=======================================
操作历史报告：
----------查杀恶意软件历史----------

2007-02-27 19:07
查杀恶意软件 - cnwin Class - 危险 -
查杀恶意软件 - 广告软件ASN.2 - 危险 - C:\Documents and Settings\Administrator\Favorites\超级搜索.url
查杀恶意软件 - WinStdup - 危险 - C:\WINDOWS\system32\stdup.uni

2007-02-28 09:47
查杀恶意软件 - 广告软件ASN.2 - 危险 - C:\Documents and Settings\Administrator\Favorites\超级搜索.url

2007-02-28 10:34
查杀恶意软件 - 实用网址导航(酷站导航) - 危险 - C:\WINDOWS\system32\advport.dll

2007-03-02 15:35
查杀恶意软件 - 4199变种 - 危险 - C:\WINDOWS\system32\winttrs

2007-03-02 15:39
查杀恶意软件 - 4199变种 - 危险 - C:\WINDOWS\system32\drivers\cmdo_z.sys


----------插件卸载操作历史----------

2007-02-27 18:52
插件管理 - 伪lsass.exe -
插件管理 - 广告软件ASN.2 - C:\Documents and Settings\Administrator\Favorites\超级搜索.url
插件管理 - acpidisk驱动 - C:\WINDOWS\system32\drivers\acpidisk.sys
插件管理 - 17key.net Winkld -
2007-02-27 19:08
插件管理 - 腾讯QQ附带的QQIEHelper插件 -

----------全面诊断修复历史----------

2007-03-02 16:15
O23 - 未知 - 2F54C3B4 - C:\WINDOWS\system32\2F54C3B4.EXE -service
O23 - 未知 - 7F340B78 - C:\WINDOWS\system32\7F340B78.EXE -service
O23 - 未知 - bsna - C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\COMMON~1\wufv\gesf.dll,Service -s
O23 - 未知 - jsefusf - C:\WINDOWS\system32\jsefusf.exe -service
2007-03-02 18:31
O4 - 安全 - 1 - c:\windows\system32\delshare.bat
O2 - 未知 - 浏览器辅助对象(BHO) -
O23 - 未知 - 2F54C3B4 - C:\WINDOWS\system32\2F54C3B4.EXE -service
O23 - 未知 - 7F340B78 - C:\WINDOWS\system32\7F340B78.EXE -service

----------修复IE浏览器操作历史----------

2007-02-27 18:44
R0 - 危险 - IE首页 - HKLM\Software\Microsoft\Internet Explorer\Main
R0 - 危险 - IE首页 - HKCU\Software\Microsoft\Internet Explorer\Main
R0 - 危险 - IE搜索页 - HKLM\Software\Microsoft\Internet Explorer\Main
R0 - 危险 - IE起始页的默认页 - HKLM\Software\Microsoft\Internet Explorer\Main
R1 - 危险 - IE左侧搜索页 - HKCU\Software\Microsoft\Internet Explorer\Main
R0 - 危险 - IE备用搜索引擎 - HKLM\Software\Microsoft\Internet Explorer\Search
R1 - 危险 - 启用备用搜索引擎 - HKCU\Software\Microsoft\Internet Explorer\Main
O14 - 危险 - Web原始设置IERESET.INF - C:\WINDOWS\inf\iereset.inf
2007-02-28 09:48
R0 - 危险 - IE首页 - HKLM\Software\Microsoft\Internet Explorer\Main
2007-02-28 10:36
R0 - 危险 - IE首页 - HKLM\Software\Microsoft\Internet Explorer\Main
R0 - 危险 - IE首页 - HKCU\Software\Microsoft\Internet Explorer\Main
2007-03-02 16:12
R0 - 危险 - IE首页 - HKLM\Software\Microsoft\Internet Explorer\Main
R1 - 危险 - IE左侧搜索页 - HKCU\Software\Microsoft\Internet Explorer\Main
R1 - 危险 - 启用备用搜索引擎 - HKCU\Software\Microsoft\Internet Explorer\Main

=======================================

360安全卫士，彻底查杀各种流氓软件,全面保护系统安全,并赠送正版卡巴斯基V6.0
最新免费下载：http://www.360safe.com

大虾，帮我看看！


Logfile of HijackThis v1.99.1
Scan saved at 20:11:45, on 2007-3-2
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\Program Files\Rising\Rfw\rfwsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\clipsrv.exe
C:\MSSQL7\binn\sqlservr.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Rising\AntiSpyware\runiep.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\Program Files\wnwb\wnwb.exe
C:\Program Files\Rising\Rav\RsAgent.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Rising\Rfw\rfwmain.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Rising\Rav\InBuild.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.875\HijackThis.exe
C:\Program Files\Rising\Rav\Rav.exe

R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}? - (no file)
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162}? - (no file)
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll
O2 - BHO: (no name) - {C14393E1-95FF-4DFF-9BE0-EA008D4EF930} - (no file)
O2 - BHO: XBTBPos00 - {EEC7E620-B32A-4E3B-B200-291660803474} - C:\PROGRA~1\搜索栏\eqiso.dll
O3 - Toolbar: 搜索栏 - {33E640D8-EB95-4B22-B475-1852B7D35993} - C:\Program Files\搜索栏\eqiso.dll
O4 - HKLM\..\Run: [runeip] C:\Program Files\Rising\AntiSpyware\runiep.exe
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [NetMark] C:\PROGRA~1\NetMark.exe
O4 - HKLM\..\RunOnce: [RavStub] "C:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE
O4 - HKLM\..\RunOnce: [KKDelay] C:\Program Files\Rising\AntiSpyware\RunOnce.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &使用迅雷下载 - D:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - D:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559}? - D:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559}? - D:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}? - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java 控制台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}? - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - D:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - D:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: JUJU猫宽带宝藏论坛 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F}? - http://www.jujumao.net (file missing)
O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263}? - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6}? - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6}? - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}? - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}? - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=about:blank
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://supportapj.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160452666265
O17 - HKLM\System\CCS\Services\Tcpip\..\{7C3CC7B4-25F4-4B80-B0E4-E54E663415A0}: NameServer = 211.137.130.19
O17 - HKLM\System\CCS\Services\Tcpip\..\{9CBC1AE8-9007-413E-8A87-BAF05A167322}: NameServer = 211.137.130.19
O17 - HKLM\System\CCS\Services\Tcpip\..\{F59E64FA-C521-460D-B0D8-F0453902C366}: NameServer = 211.137.130.19
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll
O23 - Service: B316BEC4 - Unknown owner - C:\WINDOWS\system32\B316BEC4.EXE (file missing)
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe

先升级杀毒、木马、360安全卫士软件最新版本在安全模式下杀毒都运行一遍，
1. 右键 我的电脑 ，属性，系统还原，在所有驱动器上关闭系统还原 打勾即可。 清除IE的临时文件：打开IE 点工具-->Internet选项 : Internet临时文件，点“删除文件”按钮 ，将 删除所有脱机内容 打勾，点确定删除。
    2.手工这样清除：清除前先结束掉进程中的可疑进程（如：ffudf.exe，iexplore等）打开我的电脑，和注册表搜索（隐藏的也是搜）： ffudf.exe；cryptimg.dll；use17.dll；winsys16_070221.dll；wkernel33.exe；cryptimg.dll；CMQTV.DLL；svchosts.exe；prwod.dll；iwif.dll；jsefusf.exe
全部删除掉，再重启机子，重新搜索，再删除一次，就OK了，我的电脑，就是这样解决的。

各位大侠·~·还是不行啊~~~

我的还是不行啊,老是弹出来,现在好象越来越严重了

55555