我收集了一下 有这么几个网站隔段时间就随机弹一个:
http://www.che168.com/it168_ad/che168_ad1.htm
http://sg.eqiso.com/bd/dy.htm
http://www.gamezero.cn/dashao.html
http://cabal.bbgame.cn/action.php?aid=main
可能还有我没注意收集.用兔子黄山等等工具都查不出任何问题.新装了IE7还是不行.
下面几楼是sreng的日志:

[CODE]

2007-01-16,11:37:00

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><; C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <bgswitch><; C:\WINDOWS\system32\bgswitch.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <RavTask><; "C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <KernelFaultCheck><; %systemroot%\system32\dumprep 0 -k>  [N/A]
    <stup.exe><; C:\PROGRA~1\TENCENT\Adplus\stup.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <SoundMix><C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\soudmax.dll,St>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]

==================================
启动文件夹
[宽带连接]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\宽带连接.lnk -->  [N/A]><N>

==================================
服务
[Logical Disk Manager / dmserver][Stopped/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\Zogisqrp.dll><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Macromedia Licensing Service / Macromedia Licensing Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"><N/A>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Windows Video2 / Windows Video2][Stopped/Auto Start]
  <C:\WINDOWS\system32\msvd2.exe><>

==================================
驱动程序
[aahfefdj / aahfefdj][Stopped/System Start]
  <\??\C:\WINDOWS\system32\drivers\aahfefdj.sys><中国互联网络信息中心(CNNIC)>
[aeajebec / aeajebec][Stopped/System Start]
  <\??\C:\WINDOWS\system32\drivers\aeajebec.sys><中国互联网络信息中心(CNNIC)>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[bcbjaheh / bcbjaheh][Stopped/System Start]
  <\??\C:\WINDOWS\system32\drivers\bcbjaheh.sys><中国互联网络信息中心(CNNIC)>
[cdejggje / cdejggje][Stopped/System Start]
  <\??\C:\WINDOWS\system32\drivers\cdejggje.sys><中国互联网络信息中心(CNNIC)>
[defjjfga / defjjfga][Stopped/System Start]
  <\??\C:\WINDOWS\system32\drivers\defjjfga.sys><中国互联网络信息中心(CNNIC)>
[EagleNT / EagleNT][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\EagleNT.sys><N/A>
[ehfhabfc / ehfhabfc][Stopped/System Start]
  <\??\C:\WINDOWS\system32\drivers\ehfhabfc.sys><中国互联网络信息中心(CNNIC)>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[fbjeahgi / fbjeahgi][Stopped/System Start]
  <\??\C:\WINDOWS\system32\drivers\fbjeahgi.sys><中国互联网络信息中心(CNNIC)>
[fiedifdd / fiedifdd][Stopped/System Start]
  <\??\C:\WINDOWS\system32\drivers\fiedifdd.sys><中国互联网络信息中心(CNNIC)>
[gbifcida / gbifcida][Stopped/System Start]
  <\??\C:\WINDOWS\system32\drivers\gbifcida.sys><中国互联网络信息中心(CNNIC)>
[geeabffi / geeabffi][Stopped/System Start]
  <\??\C:\WINDOWS\system32\drivers\geeabffi.sys><中国互联网络信息中心(CNNIC)>
[hahaaacb / hahaaacb][Stopped/System Start]
  <\??\C:\WINDOWS\system32\drivers\hahaaacb.sys><中国互联网络信息中心(CNNIC)>
[HookCont / HookCont][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[ibgdfjgh / ibgdfjgh][Stopped/System Start]
  <\??\C:\WINDOWS\system32\drivers\ibgdfjgh.sys><中国互联网络信息中心(CNNIC)>
[iijdfaee / iijdfaee][Stopped/System Start]
  <\??\C:\WINDOWS\system32\drivers\iijdfaee.sys><中国互联网络信息中心(CNNIC)>
[jdjacjjb / jdjacjjb][Stopped/System Start]
  <\??\C:\WINDOWS\system32\drivers\jdjacjjb.sys><中国互联网络信息中心(CNNIC)>
[jfidjdfd / jfidjdfd][Stopped/System Start]
  <\??\C:\WINDOWS\system32\drivers\jfidjdfd.sys><中国互联网络信息中心(CNNIC)>
[jibbeddb / jibbeddb][Stopped/System Start]
  <\??\C:\WINDOWS\system32\drivers\jibbeddb.sys><中国互联网络信息中心(CNNIC)>
[jjbffeff / jjbffeff][Stopped/System Start]
  <\??\C:\WINDOWS\system32\drivers\jjbffeff.sys><中国互联网络信息中心(CNNIC)>
[kmsinput / kmsinput][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\kmsinput.sys><N/A>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\F:\tencent\npkcrypt.sys><INCA Internet Co., Ltd.>
[npkycryp / npkycryp][Stopped/Manual Start]
  <\??\F:\Program Files\Tencent\npkycryp.sys><N/A>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[TSP / TSP][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><N/A>

浏览器加载项
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[]
  {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A>
[ewidoOnlineScan Control]
  {193C772A-87BE-4B19-A7BB-445B226FE9A1} <C:\WINDOWS\DOWNLO~1\EWIDOO~1.DLL, Anti-Malware Development a.s.>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[XML DOM Document]
  {2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\system32\msxml3.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\WINDOWS\system32\dllcache\dhtmled.ocx, Microsoft Corporation>
[Tabular Data Control]
  {333C7BC4-460F-11D0-BC04-0080C7055A83} <C:\WINDOWS\system32\tdc.ocx, Microsoft Corporation>
[超级兔子上网精灵]
  {43869BB3-22FD-4F15-9B46-238106BA2F4E} <, N/A>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <, N/A>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Active Desktop Mover]
  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[超级兔子上网精灵]
  {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <, N/A>
[MediaComm Class]
  {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <C:\Program Files\Thunder Network\Thunder\Components\InMedia\MediaAddin11.dll, Thunder Networking Technologies,LTD>
[Microsoft Web Browser]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[IeCatch Class]
  {8FAA7A38-1D1E-48E3-B77F-6A98A9BA49CD} <, N/A>
[私服助手]
  {AB0054AF-D5DB-4BB3-A0E7-81414A59C065} <, N/A>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[clienttime.client]
  {C5D0DFF5-6D39-4F98-88CD-12E8430A6300} <, N/A>
[WebActivater Control]
  {C661F36D-DF85-4EF4-83C7-E107B83D04B1} <C:\WINDOWS\system32\3DShowVM.ocx, QQ>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
  {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
  {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[TencentVmpCtl Class]
  {D9819BD5-422B-4281-8523-726466ED692B} <, N/A>
[Rising Web Scan Object]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[&使用迅雷下载]
  <C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
  <C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[上传到QQ网络硬盘]
  <F:\tencent\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
  <F:\tencent\AddPanel.htm, N/A>
[添加到QQ表情]
  <F:\tencent\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <F:\tencent\SendMMS.htm, N/A>

正在运行的进程
[PID: 428][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 496][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 520][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 564][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 576][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 728][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 776][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 816][C:\Program Files\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 832][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 876][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 932][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 984][C:\Program Files\Rising\Rav\Ravmond.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 43]
    [C:\Program Files\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 6]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\Rav\rfwctrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [C:\Program Files\Rising\Rav\RsPPsys.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Program Files\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Rising\Rav\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [C:\Program Files\Rising\Rav\HOOKSYS.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 0]
    [C:\Program Files\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 12]
    [C:\Program Files\Rising\Rav\libload.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 16]
    [C:\Program Files\Rising\Rav\VirusLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [C:\Program Files\Rising\Rav\regmon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [C:\Program Files\Rising\Rav\HookWeb.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
    [C:\Program Files\Rising\Rav\MemMon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
    [C:\Program Files\Rising\Rav\expscan.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\Program Files\Rising\Rav\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
    [C:\Program Files\Rising\Rav\HookCont.dll]  [Rising, 19, 0, 0, 0]
    [C:\Program Files\Rising\Rav\SpamEng.dll]  [N/A, 18, 0, 0, 6]
    [C:\Program Files\Rising\Rav\engine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 20]
    [C:\Program Files\Rising\Rav\PostTrt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 8]
[PID: 1160][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\soudmax.dll]  [, 1, 0, 0, 0]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\WINDOWS\system32\genedoe.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\relres.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\lnkenb.dll]  [N/A, N/A]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 7]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll]  [Thunder Networking Technologies,LTD, 5, 0, 1, 4]
[PID: 1324][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1472][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 1908][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1984][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1036][C:\Program Files\Windows Media Player\wmplayer.exe]  [Microsoft Corporation, 10.00.00.3802]
    [C:\WINDOWS\system32\msdmo.dll]  [N/A, N/A]
[PID: 948][F:\tencent\QQ.exe]  [TENCENT, 0, 0, 0, 0]
    [F:\tencent\QQBaseClassInDll.dll]  [, 1, 0, 0, 1]
    [F:\tencent\QQHelperDll.dll]  [, 1, 0, 0, 1]
    [F:\tencent\BasicCtrlDll.dll]  [Tencent, 6, 0, 200, 320]
    [F:\tencent\QQAPI.dll]  [, 1, 0, 0, 1]
    [F:\tencent\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
    [F:\tencent\LoginCtrl.dll]  [, 1, 0, 0, 1]
    [F:\tencent\npkcntc.dll]  [INCA Internet Co., Ltd., 2006, 6, 27, 1]
    [F:\tencent\npkpdb.dll]  [INCA Internet Co., Ltd., 2003, 10, 1, 1]
    [F:\tencent\QQRes.dll]  [tencent, 1, 0, 0, 1]
    [F:\tencent\QQMainFrame.dll]  [N/A, N/A]
    [F:\tencent\CQQApplication.dll]  [N/A, N/A]
    [F:\tencent\NewSkin.dll]  [, 1, 0, 0, 1]
    [F:\tencent\HostingMgr.dll]  [, 1, 0, 0, 1]
    [F:\tencent\CameraDll.dll]  [, 1, 0, 0, 1]
    [F:\tencent\MailSummary.dll]  [, 1, 0, 0, 1]
    [F:\tencent\QQKnowledgeSearch.dll]  [, 1, 0, 0, 1]
    [F:\tencent\QQAllInOne.dll]  [N/A, N/A]
    [F:\tencent\GroupLive.dll]  [N/A, N/A]
    [F:\tencent\SCCore.dll]  [TENCENT, 2, 0, 0, 1]
    [F:\tencent\QQSpace.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\msdmo.dll]  [N/A, N/A]
    [F:\tencent\QQGroupMng.dll]  [, 1, 0, 0, 1]
    [F:\tencent\QQSysMsgMng.dll]  [N/A, N/A]
    [F:\tencent\UserDefinedHead.dll]  [, 1, 0, 0, 1]
    [F:\tencent\QQPlugin.dll]  [N/A, N/A]
    [F:\tencent\QQConfigPlugin.dll]  [, 1, 0, 0, 1]
    [F:\tencent\QRingMng.dll]  [N/A, N/A]
    [F:\tencent\QQCustomFace.dll]  [N/A, N/A]
    [F:\tencent\GroupConnection.dll]  [Tencent, 0, 3, 3, 5]
    [F:\tencent\QQAvatar.dll]  [N/A, N/A]
    [F:\tencent\FlashAvatarDll.dll]  [, 1, 4, 0, 1]
    [F:\tencent\LongConnection.dll]  [tencent, 5, 0, 200, 160]
    [F:\tencent\QQPet.dll]  [, 1, 0, 0, 1]
    [F:\tencent\PhoneAPI.dll]  [, 1, 0, 0, 1]
    [F:\tencent\DialerAllinOne.dll]  [tencent, 1, 4, 0, 0]
    [F:\tencent\ImageOle.dll]  [TODO: <Company name>, 1.0.0.1]
    [F:\tencent\BQQApplication.dll]  [N/A, N/A]
    [F:\tencent\CommercesMng.dll]  [, 1, 0, 0, 1]
    [F:\tencent\PersonalDesktop.dll]  [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 2]
    [F:\tencent\QQAddr.dll]  [深圳市腾讯计算机系统有限公司, 5, 0, 101, 271]
    [F:\tencent\QQSceneMng.dll]  [N/A, N/A]
    [F:\tencent\QQPhoneHelper.dll]  [腾讯科技（深圳）有限公司, 2, 1, 3, 30]
    [F:\tencent\QQZip.dll]  [tencent, 0, 3, 2, 4]
[PID: 664][F:\tencent\TIMPlatform.exe]  [tencent, 0, 3, 1, 8]
    [F:\tencent\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
[PID: 3160][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll]  [Thunder Networking Technologies,LTD, 5, 0, 1, 4]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 3304][C:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe]  [Thunder Networking Technologies,LTD, 5, 5, 4, 268]
    [C:\Program Files\Thunder Network\Thunder\Program\TaskManager.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 14]
    [C:\Program Files\Thunder Network\Thunder\Program\download_interface.dll]  [Thunder Networking Technologies,LTD, 2, 12, 2, 44]
    [C:\Program Files\Thunder Network\Thunder\Program\asyn_dns.dll]  [Thunder Networking Technologies,LTD, 2, 12, 2, 44]
    [C:\Program Files\Thunder Network\Thunder\Program\BHOStub.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 8]
    [C:\Program Files\Thunder Network\Thunder\Program\iTargetAD.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 13]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\Program Files\Thunder Network\Thunder\Components\DiagnoseHelper\DiagnoseHelper.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 10]
    [C:\Program Files\Thunder Network\Thunder\Components\PortVerify\PortVerify.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 1]
    [C:\Program Files\Thunder Network\Thunder\Components\ExplorerHelper\ExplorerHelper.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 1]
    [C:\Program Files\Thunder Network\Thunder\Components\DTAG\DTAG.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 1]
    [C:\Program Files\Thunder Network\Thunder\Program\LiveUpdate.dll]  [, 1, 0, 1, 17]
    [C:\Program Files\Thunder Network\Thunder\Components\InMedia\iEmbedShell.dll]  [　, 1, 0, 0, 15]
    [C:\Program Files\Thunder Network\Thunder\Components\InMedia\iEmbed08.dll]  [　, 3, 2, 0, 63]
    [C:\Program Files\Thunder Network\Thunder\Components\Community\XLCommunity.dll]  [Thunder Networking Technologies,LTD, 1, 0, 3, 14]
    [C:\Program Files\Thunder Network\Thunder\Program\RegisterDll.dll]  [Thunder Networking Technologies,LTD, 2, 2, 1, 43]
    [C:\Program Files\Thunder Network\Thunder\Components\Search\XLSearch.dll]  [Thunder Networking Technologies,LTD, 1, 0, 1, 6]
    [C:\Program Files\Thunder Network\Thunder\Components\P4PClient\P4PClient.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 13]
    [C:\Program Files\Thunder Network\Thunder\Components\VPSHELL\VPSHELL.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Thunder Network\Thunder\Components\VPSHELL\VideoPicture.dll]  [XunLei, 1, 0, 0, 1]
    [C:\Program Files\Thunder Network\Thunder\Plugins\BhoAdv\bho_adv.dll]  [深圳市迅雷网络技术有限公司, 1.0.1.0]
    [C:\Program Files\Thunder Network\Thunder\Program\msgmanage.dll]  [Thunder Networking Technologies,LTD, 2, 0, 1, 38]
[PID: 180][C:\Documents and Settings\Administrator\桌面\sreng\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]
    [C:\Documents and Settings\Administrator\桌面\sreng\Plugins\SRECXTMG.SRE]  [Smallfrogs Studio, 1, 5, 0, 55]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1                    aifind.info
127.0.0.1                    allsearcher.info
127.0.0.1                    ehttp.cc
127.0.0.1                    freednshost.info
127.0.0.1                    i-lookup.com
127.0.0.1                    www.23.la
127.0.0.1                    www.joyiex.com
127.0.0.1                    www.mj2005.com
127.0.0.1                    www.mydj2005.com
127.0.0.1                    www.nkvd.us
127.0.0.1                    www.tytyy.com
127.0.0.1                    www.tytyy.com/index1.htm
127.0.0.1                    www.xfreehosting.com
127.0.0.1                    www.xxx166.com
127.0.0.1www.ccnnic.com
127.0.0.1www.ccnnlc.com
127.0.0.1www.bodoto.com
127.0.0.1bj.bodoto.com
127.0.0.1nb.bodoto.com
127.0.0.1hangzhou.bodoto.com
127.0.0.1jh.bodoto.com
127.0.0.1shangh.bodoto.com
127.0.0.1my.bodoto.com
127.0.0.1mail.bodoto.com
127.0.0.1www.bodoto.net
127.0.0.1www.bodoto.cn
127.0.0.1www.bodoto.com.cn
127.0.0.1www.bodoto.net.cn
127.0.0.1www.bodoto.org
127.0.0.1www.edmchina.com
127.0.0.1www.edmchina.net
127.0.0.1www.edmchina.cn
127.0.0.1www.edmchina.com.cn
127.0.0.1ad.edmchina.com
127.0.0.1agent.edmchina.com
127.0.0.1sales.edmchina.com
127.0.0.1mail.edmchina.com
127.0.0.1edmchina.com
127.0.0.1edmchina.net
127.0.0.1edmchina.cn
127.0.0.1edmchina.com.cn
127.0.0.1www.pk265.com
127.0.0.1www.pk265.net
127.0.0.1www.pk265.com.cn
127.0.0.1pk265.com
127.0.0.1pk265.net
127.0.0.1pk265.com.cn
127.0.0.1www.qqbao.com
127.0.0.1www.qqbao.net
127.0.0.1www.qqbao.cn
127.0.0.1www.qqbao.com.cn
127.0.0.1qqbao.com
127.0.0.1qqbao.cn
127.0.0.1qqbao.com.cn
127.0.0.1ad.pvka.com
127.0.0.1da.pvka.com
127.0.0.1www.20060106.com
127.0.0.120060106.com
127.0.0.1www.huajundown.com
127.0.0.1www.huajundown.net
127.0.0.1huajundown.com.cn
127.0.0.1huajundown.net
127.0.0.1www.pvka.com.cn
127.0.0.1pvka.com.cn
127.0.0.1da.pvka.com.cn
127.0.0.1www.huajundown.com.cn
127.0.0.1ad.pvka.com.cn
127.0.0.1www.ccnnic.net
127.0.0.1www.ccnnic.cn
127.0.0.1www.ccnnic.com.cn
127.0.0.1www.ccnnic.net.cn
127.0.0.1www.ccnnlc.com.cn
127.0.0.1www.ccnnlc.net
127.0.0.1www.ccnnlc.cn
127.0.0.1da.pvka.net.cn
127.0.0.1www.ccnnlc.net.cn
127.0.0.1www.edmchina.net.cn
127.0.0.1edmchina.net.cn
127.0.0.1www.pk265.cn
127.0.0.1pk265.cn
127.0.0.1qqbao.net
127.0.0.1www.pvka.com
127.0.0.1www.pvka.net
127.0.0.1www.pvka.net.cn
127.0.0.1pvka.com
127.0.0.1pvka.net
127.0.0.1pvka.net.cn
127.0.0.1ad.pvka.net
127.0.0.1ad.pvka.net.cn
127.0.0.1da.pvka.net
127.0.0.1www.huajundown.cn
127.0.0.1www.huajundown.net.cn
127.0.0.1huajundown.com
127.0.0.1huajundown.cn
127.0.0.1huajundown.net.cn
127.0.0.1da.pvka.cn

==================================
API HOOK
N/A

==================================


[/CODE]

运行(双击)SRENG2，点“启动项目，服务，点“Win32服务应用程序”
勾选“隐藏微软服务”选中病毒服务
Logical Disk Manager
Windows Video2
，选择“删除服务”
点“设置”选择“否”

运行(双击)SRENG2，点“启动项目，服务，点“驱动程序”
勾选“隐藏微软服务”选中病毒服务
aahfefdj
aeajebec
bcbjaheh
[defjjfga
ehfhabfc
fbjeahgi
fiedifdd
gbifcida
geeabffi
hahaaacb
ibgdfjgh
iijdfaee
jfidjdfd
jibbeddb
[jjbffeff
，选择“删除服务”
点“设置”选择“否”

重启按F８进入安全模式下
显示隐藏文件
删除： 
C:\WINDOWS\system32\drivers\ibgdfjgh.sys
C:\WINDOWS\system32\drivers\iijdfaee.sys
C:\WINDOWS\system32\drivers\jdjacjjb.sys
C:\WINDOWS\system32\drivers\jfidjdfd.sys
C:\WINDOWS\system32\drivers\jibbeddb.sys
C:\WINDOWS\system32\drivers\jjbffeff.sys
C:\WINDOWS\system32\drivers\fbjeahgi.sys
C:\WINDOWS\system32\drivers\fiedifdd.sys
C:\WINDOWS\system32\drivers\gbifcida.sys
C:\WINDOWS\system32\drivers\geeabffi.sys
C:\WINDOWS\system32\drivers\hahaaacb.sys
C:\WINDOWS\system32\drivers\aahfefdj.sys
C:\WINDOWS\system32\drivers\aeajebec.sys
C:\WINDOWS\system32\drivers\bcbjaheh.sys
C:\WINDOWS\system32\drivers\cdejggje.sys
C:\WINDOWS\system32\drivers\defjjfga.sys
C:\WINDOWS\system32\drivers\ehfhabfc.sys
SystemRoot%\System32\Zogisqrp.dll
C:\WINDOWS\system32\msvd2.exe