Logfile of HijackThis v1.99.1
Scan saved at 13:46:22, on 2006-6-26
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\3721\assistse.exe
C:\WINDOWS\SOUNDMAN.EXE
D:\Kulansyn.EXE
D:\KpopMon.EXE
C:\WINDOWS\System32\google.exe
F:\NOKIA 6670\Nokia PC Suite 6\Launch Application 2.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\WINDOWS\System32\wuamk0032.exe
C:\WINDOWS\System32\ctfmon.exe
D:\KWatchUI.EXE
C:\Program Files\Messenger\msmsgs.exe
F:\NOKIA 6670\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Philips\LightFrame 3\LightFrameV3.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
D:\MailMon.EXE
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system\netcompt.exe
F:\QQ\TIMPlatform.exe
F:\QQ\QQ.exe
C:\Program Files\zcom\zPlatform.exe
C:\Program Files\zcom\skin.dll
C:\WINDOWS\pnpasn32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
F:\QQ\375566069\MyRecvFiles\HijackThis.exe

R3 - URLSearchHook: YOK Search Class - {88351CEF-BAC0-4A9B-8380-31A173E2926F} - C:\Program Files\YOK.com\SuperSearch\YOK_SuperSearch.dll
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\System32\xunleibho_v6.dll
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\System32\ddccd.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - F:\QQ\QQIEHelper.dll
O2 - BHO: 珊瑚虫工具栏 - {75FE2B5A-D3A4-4EFA-AC11-ADC9C9459688} - C:\Program Files\YOK.com\SuperSearch\YOK_SuperSearch.dll
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\Progra~1\Baidu\bar\BaiDuBar.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\CnsHook.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: 珊瑚虫工具栏 - {F869BB38-FFEF-4589-B986-610B7AD0ADA2} - C:\Program Files\YOK.com\SuperSearch\YOK_SuperSearch.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [assistse] "C:\PROGRA~1\3721\assistse.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [steam] steam.exe
O4 - HKLM\..\Run: [Kulansyn] D:\Kulansyn.EXE
O4 - HKLM\..\Run: [KpopMon] D:\KpopMon.EXE
O4 - HKLM\..\Run: [google] google.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] F:\NOKIA 6670\Nokia PC Suite 6\Launch Application 2.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [KAVRun] D:\KAVRun.EXE
O4 - HKLM\..\Run: [YOKAssiant] Rundll32.exe C:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll,YOKAssiant
O4 - HKLM\..\Run: [Microsoft Update] wuamk0032.exe
O4 - HKLM\..\Run: [Cmpnt] C:\WINDOWS\system\netcompt.exe
O4 - HKLM\..\RunServices: [steam] steam.exe
O4 - HKLM\..\RunServices: [google] google.exe
O4 - HKLM\..\RunServices: [Shell] c:\windows\system\mainsv.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wuamk0032.exe
O4 - HKLM\..\RunOnce: [BaiduInstall] C:\WINDOWS\system32\rundll32.exe C:\Progra~1\Baidu\bar\BDBAR_~1\BaiduBar.dll,Install
O4 - HKLM\..\RunOnce: [360Safe] Rundll32.exe C:\PROGRA~1\360safe\AntiAdwa.dll,KillAdware
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PcSync] F:\NOKIA 6670\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Ntcheck] C:\WINDOWS\mapserver.exe
O4 - HKCU\..\RunOnce: [Cmpnt] c:\windows\system\mainsv.exe
O4 - Startup: 腾讯QQ珊瑚虫版.lnk = F:\QQ\CoralQQ.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: LightFrame 3.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: 珊瑚虫搜索 - C:\Program Files\YOK.com\SuperSearch\yoksch.htm
O8 - Extra context menu item: 百度-搜索MP3 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUMP3.HTM
O8 - Extra context menu item: 百度-搜索图片 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUIMG.HTM
O8 - Extra context menu item: 百度-搜索新闻 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUNEWS.HTM
O8 - Extra context menu item: 百度-搜索歌词 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDULYRIC.HTM
O8 - Extra context menu item: 百度-搜索网页 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUSEARCH.HTM
O8 - Extra context menu item: 百度-搜索贴吧 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUPOST.HTM
O8 - Extra context menu item: 百度-词典搜索 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDU_DIC.HTM
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - F:\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - F:\QQ\QQIEHelper.dll
O11 - Options group: [!CNS]  网络实名
O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C7C0BCAB-B838-4974-80F6-F661573F2BDB}: NameServer = 202.96.209.134 202.96.209.6
O20 - Winlogon Notify: ddccd - C:\WINDOWS\SYSTEM32\ddccd.dll
O23 - Service: Hardware Clock Driver (hwclock) - Unknown owner - C:\WINDOWS\System32\hwclock.exe
O23 - Service: Kingsoft AntiVirus Service (KAVSvc) - kingsoft Antivirus - D:\KAVSvc.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) -  - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Intel Corporation - (no file)
O23 - Service: c    hange me please (virus) - Unknown owner - C:\WINDOWS\pnpasn32.exe

O23 - Service: c hange me please (virus) - Unknown owner - C:\WINDOWS\pnpasn32.exe
这一项如果你也不知道，建议删除
steam.exe这一项据说是半条命的东东，晕，我怎么没见过？如果你也不知道，删除它。
开始→运行→输入services.msc，打开“服务”→查找 Hardware Clock Driver，c hange me please→双击→启动类型→禁止→停止→应用→确定。禁止Hardware Clock Driver，c hange me please 这2个服务 （每一个逗号隔开的就是一个病毒的服务，请逐一禁用）
重新启动电脑, 开机检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式进入Windows
ALT+CTRL+DELETE调出任务管理器,终止所有google.exe，wuamk0032.exe，netcompt.exe的进程，如果有的话。
关闭所有浏览窗口以及一些不必要的程序
运行Hijackthis，扫描结束后在下列选项前打上勾，然后选"修复"
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\System32\ddccd.dll
google.exe
O4 - HKLM\..\Run: [Cmpnt] C:\WINDOWS\system\netcompt.exe
O4 - HKLM\..\Run: [Microsoft Update] wuamk0032.exe
O4 - HKLM\..\Run: [Cmpnt] C:\WINDOWS\system\netcompt.exe
O4 - HKLM\..\RunServices: [steam] steam.exe
O4 - HKLM\..\RunServices: [google] google.exe
O4 - HKLM\..\RunServices: [Shell] c:\windows\system\mainsv.exe
O4 - HKLM\..\RunServices: [Microsoft Update] wuamk0032.exe
O4 - HKCU\..\Run: [Ntcheck] C:\WINDOWS\mapserver.exe
O4 - HKCU\..\RunOnce: [Cmpnt] c:\windows\system\mainsv.exe
O20 - Winlogon Notify: ddccd - C:\WINDOWS\SYSTEM32\ddccd.dll
O4 - HKLM\..\RunServices: [steam] steam.exe
双击我的电脑，工具，文件夹选项，查看，单击选取"显示隐藏文件或文件夹"清除"隐藏受保护的操作系统文件（推荐）"复选框。在提示确定更改时，单击“是”，清除“隐藏已知文件类型的扩展名
删除
C:\WINDOWS\System32\google.exe
C:\WINDOWS\System32\wuamk0032.exe
C:\WINDOWS\system\netcompt.exeg还有netcompt.exe、netcomptnt.exe、mapserver.exe、iexplorers.exe
C:\WINDOWS\System32\hwclock.exe
steam.exe
C:\WINDOWS\SYSTEM32\ddccd.dll
c:\windows\system\mainsv.exe
C:\WINDOWS\pnpasn32.exe
重启回到正常模式
请下载 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完，分次粘完，请不要修改。