瑞星卡卡安全论坛

Logfile of HijackThis v1.99.1
Scan saved at 20:42:56, on 2006-6-4
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

运行进程:           
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\program files\rising\rfw\RfwMain.exe
C:\windows\alg.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\Ravmon.exe
C:\Program Files\CNNIC\Cdn\cdnup.exe
C:\windows\services.exe
C:\PROGRA~1\baigoo\bgoomain.exe
C:\WINDOWS\System32\conime.exe
C:\windows\services.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ChinaNetSn\bin\Dialterminal.exe
C:\Program Files\Tencent\QQ.exe
D:\Program Files\Tencent\TIMPlatform.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\notepad.exe
C:\Documents and Settings\桌面\ha-hijackthis1991-xqb\HijackThis.exe

R3 - URLSearchHook: Tencent SearchHook - {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - C:\Program Files\TENCENT\Adplus\SSAddr.dll
F3 - REG:win.ini: load=c:\windows\alg.exe
O2 - BHO: Tencent Browser Helper - {0C7C23EF-A848-485B-873C-0ED954731014} - C:\Program Files\TENCENT\Adplus\SSAddr.dll
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\System32\kakatool.dll
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - HKLM\..\Run: [services] c:\windows\services.exe
O4 - HKLM\..\Run: [bgoomain.exe] C:\PROGRA~1\baigoo\bgoomain.exe
O4 - HKLM\..\Run: [stup.exe] C:\PROGRA~1\TENCENT\Adplus\stup.exe
O4 - HKLM\..\Run: [supdate2.dll] RUNDLL32.EXE C:\WINDOWS\System32\supdate2.dll,Run
O4 - HKCU\..\Run: [services] c:\windows\services.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\SendMMS.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdnns.dll
O11 - Options group: [CDNCLIENT]  中文上网
O11 - Options group: [TBH]  搜搜地址栏搜索
O16 - DPF: {9A578C98-3C2F-4630-890B-FC04196EF420} (CNNIC_IDN) - http://jump.cnnic.cn/stat/stat?sid=0008&debug=false&pid=c_admin88&url=http://client.jogo.cn/download/cnnic/cdn.cab
O16 - DPF: {F138084D-84D7-48CD-BEA8-04772457516E} (VqqSpeedDlProxy Class) - http://218.85.138.27/vqqsdl1009.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{25A003BB-340B-4C9D-A21A-6E840CFFCEA9}: NameServer = 61.134.1.4,61.134.1.9
O17 - HKLM\System\CCS\Services\Tcpip\..\{A74836B2-9CB4-435E-BF47-B768AEAB0EE5}: NameServer = 218.30.19.40 61.134.1.4
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\msvidctl.dll
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (没有文件) 
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll
O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (没有文件) 
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\System32\msdxm.ocx
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll

请到www.27814939.ys168.com下载诺顿进程管理器终止所有RUNDLL32.EXE ，C:\windows\services.exe，c:\windows\alg.exe的进程
关闭所有浏览窗口以及一些不必要的程序
运行Hijackthis，扫描结束后在下列选项前打上勾，然后选"修复""
F3 - REG:win.ini: load=c:\windows\alg.exe
O4 - HKLM\..\Run: [services] c:\windows\services.exe
O4 - HKLM\..\Run: [supdate2.dll] RUNDLL32.EXE C:\WINDOWS\System32\supdate2.dll,Run
O4 - HKCU\..\Run: [services] c:\windows\services.exe
双击我的电脑--工具---文件夹选项--查看--单击选取"显示隐藏文件或文件夹"清除"隐藏受保护的操作系统文件（推荐）"复选框。在提示您确定更改时，单击“是”
删除
C:\windows\alg.exe
C:\windows\services.exe
C:\WINDOWS\System32\supdate2.dll
修复后，请重启
请下载 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完，分次粘完，请不要修改。

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <run><>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <CdnCtr><C:\Program Files\CNNIC\Cdn\cdnup.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <stup.exe><C:\PROGRA~1\TENCENT\Adplus\stup.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
  <CNETHELPER><rundll32.exe C:\PROGRA~1\COMMON~1\system\msdc32.dll,_S1>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
  <DTService><rundll32.exe C:\WINDOWS\System32\DTSERV~1.DLL,Load>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
  <Power><rundll32.exe C:\DOCUME~1\蔡裕连\LOCALS~1\Temp\f3\fwpxres.dll,Start>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <shell><Explorer.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <Userinit><C:\WINDOWS\System32\userinit.exe,>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <AppInit_DLLs><>

==================================
启动文件夹
服务
[Indexing Data / BRGNS]
  <C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A>
[Rising Proxy  Service / RfwProxySrv]
  <c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
  <c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
浏览器加载项
[apronA Class]
  {557B9038-FC87-453C-8B08-32D85F46EAC4} <C:\WINDOWS\Searche.dll, >
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash8a.ocx, Macromedia, Inc.>
====================
正在运行的进程
[PID: 452][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 512][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 536][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 580][C:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 592][C:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 792][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
    [C:\WINDOWS\System32\cdnns.dll]  <CNNIC><2, 0, 0, 0>
[PID: 856][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 952][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 980][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 1008][c:\program files\rising\rfw\rfwsrv.exe]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 30>
    [c:\program files\rising\rfw\RfwRule.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 12>
    [c:\program files\rising\rfw\rfwlog.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 6>
    [c:\program files\rising\rfw\Rfwdrv.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 21>
    [c:\program files\rising\rfw\MonDrv.dll]  <rs><1, 0, 0, 4>
    [c:\program files\rising\rfw\ProcLib.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 9>
[PID: 1236][C:\WINDOWS\system32\spoolsv.exe]  <Microsoft Corporation><5.1.2600.1699 (xpsp2.050610-1533)>
    [C:\WINDOWS\System32\cdnns.dll]  <CNNIC><2, 0, 0, 0>
[PID: 1452][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.2800.1106 (xpsp1.020828-1920)>
    [C:\WINDOWS\System32\Rorzh.dll]  <N/A><N/A>
    [C:\WINDOWS\Downloaded Program Files\Qspemq.dll]  <Tencent><4, 0, 7, 72>
    [C:\WINDOWS\Downloaded Program Files\Apboff.dll]  <Tencent><4, 0, 6, 61>
    [C:\PROGRA~1\COMMON~1\system\msdc32.dll]  <C1NETHELPER><1, 0, 0, 1>
    [C:\WINDOWS\System32\DTSERV~1.DLL]  <><1, 3, 0, 0>
    [C:\DOCUME~1\蔡裕连\LOCALS~1\Temp\f3\fwpxres.dll]  <><1, 0, 0, 0>
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  <CNNIC><2, 2, 0, 3>
    [C:\Program Files\CNNIC\Cdn\cdnspie.dll]  <><2, 1, 0, 3>
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  <CNNIC><2, 2, 0, 1>
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  <CNNIC><1, 0, 0, 8>
    [C:\WINDOWS\Searche.dll]  <><1, 0, 0, 1>
    [C:\WINDOWS\System32\cdnns.dll]  <CNNIC><2, 0, 0, 0>
    [C:\PROGRA~1\COMMON~1\system\mod\ca.dll]  <N/A><N/A>
    [C:\PROGRA~1\COMMON~1\system\mod\ca32.dll]  <N/A><N/A>
    [C:\DOCUME~1\蔡裕连\LOCALS~1\Temp\f3\ex\mcl.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\RavExt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
[PID: 1728][c:\program files\rising\rfw\RfwMain.exe]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 48>
    [c:\program files\rising\rfw\RsGuiLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 23>
    [c:\program files\rising\rfw\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [c:\program files\rising\rfw\PngDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [C:\WINDOWS\Downloaded Program Files\Qspemq.dll]  <Tencent><4, 0, 7, 72>
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  <CNNIC><2, 2, 0, 1>
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  <CNNIC><2, 2, 0, 3>
[PID: 1988][C:\Program Files\CNNIC\Cdn\cdnup.exe]  <><2, 3, 0, 7>
    [C:\WINDOWS\Downloaded Program Files\Qspemq.dll]  <Tencent><4, 0, 7, 72>
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  <CNNIC><2, 2, 0, 3>
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  <CNNIC><1, 0, 0, 8>
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  <CNNIC><2, 2, 0, 1>
    [C:\Program Files\CNNIC\Cdn\cdnspie.dll]  <><2, 1, 0, 3>
    [C:\Program Files\CNNIC\Cdn\cdntdns.dll]  <CNNIC><2, 2, 0, 3>
[PID: 2004][C:\WINDOWS\System32\ctfmon.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
    [C:\WINDOWS\Downloaded Program Files\Qspemq.dll]  <Tencent><4, 0, 7, 72>
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  <CNNIC><2, 2, 0, 3>
[PID: 180][C:\WINDOWS\System32\conime.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
    [C:\Program Files\CNNIC\Cdn\cdnspie.dll]  <><2, 1, 0, 3>
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  <CNNIC><2, 2, 0, 1>
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  <CNNIC><1, 0, 0, 8>
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  <CNNIC><2, 2, 0, 3>
    [C:\WINDOWS\Downloaded Program Files\Qspemq.dll]  <Tencent><4, 0, 7, 72>
[PID: 260][C:\Program Files\ChinaNetSn\bin\Dialterminal.exe]  <陕西电信有限公司><0, 0, 1, 6>
    [C:\Program Files\CNNIC\Cdn\cdnspie.dll]  <><2, 1, 0, 3>
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  <CNNIC><2, 2, 0, 1>
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  <CNNIC><1, 0, 0, 8>
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  <CNNIC><2, 2, 0, 3>
    [C:\WINDOWS\System32\cdnns.dll]  <CNNIC><2, 0, 0, 0>
    [C:\Program Files\ChinaNetSn\bin\detector.dll]  <西安信利软件系统有限公司><1, 0, 0, 2>
    [C:\WINDOWS\System32\wpcap.dll]  <CACE Technologies><3, 1, 0, 27>
    [C:\WINDOWS\System32\packet.dll]  <CACE Technologies><3, 1, 0, 27>
    [C:\WINDOWS\System32\WanPacket.dll]  <CACE Technologies><3, 1, 0, 27>
[PID: 360][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 312][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  <Microsoft Corporation><6.00.2800.1106 (xpsp1.020828-1920)>
    [C:\WINDOWS\Downloaded Program Files\Apboff.dll]  <Tencent><4, 0, 6, 61>
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  <CNNIC><2, 2, 0, 1>
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  <CNNIC><2, 2, 0, 3>
    [C:\WINDOWS\Searche.dll]  <><1, 0, 0, 1>
    [C:\WINDOWS\System32\cdnns.dll]  <CNNIC><2, 0, 0, 0>
    [C:\WINDOWS\System32\Rorzh.dll]  <N/A><N/A>
    [C:\WINDOWS\System32\Macromed\Flash\Flash8a.ocx]  <Macromedia, Inc.><8,0,24,0>
[PID: 2100][C:\Documents and Settings\蔡裕连\桌面\SREng.exe]  <Smallfrogs Studio><2.0.12.350>
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  <CNNIC><2, 2, 0, 1>
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  <CNNIC><2, 2, 0, 3>
    [C:\WINDOWS\Downloaded Program Files\Qspemq.dll]  <Tencent><4, 0, 7, 72>
    [C:\WINDOWS\System32\cdnns.dll]  <CNNIC><2, 0, 0, 0>

==================================
文件关联
.TXT  Error. [notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. [hh.exe %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [notepad.exe %1]
.INF  Error. [notepad.exe %1]
.VBS  Error. [wscript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

你好啊!这是我刚查到的
System Repair Engineer 2.0.12.350 (2.0 RC 1)
    Windows XP Professional Service Pack 1 - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <run><>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <CdnCtr><C:\Program Files\CNNIC\Cdn\cdnup.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <stup.exe><C:\PROGRA~1\TENCENT\Adplus\stup.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
  <CNETHELPER><rundll32.exe C:\PROGRA~1\COMMON~1\system\msdc32.dll,_S1>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
  <DTService><rundll32.exe C:\WINDOWS\System32\DTSERV~1.DLL,Load>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
  <Power><rundll32.exe C:\DOCUME~1\蔡裕连\LOCALS~1\Temp\f3\fwpxres.dll,Start>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <shell><Explorer.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <Userinit><C:\WINDOWS\System32\userinit.exe,>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <AppInit_DLLs><>

==================================
启动文件夹
服务
[Indexing Data / BRGNS]
  <C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A>
[Rising Proxy  Service / RfwProxySrv]
  <c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
  <c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
浏览器加载项
[apronA Class]
  {557B9038-FC87-453C-8B08-32D85F46EAC4} <C:\WINDOWS\Searche.dll, >
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash8a.ocx, Macromedia, Inc.>

==================================
正在运行的进程
[PID: 452][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 512][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 536][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 580][C:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 592][C:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 792][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
    [C:\WINDOWS\System32\cdnns.dll]  <CNNIC><2, 0, 0, 0>
[PID: 856][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 952][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 980][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 1008][c:\program files\rising\rfw\rfwsrv.exe]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 30>
    [c:\program files\rising\rfw\RfwRule.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 12>
    [c:\program files\rising\rfw\rfwlog.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 6>
    [c:\program files\rising\rfw\Rfwdrv.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 21>
    [c:\program files\rising\rfw\MonDrv.dll]  <rs><1, 0, 0, 4>
    [c:\program files\rising\rfw\ProcLib.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 9>
[PID: 1236][C:\WINDOWS\system32\spoolsv.exe]  <Microsoft Corporation><5.1.2600.1699 (xpsp2.050610-1533)>
    [C:\WINDOWS\System32\cdnns.dll]  <CNNIC><2, 0, 0, 0>
[PID: 1452][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.2800.1106 (xpsp1.020828-1920)>
    [C:\WINDOWS\System32\Rorzh.dll]  <N/A><N/A>
    [C:\WINDOWS\Downloaded Program Files\Qspemq.dll]  <Tencent><4, 0, 7, 72>
    [C:\WINDOWS\Downloaded Program Files\Apboff.dll]  <Tencent><4, 0, 6, 61>
    [C:\PROGRA~1\COMMON~1\system\msdc32.dll]  <C1NETHELPER><1, 0, 0, 1>
    [C:\WINDOWS\System32\DTSERV~1.DLL]  <><1, 3, 0, 0>
    [C:\DOCUME~1\蔡裕连\LOCALS~1\Temp\f3\fwpxres.dll]  <><1, 0, 0, 0>
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  <CNNIC><2, 2, 0, 3>
    [C:\Program Files\CNNIC\Cdn\cdnspie.dll]  <><2, 1, 0, 3>
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  <CNNIC><2, 2, 0, 1>
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  <CNNIC><1, 0, 0, 8>
    [C:\WINDOWS\Searche.dll]  <><1, 0, 0, 1>
    [C:\WINDOWS\System32\cdnns.dll]  <CNNIC><2, 0, 0, 0>
    [C:\PROGRA~1\COMMON~1\system\mod\ca.dll]  <N/A><N/A>
    [C:\PROGRA~1\COMMON~1\system\mod\ca32.dll]  <N/A><N/A>
    [C:\DOCUME~1\蔡裕连\LOCALS~1\Temp\f3\ex\mcl.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\RavExt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
[PID: 1728][c:\program files\rising\rfw\RfwMain.exe]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 48>
    [c:\program files\rising\rfw\RsGuiLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 23>
    [c:\program files\rising\rfw\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [c:\program files\rising\rfw\PngDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [C:\WINDOWS\Downloaded Program Files\Qspemq.dll]  <Tencent><4, 0, 7, 72>
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  <CNNIC><2, 2, 0, 1>
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  <CNNIC><2, 2, 0, 3>
[PID: 1988][C:\Program Files\CNNIC\Cdn\cdnup.exe]  <><2, 3, 0, 7>
    [C:\WINDOWS\Downloaded Program Files\Qspemq.dll]  <Tencent><4, 0, 7, 72>
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  <CNNIC><2, 2, 0, 3>
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  <CNNIC><1, 0, 0, 8>
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  <CNNIC><2, 2, 0, 1>
    [C:\Program Files\CNNIC\Cdn\cdnspie.dll]  <><2, 1, 0, 3>
    [C:\Program Files\CNNIC\Cdn\cdntdns.dll]  <CNNIC><2, 2, 0, 3>
[PID: 2004][C:\WINDOWS\System32\ctfmon.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
    [C:\WINDOWS\Downloaded Program Files\Qspemq.dll]  <Tencent><4, 0, 7, 72>
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  <CNNIC><2, 2, 0, 3>
[PID: 180][C:\WINDOWS\System32\conime.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
    [C:\Program Files\CNNIC\Cdn\cdnspie.dll]  <><2, 1, 0, 3>
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  <CNNIC><2, 2, 0, 1>
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  <CNNIC><1, 0, 0, 8>
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  <CNNIC><2, 2, 0, 3>
    [C:\WINDOWS\Downloaded Program Files\Qspemq.dll]  <Tencent><4, 0, 7, 72>
[PID: 260][C:\Program Files\ChinaNetSn\bin\Dialterminal.exe]  <陕西电信有限公司><0, 0, 1, 6>
    [C:\Program Files\CNNIC\Cdn\cdnspie.dll]  <><2, 1, 0, 3>
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  <CNNIC><2, 2, 0, 1>
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  <CNNIC><1, 0, 0, 8>
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  <CNNIC><2, 2, 0, 3>
    [C:\WINDOWS\System32\cdnns.dll]  <CNNIC><2, 0, 0, 0>
    [C:\Program Files\ChinaNetSn\bin\detector.dll]  <西安信利软件系统有限公司><1, 0, 0, 2>
    [C:\WINDOWS\System32\wpcap.dll]  <CACE Technologies><3, 1, 0, 27>
    [C:\WINDOWS\System32\packet.dll]  <CACE Technologies><3, 1, 0, 27>
    [C:\WINDOWS\System32\WanPacket.dll]  <CACE Technologies><3, 1, 0, 27>
[PID: 360][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 312][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  <Microsoft Corporation><6.00.2800.1106 (xpsp1.020828-1920)>
    [C:\WINDOWS\Downloaded Program Files\Apboff.dll]  <Tencent><4, 0, 6, 61>
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  <CNNIC><2, 2, 0, 1>
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  <CNNIC><2, 2, 0, 3>
    [C:\WINDOWS\Searche.dll]  <><1, 0, 0, 1>
    [C:\WINDOWS\System32\cdnns.dll]  <CNNIC><2, 0, 0, 0>
    [C:\WINDOWS\System32\Rorzh.dll]  <N/A><N/A>
    [C:\WINDOWS\System32\Macromed\Flash\Flash8a.ocx]  <Macromedia, Inc.><8,0,24,0>
[PID: 2100][C:\Documents and Settings\蔡裕连\桌面\SREng.exe]  <Smallfrogs Studio><2.0.12.350>
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  <CNNIC><2, 2, 0, 1>
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  <CNNIC><2, 2, 0, 3>
    [C:\WINDOWS\Downloaded Program Files\Qspemq.dll]  <Tencent><4, 0, 7, 72>
    [C:\WINDOWS\System32\cdnns.dll]  <CNNIC><2, 0, 0, 0>

==================================
文件关联
.TXT  Error. [notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. [hh.exe %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [notepad.exe %1]
.INF  Error. [notepad.exe %1]
.VBS  Error. [wscript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

运行System Repair Engineer，使用“系统修复，文件关联，勾选“全选”点“修复”使所有扩展名都恢复正常。
以下一把都是流氓软件，有些会弹出窗口，手工删除有些困难
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<CdnCtr><C:\Program Files\CNNIC\Cdn\cdnup.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<stup.exe><C:\PROGRA~1\TENCENT\Adplus\stup.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<CNETHELPER><rundll32.exe C:\PROGRA~1\COMMON~1\system\msdc32.dll,_S1>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<DTService><rundll32.exe C:\WINDOWS\System32\DTSERV~1.DLL,Load>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<Power><rundll32.exe C:\DOCUME~1\蔡裕连\LOCALS~1\Temp\f3\fwpxres.dll,Start>
[Indexing Data / BRGNS]
<C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/
[apronA Class]
{557B9038-FC87-453C-8B08-32D85F46EAC4} <C:\WINDOWS\Searche.dll, >
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
建议你下载超级兔子。
http://dl.pconline.com.cn/html_2/1/75/id=273&pn=0.html
安装好后，打开“超级兔子优化王”“专业卸载，卸载所有提示的垃圾软件。
卸载完后，重启，删除
C:\PROGRA~1\CNNIC

C:\WINDOWS\Searche.dll
C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL
C:\DOCUME~1\蔡裕连\LOCALS~1\Temp删除这个文件夹中所有能删除的东东
C:\WINDOWS\System32\DTSERV~1.DLL
C:\PROGRA~1\COMMON~1\system\msdc32.dll
C:\PROGRA~1\TENCENT\Adplus

你好啊!这是我刚查到的
System Repair Engineer 2.0.12.350 (2.0 RC 1)
    Windows XP Professional Service Pack 1 - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <run><>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <CdnCtr><C:\Program Files\CNNIC\Cdn\cdnup.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <stup.exe><C:\PROGRA~1\TENCENT\Adplus\stup.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
  <CNETHELPER><rundll32.exe C:\PROGRA~1\COMMON~1\system\msdc32.dll,_S1>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
  <DTService><rundll32.exe C:\WINDOWS\System32\DTSERV~1.DLL,Load>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
  <Power><rundll32.exe C:\DOCUME~1\蔡裕连\LOCALS~1\Temp\f3\fwpxres.dll,Start>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <shell><Explorer.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <Userinit><C:\WINDOWS\System32\userinit.exe,>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <AppInit_DLLs><>

==================================
启动文件夹
服务
[Indexing Data / BRGNS]
  <C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A>
[Rising Proxy  Service / RfwProxySrv]
  <c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
  <c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
浏览器加载项
[apronA Class]
  {557B9038-FC87-453C-8B08-32D85F46EAC4} <C:\WINDOWS\Searche.dll, >
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash8a.ocx, Macromedia, Inc.>

==================================
正在运行的进程
[PID: 452][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 512][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 536][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 580][C:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 592][C:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 792][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
    [C:\WINDOWS\System32\cdnns.dll]  <CNNIC><2, 0, 0, 0>
[PID: 856][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 952][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 980][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 1008][c:\program files\rising\rfw\rfwsrv.exe]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 30>
    [c:\program files\rising\rfw\RfwRule.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 12>
    [c:\program files\rising\rfw\rfwlog.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 6>
    [c:\program files\rising\rfw\Rfwdrv.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 21>
    [c:\program files\rising\rfw\MonDrv.dll]  <rs><1, 0, 0, 4>
    [c:\program files\rising\rfw\ProcLib.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 9>
[PID: 1236][C:\WINDOWS\system32\spoolsv.exe]  <Microsoft Corporation><5.1.2600.1699 (xpsp2.050610-1533)>
    [C:\WINDOWS\System32\cdnns.dll]  <CNNIC><2, 0, 0, 0>
[PID: 1452][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.2800.1106 (xpsp1.020828-1920)>
    [C:\WINDOWS\System32\Rorzh.dll]  <N/A><N/A>
    [C:\WINDOWS\Downloaded Program Files\Qspemq.dll]  <Tencent><4, 0, 7, 72>
    [C:\WINDOWS\Downloaded Program Files\Apboff.dll]  <Tencent><4, 0, 6, 61>
    [C:\PROGRA~1\COMMON~1\system\msdc32.dll]  <C1NETHELPER><1, 0, 0, 1>
    [C:\WINDOWS\System32\DTSERV~1.DLL]  <><1, 3, 0, 0>
    [C:\DOCUME~1\蔡裕连\LOCALS~1\Temp\f3\fwpxres.dll]  <><1, 0, 0, 0>
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  <CNNIC><2, 2, 0, 3>
    [C:\Program Files\CNNIC\Cdn\cdnspie.dll]  <><2, 1, 0, 3>
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  <CNNIC><2, 2, 0, 1>
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  <CNNIC><1, 0, 0, 8>
    [C:\WINDOWS\Searche.dll]  <><1, 0, 0, 1>
    [C:\WINDOWS\System32\cdnns.dll]  <CNNIC><2, 0, 0, 0>
    [C:\PROGRA~1\COMMON~1\system\mod\ca.dll]  <N/A><N/A>
    [C:\PROGRA~1\COMMON~1\system\mod\ca32.dll]  <N/A><N/A>
    [C:\DOCUME~1\蔡裕连\LOCALS~1\Temp\f3\ex\mcl.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\RavExt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 13>
[PID: 1728][c:\program files\rising\rfw\RfwMain.exe]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 48>
    [c:\program files\rising\rfw\RsGuiLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 23>
    [c:\program files\rising\rfw\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [c:\program files\rising\rfw\PngDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [C:\WINDOWS\Downloaded Program Files\Qspemq.dll]  <Tencent><4, 0, 7, 72>
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  <CNNIC><2, 2, 0, 1>
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  <CNNIC><2, 2, 0, 3>
[PID: 1988][C:\Program Files\CNNIC\Cdn\cdnup.exe]  <><2, 3, 0, 7>
    [C:\WINDOWS\Downloaded Program Files\Qspemq.dll]  <Tencent><4, 0, 7, 72>
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  <CNNIC><2, 2, 0, 3>
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  <CNNIC><1, 0, 0, 8>
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  <CNNIC><2, 2, 0, 1>
    [C:\Program Files\CNNIC\Cdn\cdnspie.dll]  <><2, 1, 0, 3>
    [C:\Program Files\CNNIC\Cdn\cdntdns.dll]  <CNNIC><2, 2, 0, 3>
[PID: 2004][C:\WINDOWS\System32\ctfmon.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
    [C:\WINDOWS\Downloaded Program Files\Qspemq.dll]  <Tencent><4, 0, 7, 72>
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  <CNNIC><2, 2, 0, 3>
[PID: 180][C:\WINDOWS\System32\conime.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
    [C:\Program Files\CNNIC\Cdn\cdnspie.dll]  <><2, 1, 0, 3>
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  <CNNIC><2, 2, 0, 1>
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  <CNNIC><1, 0, 0, 8>
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  <CNNIC><2, 2, 0, 3>
    [C:\WINDOWS\Downloaded Program Files\Qspemq.dll]  <Tencent><4, 0, 7, 72>
[PID: 260][C:\Program Files\ChinaNetSn\bin\Dialterminal.exe]  <陕西电信有限公司><0, 0, 1, 6>
    [C:\Program Files\CNNIC\Cdn\cdnspie.dll]  <><2, 1, 0, 3>
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  <CNNIC><2, 2, 0, 1>
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  <CNNIC><1, 0, 0, 8>
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  <CNNIC><2, 2, 0, 3>
    [C:\WINDOWS\System32\cdnns.dll]  <CNNIC><2, 0, 0, 0>
    [C:\Program Files\ChinaNetSn\bin\detector.dll]  <西安信利软件系统有限公司><1, 0, 0, 2>
    [C:\WINDOWS\System32\wpcap.dll]  <CACE Technologies><3, 1, 0, 27>
    [C:\WINDOWS\System32\packet.dll]  <CACE Technologies><3, 1, 0, 27>
    [C:\WINDOWS\System32\WanPacket.dll]  <CACE Technologies><3, 1, 0, 27>
[PID: 360][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 312][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  <Microsoft Corporation><6.00.2800.1106 (xpsp1.020828-1920)>
    [C:\WINDOWS\Downloaded Program Files\Apboff.dll]  <Tencent><4, 0, 6, 61>
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  <CNNIC><2, 2, 0, 1>
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  <CNNIC><2, 2, 0, 3>
    [C:\WINDOWS\Searche.dll]  <><1, 0, 0, 1>
    [C:\WINDOWS\System32\cdnns.dll]  <CNNIC><2, 0, 0, 0>
    [C:\WINDOWS\System32\Rorzh.dll]  <N/A><N/A>
    [C:\WINDOWS\System32\Macromed\Flash\Flash8a.ocx]  <Macromedia, Inc.><8,0,24,0>
[PID: 2100][C:\Documents and Settings\蔡裕连\桌面\SREng.exe]  <Smallfrogs Studio><2.0.12.350>
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  <CNNIC><2, 2, 0, 1>
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  <CNNIC><2, 2, 0, 3>
    [C:\WINDOWS\Downloaded Program Files\Qspemq.dll]  <Tencent><4, 0, 7, 72>
    [C:\WINDOWS\System32\cdnns.dll]  <CNNIC><2, 0, 0, 0>

==================================
文件关联
.TXT  Error. [notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. [hh.exe %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [notepad.exe %1]
.INF  Error. [notepad.exe %1]
.VBS  Error. [wscript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

晕，你修复了吗？
运行System Repair Engineer，使用“系统修复，文件关联，勾选“全选”点“修复”使所有扩展名都恢复正常。
以下一把都是流氓软件，有些会弹出窗口，手工删除有些困难
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<CdnCtr><C:\Program Files\CNNIC\Cdn\cdnup.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<stup.exe><C:\PROGRA~1\TENCENT\Adplus\stup.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<CNETHELPER><rundll32.exe C:\PROGRA~1\COMMON~1\system\msdc32.dll,_S1>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<DTService><rundll32.exe C:\WINDOWS\System32\DTSERV~1.DLL,Load>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<Power><rundll32.exe C:\DOCUME~1\蔡裕连\LOCALS~1\Temp\f3\fwpxres.dll,Start>
[Indexing Data / BRGNS]
<C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/
[apronA Class]
{557B9038-FC87-453C-8B08-32D85F46EAC4} <C:\WINDOWS\Searche.dll, >
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
建议你下载超级兔子。
http://dl.pconline.com.cn/html_2/1/75/id=273&pn=0.html
安装好后，打开“超级兔子优化王”“专业卸载，卸载所有提示的垃圾软件。
卸载完后，重启，删除
C:\PROGRA~1\CNNIC

C:\WINDOWS\Searche.dll
C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL
C:\DOCUME~1\蔡裕连\LOCALS~1\Temp删除这个文件夹中所有能删除的东东
C:\WINDOWS\System32\DTSERV~1.DLL
C:\PROGRA~1\COMMON~1\system\msdc32.dll
C:\PROGRA~1\TENCENT\Adplus

不要意思.我刚才照你说的去做了.但是在做后删除几个文件,就是找不到.我也用超级兔子再次扫描了一下,还是扫描了一些东西.麻烦你能告诉我怎么做吗?
谢谢你啦

你下载好兔子，安装好后，
打开“超级兔子优化王”找到“专业卸载，卸载所有提示的垃圾软件（提示的垃圾软件是红色标出来，很有认别）。
不用担心，有几个就勾选几个，点卸载就可以了。
卸载完后，请重启。
重启后，再扫份报告粘上来。