[CODE]

2007-04-08,23:05:19

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional  (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>  [(Verified)Microsoft Windows XP Publisher]
    <MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background>  [Microsoft Corporation]
    <mtzgg70srlzht><C:\DOCUME~1\a\LOCALS~1\Temp\iexpl0re.exe>  []
    <24149cz6g><C:\DOCUME~1\a\LOCALS~1\Temp\Servere.exe>  []
    <ubjtr1><C:\DOCUME~1\a\LOCALS~1\Temp\winlog0n.exe>  []
    <KavPFW><"F:\儿歌精选\KPFW32.EXE">  [Kingsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows XP Publisher]
    <PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows XP Publisher]
    <PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows XP Publisher]
    <SoundMan><SOUNDMAN.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <SysExplr><C:\Herosoft\HeroV8\SysExplr.EXE>  []
    <CnsMin><Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32>  [北京三七二一科技有限公司]
    <QuickTime Task><"E:\qttask.exe" -atboottime>  [Apple Computer, Inc.]
    <wcmdmgr><C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch>  [WildTangent, Inc.]
    <BigDogPath><C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera>  [N/A]
    <yassistse><c:\progra~1\yahoo!\assistant\yassistse.exe>  [(Verified)"beijing yahoo consulting and service co., ltd."]
    <cmdbcs><C:\WINDOWS\cmdbcs.exe>  []
    <runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <wsttrs><C:\WINDOWS\wsttrs.exe>  []
    <KKDelay><C:\Program Files\Rising\AntiSpyware\RunOnce.exe>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><EXPLORER.EXE>  [(Verified)Microsoft Windows XP Publisher]
    <Userinit><C:\WINDOWS\System32\userinit.exe,>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{D157330A-9EF3-49F8-9A67-4141AC41ADD4}><C:\WINDOWS\downlo~1\cnshook.dll>  [北京三七二一科技有限公司]
    <{4BAB150F-DD97-476D-9C1E-41B6CDC0CA7A}><C:\PROGRA~1\Yahoo!\ASSIST~1\yclickon.dll>  [YAHOO Corporation Limited]

==================================
启动文件夹
[腾讯QQ]
  <C:\Documents and Settings\a\「开始」菜单\程序\启动\腾讯QQ.lnk --> C:\PROGRA~1\Tencent\qq\QQ.exe [TENCENT]><N>

==================================
服务
[System Event Logger / DiRVIn][Stopped/Auto Start]
  <C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A>
[Gray / Gray][Stopped/Auto Start]
  <C:\WINDOWS\lasss.exe><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[IMAPI CD-Burning COM Service / ImapiService][Stopped/Manual Start]
  <C:\WINDOWS\System32\imapi.exe><Microsoft Corporation>
[Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]
  <"F:\儿歌精选\KPfwSvc.EXE"><Kingsoft Corporation>
[Kingsoft Antivirus KWatch Service / KWatchSvc][Stopped/Disabled]
  <F:\儿歌精选\KWatch.EXE><Kingsoft Corporation>
[NVIDIA Driver Helper Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation>
[Network Engine / Partner][Stopped/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\System32\spted.dll><N/A>
[Network System / Universal Disk Manager][Running/Auto Start]
  <C:\Program Files\Common Files\COMM\Network.exe><COMENET TECHNOLOGY>
[win_Server / winServer][Stopped/Auto Start]
  <C:\WINDOWS\win_Server.exe><N/A>

==================================
驱动程序
[Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]
  <system32\drivers\ALCXSENS.SYS><Sensaura>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[BdGuard / BdGuard][Running/Boot Start]
  <\SystemRoot\System32\drivers\BDGuard.SYS><>
[CnsMinKP / CnsMinKP][Running/Boot Start]
  <\SystemRoot\System32\drivers\CnsMinKP.sys><Copyright (C) 3721 Corporation.>
[coaera / coaera][Stopped/Manual Start]
  <\SystemRoot\system32\8bbz.sys><N/A>
[kmsinput / kmsinput][Stopped/Manual Start]
  <\??\C:\WINDOWS\System32\drivers\kmsinput.sys><N/A>
[KNetWch / KNetWch][Running/System Start]
  <\??\F:\儿歌精选\KNetWch.SYS><Kingsoft Corporation>
[KWatch3 / KWatch3][Running/System Start]
  <\??\C:\WINDOWS\System32\drivers\KWatch3.SYS><Kingsoft Corporation>
[ncpjod / ncpjod][Running/Boot Start]
  <\SystemRoot\\SystemRoot\System32\drivers\ncpjod.sys><N/A>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\C:\Program Files\Tencent\qq\npkcrypt.sys><INCA Internet Co., Ltd.>
[NPPTNT2 / NPPTNT2][Running/System Start]
  <\??\C:\WINDOWS\System32\npptNT2.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
  <System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[nv4 / nv4][Stopped/Manual Start]
  <System32\DRIVERS\nv4.sys><NVIDIA Corporation>
[paasweq / paasweq][Stopped/Manual Start]
  <\??\C:\WINDOWS\System32\awope.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[WAN Miniport (PPP over Ethernet Protocol) / RMSPPPOE][Running/Manual Start]
  <System32\DRIVERS\RMSPPPOE.SYS><Robert Schlabbach>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\System32\drivers\RsBoot.sys><Beijing Rising>
[Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver / RTL8023xp][Running/Manual Start]
  <System32\DRIVERS\Rtlnicxp.sys><Realtek Semiconductor Corporation>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
  <System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <System32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[yjqcuhhb / yjqcuhhb][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\yjqcuhhb.sys><Yahoo! China Corporation>
[VIMICRO USB PC Camera / ZSMC302][Stopped/Manual Start]
  <System32\Drivers\usbVM31b.sys><VM>
[R2A / R2A][Stopped/Disabled]
  <\??\C:\WINDOWS\System32a2.sys><N/A>

==================================
浏览器加载项
[Yahoo!Photo]
  {33BBE430-0E42-4f12-B075-8D21ACB10DCB} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll, Yahoo! China>
[AntiFish Class]
  {38928D50-8A48-44C2-945F-D2F23F771410} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll, yahoo! china>
[DragSearch BHO]
  {62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, yahoo! china>
[BandIE Class]
  {77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\Program Files\BaiDu\bar\BaiduBar.dll, Baidu.com, Inc.>
[CnsHook Class]
  {D157330A-9EF3-49F8-9A67-4141AC41ADD4} <C:\WINDOWS\downlo~1\cnshook.dll, 北京三七二一科技有限公司>
[Yahoo 3.5G电邮]
  {507F9113-CD77-4866-BA92-0E86DA3D0B97} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail, N/A>
[名品折扣]
  {59BC54A2-56B3-44a0-93E5-432D58746E26} <http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=http://www.taobao.com/vertical/mall/pro.php?allyesPara=816, N/A>
[雅虎助手]
  {5D73EE86-05F1-49ed-B850-E423120EC338} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist, N/A>
[雅虎WIDGET]
  {6354ABE6-05F1-49ed-B850-E423120EC338} <http://cn.widget.yahoo.com/index.htm?source=Cns, N/A>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <C:\Program Files\Tencent\qq\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[情景聊天]
  {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg, N/A>
[]
  {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair, N/A>
[]
  {FD00D911-7529-4084-9946-A29F1BDF4FE5} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean, N/A>
[百度超级搜霸]
  {B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\Program Files\BaiDu\bar\BaiduBar.dll, Baidu.com, Inc.>
[雅虎助手]
  {406F94F0-504F-4a40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, yahoo! china>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\System32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[Rising Web Scan Object]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[金山毒霸在线产品升级]
  {E847C78C-C210-4195-8799-FBF3BF89797D} <C:\WINDOWS\System32\kingsoft\KOS\KOSInit.ocx, 金山软件股份有限公司>
[AutoLive]
  {7CA83CF1-3AEA-42D0-A4E3-1594FC6E48B2} <C:\PROGRA~1\3721\autolive.dll, >
[上传到QQ网络硬盘]
  <C:\Program Files\Tencent\qq\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
  <C:\Program Files\Tencent\qq\AddPanel.htm, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <C:\Program Files\Tencent\qq\SendMMS.htm, N/A>
[雅虎搜索]
  <res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/203, N/A>

==================================
正在运行的进程
[PID: 468][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 540][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\TEMP\n.dll]  [N/A, ]
[PID: 564][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 608][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 620][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 796][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 852][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 960][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 996][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1116][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[PID: 1500][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
    [C:\WINDOWS\downlo~1\cnshook.dll]  [北京三七二一科技有限公司, 2.5.0.3]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\yclickon.dll]  [YAHOO Corporation Limited, 2, 0, 2, 1003]
    [C:\WINDOWS\downlo~1\CnsMin.dll]  [北京三七二一科技有限公司, 2, 5, 0, 6]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\DOCUME~1\a\LOCALS~1\Temp\LgSy0.dll]  [N/A, ]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\cmdbcs.dll]  [N/A, ]
    [C:\DOCUME~1\a\LOCALS~1\Temp\Rav30.dll]  [N/A, ]
    [C:\DOCUME~1\a\LOCALS~1\Temp\LgSy1.dll]  [N/A, ]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll]  [Yahoo! China, 3, 0, 8, 1010]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL]  [yahoo! china, 3, 0, 4, 1006]
    [C:\Program Files\BaiDu\bar\BaiduBar.dll]  [Baidu.com, Inc., 2, 0, 2, 135]
[PID: 340][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5.1.0.29]
    [C:\WINDOWS\downlo~1\CnsMin.dll]  [北京三七二一科技有限公司, 2, 5, 0, 6]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 360][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3018]
    [C:\WINDOWS\downlo~1\CnsMin.dll]  [北京三七二一科技有限公司, 2, 5, 0, 6]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 368][C:\Herosoft\HeroV8\SysExplr.EXE]  [N/A, ]
    [C:\Herosoft\HeroV8\HttpReq.dll]  [N/A, ]
    [C:\Herosoft\HeroV8\CoolMenu.dll]  [N/A, ]
    [C:\Herosoft\HeroV8\httphlp.dll]  [N/A, ]
    [C:\Herosoft\HeroV8\AVCDROM.dll]  [N/A, ]
    [C:\WINDOWS\downlo~1\CnsMin.dll]  [北京三七二一科技有限公司, 2, 5, 0, 6]
    [C:\Herosoft\HeroV8\Sys936.DLL]  [N/A, ]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 388][E:\qttask.exe]  [Apple Computer, Inc., 6.5]
    [C:\WINDOWS\downlo~1\CnsMin.dll]  [北京三七二一科技有限公司, 2, 5, 0, 6]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 436][C:\WINDOWS\VM_STI.EXE]  [BIGDOG, 4, 2, 610, 4]
    [C:\WINDOWS\downlo~1\CnsMin.dll]  [北京三七二一科技有限公司, 2, 5, 0, 6]
    [C:\WINDOWS\System32\msdmo.dll]  [, ]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 448][C:\WINDOWS\wt\updater\wcmdmgr.exe]  [WildTangent, Inc., 1.6.0.37]
    [C:\WINDOWS\downlo~1\CnsMin.dll]  [北京三七二一科技有限公司, 2, 5, 0, 6]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 456][C:\progra~1\yahoo!\assistant\yassistse.exe]  [Yahoo! China, 3, 0, 7, 1010]
    [C:\WINDOWS\downlo~1\CnsMin.dll]  [北京三七二一科技有限公司, 2, 5, 0, 6]
    [C:\progra~1\yahoo!\assistant\shell\yAssecblk.dll]  [Yahoo! China, 3, 1, 8, 1026]
    [C:\progra~1\yahoo!\assistant\shell\yAsMenu.dll]  [Yahoo! China, 3, 0, 2, 1003]
    [C:\progra~1\yahoo!\assistant\shell\yIEAngel.dll]  [Yahoo! China, 3, 0, 3, 1004]
    [C:\progra~1\yahoo!\assistant\shell\yMenuInfo.dll]  [Yahoo! China, 3, 0, 1, 1001]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 272][C:\Program Files\Rising\AntiSpyware\runiep.exe]  [Beijing Rising Technology Co., Ltd., 1, 0, 1, 6]
    [C:\Program Files\Rising\AntiSpyware\iep_ctrl.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\downlo~1\CnsMin.dll]  [北京三七二一科技有限公司, 2, 5, 0, 6]
[PID: 496][C:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\downlo~1\CnsMin.dll]  [北京三七二一科技有限公司, 2, 5, 0, 6]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 584][C:\Program Files\Messenger\msmsgs.exe]  [Microsoft Corporation, 4.6.0078]
    [C:\WINDOWS\downlo~1\CnsMin.dll]  [北京三七二一科技有限公司, 2, 5, 0, 6]
    [C:\Program Files\Messenger\MSGSLANG.DLL]  [Microsoft Corporation, 4.6.0078]
    [C:\PROGRA~1\MESSEN~1\rtcimsp.dll]  [Microsoft Corporation, 4.0.3599.0 (Lab02_N(ntvbl02).020107-1351)]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\msdmo.dll]  [, ]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 900][F:\儿歌精选\KPFW32.EXE]  [Kingsoft Corporation, 2005, 11, 22, 606]
    [C:\WINDOWS\downlo~1\CnsMin.dll]  [北京三七二一科技有限公司, 2, 5, 0, 6]
    [F:\儿歌精选\KAVIPC2.DLL]  [Kingsoft Corporation, 2004, 12, 28, 20]
    [F:\儿歌精选\KAConfig.DLL]  [Kingsoft Corporation, 2005, 3, 23, 30]
    [F:\儿歌精选\FiltList.dll]  [N/A, ]
    [F:\儿歌精选\KAVPassp.DLL]  [Kingsoft Corporation, 2005, 12, 14, 227]
    [F:\儿歌精选\KAEPlat.DLL]  [Kingsoft Corp., 2004, 11, 26, 53]
    [F:\儿歌精选\KAEMem.DAT]  [Kingsoft, 2004, 11, 9, 11]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [F:\儿歌精选\KAScript.DLL]  [Kingsoft Corporation, 2005, 10, 26, 58]
    [C:\DOCUME~1\a\LOCALS~1\Temp\LgSy1.dll]  [N/A, ]
    [C:\DOCUME~1\a\LOCALS~1\Temp\Rav30.dll]  [N/A, ]
    [C:\WINDOWS\System32\cmdbcs.dll]  [N/A, ]
    [C:\DOCUME~1\a\LOCALS~1\Temp\LgSy0.dll]  [N/A, ]
[PID: 2772][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
    [C:\WINDOWS\downlo~1\CnsMin.dll]  [北京三七二一科技有限公司, 2, 5, 0, 6]
    [C:\WINDOWS\downlo~1\CnsHint.dll]  [3721, 2, 5, 0, 2]
    [C:\WINDOWS\downlo~1\cnsplus.dll]  [3721, 2, 5, 0, 2]
    [C:\Program Files\BaiDu\bar\BaiduBar.dll]  [Baidu.com, Inc., 2, 0, 2, 135]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll]  [Yahoo! China, 3, 0, 8, 1010]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll]  [yahoo! china, 3, 0, 5, 1007]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL]  [yahoo! china, 3, 0, 4, 1006]
    [C:\WINDOWS\downlo~1\cnshook.dll]  [北京三七二一科技有限公司, 2.5.0.3]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [F:\儿歌精选\KAScript.DLL]  [Kingsoft Corporation, 2005, 10, 26, 58]
    [F:\儿歌精选\KAEPlat.DLL]  [Kingsoft Corp., 2004, 11, 26, 53]
    [F:\儿歌精选\KAEMem.DAT]  [Kingsoft, 2004, 11, 9, 11]
    [C:\DOCUME~1\a\LOCALS~1\Temp\LgSy1.dll]  [N/A, ]
    [C:\DOCUME~1\a\LOCALS~1\Temp\Rav30.dll]  [N/A, ]
    [C:\WINDOWS\System32\cmdbcs.dll]  [N/A, ]
    [C:\DOCUME~1\a\LOCALS~1\Temp\LgSy0.dll]  [N/A, ]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\Downloaded Program Files\OL2005.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 7]
    [C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\WINDOWS\System32\KIme.ime]  [金山软件公司, 1, 0, 0, 1]
    [C:\PROGRA~1\COMMON~1\KingSoft\Extract\KSEngine.dll]  [金山软件有限公司, 2, 0, 1, 0]
    [C:\WINDOWS\downlo~1\CnsMinIO.dll]  [北京三七二一科技有限公司, 2, 5, 0, 3]
    [C:\WINDOWS\downlo~1\cnsio.dll]  [北京三七二一科技有限公司, 2, 5, 0, 2]
[PID: 600][C:\Program Files\WinRAR\WinRAR.exe]  [N/A, ]
    [C:\WINDOWS\downlo~1\CnsMin.dll]  [北京三七二一科技有限公司, 2, 5, 0, 6]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\DOCUME~1\a\LOCALS~1\Temp\LgSy1.dll]  [N/A, ]
    [C:\DOCUME~1\a\LOCALS~1\Temp\Rav30.dll]  [N/A, ]
    [C:\WINDOWS\System32\cmdbcs.dll]  [N/A, ]
    [C:\DOCUME~1\a\LOCALS~1\Temp\LgSy0.dll]  [N/A, ]
[PID: 2156][C:\DOCUME~1\a\LOCALS~1\Temp\Rar$EX01.922\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\WINDOWS\downlo~1\CnsMin.dll]  [北京三七二一科技有限公司, 2, 5, 0, 6]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\DOCUME~1\a\LOCALS~1\Temp\LgSy1.dll]  [N/A, ]
    [C:\DOCUME~1\a\LOCALS~1\Temp\Rav30.dll]  [N/A, ]
    [C:\WINDOWS\System32\cmdbcs.dll]  [N/A, ]
    [C:\DOCUME~1\a\LOCALS~1\Temp\LgSy0.dll]  [N/A, ]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  Error. [winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

在安全模式下尽量备份以下所有注册表项和对应的文件。
——————————————————————————————————————
用冰刃禁止进程创建，用冰刃卸除以下插入系统进程的模块后，删除对应文件。（此操作也可不做，如果下面的操作无效，就得干这个了）
正在运行的进程

[C:\WINDOWS\TEMP\n.dll] [N/A, ]

[C:\DOCUME~1\a\LOCALS~1\Temp\LgSy0.dll] [N/A, ]

[C:\DOCUME~1\a\LOCALS~1\Temp\Rav30.dll] [N/A, ]
[C:\DOCUME~1\a\LOCALS~1\Temp\LgSy1.dll] [N/A,

[C:\DOCUME~1\a\LOCALS~1\Temp\LgSy1.dll] [N/A, ]
[C:\DOCUME~1\a\LOCALS~1\Temp\Rav30.dll] [N/A, ]
[C:\WINDOWS\System32\cmdbcs.dll] [N/A, ]
[C:\DOCUME~1\a\LOCALS~1\Temp\LgSy0.dll] [N/A, ]

[C:\DOCUME~1\a\LOCALS~1\Temp\LgSy1.dll] [N/A, ]
[C:\DOCUME~1\a\LOCALS~1\Temp\Rav30.dll] [N/A, ]
[C:\WINDOWS\System32\cmdbcs.dll] [N/A, ]
[C:\DOCUME~1\a\LOCALS~1\Temp\LgSy0.dll] [N/A, ]
[C:\DOCUME~1\a\LOCALS~1\Temp\LgSy1.dll] [N/A, ]
[C:\DOCUME~1\a\LOCALS~1\Temp\Rav30.dll] [N/A, ]
[C:\WINDOWS\System32\cmdbcs.dll] [N/A, ]
[C:\DOCUME~1\a\LOCALS~1\Temp\LgSy0.dll] [N/A, ]
[
[C:\DOCUME~1\a\LOCALS~1\Temp\LgSy1.dll] [N/A, ]
[C:\DOCUME~1\a\LOCALS~1\Temp\Rav30.dll] [N/A, ]
[C:\WINDOWS\System32\cmdbcs.dll] [N/A, ]
[C:\DOCUME~1\a\LOCALS~1\Temp\LgSy0.dll] [N/A, ]
——————————————————————————————————
取消冰刃的禁止进程创建，
用SRENG删除下面各注册表项，用冰刃删除对应文件。

启动项目
注册表

<mtzgg70srlzht><C:\DOCUME~1\a\LOCALS~1\Temp\iexpl0re.exe> []
<24149cz6g><C:\DOCUME~1\a\LOCALS~1\Temp\Servere.exe> []
<ubjtr1><C:\DOCUME~1\a\LOCALS~1\Temp\winlog0n.exe> []

<cmdbcs><C:\WINDOWS\cmdbcs.exe> []

<wsttrs><C:\WINDOWS\wsttrs.exe> []

服务
[System Event Logger / DiRVIn][Stopped/Auto Start]
<C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A>
[Gray / Gray][Stopped/Auto Start]
<C:\WINDOWS\lasss.exe><N/A>

[Network Engine / Partner][Stopped/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\System32\spted.dll><N/A>

[win_Server / winServer][Stopped/Auto Start]
<C:\WINDOWS\win_Server.exe><N/A>

驱动程序

[BdGuard / BdGuard][Running/Boot Start]
<\SystemRoot\System32\drivers\BDGuard.SYS><>

[coaera / coaera][Stopped/Manual Start]
<\SystemRoot\system32\8bbz.sys><N/A>

[ncpjod / ncpjod][Running/Boot Start]
<\SystemRoot\\SystemRoot\System32\drivers\ncpjod.sys><N/A>

[paasweq / paasweq][Stopped/Manual Start]
<\??\C:\WINDOWS\System32\awope.sys><N/A>

[R2A / R2A][Stopped/Disabled]
<\??\C:\WINDOWS\System32a2.sys><N/A>
———————————————————————————————————
用冰刃打开  C:\DOCUME~1\a\LOCALS~1\Temp  文件夹。删除里面所有文件和文件夹。

——————————————————————————--——————————

有可能的话，别用3721和Yahoo! China了。

——————————————————————————————————————

重启电脑，正常系统中如再见以上文件，用冰刃或unlocker删除。

再重启，如还异常，我也无奈了。

呵呵
天月小子，我两天不来
就已经有人开专帖来请你帮忙了
厉害哇
呵呵。。。杀毒方法写得不错
我大致看了一下日志，还算比较全
呵呵
顶一下
继续努力，别忘记教下我啊

呵呵！！！！！！！

都不知这些能不能应付他呢。

就等楼主的消息了
我刚才中了个小毒，好像被我搞定了
真有成就感
呵呵。现在狂想中毒

哈哈！！！！！！！！！

那感觉！！！！！！！！！！

一个字————————————————————————爽


不过我现在一个字！！！！！

你猜！！！！！


哈哈！！！！！！！

困！！！！！！！！！！！！！！！！！！！！！

哎……
我现在一点睡意都没有
不过寝室哥们都要睡了
我再去网上找找SSM的规则设置
我真是太矬了

已经搞定了，不过以下两个没找到
[System Event Logger / DiRVIn][Stopped/Auto Start]
<C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A>

[Network Engine / Partner][Stopped/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\System32\spted.dll><N/A>
可是问题又出来了，我的IE浏览器打不开了~~

怎么个打不开法...装IE7 看看

你重新在扫个日志...