BE7C9CA4C6E} - (no file)
R3 - URLSearchHook: (no name) - {5CF48E91-A6A7-4C9B-8026-45F739362505} - (no file)
R3 - URLSearchHook: (no name) - {CEB5D266-4875-4692-880D-755D93A6F31E} - (no file)
R3 - URLSearchHook: (no name) - {CBA20C10-D020-4695-B001-50C4A80AD8E4} - (no file)
R3 - URLSearchHook: (no name) - {083BF5BE-D50D-43C8-9556-EB16BE05D628} - (no file)
R3 - URLSearchHook: (no name) - {7999520E-B01D-47A7-9A49-9668020EEEA1} - (no file)
R3 - URLSearchHook: (no name) - {92E5D896-8F59-44C9-9E98-75AA7C2EA5BA} - (no file)
R3 - URLSearchHook: (no name) - {B72E0989-FF49-4CF8-886F-7DE2533AE8D3} - (no file)
R3 - URLSearchHook: (no name) - {59DFD4CB-59BF-4350-8D7E-F94F23A1BED4} - (no file)
R3 - URLSearchHook: (no name) - {6E298CDB-0C11-4308-96BF-37552066EC00} - (no file)
R3 - URLSearchHook: (no name) - {0C0C2B24-F423-4F9B-BDF6-5BF8D3E63263} - (no file)
R3 - URLSearchHook: (no name) - {949B66D9-FA46-46D6-9B4C-D0F2DB5ABEF8} - (no file)
R3 - URLSearchHook: (no name) - {218877A8-7E04-41D1-B290-C59B7893E192} - (no file)
R3 - URLSearchHook: (no name) - {819BC286-5643-454B-B42E-20CD1DB6A2F1} - (no file)
R3 - URLSearchHook: (no name) - {0B8EA3BD-0F78-4233-8E92-49CDCC66A7B5} - (no file)
R3 - URLSearchHook: (no name) - {219B2089-95FB-4721-9698-B16A6800F349} - (no file)
R3 - URLSearchHook: (no name) - {E0C97B6B-396A-40A7-B818-5D142C41FD8A} - (no file)
O2 - BHO: (no name) - {0C7C23EF-A848-485B-873C-0ED954731014} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing)

用sreng
删除启动项目=>注册表
<zt><C:\WINDOWS\system32\integer.exe> [N/A]
<zz><C:\WINDOWS\system32\intenet.exe> [N/A]
<rx><C:\WINDOWS\system32\explore.exe> [N/A]
删除
C:\WINDOWS\system32\integer.exe
C:\WINDOWS\system32\intenet.exe
C:\WINDOWS\system32\explore.exe

http://download5.pctutu.com/soft/magicset785.zip
用超级兔子清理王在安全模式下卸载流氓软件...