现把日志附上
[CODE]

2007-09-24,11:08:51

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 1 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows XP Publisher]
    <SoundMan><SOUNDMAN.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <Google IME Autoupdater><"C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe">  [(Verified)Google Inc]
    <CertificateRegistration><SafeSignCertReg.exe>  [A.E.T. Europe B.V.]
    <Jiangmin KVFW><C:\Program Files\JiangMin\KVFW\KvfwMcl.exe>  [N/A]
    <runeip><"C:\Program Files\Rising\AntiSpyware\runiep.exe" /startup>  [Beijing Rising Technology Co., Ltd.]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <Windows木马防火墙><C:\Program Files\ftc\Trojanwall.exe>  [N/A]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <WebThunder><; C:\Program Files\Thunder Network\WebThunder\WebThunder.exe>  [N/A]
    <AntiARPStandalone><C:\Program Files\AntiARP Stand-alone Edition\AntiArp.exe>  []
    <360Safetray><C:\Program Files\360safe\safemon\360Tray.exe /start>  [奇虎网]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows XP Publisher]
    <Userinit><C:\WINDOWS\System32\userinit.exe,>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
    <{91B1E846-2BEF-4345-8848-7699C7C9935F}><>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DfLogon]
    <WinlogonNotify: DfLogon><LogonDll.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player 6.4><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub.NT>  [(Verified)Microsoft Windows XP Publisher]

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{306D6C21-C1B6-4629-986C-E59E1875B8AF}]
    <N/A><"C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3B47AC4A-F0B9-2314-0405-000408030708}]
    <N/A><C:\WINDOWS\syst.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Install.PerUser>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player 8><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]

==================================
启动文件夹
N/A

==================================
服务
[DF5Serv / DF5Serv][Running/Auto Start]
  <C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe><Faronics Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Proxy  Service / RfwProxySrv][Stopped/Manual Start]
  <c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
  <c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[system / system][Stopped/Auto Start]
  <C:\WINDOWS\iexplore.ra><N/A>

==================================
驱动程序
[57883 / 57883][Stopped/Boot Start]
  <\SystemRoot\System32\drivers\57883.sys><N/A>
[Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]
  <system32\drivers\ALCXSENS.SYS><Sensaura Ltd>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AntiARP NDIS Protocol Driver / AntiArpNdisProt][Running/Auto Start]
  <System32\DRIVERS\AntiArpNdisProt.sys><Windows (R) 2000 DDK provider>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[btfirst / btfirst][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\btfirst.sys><YAHOO Corporation.>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\ExpScan.sys><>
[usb Card Device / ft2kEnum][Running/Manual Start]
  <System32\DRIVERS\ic2kenum.sys><OEM Corporation>
[USB Chip Holder Service / GDBaseSmc][Running/Manual Start]
  <System32\DRIVERS\Chip_smc.sys><OEM>
[USB Chip Service / GD_USB][Stopped/Manual Start]
  <System32\DRIVERS\Chip_usb.sys><>
[HookCont / HookCont][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[ialm / ialm][Running/Manual Start]
  <System32\DRIVERS\ialmnt5.sys><Intel Corporation>
[IdeBusDr / IdeBusDr][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\IdeBusDr.sys><Intel Corporation>
[Intel(R) Ultra ATA Controller / IdeChnDr][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\IdeChnDr.sys><Intel Corporation>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\MEMSCAN.sys><Beijing Rising Technology Co., Ltd.>
[mProcRs / mProcRs][Running/Auto Start]
  <\??\c:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\PxHelp20.sys><Sonic Solutions>
[qDisk / qDisk][Stopped/Manual Start]
  <\??\C:\DOCUME~1\aaa\LOCALS~1\Temp\DF521.tmp\qDisk.sys><Your Corporation>
[SmartCard Reader Device  / Reader_Device][Running/Manual Start]
  <System32\DRIVERS\usbic2k.sys><OEM>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\System32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
[RsFwDrv / RsFwDrv][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\System32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\RSPPSYS.sys><Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[USB eKey / UsbKDev][Stopped/Manual Start]
  <System32\DRIVERS\UsbKDev.sys><Mingwah Aohan High Technology Corp.>
[xAntiArpSpoof Service / xAntiArp][Running/Manual Start]
  <System32\DRIVERS\xAntiArp.sys><Windows (R) 2000 DDK provider>

==================================
浏览器加载项
[IE7Pro BHO]
  {00011268-E188-40DF-A514-835FCD78B1BF} <C:\Program Files\IE7Pro\IE7Pro.dll, IE7Pro.com>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder\ComDlls\XunLeiBHO_004.dll, Thunder Networking Technologies,LTD>
[IE7Pro ToolsExt]
  {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} <C:\Program Files\IE7Pro\IE7Pro.dll, IE7Pro.com>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[FlashGet]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\flashget.exe, Amaze Soft>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[MCubeIEMonitor Class]
  {2BA5FD98-D118-469C-868F-351BC58EA0AA} <C:\WINDOWS\Downloaded Program Files\IECloseMonitor.dll, >
[FileClient Control]
  {9627E9EB-3636-42AF-80C2-3CE2E5541930} <C:\WINDOWS\DOWNLO~1\FILECL~1.OCX, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[CDFileReader Control]
  {D2FA4CCC-7348-4F16-8C2B-B4A87073CAEF} <C:\WINDOWS\DOWNLO~1\FILERE~1.OCX, N/A>
[Vod Class]
  {2EEDA47E-8D5C-4d7e-B4B6-E16E19218555} <C:\Program Files\Thunder Network\WebThunder\DownAndPlay\DapPlayer1.1.0.46.dll, N/A>
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360safe.com>
[上传到QQ网络硬盘]
  <C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[使用ToToLook边下边看]
  <C:\Program Files\ToToLook\GetUrl.html, N/A>
[使用迅雷下载]
  <C:\Program Files\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <C:\Program Files\Thunder\Program\getallurl.htm, N/A>
[朗读选中的文字]
  <C:\WINDOWS\save.htm, N/A>
[添加到eREAD表情]
  <, N/A>
[添加到QQ自定义面板]
  <C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 1648 / aaa][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [E:\WINDOW~1.0BU\ftc\FTCCOM~1.DLL]  [Fygsoft and Microsoft, 3.0.0.71]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\WINDOWS\System32\GOOGLEPINYIN.IME]  [Google Inc., ]
    [C:\Program Files\Thunder\ComDlls\XunLeiBHO_004.dll]  [Thunder Networking Technologies,LTD, 5, 0, 0, 3]
[PID: 1992 / aaa][c:\program files\rising\rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 72]
    [c:\program files\rising\rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
    [c:\program files\rising\rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [c:\program files\rising\rfw\RfwCtrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [c:\program files\rising\rfw\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [c:\program files\rising\rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 144 / aaa][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5.1.14]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 268 / aaa][C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe]  [Google Inc., 1, 0, 0, 1]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\System32\GooglePinyin.ime]  [Google Inc., ]
[PID: 592 / aaa][C:\WINDOWS\System32\SafeSignCertReg.exe]  [A.E.T. Europe B.V., 2.0.0.2]
[PID: 1108 / aaa][C:\Program Files\Rising\AntiSpyware\runiep.exe]  [Beijing Rising Technology Co., Ltd., 4.0.0.18]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1728 / aaa][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3208]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2024 / aaa][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[PID: 204 / aaa][C:\Program Files\360safe\safemon\360Tray.exe]  [奇虎网, 3, 6, 1, 1001]
    [C:\Program Files\360safe\safemon\safemon.dll]  [, 3, 6, 1, 1001]
    [C:\Program Files\360safe\safemon\SafeKrnl.dll]  [奇虎网, 3, 6, 0, 1001]
    [C:\Program Files\360safe\AntiAdwa.dll]  [360Safe.com, 3, 6, 1, 1001]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\Program Files\360safe\live.dll]  [360safe.com, 1, 0, 1, 1020]
[PID: 296 / aaa][C:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1124 / aaa][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [C:\Program Files\IE7Pro\IE7Pro.dll]  [IE7Pro.com, 1, 0, 0, 10]
    [C:\Program Files\IE7Pro\hunspell.dll]  [N/A, ]
    [C:\Program Files\Thunder\ComDlls\XunLeiBHO_004.dll]  [Thunder Networking Technologies,LTD, 5, 0, 0, 3]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\WINDOWS\System32\GOOGLEPINYIN.IME]  [Google Inc., ]
[PID: 3044 / aaa][C:\Documents and Settings\aaa\My Documents\sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\Documents and Settings\aaa\My Documents\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
*********************************
《电脑报》黑榜(R)恶意网址屏蔽文件
版本号：PL07-25
发布日期：2007.7.19
数据截至：2007.7.16
*********************************
127.0.0.1 localhost
127.0.0.1 www.zzzz1.com
127.0.0.1 zzzz1.com
127.0.0.1 www.baidu345.com
127.0.0.1 baidu345.com
127.0.0.1 www.ttsou.cn
127.0.0.1 ttsou.cn
127.0.0.1 www.zhaomeimei.cn
127.0.0.1 www.511u.com
127.0.0.1 www.37698.com
127.0.0.1 37698.com
127.0.0.1 www.2345.com
127.0.0.1 2345.com
127.0.0.1 www.hk0707.com
127.0.0.1 www.hk0909.com
127.0.0.1 www2.99vod.net
127.0.0.1 www.99vod.net
127.0.0.1 www.51mxd.com
127.0.0.1 www.meizi7472831.com
127.0.0.1 www.game929.com
127.0.0.1 www.21cnhr.com
127.0.0.1 www.91d2d.com
127.0.0.1 91d2d.com
127.0.0.1 www.flydown.net
127.0.0.1 flydown.net
127.0.0.1 www.wangxiangad.com
127.0.0.1 music.wangxiangad.com
127.0.0.1 www.91d2d.com
127.0.0.1 www.59552.com
127.0.0.1 qq.59552.com
127.0.0.1 2007.5ixp.com
127.0.0.1 www.lmaq.com
127.0.0.1 lmaq.com
127.0.0.1 www.3yyy.cn
127.0.0.1 old.3yyy.cn
127.0.0.1 www.kkpic.net
127.0.0.1 kkpic.net
127.0.0.1 www.habao.net
127.0.0.1 habao.net
127.0.0.1 www.sms591.com
127.0.0.1 www.sms591.net
127.0.0.1 www.kx99.cn
127.0.0.1 www.odwy.com
127.0.0.1 www.99mmm.com
127.0.0.1 www.sqqd.com
127.0.0.1 www.sqqd.net
127.0.0.1 www.6781.com
127.0.0.1 www.dj015.com
127.0.0.1 www.mtvrm.com
127.0.0.1 a.d3a.us
127.0.0.1 www.69262.com
127.0.0.1 www.an188.com
127.0.0.1 www.bobcn.net
127.0.0.1 www.pkzz.net
127.0.0.1 www.pkzz.net
127.0.0.1 www.jily.net
127.0.0.1 jily.net
127.0.0.1 cn.errorsafe.com
127.0.0.1 www.errorsafe.com
127.0.0.1 www.1717kan.cn
127.0.0.1 www.verycr.com
127.0.0.1 verycr.com
127.0.0.1 www.82wg.com
127.0.0.1 www.kuaiso.com
127.0.0.1 www.64xz.com
127.0.0.1 64xz.com
127.0.0.1 www.newok.com
127.0.0.1 www.top000.com
127.0.0.1 top000.com
127.0.0.1 www.tianmp3.cn
127.0.0.1 tianmp3.cn
127.0.0.1 www.59552.com
127.0.0.1 59552.com
127.0.0.1 www.xf520.cn
127.0.0.1 www.ysbr.cn
127.0.0.1 www.lvrzj.com
127.0.0.1 lvrzj.com
127.0.0.1 www.toxx.info
127.0.0.1 www.11990.com
127.0.0.1 www.xzqx88.com
127.0.0.1 xzqx88.com
127.0.0.1 11990.com
127.0.0.1 www.qbbd.com
127.0.0.1 w.qbbd.com
127.0.0.1 www.wuyeav.com
127.0.0.1 wuyeav.com
127.0.0.1 www.87895.com
127.0.0.1 87895.com
127.0.0.1 www.henbang.net
127.0.0.1 files.henbang.net
127.0.0.1 www.yayalao.com
127.0.0.1 yayalao.com
127.0.0.1 yxgm78.com
127.0.0.1 www.88888888888888888888888888888888888888888888888888.com
127.0.0.1 www.50-8.com
127.0.0.1 www.50ge8.com
127.0.0.1 www.klyx8.com
127.0.0.1 klyx8.com
127.0.0.1 www.53yes.com
127.0.0.1 www.jk1001.com
127.0.0.1 4255.biz
127.0.0.1 www.zhaoxl.cn
127.0.0.1 zhaoxl.cn
127.0.0.1 www.0hu.net
127.0.0.1 0hu.net
127.0.0.1 www.pic00.com
127.0.0.1 pic00.com
127.0.0.1 www.17xxz.com
127.0.0.1 17xxz.com
127.0.0.1 www.900666.com
127.0.0.1 pp.900666.com
127.0.0.1 www.jetdown.com
127.0.0.1 jetdown.com
127.0.0.1 7y7.us
127.0.0.1 12rr.com
127.0.0.1 www.12rr.com
127.0.0.1 www.ycdy.com
127.0.0.1 ycdy.com
127.0.0.1 www.zqqa.com
127.0.0.1 zqqa.com
127.0.0.1 www.zpx520.com
127.0.0.1 zpx520.com
127.0.0.1 12706.com
127.0.0.1 down.12706.com
127.0.0.1 www.12706.com
127.0.0.1 www.xrlyy.com
127.0.0.1 xrlyy.com
127.0.0.1 laji.xrlyy.com
127.0.0.1 www.51meinv.cn
127.0.0.1 16a.us
127.0.0.1 www.n85853.cn
127.0.0.1 n85853.cn
127.0.0.1 www.chenxinsms.com
127.0.0.1 chenxinsms.com
127.0.0.1 www.1cdzx.cn
127.0.0.1 1cdzx.cn
127.0.0.1 www.1008y.cn
127.0.0.1 1008y.cn
127.0.0.1 www.18dmm.com
127.0.0.1 18dmm.com
127.0.0.1 www.08325.cn
127.0.0.1 08325.cn
127.0.0.1 www.vchome.net
127.0.0.1 vchome.net
127.0.0.1 www.hsstone.net
127.0.0.1 mp3.hsstone.net
127.0.0.1 hsstone.net
127.0.0.1 5y5.us
127.0.0.1 www.yyor.com
127.0.0.1 yyor.com
127.0.0.1 www.wvyi.com
127.0.0.1 wvyi.com
127.0.0.1 s.gcuj.com
127.0.0.1 www.gcuj.com
127.0.0.1 gcuj.com
127.0.0.1 www.hyap98.com
127.0.0.1 www.126621.com
127.0.0.1 126621.com
127.0.0.1 www.if56.cn
127.0.0.1 if56.cn
127.0.0.1 www.453888.com
127.0.0.1 www.uu500.com
127.0.0.1 uu500.com
127.0.0.1 www.money-you.cn
127.0.0.1 money-you.cn
127.0.0.1 9166.biz
127.0.0.1 www.2cdma.cn
127.0.0.1 2cdma.cn
127.0.0.1 www.jygame88.com
127.0.0.1 y66.us
127.0.0.1 www.qinlo.com
127.0.0.1 qinlo.com
127.0.0.1 1234.89111.cn
127.0.0.1 www.1234ya.com
127.0.0.1 1234ya.com
127.0.0.1 Ttwd.net
127.0.0.1 www.Ttwd.net
127.0.0.1 www.level-qq.cn
127.0.0.1 level-qq.cn
127.0.0.1 www.36xp.com
127.0.0.1 36xp.com
127.0.0.1 3.36xp.com
127.0.0.1 www.puma163.com
127.0.0.1 puma163.com
127.0.0.1 www.11sss.com
127.0.0.1 11sss.com
127.0.0.1 www.mty366.com
127.0.0.1 mty366.com
127.0.0.1 www.kaspersky7.com.cn
127.0.0.1 kaspersky7.com.cn
127.0.0.1 boolom.com
127.0.0.1 www.sl952571.cn
127.0.0.1 sl952571.cn
127.0.0.1 878772.cn
127.0.0.1 www.878772.cn
127.0.0.1 www.44xp.com
127.0.0.1 44xp.com
127.0.0.1 a.44xp.com
127.0.0.1 b.44xp.com
127.0.0.1 c.44xp.com
127.0.0.1 d.44xp.com
127.0.0.1 3.11xp.com

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 1108, C:\PROGRAM FILES\RISING\ANTISPYWARE\RUNIEP.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1728, C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 204, C:\PROGRAM FILES\360SAFE\SAFEMON\360TRAY.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

在安全模式下，瑞星没有提示有病毒，但是正常情况下反复查杀都能发现病毒。

有没有能帮看一下啊？

有没有高手帮看一下啊？

解决了，谢谢帮忙