求教系统启动项出现，禁止后一段时间，自动生成，好象生成的同时桌面会自动出现一个IE的快捷方式，并同3个360安全卫士查的出的而已软件，但也不能根除，反复发作，而且感染了其他非系统区，刚刚重装不到5分钟就再次中招，其他区有重要资料，求教有效解决办法

以下是会出现的启动项命令行

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winlog0n.exe

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rundl132.exe

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\c0nime.exe

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\crasos.exe

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\iexpl0re.exe

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sysload3.exe

名字好象是随机的，高人速来帮忙，谢

[CODE]

2007-04-01,17:22:06

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <System Boot Check><C:\WINDOWS\system32\sysload3.exe>  [N/A]
    <0mvck96ffquw8ys><; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\c0nime.exe>  []
    <g><; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winlog0n.exe>  []
    <x><; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rundl132.exe>  []
    <xvhbcyr2jqes1><; C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\crasos.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <!AVG Anti-Spyware><"F:\AVG Anti-Spyware 7.5\avgas.exe" /minimized>  [Anti-Malware Development a.s.]
    <360Safetray><F:\360safe\safemon\360Tray.exe /start>  [奇虎网]
    <RavTask><"F:\杀毒\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <360Safe><Rundll32.exe F:\360safe\AntiAdwa.dll,KillAdware>  [360Safe.com]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]

==================================
启动文件夹
N/A

==================================
服务
[AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start]
  <F:\AVG Anti-Spyware 7.5\guard.exe><Anti-Malware Development a.s.>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"F:\杀毒\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"F:\杀毒\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Windows Media Connect Service / WMConnectCDS][Stopped/Manual Start]
  <C:\Program Files\Windows Media Connect 2\wmccds.exe><Microsoft Corporation>

==================================
驱动程序
[aeaudio / aeaudio][Running/Manual Start]
  <system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[ati2mtag / ati2mtag][Running/Manual Start]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
  <\??\F:\AVG Anti-Spyware 7.5\guard.sys><N/A>
[AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
  <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
[BaseTDI / BaseTDI][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\basetdi.sys><Beijing Rising Technology Co., Ltd.>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\F:\杀毒\RISING\RAV\ExpScan.sys><>
[HookCont / HookCont][Running/Auto Start]
  <\??\F:\杀毒\RISING\RAV\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\F:\杀毒\RISING\RAV\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\F:\杀毒\RISING\RAV\HookSys.sys><Rising>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\F:\杀毒\RISING\RAV\MEMSCAN.sys><瑞星软件有限公司>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\F:\杀毒\RISING\RAV\RSPPSYS.sys><Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[smwdm / smwdm][Running/Manual Start]
  <system32\drivers\smwdm.sys><Analog Devices, Inc.>
[28750 / 28750][Running/Manual Start]
  <2 - 系统找不到指定的文件。
><N/A>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\F:\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>

==================================
浏览器加载项
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <F:\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[NavigatMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <F:\360safe\safemon\safemon.dll, >
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <F:\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <F:\Tencent\QQ\QQ.EXE, TENCENT>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <F:\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[NavigatMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <F:\360safe\safemon\safemon.dll, >
[Tencent Safety Online Base Module]
  {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <C:\WINDOWS\system32\TSOBase\TSOBase.ocx, Tencent Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9a.ocx, Adobe Systems, Inc.>
[&使用迅雷下载]
  <F:\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
  <F:\Thunder\Program\GetAllUrl.htm, N/A>
[上传到QQ网络硬盘]
  <F:\Tencent\QQ\AddToNetDisk.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://F:\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
  <F:\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <F:\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <F:\Tencent\QQ\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 424][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 488][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 512][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 556][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 568][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1352][F:\AVG Anti-Spyware 7.5\avgas.exe]  [Anti-Malware Development a.s., 7, 5, 0, 50]
    [F:\AVG Anti-Spyware 7.5\engine.dll]  [Anti-Malware Development a.s., 4, 2, 0, 15]
    [F:\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1004]
[PID: 1400][F:\360safe\safemon\360Tray.exe]  [奇虎网, 1, 0, 1, 1004]
    [F:\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1004]
    [F:\360safe\safemon\SafeKrnl.dll]  [奇虎网, 1, 0, 0, 3001]
    [F:\360safe\AntiAdwa.dll]  [360Safe.com, 2, 2, 5, 1000]
[PID: 1412][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2044][C:\program files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [F:\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1004]
    [F:\Thunder\ComDlls\XunLeiBHO_007.dll]  [Thunder Networking Technologies,LTD, 5, 0, 1, 4]
    [F:\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
[PID: 300][C:\program files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [F:\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1004]
    [F:\Thunder\ComDlls\XunLeiBHO_007.dll]  [Thunder Networking Technologies,LTD, 5, 0, 1, 4]
    [F:\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\xpsp3res.dll]  [Microsoft Corporation, 5.1.2600.3020 (xpsp_sp2_gdr.061023-0214)]
[PID: 3292][C:\WINDOWS\explorer.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [F:\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1004]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [f:\WinRAR\rarext.dll]  [N/A, ]
    [F:\杀毒\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [F:\AVG Anti-Spyware 7.5\context.dll]  [Anti-Malware Development a.s., 7, 5, 0, 49]
    [F:\Tencent\QQ\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
    [F:\Thunder\ComDlls\XunLeiBHO_007.dll]  [Thunder Networking Technologies,LTD, 5, 0, 1, 4]
    [F:\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
[PID: 2796][F:\Tencent\QQ\QQUpdateCenter.exe]  [, 2, 1, 0, 8]
    [F:\Tencent\QQ\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [F:\Tencent\QQ\QQUpdateExt.dll]  [, 1, 0, 0, 1]
    [F:\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1004]
    [F:\Tencent\QQ\ausdln.dll]  [Tencent Technology (Shenzhen) Company Limited, 2, 2, 102, 30]
    [F:\Tencent\QQ\TNProxy.dll]  [Tencent Technology(Shenzhen) Company Limited, 2, 1, 101, 10]
[PID: 2644][C:\WINDOWS\system32\notepad.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [F:\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1004]
[PID: 3600][F:\Maxthon\Maxthon.exe]  [Maxthon International Ltd., 1, 5, 9, 30]
    [F:\Maxthon\maxzlib.dll]  [ , 1, 0, 0, 2]
    [F:\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1004]
    [F:\Thunder\ComDlls\XunLeiBHO_007.dll]  [Thunder Networking Technologies,LTD, 5, 0, 1, 4]
    [C:\WINDOWS\system32\odbcbcp.dll]  [Microsoft Corporation, 2000.085.1117.00 (xpsp_sp2_rtm.040803-2158)]
    [F:\Maxthon\Services\RealTime\real_time.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9a.ocx]  [Adobe Systems, Inc., 9,0,0,296]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 3312][F:\Thunder\Program\Thunder5.exe]  [Thunder Networking Technologies,LTD, 5, 6, 0, 280]
    [F:\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1004]
    [F:\Thunder\Program\TaskManager.dll]  [Thunder Networking Technologies,LTD, 1, 1, 0, 20]
    [F:\Thunder\Program\download_interface.dll]  [Thunder Networking Technologies,LTD, 2, 13, 2, 61]
    [F:\Thunder\Program\stlport_vc646.dll]  [STLport Consulting, Inc., 4.6.2003.1031]
    [F:\Thunder\Program\asyn_dns.dll]  [Thunder Networking Technologies,LTD, 2, 13, 2, 61]
    [F:\Thunder\Program\iTargetAD.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 17]
    [F:\Thunder\Program\BHOStub.dll]  [Thunder Networking Technologies,LTD, 1, 1, 0, 8]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9a.ocx]  [Adobe Systems, Inc., 9,0,0,296]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [F:\Thunder\Components\DiagnoseHelper\DiagnoseHelper.dll]  [Thunder Networking Technologies,LTD, 1, 1, 1, 13]
    [F:\Thunder\Components\PortVerify\PortVerify.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 1]
    [F:\Thunder\Components\ExplorerHelper\ExplorerHelper.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 1]
    [F:\Thunder\Components\DTAG\DTAG.dll]  [Thunder Networking Technologies,LTD, 1, 2, 0, 7]
    [F:\Thunder\Components\DTAG\ExtractMediaTag.dll]  [Thunder Networking Technologies,LTD, 1, 2, 0, 7]
    [F:\Thunder\Program\LiveUpdate.dll]  [Thunder Networking Technologies,LTD, 1, 1, 1, 20]
    [F:\Thunder\Components\InMedia\iEmbedShell.dll]  [　, 1, 0, 0, 15]
    [F:\Thunder\Components\InMedia\iEmbed08.dll]  [　, 3, 2, 0, 63]
    [F:\Thunder\Components\Community\XLCommunity.dll]  [Thunder Networking Technologies,LTD, 1, 1, 0, 20]
    [F:\Thunder\Program\RegisterDll.dll]  [Thunder Networking Technologies,LTD, 2, 13, 2, 61]
    [F:\Thunder\Components\Search\XLSearch.dll]  [Thunder Networking Technologies,LTD, 1, 1, 0, 9]
    [F:\Thunder\Components\P4PClient\P4PClient.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 18]
    [F:\Thunder\Program\XLNet.Dll]  [Thunder Networking Technologies,LTD, 1, 1, 0, 6]
    [F:\Thunder\Components\VPSHELL\VPSHELL.dll]  [, 1, 2, 0, 5]
    [F:\Thunder\Components\VPSHELL\VideoPicture.dll]  [XunLei, 1, 2, 0, 5]
    [F:\Thunder\Components\Tips\TipsClient.dll]  [Thunder Networking Technologies,LTD, 2, 1, 1, 50]
    [F:\Thunder\Components\UserExperience\UserExperience.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 1]
    [F:\Thunder\Plugins\BhoAdv\bho_adv.dll]  [深圳市迅雷网络技术有限公司, 1.0.1.0]
[PID: 3272][C:\Documents and Settings\Administrator\桌面\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [F:\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1004]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost
127.0.0.1      mmm.caifu18.net
127.0.0.1      www.18dmm.com
127.0.0.1      d.qbbd.com
127.0.0.1      www.5117music.com
127.0.0.1      www.union123.com
127.0.0.1      www.wu7x.cn
127.0.0.1      www.54699.com
127.0.0.1      60.169.0.66
127.0.0.1      60.169.1.29
127.0.0.1      www.97725.com
127.0.0.1      down.97725.com
127.0.0.1      ip.315hack.com
127.0.0.1      ip.54liumang.com
127.0.0.1      www.41ip.com
127.0.0.1      xulao.com
127.0.0.1      www.heixiou.com
127.0.0.1      www.9cyy.com
127.0.0.1      www.hunll.com
127.0.0.1      www.down.hunll.com
127.0.0.1      do.77276.com
127.0.0.1      www.baidulink.com
127.0.0.1      adnx.yygou.cn
127.0.0.1      222.73.220.45
127.0.0.1      www.f5game.com
127.0.0.1      www.guazhan.cn
127.0.0.1      wm,103715.com
127.0.0.1      www.my6688.cn
127.0.0.1      i.96981.com
127.0.0.1      d.77276.com
127.0.0.1      www1.cw988.cn
127.0.0.1      cool.47555.com
127.0.0.1      www.asdwc.com
127.0.0.1      55880.cn
127.0.0.1      61.152.169.234
127.0.0.1      cc.wzxqy.com
127.0.0.1      www.54699.com

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]