[CODE]

2007-04-19,14:21:42

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <Super Rabbit IEPro><C:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE /LOAD>  [Super Rabbit Soft]
    <ctfmon.exe><ctfmon.exe>  [Microsoft Corporation]
    <QQDownload><"E:\QQDownload\QQDownload.exe" autostart>  [N/A]
    <uu2buk1><C:\DOCUME~1\admin\LOCALS~1\Temp\iexpl0re.exe>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <Synchronization Manager><mobsync.exe /logon>  [(Verified)Microsoft Windows 2000 Publisher]
    <SoundMan><SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]
    <DAEMON Tools><"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033>  [(Verified)DAEMON Tools Code Signing Services]
    <TkBellExe><; "realsched.exe" -osboot>  [N/A]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <WangWang><"F:\Program Files\淘宝网\淘宝旺旺\WangWang.EXE">  [阿里软件（中国）有限公司]
    <stup.exe><C:\PROGRA~1\TENCENT\Adplus\stup.exe>  [Tencent]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows 2000 Publisher]
    <Userinit><C:\WINNT\system32\userinit.exe,>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINNT\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]

==================================
启动文件夹
[AutoCAD 启动加速器]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\AutoCAD 启动加速器.lnk --> C:\PROGRA~1\COMMON~1\AUTODE~1\ACSTAR~1.EXE [Autodesk, Inc]><N>
[Microsoft Office]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk --> C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [Microsoft Corporation]><N>
[QQ游戏启动加速程序]
  <C:\Documents and Settings\admin\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> E:\QQGame\Accel.exe [N/A]><N>
[腾讯QQ]
  <C:\Documents and Settings\admin\「开始」菜单\程序\启动\腾讯QQ.lnk --> E:\QQ\QQ.exe [N/A]><N>

==================================
服务
[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
  <C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Autodesk Licensing Service / Autodesk Licensing Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"><Autodesk, Inc.>
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[TCP/IP Check / Hello Download][Stopped/Auto Start]
  <C:\Program Files\Common Files\System\wab32res.exe><N/A>
[Rising Proxy  Service / RfwProxySrv][Stopped/Manual Start]
  <c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
  <c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
  <C:\WINNT\System32\svchost.exe -k netsvcs-->C:\WINNT\system32\mspmsnsv.dll><Microsoft Corporation>

==================================
驱动程序
[Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]
  <system32\drivers\ALCXSENS.SYS><Sensaura Ltd>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[dmboot / dmboot][Stopped/Disabled]
  <System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[dtscsi / dtscsi][Running/Manual Start]
  <\SystemRoot\System32\Drivers\dtscsi.sys><N/A>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[VIA Rhine Family Fast Ethernet Adapter Driver Service / FETNDISB][Running/Manual Start]
  <System32\DRIVERS\fetnd5b.sys><VIA Technologies, Inc.>
[HookCont / HookCont][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[kmsinput / kmsinput][Stopped/Manual Start]
  <\??\C:\WINNT\system32\drivers\kmsinput.sys><N/A>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs][Running/Auto Start]
  <\??\c:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[New0 / New0][Running/Auto Start]
  <\??\C:\WINNT\system32\new.sys><N/A>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\E:\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[NTSIM / NTSIM][Stopped/Manual Start]
  <\??\C:\WINNT\System32\ntsim.sys><VIA Networking Technologies, Inc.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[QKeyServiceDisplay / QKeyService][Running/Boot Start]
  <\SystemRoot\system32\KeyCrypt.sys><>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[RsFwDrv / RsFwDrv][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[S3Psddr / S3Psddr][Running/Manual Start]
  <System32\DRIVERS\s3gnbm.sys><S3 Graphics, Inc.>
[sptd / sptd][Running/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[TSP / TSP][Stopped/Manual Start]
  <\??\C:\WINNT\system32\drivers\klif.sys><N/A>
[VIA AGP Filter / viaagp1][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\viaagp1.sys><VIA Technologies, Inc.>
[VIA USB Filter / viafilter][Stopped/Manual Start]
  <\SystemRoot\System32\Drivers\viausb.sys><VIA Technologies, Inc.>
[viaide / viaide][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\viaide.sys><VIA Technologies, Inc.>
[WINIO / WINIO][Stopped/Manual Start]
  <\??\C:\WINNT\Downloaded Program Files\winio.sys><N/A>

==================================
浏览器加载项
[QQCycloneHelper Class]
  {00000000-12C9-4305-82F9-43058F20E8D2} <E:\QQDownload\QQIEHelper02.dll, 腾讯公司>
[Tencent Browser Helper]
  {0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\Adplus\SSAddr.dll, Tencent>
[IeCatch5 Class]
  {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <F:\PROGRA~1\FLASHGET\jccatch.dll, FlashGet>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <E:\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[gFlash Class]
  {F156768E-81EF-470C-9057-481BA8380DBA} <F:\PROGRA~1\FLASHGET\getflash.dll, >
[联信通宽频数字家园]
  {039C4009-5283-4365-97BF-144054B40E2E} <, N/A>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <E:\QQ\QQ.EXE, N/A>
[FlashGet]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <F:\PROGRA~1\FLASHGET\flashget.exe, N/A>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <E:\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <F:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINNT\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[GDHidCtrl Class]
  {220ED87A-CB03-45A8-A81E-1C5597E11186} <C:\WINNT\system32\GDHidUsr\GDHidUsr.dll, >
[WebActivater Control]
  {3D8F74EE-8692-4F8F-B8D2-7522E732519E} <C:\WINNT\system32\WEBACT~1.OCX, QQ>
[CEditCtrl Object]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINNT\system32\aliedit\AliEdit.dll, www.alipay.com>
[UploadControl Control]
  {52FF336D-A05D-4A14-A3A1-7B6B4B427F88} <C:\WINNT\system32\UPLOAD~1.OCX, 广州网易互动娱乐有限公司>
[Downloader Class]
  {5932517A-3326-4439-A708-1C98EDB5C549} <C:\WINNT\system32\iMopDl.dll, >
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINNT\DOWNLO~1\INPUTC~1.DLL, >
[VnetAnprIns Class]
  {74447F9C-5691-4A9A-8BE4-564092E40B03} <C:\WINNT\Downloaded Program Files\anprins.dll, 中国电信股份有限公司>
[Qzone Media Tools]
  {A96C48EA-AA88-4BBD-B58C-7B41146A6EAC} <E:\QQ\QZone\QZONEM~1.OCX, Tencent Technology (Shenzhen) Company Limited>
[WebActivater Control]
  {C661F36D-DF85-4EF4-83C7-E107B83D04B1} <C:\WINNT\system32\3DShowVM.ocx, QQ>
[NTKO OFFICE文档控件]
  {C9BC4DFF-4248-4A3C-8A49-63A7D317F404} <C:\WINNT\Downloaded Program Files\OfficeControl.ocx, 千航网络[NTKO SOFTWARE] WEB:http://www.ntko.com Email: tanger@ntko.com>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[Rising Web Scan Object]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINNT\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[CPasswordEditCtrl Object]
  {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINNT\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
[WangWangObj Class]
  {6E213FC7-DD5A-4115-B7E6-D4C7838C361E} <F:\Program Files\淘宝网\淘宝旺旺\WangWangX4.dll, 阿里软件（中国）有限公司>
[&使用超级旋风下载]
  <E:\QQDownload\geturl.htm, N/A>
[&使用超级旋风下载全部链接]
  <E:\QQDownload\getAllurl.htm, N/A>
[上传到QQ网络硬盘]
  <E:\QQ\AddToNetDisk.htm, N/A>
[使用网际快车下载]
  <F:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <F:\Program Files\FlashGet\jc_all.htm, N/A>
[添加到QQ自定义面板]
  <E:\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <E:\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <E:\QQ\SendMMS.htm, N/A>

=================================
正在运行的进程
[PID: 192][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 216][\??\C:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 236][\??\C:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.00.2195.6997]
    [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
    [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\winabc.ime]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 268][C:\WINNT\system32\services.exe]  [Microsoft Corporation, 5.00.2195.7035]
    [C:\WINNT\system32\dmserver.dll]  [VERITAS Software Corp., 2195.6605.297.3]
[PID: 280][C:\WINNT\system32\lsass.exe]  [Microsoft Corporation, 5.00.2195.7011]
[PID: 452][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 1088][c:\program files\rising\rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 51]
    [C:\WINNT\system32\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
    [c:\program files\rising\rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 23]
    [c:\program files\rising\rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [c:\program files\rising\rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\WINNT\system32\winabc.ime]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\system32\MSCTF.dll]  [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
[PID: 1348][C:\WINNT\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5.1.06]
    [C:\WINNT\system32\winabc.ime]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\system32\MSCTF.dll]  [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
[PID: 1448][C:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE]  [Super Rabbit Soft, 7.76]
    [C:\WINNT\system32\MSVBVM60.DLL]  [Microsoft Corporation, 6.00.9690]
    [C:\WINNT\system32\vb6chs.dll]  [Microsoft Corporation, 6.00.8988]
    [C:\WINNT\system32\MSCTF.dll]  [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
    [C:\WINNT\system32\winabc.ime]  [Microsoft Corporation, 5.00.2195.6601]
    [E:\超级兔子\MagicSet\shlobj71.ocx]  [Sky Software (http://www.ssware.com), 7, 1, 0, 0]
    [C:\WINNT\mui\fallback\0804\msctf.dll.mui]  [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
[PID: 1464][C:\WINNT\system32\ctfmon.exe]  [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
    [C:\WINNT\system32\MSCTF.dll]  [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
    [C:\WINNT\system32\MSUTB.dll]  [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
    [C:\WINNT\system32\winabc.ime]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\mui\fallback\0804\msutb.dll.mui]  [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
    [C:\WINNT\mui\fallback\0804\msctf.dll.mui]  [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
[PID: 1816][C:\WINNT\system32\notepad.exe]  [Microsoft Corporation, 5.00.2140.1]
    [C:\WINNT\system32\MSCTF.dll]  [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
    [C:\WINNT\system32\winabc.ime]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 1828][C:\WINNT\system32\notepad.exe]  [Microsoft Corporation, 5.00.2140.1]
    [C:\WINNT\system32\MSCTF.dll]  [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
    [C:\WINNT\system32\winabc.ime]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 2172][C:\WINNT\system32\notepad.exe]  [Microsoft Corporation, 5.00.2140.1]
    [C:\WINNT\system32\MSCTF.dll]  [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
    [C:\WINNT\system32\winabc.ime]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 2380][C:\WINNT\system32\notepad.exe]  [Microsoft Corporation, 5.00.2140.1]
    [C:\Program Files\TENCENT\Adplus\Adplus.dll]  [Tencent, 4, 5, 1, 15]
    [C:\WINNT\system32\MSCTF.dll]  [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
    [C:\WINNT\system32\winabc.ime]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 1804][C:\WINNT\system32\notepad.exe]  [Microsoft Corporation, 5.00.2140.1]
    [C:\Program Files\TENCENT\Adplus\Adplus.dll]  [Tencent, 4, 5, 1, 15]
    [C:\WINNT\system32\MSCTF.dll]  [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
    [C:\WINNT\system32\winabc.ime]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 1932][C:\WINNT\system32\drwtsn32.exe]  [Microsoft Corporation, 5.00.2195.6699]
    [C:\WINNT\system32\MSCTF.dll]  [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
    [C:\WINNT\system32\winabc.ime]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\mui\fallback\0804\msctf.dll.mui]  [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
[PID: 380][C:\WINNT\system32\drwtsn32.exe]  [Microsoft Corporation, 5.00.2195.6699]
    [C:\WINNT\system32\MSCTF.dll]  [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
    [C:\WINNT\system32\winabc.ime]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\mui\fallback\0804\msctf.dll.mui]  [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
[PID: 2488][C:\WINNT\system32\notepad.exe]  [Microsoft Corporation, 5.00.2140.1]
    [C:\WINNT\system32\MSCTF.dll]  [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
    [C:\WINNT\system32\winabc.ime]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 2568][C:\WINNT\explorer.exe]  [Microsoft Corporation, 5.00.3700.6690]
    [C:\WINNT\AppPatch\AcLayers.DLL]  [Microsoft Corporation, 5.00.2195.6717]
    [C:\WINNT\system32\MSCTF.dll]  [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
    [C:\WINNT\system32\winabc.ime]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\system32\AcSignIcon.dll]  [Autodesk, 16.1.63.0]
    [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll]  [Autodesk, 16.1.63.0]
    [C:\WINNT\mui\fallback\0804\msctf.dll.mui]  [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
    [C:\WINNT\system32\msimtf.dll]  [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
    [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
    [C:\WINNT\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\cmdbcs.dll]  [N/A, ]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [F:\PROGRA~1\FLASHGET\jccatch.dll]  [FlashGet, 1, 1, 5, 0]
    [C:\WINNT\system32\msadp32.acm]  [Microsoft Corporation, 5.00.2134.1]
    [C:\Program Files\TENCENT\Adplus\SSAddr.dll]  [Tencent, 4, 4, 3, 30]
    [C:\Program Files\Microsoft Office\Office10\msohev.dll]  [Microsoft Corporation, 10.0.2609]
[PID: 2456][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2800.1106]
    [C:\WINNT\system32\MSCTF.dll]  [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
    [C:\WINNT\system32\winabc.ime]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\system32\AcSignIcon.dll]  [Autodesk, 16.1.63.0]
    [E:\QQDownload\QQIEHelper02.dll]  [腾讯公司, 1, 1, 0, 5]
    [C:\Program Files\TENCENT\Adplus\SSAddr.dll]  [Tencent, 4, 4, 3, 30]
    [F:\PROGRA~1\FLASHGET\jccatch.dll]  [FlashGet, 1, 1, 5, 0]
    [E:\QQ\QQIEHelper.dll]  [深圳市腾讯计算机系统有限公司, 1, 1, 0, 5]
    [F:\PROGRA~1\FLASHGET\getflash.dll]  [, 1, 0, 0, 1]
    [C:\WINNT\mui\fallback\0804\msctf.dll.mui]  [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINNT\system32\msimtf.dll]  [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
    [C:\Program Files\Microsoft Office\Office10\msohev.dll]  [Microsoft Corporation, 10.0.2609]
    [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
    [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\msadp32.acm]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\WINNT\system32\winsp.ime]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\system32\winzm.ime]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 2300][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2800.1106]
    [C:\WINNT\system32\MSCTF.dll]  [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
    [C:\WINNT\system32\winabc.ime]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\system32\AcSignIcon.dll]  [Autodesk, 16.1.63.0]
    [E:\QQDownload\QQIEHelper02.dll]  [腾讯公司, 1, 1, 0, 5]
    [C:\Program Files\TENCENT\Adplus\SSAddr.dll]  [Tencent, 4, 4, 3, 30]
    [F:\PROGRA~1\FLASHGET\jccatch.dll]  [FlashGet, 1, 1, 5, 0]
    [E:\QQ\QQIEHelper.dll]  [深圳市腾讯计算机系统有限公司, 1, 1, 0, 5]
    [F:\PROGRA~1\FLASHGET\getflash.dll]  [, 1, 0, 0, 1]
    [C:\WINNT\mui\fallback\0804\msctf.dll.mui]  [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINNT\system32\msimtf.dll]  [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
    [C:\Program Files\Microsoft Office\Office10\msohev.dll]  [Microsoft Corporation, 10.0.2609]
    [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
    [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\msadp32.acm]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\winsp.ime]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\system32\winzm.ime]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 2236][C:\WINNT\system32\NOTEPAD.EXE]  [Microsoft Corporation, 5.00.2140.1]
    [C:\WINNT\system32\MSCTF.dll]  [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
    [C:\WINNT\mui\fallback\0804\msctf.dll.mui]  [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
    [C:\WINNT\system32\AcSignIcon.dll]  [Autodesk, 16.1.63.0]
[PID: 1516][D:\121\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\WINNT\system32\MSCTF.dll]  [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
    [C:\WINNT\mui\fallback\0804\msctf.dll.mui]  [Microsoft Corporation, 1.00.2409.8 built by: Lab06_N]
    [C:\WINNT\system32\AcSignIcon.dll]  [Autodesk, 16.1.63.0]

文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost
127.0.0.1      mmm.caifu18.net
127.0.0.1      www.18dmm.com
127.0.0.1      d.qbbd.com
127.0.0.1      www.5117music.com
127.0.0.1      www.union123.com
127.0.0.1      www.wu7x.cn
127.0.0.1      www.54699.com
127.0.0.1      60.169.0.66
127.0.0.1      60.169.1.29
127.0.0.1      www.97725.com
127.0.0.1      down.97725.com
127.0.0.1      ip.315hack.com
127.0.0.1      ip.54liumang.com
127.0.0.1      www.41ip.com
127.0.0.1      xulao.com
127.0.0.1      www.heixiou.com
127.0.0.1      www.9cyy.com
127.0.0.1      www.hunll.com
127.0.0.1      www.down.hunll.com
127.0.0.1      do.77276.com
127.0.0.1      www.baidulink.com
127.0.0.1      adnx.yygou.cn
127.0.0.1      222.73.220.45
127.0.0.1      www.f5game.com
127.0.0.1      www.guazhan.cn
127.0.0.1      wm,103715.com
127.0.0.1      www.my6688.cn
127.0.0.1      i.96981.com
127.0.0.1      d.77276.com
127.0.0.1      www1.cw988.cn
127.0.0.1      cool.47555.com
127.0.0.1      www.asdwc.com
127.0.0.1      55880.cn
127.0.0.1      61.152.169.234
127.0.0.1      cc.wzxqy.com
127.0.0.1      www.54699.com
127.0.0.1      t.gcuj.com
127.0.0.1      www.puma163.com
127.0.0.1      ceoww.com

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

SRENG中
删除注册表
<QQDownload><"E:\QQDownload\QQDownload.exe" autostart> [N/A]
<uu2buk1><C:\DOCUME~1\admin\LOCALS~1\Temp\iexpl0re.exe> []
<TkBellExe><; "realsched.exe" -osboot> [N/A]
停止并删除服务
[TCP/IP Check / Hello Download][Stopped/Auto Start]
<C:\Program Files\Common Files\System\wab32res.exe><N/A>
停止并删驱动（要慎重）
[New0 / New0][Running/Auto Start]
<\??\C:\WINNT\system32\new.sys><N/A>
[sptd / sptd][Running/Boot Start]
<\SystemRoot\System32\Drivers\sptd.sys><N/A>
删除（可用killbox）
C:\Program Files\Common Files\System\wab32res.exe
C:\WINNT\system32\new.sys
<\SystemRoot\System32\Drivers\sptd.sys><N/A>
最好在安全模式下操作。（可能需要先关闭系统还原）
清空HOSTS 文件，清空temp文件，晴空C:\DOCUME~1\hdd\LOCALS~1\Temp下面的所有文件。
然后用事先升级到最新版本的杀软杀毒

SRENG中
先点哪个啊
启动项目
系统修复
智能扫描
扩展

我很笨哦

【回复“樱儿乖乖”的帖子】
SRENG中
启动项--注册表
删除
<QQDownload><"E:\QQDownload\QQDownload.exe" autostart> [N/A]
<uu2buk1><C:\DOCUME~1\admin\LOCALS~1\Temp\iexpl0re.exe> []
<TkBellExe><; "realsched.exe" -osboot> [N/A]
启动项--服务--WIN32服务应用程序--钩选隐藏已认证微软服务，选中要删除的服务，钩选删除服务，点设置，选择“否”
[TCP/IP Check / Hello Download][Stopped/Auto Start]
<C:\Program Files\Common Files\System\wab32res.exe><N/A>
启动项--服务--驱动程序--钩选隐藏已认证微软项目，选中要删除的服务，钩选删除服务，点设置，选择“否”
[New0 / New0][Running/Auto Start]
<\??\C:\WINNT\system32\new.sys><N/A>
[sptd / sptd][Running/Boot Start]
<\SystemRoot\System32\Drivers\sptd.sys><N/A>
删除（可用killbox，baidu搜索一下，有很多下载的）
C:\Program Files\Common Files\System\wab32res.exe
C:\WINNT\system32\new.sys
<\SystemRoot\System32\Drivers\sptd.sys><N/A>
最好在安全模式下操作。（可能需要先关闭系统还原）
清空HOSTS 文件：SRENG--系统修复--HOSTS 文件，选这重置。
清空temp文件，晴空C:\DOCUME~1\hdd\LOCALS~1\Temp下面的所有文件。
然后用事先升级到最新版本的杀软杀毒


把以下内容保存到记事本，另存为“清除系统垃圾文件.bat”，然后双击就可以删除临时文件了。

@echo off
echo 正在清除系统垃圾文件，请稍等......
del /f /s /q %systemdrive%\*.tmp
del /f /s /q %systemdrive%\*._mp
del /f /s /q %systemdrive%\*.log
del /f /s /q %systemdrive%\*.gid
del /f /s /q %systemdrive%\*.chk
del /f /s /q %systemdrive%\*.old
del /f /s /q %systemdrive%\recycled\*.*
del /f /s /q %windir%\*.bak
del /f /s /q %windir%\prefetch\*.*
rd /s /q %windir%\temp & md %windir%\temp
del /f /q %userprofile%\cookies\*.*
del /f /q %userprofile%\recent\*.*
del /f /s /q "%userprofile%\Local Settings\Temporary Internet Files\*.*"
del /f /s /q "%userprofile%\Local Settings\Temp\*.*"
del /f /s /q "%userprofile%\recent\*.*"
echo 清除系统LJ完成！
echo. & pause

谢谢猪猪~么~