看看这是什么毒?总也杀不完! bbs.ikaka.com

wutong10001 - 2006-11-5 17:56:00

杀毒显示是:Trojan PSW. zhen... Trojan DL.Agent... Trojan DL.VBS.A...HijackThis_zww汉化版扫描日志 V1.99.1
保存于 17:40:47, 日期 2006-11-5
操作系统： Windows XP SP2 (WinNT 5.01.2600)
浏览器： Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程：
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\MSINFO\system.exe
C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Rising\Rav\RavTask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\conime.exe
C:\KAV5\KAVSVC.EXE
C:\Program Files\Common Files\Sogou PXP\p2psvr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\MSINFO\Sysrem4.exe
C:\Program Files\Common Files\Microsoft Shared\MSINFO\Sysrem2.exe
C:\WINDOWS\system32\svchost.exe
D:\WEB迅雷\WebThunder.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Rising\Rfw\rfwmain.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\WinRAR.exe
C:\DOCUME~1\a\LOCALS~1\Temp\Rar$EX00.953\HijackThis1991zww.exe

R3 - URLSearchHook: 上网助手 - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\Program Files\3721\Assist\asbar.dll
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll
O2 - BHO: QQBrowserHelperObject Class - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\DownLoads\qq\QQIEHelper.dll
O2 - BHO: Router Layer - {5EB7CB50-E375-4718-B4C0-9AD12EFA2F84} - C:\WINDOWS\System32\aclayer.dll (file missing)
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
O2 - BHO: 超级兔子上网精灵 - {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} - F:\PROGRA~1\SUPERR~1\MAGICSET\haokanbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: YiSou - {EF1D17A9-089F-40cc-8D64-7324CDEBA0DB} - C:\PROGRA~1\yisou\yisoub.dll
O3 - IE工具栏增项: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - e:\Kingsoft\FastAIT\IEBand.dll
O3 - IE工具栏增项: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - IE工具栏增项: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O3 - IE工具栏增项: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - IE工具栏增项: 超级兔子上网精灵 - {43869BB3-22FD-4F15-9B46-238106BA2F4E} - F:\PROGRA~1\SUPERR~1\MAGICSET\haokanbar.dll
O3 - IE工具栏增项: 一搜工具条 - {115F6E46-FCBC-41ed-B3B5-3BDDD4AAB5E5} - C:\Program Files\yisou\yisou.dll
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [TkBellExe] ; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - 启动项HKLM\\Run: [YLive.exe] ; C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - 启动项HKLM\\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - 启动项HKLM\\Run: [SysExplr] ; D:\SYSEXPLR.EXE
O4 - 启动项HKLM\\Run: [SoundMan] SOUNDMAN.EXE
O4 - 启动项HKLM\\Run: [WebThunder] ; D:\WEB迅雷\WebThunder.exe
O4 - 启动项HKLM\\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - 启动项HKLM\\Run: [xy] C:\WINDOWS\Download\svhost32.exe
O4 - 启动项HKLM\\Run: [rzt] C:\WINDOWS\Intel\rundll32.exe
O4 - 启动项HKLM\\Run: [CnsMin] Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32
O4 - 启动项HKLM\\RunOnce: [YahooC:\PROGRA~1\Yahoo!\Assistant\yClickOn.dll935359] regsvr32 /s C:\PROGRA~1\Yahoo!\Assistant\yClickOn.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] ; "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - IE右键菜单中的新增项目: !搜一搜(&S) - res://C:\Program Files\yisou\yisou.dll/232
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - D:\Program Files\geturl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - D:\Program Files\getAllurl.htm
O8 - IE右键菜单中的新增项目: Google 搜索(&G) - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - D:\DownLoads\qq\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 使用Web迅雷下载 - D:\WEB迅雷\GetUrl.htm
O8 - IE右键菜单中的新增项目: 使用Web迅雷下载全部链接 - D:\WEB迅雷\GetAllUrl.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - D:\Program Files\FlashGet\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - D:\Program Files\FlashGet\jc_all.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - D:\DownLoads\qq\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\DownLoads\qq\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - D:\DownLoads\qq\SendMMS.htm
O9 - 浏览器额外的按钮: 启动Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)
O9 - 浏览器额外的“工具”菜单项: 启动Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\DownLoads\qq\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\DownLoads\qq\QQ.EXE
O9 - 浏览器额外的按钮: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\DownLoads\qq\QQIEHelper.dll
O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\DownLoads\qq\QQIEHelper.dll
O11 - Options group: [!CNS] 上网助手-地址栏搜索
O11 - Options group: [TBH] 搜搜地址栏搜索
O16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} (WebActivater Control) - http://game.qq.com/QQGame2.cab
O16 - DPF: {C07405FD-84D1-4A25-94E8-68609EA8335B} (iChatX Object) - http://chat.hdt.net.cn/ichatx.dll
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/Ver2005/OL2005.cab
O16 - DPF: {EF6205C1-3F17-4829-BCB5-1336ED89E356} - http://club.jiangmin.com/kvscan/KvDown.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} - http://cache10.itv.mop.com/pCastCtl_1.0.0.87_20060601.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{917F612A-74DE-4731-A932-FC477BF1736F}: NameServer = 202.99.160.68 202.99.166.4
O20 - AppInit_DLLs: 235780M.BMP
O21 - SSODL: CDBurner - {D92D637A-0FB7-412D-A7E8-29340A580F7E} - C:\WINDOWS\Downloaded Program Files\jaasnt.dll (file missing)
O21 - SSODL: AdobePDF - {D92D666A-0F7B-5892-A7E8-29340333F07E} - c:\program files\internet explorer\PLUGINS\nppdf.dll
O23 - NT 服务: Kingsoft AntiVirus Service (KAVSvc) - kingsoft Antivirus - C:\KAV5\KAVSVC.EXE
O23 - NT 服务: P4P Service - Sohu.com Inc. - C:\Program Files\Common Files\Sogou PXP\p2psvr.exe
O23 - NT 服务: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe

wutong10001 - 2006-11-5 18:48:00

【而且桌面总是过一回就会出现一个:h4xOr的程序是怎么回事？

水树雨下 - 2006-11-5 18:52:00

修复
O4 - 启动项HKLM\\Run: [xy] C:\WINDOWS\Download\svhost32.exe
O4 - 启动项HKLM\\Run: [rzt] C:\WINDOWS\Intel\rundll32.exe
O20 - AppInit_DLLs: 235780M.BMP
删除
C:\Program Files\Common Files\Microsoft Shared\MSINFO\system.exe
C:\WINDOWS\Download\svhost32.exe
C:\WINDOWS\Intel\rundll32.exe
235780M.BMP
用超级兔子清理流氓软件

wutong10001 - 2006-11-5 19:31:00

不行啊,我在安全模式下删的,可一开机又有了!怎么办啊?】

猪知山 - 2006-11-5 19:39:00

请到我的网盘：http://free5.ys168.com/?echowj下载 System Repair Engineer，使用“智能扫描”，勾选“检查进程模块的数字签名”按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
日志一次粘不完，分次粘完，请不要修改。谢谢．．．

wutong10001 - 2006-11-5 20:14:00

【回复“猪知山”的帖子】
2006-11-05,19:58:31

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
<MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background> [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
<run><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [N/A]
<YLive.exe><; C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe> [Yahoo! China]
<yassistse><"C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"> [Yahoo! China]
<SysExplr><; D:\SYSEXPLR.EXE> [N/A]
<SoundMan><SOUNDMAN.EXE> [Realtek Semiconductor Corp.]
<WebThunder><; D:\WEB迅雷\WebThunder.exe> [深圳市迅雷网络技术有限公司]
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
<KernelFaultCheck><%systemroot%\system32\dumprep 0 -k> [N/A]
<CnsMin><Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32> [北京三七二一科技有限公司]
<xy><C:\WINDOWS\Download\svhost32.exe> [N/A]
<rzt><C:\WINDOWS\Intel\rundll32.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<NowayHo><C:\Program Files\Common Files\Microsoft Shared\MSINFO\smss.exe> [N/A]
<NicePy><C:\Program Files\Common Files\Microsoft Shared\MSINFO\system.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><235780M.BMP> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{6E44887F-5214-41F2-AB46-4728735C4CC6}><C:\Program Files\Internet Explorer\PLUGINS\system16.sys> [N/A]
<{9A0CFC58-5A6F-41ba-9FFE-4320F4F62FB1}><C:\WINDOWS\system32\Cnscheck100.dll> [N/A]
<{4BAB150F-DD97-476D-9C1E-41B6CDC0CA7A}><C:\PROGRA~1\Yahoo!\Assistant\yClickOn.dll> [YAHOO Corporation Limited]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<CDBurner><C:\WINDOWS\Downloaded Program Files\jaasnt.dll> [N/A]
<AdobePDF><c:\program files\internet explorer\PLUGINS\nppdf.dll> [N/A]

==================================
启动文件夹
[迅雷4]
<C:\Documents and Settings\a\「开始」菜单\程序\启动\迅雷4.lnk --> D:\PROGRA~1\Thunder.exe [深圳市迅雷网络技术有限公司]><N>

==================================
服务
N/A

===============================

影子110 - 2006-11-5 20:31:00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<xy><C:\WINDOWS\Download\svhost32.exe> [N/A]
<rzt><C:\WINDOWS\Intel\rundll32.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<NowayHo><C:\Program Files\Common Files\Microsoft Shared\MSINFO\smss.exe> [N/A]
<NicePy><C:\Program Files\Common Files\Microsoft Shared\MSINFO\system.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><235780M.BMP> [N/A]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{6E44887F-5214-41F2-AB46-4728735C4CC6}><C:\Program Files\Internet Explorer\PLUGINS\system16.sys> [N/A]
<{9A0CFC58-5A6F-41ba-9FFE-4320F4F62FB1}><C:\WINDOWS\system32\Cnscheck100.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<CDBurner><C:\WINDOWS\Downloaded Program Files\jaasnt.dll> [N/A]
<AdobePDF><c:\program files\internet explorer\PLUGINS\nppdf.dll> [N/A]
安全模式下清理上面的项(删除这些项!)
先显示所有
打开我的电脑》工具》文件夹选项》查看》显示所有文件，不隐藏受保护的操作系统文件》确定

查找并删除下面的~
C:\WINDOWS\Download\svhost32.exe
C:\WINDOWS\Intel\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\MSINFO\smss.exe
C:\Program Files\Common Files\Microsoft Shared\MSINFO\system.exe

235780M.BMP(这个要搜索下~)
C:\Program Files\Internet Explorer\PLUGINS\system16.sys
C:\WINDOWS\system32\Cnscheck100.dll
C:\WINDOWS\Downloaded Program Files\jaasnt.dll
c:\program files\internet explorer\PLUGINS\nppdf.dll

另,日志没帖全.

wutong10001 - 2006-11-5 20:33:00

驱动程序
[9 / 9]
<\SystemRoot\system32\drivers\boot00.sys><N/A>
[99 / 99]
<\SystemRoot\system32\drivers\boot00.sys><N/A>
[ADProt / ADProt]
<\SystemRoot\system32\drivers\ADProt.sys><N/A>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Apaidi / Apaidi]
<\??\C:\WINDOWS\system32\drivers\Apaidi.sys><N/A>
[BaseTDI / BaseTDI]
<\??\C:\WINDOWS\system32\drivers\basetdi.sys><Beijing Rising Technology Co., Ltd.>
[ExpScaner / ExpScaner]
<\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[GPKiller / GPKiller]
<\SystemRoot\system32\drivers\gpkiller.sys><Yahoo!>
[HookCont / HookCont]
<\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising tech Co. ltd>
[HookReg / HookReg]
<\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys]
<\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl]
<\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[kmsinput / kmsinput]
<\??\C:\WINDOWS\system32\drivers\kmsinput.sys><N/A>
[KWatch2 / KWatch2]
<\SystemRoot\system32\drivers\KWatch2.sys><Kingsoft Antivirus>
[MEMSCAN / MEMSCAN]
<\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs]
<\??\c:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[npkcrypt / npkcrypt]
<\??\D:\DownLoads\qq\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[nwlnksipx / nwlnksipx]
<\??\C:\WINDOWS\system32\drivers\nwlnksipx.sys><Microsoft Corporation>
[Direct Parallel Link Driver / Ptilink]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsFwDrv / RsFwDrv]
<\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv]
<system32\DRIVERS\secdrv.sys><N/A>

==================================
浏览器加载项
[Yahoo!Photo]
{33BBE430-0E42-4f12-B075-8D21ACB10DCB} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll, Yahoo! China>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <D:\DownLoads\qq\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Router Layer]
{5EB7CB50-E375-4718-B4C0-9AD12EFA2F84} <C:\WINDOWS\System32\aclayer.dll, N/A>
[DragSearch BHO]
{62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, yahoo! china>
[超级兔子上网精灵]
{7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <F:\PROGRA~1\SUPERR~1\MAGICSET\haokanbar.dll, Xiang Feng Technology>
[Google Toolbar Helper]
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[DragSearch BHO]
{EF1D17A9-089F-40cc-8D64-7324CDEBA0DB} <C:\PROGRA~1\yisou\yisoub.dll, >
[启动Web迅雷]
{962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\DownLoads\qq\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <D:\DownLoads\qq\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[金山快译(&K)]
{6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} <e:\Kingsoft\FastAIT\IEBand.dll, >
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <D:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft>
[雅虎助手]
{406F94F0-504F-4a40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, yahoo! china>
[&Google]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[超级兔子上网精灵]
{43869BB3-22FD-4F15-9B46-238106BA2F4E} <F:\PROGRA~1\SUPERR~1\MAGICSET\haokanbar.dll, Xiang Feng Technology>
[一搜工具条]
{115F6E46-FCBC-41ed-B3B5-3BDDD4AAB5E5} <C:\Program Files\yisou\yisou.dll, 3721>
[WebActivater Control]
{3D8F74EE-8692-4F8F-B8D2-7522E732519E} <C:\WINDOWS\system32\WEBACT~1.OCX, QQ>
[iChatX Object]
{C07405FD-84D1-4A25-94E8-68609EA8335B} <C:\WINDOWS\Downloaded Program Files\ichatx.dll, 深圳市东方博雅科技有限公司>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[Rising Web Scan Object]
{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\DOWNLO~1\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[WebThunder Browser Helper]
{00000AAA-A363-466E-BEF5-9BB68697AA7F} <D:\WEB迅雷\WebThunderBHO_015.dll, Thunder Networking Technologies,LTD>
[Google Script Object]
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[ActiveMovieControl Object]
{05589FA1-C356-11CE-BF01-00AA0055595A} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[Tencent Browser Helper]
{0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\Adplus\SSAddr.dll, Tencent>
[一搜工具条]
{115F6E46-FCBC-41ED-B3B5-3BDDD4AAB5E5} <C:\Program Files\yisou\yisou.dll, 3721>
[]
{141BE591-D8F3-4FC5-9AFE-404EFD719088} <C:\WINDOWS\system32\Fvtti.dll, N/A>
[MyIEHelper Class]
{16A770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\IEHelper\IEHelper_8888.dll, Microsoft Corporation>
[]
{19AACE88-33E2-4812-A096-36769082B0C7} <C:\WINDOWS\system32\Xmvdm.dll, N/A>
[assist]
{1B0E7716-898E-48CC-9690-4E338E8DE1D3} <C:\Program Files\3721\Assist\assist.dll, >
[RealPlayer SMIL Download Handler]
{224E833B-2CC6-42D9-AE39-90B6A38A4FA2} <C:\WINDOWS\System32\rmoc3260.dll, RealNetworks, Inc.>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[&Google]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\WINDOWS\system32\dllcache\dhtmled.ocx, Microsoft Corporation>
[Yahoo!Photo]
{33BBE430-0E42-4F12-B075-8D21ACB10DCB} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll, Yahoo! China>
[]
{3B8ECC8D-608E-4AEA-9662-FBC9D048A315} <C:\WINDOWS\system32\Cyklv.dll, N/A>
[雅虎助手]
{406F94F0-504F-4A40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, yahoo! china>
[HHCtrl Object]
{41B23C28-488E-4E5C-ACE2-BB0BBABE99E8} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[]
{423545F1-15C4-40D1-BDFA-928500B3BB03} <C:\WINDOWS\system32\Gbepah.dll, N/A>
[超级兔子上网精灵]
{43869BB3-22FD-4F15-9B46-238106BA2F4E} <F:\PROGRA~1\SUPERR~1\MAGICSET\haokanbar.dll, Xiang Feng Technology>
[WEBChatRoomOCX Control]
{448A5F6B-8C03-4B54-A338-F00237C508AD} <E:\UCWEBChatRoom\UCWEBChatRoom.ocx, 北京新浪信息技术有限公司>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <D:\DownLoads\qq\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Yahoo!Live]
{57421194-58FB-49AE-9B4F-FD48869B9AD4} <C:\Program Files\Yahoo!\Assistant\yalive.dll, yahoo! china>
[Router Layer]
{5EB7CB50-E375-4718-B4C0-9AD12EFA2F84} <C:\WINDOWS\System32\aclayer.dll, N/A>
[KvScan Control]
{626AEE7D-DC95-4405-8F9E-9FB1EA80AEDE} <C:\WINDOWS\KVSCAN~1\KvKill.ocx, jiangmin>
[DragSearch BHO]
{62EED7C6-9F02-42F9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, yahoo! china>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[]
{6668493D-22A5-474D-BAD2-7B09FCC7C4D2} <C:\WINDOWS\system32\Nozc.dll, N/A>
[]
{669751ED-D558-49AE-B01A-3B374CC7910E} <C:\WINDOWS\system32\ssup.dll, TENCENT>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[金山快译(&K)]
{6C3797D2-3FEF-4CD4-B654-D3AE55B4128C} <e:\Kingsoft\FastAIT\IEBand.dll, >
[超级兔子上网精灵]
{7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <F:\PROGRA~1\SUPERR~1\MAGICSET\haokanbar.dll, Xiang Feng Technology>
[MediaComm Class]
{7670648D-461B-42AF-BDFE-46D26AF5EFF2} <D:\WEB迅雷\MediaAddin08.dll, Thunder Networking Technologies,LTD>
[AutoLive]
{7CA83CF1-3AEA-42D0-A4E3-1594FC6E48B2} <C:\Program Files\3721\AutoLive.dll, >
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[LiveMediaOcx Control]
{9242BB35-0DB0-43AC-8DFC-8EA07E63B92A} <D:\新建文~1\QQLive.ocx, Tencent>
[RMGetLicense Class]
{A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[Google Toolbar Helper]
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[WebVGPlayer Class]
{AA899B43-24BD-4B6B-BBD0-45557D8D11E0} <C:\PROGRA~1\VIEWGOOD\WEBPLA~1\VGPlayer.dll, >
[YLauncher Class]
{AC036CB4-328D-4DB4-A707-4147B6C20266} <C:\WINDOWS\system\ephTool.dll, >
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[3721]
{B83FC273-3522-4CC6-92EC-75CC86678DA4} <C:\WINDOWS\Downloaded Program Files\CnsMin.dll, 北京三七二一科技有限公司>
[]
{BC73F0F8-B366-4171-BDCE-FFFCE464A734} <C:\WINDOWS\system32\Gwok.dll, N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[iChatX Object]
{C07405FD-84D1-4A25-94E8-68609EA8335B} <C:\WINDOWS\Downloaded Program Files\ichatx.dll, 深圳市东方博雅科技有限公司>
[]
{C10575ED-D597-44E6-B41B-4290F49EAA96} <C:\WINDOWS\system32\Demlw.dll, N/A>
[]
{C1361798-C1D9-4056-89B3-0AA736CEBCF9} <C:\WINDOWS\system32\Glois.dll, N/A>
[]
{C4A68AA1-0C94-4E0C-ABC7-B82DFDAAD377} <C:\WINDOWS\system32\Tsur.dll, N/A>
[]
{C509772C-74D1-47FE-918C-0DE5A16001C6} <C:\WINDOWS\system32\Qxjfr.dll, N/A>
[VIDEO__X_MS_ASF Moniker Class]
{CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\System32\rmoc3260.dll, RealNetworks, Inc.>
[IEDown Class]
{D0A29C6C-AA71-4423-8C4A-5998B774C448} <C:\WINDOWS\system32\GLIEDown2.dll, 联众公司>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[Infofo 工具栏]
{D74EC18E-3DDD-4174-B1B1-949FE3B8366D} <C:\Program Files\Infofo Bar\infofobar.dll, N/A>
[NMChatX Control]
{D7F0CC2E-FB09-4B38-B9A7-6807CBCD4859} <C:\WINDOWS\system32\NMChatX.ocx, Netmarble>
[]
{D86B2031-3841-4EB4-909C-1D7EF6B34B77} <C:\WINDOWS\system32\Abtg.dll, N/A>
[]
{D8805FC7-9472-4332-977B-08CC14507B09} <C:\WINDOWS\system32\Jjhx.dll, N/A>
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <D:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft>
[LocalLauncher Class]
{E22BFF56-39F3-11D8-A0C7-000C6E7BB5AB} <C:\WINDOWS\system\BrowserEph.dll, >
[Rising Web Scan Object]
{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\DOWNLO~1\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[]
{EE7A2E77-8EEB-44B3-AEF0-0C315B1ACB1B} <C:\WINDOWS\system32\Zxox.dll, N/A>
[DragSearch BHO]
{EF1D17A9-089F-40CC-8D64-7324CDEBA0DB} <C:\PROGRA~1\yisou\yisoub.dll, >
[]
{F11B9292-51D2-4FB7-A126-32718B830DC0} <C:\WINDOWS\system32\Rgaz.dll, N/A>
[Cytd Encipherment Memory]
{F381FC65-D92D-4410-B865-E4E9713994E8} <C:\WINDOWS\cytdcli.dll, N/A>

wutong10001 - 2006-11-5 20:34:00

[完美网译通]
{F43BD772-ABDD-43B7-A96A-3E9E61946EC0} <C:\WINDOWS\WORLD2\TOOLBAR\hmtoolbar.dll, N/A>
[assist]
{FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yassist.dll, Yahoo! China>
[!搜一搜(&S)]
<res://C:\Program Files\yisou\yisou.dll/232, N/A>
[&使用迅雷下载]
<D:\Program Files\geturl.htm, N/A>
[&使用迅雷下载全部链接]
<D:\Program Files\getAllurl.htm, N/A>
[Google 搜索(&G)]
<res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html, N/A>
[上传到QQ网络硬盘]
<D:\DownLoads\qq\AddToNetDisk.htm, N/A>
[使用Web迅雷下载]
<D:\WEB迅雷\GetUrl.htm, N/A>
[使用Web迅雷下载全部链接]
<D:\WEB迅雷\GetAllUrl.htm, N/A>
[使用网际快车下载]
<D:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
<D:\Program Files\FlashGet\jc_all.htm, N/A>
[添加到QQ自定义面板]
<D:\DownLoads\qq\AddPanel.htm, N/A>
[添加到QQ表情]
<D:\DownLoads\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<D:\DownLoads\qq\SendMMS.htm, N/A>

======================

wutong10001 - 2006-11-5 20:35:00

正在运行的进程
[PID: 432][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 480][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 504][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 548][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 560][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 712][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 760][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 832][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 952][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1032][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1064][c:\program files\rising\rfw\rfwsrv.exe] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 32]
[c:\program files\rising\rfw\RfwRule.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 13]
[c:\program files\rising\rfw\rfwlog.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 6]
[c:\program files\rising\rfw\Rfwdrv.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 21]
[c:\program files\rising\rfw\MonDrv.dll] [rs, 1, 0, 0, 4]
[c:\program files\rising\rfw\ProcLib.dll] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 9]
[PID: 1240][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\vprproc.dll] [Windows (R) 2000 DDK provider, 5.00.2195.1620]
[PID: 1540][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Internet Explorer\PLUGINS\system16.sys] [N/A, N/A]
[C:\WINDOWS\system32\Cnscheck100.dll] [N/A, N/A]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 1, 2]
[C:\PROGRA~1\Yahoo!\Assistant\yClickOn.dll] [YAHOO Corporation Limited, 3, 0, 0, 1001]
[C:\WINDOWS\system32\xydll.dll] [N/A, N/A]
[C:\WINDOWS\system32\ztdll.dll] [N/A, N/A]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] [Yahoo! China, 3, 0, 3, 1021]
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] [Yahoo! China, 3, 1, 6, 1022]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\ywiper.dll] [Yahoo! China, 3, 0, 1, 1001]
[F:\ske\contmenu.dll] [N/A, N/A]
[D:\VCvtShell.dll] [herosoft, 1, 0, 0, 1]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 21]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\PROGRA~1\Yahoo!\ASSIST~1\yalive.dll] [yahoo! china, 3, 3, 5, 1086]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll] [Yahoo! China, 3, 0, 1, 1010]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll] [Yahoo! China, 3, 0, 4, 1006]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL] [yahoo! china, 3, 0, 1, 1001]
[C:\PROGRA~1\yisou\yisoub.dll] [, 1, 1, 2, 4]
[C:\Program Files\3721\Assist\asbar.dll] [3721, 1, 0, 1, 1001]
[PID: 1680][c:\program files\rising\rfw\RfwMain.exe] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 52]
[c:\program files\rising\rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 23]
[c:\program files\rising\rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[c:\program files\rising\rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\Program Files\Internet Explorer\PLUGINS\system16.sys] [N/A, N/A]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 1, 2]
[C:\WINDOWS\system32\Cnscheck100.dll] [N/A, N/A]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] [Yahoo! China, 3, 0, 3, 1021]
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] [Yahoo! China, 3, 1, 6, 1022]
[C:\WINDOWS\system32\ztdll.dll] [N/A, N/A]
[C:\WINDOWS\system32\xydll.dll] [N/A, N/A]
[PID: 1692][C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe] [Yahoo! China, 3, 0, 2, 1003]
[C:\Program Files\Internet Explorer\PLUGINS\system16.sys] [N/A, N/A]
[C:\PROGRA~1\Yahoo!\Assistant\shell\yAssecblk.dll] [Yahoo! China, 3, 0, 5, 1007]
[C:\PROGRA~1\Yahoo!\Assistant\shell\yAsMenu.dll] [Yahoo! China, 3, 0, 0, 1001]
[C:\PROGRA~1\Yahoo!\Assistant\shell\yMenuInfo.dll] [Yahoo! China, 3, 0, 0, 1000]
[C:\PROGRA~1\Yahoo!\Assistant\shell\yIEAngel.dll] [Yahoo! China, 3, 0, 1, 1001]
[C:\WINDOWS\system32\Cnscheck100.dll] [N/A, N/A]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 1, 2]
[C:\WINDOWS\system32\ztdll.dll] [N/A, N/A]
[C:\WINDOWS\system32\xydll.dll] [N/A, N/A]
[PID: 1700][C:\WINDOWS\SOUNDMAN.EXE] [Realtek Semiconductor Corp., 5.1.05]
[C:\Program Files\Internet Explorer\PLUGINS\system16.sys] [N/A, N/A]
[C:\WINDOWS\system32\Cnscheck100.dll] [N/A, N/A]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 1, 2]
[C:\WINDOWS\system32\ztdll.dll] [N/A, N/A]
[C:\WINDOWS\system32\xydll.dll] [N/A, N/A]
[PID: 1708][C:\Program Files\Rising\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 22]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 1, 2]
[C:\Program Files\Internet Explorer\PLUGINS\system16.sys] [N/A, N/A]
[C:\WINDOWS\system32\Cnscheck100.dll] [N/A, N/A]
[C:\WINDOWS\system32\ztdll.dll] [N/A, N/A]
[C:\WINDOWS\system32\xydll.dll] [N/A, N/A]
[PID: 1748][C:\WINDOWS\system32\Rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 1, 2]
[C:\Program Files\Internet Explorer\PLUGINS\system16.sys] [N/A, N/A]
[C:\WINDOWS\system32\Cnscheck100.dll] [N/A, N/A]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] [Yahoo! China, 3, 0, 3, 1021]
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] [Yahoo! China, 3, 1, 6, 1022]
[C:\WINDOWS\system32\ztdll.dll] [N/A, N/A]
[C:\WINDOWS\system32\xydll.dll] [N/A, N/A]
[PID: 1768][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Internet Explorer\PLUGINS\system16.sys] [N/A, N/A]
[C:\WINDOWS\system32\Cnscheck100.dll] [N/A, N/A]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 1, 2]
[C:\WINDOWS\system32\ztdll.dll] [N/A, N/A]
[C:\WINDOWS\system32\xydll.dll] [N/A, N/A]
[PID: 896][C:\KAV5\KAVSVC.EXE] [kingsoft Antivirus, 2003, 5, 24, 13]
[C:\KAV5\SvcComm.DLL] [kingsoft Antivirus, 2003, 6, 3, 17]
[C:\KAV5\SvcWatch.DLL] [kingsoft Antivirus, 2003, 5, 24, 14]
[C:\KAV5\SvcTimer.DLL] [, 2003.6.1.15]
[C:\KAV5\KavComm.dll] [Kingsoft Corporation, 2003, 6, 1, 17]
[C:\KAV5\RpcBrge.DLL] [kingsoft, 2003, 5, 31, 10]
[PID: 924][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1172][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 172][C:\WINDOWS\system32\wscntfy.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 1, 2]
[C:\Program Files\Internet Explorer\PLUGINS\system16.sys] [N/A, N/A]
[C:\WINDOWS\system32\Cnscheck100.dll] [N/A, N/A]
[C:\WINDOWS\system32\ztdll.dll] [N/A, N/A]
[C:\WINDOWS\system32\xydll.dll] [N/A, N/A]
[PID: 2708][C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe] [Yahoo! China, 3, 1, 6, 1022]
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] [Yahoo! China, 3, 1, 6, 1022]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] [Yahoo! China, 3, 0, 3, 1021]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 1, 2]
[C:\Program Files\Internet Explorer\PLUGINS\system16.sys] [N/A, N/A]
[C:\PROGRA~1\Yahoo!\ASSIST~1\yalive.dll] [yahoo! china, 3, 3, 5, 1086]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll] [Yahoo! China, 3, 0, 1, 1010]
[C:\WINDOWS\system32\Cnscheck100.dll] [N/A, N/A]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Ynotifier.dll] [yahoo! china, 3, 0, 1, 1001]
[C:\WINDOWS\system32\ztdll.dll] [N/A, N/A]

wutong10001 - 2006-11-5 20:36:00

[C:\WINDOWS\system32\xydll.dll] [N/A, N/A]
[C:\Documents and Settings\a\桌面\h4x0r.com] [N/A, N/A]
[PID: 1792][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] [Yahoo! China, 3, 0, 3, 1021]
[C:\PROGRA~1\Yahoo!\ASSIST~1\yscrblock.dll] [Yahoo! China, 3, 0, 0, 1000]
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] [Yahoo! China, 3, 1, 6, 1022]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 1, 2]
[C:\WINDOWS\DOWNLO~1\CnsHint.dll] [3721, 1, 0, 0, 4]
[C:\Program Files\Internet Explorer\PLUGINS\system16.sys] [N/A, N/A]
[C:\WINDOWS\system32\Cnscheck100.dll] [N/A, N/A]
[C:\WINDOWS\system32\ztdll.dll] [N/A, N/A]
[C:\WINDOWS\system32\xydll.dll] [N/A, N/A]
[PID: 4024][C:\Program Files\Common Files\Microsoft Shared\MSINFO\Sysrem2.exe] [N/A, N/A]
[C:\WINDOWS\system32\ztdll.dll] [N/A, N/A]
[C:\WINDOWS\system32\Cnscheck100.dll] [N/A, N/A]
[C:\WINDOWS\system32\xydll.dll] [N/A, N/A]
[C:\Program Files\Internet Explorer\PLUGINS\system16.sys] [N/A, N/A]
[PID: 4036][C:\Program Files\Common Files\Microsoft Shared\MSINFO\Sysrem4.exe] [N/A, N/A]
[C:\WINDOWS\system32\xydll.dll] [N/A, N/A]
[C:\WINDOWS\system32\ztdll.dll] [N/A, N/A]
[C:\WINDOWS\system32\Cnscheck100.dll] [N/A, N/A]
[C:\Program Files\Internet Explorer\PLUGINS\system16.sys] [N/A, N/A]
[PID: 2632][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\235780M.BMP] [N/A, N/A]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] [Yahoo! China, 3, 0, 3, 1021]
[C:\PROGRA~1\Yahoo!\ASSIST~1\yscrblock.dll] [Yahoo! China, 3, 0, 0, 1000]
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] [Yahoo! China, 3, 1, 6, 1022]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 1, 2]
[C:\WINDOWS\DOWNLO~1\CnsHint.dll] [3721, 1, 0, 0, 4]
[C:\Program Files\Internet Explorer\PLUGINS\system16.sys] [N/A, N/A]
[C:\PROGRA~1\Yahoo!\ASSIST~1\yalive.dll] [yahoo! china, 3, 3, 5, 1086]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll] [Yahoo! China, 3, 0, 1, 1010]
[C:\WINDOWS\DOWNLO~1\cnsplus.dll] [3721, 1, 0, 0, 2]
[F:\PROGRA~1\SUPERR~1\MAGICSET\haokanbar.dll] [Xiang Feng Technology, 2, 2, 0, 1612]
[C:\Program Files\yisou\yisou.dll] [3721, 1, 1, 1, 0]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll] [yahoo! china, 3, 2, 1, 1072]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\ysearch.dll] [Yahoo! China, 3, 0, 5, 1005]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasnoad.dll] [yahoo! china, 3, 0, 2, 1004]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yzsNetProto.dll] [Yahoo! China, 3, 0, 1, 1002]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll] [Yahoo! China, 3, 0, 4, 1006]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrss.dll] [Yahoo! China, 3, 0, 2, 1003]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yaswiper.dll] [Yahoo! China, 3, 0, 2, 1002]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasiesec.dll] [Yahoo! China, 3, 0, 3, 1003]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YSETTI~1.DLL] [yahoo! china, 3, 0, 5, 1010]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\ymailp.dll] [Yahoo! China, 3, 0, 2, 1008]
[C:\WINDOWS\system32\Cnscheck100.dll] [N/A, N/A]
[C:\PROGRA~1\Yahoo!\Assistant\yClickOn.dll] [YAHOO Corporation Limited, 3, 0, 0, 1001]
[D:\DownLoads\qq\QQIEHelper.dll] [深圳市腾讯计算机系统有限公司, 1, 1, 0, 5]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL] [yahoo! china, 3, 0, 1, 1001]
[c:\program files\google\googletoolbar1.dll] [Google Inc., 3, 0, 125, 1]
[C:\PROGRA~1\yisou\yisoub.dll] [, 1, 1, 2, 4]
[C:\WINDOWS\system32\ztdll.dll] [N/A, N/A]
[C:\WINDOWS\system32\xydll.dll] [N/A, N/A]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx] [Macromedia, Inc., 8,0,22,0]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrepair.dll] [Yahoo! China, 3, 0, 7, 1010]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasfsks.dll] [3721.com, 2, 1, 1, 87]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yoptimum.dll] [Yahoo! China, 3, 0, 1, 1004]
[c:\progra~1\yahoo!\assist~1\assist\yadfil~1.dll] [Yahoo! China, 3, 0, 1, 1002]
[C:\PROGRA~1\yahoo!\assistant\Shell\yAssecblk.dll] [Yahoo! China, 3, 0, 5, 1007]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yxpstyle.dll] [Yahoo! China, 3, 0, 0, 1000]
[C:\WINDOWS\system32\xunleibho_v6.dll] [, 4, 4, 0, 31]
[PID: 1876][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\235780M.BMP] [N/A, N/A]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] [Yahoo! China, 3, 0, 3, 1021]
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] [Yahoo! China, 3, 1, 6, 1022]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 1, 2]
[C:\Program Files\Internet Explorer\PLUGINS\system16.sys] [N/A, N/A]
[C:\WINDOWS\system32\Cnscheck100.dll] [N/A, N/A]
[C:\WINDOWS\system32\ztdll.dll] [N/A, N/A]
[C:\WINDOWS\system32\xydll.dll] [N/A, N/A]
[PID: 828][D:\OurFriend\ourfriend.exe] [, 1, 0, 0, 1]
[C:\WINDOWS\235780M.BMP] [N/A, N/A]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] [Yahoo! China, 3, 0, 3, 1021]
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] [Yahoo! China, 3, 1, 6, 1022]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 1, 2]
[C:\Program Files\Internet Explorer\PLUGINS\system16.sys] [N/A, N/A]
[D:\OurFriend\ODCtrlRes.dll] [, 1, 0, 0, 1]
[D:\OurFriend\ourfriend_res.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\system32\GLPNG.dll] [globallink(ourgame) , 1, 0, 0, 2]
[C:\WINDOWS\system32\GLCOMPRESS.dll] [globallink, 1, 0, 0, 2]
[D:\roomicon.dll] [Beijing GlobalLink Computer Corp., 2, 5, 0, 6]
[D:\RIconEx.dll] [Beijing GlobalLink Computer Corp., 2, 2, 1, 40]
[D:\people.dll] [Beijing GlobalLink Computer Corp., 2, 2, 0, 3]
[D:\Image\Room\Table0.dll] [Beijing GlobalLink Computer Corp., 2, 2, 0, 1]
[D:\Image\Room\Table1.dll] [Beijing GlobalLink Computer Corp., 2, 1, 2, 255]
[D:\Image\Room\Table2.dll] [Beijing GlobalLink Computer Corp., 2, 2, 0, 1]
[D:\Image\Room\peopleEx0.dll] [Beijing GlobalLink Computer Corp., 2, 2, 0, 1]
[D:\Image\Room\peopleEx1.dll] [Beijing GlobalLink Computer Corp., 2, 2, 0, 1]
[D:\Image\Room\Player0_0.dll] [Beijing GlobalLink Computer Corp., 2, 0, 0, 255]
[D:\Image\Room\Player0_1.dll] [Beijing GlobalLink Computer Corp., 2, 0, 0, 255]
[D:\Image\Room\Player1_0.dll] [Beijing GlobalLink Computer Corp., 2, 0, 1, 255]
[D:\Image\Room\Player1_1.dll] [Beijing GlobalLink Computer Corp., 2, 0, 1, 255]
[D:\Image\Room\Player2_0.dll] [Beijing GlobalLink Computer Corp., 2, 0, 1, 255]
[D:\Image\Room\Player2_1.dll] [Beijing GlobalLink Computer Corp., 2, 0, 1, 255]
[D:\GLAvatar.ocx] [, 2, 2, 0, 32]
[D:\GLChatEx.ocx] [GlobalLink, 2, 5, 1, 29]
[D:\glchatex.dll] [GlobalLink, 2, 5, 1, 29]
[D:\odctrls\ourfriend_skn.dll] [, 1, 0, 5, 4]
[C:\WINDOWS\system32\codecvt.dll] [N/A, N/A]
[C:\WINDOWS\system32\GLGIFTGA.dll] [globallink(ourgame) , 1, 0, 0, 2]
[C:\WINDOWS\system32\Cnscheck100.dll] [N/A, N/A]
[C:\WINDOWS\system32\ztdll.dll] [N/A, N/A]
[C:\WINDOWS\system32\xydll.dll] [N/A, N/A]

wutong10001 - 2006-11-5 20:37:00

PID: 2940][D:\WEB迅雷\WebThunder.exe] [深圳市迅雷网络技术有限公司, 1, 3, 0, 65]
[D:\WEB迅雷\taskmanage.dll] [Thunder Networking Technologies,LTD, 1, 4, 1, 66]
[D:\WEB迅雷\download_interface.dll] [Thunder Networking Technologies,LTD, 2, 0, 0, 3]
[D:\WEB迅雷\asyn_dns.dll] [N/A, N/A]
[D:\WEB迅雷\RegisterDll.dll] [Thunder Networking Technologies,LTD, 2, 2, 1, 34]
[C:\WINDOWS\235780M.BMP] [N/A, N/A]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] [Yahoo! China, 3, 0, 3, 1021]
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] [Yahoo! China, 3, 1, 6, 1022]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 1, 2]
[C:\Program Files\Internet Explorer\PLUGINS\system16.sys] [N/A, N/A]
[D:\WEB迅雷\historyinfo_manage.dll] [Thunder Networking Technologies,LTD, 5, 3, 0, 228]
[D:\WEB迅雷\UpdateDownload.dll] [Thunder Networking Technologies,LTD, 1, 0, 1, 8]
[D:\WEB迅雷\UpdateExec.dll] [Thunder Networking Technologies,LTD, 1, 0, 1, 5]
[D:\WEB迅雷\iEmbedShell.dll] [　, 1, 0, 0, 12]
[D:\WEB迅雷\iEmbed05.dll] [　, 2, 3, 1, 41]
[C:\WINDOWS\system32\Cnscheck100.dll] [N/A, N/A]
[C:\WINDOWS\system32\ztdll.dll] [N/A, N/A]
[C:\WINDOWS\system32\xydll.dll] [N/A, N/A]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx] [Macromedia, Inc., 8,0,22,0]
[PID: 2572][D:\Program Files\Thunder.exe] [深圳市迅雷网络技术有限公司, 4, 7, 3, 53]
[D:\Program Files\log4cplus.dll] [N/A, N/A]
[D:\Program Files\ICF.dll] [N/A, N/A]
[D:\Program Files\WebBrowserEx.dll] [N/A, N/A]
[D:\Program Files\boost_thread-vc6-mt-1_31.dll] [N/A, N/A]
[C:\WINDOWS\235780M.BMP] [N/A, N/A]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] [Yahoo! China, 3, 0, 3, 1021]
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] [Yahoo! China, 3, 1, 6, 1022]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 1, 2]
[C:\Program Files\Internet Explorer\PLUGINS\system16.sys] [N/A, N/A]
[C:\WINDOWS\system32\Cnscheck100.dll] [N/A, N/A]
[C:\WINDOWS\system32\ztdll.dll] [N/A, N/A]
[C:\WINDOWS\system32\xydll.dll] [N/A, N/A]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx] [Macromedia, Inc., 8,0,22,0]
[C:\PROGRA~1\Yahoo!\Assistant\yClickOn.dll] [YAHOO Corporation Limited, 3, 0, 0, 1001]
[PID: 3892][D:\Program Files\TDUpdate.exe] [N/A, N/A]
[C:\WINDOWS\235780M.BMP] [N/A, N/A]
[PID: 2524][F:\sreng2\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605]
[C:\WINDOWS\235780M.BMP] [N/A, N/A]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] [Yahoo! China, 3, 0, 3, 1021]
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] [Yahoo! China, 3, 1, 6, 1022]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 1, 2]
[C:\Program Files\Internet Explorer\PLUGINS\system16.sys] [N/A, N/A]
[C:\WINDOWS\system32\Cnscheck100.dll] [N/A, N/A]
[C:\WINDOWS\system32\ztdll.dll] [N/A, N/A]
[C:\WINDOWS\system32\xydll.dll] [N/A, N/A]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS Error. [超级解霸2001XP]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================

wutong10001 - 2006-11-5 20:55:00

高手能说的详细点吗?我是菜鸟啊!

wutong10001 - 2006-11-5 22:39:00

哎!!!!!!!!!!!!!!怎么回事,按照你的方法做了还是不行啊!!!!!!!!!!!救我吧

影子110 - 2006-11-6 8:08:00

[9 / 9]
<\SystemRoot\system32\drivers\boot00.sys><N/A>
[99 / 99]
<\SystemRoot\system32\drivers\boot00.sys><N/A>

上面这两个驱动,有点不像好人~(建议更改下它们的启动类型,重启后删除这两个驱动~)

清理下面的这些插件,并删除相关文件(你的浏览器已经变成牛氓窝了~~)
[]
{EE7A2E77-8EEB-44B3-AEF0-0C315B1ACB1B} <C:\WINDOWS\system32\Zxox.dll, N/A>
[]
{F11B9292-51D2-4FB7-A126-32718B830DC0} <C:\WINDOWS\system32\Rgaz.dll, N/A>
[Cytd Encipherment Memory]
{F381FC65-D92D-4410-B865-E4E9713994E8} <C:\WINDOWS\cytdcli.dll, N/A>

[]
{D86B2031-3841-4EB4-909C-1D7EF6B34B77} <C:\WINDOWS\system32\Abtg.dll, N/A>
[]
{D8805FC7-9472-4332-977B-08CC14507B09} <C:\WINDOWS\system32\Jjhx.dll, N/A>
[]
{C10575ED-D597-44E6-B41B-4290F49EAA96} <C:\WINDOWS\system32\Demlw.dll, N/A>
[]
{C1361798-C1D9-4056-89B3-0AA736CEBCF9} <C:\WINDOWS\system32\Glois.dll, N/A>
[]
{C4A68AA1-0C94-4E0C-ABC7-B82DFDAAD377} <C:\WINDOWS\system32\Tsur.dll, N/A>
[]
{C509772C-74D1-47FE-918C-0DE5A16001C6} <C:\WINDOWS\system32\Qxjfr.dll, N/A>
[]
{BC73F0F8-B366-4171-BDCE-FFFCE464A734} <C:\WINDOWS\system32\Gwok.dll, N/A>
[]
{6668493D-22A5-474D-BAD2-7B09FCC7C4D2} <C:\WINDOWS\system32\Nozc.dll, N/A>
[]
{3B8ECC8D-608E-4AEA-9662-FBC9D048A315} <C:\WINDOWS\system32\Cyklv.dll, N/A>
[]
{423545F1-15C4-40D1-BDFA-928500B3BB03} <C:\WINDOWS\system32\Gbepah.dll, N/A>
[Router Layer]
{5EB7CB50-E375-4718-B4C0-9AD12EFA2F84} <C:\WINDOWS\System32\aclayer.dll, N/A>
[]
{141BE591-D8F3-4FC5-9AFE-404EFD719088} <C:\WINDOWS\system32\Fvtti.dll, N/A>
[MyIEHelper Class]

{16A770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\IEHelper\IEHelper_8888.dll, Microsoft Corporation>(注意,这个IEHelper_8888.dll可能需要单独处理下,参考下面这个链接:(类型差不多,!)
http://forum.ikaka.com/topic.asp?board=28&artid=8174324

[]
{19AACE88-33E2-4812-A096-36769082B0C7} <C:\WINDOWS\system32\Xmvdm.dll, N/A>
[Router Layer]
{5EB7CB50-E375-4718-B4C0-9AD12EFA2F84} <C:\WINDOWS\System32\aclayer.dll, N/A>

另,查找下面文件(连同上帖中的文件,)并删除
[C:\WINDOWS\system32\xydll.dll] [N/A, N/A]
[C:\WINDOWS\system32\ztdll.dll] [N/A, N/A]
[C:\WINDOWS\235780M.BMP] [N/A, N/A]

以上操作最好在安全模式下操作!!!!!!

再一个,建议楼主卸载3721,一搜等(NM)软件

瑞星卡卡安全论坛