瑞星卡卡安全论坛

这是什么病毒?还有麻烦给我个扫日志的下载连接..我去扫个日志请大家帮忙分析下..谢了~

[用户系统信息]Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322)

http://download.kztechs.com/files/sreng2.zip
1 解压缩sreng2.zip
2 运行SREngPS.EXE
3 智能扫描=》扫描=》保存报告
4 把报告保存后以附件的形式发上来，注意把报告文件的扩展名改成“.txt”

附件发送不上来...说格式错误


[CODE]

2008-03-02,10:50:53

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <wsctf.exe><wsctf.exe>  [N/A]
    <BpAgent><E:\书生软件\Bizpartner\Agent.exe>  [Tastysoft Corp.]
    <MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background>  [(Verified)Microsoft Windows Publisher]
    <EXPLORER.EXE><EXPLORER.EXE>  [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <helper.dll><C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32>  [(Verified)"INTER CHINA NETWORK SOFTWARE (BEIJING) CO., LTD"]
    <fenglei><; F:\播放器\fengleiLive.exe>  [风雷影音工作室]
    <YLive.exe><; C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe>  [(Verified)"Beijing Yahoo! Information and Technology Co., Ltd."]
    <CnsMin><Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32>  [(Verified)"INTER CHINA NETWORK SOFTWARE (BEIJING) CO., LTD"]
    <HDCSP RegCertTool><C:\Program Files\95599 Certificate Tools\CIDC\RegCertTool.exe>  [CIDC]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <EK_Entry><C:\WINDOWS\system32\RUNDLL32.EXE C:\DOCUME~1\张建议\LOCALS~1\Temp\ek45.tmp,Rundll32 6>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><userinit.exe,EXPLORER.EXE>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{D157330A-9EF3-49F8-9A67-4141AC41ADD4}><C:\WINDOWS\downlo~1\CnsHook.dll>  [国风因特软件（北京）有限公司]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    <WinlogonNotify: WgaLogon><WgaLogon.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
    <IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [Microsoft Corporation]

==================================
启动文件夹
[Microsoft Office]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk --> C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [Microsoft Corporation]><N>

==================================
服务
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
  <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart][Stopped/Auto Start]
  <C:\WINDOWS\system32\ati2sgag.exe><>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>

==================================
驱动程序
[Service for Avance AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Avance Logic, Inc.>
[ati2mtag / ati2mtag][Running/Manual Start]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[BdGuard / BdGuard][Running/Boot Start]
  <\SystemRoot\system32\drivers\BDGuard.SYS><>
[CnsMinKP / CnsMinKP][Running/Boot Start]
  <\SystemRoot\system32\drivers\CnsMinKP.sys><国风因特软件（北京）有限公司>
[EagleNT / EagleNT][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\EagleNT.sys><N/A>
[gyccystr / gyccystr][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\gyccystr.sys><Yahoo! China Corporation>
[ldripbna / ldripbna][Running/Boot Start]
  <\SystemRoot\\SystemRoot\System32\drivers\ldripbna.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SiS PCI Fast Ethernet Adapter Driver / SISNIC][Running/Manual Start]
  <system32\DRIVERS\sisnic.sys><SiS Corporation>
[TesSafe / TesSafe][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\TesSafe.sys><TENCENT>
[WINIO / WINIO][Stopped/Manual Start]
  <\??\E:\封印\新建文件夹\简单游\hknms.sys><N/A>
[yaskp / yaskp][Running/Boot Start]
  <\SystemRoot\system32\drivers\yaskp.sys><Copyright (C) yahoo Corporation.>
[R2A / R2A][Stopped/Disabled]
  <\??\C:\WINDOWS\system32a2.sys><N/A>

==================================
浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <E:\迅雷5\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Yahoo!Photo]
  {33BBE430-0E42-4f12-B075-8D21ACB10DCB} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll, Yahoo! China>
[AntiFish Class]
  {38928D50-8A48-44C2-945F-D2F23F771410} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll, yahoo! china>
[DragSearch BHO]
  {62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, yahoo! china>
[BandIE Class]
  {77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <E:\迅雷5\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[CnsHook Class]
  {D157330A-9EF3-49F8-9A67-4141AC41ADD4} <C:\WINDOWS\downlo~1\CnsHook.dll, 国风因特软件（北京）有限公司>
[yFlashDl Class]
  {F166BC04-3C84-44cc-A6E9-2315EC4844B9} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yflashdl.dll, Yahoo! China>
[assist]
  {FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yassist.dll, Yahoo! China>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <E:\迅雷5\Thunder.exe, Thunder Networking Technologies,LTD>
[Yahoo 3.5G电邮]
  {507F9113-CD77-4866-BA92-0E86DA3D0B97} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail, N/A>
[名品折扣]
  {59BC54A2-56B3-44a0-93E5-432D58746E26} <http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=http://www.taobao.com/vertical/mall/pro.php?allyesPara=816, N/A>
[雅虎助手]
  {5D73EE86-05F1-49ed-B850-E423120EC338} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist, N/A>
[雅虎WIDGET]
  {6354ABE6-05F1-49ed-B850-E423120EC338} <http://cn.widget.yahoo.com/index.htm?source=Cns, N/A>
[]
  {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A>
[情景聊天]
  {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg, N/A>
[]
  {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair, N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[]
  {FD00D911-7529-4084-9946-A29F1BDF4FE5} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean, N/A>
[百度超级搜霸]
  {B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[雅虎助手]
  {406F94F0-504F-4A40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, yahoo! china>
[CCtInf Class]
  {6DBB2904-082D-4DB0-944A-21C22BA121F4} <C:\WINDOWS\system32\BANKCE~1.DLL, >
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <E:\迅雷5\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[PeerDraw Class]
  {10072CEC-8CC1-11D1-986E-00A0C955B42E} <%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll, N/A>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[XML DOM Document]
  {2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\system32\msxml3.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[Yahoo!Photo]
  {33BBE430-0E42-4F12-B075-8D21ACB10DCB} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll, Yahoo! China>
[AntiFish Class]
  {38928D50-8A48-44C2-945F-D2F23F771410} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll, yahoo! china>
[雅虎助手]
  {406F94F0-504F-4A40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, yahoo! china>
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, N/A>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <E:\迅雷5\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[Yahoo!Live]
  {57421194-58FB-49AE-9B4F-FD48869B9AD4} <C:\PROGRA~1\Yahoo!\ASSIST~1\yalive.dll, yahoo! china>
[InfoSecNetSign Class]
  {62B938C4-4190-4F37-8CF0-A92B0A91CC77} <C:\WINDOWS\system32\NetSign.dll, Infosec Technologies Co., Ltd.>
[DragSearch BHO]
  {62EED7C6-9F02-42F9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, yahoo! china>
[XMP Class]
  {6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
[QQMusicCreator Class]
  {6927992D-6A89-4549-8A32-95901BF5D920} <, N/A>
[XDRM]
  {693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[CCtInf Class]
  {6DBB2904-082D-4DB0-944A-21C22BA121F4} <C:\WINDOWS\system32\BANKCE~1.DLL, >
[Active Desktop Mover]
  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[MediaComm Class]
  {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <E:\迅雷5\Components\InMedia\MediaAddin14.dll, Thunder Networking Technologies,LTD>
[BandIE Class]
  {77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[AutoLive]
  {7CA83CF1-3AEA-42D0-A4E3-1594FC6E48B2} <C:\PROGRA~1\3721\autolive.dll, 国风因特软件（北京）有限公司>
[Microsoft Web Browser]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <E:\迅雷5\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[Tool Class]
  {A7F05EE4-0426-454F-8013-C41E3596E9E9} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[RMGetLicense Class]
  {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>

[百度超级搜霸]
  {B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[3721]
  {B83FC273-3522-4CC6-92EC-75CC86678DA4} <C:\WINDOWS\downlo~1\CnsMin.dll, 国风因特软件（北京）有限公司>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Tencent Safety Online Base Module]
  {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <C:\WINDOWS\system32\TSOBase\TSOBase.ocx, Tencent Corporation>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
  {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[CnsHook Class]
  {D157330A-9EF3-49F8-9A67-4141AC41ADD4} <C:\WINDOWS\downlo~1\CnsHook.dll, 国风因特软件（北京）有限公司>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>
[PasswordEditCtrl Class]
  {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
[XML HTTP Request]
  {ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\system32\msxml3.dll, N/A>
[Thunder DapPlayer]
  {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <E:\迅雷5\Components\DownAndPlay\DapPlayer3.0.36.60.dll, ShenZhen Thunder Networking Technologies Ltd.>
[yFlashDl Class]
  {F166BC04-3C84-44CC-A6E9-2315EC4844B9} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yflashdl.dll, Yahoo! China>
[XPPlayer Class]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\pplayer.dll_1_work, Thunder>
[XML DOM Document 3.0]
  {F5078F32-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, N/A>
[Free Threaded XML DOM Document 3.0]
  {F5078F33-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, N/A>
[XML HTTP 3.0]
  {F5078F35-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, N/A>
[XSL Template 3.0]
  {F5078F36-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, N/A>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A>
[assist]
  {FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yassist.dll, Yahoo! China>
[使用迅雷下载]
  <E:\迅雷5\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <E:\迅雷5\Program\getallurl.htm, N/A>
[添加到QQ表情]
  <E:\q\AddEmotion.htm, N/A>
[添加到雅虎订阅(&Y)]
  <res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrss.dll/YRSSMENUEXT, N/A>
[雅虎搜索]
  <res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/203, N/A>

==================================
正在运行的进程
[PID: 428 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 492 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 520 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4124]
[PID: 564 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 576 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 724 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4124]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2499]
[PID: 736 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 796 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 860 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 916 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1068 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1268 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1316 / LOCAL SERVICE][C:\WINDOWS\System32\SCardSvr.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1868 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 112 / 张建议][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4124]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2499]
    [C:\WINDOWS\downlo~1\CnsMin.dll]  [国风因特软件（北京）有限公司, 2.5.1.5]
[PID: 748 / 张建议][C:\WINDOWS\system32\EXPLORER.EXE]  [Microsoft Corporation, 6.2900.2180]
    [C:\WINDOWS\system32\MSVBVM60.DLL]  [Microsoft Corporation, 6.00.9782]
    [C:\WINDOWS\system32\vb6chs.dll]  [Microsoft Corporation, 6.00.8988]
    [C:\WINDOWS\downlo~1\CnsMin.dll]  [国风因特软件（北京）有限公司, 2.5.1.5]
[PID: 888 / 张建议][C:\WINDOWS\system32\WgaTray.exe]  [Microsoft Corporation, 1.7.0018.7]
    [C:\PROGRA~1\3721\helper.dll]  [国风因特软件（北京）有限公司, 2.5.5.1008]
    [C:\WINDOWS\downlo~1\CnsMin.dll]  [国风因特软件（北京）有限公司, 2.5.1.5]
[PID: 1060 / 张建议][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
    [C:\WINDOWS\downlo~1\CnsMin.dll]  [国风因特软件（北京）有限公司, 2.5.1.5]
    [C:\PROGRA~1\3721\helper.dll]  [国风因特软件（北京）有限公司, 2.5.5.1008]
    [C:\PROGRA~1\3721\alrex.dll]  [国风因特软件（北京）有限公司, 2.5.1.1003]
    [C:\PROGRA~1\3721\autolive.dll]  [国风因特软件（北京）有限公司, 2.5.7.1012]
    [C:\PROGRA~1\3721\alLiveEx.dll]  [ , 1, 0, 3, 1006]
    [C:\PROGRA~1\baidu\bar\baidubar.dll]  [Baidu.com, Inc., 2, 0, 2, 158]
    [E:\迅雷5\Components\ResWorker\DsBho_00.dll]  [, 1, 0, 0, 12]
    [E:\迅雷5\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 13]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [E:\winrar\rarext.dll]  [N/A, ]
    [F:\反间谍\ske\CONTMENU.DLL]  [N/A, ]
    [C:\WINDOWS\downlo~1\CnsHook.dll]  [国风因特软件（北京）有限公司, 2.5.1.7]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 1, 5, 1033]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\yalive.dll]  [yahoo! china, 3, 8, 0, 1140]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]  [Yahoo! China, 3, 0, 3, 1012]
    [E:\迅雷5\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.16]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll]  [Yahoo! China, 3, 1, 2, 1013]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL]  [yahoo! china, 3, 1, 1, 1013]
    [E:\迅雷5\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 44]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yassist.dll]  [Yahoo! China, 3, 2, 3, 1029]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\ywiper.dll]  [Yahoo! China, 3, 0, 5, 1009]
[PID: 1936 / 张建议][C:\WINDOWS\system32\Rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\downlo~1\CnsMin.dll]  [国风因特软件（北京）有限公司, 2.5.1.5]
    [C:\WINDOWS\downlo~1\CnsMinIO.dll]  [国风因特软件（北京）有限公司, 2.5.0.6]
    [C:\WINDOWS\downlo~1\cnsio.dll]  [国风因特软件（北京）有限公司, 2.5.0.4]
    [C:\WINDOWS\downlo~1\CnsMinEx.dll]  [国风因特软件（北京）有限公司, 2.5.0.4]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 1, 5, 1033]
    [C:\PROGRA~1\3721\helper.dll]  [国风因特软件（北京）有限公司, 2.5.5.1008]
[PID: 1544 / 张建议][C:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRA~1\3721\helper.dll]  [国风因特软件（北京）有限公司, 2.5.5.1008]
    [C:\WINDOWS\downlo~1\CnsMin.dll]  [国风因特软件（北京）有限公司, 2.5.1.5]
    [C:\PROGRA~1\3721\autolive.dll]  [国风因特软件（北京）有限公司, 2.5.7.1012]
    [C:\PROGRA~1\3721\alLiveEx.dll]  [ , 1, 0, 3, 1006]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 1, 5, 1033]
[PID: 1572 / 张建议][C:\Program Files\95599 Certificate Tools\CIDC\RegCertTool.exe]  [CIDC, 1, 0, 0, 10]
    [C:\WINDOWS\downlo~1\CnsMin.dll]  [国风因特软件（北京）有限公司, 2.5.1.5]
    [C:\PROGRA~1\3721\helper.dll]  [国风因特软件（北京）有限公司, 2.5.5.1008]
[PID: 708 / 张建议][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\downlo~1\CnsMin.dll]  [国风因特软件（北京）有限公司, 2.5.1.5]
    [C:\PROGRA~1\3721\helper.dll]  [国风因特软件（北京）有限公司, 2.5.5.1008]
[PID: 2600 / 张建议][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
    [C:\WINDOWS\downlo~1\CnsMin.dll]  [国风因特软件（北京）有限公司, 2.5.1.5]
    [C:\WINDOWS\downlo~1\CnsHint.dll]  [国风因特软件（北京）有限公司, 2.5.0.4]
    [C:\PROGRA~1\3721\helper.dll]  [国风因特软件（北京）有限公司, 2.5.5.1008]
    [C:\PROGRA~1\3721\alrex.dll]  [国风因特软件（北京）有限公司, 2.5.1.1003]
    [C:\PROGRA~1\3721\autolive.dll]  [国风因特软件（北京）有限公司, 2.5.7.1012]
    [C:\PROGRA~1\3721\alLiveEx.dll]  [ , 1, 0, 3, 1006]
    [C:\WINDOWS\downlo~1\cnsplus.dll]  [国风因特软件（北京）有限公司, 2.5.0.3]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll]  [yahoo! china, 3, 5, 1, 1128]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\ysearch.dll]  [Yahoo! China, 3, 3, 0, 1035]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasnoad.dll]  [yahoo! china, 3, 0, 7, 1009]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yzsNetProto.dll]  [Yahoo! China, 3, 0, 5, 1006]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll]  [Yahoo! China, 3, 1, 2, 1013]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrss.dll]  [Yahoo! China, 3, 1, 0, 1011]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yaswiper.dll]  [Yahoo! China, 3, 1, 2, 1012]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasiesec.dll]  [Yahoo! China, 3, 1, 3, 1015]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YSETTI~1.DLL]  [yahoo! china, 3, 3, 0, 1044]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\ymailp.dll]  [Yahoo! China, 3, 0, 7, 1013]
    [C:\WINDOWS\downlo~1\CnsHook.dll]  [国风因特软件（北京）有限公司, 2.5.1.7]

[E:\迅雷5\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.16]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll]  [yahoo! china, 3, 0, 9, 1011]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL]  [yahoo! china, 3, 1, 1, 1013]
    [C:\PROGRA~1\baidu\bar\baidubar.dll]  [Baidu.com, Inc., 2, 0, 2, 158]
    [E:\迅雷5\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 44]
    [E:\迅雷5\Components\ResWorker\DsBho_00.dll]  [, 1, 0, 0, 12]
    [E:\迅雷5\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 13]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yflashdl.dll]  [Yahoo! China, 3, 1, 1, 1025]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yassist.dll]  [Yahoo! China, 3, 2, 3, 1029]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 1, 5, 1033]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\yscrblock.dll]  [Yahoo! China, 3, 0, 3, 1004]
    [C:\WINDOWS\downlo~1\CnsMinIO.dll]  [国风因特软件（北京）有限公司, 2.5.0.6]
    [C:\WINDOWS\downlo~1\cnsio.dll]  [国风因特软件（北京）有限公司, 2.5.0.4]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx]  [Adobe Systems, Inc., 9,0,115,0]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\yalive.dll]  [yahoo! china, 3, 8, 0, 1140]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]  [Yahoo! China, 3, 0, 3, 1012]
    [c:\progra~1\yahoo!\assist~1\assist\yadfil~1.dll]  [Yahoo! China, 3, 0, 2, 1003]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrepair.dll]  [Yahoo! China, 3, 1, 7, 1022]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasfsks.dll]  [Yahoo! China, 2, 1, 3, 89]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yoptimum.dll]  [Yahoo! China, 3, 0, 5, 1009]
    [C:\PROGRA~1\yahoo!\assistant\Shell\yAssecblk.dll]  [Yahoo! China, 3, 2, 1, 1029]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yxpstyle.dll]  [Yahoo! China, 3, 0, 1, 1001]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [E:\迅雷5\ComDlls\ThunderAgent_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 4, 23]
[PID: 2680 / 张建议][C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe]  [Yahoo! China, 3, 2, 6, 1032]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 1, 5, 1033]
    [C:\WINDOWS\downlo~1\CnsMin.dll]  [国风因特软件（北京）有限公司, 2.5.1.5]
    [C:\PROGRA~1\3721\helper.dll]  [国风因特软件（北京）有限公司, 2.5.5.1008]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\yalive.dll]  [yahoo! china, 3, 8, 0, 1140]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]  [Yahoo! China, 3, 0, 3, 1012]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Ynotifier.dll]  [yahoo! china, 3, 0, 5, 1006]
[PID: 3280 / 张建议][E:\日志\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\WINDOWS\downlo~1\CnsMin.dll]  [国风因特软件（北京）有限公司, 2.5.1.5]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 1, 5, 1033]
    [C:\PROGRA~1\3721\helper.dll]  [国风因特软件（北京）有限公司, 2.5.5.1008]
    [E:\日志\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. [C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
进程特权扫描
特殊特权被允许： SeDebugPrivilege [PID = 748, C:\WINDOWS\SYSTEM32\EXPLORER.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 1572, C:\PROGRAM FILES\95599 CERTIFICATE TOOLS\CIDC\REGCERTTOOL.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1572, C:\PROGRAM FILES\95599 CERTIFICATE TOOLS\CIDC\REGCERTTOOL.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================

[/CODE]

直接将日志内容彻底复制到一个空记事本里，然后再保存，就可以以附件的形式发来了。

用XDelBox删除以下文件：
C:\WINDOWS\system32\EXPLORER.EXE
C:\WINDOWS\system32\wsctf.exe
C:\DOCUME~1\张建议\LOCALS~1\Temp\ek45.tmp
C:\WINDOWS\System32\drivers\ldripbna.sys
C:\WINDOWS\System32\DRIVERS\gyccystr.sys
C:\WINDOWS\system32\drivers\yaskp.sys
C:\WINDOWS\system32a2.sys

重启后用sreng删除启动项：
<wsctf.exe><wsctf.exe> [N/A]
<EK_Entry><C:\WINDOWS\system32\RUNDLL32.EXE C:\DOCUME~1\张建议\LOCALS~1\Temp\ek45.tmp,Rundll32 6> []

删除驱动：
[ldripbna / ldripbna][Running/Boot Start]
<\SystemRoot\\SystemRoot\System32\drivers\ldripbna.sys><N/A>
[gyccystr / gyccystr][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\gyccystr.sys><Yahoo! China Corporation>
[yaskp / yaskp][Running/Boot Start]
<\SystemRoot\system32\drivers\yaskp.sys><Copyright (C) yahoo Corporation.>
[R2A / R2A][Stopped/Disabled]
<\??\C:\WINDOWS\system32a2.sys><N/A>

C:\WINDOWS\system32\EXPLORER.EXE这个不能删除,提示磁盘未写保护
C:\WINDOWS\system32\wsctf.exe这个C盘里没有这个文件

删除驱动：
[ldripbna / ldripbna][Running/Boot Start]
<\SystemRoot\\SystemRoot\System32\drivers\ldripbna.sys><N/A>
[gyccystr / gyccystr][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\gyccystr.sys><Yahoo! China Corporation>
[yaskp / yaskp][Running/Boot Start]
<\SystemRoot\system32\drivers\yaskp.sys><Copyright (C) yahoo Corporation.>
[R2A / R2A][Stopped/Disabled]
<\??\C:\WINDOWS\system32a2.sys><N/A>
这驱动怎么删除?

文件无法删除的问题，参考流星版主的帖子：
http://forum.ikaka.com/topic.asp?board=40&artid=8391084

删除驱动的方法：
1 打开sreng，选择【启动选项】-【服务】-【驱动程序】；
2 在弹出的驱动列表中找到并选中你要删除的那一项，选【删除】；
3 点【设置】；
4 在弹出的警告中点【否】；
5 重启电脑


附件: 6701582008111140200.jpg

用XDelBox的重启删除，怎么会有你说的提示？

C:\WINDOWS\system32\EXPLORER.EXE这个不能删除,提示磁盘未写保护
C:\WINDOWS\system32\wsctf.exe这个C盘里没有这个文件

你这样操作：

用Xdelbox这个工具去删除这些文件。
Xdelbox下载：http://www.dodudou.com/down/里面的原创软件文件夹下载那个1.6版本的。
下载后
解压所有文件到一个文件夹,（一定要解压出来运行，不要懒）运行xdelbox前请卸载所有可移动存储设备。
将要删的文件信息全部复制，然后打开Xdelbox直接使用右键菜单的“剪贴板导入不检查路径”导入，并全选文件选择右键菜单的“立刻重启删除”

重启计算机以后 会有两个系统进入的选择的倒计时界面
第一个是你原来的windows系统
第二个是这个软件给你设定的dos系统
系统会自动选择进入第二个系统
类似dos的界面滚动完毕以后 病毒就被删除了
之后会自动重启进入正常模式
进入系统后，再做别的修复事：

把流氓软件,清理下