使用瑞星听诊程序得到的提示：
自启动项
HKEY_LOCAL_MACHINE Software\Microsoft\Windows\Currentversion\Run
IMJPMIG8.1 = "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
PHIME2002ASync = C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A = C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
netbus = C:\Documents and Settings\user\netbus.exe
assistse = "C:\PROGRA~1\3721\assistse.exe"
CnsMin = Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
MyIMLite_UpDate = rundll32 C:\WINDOWS\System32\MyIMLite\Update.dll,UpdateFirst
MyIMLite = C:\WINDOWS\System32\MyIMLite\MyIMLite.exe -h
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
RavTimer = C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
RfwMain = "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
RavMon = C:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM

HKEY_CURRENT_USER Software\Microsoft\Windows\Currentversion\Run
ctfmon.exe = C:\WINDOWS\System32\ctfmon.exe

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
shell32.dll = C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\downlo~1\CnsHook.dll= C:\WINDOWS\System32\ctfmon.exe

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
PostBootReminder = %SystemRoot%\system32\SHELL32.dll
CDBurn = %SystemRoot%\system32\SHELL32.dll
WebCheck = %SystemRoot%\System32\webcheck.dll
SysTray = C:\WINDOWS\System32\stobject.dll
SysTrays = C:\WINDOWS\System32\DLMain.dll

HKEY_LOCAL_MACHINE Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
%SystemRoot%\System32\browseui.dll= Browseui 预加载程序
%SystemRoot%\System32\browseui.dll= 组件类别缓存程序


SYSTEM.INI BOOT SHELL Explorer.exe


其他相关项
HKEY_CURRENT_USER Software\Microsoft\Internet Explorer\Main start page ----> http://www.hao123.com/
HKEY_LOCAL_MACHINE Software\Microsoft\internet explorer\search searchassistant ----> http://seek.3721.com/srchasst.htm
HKEY_LOCAL_MACHINE Software\Microsoft\internet explorer\search CustomizeSearch ----> http://seek.3721.com/srchcust.htm
HKEY_LOCAL_MACHINE Software\Microsoft\Windows NT\CurrentVersion\Winlogon DefaultUserName ----> user
HKEY_LOCAL_MACHINE Software\Microsoft\Windows NT\CurrentVersion\Winlogon AltDefaultUserName ----> user
HKEY_LOCAL_MACHINE Software\Microsoft\Windows NT\CurrentVersion\Winlogon Userinit ----> C:\WINDOWS\system32\userinit.exe,
HKEY_LOCAL_MACHINE SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows AppInit_DLLs ----> KB2357802.LOG
HKEY_USERS .Default\Software\Microsoft\Internet Explorer\Main search page ----> http://61.128.239.34


Hosts
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost



进程列表

[System Process]
System

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Rising\Rfw\RfwMain.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\3721\assistse.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
C:\PROGRA~1\RISING\RAV\RAVMON.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\user\桌面\RavDetect.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRAM FILES\RISING\RAV\RavStub.exe

进程详细信息


C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\DLMon.dll

T$ _^]
T$ _^]
L$@SQR
T$ PRS
D$XQRj
t$HWj2PVj
D$XPSVj
D$TRPVj
jjjjjjj
Software\Microsoft\DLMon
\DLMon.ini
____DLNormal_____
NOGIRLFRIEND
\DLMonEx.ini
____DLExtern_____
htmlfile\shell\open\command
RemoteExecuteExtern
RemoteExecuteNormal
SeDebugPrivilege


C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\spool\PRTPROCS\W32X86\vprproc.dll (made by Windows (R) 2000 DDK provider)

C\windows\system32\dlmon.dll

请教，如何处置。

2005-12-03,18:54:24

System Repair Engineer 1.0.0.262
    Windows XP Professional Service Pack 1 - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <load><>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <netbus><C:\Documents and Settings\user\netbus.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <assistse><"C:\PROGRA~1\3721\assistse.exe">
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <CnsMin><Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <MyIMLite_UpDate><rundll32 C:\WINDOWS\System32\MyIMLite\Update.dll,UpdateFirst>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <MyIMLite><C:\WINDOWS\System32\MyIMLite\MyIMLite.exe -h>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <RavTimer><C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <RavMon><C:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <shell><Explorer.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <Userinit><C:\WINDOWS\system32\userinit.exe,>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <AppInit_DLLs><KB2357802.LOG>

==================================

启动文件夹
服务
[Logical Disk / Logical Disk]
  <C:\WINDOWS\G_Server2.0.exe><N/A>
[Rising Personal Firewall Service / RfwService]
  <C:\Program Files\Rising\Rfw\rfwsrv.exe><Beijing Rising Technology Corporation Limited>
[Rising Process Communication Center / RsCCenter]
  <C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE><rising>
[RsRavMon Service / RsRavMon]
  <C:\PROGRAM FILES\RISING\RAV\Ravmond.exe><Beijing Rising Technology Co., Ltd.>

==================================
浏览器加载项
[ThunderIEHelper Class]
  <C:\WINDOWS\System32\xunleibho_v1.dll>
[QQBrowserHelperObject Class]
  <d:\Program Files\Tencent\QQ\QQIEHelper.dll>
[IeCatch2 Class]
  <D:\PROGRA~1\FLASHGET\jccatch.dll>
[T2BHO Class]
  <C:\WINDOWS\Downloaded Program Files\barhelp22.0.dll>
[上网助手]
  <C:\PROGRA~1\3721\assist\asbar.dll>
[NTIECatcher Class]
  <C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll>
[CnsHook Class]
  <C:\WINDOWS\downlo~1\CnsHook.dll>
[手机短信]
  <http://sms.3721.com/ie/index.htm>
[豪杰超级解霸V8]
  <C:\Herosoft\HeroV8\STHSDVD.EXE>
[Yahoo 1G电邮]
  <http://cn.mail.yahoo.com/promo/rd1>
[寻宝乐趣多]
  <http://hot.3721.com/rd/shop_btn.htm>
[上网助手]
  <http://assistant.3721.com/index.htm?fb=Cns>
[@shdoclc.dll,-866]
  <>
[QQ]
  <d:\Program Files\Tencent\QQ\QQ.EXE>
[]
  <>
[FlashGet]
  <D:\PROGRA~1\FLASHGET\flashget.exe>
[QQIEFloatBarCfgCmd Class]
  <d:\Program Files\Tencent\QQ\QQIEHelper.dll>
[情景聊天]
  <http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/>
[]
  <http://assistant.3721.com/security1.htm?fb=Cns>
[]
  <http://assistant.3721.com/clean1.htm?fb=Cns>
[电台(&R)]
  <C:\WINDOWS\System32\msdxm.ocx>
[FlashGet Bar]
  <D:\PROGRA~1\FLASHGET\fgiebar.dll>
[上网助手]
  <C:\PROGRA~1\3721\assist\asbar.dll>
[天下搜索]
  <C:\WINDOWS\Downloaded Program Files\iebar22.0.dll>
[BlueskyVideo Control]
  <C:\WINDOWS\DOWNLO~1\v2.ocx>
[WebActivater Control]
  <C:\WINDOWS\System32\WEBACT~1.OCX>
[WEBChatRoomOCX Control]
  <C:\PROGRA~1\Sina\UCWEBC~1\UCWEBC~1.OCX>
[天下搜索]
  <C:\WINDOWS\Downloaded Program Files\iebar22.0.dll>
[Blueskyvoice Control]
  <C:\WINDOWS\DOWNLO~1\BLUESK~1.OCX>
[Shockwave Flash Object]
  <C:\WINDOWS\System32\macromed\flash\Flash.ocx>
[VqqSpeedDlProxy Class]
  <C:\WINDOWS\vqqsdl.dll>
[!搜一搜]
  <res://C:\WINDOWS\downlo~1\CnsMinEx.dll/1003>
[使用影音传送带下载]
  <C:\Program Files\Xi\NetTransport 2\NTAddLink.html>
[使用影音传送带下载全部链接]
  <C:\Program Files\Xi\NetTransport 2\NTAddList.html>
[使用网际快车下载]
  <D:\Program Files\FLASHGET\jc_link.htm>
[使用网际快车下载全部链接]
  <D:\Program Files\FLASHGET\jc_all.htm>
[导出到 Microsoft Excel(&x)]
  <res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000>
[添加到QQ自定义面板]
  <D:\Program Files\Tencent\QQ\AddPanel.htm>
[添加到QQ表情]
  <D:\Program Files\Tencent\QQ\AddEmotion.htm>
[用QQ彩信发送该图片]
  <D:\Program Files\Tencent\QQ\SendMMS.htm>
[豪杰超级解霸V8实时播放]
  <C:\Herosoft\HeroV8\MPURLGET.HTM>

==================================

正在运行的进程
[PID: 564][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 628][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 652][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
    [C:\WINDOWS\KB2357802.LOG]  <N/A><N/A>
[PID: 708][C:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
    [C:\WINDOWS\KB2357802.LOG]  <N/A><N/A>
[PID: 720][C:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
    [C:\WINDOWS\KB2357802.LOG]  <N/A><N/A>
[PID: 896][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
    [C:\WINDOWS\KB2357802.LOG]  <N/A><N/A>
[PID: 992][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
    [C:\WINDOWS\KB2357802.LOG]  <N/A><N/A>
[PID: 1096][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
    [C:\WINDOWS\KB2357802.LOG]  <N/A><N/A>
[PID: 1188][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
    [C:\WINDOWS\KB2357802.LOG]  <N/A><N/A>
[PID: 1248][C:\Program Files\Rising\Rfw\rfwsrv.exe]  <Beijing Rising Technology Corporation Limited><3, 1, 0, 36>
    [C:\WINDOWS\KB2357802.LOG]  <N/A><N/A>
    [C:\Program Files\Rising\Rfw\Rfwdrv.dll]  <Beijing Rising Technology Corporation Limited><3, 0, 1, 5>
    [C:\Program Files\Rising\Rfw\rfwrule.dll]  <Beijing Rising Technology Corporation Limited><3, 1, 0, 0>
    [C:\Program Files\Rising\Rfw\rfwlog.dll]  <Beijing Rising Technology Corporation Limited><3, 1, 0, 2>
[PID: 1504][C:\WINDOWS\system32\spoolsv.exe]  <Microsoft Corporation><5.1.2600.0 (XPClient.010817-1148)>
    [C:\WINDOWS\KB2357802.LOG]  <N/A><N/A>
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\vprproc.dll]  <Windows (R) 2000 DDK provider><5.00.2195.1620>
[PID: 1732][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.2800.1106 (xpsp1.020828-1920)>
    [C:\WINDOWS\KB2357802.LOG]  <N/A><N/A>
    [C:\WINDOWS\System32\DLMon.dll]  <N/A><N/A>
    [C:\WINDOWS\downlo~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 2, 0>
    [C:\WINDOWS\downlo~1\CnsHook.dll]  <北京三七二一科技有限公司><1, 0, 2, 4>
    [C:\PROGRA~1\3721\assist\asnoad.dll]  <N/A><1, 0, 0, 9>
    [C:\WINDOWS\System32\xunleibho_v1.dll]  <N/A><1, 0, 0, 1>
    [D:\PROGRA~1\FLASHGET\jccatch.dll]  <Amaze Soft><1, 1, 4, 0>
    [c:\progra~1\3721\assist\adfilter.dll]  < ><1, 0, 1, 6>
    [C:\PROGRA~1\3721\assist\repair.dll]  <北京三七二一科技有限公司><1, 0, 4, 1001>
    [C:\PROGRA~1\3721\assist\asfsks.dll]  <3721.com><2, 1, 1, 87>
    [C:\PROGRA~1\3721\assist\optimum.dll]  <N/A><N/A>
    [C:\PROGRA~1\3721\assist\XPStyle.dll]  <N/A><N/A>
    [C:\PROGRA~1\3721\assist\assecblk.dll]  <3721><1, 0, 0, 5>
    [C:\PROGRA~1\3721\assist\asbar.dll]  <3721><1, 0, 1, 1021>
    [C:\PROGRA~1\3721\assist\tbwrap.dll]  <3721><1, 0, 0, 2>
    [C:\PROGRA~1\3721\assist\aswiper.dll]  <3721><1, 0, 1, 1004>
    [C:\PROGRA~1\3721\assist\asiesec.dll]  <yahoo><1, 0, 0, 9>
    [C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll]  <Xi><1.91.12>
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  <N/A><17, 0, 0, 8>
    [C:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
    [C:\Herosoft\HeroV8\VCvtShell.dll]  <herosoft><1, 0, 0, 1>
    [C:\PROGRA~1\Yahoo!\Common\ymmapi.dll]  <Yahoo! Inc.><2004, 6, 13, 1>
    [C:\WINDOWS\System32\RAVEXT.DLL]  <Beijing Rising Technology Co., Ltd.><17, 0, 0, 8>
[PID: 1784][C:\Program Files\Rising\Rfw\RfwMain.exe]  <Beijing Rising Technology Corporation Limited><3, 1, 0, 19>
    [C:\Program Files\Rising\Rfw\RsGuiLib.dll]  <Beijing Rising Technology Co., Ltd.><17, 0, 0, 40>
    [C:\WINDOWS\KB2357802.LOG]  <N/A><N/A>
    [C:\Program Files\Rising\Rfw\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><17, 0, 0, 17>
    [C:\Program Files\Rising\Rfw\PngDll.dll]  <Rising><17, 0, 0, 2>
    [C:\WINDOWS\downlo~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 2, 0>
    [C:\Herosoft\HeroV8\VCvtShell.dll]  <herosoft><1, 0, 0, 1>
[PID: 1932][C:\WINDOWS\System32\alg.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
    [C:\WINDOWS\KB2357802.LOG]  <N/A><N/A>
[PID: 2016][C:\WINDOWS\System32\Rundll32.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
    [C:\WINDOWS\KB2357802.LOG]  <N/A><N/A>
    [C:\WINDOWS\downlo~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 2, 0>
    [C:\WINDOWS\downlo~1\CnsMinIO.dll]  <北京三七二一科技有限公司><1, 0, 3, 4>
    [C:\WINDOWS\downlo~1\cnsio.dll]  <北京三七二一科技有限公司><1, 0, 2, 5>
    [C:\Herosoft\HeroV8\VCvtShell.dll]  <herosoft><1, 0, 0, 1>
[PID: 228][C:\PROGRA~1\3721\assistse.exe]  <yahoo><1, 0, 1, 1001>
    [C:\WINDOWS\KB2357802.LOG]  <N/A><N/A>
    [C:\WINDOWS\downlo~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 2, 0>
    [C:\PROGRA~1\3721\shell\Assecblk.dll]  <3721><1, 0, 0, 5>
    [C:\PROGRA~1\3721\shell\MenuInfo.dll]  <yahoo><1, 0, 0, 2>
    [C:\PROGRA~1\3721\shell\IEAngel.dll]  <yahoo><1, 0, 0, 3>
    [C:\PROGRA~1\3721\shell\AsMenu.dll]  <3721><1, 0, 1, 1006>
    [C:\PROGRA~1\3721\Assist\assist.dll]  <N/A><2, 0, 3, 3>
[PID: 272][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  <RealNetworks, Inc.><0.1.0.1612>
    [C:\WINDOWS\KB2357802.LOG]  <N/A><N/A>
    [C:\WINDOWS\downlo~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 2, 0>
[PID: 300][C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE]  <Beijing Rising Technology Co., Ltd.><17, 0, 0, 39>
    [C:\WINDOWS\KB2357802.LOG]  <N/A><N/A>
    [C:\PROGRA~1\RISING\RAV\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><17, 0, 0, 17>
    [C:\PROGRA~1\RISING\RAV\RSAPPMGR.DLL]  <Rising Corp.><17, 0, 0, 7>
    [C:\PROGRA~1\RISING\RAV\CfgDll.dll]  <rising><17, 0, 0, 60>
    [C:\PROGRA~1\RISING\RAV\RsCommX.dll]  <rising><17, 0, 0, 3>
    [C:\WINDOWS\downlo~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 2, 0>
    [C:\Herosoft\HeroV8\VCvtShell.dll]  <herosoft><1, 0, 0, 1>

[PID: 328][C:\PROGRA~1\RISING\RAV\RAVMON.EXE]  <Beijing Rising Technology Co., Ltd.><17, 0, 1, 37>
    [C:\PROGRA~1\RISING\RAV\RsGuiLib.dll]  <Beijing Rising Technology Co., Ltd.><17, 0, 0, 40>
    [C:\WINDOWS\KB2357802.LOG]  <N/A><N/A>
    [C:\PROGRA~1\RISING\RAV\RSAPPMGR.DLL]  <Rising Corp.><17, 0, 0, 7>
    [C:\PROGRA~1\RISING\RAV\CfgDll.dll]  <rising><17, 0, 0, 60>
    [C:\PROGRA~1\RISING\RAV\RsCommX.dll]  <rising><17, 0, 0, 3>
    [C:\PROGRA~1\RISING\RAV\PngDll.dll]  <Rising><17, 0, 0, 2>
    [C:\PROGRA~1\RISING\RAV\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><17, 0, 0, 17>
    [C:\WINDOWS\downlo~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 2, 0>
    [C:\Herosoft\HeroV8\VCvtShell.dll]  <herosoft><1, 0, 0, 1>
[PID: 340][C:\WINDOWS\System32\ctfmon.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
    [C:\WINDOWS\KB2357802.LOG]  <N/A><N/A>
    [C:\WINDOWS\downlo~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 2, 0>
    [C:\Herosoft\HeroV8\VCvtShell.dll]  <herosoft><1, 0, 0, 1>
[PID: 472][C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe]  <Microsoft Corporation><7.00.9064.9150>
    [C:\WINDOWS\KB2357802.LOG]  <N/A><N/A>
[PID: 512][C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE]  <rising><17, 0, 0, 1>
    [C:\WINDOWS\KB2357802.LOG]  <N/A><N/A>
[PID: 548][C:\PROGRAM FILES\RISING\RAV\Ravmond.exe]  <Beijing Rising Technology Co., Ltd.><17, 0, 1, 57>
    [C:\PROGRAM FILES\RISING\RAV\guidll.dll]  <rising><17, 0, 0, 13>
    [C:\WINDOWS\KB2357802.LOG]  <N/A><N/A>
    [C:\PROGRAM FILES\RISING\RAV\RsCommX.dll]  <rising><17, 0, 0, 3>
    [C:\PROGRAM FILES\RISING\RAV\RSAPPMGR.DLL]  <Rising Corp.><17, 0, 0, 7>
    [C:\PROGRAM FILES\RISING\RAV\CfgDll.dll]  <rising><17, 0, 0, 60>
    [C:\Program Files\Rising\Rav\Scanner.dll]  <Rising><17, 0, 0, 43>
    [C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><17, 0, 0, 17>
    [C:\Program Files\Rising\Rav\libload.dll]  <Rising><17, 0, 0, 14>
    [C:\Program Files\Rising\Rav\VirusLib.dll]  <Rising><17, 0, 0, 26>
    [C:\PROGRAM FILES\RISING\RAV\MailMon.dll]  < ><17, 0, 0, 9>
    [C:\Program Files\Rising\Rav\SpamEng.dll]  <N/A><17, 0, 0, 7>
    [C:\PROGRAM FILES\RISING\RAV\MemMon.dll]  <北京瑞星><17, 8, 0, 0>
    [C:\PROGRAM FILES\RISING\RAV\expscan.dll]  <N/A><17, 0, 0, 6>
    [C:\PROGRAM FILES\RISING\RAV\mPorts.dll]  <Beijing Rising Technology Corporation Limited><3, 0, 0, 3>
    [C:\Program Files\Rising\Rav\engine.dll]  <rising><17, 0, 0, 40>
    [C:\Program Files\Rising\Rav\UnExe.dll]  <Rising><17, 0, 0, 27>
    [C:\PROGRAM FILES\RISING\RAV\regmon.dll]  < ><17, 0, 0, 12>
    [C:\PROGRAM FILES\RISING\RAV\HookWeb.dll]  <rising><17, 0, 0, 4>
    [C:\Program Files\Rising\Rav\ScanEx.dll]  <Rising><17, 0, 0, 33>
    [C:\Program Files\Rising\Rav\PostTrt.dll]  <Rising><17, 0, 0, 21>
    [C:\Program Files\Rising\Rav\NvFile.dll]  <瑞星><17, 0, 0, 13>
    [C:\Program Files\Rising\Rav\ScanMac.dll]  <rising><17, 0, 0, 19>
    [C:\Program Files\Rising\Rav\ScanSct.dll]  <rising><17, 0, 0, 31>
    [C:\Program Files\Rising\Rav\ScanExec.dll]  <N/A><17, 0, 0, 21>
    [C:\Program Files\Rising\Rav\Unpacker.dll]  <rising><17, 0, 0, 19>
    [C:\Program Files\Rising\Rav\RsStore.dll]  <Beijing Rising Technology Co., Ltd.><17, 0, 0, 10>
    [C:\Program Files\Rising\Rav\posttrtx.dll]  <瑞星科技股份有限公司><17, 0, 0, 32>
    [C:\Program Files\Rising\Rav\ExtOLE.dll]  <rising><17, 0, 0, 21>
    [C:\PROGRAM FILES\RISING\RAV\RsLog.dll]  <N/A><17, 0, 0, 52>
    [C:\PROGRAM FILES\RISING\RAV\RsGuiLib.dll]  <Beijing Rising Technology Co., Ltd.><17, 0, 0, 40>
[PID: 608][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
    [C:\WINDOWS\KB2357802.LOG]  <N/A><N/A>
[PID: 1148][C:\PROGRAM FILES\RISING\RAV\RavStub.exe]  <Beijing Rising Technology Co., Ltd.><17, 0, 0, 27>
    [C:\WINDOWS\KB2357802.LOG]  <N/A><N/A>
    [C:\PROGRAM FILES\RISING\RAV\RsCommX.dll]  <rising><17, 0, 0, 3>
    [C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><17, 0, 0, 17>
[PID: 2804][C:\Program Files\Internet Explorer\iexplore.exe]  <Microsoft Corporation><6.00.2800.1106 (xpsp1.020828-1920)>
    [C:\WINDOWS\KB2357802.LOG]  <N/A><N/A>
    [C:\WINDOWS\downlo~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 2, 0>
    [C:\WINDOWS\downlo~1\CnsHint.dll]  <3721><1, 0, 0, 4>
    [C:\WINDOWS\downlo~1\cnsplus.dll]  <3721><1, 0, 0, 2>
    [C:\WINDOWS\Downloaded Program Files\iebar22.0.dll]  <N/A><2, 0, 0, 0>
    [C:\WINDOWS\System32\xunleibho_v1.dll]  <N/A><1, 0, 0, 1>
    [d:\Program Files\Tencent\QQ\QQIEHelper.dll]  <深圳市腾讯计算机系统有限公司><1, 1, 0, 5>
    [D:\PROGRA~1\FLASHGET\jccatch.dll]  <Amaze Soft><1, 1, 4, 0>
    [C:\WINDOWS\Downloaded Program Files\barhelp22.0.dll]  <HDT, Inc.><1, 9, 5, 0>
    [C:\PROGRA~1\3721\assist\asbar.dll]  <3721><1, 0, 1, 1021>
    [C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll]  <Xi><1.91.12>
    [C:\WINDOWS\downlo~1\CnsHook.dll]  <北京三七二一科技有限公司><1, 0, 2, 4>
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  <N/A><17, 0, 0, 8>
    [C:\WINDOWS\System32\macromed\flash\Flash.ocx]  <Macromedia, Inc.><7,0,19,0>
    [C:\Herosoft\HeroV8\VCvtShell.dll]  <herosoft><1, 0, 0, 1>
[PID: 3168][C:\Program Files\Internet Explorer\iexplore.exe]  <Microsoft Corporation><6.00.2800.1106 (xpsp1.020828-1920)>
    [C:\WINDOWS\KB2357802.LOG]  <N/A><N/A>
    [C:\WINDOWS\downlo~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 2, 0>
    [C:\WINDOWS\downlo~1\CnsHint.dll]  <3721><1, 0, 0, 4>
    [C:\WINDOWS\downlo~1\cnsplus.dll]  <3721><1, 0, 0, 2>
    [C:\WINDOWS\Downloaded Program Files\iebar22.0.dll]  <N/A><2, 0, 0, 0>
    [C:\WINDOWS\System32\xunleibho_v1.dll]  <N/A><1, 0, 0, 1>
    [d:\Program Files\Tencent\QQ\QQIEHelper.dll]  <深圳市腾讯计算机系统有限公司><1, 1, 0, 5>
    [D:\PROGRA~1\FLASHGET\jccatch.dll]  <Amaze Soft><1, 1, 4, 0>
    [C:\WINDOWS\Downloaded Program Files\barhelp22.0.dll]  <HDT, Inc.><1, 9, 5, 0>
    [C:\PROGRA~1\3721\assist\asbar.dll]  <3721><1, 0, 1, 1021>
    [C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll]  <Xi><1.91.12>
    [C:\WINDOWS\downlo~1\CnsHook.dll]  <北京三七二一科技有限公司><1, 0, 2, 4>
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  <N/A><17, 0, 0, 8>
    [C:\Herosoft\HeroV8\VCvtShell.dll]  <herosoft><1, 0, 0, 1>
[PID: 2476][C:\Documents and Settings\user\桌面\SREng.exe]  <Smallfrogs Studio><1.0.0.262>
    [C:\WINDOWS\KB2357802.LOG]  <N/A><N/A>
    [C:\WINDOWS\downlo~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 2, 0>
    [C:\Herosoft\HeroV8\VCvtShell.dll]  <herosoft><1, 0, 0, 1>

==================================
文件关联
.TXT  OK
.EXE  OK
.COM  OK
.PIF  OK
.REG  OK
.BAT  OK

前两步已做了,但要删除病毒时无法删除,且还测出有三个病毒,性质是一样的,名字是c:\system volume lnformation\_restore\a0025609.dll和a0025650.dll及a0025654.dll

再请教，关闭了系统还原，进入C盘system32文件夹下找到dlmon.dll病毒文件，要将文件移到回收站删除时，无法删除，提示“访问被拒绝，请确定磁盘未满或未被写保护而且文件未被使用”，是不是我的删除办法不正确，劳你帮忙帮到底。

能说详细些吗，我可是新手上路。