主页被www.haol23.net/?a30篡改，无法修复，桌面出现IE浏览器快捷方式样的图标，瑞星竟然找不到病毒，启动360提示“检测到360安全卫士相关域名被劫持，继续升级可能产生危险，是否机型修复？”点击修复后，提示“域名劫持修复失败，升级被自动中止。”
在系统全面诊断中，提示“诊断出您的系统有3个可修复危险相，建议您立即修复。
   
域名解析文件    域名解析文件（hosts）
域名解析文件    域名解析文件（hosts）
域名解析文件    域名解析文件（hosts）”
但是修复N遍，仍然无效。以下是360的部分诊断报告
O1 - 未知 - Host: 202.109.114.142 survey88.allyes.com
O1 - 未知 - Host: 202.109.114.142 adtaobao.allyes.com
O1 - 未知 - Host: 202.109.114.142 code.qihoo.com
O1 - 未知 - Host: 202.109.114.142 union.mop.com
O1 - 未知 - Host: 202.109.114.142 js.kkunion.com
O1 - 未知 - Host: 202.109.114.142 v.kkunion.com
O1 - 未知 - Host: 202.109.114.142 v.21cn.com
O1 - 未知 - Host: 202.109.114.142 iplusms.allyes.com
O1 - 未知 - Host: 202.109.114.142 mms.t2t2.com
O1 - 未知 - Host: 202.109.114.142 ivr.dobig.net
O1 - 未知 - Host: 202.109.114.142 www.u8u.com
O1 - 未知 - Host: 202.109.114.142 u.u8u.com
O1 - 未知 - Host: 202.109.114.142 img.zhangxiu.com
O1 - 未知 - Host: 202.109.114.142 tl.linktone.com
O1 - 未知 - Host: 202.109.114.142 channel.e78.com
O1 - 未知 - Host: 202.109.114.142 u.7town.com
O1 - 未知 - Host: 202.109.114.142 union.95ol.com.cn
O1 - 未知 - Host: 202.109.114.142 mms1.95ol.com.cn
O1 - 未知 - Host: 202.109.114.142 mfs.95ol.com.cn
O1 - 未知 - Host: 202.109.114.142 tl.a8.com
O1 - 未知 - Host: 202.109.114.142 ad01.a8.com
O1 - 未知 - Host: 202.109.114.142 u2.caiku.com
O1 - 未知 - Host: 202.109.114.142 mms.caiku.com
O1 - 未知 - Host: 202.109.114.142 code1.caiku.com
O1 - 未知 - Host: 202.109.114.142 pub.lele.com
O1 - 未知 - Host: 202.109.114.142 u.lele.com
O1 - 未知 - Host: 202.109.114.142 7town.com
O1 - 未知 - Host: 202.109.114.142 tvsend.7town.com
O1 - 未知 - Host: 202.109.114.142 ivrsend.7town.com
O1 - 未知 - Host: 202.109.114.142 tlt.7town.com
O1 - 未知 - Host: 202.109.114.142 gsend.7town.com
O1 - 未知 - Host: 202.109.114.142 smssend.7town.com
O1 - 未知 - Host: 202.109.114.142 mmssend.moyu.com
O1 - 未知 - Host: 202.109.114.142 91ivr.com
O1 - 未知 - Host: 202.109.114.142 myad.91ivr.com
O1 - 未知 - Host: 202.109.114.142 u.91ivr.com
O1 - 未知 - Host: 202.109.114.142 union.91ivr.com
O1 - 未知 - Host: 202.109.114.142 cm.p4p.cn.yahoo.com
O1 - 未知 - Host: 202.109.114.142 un.265.com
O1 - 未知 - Host: 202.109.114.142 union.qq.com
O1 - 未知 - Host: 202.109.114.142 view.aliunion.cn.yahoo.com
O1 - 未知 - Host: 202.109.114.142 union.narrowad.com
O1 - 未知 - Host: 202.109.114.142 ln.heima8.com
O1 - 未知 - Host: 202.109.114.142 www.fboat.cn
O1 - 未知 - Host: 202.109.114.142 cpro.baidu.com
O1 - 未知 - Host: 202.109.114.142 unstat.baidu.com
O1 - 未知 - Host: 202.109.114.142 y.cnxad.com
O1 - 未知 - Host: 202.109.114.142 www.ewowo.com
O1 - 未知 - Host: 202.109.114.142 template.union.163.com
O1 - 未知 - Host: 202.109.114.142 new.is686.com
O1 - 未知 - Host: 202.109.114.142 creative.unionsys.bolaa.com
O1 - 未知 - Host: 202.109.114.142 www.qyule.com
O1 - 未知 - Host: 202.109.114.142 99e.cc
O1 - 未知 - Host: 202.109.114.142 www.91ivr.com
O1 - 未知 - Host: 202.109.114.142 mg.ukaka.com
O1 - 未知 - Host: 202.109.114.142 kooxoo2.ad4all.net
O1 - 未知 - Host: 202.109.114.142 www.8fff.com
O1 - 未知 - Host: 202.109.114.142 union.pomoho.com
O1 - 未知 - Host: 202.109.114.142 202.107.233.211
O1 - 未知 - Host: 202.109.114.142 www.end123.com
O1 - 未知 - Host: 202.109.114.142 w1.7clink.com
O1 - 未知 - Host: 202.109.114.142 w2.7clink.com
O1 - 未知 - Host: 202.109.114.142 union01.com
O1 - 未知 - Host: 202.109.114.142 click.8le8le.com
O1 - 未知 - Host: 202.109.114.142 stbanner.allyes.com
O1 - 未知 - Host: 202.109.114.142 mms1.moyu.com
O1 - 未知 - Host: 202.109.114.142 u.moyu.com
…………

下载 System Repair Engineer，
http://www.kztechs.com/sreng/download.html
1 解压缩sreng2.zip
2 运行SREng.exe
3 智能扫描=》扫描=》保存报告
4 把日志中的报告完整拷贝贴上来，不要修改
如果下载后不能运行请删除已下载的,然后重新下载.下载后首先不要运行先将下载的SREng.exe重命名为SREng.com(SREng.scr\SREng.bat\SREng.pif)或者abc.exe运行.
日志一次发不完，请分次发上来

[CODE]

2007-06-13,16:26:45

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Server Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <Internat.exe><internat.exe>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <NvCplDaemon><RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <nwiz><nwiz.exe /install>  [NVIDIA Corporation]
    <RavTask><"d:\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <RfwMain><"d:\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
    <360Safetray><d:\360safe\safemon\360Tray.exe /start>  [奇虎网]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows 2000 Publisher]
    <Userinit><C:\WINNT\system32\UserInit.exe,>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINNT\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><(无)>  [N/A]

==================================
启动文件夹
[服务管理器]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\服务管理器.lnk --> C:\PROGRA~1\MICROS~3\80\Tools\Binn\sqlmangr.exe [Microsoft Corporation]><N>

==================================
服务
[3F517358 / 3F517358][Stopped/Disabled]
  <C:\WINNT\System32\D3C94718.EXE -d><Microsoft Corporation>
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Microsoft Search / MSSEARCH][Running/Auto Start]
  <"C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe"><Microsoft Corporation>
[MSSQLSERVER / MSSQLSERVER][Running/Auto Start]
  <C:\PROGRA~1\MICROS~3\MSSQL\binn\sqlservr.exe><Microsoft Corporation>
[MSSQLServerADHelper / MSSQLServerADHelper][Stopped/Manual Start]
  <C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe><Microsoft Corporation>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINNT\System32\nvsvc32.exe><NVIDIA Corporation>
[Rising Proxy  Service / RfwProxySrv][Stopped/Manual Start]
  <d:\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
  <d:\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"d:\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"d:\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[SQLSERVERAGENT / SQLSERVERAGENT][Stopped/Manual Start]
  <C:\PROGRA~1\MICROS~3\MSSQL\binn\sqlagent.exe><Microsoft Corporation>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
  <C:\WINNT\System32\svchost.exe -k netsvcs-->C:\WINNT\System32\mspmsnsv.dll><Microsoft Corporation>

==================================
驱动程序
[76000 / 76000][Stopped/Manual Start]
  <\??\C:\WINNT\System32\Drivers\75921.sys><Driver>
[Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]
  <system32\drivers\ALCXSENS.SYS><Sensaura Ltd>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[dmboot / dmboot][Stopped/Disabled]
  <System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[Intel(R) PRO/1000 Adapter Driver / E1000][Running/Manual Start]
  <System32\DRIVERS\e1000nt5.sys><Intel Corporation>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\d:\Rising\Rav\ExpScan.sys><>
[HookCont / HookCont][Running/Auto Start]
  <\??\d:\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\d:\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\d:\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\d:\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[HSFHWBS2 / HSFHWBS2][Running/Manual Start]
  <System32\DRIVERS\HSFHWBS2.sys><Conexant Systems>
[HSF_DP / HSF_DP][Running/Manual Start]
  <System32\DRIVERS\HSF_DP.sys><Conexant Systems>
[ilbnj / ilbnjw][Stopped/System Start]
  <2 - 系统找不到指定的文件。
><N/A>
[jkftn / jkftnf][Stopped/Boot Start]
  <2 - 系统找不到指定的文件。
><N/A>
[%LQKey.ServiceName% / LQKey][Stopped/Auto Start]
  <System32\Drivers\LQKey.sys><N/A>
[LQusbkey USB Driver / LQusbkey][Stopped/Manual Start]
  <System32\Drivers\LQkey.sys><N/A>
[mdmxsdk / mdmxsdk][Running/Auto Start]
  <System32\DRIVERS\mdmxsdk.sys><Conexant>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\d:\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs][Running/Auto Start]
  <\??\d:\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[nfxqc / nfxqcm][Stopped/Manual Start]
  <2 - 系统找不到指定的文件。
><N/A>
[npkcrypt / npkcrypt][Stopped/Auto Start]
  <\??\D:\Tencent\QQ\npkcrypt.sys><N/A>
[nv / nv][Running/Manual Start]
  <System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\System32\drivers\RsBoot.sys><Beijing Rising>
[RsFwDrv / RsFwDrv][Running/Auto Start]
  <\??\d:\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\System32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\d:\Rising\Rav\RSPPSYS.sys><Rising>
[StreamDispatcher / StreamDispatcher][Running/Auto Start]
  <System32\DRIVERS\strmdisp.sys><Conexant Systems>
[szwjh / szwjhk][Stopped/Manual Start]
  <2 - 系统找不到指定的文件。
><N/A>
[winachsf / winachsf][Running/Manual Start]
  <System32\DRIVERS\HSF_CNXT.sys><Conexant Systems>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <System32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>

==================================
浏览器加载项
[Flash Object Class]
  {109B111C-371B-4267-AF19-BDEB6EDA0970} <C:\WINNT\Flash9c.dll, Macromedia, Inc.>
[NavigatMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <d:\360safe\safemon\safemon.dll, >
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[@msdxmLC.dll,-1@2052,电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\System32\msdxm.ocx, Microsoft Corporation>
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <d:\360safe\live.dll, 360safe.com>
[上传到QQ网络硬盘]
  <D:\Tencent\QQ\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
  <D:\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\Tencent\QQ\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 172][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 196][\??\C:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 136][\??\C:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.00.2195.6714]
    [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
    [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
[PID: 244][C:\WINNT\system32\services.exe]  [Microsoft Corporation, 5.00.2195.6700]
    [C:\WINNT\system32\dmserver.dll]  [VERITAS Software Corp., 2195.6605.297.3]
[PID: 256][C:\WINNT\system32\lsass.exe]  [Microsoft Corporation, 5.00.2195.6695]
[PID: 408][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 480][C:\WINNT\System32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 612][C:\WINNT\system32\spoolsv.exe]  [Microsoft Corporation, 5.00.2195.6659]
    [C:\WINNT\system32\fppmon2.dll]  [FinePrint Software, LLC, 2.21]
    [C:\WINNT\system32\fppr232.dll]  [FinePrint Software, LLC, 2.21]
[PID: 640][C:\WINNT\System32\msdtc.exe]  [Microsoft Corporation, 1999.9.3421.3]
[PID: 828][d:\Rising\Rav\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
    [d:\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [d:\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 904][C:\WINNT\System32\llssrv.exe]  [Microsoft Corporation, 5.00.2195.6697]
[PID: 988][C:\PROGRA~1\MICROS~3\MSSQL\binn\sqlservr.exe]  [Microsoft Corporation, 2000.080.0760.00]
    [C:\PROGRA~1\MICROS~3\MSSQL\binn\OPENDS60.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\PROGRA~1\MICROS~3\MSSQL\binn\UMS.DLL]  [Microsoft Corporation, 2000.080.0760.00]
    [C:\PROGRA~1\MICROS~3\MSSQL\binn\SQLSORT.DLL]  [Microsoft Corporation, 2000.080.0760.00]
    [C:\PROGRA~1\MICROS~3\MSSQL\binn\Resources\2052\sqlevn70.RLL]  [Microsoft Corporation, 2000.080.0760.00]
    [C:\Program Files\Microsoft SQL Server\MSSQL\binn\SSNETLIB.dll]  [Microsoft Corporation, 2000.080.0766.00]
    [C:\Program Files\Microsoft SQL Server\MSSQL\binn\SSNMPN70.dll]  [Microsoft Corporation, 2000.080.0534.00]
    [C:\PROGRA~1\MICROS~3\MSSQL\binn\SSmsLPCn.dll]  [Microsoft Corporation, 2000.080.0760.00]
    [C:\Program Files\Microsoft SQL Server\MSSQL\binn\SQLFTQRY.DLL]  [Microsoft Corporation, 2000.080.0760.00]
    [C:\Program Files\Common Files\System\OLE DB\sqloledb.dll]  [Microsoft Corporation, 2000.081.9031.018]
    [C:\WINNT\system32\MSDART.DLL]  [Microsoft Corporation, 2.71.9031.4 built by: Lab06_N(dagbuild)]
    [C:\Program Files\Common Files\System\OLE DB\MSDATL3.dll]  [Microsoft Corporation, 2.71.9030.0 built by: Lab06_N(dagbuild)]
[PID: 1012][C:\WINNT\System32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.5303]
[PID: 1548][C:\WINNT\Explorer.EXE]  [Microsoft Corporation, 5.00.3700.6690]
    [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
    [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [D:\360safe\safemon\safemon.dll]  [, 3, 5, 0, 1001]
    [C:\WINNT\System32\nvshell.dll]  [NVIDIA Corporation, 6.14.10.5303]
    [C:\WINNT\system32\NVWRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.5303]
    [C:\WINNT\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\WINNT\system32\msadp32.acm]  [Microsoft Corporation, 5.00.2134.1]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [d:\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL]  [, ]
[PID: 1588][d:\rising\rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 72]
    [C:\WINNT\system32\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
    [d:\rising\rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
    [d:\rising\rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [d:\rising\rfw\RfwCtrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [d:\rising\rfw\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [d:\rising\rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1728][C:\Program Files\Rising\AntiSpyware\runiep.exe]  [Beijing Rising Technology Co., Ltd., 1, 0, 1, 6]
    [C:\Program Files\Rising\AntiSpyware\iep_ctrl.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1744][D:\360safe\safemon\360Tray.exe]  [奇虎网, 3, 5, 0, 1001]
    [D:\360safe\safemon\safemon.dll]  [, 3, 5, 0, 1001]
    [D:\360safe\safemon\SafeKrnl.dll]  [奇虎网, 3, 5, 0, 1001]
    [D:\360safe\AntiAdwa.dll]  [360Safe.com, 3, 5, 0, 1001]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1752][C:\WINNT\system32\internat.exe]  [Microsoft Corporation, 5.00.2920.0000]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1764][C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe]  [Microsoft Corporation, 2000.080.0760.00]
    [C:\WINNT\system32\SQLUNIRL.dll]  [Microsoft Corporation, 2000.080.0728.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\W95SCM.dll]  [Microsoft Corporation, 2000.080.0760.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLSVC.dll]  [Microsoft Corporation, 2000.080.0760.00]
    [C:\WINNT\system32\odbcbcp.dll]  [Microsoft Corporation, 2000.081.9031.038]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLRESLD.dll]  [Microsoft Corporation, 2000.080.0382.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\2052\SQLSVC.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\2052\sqlmangr.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [D:\360safe\safemon\safemon.dll]  [, 3, 5, 0, 1001]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 676][C:\Documents and Settings\Administrator\桌面\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [D:\360safe\safemon\safemon.dll]  [, 3, 5, 0, 1001]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]

==================================
文件关联
.TXT  Error. [C:\WINNT\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. [C:\WINNT\hh.exe %1]
.HLP  Error. [C:\WINNT\winhlp32.exe %1]
.INI  Error. [C:\WINNT\NOTEPAD.EXE %1]
.INF  Error. [C:\WINNT\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
202.109.114.142  survey88.allyes.com
202.109.114.142  adtaobao.allyes.com
202.109.114.142  code.qihoo.com
202.109.114.142  union.mop.com
202.109.114.142  js.kkunion.com
202.109.114.142  v.kkunion.com
202.109.114.142  v.21cn.com
202.109.114.142  iplusms.allyes.com
202.109.114.142  mms.t2t2.com
202.109.114.142  ivr.dobig.net
202.109.114.142  www.u8u.com
202.109.114.142  u.u8u.com
202.109.114.142  img.zhangxiu.com
202.109.114.142  tl.linktone.com
202.109.114.142  channel.e78.com
202.109.114.142  u.7town.com
202.109.114.142  union.95ol.com.cn
202.109.114.142  mms1.95ol.com.cn
202.109.114.142  mfs.95ol.com.cn
202.109.114.142  tl.a8.com
202.109.114.142  ad01.a8.com
202.109.114.142  u2.caiku.com
202.109.114.142  mms.caiku.com
202.109.114.142  code1.caiku.com
202.109.114.142  pub.lele.com
202.109.114.142  u.lele.com
202.109.114.142  7town.com
202.109.114.142  tvsend.7town.com
202.109.114.142  ivrsend.7town.com
202.109.114.142  tlt.7town.com
202.109.114.142  gsend.7town.com
202.109.114.142  smssend.7town.com
202.109.114.142  mmssend.moyu.com
202.109.114.142  91ivr.com
202.109.114.142  myad.91ivr.com
202.109.114.142  u.91ivr.com
202.109.114.142  union.91ivr.com
202.109.114.142  cm.p4p.cn.yahoo.com
202.109.114.142  un.265.com
202.109.114.142  union.qq.com
202.109.114.142  view.aliunion.cn.yahoo.com
202.109.114.142  union.narrowad.com
202.109.114.142  ln.heima8.com
202.109.114.142  www.fboat.cn
202.109.114.142  cpro.baidu.com
202.109.114.142  unstat.baidu.com
202.109.114.142  y.cnxad.com
202.109.114.142  www.ewowo.com
202.109.114.142  template.union.163.com
202.109.114.142  new.is686.com
202.109.114.142  creative.unionsys.bolaa.com
202.109.114.142  www.qyule.com
202.109.114.142  99e.cc
202.109.114.142  www.91ivr.com
202.109.114.142  mg.ukaka.com
202.109.114.142  kooxoo2.ad4all.net
202.109.114.142  www.8fff.com
202.109.114.142  union.pomoho.com
202.109.114.142  202.107.233.211
202.109.114.142  www.end123.com
202.109.114.142  w1.7clink.com
202.109.114.142  w2.7clink.com
202.109.114.142  union01.com
202.109.114.142  click.8le8le.com
202.109.114.142  stbanner.allyes.com
202.109.114.142  mms1.moyu.com
202.109.114.142  u.moyu.com
202.109.114.142  mmsu.moyu.com
202.109.114.142  show.moyu.com
202.109.114.142  ivrsend.moyu.com
202.109.114.142  ivru.moyu.com
202.109.114.142  ivr1.moyu.com
203.191.146.205  corep.dmcast.com
203.191.146.205  m081.dmcast.com
203.191.146.205  dcww.dmcast.com
203.191.146.205  renren.dmcast.com
203.191.146.205  files.henbang.net
203.191.146.205  bannerbox.cn
203.191.146.205  www.bannerbox.cn
203.191.146.205  action.coopen.cn
203.191.146.205  u4.sky99.cn
203.191.146.205  u1.sky99.cn
203.191.146.205  u2.sky99.cn
203.191.146.205  u3.sky99.cn
203.191.146.205  sky99.cn
203.191.146.205  u.sky99.cn
203.191.146.205  u.ete.cn
203.191.146.205  ip.alexaanywhere.com
203.191.146.205  www.365tan.com
203.191.146.205  www.winopen.cn
203.191.146.205  www.tanip.com
203.191.146.205  alexaanywhere.com
203.191.146.205  jssb.alexaanywhere.com
203.191.146.205  ns250.alexaanywhere.com
203.191.146.205  sb.alexaanywhere.com
203.191.146.205  ip.alexaanywhere.com
203.191.146.205  pop.9v.cn
203.191.146.205  xuni.myad.cn
203.191.146.205  iebar.t2t2.com
203.191.146.205  error.newcell.cn
203.191.146.205  auto.search.msn.com
203.191.146.205  cns.3721.com
203.191.146.205  seek.3721.com
203.191.146.205  name.cnnic.cn
203.191.146.205  toolsbar.kuaiso.com
203.191.146.205  www.kuaiso.com
203.191.146.205  kuaiso.com
203.191.146.205  www.copyso.com
203.191.146.205  union.copyso.com
203.191.146.205  auto.search.msn.com
203.191.146.205  ok.mop-hz.com
203.191.146.205  www.ncast.cn
203.191.146.205  www.ads3721.com
203.191.146.205  360.ads3721.com
203.191.146.205  www.maohehe.com
203.191.146.205  www.5566.net
203.191.146.205  5566.net
203.191.146.205  www.gjj.cc
203.191.146.205  gjj.cc
203.191.146.205  www.9495.com
203.191.146.205  9495.com
203.191.146.205  my123.com
203.191.146.205  www.my123.com
203.191.146.205  7b.com.cn
203.191.146.205  www.7b.com.cn
203.191.146.205  www.3567.com
203.191.146.205  3567.com
203.191.146.205  www.37021.com
203.191.146.205  37021.com
203.191.146.205  k369.com
203.191.146.205  www.k369.com
203.191.146.205  www.haourl.com
203.191.146.205  haourl.com
203.191.146.205  www.37021.net
203.191.146.205  37021.net
203.191.146.205  www.4199.com
203.191.146.205  4199.com
203.191.146.205  www.9505.com
203.191.146.205  9505.com
203.191.146.205  7939.com
203.191.146.205  www.7939.com
203.191.146.205  www.3448.com
203.191.146.205  3448.com
203.191.146.205  8925.com
203.191.146.205  www.8925.com
203.191.146.205  www.ttmp3.com
203.191.146.205  ttmp3.com
203.191.146.205  www.3tg.cn
203.191.146.205  3tg.cn
203.191.146.205  www.ttjj.com
203.191.146.205  ttjj.com
203.191.146.205  www.59178.com
203.191.146.205  59178.com
203.191.146.205  www.987654.com
203.191.146.205  987654.com
203.191.146.205  www.zhao123.com

203.191.146.205  zhao123.com
203.191.146.205  123wa.com
203.191.146.205  www.123wa.com
203.191.146.205  www.159.com
203.191.146.205  soft.159.com
203.191.146.205  www.v111.com
203.191.146.205  v111.com
203.191.146.205  www.855.com
203.191.146.205  855.com
203.191.146.205  www.wu123.com
203.191.146.205  wu123.com
203.191.146.205  www.haodx.com
203.191.146.205  haodx.com
203.191.146.205  19ku.com
203.191.146.205  www.19ku.com
203.191.146.205  www.t2t2.com
203.191.146.205  t2t2.com
203.191.146.205  www.ku8.com
203.191.146.205  ku8.com
203.191.146.205  www.v23.com
203.191.146.205  v23.com
203.191.146.205  www.51115.com
203.191.146.205  www.52.com
203.191.146.205  52.com
203.191.146.205  www.qu123.com
203.191.146.205  qu123.com
203.191.146.205  www.haokan123.com
203.191.146.205  haokan123.com
203.191.146.205  www.kan123.com
203.191.146.205  kan123.com
203.191.146.205  hang123.com
203.191.146.205  www.hang123.com
203.191.146.205  3tom.com
203.191.146.205  www.3tom.com
203.191.146.205  www.anyso.com
203.191.146.205  anyso.com
203.191.146.205  59178.com
203.191.146.205  www.59178.com
203.191.146.205  t3j4.com
203.191.146.205  www.t3j4.com
203.191.146.205  www.zh130.com
203.191.146.205  zh130.com
203.191.146.205  www.8757.com
203.191.146.205  8757.com
203.191.146.205  www.7667.com
203.191.146.205  7667.com
203.191.146.205  ie.union123.com
203.191.146.205  www.daohangtu.com
203.191.146.205  daohangtu.com
203.191.146.205  www.ld123.com
203.191.146.205  ld123.com
203.191.146.205  www.369.com
203.191.146.205  369.com
203.191.146.205  91ni.com
203.191.146.205  www.91ni.com
203.191.146.205  www.17995.com
203.191.146.205  17995.com
203.191.146.205  www.sha123.com
203.191.146.205  sha123.com
203.191.146.205  www.lethot.com
203.191.146.205  lethot.com
203.191.146.205  www.8757.com
203.191.146.205  8757.com
203.191.146.205  4533.cn
203.191.146.205  6h.com.cn
203.191.146.205  www.6h.com.cn
203.191.146.205  www.jjol.cn
203.191.146.205  jjol.cn
203.191.146.205  wangzhiku.com
203.191.146.205  www.wangzhiku.com
203.191.146.205  www.1zhan.com
203.191.146.205  1zhan.com
203.191.146.205  www.262.com
203.191.146.205  262.com
203.191.146.205  www.365.com
203.191.146.205  365.com
203.191.146.205  www.4533.cn
203.191.146.205  4533.cn
203.191.146.205  31tg.com
203.191.146.205  www.31tg.com
203.191.146.205  tomatolei.com
203.191.146.205  www.tomatolei.com
203.191.146.205  999cha.com
203.191.146.205  www.999cha.com
127.0.0.1  mmsk.cn
127.0.0.1  ikaka.com
127.0.0.1  safe.qq.com
127.0.0.1  360safe.com
127.0.0.1  bbs.360safe.com
127.0.0.1  www.mmsk.cn
127.0.0.1  www.ikaka.com
127.0.0.1  tool.ikaka.com
127.0.0.1  www.360safe.com
127.0.0.1  zs.kingsoft.com
127.0.0.1  forum.ikaka.com
127.0.0.1  up.rising.com.cn
127.0.0.1  scan.kingsoft.com
127.0.0.1  kvup.jiangmin.com
127.0.0.1  reg.rising.com.cn
127.0.0.1  update.rising.com.cn
127.0.0.1  update7.jiangmin.com
127.0.0.1  download.rising.com.cn
127.0.0.1  dnl-us1.kaspersky-labs.com
127.0.0.1  dnl-us2.kaspersky-labs.com
127.0.0.1  dnl-us3.kaspersky-labs.com
127.0.0.1  dnl-us4.kaspersky-labs.com
127.0.0.1  dnl-us5.kaspersky-labs.com
127.0.0.1  dnl-us6.kaspersky-labs.com
127.0.0.1  dnl-us7.kaspersky-labs.com
127.0.0.1  dnl-us8.kaspersky-labs.com
127.0.0.1  dnl-us9.kaspersky-labs.com
127.0.0.1  dnl-us10.kaspersky-labs.com
127.0.0.1  dnl-eu1.kaspersky-labs.com
127.0.0.1  dnl-eu2.kaspersky-labs.com
127.0.0.1  dnl-eu3.kaspersky-labs.com
127.0.0.1  dnl-eu4.kaspersky-labs.com
127.0.0.1  dnl-eu5.kaspersky-labs.com
127.0.0.1  dnl-eu6.kaspersky-labs.com
127.0.0.1  dnl-eu7.kaspersky-labs.com
127.0.0.1  dnl-eu8.kaspersky-labs.com
127.0.0.1  dnl-eu9.kaspersky-labs.com
127.0.0.1  dnl-eu10.kaspersky-labs.com
203.191.146.205  www.ab365.com
203.191.146.205  ab365.com
203.191.146.205  www.5235.net
203.191.146.205  5235.net

==================================
API HOOK
入口点错误：CreateProcessA (危险等级: 一般,  被下面模块所HOOK: D:\360safe\safemon\safemon.dll)
入口点错误：CreateProcessW (危险等级: 一般,  被下面模块所HOOK: D:\360safe\safemon\safemon.dll)

==================================
隐藏进程
N/A

==================================


[/CODE]

修复HOST文件.
配合WINDOWS清理助手.

修复了，没有用，而且这个就是WINDOWS清理助手清理过的

[3F517358 / 3F517358][Stopped/Disabled]
<C:\WINNT\System32\D3C94718.EXE -d><Microsoft Corporation>

[76000 / 76000][Stopped/Manual Start]
<\??\C:\WINNT\System32\Drivers\75921.sys><Driver>
[ilbnj / ilbnjw][Stopped/System Start]
<2 - 系统找不到指定的文件。
><N/A>
[jkftn / jkftnf][Stopped/Boot Start]
<2 - 系统找不到指定的文件。
><N/A>
[nfxqc / nfxqcm][Stopped/Manual Start]
<2 - 系统找不到指定的文件。
><N/A>
[szwjh / szwjhk][Stopped/Manual Start]
<2 - 系统找不到指定的文件。
><N/A>

把这几个东西删除了。然后尝试再修复。