瑞星卡卡安全论坛

请帮忙,电脑开机超慢,而且关不了机!!麻烦大家帮帮忙~
HijackThis_zww汉化版扫描日志 V1.99.1
保存于      23:17:35, 日期 2006-6-2
操作系统：  Windows XP SP2 (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\KWatch.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\VM_STI.EXE
D:\KAVStart.exe
C:\windows\winass.exe
C:\WINDOWS\system32\ctfmon.exe
D:\KPfwSvc.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
D:\KPFW32.EXE
D:\KMailMon.EXE
C:\WINDOWS\system32\svchost.exe
E:\tt浏览\TTraveler.exe
E:\HijackThis1991zww.exe

O2 - BHO: MyIEHelper Class - {16A770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\IEHelper\IEHelper_4524.dll
O2 - BHO: CAISHOW TOOLBAR - {3AF40CB8-B3BA-4E2D-8968-4BF8DB172997} - C:\Program Files\CaiShow Tech\CaiShow\BrowerHelper.dll (file missing)
O2 - BHO: 网络加速 - {5673A7C0-95CC-4646-BB07-3BD71234CEF9} - C:\WINDOWS\system32\MicrosoftNet.dll
O2 - BHO: IEYHlprObj Class - {5C761D09-377E-4EAC-ADA1-C9CDE39B5674} - C:\WINDOWS\IEYHelper.dll
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - (no file)
O2 - BHO: Internet_Explorer_Service - {9E1E1371-9D8F-4421-81B9-F8D2E1773A59} - C:\WINDOWS\system32\HelperService.dll
O2 - BHO: estAliveObj Class - {A2B7A0F0-B697-4A71-8D91-43443F57D7BB} - C:\WINDOWS\estAlive.dll
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - D:\kugoo\KuGoo3\KuGoo3DownXControl.ocx
O3 - IE工具栏增项: 系统标准按钮(&E) - {6B2455FD-3669-4555-8DF8-69FD5BC846F8} - C:\WINDOWS\system32\SystemToolbar.dll
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [SoundMan] SOUNDMAN.EXE
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - 启动项HKLM\\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - 启动项HKLM\\Run: [supdate2.dll] RUNDLL32.EXE C:\WINDOWS\system32\supdate2.dll,Run
O4 - 启动项HKLM\\Run: [KavStart] "D:\KAVStart.exe" -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [KavPFW] "D:\KPFW32.EXE"
O4 - HKCU\..\Run: [msq] C:\WINDOWS\bartest.exe
O4 - HKCU\..\Run: [caishowmanage] C:\Program Files\CaiShow Tech\CaiShow\UpdateManager.EXE
O8 - IE右键菜单中的新增项目: 使用KuGoo3下载(&K) - D:\kugoo\KuGoo3\KuGoo3DownX.htm
O8 - IE右键菜单中的新增项目: 用炫彩图铃发送该图片 - C:\Program Files\CaiShow Tech\CaiShow\SendMMS.htm
O8 - IE右键菜单中的新增项目: 百度-搜索MP3 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUMP3.HTM
O8 - IE右键菜单中的新增项目: 百度-搜索图片 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUIMG.HTM
O8 - IE右键菜单中的新增项目: 百度-搜索新闻 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUNEWS.HTM
O8 - IE右键菜单中的新增项目: 百度-搜索歌词 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDULYRIC.HTM
O8 - IE右键菜单中的新增项目: 百度-搜索网页 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUSEARCH.HTM
O8 - IE右键菜单中的新增项目: 百度-搜索贴吧 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUPOST.HTM
O8 - IE右键菜单中的新增项目: 百度-词典搜索 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDU_DIC.HTM
O9 - 浏览器额外的按钮: 比较购物搜索 - {A36ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINDOWS\YayaBands.dll
O9 - 浏览器额外的“工具”菜单项: The AskYaya VerticalBar - {A36ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINDOWS\YayaBands.dll
O14 - IERESET.INF: START_PAGE_URL=about:blank
O18 - 列举现有的协议: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - NT 服务: Kingsoft Personal Firewall Service (KPfwSvc) - Kingsoft Corporation - D:\KPfwSvc.EXE
O23 - NT 服务: Kingsoft Antivirus KWatch Service (KWatchSvc) - Kingsoft Corporation - D:\KWatch.EXE
O23 - NT 服务: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

还有这个日志:
2006-06-02,23:19:37

System Repair Engineer 2.0.12.350 (2.0 RC 1)
    Windows XP Professional Service Pack 2 - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <msnmsgr><"C:\Program Files\MSN Messenger\msnmsgr.exe" /background>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <KavPFW><"D:\KPFW32.EXE">
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <msq><C:\WINDOWS\bartest.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <caishowmanage><C:\Program Files\CaiShow Tech\CaiShow\UpdateManager.EXE>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <load><>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <SoundMan><SOUNDMAN.EXE>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <BigDogPath><C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <supdate2.dll><RUNDLL32.EXE C:\WINDOWS\system32\supdate2.dll,Run>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <KavStart><"D:\KAVStart.exe" -startup>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <shell><Explorer.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <Userinit><C:\WINDOWS\system32\userinit.exe,>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <AppInit_DLLs><>

==================================
启动文件夹
服务
[Kingsoft Personal Firewall Service / KPfwSvc]
  <"D:\KPfwSvc.EXE"><Kingsoft Corporation>
[Kingsoft Antivirus KWatch Service / KWatchSvc]
  <D:\KWatch.EXE><Kingsoft Corporation>
[Remote Packet Capture Protocol v.0 (experimental) / rpcapd]
  <"C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini"><N/A>
[Distributed Application Client / SoSCAR]
  <C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A>

==================================
浏览器加载项
[MyIEHelper Class]
  {16A770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\IEHelper\IEHelper_4524.dll, Microsoft Corporation>
[CaiShowBH Class]
  {3AF40CB8-B3BA-4E2D-8968-4BF8DB172997} <C:\Program Files\CaiShow Tech\CaiShow\BrowerHelper.dll, N/A>
[NetAccelerate Class]
  {5673A7C0-95CC-4646-BB07-3BD71234CEF9} <C:\WINDOWS\system32\MicrosoftNet.dll, TODO: <公司名>>
[IEYHlprObj Class]
  {5C761D09-377E-4EAC-ADA1-C9CDE39B5674} <C:\WINDOWS\IEYHelper.dll, Eastday Corporation>
[BandIE Class]
  {77FEF28E-EB96-44FF-B511-3185DEA48697} <, N/A>
[Internet_Explorer_Service]
  {9E1E1371-9D8F-4421-81B9-F8D2E1773A59} <C:\WINDOWS\system32\HelperService.dll, N/A>
[estAliveObj Class]
  {A2B7A0F0-B697-4A71-8D91-43443F57D7BB} <C:\WINDOWS\estAlive.dll, Eastday Corporation>
[]
  {A9930D97-9CF0-42A0-A10D-4F28836579D5} <D:\kugoo\KuGoo3\KuGoo3DownXControl.ocx, N/A>
[比较购物搜索(&C)]
  {A36ABCF0-1C8F-46e7-A67C-0489DC21B9CC} <C:\WINDOWS\YayaBands.dll, Eastday Corporation>
[系统标准按钮(&E)]
  {6B2455FD-3669-4555-8DF8-69FD5BC846F8} <C:\WINDOWS\system32\SystemToolbar.dll, N/A>
[Google Script Object]
  {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, N/A>
[ActiveMovieControl Object]
  {05589FA1-C356-11CE-BF01-00AA0055595A} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[Web Browser Applet Control]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\msjava.dll, Microsoft Corporation>
[MyIEHelper Class]
  {16A770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\IEHelper\IEHelper_4524.dll, Microsoft Corporation>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[HtmlDlgSafeHelper Class]
  {3050F819-98B5-11CF-BB82-00AA00BDCE0B} <C:\WINDOWS\system32\mshtmled.dll, Microsoft Corporation>
[Tabular Data Control]
  {333C7BC4-460F-11D0-BC04-0080C7055A83} <C:\WINDOWS\system32\tdc.ocx, Microsoft Corporation>
[CaiShowBH Class]
  {3AF40CB8-B3BA-4E2D-8968-4BF8DB172997} <C:\Program Files\CaiShow Tech\CaiShow\BrowerHelper.dll, N/A>
[HHCtrl Object]
  {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[NetAccelerate Class]
  {5673A7C0-95CC-4646-BB07-3BD71234CEF9} <C:\WINDOWS\system32\MicrosoftNet.dll, TODO: <公司名>>
[IEYHlprObj Class]
  {5C761D09-377E-4EAC-ADA1-C9CDE39B5674} <C:\WINDOWS\IEYHelper.dll, Eastday Corporation>
[系统标准按钮(&E)]
  {6B2455FD-3669-4555-8DF8-69FD5BC846F8} <C:\WINDOWS\system32\SystemToolbar.dll, N/A>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Active Desktop Mover]
  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[BandIE Class]
  {77FEF28E-EB96-44FF-B511-3185DEA48697} <, N/A>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Internet_Explorer_Service]
  {9E1E1371-9D8F-4421-81B9-F8D2E1773A59} <C:\WINDOWS\system32\HelperService.dll, N/A>
[estAliveObj Class]
  {A2B7A0F0-B697-4A71-8D91-43443F57D7BB} <C:\WINDOWS\estAlive.dll, Eastday Corporation>
[estInsObj Class]
  {A927C078-E82F-471B-83F5-3D1504F7D01B} <C:\WINDOWS\estAlive.dll, Eastday Corporation>
[]
  {A9930D97-9CF0-42A0-A10D-4F28836579D5} <D:\kugoo\KuGoo3\KuGoo3DownXControl.ocx, N/A>
[HBObject Class]
  {AE22AFE5-1EF4-4D25-9E23-D2825FB17DA1} <C:\PROGRA~1\hbclient\HBHelper.dll, N/A>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[使用KuGoo3下载(&K)]
  <D:\kugoo\KuGoo3\KuGoo3DownX.htm, N/A>
[用炫彩图铃发送该图片]
  <C:\Program Files\CaiShow Tech\CaiShow\SendMMS.htm, N/A>
[百度-搜索MP3]
  <res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUMP3.HTM, N/A>
[百度-搜索图片]
  <res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUIMG.HTM, N/A>
[百度-搜索新闻]
  <res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUNEWS.HTM, N/A>
[百度-搜索歌词]
  <res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDULYRIC.HTM, N/A>
[百度-搜索网页]
  <res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUSEARCH.HTM, N/A>
[百度-搜索贴吧]
  <res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUPOST.HTM, N/A>
[百度-词典搜索]
  <res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDU_DIC.HTM, N/A>

==================================
正在运行的进程
[PID: 532][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 600][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 632][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 676][C:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 688][C:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 840][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 904][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1000][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1040][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1176][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1360][D:\KWatch.EXE]  <Kingsoft Corporation><2005, 9, 27, 51>
    [D:\KAVIPC2.DLL]  <Kingsoft Corporation><2004, 12, 28, 20>
    [D:\KAEPlat.DLL]  <Kingsoft Corp.><2004, 11, 26, 53>
    [D:\KAEMem.DAT]  <Kingsoft><2004, 11, 9, 11>
[PID: 1428][C:\WINDOWS\system32\spoolsv.exe]  <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[PID: 1736][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [D:\KASocket.dll]  <Kingsoft Corporation><2005, 2, 22, 233>
    [C:\Program Files\Common Files\Adobe\Shell\PSICON.DLL]  <Adobe Systems, Incorporated><6.0>
[PID: 1864][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  <RealNetworks, Inc.><0.1.0.3510>
    [D:\KASocket.dll]  <Kingsoft Corporation><2005, 2, 22, 233>
[PID: 1872][C:\WINDOWS\VM_STI.EXE]  <VM.><4.2.610.4>
    [C:\WINDOWS\system32\msdmo.dll]  <N/A><N/A>
[PID: 1920][D:\KAVStart.exe]  <Kingsoft Corporation><2005, 11, 2, 173>
    [D:\KAVIPC2.DLL]  <Kingsoft Corporation><2004, 12, 28, 20>
    [D:\PopSprt3.dll]  <Kingsoft Corporation><2005, 11, 2, 27>
    [D:\KAVPassp.dll]  <Kingsoft Corporation><2005, 11, 3, 220>
    [D:\KASocket.dll]  <Kingsoft Corporation><2005, 2, 22, 233>
[PID: 1928][C:\windows\winass.exe]  < ><5.01.2727>
    [D:\KASocket.dll]  <Kingsoft Corporation><2005, 2, 22, 233>
[PID: 1940][C:\WINDOWS\system32\ctfmon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [D:\KASocket.dll]  <Kingsoft Corporation><2005, 2, 22, 233>
[PID: 1988][D:\KPfwSvc.EXE]  <Kingsoft Corporation><2005, 9, 5, 28>
[PID: 1996][C:\Program Files\MSN Messenger\msnmsgr.exe]  <Microsoft Corporation><7.5.0306>
    [D:\KASocket.dll]  <Kingsoft Corporation><2005, 2, 22, 233>
    [C:\WINDOWS\system32\msdmo.dll]  <N/A><N/A>
[PID: 172][C:\WINDOWS\SYSTEM32\RUNDLL32.EXE]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 192][D:\KPFW32.EXE]  <Kingsoft Corporation><2005, 10, 27, 596>
    [D:\KAVIPC2.DLL]  <Kingsoft Corporation><2004, 12, 28, 20>
    [D:\KAConfig.DLL]  <Kingsoft Corporation><2005, 3, 23, 30>
    [D:\FiltList.dll]  <N/A><N/A>
    [D:\KAVPassp.DLL]  <Kingsoft Corporation><2005, 11, 3, 220>
    [D:\KASocket.dll]  <Kingsoft Corporation><2005, 2, 22, 233>
    [D:\KAEPlat.DLL]  <Kingsoft Corp.><2004, 11, 26, 53>
    [D:\KAEMem.DAT]  <Kingsoft><2004, 11, 9, 11>
    [D:\KAScript.DLL]  <Kingsoft Corporation><2005, 10, 26, 58>
[PID: 384][D:\KMailMon.EXE]  <Kingsoft Corporation><2005, 10, 8, 85>
    [D:\KAntiSpm.dll]  <N/A><1, 0, 0, 2>
    [D:\KAVIPC2.DLL]  <Kingsoft Corporation><2004, 12, 28, 20>
    [D:\KAECall2.DLL]  <Kingsoft Corporation><2004, 12, 28, 7>
    [D:\KAEPlat.DLL]  <Kingsoft Corp.><2004, 11, 26, 53>
    [D:\KAEMem.DAT]  <Kingsoft><2004, 11, 9, 11>
    [D:\KAConfig.DLL]  <Kingsoft Corporation><2005, 3, 23, 30>
    [D:\KASocket.dll]  <Kingsoft Corporation><2005, 2, 22, 233>
[PID: 864][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 492][C:\WINDOWS\System32\alg.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2892][E:\tt浏览\TTraveler.exe]  <腾讯公司><3.0.0.250>
    [D:\KASocket.dll]  <Kingsoft Corporation><2005, 2, 22, 233>
    [E:\tt浏览\Plugins\QQFloatBar\QQFloatBar4TT2.dll]  <腾讯公司><1, 1, 0, 5>
    [E:\tt浏览\Plugins\TWeather\TWeather.dll]  <><1, 0, 0, 3>
    [E:\tt浏览\PersonalDesktop.dll]  <深圳市腾讯计算机系统公司QQ工作小组><1, 0, 0, 4>
    [D:\KAScript.DLL]  <Kingsoft Corporation><2005, 10, 26, 58>
    [D:\KAEPlat.DLL]  <Kingsoft Corp.><2004, 11, 26, 53>
    [D:\KAEMem.DAT]  <Kingsoft><2004, 11, 9, 11>
    [C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx]  <Macromedia, Inc.><8,0,24,0>
    [C:\WINDOWS\system32\UNISPIM.IME]  <北京清华紫光软件股份有限公司><3.0.0.3045>
[PID: 3912][C:\Program Files\Windows NT\Accessories\WORDPAD.EXE]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [D:\KASocket.dll]  <Kingsoft Corporation><2005, 2, 22, 233>
[PID: 3924][E:\sreng2\SREng.exe]  <Smallfrogs Studio><2.0.12.350>
    [D:\KASocket.dll]  <Kingsoft Corporation><2005, 2, 22, 233>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

2006年6月2日
系统事件：内存中发现木马!
木马名称：Backdoor.GrayBird.ad.2087
木马从内存中清除成功!

木马在硬盘清除成功!
c:\windows\system32\iexplorer.exe

系统事件：内存中发现木马!
木马名称：Adware.Cdn.4791
木马从内存中清除成功!

木马在硬盘清除成功!
c:\program files\cnnic\cdn\cdnup.exe

系统事件：启动项目中发现木马!
木马名称：Windows 2000/XP 系统文件保护.2
木马启动项：chaster
木马从启动项目中清除成功!
c:\windows\svchost.exe

木马在硬盘清除成功!
c:\windows\svchost.exe

系统事件：启动项目中发现木马!
木马名称：DLOADER.Trojan.5798
木马启动项：res
木马从启动项目中清除成功!
c:\windows\system32\res.exe

木马在硬盘清除成功!
c:\windows\system32\res.exe

系统事件：启动项目中发现木马!
木马名称：Troj.PSWQQDragon.r.2158
木马启动项：rundll32
木马从启动项目中清除成功!
c:\windows\system32\iexplorer.exe

系统事件：启动项目中发现木马!
木马名称：Backdoor.GrayBird.ad.2087
木马启动项：rundll32
木马从启动项目中清除成功!
c:\windows\system32\iexplorer.exe

系统事件：启动项目中发现木马!
木马名称：CNNIC.adware.2111
木马启动项：cdnctr
木马从启动项目中清除成功!
c:\program files\cnnic\cdn\cdnup.exe

系统事件：启动项目中发现木马!
木马名称：Adware.Cdn.4791
木马启动项：cdnctr
木马从启动项目中清除成功!
c:\program files\cnnic\cdn\cdnup.exe

内存中发现木马模块!C:\WINDOWS\system32\cdnns.dll-=>Adware.Cdn.4547
木马在硬盘清除成功!
C:\WINDOWS\system32\cdnns.dll

系统事件：已发现伪系统木马!
木马名称：Adware.cdn.2124
木马路径：C:\WINDOWS\system32\cns.exe
处理方式：隔离 成功


系统事件：已发现木马!
木马名称：Adware.Cdn.4789
木马路径：C:\WINDOWS\system32\cdnprot.dat
处理方式：隔离 成功
C:\WINDOWS\system32\cdnprot.dat

系统事件：已发现木马!
木马名称：CNNIC.adware.2116
木马路径：C:\WINDOWS\system32\drivers\cdntran.sys
处理方式：隔离 成功
C:\WINDOWS\system32\drivers\cdntran.sys

系统事件：已发现木马!
木马名称：CNNIC.adware.2112
木马路径：C:\WINDOWS\system32\drivers\cdnprot.sys
处理方式：隔离 成功
C:\WINDOWS\system32\drivers\cdnprot.sys

2006年6月2日
系统事件：已发现木马!
木马名称：Adware.Cdn.5237
木马路径：C:\Documents and Settings\123\Local Settings\Temp\se91\se91.exe
处理方式：删除 成功

系统事件：已发现木马!
木马名称：Adware.Cdn.4781
木马路径：C:\Documents and Settings\123\Local Settings\Temp\se91\cdnaux.dll
处理方式：隔离 成功
C:\Documents and Settings\123\Local Settings\Temp\se91\cdnaux.dll

系统事件：已发现木马!
木马名称：Adware.Cdn.4783
木马路径：C:\Documents and Settings\123\Local Settings\Temp\se91\cdndet.dll
处理方式：隔离 成功
C:\Documents and Settings\123\Local Settings\Temp\se91\cdndet.dll

系统事件：已发现木马!
木马名称：Adware.Cdn.4784
木马路径：C:\Documents and Settings\123\Local Settings\Temp\se91\cdndisp.dat
处理方式：隔离 成功
C:\Documents and Settings\123\Local Settings\Temp\se91\cdndisp.dat

系统事件：已发现木马!
木马名称：Adware.Cdn.4786
木马路径：C:\Documents and Settings\123\Local Settings\Temp\se91\cdnhint.dat
处理方式：隔离 成功
C:\Documents and Settings\123\Local Settings\Temp\se91\cdnhint.dat

系统事件：已发现木马!
木马名称：CNNIC.adware.2114
木马路径：C:\Documents and Settings\123\Local Settings\Temp\se91\cdnins.dll
处理方式：隔离 成功
C:\Documents and Settings\123\Local Settings\Temp\se91\cdnins.dll

系统事件：已发现木马!
木马名称：CNNIC.adware.2113
木马路径：C:\Documents and Settings\123\Local Settings\Temp\se91\cdnns.dll
处理方式：隔离 成功
C:\Documents and Settings\123\Local Settings\Temp\se91\cdnns.dll

系统事件：已发现木马!
木马名称：Adware.Cdn.4788
木马路径：C:\Documents and Settings\123\Local Settings\Temp\se91\cdnprh.dll
处理方式：隔离 成功
C:\Documents and Settings\123\Local Settings\Temp\se91\cdnprh.dll

系统事件：已发现木马!
木马名称：Adware.Cdn.4789
木马路径：C:\Documents and Settings\123\Local Settings\Temp\se91\cdnprot.dat
处理方式：隔离 成功
C:\Documents and Settings\123\Local Settings\Temp\se91\cdnprot.dat

系统事件：已发现木马!
木马名称：CNNIC.adware.2112
木马路径：C:\Documents and Settings\123\Local Settings\Temp\se91\cdnprot.sys
处理方式：隔离 成功
C:\Documents and Settings\123\Local Settings\Temp\se91\cdnprot.sys

系统事件：已发现木马!
木马名称：CNNIC.adware.2115
木马路径：C:\Documents and Settings\123\Local Settings\Temp\se91\cdnprot.vxd
处理方式：隔离 成功
C:\Documents and Settings\123\Local Settings\Temp\se91\cdnprot.vxd

系统事件：已发现木马!
木马名称：Adware.Cdn.4790
木马路径：C:\Documents and Settings\123\Local Settings\Temp\se91\cdnspie.dll
处理方式：隔离 成功
C:\Documents and Settings\123\Local Settings\Temp\se91\cdnspie.dll

系统事件：已发现木马!
木马名称：CNNIC.adware.2116
木马路径：C:\Documents and Settings\123\Local Settings\Temp\se91\cdntran.sys
处理方式：隔离 成功
C:\Documents and Settings\123\Local Settings\Temp\se91\cdntran.sys

系统事件：已发现木马!
木马名称：Adware.Cdn.4791
木马路径：C:\Documents and Settings\123\Local Settings\Temp\se91\cdnup.exe
处理方式：隔离 成功
C:\Documents and Settings\123\Local Settings\Temp\se91\cdnup.exe

系统事件：已发现木马!
木马名称：Adware.Cdn.4792
木马路径：C:\Documents and Settings\123\Local Settings\Temp\se91\cdnvers.dat
处理方式：隔离 成功
C:\Documents and Settings\123\Local Settings\Temp\se91\cdnvers.dat

系统事件：已发现木马!
木马名称：Backdoor.GrayBird.ad.2087
木马路径：C:\Program Files\weather report\IEXPLORER.EXE
处理方式：隔离 成功
C:\Program Files\weather report\IEXPLORER.EXE

系统事件：已发现木马!
木马名称：zhongshou.adware.3534
木马路径：C:\Program Files\HuaCi\huaci\Mouse1.dll
处理方式：删除 成功

还有,不知道哪里来了个百度搜索的,怎样都卸不了啊,每当我关机就会显示什么程序"0000000"的,然后就自动从启,请大家帮忙了~~

电脑好象出现好多病毒了,可以解决吗?我希望不用重装啊,因为我不懂~~拜托大家帮忙~

ALT+CTRL+DELETE调出任务管理器,终止所有RUNDLL32.EXE 的进程
关闭所有浏览窗口以及一些不必要的程序
运行Hijackthis，扫描结束后在下列选项前打上勾，然后选"修复""
O2 - BHO: MyIEHelper Class - {16A770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\IEHelper\IEHelper_4524.dll
O2 - BHO: CAISHOW TOOLBAR - {3AF40CB8-B3BA-4E2D-8968-4BF8DB172997} - C:\Program Files\CaiShow Tech\CaiShow\BrowerHelper.dll (file missing)
O2 - BHO: 网络加速 - {5673A7C0-95CC-4646-BB07-3BD71234CEF9} - C:\WINDOWS\system32\MicrosoftNet.dll
O2 - BHO: IEYHlprObj Class - {5C761D09-377E-4EAC-ADA1-C9CDE39B5674} - C:\WINDOWS\IEYHelper.dll
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - (no file)
O2 - BHO: Internet_Explorer_Service - {9E1E1371-9D8F-4421-81B9-F8D2E1773A59} - C:\WINDOWS\system32\HelperService.dll
O2 - BHO: estAliveObj Class - {A2B7A0F0-B697-4A71-8D91-43443F57D7BB} - C:\WINDOWS\estAlive.dll
O3 - IE工具栏增项: 系统标准按钮(&E) - {6B2455FD-3669-4555-8DF8-69FD5BC846F8} - C:\WINDOWS\system32\SystemToolbar.dll
O4 - 启动项HKLM\\Run: [supdate2.dll] RUNDLL32.EXE C:\WINDOWS\system32\supdate2.dll,Run
运行System Repair Engineer，点“启动项目，服务，勾选“隐藏微软服务”选中病毒服务Distributed Application Client，选择“删除所选服务”“否”最后重启
删除
C:\WINDOWS\system32\supdate2.dll
C:\WINDOWS\system32\SystemToolbar.dll
C:\WINDOWS\estAlive.dll
C:\WINDOWS\system32\HelperService.dll
C:\WINDOWS\IEYHelper.dll
C:\WINDOWS\system32\MicrosoftNet.dll
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\IEHelper\IEHelper_4524.dll
C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL

【回复“我无邪”的帖子】谢谢你详细的解答

C:\WINDOWS\estAlive.dll
C:\WINDOWS\system32\HelperService.dll
C:\WINDOWS\IEYHelper.dll
C:\WINDOWS\system32\MicrosoftNet.dll
C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\IEHelper\IEHelper_4524.dll
C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL
这几个都找不到啊,请问???

HijackThis_zww汉化版扫描日志 V1.99.1
保存于      1:32:11, 日期 2006-6-3
操作系统：  Windows XP SP2 (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
D:\KWatch.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\KPfwSvc.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\VM_STI.EXE
D:\KAVStart.exe
C:\windows\winass.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
D:\KPFW32.EXE
D:\KMailMon.EXE
E:\tt浏览\TTraveler.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
E:\HijackThis1991zww.exe

O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - D:\kugoo\KuGoo3\KuGoo3DownXControl.ocx
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\system32\IEHelper.dll
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [SoundMan] SOUNDMAN.EXE
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - 启动项HKLM\\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - 启动项HKLM\\Run: [KavStart] "D:\KAVStart.exe" -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [KavPFW] "D:\KPFW32.EXE"
O4 - HKCU\..\Run: [msq] C:\WINDOWS\bartest.exe
O4 - HKCU\..\Run: [caishowmanage] C:\Program Files\CaiShow Tech\CaiShow\UpdateManager.EXE
O8 - IE右键菜单中的新增项目: 使用KuGoo3下载(&K) - D:\kugoo\KuGoo3\KuGoo3DownX.htm
O8 - IE右键菜单中的新增项目: 用炫彩图铃发送该图片 - C:\Program Files\CaiShow Tech\CaiShow\SendMMS.htm
O8 - IE右键菜单中的新增项目: 百度-搜索MP3 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUMP3.HTM
O8 - IE右键菜单中的新增项目: 百度-搜索图片 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUIMG.HTM
O8 - IE右键菜单中的新增项目: 百度-搜索新闻 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUNEWS.HTM
O8 - IE右键菜单中的新增项目: 百度-搜索歌词 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDULYRIC.HTM
O8 - IE右键菜单中的新增项目: 百度-搜索网页 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUSEARCH.HTM
O8 - IE右键菜单中的新增项目: 百度-搜索贴吧 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUPOST.HTM
O8 - IE右键菜单中的新增项目: 百度-词典搜索 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDU_DIC.HTM
O9 - 浏览器额外的按钮: 比较购物搜索 - {A36ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINDOWS\YayaBands.dll
O9 - 浏览器额外的“工具”菜单项: The AskYaya VerticalBar - {A36ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINDOWS\YayaBands.dll
O14 - IERESET.INF: START_PAGE_URL=about:blank
O18 - 列举现有的协议: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - NT 服务: Kingsoft Personal Firewall Service (KPfwSvc) - Kingsoft Corporation - D:\KPfwSvc.EXE
O23 - NT 服务: Kingsoft Antivirus KWatch Service (KWatchSvc) - Kingsoft Corporation - D:\KWatch.EXE
O23 - NT 服务: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
这是新的

C:\windows\winass.exe
C:\WINDOWS\bartest.exe
以上两项，可疑，如果你也不知道，建议修复。
如果你也不知道，也请一并修复它

ALT+CTRL+DELETE调出任务管理器,终止所有bartest.exe，winass.exe的进程，如果有的话。
关闭所有浏览窗口以及一些不必要的程序
运行Hijackthis，扫描结束后在下列选项前打上勾，然后选"修复""

O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\system32\IEHelper.dll

这项是什么O4 - HKCU\..\Run: [msq] C:\WINDOWS\bartest.exe
删除 C:\WINDOWS\bartest.exe
C:\windows\winass.exe
C:\WINDOWS\system32\IEHelper.dll

如果还有问题，请使用System Repair Engineer扫份报告粘上来。

2006-06-03,02:13:31

System Repair Engineer 2.0.12.350 (2.0 RC 1)
    Windows XP Professional Service Pack 2 - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <msnmsgr><"C:\Program Files\MSN Messenger\msnmsgr.exe" /background>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <KavPFW><"D:\KPFW32.EXE">
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <caishowmanage><C:\Program Files\CaiShow Tech\CaiShow\UpdateManager.EXE>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <load><>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <SoundMan><SOUNDMAN.EXE>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <BigDogPath><C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <KavStart><"D:\KAVStart.exe" -startup>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <shell><Explorer.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <Userinit><C:\WINDOWS\system32\userinit.exe,>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <AppInit_DLLs><>

==================================
启动文件夹
服务
[Kingsoft Personal Firewall Service / KPfwSvc]
  <"D:\KPfwSvc.EXE"><Kingsoft Corporation>
[Kingsoft Antivirus KWatch Service / KWatchSvc]
  <D:\KWatch.EXE><Kingsoft Corporation>
[Remote Packet Capture Protocol v.0 (experimental) / rpcapd]
  <"C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini"><N/A>

==================================
浏览器加载项
[]
  {A9930D97-9CF0-42A0-A10D-4F28836579D5} <D:\kugoo\KuGoo3\KuGoo3DownXControl.ocx, N/A>
[比较购物搜索(&C)]
  {A36ABCF0-1C8F-46e7-A67C-0489DC21B9CC} <C:\WINDOWS\YayaBands.dll, Eastday Corporation>
[Google Script Object]
  {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, N/A>
[ActiveMovieControl Object]
  {05589FA1-C356-11CE-BF01-00AA0055595A} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[Web Browser Applet Control]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\msjava.dll, Microsoft Corporation>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[HtmlDlgSafeHelper Class]
  {3050F819-98B5-11CF-BB82-00AA00BDCE0B} <C:\WINDOWS\system32\mshtmled.dll, Microsoft Corporation>
[Tabular Data Control]
  {333C7BC4-460F-11D0-BC04-0080C7055A83} <C:\WINDOWS\system32\tdc.ocx, Microsoft Corporation>
[HHCtrl Object]
  {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[系统标准按钮(&E)]
  {6B2455FD-3669-4555-8DF8-69FD5BC846F8} <C:\WINDOWS\system32\SystemToolbar.dll, N/A>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Active Desktop Mover]
  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[estInsObj Class]
  {A927C078-E82F-471B-83F5-3D1504F7D01B} <C:\WINDOWS\estAlive.dll, N/A>
[]
  {A9930D97-9CF0-42A0-A10D-4F28836579D5} <D:\kugoo\KuGoo3\KuGoo3DownXControl.ocx, N/A>
[HBObject Class]
  {AE22AFE5-1EF4-4D25-9E23-D2825FB17DA1} <C:\PROGRA~1\hbclient\HBHelper.dll, N/A>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[使用KuGoo3下载(&K)]
  <D:\kugoo\KuGoo3\KuGoo3DownX.htm, N/A>
[用炫彩图铃发送该图片]
  <C:\Program Files\CaiShow Tech\CaiShow\SendMMS.htm, N/A>
[百度-搜索MP3]
  <res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUMP3.HTM, N/A>
[百度-搜索图片]
  <res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUIMG.HTM, N/A>
[百度-搜索新闻]
  <res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUNEWS.HTM, N/A>
[百度-搜索歌词]
  <res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDULYRIC.HTM, N/A>
[百度-搜索网页]
  <res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUSEARCH.HTM, N/A>
[百度-搜索贴吧]
  <res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUPOST.HTM, N/A>
[百度-词典搜索]
  <res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDU_DIC.HTM, N/A>

==================================
正在运行的进程
[PID: 532][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 600][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 632][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 676][C:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 688][C:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 840][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 904][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1000][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1044][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1144][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1360][D:\KWatch.EXE]  <Kingsoft Corporation><2005, 9, 27, 51>
    [D:\KAVIPC2.DLL]  <Kingsoft Corporation><2004, 12, 28, 20>
    [D:\KAEPlat.DLL]  <Kingsoft Corp.><2004, 11, 26, 53>
    [D:\KAEMem.DAT]  <Kingsoft><2004, 11, 9, 11>
[PID: 1428][C:\WINDOWS\system32\spoolsv.exe]  <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[PID: 1736][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [D:\KASocket.dll]  <Kingsoft Corporation><2005, 2, 22, 233>
    [D:\KAScript.DLL]  <Kingsoft Corporation><2005, 10, 26, 58>
    [D:\KAEPlat.DLL]  <Kingsoft Corp.><2004, 11, 26, 53>
    [D:\KAEMem.DAT]  <Kingsoft><2004, 11, 9, 11>
[PID: 1824][D:\KPfwSvc.EXE]  <Kingsoft Corporation><2005, 9, 5, 28>
[PID: 1884][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 220][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  <RealNetworks, Inc.><0.1.0.3510>
    [D:\KASocket.dll]  <Kingsoft Corporation><2005, 2, 22, 233>
[PID: 204][C:\WINDOWS\VM_STI.EXE]  <VM.><4.2.610.4>
    [C:\WINDOWS\system32\msdmo.dll]  <N/A><N/A>
[PID: 232][D:\KAVStart.exe]  <Kingsoft Corporation><2005, 11, 2, 173>
    [D:\KAVIPC2.DLL]  <Kingsoft Corporation><2004, 12, 28, 20>
    [D:\KAVPassp.dll]  <Kingsoft Corporation><2005, 11, 3, 220>
    [D:\PopSprt3.dll]  <Kingsoft Corporation><2005, 11, 2, 27>
    [D:\KASocket.dll]  <Kingsoft Corporation><2005, 2, 22, 233>
[PID: 244][C:\WINDOWS\system32\CTFMON.EXE]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [D:\KASocket.dll]  <Kingsoft Corporation><2005, 2, 22, 233>
[PID: 256][C:\Program Files\MSN Messenger\msnmsgr.exe]  <Microsoft Corporation><7.5.0306>
    [D:\KASocket.dll]  <Kingsoft Corporation><2005, 2, 22, 233>
    [C:\WINDOWS\system32\msdmo.dll]  <N/A><N/A>
[PID: 556][D:\KPFW32.EXE]  <Kingsoft Corporation><2005, 10, 27, 596>
    [D:\KAVIPC2.DLL]  <Kingsoft Corporation><2004, 12, 28, 20>
    [D:\KAConfig.DLL]  <Kingsoft Corporation><2005, 3, 23, 30>
    [D:\FiltList.dll]  <N/A><N/A>
    [D:\KAVPassp.DLL]  <Kingsoft Corporation><2005, 11, 3, 220>
    [D:\KASocket.dll]  <Kingsoft Corporation><2005, 2, 22, 233>
    [D:\KAEPlat.DLL]  <Kingsoft Corp.><2004, 11, 26, 53>
    [D:\KAEMem.DAT]  <Kingsoft><2004, 11, 9, 11>
    [D:\KAScript.DLL]  <Kingsoft Corporation><2005, 10, 26, 58>
[PID: 416][D:\KMailMon.EXE]  <Kingsoft Corporation><2005, 10, 8, 85>
    [D:\KAntiSpm.dll]  <N/A><1, 0, 0, 2>
    [D:\KAVIPC2.DLL]  <Kingsoft Corporation><2004, 12, 28, 20>
    [D:\KAECall2.DLL]  <Kingsoft Corporation><2004, 12, 28, 7>
    [D:\KAEPlat.DLL]  <Kingsoft Corp.><2004, 11, 26, 53>
    [D:\KAEMem.DAT]  <Kingsoft><2004, 11, 9, 11>
    [D:\KAConfig.DLL]  <Kingsoft Corporation><2005, 3, 23, 30>
    [D:\KASocket.dll]  <Kingsoft Corporation><2005, 2, 22, 233>
[PID: 2012][C:\WINDOWS\System32\alg.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2892][E:\tt浏览\TTraveler.exe]  <腾讯公司><3.0.0.250>
    [D:\KASocket.dll]  <Kingsoft Corporation><2005, 2, 22, 233>
    [E:\tt浏览\Plugins\QQFloatBar\QQFloatBar4TT2.dll]  <腾讯公司><1, 1, 0, 5>
    [E:\tt浏览\Plugins\TWeather\TWeather.dll]  <><1, 0, 0, 3>
    [E:\tt浏览\PersonalDesktop.dll]  <深圳市腾讯计算机系统公司QQ工作小组><1, 0, 0, 4>
    [D:\KAScript.DLL]  <Kingsoft Corporation><2005, 10, 26, 58>
    [D:\KAEPlat.DLL]  <Kingsoft Corp.><2004, 11, 26, 53>
    [D:\KAEMem.DAT]  <Kingsoft><2004, 11, 9, 11>
    [C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx]  <Macromedia, Inc.><8,0,24,0>
[PID: 2644][E:\sreng2\SREng.exe]  <Smallfrogs Studio><2.0.12.350>
    [D:\KASocket.dll]  <Kingsoft Corporation><2005, 2, 22, 233>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

还是关不了机啊~麻烦了~~