瑞星卡卡安全论坛

启动项能关的都关了`还是会跳出加载c:\windows\system32\guard.tmp出错
监控显示中了Adware.Dinkum.a`大家帮帮忙`折磨了我7小时了


HijackThis_zww汉化版扫描日志 V1.99.1
保存于      21:47:46, 日期 2006-8-26
操作系统：  Windows XP SP1 (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 SP1 (6.00.2800.1106)

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
d:\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
d:\Rising\Rav\Ravmond.exe
C:\WINDOWS\system32\spoolsv.exe
d:\Rising\Rav\RavStub.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\lssc.exe
C:\WINDOWS\System32\ctfmon.exe
D:\Rising\Rav\RavMon.exe
E:\QQ\QQ.exe
E:\QQ\TIMPlatfrom.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Documents and Settings\cyz\桌面\HijackThis1991zww.exe

R3 - 默认的URLSearchHook丢失。用HijackThis修复
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O3 - IE工具栏增项: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - D:\金山快译\IEBand.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - D:\xunlei5\Program\GetUrl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - D:\xunlei5\Program\GetAllUrl.htm
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - E:\QQ\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - E:\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - E:\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - E:\QQ\SendMMS.htm
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\cdnns.dll' missing
O11 - Options group: [CDNCLIENT]  中文上网
O17 - HKLM\System\CCS\Services\Tcpip\..\{6E5F999A-35F4-4512-86BD-FE1380AAC0B6}: NameServer = 218.2.135.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{7133C22E-9C6D-41EF-8065-F4CC1D45DD52}: NameServer = 218.2.135.1 61.147.37.1
O20 - Winlogon Notify: Run - C:\WINDOWS\system32\en2ql1f51.dll
O23 - NT 服务: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - NT 服务: Network Location Manager - Unknown owner - C:\WINDOWS\system32\lssc.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - d:\Rising\Rav\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - d:\Rising\Rav\Ravmond.exe
O23 - NT 服务: windows logon - Unknown owner - C:\WINDOWS\winlogon.exe (file missing)

这帖子回复过，不要重复发帖子啊。

2006-08-26,22:28:11

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 1 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><; ; C:\WINDOWS\System32\ctfmon.exe>  [Microsoft Corporation]
    <IEXPLORE.EXE><; IEXPLORE.EXE http://vod.soucn.net>  []
    <MSMSGS><; ; "C:\Program Files\Messenger\msmsgs.exe" /background>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><; ?矵?
?矵??矵?
?
?耈砎??>  []
    <run><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <MS Dynamic Host Configuration Protocol><MSDHCP32.exe>  []
    <CdnCtr><; C:\Program Files\CNNIC\Cdn\cdnup.exe>  []
    <defender><; C:\\dfndrff_13.exe>  []
    <helper.dll><; C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32>  []
    <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [Microsoft Corporation]
    <keyboard><; C:\\kybrdff_13.exe>  []
    <newname><; C:\\nwnmff_13.exe>  []
    <PHIME2002A><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [Microsoft Corporation]
    <PHIME2002ASync><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [Microsoft Corporation]
    <stup.exe><; C:\PROGRA~1\TENCENT\Adplus\stup.exe>  []
    <TkBellExe><; ; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  []
    <vptray><; C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe>  []
    <VVSN><; C:\Program Files\VVSN\VVSN.exe>  []
    <YLive.exe><; C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
    <MS Dynamic Host Configuration Protocol><MSDHCP32.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <KernelFaultCheck><C:\WINDOWS\System32\wdm.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\WINDOWS\System32\Userinit.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\App Management]
    <WinlogonNotify: App Management><C:\WINDOWS\system32\azaql1f51.dll>  []

==================================
启动文件夹
服务
[InstallDriver Table Manager / IDriverT]
  <C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe><Macrovision Corporation>
[Network Location Manager / Network Location Manager]
  <"C:\WINDOWS\system32\lssc.exe"><N/A>
[Network Sharing Service / NSServ]
  <"C:\WINDOWS\system32\nsservice.exe"><N/A>
[Rising Process Communication Center / RsCCenter]
  <"d:\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
  <"d:\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[winaua / winaua]
  <C:\DOCUME~1\cyz\LOCALS~1\Temp\stdup322\stdupd.exe -R><N/A>
[Windows Fix Services / Windows Fix Services]
  <"C:\WINDOWS\winfix32.exe"><N/A>
[windows logon / windows logon]
  <"C:\WINDOWS\winlogon.exe"><N/A>

==================================
浏览器加载项
[金山快译(&K)]
  {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} <D:\金山快译\IEBand.dll, 金山软件股份有限公司>
[&Download using ???醯????]
  <osoft XML Parser for Java, N/A>
[&使用迅雷下载]
  <D:\xunlei5\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
  <D:\xunlei5\Program\GetAllUrl.htm, N/A>
[上传到QQ网络硬盘]
  <E:\QQ\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
  <E:\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <E:\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <E:\QQ\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 1692][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.2800.1106 (xpsp1.020828-1920)>
    [C:\WINDOWS\System32\igfxpph.dll]  <Intel Corporation><3,0,0,1918>
    [C:\WINDOWS\System32\hccutils.DLL]  <Intel Corporation><3,0,0,1918>
    [C:\WINDOWS\System32\igfxres.dll]  <Intel Corporation><3,0,0,1918>
    [d:\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\RavExt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
    [C:\WINDOWS\System32\Macromed\Flash\Flash8b.ocx]  <Macromedia, Inc.><8,0,24,0>
    [E:\QQ\qdshm.dll]  <><1, 0, 101, 20>
[PID: 1940][C:\WINDOWS\System32\ctfmon.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 884][C:\WINDOWS\system32\NOTEPAD.EXE]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 1716][D:\Rising\Rav\RavMon.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 1, 30>
    [D:\Rising\Rav\RsGuiLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 24>
    [D:\Rising\Rav\BWList.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
    [D:\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [D:\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [D:\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [D:\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [D:\Rising\Rav\PngDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 3616][C:\Documents and Settings\cyz\桌面\sreng2\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  Error. [C:\WINDOWS\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\NOTEPAD.EXE %1]
.INF  Error. [C:\WINDOWS\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

不好意思`刚才机器卡`发帖的时候不小心刷新了次`就发了2个

C:\WINDOWS\system32\en2ql1f51.dll
C:\WINDOWS\system32\lssc.exe
C:\WINDOWS\winlogon.exe
这3个文件找不到

是不是要在安全模式下查找?

运行(双击)System Repair Engineer，使用“系统修复，文件关联，勾选“全选”点“修复”使所有扩展名都恢复正常
MSDHCP32.exe这个东东不知，你自己确定一下是什么

C:\WINDOWS\System32\wdm.exe
这一项看以下的帖子
http://forum.ikaka.com/topic.asp?board=28&artid=8149966

运行(双击)System Repair Engineer，点“启动项目，服务，点“Win32服务应用程序”勾选“隐藏微软服务”选中病毒服务Network Location Manager,Network Sharing Service,winaua ,Windows Fix Services,windows logon ，选择“删除服务”点“设置”选择“否”最后重启。（每一个逗号隔开的就是一个病毒的服务，请逐一删除）
重启
运行(双击)System Repair Engineer，使用“启动项目，注册表”来删除以下选项。
C:\\dfndrff_13.exe
C:\\kybrdff_13.exe
C:\\nwnmff_13.exe
C:\WINDOWS\system32\azaql1f51.dll
双击我的电脑，工具，文件夹选项，查看，单击选取"显示隐藏文件或文件夹"清除"隐藏受保护的操作系统文件（推荐）"复选框。在提示确定更改时，单击“是”，清除“隐藏已知文件类型的扩展名
C:\\dfndrff_13.exe
C:\\kybrdff_13.exe
C:\\nwnmff_13.exe
C:\WINDOWS\system32\azaql1f51.dll
C:\WINDOWS\system32\lssc.exe
C:\WINDOWS\system32\nsservice.exe
C:\DOCUME~1\cyz\LOCALS~1\Temp删除这个文件夹的所有文件。
C:\WINDOWS\winlogon.exe
C:\WINDOWS\winfix32.exe
修复后重启。再扫份日志粘上来。

C:\WINDOWS\winlogon.exe拒绝访问`无法删除

又扫了遍`

2006-08-27,06:01:12

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 1 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>  [Microsoft Corporation]
    <IEXPLORE.EXE><; IEXPLORE.EXE http://vod.soucn.net>  []
    <MSMSGS><; ; "C:\Program Files\Messenger\msmsgs.exe" /background>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <run><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <MS Dynamic Host Configuration Protocol><; MSDHCP32.exe>  []
    <CdnCtr><; C:\Program Files\CNNIC\Cdn\cdnup.exe>  []
    <helper.dll><; C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32>  []
    <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [Microsoft Corporation]
    <PHIME2002A><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [Microsoft Corporation]
    <PHIME2002ASync><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [Microsoft Corporation]
    <stup.exe><; C:\PROGRA~1\TENCENT\Adplus\stup.exe>  []
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <vptray><; C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe>  []
    <VVSN><; C:\Program Files\VVSN\VVSN.exe>  []
    <YLive.exe><; C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
    <MS Dynamic Host Configuration Protocol><MSDHCP32.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\WINDOWS\System32\Userinit.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [Microsoft Corporation]

==================================
启动文件夹
服务
[InstallDriver Table Manager / IDriverT]
  <C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe><Macrovision Corporation>
[Rising Process Communication Center / RsCCenter]
  <"d:\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
  <"d:\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
浏览器加载项
[DeskbarBHO]
  {A8B28872-3324-4CD2-8AA3-7D555C872D96} <C:\Program Files\Deskbar\deskbar.dll, Deskbar>
[金山快译(&K)]
  {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} <D:\金山快译\IEBand.dll, 金山软件股份有限公司>
[&Download using ???醯????]
  <osoft XML Parser for Java, N/A>
[&使用迅雷下载]
  <D:\xunlei5\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
  <D:\xunlei5\Program\GetAllUrl.htm, N/A>
[上传到QQ网络硬盘]
  <E:\QQ\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
  <E:\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <E:\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <E:\QQ\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 1600][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.2800.1106 (xpsp1.020828-1920)>
    [C:\WINDOWS\System32\igfxpph.dll]  <Intel Corporation><3,0,0,1918>
    [C:\WINDOWS\System32\hccutils.DLL]  <Intel Corporation><3,0,0,1918>
    [C:\WINDOWS\System32\igfxres.dll]  <Intel Corporation><3,0,0,1918>
    [C:\Program Files\Deskbar\deskbar.dll]  <Deskbar><1, 0, 0, 272>
    [E:\QQ\qdshm.dll]  <><1, 0, 101, 20>
    [C:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\RavExt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
    [d:\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[PID: 2008][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  <RealNetworks, Inc.><0.1.0.3249>
[PID: 2024][C:\WINDOWS\System32\ctfmon.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 944][C:\Program Files\Internet Explorer\iexplore.exe]  <Microsoft Corporation><6.00.2800.1106 (xpsp1.020828-1920)>
    [C:\Program Files\Deskbar\deskbar.dll]  <Deskbar><1, 0, 0, 272>
    [C:\WINDOWS\System32\Macromed\Flash\Flash8b.ocx]  <Macromedia, Inc.><8,0,24,0>
[PID: 1164][C:\WINDOWS\System32\conime.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 1900][C:\Documents and Settings\cyz\桌面\sreng2\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

现在QQ不知道怎么打不开了`老是说程序错误`重装`装了还是没用`
启动项目的
C:\\dfndrff_13.exe
C:\\kybrdff_13.exe
C:\\nwnmff_13.exe
中的2个开机过一会又添加到启动里了``求高人相助..

你再扫描一份新的hijackthis日志发上来

Logfile of HijackThis v1.99.1
Scan saved at 7:29:35, on 2006-8-27
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
d:\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
d:\Rising\Rav\Ravmond.exe
C:\WINDOWS\system32\spoolsv.exe
d:\Rising\Rav\RavStub.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\wdfmgr.exe
C:\WINDOWS\System32\ctfmon.exe
D:\Rising\Rav\RavMon.exe
D:\Rising\Rav\Rav.exe
C:\Program Files\Winamp\Winamp.exe
C:\WINDOWS\System32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\cyz\桌面\hijackthis\HijackThis.exe

R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O3 - Toolbar: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - D:\金山快译\IEBand.dll
O4 - HKLM\..\Run: [CdnCtr] ; ; ; C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - HKLM\..\Run: [helper.dll] ; ; ; C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [IMJPMIG8.1] ; ; ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002A] ; ; ; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PHIME2002ASync] ; ; ; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [stup.exe] ; ; ; C:\PROGRA~1\TENCENT\Adplus\stup.exe
O4 - HKLM\..\Run: [TkBellExe] ; ; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [vptray] ; ; ; C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [VVSN] ; ; ; C:\Program Files\VVSN\VVSN.exe
O4 - HKLM\..\Run: [YLive.exe] ; ; ; C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\RunServices: [MS Dynamic Host Configuration Protocol] ; MSDHCP32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] ; ; ; ; "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &使用迅雷下载 - D:\xunlei5\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - D:\xunlei5\Program\GetAllUrl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - E:\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - e:\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - e:\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - e:\QQ\SendMMS.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - e:\QQ\QQ.EXE (file missing)
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - e:\QQ\QQ.EXE (file missing)
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - e:\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - e:\QQ\QQIEHelper.dll
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\cdnns.dll' missing
O11 - Options group: [CDNCLIENT]  中文上网
O17 - HKLM\System\CCS\Services\Tcpip\..\{6E5F999A-35F4-4512-86BD-FE1380AAC0B6}: NameServer = 218.2.135.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{7133C22E-9C6D-41EF-8065-F4CC1D45DD52}: NameServer = 218.2.135.1 61.147.37.1
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - d:\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - d:\Rising\Rav\Ravmond.exe
O23 - Service: Microsoft Windows Spool Service (Windows Spool Service) - Unknown owner - C:\WINDOWS\wdfmgr.exe

哪位高手能帮帮忙..急求`