瑞星卡卡安全论坛

本人系统每晚１２点０５分狂弹网页！使用了杀软，卡卡，兔子，３６０安全卫士检查不出毛病，请高手指教，已经有一个星期多历史了，非常郁闷中．．．

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
<SGMIGEX><C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system\WINS0C~1.DLL,Run> [mcsoft]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<RfwMain><"D:\Rising1\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
<RavTask><"D:\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<SoundMan><SOUNDMAN.EXE> [(Verified)Realtek Semiconductor Corp.]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<ntaskldr><ntaskldr.exe /scan> [N/A]
<snpstd3><C:\WINDOWS\vsnpstd3.exe> [(Verified)Sonix]
<runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe> [Beijing Rising Technology Co., Ltd.]
<sdafdsafds><D;]XJOEPXT]ufnq]272/fyf> [N/A]
<360Safetray><D:\软件\360safe\safemon\360Tray.exe /start> [奇虎网]
<ATIPTA><C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe> [ATI Technologies, Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]

==================================
启动文件夹
[QQ游戏启动加速程序]
<C:\Documents and Settings\szz\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> E:\PROGRA~1\QQGAME\Accel.exe [深圳市腾讯计算机系统有限公司]><N>

==================================
服务
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
<C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart][Stopped/Auto Start]
<C:\WINDOWS\system32\ati2sgag.exe><>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Indexing Manager / Investor][Stopped/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\cggjq.dll><N/A>
[Messenger / Messenger][Stopped/Disabled]
<C:\WINDOWS\System32\svchost -k DcomLaunch-->C:\WINDOWS\system32\msgsvc.dll><Microsoft Corporation>
[MICR0SOFT SVCH0ST / MS_SVCH0ST][Running/Auto Start]
<C:\WINDOWS\system\SVCH0ST.EXE><N/A>
[RestoreServices / RestoreServices][Running/Auto Start]
<C:\WINDOWS\system32\Svchost.exe -k RestoreServices-->C:\WINDOWS\system32\drivers\restore.dll><Microsoft Corporation All rights reserved>
[Rising Proxy Service / RfwProxySrv][Stopped/Manual Start]
<d:\rising1\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
<d:\rising1\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"D:\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
<"D:\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Network IPSEC Connections / SOCEESe][Stopped/Auto Start]
<C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\DDMDB.DLL,Export 1087><N/A>
[sqlserver support for winnt / sqlservech][Running/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k sqlservech-->c:\windows\system32\sqlservech.dll><Microsoft Corporation>

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[ati2mtag / ati2mtag][Running/Manual Start]
<system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[EagleNT / EagleNT][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\drivers\EagleNT.sys><N/A>
[ExpScaner / ExpScaner][Running/Auto Start]
<\??\D:\Rising\Rav\ExpScan.sys><>
[HOOKAPI / HOOKAPI][Stopped/Auto Start]
<\??\D:\RISING\RISING\HookApi.Sys><N/A>
[HookCont / HookCont][Running/Auto Start]
<\??\D:\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
<\??\D:\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
<\??\D:\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
<\??\D:\Rising1\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[hwinterface / hwinterface][Running/System Start]
<System32\Drivers\hwinterface.sys><Logix4u>
[MEMSCAN / MEMSCAN][Running/Auto Start]
<\??\D:\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs][Running/Auto Start]
<\??\d:\rising1\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[njpz / njpzm][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\njpzm.sys><N/A>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\E:\Program Files\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Stopped/Disabled]
<\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[RsFwDrv / RsFwDrv][Running/Auto Start]
<\??\D:\Rising1\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Others/Auto Start]
<\??\D:\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp][Running/Manual Start]
<system32\DRIVERS\Rtnicxp.sys><Realtek Semiconductor Corporation>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[USB PC Camera (SNPSTD3) / SNPSTD3][Running/Manual Start]
<system32\DRIVERS\snpstd3.sys><>
[tqivoh1 / tqivoh17][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\tqivoh17.sys><N/A>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[6284421 / 6284421][Running/]
<2 - 系统找不到指定的文件。
><N/A>

==================================
浏览器加载项
[超级兔子上网精灵]
{7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <D:\软件\MagicSet\haokanbar.dll, Xiang Feng Technology>
[超级兔子上网精灵]
{43869BB3-22FD-4F15-9B46-238106BA2F4E} <D:\软件\MagicSet\haokanbar.dll, Xiang Feng Technology>
[CPasswordEditCtrl Object]
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\Mshtml.dll, N/A>
[HtmlDlgSafeHelper Class]
{3050F819-98B5-11CF-BB82-00AA00BDCE0B} <C:\WINDOWS\system32\mshtmled.dll, Microsoft Corporation>
[超级兔子上网精灵]
{43869BB3-22FD-4F15-9B46-238106BA2F4E} <D:\软件\MagicSet\haokanbar.dll, Xiang Feng Technology>
[HHCtrl Object]
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[超级兔子上网精灵]
{7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <D:\软件\MagicSet\haokanbar.dll, Xiang Feng Technology>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[NavigatMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <D:\软件\360safe\safemon\safemon.dll, >
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[使用迅雷下载]
<D:\软件\迅雷\Program\GetUrl.htm, N/A>
[使用迅雷下载全部链接]
<D:\软件\迅雷\Program\GetUrl.htm, N/A>

==================================
正在运行的进程
[PID: 460][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 540][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 568][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4116]
[PID: 612][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 624][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 780][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4116]
[C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2497]
[PID: 792][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 864][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 928][D:\Rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 980][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1068][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1136][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1172][D:\Rising\Rav\Ravmond.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 43]
[D:\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[D:\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[D:\Rising\Rav\rfwctrl.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
[D:\Rising\Rav\RsPPsys.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[D:\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[D:\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[D:\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[D:\Rising\Rav\RsLog.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
[D:\Rising\Rav\HOOKSYS.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 0]
[D:\Rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 12]
[D:\Rising\Rav\libload.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
[D:\Rising\Rav\VirusLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[D:\Rising\Rav\regmon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
[D:\Rising\Rav\HookWeb.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
[D:\Rising\Rav\MemMon.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
[D:\Rising\Rav\expscan.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[D:\Rising\Rav\mPorts.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[D:\Rising\Rav\HookCont.dll] [Rising, 19, 0, 0, 0]
[D:\Rising\Rav\SpamEng.dll] [N/A, 18, 0, 0, 6]
[D:\Rising\Rav\engine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 25]
[D:\Rising\Rav\PostTrt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 8]
[D:\Rising\Rav\UnExe.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[D:\Rising\Rav\ScanExec.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
[D:\Rising\Rav\ScanEx.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 40]
[D:\Rising\Rav\ExtFile.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 25]
[D:\Rising\Rav\NvFile.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
[D:\Rising\Rav\ScanMac.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 13]
[D:\Rising\Rav\ScanSct.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
[D:\Rising\Rav\Unpacker.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
[D:\Rising\Rav\ScanPack.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
[D:\Rising\Rav\RsVM.dll] [N/A, 19, 0, 0, 15]

[D:\Rising\Rav\Uroutine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 21]
[D:\Rising\Rav\Uscript.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 18]
[D:\Rising\Rav\ExtOLE.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
[PID: 1260][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4116]
[C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2497]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[D:\软件\360safe\safemon\safemon.dll] [, 1, 0, 0, 1002]
[PID: 1324][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[D:\软件\360safe\safemon\safemon.dll] [, 1, 0, 0, 1002]
[PID: 1400][d:\rising1\rfw\rfwsrv.exe] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 33]
[d:\rising1\rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 3]
[d:\rising1\rfw\rfwlog.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 2]
[d:\rising1\rfw\Rfwdrv.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 10]
[d:\rising1\rfw\MonDrv.dll] [rs, 1, 0, 0, 4]
[d:\rising1\rfw\ProcLib.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 5]
[d:\rising1\rfw\mPorts.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[PID: 1584][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1808][d:\rising1\rfw\RfwMain.exe] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 70]
[d:\rising1\rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
[d:\rising1\rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[d:\rising1\rfw\RfwCtrl.dll] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
[d:\rising1\rfw\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
[d:\rising1\rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[D:\软件\360safe\safemon\safemon.dll] [, 1, 0, 0, 1002]
[PID: 1924][C:\WINDOWS\system\SVCH0ST.EXE] [N/A, N/A]
[PID: 1972][C:\WINDOWS\system32\Svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[c:\windows\system32\drivers\restore.dll] [Microsoft Corporation All rights reserved, 1, 0, 0, 1]
[PID: 2012][C:\WINDOWS\system32\rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system\WINS0C~1.DLL] [mcsoft, 1, 0, 0, 0]
[D:\软件\360safe\safemon\safemon.dll] [, 1, 0, 0, 1002]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 396][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 412][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2064][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2132][D:\Rising\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
[D:\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[D:\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[D:\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[D:\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[D:\软件\360safe\safemon\safemon.dll] [, 1, 0, 0, 1002]
[PID: 2160][D:\Rising\Rav\Ravmon.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 45]
[D:\Rising\Rav\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
[D:\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[D:\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[D:\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[D:\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[D:\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[D:\Rising\Rav\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
[D:\Rising\Rav\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[D:\软件\360safe\safemon\safemon.dll] [, 1, 0, 0, 1002]
[PID: 2188][C:\WINDOWS\SOUNDMAN.EXE] [Realtek Semiconductor Corp., 5.1.0.40]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[D:\软件\360safe\safemon\safemon.dll] [, 1, 0, 0, 1002]
[PID: 2448][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3208]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[D:\软件\360safe\safemon\safemon.dll] [, 1, 0, 0, 1002]
[PID: 2464][C:\WINDOWS\vsnpstd3.exe] [Sonix, 1, 0, 1, 5]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[D:\软件\360safe\safemon\safemon.dll] [, 1, 0, 0, 1002]
[PID: 2492][C:\Program Files\Rising\AntiSpyware\runiep.exe] [Beijing Rising Technology Co., Ltd., 1, 0, 1, 6]
[C:\Program Files\Rising\AntiSpyware\iep_ctrl.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[D:\软件\360safe\safemon\safemon.dll] [, 1, 0, 0, 1002]
[PID: 2520][D:\软件\360safe\safemon\360Tray.exe] [奇虎网, 1, 0, 1, 1003]
[D:\软件\360safe\safemon\safemon.dll] [, 1, 0, 0, 1002]
[D:\软件\360safe\safemon\SafeKrnl.dll] [奇虎网, 1, 0, 0, 3001]
[D:\软件\360safe\AntiAdwa.dll] [360Safe.com, 2, 2, 4, 1000]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[D:\软件\360safe\live.dll] [360safe.COM, 1, 0, 0, 1011]
[PID: 2548][C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe] [ATI Technologies, Inc., 6.14.10.5155]
[D:\软件\360safe\safemon\safemon.dll] [, 1, 0, 0, 1002]
[C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll] [ATI Technologies, Inc., 6.14.10.5155]
[C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.CHS] [ATI Technologies, Inc., 6.14.10.5155]
[C:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll] [ATI Technologies, Inc., 6.14.10.5155]
[C:\WINDOWS\system32\DINPUT8.dll] [N/A, N/A]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 2556][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\软件\360safe\safemon\safemon.dll] [, 1, 0, 0, 1002]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 3948][C:\Documents and Settings\szz\桌面\sunscjq\LiveUpdate.exe] [上海核新软件技术有限公司, 2005, 12, 3, 0]

[D:\软件\360safe\safemon\safemon.dll] [, 1, 0, 0, 1002]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 2156][E:\Program Files\QQ\QQ.exe] [TENCENT, 0, 0, 0, 0]
[E:\Program Files\QQ\QQBaseClassInDll.dll] [, 1, 0, 0, 1]
[E:\Program Files\QQ\QQHelperDll.dll] [, 1, 0, 0, 1]
[E:\Program Files\QQ\BasicCtrlDll.dll] [Tencent, 6, 0, 200, 320]
[D:\软件\360safe\safemon\safemon.dll] [, 1, 0, 0, 1002]
[E:\Program Files\QQ\QQAPI.dll] [, 1, 0, 0, 1]
[E:\Program Files\QQ\TIMProxy.dll] [tencent, 0, 3, 2, 4]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[E:\Program Files\QQ\LoginCtrl.dll] [, 1, 0, 0, 1]
[E:\Program Files\QQ\npkcntc.dll] [INCA Internet Co., Ltd., 2006, 6, 27, 1]
[E:\Program Files\QQ\npkpdb.dll] [INCA Internet Co., Ltd., 2003, 10, 1, 1]
[E:\Program Files\QQ\QQRes.dll] [tencent, 1, 0, 0, 1]
[E:\Program Files\QQ\QQMainFrame.dll] [N/A, N/A]
[E:\Program Files\QQ\CQQApplication.dll] [N/A, N/A]
[E:\Program Files\QQ\NewSkin.dll] [, 1, 0, 0, 1]
[E:\Program Files\QQ\HostingMgr.dll] [, 1, 0, 0, 1]
[E:\Program Files\QQ\CameraDll.dll] [, 1, 0, 0, 1]
[E:\Program Files\QQ\MailSummary.dll] [, 1, 0, 0, 1]
[E:\Program Files\QQ\QQKnowledgeSearch.dll] [, 1, 0, 0, 1]
[E:\Program Files\QQ\QQAllInOne.dll] [N/A, N/A]
[E:\Program Files\QQ\GroupLive.dll] [N/A, N/A]
[E:\Program Files\QQ\SCCore.dll] [TENCENT, 2, 0, 0, 1]
[E:\Program Files\QQ\QQSpace.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\system32\msdmo.dll] [N/A, N/A]
[E:\Program Files\QQ\QQGroupMng.dll] [, 1, 0, 0, 1]
[E:\Program Files\QQ\UserDefinedHead.dll] [, 1, 0, 0, 1]
[E:\Program Files\QQ\QQPlugin.dll] [N/A, N/A]
[E:\Program Files\QQ\QQConfigPlugin.dll] [, 1, 0, 0, 1]
[E:\Program Files\QQ\QRingMng.dll] [N/A, N/A]
[E:\Program Files\QQ\QQAvatar.dll] [N/A, N/A]
[E:\Program Files\QQ\FlashAvatarDll.dll] [, 1, 4, 0, 1]
[E:\Program Files\QQ\QQAddr.dll] [深圳市腾讯计算机系统有限公司, 5, 0, 101, 271]
[E:\Program Files\QQ\LongConnection.dll] [tencent, 5, 0, 200, 160]
[E:\Program Files\QQ\PhoneAPI.dll] [, 1, 0, 0, 1]
[E:\Program Files\QQ\DialerAllinOne.dll] [tencent, 1, 4, 0, 0]
[E:\Program Files\QQ\QQPet.dll] [, 1, 0, 0, 1]
[E:\Program Files\QQ\QQCustomFace.dll] [N/A, N/A]
[E:\Program Files\QQ\QQSettingCtrl.dll] [, 1, 0, 0, 1]
[E:\Program Files\QQ\QQSysMsgMng.dll] [N/A, N/A]
[E:\Program Files\QQ\BQQApplication.dll] [N/A, N/A]
[E:\Program Files\QQ\GroupConnection.dll] [Tencent, 0, 3, 3, 5]
[E:\Program Files\QQ\CommercesMng.dll] [, 1, 0, 0, 1]
[E:\Program Files\QQ\PersonalDesktop.dll] [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 2]
[E:\Program Files\QQ\QQSceneMng.dll] [N/A, N/A]
[E:\Program Files\QQ\QQPhoneHelper.dll] [腾讯科技（深圳）有限公司, 2, 1, 3, 30]
[E:\Program Files\QQ\videodevice.dll] [Tencent, 1, 6, 0, 1]
[E:\Program Files\QQ\inplus.dll] [Tencent, 1, 6, 0, 0]
[C:\WINDOWS\system32\l3codeca.acm] [Fraunhofer Institut Integrierte Schaltungen IIS, 1, 9, 0, 0305]
[C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[E:\Program Files\QQ\ImageOle.dll] [TODO: <Company name>, 1.0.0.1]
[E:\Program Files\QQ\QQMagicFace.dll] [, 1, 0, 0, 1]
[E:\Program Files\QQGAME\GamePublic.dll] [N/A, N/A]
[E:\Program Files\QQGAME\Common\LogEx.dll] [N/A, N/A]
[E:\Program Files\QQGAME\Factory.dll] [N/A, N/A]
[E:\Program Files\QQGAME\Logic\Global.dll] [N/A, N/A]
[E:\Program Files\QQGAME\ProtHand\QQProt.dll] [N/A, N/A]
[E:\Program Files\QQGAME\Socket\NetMod.dll] [N/A, N/A]
[E:\Program Files\QQGAME\Common\Serial.dll] [N/A, N/A]
[E:\Program Files\QQGAME\Common\Encrypt.dll] [N/A, N/A]
[E:\Program Files\QQ\QQFileTransfer.dll] [Tencent, 0, 3, 3, 5]
[E:\Program Files\QQ\DShared.dll] [Tencent, 1, 6, 0, 0]
[E:\Program Files\QQ\QQZip.dll] [tencent, 0, 3, 2, 4]
[E:\Program Files\QQ\QQOneClick.dll] [, 1, 0, 0, 1]
[PID: 1276][E:\Program Files\QQ\TIMPlatform.exe] [tencent, 0, 3, 1, 8]
[D:\软件\360safe\safemon\safemon.dll] [, 1, 0, 0, 1002]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[E:\Program Files\QQ\TIMProxy.dll] [tencent, 0, 3, 2, 4]
[PID: 2196][D:\软件\MagicSet\SRIECLI.EXE] [Super Rabbit Soft, 7.96]
[D:\软件\360safe\safemon\safemon.dll] [, 1, 0, 0, 1002]
[D:\软件\MagicSet\shlobj71.ocx] [Sky Software (http://www.ssware.com), 7, 1, 0, 0]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 3256][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\软件\360safe\safemon\safemon.dll] [, 1, 0, 0, 1002]
[D:\软件\MagicSet\haokanbar.dll] [Xiang Feng Technology, 2, 2, 0, 1612]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[PID: 1708][D:\Rising\Rav\Rav.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 28]
[D:\Rising\Rav\PlugIn\RsPgScan.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 17]
[D:\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[D:\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
[D:\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[D:\Rising\Rav\RavUI.Dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 30]
[D:\Rising\Rav\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
[D:\Rising\Rav\RsXML.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
[D:\软件\360safe\safemon\safemon.dll] [, 1, 0, 0, 1002]
[D:\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[D:\Rising\Rav\Scanner.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 12]
[D:\Rising\Rav\BWList.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[D:\Rising\Rav\libload.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
[D:\Rising\Rav\VirusLib.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[D:\Rising\Rav\MVEngine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 15]
[D:\Rising\Rav\Engine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 25]
[D:\Rising\Rav\ScanExec.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
[D:\Rising\Rav\Unpacker.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
[D:\Rising\Rav\UnExe.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[D:\Rising\Rav\ScanEx.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 40]
[D:\Rising\Rav\ExtFile.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 25]
[D:\Rising\Rav\PostTrt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 8]
[D:\Rising\Rav\ScanMac.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 13]
[D:\Rising\Rav\ScanSct.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
[D:\Rising\Rav\ScanPack.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
[D:\Rising\Rav\RsVM.dll] [N/A, 19, 0, 0, 15]
[D:\Rising\Rav\Uroutine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 21]
[D:\Rising\Rav\Uscript.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 18]
[D:\Rising\Rav\NvFile.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
[D:\Rising\Rav\ExtOLE.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
[PID: 3816][D:\软件\Plugins\SREng.EXE] [Smallfrogs Studio, 2.3.13.690]
[D:\软件\360safe\safemon\safemon.dll] [, 1, 0, 0, 1002]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]

==================================
文件关联
.TXT Error. [C:\WINDOWS\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost
127.0.0.1 008.cn
127.0.0.1 ultimate-best-hgh.0my.net
127.0.0.1 www.139500.com
127.0.0.1 www.1yin.net
127.0.0.1 ****cn
127.0.0.1 www.37021.com
127.0.0.1 www.47555.net
127.0.0.1 www.511ring.com
127.0.0.1 me.5e163.com
127.0.0.1 www.777888.com
127.0.0.1 www.77ttt.com
127.0.0.1 www.9p.cn
127.0.0.1 abcdesign.ru
127.0.0.1 gutemine.wu-wien.ac.at
127.0.0.1 math.kobe-u.ac.jp
127.0.0.1 www.aifind.info
127.0.0.1 www.allyes.com
127.0.0.1 www.aogo.net
127.0.0.1 baltnet.ru
127.0.0.1 quotes.barchart.com
127.0.0.1 free.bestialityhost.com
127.0.0.1 cctv1.net
127.0.0.1 cctv8.net
127.0.0.1 www.cctv8.net
127.0.0.1 ciachoo.pl
127.0.0.1 www.play.cn.gs
127.0.0.1 www.cnqb.net
127.0.0.1 www.feixue.net
127.0.0.1 www.xiliao.com.cn
127.0.0.1 alexey.pioneers.com.ru
127.0.0.1 www.coolcdrom.com
127.0.0.1 www.coolseach.com
127.0.0.1 puldk490gj.da.ru
127.0.0.1 dicto.ru
127.0.0.1 www.dj3344.com
127.0.0.1 www.donttrip.org
127.0.0.1 www.ehomeday.com
127.0.0.1 elemental.ru
127.0.0.1 errorguard.com
127.0.0.1 friendlygreeting.com
127.0.0.1 zhp.gdynia.pl
127.0.0.1 www.gg888.net
127.0.0.1 gin.ru
127.0.0.1 www.girlchinese.com
127.0.0.1 glass-master.ru
127.0.0.1 photo.gornet.ru
127.0.0.1 relay.great.ru
127.0.0.1 hack-gegen-rechts.com
127.0.0.1 hgrstrailer.com
127.0.0.1 www.homepage.com
127.0.0.1 hotbar.com
127.0.0.1 intellect.lvc
127.0.0.1 interfoodtd.ru
127.0.0.1 jewishgen.org
127.0.0.1 www.jixian.net
127.0.0.1 k2kapital.com
127.0.0.1 security.kolla.de
127.0.0.1 www.kuliao.com
127.0.0.1 laugh-mail.net
127.0.0.1 7b.com.cn
127.0.0.1 9505.com
127.0.0.1 www.piaoxue.com
127.0.0.1 marketscore.com
127.0.0.1 www.mir0.com
127.0.0.1 momentum.ru
127.0.0.1 www.mtv51.com
127.0.0.1 www.mydj2005.com
127.0.0.1 nefkom.net
127.0.0.1 no-abi2003.de
127.0.0.1 tdi-router.opola.pl
127.0.0.1 packages.debian.or.jp
127.0.0.1 perfectgirls.net
127.0.0.1 peterstar.ru
127.0.0.1 pgipearls.com
127.0.0.1 phg.pl
127.0.0.1 vip.pnet.pl
127.0.0.1 sec.polbox.pl
127.0.0.1 polobeer.de
127.0.0.1 porno-mania.net
127.0.0.1 home.profootball.ru
127.0.0.1 qianbai.com
127.0.0.1 ad.qingyule.com
127.0.0.1 www.qq168.net
127.0.0.1 www.qq3344.com
127.0.0.1 www.qq92.com
127.0.0.1 www.qqwz.com
127.0.0.1 www.qu123.com
127.0.0.1 republika.pl
127.0.0.1 www.richfind.com
127.0.0.1 rollenspielzirkel.de
127.0.0.1 safer-networking.org
127.0.0.1 sdsauto.ru
127.0.0.1 www.searchpage.cc
127.0.0.1 www.seekeasysoft.net
127.0.0.1 shadkhan.ru
127.0.0.1 slavarik.ru
127.0.0.1 sovea.de
127.0.0.1 spybot.info
127.0.0.1 www.start-page.info
127.0.0.1 lars-s.privat.t-online.de
127.0.0.1 u.t2cn.com
127.0.0.1 www.7939.com
127.0.0.1 www.4199.com
127.0.0.1 www.3448.com
127.0.0.1 www.6781.com
127.0.0.1 it.trendmicro-europe.com
127.0.0.1 trendmicro.it
127.0.0.1 truefriends.net
127.0.0.1 www.tthao.com
127.0.0.1 www.ttrx.net
127.0.0.1 tuhart.net
127.0.0.1 www.unionsky.cn
127.0.0.1 www.unionsky.com
127.0.0.1 www.unionsky.net
127.0.0.1 vconsole.net
127.0.0.1 virtumonde.com
127.0.0.1 gamma.vyborg.ru
127.0.0.1 financial.washingtonpost.com
127.0.0.1 webpark.pl
127.0.0.1 wishken.com
127.0.0.1 www.yeapple.com
127.0.0.1 www.yibinren.com
127.0.0.1 www.youmiss.com
127.0.0.1 www.yysky.net
127.0.0.1 zelnet.ru
127.0.0.1 www.zhengdian.com
127.0.0.1 abc.265.com
127.0.0.1 555.265.com
127.0.0.1 www.baidu345.com
127.0.0.1 www.37ss.com
127.0.0.1 my123.com

==================================
API HOOK
警告！System Repair Engineer 提醒
你下面的函数内容与预期值不符，他
们可能被一些恶意的软件所修改：
入口点错误：CreateProcessA
入口点错误：CreateProcessW

有高手帮忙吗?急啊!

<SGMIGEX><C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system\WINS0C~1.DLL,Run> [mcsoft]
问题可能出在这里；
你先在任务管理器里停了rundll32.exe进程，再停winsoc~1.dll，最后到system目录下删除winsoc~1.dll，估计这是一个随机释放出来的文件。、
如果你能让下弹出的网址请在host里加入进去，那么下次他弹的时候进不能找开了，我的放法比较麻烦。

高手你好,首先重启动了,找不到你说的winsoc~1.dll进程了,而且病毒发病时间已过..是不是被你说中了啊

看了不在看,做的不错,向你学习

这日志可真够详细的啊  眼都看花了
首先 用windows搜索功能搜索这个文件 然后删除WINS0C~1.DLL
如果搜索不到 就这样搜索WINS0C*1.DLL 记得选搜索隐藏文件夹和文件
接着如果进程里有这个文件 结束他vsnpstd3.exe 然后在C:\WINDOWS下删掉他

再用系统的搜索功能搜索HOSTS文件 选择用记事本的方式打开它
然后把127.0.0.1 localhost 下面的这些地址全部删掉
127.0.0.1 008.cn
127.0.0.1 ultimate-best-hgh.0my.net
127.0.0.1 www.139500.com
127.0.0.1 www.1yin.net
127.0.0.1 ****cn
127.0.0.1 www.37021.com
127.0.0.1 www.47555.net
127.0.0.1 www.511ring.com
127.0.0.1 me.5e163.com
127.0.0.1 www.777888.com
127.0.0.1 www.77ttt.com
127.0.0.1 www.9p.cn
127.0.0.1 abcdesign.ru
127.0.0.1 gutemine.wu-wien.ac.at
127.0.0.1 math.kobe-u.ac.jp
127.0.0.1 www.aifind.info
127.0.0.1 www.allyes.com
127.0.0.1 www.aogo.net
127.0.0.1 baltnet.ru
127.0.0.1 quotes.barchart.com
127.0.0.1 free.bestialityhost.com
127.0.0.1 cctv1.net
127.0.0.1 cctv8.net
127.0.0.1 www.cctv8.net
127.0.0.1 ciachoo.pl
127.0.0.1 www.play.cn.gs
127.0.0.1 www.cnqb.net
127.0.0.1 www.feixue.net
127.0.0.1 www.xiliao.com.cn
127.0.0.1 alexey.pioneers.com.ru
127.0.0.1 www.coolcdrom.com
127.0.0.1 www.coolseach.com
127.0.0.1 puldk490gj.da.ru
127.0.0.1 dicto.ru
127.0.0.1 www.dj3344.com
127.0.0.1 www.donttrip.org
127.0.0.1 www.ehomeday.com
127.0.0.1 elemental.ru
127.0.0.1 errorguard.com
127.0.0.1 friendlygreeting.com
127.0.0.1 zhp.gdynia.pl
127.0.0.1 www.gg888.net
127.0.0.1 gin.ru
127.0.0.1 www.girlchinese.com
127.0.0.1 glass-master.ru
127.0.0.1 photo.gornet.ru
127.0.0.1 relay.great.ru
127.0.0.1 hack-gegen-rechts.com
127.0.0.1 hgrstrailer.com
127.0.0.1 www.homepage.com
127.0.0.1 hotbar.com
127.0.0.1 intellect.lvc
127.0.0.1 interfoodtd.ru
127.0.0.1 jewishgen.org
127.0.0.1 www.jixian.net
127.0.0.1 k2kapital.com
127.0.0.1 security.kolla.de
127.0.0.1 www.kuliao.com
127.0.0.1 laugh-mail.net
127.0.0.1 7b.com.cn
127.0.0.1 9505.com
127.0.0.1 www.piaoxue.com
127.0.0.1 marketscore.com
127.0.0.1 www.mir0.com
127.0.0.1 momentum.ru
127.0.0.1 www.mtv51.com
127.0.0.1 www.mydj2005.com
127.0.0.1 nefkom.net
127.0.0.1 no-abi2003.de
127.0.0.1 tdi-router.opola.pl
127.0.0.1 packages.debian.or.jp
127.0.0.1 perfectgirls.net
127.0.0.1 peterstar.ru
127.0.0.1 pgipearls.com
127.0.0.1 phg.pl
127.0.0.1 vip.pnet.pl
127.0.0.1 sec.polbox.pl
127.0.0.1 polobeer.de
127.0.0.1 porno-mania.net
127.0.0.1 home.profootball.ru
127.0.0.1 qianbai.com
127.0.0.1 ad.qingyule.com
127.0.0.1 www.qq168.net
127.0.0.1 www.qq3344.com
127.0.0.1 www.qq92.com
127.0.0.1 www.qqwz.com
127.0.0.1 www.qu123.com
127.0.0.1 republika.pl
127.0.0.1 www.richfind.com
127.0.0.1 rollenspielzirkel.de
127.0.0.1 safer-networking.org
127.0.0.1 sdsauto.ru
127.0.0.1 www.searchpage.cc
127.0.0.1 www.seekeasysoft.net
127.0.0.1 shadkhan.ru
127.0.0.1 slavarik.ru
127.0.0.1 sovea.de
127.0.0.1 spybot.info
127.0.0.1 www.start-page.info
127.0.0.1 lars-s.privat.t-online.de
127.0.0.1 u.t2cn.com
127.0.0.1 www.7939.com
127.0.0.1 www.4199.com
127.0.0.1 www.3448.com
127.0.0.1 www.6781.com
127.0.0.1 it.trendmicro-europe.com
127.0.0.1 trendmicro.it
127.0.0.1 truefriends.net
127.0.0.1 www.tthao.com
127.0.0.1 www.ttrx.net
127.0.0.1 tuhart.net
127.0.0.1 www.unionsky.cn
127.0.0.1 www.unionsky.com
127.0.0.1 www.unionsky.net
127.0.0.1 vconsole.net
127.0.0.1 virtumonde.com
127.0.0.1 gamma.vyborg.ru
127.0.0.1 financial.washingtonpost.com
127.0.0.1 webpark.pl
127.0.0.1 wishken.com
127.0.0.1 www.yeapple.com
127.0.0.1 www.yibinren.com
127.0.0.1 www.youmiss.com
127.0.0.1 www.yysky.net
127.0.0.1 zelnet.ru
127.0.0.1 www.zhengdian.com
127.0.0.1 abc.265.com
127.0.0.1 555.265.com
127.0.0.1 www.baidu345.com
127.0.0.1 www.37ss.com
127.0.0.1 my123.com

兄弟  这东西只是在晚上12：05才开始弹网页
估计算是很仁慈的广告程序了 哈

有没有人能把狐狸仔说的办法说的简单点,那些文件好象找不到

搜索文件里没找到啊,只在进程里发现了这个vsnpstd3.exe 程序,怎么做啊?高手帮忙啊,又被蹂躏了.

C盘中毒了,呵呵,你试一下能不能显示隐藏的文件.(控制面板-文件夹选项-查看-显示隐藏的文件和文件夹.确定后,再控制面板-查看,看显示隐藏的文件和文件夹前面有没有勾起来),试过了我再告诉你怎么作

这个我还是会弄,勾起来了,接下怎么做啊?

你看一下你勾起来是不是没用的.你再重复一遍,看一下,那个"显示隐藏文件和文件夹"前面是不是还要再点.

?
点了啊

点了之后,点确定,把它关掉,再重复一遍,看是不是还要点.

哦,你可以滚了

楼主请把日志重新扫一遍,再发上来吧

另开一贴吧,这贴太长了

给你介绍个杀软 用MCAFEE8.5企业版可一查杀注册表的版本，用它杀杀毒看效果怎么样，不过杀的比较彻底。

楼主,自己不懂不要乱骂人呀.