瑞星卡卡安全论坛

试了很多方法都无效，扫描结果如下：万分感谢！！！

[CODE]

2007-07-08,22:35:33

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 1 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <CAP3ON><C:\WINDOWS\System32\spool\drivers\w32x86\3\CAP3ONN.EXE>  [(Verified)CANON INC.]
    <NeroFilterCheck><C:\WINDOWS\system32\NeroCheck.exe>  [Ahead Software Gmbh]
    <RfwMain><"d:\FW\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <RavTask><"D:\av\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <Sunkist2k><C:\Program Files\Multimedia Card Reader\shwicon2k.exe>  [Alcor Micro, Corp.]
    <Cmaudio><RunDll32 cmicnfg.cpl,CMICtrlWnd>  [N/A]
    <runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
    <MSConfig><C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><EXPLORER.EXE>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Corporation]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Corporation]
    <WebCheck><%SystemRoot%\System32\webcheck.dll>  [(Verified)Microsoft Corporation]
    <SysTray><C:\WINDOWS\System32\stobject.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\System32\browseui.dll>  [(Verified)Microsoft Corporation]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\System32\browseui.dll>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINDOWS\System32\ssflwbox.scr>  [(Verified)Microsoft Corporation]

==================================
启动文件夹
[Adobe Gamma Loader]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Gamma Loader.lnk --> C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.]><N>
[Adobe Reader Speed Launch]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Reader Speed Launch.lnk --> C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [Adobe Systems Incorporated]><N>
[Acrobat Assistant]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Acrobat Assistant.lnk --> D:\ACROBA~1.0\Distillr\acrotray.exe [Adobe Systems Inc.]><N>

==================================
服务
[Management Instrumentation Driver Extensions / 6to4][Stopped/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\winmide32.dll><N/A>
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
  <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Canon Camera Access Library 8 / CCALib8][Stopped/Auto Start]
  <C:\Program Files\Canon\CAL\CALMAIN.exe><Canon Inc.>
[GEARSecurity / GEARSecurity][Stopped/Auto Start]
  <C:\WINDOWS\System32\GEARSEC.EXE><GEAR Software>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[iPod 服务 / iPodService][Stopped/Manual Start]
  <C:\Program Files\iPod\bin\iPodService.exe><Apple Computer, Inc.>
[LightScribeService Direct Disc Labeling Service / LightScribeService][Stopped/Auto Start]
  <C:\Program Files\Common Files\LightScribe\LSSrvc.exe><>
[Macromedia Licensing Service / Macromedia Licensing Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"><N/A>
[NVIDIA Driver Helper Service / NVSvc][Stopped/Auto Start]
  <C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation>
[Remote Debug Service / RemoteDbg][Stopped/Auto Start]
  <C:\WINDOWS\System32\rundll32.exe RemoteDbg.dll,input><Microsoft Corporation>
[Rising Proxy  Service / RfwProxySrv][Stopped/Manual Start]
  <d:\fw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Stopped/Auto Start]
  <d:\fw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Stopped/Auto Start]
  <"D:\av\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
  <"D:\av\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[System Event Notification / SENS][Stopped/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%ProgramFiles%\Common Files\Microsoft Shared\MSInfo\zntiulwy.dll><N/A>

==================================
驱动程序
[ALi Based Ethernet NT Driver / ALI5261][Stopped/Manual Start]
  <System32\DRIVERS\ALILAN.SYS><ALi Corporation.>
[ALi AGP Bus Filter Driver / ALiAGP][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ALiAGP.sys><ALi Corporation.>
[AliIde / AliIde][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\aliide.sys><ALi Corporation>
[aliperf / aliperf][Running/Boot Start]
  <\SystemRoot\System32\drivers\aliperf.sys><Windows (R) 2000 DDK provider>
[ATSpy / ATSpy][Stopped/Manual Start]
  <\??\C:\WINDOWS\System32\ATSpy.sys><N/A>
[Rising TDI Base Driver / BaseTDI][Stopped/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[C-Media WDM Audio Interface / cmuda][Stopped/Manual Start]
  <system32\drivers\cmuda.sys><C-Media Inc>
[ExpScaner / ExpScaner][Stopped/Auto Start]
  <\??\D:\av\ExpScan.sys><>
[GEAR CDRom Filter / GEARAspiWDM][Running/Manual Start]
  <SYSTEM32\DRIVERS\GEARAspiWDM.sys><GEAR Software>
[Founder Scanner Driver / GT680xNT][Stopped/Manual Start]
  <system32\drivers\gt680x.sys><>
[HOOKAPI / HOOKAPI][Stopped/Manual Start]
  <\??\D:\RISING\RAV\HOOKAPI.SYS><N/A>
[HookCont / HookCont][Stopped/Auto Start]
  <\??\D:\av\HOOKCONT.sys><Rising>
[HookReg / HookReg][Stopped/Auto Start]
  <\??\D:\av\HookReg.sys><>
[HookSys / HookSys][Stopped/Auto Start]
  <\??\D:\av\HookSys.sys><Rising>
[HookUrl / HookUrl][Stopped/Auto Start]
  <\??\d:\FW\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[MEMSCAN / MEMSCAN][Stopped/Auto Start]
  <\??\D:\av\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs][Stopped/Auto Start]
  <\??\d:\fw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[New0 / New0][Stopped/Auto Start]
  <\??\C:\WINDOWS\System32\new.sys><N/A>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
  <System32\DRIVERS\npf.sys><NetGroup - Politecnico di Torino>
[nv / nv][Stopped/Manual Start]
  <System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Padus ASPI Shell / pfc][Running/Manual Start]
  <system32\drivers\pfc.sys><Padus, Inc.>
[Direct Parallel Link Driver / Ptilink][Stopped/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[WAN 微型端口 (PPP over Ethernet 协议) / RMSPPPOE][Stopped/Manual Start]
  <System32\DRIVERS\RMSPPPOE.SYS><Robert Schlabbach>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\System32\drivers\RsBoot.sys><Beijing Rising>
[RsFwDrv / RsFwDrv][Stopped/Auto Start]
  <\??\d:\FW\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\System32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Stopped/Auto Start]
  <\??\D:\av\RSPPSYS.sys><Rising>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[Alcor Micro Corp - 9360 / SunkFilt][Stopped/Manual Start]
  <\??\C:\WINDOWS\System32\Drivers\sunkfilt.sys><Alcor Micro Corp.>
[zntiulwy / zntiulwy][Stopped/Auto Start]
  <\??\C:\Program Files\Common Files\Microsoft Shared\MSInfo\zntiulwy.sys><N/A>

=================================
浏览器加载项
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\System32\xunleibho_v4.dll, >
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[BitComet Helper]
  {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <E:\BitCome\tools\BitCometBHO_1.1.4.29.dll, BitComet>
[IeCatch2 Class]
  {A5366673-E8CA-11D3-9CD9-0090271D075B} <E:\FLASHGET\jccatch.dll, Amaze Soft>
[AcroIEToolbarHelper Class]
  {AE7CD045-E861-484f-8273-0445EE161910} <D:\Acrobat 6.0\Acrobat\AcroIEFavClient.dll, N/A>
[解霸]
  {367E0A21-8601-4986-9C9A-153BF5ACA118} <C:\HEROSOFT\Hero3000\MPLAYER.EXE, N/A>
[CibaCtrl Class]
  {8DE0FCD4-5EB5-11D3-AD25-00002100131B} <C:\PROGRA~1\Kingsoft\XDict\IEPlugin.dll, >
[JoyoCtrl Class]
  {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} <C:\PROGRA~1\Kingsoft\XDict\IEPlugin.dll, >
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[FlashGet]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <E:\FLASHGET\flashget.exe, Amaze Soft>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[金山快译(&K)]
  {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} <C:\PROGRA~1\Kingsoft\FastAIT\IEBand.dll, >
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <E:\FLASHGET\fgiebar.dll, Amaze Soft>
[Adobe PDF]
  {47833539-D0C5-4125-9FA8-0819E2EAAC93} <D:\Acrobat 6.0\Acrobat\AcroIEFavClient.dll, N/A>
[MMCPlayer Class]
  {05C1004E-2596-48E5-8E26-39362985EEB9} <C:\WINDOWS\Downloaded Program Files\CONFLICT.3\MMCShell.dll, Sohu.com Inc.>
[Shockwave ActiveX Control]
  {166B1BCA-3F9C-11CF-8075-444553540000} <C:\WINDOWS\System32\macromed\Shockwave 10\Download.dll, Macromedia, Inc.>
[InfoSecNetSign Class]
  {62B938C4-4190-4F37-8CF0-A92B0A91CC77} <C:\WINDOWS\DOWNLO~1\NetSign.dll, Infosec Technologies Co., Ltd.>
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, >
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[金山毒霸在线产品升级]
  {E847C78C-C210-4195-8799-FBF3BF89797D} <C:\PROGRA~1\KOS\KOSInit.OCX, 金山软件股份有限公司>
[&使用BitComet下载]
  <res://E:\BitCome\BitComet.exe/AddLink.htm, N/A>
[&使用BitComet下载全部链接]
  <res://E:\BitCome\BitComet.exe/AddAllLink.htm, N/A>
[&使用BitComet下载本页视频]
  <res://E:\BitCome\BitComet.exe/AddVideo.htm, N/A>
[&使用暴风下载器下载]
  <E:\Storm Downloader\geturl.htm, N/A>
[使用网际快车下载]
  <E:\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <E:\FlashGet\jc_all.htm, N/A>
[解霸实时播放]
  <C:\HEROSOFT\Hero3000\MPURLGET.HTM, N/A>

==================================
正在运行的进程
[PID: 148][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 208][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 232][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 276][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 288][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 452][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 476][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 708][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\Program Files\Internet Explorer\PLUGINS\System64.Sys]  [N/A, N/A]
    [C:\PROGRA~1\WINZIP\WZSHLSTB.DLL]  [WinZip Computing, Inc., 4.1 (32-bit)]
    [D:\rar\rarext.dll]  [N/A, N/A]
    [D:\av\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [D:\Acrobat 6.0\Acrobat Elements\ContextMenu.dll]  [Adobe Systems Inc., 1.0.0.2003051500]
    [D:\Acrobat 6.0\Acrobat Elements\ContextMenu.chs]  [Adobe Systems Inc., 1.0.0.2003051500]
[PID: 804][C:\Program Files\Microsoft Office\Office\WINWORD.EXE]  [Microsoft Corporation, 9.0.2823]
    [C:\Program Files\Internet Explorer\PLUGINS\System64.Sys]  [N/A, N/A]
    [D:\av\RsPlugIn.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 14]
    [C:\PROGRA~1\Kingsoft\XDict\PWOFFI~1.DLL]  [N/A, N/A]
    [C:\PROGRA~1\Kingsoft\FastAIT\AddIns\WORDAD~1.DLL]  [, 1, 0, 0, 1]
    [D:\ACROBA~1.0\PDFMaker\Common\ADOBEP~1.DLL]  [N/A, N/A]
    [D:\ACROBA~1.0\PDFMaker\Common\AdobePDFMakerX.CHS]  [N/A, N/A]
    [C:\PROGRA~1\COMMON~1\KingSoft\Extract\KSEngine.dll]  [, 1, 0, 0, 1]
    [C:\PROGRA~1\COMMON~1\KingSoft\Extract\xfile.dll]  [N/A, N/A]
    [C:\PROGRA~1\COMMON~1\KingSoft\Extract\XDPopWnd.dll]  [Kingsoft, 1, 0, 0, 0]
    [C:\PROGRA~1\COMMON~1\KingSoft\Extract\XImage32.dll]  [N/A, N/A]
    [C:\PROGRA~1\COMMON~1\KingSoft\Extract\KSVoice.dll]  [N/A, N/A]
[PID: 1100][C:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\Program Files\Internet Explorer\PLUGINS\System64.Sys]  [N/A, N/A]
[PID: 1872][D:\SRE\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]
    [C:\Program Files\Internet Explorer\PLUGINS\System64.Sys]  [N/A, N/A]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  Error. [超级解霸3000]
.JS  Error. ["E:\Dreamweaver\Dreamweaver MX 2004\Dreamweaver.exe" "%1"]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost
59.34.148.98      www.hao123.com
59.34.148.98      www.4199.com
59.34.148.98      www.9505.com
59.34.148.98      www.7322.com
218.5.76.175      www.huoche.com.cn

==================================
API HOOK
N/A

==================================


[/CODE]

注意：删除病毒可能会具有一定的危险性 所以强烈建议操作前要把重要资料转移至非系统分区！
下面所提到的文件中如果有哪项你认识或者确认不是病毒 请不要删除！

安全模式下(开机后不断 按F8键  然后出来一个高级菜单 选择第一项 安全模式 进入系统)

打开sreng （就是你扫日志的软件）


“启动项目”-“服务”-“Win32服务应用程序”中点“隐藏经认证的微软项目”，
选中以下项目，点“删除服务”，再点“设置”，在弹出的框中点“否”：
Management Instrumentation Driver Extensions / 6to4
Remote Debug Service / RemoteDbg



双击我的电脑，工具，文件夹选项，查看，单击选取"显示隐藏文件或文件夹" 并清除"隐藏受保护的操作系统文件（推荐）"前面的钩。在提示确定更改时，单击“是” 然后确定
点击  菜单栏下方的 文件夹按钮（搜索右边的按钮）
从左边的资源管理器 进入C盘
删除如下文件
C:\WINDOWS\System32\winmide32.dll
C:\Program Files\Internet Explorer\PLUGINS\System64.Sys
C:\WINDOWS\System32\RemoteDbg.dll



重启计算机进入正常模式后，升级杀毒软件全盘杀毒！
建议使用360安全卫士（http://www.360safe.com/），金山毒霸清理专家（http://www.duba.net/zt/ksc/）或者卡卡安全助手（http://tool.ikaka.com/）
清理系统中的流氓软件

注：Documents and Settings=DOCUME~1  Administrator=ADMINI~1    Local Settings=LOCALS~1
如果发现显示隐藏文件的选项改不回来，
请把下面的代码拷入记事本中然后另存为1.reg文件
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"Text"="@shell32.dll,-30500"
"Type"="radio"
"CheckedValue"=dword:00000001
"ValueName"="Hidden"
"DefaultValue"=dword:00000002
"HKeyRoot"=dword:80000001
"HelpID"="shell.hlp#51105"

双击1.reg把这个注册表项导入

分析人员：清新阳光
个人博客：http://hi.baidu.com/newcenturysun

多谢楼上大哥！！