高手来看看啦我电脑好慢啊 bbs.ikaka.com

最恨病毒NO1 - 2007-9-30 21:54:00

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows XP Publisher]
<PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows XP Publisher]
<HotKeysCmds><C:\WINDOWS\System32\hkcmd.exe> [(Verified)Microsoft Windows XP Publisher]
<IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [(Verified)Microsoft Corporation]
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<CdnCtr><C:\Program Files\CNNIC\Cdn\cdnup.exe> []
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<VirusKillBox><D:\My Documents\通用病毒杀灭机1.0正式版\通用病毒杀灭机正式版\VirusKillBox 1.0 R.scr> [N/A]
<runeip><"d:\Program Files\Rising\AntiSpyware\runiep.exe" /startup> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<KKDelay><D:\Program Files\Rising\AntiSpyware\RunOnce.exe> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows XP Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows XP Publisher]
<UIHost><logonui.exe> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
<{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\System32\shlhook.dll> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.0><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Install.PerUser> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Mozilla/4.0(Compatible Mozilla/4.0(Compatible-EmbeddedWB 14.59 http://bsalsa.com/ EmbeddedWB- 14.59 from: http://bsalsa.com/ ; Mozilla/4.0(Compatible Mozilla/4.0EmbeddedWB- 14.59 from: http://bsalsa.com/ ; MAXTHON 2.0)

最恨病毒NO1 - 2007-9-30 21:56:00

启动文件夹
[Adobe Gamma Loader]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Gamma Loader.lnk --> C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.]><N>
[Kunbang]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Kunbang.exe --> [N/A]><N>

==================================
服务
[871274C6 / 871274C6][Stopped/Auto Start]
<C:\WINDOWS\System32\BF087CFB.EXE -k><N/A>
[Application Management / AppMgmt][Stopped/Manual Start]
<C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[IMAPI CD-Burning COM Service / ImapiService][Stopped/Manual Start]
<C:\WINDOWS\System32\imapi.exe><Microsoft Corporation>
[MSSQL$CXDY3 / MSSQL$CXDY3][Running/Auto Start]
<C:\Program Files\Microsoft SQL Server\MSSQL$CXDY3\Binn\sqlservr.exe -sCXDY3><Microsoft Corporation>
[MSSQLServerADHelper / MSSQLServerADHelper][Stopped/Manual Start]
<C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe><Microsoft Corporation>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
<"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[SQLAgent$CXDY3 / SQLAgent$CXDY3][Stopped/Manual Start]
<C:\Program Files\Microsoft SQL Server\MSSQL$CXDY3\Binn\sqlagent.EXE -i CXDY3><Microsoft Corporation>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\System32\mspmsnsv.dll><Microsoft Corporation>

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[Broadcom 440x 10/100 Integrated Controller XP Driver / bcm4sbxp][Stopped/Manual Start]
<System32\DRIVERS\bcm4sbxp.sys><Broadcom Corporation>
[cdnprot / cdnprot][Running/Boot Start]
<\SystemRoot\system32\drivers\cdnprot.sys><N/A>
[Creative SBLive! Gameport / ctljystk][Stopped/Manual Start]
<System32\DRIVERS\ctljystk.sys><Creative Technology Ltd.>
[Creative SB Live! (WDM) / emu10k][Stopped/Manual Start]
<system32\drivers\emu10k1m.sys><Creative Technology Ltd.>
[Creative Interface Manager Driver (WDM) / emu10k1][Stopped/Manual Start]
<system32\drivers\ctlfacem.sys><Creative Technology Ltd.>
[ExpScaner / ExpScaner][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[HookCont / HookCont][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[ialm / ialm][Running/Manual Start]
<System32\DRIVERS\ialmnt5.sys><Intel Corporation>
[802.11b USB Wireless Lan Network Adapter / m4301a][Stopped/Manual Start]
<System32\DRIVERS\m4301A.sys><ALinx Corporation>
[MEMSCAN / MEMSCAN][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><Beijing Rising Technology Co., Ltd.>
[GeneLink Network Driver / Ndisusb][Stopped/Manual Start]
<System32\DRIVERS\genelan.sys><Genesys Logic>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv4 / nv4][Stopped/Manual Start]
<System32\DRIVERS\nv4.sys><NVIDIA Corporation>
[PNP08507 / PNP08507][Stopped/Disabled]
<System32\Drivers\pnp08455.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
<\SystemRoot\System32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\System32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
<System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<System32\DRIVERS\secdrv.sys><N/A>
[SENSE4 v2.0 / sense4v2][Running/Manual Start]
<System32\Drivers\sense4v2.sys><Beijing Senselock Inc>
[SetupNT / SetupNT][Running/Auto Start]
<\SystemRoot\system32\SetupNT.sys><N/A>
[Creative SoundFont Manager Driver (WDM) / sfman][Stopped/Manual Start]
<system32\drivers\sfmanm.sys><Creative Technology Ltd.>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
<System32\DRIVERS\tcpip.sys><N/A>
[GeneLink File Transfer Driver / USBHSB][Stopped/Auto Start]
<System32\Drivers\usbhsb.sys><N/A>
[Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Running/System Start]
<system32\drivers\ialmsbw.sys><Intel Corporation>
[Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Running/Manual Start]
<system32\drivers\ialmkchw.sys><Intel Corporation>

最恨病毒NO1 - 2007-9-30 21:58:00

浏览器加载项
[ThunderAtOnce Class]
{01443AEC-0FD1-40fd-9C87-E93D1494C233} <D:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
{352E3B39-CAB5-4DBC-B940-C7F84D0447D8} <D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, N/A>
[Google Toolbar Helper]
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[豪杰超级解霸V8]
{367E0A21-8601-4986-9C9A-153BF5ACA118} <C:\Herosoft\HeroV8\STHSDVD.EXE, N/A>
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, N/A>
[信息检索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[金山快译(&K)]
{6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} <C:\Program Files\Kingsoft\FastAIT 2005\IEBand.dll, 金山软件股份有限公司>
[Easy-WebPrint]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} <C:\Program Files\Canon\Easy-WebPrint\Toolband.dll, >
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\System32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[&Google]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>
[Thunder Agent Class]
{485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <D:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[Easy-WebPrint打印]
<res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html, N/A>
[Easy-WebPrint添加到打印列表]
<res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html, N/A>
[Easy-WebPrint预览]
<res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html, N/A>
[Easy-WebPrint高速打印]
<res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html, N/A>
[Google 搜索(&G)]
<res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html, N/A>
[使用迅雷下载]
<D:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
<D:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>
[反向链接]
<res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
<d:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[类似网页]
<res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html, N/A>
[缓存的网页快照]
<res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html, N/A>
[翻译英文字词(&T)]
<res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html, N/A>
[豪杰超级解霸V8实时播放]
<C:\Herosoft\HeroV8\MPURLGET.HTM, N/A>

最恨病毒NO1 - 2007-9-30 22:00:00

刚刚上面的发错了，我开N个东东

最恨病毒NO1 - 2007-9-30 22:03:00

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows XP Publisher]
<PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows XP Publisher]
<HotKeysCmds><C:\WINDOWS\System32\hkcmd.exe> [(Verified)Microsoft Windows XP Publisher]
<IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [(Verified)Microsoft Corporation]
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<CdnCtr><C:\Program Files\CNNIC\Cdn\cdnup.exe> []
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<VirusKillBox><D:\My Documents\通用病毒杀灭机1.0正式版\通用病毒杀灭机正式版\VirusKillBox 1.0 R.scr> [N/A]
<runeip><"d:\Program Files\Rising\AntiSpyware\runiep.exe" /startup> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<KKDelay><D:\Program Files\Rising\AntiSpyware\RunOnce.exe> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows XP Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows XP Publisher]
<UIHost><logonui.exe> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
<{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\System32\shlhook.dll> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.0><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Install.PerUser> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]

==================================
启动文件夹
[Adobe Gamma Loader]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Gamma Loader.lnk --> C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.]><N>
[Kunbang]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Kunbang.exe --> [N/A]><N>

最恨病毒NO1 - 2007-9-30 22:03:00

服务
[871274C6 / 871274C6][Stopped/Auto Start]
<C:\WINDOWS\System32\BF087CFB.EXE -k><N/A>
[Application Management / AppMgmt][Stopped/Manual Start]
<C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[IMAPI CD-Burning COM Service / ImapiService][Stopped/Manual Start]
<C:\WINDOWS\System32\imapi.exe><Microsoft Corporation>
[MSSQL$CXDY3 / MSSQL$CXDY3][Running/Auto Start]
<C:\Program Files\Microsoft SQL Server\MSSQL$CXDY3\Binn\sqlservr.exe -sCXDY3><Microsoft Corporation>
[MSSQLServerADHelper / MSSQLServerADHelper][Stopped/Manual Start]
<C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe><Microsoft Corporation>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
<"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[SQLAgent$CXDY3 / SQLAgent$CXDY3][Stopped/Manual Start]
<C:\Program Files\Microsoft SQL Server\MSSQL$CXDY3\Binn\sqlagent.EXE -i CXDY3><Microsoft Corporation>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\System32\mspmsnsv.dll><Microsoft Corporation>

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[Broadcom 440x 10/100 Integrated Controller XP Driver / bcm4sbxp][Stopped/Manual Start]
<System32\DRIVERS\bcm4sbxp.sys><Broadcom Corporation>
[cdnprot / cdnprot][Running/Boot Start]
<\SystemRoot\system32\drivers\cdnprot.sys><N/A>
[Creative SBLive! Gameport / ctljystk][Stopped/Manual Start]
<System32\DRIVERS\ctljystk.sys><Creative Technology Ltd.>
[Creative SB Live! (WDM) / emu10k][Stopped/Manual Start]
<system32\drivers\emu10k1m.sys><Creative Technology Ltd.>
[Creative Interface Manager Driver (WDM) / emu10k1][Stopped/Manual Start]
<system32\drivers\ctlfacem.sys><Creative Technology Ltd.>
[ExpScaner / ExpScaner][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[HookCont / HookCont][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[ialm / ialm][Running/Manual Start]
<System32\DRIVERS\ialmnt5.sys><Intel Corporation>
[802.11b USB Wireless Lan Network Adapter / m4301a][Stopped/Manual Start]
<System32\DRIVERS\m4301A.sys><ALinx Corporation>
[MEMSCAN / MEMSCAN][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><Beijing Rising Technology Co., Ltd.>
[GeneLink Network Driver / Ndisusb][Stopped/Manual Start]
<System32\DRIVERS\genelan.sys><Genesys Logic>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv4 / nv4][Stopped/Manual Start]
<System32\DRIVERS\nv4.sys><NVIDIA Corporation>
[PNP08507 / PNP08507][Stopped/Disabled]
<System32\Drivers\pnp08455.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
<\SystemRoot\System32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\System32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
<System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<System32\DRIVERS\secdrv.sys><N/A>
[SENSE4 v2.0 / sense4v2][Running/Manual Start]
<System32\Drivers\sense4v2.sys><Beijing Senselock Inc>
[SetupNT / SetupNT][Running/Auto Start]
<\SystemRoot\system32\SetupNT.sys><N/A>
[Creative SoundFont Manager Driver (WDM) / sfman][Stopped/Manual Start]
<system32\drivers\sfmanm.sys><Creative Technology Ltd.>
[GeneLink File Transfer Driver / USBHSB][Stopped/Auto Start]
<System32\Drivers\usbhsb.sys><N/A>
[Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Running/System Start]
<system32\drivers\ialmsbw.sys><Intel Corporation>
[Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Running/Manual Start]
<system32\drivers\ialmkchw.sys><Intel Corporation>

最恨病毒NO1 - 2007-9-30 22:04:00

浏览器加载项
[ThunderAtOnce Class]
{01443AEC-0FD1-40fd-9C87-E93D1494C233} <D:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
{352E3B39-CAB5-4DBC-B940-C7F84D0447D8} <D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, N/A>
[Google Toolbar Helper]
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[豪杰超级解霸V8]
{367E0A21-8601-4986-9C9A-153BF5ACA118} <C:\Herosoft\HeroV8\STHSDVD.EXE, N/A>
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, N/A>
[信息检索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[金山快译(&K)]
{6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} <C:\Program Files\Kingsoft\FastAIT 2005\IEBand.dll, 金山软件股份有限公司>
[Easy-WebPrint]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} <C:\Program Files\Canon\Easy-WebPrint\Toolband.dll, >
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\System32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[&Google]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>
[Thunder Agent Class]
{485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <D:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[Easy-WebPrint打印]
<res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html, N/A>
[Easy-WebPrint添加到打印列表]
<res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html, N/A>
[Easy-WebPrint预览]
<res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html, N/A>
[Easy-WebPrint高速打印]
<res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html, N/A>
[Google 搜索(&G)]
<res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html, N/A>
[使用迅雷下载]
<D:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
<D:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>
[反向链接]
<res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
<d:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[类似网页]
<res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html, N/A>
[缓存的网页快照]
<res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html, N/A>
[翻译英文字词(&T)]
<res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html, N/A>
[豪杰超级解霸V8实时播放]
<C:\Herosoft\HeroV8\MPURLGET.HTM, N/A>

最恨病毒NO1 - 2007-9-30 22:05:00

正在运行的进程
[PID: 408 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 480 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 504 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 548 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 560 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 728 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 768 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 980 / NETWORK SERVICE][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1140 / winXP][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
[D:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[C:\WINDOWS\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\WINDOWS\System32\igfxpph.dll] [Intel Corporation, 3,0,0,1847]
[C:\WINDOWS\System32\hccutils.DLL] [Intel Corporation, 3,0,0,1847]
[C:\WINDOWS\System32\igfxres.dll] [Intel Corporation, 3,0,0,1847]
[C:\WINDOWS\System32\igfxsrvc.dll] [Intel Corporation, 3,0,0,1847]
[C:\WINDOWS\System32\igfxdev.dll] [Intel Corporation, 3,0,0,1847]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[C:\WINDOWS\System32\shlhook.dll] [Beijing Rising Technology Co., Ltd., 4.0.0.9]
[C:\Herosoft\HeroV8\VCvtShell.dll] [herosoft, 1, 0, 0, 1]
[D:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.2.9]
[D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 3, 11]
[D:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll] [, 1, 0, 0, 4]
[D:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 6]
[PID: 1196 / winXP][C:\WINDOWS\System32\conime.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[D:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[C:\Herosoft\HeroV8\VCvtShell.dll] [herosoft, 1, 0, 0, 1]
[PID: 1296 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\WINDOWS\system32\CNMLM6e.DLL] [CANON INC., 1.80.2.50]
[C:\WINDOWS\system32\CNMLM3y.DLL] [CANON INC., 1.52.2.0]
[C:\WINDOWS\system32\EBPMON24.DLL] [SEIKO EPSON CORPORATION, 5, 4, 0, 0]
[C:\WINDOWS\system32\LMonhsfk.dll] [Hi-Touch Imaging Technologies, 3, 5, 13, 135]
[C:\WINDOWS\system32\HPBMMON.DLL] [Hewlett-Packard, 10.00.16]
[C:\WINDOWS\system32\hpdomon.dll] [Hewlett-Packard, 03.42.00]
[C:\WINDOWS\system32\HPBHealr.dll] [N/A, ]
[C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.1897.0]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD6e.DLL] [CANON INC., 1.80.2.50]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD3y.DLL] [CANON INC., 1.52.2.0]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\HPPRN05.DLL] [Hewlett-Packard Corporation, 60.05.17.02]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.1897.0]
[PID: 1356 / LOCAL SERVICE][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1392 / winXP][C:\WINDOWS\System32\hkcmd.exe] [Intel Corporation, 3,0,0,1847]
[C:\WINDOWS\System32\hccutils.DLL] [Intel Corporation, 3,0,0,1847]
[C:\WINDOWS\System32\igfxdev.dll] [Intel Corporation, 3,0,0,1847]
[C:\WINDOWS\System32\igfxsrvc.dll] [Intel Corporation, 3,0,0,1847]
[D:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[C:\WINDOWS\System32\igfxhk.dll] [Intel Corporation, 3,0,0,1847]
[C:\WINDOWS\System32\igfxres.dll] [Intel Corporation, 3,0,0,1847]
[C:\Herosoft\HeroV8\VCvtShell.dll] [herosoft, 1, 0, 0, 1]
[PID: 1428 / winXP][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3510]
[D:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[C:\Herosoft\HeroV8\VCvtShell.dll] [herosoft, 1, 0, 0, 1]
[PID: 1484 / winXP][C:\WINDOWS\System32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[D:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[C:\Herosoft\HeroV8\VCvtShell.dll] [herosoft, 1, 0, 0, 1]
[PID: 1676 / SYSTEM][C:\Program Files\Microsoft SQL Server\MSSQL$CXDY3\Binn\sqlservr.exe] [Microsoft Corporation, 2000.080.0760.00]
[C:\Program Files\Microsoft SQL Server\MSSQL$CXDY3\Binn\OPENDS60.DLL] [Microsoft Corporation, 2000.080.0194.00]
[C:\Program Files\Microsoft SQL Server\MSSQL$CXDY3\Binn\UMS.DLL] [Microsoft Corporation, 2000.080.0760.00]
[C:\Program Files\Microsoft SQL Server\MSSQL$CXDY3\Binn\SQLSORT.DLL] [Microsoft Corporation, 2000.080.0760.00]
[C:\Program Files\Microsoft SQL Server\MSSQL$CXDY3\Binn\Resources\2052\sqlevn70.RLL] [Microsoft Corporation, 2000.080.0760.00]
[C:\Program Files\Microsoft SQL Server\MSSQL$CXDY3\binn\SSNETLIB.dll] [Microsoft Corporation, 2000.080.0766.00]
[C:\Program Files\Microsoft SQL Server\MSSQL$CXDY3\binn\SSNMPN70.dll] [Microsoft Corporation, 2000.080.0534.00]
[C:\Program Files\Microsoft SQL Server\MSSQL$CXDY3\Binn\SSmsLPCn.dll] [Microsoft Corporation, 2000.080.0760.00]
[PID: 1756 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1500 / winXP][D:\Downloads\新建文件夹\xyqdl-1.5.116.exe] [Netease, 1.0.0.1]
[D:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[C:\Herosoft\HeroV8\VCvtShell.dll] [herosoft, 1, 0, 0, 1]
[PID: 5112 / winXP][D:\Program Files\Maxthon2\Maxthon.exe] [Maxthon International ltd., 2, 0, 4, 5799]
[D:\Program Files\Maxthon2\MxExt.dll] [N/A, ]
[D:\Program Files\Maxthon2\mxpp.dll] [Maxthon, 1, 0, 0, 61]
[D:\Program Files\Maxthon2\MxSk.dll] [Maxthon, 1, 0, 0, 339]
[D:\Program Files\Maxthon2\MxProxy2.dll] [, 1, 0, 0, 3564]
[D:\Program Files\Maxthon2\IMxWebBoost.dll] [Maxthon, 1, 0, 0, 1]
[D:\Program Files\Maxthon2\mxdb.dll] [Max, 1, 0, 0, 1]
[D:\Program Files\Maxthon2\mxsafe.dll] [Maxthon, 1, 0, 0, 610]
[C:\Herosoft\HeroV8\VCvtShell.dll] [herosoft, 1, 0, 0, 1]
[D:\Program Files\Maxthon2\MxFav.dll] [Maxthon, 1, 0, 0, 220]
[D:\Program Files\Maxthon2\maxzlib.dll] [, 1.2.3]
[D:\Program Files\Maxthon2\mxtool.dll] [, 1, 0, 0, 1]
[D:\Program Files\Maxthon2\mxfeedU.dll] [, 1, 0, 45, 82]
[C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL] [Microsoft Corporation, 11.0.5510]
[D:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\WINDOWS\System32\Macromed\Flash\Flash9d.ocx] [Adobe Systems, Inc., 9,0,47,0]
[C:\WINDOWS\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\System32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
[PID: 6136 / winXP][D:\Downloads\Rav\sreng2\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\Herosoft\HeroV8\VCvtShell.dll] [herosoft, 1, 0, 0, 1]
[D:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[D:\Downloads\Rav\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
[C:\PROGRA~1\MICROS~2\OFFICE11\MCPS.DLL] [Microsoft Corporation, 11.0.5510]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 504, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1428, C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1500, D:\DOWNLOADS\新建文件夹\XYQDL-1.5.116.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================

[/CODE]

没有梦想的男人 - 2007-10-1 0:31:00

重启计算机按F8进入安全模式:
打开sreng
启动项目--注册表--删除如下项目:
<CdnCtr><C:\Program Files\CNNIC\Cdn\cdnup.exe> []
打开sreng
点击启动项目--服务--Win32服务应用程序-- 勾选“隐藏经认证的微软项目”
等待列表出来之后点击以下项目.然后选中下面的 “删除服务” 并单击设置按钮
在弹出的框中点“否”
[871274C6 / 871274C6][Stopped/Auto Start]
<C:\WINDOWS\System32\BF087CFB.EXE -k><N/A>
驱动程序
[cdnprot / cdnprot][Running/Boot Start]
<\SystemRoot\system32\drivers\cdnprot.sys><N/A>
[PNP08507 / PNP08507][Stopped/Disabled]可疑,自己看着办.
<System32\Drivers\pnp08455.sys><N/A>
[SetupNT / SetupNT][Running/Auto Start]
<\SystemRoot\system32\SetupNT.sys><N/A>
双击“我的电脑”--工具--文件夹选项--查看--勾选“显示系统文件和文件夹”，取消勾选“隐藏受保护的操作系统文件（推荐）”，之后勾选“显示所有的文件和文件夹”--确定,找到和删除以下文件：如果删除不了重命名后重启电脑再删除改名的文件
C:\WINDOWS\System32\BF087CFB.EXE
C:\Program Files\CNNIC\Cdn\cdnup.exe
C:\WINDOWS\System32\SetupNT.sys
C:\WINDOWS\System32\Drivers\pnp08455.sys如果驱动程序删除了这个文件才删除.
C:\WINDOWS\System32\drivers\cdnprot.sys
下载 arswp清理助手: http://www.arswp.com/
打开arswp--高级模式--定制扫描--完整扫描,扫描所有文件--开始扫描.

瑞星卡卡安全论坛