[C:\Program Files\lenovo\IGRS\Ext\NotifyUI.dll]  [Lenovo Group Limited, 1, 0, 0, 7]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\lenovo\IGRS\Ext\IgrsNotifyPS.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
[PID: 2512][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3510]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
[PID: 2896][C:\Program Files\iTunes\iTunesHelper.exe]  [Apple Computer, Inc., 7.0.2.16]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\iTunes\iTunesHelper.Resources\zh_CN.lproj\iTunesHelperLocalized.DLL]  [Apple Computer, Inc., 7.0.2.1]
    [C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL]  [Apple Computer, Inc., 7.0.2.16]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
[PID: 3040][C:\WINDOWS\system32\ezSP_Px.exe]  [Easy Systems Japan Ltd., 1, 0, 0, 0]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
[PID: 3132][C:\Program Files\Rising\AntiSpyware\runiep.exe]  [Beijing Rising Technology Co., Ltd., 1, 0, 1, 3]
    [C:\Program Files\Rising\AntiSpyware\iep_ctrl.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3152][C:\Program Files\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
[PID: 3360][C:\Program Files\Rising\Rav\Ravmon.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 36]
    [C:\Program Files\Rising\Rav\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 28]
    [C:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 6]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [C:\Program Files\Rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
[PID: 3420][C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe]  [N/A, 4.0.00.05080]
    [C:\PROGRA~1\Sony\SONICS~1\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\PROGRA~1\Sony\SONICS~1\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\PROGRA~1\Sony\SONICS~1\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
[PID: 3468][C:\Program Files\iPod\bin\iPodService.exe]  [Apple Computer, Inc., 7.0.2.16]
    [C:\Program Files\iPod\bin\iPodService.Resources\zh_CN.lproj\iPodServiceLocalized.DLL]  [Apple Computer, Inc., 7.0.2.1]
    [C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL]  [Apple Computer, Inc., 7.0.2.16]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3696][C:\WINDOWS\system32\taskmgr.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
[PID: 2540][C:\Program Files\Rising\Rav\RsAgent.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
[PID: 4008][C:\WINDOWS\msagent\AgentSvr.exe]  [Microsoft Corporation, 2.00.0.3424]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
[PID: 2588][C:\program files\internet explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\lenovo\IGRS EasyShare\IgrsAnywhere.dll]  [Lenovo Group Limited, 1, 0, 2, 60]
    [C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll]  [TechSmith Corporation, 1.0.6]
    [C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddinRes.dll]  [TechSmith Corporation, 1.0.6]
    [C:\Program Files\TechSmith\SnagIt 8\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.42]
    [C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_015.dll]  [Thunder Networking Technologies,LTD, 6, 0, 0, 5]
    [C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll]  [TechSmith Corporation, 1.0.1]
    [C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEMDATA\pUi8xjpixD_2002.dll]  [, 2, 0, 3, 0]
    [C:\Program Files\BitComet\tools\BitCometBHO.dll]  [BitComet, 20061226]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll]  [Thunder Networking Technologies,LTD, 5, 0, 0, 2]
    [C:\PROGRA~1\FLASHGET\jccatch.dll]  [Amaze Soft, 1, 1, 4, 0]
    [C:\Documents and Settings\All Users\Application Data\Microsoft\Office\USERDATA\2V3fudwSGM_2002.dll]  [Microsoft Corporation, 2, 0, 3, 0]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx]  [Macromedia, Inc., 8,0,22,0]
    [C:\Program Files\Thunder Network\WebThunder\MediaAddin10.dll]  [Thunder Networking Technologies,LTD, 3, 1, 0, 62]
[PID: 3472][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\lenovo\IGRS EasyShare\IgrsAnywhere.dll]  [Lenovo Group Limited, 1, 0, 2, 60]
    [C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll]  [TechSmith Corporation, 1.0.6]
    [C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddinRes.dll]  [TechSmith Corporation, 1.0.6]
    [C:\Program Files\TechSmith\SnagIt 8\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.42]
    [C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_015.dll]  [Thunder Networking Technologies,LTD, 6, 0, 0, 5]
    [C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll]  [TechSmith Corporation, 1.0.1]
    [C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEMDATA\pUi8xjpixD_2002.dll]  [, 2, 0, 3, 0]
    [C:\Program Files\BitComet\tools\BitCometBHO.dll]  [BitComet, 20061226]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll]  [Thunder Networking Technologies,LTD, 5, 0, 0, 2]
    [C:\PROGRA~1\FLASHGET\jccatch.dll]  [Amaze Soft, 1, 1, 4, 0]
    [C:\Documents and Settings\All Users\Application Data\Microsoft\Office\USERDATA\2V3fudwSGM_2002.dll]  [Microsoft Corporation, 2, 0, 3, 0]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx]  [Macromedia, Inc., 8,0,22,0]
    [C:\WINDOWS\system32\UNISPIM.IME]  [北京清华紫光软件股份有限公司, 3.0.0.3045]
    [C:\WINDOWS\system32\upengine.dll]  [北京清华紫光软件股份有限公司, 3.0.0.3045]
[PID: 4548][C:\Documents and Settings\Administrator\桌面\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 7]
    [C:\Program Files\lenovo\IGRS EasyShare\IgrsAnywhere.dll]  [Lenovo Group Limited, 1, 0, 2, 60]

文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
[D:\]
[autorun]
open=d:\mplay.com

==================================
HOSTS 文件
127.0.0.1      localhost
58.215.74.216    test.nicemm.cn
58.215.74.216    new3.etsoft.com.cn
58.215.74.216    www.gaodumm.com
58.215.74.216    www.88cc8.com
58.215.74.216    wg770.com

==================================
API HOOK
N/A

==================================


[/CODE]

终于发完了，各位DX一定要帮忙啊

用冰刃结束以下非系统进程：
[PID: 700][C:\Program Files\cFosSpeed\spd.exe]
[PID: 896][C:\Program Files\lenovo\GUA\GUA.exe]
[PID: 916][C:\Program Files\lenovo\IGRS\IGRS.exe]
[PID: 608][C:\Program Files\lenovo\IGRS\Ext\IgrsMonitor.exe]
[PID: 1048][C:\Program Files\lenovo\IGRS\Ext\router.exe]
[PID: 1344][C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe]
[PID: 1588][C:\Program Files\lenovo\IGRS\Ext\wmcsvc.exe]
[PID: 1984][C:\Program Files\lenovo\IGRS Profiles\File Profile\IgrsFile.exe]
[PID: 2188][C:\Program Files\lenovo\IGRS EasyShare\FileShare.exe]
[PID: 3524][C:\WINDOWS\system32\rundll32.exe]
[PID: 4072][C:\Program Files\Lenovo\EnergyCut\utilty.exe]
[PID: 3244][C:\program files\internet explorer\iexplore.exe]
[PID: 3524][C:\WINDOWS\system32\rundll32.exe]
[PID: 3876][C:\WINDOWS\AGRSMMSG.exe]
[PID: 4072][C:\Program Files\Lenovo\EnergyCut\utilty.exe]
[PID: 284][C:\Program Files\Lenovo\EnergyCut\EnergyCut.exe]
[PID: 312][C:\Program Files\Synaptics\SynTP\SynTPEnh.exe]
[PID: 960][C:\Program Files\lenovo\IGRS\Ext\IgrsSignal.exe]
[PID: 976][C:\Program Files\cFosSpeed\cFosSpeed.exe]
[PID: 2348][C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe]
[PID: 556][C:\Program Files\lenovo\IGRS\Ext\IgrsNotify.exe]
[PID: 2512][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]
[PID: 2896][C:\Program Files\iTunes\iTunesHelper.exe]
[PID: 3040][C:\WINDOWS\system32\ezSP_Px.exe]
[PID: 3420][C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe]
[PID: 3468][C:\Program Files\iPod\bin\iPodService.exe]
[PID: 4008][C:\WINDOWS\msagent\AgentSvr.exe]
[PID: 2588][C:\program files\internet explorer\iexplore.exe]
[PID: 3472][C:\Program Files\Internet Explorer\iexplore.exe]

用冰刃打开注册表，打开HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run删除以下内容
<Internet><C:\WINDOWS\system32\internet.exe> [N/A]
打开HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run删除以下内容
<main><rundll32.exe "C:\program files\internet explorer\use9.dll" mymain> [N/A]
打开HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon修改
<Userinit><C:\WINDOWS\system32\userinit.exe,rundll32.exe C:\WINDOWS\system32\winsys16_070109.dll start> [N/A]
的值为C:\WINDOWS\system32\userinit.exe,（双击就可以修改）

用冰刃打开查看，服务禁用[3D38866A / 3D38866A][Stopped/Auto Start]
<C:\WINDOWS\system32\3D38866A.EXE -service><Microsoft Corporation>
[7E3E8388 / 7E3E8388][Stopped/Auto Start]
<C:\WINDOWS\system32\7E3E8388.EXE -service><Microsoft Corporation>
[Windows Video / VideoService][Stopped/Auto Start]
<C:\WINDOWS\svchost.exe><N/A>
这三个服务，在右面察看路经禁用就可以

删除以下文件（强制删除）
C:\WINDOWS\system32\3D38866A.EXE
C:\WINDOWS\system32\7E3E8388.EXE
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\winsys16_070109.dll
C:\program files\internet explorer\use9.dll
C:\WINDOWS\system32\internet.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\WINDOWS\system32\3D38866A.DLL
C:\WINDOWS\system32\7E3E8388.DLL
C:\WINDOWS\system32\fusstub.dll
C:\WINDOWS\system32\biologon.dll
d:\mplay.com
D:\autorun.inf 
以上全部在冰刃中执行

下一步修改HOST
打开C:\WINDOWS\system32\drivers\etc
用记事本打开hosts这个文件删除里面的
58.215.74.216 test.nicemm.cn
58.215.74.216 new3.etsoft.com.cn
58.215.74.216 www.gaodumm.com
58.215.74.216 www.88cc8.com
58.215.74.216 wg770.com

我快疯了，我都打弯了你还没有发完

冰刃下载地址http://www.ttian.net/website/2005/0829/391.html

捡个漏吧
把这个也顺手删咯吧
C:\WINDOWS\system32\winsys32_070109.dll

引用:

【鸟儿天上飞的贴子】捡个漏吧 把这个也顺手删咯吧 C:\WINDOWS\system32\winsys32_070109.dll ………………

哈哈  谢谢了，没有仔细看文件名 还以为相同呢

刚才用冰刃结束了一个头像像间谍的进程然后就蓝屏重启了，再打开那个头像就没了，是怎么回事啊

不知道，。。。说以下进程名称把

重新来