【求助】我的电脑启动后自动弹出一音乐网页,怎么解决??? 在线等~ bbs.ikaka.com

LaShiDe - 2006-5-1 20:29:00

Logfile of HijackThis v1.99.1
Scan saved at 20:28:21, on 2006-5-1
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

运行进程:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\LSASS.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Common Files\COMM\Network.exe
f:\program files\tencent\tt\ttraveler.exe
E:\Program Files\HFGameOPT\W3Ass.exe
E:\Program Files\HFGameOPT\GameClient.exe
F:\Program Files\Tencent\TT\TTraveler.exe
G:\Program Files\TTPlayer\TTPlayer.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\Rundll32.exe
F:\Program Files\Tencent\qq\QQ.exe
F:\Program Files\Tencent\qq\TIMPlatform.exe
F:\Program Files\迅雷\Thunder.exe
F:\下载\应用\HijackThis.exe

R3 - URLSearchHook: (no name) - {982CB676-38F0-4D9A-BB72-D9371ABE876E} - (没有文件)
R3 - URLSearchHook: (no name) - {BAB1AC41-6FF7-4F2E-A04E-5C592CCFEA7D} - (没有文件)
O2 - BHO: 好看123上网精灵 - {00000000-280E-445B-B051-A8B2DA7E798A} - E:\PROGRA~1\SUPERR~1\MagicSet\HAOKAN~2.DLL (文件故障)
O2 - BHO: ThunderIEHelper - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\System32\xunleibho_v14.dll
O2 - BHO: SohuDAIEHelper - {0CA51D02-7739-43EA-8D9A-1E8AD4327B03} - C:\Program Files\P4P\sodaie.dll (文件故障)
O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\WINDOWS\System32\wmpdrm.dll
O2 - BHO: IDDTInitObj Class - {15DDE989-CD45-4561-BF99-D22C0D5C2B74} - C:\WINDOWS\DOWNLO~1\ddtinit.dll (文件故障)
O2 - BHO: MyIEHelper Class - {16A770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper2006428_1100.dll
O2 - BHO: QuickBtn - {1A199C20-DE2B-4838-AE3F-B5257ECE2B7E} - C:\Program Files\CoolWebsite\QuickLink.dll (文件故障)
O2 - BHO: CNNIC_IDN - {35980F6E-A137-4E50-953D-813BB8556899} - C:\PROGRA~1\CNNIC\Cdn\cdniehlp.dll (文件故障)
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll (文件故障)
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - f:\Program Files\Tencent\QQ\QQIEHelper.dll (文件故障)
O2 - BHO: Seekmo Search Assistant Helper - {5929CD6E-2062-44a4-B2C5-2C7E78FBAB38} - c:\program files\seekmo\seekmohook.dll (文件故障)
O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll
O2 - BHO: std software - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - C:\WINDOWS\SYSTEM32\stdup.dll
O2 - BHO: DTSvc Class - {6B280AC7-8B18-46A4-BF70-FC579A1B2F76} - C:\Program Files\DTSVC\DTS\DTS.dll
O2 - BHO: NewWeb Controller - {9ACEEE30-143F-471A-AA45-72B061FE7D60} - C:\WINDOWS\system32\WinSC32.dll
O2 - BHO: HBObject Class - {AE22AFE5-1EF4-4D25-9E23-D2825FB17DA1} - C:\PROGRA~1\HBClient\hbhelper.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\CnsHook.dll
O2 - BHO: 珊瑚虫工具栏 - {D74EC18E-3DDD-4174-B1B1-949FE3B8366D} - C:\Program Files\Infofo Bar\infofobar.dll (文件故障)
O3 - Toolbar: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - D:\软件\IEBand.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: 珊瑚虫工具栏 - {D74EC18E-3DDD-4174-B1B1-949FE3B8366D} - C:\Program Files\Infofo Bar\infofobar.dll (文件故障)
O3 - Toolbar: ALiBaBar - {0A1375E1-56C2-11D6-8E45-8933A0FB5235} - g:\PROGRA~1\ALiBaBar\ALiBaBar.dll
O3 - Toolbar: BitComet工具栏 - {3F1ABCDB-A875-46c1-8345-B72A4567E486} - e:\BitComet\BitCometBar\BitCometBar0.5.dll
O4 - HKLM\..\Run: [RavTask] "f:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [Spoolsv] C:\WINDOWS\System32\spoolsv32.exe
O4 - HKLM\..\Run: [RichMedia] C:\WINDOWS\System32\Rundll32.exe "C:\PROGRA~1\HBClient\hbhelper.dll",WaitWindows
O4 - HKLM\..\Run: [ToP] C:\WINDOWS\LSASS.exe
O4 - HKLM\..\Run: [explorer.exe] C:\WINDOWS\System32\explorer.exe
O4 - HKLM\..\Run: [NTdhcp] C:\WINDOWS\System32\NTdhcp.exe
O4 - HKLM\..\RunOnce: [*Spoolsv] C:\WINDOWS\System32\spoolsv32.exe
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\System32\spoolsv32.exe
O4 - HKCU\..\RunOnce: [*Spoolsv] C:\WINDOWS\System32\spoolsv32.exe
O4 - Global Startup: eBay易趣--全球商品一网打尽.lnk = C:\Program Files\EbayShop\EbayShop.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: >> 彩信发送 << - res://C:\PROGRA~1\MMSASS~1\Mmsass~1.dll/mms.htm
O8 - Extra context menu item: !搜一搜 - res://C:\Program Files\yisou\yisou.dll/232
O8 - Extra context menu item: &使用屁屁狗[PPGou]加速下载 - F:\下载\网络\4\PPGou\geturl.htm
O8 - Extra context menu item: &使用迅雷下载 - F:\Program Files\迅雷\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - F:\Program Files\迅雷\getallurl.htm
O8 - Extra context menu item: >>彩信发送<< - res://C:\PROGRA~1\MMSASS~1\Mmsass~1.dll/mms.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - F:\Program Files\Tencent\qq\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - F:\Program Files\Tencent\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - F:\Program Files\Tencent\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - F:\Program Files\Tencent\qq\SendMMS.htm
O9 - Extra button: 实用网址导航 - {1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} - C:\Program Files\CoolWebsite\QuickLink.dll (文件故障)
O9 - Extra button: 中文上网 - {35980F6E-A137-4E50-953D-813BB8556899} - C:\PROGRA~1\CNNIC\Cdn\cdniehlp.dll (文件故障)
O9 - Extra 'Tools' menuitem: 中文上网 - {35980F6E-A137-4E50-953D-813BB8556899} - C:\PROGRA~1\CNNIC\Cdn\cdniehlp.dll (文件故障)
O9 - Extra button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist (文件故障)
O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll
O9 - Extra 'Tools' menuitem: 彩E精灵设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll
O9 - Extra button: 珊瑚虫工具栏 - {8507326C-B5C1-4559-BB91-0919E753836F} - C:\Program Files\Infofo Bar\infofobar.dll (文件故障)
O9 - Extra 'Tools' menuitem: 珊瑚虫工具栏 - {8507326C-B5C1-4559-BB91-0919E753836F} - C:\Program Files\Infofo Bar\infofobar.dll (文件故障)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - F:\Program Files\Tencent\qq\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - F:\Program Files\Tencent\qq\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - f:\Program Files\Tencent\QQ\QQIEHelper.dll (文件故障)
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - f:\Program Files\Tencent\QQ\QQIEHelper.dll (文件故障)
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (文件故障)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (文件故障)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (文件故障)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (文件故障)
O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (文件故障)
O9 - Extra button: 玩一下小游戏 - {6713E8D2-850A-101B-AFC0-4210102A8DA7} - http://www.wanyixia.com/#i (文件故障)
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\cdnns.dll' missing
O11 - Options group: [!CNS] 上网助手-地址栏搜索
O11 - Options group: [CDNCLIENT] 中文上网
O16 - DPF: {15DDE989-CD45-4561-BF99-D22C0D5C2B74} (IDDTInitObj Class) - http://image2.sina.com.cn/home/ddtsource/ddt.cab
O16 - DPF: {15DDE989-CD45-4561-BF99-D22C0D5C2B85} - http://image2.sina.com.cn/pfp/iweb/vivimin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124792230171
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137667808662
O16 - DPF: {7A38130D-BEB7-4D60-BE7A-4C4AB6A85CD1} - http://bar.souhuu.com/vcbar1.cab
O16 - DPF: {A984ED9F-E8DA-44E5-BC18-C14B9ABEF79D} (photo_uploader Control) - http://upload.photo.163.com/photoup.cab
O16 - DPF: {DA984A6D-508E-11D6-AA49-0050FF3C628D} (Ravonline) - http://download.rising.com.cn/ravkill/rsonline.cab
O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Seekmo/ie/bridge-c15.cab?71dd9ae2ef62e9a466dd5ddf0a435dab460415c322f6689cdf77988dc0ea4f74e94ca88d48444c12e6e9dba7816e23e72e3e9d66367b9ed27f6985f4973e35:07463b9e4f980f3935e077b3287111d0
O17 - HKLM\System\CCS\Services\Tcpip\..\{D24381B6-C65B-4753-BBAF-CE73E430029C}: NameServer = 218.104.128.106 58.22.96.66
O21 - SSODL: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll

不好意思,谢谢帮忙

LaShiDe - 2006-5-1 21:13:00

拜托各位拉~

我无邪 - 2006-5-1 21:31:00

先到控制面板，添加删除程序，卸载很棒小秘书与MMSASS后。
ALT+CTRL+DEL调出任务管理器，终止NTdhcp.exe的进程
关闭所有浏览窗口以及一些不必要的程序
运行Hijackthis，扫描结束后在下列选项前打上勾，然后选"修复""（如果有的话）

O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\WINDOWS\System32\wmpdrm.dll
O2 - BHO: MyIEHelper Class - {16A770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper2006428_1100.dll
O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll
O2 - BHO: std software - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - C:\WINDOWS\SYSTEM32\stdup.dll
O2 - BHO: NewWeb Controller - {9ACEEE30-143F-471A-AA45-72B061FE7D60} - C:\WINDOWS\system32\WinSC32.dll
O2 - BHO: HBObject Class - {AE22AFE5-1EF4-4D25-9E23-D2825FB17DA1} - C:\PROGRA~1\HBClient\hbhelper.dll
O4 - HKLM\..\Run: [Spoolsv] C:\WINDOWS\System32\spoolsv32.exe
O4 - HKLM\..\Run: [RichMedia] C:\WINDOWS\System32\Rundll32.exe "C:\PROGRA~1\HBClient\hbhelper.dll",WaitWindo
O4 - HKLM\..\RunOnce: [*Spoolsv] C:\WINDOWS\System32\spoolsv32.exe
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\System32\spoolsv32.exe
O4 - HKCU\..\RunOnce: [*Spoolsv] C:\WINDOWS\System32\spoolsv32.exe
O4 - HKLM\..\Run: [NTdhcp] C:\WINDOWS\System32\NTdhcp.exe
4 - HKLM\..\Run: [explorer.exe] C:\WINDOWS\System32\explorer.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: >> 彩信发送 << - res://C:\PROGRA~1\MMSASS~1\Mmsass~1.dll/mms.htm
O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll
O9 - Extra 'Tools' menuitem: 彩E精灵设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\Mmsass~1.dll

双击我的电脑--工具---文件夹选项--查看选项卡--单击选取"显示隐藏文件或文件夹"--清除"隐藏受保护的操作系统文件（推荐）"复选框。在提示您确定更改时，单击“是”
然后找到如下文件并删除（如果有的话）
C:\WINDOWS\System32\wmpdrm.dll
C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper2006428_1100.dll
C:\PROGRA~1\MMSASS~1
C:\WINDOWS\SYSTEM32\stdup.dll
C:\WINDOWS\system32\WinSC32.dll
C:\PROGRA~1\HBClient
C:\WINDOWS\System32\spoolsv32.exe
C:\WINDOWS\System32\NTdhcp.exe
C:\WINDOWS\System32\explorer.exe
修复后请重启
请下载使用 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
http://forum.ikaka.com/topic.asp?board=67&artid=5188931

LaShiDe - 2006-5-1 22:09:00

我已经按你说的做了,但是在添加删除程序中没有很棒小秘书与MMSASS,这几个文件无法被删除(磁盘未满或未写保护,...而且文件未被使用)C:\PROGRA~1\MMSASS~1
C:\WINDOWS\SYSTEM32\stdup.dll
C:\WINDOWS\system32\WinSC32.dll
C:\PROGRA~1\HBClient........重启后还是老样子...

LaShiDe - 2006-5-1 22:10:00

智能扫描日志:2006-05-01,22:07:06

System Repair Engineer 2.0.12.350 (2.0 RC 1)
Windows XP Professional Service Pack 1 - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<Spoolsv><C:\WINDOWS\System32\spoolsv32.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<*Spoolsv><C:\WINDOWS\System32\spoolsv32.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<IEXPLORE.EXE><IEXPLORE.EXE http://%67%6F%6F%67%6C%65%2E%71%71%31%32%33%34%2E%63%6E>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<run><>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<RavTask><"f:\Program Files\Rising\Rav\RavTask.exe" -system>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<ToP><C:\WINDOWS\LSASS.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Spoolsv><C:\WINDOWS\System32\spoolsv32.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<RichMedia><C:\WINDOWS\System32\Rundll32.exe "C:\PROGRA~1\HBClient\hbhelper.dll",WaitWindows>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<*Spoolsv><C:\WINDOWS\System32\spoolsv32.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<IFO><C:\WINDOWS\System32\ieinfo.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><EXPLORER.EXE>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<Userinit><C:\WINDOWS\System32\userinit.exe,>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<Anti Trojan Elite><; F:\下载\安全\0821rtesetup\Anti Trojan Elite\TJEnder.exe :NO>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<BaiduX><; >
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<ccApp><; >
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<CdnCtr><; C:\Program Files\CNNIC\Cdn\cdnup.exe>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<CHotKey><; EzKey.exe>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<Cmaudio><; RunDll32 cmicnfg.cpl,CMICtrlWnd>
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><; C:\WINDOWS\System32\ctfmon.exe>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<DAEMON Tools-2052><; "F:\game\daemon\daemon.exe" -lang 2052>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<dmastu><; rundll32.exe C:\PROGRA~1\DESKTO~1\Cast\dmipn.dll,Always>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<Easy-PrintToolBox><; C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<ExFilter><; Rundll32.exe "C:\PROGRA~1\CNNIC\Cdn\cdnspie.dll,ExecFilter solo">
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<helper.dll><; C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32>
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<hws><; >
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<iDuba Personal FireWall><; ; >
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<Intren0t><; >
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<Kavrun><; ; >
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<KernelFaultCheck><; %systemroot%\system32\dumprep 0 -k>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<Knight V><; ??>
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<Kugoo><; >
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<KuGoo3><; E:\Program Files\KuGoo3\KuGoo.exe>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<KvXP><; >
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<lntrenat><; >
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<MoveSearch><; >
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<MSPY2002><; C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<MSService_v1.0><; C:\WINDOWS\system\vfp104.exe>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<mssysint><; comime.exe>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<NAV CfgWiz><; >
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<NetSpeeder><; ; "E:\Program Files\Superhunter\NetSpeeder\NetSpeeder.exe" hide>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<NMGameX_AutoRun><; C:\WINDOWS\System32\Rundll32.exe nmgamex.dll,LiveProcess /aa>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<NTdhcp><; C:\WINDOWS\System32\NTdhcp.exe>
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<pbmini><; C:\Program Files\pcast\PodcastbarMini\PodcastBarMiniStater.exe>
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<PPGou><; F:\下载\网络\4\PPGou\PPGou.exe /h>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<RavMon><; F:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<RavTimer><; F:\PROGRA~1\RISING\RAV\RAVTIMER.EXE>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<renewup><; C:\Program Files\CNNIC\Cdn\cdnrenew.exe>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<RichMedia><; C:\WINDOWS\System32\Rundll32.exe "C:\PROGRA~1\HBClient\hbhelper.dll",WaitWindows>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<seekmo><; "c:\program files\seekmo\seekmo.exe">
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<SKYNET Personal FireWall><; ; D:\Program Files\SkyNet\FireWall\pfw.exe>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<Spoolsv><; C:\WINDOWS\System32\spoolsv32.exe>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<SSC_UserPrompt><; >
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<StormCodec_Helper><; "g:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<supdate2.dll><; RUNDLL32.EXE C:\WINDOWS\System32\supdate2.dll,Run>
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<Super Rabbit Desktop Search><; E:\Program Files\Super Rabbit\MagicSet\SRSearch.exe>
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<Super Rabbit IEPro><; E:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE /LOAD>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<Super Rabbit SRRestore><; E:\Program Files\Super Rabbit\MagicSet\srrest.exe /autosave>
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<System Mechanic 广告封锁器><; "D:\Program Files\iolo\System Mechanic 4 Professional\PopupStopper.exe">
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<Update><; C:\Program Files\Common Files\UPDAT\Update.exe>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<url><; http://666%2Emon98%2Ecom>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<VirtualCloneDrive><; "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<Windir><; C:\WINDOWS\System32\Windir.exe>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<Windows Management Instrumentation><; wmimgr.exe>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<WindowsUpdate><; C:\WINDOWS\System32\WindowsUpdate.exe>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<winsrv><; abcdef.exe>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<WinsSystem><; C:\Program Files\Internet Explorer\syssmss.exe>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<XSSoft_WB><; >
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<yassistse><; "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe">
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<YLive.exe><; C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<迅雷4><; F:\Program Files\迅雷\TDUpdate.exe>

==================================
启动文件夹
[eBay易趣--全球商品一网打尽]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\eBay易趣--全球商品一网打尽.lnk><N>

==================================
服务
[ClipManager / BRGNS]
<C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A>
[Gray_Pigeon_Server / GrayPigeonServer]
<><N/A>
[Macromedia Licensing Service / Macromedia Licensing Service]

LaShiDe - 2006-5-1 22:10:00

接上
<"C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"><N/A>
[Rising Process Communication Center / RsCCenter]
<"f:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
<"f:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[StdService / StdService]
<C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\STDSVER.DLL,Service><N/A>
[Network System / Universal Disk Manager]
<C:\Program Files\Common Files\COMM\Network.exe><COMENET TECHNOLOGY>
[wint / wint]
<C:\WINDOWS\System32\RunDLL32.exe "C:\WINDOWS\System32\wint\wint.dll",Run -r><N/A>

==================================
浏览器加载项
[好看123上网精灵]
{00000000-280E-445B-B051-A8B2DA7E798A} <E:\PROGRA~1\SUPERR~1\MagicSet\HAOKAN~2.DLL, N/A>
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\System32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[CPub Object]
{0CA51D02-7739-43EA-8D9A-1E8AD4327B03} <C:\Program Files\P4P\sodaie.dll, N/A>
[wmpdrm]
{0E674588-66B7-4E19-9D0E-2053B800F69F} <C:\WINDOWS\System32\wmpdrm.dll, N/A>
[IDDTInitObj Class]
{15DDE989-CD45-4561-BF99-D22C0D5C2B74} <C:\WINDOWS\DOWNLO~1\ddtinit.dll, N/A>
[QuickBtn]
{1A199C20-DE2B-4838-AE3F-B5257ECE2B7E} <C:\Program Files\CoolWebsite\QuickLink.dll, N/A>
[CNNIC_IDN]
{35980F6E-A137-4E50-953D-813BB8556899} <C:\PROGRA~1\CNNIC\Cdn\cdniehlp.dll, N/A>
[AntiFish Class]
{38928D50-8A48-44C2-945F-D2F23F771410} <C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll, N/A>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <f:\Program Files\Tencent\QQ\QQIEHelper.dll, N/A>
[Seekmo Search Assistant Helper]
{5929CD6E-2062-44a4-B2C5-2C7E78FBAB38} <c:\program files\seekmo\seekmohook.dll, N/A>
[DTSvc Class]
{6B280AC7-8B18-46A4-BF70-FC579A1B2F76} <C:\Program Files\DTSVC\DTS\DTS.dll, N/A>
[HBObject Class]
{AE22AFE5-1EF4-4D25-9E23-D2825FB17DA1} <C:\PROGRA~1\HBClient\hbhelper.dll, Shanghai Henbang Technology Co., Ltd>
[CnsHook Class]
{D157330A-9EF3-49F8-9A67-4141AC41ADD4} <C:\WINDOWS\downlo~1\CnsHook.dll, 北京三七二一科技有限公司>
[珊瑚虫工具栏]
{D74EC18E-3DDD-4174-B1B1-949FE3B8366D} <C:\Program Files\Infofo Bar\infofobar.dll, N/A>
[QuickBtn]
{1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} <C:\Program Files\CoolWebsite\QuickLink.dll, N/A>
[CNNIC_IDN]
{35980F6E-A137-4E50-953D-813BB8556899} <C:\PROGRA~1\CNNIC\Cdn\cdniehlp.dll, N/A>
[雅虎助手]
{5D73EE86-05F1-49ed-B850-E423120EC338} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist, N/A>
[珊瑚虫工具栏]
{8507326C-B5C1-4559-BB91-0919E753836F} <C:\Program Files\Infofo Bar\infofobar.dll, N/A>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <F:\Program Files\Tencent\qq\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <f:\Program Files\Tencent\QQ\QQIEHelper.dll, N/A>
[情景聊天]
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/, N/A>
[]
{ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair, N/A>
[]
{FD00D911-7529-4084-9946-A29F1BDF4FE5} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean, N/A>
[玩一下小游戏]
{6713E8D2-850A-101B-AFC0-4210102A8DA7} <http://www.wanyixia.com/#i, N/A>
[金山快译(&K)]
{6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} <D:\软件\IEBand.dll, 金山软件股份有限公司>
[Easy-WebPrint]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} <C:\Program Files\Canon\Easy-WebPrint\Toolband.dll, N/A>
[电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[珊瑚虫工具栏]
{D74EC18E-3DDD-4174-B1B1-949FE3B8366D} <C:\Program Files\Infofo Bar\infofobar.dll, N/A>
[ALiBaBar]
{0A1375E1-56C2-11D6-8E45-8933A0FB5235} <g:\PROGRA~1\ALiBaBar\ALiBaBar.dll, Alfred, C. S. Li>
[BitComet工具栏]
{3F1ABCDB-A875-46c1-8345-B72A4567E486} <e:\BitComet\BitCometBar\BitCometBar0.5.dll, N/A>
[IDDTInitObj Class]
{15DDE989-CD45-4561-BF99-D22C0D5C2B74} <C:\WINDOWS\DOWNLO~1\ddtinit.dll, N/A>
[MSN Photo Upload Tool]
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} <C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, Microsoft? Corporation>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\System32\wuweb.dll, Microsoft Corporation>
[MUWebControl Class]
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\System32\muweb.dll, Microsoft Corporation>
[photo_uploader Control]
{A984ED9F-E8DA-44E5-BC18-C14B9ABEF79D} <C:\WINDOWS\DOWNLO~1\PHOTO_~1.OCX, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[Ravonline]
{DA984A6D-508E-11D6-AA49-0050FF3C628D} <C:\WINDOWS\Downloaded Program Files\RsOnline.dll, Beijing Rising Tech. Co., Ltd.>
[SAIX]
{DECEAAA2-370A-49BB-9362-68C3A58DDC62} <C:\WINDOWS\Downloaded Program Files\SAIX.dll, N/A>
[!搜一搜]
<res://C:\Program Files\yisou\yisou.dll/232, N/A>
[&使用屁屁狗[PPGou]加速下载]
<F:\下载\网络\4\PPGou\geturl.htm, N/A>
[&使用迅雷下载]
<F:\Program Files\迅雷\geturl.htm, N/A>
[&使用迅雷下载全部链接]
<F:\Program Files\迅雷\getallurl.htm, N/A>
[>>彩信发送<<]
<res://C:\PROGRA~1\MMSASS~1\Mmsass~1.dll/mms.htm, N/A>
[上传到QQ网络硬盘]
<F:\Program Files\Tencent\qq\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
<F:\Program Files\Tencent\qq\AddPanel.htm, N/A>
[添加到QQ表情]
<F:\Program Files\Tencent\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<F:\Program Files\Tencent\qq\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 432][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 488][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 512][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 556][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 568][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 752][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 804][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 948][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 980][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 1116][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.0 (XPClient.010817-1148)>
[C:\WINDOWS\system32\CNMLM6e.DLL] <CANON INC.><1.80.2.50>
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD6e.DLL] <CANON INC.><1.80.2.50>
[PID: 1336][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2800.1106 (xpsp1.020828-1920)>
[C:\WINDOWS\downlo~1\CnsHook.dll] <北京三七二一科技有限公司><1, 0, 2, 7>
[C:\WINDOWS\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
[C:\WINDOWS\System32\msicn\msibm.dll] <广州傲讯信息科技有限公司><2, 0, 0, 1>
[C:\WINDOWS\System32\msicn\plugins\bse.dll] <广州傲讯信息科技有限公司><2, 0, 0, 1>
[C:\WINDOWS\System32\msicn\plugins\lup.dll] <N/A><N/A>
[C:\WINDOWS\System32\msicn\plugins\bm.dll] <N/A><N/A>
[C:\WINDOWS\System32\msicn\plugins\as.dll] <N/A><N/A>
[C:\Program Files\HeroV8\VCvtShell.dll] <herosoft><1, 0, 0, 1>
[C:\PROGRA~1\WINZIP\WZSHLSTB.DLL] <WinZip Computing, Inc.><4.1 (32-bit)>
[C:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[f:\PROGRA~1\Kingsoft\KnightV\Tools\KVD\kscdrush.dll] <金山软件股份有限公司><5, 0, 0, 0>
[C:\WINDOWS\System32\xunleibho_v14.dll] <Thunder Networking Technologies,LTD><4, 6, 0, 62>
[C:\Program Files\DTSVC\DTS\DTS.dll] <N/A><1, 0, 0, 1>
[PID: 1388][C:\WINDOWS\System32\ctfmon.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>

LaShiDe - 2006-5-1 22:11:00

街上
[C:\WINDOWS\System32\msicn\msibm.dll] <广州傲讯信息科技有限公司><2, 0, 0, 1>
[PID: 1592][f:\program files\tencent\tt\ttraveler.exe] <腾讯公司><3.0.0.250>
[PID: 1612][C:\WINDOWS\LSASS.exe] <XQM><0.00.0064>
[PID: 1756][C:\WINDOWS\System32\ieinfo.exe] <><1, 0, 0, 1>
[PID: 1812][F:\Program Files\Rising\Rav\RavTask.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
[F:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[F:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[F:\Program Files\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[F:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[PID: 360][C:\WINDOWS\System32\NOTEPAD.EXE] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 784][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 940][C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe] <Microsoft Corporation><7.00.9064.9150>
[PID: 1356][C:\WINDOWS\System32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: DNSRV(bld4act)>
[PID: 1408][C:\Program Files\Common Files\COMM\Network.exe] <COMENET TECHNOLOGY><1, 563, 15, 5>
[PID: 304][F:\Program Files\Tencent\TT\TTraveler.exe] <腾讯公司><3.0.0.250>
[F:\Program Files\Tencent\TT\PersonalDesktop.dll] <深圳市腾讯计算机系统公司QQ工作小组><1, 0, 0, 4>
[C:\WINDOWS\System32\msicn\msibm.dll] <广州傲讯信息科技有限公司><2, 0, 0, 1>
[C:\WINDOWS\System32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0>
[C:\WINDOWS\System32\UNISPIM.IME] <北京清华紫光软件股份有限公司><3.0.0.3045>
[C:\WINDOWS\System32\upengine.dll] <北京清华紫光软件股份有限公司><3.0.0.3045>
[PID: 896][C:\WINDOWS\System32\wuauclt.exe] <Microsoft Corporation><5.8.0.2469 built by: lab01_n(wmbla)>
[PID: 1140][E:\Program Files\HFGameOPT\W3Ass.exe] <Steven Studio><1, 1, 3, 716>
[E:\Program Files\HFGameOPT\SwapFnKey.dll] <N/A><N/A>
[E:\Program Files\HFGameOPT\w3ass.dll] <Steven Studio><1, 0, 1, 315>
[PID: 1152][E:\Program Files\HFGameOPT\GameClient.exe] <上海浩方在线信息技术有限公司><4, 0, 0, 0>
[E:\Program Files\HFGameOPT\GameShell.dll] <上海浩方在线信息技术有限公司><3, 6, 0, 0>
[E:\Program Files\HFGameOPT\Proxy.dll] <><1, 0, 0, 1>
[E:\Program Files\HFGameOPT\MeteorCheck.dll] <N/A><N/A>
[E:\Program Files\HFGameOPT\ComCtrlLib.dll] <><1, 0, 0, 1>
[E:\Program Files\HFGameOPT\SkinPlusPlusDLL.dll] <><1, 0, 0, 1>
[E:\Program Files\HFGameOPT\GameData.dll] <><1, 0, 0, 1>
[E:\Program Files\HFGameOPT\UserAvatar.dll] <><1, 0, 0, 1>
[E:\Program Files\HFGameOPT\IShowSocket.dll] <><1, 0, 0, 1>
[E:\Program Files\HFGameOPT\IMUIDll.dll] <><1, 0, 0, 1>
[E:\Program Files\HFGameOPT\IMbase.dll] <><1, 0, 0, 1>
[E:\Program Files\HFGameOPT\FNSocket.dll] <><4, 0, 1, 0>
[E:\Program Files\HFGameOPT\IMRes.dll] <><1, 0, 0, 1>
[E:\Program Files\HFGameOPT\GameRes.dll] <上海浩方在线信息技术有限公司><3, 6, 0, 0>
[E:\Program Files\HFGameOPT\AdsManager.dll] <N/A><N/A>
[E:\Program Files\HFGameOPT\ChannelManager.dll] <><1, 0, 0, 1>
[PID: 2080][C:\WINDOWS\System32\Rundll32.exe] <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[C:\PROGRA~1\HBClient\hbhelper.dll] <Shanghai Henbang Technology Co., Ltd><1, 1, 3, 3>
[PID: 2184][E:\BITCOMET\BitComet.exe] <www.BitComet.com><0.66>
[PID: 2668][C:\Documents and Settings\CAT\桌面\SREng.exe] <Smallfrogs Studio><2.0.12.350>

==================================
文件关联
.TXT OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.EXE Error. [WindowFiles]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

花落花又开 - 2006-5-1 22:11:00

引用:

【LaShiDe的贴子】我已经按你说的做了,但是在添加删除程序中没有很棒小秘书与MMSASS,这几个文件无法被删除(磁盘未满或未写保护,...而且文件未被使用)C:\PROGRA~1\MMSASS~1
C:\WINDOWS\SYSTEM32\stdup.dll
C:\WINDOWS\system32\WinSC32.dll
C:\PROGRA~1\HBClient........重启后还是老样子...
...........................

关于stdup.dll请参考：http://forum.ikaka.com/topic.asp?board=67&artid=7423269

其他的重启后删除或使用killbox在安全模式下删除。killbox这个工具下载和介绍见置顶帖

我无邪 - 2006-5-1 22:34:00

运行System Repair Engineer，使用“系统修复，文件关联，勾选“全选”点“修复”使所有扩展名都恢复正常。
开始→运行→services.msc→确定→查找ClipManager，StdService ，wint→双击→启动类型→禁止→停止→应用→确定。终止ClipManager，StdService ，wint这3个服务。
建议你下载超级兔子。
http://www.pctutu.com/download.asp
安装好后，打开“超级兔子优化王”“专业卸载兔子所提示的流氓软件（桌面传媒，小秘书，等），卸载重启后
ALT+CTRL+DEL调出任务管理器，终止所有RUNDLL32.EXE 的进程，NTdhcp.exe，spoolsv32.exe等相关进程。
(请逐一按以上顺序的方法来解决问题，不要略过)
运行System Repair Engineer，使用“启动项目，注册表”“系统修复，浏览器加载项”来删除以下选项。
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<Spoolsv><C:\WINDOWS\System32\spoolsv32.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<*Spoolsv><C:\WINDOWS\System32\spoolsv32.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<IEXPLORE.EXE><IEXPLORE.EXE http://%67%6F%6F%67%6C%65%2E%71%71%31%32%33%34%2E%63%6E>
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Spoolsv><C:\WINDOWS\System32\spoolsv32.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<*Spoolsv><C:\WINDOWS\System32\spoolsv32.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<IFO><C:\WINDOWS\System32\ieinfo.exe>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<dmastu><; rundll32.exe C:\PROGRA~1\DESKTO~1\Cast\dmipn.dll,Always>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<MSService_v1.0><; C:\WINDOWS\system\vfp104.exe>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<NTdhcp><; C:\WINDOWS\System32\NTdhcp.exe>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<RichMedia><; C:\WINDOWS\System32\Rundll32.exe "C:\PROGRA~1\HBClient\hbhelper.dll",WaitWindows
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<Spoolsv><; C:\WINDOWS\System32\spoolsv32.exe>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<supdate2.dll><; RUNDLL32.EXE C:\WINDOWS\System32\supdate2.dll,Run>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<Update><; C:\Program Files\Common Files\UPDAT\Update.exe>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<Windir><; C:\WINDOWS\System32\Windir.exe>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<Windir><; C:\WINDOWS\System32\Windir.exe>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<Windows Management Instrumentation><; wmimgr.exe>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<WindowsUpdate><; C:\WINDOWS\System32\WindowsUpdate.exe>
wmpdrm]
{0E674588-66B7-4E19-9D0E-2053B800F69F} <C:\WINDOWS\System32\wmpdrm.dll, N/A>
[IDDTInitObj Class]
{15DDE989-CD45-4561-BF99-D22C0D5C2B74} <C:\WINDOWS\DOWNLO~1\ddtinit.dll, N/A>
[QuickBtn]
{1A199C20-DE2B-4838-AE3F-B5257ECE2B7E} <C:\Program Files\CoolWebsite\QuickLink.dll, N/A
[HBObject Class]
{AE22AFE5-1EF4-4D25-9E23-D2825FB17DA1} <C:\PROGRA~1\HBClient\hbhelper.dll, Shanghai Henbang Technology Co., Ltd>
QuickBtn]
{1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} <C:\Program Files\CoolWebsite\QuickLink.dll, N/A>
[玩一下小游戏]
{6713E8D2-850A-101B-AFC0-4210102A8DA7} <http://www.wanyixia.com/#i, N/A>
IDDTInitObj Class]
{15DDE989-CD45-4561-BF99-D22C0D5C2B74} <C:\WINDOWS\DOWNLO~1\ddtinit.dll, N/A>

瑞星卡卡安全论坛