如何清除Rootkit.Torn.j和Troyan.PSW.lineage.mmd，死活杀不掉，每次杀掉，重启后又有了，看来瑞星还是菜了点，各位大侠帮忙！

2006-12-15,09:01:51

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional Service Pack 4 (Build 2195)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><ctfmon.exe>  [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <Synchronization Manager><mobsync.exe /logon>  [(Verified)Microsoft Corporation]
    <RfwMain><"d:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <RavTask><"d:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <NvCplDaemon><RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup>  [NVIDIA Corporation]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [(Verified)RealNetworks, Inc.]
    <r><C:\WINNT\down\rundll32.exe>  [N/A]
    <runeip><D:\Program Files\Rising\AntiSpyware\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINNT\system32\userinit.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{D157330A-9EF3-49F8-9A67-4141AC41ADD4}><>  [N/A]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINNT\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]

==================================
启动文件夹
[快捷方式 del$.bat]
  <C:\Documents and Settings\Star\「开始」菜单\程序\启动\快捷方式 del$.bat.lnk --> C:\del$.bat [N/A]><N>

==================================
服务
[C-DillaCdaC11BA / C-DillaCdaC11BA]
  <C:\WINNT\system32\drivers\CDAC11BA.EXE><Macrovision>
[Logical Disk Manager Administrative Service / dmadmin]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[FLEXlm server for PTC / FLEXlm server for PTC]
  <"C:\Program Files\flexnet\i486_nt\obj\lmgrd.exe"><Macrovision Corporation>
[NVIDIA Display Driver Service / NVSvc]
  <C:\WINNT\system32\nvsvc32.exe><NVIDIA Corporation>
[Rising Proxy  Service / RfwProxySrv]
  <d:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
  <d:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
  <"d:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
  <"d:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
驱动程序
[6936953 / 6936953]
  <\SystemRoot\System32\drivers\6936953.sys><北京三七二一科技有限公司>
[a0 / a0]
  <\SystemRoot\\SystemRoot\System32\drivers\6936953.sys><N/A>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Rising TDI Base Driver / BaseTDI]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[CdaC15BA / CdaC15BA]
  <\??\C:\WINNT\system32\drivers\CDAC15BA.SYS><Macrovision Europe Ltd>
[Cdr4_2K / Cdr4_2K]
  <C:\WINNT\SYSTEM32\DRIVERS\Cdr4_2K.SYS><Roxio>
[Cdralw2k / Cdralw2k]
  <C:\WINNT\SYSTEM32\DRIVERS\Cdralw2k.SYS><Roxio>
[CnsMinKP / CnsMinKP]
  <\SystemRoot\system32\drivers\CnsMinKP.sys><N/A>
[d347bus / d347bus]
  <\SystemRoot\system32\DRIVERS\d347bus.sys><>
[d347prt / d347prt]
  <\SystemRoot\System32\Drivers\d347prt.sys><>
[dmboot / dmboot]
  <System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio]
  <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload]
  <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[ExpScaner / ExpScaner]
  <\??\d:\Program Files\Rising\Rav\ExpScan.sys><>
[FXDRV / FXDRV]
  <\??\I:\Fxdrv.sys><N/A>
[GMSIPCI / GMSIPCI]
  <\??\I:\INSTALL\GMSIPCI.SYS><N/A>
[HookCont / HookCont]
  <\??\d:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg]
  <\??\d:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys]
  <\??\d:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl]
  <\??\d:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[MEMSCAN / MEMSCAN]
  <\??\d:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs]
  <\??\d:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[npkcrypt / npkcrypt]
  <\??\C:\Program Files\QQ2006\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsFwDrv / RsFwDrv]
  <\??\d:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS]
  <\??\d:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek RTL8139-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>

==================================
浏览器加载项
[Google Toolbar Helper]
  {AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[FlashGet]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <D:\PROGRA~1\FLASHGET\flashget.exe, Amaze Soft>
[访问瑞星网站]
  {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E444} <http://www.rising.com.cn/?u=RSTB, N/A>
[访问卡卡社区]
  {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E445} <http://www.ikaka.com/?u=RSTB, N/A>
[@msdxmLC.dll,-1@2052,电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
[Alexa]
  {3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B} <C:\WINNT\system32\SHDOCVW.DLL, Microsoft Corporation>
[上网助手]
  {BB936323-19FA-4521-BA29-ECA6A121BC78} <C:\PROGRA~1\3721\assist\asbar.dll, N/A>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINNT\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[&Google]
  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[ProductView Express]
  {1ED48504-8834-11D5-AC75-0008C73FD642} <C:\PROGRA~1\PRODUC~1\PVACTI~1.OCX, PTC>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[AutoLive]
  {7CA83CF1-3AEA-42D0-A4E3-1594FC6E48B2} <C:\PROGRA~1\3721\autolive.dll, N/A>
[&Google Search]
  <res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html, N/A>
[&Translate English Word]
  <res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html, N/A>
[Alexa Web Search]
  <http://client.alexa.com/holiday/script/actions/search.htm, N/A>
[Backward Links]
  <res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html, N/A>
[Cached Snapshot of Page]
  <res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html, N/A>
[Similar Pages]
  <res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html, N/A>
[Translate Page into English]
  <res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html, N/A>
[使用网际快车下载]
  <D:\PROGRA~1\FLASHGET\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <D:\PROGRA~1\FLASHGET\jc_all.htm, N/A>

==================================
正在运行的进程
[PID: 188][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 212][\??\C:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 152][\??\C:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.00.2195.6898]
[PID: 260][C:\WINNT\system32\services.exe]  [Microsoft Corporation, 5.00.2195.6700]
    [C:\WINNT\system32\dmserver.dll]  [VERITAS Software Corp., 2195.6605.297.3]
[PID: 272][C:\WINNT\system32\lsass.exe]  [Microsoft Corporation, 5.00.2195.6902]
[PID: 444][d:\program files\rising\rfw\rfwsrv.exe]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 33]
    [d:\program files\rising\rfw\RfwRule.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 13]
    [d:\program files\rising\rfw\rfwlog.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 6]
    [d:\program files\rising\rfw\Rfwdrv.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 21]
    [d:\program files\rising\rfw\psapi.dll]  [Microsoft Corporation, 4.00]
    [d:\program files\rising\rfw\MonDrv.dll]  [rs, 1, 0, 0, 4]
    [d:\program files\rising\rfw\ProcLib.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 9]
[PID: 456][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 492][d:\Program Files\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 588][C:\WINNT\system32\spoolsv.exe]  [Microsoft Corporation, 5.00.2195.6659]
    [C:\WINNT\system32\mdimon.dll]  [Microsoft Corporation, 11.3.1897.0]
    [C:\WINNT\system32\spool\PRTPROCS\W32X86\mdippr.dll]  [Microsoft Corporation, 11.3.1897.0]
[PID: 620][C:\WINNT\system32\drivers\CDAC11BA.EXE]  [Macrovision, 4.20.020]
[PID: 644][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 660][C:\Program Files\flexnet\i486_nt\obj\lmgrd.exe]  [Macrovision Corporation, 10, 8, 0, 7]
[PID: 700][C:\Program Files\flexnet\i486_nt\obj\lmgrd.exe]  [Macrovision Corporation, 10, 8, 0, 7]
[PID: 712][C:\WINNT\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.8419]
[PID: 740][C:\WINNT\system32\regsvc.exe]  [Microsoft Corporation, 5.00.2195.6701]
[PID: 756][C:\WINNT\system32\MSTask.exe]  [Microsoft Corporation, 4.71.2195.6704]
[PID: 792][C:\Program Files\flexnet\i486_nt\obj\ptc_d.exe]  [N/A, N/A]
[PID: 892][C:\WINNT\System32\WBEM\WinMgmt.exe]  [Microsoft Corporation, 1.50.1085.0100]
[PID: 948][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 996][d:\Program Files\Rising\Rav\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
    [d:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [d:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 1196][C:\WINNT\Explorer.EXE]  [Microsoft Corporation, 5.00.3700.6690]
    [C:\WINNT\system32\AcSignIcon.dll]  [Autodesk, 16.0.0.86]
    [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll]  [Autodesk, 16.0.0.86]
    [D:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
    [C:\WINNT\system32\MSCTF.dll]  [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
    [C:\WINNT\mui\fallback\0804\msctf.dll.mui]  [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
    [C:\WINNT\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
    [d:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 1372][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3760]
    [C:\WINNT\system32\AcSignIcon.dll]  [Autodesk, 16.0.0.86]
    [D:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
    [C:\WINNT\system32\MSCTF.dll]  [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
[PID: 1424][D:\Program Files\Rising\AntiSpyware\runiep.exe]  [Beijing Rising Technology Co., Ltd., 1, 0, 1, 3]
    [D:\Program Files\Rising\AntiSpyware\iep_ctrl.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
    [D:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
    [C:\WINNT\system32\MSCTF.dll]  [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
[PID: 1436][C:\WINNT\system32\ctfmon.exe]  [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
    [C:\WINNT\system32\MSCTF.dll]  [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
    [C:\WINNT\system32\MSUTB.dll]  [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
    [C:\WINNT\mui\fallback\0804\msutb.dll.mui]  [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
    [C:\WINNT\mui\fallback\0804\msctf.dll.mui]  [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
    [D:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
[PID: 1476][C:\WINNT\system32\conime.exe]  [Microsoft Corporation, 5.00.2195.6655]
    [C:\WINNT\system32\MSCTF.dll]  [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
    [D:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
[PID: 1048][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2800.1106]
    [C:\WINNT\system32\MSCTF.dll]  [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
    [C:\WINNT\system32\AcSignIcon.dll]  [Autodesk, 16.0.0.86]
    [C:\WINNT\system32\KakaTool.dll]  [Beijing Rising Technology Co., Ltd., 2, 0, 2, 5]
    [c:\program files\google\googletoolbar1.dll]  [Google Inc., 3, 0, 126, 3]
    [C:\WINNT\mui\fallback\0804\msctf.dll.mui]  [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
    [D:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
    [C:\WINNT\system32\msimtf.dll]  [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
    [d:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINNT\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSXML5.DLL]  [Microsoft Corporation, 5.00.2916.0]
    [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll]  [Autodesk, 16.0.0.86]
[PID: 1336][D:\Program Files\Rising\Rav\RsLogVw.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 12]
    [C:\WINNT\system32\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
    [d:\Program Files\Rising\Rav\RsCommx.dll]  [rising, 18, 0, 0, 1]
    [D:\Program Files\Rising\Rav\rsguilib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 28]
    [D:\Program Files\Rising\Rav\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [D:\Program Files\Rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [D:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\WINNT\system32\MSCTF.dll]  [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
    [D:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
    [C:\WINNT\mui\fallback\0804\msctf.dll.mui]  [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
    [D:\Program Files\Rising\Rav\libload.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 15]
    [D:\Program Files\Rising\Rav\VirusLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
[PID: 480][C:\Program Files\Outlook Express\msimn.exe]  [Microsoft Corporation, 6.00.2800.1106]
    [C:\WINNT\system32\MSCTF.dll]  [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
    [D:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
    [C:\WINNT\system32\msimtf.dll]  [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
    [d:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 1568][C:\Downloads\system repair engineer\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]
    [C:\WINNT\system32\MSCTF.dll]  [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
    [C:\WINNT\mui\fallback\0804\msctf.dll.mui]  [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
    [D:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
    [C:\Downloads\system repair engineer\SREng\Plugins\SRECXTMG.SRE]  [Smallfrogs Studio, 1, 5, 0, 55]
    [C:\WINNT\system32\AcSignIcon.dll]  [Autodesk, 16.0.0.86]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost
127.0.0.1      www.winopen.cn
127.0.0.1      www.tanip.com
127.0.0.1      www.365tc.com
127.0.0.1      code.winopen.cn
127.0.0.1      code1.winopen.cn
127.0.0.1      code2.winopen.cn
127.0.0.1      code3.winopen.cn
127.0.0.1      code4.winopen.cn
127.0.0.1      www.djk66.com
127.0.0.1      www.158soft.com
127.0.0.1      www.10359172.com
127.0.0.1      www.ietool.cn
127.0.0.1      www.456link.com
127.0.0.1      www.159.com
127.0.0.1      www.17510.com
127.0.0.1      www.at58.cn
127.0.0.1      www.nb46.com
127.0.0.1      www.qqget.cn
127.0.0.1      www.6tan.com
127.0.0.1      www.ip321.cn
127.0.0.1    rhino.acme.com
127.0.0.1    x.acme.com
127.0.0.1    cn.47555.cn
127.0.0.1    new3.etsoft.com.cn
127.0.0.1    new3.etsoft.com
127.0.0.1    etsoft.com
127.0.0.1    wl.etsoft.com.cn
127.0.0.1    wl.etsoft.com
127.0.0.1    down.jschina.com.cn
127.0.0.1    down.jschina.com
127.0.0.1    jschina.com
127.0.0.1    wow.etsoft.com.cn
127.0.0.1    wow.etsoft.com
127.0.0.1    new3.etsoft.com.cn
127.0.0.1    new3.etsoft.com
127.0.0.1    sw.etsoft.com.cn
127.0.0.1    mh.etsoft.com.cn
127.0.0.1    wool.etsoft.com.cn
127.0.0.1    zt.soft.com.cn
127.0.0.1    www.gaodumm.com
127.0.0.1    www.97725.com
127.0.0.1    www.ac86.cn

==================================

删除启动--注册表项：
<Synchronization Manager><mobsync.exe /logon> [(Verified)Microsoft Corporation]
r><C:\WINNT\down\rundll32.exe> [N/A]

删除：
C:\WINNT\down\rundll32.exe

修复HOSTS 文件项

谢谢大侠！我去试试！