我的电脑 c://windows/system32/tuspm.dll>>Pack.bzp 中了 Trojan.Agent.wxp
一开机瑞星监控就发现此病毒，然后就不断发现，不断删除，总之就是删除不了，搞到机子慢得其他程序都开不了。哪怕在安全模式上删除了，普通模式里监控还是不断发现。
现求救啊~~高手~~这病毒该怎样删除啊？

请下载 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完，分次粘完，请不要修改。谢谢．．．

谢谢~~等我去试试看看行不行~

不用了..中的是威金吧!

EXE文件被感染..瑞星把EXE全删了!

当然都启动不来了!已经有专杀工具出现!

请问高手，有什么工具可以杀啊？赐教啊~~

请下载 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
日志一次粘不完，分次粘完，请不要修改。


别听3楼的。。。。没那么严重

westbeck~~我已经用那工具扫描过了，先把报告日志粘贴上来，请问有什么的解决方法啊？
启动项目
注册表
N/A

==================================
启动文件夹
[Microsoft Office]
  <C:\Documents and Settings\All Users.WINDOWS\「开始」菜单\程序\启动\Microsoft Office.lnk --> D:\office\Office\OSA9.EXE [Microsoft Corporation]><N>

==================================
服务
[Dcfssvc / Dcfssvc]
  <C:\WINDOWS\system32\drivers\dcfssvc.exe><Eastman Kodak Company>
[Human Interface Device Access / HidServ]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[IMAPI CD-Burning COM Service / ImapiService]
  <C:\WINDOWS\System32\imapi.exe><Microsoft Corporation>
[Rising Process Communication Center / RsCCenter]
  <"D:\rav\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
  <"D:\rav\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Windows NT Logon Application / WINLOGON]
  <"C:\WINDOWS\system\winlogon.exe"><N/A>

==================================
驱动程序
[00 / 00]
  <\SystemRoot\\SystemRoot\System32\drivers\3889272.sys><N/A>
[Service for WDM 3D Audio Driver / ALCXSENS]
  <system32\drivers\ALCXSENS.SYS><Sensaura Ltd>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[ati2mtag / ati2mtag]
  <System32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Rising TDI Base Driver / BaseTDI]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[CnsMinKP / CnsMinKP]
  <\SystemRoot\System32\drivers\CnsMinKP.sys><Copyright (C) 3721 Corporation.>
[Kodak Camera Proxy / DcCam]
  <System32\DRIVERS\DcCam.sys><Eastman Kodak Company>
[DcFpoint / DcFpoint]
  <System32\DRIVERS\DcFpoint.sys><Eastman Kodak Company>
[DCFS2K / DCFS2K]
  <system32\drivers\dcfs2k.sys><Eastman Kodak Company>
[Legacy Polling Service / DcLps]
  <System32\DRIVERS\DcLps.sys><Eastman Kodak Company>
[DcPTP / DcPTP]
  <System32\DRIVERS\DcPTP.sys><Eastman Kodak Company>
[Exportit / Exportit]
  <System32\DRIVERS\exportit.sys><Eastman Kodak Company>
[ExpScaner / ExpScaner]
  <\??\D:\rav\Rav\ExpScan.sys><>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS]
  <System32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[ECOM EM-56HAM,Ambient HaM Internal Modem / ham50]
  <System32\DRIVERS\ham50.sys><Ambient Technologies, Inc.>
[HookCont / HookCont]
  <\??\D:\rav\Rav\HOOKCONT.sys><Rising tech Co. ltd>
[HookReg / HookReg]
  <\??\D:\rav\Rav\HookReg.sys><>
[HookSys / HookSys]
  <\??\D:\rav\Rav\HookSys.sys><Rising>
[HOOKTDI1 / HOOKTDI1]
  <\??\D:\rfw\rfw\tdihook.sys><瑞星软件有限公司>
[ialm / ialm]
  <System32\DRIVERS\ialmnt5.sys><Intel Corporation>
[IPHOOK / IPHOOK]
  <\??\D:\rfw\rfw\iphook.sys><瑞星软件有限公司>
[KWATCH / KWATCH]
  <\??\C:\KAV2003\KWATCH.SYS><N/A>
[MEMSCAN / MEMSCAN]
  <\??\D:\rav\Rav\MEMSCAN.sys><瑞星软件有限公司>
[New0 / New0]
  <\??\C:\WINDOWS\System32\new.sys><N/A>
[npkcrypt / npkcrypt]
  <\??\D:\qq\qq\npkcrypt.sys><INCA Internet Co., Ltd.>
[Direct Parallel Link Driver / Ptilink]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
  <System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[S3Psddr / S3Psddr]
  <System32\DRIVERS\s3gnbm.sys><S3 Graphics, Inc.>
[Secdrv / Secdrv]
  <System32\DRIVERS\secdrv.sys><N/A>
[VIA AGP Filter / viaagp1]
  <\SystemRoot\System32\DRIVERS\viaagp1.sys><VIA Technologies, Inc.>
[ViaIde / ViaIde]
  <\SystemRoot\System32\DRIVERS\viaidexp.sys><VIA Technologies, Inc.>
[VIA USB Host Controller Lower Filter / vulfnths]
  <\SystemRoot\System32\Drivers\vulfnth.sys><VIA Technologies, Inc.>
[VIA USB Roothub Lower Filter / vulfntrs]
  <\SystemRoot\System32\Drivers\vulfntr.sys><VIA Technologies, Inc.>

==================================
浏览器加载项
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\acrobat reader\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <D:\qq\qq\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[ATLDistrib Object]
  {83A5F7B7-DC75-44CE-9195-264F41709FA9} <, N/A>
[IeCatch2 Class]
  {A5366673-E8CA-11D3-9CD9-0090271D075B} <D:\FLASHGET\jccatch.dll, Amaze Soft>
[]
  {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} <C:\WINDOWS\System32\banpvayu.dll, N/A>
[上网助手]
  {BB936323-19FA-4521-BA29-ECA6A121BC78} <C:\PROGRA~1\3721\Assist\asbar.dll, 3721>
[CnsHook Class]
  {D157330A-9EF3-49F8-9A67-4141AC41ADD4} <C:\WINDOWS\downlo~1\CnsHook.dll, 北京三七二一科技有限公司>
[]
  {DD17546A-A27A-47E6-A851-F55D60A19DE9} <C:\WINDOWS\System32\tuspm.dll, N/A>
[Yahoo 3.5G电邮]
  {507F9113-CD77-4866-BA92-0E86DA3D0B97} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail, N/A>
[名品折扣]
  {59BC54A2-56B3-44a0-93E5-432D58746E26} <http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=http://www.taobao.com/vertical/mall/pro.php?allyesPara=816, N/A>
[雅虎助手]
  {5D73EE86-05F1-49ed-B850-E423120EC338} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist, N/A>
[雅虎WIDGET]
  {6354ABE6-05F1-49ed-B850-E423120EC338} <http://cn.widget.yahoo.com/index.htm?source=Cns, N/A>
[MyIM音乐随心听]
  {98C3FD76-B058-474F-BB61-70ED205F7A5C} <, N/A>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\qq\qq\QQ.EXE, TENCENT>
[Real.com]
  {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} <C:\WINDOWS\System32\Shdocvw.dll, Microsoft Corporation>
[FlashGet]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <D:\FLASHGET\flashget.exe, Amaze Soft>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <D:\qq\qq\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[情景聊天]
  {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg, N/A>
[]
  {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair, N/A>
[]
  {FD00D911-7529-4084-9946-A29F1BDF4FE5} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean, N/A>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <D:\FLASHGET\fgiebar.dll, Amaze Soft>
[Easy-WebPrint]
  {327C2873-E90D-4c37-AA9D-10AC9BABA46C} <C:\Program Files\Canon\Easy-WebPrint\Toolband.dll, N/A>
[上网助手]
  {BB936323-19FA-4521-BA29-ECA6A121BC78} <C:\PROGRA~1\3721\Assist\asbar.dll, 3721>
[Toolbar888]
  {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} <, N/A>
[&VSToolBar]
  {821F87FF-8245-4972-9E28-732E92EC2F51} <C:\Program Files\VSToolbar\VSToolBar.dll, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[VCR.Scan]
  {E4F500BF-C1A3-11D6-9697-0090961B771E} <C:\WINDOWS\Downloaded Program Files\VCRSCAN.OCX, New Technology Wave Inc.>
[Easy-WebPrint打印]
  <res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html, N/A>
[Easy-WebPrint添加到打印列表]
  <res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html, N/A>
[Easy-WebPrint预览]
  <res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html, N/A>
[Easy-WebPrint高速打印]
  <res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html, N/A>
[上传到QQ网络硬盘]
  <D:\qq\qq\AddToNetDisk.htm, N/A>
[使用网际快车下载]
  <D:\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <D:\FlashGet\jc_all.htm, N/A>
[导出到 Microsoft Excel(&x)]
  <res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
  <D:\qq\qq\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\qq\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\qq\qq\SendMMS.htm, N/A>

正在运行的进程
[PID: 388][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 444][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 468][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\tuspm.dll]  [N/A, N/A]
[PID: 512][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 524][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 676][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 720][D:\rav\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 736][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 800][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1056][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1068][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\tuspm.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\WINDOWS\downlo~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 9]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
    [D:\反间谍专家\ske\contmenu.dll]  [N/A, N/A]
    [C:\WINDOWS\downlo~1\CnsHook.dll]  [北京三七二一科技有限公司, 1, 0, 3, 7]
    [C:\PROGRA~1\3721\Assist\asbar.dll]  [3721, 1, 0, 1, 1021]
    [C:\PROGRA~1\3721\Assist\tbwrap.dll]  [3721, 1, 0, 0, 2]
    [C:\PROGRA~1\3721\Assist\asnoad.dll]  [, 1, 0, 0, 9]
    [C:\PROGRA~1\3721\Assist\aswiper.dll]  [3721, 1, 0, 1, 1004]
    [D:\acrobat reader\Reader\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 6.0.1.2003110300]
    [D:\FLASHGET\jccatch.dll]  [Amaze Soft, 1, 1, 4, 0]
    [C:\WINDOWS\System32\banpvayu.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\igfxpph.dll]  [Intel Corporation, 3,0,0,1517]
    [C:\WINDOWS\System32\hccutils.DLL]  [Intel Corporation, 3,0,0,1517]
[PID: 1084][D:\rav\Rav\Ravmond.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 1, 6]
    [D:\rav\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 16]
    [D:\rav\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [D:\rav\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [D:\rav\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [D:\rav\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [D:\rav\Rav\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 18]
    [D:\rav\Rav\HOOKSYS.dll]  [Rising, 18, 1, 0, 9]
    [D:\rav\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 28]
    [D:\rav\Rav\libload.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
    [D:\rav\Rav\VirusLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
    [D:\rav\Rav\regmon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [D:\rav\Rav\HookWeb.dll]  [rising, 18, 0, 0, 1]
    [D:\rav\Rav\MemMon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 8]
    [D:\rav\Rav\expscan.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [D:\rav\Rav\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
    [D:\rav\Rav\MailMon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [D:\rav\Rav\SpamEng.dll]  [N/A, 18, 0, 0, 4]
    [D:\rav\Rav\engine.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 34]
    [D:\rav\Rav\PostTrt.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 17]
    [D:\rav\Rav\UnExe.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [D:\rav\Rav\ScanExec.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 15]
    [D:\rav\Rav\ScanEx.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 30]
    [D:\rav\Rav\RSUnpack.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 18]
    [D:\rav\Rav\NvFile.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 7]
    [D:\rav\Rav\ScanMac.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
    [D:\rav\Rav\ScanSct.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 19]
    [D:\rav\Rav\Unpacker.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [D:\rav\Rav\RsStore.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[PID: 1196][C:\WINDOWS\System32\Rundll32.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\downlo~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 9]
[PID: 1268][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\system32\CNMLM6e.DLL]  [CANON INC., 1.80.2.50]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD6e.DLL]  [CANON INC., 1.80.2.50]
[PID: 1380][C:\WINDOWS\system32\drivers\dcfssvc.exe]  [Eastman Kodak Company, 1.1.4400.0]
[PID: 1564][D:\rav\Rav\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
    [D:\rav\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [D:\rav\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 1864][D:\rav\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 22]
    [D:\rav\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [D:\rav\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [D:\rav\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [D:\rav\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\WINDOWS\downlo~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 9]
[PID: 1904][D:\winantivirus\WinAntiVirusPro2006FreeInstall.exe]  [WinSoftware Ltd., 1,3,82,2]
    [C:\WINDOWS\downlo~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 9]
[PID: 1912][C:\WINDOWS\System32\msnsdev.exe]  [N/A, N/A]
[PID: 192][D:\rav\Rav\Ravmon.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 99]
    [D:\rav\Rav\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 22]
    [D:\rav\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 16]
    [D:\rav\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [D:\rav\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [D:\rav\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [D:\rav\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [D:\rav\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\WINDOWS\downlo~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 9]
[PID: 288][D:\rav\Rav\rav.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 46]
    [D:\rav\Rav\PlugIn\RsPgScan.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [D:\rav\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [D:\rav\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [D:\rav\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [D:\rav\Rav\RavUI.Dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 51]
    [D:\rav\Rav\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 22]
    [D:\rav\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\WINDOWS\downlo~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 9]
    [D:\rav\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [D:\rav\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 28]
    [D:\rav\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 16]
[PID: 1936][D:\sreng\sreng2\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]
    [C:\WINDOWS\downlo~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 9]

==================================
文件关联
.TXT  Error. [NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

HOSTS 文件
127.0.0.1    www.symantec.com
127.0.0.1    securityresponse.symantec.com
127.0.0.1    symantec.com
127.0.0.1    www.sophos.com
127.0.0.1    sophos.com
127.0.0.1    www.mcafee.com
127.0.0.1    mcafee.com
127.0.0.1    liveupdate.symantecliveupdate.com
127.0.0.1    www.viruslist.com
127.0.0.1    viruslist.com
127.0.0.1    viruslist.com
127.0.0.1    f-secure.com
127.0.0.1    www.f-secure.com
127.0.0.1    kaspersky.com
127.0.0.1    kaspersky-labs.com
127.0.0.1    www.kaspersky.com
127.0.0.1    www.networkassociates.com
127.0.0.1    networkassociates.com
127.0.0.1    www.ca.com
127.0.0.1    ca.com
127.0.0.1    mast.mcafee.com
127.0.0.1    my-etrust.com
127.0.0.1    www.my-etrust.com
127.0.0.1    download.mcafee.com
127.0.0.1    dispatch.mcafee.com
127.0.0.1    secure.nai.com
127.0.0.1    nai.com
127.0.0.1    www.nai.com
127.0.0.1    update.symantec.com
127.0.0.1    updates.symantec.com
127.0.0.1    us.mcafee.com
127.0.0.1    liveupdate.symantec.com
127.0.0.1    customer.symantec.com
127.0.0.1    rads.mcafee.com
127.0.0.1    trendmicro.com
127.0.0.1    pandasoftware.com
127.0.0.1    www.pandasoftware.com
127.0.0.1    www.trendmicro.com
127.0.0.1    www.grisoft.com
127.0.0.1    www.microsoft.com
127.0.0.1    microsoft.com
127.0.0.1    update.microsoft.com
127.0.0.1    www.virustotal.com
127.0.0.1    virustotal.com
127.0.0.1    www.ahnlab.com
127.0.0.1    suc.ahnlab.com
127.0.0.1    auth.ahnlab.com
127.0.0.1    ahnlab.com

打开SREng 系统修复 修复错误的文件关联
启动项目  服务WIN32 删除
[Windows NT Logon Application / WINLOGON]
<"C:\WINDOWS\system\winlogon.exe"><N/A>

驱动程序 删除
[00 / 00]
<\SystemRoot\\SystemRoot\System32\drivers\3889272.sys><N/A>
[New0 / New0]
<\??\C:\WINDOWS\System32\new.sys><N/A>
重启，安全模式下删除
C:\WINDOWS\system\winlogon.exe
SystemRoot\\SystemRoot\System32\drivers\3889272.sys
C:\WINDOWS\System32\new.sys

C:\WINDOWS\System32\msnsdev.exe（这个不知道是什么，建议删掉）

C:\WINDOWS\System32\tuspm.dll
下载killbox，我的E盘就有。。E盘见我的签名
找到要删的文件，勾上（1）删除前先结束explorer.exe，（2）删除DLL前先反注册此文件（3）替换文件（4）替换文件后重启，然后点删除

C:\WINDOWS\System32\drivers\etc文件夹下面有个HOST，把他重命名为HOST.txt删除里面的东西。。。再保存，重新命名为HOST