中病毒,大家帮忙看看,菜鸟在这里谢过大虾了~~~
2007-03-18,09:26:59

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional  (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS.0\System32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background>  [(Verified)Microsoft Corporation]
    <vks35d568b><; C:\WINDOWS.0\servicer.exe>  [N/A]
    <x9lyeggvmu4uby><C:\WINDOWS.0\servicer.exe>  [N/A]
    <rji15gzsgyfu0><C:\WINDOWS.0\iexp1ora.exe>  [N/A]
    <dw6u><C:\WINDOWS.0\crasoa.exe>  [N/A]
    <v85qcv922><C:\WINDOWS.0\crasoa.exe>  [N/A]
    <y42sguxq><C:\WINDOWS.0\c0nima.exe>  [N/A]
    <w1m7xtiwzx4b><C:\WINDOWS.0\winlog0a.exe>  [N/A]
    <vix03e5fy><C:\WINDOWS.0\rundl13a.exe>  [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <4><; C:\SysWsj\svchost.exe>  [N/A]
    <bill><rundll32.exe "C:\WINDOWS.0\System32\winbill070308.dll" mymain>  [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <BigDogPath><; C:\WINDOWS.0\VM_STI.EXE VIMICRO USB PC Camera>  [N/A]
    <runeip><; C:\Program Files\Rising\AntiSpyware\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
    <RavTask><"D:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <IMJPMIG8.1><; C:\WINDOWS.0\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <PHIME2002A><; C:\WINDOWS.0\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><; C:\WINDOWS.0\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <mpwe><; C:\WINDOWS.0\mpwe.exe>  [N/A]
    <hxgame-update><C:\Program Files\hxupdate\hxgame-update.exe>  [N/A]
    <upxdnd><C:\DOCUME~1\sheng\LOCALS~1\Temp\upxdnd.exe>  [N/A]
    <WINRAR><C:\WINDOWS.0\System32\mumu1.exe>  [N/A]
    <wsttrs><C:\WINDOWS.0\wsttrs.exe>  [N/A]
    <cmdbcs><C:\WINDOWS.0\cmdbcs.exe>  [N/A]
    <wsvbs><C:\WINDOWS.0\wsvbs.exe>  [N/A]
    <mppds><C:\WINDOWS.0\mppds.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <main><rundll32.exe "C:\program files\internet explorer\use20.dll" mymain>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS.0\system32\userinit.exe,rundll32.exe C:\WINDOWS.0\System32\winsys16_070314.dll start>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]

==================================
启动文件夹
[QQ游戏启动加速程序]
  <C:\Documents and Settings\sheng\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> D:\PROGRA~1\Tencent\QQGame\Accel.exe [深圳市腾讯计算机系统有限公司]><N>
[腾讯QQ]
  <C:\Documents and Settings\sheng\「开始」菜单\程序\启动\腾讯QQ.lnk --> D:\PROGRA~1\Tencent\QQ07\QQ.exe [TENCENT]><N>

==================================
服务
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS.0\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[IMAPI CD-Burning COM Service / ImapiService][Stopped/Manual Start]
  <C:\WINDOWS.0\System32\imapi.exe><Microsoft Corporation>
[P4P Service / P4P Service][Running/Auto Start]
  <C:\Program Files\Common Files\Sogou PXP\p2psvr.exe><Sohu.com Inc.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"D:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon][Running/Auto Start]
  <"D:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Print Spooler / Spooler][Stopped/Auto Start]
  <C:\WINDOWS.0\system32\spoolsv.exe><N/A>
[Windows DHCP Service / WinDHCPsvc][Stopped/Auto Start]
  <C:\WINDOWS.0\System32\\rundll32.exe windhcp.ocx,input><Microsoft Corporation>

==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[BaseTDI / BaseTDI][Running/Auto Start]
  <\??\C:\WINDOWS.0\System32\drivers\basetdi.sys><Beijing Rising Technology Co., Ltd.>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\D:\Program Files\Rising\Rav\ExpScan.sys><>
[HookCont / HookCont][Running/Auto Start]
  <\??\D:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\D:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\D:\Program Files\Rising\Rav\HookSys.sys><Rising>
[kmsinput / kmsinput][Stopped/Manual Start]
  <\??\C:\WINDOWS.0\System32\drivers\kmsinput.sys><N/A>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\D:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\D:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv4 / nv4][Running/Manual Start]
  <System32\DRIVERS\nv4.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\System32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\D:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <System32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[VIMICRO USB PC Camera / ZSMC301b][Stopped/Manual Start]
  <System32\Drivers\usbVM31b.sys><VM>

==================================
浏览器加载项
[Thunder Browser Helper]
  {11F09AFC-75AD-4E51-AB43-E09E9351CE16} <D:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[CAdLogic Object]
  {11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\CPUSH\cpush1.dll, N/A>
[]
  {47CFDDF9-6FBD-4C06-8752-24FEFBA10D51} <C:\WINDOWS.0\system32\msiebho.dll, N/A>
[DLMgr Class]
  {4FA955E8-C73C-4D72-BDCC-EA12227B45D9} <D:\Program Files\Dianlei\Plugins\DLManager.dll, 电雷超级下载>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <D:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[电雷超级下载]
  {A6A84943-17AB-4363-A518-8D750FDF57C3} <"D:\Program Files\Dianlei\dianlei.exe", N/A>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\Program Files\Tencent\QQ07\QQ.EXE, TENCENT>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS.0\System32\msdxm.ocx, Microsoft Corporation>
[MMCPlayer Class]
  {05C1004E-2596-48E5-8E26-39362985EEB9} <C:\WINDOWS.0\Downloaded Program Files\MMCShell.dll, Sohu.com Inc.>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS.0\System32\wuweb.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS.0\System32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[&使用电雷下载]
  <D:\Program Files\Dianlei\geturl.htm, N/A>
[&使用迅雷下载]
  <D:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[&使用迅雷下载全部链接]
  <D:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>
[上传到QQ网络硬盘]
  <D:\Program Files\Tencent\QQ07\AddToNetDisk.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
  <D:\Program Files\Tencent\QQ07\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\Program Files\Tencent\QQ07\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\Program Files\Tencent\QQ07\SendMMS.htm, N/A>

==================================

正在运行的进程
[PID: 424][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 484][\??\C:\WINDOWS.0\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 508][\??\C:\WINDOWS.0\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 552][C:\WINDOWS.0\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 564][C:\WINDOWS.0\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 744][C:\WINDOWS.0\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 796][D:\Program Files\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 812][C:\WINDOWS.0\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 924][C:\WINDOWS.0\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 952][C:\WINDOWS.0\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 964][D:\Program Files\Rising\Rav\Ravmond.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 39]
    [D:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 6]
    [D:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [D:\Program Files\Rising\Rav\rfwctrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [D:\Program Files\Rising\Rav\RsPPsys.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
    [D:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [D:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [D:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [D:\Program Files\Rising\Rav\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [D:\Program Files\Rising\Rav\HOOKSYS.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 0]
    [D:\Program Files\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 8]
    [D:\Program Files\Rising\Rav\libload.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
    [D:\Program Files\Rising\Rav\VirusLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [D:\Program Files\Rising\Rav\regmon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [D:\Program Files\Rising\Rav\HookWeb.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
    [D:\Program Files\Rising\Rav\MemMon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
    [D:\Program Files\Rising\Rav\expscan.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [D:\Program Files\Rising\Rav\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
    [D:\Program Files\Rising\Rav\HookCont.dll]  [Rising, 19, 0, 0, 0]
    [D:\Program Files\Rising\Rav\SpamEng.dll]  [N/A, 18, 0, 0, 6]
    [D:\Program Files\Rising\Rav\engine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 20]
    [D:\Program Files\Rising\Rav\PostTrt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 8]
    [D:\Program Files\Rising\Rav\UnExe.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [D:\Program Files\Rising\Rav\ScanExec.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
    [D:\Program Files\Rising\Rav\ScanEx.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 34]
    [D:\Program Files\Rising\Rav\ExtFile.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 23]
    [D:\Program Files\Rising\Rav\NvFile.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
    [D:\Program Files\Rising\Rav\ScanMac.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 13]
    [D:\Program Files\Rising\Rav\ScanSct.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
    [D:\Program Files\Rising\Rav\Unpacker.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 17]
    [D:\Program Files\Rising\Rav\ScanPack.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 18]
    [D:\Program Files\Rising\Rav\RsVM.dll]  [N/A, 19, 0, 0, 13]
    [D:\Program Files\Rising\Rav\Uroutine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
    [D:\Program Files\Rising\Rav\Uscript.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 17]
    [D:\Program Files\Rising\Rav\ScanNet.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [D:\Program Files\Rising\Rav\ExtOLE.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
    [C:\Program Files\Rising\RavWeb\VirusLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[PID: 1312][C:\WINDOWS.0\Explorer.EXE]  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
    [C:\DOCUME~1\sheng\LOCALS~1\Temp\upxdnd.dll]  [N/A, N/A]
    [C:\WINDOWS.0\System32\wsttrs.dll]  [N/A, N/A]
    [C:\WINDOWS.0\System32\cmdbcs.dll]  [N/A, N/A]
    [C:\WINDOWS.0\System32\wsvbs.dll]  [N/A, N/A]
    [C:\WINDOWS.0\System32\mppds.dll]  [N/A, N/A]
    [C:\WINDOWS.0\System32\Rav26.dll]  [N/A, N/A]
    [C:\WINDOWS.0\system32\msiebho.dll]  [N/A, N/A]
    [D:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 1472][C:\program files\internet explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
    [C:\WINDOWS.0\System32\winsys32_070314.dll]  [N/A, N/A]
[PID: 1496][C:\WINDOWS.0\System32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\program files\internet explorer\use20.dll]  [N/A, N/A]
[PID: 1520][D:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [D:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [D:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [D:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [D:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
[PID: 1528][D:\Program Files\Rising\Rav\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
    [D:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [D:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 1704][C:\WINDOWS.0\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1788][C:\Program Files\Common Files\Sogou PXP\p2psvr.exe]  [Sohu.com Inc., 2, 0, 0, 31]
    [C:\Program Files\Sogou PXP\vodsvr.dll]  [Sohu.com Inc., 2, 3, 0, 1]
    [C:\Program Files\Sogou PXP\pxpnet.dll]  [Sohu.com Inc., 1, 0, 0, 9]
    [C:\Program Files\Sogou PXP\p2pclient.dll]  [Sohu.com Inc., 2, 9, 1, 5]
[PID: 1800][C:\WINDOWS.0\System32\mumu1.exe]  [N/A, N/A]
[PID: 1852][C:\WINDOWS.0\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1928][C:\WINDOWS.0\System32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 416][C:\WINDOWS.0\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1248][C:\WINDOWS.0\rundl132.exe]  [N/A, N/A]
    [C:\WINDOWS.0\System32\Rav26.dll]  [N/A, N/A]
    [C:\WINDOWS.0\System32\mppds.dll]  [N/A, N/A]
    [C:\WINDOWS.0\System32\wsvbs.dll]  [N/A, N/A]
[PID: 1956][C:\WINDOWS.0\System32\RUNDLL32.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\PROGRA~1\COMMON~1\CPUSH\cpush0.dll]  [N/A, 1.0.2.5]
[PID: 3060][C:\program files\internet explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
    [D:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll]  [Thunder Networking Technologies,LTD, 5, 0, 1, 4]
    [C:\Program Files\Common Files\CPUSH\cpush1.dll]  [N/A, 1.0.2.5]
    [C:\WINDOWS.0\system32\msiebho.dll]  [N/A, N/A]
    [D:\Program Files\Dianlei\Plugins\DLManager.dll]  [电雷超级下载, 1.0.0.1]
    [D:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 2108][D:\Program Files\应用软件夹\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]
    [C:\WINDOWS.0\System32\Rav26.dll]  [N/A, N/A]
    [C:\WINDOWS.0\System32\mppds.dll]  [N/A, N/A]
    [C:\WINDOWS.0\System32\wsvbs.dll]  [N/A, N/A]

==================================
文件关联
.TXT  Error. [C:\WINDOWS.0\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost
127.0.0.1    test.nicemm.cn
127.0.0.1    new3.etsoft.com.cn
127.0.0.1    www.djdj110.com
127.0.0.1    www.gaodumm.com
127.0.0.1    www.88cc8.com
127.0.0.1    wg770.com
127.0.0.1    www.y988.com
127.0.0.1    ads.9168a.com
127.0.0.1    www.flashsky.com
127.0.0.1    www.123ye.com
127.0.0.1    xzn.2000y.net

==================================
API HOOK
N/A

用瑞星在线杀毒,没杀完,瑞星自动退出的
菜鸟在这里谢过各位大虾了~~~

555555555555555~~~~~~~~~~~怎么人啊

打开冰刃，所有操作在冰刃下进行，不让使用我的电脑和注册表的地方千万不要使用

先看我的文章，关于冰刃的，杀毒前选中禁止线程建立
在冰刃的进程里面，结束如下进程：
[PID: 1312][C:\WINDOWS.0\Explorer.EXE]
[PID: 1248][C:\WINDOWS.0\rundl132.exe] [N/A, N/A]
[PID: 1496][C:\WINDOWS.0\System32\rundll32.exe]
[PID: 1472][C:\program files\internet explorer\iexplore.exe]
[PID: 1800][C:\WINDOWS.0\System32\mumu1.exe]
[PID: 1956][C:\WINDOWS.0\System32\RUNDLL32.exe]

在冰刃的服务里面，禁用下列服务：
[Windows DHCP Service / WinDHCPsvc][Stopped/Auto Start]
<C:\WINDOWS.0\System32\\rundll32.exe windhcp.ocx,input><Microsoft Corporation>

在冰刃的注册表中找到如下项，删除对应键值。
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
<vks35d568b><; C:\WINDOWS.0\servicer.exe> [N/A]
<x9lyeggvmu4uby><C:\WINDOWS.0\servicer.exe> [N/A]
<rji15gzsgyfu0><C:\WINDOWS.0\iexp1ora.exe> [N/A]
<dw6u><C:\WINDOWS.0\crasoa.exe> [N/A]
<v85qcv922><C:\WINDOWS.0\crasoa.exe> [N/A]
<y42sguxq><C:\WINDOWS.0\c0nima.exe> [N/A]
<w1m7xtiwzx4b><C:\WINDOWS.0\winlog0a.exe> [N/A]
<vix03e5fy><C:\WINDOWS.0\rundl13a.exe> [N/A]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
<4><; C:\SysWsj\svchost.exe> [N/A]
<bill><rundll32.exe "C:\WINDOWS.0\System32\winbill070308.dll" mymain> [N/A]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
<mpwe><; C:\WINDOWS.0\mpwe.exe> [N/A]
<hxgame-update><C:\Program Files\hxupdate\hxgame-update.exe> [N/A]
<upxdnd><C:\DOCUME~1\sheng\LOCALS~1\Temp\upxdnd.exe> [N/A]
<WINRAR><C:\WINDOWS.0\System32\mumu1.exe> [N/A]
<wsttrs><C:\WINDOWS.0\wsttrs.exe> [N/A]
<cmdbcs><C:\WINDOWS.0\cmdbcs.exe> [N/A]
<wsvbs><C:\WINDOWS.0\wsvbs.exe> [N/A]
<mppds><C:\WINDOWS.0\mppds.exe> [N/A]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
<main><rundll32.exe "C:\program files\internet explorer\use20.dll" mymain> [N/A]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
<Userinit><C:\WINDOWS.0\system32\userinit.exe,rundll32.exe C:\WINDOWS.0\System32\winsys16_070314.dll start> [N/A]（修改为C:\WINDOWS.0\system32\userinit.exe,）


在冰刃的文件里面，删除如下文件，删除不了的强制删除，如果还不行给我发信息。仔细查找，如果没有就算了。
C:\WINDOWS.0\System32\windhcp.ocx
C:\WINDOWS.0\servicer.exe
C:\WINDOWS.0\iexp1ora.exe
C:\WINDOWS.0\crasoa.exe
C:\WINDOWS.0\c0nima.exe
C:\WINDOWS.0\winlog0a.exe
C:\WINDOWS.0\rundl13a.exe
C:\SysWsj\svchost.exe
C:\WINDOWS.0\System32\winbill070308.dll
C:\DOCUME~1\sheng\LOCALS~1\Temp\upxdnd.exe
C:\WINDOWS.0\System32\mumu1.exe
C:\WINDOWS.0\wsttrs.exe
C:\WINDOWS.0\cmdbcs.exe
C:\WINDOWS.0\wsvbs.exe
C:\WINDOWS.0\mppds.exe
C:\program files\internet explorer\use20.dll
C:\WINDOWS.0\System32\winsys16_070314.dll
C:\WINDOWS.0\System32\cmdbcs.dll
C:\WINDOWS.0\System32\wsvbs.dll
C:\WINDOWS.0\System32\mppds.dll
C:\WINDOWS.0\System32\Rav26.dll
C:\WINDOWS.0\system32\msiebho.dll
C:\DOCUME~1\sheng\LOCALS~1\Temp\upxdnd.dll
C:\WINDOWS.0\System32\wsttrs.dll
清空C:\Documents and Settings\用户名\Local Settings\Temp文件夹中所有文件及文件夹

特殊处理

要用SRE清理的项目（包括HOST、服务、驱动）
HOST
127.0.0.1 test.nicemm.cn
127.0.0.1 new3.etsoft.com.cn
127.0.0.1 www.djdj110.com
127.0.0.1 www.gaodumm.com
127.0.0.1 www.88cc8.com
127.0.0.1 wg770.com
127.0.0.1 www.y988.com
127.0.0.1 ads.9168a.com
127.0.0.1 www.flashsky.com
127.0.0.1 www.123ye.com
127.0.0.1 xzn.2000y.net


怀疑文件


希望您可以做到：
把所有准备删除的病毒文件
Temp文件夹下面所有大小小于1MB的EXE文件和DLL文件
瑞星病毒隔离系统目录c:\ravbin\下面的所有隐藏的.bin文件
整理到一个文件夹中，用WinRAR压缩后发送到我邮箱（最大附件10MB），方便我留下病毒副本

冰刃下载地址：http://www.ttian.net/website/2005/0829/391.html
冰刃使用方法基础篇：http://blog.sina.com.cn/u/56b232db010007xt
SRE使用方法：http://blog.sina.com.cn/u/56b232db010007my

看你说的方法还是很好的吗？值得我们借鉴啊，现在的病毒不的了啊？

我的电脑染上了病毒!请大家帮帮我啊!谁知到请快快告诉我!谢谢了.

快快回给我!

网速太卡怎么办?

看你说的方法还是很好的吗？值得我们借鉴啊，可现在的病毒不的了啊？怎么办?