请高手帮忙啊！开机提示找不到windows\downloader.dll模块！
随即桌面上只剩以前一点东西，
多谢多谢！


Logfile of HijackThis v1.99.1
Scan saved at 13:44:12, on 2006-7-27
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
d:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
d:\Program Files\Rising\Rav\Ravmond.exe
d:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Sogou PXP\p2psvr.exe
C:\PROGRA~1\EFFICI~1\EnterNet\app\pppoeservice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
d:\Program Files\Rising\Rav\RavStub.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Rundll32.exe
d:\program files\rising\rfw\RfwMain.exe
d:\program files\rising\rfw\rfwproxy.exe
D:\Program Files\QuickTime Alternative\qttask.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
D:\Program Files\Rising\Rav\RavTask.exe
D:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\SYSTEM32\KAVDL.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Administrator\My Documents\19453_ddooo.exe
D:\Program Files\Thunder Network\Thunder\Thunder.exe

R3 - URLSearchHook: (no name) - {982CB676-38F0-4D9A-BB72-D9371ABE876E} - (no file)
R3 - URLSearchHook: SgUrlSearHook Class - {BAB1AC41-6FF7-4F2E-A04E-5C592CCFEA7D} - C:\WINDOWS\System32\socul.dll
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\System32\xunleibho_v8.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0.5\ActiveX\AcroIEHelper.dll
O2 - BHO: SohuDAIEHelper - {0CA51D02-7739-43EA-8D9A-1E8AD4327B03} - d:\Program Files\P4P\sodaie.dll
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yphtb.dll
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: HBObject Class - {AE22AFE5-1EF4-4D25-9E23-D2825FB17DA1} - C:\PROGRA~1\hbclient\tbhelper.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\DOWNLO~1\CONFLICT.1\CnsHook.dll
O2 - BHO: 1 - {E78F50F9-51CF-40EC-AE3F-4F802528150B} - C:\WINDOWS\Downloader.dll (file missing)
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Net Snippets - {67970B26-F57D-4455-8262-81C3AE3B8B5E} - D:\PROGRA~1\NETSNI~1\NetSnip.dll
O3 - Toolbar: 搜狗工具条 - {DBBB7978-AF21-4EF4-9AD1-B2F4BC75696C} - d:\Program Files\P4P\ToolBar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] rem C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] rem C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] rem C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SiS KHooker] rem C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [nwiz] rem nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [iTunesHelper] rem "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\DOWNLO~1\CONFLICT.1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [RfwMain] "d:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [RavTask] "d:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [supdate2.dll] RUNDLL32.EXE C:\WINDOWS\System32\supdate2.dll,Run
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [LoadService] C:\WINDOWS\System32\LoadService.exe
O4 - HKLM\..\Run: [RichMedia] C:\WINDOWS\System32\Rundll32.exe  "C:\PROGRA~1\hbclient\tbhelper.dll",WaitWindows
O4 - HKLM\..\Run: [Thunder] "d:\Program Files\Thunder Network\Thunder\ThunderShell.exe" /s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0.5\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: 使用搜狗直通车下载 - d:\Program Files\P4P\dl.htm
O8 - Extra context menu item: 发送图片到手机 - d:\Program Files\P4P\cx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java 控制台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail (file missing)
O9 - Extra button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=taobao (file missing)
O9 - Extra button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist (file missing)
O9 - Extra button: Snippets - {7130DF06-BBC1-4e16-83D4-1F875E65B695} - D:\PROGRA~1\NETSNI~1\NetSnip.dll
O9 - Extra button: 我的订阅 - {8755CE6E-0BF7-4441-8751-FB728941B0B4} - d:\Program Files\P4P\rss.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O9 - Extra button: 哇哇网址导航 - {f15c22ef-534e-414d-ab5d-1425cd806e41} - http://www.51viva.com/dlplugin/redirect.jsp?refer=dtoolbar&cur=http://114.yesky.com/ (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: 哇哇网址导航 - {f15c22ef-534e-414d-ab5d-1425cd806e41} - http://www.51viva.com/dlplugin/redirect.jsp?refer=dtoolbar&cur=http://114.yesky.com/ (file missing) (HKCU)
O9 - Extra button: 哇哇软件下载 - {f15c22ef-534e-414d-ab5d-1425cd806e42} - http://www.51viva.com/dlplugin/redirect.jsp?refer=dtoolbar&cur=http://www.mydown.com/ (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: 哇哇软件下载 - {f15c22ef-534e-414d-ab5d-1425cd806e42} - http://www.51viva.com/dlplugin/redirect.jsp?refer=dtoolbar&cur=http://www.mydown.com/ (file missing) (HKCU)
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\cdnns.dll' missing
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F71D7B49-17CA-444A-9C17-A02322FEAA6E}: NameServer = 202.99.96.68 202.99.64.69
O18 - Protocol: dic - {C21F5C32-F57A-4A0D-8E0A-B672691C52D0} - d:\PROGRA~1\Kingsoft\POWERW~1\XDictExB.dll
O20 - AppInit_DLLs: C:\WINDOWS\System32\SoDAHK.DLL
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: P4P Service - Sohu.com Inc. - C:\Program Files\Common Files\Sogou PXP\p2psvr.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\EFFICI~1\EnterNet\app\pppoeservice.exe
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - d:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - d:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - d:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - d:\Program Files\Rising\Rav\Ravmond.exe

进入控制面版的添加删除程序中卸载,很棒小秘书(RichMedia)
关闭所有浏览窗口以及一些不必要的程序
运行Hijackthis，扫描结束后在下列选项前打上勾，然后选"修复""（如果有的话）
O4 - HKLM\..\Run: [LoadService] C:\WINDOWS\System32\LoadService.exe
O4 - HKLM\..\Run: [RichMedia] C:\WINDOWS\System32\Rundll32.exe "C:\PROGRA~1\hbclient\tbhelper.dll",WaitWindows
O4 - HKLM\..\Run: [supdate2.dll] RUNDLL32.EXE C:\WINDOWS\System32\supdate2.dll,Run
R3 - URLSearchHook: (no name) - {982CB676-38F0-4D9A-BB72-D9371ABE876E} - (no file)
R3 - URLSearchHook: SgUrlSearHook Class - {BAB1AC41-6FF7-4F2E-A04E-5C592CCFEA7D} - C:\WINDOWS\System32\socul.dll
O2 - BHO: HBObject Class - {AE22AFE5-1EF4-4D25-9E23-D2825FB17DA1} - C:\PROGRA~1\hbclient\tbhelper.dll
删除
C:\PROGRA~1\hbclient
C:\WINDOWS\System32\LoadService.exe

开始，运行，输入regedit，用注册表的查找功能搜downloader.dll，搜索到后，删除与它相关的选项

修复后重启。
请下载 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完，分次粘完，请不要修改。

最后问问
C:\Documents and Settings\Administrator\My Documents\19453_ddooo.exe这是什么东东。

【回复“我无邪”的帖子】
感谢无邪大哥指教！

【回复“我无邪”的帖子】
再请无邪大哥帮忙看一看经过System Repair Engineer“智能扫描”后的结果，多谢！

第一部分：
2006-07-27,14:15:23

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional  (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>  [Microsoft Corporation]
    <MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background>  [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><rem C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32>  [Microsoft Corporation]
    <PHIME2002ASync><rem C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [Microsoft Corporation]
    <PHIME2002A><rem C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [Microsoft Corporation]
    <SiS KHooker><rem C:\WINDOWS\System32\khooker.exe>  [Silicon Integrated Systems Corporation]
    <nwiz><rem nwiz.exe /install>  []
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  []
    <iTunesHelper><rem "D:\Program Files\iTunes\iTunesHelper.exe">  []
    <QuickTime Task><"D:\Program Files\QuickTime Alternative\qttask.exe" -atboottime>  [Apple Computer, Inc.]
    <YLive.exe><C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe>  [ ]
    <Adobe Photo Downloader><"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe">  [Adobe Systems Incorporated]
    <CnsMin><Rundll32.exe C:\WINDOWS\DOWNLO~1\CONFLICT.1\CnsMin.dll,Rundll32>  [北京三七二一科技有限公司]
    <RfwMain><"d:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <IESAddr><>  []
    <RavTask><"d:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <HPDJ Taskbar Utility><C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe>  [HP]
    <SunJavaUpdateSched><C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe>  []
    <Thunder><"d:\Program Files\Thunder Network\Thunder\ThunderShell.exe" /s>  [Thunder Networking Technologies,LTD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\WINDOWS\System32\Userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><C:\WINDOWS\System32\SoDAHK.DLL>  [Sohu.com Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <GinaDLL><rpcfap.dll>  []
    <UIHost><logonui.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
    <{D157330A-9EF3-49F8-9A67-4141AC41ADD4}><C:\WINDOWS\DOWNLO~1\CONFLICT.1\CnsHook.dll>  [北京三七二一科技有限公司]
    <{914B076F-8FC6-4452-93C8-D810062C81F9}><C:\WINDOWS\System32\fileap.dll>  []

==================================
启动文件夹
[Adobe Reader Speed Launch]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Reader Speed Launch.lnk><N>
[Microsoft Office]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk><N>

==================================
服务
[InstallDriver Table Manager / IDriverT]
  <C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe><Macrovision Corporation>
[IMAPI CD-Burning COM Service / ImapiService]
  <C:\WINDOWS\System32\imapi.exe><Microsoft Corporation>
[iPodService / iPodService]
  <C:\Program Files\iPod\bin\iPodService.exe><Apple Computer, Inc.>
[NVIDIA Driver Helper Service / NVSvc]
  <C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation>
[P4P Service / P4P Service]
  <C:\Program Files\Common Files\Sogou PXP\p2psvr.exe><Sohu.com Inc.>
[PPPoE Service / PPPoEService]
  <C:\PROGRA~1\EFFICI~1\EnterNet\app\pppoeservice.exe><N/A>
[Rising Proxy  Service / RfwProxySrv]
  <d:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
  <d:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
  <"d:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
  <"d:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[SmartLinkService / SLService]
  <slserv.exe><N/A>
[XDownloadService / XDownloadService]
  <C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\Downloader.dll",Run><N/A>

==================================
浏览器加载项
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\System32\xunleibho_v8.dll, Thunder Networking Technologies,LTD>
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Adobe\Acrobat 7.0.5\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[CPub Object]
  {0CA51D02-7739-43EA-8D9A-1E8AD4327B03} <d:\Program Files\P4P\sodaie.dll, Sohu.com Inc.>
[Yahoo!Photo]
  {33BBE430-0E42-4f12-B075-8D21ACB10DCB} <C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yphtb.dll, Yahoo! China>
[雅虎助手]
  {406F94F0-504F-4a40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll, Yahoo!>
[Google Toolbar Helper]
  {AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[CnsHook Class]
  {D157330A-9EF3-49F8-9A67-4141AC41ADD4} <C:\WINDOWS\DOWNLO~1\CONFLICT.1\CnsHook.dll, 北京三七二一科技有限公司>
[WebDownloader Class]
  {E78F50F9-51CF-40EC-AE3F-4F802528150B} <C:\WINDOWS\Downloader.dll, N/A>
[Yahoo 1G电邮]
  {507F9113-CD77-4866-BA92-0E86DA3D0B97} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail, N/A>
[寻宝乐趣多]
  {59BC54A2-56B3-44a0-93E5-432D58746E26} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=taobao, N/A>
[雅虎助手]
  {5D73EE86-05F1-49ed-B850-E423120EC338} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist, N/A>
[Net Snippets]
  {7130DF06-BBC1-4e16-83D4-1F875E65B695} <D:\PROGRA~1\NETSNI~1\NetSnip.dll, Net Snippets LTD.>
[我的订阅]
  {8755CE6E-0BF7-4441-8751-FB728941B0B4} <d:\Program Files\P4P\rss.dll, Sohu.com Inc.>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[情景聊天]
  {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg, N/A>
[]
  {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair, N/A>
[]
  {FD00D911-7529-4084-9946-A29F1BDF4FE5} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean, N/A>
[哇哇网址导航]
  {f15c22ef-534e-414d-ab5d-1425cd806e41} <http://www.51viva.com/dlplugin/redirect.jsp?refer=dtoolbar&cur=http://114.yesky.com/, N/A>
[哇哇软件下载]
  {f15c22ef-534e-414d-ab5d-1425cd806e42} <http://www.51viva.com/dlplugin/redirect.jsp?refer=dtoolbar&cur=http://www.mydown.com/, N/A>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <D:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft>
[雅虎助手]
  {406F94F0-504F-4a40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll, Yahoo!>
[&Google]
  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[Net Snippets]
  {67970B26-F57D-4455-8262-81C3AE3B8B5E} <D:\PROGRA~1\NETSNI~1\NetSnip.dll, Net Snippets LTD.>
[搜狗工具条]
  {DBBB7978-AF21-4EF4-9AD1-B2F4BC75696C} <d:\Program Files\P4P\ToolBar.dll, Sohu.com Inc.>
[Office Update Installation Engine]
  {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} <C:\WINDOWS\opuc.dll, Microsoft Corporation>
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, >
[Java Plug-in 1.4.2_04]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll, JavaSoft / Sun Microsystems, Inc.>
[Java Plug-in 1.4.2_04]
  {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} <C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll, JavaSoft / Sun Microsystems, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[使用搜狗直通车下载]
  <d:\Program Files\P4P\dl.htm, N/A>
[发送图片到手机]
  <d:\Program Files\P4P\cx.htm, N/A>

【回复“我无邪”的帖子】
第二部分：
==================================
正在运行的进程
[PID: 432][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 488][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 512][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
    [C:\WINDOWS\system32\rpcfap.dll]  <><3, 0, 5, 1>
    [C:\WINDOWS\system32\tssoft32.acm]  <DSP GROUP, INC.><1.01>
    [C:\WINDOWS\system32\tsd32.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\sl_anet.acm]  <Sipro Lab Telecom Inc.><3.02>
    [C:\WINDOWS\System32\iac25_32.ax]  <Intel Corporation><2.05.53>
    [C:\WINDOWS\System32\l3codeca.acm]  <Fraunhofer Institut Integrierte Schaltungen IIS><1, 9, 0, 0305>
    [C:\WINDOWS\system32\DivXa32.acm]  <Hacked With Joy !><4.1.00.3920>
[PID: 556][C:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 568][C:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 728][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 780][d:\Program Files\Rising\Rav\CCenter.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 796][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 916][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 976][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 996][d:\Program Files\Rising\Rav\Ravmond.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 1, 29>
    [d:\Program Files\Rising\Rav\BWList.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
    [d:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [d:\Program Files\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [d:\Program Files\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [d:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [d:\Program Files\Rising\Rav\RsLog.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 20>
    [d:\Program Files\Rising\Rav\HOOKSYS.dll]  <Rising><18, 1, 0, 9>
    [d:\Program Files\Rising\Rav\Scanner.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 30>
    [d:\Program Files\Rising\Rav\libload.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [d:\Program Files\Rising\Rav\VirusLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [d:\Program Files\Rising\Rav\regmon.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
    [d:\Program Files\Rising\Rav\HookWeb.dll]  <rising><18, 0, 0, 2>
    [d:\Program Files\Rising\Rav\MemMon.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9>
    [d:\Program Files\Rising\Rav\expscan.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [d:\Program Files\Rising\Rav\mPorts.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 3>
    [d:\Program Files\Rising\Rav\MailMon.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [d:\Program Files\Rising\Rav\SpamEng.dll]  <N/A><18, 0, 0, 6>
    [d:\Program Files\Rising\Rav\engine.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 30>
    [d:\Program Files\Rising\Rav\PostTrt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9>
    [d:\Program Files\Rising\Rav\UnExe.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [d:\Program Files\Rising\Rav\ScanExec.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [d:\Program Files\Rising\Rav\ScanEx.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 12>
    [d:\Program Files\Rising\Rav\NvFile.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
    [d:\Program Files\Rising\Rav\ScanMac.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9>
    [d:\Program Files\Rising\Rav\ScanSct.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 18>
    [d:\Program Files\Rising\Rav\Unpacker.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
    [d:\Program Files\Rising\Rav\ExtOLE.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
[PID: 1052][d:\program files\rising\rfw\rfwsrv.exe]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 32>
    [d:\program files\rising\rfw\RfwRule.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 13>
    [d:\program files\rising\rfw\rfwlog.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 6>
    [d:\program files\rising\rfw\Rfwdrv.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 21>
    [d:\program files\rising\rfw\MonDrv.dll]  <rs><1, 0, 0, 4>
    [d:\program files\rising\rfw\ProcLib.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 9>
[PID: 1160][C:\WINDOWS\system32\spoolsv.exe]  <Microsoft Corporation><5.1.2600.0 (XPClient.010817-1148)>
    [C:\WINDOWS\system32\hpzlnt04.dll]  <HP><2,80,0,0>
[PID: 1264][C:\WINDOWS\System32\alg.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 1308][C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe]  <Microsoft Corporation><7.00.9466>
[PID: 1332][C:\WINDOWS\System32\nvsvc32.exe]  <NVIDIA Corporation><6.13.10.2832>
[PID: 1360][C:\Program Files\Common Files\Sogou PXP\p2psvr.exe]  <Sohu.com Inc.><2, 0, 0, 17>
    [d:\Program Files\P4P\tbupdate.dll]  <Sohu.com Inc.><1, 0, 0, 9>
    [d:\Program Files\P4P\p4pipc.dll]  <Sohu.com Inc.><1, 0, 0, 11>
[PID: 1400][C:\PROGRA~1\EFFICI~1\EnterNet\app\pppoeservice.exe]  <N/A><N/A>
[PID: 1476][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 1496][C:\WINDOWS\System32\wdfmgr.exe]  <Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)>
[PID: 1788][d:\Program Files\Rising\Rav\RavStub.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 16>
    [d:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [d:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[PID: 1980][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.2600.0000 (xpclient.010817-1148)>
    [C:\WINDOWS\system32\RavExt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
    [C:\WINDOWS\DOWNLO~1\CONFLICT.1\CnsHook.dll]  <北京三七二一科技有限公司><1, 0, 2, 7>
    [C:\WINDOWS\System32\fileap.dll]  <><2, 1, 0, 1>
    [C:\WINDOWS\DOWNLO~1\CONFLICT.1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 1>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\YAlive.dll]  <><2, 1, 5, 1045>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]  < ><2, 0, 1, 1007>
    [C:\WINDOWS\System32\xunleibho_v8.dll]  <Thunder Networking Technologies,LTD><4, 5, 1, 33>
    [D:\Program Files\Adobe\Acrobat 7.0.5\ActiveX\AcroIEHelper.dll]  <Adobe Systems Incorporated><7.0.7.2006011200>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yphtb.dll]  <Yahoo! China><1, 1, 3, 1035>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll]  <Yahoo!><2, 1, 8, 1048>
    [D:\Program Files\Adobe\Acrobat 7.0.5\ActiveX\PDFShell.dll]  <Adobe Systems, Inc.><7.0.0.0>
    [C:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
    [d:\PROGRA~1\TROJAN~1.5\contmenu.dll]  <N/A><N/A>
    [D:\PROGRA~1\3721\ske\contmenu.dll]  <N/A><N/A>
    [d:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ywiper.dll]  <N/A><1, 0, 1, 1014>
[PID: 240][C:\WINDOWS\System32\Rundll32.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
    [C:\WINDOWS\DOWNLO~1\CONFLICT.1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 1>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
[PID: 336][d:\program files\rising\rfw\RfwMain.exe]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 51>
    [d:\program files\rising\rfw\RsGuiLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 23>
    [d:\program files\rising\rfw\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [d:\program files\rising\rfw\PngDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [C:\WINDOWS\DOWNLO~1\CONFLICT.1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 1>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
[PID: 904][d:\program files\rising\rfw\rfwproxy.exe]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 14>
    [d:\program files\rising\rfw\RfwRule.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 13>
    [d:\program files\rising\rfw\MonMid.dll]  <Beijing Rising Technology Co., Ltd.><4, 0, 0, 2>
[PID: 1816][D:\Program Files\QuickTime Alternative\qttask.exe]  <Apple Computer, Inc.><7.0.3>
    [C:\WINDOWS\DOWNLO~1\CONFLICT.1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 1>
[PID: 1908][C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe]  < ><2, 0, 0, 1002>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
    [C:\WINDOWS\DOWNLO~1\CONFLICT.1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 1>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\YAlive.dll]  <><2, 1, 5, 1045>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]  < ><2, 0, 1, 1007>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Ynotifier.dll]  <><1, 0, 0, 5>

【回复“我无邪”的帖子】
第三部分：

[PID: 1920][C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe]  <Adobe Systems Incorporated><3.0.0.52115>
    [C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdboot.dll]  <Adobe Systems Incorporated><3.0.0.52115>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
    [C:\WINDOWS\DOWNLO~1\CONFLICT.1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 1>
[PID: 2008][D:\Program Files\Rising\Rav\RavTask.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
    [D:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [D:\Program Files\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [D:\Program Files\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [D:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
    [C:\WINDOWS\DOWNLO~1\CONFLICT.1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 1>
[PID: 2020][D:\Program Files\Rising\Rav\Ravmon.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 1, 30>
    [D:\Program Files\Rising\Rav\RsGuiLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 24>
    [D:\Program Files\Rising\Rav\BWList.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
    [D:\Program Files\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [D:\Program Files\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [D:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [D:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [D:\Program Files\Rising\Rav\PngDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
    [C:\WINDOWS\DOWNLO~1\CONFLICT.1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 1>
[PID: 2060][C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe]  <HP><2,80,0,0>
    [C:\WINDOWS\System32\spool\drivers\w32x86\3\FZFR3204.DLL]  <HP><2,34,0,0>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
    [C:\WINDOWS\DOWNLO~1\CONFLICT.1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 1>
[PID: 2092][C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe]  <N/A><N/A>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
    [C:\WINDOWS\DOWNLO~1\CONFLICT.1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 1>
[PID: 2164][C:\WINDOWS\System32\ctfmon.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
    [C:\WINDOWS\DOWNLO~1\CONFLICT.1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 1>
[PID: 2236][C:\Program Files\Messenger\msmsgs.exe]  <Microsoft Corporation><4.0.0155>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
    [C:\WINDOWS\DOWNLO~1\CONFLICT.1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 1>
[PID: 2668][C:\WINDOWS\SYSTEM32\KAVDL.EXE]  <Kingsoft Corporation><2005, 7, 6, 12>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
    [C:\WINDOWS\DOWNLO~1\CONFLICT.1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 1>
[PID: 3888][C:\WINDOWS\System32\wuauclt.exe]  <Microsoft Corporation><5.4.2600.0 (XPClient.010817-1148)>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
    [C:\WINDOWS\DOWNLO~1\CONFLICT.1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 1>
[PID: 3976][C:\Documents and Settings\Administrator\My Documents\19453_ddooo.exe]  <Soeperman Enterprises Ltd.><1.99.0001>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
    [C:\WINDOWS\DOWNLO~1\CONFLICT.1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 1>

【回复“我无邪”的帖子】
第四部分：

[PID: 352][D:\Program Files\Thunder Network\Thunder\Thunder.exe]  <Thunder Networking Technologies,LTD><5.0.6.98>
    [D:\Program Files\Thunder Network\Thunder\UpdateDownload.dll]  <Thunder Networking Technologies,LTD><1, 0, 0, 1>
    [D:\Program Files\Thunder Network\Thunder\download_interface.dll]  <Thunder Networking Technologies,LTD><1, 0, 0, 1>
    [D:\Program Files\Thunder Network\Thunder\log4cplus.dll]  <><1, 0, 2, 1>
    [D:\Program Files\Thunder Network\Thunder\stlport_vc646.dll]  <STLport Consulting, Inc.><4.6.2003.1031>
    [D:\Program Files\Thunder Network\Thunder\historyinfo_manage.dll]  <Thunder Networking Technologies,LTD><5, 0, 0, 73>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
    [C:\WINDOWS\DOWNLO~1\CONFLICT.1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 1>
    [D:\Program Files\Thunder Network\Thunder\iThunder.dll]  <Thunder Networking Technologies,LTD><1, 0, 0, 30>
    [D:\Program Files\Thunder Network\Thunder\RegisterDll.dll]  <Thunder Networking Technologies,LTD><1, 0, 1, 4>
    [d:\Program Files\Rising\Rav\RavScrCh.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\WINDOWS\System32\Macromed\Flash\Flash8.ocx]  <Macromedia, Inc.><8,0,22,0>
    [C:\WINDOWS\system32\RavExt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
    [C:\WINDOWS\DOWNLO~1\CONFLICT.1\CnsHook.dll]  <北京三七二一科技有限公司><1, 0, 2, 7>
    [C:\WINDOWS\System32\fileap.dll]  <><2, 1, 0, 1>
[PID: 2476][C:\WINDOWS\system32\NOTEPAD.EXE]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
    [C:\WINDOWS\DOWNLO~1\CONFLICT.1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 1>
[PID: 3972][C:\WINDOWS\system32\rundll32.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
    [C:\WINDOWS\DOWNLO~1\CONFLICT.1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 1>
[PID: 1004][C:\WINDOWS\System32\RUNDLL32.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
    [d:\PROGRA~1\P4P\Feed.dll]  <Sohu.com Inc.><1, 0, 3, 1>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
    [C:\WINDOWS\DOWNLO~1\CONFLICT.1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 1>
    [d:\PROGRA~1\P4P\Toolbar.dll]  <Sohu.com Inc.><1, 4, 6, 7>
[PID: 3268][C:\WINDOWS\System32\RUNDLL32.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
    [d:\PROGRA~1\P4P\ToolBar.dll]  <Sohu.com Inc.><1, 4, 6, 7>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
    [C:\WINDOWS\DOWNLO~1\CONFLICT.1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 1>
[PID: 3348][C:\DOCUME~1\user\LOCALS~1\Temp\101299.exe]  <1000 Oaks><1, 0, 0, 0>
[PID: 4080][C:\Program Files\Internet Explorer\iexplore.exe]  <Microsoft Corporation><6.00.2600.0000 (xpclient.010817-1148)>
    [C:\WINDOWS\System32\SoDAHK.DLL]  <Sohu.com Inc.><1, 0, 1, 3>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\yscrblock.dll]  <Yahoo><1, 0, 2, 1002>
    [C:\WINDOWS\DOWNLO~1\CONFLICT.1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 1>
    [C:\WINDOWS\DOWNLO~1\CONFLICT.1\CnsHint.dll]  <3721><1, 0, 0, 7>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\YAlive.dll]  <><2, 1, 5, 1045>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]  < ><2, 0, 1, 1007>
    [C:\WINDOWS\DOWNLO~1\CONFLICT.1\cnsplus.dll]  <3721><1, 0, 0, 2>
    [d:\Program Files\P4P\ToolBar.dll]  <Sohu.com Inc.><1, 4, 6, 7>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll]  <Yahoo!><2, 1, 8, 1048>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yaswiper.dll]  <Yahoo><1, 0, 1, 1004>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasiesec.dll]  <Yahoo><1, 0, 2, 1003>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasnoad.dll]  <><1, 1, 4, 1006>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yzsNetProto.dll]  <Yahoo><1, 0, 0, 1>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yphtb.dll]  <Yahoo! China><1, 1, 3, 1035>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yrss.dll]  <Yahoo! China><1, 0, 1, 1015>
    [C:\WINDOWS\system32\RavExt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
    [C:\WINDOWS\DOWNLO~1\CONFLICT.1\CnsHook.dll]  <北京三七二一科技有限公司><1, 0, 2, 7>
    [C:\WINDOWS\System32\fileap.dll]  <><2, 1, 0, 1>
    [c:\program files\google\googletoolbar1.dll]  <Google Inc.><3, 0, 131, 0>
    [C:\WINDOWS\System32\xunleibho_v8.dll]  <Thunder Networking Technologies,LTD><4, 5, 1, 33>
    [D:\Program Files\Adobe\Acrobat 7.0.5\ActiveX\AcroIEHelper.dll]  <Adobe Systems Incorporated><7.0.7.2006011200>
    [d:\Program Files\P4P\sodaie.dll]  <Sohu.com Inc.><1, 1, 2, 9>
    [d:\Program Files\P4P\autolink.dll]  <Sohu.com Inc.><1.0.0.17>
    [d:\Program Files\Rising\Rav\RavScrCh.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\WINDOWS\System32\Macromed\Flash\Flash8.ocx]  <Macromedia, Inc.><8,0,22,0>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrepair.dll]  <Yahoo><1, 0, 6, 1319>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasfsks.dll]  <3721.com><2, 1, 1, 87>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yoptimum.dll]  <N/A><N/A>
    [c:\progra~1\yahoo!\assist~1\assist\yadfil~1.dll]  < ><1, 0, 3, 1002>
    [C:\WINDOWS\System32\oleauto32.dll]  <><2, 3, 0, 1>
    [C:\WINDOWS\System32\ntcoredll.dll]  <><4, 0, 2, 1>
[PID: 2868][C:\WINDOWS\System32\taskmgr.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
    [C:\WINDOWS\DOWNLO~1\CONFLICT.1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 1>
[PID: 3752][C:\Program Files\WinRAR\WinRAR.exe]  <N/A><N/A>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
    [C:\WINDOWS\DOWNLO~1\CONFLICT.1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 1>
[PID: 3988][d:\Program Files\Rising\Rav\RsAgent.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 12>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
    [C:\WINDOWS\DOWNLO~1\CONFLICT.1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 1>
    [d:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
[PID: 3004][C:\WINDOWS\msagent\AgentSvr.exe]  <Microsoft Corporation><2.00.0.3422>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
    [C:\WINDOWS\DOWNLO~1\CONFLICT.1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 1>
[PID: 2780][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX01.031\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
    [C:\WINDOWS\DOWNLO~1\CONFLICT.1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 1>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

关闭所有浏览窗口以及一些不必要的程序
运行(双击)System Repair Engineer，使用“系统修复，浏览器加载项”来删除以下选项。
C:\WINDOWS\Downloader.dll
运行(双击)System Repair Engineer，点“启动项目，服务，点“Win32服务应用程序”勾选“隐藏微软服务”选中病毒服务XDownloadService，选择“删除服务”点“设置”选择“否”
重启
删除
C:\WINDOWS\Downloader.dll

关于这一项
你看以下的帖子C:\WINDOWS\System32\fileap.dll
祝你好运
http://bbs.s-sos.net/archiver/?tid-8923.html
http://www.xmfish.com/thread-357774-1-3.html
修复后，请再扫份日志粘上来。

【回复“我无邪”的帖子】
再次深深感谢无邪大哥！