我的电脑了．灰鸽子，好象还有瑞金　很多病毒自动弹网站，
CODE]

2007-04-14,16:43:46

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <RealUpdate><c:\Update.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <nwiz><nwiz.exe /install>  []
    <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <CdnCtr><C:\Program Files\CNNIC\Cdn\cdnup.exe>  [CNNIC]
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <KKDelay><C:\Program Files\Rising\AntiSpyware\RunOnce.exe>  [Beijing Rising Technology Co., Ltd.]
    <ArSwp.exe><"D:\arswp\ArSwp.exe" /Auto>  [www.arswp.com]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Publisher]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <WebCheck><%SystemRoot%\system32\webcheck.dll>  [(Verified)Microsoft Windows Publisher]
    <SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Publisher]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rpcc]
    <WinlogonNotify: rpcc><C:\WINDOWS\system32\rpcc.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
    <浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe>  [(Verified)Microsoft Windows Publisher]

中的流氓软件不少哟。

==================================
启动文件夹
N/A

==================================
服务
[41D04C46 / 41D04C46][Stopped/Auto Start]
  <C:\WINDOWS\system32\41D04C46.EXE -41D04C46><N/A>
[DB81BA95 / DB81BA95][Stopped/Auto Start]
  <C:\WINDOWS\system32\DB81BA95.EXE -k><Microsoft Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NVIDIA Display Driver Service / NVSvc][Stopped/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[WinWMService / WinWMService][Stopped/Auto Start]
  <C:\WINDOWS\system32\RAVWM.EXE><N/A>
[Windows Media Connect Service / WMConnectCDS][Stopped/Manual Start]
  <C:\Program Files\Windows Media Connect 2\wmccds.exe><Microsoft Corporation>
[Windows Driver Foundation - User-mode Driver Framework / WudfSvc][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup-->%SystemRoot%\System32\WUDFSvc.dll><Microsoft Corporation>

==================================
驱动程序
[awargx5 / awargx58][Stopped/Disabled]
  <System32\DRIVERS\awargx58.sys><N/A>
[cdnprot / cdnprot][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\cdnprot.sys><中国互联网络信息中心(CNNIC)>
[cdntran / cdntran][Stopped/Auto Start]
  <system32\drivers\cdntran.sys><CNNIC>
[lfkhrb / lfkhrb][Stopped/Boot Start]
  <\SystemRoot\\SystemRoot\System32\drivers\lfkhrb.sys><N/A>
[msihn / msihnk][Stopped/Disabled]
  <System32\DRIVERS\msihnk.sys><N/A>
[ATK0110 ACPI UTILITY / MTsensor][Running/Manual Start]
  <system32\DRIVERS\ASACPI.sys><>
[npkcrypt / npkcrypt][Stopped/Auto Start]
  <\??\D:\qq\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Stopped/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[nxjybn3 / nxjybn39][Stopped/Disabled]
  <System32\DRIVERS\nxjybn39.sys><N/A>
[plcc / plccw][Stopped/Disabled]
  <System32\DRIVERS\plccw.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver / RTLE8023xp][Running/Manual Start]
  <system32\DRIVERS\Rtenicxp.sys><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[tpynyvm / tpynyvm][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\tpynyvm.sys><N/A>
[Windows Driver Foundation - User-mode Driver Framework Platform Driver / WudfPf][Stopped/Manual Start]
  <system32\DRIVERS\WudfPf.sys><Microsoft Corporation>
[Windows Driver Foundation - User-mode Driver Framework Reflector / WudfRd][Stopped/Manual Start]
  <system32\DRIVERS\wudfrd.sys><Microsoft Corporation>

==================================
浏览器加载项
[QQCycloneHelper Class]
  {00000000-12C9-4305-82F9-43058F20E8D2} <D:\QQDownload\QQIEHelper01.dll, 腾讯公司>
[Cbho Object]
  {352E3B3A-CAB5-4DBC-B940-C7F84D0447D8} <C:\PROGRA~1\CNNIC\Cdn\cdndrag.dll, CNNIC>
[腾讯QQ]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <C:\WINDOWS\QQIEHelper.dll, N/A>
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[WMHlprObj Class]
  {F5824EFB-728A-4726-A5A5-85A68B20EDC3} <C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll, CNNIC>
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[番茄花园]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.tomatolei.com, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\新建文件夹\QQ.EXE, N/A>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <D:\新建文件夹\QQIEHelper.dll, N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[访问瑞星网站]
  {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E444} <http://www.rising.com.cn/?u=RSTB, N/A>
[访问卡卡社区]
  {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E445} <http://www.ikaka.com/?u=RSTB, N/A>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[QQCycloneHelper Class]
  {00000000-12C9-4305-82F9-43058F20E8D2} <D:\QQDownload\QQIEHelper01.dll, 腾讯公司>
[Cbho Object]
  {352E3B3A-CAB5-4DBC-B940-C7F84D0447D8} <C:\PROGRA~1\CNNIC\Cdn\cdndrag.dll, CNNIC>
[腾讯QQ]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <C:\WINDOWS\QQIEHelper.dll, N/A>
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[WMHlprObj Class]
  {F5824EFB-728A-4726-A5A5-85A68B20EDC3} <C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll, CNNIC>
[&使用超级旋风下载]
  <D:\QQDownload\geturl.htm, N/A>
[&使用超级旋风下载全部链接]
  <D:\QQDownload\getAllurl.htm, N/A>
[上传到QQ网络硬盘]
  <D:\qq\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
  <D:\qq\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\qq\SendMMS.htm, N/A>
[访问通用网址]
  <C:\Program Files\CNNIC\Cdn\cnnic.htm, N/A>

==================================
正在运行的进程
[PID: 520][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 576][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2040][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 396][C:\WINDOWS\explorer.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\Goauld.dll]  [N/A, ]
    [C:\WINDOWS\system32\cdnns.dll]  [CNNIC, 2, 0, 0, 0]
[PID: 1144][D:\超级兔子\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\cdnns.dll]  [CNNIC, 2, 0, 0, 0]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
[D:\]
[AutoRun]
open=rising.exe
shellexecute=rising.exe
shell\Auto\command=rising.exe
[E:\]
[AutoRun]
open=rising.exe
shellexecute=rising.exe
shell\Auto\command=rising.exe
[F:\]
[AutoRun]
open=rising.exe
shellexecute=rising.exe
shell\Auto\command=rising.exe

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
[D:\]
[AutoRun]
open=rising.exe
shellexecute=rising.exe
shell\Auto\command=rising.exe
[E:\]
[AutoRun]
open=rising.exe
shellexecute=rising.exe
shell\Auto\command=rising.exe
[F:\]
[AutoRun]
open=rising.exe
shellexecute=rising.exe
shell\Auto\command=rising.exe

==================================
HOSTS 文件
202.109.114.142  survey88.allyes.com
202.109.114.142  adtaobao.allyes.com
202.109.114.142  code.qihoo.com
202.109.114.142  union.mop.com
202.109.114.142  js.kkunion.com
202.109.114.142  v.kkunion.com
202.109.114.142  v.21cn.com
202.109.114.142  iplusms.allyes.com
202.109.114.142  mms.t2t2.com
202.109.114.142  ivr.dobig.net
202.109.114.142  www.u8u.com
202.109.114.142  u.u8u.com
202.109.114.142  img.zhangxiu.com
202.109.114.142  tl.linktone.com
202.109.114.142  channel.e78.com
202.109.114.142  u.7town.com
202.109.114.142  union.95ol.com.cn
202.109.114.142  mms1.95ol.com.cn
202.109.114.142  mfs.95ol.com.cn
202.109.114.142  tl.a8.com
202.109.114.142  ad01.a8.com
202.109.114.142  u2.caiku.com
202.109.114.142  mms.caiku.com
202.109.114.142  code1.caiku.com
202.109.114.142  pub.lele.com
202.109.114.142  u.lele.com
202.109.114.142  7town.com
202.109.114.142  tvsend.7town.com
202.109.114.142  ivrsend.7town.com
202.109.114.142  tlt.7town.com
202.109.114.142  gsend.7town.com
202.109.114.142  smssend.7town.com
202.109.114.142  mmssend.moyu.com
202.109.114.142  91ivr.com
202.109.114.142  myad.91ivr.com
202.109.114.142  u.91ivr.com
202.109.114.142  union.91ivr.com
202.109.114.142  cm.p4p.cn.yahoo.com
202.109.114.142  un.265.com
202.109.114.142  union.qq.com
202.109.114.142  view.aliunion.cn.yahoo.com
202.109.114.142  union.narrowad.com
202.109.114.142  ln.heima8.com
202.109.114.142  www.fboat.cn
202.109.114.142  cpro.baidu.com
202.109.114.142  unstat.baidu.com
202.109.114.142  y.cnxad.com
202.109.114.142  www.ewowo.com
202.109.114.142  template.union.163.com
202.109.114.142  new.is686.com
202.109.114.142  creative.unionsys.bolaa.com
202.109.114.142  www.qyule.com
202.109.114.142  99e.cc
202.109.114.142  www.91ivr.com
202.109.114.142  mg.ukaka.com
202.109.114.142  kooxoo2.ad4all.net
202.109.114.142  www.8fff.com
202.109.114.142  union.pomoho.com
202.109.114.142  202.107.233.211
202.109.114.142  www.end123.com
202.109.114.142  w1.7clink.com
202.109.114.142  w2.7clink.com
202.109.114.142  union01.com
202.109.114.142  click.8le8le.com
202.109.114.142  stbanner.allyes.com
202.109.114.142  mms1.moyu.com
202.109.114.142  u.moyu.com
202.109.114.142  mmsu.moyu.com
202.109.114.142  show.moyu.com
202.109.114.142  ivrsend.moyu.com
202.109.114.142  ivru.moyu.com
202.109.114.142  ivr1.moyu.com
203.191.146.205  corep.dmcast.com
203.191.146.205  m081.dmcast.com
203.191.146.205  dcww.dmcast.com
203.191.146.205  renren.dmcast.com
203.191.146.205  files.henbang.net
203.191.146.205  bannerbox.cn
203.191.146.205  www.bannerbox.cn
203.191.146.205  action.coopen.cn
203.191.146.205  u4.sky99.cn
203.191.146.205  u1.sky99.cn
203.191.146.205  u2.sky99.cn
203.191.146.205  u3.sky99.cn
203.191.146.205  sky99.cn
203.191.146.205  u.sky99.cn
203.191.146.205  u.ete.cn
203.191.146.205  ip.alexaanywhere.com
203.191.146.205  www.365tan.com
203.191.146.205  www.winopen.cn
203.191.146.205  www.tanip.com
203.191.146.205  alexaanywhere.com
203.191.146.205  jssb.alexaanywhere.com
203.191.146.205  ns250.alexaanywhere.com
203.191.146.205  sb.alexaanywhere.com
203.191.146.205  ip.alexaanywhere.com
203.191.146.205  pop.9v.cn
203.191.146.205  xuni.myad.cn
203.191.146.205  iebar.t2t2.com
203.191.146.205  error.newcell.cn
203.191.146.205  auto.search.msn.com
203.191.146.205  cns.3721.com
203.191.146.205  seek.3721.com
203.191.146.205  name.cnnic.cn
203.191.146.205  toolsbar.kuaiso.com
203.191.146.205  www.kuaiso.com
203.191.146.205  kuaiso.com
203.191.146.205  www.copyso.com
203.191.146.205  union.copyso.com
203.191.146.205  auto.search.msn.com
203.191.146.205  ok.mop-hz.com
203.191.146.205  www.ncast.cn
203.191.146.205  www.ads3721.com
203.191.146.205  360.ads3721.com
203.191.146.205  www.maohehe.com
203.191.146.205  www.5566.net
203.191.146.205  5566.net
203.191.146.205  www.gjj.cc
203.191.146.205  gjj.cc
203.191.146.205  www.9495.com
203.191.146.205  9495.com
203.191.146.205  my123.com
203.191.146.205  www.my123.com
203.191.146.205  7b.com.cn
203.191.146.205  www.7b.com.cn
203.191.146.205  www.3567.com
203.191.146.205  3567.com
203.191.146.205  www.37021.com
203.191.146.205  37021.com
203.191.146.205  k369.com
203.191.146.205  www.k369.com
203.191.146.205  www.haourl.com
203.191.146.205  haourl.com
203.191.146.205  www.37021.net
203.191.146.205  37021.net
203.191.146.205  www.4199.com
203.191.146.205  4199.com
203.191.146.205  www.9505.com
203.191.146.205  9505.com
203.191.146.205  7939.com
203.191.146.205  www.7939.com
203.191.146.205  www.3448.com
203.191.146.205  3448.com
203.191.146.205  8925.com
203.191.146.205  www.8925.com
203.191.146.205  www.ttmp3.com
203.191.146.205  ttmp3.com
203.191.146.205  www.3tg.cn
203.191.146.205  3tg.cn
203.191.146.205  www.ttjj.com
203.191.146.205  ttjj.com
203.191.146.205  www.59178.com
203.191.146.205  59178.com
203.191.146.205  www.987654.com
203.191.146.205  987654.com
203.191.146.205  www.zhao123.com
203.191.146.205  zhao123.com
203.191.146.205  123wa.com
203.191.146.205  www.123wa.com
203.191.146.205  www.159.com
203.191.146.205  soft.159.com
203.191.146.205  www.v111.com
203.191.146.205  v111.com
203.191.146.205  www.855.com
203.191.146.205  855.com
203.191.146.205  www.wu123.com
203.191.146.205  wu123.com
203.191.146.205  www.haodx.com
203.191.146.205  haodx.com
203.191.146.205  19ku.com
203.191.146.205  www.19ku.com
203.191.146.205  www.t2t2.com
203.191.146.205  t2t2.com
203.191.146.205  www.ku8.com
203.191.146.205  ku8.com
203.191.146.205  www.v23.com
203.191.146.205  v23.com
203.191.146.205  www.51115.com
203.191.146.205  www.52.com
203.191.146.205  52.com
203.191.146.205  www.qu123.com
203.191.146.205  qu123.com
203.191.146.205  www.haokan123.com
203.191.146.205  haokan123.com
203.191.146.205  www.kan123.com
203.191.146.205  kan123.com
203.191.146.205  hang123.com
203.191.146.205  www.hang123.com
203.191.146.205  3tom.com
203.191.146.205  www.3tom.com
203.191.146.205  www.anyso.com
203.191.146.205  anyso.com
203.191.146.205  59178.com
203.191.146.205  www.59178.com
203.191.146.205  t3j4.com
203.191.146.205  www.t3j4.com
203.191.146.205  www.zh130.com
203.191.146.205  zh130.com
203.191.146.205  www.8757.com
203.191.146.205  8757.com
203.191.146.205  www.7667.com
203.191.146.205  7667.com
203.191.146.205  ie.union123.com
203.191.146.205  www.daohangtu.com
203.191.146.205  daohangtu.com
203.191.146.205  www.ld123.com
203.191.146.205  ld123.com
203.191.146.205  www.369.com
203.191.146.205  369.com
203.191.146.205  91ni.com
203.191.146.205  www.91ni.com
203.191.146.205  www.17995.com
203.191.146.205  17995.com
203.191.146.205  www.sha123.com
203.191.146.205  sha123.com
203.191.146.205  www.lethot.com
203.191.146.205  lethot.com
203.191.146.205  www.8757.com
203.191.146.205  8757.com
203.191.146.205  4533.cn
203.191.146.205  6h.com.cn
203.191.146.205  www.6h.com.cn
203.191.146.205  www.jjol.cn
203.191.146.205  jjol.cn
203.191.146.205  wangzhiku.com
203.191.146.205  www.wangzhiku.com
203.191.146.205  www.1zhan.com
203.191.146.205  1zhan.com
203.191.146.205  www.262.com
203.191.146.205  262.com
203.191.146.205  www.365.com
203.191.146.205  365.com
203.191.146.205  www.4533.cn
203.191.146.205  4533.cn
203.191.146.205  31tg.com
203.191.146.205  www.31tg.com
203.191.146.205  tomatolei.com
203.191.146.205  www.tomatolei.com
203.191.146.205  999cha.com
203.191.146.205  www.999cha.com
127.0.0.1  mmsk.cn
127.0.0.1  ikaka.com
127.0.0.1  safe.qq.com
127.0.0.1  360safe.com
127.0.0.1  bbs.360safe.com
127.0.0.1  www.mmsk.cn
127.0.0.1  www.ikaka.com
127.0.0.1  tool.ikaka.com
127.0.0.1  www.360safe.com
127.0.0.1  zs.kingsoft.com
127.0.0.1  forum.ikaka.com
127.0.0.1  up.rising.com.cn
127.0.0.1  scan.kingsoft.com
127.0.0.1  kvup.jiangmin.com
127.0.0.1  reg.rising.com.cn
127.0.0.1  update.rising.com.cn
127.0.0.1  update7.jiangmin.com
127.0.0.1  download.rising.com.cn
127.0.0.1  dnl-us1.kaspersky-labs.com
127.0.0.1  dnl-us2.kaspersky-labs.com
127.0.0.1  dnl-us3.kaspersky-labs.com
127.0.0.1  dnl-us4.kaspersky-labs.com
127.0.0.1  dnl-us5.kaspersky-labs.com
127.0.0.1  dnl-us6.kaspersky-labs.com
127.0.0.1  dnl-us7.kaspersky-labs.com
127.0.0.1  dnl-us8.kaspersky-labs.com
127.0.0.1  dnl-us9.kaspersky-labs.com
127.0.0.1  dnl-us10.kaspersky-labs.com
127.0.0.1  dnl-eu1.kaspersky-labs.com
127.0.0.1  dnl-eu2.kaspersky-labs.com
127.0.0.1  dnl-eu3.kaspersky-labs.com
127.0.0.1  dnl-eu4.kaspersky-labs.com
127.0.0.1  dnl-eu5.kaspersky-labs.com
127.0.0.1  dnl-eu6.kaspersky-labs.com
127.0.0.1  dnl-eu7.kaspersky-labs.com
127.0.0.1  dnl-eu8.kaspersky-labs.com
127.0.0.1  dnl-eu9.kaspersky-labs.com
127.0.0.1  dnl-eu10.kaspersky-labs.com

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

运行SREng-在"启动项目->服务->"Win32服务应用程序"选中"隐藏已认证的微软服务" 然后将下面名称的服务删除（选中有问题的服务后，点“删除服务”，点“设置”按钮即可。  注意弹出的窗口中要点 “NO 否”才是确认删除服务）(不能删除的就禁用:启动类型改为disabled,点中修改启动类型，点设置):
[41D04C46 / 41D04C46][Stopped/Auto Start]
<C:\WINDOWS\system32\41D04C46.EXE -41D04C46><N/A>
[DB81BA95 / DB81BA95][Stopped/Auto Start]
<C:\WINDOWS\system32\DB81BA95.EXE -k><Microsoft Corporation>

SREng-"启动项目->服务->驱动程序"选中"隐藏已认证的微软服务" 然后将下面名称的服务删除（选中有问题的服务后，点“删除服务”，点“设置”按钮即可。  注意弹出的窗口中要点 “NO 否”才是确认删除服务）(不能删除的就禁用:启动类型改为disabled,点中修改启动类型，点设置):
[tpynyvm / tpynyvm][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\drivers\tpynyvm.sys><N/A>
[plcc / plccw][Stopped/Disabled]
<System32\DRIVERS\plccw.sys><N/A>
[nxjybn3 / nxjybn39][Stopped/Disabled]
<System32\DRIVERS\nxjybn39.sys><N/A>
[msihn / msihnk][Stopped/Disabled]
<System32\DRIVERS\msihnk.sys><N/A>
[lfkhrb / lfkhrb][Stopped/Boot Start]
<\SystemRoot\\SystemRoot\System32\drivers\lfkhrb.sys><N/A>
[awargx5 / awargx58][Stopped/Disabled]
<System32\DRIVERS\awargx58.sys><N/A>




将下列代码复制到记事本内

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"RegPath"="Software\\Microsoft\\Windows\\CurrentVersion\\Explorer\\Advanced"
"Text"="@shell32.dll,-30500"
"Type"="radio"
"CheckedValue"=dword:00000001
"ValueName"="Hidden"
"DefaultValue"=dword:00000002
"HKeyRoot"=dword:80000001
"HelpID"="shell.hlp#51105"


重命名为1.reg格式文件
双击运行
打开我的电脑/工具/文件夹选项/查看/显示隐藏文件

用冰刃删除以下文件：
冰刃下载
http://www.ttian.net/website/2005/0829/391.html

C:\WINDOWS\system32\DB81BA95.EXE
C:\WINDOWS\system32\41D04C46.EXE
C:\WINDOWS\system32\drivers\tpynyvm.sys
C:\WINDOWS\system32\DRIVERS\plccw.sys
C:\WINDOWS\system32\DRIVERS\nxjybn39.sys
C:\WINDOWS\system32\DRIVERS\awargx58.sys
C:\WINDOWS\system32\drivers\lfkhrb.sys
C:\WINDOWS\system32\DRIVERS\msihnk.sys
C:\WINDOWS\Goauld.dll
C:\WINDOWS\system32\cdnns.dll
D:\rising.exe
D:\autorun.inf
E:\rising.exe
D:\autorun.inf
F:\rising.exe
F:\autorun.inf

打开SRE--系统修复--hosts文件--重置

然后用超级兔子清理下

202.109.114.142 survey88.allyes.com
202.109.114.142 adtaobao.allyes.com
202.109.114.142 code.qihoo.com
202.109.114.142 union.mop.com
202.109.114.142 js.kkunion.com
202.109.114.142 v.kkunion.com
202.109.114.142 v.21cn.com
202.109.114.142 iplusms.allyes.com
202.109.114.142 mms.t2t2.com
202.109.114.142 ivr.dobig.net
202.109.114.142 www.u8u.com
202.109.114.142 u.u8u.com
202.109.114.142 img.zhangxiu.com
202.109.114.142 tl.linktone.com
202.109.114.142 channel.e78.com
202.109.114.142 u.7town.com
202.109.114.142 union.95ol.com.cn
202.109.114.142 mms1.95ol.com.cn
202.109.114.142 mfs.95ol.com.cn
202.109.114.142 tl.a8.com
202.109.114.142 ad01.a8.com
202.109.114.142 u2.caiku.com
202.109.114.142 mms.caiku.com
202.109.114.142 code1.caiku.com
202.109.114.142 pub.lele.com
202.109.114.142 u.lele.com
202.109.114.142 7town.com
202.109.114.142 tvsend.7town.com
202.109.114.142 ivrsend.7town.com
202.109.114.142 tlt.7town.com
202.109.114.142 gsend.7town.com
202.109.114.142 smssend.7town.com
202.109.114.142 mmssend.moyu.com
202.109.114.142 91ivr.com
202.109.114.142 myad.91ivr.com
202.109.114.142 u.91ivr.com
202.109.114.142 union.91ivr.com
202.109.114.142 cm.p4p.cn.yahoo.com
202.109.114.142 un.265.com
202.109.114.142 union.qq.com
202.109.114.142 view.aliunion.cn.yahoo.com
202.109.114.142 union.narrowad.com
202.109.114.142 ln.heima8.com
202.109.114.142 www.fboat.cn
202.109.114.142 cpro.baidu.com
202.109.114.142 unstat.baidu.com
202.109.114.142 y.cnxad.com
202.109.114.142 www.ewowo.com
202.109.114.142 template.union.163.com
202.109.114.142 new.is686.com
202.109.114.142 creative.unionsys.bolaa.com
202.109.114.142 www.qyule.com
202.109.114.142 99e.cc
202.109.114.142 www.91ivr.com
202.109.114.142 mg.ukaka.com
202.109.114.142 kooxoo2.ad4all.net
202.109.114.142 www.8fff.com
202.109.114.142 union.pomoho.com
202.109.114.142 202.107.233.211
202.109.114.142 www.end123.com
202.109.114.142 w1.7clink.com
202.109.114.142 w2.7clink.com
202.109.114.142 union01.com
202.109.114.142 click.8le8le.com
202.109.114.142 stbanner.allyes.com
202.109.114.142 mms1.moyu.com
202.109.114.142 u.moyu.com
202.109.114.142 mmsu.moyu.com
202.109.114.142 show.moyu.com
202.109.114.142 ivrsend.moyu.com
202.109.114.142 ivru.moyu.com
202.109.114.142 ivr1.moyu.com
203.191.146.205 corep.dmcast.com
203.191.146.205 m081.dmcast.com
203.191.146.205 dcww.dmcast.com
203.191.146.205 renren.dmcast.com
203.191.146.205 files.henbang.net
203.191.146.205 bannerbox.cn
203.191.146.205 www.bannerbox.cn
203.191.146.205 action.coopen.cn
203.191.146.205 u4.sky99.cn
203.191.146.205 u1.sky99.cn
203.191.146.205 u2.sky99.cn
203.191.146.205 u3.sky99.cn
203.191.146.205 sky99.cn
203.191.146.205 u.sky99.cn
203.191.146.205 u.ete.cn
203.191.146.205 ip.alexaanywhere.com
203.191.146.205 www.365tan.com
203.191.146.205 www.winopen.cn
203.191.146.205 www.tanip.com
203.191.146.205 alexaanywhere.com
203.191.146.205 jssb.alexaanywhere.com
203.191.146.205 ns250.alexaanywhere.com
203.191.146.205 sb.alexaanywhere.com
203.191.146.205 ip.alexaanywhere.com
203.191.146.205 pop.9v.cn
203.191.146.205 xuni.myad.cn
203.191.146.205 iebar.t2t2.com
203.191.146.205 error.newcell.cn
203.191.146.205 auto.search.msn.com
203.191.146.205 cns.3721.com
203.191.146.205 seek.3721.com
203.191.146.205 name.cnnic.cn
203.191.146.205 toolsbar.kuaiso.com
203.191.146.205 www.kuaiso.com
203.191.146.205 kuaiso.com
203.191.146.205 www.copyso.com
203.191.146.205 union.copyso.com
203.191.146.205 auto.search.msn.com
203.191.146.205 ok.mop-hz.com
203.191.146.205 www.ncast.cn
203.191.146.205 www.ads3721.com
203.191.146.205 360.ads3721.com
203.191.146.205 www.maohehe.com
203.191.146.205 www.5566.net
203.191.146.205 5566.net
203.191.146.205 www.gjj.cc
203.191.146.205 gjj.cc
203.191.146.205 www.9495.com
203.191.146.205 9495.com
203.191.146.205 my123.com
203.191.146.205 www.my123.com
203.191.146.205 7b.com.cn
203.191.146.205 www.7b.com.cn
203.191.146.205 www.3567.com
203.191.146.205 3567.com
203.191.146.205 www.37021.com
203.191.146.205 37021.com
203.191.146.205 k369.com
203.191.146.205 www.k369.com
203.191.146.205 www.haourl.com
203.191.146.205 haourl.com
203.191.146.205 www.37021.net
203.191.146.205 37021.net
203.191.146.205 www.4199.com
203.191.146.205 4199.com
203.191.146.205 www.9505.com
203.191.146.205 9505.com
203.191.146.205 7939.com
203.191.146.205 www.7939.com
203.191.146.205 www.3448.com
203.191.146.205 3448.com
203.191.146.205 8925.com
203.191.146.205 www.8925.com
203.191.146.205 www.ttmp3.com
203.191.146.205 ttmp3.com
203.191.146.205 www.3tg.cn
203.191.146.205 3tg.cn
203.191.146.205 www.ttjj.com
203.191.146.205 ttjj.com
203.191.146.205 www.59178.com
203.191.146.205 59178.com
203.191.146.205 www.987654.com
203.191.146.205 987654.com
203.191.146.205 www.zhao123.com
203.191.146.205 zhao123.com
203.191.146.205 123wa.com
203.191.146.205 www.123wa.com
203.191.146.205 www.159.com
203.191.146.205 soft.159.com
203.191.146.205 www.v111.com
203.191.146.205 v111.com
203.191.146.205 www.855.com
203.191.146.205 855.com
203.191.146.205 www.wu123.com
203.191.146.205 wu123.com
203.191.146.205 www.haodx.com
203.191.146.205 haodx.com
203.191.146.205 19ku.com
203.191.146.205 www.19ku.com
203.191.146.205 www.t2t2.com
203.191.146.205 t2t2.com
203.191.146.205 www.ku8.com
203.191.146.205 ku8.com
203.191.146.205 www.v23.com
203.191.146.205 v23.com
203.191.146.205 www.51115.com
203.191.146.205 www.52.com
203.191.146.205 52.com
203.191.146.205 www.qu123.com
203.191.146.205 qu123.com
203.191.146.205 www.haokan123.com
203.191.146.205 haokan123.com
203.191.146.205 www.kan123.com
203.191.146.205 kan123.com
203.191.146.205 hang123.com
203.191.146.205 www.hang123.com
203.191.146.205 3tom.com
203.191.146.205 www.3tom.com
203.191.146.205 www.anyso.com
203.191.146.205 anyso.com
203.191.146.205 59178.com
203.191.146.205 www.59178.com
203.191.146.205 t3j4.com
203.191.146.205 www.t3j4.com
203.191.146.205 www.zh130.com
203.191.146.205 zh130.com
203.191.146.205 www.8757.com
203.191.146.205 8757.com
203.191.146.205 www.7667.com
203.191.146.205 7667.com
203.191.146.205 ie.union123.com
203.191.146.205 www.daohangtu.com
203.191.146.205 daohangtu.com
203.191.146.205 www.ld123.com
203.191.146.205 ld123.com
203.191.146.205 www.369.com
203.191.146.205 369.com
203.191.146.205 91ni.com
203.191.146.205 www.91ni.com
203.191.146.205 www.17995.com
203.191.146.205 17995.com
203.191.146.205 www.sha123.com
203.191.146.205 sha123.com
203.191.146.205 www.lethot.com
203.191.146.205 lethot.com
203.191.146.205 www.8757.com
203.191.146.205 8757.com
203.191.146.205 4533.cn
203.191.146.205 6h.com.cn
203.191.146.205 www.6h.com.cn
203.191.146.205 www.jjol.cn
203.191.146.205 jjol.cn
203.191.146.205 wangzhiku.com
203.191.146.205 www.wangzhiku.com
203.191.146.205 www.1zhan.com
203.191.146.205 1zhan.com
203.191.146.205 www.262.com
203.191.146.205 262.com
203.191.146.205 www.365.com
203.191.146.205 365.com
203.191.146.205 www.4533.cn
203.191.146.205 4533.cn
203.191.146.205 31tg.com
203.191.146.205 www.31tg.com
203.191.146.205 tomatolei.com
203.191.146.205 www.tomatolei.com
203.191.146.205 999cha.com
203.191.146.205 www.999cha.com
127.0.0.1 mmsk.cn
127.0.0.1 ikaka.com
127.0.0.1 safe.qq.com
127.0.0.1 360safe.com
127.0.0.1 bbs.360safe.com
127.0.0.1 www.mmsk.cn
127.0.0.1 www.ikaka.com
127.0.0.1 tool.ikaka.com
127.0.0.1 www.360safe.com
127.0.0.1 zs.kingsoft.com
127.0.0.1 forum.ikaka.com
127.0.0.1 up.rising.com.cn
127.0.0.1 scan.kingsoft.com
127.0.0.1 kvup.jiangmin.com
127.0.0.1 reg.rising.com.cn
127.0.0.1 update.rising.com.cn
127.0.0.1 update7.jiangmin.com
127.0.0.1 download.rising.com.cn
127.0.0.1 dnl-us1.kaspersky-labs.com
127.0.0.1 dnl-us2.kaspersky-labs.com
127.0.0.1 dnl-us3.kaspersky-labs.com
127.0.0.1 dnl-us4.kaspersky-labs.com
127.0.0.1 dnl-us5.kaspersky-labs.com
127.0.0.1 dnl-us6.kaspersky-labs.com
127.0.0.1 dnl-us7.kaspersky-labs.com
127.0.0.1 dnl-us8.kaspersky-labs.com
127.0.0.1 dnl-us9.kaspersky-labs.com
127.0.0.1 dnl-us10.kaspersky-labs.com
127.0.0.1 dnl-eu1.kaspersky-labs.com
127.0.0.1 dnl-eu2.kaspersky-labs.com
127.0.0.1 dnl-eu3.kaspersky-labs.com
127.0.0.1 dnl-eu4.kaspersky-labs.com
127.0.0.1 dnl-eu5.kaspersky-labs.com
127.0.0.1 dnl-eu6.kaspersky-labs.com
127.0.0.1 dnl-eu7.kaspersky-labs.com
127.0.0.1 dnl-eu8.kaspersky-labs.com
127.0.0.1 dnl-eu9.kaspersky-labs.com
127.0.0.1 dnl-eu10.kaspersky-labs.com