[CODE]

2007-03-22,11:50:33

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <ravshell><C:\WINDOWS\system32\SVCH0ST.EXE>  []
    <svc><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\byetmr.exe>  [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <SoundMan><SOUNDMAN.EXE>  [(Verified)Microsoft Windows Publisher]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Publisher]
    <nwiz><nwiz.exe /install>  [NVIDIA Corporation]
    <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <RavTask><"D:\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <mppds><C:\WINDOWS\mppds.exe>  []
    <cmdbcs><C:\WINDOWS\cmdbcs.exe>  []
    <upxdnd><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\TIMPLATF0RM.exe>  []
    <wsttrs><C:\WINDOWS\wsttrs.exe>  []
    <kernelmh><C:\WINDOWS\Kernelmh.exe>  []
    <RfwMain><"D:\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
    <{B8A170A8-7AD3-4678-B2FE-F2D7381CC1B5}><C:\Program Files\Internet Explorer\Connection Wizard\isignup.sys>  [N/A]

启动文件夹
N/A

==================================
服务
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[P4P Service / P4P Service][Running/Auto Start]
  <C:\Program Files\Common Files\Sogou PXP\p2psvr.exe><Sohu.com Inc.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"D:\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"D:\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Rising Proxy  Service / RfwProxySrv][Stopped/Manual Start]
  <d:\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
  <d:\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>

驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[BaseTDI / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\D:\Rising\Rav\ExpScan.sys><>
[HookCont / HookCont][Running/Auto Start]
  <\??\D:\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\D:\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\D:\Rising\Rav\HookSys.sys><Rising>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\D:\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[Netgroup Packet Filter / NPF][Running/Manual Start]
  <system32\DRIVERS\npf.sys><CACE Technologies>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\D:\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\D:\Rising\Rav\RSPPSYS.sys><Rising>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter / yukonwxp][Running/Manual Start]
  <system32\DRIVERS\yukonwxp.sys><Marvell Semiconductor Inc.>
[squell / squell][Stopped/]
  <2 - 系统找不到指定的文件。
><N/A>
[RsFwDrv / RsFwDrv][Running/Auto Start]
  <\??\D:\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[HookUrl / HookUrl][Stopped/Auto Start]
  <\??\D:\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[mProcRs / mProcRs][Running/Auto Start]
  <\??\d:\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>

浏览器加载项
[Thunder Browser Helper]
  {5EB7CB4F-E375-4718-B4C0-9AD12EFA2F84} <D:\Thunder\ComDlls\XunLeiBHO_006.dll, Thunder Networking Technologies,LTD>
[Router Layer]
  {5EB7CB50-E375-4718-B4C0-9AD12EFA2F84} <C:\WINDOWS\System32\aclayer.dll, N/A>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <D:\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[番茄花园]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.tomatolei.com, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\QQ\QQ.EXE, TENCENT>
[MMCPlayer Class]
  {05C1004E-2596-48E5-8E26-39362985EEB9} <C:\WINDOWS\Downloaded Program Files\MMCShell.dll, Sohu.com Inc.>
[PortalCom AAA 1.0]
  {414E7D87-8073-4EFB-9E4B-C8DF04C979EE} <C:\WINDOWS\DOWNLO~1\PORTAL~1.OCX, Huawei Co. Ltd.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[MMCPlayer Class]
  {05C1004E-2596-48E5-8E26-39362985EEB9} <C:\WINDOWS\Downloaded Program Files\MMCShell.dll, Sohu.com Inc.>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[PowerPlr Control]
  {2354A44B-3CEB-4829-9940-545B03103538} <F:\新建文~1\chajian\PowerPlr.ocx, Powerise Digital>
[PortalCom AAA 1.0]
  {414E7D87-8073-4EFB-9E4B-C8DF04C979EE} <C:\WINDOWS\DOWNLO~1\PORTAL~1.OCX, Huawei Co. Ltd.>
[Thunder Browser Helper]
  {5EB7CB4F-E375-4718-B4C0-9AD12EFA2F84} <D:\Thunder\ComDlls\XunLeiBHO_006.dll, Thunder Networking Technologies,LTD>
[Router Layer]
  {5EB7CB50-E375-4718-B4C0-9AD12EFA2F84} <C:\WINDOWS\System32\aclayer.dll, N/A>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\Thunder\ComDlls\XunLeiBHO_006.dll, Thunder Networking Technologies,LTD>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[&使用迅雷下载]
  <D:\Thunder\Program\geturl.htm, N/A>
[&使用迅雷下载全部链接]
  <D:\Thunder\Program\getallurl.htm, N/A>
[添加到QQ自定义面板]
  <D:\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\QQ\SendMMS.htm, N/A>

日志不全,,快点..

正在运行的进程
[PID: 576][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 644][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 668][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 720][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 732][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 884][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 948][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1056][D:\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 1072][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1124][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1312][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1348][D:\Rising\Rav\Ravmond.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 49]
    [D:\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [D:\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [D:\Rising\Rav\rfwctrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [D:\Rising\Rav\RsPPsys.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [D:\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [D:\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [D:\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [D:\Rising\Rav\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [D:\Rising\Rav\HOOKSYS.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 0]
    [D:\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 12]
    [D:\Rising\Rav\libload.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
    [D:\Rising\Rav\VirusLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [D:\Rising\Rav\regmon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [D:\Rising\Rav\psapi.dll]  [Microsoft Corporation, 4.00]
    [D:\Rising\Rav\HookWeb.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
    [D:\Rising\Rav\MemMon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
    [D:\Rising\Rav\expscan.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [D:\Rising\Rav\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
    [D:\Rising\Rav\HookCont.dll]  [Rising, 19, 0, 0, 0]
    [D:\Rising\Rav\SpamEng.dll]  [, 18, 0, 0, 6]
    [D:\Rising\Rav\engine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 26]
    [D:\Rising\Rav\PostTrt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 8]
    [D:\Rising\Rav\UnExe.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [D:\Rising\Rav\ScanExec.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
    [D:\Rising\Rav\ScanEx.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 41]
    [D:\Rising\Rav\ExtFile.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 25]
    [D:\Rising\Rav\NvFile.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
    [D:\Rising\Rav\ScanMac.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 13]
    [D:\Rising\Rav\ScanSct.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
    [D:\Rising\Rav\Unpacker.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
    [D:\Rising\Rav\ScanPack.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 21]
    [D:\Rising\Rav\RsVM.dll]  [, 19, 0, 0, 16]
    [D:\Rising\Rav\Uroutine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 24]
    [D:\Rising\Rav\RsStore.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [D:\Rising\Rav\ExtOLE.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 12]
    [D:\Rising\Rav\ScanNet.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [D:\Rising\Rav\Uscript.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 18]
[PID: 1576][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\wsttrs.dll]  [N/A, ]
    [C:\WINDOWS\system32\nvcpl.dll]  [NVIDIA Corporation, 6.14.10.6121]
    [C:\WINDOWS\system32\nvshell.dll]  [NVIDIA Corporation, 6.14.10.6121]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm1C.tmp.rom]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm1D.tmp..rom]  [N/A, ]
    [D:\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [D:\Thunder\ComDlls\XunLeiBHO_006.dll]  [Thunder Networking Technologies,LTD, 5, 0, 0, 3]
[PID: 1832][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5.1.0.30]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm1C.tmp.rom]  [N/A, ]
[PID: 1896][C:\WINDOWS\system32\RUNDLL32.EXE]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\NvMcTray.dll]  [NVIDIA Corporation, 6.14.10.6121]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm1C.tmp.rom]  [N/A, ]
[PID: 1908][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3427]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm1C.tmp.rom]  [N/A, ]
[PID: 1936][D:\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
    [D:\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [D:\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [D:\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [D:\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm1C.tmp.rom]  [N/A, ]

[PID: 368][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm1C.tmp.rom]  [N/A, ]
[PID: 2084][C:\WINDOWS\system32\wscntfy.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm1C.tmp.rom]  [N/A, ]
[PID: 3272][C:\Documents and Settings\Administrator\My Documents\Huawei\PortalServer\61.130.216.40\PortalClient.exe]  [Huawei Co. Ltd., 1.0.1.11]
    [C:\WINDOWS\system32\wsttrs.dll]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm1C.tmp.rom]  [N/A, ]
[PID: 3524][D:\QQ\QQ.exe]  [TENCENT, 0, 0, 0, 0]
    [D:\QQ\CoralAssist.dll]  [Coral Team, 5.0.0 build 20060829]
    [D:\QQ\CoralQQ.dll]  [Coral Team, 5.0 Build 20070309]
    [D:\QQ\KQL.dll]  [Coral Team, 5.0.0 build 20070301]
    [D:\QQ\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.42]
    [D:\QQ\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.42]
    [D:\QQ\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [D:\QQ\IPSearcher.dll]  [, 1.0.0.4]
    [D:\QQ\QQBaseClassInDll.dll]  [, 1, 0, 0, 1]
    [D:\QQ\QQHelperDll.dll]  [, 1, 0, 0, 1]
    [D:\QQ\BasicCtrlDll.dll]  [Tencent, 7, 0, 101, 80]
    [D:\QQ\NoDisturbFilter.cqx]  [Coral Team, 1.0]
    [D:\QQ\ConfigHotkey.cqx]  [Coral Team, 1.0]
    [D:\QQ\RICHED32.DLL]  [Microsoft Corporation, 5.00.2134.1]
    [D:\QQ\RICHED20.dll]  [Microsoft Corporation, 5.31.23.1218]
    [D:\QQ\QQAPI.dll]  [, 1, 0, 0, 1]
    [D:\QQ\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
    [D:\QQ\AutoReconnect.cqx]  [Coral Team, 1.0.0]
    [D:\QQ\LoginCtrl.dll]  [N/A, ]
    [D:\QQ\npkcntc.dll]  [INCA Internet Co., Ltd., 2006, 6, 27, 1]
    [D:\QQ\npkpdb.dll]  [INCA Internet Co., Ltd., 2003, 10, 1, 1]
    [D:\QQ\LoginCtrlRes.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\wsttrs.dll]  [N/A, ]
    [D:\QQ\QQRes.dll]  [tencent, 1, 0, 0, 1]
    [D:\QQ\QQMainFrame.dll]  [N/A, ]
    [D:\QQ\CQQApplication.dll]  [N/A, ]
    [D:\QQ\NewSkin.dll]  [, 1, 0, 0, 1]
    [D:\QQ\HostingMgr.dll]  [, 1, 0, 0, 1]
    [D:\QQ\CameraDll.dll]  [, 1, 0, 0, 1]
    [D:\QQ\MailSummary.dll]  [, 1, 0, 0, 1]
    [D:\QQ\CoralHotkey.cqx]  [Coral Team, 1.0]
    [D:\QQ\QQKnowledgeSearch.dll]  [, 1, 0, 0, 1]
    [D:\QQ\QQAllInOne.dll]  [N/A, ]
    [D:\QQ\GroupLive.dll]  [N/A, ]
    [D:\QQ\SCCore.dll]  [TENCENT, 2, 0, 0, 1]
    [D:\QQ\gdiplus.dll]  [Microsoft Corporation, 5.1.3102.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\QQ\QQSpace.dll]  [, 1, 0, 0, 1]
    [D:\QQ\vbscript.dll]  [Microsoft Corporation, 5.6.0.7426]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [D:\QQ\QQGroupMng.dll]  [, 1, 0, 0, 1]
    [D:\QQ\QQSysMsgMng.dll]  [N/A, ]
    [D:\QQ\UserDefinedHead.dll]  [, 1, 0, 0, 1]
    [D:\QQ\QQPlugin.dll]  [N/A, ]
    [D:\QQ\QQConfigPlugin.dll]  [, 1, 0, 0, 1]
    [D:\QQ\LongConnection.dll]  [tencent, 5, 0, 200, 160]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [D:\QQ\QRingMng.dll]  [N/A, ]
    [D:\QQ\QQAvatar.dll]  [N/A, ]
    [D:\QQ\FlashAvatarDll.dll]  [, 1, 4, 0, 1]
    [D:\QQ\PhoneAPI.dll]  [, 1, 0, 0, 1]
    [D:\QQ\DialerAllinOne.dll]  [tencent, 1, 4, 0, 0]
    [D:\QQ\QQPet.dll]  [, 1, 0, 0, 1]
    [D:\QQ\BQQApplication.dll]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm1C.tmp.rom]  [N/A, ]
    [D:\QQ\CommercesMng.dll]  [, 1, 0, 0, 1]
    [D:\QQ\PersonalDesktop.dll]  [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 2]
    [D:\QQ\QQAddr.dll]  [深圳市腾讯计算机系统有限公司, 5, 0, 101, 280]
    [D:\QQ\QQSceneMng.dll]  [N/A, ]
    [D:\QQ\QQPhoneHelper.dll]  [腾讯科技（深圳）有限公司, 2, 1, 5, 50]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm1D.tmp..rom]  [N/A, ]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx]  [Adobe Systems, Inc., 9,0,16,0]
    [D:\QQ\QQFileTransfer.dll]  [Tencent, 0, 3, 3, 5]
    [D:\QQ\QQCustomFace.dll]  [N/A, ]
    [D:\QQ\ImageOle.dll]  [TODO: <Company name>, 1.0.0.1]
    [D:\QQ\GroupConnection.dll]  [Tencent, 0, 3, 3, 5]
[PID: 3612][D:\QQ\TIMPlatform.exe]  [tencent, 0, 3, 1, 8]
    [D:\QQ\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm1C.tmp.rom]  [N/A, ]
[PID: 3772][C:\WINDOWS\wgs3.exe]  [N/A, ]
[PID: 1792][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\byetmr.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\packet.dll]  [CACE Technologies, 3, 1, 0, 27]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\WanPacket.dll]  [CACE Technologies, 3, 1, 0, 27]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\NPPTools.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm1C.tmp.rom]  [N/A, ]
[PID: 1468][C:\WINDOWS\wms3.exe]  [N/A, ]
[PID: 2148][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 340][D:\Thunder\Program\Thunder5.exe]  [Thunder Networking Technologies,LTD, 5, 5, 2, 252]
    [D:\Thunder\Program\TaskManager.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 10]
    [D:\Thunder\Program\download_interface.dll]  [Thunder Networking Technologies,LTD, 2, 11, 2, 22]
    [D:\Thunder\Program\stlport_vc646.dll]  [STLport Consulting, Inc., 4.6.2003.1031]
    [D:\Thunder\Program\log4cplus.dll]  [, 1, 0, 2, 1]
    [D:\Thunder\Program\asyn_dns.dll]  [Thunder Networking Technologies,LTD, 2, 11, 2, 22]
    [D:\Thunder\Program\BHOStub.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 8]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm1C.tmp.rom]  [N/A, ]
    [D:\Thunder\Program\iTargetAD.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 12]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx]  [Adobe Systems, Inc., 9,0,16,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm1D.tmp..rom]  [N/A, ]
    [C:\WINDOWS\system32\wsttrs.dll]  [N/A, ]
    [D:\Thunder\Components\DTAG\DTAG.dll]  [, 1, 0, 0, 1]
    [D:\Thunder\Program\LiveUpdate.dll]  [, 1, 0, 0, 9]
    [D:\Thunder\Program\UpdateDownload.dll]  [Thunder Networking Technologies,LTD, 1, 0, 1, 8]
    [D:\Thunder\Components\InMedia\iEmbedShell.dll]  [　, 1, 0, 0, 14]
    [D:\Thunder\Components\InMedia\iEmbed07.dll]  [　, 3, 1, 0, 58]
    [D:\Thunder\Components\Community\XLCommunity.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 10]
    [D:\Thunder\Program\RegisterDll.dll]  [Thunder Networking Technologies,LTD, 2, 2, 1, 42]
    [D:\Thunder\Components\Search\XLSearch.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 1]
    [D:\Thunder\Components\P4PClient\P4PClient.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 3]
    [D:\Thunder\Plugins\BhoAdv\bho_adv.dll]  [深圳市迅雷网络技术有限公司, 1.0.1.0]
    [D:\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [D:\Thunder\Program\msgmanage.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 15]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
[PID: 3036][D:\Rising\Rfw\rfwmain.exe]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 70]
    [D:\Rising\Rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
    [D:\Rising\Rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [D:\Rising\Rfw\RfwCtrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [D:\Rising\Rfw\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [D:\Rising\Rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm1C.tmp.rom]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm1D.tmp..rom]  [N/A, ]
    [C:\WINDOWS\system32\wsttrs.dll]  [N/A, ]
    [D:\Rising\Rfw\PSAPI.DLL]  [Microsoft Corporation, 4.00]
[PID: 3764][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\Thunder\ComDlls\XunLeiBHO_006.dll]  [Thunder Networking Technologies,LTD, 5, 0, 0, 3]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm1C.tmp.rom]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm1D.tmp..rom]  [N/A, ]
    [C:\WINDOWS\system32\wsttrs.dll]  [N/A, ]
    [D:\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx]  [Adobe Systems, Inc., 9,0,16,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 3116][C:\Documents and Settings\Administrator\桌面\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm1C.tmp.rom]  [N/A, ]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~Tm1D.tmp..rom]  [N/A, ]
    [C:\WINDOWS\system32\wsttrs.dll]  [N/A, ]

文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost
127.0.0.1      mmm.caifu18.net
127.0.0.1      www.18dmm.com
127.0.0.1      d.qbbd.com
127.0.0.1      www.5117music.com
127.0.0.1      www.union123.com
127.0.0.1      www.wu7x.cn
127.0.0.1      www.54699.com
127.0.0.1      60.169.0.66
127.0.0.1      60.169.1.29
127.0.0.1      www.97725.com
127.0.0.1      down.97725.com
127.0.0.1      ip.315hack.com
127.0.0.1      ip.54liumang.com
127.0.0.1      www.41ip.com
127.0.0.1      xulao.com
127.0.0.1      www.heixiou.com
127.0.0.1      www.9cyy.com
127.0.0.1      www.hunll.com
127.0.0.1      www.down.hunll.com
127.0.0.1      do.77276.com
127.0.0.1      www.baidulink.com
127.0.0.1      adnx.yygou.cn
127.0.0.1      222.73.220.45
127.0.0.1      www.f5game.com
127.0.0.1      www.guazhan.cn
127.0.0.1      wm,103715.com
127.0.0.1      www.my6688.cn
127.0.0.1      i.96981.com

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

启动项

1. 杀毒前关闭系统还原(Win2000系统可以忽略）：右键 我的电脑->属性->系统还原->在"所有驱动器上关闭系统还原"上打勾即可。
清除IE的临时文件：打开IE 点工具-->Internet选项 : Internet临时文件，点“删除文件”按钮 ，将"删除所有脱机内容"打勾，点确定删除。
双击打开"我的电脑"->工具->文件夹选项->查看->点选"显示所有文件和文件夹"，同时把"隐藏受保护的系统文件"和"隐藏已知文件的扩展名"的勾去掉.

2.用SREng将下面启动项删除:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ravshell><C:\WINDOWS\system32\SVCH0ST.EXE> []
<svc><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\byetmr.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<mppds><C:\WINDOWS\mppds.exe> []
<cmdbcs><C:\WINDOWS\cmdbcs.exe> []
<upxdnd><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\TIMPLATF0RM.exe> []
<wsttrs><C:\WINDOWS\wsttrs.exe> []
<kernelmh><C:\WINDOWS\Kernelmh.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{B8A170A8-7AD3-4678-B2FE-F2D7381CC1B5}><C:\Program Files\Internet Explorer\Connection Wizard\isignup.sys> [N/A]

3.用SREng删除下面驱动程序:
[squell / squell][Stopped/]
<2 - 系统找不到指定的文件。
><N/A>


4.用PowerRMV(勾选杀灭文件再生成)或KillBox删除下面文件(也可手动删除):
[C:\WINDOWS\system32\mppds.dll]
[C:\WINDOWS\system32\cmdbcs.dll]
[C:\WINDOWS\system32\wsttrs.dll]
<C:\Program Files\Internet Explorer\Connection Wizard\isignup.sys>
C:\WINDOWS\Kernelmh.exe
C:\WINDOWS\wsttrs.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\TIMPLATF0RM.exe
C:\WINDOWS\cmdbcs.exe
C:\WINDOWS\mppds.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\byetmr.exe
C:\WINDOWS\system32\SVCH0ST.EXE

5.用SRENG将HOST文件修复.

有关服务和驱动删除的部分看不懂的话,可以先看一下"UFO不幸外人"写的"SREng的使用方法"
http://forum.ikaka.com/topic.asp?board=28&artid=8270267


大概分析了一下,赶着去吃饭...