我是菜鸟，弄了一个下午，还没找到，木马克星扫描出有灰鸽子，大大帮帮我
下面是木马克星扫描情况：
D:\WINDOWS\SYSTEM.EXE 怀疑为灰鸽子1220.
"D:\PROGRAM FILES\RISING\RAV\SCANBD.EXE" /INST 程序设置为自启动
新建文件: D:\WINDOWS\SYSTEM32\iexp_log.txt 2006-5-15 17:04:21
扫描了 28个进程，
木马克星扫描结束.
没有发现木马，系统安全!
D:\WINDOWS\System32\WbCodeU.dll文件被系统注入: D:\WINDOWS\Explorer.EXE 程序
D:\WINDOWS\System32\WBJJU.IME文件被系统注入: D:\WINDOWS\Explorer.EXE 程序
D:\WINDOWS\SYSTEM.EXE 怀疑为灰鸽子1220.
  灰鸽子木马克星不能杀吗？这新建文件: D:\WINDOWS\SYSTEM32\iexp_log.txt 2006-5-15 17:04:21是怎么回事？我在上传日志，请大大帮我看看！
Logfile of HijackThis v1.99.1
Scan saved at 17:14:28, on 2006-5-15
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Rising\Rav\CCenter.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Rising\Rav\Ravmond.exe
d:\program files\rising\rfw\rfwsrv.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Rising\Rav\RavStub.exe
D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
D:\WINDOWS\System32\wdfmgr.exe
D:\WINDOWS\Explorer.EXE
d:\program files\rising\rfw\RfwMain.exe
D:\WINDOWS\System32\Rundll32.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Rising\Rav\RavTask.exe
D:\Program Files\Rising\Rav\Ravmon.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\WINDOWS\System32\ctfmon.exe
D:\WINDOWS\System32\conime.exe
D:\WINDOWS\System32\taskmgr.exe
D:\Program Files\Rising\Rav\ScanBD.exe
D:\WINDOWS\System32\regsvr32.exe
D:\WINDOWS\System32\regsvr32.exe
D:\WINDOWS\System32\regsvr32.exe
D:\Program Files\Iparmor\Iparmor.exe
D:\WINDOWS\System32\regsvr32.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\WINDOWS\System32\regsvr32.exe
D:\Program Files\Internet Explorer\iexplore.exe
F:\其它\木马克星\查杀木马\hi\HijackThis.exe

R3 - URLSearchHook: VeryCD Search Class - {88351CEF-BAC0-4A9B-8380-31A173E2926F} - D:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx (file missing)
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - D:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\qq\QQIEHelper.dll (file missing)
O2 - BHO: VeryCD超级搜索 - {75FE2B5A-D3A4-4EFA-AC11-ADC9C9459688} - D:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - D:\PROGRA~1\baidu\bar\baidubar.dll
O2 - BHO: AssistII - {BB936323-19FA-4521-BA29-ECA6A121BC78} - D:\Program Files\3721\Assist\asbar.dll
O3 - Toolbar: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - D:\PROGRA~1\Kingsoft\FastAIT\IEBand.dll
O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - D:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll
O3 - Toolbar: VeryCD超级搜索 - {F869BB38-FFEF-4589-B986-610B7AD0ADA2} - D:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll
O3 - Toolbar: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - D:\PROGRA~1\baidu\bar\baidubar.dll
O3 - Toolbar: 上网助手 - {BB936323-19FA-4521-BA29-ECA6A121BC78} - D:\Program Files\3721\Assist\asbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] ; D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] ; D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] ; D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [helper.dll] D:\WINDOWS\system32\rundll32.exe D:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [CnsMin] rem Rundll32.exe D:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [RfwMain] "D:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [RavTask] "D:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [Super Rabbit SRRestore] D:\Program Files\Super Rabbit\MagicSet\SRRest.exe /autosave
O4 - HKLM\..\Run: [iparmor] D:\Program Files\Iparmor\Iparmor.exe mini
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [RavScanBD] "D:\Program Files\Rising\Rav\ScanBD.exe" /INST
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] ; "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: 腾讯QQ.lnk = C:\Program Files\Tencent\qq\QQ.exe
O8 - Extra context menu item: &Download by NetAnts - D:\PROGRA~1\NETANTS\NAGet.htm
O8 - Extra context menu item: &使用暴风下载器下载 - C:\Program Files\Ringz Studio\Storm Downloader\geturl.htm
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\getAllurl.htm
O8 - Extra context menu item: VeryCD超级搜索 - D:\PROGRA~1\YOK.com\SUPERS~1\yoksch.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\qq\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\qq\SendMMS.htm
O8 - Extra context menu item: 雅虎搜索 - res://D:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll/246
O9 - Extra button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail (file missing)
O9 - Extra button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=taobao (file missing)
O9 - Extra button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\qq\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\qq\QQ.EXE
O9 - Extra button: 易趣购物 - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://adfarm.mediaplex.com/ad/ck/4080-23171-9517-219?cn=song;icon;hp&mpro=http://www.ebay.com.cn (file missing)
O9 - Extra 'Tools' menuitem: 易趣购物 - {DE60714F-AC17-427e-861A-FD60CBDF119A} - http://adfarm.mediaplex.com/ad/ck/4080-23171-9517-219?cn=song;icon;hp&mpro=http://www.ebay.com.cn (file missing)
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\qq\QQIEHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\qq\QQIEHelper.dll (file missing)
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O10 - Broken Internet access because of LSP provider 'd:\windows\system32\cdnns.dll' missing
O11 - Options group: [!CNS]  上网助手-地址栏搜索
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143370140201
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AXSafeControls.cab
O20 - AppInit_DLLs: apihookdll.dll
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - d:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - d:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - D:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\Program Files\Rising\Rav\Ravmond.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

还有这是什么程序啊，有没危害？这么多？
D:\WINDOWS\System32\regsvr32.exe
D:\WINDOWS\System32\regsvr32.exe
D:\WINDOWS\System32\regsvr32.exe
D:\Program Files\Iparmor\Iparmor.exe
D:\WINDOWS\System32\regsvr32.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\WINDOWS\System32\regsvr32.exe
就是这regsvr32.exe

D:\Program Files\Internet Explorer\IEXPLORE.EXE 好像有问题

呵呵，该怎么解决？是什么问题呢、？

如果真有这个文件D:\WINDOWS\SYSTEM.EXE ，是值得怀疑的。
在日志里看不出问题来。
请下载 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
www.27814939.ys168.com
日志一次粘不完，分次粘完，不要修改

hao ，谢谢，我现在就去办

2006-05-16,08:29:23

System Repair Engineer 2.0.12.350 (2.0 RC 1)
    Windows XP Professional  - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <ctfmon.exe><D:\WINDOWS\System32\ctfmon.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <MSMSGS><; "D:\Program Files\Messenger\msmsgs.exe" /background>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <IMJPMIG8.1><; D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <PHIME2002ASync><; D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <PHIME2002A><; D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <helper.dll><D:\WINDOWS\system32\rundll32.exe D:\PROGRA~1\3721\helper.dll,Rundll32>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <CnsMin><rem Rundll32.exe D:\WINDOWS\downlo~1\CnsMin.dll,Rundll32>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <RfwMain><"D:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <RavTask><"D:\Program Files\Rising\Rav\RavTask.exe" -system>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <Super Rabbit SRRestore><D:\Program Files\Super Rabbit\MagicSet\SRRest.exe /autosave>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <iparmor><D:\Program Files\Iparmor\Iparmor.exe mini>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <TkBellExe><"D:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <RavScanBD><"D:\Program Files\Rising\Rav\ScanBD.exe" /INST>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <shell><explorer.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <Userinit><D:\WINDOWS\system32\userinit.exe,>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <AppInit_DLLs><>

==================================
启动文件夹
[腾讯QQ]
  <D:\Documents and Settings\user\「开始」菜单\程序\启动\腾讯QQ.lnk><N>

==================================
服务
[IMAPI CD-Burning COM Service / ImapiService]
  <D:\WINDOWS\System32\imapi.exe><Microsoft Corporation>
[Rising Proxy  Service / RfwProxySrv]
  <d:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
  <d:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
  <"D:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
  <"D:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[SoundMAX Agent Service / SoundMAX Agent Service (default)]
  <D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>
[System.exe / System.exer]
  <D:\WINDOWS\System.exe><N/A>
[Ulead Burning Helper / UleadBurningHelper]
  <D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe><Ulead Systems, Inc.>

==================================
浏览器加载项
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx, N/A>
[雅虎助手]
  {406F94F0-504F-4a40-8DFD-58B0666ABEBD} <D:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll, Yahoo!>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <C:\Program Files\Tencent\qq\QQIEHelper.dll, N/A>
[VeryCD超级搜索]
  {75FE2B5A-D3A4-4EFA-AC11-ADC9C9459688} <D:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll, www.yok.com>
[BandIE Class]
  {77FEF28E-EB96-44FF-B511-3185DEA48697} <D:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[上网助手]
  {BB936323-19FA-4521-BA29-ECA6A121BC78} <D:\Program Files\3721\Assist\asbar.dll, 3721>
[Yahoo 1G电邮]
  {507F9113-CD77-4866-BA92-0E86DA3D0B97} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail, N/A>
[寻宝乐趣多]
  {59BC54A2-56B3-44a0-93E5-432D58746E26} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=taobao, N/A>
[雅虎助手]
  {5D73EE86-05F1-49ed-B850-E423120EC338} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\qq\QQ.EXE, TENCENT>
[易趣购物]
  {DE60714F-AC17-427e-861A-FD60CBDF119A} <http://adfarm.mediaplex.com/ad/ck/4080-23171-9517-219?cn=song;icon;hp&mpro=http://www.ebay.com.cn, N/A>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <C:\Program Files\Tencent\qq\QQIEHelper.dll, N/A>
[情景聊天]
  {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg, N/A>
[]
  {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair, N/A>
[]
  {FD00D911-7529-4084-9946-A29F1BDF4FE5} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean, N/A>
[金山快译(&K)]
  {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} <D:\PROGRA~1\Kingsoft\FastAIT\IEBand.dll, >
[雅虎助手]
  {406F94F0-504F-4a40-8DFD-58B0666ABEBD} <D:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll, Yahoo!>
[VeryCD超级搜索]
  {F869BB38-FFEF-4589-B986-610B7AD0ADA2} <D:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll, www.yok.com>
[百度超级搜霸]
  {B580CF65-E151-49C3-B73F-70B13FCA8E86} <D:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[上网助手]
  {BB936323-19FA-4521-BA29-ECA6A121BC78} <D:\Program Files\3721\Assist\asbar.dll, 3721>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <D:\WINDOWS\System32\wuweb.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <D:\WINDOWS\System32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[&Download by NetAnts]
  <D:\PROGRA~1\NETANTS\NAGet.htm, N/A>
[&使用暴风下载器下载]
  <C:\Program Files\Ringz Studio\Storm Downloader\geturl.htm, N/A>
[&使用迅雷下载]
  <C:\Program Files\Thunder Network\Thunder\geturl.htm, N/A>
[&使用迅雷下载全部链接]
  <C:\Program Files\Thunder Network\Thunder\getAllurl.htm, N/A>
[VeryCD超级搜索]
  <D:\PROGRA~1\YOK.com\SUPERS~1\yoksch.htm, N/A>
[上传到QQ网络硬盘]
  <C:\Program Files\Tencent\qq\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
  <C:\Program Files\Tencent\qq\AddPanel.htm, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <C:\Program Files\Tencent\qq\SendMMS.htm, N/A>
[雅虎搜索]
  <res://D:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll/246, N/A>

[PID: 1136][F:\其它\木马克星\查杀木马\hi\HijackThis.exe]  <Soeperman Enterprises Ltd.><1.99.0001>
    [D:\WINDOWS\System32\apihookdll.dll]  <N/A><N/A>
    [D:\Program Files\Iparmor\SocketArmor.dll]  <N/A><N/A>
    [D:\Program Files\Iparmor\hookhookdll.dll]  <N/A><N/A>
    [D:\PROGRA~1\3721\helper.dll]  <><1, 0, 9, 1324>
    [D:\WINDOWS\downlo~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 2, 6>
[PID: 2964][D:\WINDOWS\System32\regsvr32.exe]  <Microsoft Corporation><5.1.2600.0 (XPClient.010817-1148)>
    [D:\WINDOWS\System32\apihookdll.dll]  <N/A><N/A>
    [D:\Program Files\Iparmor\hookhookdll.dll]  <N/A><N/A>
    [D:\PROGRA~1\3721\helper.dll]  <><1, 0, 9, 1324>
    [D:\WINDOWS\downlo~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 2, 6>
    [D:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll]  <www.yok.com><2.0.1.5>
    [D:\WINDOWS\System32\SYNCOR11.DLL]  <SoundMAX><1.2.3>
[PID: 3436][D:\WINDOWS\System32\regsvr32.exe]  <Microsoft Corporation><5.1.2600.0 (XPClient.010817-1148)>
    [D:\WINDOWS\System32\apihookdll.dll]  <N/A><N/A>
    [D:\Program Files\Iparmor\hookhookdll.dll]  <N/A><N/A>
    [D:\PROGRA~1\3721\helper.dll]  <><1, 0, 9, 1324>
    [D:\WINDOWS\downlo~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 2, 6>
    [D:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll]  <www.yok.com><2.0.1.5>
    [D:\WINDOWS\System32\SYNCOR11.DLL]  <SoundMAX><1.2.3>
[PID: 2748][D:\WINDOWS\System32\regsvr32.exe]  <Microsoft Corporation><5.1.2600.0 (XPClient.010817-1148)>
    [D:\Program Files\Iparmor\hookhookdll.dll]  <N/A><N/A>
    [D:\PROGRA~1\3721\helper.dll]  <><1, 0, 9, 1324>
    [D:\WINDOWS\downlo~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 2, 6>
    [D:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll]  <www.yok.com><2.0.1.5>
    [D:\WINDOWS\System32\SYNCOR11.DLL]  <SoundMAX><1.2.3>
[PID: 3228][D:\WINDOWS\System32\regsvr32.exe]  <Microsoft Corporation><5.1.2600.0 (XPClient.010817-1148)>
    [D:\Program Files\Iparmor\hookhookdll.dll]  <N/A><N/A>
    [D:\PROGRA~1\3721\helper.dll]  <><1, 0, 9, 1324>
    [D:\WINDOWS\downlo~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 2, 6>
    [D:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll]  <www.yok.com><2.0.1.5>
    [D:\WINDOWS\System32\SYNCOR11.DLL]  <SoundMAX><1.2.3>
[PID: 3368][D:\WINDOWS\System32\regsvr32.exe]  <Microsoft Corporation><5.1.2600.0 (XPClient.010817-1148)>
    [D:\Program Files\Iparmor\hookhookdll.dll]  <N/A><N/A>
    [D:\PROGRA~1\3721\helper.dll]  <><1, 0, 9, 1324>
    [D:\WINDOWS\downlo~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 2, 6>
    [D:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll]  <www.yok.com><2.0.1.5>
    [D:\WINDOWS\System32\SYNCOR11.DLL]  <SoundMAX><1.2.3>
[PID: 3712][D:\WINDOWS\System32\regsvr32.exe]  <Microsoft Corporation><5.1.2600.0 (XPClient.010817-1148)>
    [D:\Program Files\Iparmor\hookhookdll.dll]  <N/A><N/A>
    [D:\PROGRA~1\3721\helper.dll]  <><1, 0, 9, 1324>
    [D:\WINDOWS\downlo~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 2, 6>
    [D:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll]  <www.yok.com><2.0.1.5>
    [D:\WINDOWS\System32\SYNCOR11.DLL]  <SoundMAX><1.2.3>
[PID: 2460][C:\Program Files\Ringz Studio\Storm Codec\mplayerc.exe]  <Gabest><6, 4, 8, 4>
    [D:\WINDOWS\System32\SYNCOR11.DLL]  <SoundMAX><1.2.3>
    [D:\Program Files\Iparmor\SocketArmor.dll]  <N/A><N/A>
    [D:\WINDOWS\downlo~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 2, 6>
    [D:\Program Files\Iparmor\hookhookdll.dll]  <N/A><N/A>
    [D:\PROGRA~1\3721\helper.dll]  <><1, 0, 9, 1324>
    [D:\WINDOWS\System32\msdmo.dll]  <N/A><N/A>
    [c:\Program Files\Ringz Studio\Storm Codec\Codecs\VSFilter.dll]  <Gabest><1, 0, 0, 9>
    [c:\Program Files\Ringz Studio\Storm Codec\Codecs\mlcom.ax]  <Moonlight Cordless Ltd><1, 5, 173, 41217>
    [D:\Program Files\Common Files\SONY Digital Images\MPEG_TS\tssplt.ax]  <Sony Corporation><1.0.00.04202>
    [c:\Program Files\Ringz Studio\Storm Codec\Codecs\OGGSplt.ax]  <Gabest><1, 0, 0, 0>
    [D:\WINDOWS\System32\mpg2splt.ax]  <N/A><N/A>
    [c:\Program Files\Ringz Studio\Storm Codec\Codecs\RMSplt.ax]  <Gabest><1, 0, 1, 0>
    [c:\Program Files\Ringz Studio\Storm Codec\Codecs\VgmSplt.ax]  <DS USA, Inc><1, 0, 11, 19>
    [D:\WINDOWS\System32\dxmasf.dll]  <N/A><N/A>
    [c:\Program Files\Ringz Studio\Storm Codec\Codecs\TTASplt.ax]  <-><1, 0, 0, 203>
    [c:\Program Files\Ringz Studio\Storm Codec\Codecs\mpeg2dmx.ax]  <Moonlight Cordless Ltd.><3, 1, 200, 50117>
    [D:\Program Files\Common Files\Ulead Systems\MPEG\ulspmpeg.ax]  <ULead Systems><1, 0, 0, 91>
    [D:\Program Files\Common Files\Ulead Systems\MPEG\mcmpgdec.dll]  <Ulead Systems, Inc.><official release build>
    [D:\Program Files\Common Files\Ulead Systems\MPEG\mpegin.dll]  <Ulead Systems, Inc><official release build>
    [c:\Program Files\Ringz Studio\Storm Codec\Codecs\aac_ps.ax]  <N/A><1.1>
[PID: 3476][D:\Program Files\Rising\Rav\RsAgent.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 12>
    [D:\WINDOWS\downlo~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 2, 6>
    [D:\Program Files\Iparmor\hookhookdll.dll]  <N/A><N/A>
    [D:\PROGRA~1\3721\helper.dll]  <><1, 0, 9, 1324>
    [D:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
[PID: 1252][D:\WINDOWS\msagent\AgentSvr.exe]  <Microsoft Corporation><2.00.0.3422>
    [D:\WINDOWS\downlo~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 2, 6>
    [D:\Program Files\Iparmor\hookhookdll.dll]  <N/A><N/A>
    [D:\PROGRA~1\3721\helper.dll]  <><1, 0, 9, 1324>
    [D:\WINDOWS\system32\SYNCOR11.DLL]  <SoundMAX><1.2.3>
[PID: 3672][C:\Program Files\Tencent\TT\TTraveler.exe]  <深圳市腾讯计算机系统有限公司><1. 6. 9. 170>
    [D:\WINDOWS\System32\SYNCOR11.DLL]  <SoundMAX><1.2.3>
    [D:\Program Files\Iparmor\SocketArmor.dll]  <N/A><N/A>
    [D:\WINDOWS\downlo~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 2, 6>
    [D:\Program Files\Iparmor\hookhookdll.dll]  <N/A><N/A>
    [D:\PROGRA~1\3721\helper.dll]  <><1, 0, 9, 1324>
    [D:\PROGRA~1\3721\AutoLive.dll]  <><1, 1, 5, 1324>
    [D:\PROGRA~1\3721\alLiveEx.dll]  < ><1, 0, 3, 1006>
    [D:\WINDOWS\downlo~1\CnsHook.dll]  <北京三七二一科技有限公司><1, 0, 2, 7>
    [C:\Program Files\Tencent\TT\PersonalDesktop.dll]  <深圳市腾讯计算机系统公司QQ工作小组><1, 0, 0, 4>
    [D:\WINDOWS\downlo~1\CnsMinIO.dll]  <北京三七二一科技有限公司><1, 0, 3, 6>
    [D:\WINDOWS\downlo~1\cnsio.dll]  <北京三七二一科技有限公司><1, 0, 2, 7>
    [D:\WINDOWS\System32\Macromed\Flash\Flash8.ocx]  <Macromedia, Inc.><8,0,22,0>
[PID: 2112][C:\Program Files\Thunder Network\Thunder\Thunder.exe]  <深圳市迅雷网络技术有限公司><4, 7, 2, 51>
    [C:\Program Files\Thunder Network\Thunder\log4cplus.dll]  <N/A><N/A>
    [C:\Program Files\Thunder Network\Thunder\ICF.dll]  <N/A><N/A>
    [C:\Program Files\Thunder Network\Thunder\WebBrowserEx.dll]  <N/A><N/A>
    [C:\Program Files\Thunder Network\Thunder\boost_thread-vc6-mt-1_31.dll]  <N/A><N/A>
    [D:\WINDOWS\System32\SYNCOR11.DLL]  <SoundMAX><1.2.3>
    [D:\WINDOWS\downlo~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 2, 6>
    [D:\Program Files\Iparmor\hookhookdll.dll]  <N/A><N/A>
    [D:\PROGRA~1\3721\helper.dll]  <><1, 0, 9, 1324>
    [D:\WINDOWS\downlo~1\CnsHook.dll]  <北京三七二一科技有限公司><1, 0, 2, 7>
    [D:\WINDOWS\System32\Macromed\Flash\Flash8.ocx]  <Macromedia, Inc.><8,0,22,0>
    [D:\WINDOWS\System32\WBJJU.IME]  <北京六合源软件技术有限公司><1, 0, 0, 0>
    [D:\WINDOWS\System32\WbCodeU.dll]  <><1, 0, 0, 0>
    [D:\WINDOWS\System32\UNISPIM.IME]  <北京清华紫光软件股份有限公司><3.0.0.3045>
    [D:\WINDOWS\System32\upengine.dll]  <北京清华紫光软件股份有限公司><3.0.0.3045>
[PID: 2288][C:\Program Files\Thunder Network\Thunder\TDUpdate.exe]  <N/A><N/A>
    [D:\WINDOWS\System32\SYNCOR11.DLL]  <SoundMAX><1.2.3>
[PID: 1804][c:\Program Files\Thunder Network\Thunder\MediaIssue\Issue.exe]  <深圳市迅雷网络技术有限公司><2, 0, 4, 23>
    [c:\Program Files\Thunder Network\Thunder\MediaIssue\log4cplus.dll]  <N/A><N/A>
    [c:\Program Files\Thunder Network\Thunder\MediaIssue\WebBrowserEx.dll]  <深圳市三代科技开发有限公司><4, 1, 0, 23>
    [c:\Program Files\Thunder Network\Thunder\MediaIssue\boost_thread-vc6-mt-1_31.dll]  <N/A><N/A>
    [D:\WINDOWS\System32\SYNCOR11.DLL]  <SoundMAX><1.2.3>
    [D:\WINDOWS\downlo~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 2, 6>
    [D:\Program Files\Iparmor\hookhookdll.dll]  <N/A><N/A>
    [D:\PROGRA~1\3721\helper.dll]  <><1, 0, 9, 1324>
[PID: 2556][D:\Program Files\WinRAR\WinRAR.exe]  <N/A><N/A>
    [D:\Program Files\Iparmor\SocketArmor.dll]  <N/A><N/A>
    [D:\WINDOWS\downlo~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 2, 6>
    [D:\Program Files\Iparmor\hookhookdll.dll]  <N/A><N/A>
    [D:\PROGRA~1\3721\helper.dll]  <><1, 0, 9, 1324>
[PID: 3200][D:\DOCUME~1\user\LOCALS~1\Temp\Rar$EX45.828\SREng.exe]  <Smallfrogs Studio><2.0.12.350>
    [D:\Program Files\Iparmor\SocketArmor.dll]  <N/A><N/A>
    [D:\Program Files\Iparmor\hookhookdll.dll]  <N/A><N/A>
    [D:\WINDOWS\downlo~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 2, 6>
    [D:\PROGRA~1\3721\helper.dll]  <><1, 0, 9, 1324>
    [D:\WINDOWS\System32\SYNCOR11.DLL]  <SoundMAX><1.2.3>

==================================
文件关联
.TXT  Error. [NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["D:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

不知发得怎样，帮我看看，谢谢，这灰鸽子没杀掉前，能不能上网炒股交易啊！快帮帮我，无邪，谢谢！

[System.exe / System.exer]
<D:\WINDOWS\System.exe><N/A>

用sreng禁止这一项服务，然后重启删除D:\WINDOWS\System.exe