Logfile of HijackThis v1.99.1
Scan saved at 7:20:06, on 2007-1-31
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\CNNIC\Cdn\cdnup.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\winstall.exe
C:\WINDOWS\System32\wuauclt.exe
C:\HEROSOFT\Hero3000\STHSDVD.EXE
C:\HEROSOFT\Hero3000\AuthReg.exe
C:\HEROSOFT\Hero3000\STHSDVD.EXE
C:\HEROSOFT\Hero3000\AuthReg.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\HEROSOFT\Hero3000\STHSDVD.EXE
C:\HEROSOFT\Hero3000\AuthReg.exe
C:\HEROSOFT\Hero3000\STHSDVD.EXE
C:\HEROSOFT\Hero3000\AuthReg.exe
C:\HEROSOFT\Hero3000\STHSDVD.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\conime.exe
C:\Documents and Settings\王峥\桌面\usrinit.exe
C:\WINDOWS\AutoUp.exe
C:\Program Files\Tencent\TT\TTraveler.exe
E:\zhai\hijackthis\HijackThis.exe

O1 - Hosts: 202.109.114.142 survey88.allyes.com
O1 - Hosts: 202.109.114.142 adtaobao.allyes.com
O1 - Hosts: 202.109.114.142 code.qihoo.com
O1 - Hosts: 202.109.114.142 union.mop.com
O1 - Hosts: 202.109.114.142 js.kkunion.com
O1 - Hosts: 202.109.114.142 v.kkunion.com
O1 - Hosts: 202.109.114.142 v.21cn.com
O1 - Hosts: 202.109.114.142 iplusms.allyes.com
O1 - Hosts: 202.109.114.142 mms.t2t2.com
O1 - Hosts: 202.109.114.142 ivr.dobig.net
O1 - Hosts: 202.109.114.142 www.u8u.com
O1 - Hosts: 202.109.114.142 u.u8u.com
O1 - Hosts: 202.109.114.142 img.zhangxiu.com
O1 - Hosts: 202.109.114.142 tl.linktone.com
O1 - Hosts: 202.109.114.142 channel.e78.com
O1 - Hosts: 202.109.114.142 u.7town.com
O1 - Hosts: 202.109.114.142 union.95ol.com.cn
O1 - Hosts: 202.109.114.142 mms1.95ol.com.cn
O1 - Hosts: 202.109.114.142 mfs.95ol.com.cn
O1 - Hosts: 202.109.114.142 tl.a8.com
O1 - Hosts: 202.109.114.142 ad01.a8.com
O1 - Hosts: 202.109.114.142 u2.caiku.com
O1 - Hosts: 202.109.114.142 mms.caiku.com
O1 - Hosts: 202.109.114.142 code1.caiku.com
O1 - Hosts: 202.109.114.142 pub.lele.com
O1 - Hosts: 202.109.114.142 u.lele.com
O1 - Hosts: 202.109.114.142 7town.com
O1 - Hosts: 202.109.114.142 tvsend.7town.com
O1 - Hosts: 202.109.114.142 ivrsend.7town.com
O1 - Hosts: 202.109.114.142 tlt.7town.com
O1 - Hosts: 202.109.114.142 gsend.7town.com
O1 - Hosts: 202.109.114.142 smssend.7town.com
O1 - Hosts: 202.109.114.142 mmssend.moyu.com
O1 - Hosts: 202.109.114.142 91ivr.com
O1 - Hosts: 202.109.114.142 myad.91ivr.com
O1 - Hosts: 202.109.114.142 u.91ivr.com
O1 - Hosts: 202.109.114.142 union.91ivr.com
O1 - Hosts: 202.109.114.142 cm.p4p.cn.yahoo.com
O1 - Hosts: 202.109.114.142 un.265.com
O1 - Hosts: 202.109.114.142 union.qq.com
O1 - Hosts: 202.109.114.142 view.aliunion.cn.yahoo.com
O1 - Hosts: 202.109.114.142 union.narrowad.com
O1 - Hosts: 202.109.114.142 ln.heima8.com
O1 - Hosts: 202.109.114.142 www.fboat.cn
O1 - Hosts: 202.109.114.142 cpro.baidu.com
O1 - Hosts: 202.109.114.142 unstat.baidu.com
O1 - Hosts: 202.109.114.142 y.cnxad.com
O1 - Hosts: 202.109.114.142 www.ewowo.com
O1 - Hosts: 202.109.114.142 template.union.163.com
O1 - Hosts: 202.109.114.142 new.is686.com
O1 - Hosts: 202.109.114.142 creative.unionsys.bolaa.com
O1 - Hosts: 202.109.114.142 www.qyule.com
O1 - Hosts: 202.109.114.142 99e.cc
O1 - Hosts: 202.109.114.142 www.91ivr.com
O1 - Hosts: 202.109.114.142 mg.ukaka.com
O1 - Hosts: 202.109.114.142 kooxoo2.ad4all.net
O1 - Hosts: 202.109.114.142 www.8fff.com
O1 - Hosts: 202.109.114.142 union.pomoho.com
O1 - Hosts: 202.109.114.142 202.107.233.211
O1 - Hosts: 202.109.114.142 www.end123.com
O1 - Hosts: 202.109.114.142 w1.7clink.com
O1 - Hosts: 202.109.114.142 w2.7clink.com
O1 - Hosts: 202.109.114.142 union01.com
O1 - Hosts: 202.109.114.142 click.8le8le.com
O1 - Hosts: 202.109.114.142 stbanner.allyes.com
O1 - Hosts: 202.109.114.142 mms1.moyu.com
O1 - Hosts: 202.109.114.142 u.moyu.com
O1 - Hosts: 202.109.114.142 mmsu.moyu.com
O1 - Hosts: 202.109.114.142 show.moyu.com
O1 - Hosts: 202.109.114.142 ivrsend.moyu.com
O1 - Hosts: 202.109.114.142 ivru.moyu.com
O1 - Hosts: 202.109.114.142 ivr1.moyu.com
O1 - Hosts: 203.191.146.205 corep.dmcast.com
O1 - Hosts: 203.191.146.205 m081.dmcast.com
O1 - Hosts: 203.191.146.205 dcww.dmcast.com
O1 - Hosts: 203.191.146.205 renren.dmcast.com
O1 - Hosts: 203.191.146.205 files.henbang.net
O1 - Hosts: 203.191.146.205 bannerbox.cn
O1 - Hosts: 203.191.146.205 www.bannerbox.cn
O1 - Hosts: 203.191.146.205 action.coopen.cn
O1 - Hosts: 203.191.146.205 u4.sky99.cn
O1 - Hosts: 203.191.146.205 u1.sky99.cn
O1 - Hosts: 203.191.146.205 u2.sky99.cn
O1 - Hosts: 203.191.146.205 u3.sky99.cn
O1 - Hosts: 203.191.146.205 sky99.cn
O1 - Hosts: 203.191.146.205 u.sky99.cn
O1 - Hosts: 203.191.146.205 u.ete.cn
O1 - Hosts: 203.191.146.205 ip.alexaanywhere.com
O1 - Hosts: 203.191.146.205 www.365tan.com
O1 - Hosts: 203.191.146.205 www.winopen.cn
O1 - Hosts: 203.191.146.205 www.tanip.com
O1 - Hosts: 203.191.146.205 alexaanywhere.com
O1 - Hosts: 203.191.146.205 jssb.alexaanywhere.com
O1 - Hosts: 203.191.146.205 ns250.alexaanywhere.com
O1 - Hosts: 203.191.146.205 sb.alexaanywhere.com
O1 - Hosts: 203.191.146.205 ip.alexaanywhere.com
O1 - Hosts: 203.191.146.205 pop.9v.cn
O1 - Hosts: 203.191.146.205 xuni.myad.cn
O1 - Hosts: 203.191.146.205 iebar.t2t2.com
O1 - Hosts: 203.191.146.205 error.newcell.cn
O1 - Hosts: 203.191.146.205 auto.search.msn.com
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll
O2 - BHO: SafeMe Internet Explorer Helper - {3AE06CEE-58A6-4F5F-AF89-6C5350842F16} - C:\WINDOWS\System32\SafeHelper12.dll
O2 - BHO: vvlc - {3DFA6D49-2DBC-4853-BE55-0F035CF331ED} - C:\PROGRA~1\COMMON~1\bbul\ffvp.dll
O2 - BHO: ui Class - {4CEB0B7C-0729-412b-8627-0088FB4F6D9F} - C:\WINDOWS\System32\BHO04.dll
O2 - BHO: IEInit Class - {5B02EBA1-EFDD-477D-A37F-05383165C9C0} - C:\WINDOWS\System32\drivers\usrinit.dll
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll (file missing)
O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\vision\vision.dll
O2 - BHO: BHOHelper Class - {67A90DD5-128D-43AB-B97C-565D2DD42A28} - C:\Program Files\adx\atloader.dll
O2 - BHO: BHOHelper Class - {67A90DD6-128D-43AB-B97C-565D2DD42A28} - C:\Program Files\adx\atloader.dll
O2 - BHO: Fav Manager - {CD8BFE70-5809-4C73-9EEE-E5672C2B79D7} - C:\Program Files\Deepdo\DeepdoBar\Favorite\FavBlock.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [adx.exe] C:\Program Files\adx\adx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [KpopMon] ; C:\KAV6\KPopMon.EXE
O4 - HKCU\..\Run: [MsnMsgr] ; "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ravshell] C:\WINDOWS\System32\explore3.exe
O4 - HKCU\..\Run: [myZt2] C:\DOCUME~1\王峥\LOCALS~1\Temp\Zt2\SVCH0ST.EXE
O4 - HKCU\..\Run: [myZt3] C:\DOCUME~1\王峥\LOCALS~1\Temp\zt3\SVCHQST.EXE
O4 - HKCU\..\Run: [SyztMy] C:\WINDOWS\System32\expiorer.exe
O4 - HKCU\..\Run: [8hh1urtkit50x6y] C:\WINDOWS\iexpl0re.exe
O4 - HKCU\..\Run: [6tqbxg] C:\WINDOWS\iexp1ore.exe
O4 - HKCU\..\Run: [mhy04i44] C:\WINDOWS\system.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O8 - Extra context menu item: >>彩信发送<< - res://C:\PROGRA~1\vision\vision.dll/mms.htm
O8 - Extra context menu item: 使用影音传送带下载 - D:\tools\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: 使用影音传送带下载全部链接 - D:\tools\NetTransport 2\NTAddList.html
O8 - Extra context menu item: 用比特精灵下载(&B) - E:\网络下载\BitSpirit\bsurl.htm
O8 - Extra context menu item: 访问通用网址 - C:\Program Files\CNNIC\Cdn\cnnic.htm
O9 - Extra button: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll (file missing)
O9 - Extra 'Tools' menuitem: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll (file missing)
O9 - Extra button: 雅虎WIDGET - {6354ABE6-05F1-49ed-B850-E423120EC338} - http://cn.widget.yahoo.com/index.htm?source=Cns (file missing)
O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\vision\vision.dll
O9 - Extra 'Tools' menuitem: 彩E精灵设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\vision\vision.dll
O11 - Options group: [CDNCLIENT]  中文上网
O16 - DPF: {ABA7CC7F-019D-47DB-A0D2-B3C2B3AC1B44} (Fc2Boot Class) - http://h5.kele8.com/onet/ActiveX/fc2boot.cab
O16 - DPF: {BE9535B7-76FB-4572-AD20-B32BADB3643B} (TV Stream Source) - http://image2.sina.com.cn/cctv/Chaos203b.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E204A8FA-0730-43B8-AFD0-11DF2D46553D}: NameServer = 202.102.152.3 202.102.154.3
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: webwork - {4C611512-2C1D-44b2-A044-872AD2AD5A61} - C:\WINDOWS\webwork\webwork.dll

用任务管理器结束以下进程：
RUNDLL32.EXE
rundll32.exe
cdnup.exe
winstall.exe
AutoUp.exe


用HiJackThis修复以下选项：
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll
O2 - BHO: SafeMe Internet Explorer Helper - {3AE06CEE-58A6-4F5F-AF89-6C5350842F16} - C:\WINDOWS\System32\SafeHelper12.dll
O2 - BHO: vvlc - {3DFA6D49-2DBC-4853-BE55-0F035CF331ED} - C:\PROGRA~1\COMMON~1\bbul\ffvp.dll
O2 - BHO: ui Class - {4CEB0B7C-0729-412b-8627-0088FB4F6D9F} - C:\WINDOWS\System32\BHO04.dll
O2 - BHO: IEInit Class - {5B02EBA1-EFDD-477D-A37F-05383165C9C0} - C:\WINDOWS\System32\drivers\usrinit.dll
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll (file missing)
O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\vision\vision.dll
O2 - BHO: BHOHelper Class - {67A90DD5-128D-43AB-B97C-565D2DD42A28} - C:\Program Files\adx\atloader.dll
O2 - BHO: BHOHelper Class - {67A90DD6-128D-43AB-B97C-565D2DD42A28} - C:\Program Files\adx\atloader.dll
O2 - BHO: Fav Manager - {CD8BFE70-5809-4C73-9EEE-E5672C2B79D7} - C:\Program Files\Deepdo\DeepdoBar\Favorite\FavBlock.dll


O4 - HKLM\..\Run: [adx.exe] C:\Program Files\adx\adx.exe
O4 - HKCU\..\Run: [ravshell] C:\WINDOWS\System32\explore3.exe
O4 - HKCU\..\Run: [myZt2] C:\DOCUME~1\王峥\LOCALS~1\Temp\Zt2\SVCH0ST.EXE
O4 - HKCU\..\Run: [myZt3] C:\DOCUME~1\王峥\LOCALS~1\Temp\zt3\SVCHQST.EXE
O4 - HKCU\..\Run: [SyztMy] C:\WINDOWS\System32\expiorer.exe
O4 - HKCU\..\Run: [8hh1urtkit50x6y] C:\WINDOWS\iexpl0re.exe
O4 - HKCU\..\Run: [6tqbxg] C:\WINDOWS\iexp1ore.exe
O4 - HKCU\..\Run: [mhy04i44] C:\WINDOWS\system.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe

然后打开C:\Windows\System32\Drivers\etc\hosts文件，删除以下项：
O1 - Hosts: 202.109.114.142 survey88.allyes.com
O1 - Hosts: 202.109.114.142 adtaobao.allyes.com
O1 - Hosts: 202.109.114.142 code.qihoo.com
O1 - Hosts: 202.109.114.142 union.mop.com
O1 - Hosts: 202.109.114.142 js.kkunion.com
O1 - Hosts: 202.109.114.142 v.kkunion.com
O1 - Hosts: 202.109.114.142 v.21cn.com
O1 - Hosts: 202.109.114.142 iplusms.allyes.com
O1 - Hosts: 202.109.114.142 mms.t2t2.com
O1 - Hosts: 202.109.114.142 ivr.dobig.net
O1 - Hosts: 202.109.114.142 www.u8u.com
O1 - Hosts: 202.109.114.142 u.u8u.com
O1 - Hosts: 202.109.114.142 img.zhangxiu.com
O1 - Hosts: 202.109.114.142 tl.linktone.com
O1 - Hosts: 202.109.114.142 channel.e78.com
O1 - Hosts: 202.109.114.142 u.7town.com
O1 - Hosts: 202.109.114.142 union.95ol.com.cn
O1 - Hosts: 202.109.114.142 mms1.95ol.com.cn
O1 - Hosts: 202.109.114.142 mfs.95ol.com.cn
O1 - Hosts: 202.109.114.142 tl.a8.com
O1 - Hosts: 202.109.114.142 ad01.a8.com
O1 - Hosts: 202.109.114.142 u2.caiku.com
O1 - Hosts: 202.109.114.142 mms.caiku.com
O1 - Hosts: 202.109.114.142 code1.caiku.com
O1 - Hosts: 202.109.114.142 pub.lele.com
O1 - Hosts: 202.109.114.142 u.lele.com
O1 - Hosts: 202.109.114.142 7town.com
O1 - Hosts: 202.109.114.142 tvsend.7town.com
O1 - Hosts: 202.109.114.142 ivrsend.7town.com
O1 - Hosts: 202.109.114.142 tlt.7town.com
O1 - Hosts: 202.109.114.142 gsend.7town.com
O1 - Hosts: 202.109.114.142 smssend.7town.com
O1 - Hosts: 202.109.114.142 mmssend.moyu.com
O1 - Hosts: 202.109.114.142 91ivr.com
O1 - Hosts: 202.109.114.142 myad.91ivr.com
O1 - Hosts: 202.109.114.142 u.91ivr.com
O1 - Hosts: 202.109.114.142 union.91ivr.com
O1 - Hosts: 202.109.114.142 cm.p4p.cn.yahoo.com
O1 - Hosts: 202.109.114.142 un.265.com
O1 - Hosts: 202.109.114.142 union.qq.com
O1 - Hosts: 202.109.114.142 view.aliunion.cn.yahoo.com
O1 - Hosts: 202.109.114.142 union.narrowad.com
O1 - Hosts: 202.109.114.142 ln.heima8.com
O1 - Hosts: 202.109.114.142 www.fboat.cn
O1 - Hosts: 202.109.114.142 cpro.baidu.com
O1 - Hosts: 202.109.114.142 unstat.baidu.com
O1 - Hosts: 202.109.114.142 y.cnxad.com
O1 - Hosts: 202.109.114.142 www.ewowo.com
O1 - Hosts: 202.109.114.142 template.union.163.com
O1 - Hosts: 202.109.114.142 new.is686.com
O1 - Hosts: 202.109.114.142 creative.unionsys.bolaa.com
O1 - Hosts: 202.109.114.142 www.qyule.com
O1 - Hosts: 202.109.114.142 99e.cc
O1 - Hosts: 202.109.114.142 www.91ivr.com
O1 - Hosts: 202.109.114.142 mg.ukaka.com
O1 - Hosts: 202.109.114.142 kooxoo2.ad4all.net
O1 - Hosts: 202.109.114.142 www.8fff.com
O1 - Hosts: 202.109.114.142 union.pomoho.com
O1 - Hosts: 202.109.114.142 202.107.233.211
O1 - Hosts: 202.109.114.142 www.end123.com
O1 - Hosts: 202.109.114.142 w1.7clink.com
O1 - Hosts: 202.109.114.142 w2.7clink.com
O1 - Hosts: 202.109.114.142 union01.com
O1 - Hosts: 202.109.114.142 click.8le8le.com
O1 - Hosts: 202.109.114.142 stbanner.allyes.com
O1 - Hosts: 202.109.114.142 mms1.moyu.com
O1 - Hosts: 202.109.114.142 u.moyu.com
O1 - Hosts: 202.109.114.142 mmsu.moyu.com
O1 - Hosts: 202.109.114.142 show.moyu.com
O1 - Hosts: 202.109.114.142 ivrsend.moyu.com
O1 - Hosts: 202.109.114.142 ivru.moyu.com
O1 - Hosts: 202.109.114.142 ivr1.moyu.com
O1 - Hosts: 203.191.146.205 corep.dmcast.com
O1 - Hosts: 203.191.146.205 m081.dmcast.com
O1 - Hosts: 203.191.146.205 dcww.dmcast.com
O1 - Hosts: 203.191.146.205 renren.dmcast.com
O1 - Hosts: 203.191.146.205 files.henbang.net
O1 - Hosts: 203.191.146.205 bannerbox.cn
O1 - Hosts: 203.191.146.205 www.bannerbox.cn
O1 - Hosts: 203.191.146.205 action.coopen.cn
O1 - Hosts: 203.191.146.205 u4.sky99.cn
O1 - Hosts: 203.191.146.205 u1.sky99.cn
O1 - Hosts: 203.191.146.205 u2.sky99.cn
O1 - Hosts: 203.191.146.205 u3.sky99.cn
O1 - Hosts: 203.191.146.205 sky99.cn
O1 - Hosts: 203.191.146.205 u.sky99.cn
O1 - Hosts: 203.191.146.205 u.ete.cn
O1 - Hosts: 203.191.146.205 ip.alexaanywhere.com
O1 - Hosts: 203.191.146.205 www.365tan.com
O1 - Hosts: 203.191.146.205 www.winopen.cn
O1 - Hosts: 203.191.146.205 www.tanip.com
O1 - Hosts: 203.191.146.205 alexaanywhere.com
O1 - Hosts: 203.191.146.205 jssb.alexaanywhere.com
O1 - Hosts: 203.191.146.205 ns250.alexaanywhere.com
O1 - Hosts: 203.191.146.205 sb.alexaanywhere.com
O1 - Hosts: 203.191.146.205 ip.alexaanywhere.com
O1 - Hosts: 203.191.146.205 pop.9v.cn
O1 - Hosts: 203.191.146.205 xuni.myad.cn
O1 - Hosts: 203.191.146.205 iebar.t2t2.com
O1 - Hosts: 203.191.146.205 error.newcell.cn
O1 - Hosts: 203.191.146.205 auto.search.msn.com


做完以上步骤后，重启计算机，然后下载SREng，将智能扫描日志传上来，下载地址：http://www.kztechs.com/sreng/download.html

相当的谢谢了

[CODE]

2007-02-04,23:16:44

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 1 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <KpopMon><; C:\KAV6\KPopMon.EXE>  [N/A]
    <MsnMsgr><; "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background>  [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <MSConfig><C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto>  [(Verified)Microsoft Corporation]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <CheckFaultKernel><C:\WINDOWS\System32\mswdm.exe>  [N/A]
    <usrinit><C:\Documents and Settings\王峥\桌面\usrinit.exe>  [N/A]
    <WinAutoUp><C:\WINDOWS\AutoUp.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll>  [Anti-Malware Development a.s.]
    <{1A404685-7563-4d02-B0F6-58B308A406A9}><c:\program files\d-tools\toaxbamo.dll>  [N/A]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <webwork><C:\WINDOWS\webwork\webwork.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <1fq><; C:\WINDOWS\iexpl0re.exe>  [N/A]
    <6ff><; C:\WINDOWS\iexp1ore.exe>  [N/A]
    <adx.exe><; C:\Program Files\adx\adx.exe>  [Microsoft Corporation]
    <CdnCtr><; C:\Program Files\CNNIC\Cdn\cdnup.exe>  [N/A]
    <cmdbcs><; C:\WINDOWS\cmdbcs.exe>  [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><; C:\WINDOWS\System32\ctfmon.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <DAEMON Tools-1033><; "C:\Program Files\D-Tools\daemon.exe"  -lang 1033>  [VeNoM386 and SwENSkE]
    <Desktop><; C:\WINDOWS\System32\rundll32.exe "C:\Program Files\DeskAdTop\Run.dll" ,Rundll>  [N/A]
    <IEBarUp><; RunDll32 "C:\WINDOWS\System32\IeBar1.dll",Run>  [N/A]
    <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <jt0wywlmqbb157v><; C:\WINDOWS\iexpiore.exe>  [N/A]
    <KernelFaultCheck><; %systemroot%\system32\dumprep 0 -k>  [N/A]
    <LoadIE><; C:\WINDOWS\rund1132.exe>  [N/A]
    <msccrt><; C:\WINDOWS\msccrt.exe>  [N/A]
    <PHIME2002A><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <RavMon><; C:\Program Files\rising\rav\RavMon.exe>  [N/A]
    <RavTask><; "E:\网络下载\下载程序\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <RavTimer><; C:\Program Files\rising\rav\RavTimer.exe>  [N/A]
    <rfw><; C:\Program Files\rising\Rfw\Rfw.exe>  [N/A]
    <RfwMain><; "E:\网络下载\下载程序\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <runeip><; C:\Program Files\Rising\AntiSpyware\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
    <StormCodec_Helper><; "E:\网络下载\下载程序\Storm Codec\StormSet.exe" /S /opti>  [N/A]
    <STTVUpdate><; E:\网络下载\下载程序\STTVUpdate.exe "check">  [N/A]
    <Super Rabbit SRRestore><; E:\网络下载\MagicSet\srrest.exe /autosave>  [Super Rabbit Soft]
    <sysExp><; C:\WINDOWS\System32\SysExp.exe>  [N/A]
    <System><; C:\Program Files\Common Files\System\Updaterun.exe>  [N/A]
    <TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <v3><; C:\WINDOWS\alga.exe>  [N/A]
    <WindowsXP><; C:\DOCUME~1\王峥\LOCALS~1\Temp\ms.exe>  [N/A]
    <wlzs><; C:\WINDOWS\TEMP\wlzs.exe>  [N/A]

==================================
启动文件夹
N/A

==================================
服务
[Adobe LM Service / Adobe LM Service][Stopped/Disabled]
  <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><N/A>
[Client IP-IPX / Client IP-IPX][Stopped/Disabled]
  <"C:\WINDOWS\System32\svchosts.exe" -e te-110-12-0000338><N/A>
[ewido anti-spyware 4.0 guard / ewido anti-spyware 4.0 guard][Stopped/Disabled]
  <C:\Program Files\ewido anti-spyware 4.0\guard.exe><Anti-Malware Development a.s.>
[Volume Optimization / Investor][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\System32\zftgy.dll><Microsoft Corporation>
[Spectrum24 Events Monitor / IPRIP][Stopped/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\System32\Winamps_plugins.dll><N/A>
[Messenger / Messenger][Stopped/Disabled]
  <\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\msgsvc.dll><Microsoft Corporation>
[MRTServ / MRTServ][Stopped/Disabled]
  <C:\WINDOWS\System32\MRTServ.exe><N/A>
[Muotmmparc / Muotmmparc][Stopped/Disabled]
  <><N/A>
[Windows Install Helper / SOCEESe][Running/Auto Start]
  <C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\SMTPCONFS.DLL,Export 1087><N/A>
[Standard Update Net Service / stdupnet][Running/Auto Start]
  <C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\system32\stdupnet.dll,Service -s><Microsoft Corporation>
[Provisioning Transaction Service / ttt_13][Stopped/Disabled]
  <C:\WINDOWS\System32\win.exe><N/A>
[VisionService / VisionService][Stopped/Auto Start]
  <C:\WINDOWS\System32\rundll32.exe C:\PROGRA~1\vision\VISVER.DLL,Service><Microsoft Corporation>
[VKTServ / VKTServ][Stopped/Disabled]
  <C:\WINDOWS\System32\VKTServ.exe><N/A>
[Vsn vvof Service / vvof][Running/Auto Start]
  <C:\WINDOWS\System32\rundll32.exe C:\PROGRA~1\COMMON~1\bbul\iiys.dll,Service><Microsoft Corporation>
[Windows DHCP Service / WinDHCPsvc][Stopped/Auto Start]
  <C:\WINDOWS\System32\rundll32.exe windhcp.ocx,start><Microsoft Corporation>

驱动程序
[0000386f / 0000386f][Stopped/Boot Start]
  <\SystemRoot\System32\drivers\0000386f.SYS><N/A>
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[acpidisk / acpidisk][Running/Auto Start]
  <\??\C:\WINDOWS\System32\drivers\acpidisk.sys><N/A>
[Albus / Albus][Stopped/Boot Start]
  <\SystemRoot\System32\drivers\Albus.SYS><N/A>
[cdnprot / cdnprot][Running/Boot Start]
  <\SystemRoot\system32\drivers\cdnprot.sys><中国互联网络信息中心(CNNIC)>
[cibiegbj / cibiegbj][Stopped/System Start]
  <\??\C:\WINDOWS\system32\drivers\cibiegbj.sys><N/A>
[ewido anti-spyware 4.0 driver / ewido anti-spyware 4.0 driver][Running/System Start]
  <\??\C:\Program Files\ewido anti-spyware 4.0\guard.sys><N/A>
[hhmiukq / hhmiukq][Running/Boot Start]
  <\SystemRoot\system32\drivers\hhmiukq.sys><N/A>
[kmsinput / kmsinput][Stopped/Manual Start]
  <\??\C:\WINDOWS\System32\drivers\kmsinput.sys><N/A>
[KWatch3 / KWatch3][Running/System Start]
  <\??\C:\WINDOWS\System32\drivers\KWatch3.SYS><Kingsoft Corporation>
[New0 / New0][Running/Auto Start]
  <\??\C:\WINDOWS\System32\new.sys><N/A>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
  <System32\DRIVERS\npf.sys><CACE Technologies>
[nv / nv][Running/Manual Start]
  <System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[pbnfutt / pbnfutt][Running/Boot Start]
  <\SystemRoot\system32\drivers\pbnfutt.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[st324bus / st324bus][Running/Manual Start]
  <System32\DRIVERS\st324bus.sys><Generic>
[st324kj / st324kj][Running/Manual Start]
  <System32\DRIVERS\st324kj.sys><Generic>
[SVKP / SVKP][Running/Auto Start]
  <\??\C:\WINDOWS\System32\SVKP.sys><AntiCracking>
[uanbwau / uanbwau][Running/Boot Start]
  <\SystemRoot\system32\drivers\uanbwau.sys><N/A>
[wnxqqwx / wnxqqwx][Running/Boot Start]
  <\SystemRoot\system32\drivers\wnxqqwx.sys><N/A>

==================================
浏览器加载项
[Info cache]
  {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll, 金泰丰(广州)科技有限公司>
[vvlc]
  {3DFA6D49-2DBC-4853-BE55-0F035CF331ED} <C:\PROGRA~1\COMMON~1\bbul\ffvp.dll, >
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, N/A>
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, N/A>
[雅虎WIDGET]
  {6354ABE6-05F1-49ed-B850-E423120EC338} <http://cn.widget.yahoo.com/index.htm?source=Cns, N/A>
[MMSAssistMenu]
  {6671A433-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\vision\vision.dll, N/A>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[Fc2Boot Class]
  {ABA7CC7F-019D-47DB-A0D2-B3C2B3AC1B44} <C:\WINDOWS\Downloaded Program Files\fc2boot.dll, 北京线线通科技开发有限公司>
[TV Stream Source]
  {BE9535B7-76FB-4572-AD20-B32BADB3643B} <C:\WINDOWS\System32\FAggr.ax, www.sina.com.cn>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[ADXAutoLive]
  {E5212436-921F-44a3-8865-11C0B9BA4AF2} <C:\PROGRA~1\adx\autolive.dll, Microsoft Corporation>
[ADXAutoLive]
  {E5212437-921F-44a3-8865-11C0B9BA4AF2} <C:\Program Files\adx\autolive.dll, Microsoft Corporation>
[>>彩信发送<<]
  <res://C:\PROGRA~1\vision\vision.dll/mms.htm, N/A>
[使用影音传送带下载]
  <D:\tools\NetTransport 2\NTAddLink.html, N/A>
[使用影音传送带下载全部链接]
  <D:\tools\NetTransport 2\NTAddList.html, N/A>
[用比特精灵下载(&B)]
  <E:\网络下载\BitSpirit\bsurl.htm, N/A>
[访问通用网址]
  <C:\Program Files\CNNIC\Cdn\cnnic.htm, N/A>

==================================
正在运行的进程
[PID: 508][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 556][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 580][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.1557 (xpsp2_gdr.040517-1325)]
    [C:\WINDOWS\System32\winlib .dll]  [N/A, N/A]
    [c:\program files\d-tools\toaxbamo.dll]  [, 1, 0, 0, 11]
    [C:\WINDOWS\system32\stdstub.dll]  [MS Stdup, 1, 0, 0, 4]
    [C:\WINDOWS\system32\stdplay.dll]  [ , 1, 0, 0, 5]
[PID: 628][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 640][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 804][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 880][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1000][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1064][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1208][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.1699 (xpsp2.050610-1533)]
    [C:\WINDOWS\system32\OLFMNT40.DLL]  [Microsoft Corporation, 9.0.98.0105]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\olfpnt40.dll]  [Microsoft Corporation, 9.0.98.0105]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\vprproc.dll]  [Windows (R) 2000 DDK provider, 5.00.2195.1620]
[PID: 1460][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll]  [Anti-Malware Development a.s., 4, 0, 0, 172]
    [c:\program files\d-tools\toaxbamo.dll]  [, 1, 0, 0, 11]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
    [C:\WINDOWS\System32\pbnfutt.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\wnxqqwx.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\uanbwau.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\stdstub.dll]  [MS Stdup, 1, 0, 0, 4]
    [C:\WINDOWS\system32\stdplay.dll]  [ , 1, 0, 0, 5]
    [C:\WINDOWS\webwork\webwork.nls]  [N/A, N/A]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
    [E:\网络下载\下载程序\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\ewido anti-spyware 4.0\context.dll]  [Anti-Malware Development a.s., 4, 0, 0, 172]
    [C:\PROGRA~1\COMMON~1\bbul\ffvp.dll]  [, 1, 2, 0, 8]
[PID: 1764][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 1844][C:\WINDOWS\SYSTEM32\RUNDLL32.EXE]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1956][C:\WINDOWS\System32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\stdupnet.dll]  [ , 4, 1, 0, 3]
    [C:\WINDOWS\system32\albus.dll]  [Albus, 1, 0, 0, 3]
    [C:\WINDOWS\system32\stdstub.dll]  [MS Stdup, 1, 0, 0, 4]
    [C:\WINDOWS\system32\stdplay.dll]  [ , 1, 0, 0, 5]
    [C:\WINDOWS\system32\stdvote.dll]  [ , 1, 0, 0, 5]
[PID: 1988][C:\Program Files\CNNIC\Cdn\cdnup.exe]  [, 2, 4, 0, 6]
    [C:\WINDOWS\system32\stdstub.dll]  [MS Stdup, 1, 0, 0, 4]
    [C:\WINDOWS\system32\stdplay.dll]  [ , 1, 0, 0, 5]
[PID: 388][C:\WINDOWS\System32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 872][C:\WINDOWS\System32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\PROGRA~1\COMMON~1\bbul\iiys.dll]  [, 1, 2, 0, 8]
    [C:\WINDOWS\system32\stdstub.dll]  [MS Stdup, 1, 0, 0, 4]
    [C:\WINDOWS\system32\stdplay.dll]  [ , 1, 0, 0, 5]
[PID: 1656][C:\Documents and Settings\王峥\桌面\usrinit.exe]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\stdstub.dll]  [MS Stdup, 1, 0, 0, 4]
    [C:\WINDOWS\system32\stdplay.dll]  [ , 1, 0, 0, 5]
[PID: 1872][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3536]
    [C:\WINDOWS\system32\stdstub.dll]  [MS Stdup, 1, 0, 0, 4]
    [C:\WINDOWS\system32\stdplay.dll]  [ , 1, 0, 0, 5]
[PID: 1912][C:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\system32\stdstub.dll]  [MS Stdup, 1, 0, 0, 4]
    [C:\WINDOWS\system32\stdplay.dll]  [ , 1, 0, 0, 5]
[PID: 348][C:\WINDOWS\System32\wuauclt.exe]  [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
[PID: 1260][C:\WINDOWS\System32\wuauclt.exe]  [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
    [C:\WINDOWS\system32\stdstub.dll]  [MS Stdup, 1, 0, 0, 4]
    [C:\WINDOWS\system32\stdplay.dll]  [ , 1, 0, 0, 5]
[PID: 180][C:\Program Files\Tencent\TT\TTraveler.exe]  [腾讯公司, 2, 1, 0, 209]
    [C:\WINDOWS\system32\stdstub.dll]  [MS Stdup, 1, 0, 0, 4]
    [C:\WINDOWS\system32\stdplay.dll]  [ , 1, 0, 0, 5]
    [C:\Program Files\Tencent\TT\PersonalDesktop.dll]  [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 4]
    [E:\网络下载\下载程序\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx]  [Adobe Systems, Inc., 9,0,16,0]
[PID: 3572][C:\WINDOWS\AdsNT.exe]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\stdstub.dll]  [MS Stdup, 1, 0, 0, 4]
    [C:\WINDOWS\system32\stdplay.dll]  [ , 1, 0, 0, 5]
[PID: 2148][C:\WINDOWS\AutoUp.exe]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\stdstub.dll]  [MS Stdup, 1, 0, 0, 4]
    [C:\WINDOWS\system32\stdplay.dll]  [ , 1, 0, 0, 5]
[PID: 3120][C:\Program Files\WinRAR\WinRAR.exe]  [N/A, N/A]
    [C:\WINDOWS\system32\stdstub.dll]  [MS Stdup, 1, 0, 0, 4]
    [C:\WINDOWS\system32\stdplay.dll]  [ , 1, 0, 0, 5]
[PID: 3280][C:\DOCUME~1\王峥\LOCALS~1\Temp\Rar$EX00.332\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]
    [C:\WINDOWS\system32\stdstub.dll]  [MS Stdup, 1, 0, 0, 4]
    [C:\WINDOWS\system32\stdplay.dll]  [ , 1, 0, 0, 5]

文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  Error. [winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  Error. [超级解霸3000]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================
API HOOK
N/A

==================================


[/CODE]

附上日志了，哪位大侠在看看。

一、禁止服务
打开SREng，Boot Items(启动项)-Services(服务)->Win32 Services(WIN32服务程序)
分别选中以下每个服务，勾选Hide verified Mircosoft Items(隐藏微软项目), 然后点中Modify Start Type(修改启动类型),最后从启动类型列表中选择Disabled.做好以上步骤后，最后点设置按钮，在弹出的对话框中选Yes.
Volume Optimization / Investor
Windows Install Helper / SOCEESe
Standard Update Net Service / stdupnet
Vsn vvof Service / vvof

二、禁用驱动程序
打开SREng，启动项(Boot Items)->服务(Services)->驱动程序(Drivers)
勾选勾选隐藏已认证的微软项目(Hide verified Mircosoft Items),分别选中以下每个服务，然后点中修改启动类型(Modify Start Type),最后从启动类型列表中选择禁用(Disabled).做好以上步
骤后，最后点设置，在弹出的对话框中选Yes.
cdnprot / cdnprot
hhmiukq / hhmiukq
New0 / New0
pbnfutt / pbnfutt
SVKP / SVKP
uanbwau / uanbwau
wnxqqwx / wnxqqwx

三、删除注册表启动项
打开SREng，启动项(Boot Items)->注册表(Registry)->删除以下项目：
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<CheckFaultKernel><C:\WINDOWS\System32\mswdm.exe> [N/A]
<usrinit><C:\Documents and Settings\王峥\桌面\usrinit.exe> [N/A]
<WinAutoUp><C:\WINDOWS\AutoUp.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<1fq><; C:\WINDOWS\iexpl0re.exe> [N/A]
<6ff><; C:\WINDOWS\iexp1ore.exe> [N/A]
<adx.exe><; C:\Program Files\adx\adx.exe> [Microsoft Corporation]
<CdnCtr><; C:\Program Files\CNNIC\Cdn\cdnup.exe> [N/A]
<cmdbcs><; C:\WINDOWS\cmdbcs.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<IEBarUp><; RunDll32 "C:\WINDOWS\System32\IeBar1.dll",Run> [N/A]
<jt0wywlmqbb157v><; C:\WINDOWS\iexpiore.exe> [N/A]
<KernelFaultCheck><; %systemroot%\system32\dumprep 0 -k> [N/A]
<LoadIE><; C:\WINDOWS\rund1132.exe> [N/A]
<msccrt><; C:\WINDOWS\msccrt.exe> [N/A]
<sysExp><; C:\WINDOWS\System32\SysExp.exe> [N/A]
<System><; C:\Program Files\Common Files\System\Updaterun.exe> [N/A]
<v3><; C:\WINDOWS\alga.exe> [N/A]
<WindowsXP><; C:\DOCUME~1\王峥\LOCALS~1\Temp\ms.exe> [N/A]
<wlzs><; C:\WINDOWS\TEMP\wlzs.exe> [N/A]

四、删除浏览器加载项
打开SREng，系统修复(System Repair)->浏览器加载项(Brower Add-On),删除以下列表中项目：
[Info cache]
{385AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll, 金泰丰(广州)科技有限公司>
[vvlc]
{3DFA6D49-2DBC-4853-BE55-0F035CF331ED} <C:\PROGRA~1\COMMON~1\bbul\ffvp.dll, >
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, N/A>
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, N/A>
[MMSAssistMenu]
{6671A433-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\vision\vision.dll, N/A>
[ADXAutoLive]
{E5212436-921F-44a3-8865-11C0B9BA4AF2} <C:\PROGRA~1\adx\autolive.dll, Microsoft Corporation>
[ADXAutoLive]
{E5212437-921F-44a3-8865-11C0B9BA4AF2} <C:\Program Files\adx\autolive.dll, Microsoft Corporation>

五、重启按F8进安全模式，删除以下文件(或将它剪切到其它目录，以备出错时恢复)：
C:\WINDOWS\System32\mswdm.exe
C:\Documents and Settings\王峥\桌面\usrinit.exe
C:\WINDOWS\AutoUp.exe
C:\WINDOWS\iexpl0re.exe
C:\Program Files\adx\adx.exe
C:\Program Files\CNNIC\Cdn\cdnup.exe
C:\WINDOWS\cmdbcs.exe
C:\WINDOWS\System32\IeBar1.dll
C:\WINDOWS\iexpiore.exe
C:\WINDOWS\rund1132.exe
C:\WINDOWS\msccrt.exe
C:\WINDOWS\System32\SysExp.exe
C:\Program Files\Common Files\System\Updaterun.exe
C:\WINDOWS\alga.exe
C:\DOCUME~1\王峥\LOCALS~1\Temp\ms.exe
C:\WINDOWS\TEMP\wlzs.exe
C:\WINDOWS\system32\stdstub.dll
C:\WINDOWS\system32\stdplay.dll
C:\WINDOWS\system32\OLFMNT40.DLL
C:\PROGRA~1\COMMON~1\bbul\ffvp.dll
C:\WINDOWS\system32\stdvote.dll

由于你的问题比较多，请做完以上操作后，将不能完成的操作列出来，然后再用SREng扫描，把现象和日志贴出来。

用我的这个软件啊就是很好的avgas-setup-7.5.0.50。去我的资源博课的流行软件里下载http://httlovewlb.blog.xunlei.com