使用卡卡3.2查杀恶意及流氓软件功能未发现流氓软件，在插件管理及卸载中存在，一共三条：
1.名称ba4c，类别IE第三方工具栏，文件路径C:\WINDOWS\System32\4d12ntos.dll
2.名称ba4c，类别IE浏览条，文件路径C:\WINDOWS\System32\4d12ntos.dll
3.名称<未知>，类别浏览器帮助程序对象(BHO)，文件路径C:\WINDOWS\System32\4d12ntos.dll

卸载及禁用均无效果，到System32目录下手动删除4d12ntos.dll，删除之后反复自动生成。重启尝试进入安全模式，蓝屏。

拜谢各位，求解决办法。



插件图片






SREng2扫描日志：
[CODE]

2007-03-27,13:11:57

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 1 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>  [(Verified)Microsoft Windows XP Publisher]
    <礣orrent><"D:\工具\utorrent16.exe">  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows XP Publisher]
    <PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows XP Publisher]
    <PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows XP Publisher]
    <nwiz><nwiz.exe /install>  [NVIDIA Corporation]
    <BigDog305><C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)>  [N/A]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [N/A]
    <RavTask><"C:\Program Files\rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <DAEMON Tools><"C:\Program Files\DAEMON Tools\daemon.exe" -lang 2052>  [(Verified)DAEMON Tools Code Signing Services]
    <StormCodec_Helper><"D:\工具(安装版)\Storm Codec\StormSet.exe" /S /opti>  []
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [N/A]
    <runeip><C:\Program Files\Rising\KakaToolBar\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <RavStub><"C:\Program Files\rising\Rav\ravstub.exe" /RUNONCE>  [Beijing Rising Technology Co., Ltd.]
    <KKDelay><C:\Program Files\rising\KakaToolBar\RunOnce.exe>  [Beijing Rising Technology Co., Ltd.]
    <uninsrest><C:\DOCUME~1\LOSTSO~1\LOCALS~1\Temp\uninrest.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <Userinit><C:\WINDOWS\System32\userinit.exe,>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows XP Publisher]

==================================

启动文件夹
[Adobe Gamma Loader]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Gamma Loader.lnk --> C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.]><N>
[QQ游戏启动加速程序]
  <C:\Documents and Settings\Lostsoul1984\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> D:\工具\QQGame\Accel.exe [深圳市腾讯计算机系统有限公司]><N>
[腾讯QQ]
  <C:\Documents and Settings\Lostsoul1984\「开始」菜单\程序\启动\腾讯QQ.lnk --> D:\工具\QQ\QQ.exe [TENCENT]><N>

==================================
服务
[Remote Procedure Alerter1 / 1][Stopped/Auto Start]
  <C:\Program Files\Windows NT\Accessories\accessopen1.exe><N/A>
[300C4F60 / 300C4F60][Stopped/Disabled]
  <C:\WINDOWS\System32\300C4F60.EXE -service><N/A>
[4524D980 / 4524D980][Stopped/Disabled]
  <C:\WINDOWS\System32\4524D980.EXE -service><N/A>
[5E0CB760 / 5E0CB760][Stopped/Disabled]
  <C:\WINDOWS\System32\5E0CB760.EXE -service><N/A>
[Adobe LM Service / Adobe LM Service][Stopped/Disabled]
  <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
  <"C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"><Macrovision Corporation>
[Macromedia Licensing Service / Macromedia Licensing Service][Stopped/Disabled]
  <"C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"><Macromedia>
[Indexing Data / MOBILL][Stopped/Auto Start]
  <><N/A>
[NVIDIA Display Driver Service / NVSvc][Stopped/Auto Start]
  <C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation>
[Std pkac Service / pkac][Stopped/Auto Start]
  <C:\WINDOWS\System32\rundll32.exe C:\PROGRA~1\hcvx\upfh.dll,Service -s><Microsoft Corporation>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Program Files\rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"C:\Program Files\rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[System Recover Servic / SysreSrv][Stopped/Auto Start]
  <sysresrv.exe><N/A>
[SecuROM User Access Service (V7) / UserAccess7][Running/Auto Start]
  <C:\WINDOWS\System32\UAService7.exe><N/A>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\System32\mspmsnsv.dll><Microsoft Corporation>

==================================
驱动程序
[acpidisk / acpidisk][Running/Auto Start]
  <\??\C:\WINDOWS\System32\drivers\acpidisk.sys><N/A>
[afaadaaa / afaadaaa][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\afaadaaa.sys><N/A>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[bDMusicb / bDMusicb][Stopped/Manual Start]
  <\??\C:\DOCUME~1\LOSTSO~1\LOCALS~1\Temp\bDMusicb.sys><N/A>
[cieeye1 / cieeye16][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\cieeye16.sys><N/A>
[C-Media WDM Audio Interface / cmuda][Running/Manual Start]
  <system32\drivers\cmuda.sys><C-Media Inc>
[dtscsi / dtscsi][Running/Manual Start]
  <\SystemRoot\System32\Drivers\dtscsi.sys><N/A>
[Intel(R) PRO Adapter Driver / E100B][Running/Manual Start]
  <System32\DRIVERS\e100b325.sys><Intel Corporation>
[EagleNT / EagleNT][Stopped/Manual Start]
  <\??\C:\WINDOWS\System32\drivers\EagleNT.sys><N/A>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\C:\Program Files\rising\Rav\ExpScan.sys><>
[BETOP C036 / GAFilter][Stopped/Auto Start]
  <System32\DRIVERS\B036.sys><N/A>
[GMSIPCI / GMSIPCI][Stopped/Manual Start]
  <\??\G:\INSTALL\GMSIPCI.SYS><N/A>
[GPKiller / GPKiller][Running/Auto Start]
  <\SystemRoot\system32\drivers\gpkiller.sys><Yahoo!>
[HookCont / HookCont][Running/Auto Start]
  <\??\C:\Program Files\rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\C:\Program Files\rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\C:\Program Files\rising\Rav\HookSys.sys><Rising>
[kmsinput / kmsinput][Stopped/Manual Start]
  <\??\C:\WINDOWS\System32\drivers\kmsinput.sys><N/A>
[lnawr / lnawr][Stopped/Manual Start]
  <\??\C:\DOCUME~1\LOSTSO~1\LOCALS~1\Temp\lnawrbwb><N/A>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\C:\Program Files\rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[ndcia / ndcia][Stopped/Auto Start]
  <\??\C:\WINDOWS\System32\drivers\ndcia.sys><N/A>
[New0 / New0][Running/Auto Start]
  <\??\C:\WINDOWS\System32\new.sys><N/A>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\D:\工具\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[npkycryp / npkycryp][Stopped/Manual Start]
  <\??\D:\工具\QQ\npkycryp.sys><N/A>
[nv / nv][Running/Manual Start]
  <System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Padus ASPI Shell / pfc][Running/Manual Start]
  <system32\drivers\pfc.sys><Padus, Inc.>
[StarForce Protection Environment Driver v6 / prodrv06][Running/System Start]
  <\SystemRoot\System32\drivers\prodrv06.sys><Protection Technology>
[StarForce Protection Helper Driver v2 / prohlp02][Running/Boot Start]
  <\SystemRoot\System32\drivers\prohlp02.sys><Protection Technology>
[StarForce Protection Synchronization Driver v1 / prosync1][Running/Boot Start]
  <\SystemRoot\System32\drivers\prosync1.sys><Protection Technology>
[Psx Hid to Gamepad Port Enabler / PSXGamepadEnabler][Stopped/Manual Start]
  <system32\drivers\psxpad.sys><Y.Kimura>
[Psx Port Enumerator / PsxPortEnumerator][Stopped/Manual Start]
  <System32\Drivers\psxenum.sys><Y.Kimura>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\PxHelp20.sys><Sonic Solutions>
[romman / romman][Stopped/Auto Start]
  <\??\C:\WINDOWS\System32\drivers\romman.sys><N/A>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\System32\drivers\RsBoot.sys><Beijing Rising>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\System32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\C:\Program Files\rising\Rav\RSPPSYS.sys><Rising>
[Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver / rtl8139][Running/Manual Start]
  <System32\DRIVERS\R8139n51.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Running/Auto Start]
  <System32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[StarForce Protection Environment Driver (version 1.x) / sfdrv01][Running/Boot Start]
  <\SystemRoot\System32\drivers\sfdrv01.sys><Protection Technology>
[StarForce Protection Helper Driver / sfhlp01][Running/Boot Start]
  <\SystemRoot\System32\drivers\sfhlp01.sys><Protection Technology>
[StarForce Protection Helper Driver (version 2.x) / sfhlp02][Running/Boot Start]
  <\SystemRoot\System32\drivers\sfhlp02.sys><Protection Technology>
[StarForce Protection Synchronization Driver (version 2.x) / sfsync02][Running/Boot Start]
  <\SystemRoot\System32\drivers\sfsync02.sys><Protection Technology>
[sptd / sptd][Running/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[stdio / stdio][Running/Auto Start]
  <\??\C:\WINDOWS\System32\drivers\stdio.sys><Microsoft Corporation>
[STEC3 / STEC3][Running/Auto Start]
  <\??\C:\WINDOWS\System32\STEC3.sys><AntiCracking>
[SVKP / SVKP][Running/Auto Start]
  <\??\C:\WINDOWS\System32\SVKP.sys><AntiCracking>
[VCD VNC Virtual Network Adapter / vcddev][Running/Manual Start]
  <System32\DRIVERS\vcdvnic.sys><VNN B.J.>
[WINIO / WINIO][Stopped/Manual Start]
  <\??\D:\工具\按键精灵5.30正式版\按键精灵5.30正式版\winio.sys><N/A>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <System32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[XTrapD12 / XTrapD12][Stopped/Manual Start]
  <\??\C:\WINDOWS\System32\XTrapD12.sys><N/A>
[yohlkd0 / yohlkd08][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\yohlkd08.sys><N/A>
[XR E-View Camera / ZSMC0305][Stopped/Manual Start]
  <System32\Drivers\usbVM305.sys><Vimicro Corporation>

==================================

浏览器加载项
[]
  {a9579c06-ba4c-4d12-ae2b-1b294ae19f4f} <C:\WINDOWS\System32\4d12ntos.dll, N/A>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\System32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[ba4c]
  {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} <C:\WINDOWS\System32\4d12ntos.dll, N/A>
[MSN Photo Upload Tool]
  {4F1E5B1A-2A80-42CA-8532-2D05CB959537} <C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, Microsoft? Corporation>
[MabinogiWebAvatarRenderer Class]
  {7623BE59-D4CF-4379-ABC4-B39E11854D66} <C:\WINDOWS\Downloaded Program Files\mabiwebframe.dll, devcat>
[IEDown Class]
  {D0A29C6C-AA71-4423-8C4A-5998B774C448} <C:\WINDOWS\System32\GLIEDown2.dll, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[&使用迅雷下载]
  <D:\工具\迅雷5\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
  <D:\工具\迅雷5\Program\GetAllUrl.htm, N/A>
[上传到QQ网络硬盘]
  <D:\工具\QQ\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
  <D:\工具\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\工具\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\工具\QQ\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 872][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 936][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 960][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\winlib .dll]  [N/A, ]
[PID: 1008][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1020][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 1212][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1372][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1612][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1680][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 2024][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\Program Files\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [D:\工具\SmartFTP Client 2.0\smarthook.dll]  [SmartFTP, 1.0.2.1]
    [C:\Program Files\7-Zip\7-zip.dll]  [N/A, ]
    [C:\WINDOWS\System32\CmdLineExt03.dll]  [N/A, ]
[PID: 184][C:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\Program Files\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 308][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\vprproc.dll]  [Windows (R) 2000 DDK provider, 5.00.2195.1620]
[PID: 428][C:\Program Files\rising\Rav\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
    [C:\Program Files\rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 792][C:\Program Files\DAEMON Tools\daemon.exe]  [DT Soft Ltd., 4.00.0.0]
    [C:\Program Files\DAEMON Tools\daemon.dll]  [DT Soft Ltd., 4.00.0.0]
    [C:\Program Files\DAEMON Tools\PFCTOC.DLL]  [Padus(R), Inc., 1, 0, 0, 12]
    [C:\Program Files\DAEMON Tools\Plugins\Images\bw5mount.dll]  [, 1.0.6.0]
    [C:\Program Files\DAEMON Tools\Plugins\Images\ccdmount.dll]  [GENERIC, 1.10.0.0]
    [C:\Program Files\DAEMON Tools\Plugins\Images\mdsmount.dll]  [GENERIC, 1.12.0.0]
    [C:\Program Files\DAEMON Tools\Plugins\Images\nrgmount.dll]  [GENERIC, 1.11.0.0]
    [C:\Program Files\DAEMON Tools\Plugins\Images\pdimount.dll]  [GENERIC, 1.01.0.0]
    [C:\Program Files\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 916][C:\Program Files\Rising\KakaToolBar\runiep.exe]  [Beijing Rising Technology Co., Ltd., 1, 0, 1, 6]
    [C:\Program Files\Rising\KakaToolBar\iep_ctrl.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
    [C:\Program Files\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 2644][C:\Documents and Settings\Lostsoul1984\桌面\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\Program Files\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [C:\Documents and Settings\Lostsoul1984\桌面\sreng2\Plugins\NWMON.SRE]  [Smallfrogs Studio, 1, 0, 0, 8]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. [hh.exe %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [notepad.exe %1]
.INF  Error. [notepad.exe %1]
.VBS  Error. [wscript.exe "%1" %*]
.JS  Error. ["C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1"]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

<礣orrent><"D:\工具\utorrent16.exe"> []
[dtscsi / dtscsi][Running/Manual Start]
<\SystemRoot\System32\Drivers\dtscsi.sys><N/A>
[EagleNT / EagleNT][Stopped/Manual Start]
<\??\C:\WINDOWS\System32\drivers\EagleNT.sys><N/A>
[BETOP C036 / GAFilter][Stopped/Auto Start]
<System32\DRIVERS\B036.sys><N/A>
先确认上面这3个(第一个为注册表项,其他为驱动项)

运行SRENG--启动项目--注册表
删除
uninsrest

运行SRENG--启动项目--服务--WIN32服务***
删除
Remote Procedure Alerter1
300C4F60
4524D980
5E0CB760
Indexing Data / MOBILL
Std pkac Service / pkac
System Recover Servic / SysreSrv
Portable Media Serial Number Service / WmdmPmSN
afaadaaa / afaadaaa

bDMusicb / bDMusicb
cieeye1 / cieeye16
romman / romman
ndcia / ndcia
New0 / New0
npkycryp / npkycryp
lnawr / lnawr
yohlkd0 / yohlkd08

运行SRENG--系统修复--浏览器加载项
删除
[]
{a9579c06-ba4c-4d12-ae2b-1b294ae19f4f}
[ba4c]
{DFCB34B6-902D-426E-AE2B-1B294AE19F4F}
[IEDown Class]
{D0A29C6C-AA71-4423-8C4A-5998B774C448}

运行SRENG--系统修复--文件关联--全选--修复


重起到安全模式西删除以下文件
C:\WINDOWS\System32\CmdLineExt03.dll
  (确认一下这个,不是你要的就删除)C:\Program Files\7-Zip\7-zip.dll
C:\WINDOWS\System32\winlib .dll
C:\DOCUME~1\LOSTSO~1\LOCALS~1\Temp\uninrest.exe
c:\Program Files\Windows NT\Accessories\accessopen1.exe
C:\WINDOWS\System32\300C4F60.EXE -service
C:\WINDOWS\System32\4524D980.EXE -service
C:\WINDOWS\System32\5E0CB760.EXE -service
C:\PROGRA~1\hcvx\upfh.dll,Service -s

sysresrv.exe(自己手动找到它)

C:\WINDOWS\System32\mspmsnsv.dll
\SystemRoot\system32\drivers\afaadaaa.sys
C:\DOCUME~1\LOSTSO~1\LOCALS~1\Temp\bDMusicb.sys
\SystemRoot\System32\DRIVERS\cieeye16.sys
C:\WINDOWS\System32\drivers\romman.sys
C:\WINDOWS\System32\drivers\ndcia.sys
C:\WINDOWS\System32\new.sys
D:\工具\QQ\npkycryp.sys (注意它与npkcrypt.sys的区别)
C:\DOCUME~1\LOSTSO~1\LOCALS~1\Temp\lnawrbwb
\SystemRoot\System32\DRIVERS\yohlkd08.sys
C:\WINDOWS\System32\4d12ntos.dll
C:\WINDOWS\System32\4d12ntos.dll
C:\WINDOWS\System32\GLIEDown2.dll
清空临时文件夹