[CODE]

2007-01-28,20:20:06

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 1 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background>  [(Verified)Microsoft Corporation]
    <Super Rabbit IEPro><F:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE /LOAD>  [Super Rabbit Soft]
    <avptask><C:\Progra~1\Eset\expl0rer.exe>  [N/A]
    <51h><C:\WINDOWS\iexpl0re.exe>  [N/A]
    <zyjlx6fmsw9z3gd><C:\WINDOWS\winlog0n.exe>  [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <SoundMan><soundman.exe>  [Avance Logic, Inc.]
    <Kaspersky Anti-Virus 2006><C:\Program Files\Kaspersky Lab\AVP6\avp.exe>  [Kaspersky Lab]
    <BigDogPath><C:\WINDOWS\VM_STI.EXE FAMETECH USB PC CAMERA>  [N/A]
    <Super Rabbit SRRestore><F:\PROGRA~1\SUPERR~1\MagicSet\SRRest.exe /autosave>  [Super Rabbit Soft]
    <HP Software Update><C:\Program Files\HP\HP Software Update\HPWuSchd2.exe>  [Hewlett-Packard Co.]
    <SysExplr><E:\SuperPLAY3500\SysExplr.exe>  [N/A]
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [N/A]
    <RfwMain><"E:\CP\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <upsy><C:\DOCUME~1\DCB\LOCALS~1\Temp\zt.exe>  [Microsoft Corporation]
    <sye><C:\WINDOWS\sye.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system\userinit.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]

==================================
启动文件夹
[CONFIG]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\CONFIG.VBS -->  [N/A]><N>
[HP Digital Imaging Monitor]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\HP Digital Imaging Monitor.lnk --> C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [Hewlett-Packard Co.]><N>
[Microsoft Office]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk --> D:\program\office2k\Office\OSA9.EXE [Microsoft Corporation]><N>
[QQ游戏启动加速程序]
  <C:\Documents and Settings\DCB\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> E:\QQGame\Accel.exe [深圳市腾讯计算机系统有限公司]><N>

==================================
服务
[Application Layer Gateway Service / ALG][Stopped/Manual Start]
  <C:\WINDOWS\System32\alg.exe><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Proxy  Service / RfwProxySrv][Stopped/Manual Start]
  <e:\cp\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
  <e:\cp\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal FireWall / Rising Personal FireWall][Stopped/Disabled]
  <><N/A>
[Win32 Display Driver / Win32DDS][Stopped/Auto Start]
  <C:\WINDOWS\System32\\rundll32.exe windds32.dll,input><Microsoft Corporation>
[Windows DHCP Service / WinDHCPsvc][Stopped/Auto Start]
  <C:\WINDOWS\System32\\rundll32.exe windhcp.ocx,start><Microsoft Corporation>

==================================
驱动程序
[ADProt / ADProt][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\ADProt.sys><腾讯科技（深圳）有限公司>
[Service for Avance AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Avance Logic, Inc.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[BdGuard / BdGuard][Running/Boot Start]
  <\SystemRoot\System32\drivers\BDGuard.SYS><N/A>
[EagleNT / EagleNT][Stopped/Manual Start]
  <\??\C:\WINDOWS\System32\drivers\EagleNT.sys><N/A>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\E:\CP\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[mProcRs / mProcRs][Running/Auto Start]
  <\??\e:\cp\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
  <System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[oreans32 / oreans32][Stopped/System Start]
  <\??\C:\WINDOWS\system32\drivers\oreans32.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[RsFwDrv / RsFwDrv][Running/Auto Start]
  <\??\E:\CP\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[SKNFW / SKNFW][Running/System Start]
  <\??\C:\WINDOWS\System32\Drivers\SKNFW.sys><N/A>
[SkyProcs / SkyProcs][Stopped/Manual Start]
  <\??\E:\Program Files\SkyNet\FireWall\SkyProcs.sys><N/A>
[VCD VNC Virtual Network Adapter / vcddev][Running/Manual Start]
  <System32\DRIVERS\vcdvnic.sys><VNN B.J.>
[wqqzgomt / wqqzgomt][Stopped/Manual Start]
  <\??\C:\WINDOWS\System32\drivers\wqqzgomt.sys><N/A>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <System32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[FAMETECH USB PC CAMERA / ZSMC301b][Running/Manual Start]
  <System32\Drivers\usbVM31b.sys><VM>

浏览器加载项
[Thunder Browser Helper]
  {7369D359-5B70-4A5B-B789-B25FE09B4AF3} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[超级兔子上网精灵]
  {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <F:\PROGRA~1\SUPERR~1\MagicSet\haokanbar.dll, Xiang Feng Technology>
[BandIE Class]
  {77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\Program Files\BaiDu\bar\BaiduBar.dll, Baidu.com, Inc.>
[江民在线杀毒]
  {06926B30-424E-4f1c-8EE3-543CD96573DC} <http://online.jiangmin.com/online.asp, N/A>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <E:\qq\QQ.EXE, TENCENT>
[BitCometBar]
  {3F1ABCDB-A875-46c1-8345-B72A4567E486} <E:\BitComet\BitCometBar\BitCometBar0.3.dll, N/A>
[百度超级搜霸]
  {B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\Program Files\BaiDu\bar\BaiduBar.dll, Baidu.com, Inc.>
[Alexa]
  {3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B} <C:\WINDOWS\System32\SHDOCVW.DLL, Microsoft Corporation>
[超级兔子上网精灵]
  {43869BB3-22FD-4F15-9B46-238106BA2F4E} <F:\PROGRA~1\SUPERR~1\MagicSet\haokanbar.dll, Xiang Feng Technology>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[MediaGatewayX]
  {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} <C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll, 180solutions>
[WebActivater Control]
  {C661F36D-DF85-4EF4-83C7-E107B83D04B1} <C:\WINDOWS\System32\3DShowVM.ocx, QQ>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[CPasswordEditCtrl Object]
  {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\System32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
[KvScanOnline Control]
  {EF6205C1-3F17-4829-BCB5-1336ED89E356} <C:\WINDOWS\System32\KvDown.ocx, dreamersoft>
[pCastPanel Class]
  {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} <C:\WINDOWS\Downloaded Program Files\pCastCtl.dll, >
[&使用迅雷下载]
  <C:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[&使用迅雷下载全部链接]
  <C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>
[Google 搜索(&G)]
  <res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html, N/A>
[上传到QQ网络硬盘]
  <E:\qq\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
  <E:\qq\AddPanel.htm, N/A>
[添加到QQ表情]
  <E:\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <E:\qq\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 584][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 660][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 684][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 728][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 740][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 908][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 984][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1120][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1192][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1272][e:\cp\rising\rfw\rfwsrv.exe]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 30]
    [e:\cp\rising\rfw\RfwRule.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 3]
    [e:\cp\rising\rfw\rfwlog.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 2]
    [e:\cp\rising\rfw\Rfwdrv.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 10]
    [e:\cp\rising\rfw\MonDrv.dll]  [rs, 1, 0, 0, 4]
    [e:\cp\rising\rfw\ProcLib.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 5]
    [e:\cp\rising\rfw\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[PID: 1500][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\system32\hpzll3xu.dll]  [Hewlett-Packard Company, 60.051.641.00]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\hpzpp3xu.dll]  [Hewlett-Packard Corporation, 60.051.641.00]
[PID: 1684][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\LgSyl.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\LgSym.dll]  [N/A, N/A]
    [C:\DOCUME~1\DCB\LOCALS~1\Temp\upsy.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\sye.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\windds32.dll]  [N/A, N/A]
    [C:\Program Files\BaiDu\bar\BaiduBar.dll]  [Baidu.com, Inc., 2, 0, 2, 124]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll]  [Thunder Networking Technologies,LTD, 5, 0, 1, 4]
[PID: 1884][C:\WINDOWS\soundman.exe]  [Avance Logic, Inc., 5, 0, 0, 0]
[PID: 1900][C:\WINDOWS\VM_STI.EXE]  [VM., 4.2.610.4]
    [C:\WINDOWS\System32\msdmo.dll]  [N/A, N/A]

[C:\WINDOWS\System32\VM31bPrp.Ax]  [VM, 4.2.711.31]
[PID: 1908][e:\cp\rising\rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 70]
    [e:\cp\rising\rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 31]
    [e:\cp\rising\rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [e:\cp\rising\rfw\RfwCtrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [e:\cp\rising\rfw\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [e:\cp\rising\rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\WINDOWS\System32\LgSyl.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\LgSym.dll]  [N/A, N/A]
[PID: 1936][C:\Program Files\HP\HP Software Update\HPWuSchd2.exe]  [Hewlett-Packard Co., 53.0.13.000]
[PID: 2012][C:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 192][F:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE]  [Super Rabbit Soft, 7.85]
    [F:\PROGRA~1\SUPERR~1\MagicSet\shlobj71.ocx]  [Sky Software (http://www.ssware.com), 7, 1, 0, 0]
    [C:\WINDOWS\System32\LgSyl.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\LgSym.dll]  [N/A, N/A]
[PID: 200][C:\Progra~1\Eset\expl0rer.exe]  [N/A, N/A]
[PID: 216][C:\WINDOWS\iexpl0re.exe]  [N/A, N/A]
    [C:\WINDOWS\System32\LgSym.dll]  [N/A, N/A]
[PID: 248][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 388][C:\WINDOWS\winlog0n.exe]  [N/A, N/A]
    [C:\WINDOWS\System32\LgSyl.dll]  [N/A, N/A]
[PID: 400][C:\WINDOWS\System32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 448][C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpqcxm08.dll]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpquio08.dll]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.rsc]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpqtao08.dll]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpotradd.dll]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpftra01.dll]  [Hewlett-Packard, 1, 0, 0, 2]
    [C:\Program Files\HP\Digital Imaging\bin\hpqrif08.dll]  [Hewlett-Packard Co., 53.0.20.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpqmif08.dll]  [Hewlett-Packard Co., 53.0.20.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpodvd09.dll]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpoddcomm09.dll]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpodio08.dll]  [Hewlett-Packard Co., 50.0.165.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpqusg.dll]  [Hewlett-Packard Co., 53.0.13.000]
[PID: 1128][C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpqmfc09.dll]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpqtap08.dll]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpqcxm08.dll]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.rsc]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpqsti08.dll]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpqstv08.dll]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpqsem08.rsc]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpocxi08.dll]  [Hewlett-Packard Co., 50.0.125.000]
[PID: 340][F:\反病毒软件\293_System Repair Engineer V2.3\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]
    [C:\WINDOWS\System32\LgSyl.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\LgSym.dll]  [N/A, N/A]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost

==================================
API HOOK
N/A

==================================


[/CODE]

没高手啊。。。。。。。。。。我晕

问题挺严重的.要杀很久.

安全模式下
打开sreng 启动项目  注册表 删除如下项目 (如果有哪项你认识或者确认不是病毒 请不要删除)
<avptask><C:\Progra~1\Eset\expl0rer.exe> [N/A]
<51h><C:\WINDOWS\iexpl0re.exe> [N/A]
<zyjlx6fmsw9z3gd><C:\WINDOWS\winlog0n.exe> [N/A]
[CONFIG]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\CONFIG.VBS --> [N/A]><N>

“启动项目”-“服务”-“Win32服务应用程序”中点“隐藏经认证的微软项目”，
选中以下项目，点“删除服务”，再点“设置”，在弹出的框中点“否”：
Win32 Display Driver / Win32DDS
Windows DHCP Service / WinDHCPsvc


在“启动项目”-“服务”-“驱动程序”中点“隐藏经认证的微软项目”，
选中以下项目，点“删除服务”，再点“设置”，在弹出的框中点“否”：oreans32 / oreans32
wqqzgomt / wqqzgomt



重启计算机 安全模 式
双击我的电脑－工具－文件夹选项－查看－显示所有文件和文件夹，把“隐藏受保护的系统文件”的勾去掉。
然后删除
C:\WINDOWS\winlog0n.exe
C:\WINDOWS\iexpl0re.exe
C:\Progra~1\Eset\expl0rer.exe
C:\WINDOWS\System32\windds32.dll
C:\WINDOWS\System32\windhcp.ocx
C:\WINDOWS\system32\drivers\oreans32.sys
C:\WINDOWS\System32\drivers\wqqzgomt.sys
C:\WINDOWS\System32\sye.dll
C:\WINDOWS\System32\LgSyl.dll
C:\WINDOWS\System32\LgSym.dll
C:\DOCUME~1\DCB\LOCALS~1\Temp\下面所有文件

[CODE]

2007-01-28,21:26:04

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 1 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background>  [(Verified)Microsoft Corporation]
    <Super Rabbit IEPro><F:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE /LOAD>  [Super Rabbit Soft]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <SoundMan><soundman.exe>  [Avance Logic, Inc.]
    <Kaspersky Anti-Virus 2006><C:\Program Files\Kaspersky Lab\AVP6\avp.exe>  [Kaspersky Lab]
    <BigDogPath><C:\WINDOWS\VM_STI.EXE FAMETECH USB PC CAMERA>  [N/A]
    <Super Rabbit SRRestore><F:\PROGRA~1\SUPERR~1\MagicSet\SRRest.exe /autosave>  [Super Rabbit Soft]
    <HP Software Update><C:\Program Files\HP\HP Software Update\HPWuSchd2.exe>  [Hewlett-Packard Co.]
    <SysExplr><E:\SuperPLAY3500\SysExplr.exe>  [N/A]
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [N/A]
    <RfwMain><"E:\CP\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <upsy><C:\DOCUME~1\DCB\LOCALS~1\Temp\zt.exe>  [N/A]
    <sye><C:\WINDOWS\sye.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system\userinit.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]

==================================
启动文件夹
[CONFIG]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\CONFIG.VBS -->  [N/A]><N>
[HP Digital Imaging Monitor]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\HP Digital Imaging Monitor.lnk --> C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [Hewlett-Packard Co.]><N>
[Microsoft Office]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk --> D:\program\office2k\Office\OSA9.EXE [Microsoft Corporation]><N>
[QQ游戏启动加速程序]
  <C:\Documents and Settings\DCB\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> E:\QQGame\Accel.exe [深圳市腾讯计算机系统有限公司]><N>

==================================
服务
[Application Layer Gateway Service / ALG][Stopped/Manual Start]
  <C:\WINDOWS\System32\alg.exe><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Proxy  Service / RfwProxySrv][Stopped/Manual Start]
  <e:\cp\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
  <e:\cp\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal FireWall / Rising Personal FireWall][Stopped/Disabled]
  <><N/A>

==================================
驱动程序
[ADProt / ADProt][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\ADProt.sys><腾讯科技（深圳）有限公司>
[Service for Avance AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Avance Logic, Inc.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[BdGuard / BdGuard][Running/Boot Start]
  <\SystemRoot\System32\drivers\BDGuard.SYS><N/A>
[EagleNT / EagleNT][Stopped/Manual Start]
  <\??\C:\WINDOWS\System32\drivers\EagleNT.sys><N/A>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\E:\CP\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[mProcRs / mProcRs][Running/Auto Start]
  <\??\e:\cp\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
  <System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[RsFwDrv / RsFwDrv][Running/Auto Start]
  <\??\E:\CP\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[SKNFW / SKNFW][Running/System Start]
  <\??\C:\WINDOWS\System32\Drivers\SKNFW.sys><N/A>
[SkyProcs / SkyProcs][Stopped/Manual Start]
  <\??\E:\Program Files\SkyNet\FireWall\SkyProcs.sys><N/A>
[VCD VNC Virtual Network Adapter / vcddev][Running/Manual Start]
  <System32\DRIVERS\vcdvnic.sys><VNN B.J.>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <System32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[FAMETECH USB PC CAMERA / ZSMC301b][Running/Manual Start]
  <System32\Drivers\usbVM31b.sys><VM>

浏览器加载项
[Thunder Browser Helper]
  {7369D359-5B70-4A5B-B789-B25FE09B4AF3} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[超级兔子上网精灵]
  {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <F:\PROGRA~1\SUPERR~1\MagicSet\haokanbar.dll, Xiang Feng Technology>
[BandIE Class]
  {77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\Program Files\BaiDu\bar\BaiduBar.dll, Baidu.com, Inc.>
[江民在线杀毒]
  {06926B30-424E-4f1c-8EE3-543CD96573DC} <http://online.jiangmin.com/online.asp, N/A>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <E:\qq\QQ.EXE, TENCENT>
[BitCometBar]
  {3F1ABCDB-A875-46c1-8345-B72A4567E486} <E:\BitComet\BitCometBar\BitCometBar0.3.dll, N/A>
[百度超级搜霸]
  {B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\Program Files\BaiDu\bar\BaiduBar.dll, Baidu.com, Inc.>
[Alexa]
  {3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B} <C:\WINDOWS\System32\SHDOCVW.DLL, Microsoft Corporation>
[超级兔子上网精灵]
  {43869BB3-22FD-4F15-9B46-238106BA2F4E} <F:\PROGRA~1\SUPERR~1\MagicSet\haokanbar.dll, Xiang Feng Technology>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[MediaGatewayX]
  {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} <C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll, 180solutions>
[WebActivater Control]
  {C661F36D-DF85-4EF4-83C7-E107B83D04B1} <C:\WINDOWS\System32\3DShowVM.ocx, QQ>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[CPasswordEditCtrl Object]
  {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\System32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
[KvScanOnline Control]
  {EF6205C1-3F17-4829-BCB5-1336ED89E356} <C:\WINDOWS\System32\KvDown.ocx, dreamersoft>
[pCastPanel Class]
  {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} <C:\WINDOWS\Downloaded Program Files\pCastCtl.dll, >
[&使用迅雷下载]
  <C:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[&使用迅雷下载全部链接]
  <C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>
[Google 搜索(&G)]
  <res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html, N/A>
[上传到QQ网络硬盘]
  <E:\qq\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
  <E:\qq\AddPanel.htm, N/A>
[添加到QQ表情]
  <E:\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <E:\qq\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 588][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 660][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 684][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 728][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 740][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 908][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 984][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1120][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1216][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1288][e:\cp\rising\rfw\rfwsrv.exe]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 30]
    [e:\cp\rising\rfw\RfwRule.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 3]
    [e:\cp\rising\rfw\rfwlog.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 2]
    [e:\cp\rising\rfw\Rfwdrv.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 10]
    [e:\cp\rising\rfw\MonDrv.dll]  [rs, 1, 0, 0, 4]
    [e:\cp\rising\rfw\ProcLib.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 5]
    [e:\cp\rising\rfw\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
[PID: 1508][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\system32\hpzll3xu.dll]  [Hewlett-Packard Company, 60.051.641.00]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\hpzpp3xu.dll]  [Hewlett-Packard Corporation, 60.051.641.00]
[PID: 1680][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\sye.dll]  [N/A, N/A]
    [C:\Program Files\BaiDu\bar\BaiduBar.dll]  [Baidu.com, Inc., 2, 0, 2, 124]
[PID: 1888][C:\WINDOWS\soundman.exe]  [Avance Logic, Inc., 5, 0, 0, 0]
[PID: 1904][C:\WINDOWS\VM_STI.EXE]  [VM., 4.2.610.4]
    [C:\WINDOWS\System32\msdmo.dll]  [N/A, N/A]

[C:\WINDOWS\System32\VM31bPrp.Ax]  [VM, 4.2.711.31]
[PID: 1928][C:\Program Files\HP\HP Software Update\HPWuSchd2.exe]  [Hewlett-Packard Co., 53.0.13.000]
[PID: 1952][E:\CP\Rising\Rfw\rfwmain.exe]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 70]
    [E:\CP\Rising\Rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 31]
    [E:\CP\Rising\Rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [E:\CP\Rising\Rfw\RfwCtrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [E:\CP\Rising\Rfw\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [E:\CP\Rising\Rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[PID: 1976][C:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 172][F:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE]  [Super Rabbit Soft, 7.85]
    [F:\PROGRA~1\SUPERR~1\MagicSet\shlobj71.ocx]  [Sky Software (http://www.ssware.com), 7, 1, 0, 0]
[PID: 268][C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpqcxm08.dll]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpquio08.dll]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.rsc]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpqtao08.dll]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpotradd.dll]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpftra01.dll]  [Hewlett-Packard, 1, 0, 0, 2]
    [C:\Program Files\HP\Digital Imaging\bin\hpqrif08.dll]  [Hewlett-Packard Co., 53.0.20.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpqmif08.dll]  [Hewlett-Packard Co., 53.0.20.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpodvd09.dll]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpoddcomm09.dll]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpodio08.dll]  [Hewlett-Packard Co., 50.0.165.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpqusg.dll]  [Hewlett-Packard Co., 53.0.13.000]
[PID: 288][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 500][C:\WINDOWS\System32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 1184][C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpqmfc09.dll]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpqtap08.dll]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpqcxm08.dll]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.rsc]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpqsti08.dll]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpqstv08.dll]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpqsem08.rsc]  [Hewlett-Packard Co., 53.0.13.000]
    [C:\Program Files\HP\Digital Imaging\bin\hpocxi08.dll]  [Hewlett-Packard Co., 50.0.125.000]
[PID: 1752][F:\反病毒软件\293_System Repair Engineer V2.3\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]
[PID: 1896][C:\WINDOWS\System32\wuauclt.exe]  [Microsoft Corporation, 5.4.3630.1106 (xpsp1.020828-1920)]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost

==================================
API HOOK
N/A

==================================


[/CODE]

按照5楼的方法做了.刚扫了下/.看下好没