这是什么病毒呀，斑竹来救救小妹呀！ bbs.ikaka.com

其实我不懂PC的心 - 2006-8-13 22:10:00

昨天下了一个陈桥五笔V5.802版，结果每次上网的时候都会弹出一个广告网页，我该怎么才能弄掉它呀？各位大虾帮忙呀！

我的HJ日志：

ijackThis_zww汉化版扫描日志 V1.99.1
保存于 20:35:22, 日期 2006-8-13
操作系统： Windows XP SP2 (WinNT 5.01.2600)
浏览器： Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程：
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\WINLOGON.EXE
C:\WINDOWS\system32\winmer.exe
C:\WINDOWS\system32\msime.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\VM_STI.EXE
D:\Herosoft\HeroV8\SYSEXPLR.EXE
C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
D:\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
D:\lg_fwupdate\fwupdate.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\DAEMON Tools\daemon.exe
C:\WINDOWS\rundll32.exe
C:\WINDOWS\system\realsched.exe
C:\PROGRA~1\baigoo\bgoomain.exe
C:\Program Files\Internet Explorer\PLUGINS\SVCHOST.exe
C:\Program Files\CNNIC\Cdn\cdnup.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\UpdateService.exe
C:\WINDOWS\Windives.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\betcomet0.62.jsp\BitComet.exe
D:\qq2005\QQ.exe
D:\qq2005\TIMPlatform.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\hijackthis版本1.99.1\HijackThis1991汉化版\HijackThis1991zww.exe

R3 - 默认的URLSearchHook丢失。用HijackThis修复
F2 - REG:system.ini: Shell=Explorer.exe 1
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\cchlelg.exe
O2 - BHO: ThunderIEHelper - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v14.dll
O2 - BHO: FqtGnjsx Class - {0D0EAFA2-C3EF-7215-7176-C8DF112A3738} - C:\WINDOWS\DOWNLO~1\upbmvvcy.dll
O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\WINDOWS\system32\wmpdrm.dll
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\qq2005\QQIEHelper.dll
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
O2 - BHO: BHOImp Class - {70AFF2CB-9DA2-499C-8D15-900729FCE83D} - C:\WINDOWS\system32\YHBO.dll
O2 - BHO: YOK超级搜索 - {75FE2B5A-D3A4-4EFA-AC11-ADC9C9459688} - C:\Program Files\YOK.com\SuperSearch\YOK_SuperSearch.dll
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dll
O2 - BHO: bg - {7BDAF75A-0D6F-4F50-AFE9-333D08DF4005} - C:\Program Files\baigoo\BGooBHO.dll
O2 - BHO: IEHlprObj Class - {D424FE4E-CAF9-4fdd-BC5F-E6E6B91D53BF} - C:\Progra~1\NetMeeting\nmview.dll
O2 - BHO: WMHlprObj Class - {F5824EFB-728A-4726-A5A5-85A68B20EDC3} - C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll
O2 - BHO: 超级兔子上网精灵 - {FEDF637B-F631-4583-A210-33CC828D42DB} - D:\MagicSet\HaokanBar.dll
O3 - IE工具栏增项: 超级兔子上网精灵 - {FEDF637B-F631-4583-A210-33CC828D42DB} - D:\MagicSet\HaokanBar.dll
O3 - IE工具栏增项: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O3 - IE工具栏增项: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\baidubar.dll
O3 - IE工具栏增项: YOK超级搜索 - {F869BB38-FFEF-4589-B986-610B7AD0ADA2} - C:\Program Files\YOK.com\SuperSearch\YOK_SuperSearch.dll
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [SoundMan] SOUNDMAN.EXE
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: [nwiz] nwiz.exe /install
O4 - 启动项HKLM\\Run: [Super Rabbit SRRestore] D:\MagicSet\srrest.exe /autosave
O4 - 启动项HKLM\\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 301P
O4 - 启动项HKLM\\Run: [SysExplr] d:\Herosoft\HeroV8\SYSEXPLR.EXE
O4 - 启动项HKLM\\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - 启动项HKLM\\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - 启动项HKLM\\Run: [RemoteControl] "d:\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - 启动项HKLM\\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - 启动项HKLM\\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - 启动项HKLM\\Run: [LGODDFU] d:\lg_fwupdate\fwupdate.exe
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - 启动项HKLM\\Run: [mscfs] RUNDLL32 C:\WINDOWS\system32\msibm\cfsys.dll,cfs
O4 - 启动项HKLM\\Run: [DAEMON Tools] "d:\DAEMON Tools\daemon.exe" -lang 1033
O4 - 启动项HKLM\\Run: [Torjan Program] C:\WINDOWS\WINLOGON.EXE
O4 - 启动项HKLM\\Run: [rx] C:\WINDOWS\rundll32.exe
O4 - 启动项HKLM\\Run: [_rx] C:\WINDOWS\rundll32.exe
O4 - 启动项HKLM\\Run: [设备检测器] DevDetect.exe -autorun
O4 - 启动项HKLM\\Run: [intranet] C:\WINDOWS\system32\intranet.exe
O4 - 启动项HKLM\\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - 启动项HKLM\\Run: [MSService_v1.0] C:\WINDOWS\system\realsched.exe
O4 - 启动项HKLM\\Run: [spoolsv] C:\WINDOWS\system32\spoolsv\spoolsv.exe -printer
O4 - 启动项HKLM\\Run: [bgoomain.exe] C:\PROGRA~1\baigoo\bgoomain.exe
O4 - 启动项HKLM\\Run: [SVCHOST] C:\Program Files\Internet Explorer\PLUGINS\SVCHOST.exe
O4 - 启动项HKLM\\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - 启动项HKLM\\RunServices: [Torjan Program] C:\WINDOWS\WINLOGON.EXE
O4 - Startup: desktop.ini
O4 - Startup: 腾讯QQ.lnk = D:\qq2005\QQ.exe
O4 - Startup: 地址栏搜索.lnk = C:\Documents and Settings\liu\Local Settings\Temp\efcbz0je.exe
O4 - Global Startup: desktop.ini
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - d:\迅雷5\geturl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - d:\迅雷5\getallurl.htm
O8 - IE右键菜单中的新增项目: YOK超级搜索 - C:\Program Files\YOK.com\SuperSearch\yoksch.htm
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - D:\qq2005\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - D:\qq2005\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\qq2005\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - D:\qq2005\SendMMS.htm
O8 - IE右键菜单中的新增项目: 访问通用网址 - C:\Program Files\CNNIC\Cdn\cnnic.htm
O9 - 浏览器额外的按钮: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - 浏览器额外的“工具”菜单项: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\qq2005\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\qq2005\QQ.EXE
O9 - 浏览器额外的按钮: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\qq2005\QQIEHelper.dll
O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\qq2005\QQIEHelper.dll
O9 - 浏览器额外的按钮: YOK超级搜索 - {F869BB38-FFEF-4589-B986-610B7AD0ADA2} - http://www.yok.com (file missing)
O10 - 未知的文件在 Winsock LSP: c:\windows\system32\cdnns.dll
O10 - 未知的文件在 Winsock LSP: c:\windows\system32\quartz32.dll
O10 - 未知的文件在 Winsock LSP: c:\windows\system32\quartz32.dll
O11 - Options group: [CDNCLIENT] 中文上网
O17 - HKLM\System\CCS\Services\Tcpip\..\{A328C777-D385-4CDC-A506-51A524E7EFFF}: NameServer = 202.99.166.4 202.99.160.68
O23 - NT 服务: Gray_Pigeon_Server1.23 (GrayPigeonServer1.23) - Unknown owner - C:\WINDOWS\G_Server1.23.exe
O23 - NT 服务: Pigeon_Server (PigeonServer) - Unknown owner - C:\WINDOWS\Server.exe
O23 - NT 服务: Security Commad Managers (Samcmd) - Unknown owner - C:\WINDOWS\system32\cmd1.exe
O23 - NT 服务: UpdateService - Unknown owner - C:\WINDOWS\system32\UpdateService.exe
O23 - NT 服务: windives - Unknown owner - C:\WINDOWS\Windives.exe

秋日里的蓝天 - 2006-8-13 22:22:00

运行Hijackthis，扫描结束后在下列选项前打上勾，然后选"修复
R3 - 默认的URLSearchHook丢失。用HijackThis修复
F2 - REG:system.ini: Shell=Explorer.exe 1
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\cchlelg.exe
O2 - BHO: FqtGnjsx Class - {0D0EAFA2-C3EF-7215-7176-C8DF112A3738} - C:\WINDOWS\DOWNLO~1\upbmvvcy.dll
O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\WINDOWS\system32\wmpdrm.dll
O2 - BHO: BHOImp Class - {70AFF2CB-9DA2-499C-8D15-900729FCE83D} - C:\WINDOWS\system32\YHBO.dll
O2 - BHO: YOK超级搜索 - {75FE2B5A-D3A4-4EFA-AC11-ADC9C9459688} - C:\Program Files\YOK.com\SuperSearch\YOK_SuperSearch.dll
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dll
O2 - BHO: WMHlprObj Class - {F5824EFB-728A-4726-A5A5-85A68B20EDC3} - C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

也可以使用超级兔子修复

取消已下的启动项
O4 - 启动项HKLM\\Run: [Torjan Program] C:\WINDOWS\WINLOGON.EXE
O4 - 启动项HKLM\\Run: [rx] C:\WINDOWS\rundll32.exe
O4 - 启动项HKLM\\Run: [_rx] C:\WINDOWS\rundll32.exe
O4 - 启动项HKLM\\Run: [SVCHOST] C:\Program Files\Internet Explorer\PLUGINS\SVCHOST.exe
O4 - 启动项HKLM\\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - 启动项HKLM\\RunServices: [Torjan Program] C:\WINDOWS\WINLOGON.EXE
O4 - 启动项HKLM\\Run: [spoolsv] C:\WINDOWS\system32\spoolsv\spoolsv.exe -printer

O10 - 未知的文件在 Winsock LSP: c:\windows\system32\cdnns.dll
到我的网络E盘绿色软件下载：恶意软件清理助手
http://free5.ys168.com/?ufwihgu168

O10 - 未知的文件在 Winsock LSP: c:\windows\system32\quartz32.dll
O10 - 未知的文件在 Winsock LSP: c:\windows\system32\quartz32.dll

请下载LSPFix和WinsockXPFix这两个软件，
　　重新启动电脑, 进入安全模式。运行LSPFix.exe，删除：
quartz32.dll
说明：
LSPFix这个软件主要用来辅助修复HijackThis扫描发现的O10项。使用时，
请关闭所有IE界面和文件夹界面后运行LSPFix。运行后，把要修复的那一
个O10项从左边转到右边，点“Finish”即可。修复后重启计算机，如果
无法上网，请运行WinsockXPFix，让它修复一下。

秋日里的蓝天 - 2006-8-13 22:26:00

开始→运行→输入services.msc，打开“服务”→查找Pigeon_Server ,Security Commad Managers ,UpdateService,→
双击→启动类型→禁止→停止→应用→确定。禁止三个服务,用逗号分开的,Pigeon_Server ,Security Commad Managers ,UpdateService,→这个服务

重启到安全模式下删除
C:\WINDOWS\WINLOGON.EXE
C:\WINDOWS\rundll32.exe
C:\Program Files\Internet Explorer\PLUGINS\SVCHOST.exe
C:\Program Files\CNNIC
C:\WINDOWS\system32\spoolsv
C:\WINDOWS\Server.exe
C:\WINDOWS\system32\cmd1.exe
C:\WINDOWS\system32\UpdateService.exe
C:\WINDOWS\Windives.exe

山形依旧 - 2006-8-13 22:35:00

重启后删除：
C:\WINDOWS\system32\winmer.exe
C:\WINDOWS\system32\msime.exe
C:\WINDOWS\rundll32.exe
C:\WINDOWS\system32\UpdateService.exe
C:\WINDOWS\Windives.exe

命运里の金色 - 2006-8-13 22:38:00

O4 - 启动项HKLM\\Run: [Torjan Program] C:\WINDOWS\WINLOGON.EXE
补充下这个
http://z08.zupload.com/download.php?file=getfile&filepath=27680 地址有效期7天
到这里download file
空指针的批处理来清理，效果不错
这个系列的木马闹了好长时间了，可似乎还没有折腾够，变种很多，从开始的红底黑色龙头图案（据说是网游传世的图标）到后来的征途图标。显著的外在特征为：在D盘根目录下生成pagefile.pif文件或者command.com文件，删除了一会后再回来，启动项删除后会自动恢复。其中一个典型变种的分析可看小空的BLOG。由于修改了不少文件关联，在处理上有一定的难度，远程了几个，感觉很头疼，于是有了写个批处理的念头。设想起来简单，可实现起来远不是那么容易了。由于REG_EXPAND_SZ的数据类型要换算成2进制，增加了不少的工作量和一定的难度。因此，现在这个版本仅支持安装在C盘或D盘下的XP操作系统，感谢风乱舞的帮忙以及他提供的系统优化程序，还有海色の月和艾玛。好了，不多说了，下面说下处理办法：
首先运行Procexp，结束WINLOGON进程（kill process）
将进程结束后，运行Repair.bat（需要事先下载下来，最好不要放在D盘，以免打开D盘时再次激活病毒），按照提示操作即可。依次进行的是去掉文件s r h属性，删除文件，修复注册表信息，删除启动项。在后面由风乱舞提供了部分系统优化功能，可以根据个人喜好选择。
Repair.bat 和Procexp在附件里提供了。
需要做以下几点说明：
1、该批处理只适用于安装在C盘和D盘下的XP操作系统。
2、这不是杀毒软件，只是我个人针对该病毒及其系列变种采取应对措施，不能保证完无一失。因此，请做好系统备份，对此产生的后果我不负任何责任。（不过出事的几率好象不大^_^）
3、批处理同样适用用于杀软清除病毒后的注册表修复。
4、如果发现经过以上操作后某些变种还无法清除，请把病毒文件加密压缩后发到我邮箱（kongzhizhen@gmail.com），我会及时处理。
5、转帖请注明出处和作者。

我无邪 - 2006-8-13 23:41:00

呵呵，兄弟们很热情
建议楼主修复后，重启。
请下载 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完，分次粘完，请不要修改。

其实我不懂PC的心 - 2006-8-14 6:50:00

谢谢大家呀，小妹严重感动呀!偶试下了!

其实我不懂PC的心 - 2006-8-14 6:55:00

二楼的大虾，为什么我找不到Pigeon_Server这个文件呀？是不是找不到就不用修改了？

命运里の金色 - 2006-8-14 7:21:00

打开注册表编辑器，定位到HKEY_LOCAL_MACHINE\ SYSTEM \ CURRENTCONTROLSET \ SERVICES分支，删除左栏中的病毒服务名Pigeon_Server(PigeonServer) ,Security Commad Managers(Samcmd) ,UpdateService,windives,Gray_Pigeon_Server1.23 (GrayPigeonServer1.23),也可能叫括号里的名字
参照http://forum.ikaka.com/topic.asp?board=28&artid=6202404来处理

最后建议使用反病毒软件，我推荐我使用的免费的Antivir，老牌的德国杀毒软件http://www.free-av.com/
download code:http://www.free-av.com/

你中了很多流氓软件，建议用兔子修复

Virus Database File
Version: 6.35.1.85
FUP: 0
License date: 13.8.2006
VDF date: 13.8.2006
Minimum engine: 6.34.1.37
Signatures: 480433
Required linked VDF: 6.35.1.56
Source: 6.35.1.85
Compiler: 1.2.7
目前病毒库有480433
上面全都弄好后，在贴个日志

语过天情 - 2006-8-14 11:26:00

女生这么受欢迎~!~!~!
我们的帖子没人理~!~!~!~!
55

抹伤06 - 2006-8-14 13:50:00

上楼的。你又没贴出自己的网止。
我想帮你也帮不了的呀。
我们可不是一天都在电脑旁边的。
而且上网也不是总是上这个网的吧

我无邪 - 2006-8-14 21:36:00

【回复“语过天情”的帖子】
你有问题立个帖子，也扫个日志，把链接发给我。

我无邪 - 2006-8-14 21:36:00

楼主快修复，修复完后，重启。
请下载 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完，分次粘完，请不要修改。

其实我不懂PC的心 - 2006-8-14 23:01:00

谢谢大家呀!可是我看不懂呀!连注册表编辑器都不会进呀!哪位有简单明了的办法呀!不好意思呀，我是个电脑白痴.......

我无邪 - 2006-8-14 23:06:00

不需要进入注册表，你快按上面扫个日志粘上来。

其实我不懂PC的心 - 2006-8-14 23:07:00

大虾GG你在呀，太好了!我不是扫上来了么？

我无邪 - 2006-8-14 23:12:00

请下载 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完，分次粘完，请不要修改。

其实我不懂PC的心 - 2006-8-14 23:20:00

无邪GG，我扫了，你帮我来看看呀!

2006-08-14,23:06:00

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<PowerBar><> []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
<run><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [Microsoft Corporation]
<SoundMan><SOUNDMAN.EXE> [Realtek Semiconductor Corp.]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [NVIDIA Corporation]
<nwiz><nwiz.exe /install> [NVIDIA Corporation]
<Super Rabbit SRRestore><D:\MagicSet\srrest.exe /autosave> [Super Rabbit Soft]
<BigDogPath><C:\WINDOWS\VM_STI.EXE USB PC Camera 301P> []
<SysExplr><d:\Herosoft\HeroV8\SYSEXPLR.EXE> []
<YLive.exe><C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe> [ ]
<yassistse><"C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"> [Yahoo!]
<RemoteControl><"d:\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"> [Cyberlink Corp.]
<InCD><C:\Program Files\Ahead\InCD\InCD.exe> [Nero AG]
<NeroFilterCheck><C:\WINDOWS\system32\NeroCheck.exe> [Ahead Software Gmbh]
<LGODDFU><d:\lg_fwupdate\fwupdate.exe> [CST]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<mscfs><RUNDLL32 C:\WINDOWS\system32\msibm\cfsys.dll,cfs> []
<DAEMON Tools><"d:\DAEMON Tools\daemon.exe" -lang 1033> [DT Soft Ltd.]
<Torjan Program><C:\WINDOWS\WINLOGON.EXE> [Keys]
<rx><C:\WINDOWS\rundll32.exe> []
<_rx><C:\WINDOWS\rundll32.exe> []
<设备检测器><DevDetect.exe -autorun> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
<Torjan Program><C:\WINDOWS\WINLOGON.EXE> [Keys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<KernelCheck><C:\WINDOWS\system32\winmer.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe 1> []
<Userinit><C:\WINDOWS\SYSTEM32\Userinit.exe,C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\cchlelg.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]

其实我不懂PC的心 - 2006-8-14 23:21:00

==================================
启动文件夹
[Microsoft Office]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk><N>
[腾讯QQ]
<C:\Documents and Settings\liu\「开始」菜单\程序\启动\腾讯QQ.lnk><N>
[地址栏搜索]
<C:\Documents and Settings\liu\「开始」菜单\程序\启动\地址栏搜索.lnk><N>

==================================
服务
[Gray_Pigeon_Server1.23 / GrayPigeonServer1.23]
<C:\WINDOWS\G_Server1.23.exe><N/A>
[Pigeon_Server / PigeonServer]
<C:\WINDOWS\Server.exe><N/A>
[Security Commad Managers / Samcmd]
<C:\WINDOWS\system32\cmd1.exe><N/A>
[UpdateService / UpdateService]
<C:\WINDOWS\system32\UpdateService.exe><N/A>
[windives / windives]
<C:\WINDOWS\Windives.exe><N/A>

==================================
浏览器加载项
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[wmpdrm]
{0E674588-66B7-4E19-9D0E-2053B800F69F} <C:\WINDOWS\system32\wmpdrm.dll, Allsum Info. Tech. Ltd.>
[AntiFish Class]
{38928D50-8A48-44C2-945F-D2F23F771410} <C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll, Yahoo.>
[雅虎助手]
{406F94F0-504F-4a40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, Yahoo!>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <D:\qq2005\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[DragSearch BHO]
{62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, >
[YOK超级搜索]
{75FE2B5A-D3A4-4EFA-AC11-ADC9C9459688} <C:\Program Files\YOK.com\SuperSearch\YOK_SuperSearch.dll, www.YOK.com>
[BandIE Class]
{77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[Status Class]
{7BDAF75A-0D6F-4F50-AFE9-333D08DF4005} <C:\Program Files\baigoo\BGooBHO.dll, >
[IEHlprObj Class]
{D424FE4E-CAF9-4fdd-BC5F-E6E6B91D53BF} <C:\Progra~1\NetMeeting\nmview.dll, Microsoft Corporation>
[超级兔子上网精灵]
{FEDF637B-F631-4583-A210-33CC828D42DB} <D:\MagicSet\HaokanBar.dll, 超级兔子>
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\qq2005\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <D:\qq2005\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[YOK超级搜索]
{F869BB38-FFEF-4589-B986-610B7AD0ADA2} <http://www.yok.com, N/A>
[超级兔子上网精灵]
{FEDF637B-F631-4583-A210-33CC828D42DB} <D:\MagicSet\HaokanBar.dll, 超级兔子>
[雅虎助手]
{406F94F0-504F-4a40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, Yahoo!>
[百度超级搜霸]
{B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[YOK超级搜索]
{F869BB38-FFEF-4589-B986-610B7AD0ADA2} <C:\Program Files\YOK.com\SuperSearch\YOK_SuperSearch.dll, www.YOK.com>
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[ActiveMovieControl Object]
{05589FA1-C356-11CE-BF01-00AA0055595A} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[MonitorURL Class]
{08A312BB-5409-49FC-9347-54BB7D069AC6} <C:\PROGRA~1\DESKAD~1\deskipn.dll, >
[Web Browser Applet Control]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\msjava.dll, Microsoft Corporation>
[ChajianHelper Class]
{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} <C:\WINDOWS\system32\SYSREA~1.DLL, Kmedia>
[wmpdrm]
{0E674588-66B7-4E19-9D0E-2053B800F69F} <C:\WINDOWS\system32\wmpdrm.dll, Allsum Info. Tech. Ltd.>
[MyIEHelper Class]
{16A770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper2006318_4242.dll, Microsoft Corporation>
[FltSetUp Class]
{1D49D58D-5C84-4B50-8359-D9809BEB2B32} <C:\Program Files\Internet Explorer\Connection Wizard\icwuti1.dll, Microsoft Corporation>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[Zhongsou Browser Helper]
{2A0176FE-008B-4706-90F5-BBA532A49731} <C:\Program Files\SearchNet\SNHpr.dll, N/A>
[Yahoo!Photo]
{33BBE430-0E42-4F12-B075-8D21ACB10DCB} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll, Yahoo! China>
[AntiFish Class]
{38928D50-8A48-44C2-945F-D2F23F771410} <C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll, Yahoo.>
[NaviHelperObj Class]
{3E422F49-1566-40D3-B43D-077EF739AC32} <C:\WINDOWS\system32\NaviHelper.dll, N/A>
[URLMonitor Class]
{3ED9FFDA-79DB-4B2D-99B7-16EA3C4A3A92} <C:\WINDOWS\system32\hap.dll, N/A>
[雅虎助手]
{406F94F0-504F-4A40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, Yahoo!>
[HHCtrl Object]
{41B23C28-488E-4E5C-ACE2-BB0BBABE99E8} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, N/A>
[CEditCtrl Object]
{488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <D:\qq2005\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Yahoo!Live]
{57421194-58FB-49AE-9B4F-FD48869B9AD4} <C:\Program Files\Yahoo!\Assistant\yaLive.dll, >
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[Router Layer]
{5EB7CB50-E375-4718-B4C0-9AD12EFA2F84} <C:\WINDOWS\System32\aclayer.dll, N/A>
[DownloadValue Class]
{616D4040-5712-4F0F-BCF1-5C6420A99E14} <C:\WINDOWS\system32\winhtp.dll, N/A>
[DragSearch BHO]
{62EED7C6-9F02-42F9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, >
[ActiveBHO Class]
{63C55A7F-6E29-8D4F-5C76-4F850F28D13A} <C:\Progra~1\DoDoorRSSFinder\ActiveBandObject.dll, N/A>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[YOK超级搜索]
{75FE2B5A-D3A4-4EFA-AC11-ADC9C9459688} <C:\Program Files\YOK.com\SuperSearch\YOK_SuperSearch.dll, www.YOK.com>
[BandIE Class]
{77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[搜虎]
{7A38130D-BEB7-4D60-BE7A-4C4AB6A85CD1} <, N/A>
[Status Class]
{7BDAF75A-0D6F-4F50-AFE9-333D08DF4005} <C:\Program Files\baigoo\BGooBHO.dll, >
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[CBHelper Object]
{8A4280AD-9B37-4922-A51D-73F3C3A32AF7} <C:\WINDOWS\system32\msibm\cfsbho.dll, N/A>
[CNNIC_IDN]
{9A578C98-3C2F-4630-890B-FC04196EF420} <C:\WINDOWS\system32\cdn.dll, CNNIC>
[WinSC Class]
{9ACEEE31-1440-471B-AA46-72B061FE7D61} <C:\WINDOWS\system32\WinSC32.dll, N/A>
[Tool Class]
{A7F05EE4-0426-454F-8013-C41E3596E9E9} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[WAB Importer/Exporter]
{AA158CA5-93B4-4CD4-8D8C-BB6F9F515213} <C:\WINDOWS\System32\wabimp.dll, WAB Co.>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[百度超级搜霸]
{B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
{CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\flash.ocx, Macromedia, Inc.>
[OfficeObj Class]
{D2BD7935-05FC-11D2-9059-00C04FD7A1BD} <, N/A>
[IEHlprObj Class]
{D424FE4E-CAF9-4FDD-BC5F-E6E6B91D53BF} <C:\Progra~1\NetMeeting\nmview.dll, Microsoft Corporation>
[DuiSo.com Search]
{E2218499-2FD4-4EED-A94A-7F0B9C6E300E} <C:\WINDOWS\system32\Inte32.dll, N/A>
[bho Class]
{ED8DFC5C-10EF-45AB-9DC2-0639AFF5A270} <C:\PROGRA~1\COMMON~1\Wnwb\wnwbio.dll, 深圳世强软件开发部>
[YOK超级搜索]
{F869BB38-FFEF-4589-B986-610B7AD0ADA2} <C:\Program Files\YOK.com\SuperSearch\YOK_SuperSearch.dll, www.YOK.com>
[assist]
{FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} <C:\PROGRA~1\Yahoo!\Assistant\Assist\yassist.dll, Yahoo!>
[超级兔子上网精灵]
{FEDF637B-F631-4583-A210-33CC828D42DB} <D:\MagicSet\HaokanBar.dll, 超级兔子>
[&使用迅雷下载]
<d:\迅雷5\geturl.htm, N/A>
[&使用迅雷下载全部链接]
<d:\迅雷5\getallurl.htm, N/A>
[YOK超级搜索]
<C:\Program Files\YOK.com\SuperSearch\yoksch.htm, N/A>
[上传到QQ网络硬盘]
<D:\qq2005\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
<D:\qq2005\AddPanel.htm, N/A>
[添加到QQ表情]
<D:\qq2005\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<D:\qq2005\SendMMS.htm, N/A>
[访问通用网址]
<C:\Program Files\CNNIC\Cdn\cnnic.htm, N/A>

其实我不懂PC的心 - 2006-8-14 23:25:00

==================================
正在运行的进程
[PID: 480][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 540][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\Server_Hook.DLL] <N/A><N/A>
[PID: 564][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\Server_Hook.DLL] <N/A><N/A>
[PID: 612][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\quartz32.dll] <><4, 0, 0, 0>
[C:\WINDOWS\system32\UpdateModule.dll] <N/A><N/A>
[C:\WINDOWS\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[C:\WINDOWS\Server_Hook.DLL] <N/A><N/A>
[PID: 624][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\Server_Hook.DLL] <N/A><N/A>
[PID: 772][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\Server_Hook.DLL] <N/A><N/A>
[PID: 820][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\quartz32.dll] <><4, 0, 0, 0>
[C:\WINDOWS\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[C:\WINDOWS\Server_Hook.DLL] <N/A><N/A>
[PID: 900][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\Server_Hook.DLL] <N/A><N/A>
[C:\WINDOWS\system32\quartz32.dll] <><4, 0, 0, 0>
[PID: 1032][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\Server_Hook.DLL] <N/A><N/A>
[PID: 1144][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\Server_Hook.DLL] <N/A><N/A>
[PID: 1244][C:\WINDOWS\Explorer.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[C:\WINDOWS\system32\quartz32.dll] <><4, 0, 0, 0>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <><2, 0, 2, 1019>
[C:\WINDOWS\system32\msicn\msibm.dll] <广州傲讯信息科技有限公司><2, 0, 0, 1>
[C:\PROGRA~1\baigoo\bgoohk.dll] < ><1, 0, 0, 1007>
[C:\WINDOWS\system32\msicn\plugins\bse.dll] <广州傲讯信息科技有限公司><2, 0, 0, 1>
[C:\WINDOWS\system32\msicn\plugins\lup.dll] <广州傲讯信息科技有限公司><2, 0, 0, 1>
[C:\WINDOWS\system32\msicn\plugins\bm.dll] <广州傲讯信息科技有限公司><2, 0, 0, 1>
[C:\WINDOWS\system32\msicn\plugins\as.dll] <广州傲讯信息科技有限公司><2, 0, 0, 1>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <CNNIC><2, 2, 0, 1>
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] <CNNIC><2, 0, 0, 2>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <CNNIC><2, 4, 0, 1>
[C:\WINDOWS\system32\dllz.dll] <N/A><N/A>
[C:\WINDOWS\ServerKey.DLL] <N/A><N/A>
[C:\WINDOWS\Server_Hook.DLL] <N/A><N/A>
[C:\PROGRA~1\Yahoo!\ASSIST~1\yaLive.dll] <><2, 0, 5, 1031>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll] < ><2, 0, 1, 1007>
[C:\WINDOWS\system32\xunleibho_v14.dll] <Thunder Networking Technologies,LTD><4, 6, 0, 62>
[C:\PROGRA~1\baidu\bar\baidubar.dll] <Baidu.com, Inc.><2, 0, 2, 99>
[C:\Program Files\YOK.com\SuperSearch\YOK_SuperSearch.dll] <www.YOK.com><2.0.1.8>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL] <><1, 2, 7, 1006>
[C:\Program Files\baigoo\BGooBHO.dll] <><1, 0, 0, 1>
[PID: 1344][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[C:\WINDOWS\Server_Hook.DLL] <N/A><N/A>
[PID: 1536][C:\WINDOWS\WINLOGON.EXE] <Keys><0.00.0061>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <><2, 0, 2, 1019>
[C:\PROGRA~1\baigoo\bgoohk.dll] < ><1, 0, 0, 1007>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <CNNIC><2, 2, 0, 1>
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] <CNNIC><2, 0, 0, 2>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <CNNIC><2, 4, 0, 1>
[C:\WINDOWS\system32\dllz.dll] <N/A><N/A>
[C:\WINDOWS\ServerKey.DLL] <N/A><N/A>
[C:\WINDOWS\Server_Hook.DLL] <N/A><N/A>
[C:\WINDOWS\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[C:\WINDOWS\system32\quartz32.dll] <><4, 0, 0, 0>
[PID: 1560][C:\WINDOWS\system32\winmer.exe] <Microsoft Corporation><5.1.2600.0>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <><2, 0, 2, 1019>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <CNNIC><2, 4, 0, 1>
[C:\PROGRA~1\baigoo\bgoohk.dll] < ><1, 0, 0, 1007>
[C:\WINDOWS\system32\dllz.dll] <N/A><N/A>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <CNNIC><2, 2, 0, 1>
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] <CNNIC><2, 0, 0, 2>
[C:\WINDOWS\ServerKey.DLL] <N/A><N/A>
[C:\WINDOWS\Server_Hook.DLL] <N/A><N/A>
[PID: 1568][C:\WINDOWS\system32\msime.exe] <Microsoft Corporation><5.1.2600.2180>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <><2, 0, 2, 1019>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <CNNIC><2, 4, 0, 1>
[C:\PROGRA~1\baigoo\bgoohk.dll] < ><1, 0, 0, 1007>
[C:\WINDOWS\system32\dllz.dll] <N/A><N/A>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <CNNIC><2, 2, 0, 1>
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] <CNNIC><2, 0, 0, 2>
[C:\WINDOWS\ServerKey.DLL] <N/A><N/A>
[C:\WINDOWS\Server_Hook.DLL] <N/A><N/A>
[PID: 1652][C:\WINDOWS\SOUNDMAN.EXE] <Realtek Semiconductor Corp.><5.1.02>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <><2, 0, 2, 1019>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <CNNIC><2, 2, 0, 1>
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] <CNNIC><2, 0, 0, 2>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <CNNIC><2, 4, 0, 1>
[C:\PROGRA~1\baigoo\bgoohk.dll] < ><1, 0, 0, 1007>
[C:\WINDOWS\system32\dllz.dll] <N/A><N/A>
[C:\WINDOWS\Server_Hook.DLL] <N/A><N/A>
[C:\WINDOWS\ServerKey.DLL] <N/A><N/A>
[PID: 1748][C:\WINDOWS\VM_STI.EXE] <VM.><4.2.610.4>
[C:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <><2, 0, 2, 1019>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <CNNIC><2, 4, 0, 1>
[C:\PROGRA~1\baigoo\bgoohk.dll] < ><1, 0, 0, 1007>
[C:\WINDOWS\system32\dllz.dll] <N/A><N/A>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <CNNIC><2, 2, 0, 1>
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] <CNNIC><2, 0, 0, 2>
[C:\WINDOWS\ServerKey.DLL] <N/A><N/A>
[C:\WINDOWS\Server_Hook.DLL] <N/A><N/A>
[PID: 1796][D:\Herosoft\HeroV8\SYSEXPLR.EXE] <N/A><N/A>
[D:\Herosoft\HeroV8\AVCDROM.dll] <N/A><N/A>
[D:\Herosoft\HeroV8\CoolMenu.dll] <N/A><N/A>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <><2, 0, 2, 1019>
[D:\Herosoft\HeroV8\Sys936.DLL] <N/A><N/A>
[C:\WINDOWS\system32\dllz.dll] <N/A><N/A>
[C:\WINDOWS\Server_Hook.DLL] <N/A><N/A>
[C:\WINDOWS\ServerKey.DLL] <N/A><N/A>
[PID: 1824][C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe] < ><2, 0, 0, 1002>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <><2, 0, 2, 1019>
[C:\PROGRA~1\Yahoo!\ASSIST~1\yaLive.dll] <><2, 0, 5, 1031>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll] < ><2, 0, 1, 1007>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <CNNIC><2, 2, 0, 1>
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] <CNNIC><2, 0, 0, 2>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <CNNIC><2, 4, 0, 1>
[C:\PROGRA~1\baigoo\bgoohk.dll] < ><1, 0, 0, 1007>
[C:\WINDOWS\system32\dllz.dll] <N/A><N/A>
[C:\WINDOWS\Server_Hook.DLL] <N/A><N/A>
[C:\WINDOWS\ServerKey.DLL] <N/A><N/A>
[C:\Program Files\Yahoo!\Assistant\yNotifier.dll] <><1, 0, 0, 5>
[C:\WINDOWS\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[C:\WINDOWS\system32\quartz32.dll] <><4, 0, 0, 0>
[PID: 1876][D:\CyberLink DVD Solution\PowerDVD\PDVDServ.exe] <Cyberlink Corp.><5.00.0000>
[C:\Program Files\CyberLink\Shared Files\CLRCEngine2.dll] <CyberLink Corp.><3.20.0000>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <><2, 0, 2, 1019>
[C:\WINDOWS\system32\dllz.dll] <N/A><N/A>
[C:\WINDOWS\Server_Hook.DLL] <N/A><N/A>
[C:\WINDOWS\ServerKey.DLL] <N/A><N/A>

其实我不懂PC的心 - 2006-8-14 23:26:00

[PID: 1936][D:\lg_fwupdate\fwupdate.exe] <CST><1.00>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <><2, 0, 2, 1019>
[C:\WINDOWS\system32\dllz.dll] <N/A><N/A>
[C:\WINDOWS\Server_Hook.DLL] <N/A><N/A>
[C:\WINDOWS\ServerKey.DLL] <N/A><N/A>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <CNNIC><2, 2, 0, 1>
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] <CNNIC><2, 0, 0, 2>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <CNNIC><2, 4, 0, 1>
[C:\PROGRA~1\baigoo\bgoohk.dll] < ><1, 0, 0, 1007>
[PID: 1944][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] <RealNetworks, Inc.><0.1.0.3427>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <><2, 0, 2, 1019>
[C:\WINDOWS\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[C:\WINDOWS\system32\dllz.dll] <N/A><N/A>
[C:\WINDOWS\Server_Hook.DLL] <N/A><N/A>
[C:\WINDOWS\system32\quartz32.dll] <><4, 0, 0, 0>
[C:\WINDOWS\ServerKey.DLL] <N/A><N/A>
[C:\WINDOWS\system32\msicn\msibm.dll] <广州傲讯信息科技有限公司><2, 0, 0, 1>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <CNNIC><2, 2, 0, 1>
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] <CNNIC><2, 0, 0, 2>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <CNNIC><2, 4, 0, 1>
[C:\PROGRA~1\baigoo\bgoohk.dll] < ><1, 0, 0, 1007>
[PID: 300][C:\WINDOWS\system32\RUNDLL32.EXE] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\msibm\cfsys.dll] <N/A><N/A>
[C:\WINDOWS\system32\msibm\cfs7zd.DLL] <N/A><N/A>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <><2, 0, 2, 1019>
[C:\WINDOWS\system32\dllz.dll] <N/A><N/A>
[C:\WINDOWS\Server_Hook.DLL] <N/A><N/A>
[C:\WINDOWS\ServerKey.DLL] <N/A><N/A>
[C:\WINDOWS\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[C:\WINDOWS\system32\quartz32.dll] <><4, 0, 0, 0>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <CNNIC><2, 2, 0, 1>
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] <CNNIC><2, 0, 0, 2>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <CNNIC><2, 4, 0, 1>
[C:\PROGRA~1\baigoo\bgoohk.dll] < ><1, 0, 0, 1007>
[PID: 440][D:\DAEMON Tools\daemon.exe] <DT Soft Ltd.><4.00.0.0>
[d:\DAEMON Tools\daemon.dll] <DT Soft Ltd.><4.00.0.0>
[d:\DAEMON Tools\PFCTOC.DLL] <Padus(R), Inc.><1, 0, 0, 12>
[d:\DAEMON Tools\Plugins\Images\bw5mount.dll] <N/A><1.0.6.0>
[d:\DAEMON Tools\Plugins\Images\ccdmount.dll] <GENERIC><1.10.0.0>
[d:\DAEMON Tools\Plugins\Images\mdsmount.dll] <GENERIC><1.12.0.0>
[d:\DAEMON Tools\Plugins\Images\nrgmount.dll] <GENERIC><1.11.0.0>
[d:\DAEMON Tools\Plugins\Images\pdimount.dll] <GENERIC><1.01.0.0>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <><2, 0, 2, 1019>
[C:\WINDOWS\system32\msicn\msibm.dll] <广州傲讯信息科技有限公司><2, 0, 0, 1>
[C:\PROGRA~1\baigoo\bgoohk.dll] < ><1, 0, 0, 1007>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <CNNIC><2, 2, 0, 1>
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] <CNNIC><2, 0, 0, 2>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <CNNIC><2, 4, 0, 1>
[C:\WINDOWS\system32\dllz.dll] <N/A><N/A>
[C:\WINDOWS\Server_Hook.DLL] <N/A><N/A>
[C:\WINDOWS\ServerKey.DLL] <N/A><N/A>
[PID: 532][C:\WINDOWS\rundll32.exe] <N/A><N/A>
[C:\WINDOWS\system32\dllz.dll] <N/A><N/A>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <CNNIC><2, 2, 0, 1>
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] <CNNIC><2, 0, 0, 2>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <CNNIC><2, 4, 0, 1>
[C:\PROGRA~1\baigoo\bgoohk.dll] < ><1, 0, 0, 1007>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <><2, 0, 2, 1019>
[C:\WINDOWS\ServerKey.DLL] <N/A><N/A>
[C:\WINDOWS\Server_Hook.DLL] <N/A><N/A>
[PID: 1112][C:\PROGRA~1\baigoo\bgoomain.exe] <BGoo><1, 0, 0, 1006>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <><2, 0, 2, 1019>
[C:\PROGRA~1\baigoo\bgoohk.dll] < ><1, 0, 0, 1007>
[C:\PROGRA~1\baigoo\bgooex.dll] <><1, 0, 0, 1007>
[C:\WINDOWS\system32\dllz.dll] <N/A><N/A>
[C:\WINDOWS\Server_Hook.DLL] <N/A><N/A>
[C:\WINDOWS\ServerKey.DLL] <N/A><N/A>
[C:\WINDOWS\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <CNNIC><2, 2, 0, 1>
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] <CNNIC><2, 0, 0, 2>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <CNNIC><2, 4, 0, 1>
[PID: 1116][C:\Program Files\Internet Explorer\PLUGINS\SVCHOST.exe] <N/A><5.01.2704>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <><2, 0, 2, 1019>
[C:\WINDOWS\system32\dllz.dll] <N/A><N/A>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <CNNIC><2, 2, 0, 1>
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] <CNNIC><2, 0, 0, 2>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <CNNIC><2, 4, 0, 1>
[C:\PROGRA~1\baigoo\bgoohk.dll] < ><1, 0, 0, 1007>
[C:\WINDOWS\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[C:\WINDOWS\Server_Hook.DLL] <N/A><N/A>
[C:\WINDOWS\ServerKey.DLL] <N/A><N/A>
[C:\WINDOWS\system32\quartz32.dll] <><4, 0, 0, 0>
[PID: 1120][C:\Program Files\CNNIC\Cdn\cdnup.exe] <><2, 4, 0, 4>
[C:\PROGRA~1\baigoo\bgoohk.dll] < ><1, 0, 0, 1007>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <><2, 0, 2, 1019>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <CNNIC><2, 4, 0, 1>
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] <CNNIC><2, 0, 0, 2>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <CNNIC><2, 2, 0, 1>
[C:\Program Files\CNNIC\Cdn\cdntdns.dll] <CNNIC><2, 2, 0, 3>
[C:\WINDOWS\system32\dllz.dll] <N/A><N/A>
[C:\WINDOWS\ServerKey.DLL] <N/A><N/A>
[PID: 508][C:\WINDOWS\system32\conime.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <CNNIC><2, 2, 0, 1>
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] <CNNIC><2, 0, 0, 2>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <CNNIC><2, 4, 0, 1>
[C:\PROGRA~1\baigoo\bgoohk.dll] < ><1, 0, 0, 1007>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <><2, 0, 2, 1019>
[C:\WINDOWS\system32\dllz.dll] <N/A><N/A>
[C:\WINDOWS\Server_Hook.DLL] <N/A><N/A>
[C:\WINDOWS\ServerKey.DLL] <N/A><N/A>
[PID: 2060][C:\Program Files\Internet Explorer\IEXPLORE.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[C:\WINDOWS\Server_Hook.DLL] <N/A><N/A>
[PID: 2196][C:\Program Files\Internet Explorer\IEXPLORE.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\Server_Hook.DLL] <N/A><N/A>
[C:\WINDOWS\ServerKey.DLL] <N/A><N/A>
[C:\WINDOWS\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[PID: 2212][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\Server_Hook.DLL] <N/A><N/A>
[PID: 2248][C:\WINDOWS\system32\UpdateService.exe] <N/A><N/A>
[C:\WINDOWS\Server_Hook.DLL] <N/A><N/A>
[PID: 2328][C:\WINDOWS\Windives.exe] <N/A><N/A>
[C:\WINDOWS\Server_Hook.DLL] <N/A><N/A>
[C:\WINDOWS\ServerKey.DLL] <N/A><N/A>
[C:\WINDOWS\system32\quartz32.dll] <><4, 0, 0, 0>
[C:\WINDOWS\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[C:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[PID: 3532][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\Server_Hook.DLL] <N/A><N/A>
[C:\WINDOWS\system32\quartz32.dll] <><4, 0, 0, 0>
[PID: 2692][D:\betcomet0.62.jsp\BitComet.exe] <www.BitComet.com><0.62.>
[C:\WINDOWS\Server_Hook.DLL] <N/A><N/A>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <CNNIC><2, 2, 0, 1>
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] <CNNIC><2, 0, 0, 2>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <CNNIC><2, 4, 0, 1>
[C:\PROGRA~1\baigoo\bgoohk.dll] < ><1, 0, 0, 1007>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <><2, 0, 2, 1019>
[C:\WINDOWS\ServerKey.DLL] <N/A><N/A>
[C:\WINDOWS\system32\quartz32.dll] <><4, 0, 0, 0>
[C:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[C:\WINDOWS\system32\dllz.dll] <N/A><N/A>
[C:\WINDOWS\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>

其实我不懂PC的心 - 2006-8-14 23:30:00

[PID: 4024][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\Server_Hook.DLL] <N/A><N/A>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <CNNIC><2, 2, 0, 1>
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] <CNNIC><2, 0, 0, 2>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <CNNIC><2, 4, 0, 1>
[C:\PROGRA~1\baigoo\bgoohk.dll] < ><1, 0, 0, 1007>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <><2, 0, 2, 1019>
[C:\PROGRA~1\Yahoo!\ASSIST~1\yscrblock.dll] <Yahoo><1, 0, 2, 1002>
[C:\WINDOWS\ServerKey.DLL] <N/A><N/A>
[C:\PROGRA~1\Yahoo!\ASSIST~1\yaLive.dll] <><2, 0, 5, 1031>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll] < ><2, 0, 1, 1007>
[C:\Program Files\YOK.com\SuperSearch\YOK_SuperSearch.dll] <www.YOK.com><2.0.1.8>
[C:\WINDOWS\system32\xunleibho_v14.dll] <Thunder Networking Technologies,LTD><4, 6, 0, 62>
[C:\WINDOWS\system32\wmpdrm.dll] <Allsum Info. Tech. Ltd.><2, 0, 0, 1>
[C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll] <Yahoo.><1, 0, 2, 1002>
[D:\qq2005\QQIEHelper.dll] <深圳市腾讯计算机系统有限公司><1, 1, 0, 5>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL] <><1, 2, 7, 1006>
[C:\PROGRA~1\baidu\bar\baidubar.dll] <Baidu.com, Inc.><2, 0, 2, 99>
[C:\Program Files\baigoo\BGooBHO.dll] <><1, 0, 0, 1>
[D:\MagicSet\HaokanBar.dll] <超级兔子><1.0.6.8>
[C:\WINDOWS\system32\dllz.dll] <N/A><N/A>
[C:\WINDOWS\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[C:\WINDOWS\system32\quartz32.dll] <><4, 0, 0, 0>
[C:\PROGRA~1\baigoo\bgook.dll] <BAIGOO.COM><1, 0, 0, 1007>
[C:\PROGRA~1\baigoo\plugin\bgoobar\bgoobar.dll] <BAIGOO><1, 0, 0, 1007>
[PID: 1224][D:\qq2005\QQ.exe] <TENCENT><0, 0, 0, 0>
[D:\qq2005\QQBaseClassInDll.dll] <><1, 0, 0, 1>
[D:\qq2005\QQHelperDll.dll] <><1, 0, 0, 1>
[D:\qq2005\BasicCtrlDll.dll] <Tencent><5, 0, 200, 14>
[C:\WINDOWS\Server_Hook.DLL] <N/A><N/A>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <CNNIC><2, 2, 0, 1>
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] <CNNIC><2, 0, 0, 2>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <CNNIC><2, 4, 0, 1>
[C:\PROGRA~1\baigoo\bgoohk.dll] < ><1, 0, 0, 1007>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <><2, 0, 2, 1019>
[C:\WINDOWS\ServerKey.DLL] <N/A><N/A>
[D:\qq2005\QQAPI.dll] <><1, 0, 0, 1>
[C:\WINDOWS\system32\dllz.dll] <N/A><N/A>
[D:\qq2005\TIMProxy.dll] <tencent><0, 3, 2, 4>
[D:\qq2005\LoginCtrl.dll] <><1, 0, 0, 1>
[D:\qq2005\npkcntc.dll] <INCA Internet Co., Ltd.><2005, 9, 1, 1>
[D:\qq2005\npkpdb.dll] <INCA Internet Co., Ltd.><2003, 10, 1, 1>
[D:\qq2005\QQRes.dll] <tencent><1, 0, 0, 1>
[D:\qq2005\QQMainFrame.dll] <N/A><N/A>
[D:\qq2005\CQQApplication.dll] <N/A><N/A>
[C:\WINDOWS\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[C:\WINDOWS\system32\quartz32.dll] <><4, 0, 0, 0>
[D:\qq2005\NewSkin.dll] <><1, 0, 0, 1>
[D:\qq2005\HostingMgr.dll] <><1, 0, 0, 1>
[D:\qq2005\CameraDll.dll] <><1, 0, 0, 1>
[D:\qq2005\MailSummary.dll] <><1, 0, 0, 1>
[D:\qq2005\QQSpace.dll] <><1, 0, 0, 1>
[C:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[D:\qq2005\QQGroupMng.dll] <><1, 0, 0, 1>
[D:\qq2005\LongConnection.dll] <tencent><0, 3, 3, 8>
[D:\qq2005\QQPlugin.dll] <N/A><N/A>
[D:\qq2005\ShareFiles.dll] <N/A><N/A>
[D:\qq2005\QQZip.dll] <tencent><0, 3, 2, 4>
[D:\qq2005\QQAllInOne.dll] <N/A><N/A>
[D:\qq2005\SCCore.dll] <N/A><N/A>
[D:\qq2005\QQCustomFace.dll] <N/A><N/A>
[D:\qq2005\QQPet.dll] <><1, 0, 0, 1>
[D:\qq2005\QQConfigPlugin.dll] <><1, 0, 0, 1>
[D:\qq2005\UserDefinedHead.dll] <><1, 0, 0, 1>
[D:\qq2005\QRingMng.dll] <N/A><N/A>
[D:\qq2005\PhoneAPI.dll] <><1, 0, 0, 1>
[D:\qq2005\DialerAllinOne.dll] <tencent><1, 4, 0, 0>
[D:\qq2005\FlashAvatarDll.dll] <><1, 4, 0, 1>
[C:\WINDOWS\system32\macromed\flash\flash.ocx] <Macromedia, Inc.><6,0,79,0>
[D:\qq2005\ImageOle.dll] <TODO: <Company name>><1.0.0.1>
[D:\qq2005\QQMagicFace.dll] <><1, 0, 0, 1>
[D:\qq2005\QQAvatar.dll] <N/A><N/A>
[D:\qq2005\QQSceneMng.dll] <N/A><N/A>
[C:\WINDOWS\system32\CHENHU4.IME] <chenhu><5.8>
[D:\qq2005\QQSysMsgMng.dll] <N/A><N/A>
[D:\qq2005\BQQApplication.dll] <N/A><N/A>
[D:\qq2005\CommercesMng.dll] <><1, 0, 0, 1>
[D:\qq2005\PersonalDesktop.dll] <深圳市腾讯计算机系统公司QQ工作小组><1, 0, 0, 2>
[D:\qq2005\QQUdpGetFileLib.dll] <tencent><0, 2, 2, 3>
[D:\qq2005\QQAddr.dll] <深圳市腾讯计算机系统有限公司><5, 0, 101, 141>
[D:\qq2005\QQPhoneHelper.dll] <腾讯科技（深圳）有限公司><2, 0, 6, 60>
[D:\qq2005\GroupConnection.dll] <Tencent><5, 0, 202, 30>
[D:\qq2005\QQFileTransfer.dll] <Tencent><5, 0, 202, 40>
[PID: 288][D:\qq2005\TIMPlatform.exe] <tencent><0, 3, 1, 8>
[C:\WINDOWS\Server_Hook.DLL] <N/A><N/A>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <CNNIC><2, 2, 0, 1>
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] <CNNIC><2, 0, 0, 2>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <CNNIC><2, 4, 0, 1>
[C:\PROGRA~1\baigoo\bgoohk.dll] < ><1, 0, 0, 1007>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <><2, 0, 2, 1019>
[C:\WINDOWS\ServerKey.DLL] <N/A><N/A>
[C:\WINDOWS\system32\dllz.dll] <N/A><N/A>
[D:\qq2005\TIMProxy.dll] <tencent><0, 3, 2, 4>
[PID: 1856][D:\淘宝旺旺\WangWang.exe] <淘宝（中国）软件有限公司><1, 6, 6, 616>
[D:\淘宝旺旺\AliViewCtrl.dll] <vline><1, 0, 0, 1>
[D:\淘宝旺旺\VLNetwork.dll] <><1, 0, 0, 6>
[D:\淘宝旺旺\AliViewMedia.dll] <vline><1, 0, 0, 1>
[D:\淘宝旺旺\VideoCAP.dll] <><1, 0, 0, 4>
[D:\淘宝旺旺\VLAudio.dll] <><1, 0, 0, 4>
[D:\淘宝旺旺\JsmShow.dll] <><1, 0, 0, 3>
[C:\WINDOWS\Server_Hook.DLL] <N/A><N/A>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <CNNIC><2, 2, 0, 1>
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] <CNNIC><2, 0, 0, 2>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <CNNIC><2, 4, 0, 1>
[C:\PROGRA~1\baigoo\bgoohk.dll] < ><1, 0, 0, 1007>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <><2, 0, 2, 1019>
[C:\WINDOWS\ServerKey.DLL] <N/A><N/A>
[D:\淘宝旺旺\Ali_Res.DLL] <N/A><N/A>
[D:\淘宝旺旺\RichOne.dll] <淘宝(中国)软件有限公司><1.0.0.1>
[C:\WINDOWS\system32\dllz.dll] <N/A><N/A>
[C:\WINDOWS\system32\quartz32.dll] <><4, 0, 0, 0>
[C:\WINDOWS\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[C:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[D:\淘宝旺旺\WangWangX.dll] <><1, 0, 0, 1>
[PID: 1280][C:\Program Files\Internet Explorer\IEXPLORE.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\Server_Hook.DLL] <N/A><N/A>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <CNNIC><2, 2, 0, 1>
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] <CNNIC><2, 0, 0, 2>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <CNNIC><2, 4, 0, 1>
[C:\PROGRA~1\baigoo\bgoohk.dll] < ><1, 0, 0, 1007>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <><2, 0, 2, 1019>
[C:\PROGRA~1\Yahoo!\ASSIST~1\yscrblock.dll] <Yahoo><1, 0, 2, 1002>
[C:\WINDOWS\ServerKey.DLL] <N/A><N/A>
[C:\PROGRA~1\Yahoo!\ASSIST~1\yaLive.dll] <><2, 0, 5, 1031>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll] < ><2, 0, 1, 1007>
[C:\Program Files\YOK.com\SuperSearch\YOK_SuperSearch.dll] <www.YOK.com><2.0.1.8>
[C:\WINDOWS\system32\xunleibho_v14.dll] <Thunder Networking Technologies,LTD><4, 6, 0, 62>
[C:\WINDOWS\system32\wmpdrm.dll] <Allsum Info. Tech. Ltd.><2, 0, 0, 1>
[C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll] <Yahoo.><1, 0, 2, 1002>
[D:\qq2005\QQIEHelper.dll] <深圳市腾讯计算机系统有限公司><1, 1, 0, 5>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL] <><1, 2, 7, 1006>
[C:\PROGRA~1\baidu\bar\baidubar.dll] <Baidu.com, Inc.><2, 0, 2, 99>
[C:\Program Files\baigoo\BGooBHO.dll] <><1, 0, 0, 1>
[D:\MagicSet\HaokanBar.dll] <超级兔子><1.0.6.8>
[C:\WINDOWS\system32\dllz.dll] <N/A><N/A>
[C:\PROGRA~1\baigoo\bgook.dll] <BAIGOO.COM><1, 0, 0, 1007>
[C:\PROGRA~1\baigoo\plugin\bgoobar\bgoobar.dll] <BAIGOO><1, 0, 0, 1007>
[C:\WINDOWS\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[C:\WINDOWS\system32\quartz32.dll] <><4, 0, 0, 0>
[C:\WINDOWS\system32\macromed\flash\flash.ocx] <Macromedia, Inc.><6,0,79,0>
[C:\WINDOWS\system32\CHENHU4.IME] <chenhu><5.8>

其实我不懂PC的心 - 2006-8-14 23:31:00

[PID: 5668][d:\迅雷5\Thunder.exe] <Thunder Networking Technologies,LTD><5.1.4.174>
[d:\迅雷5\UpdateDownload.dll] <Thunder Networking Technologies,LTD><1, 0, 0, 2>
[d:\迅雷5\download_interface.dll] <Thunder Networking Technologies,LTD><1, 0, 1, 66>
[d:\迅雷5\log4cplus.dll] <><1, 0, 2, 1>
[d:\迅雷5\stlport_vc646.dll] <STLport Consulting, Inc.><4.6.2003.1031>
[d:\迅雷5\msgmanage.dll] <Thunder Networking Technologies,LTD><1, 0, 0, 15>
[d:\迅雷5\historyinfo_manage.dll] <Thunder Networking Technologies,LTD><5, 2, 0, 148>
[C:\WINDOWS\Server_Hook.DLL] <N/A><N/A>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <CNNIC><2, 2, 0, 1>
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] <CNNIC><2, 0, 0, 2>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <CNNIC><2, 4, 0, 1>
[C:\PROGRA~1\baigoo\bgoohk.dll] < ><1, 0, 0, 1007>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <><2, 0, 2, 1019>
[C:\WINDOWS\ServerKey.DLL] <N/A><N/A>
[d:\迅雷5\iEmbed.dll] <Thunder Networking Technologies,LTD><1, 1, 0, 22>
[d:\迅雷5\RegisterDll.dll] <Thunder Networking Technologies,LTD><1, 2, 0, 7>
[d:\迅雷5\FloatBar.dll] <Thunder Networking Technologies,LTD><1, 0, 0, 2>
[C:\WINDOWS\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[C:\WINDOWS\system32\quartz32.dll] <><4, 0, 0, 0>
[d:\迅雷5\iTargetAd.dll] <Thunder Networking Technologies,LTD><1, 0, 0, 59>
[C:\WINDOWS\system32\macromed\flash\flash.ocx] <Macromedia, Inc.><6,0,79,0>
[C:\WINDOWS\system32\dllz.dll] <N/A><N/A>
[PID: 6100][C:\DOCUME~1\liu\LOCALS~1\Temp\Rar$EX03.469\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>
[C:\WINDOWS\Server_Hook.DLL] <N/A><N/A>
[C:\Program Files\CNNIC\Cdn\imaoe.dll] <CNNIC><2, 2, 0, 1>
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] <CNNIC><2, 0, 0, 2>
[C:\Program Files\CNNIC\Cdn\cdndet.dll] <CNNIC><2, 4, 0, 1>
[C:\PROGRA~1\baigoo\bgoohk.dll] < ><1, 0, 0, 1007>
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] <><2, 0, 2, 1019>
[C:\WINDOWS\ServerKey.DLL] <N/A><N/A>
[C:\WINDOWS\system32\dllz.dll] <N/A><N/A>
[C:\WINDOWS\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[C:\WINDOWS\system32\quartz32.dll] <><4, 0, 0, 0>

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE Error. [winfiles]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

其实我不懂PC的心 - 2006-8-14 23:32:00

终于粘完了，无邪GG帮看呀!

其实我不懂PC的心 - 2006-8-15 7:05:00

各位大虾GG，我已经按你们说的做了一部分，由于我对电脑太白痴，有许多不明白的地方，我现在又扫了一个JH日志，你们帮我看下哈，小妹无限感谢！
HijackThis_zww汉化版扫描日志 V1.99.1
保存于 6:52:47, 日期 2006-8-15
操作系统： Windows XP SP2 (WinNT 5.01.2600)
浏览器： Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程：
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\WINLOGON.EXE
C:\WINDOWS\system32\winmer.exe
C:\WINDOWS\system32\msime.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\VM_STI.EXE
D:\Herosoft\HeroV8\SYSEXPLR.EXE
C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
D:\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
D:\lg_fwupdate\fwupdate.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\DAEMON Tools\daemon.exe
C:\WINDOWS\system\realsched.exe
C:\PROGRA~1\baigoo\bgoomain.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\alg.exe
D:\hijackthis版本1.99.1\HijackThis1991汉化版\HijackThis1991zww.exe
C:\WINDOWS\system32\wuauclt.exe

R3 - URLSearchHook: YOK Search Class - {88351CEF-BAC0-4A9B-8380-31A173E2926F} - C:\Program Files\YOK.com\SuperSearch\YOK_SuperSearch.dll
F2 - REG:system.ini: Shell=Explorer.exe 1
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\difd.exe
O2 - BHO: ThunderIEHelper - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v14.dll
O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\WINDOWS\system32\wmpdrm.dll
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\qq2005\QQIEHelper.dll
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll (file missing)
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
O2 - BHO: YOK超级搜索 - {75FE2B5A-D3A4-4EFA-AC11-ADC9C9459688} - C:\Program Files\YOK.com\SuperSearch\YOK_SuperSearch.dll
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dll
O2 - BHO: bg - {7BDAF75A-0D6F-4F50-AFE9-333D08DF4005} - C:\Program Files\baigoo\BGooBHO.dll
O2 - BHO: IEHlprObj Class - {D424FE4E-CAF9-4fdd-BC5F-E6E6B91D53BF} - C:\Progra~1\NetMeeting\nmview.dll
O2 - BHO: 超级兔子上网精灵 - {FEDF637B-F631-4583-A210-33CC828D42DB} - D:\MagicSet\HaokanBar.dll
O3 - IE工具栏增项: 超级兔子上网精灵 - {FEDF637B-F631-4583-A210-33CC828D42DB} - D:\MagicSet\HaokanBar.dll
O3 - IE工具栏增项: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O3 - IE工具栏增项: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\baidubar.dll
O3 - IE工具栏增项: YOK超级搜索 - {F869BB38-FFEF-4589-B986-610B7AD0ADA2} - C:\Program Files\YOK.com\SuperSearch\YOK_SuperSearch.dll
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [SoundMan] SOUNDMAN.EXE
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: [nwiz] nwiz.exe /install
O4 - 启动项HKLM\\Run: [Super Rabbit SRRestore] D:\MagicSet\srrest.exe /autosave
O4 - 启动项HKLM\\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 301P
O4 - 启动项HKLM\\Run: [SysExplr] d:\Herosoft\HeroV8\SYSEXPLR.EXE
O4 - 启动项HKLM\\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - 启动项HKLM\\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - 启动项HKLM\\Run: [RemoteControl] "d:\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - 启动项HKLM\\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - 启动项HKLM\\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - 启动项HKLM\\Run: [LGODDFU] d:\lg_fwupdate\fwupdate.exe
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - 启动项HKLM\\Run: [mscfs] RUNDLL32 C:\WINDOWS\system32\msibm\cfsys.dll,cfs
O4 - 启动项HKLM\\Run: [DAEMON Tools] "d:\DAEMON Tools\daemon.exe" -lang 1033
O4 - 启动项HKLM\\Run: [Torjan Program] C:\WINDOWS\WINLOGON.EXE
O4 - 启动项HKLM\\Run: [rx] C:\WINDOWS\rundll32.exe
O4 - 启动项HKLM\\Run: [_rx] C:\WINDOWS\rundll32.exe
O4 - 启动项HKLM\\Run: [设备检测器] DevDetect.exe -autorun
O4 - 启动项HKLM\\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - 启动项HKLM\\Run: [MSService_v1.0] C:\WINDOWS\system\realsched.exe
O4 - 启动项HKLM\\Run: [bgoomain.exe] C:\PROGRA~1\baigoo\bgoomain.exe
O4 - 启动项HKLM\\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - 启动项HKLM\\Run: [spoolsv] C:\WINDOWS\system32\spoolsv\spoolsv.exe -printer
O4 - 启动项HKLM\\Run: [SVCHOST] C:\Program Files\Internet Explorer\PLUGINS\SVCHOST.exe
O4 - 启动项HKLM\\RunServices: [Torjan Program] C:\WINDOWS\WINLOGON.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: desktop.ini
O4 - Startup: 腾讯QQ.lnk = D:\qq2005\QQ.exe
O4 - Startup: 地址栏搜索.lnk = C:\Documents and Settings\liu\Local Settings\Temp\efcbz0je.exe
O4 - Global Startup: desktop.ini
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - d:\迅雷5\geturl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - d:\迅雷5\getallurl.htm
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - D:\qq2005\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - D:\qq2005\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\qq2005\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - D:\qq2005\SendMMS.htm
O9 - 浏览器额外的按钮: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll (file missing)
O9 - 浏览器额外的“工具”菜单项: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll (file missing)
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\qq2005\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\qq2005\QQ.EXE
O9 - 浏览器额外的按钮: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\qq2005\QQIEHelper.dll
O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\qq2005\QQIEHelper.dll
O9 - 浏览器额外的按钮: YOK超级搜索 - {F869BB38-FFEF-4589-B986-610B7AD0ADA2} - http://www.yok.com (file missing)
O10 - 未知的文件在 Winsock LSP: c:\windows\system32\cdnns.dll
O10 - 未知的文件在 Winsock LSP: c:\windows\system32\quartz32.dll
O10 - 未知的文件在 Winsock LSP: c:\windows\system32\quartz32.dll
O11 - Options group: [CDNCLIENT] 中文上网
O23 - NT 服务: windives - Unknown owner - C:\WINDOWS\Windives.exe (file missing)
O23 - NT 服务: Windows XP Vista - Unknown owner - C:\Program.exe (file missing)

瑞星卡卡安全论坛