日志如下:

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <EXPLORER><C:\Program Files\Common Files\System\wab32res.exe>  []
    <1jh2e9x><C:\DOCUME~1\asd\LOCALS~1\Temp\iexpl0re.exe>  []
    <kke8f9q><C:\DOCUME~1\asd\LOCALS~1\Temp\crasos.exe>  []
    <jz><C:\DOCUME~1\asd\LOCALS~1\Temp\1explore.exe>  []
    <q8xtv11ci4t><C:\DOCUME~1\asd\LOCALS~1\Temp\Servera.exe>  []
    <6><C:\DOCUME~1\asd\LOCALS~1\Temp\c0nime.exe>  []
    <96mts><C:\DOCUME~1\asd\LOCALS~1\Temp\winlog0n.exe>  []
    <xtl2l66bte><C:\DOCUME~1\asd\LOCALS~1\Temp\rundl132.exe>  []
    <8xc6c><; C:\DOCUME~1\asd\LOCALS~1\Temp\winlog0n.exe>  []
    <9llw4tg8><; C:\DOCUME~1\asd\LOCALS~1\Temp\iexpl0re.exe>  []
    <fedhww33r><; C:\DOCUME~1\asd\LOCALS~1\Temp\Servere.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <NvMediaCenter><; RunDLL32.exe NvMCTray.dll,NvTaskbarInit>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [N/A]
    <SKYNET Personal FireWall><E:\PROGRA~1\SKYNET\FIREWALL\pfw.exe>  [N/A]
    <runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
    <RavTask><"E:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <cmdbcs><C:\WINDOWS\cmdbcs.exe>  []
    <High Definition Audio Property Page Shortcut><; HDAShCut.exe>  [(Verified)Microsoft Windows XP Publisher]
    <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <nwiz><; nwiz.exe /install>  []
    <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <shualai><; C:\WINDOWS\shualai.exe /i>  [N/A]
    <SoundMAX><; "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray>  [Analog Devices, Inc.]
    <SoundMAXPnP><; C:\Program Files\Analog Devices\Core\smax4pnp.exe>  [Analog Devices, Inc.]
    <stup.exe><; C:\PROGRA~1\TENCENT\Adplus\stup.exe>  [N/A]
    <Thunder><"C:\Program Files\Thunder Network\Thunder\Thunder.exe" /s>  [Thunder Networking Technologies,LTD]
    <yassistse><; c:\progra~1\yahoo!\assistant\yassistse.exe>  [N/A]
    <YLive.exe><; C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{131AB311-16F1-F13B-1E43-11A24B51AFD1}><C:\WINDOWS\system32\gdipri.dll>  [N/A]
    <{D14FA1E2-123F-6358-1E32-D2455234FDE2}><C:\WINDOWS\system32\nospri.dll>  [N/A]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]

==================================
启动文件夹
N/A
==================================
服务
[ATK Keyboard Service / ATKKeyboardService][Running/Auto Start]
  <C:\WINDOWS\ATKKBService.exe><ASUSTeK COMPUTER INC.>
[TCP/IP Check / Hello Download][Stopped/Auto Start]
  <C:\Program Files\Common Files\System\wab32res.exe><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"E:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"E:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
驱动程序
[ADI UAA Function Driver for High Definition Audio Service / ADIHdAudAddService][Running/Manual Start]
  <system32\drivers\ADIHdAud.sys><Analog Devices, Inc.>
[ADProt / ADProt][Stopped/System Start]
  <\SystemRoot\system32\drivers\ADProt.sys><腾讯科技（深圳）有限公司>
[AEAudio Service / AEAudioService][Running/Manual Start]
  <system32\drivers\AEAudio.sys><Andrea Electronics Corporation>
[Enhanced Display Driver Helper Service / asuskbnt][Running/System Start]
  <system32\drivers\atkkbnt.sys><ASUSTeK COMPUTER INC.>
[ATSpy / ATSpy][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\ATSpy.sys><N/A>
[BaseTDI / BaseTDI][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\basetdi.sys><Beijing Rising Technology Co., Ltd.>
[bogyrgx / bogyrgx][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\bogyrgx.sys><>
[EIO / EIO][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\EIO.sys><ASUSTeK Computer Inc.>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\E:\PROGRAM FILES\RISING\RAV\ExpScan.sys><>
[Microsoft UAA Function Driver for High Definition Audio Service / HdAudAddService][Stopped/Manual Start]
  <system32\drivers\HdAudio.sys><Windows (R) Server 2003 DDK provider>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HookCont / HookCont][Running/Auto Start]
  <\??\E:\PROGRAM FILES\RISING\RAV\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\E:\PROGRAM FILES\RISING\RAV\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\E:\PROGRAM FILES\RISING\RAV\HookSys.sys><Rising>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\E:\PROGRAM FILES\RISING\RAV\MEMSCAN.sys><瑞星软件有限公司>
[mjngqb / mjngqb][Running/Boot Start]
  <\SystemRoot\\SystemRoot\System32\drivers\mjngqb.sys><N/A>
[ATK0110 ACPI UTILITY / MTsensor][Running/Manual Start]
  <system32\DRIVERS\ASACPI.sys><>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\E:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[npkycryp / npkycryp][Stopped/Manual Start]
  <\??\C:\Program Files\Tencent\QQ\npkycryp.sys><N/A>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\E:\PROGRAM FILES\RISING\RAV\RSPPSYS.sys><Rising>
[Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver / RTLE8023xp][Running/Manual Start]
  <system32\DRIVERS\Rtenicxp.sys><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[SenFilt Service / SenFiltService][Running/Manual Start]
  <system32\drivers\Senfilt.sys><Sensaura>
[SkyProcs / SkyProcs][Stopped/Manual Start]
  <\??\E:\PROGRA~1\SKYNET\FIREWALL\SkyProcs.sys><N/A>
[vwquvwlv / vwquvwlv][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\vwquvwlv.sys><Yahoo! China Corporation>

==================================
浏览器加载项
[Thunder Browser Helper]
  {33BBE42F-0E42-4F12-B075-8D21ACB10DCB} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[]
  {FDEB626D-6E2E-4AF0-AC0D-2089B0988C57} <C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\APPLIC~1\QQSERV~1.DLL, N/A>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[番茄花园]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.tomatolei.com, N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[Web Browser Applet Control]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\Msjava.dll, Microsoft Corporation>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\Mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[Thunder Browser Helper]
  {33BBE42F-0E42-4F12-B075-8D21ACB10DCB} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[HHCtrl Object]
  {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[金山毒霸在线杀毒]
  {577A1997-6FD0-4972-B234-885DA583F9CE} <C:\PROGRA~1\KOS\KOSClean.OCX, 金山软件股份有限公司>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Tencent Safety Online Base Module]
  {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <C:\WINDOWS\system32\TSOBase\TSOBase.ocx, Tencent Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[金山毒霸在线产品升级]
  {E847C78C-C210-4195-8799-FBF3BF89797D} <C:\PROGRA~1\KOS\KOSInit.ocx, 金山软件股份有限公司>
[]
  {FDEB626D-6E2E-4AF0-AC0D-2089B0988C57} <C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\APPLIC~1\QQSERV~1.DLL, N/A>
[&使用迅雷下载]
  <C:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[&使用迅雷下载全部链接]
  <C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>

==================================
正在运行的进程
[PID: 576][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 632][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 672][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 716][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 728][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 908][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 972][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1084][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1184][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1228][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1496][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\vprproc.dll]  [Windows (R) 2000 DDK provider, 5.00.2195.1620]
[PID: 1812][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\nvcpl.dll]  [NVIDIA Corporation, 6.14.10.9131]
    [C:\WINDOWS\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.9131]
    [C:\WINDOWS\system32\nvshell.dll]  [, ]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll]  [Thunder Networking Technologies,LTD, 5, 0, 1, 4]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\DOCUME~1\asd\LOCALS~1\Temp\Gjzo1.dll]  [N/A, ]
    [C:\DOCUME~1\asd\LOCALS~1\Temp\LgSy1.dll]  [N/A, ]
    [C:\DOCUME~1\asd\LOCALS~1\Temp\Rav21.dll]  [N/A, ]
    [C:\WINDOWS\system32\Audiodev.dll]  [Microsoft Corporation, 5.2.3802.3802 built by: dnsrv(bld4act)]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\DOCUME~1\asd\LOCALS~1\Temp\LgSy2.dll]  [N/A, ]
    [C:\DOCUME~1\asd\LOCALS~1\Temp\Msxo0.dll]  [N/A, ]
    [C:\DOCUME~1\asd\LOCALS~1\Temp\fyzo1.dll]  [N/A, ]
    [C:\DOCUME~1\asd\LOCALS~1\Temp\Kavs1.dll]  [N/A, ]
[PID: 1880][C:\Program Files\Rising\AntiSpyware\runiep.exe]  [Beijing Rising Technology Co., Ltd., 1, 0, 1, 6]
    [C:\Program Files\Rising\AntiSpyware\iep_ctrl.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 512][E:\Program Files\Rising\Rav\RsAgent.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 12]
    [E:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 536][C:\WINDOWS\msagent\AgentSvr.exe]  [Microsoft Corporation, 2.00.0.3424]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\DOCUME~1\asd\LOCALS~1\Temp\Rav21.dll]  [N/A, ]
[PID: 2900][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 3636][C:\program files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll]  [Thunder Networking Technologies,LTD, 5, 0, 1, 4]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 3864][C:\WINDOWS\system32\notepad.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 3840][E:\Program Files\Sreng\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\DOCUME~1\asd\LOCALS~1\Temp\Rav21.dll]  [N/A, ]
    [C:\DOCUME~1\asd\LOCALS~1\Temp\LgSy2.dll]  [N/A, ]
    [C:\DOCUME~1\asd\LOCALS~1\Temp\Kavs1.dll]  [N/A, ]
    [C:\DOCUME~1\asd\LOCALS~1\Temp\fyzo1.dll]  [N/A, ]
    [C:\DOCUME~1\asd\LOCALS~1\Temp\Msxo0.dll]  [N/A, ]
[PID: 2836][C:\program files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll]  [Thunder Networking Technologies,LTD, 5, 0, 1, 4]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]

==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost
127.0.0.1      mmm.caifu18.net
127.0.0.1      www.18dmm.com
127.0.0.1      d.qbbd.com
127.0.0.1      www.5117music.com
127.0.0.1      www.union123.com
127.0.0.1      www.wu7x.cn
127.0.0.1      www.54699.com
127.0.0.1      60.169.0.66
127.0.0.1      60.169.1.29
127.0.0.1      www.97725.com
127.0.0.1      down.97725.com
127.0.0.1      ip.315hack.com
127.0.0.1      ip.54liumang.com
127.0.0.1      www.41ip.com
127.0.0.1      xulao.com
127.0.0.1      www.heixiou.com
127.0.0.1      www.9cyy.com
127.0.0.1      www.hunll.com
127.0.0.1      www.down.hunll.com
127.0.0.1      do.77276.com
127.0.0.1      www.baidulink.com
127.0.0.1      adnx.yygou.cn
127.0.0.1      222.73.220.45
127.0.0.1      www.f5game.com
127.0.0.1      www.guazhan.cn
127.0.0.1      wm,103715.com
127.0.0.1      www.my6688.cn
127.0.0.1      i.96981.com
127.0.0.1      d.77276.com
127.0.0.1      www1.cw988.cn
127.0.0.1      cool.47555.com
127.0.0.1      www.asdwc.com
127.0.0.1      55880.cn
127.0.0.1      61.152.169.234
127.0.0.1      cc.wzxqy.com
127.0.0.1      www.54699.com
127.0.0.1      t.gcuj.com
127.0.0.1      www.puma163.com
127.0.0.1      ceoww.com

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

高手帮我看看好吗?
教我怎么手工杀毒呀~~

看了你的日志，我知道，你的名字是在什么心情下取的啦。

先给你一个大概的解决方案。

http://forum.ikaka.com/topic.asp?board=28&artid=8299423

打开sreng

启动项目 注册表 删除如下项目
<EXPLORER><C:\Program Files\Common Files\System\wab32res.exe> []
<1jh2e9x><C:\DOCUME~1\asd\LOCALS~1\Temp\iexpl0re.exe> []
<kke8f9q><C:\DOCUME~1\asd\LOCALS~1\Temp\crasos.exe> []
<jz><C:\DOCUME~1\asd\LOCALS~1\Temp\1explore.exe> []
<q8xtv11ci4t><C:\DOCUME~1\asd\LOCALS~1\Temp\Servera.exe> []
<6><C:\DOCUME~1\asd\LOCALS~1\Temp\c0nime.exe> []
<96mts><C:\DOCUME~1\asd\LOCALS~1\Temp\winlog0n.exe> []
<xtl2l66bte><C:\DOCUME~1\asd\LOCALS~1\Temp\rundl132.exe> []
<8xc6c><; C:\DOCUME~1\asd\LOCALS~1\Temp\winlog0n.exe> []
<9llw4tg8><; C:\DOCUME~1\asd\LOCALS~1\Temp\iexpl0re.exe> []
<fedhww33r><; C:\DOCUME~1\asd\LOCALS~1\Temp\Servere.exe>
<cmdbcs><C:\WINDOWS\cmdbcs.exe>



打开sreng -删除以下服务项
“启动项目”-“服务”-“Win32服务应用程序”中点“隐藏经认证的微软项目”，
选中以下项目，点“删除服务”，再点“设置”，在弹出的框中点“否”：


[TCP/IP Check / Hello Download][Stopped/Auto Start]
<C:\Program Files\Common Files\System\wab32res.exe><N/A






C:\Program Files\Common Files\System\wab32res.exe
关于这个病毒文件，请试着搜索以下文件，看是否电脑里存在，然后删除。

C:\Program Files\Common Files\System\directdb.exe
C:\Program Files\Common Files\System\temp.ini
C:\Program Files\Common Files\System\avp.ini
C:\Program Files\Common Files\System\temp.txt


双击我的电脑-工具-文件夹选项-查看选项卡-单击选取"显示隐藏文件或文件夹"-取消"隐藏受保护的操作系统文件（推荐）"前的钩。在提示确定更改时，单击“是”-单击“确定”

删除以下文件：
C:\WINDOWS\cmdbcs.exe
C:\Program Files\Common Files\System\wab32res.exe
C:\WINDOWS\system32\cmdbcs.dll
<1jh2e9x><C:\DOCUME~1\asd\LOCALS~1\Temp\iexpl0re.exe> []
<kke8f9q><C:\DOCUME~1\asd\LOCALS~1\Temp\crasos.exe> []
<jz><C:\DOCUME~1\asd\LOCALS~1\Temp\1explore.exe> []
<q8xtv11ci4t><C:\DOCUME~1\asd\LOCALS~1\Temp\Servera.exe> []
<6><C:\DOCUME~1\asd\LOCALS~1\Temp\c0nime.exe> []
<96mts><C:\DOCUME~1\asd\LOCALS~1\Temp\winlog0n.exe> []
<xtl2l66bte><C:\DOCUME~1\asd\LOCALS~1\Temp\rundl132.exe> []
<8xc6c><; C:\DOCUME~1\asd\LOCALS~1\Temp\winlog0n.exe> []
<9llw4tg8><; C:\DOCUME~1\asd\LOCALS~1\Temp\iexpl0re.exe> []
<fedhww33r><; C:\DOCUME~1\asd\LOCALS~1\Temp\Servere.exe
[C:\DOCUME~1\asd\LOCALS~1\Temp\Gjzo1.dll]
[C:\DOCUME~1\asd\LOCALS~1\Temp\LgSy1.dll]
[C:\DOCUME~1\asd\LOCALS~1\Temp\Rav21.dll]
[C:\DOCUME~1\asd\LOCALS~1\Temp\LgSy2.dll]
[C:\DOCUME~1\asd\LOCALS~1\Temp\Msxo0.dll]
[C:\DOCUME~1\asd\LOCALS~1\Temp\fyzo1.dll]
[C:\DOCUME~1\asd\LOCALS~1\Temp\Kavs1.dll]
清空C:\DOCUME~1\asd\LOCALS~1\Temp\下的所有文件。

如果装有QQ请把QQ 安装文件夹中的Timplatform.exe删除 把Timplatfrom.exe重命名为Timplatform.exe


修复文件关联项。


SRE－系统修复－HOSTS 文件
清空，日志所扫描出来的网址。(保留127.0.0.1 localhost这个，其余清空)

上面的不全面。

1、下载ICESWORD：http://www.onlinedown.net/soft/4523.htm

2、断网（不会就直接拔网线）

3、打开ICESWORD，“文件”--〉“设置”，勾选上“禁止进线程创建”。

4、结束以下进程。
[PID: 1812][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 536][C:\WINDOWS\msagent\AgentSvr.exe] [Microsoft Corporation, 2.00.0.3424]
[PID: 3840][E:\Program Files\Sreng\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]

5、在ICESWORD中删除以下文件：
<EXPLORER><C:\Program Files\Common Files\System\wab32res.exe> []
<1jh2e9x><C:\DOCUME~1\asd\LOCALS~1\Temp\iexpl0re.exe> []
<kke8f9q><C:\DOCUME~1\asd\LOCALS~1\Temp\crasos.exe> []
<jz><C:\DOCUME~1\asd\LOCALS~1\Temp\1explore.exe> []
<q8xtv11ci4t><C:\DOCUME~1\asd\LOCALS~1\Temp\Servera.exe> []
<6><C:\DOCUME~1\asd\LOCALS~1\Temp\c0nime.exe> []
<96mts><C:\DOCUME~1\asd\LOCALS~1\Temp\winlog0n.exe> []
<xtl2l66bte><C:\DOCUME~1\asd\LOCALS~1\Temp\rundl132.exe> []
<8xc6c><; C:\DOCUME~1\asd\LOCALS~1\Temp\winlog0n.exe> []
<9llw4tg8><; C:\DOCUME~1\asd\LOCALS~1\Temp\iexpl0re.exe> []
<fedhww33r><; C:\DOCUME~1\asd\LOCALS~1\Temp\Servere.exe> [N/A]
<cmdbcs><C:\WINDOWS\cmdbcs.exe> []
<shualai><; C:\WINDOWS\shualai.exe /i> [N/A]
<C:\WINDOWS\system32\gdipri.dll> [N/A]
<C:\WINDOWS\system32\nospri.dll> [N/A]
<C:\Program Files\Common Files\System\wab32res.exe><N/A>
<\SystemRoot\system32\drivers\bogyrgx.sys><>
<\SystemRoot\\SystemRoot\System32\drivers\mjngqb.sys><N/A>
<\SystemRoot\System32\DRIVERS\vwquvwlv.sys><Yahoo! China Corporation>
<C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\APPLIC~1\QQSERV~1.DLL, N/A>
<C:\DOCUME~1\ALLUSE~1\APPLIC~1\MICROS~1\APPLIC~1\QQSERV~1.DLL, N/A>
[C:\DOCUME~1\asd\LOCALS~1\Temp\Gjzo1.dll] [N/A, ]
[C:\DOCUME~1\asd\LOCALS~1\Temp\LgSy1.dll] [N/A, ]
[C:\DOCUME~1\asd\LOCALS~1\Temp\Rav21.dll] [N/A, ]
[C:\DOCUME~1\asd\LOCALS~1\Temp\LgSy2.dll] [N/A, ]
[C:\DOCUME~1\asd\LOCALS~1\Temp\Msxo0.dll] [N/A, ]
[C:\DOCUME~1\asd\LOCALS~1\Temp\fyzo1.dll] [N/A, ]
[C:\DOCUME~1\asd\LOCALS~1\Temp\Kavs1.dll] [N/A, ]
[C:\DOCUME~1\asd\LOCALS~1\Temp\Rav21.dll] [N/A, ]
[C:\DOCUME~1\asd\LOCALS~1\Temp\Rav21.dll] [N/A, ]
[C:\DOCUME~1\asd\LOCALS~1\Temp\LgSy2.dll] [N/A, ]
[C:\DOCUME~1\asd\LOCALS~1\Temp\Kavs1.dll] [N/A, ]
[C:\DOCUME~1\asd\LOCALS~1\Temp\fyzo1.dll] [N/A, ]
[C:\DOCUME~1\asd\LOCALS~1\Temp\Msxo0.dll] [N/A, ]
<yassistse><; c:\progra~1\yahoo!\assistant\yassistse.exe> [N/A]
<YLive.exe><; C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe> [N/A]

6、取消“禁止进线程创建”。

7、启动SREG2。
“启动项目”---〉“注册表”选项卡。删除如下启动项目。
<EXPLORER><C:\Program Files\Common Files\System\wab32res.exe> []
<1jh2e9x><C:\DOCUME~1\asd\LOCALS~1\Temp\iexpl0re.exe> []
<kke8f9q><C:\DOCUME~1\asd\LOCALS~1\Temp\crasos.exe> []
<jz><C:\DOCUME~1\asd\LOCALS~1\Temp\1explore.exe> []
<q8xtv11ci4t><C:\DOCUME~1\asd\LOCALS~1\Temp\Servera.exe> []
<6><C:\DOCUME~1\asd\LOCALS~1\Temp\c0nime.exe> []
<96mts><C:\DOCUME~1\asd\LOCALS~1\Temp\winlog0n.exe> []
<xtl2l66bte><C:\DOCUME~1\asd\LOCALS~1\Temp\rundl132.exe> []
<8xc6c><; C:\DOCUME~1\asd\LOCALS~1\Temp\winlog0n.exe> []
<9llw4tg8><; C:\DOCUME~1\asd\LOCALS~1\Temp\iexpl0re.exe> []
<fedhww33r><; C:\DOCUME~1\asd\LOCALS~1\Temp\Servere.exe> [N/A]
<cmdbcs><C:\WINDOWS\cmdbcs.exe> []
<shualai><; C:\WINDOWS\shualai.exe /i> [N/A]
<yassistse><; c:\progra~1\yahoo!\assistant\yassistse.exe> [N/A]
<YLive.exe><; C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe> [N/A]
<{131AB311-16F1-F13B-1E43-11A24B51AFD1}><C:\WINDOWS\system32\gdipri.dll> [N/A]
<{D14FA1E2-123F-6358-1E32-D2455234FDE2}><C:\WINDOWS\system32\nospri.dll> [N/A]

“启动项目”---〉“服务”选项卡，单击“Win32服务应用程序”，然后勾选上“隐藏已认证的微软项目”。
在以下服务上面单击右键--〉“停止服务”，然后再次选中该服务，选中“删除服务”，点“设置”再点“否”就可以删除
[TCP/IP Check / Hello Download][Stopped/Auto Start]
<C:\Program Files\Common Files\System\wab32res.exe><N/A>

“系统修复”--〉“文件关联”选项卡。按“修复”修复文件关联。

“系统修复”--〉“hosts文件”选项卡。按红色的“重置”--〉选择“是”。再按保存。

8、删除临时文件夹里面的所有东西，包括：
C:\Documents and Settings\<用户名>\Local Settings\Temp
C:\WINDOWS\TEMP
Internet临时文件夹（控制面板--〉“Internet选项”---〉“删除文件”---〉勾选“包括临时文件夹”--〉确定）

9、打开天网防火墙，并转到“应用程序规则”。将步骤5中出现的所有相关EXE程序访问网络规则改为“禁止”。

10、卸载QQ并删除其安装文件夹。重新安装qq，但不要安装在默认目录。


11、重新启动，确保打开了天网防火墙和瑞星杀毒软件监控。然后就可以上网了，最好能够反馈一下情况。

12、如果上不了网，请到SRENG2“系统修复”--〉“WINSOCK供应者”选项卡。按红色的“重置所有内容为默认值”--〉按提示操作。

感谢︶ㄣ┇奇迹┇和horseluke11 　　两位热心的大哥帮小弟解决这个令我头疼了好几天的问题，不过小人实在是不才～里面好多我都没懂．
象︶ㄣ┇奇迹┇大哥说的
<1jh2e9x><C:\DOCUME~1\asd\LOCALS~1\Temp\iexpl0re.exe> []
<kke8f9q><C:\DOCUME~1\asd\LOCALS~1\Temp\crasos.exe> []
<jz><C:\DOCUME~1\asd\LOCALS~1\Temp\1explore.exe> []
<q8xtv11ci4t><C:\DOCUME~1\asd\LOCALS~1\Temp\Servera.exe> []
<6><C:\DOCUME~1\asd\LOCALS~1\Temp\c0nime.exe> []
<96mts><C:\DOCUME~1\asd\LOCALS~1\Temp\winlog0n.exe> []
<xtl2l66bte><C:\DOCUME~1\asd\LOCALS~1\Temp\rundl132.exe> []
<8xc6c><; C:\DOCUME~1\asd\LOCALS~1\Temp\winlog0n.exe> []
<9llw4tg8><; C:\DOCUME~1\asd\LOCALS~1\Temp\iexpl0re.exe> []
<fedhww33r><; C:\DOCUME~1\asd\LOCALS~1\Temp\Servere.exe
[C:\DOCUME~1\asd\LOCALS~1\Temp\Gjzo1.dll]
[C:\DOCUME~1\asd\LOCALS~1\Temp\LgSy1.dll]
[C:\DOCUME~1\asd\LOCALS~1\Temp\Rav21.dll]
[C:\DOCUME~1\asd\LOCALS~1\Temp\LgSy2.dll]
[C:\DOCUME~1\asd\LOCALS~1\Temp\Msxo0.dll]
[C:\DOCUME~1\asd\LOCALS~1\Temp\fyzo1.dll]
[C:\DOCUME~1\asd\LOCALS~1\Temp\Kavs1.dll]
清空C:\DOCUME~1\asd\LOCALS~1\Temp\下的所有文件。
这些我不会删　

还有
如果装有QQ请把QQ 安装文件夹中的Timplatform.exe删除 把Timplatfrom.exe重命名为Timplatform.exe
我把Timplatform.exe删了，就没有东西让我改了嘛～

等一下再分析horseluke11大哥的～～