下面是我的HijackThis.log


Logfile of HijackThis v1.99.1
Scan saved at 18:28:39, on 2006-10-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
d:\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\System\Update.exe
d:\rising\rfw\RfwMain.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Common Files\{0C5D07FF-09E5-2052-1202-040408110056}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE
C:\WINDOWS\system32\Svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\木马杀客\mmsk~.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator.F4ECECEDE6A84BD\桌面\HijackThis.exe

F3 - REG:win.ini: load=C:\WINDOWS\system\tpkIM32.exe
O1 - Hosts: 61.135.150.114 www.8000qq.com
O1 - Hosts: 61.135.150.114 www.800f.net
O1 - Hosts: 61.135.150.114 www.1000sf.cn
O1 - Hosts: 61.135.150.114 jfengsha.comfb
O1 - Hosts: 61.135.150.114 www.1000yf.net
O1 - Hosts: 61.135.150.114 www.159sifu.com
O1 - Hosts: 61.135.150.114 www.9s5.cn
O1 - Hosts: 61.135.150.114 www.spbuy.net
O1 - Hosts: 61.135.150.114 www.wym.cn
O1 - Hosts: 61.135.150.114 www.cc4f.cn
O1 - Hosts: 61.135.150.114 mafan.net
O1 - Hosts: 61.135.150.114 www.6688qn.net
O1 - Hosts: 61.135.150.114 www.177z.com
O1 - Hosts: 61.135.150.114 www.131sf.net
O1 - Hosts: 61.135.150.114 tj.cntg.cn
O1 - Hosts: 61.135.150.114 www.spbuy.net
O1 - Hosts: 61.135.150.114 www.china45.net
O1 - Hosts: 61.135.150.114 www.ok22.com
O1 - Hosts: 61.135.150.114 www.17mi.net
O1 - Hosts: 61.135.150.114 www.sf8.com.cn
O1 - Hosts: 61.135.150.114 www.13177.com
O1 - Hosts: 61.135.150.114 ip94.fd4f.com
O1 - Hosts: 61.135.150.114 www.521it.net
O1 - Hosts: 61.135.150.114 www.ytdj.cn
O1 - Hosts: 61.135.150.114 www.fwoool.cn
O1 - Hosts: 61.135.150.114 www.5u37.net
O1 - Hosts: 61.135.150.114 www.87sf.com
O1 - Hosts: 61.135.150.114 ww1.swoool.com
O1 - Hosts: 61.135.150.114 wooljsz.cn
O1 - Hosts: 61.135.150.114 www.57wool.com
O1 - Hosts: 61.135.150.114 www.58816.com
O1 - Hosts: 61.135.150.114 www.spbuy.net
O1 - Hosts: 61.135.150.114 chuanqisjsf.blwool.com
O1 - Hosts: 61.135.150.114 www.woool188.com
O1 - Hosts: 61.135.150.114 www.sf1260.com
O1 - Hosts: 61.135.150.114 linf23.b12.cnwg.cn
O1 - Hosts: 61.135.150.114 www.wooolweb.com
O1 - Hosts: 61.135.150.114 www.yq520.net
O1 - Hosts: 61.135.150.114 www.cs222.com
O1 - Hosts: 61.135.150.114 www.ok22.com
O1 - Hosts: 61.135.150.114 www.7100sf.com
O1 - Hosts: 61.135.150.114 www.1352sf.com
O1 - Hosts: 61.135.150.114 www.458wool.cn
O1 - Hosts: 61.135.150.114 www.555woool.cn
O1 - Hosts: 61.135.150.114 www.kaosf.com
O1 - Hosts: 61.135.150.114 www.siyuwl.com
O1 - Hosts: 61.135.150.114 www.csjsz.cn
O1 - Hosts: 61.135.150.114 www.13177.com
O1 - Hosts: 61.135.150.114 www.458cs.com
O1 - Hosts: 61.135.150.114 www.5573.com
O1 - Hosts: 61.135.150.114 www.02945.com
O1 - Hosts: 61.135.150.114 www.pkchina.net
O1 - Hosts: 61.135.150.114 www.5181314.com
O1 - Hosts: 61.135.150.114 www.fknf2.com
O1 - Hosts: 61.135.150.114 www2.yoursf.com
O1 - Hosts: 61.135.150.114 www.paocs.com
O1 - Hosts: 61.135.150.114 www.sfboke.com
O1 - Hosts: 61.135.150.114 www.tt878.com
O1 - Hosts: 61.135.150.114 ww1.woool188.com
O1 - Hosts: 61.135.150.114 www.cs119.com
O1 - Hosts: 61.135.150.114 www.xdwoool.net
O1 - Hosts: 61.135.150.114 www.tt515.com
O1 - Hosts: 61.135.150.114 www.cs176.com
O1 - Hosts: 61.135.150.114 www.552sf.com
O1 - Hosts: 61.135.150.114 www.ipmir.com
O1 - Hosts: 61.135.150.114 www.898woool.com
O1 - Hosts: 61.135.150.114 www.qqks.com
O1 - Hosts: 61.135.150.114 www.368idc.com
O1 - Hosts: 61.135.150.114 www.csbaba.com
O1 - Hosts: 61.135.150.114 www.4745.cn
O1 - Hosts: 61.135.150.114 www.636400.com
O1 - Hosts: 61.135.150.114 www.oursf.cn
O1 - Hosts: 61.135.150.114 www.laiba173.com
O1 - Hosts: 61.135.150.114 www.14455.com
O1 - Hosts: 61.135.150.114 www.zheshan.net
O1 - Hosts: 61.135.150.114 zt.aaaaasf.cn
O1 - Hosts: 61.135.150.114 www.zt1314.cn
O1 - Hosts: 61.135.150.114 www.zt4f.net
O1 - Hosts: 61.135.150.114 www.zt002.com
O1 - Hosts: 61.135.150.114 www.amir3.com
O1 - Hosts: 61.135.150.114 www.sf1717.com
O1 - Hosts: 61.135.150.114 www.cq333.cn
O1 - Hosts: 61.135.150.114 www.3316.cn
O1 - Hosts: 61.135.150.114 www.sosmir3.com
O1 - Hosts: 61.135.150.114 www.95279.com
O1 - Hosts: 61.135.150.114 www.sf1788.com
O1 - Hosts: 61.135.150.114 www.4fboss.com
O1 - Hosts: 61.135.150.114 www.45net.net
O1 - Hosts: 61.135.150.114 www.ytdj.cn
O1 - Hosts: 61.135.150.114 www.laiba173.com
O1 - Hosts: 61.135.150.114 www.wow1314.com
O1 - Hosts: 61.135.150.114 www.zgwow.com
O1 - Hosts: 61.135.150.114 www.1000wow.net
O1 - Hosts: 61.135.150.114 www.gowowsf.com
O1 - Hosts: 61.135.150.114 www.wowsf.com
O1 - Hosts: 61.135.150.114 www.wxwow.com
O1 - Hosts: 61.135.150.114 520.xinwow.com
O1 - Hosts: 61.135.150.114 www.wowhelp.cn
O1 - Hosts: 61.135.150.114 www.800wow.com
O1 - Hosts: 61.135.150.114 www.56wow.com
O1 - Hosts: 61.135.150.114 www.45wow.com
O2 - BHO: wmpdrm - {0E674588-66B7-4E19-9D0E-2053B800F69F} - C:\WINDOWS\system32\wmpdrm.dll (file missing)
O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Common Files\CPUSH\cpush0.dll
O2 - BHO: raObject Class - {46F194EB-B7DB-4B7A-BD42-5FF39FD17664} - C:\PROGRA~1\pcast\hbcast.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - E:\qq\QQIEHelper.dll
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll (file missing)
O2 - BHO: (no name) - {68A3B225-BCC2-40E6-BBD9-569CAEA30746} - C:\WINDOWS\system32\addIDhelper.dll
O2 - BHO: BHOImp Class - {70AFF2CB-9DA2-499C-8D15-900729FCE83D} - C:\WINDOWS\system32\YHBO.dll (file missing)
O2 - BHO: Spoolsv Class - {9C363D55-07D7-433d-A13E-D9C105202F6F} - C:\WINDOWS\system32\drivers\spoolsv.dll
O2 - BHO: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{3C5D07FF-09E5-2052-1202-040408110056}\888Bar.dll
O3 - Toolbar: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Program Files\Common Files\{3C5D07FF-09E5-2052-1202-040408110056}\888Bar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [System] C:\Program Files\Common Files\System\Update.exe
O4 - HKLM\..\Run: [RfwMain] "D:\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [RichMedia] C:\WINDOWS\system32\Rundll32.exe  "C:\PROGRA~1\pcast\hbcast.dll",WaitWindows
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: 上传到QQ网络硬盘 - E:\qq\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - E:\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\qq\SendMMS.htm
O9 - Extra button: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll (file missing)
O9 - Extra 'Tools' menuitem: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll (file missing)
O9 - Extra button: 番茄花园 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.tomatolei.com (file missing)
O9 - Extra 'Tools' menuitem: 番茄花园 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.tomatolei.com (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\qq\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\qq\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - E:\qq\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - E:\qq\QQIEHelper.dll
O11 - Options group: [CDNCLIENT]  中文上网
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - d:\rising\rfw\rfwsrv.exe

开机自动检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式(Safe Mode)进入Windows。）

显示隐藏文件
删除
C:\Program Files\Common Files\System\Update.exe
C:\Program Files\Common Files\{0C5D07FF-09E5-2052-1202-040408110056}\Update.exe
C:\WINDOWS\system\tpkIM32.exe


在C:\WINDOWS\system32\drivers\etc下,用记事本打开HOSTS文件,将里面的内容清空,
留下这一项：127.0.0.1      localhost，保存

修复后，重启，还有异常，请下载SREng2（最新版） ，使用“智能扫描”，按下“扫描”按钮进行扫描，
扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告
日志文件内容复制-粘贴上来,,日志一次粘不完，分次粘完，请不要修改。

下载地址
http://free5.ys168.com/?ufwihgu168
http://www.kztechs.com/sreng/sreng2.zip

2006-11-01,12:49:03

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <{0C5D07FF-09E5-2052-1202-040408110056}><"C:\Program Files\Common Files\{0C5D07FF-09E5-2052-1202-040408110056}\Update.exe" te-110-12-0000113>  [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><C:\WINDOWS\system\tpkIM32.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <ATIPTA><C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe>  [ATI Technologies, Inc.]
    <System><C:\Program Files\Common Files\System\Update.exe>  [N/A]
    <RfwMain><"D:\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <SoundMan><SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <RichMedia><C:\WINDOWS\system32\Rundll32.exe  "C:\PROGRA~1\pcast\hbcast.dll",WaitWindows>  [Shanghai Henbang Technology Co., Ltd]
    <IpWins><C:\Program Files\ipwins\ipwins.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]

==================================
启动文件夹
[腾讯QQ]
  <C:\Documents and Settings\Administrator.F4ECECEDE6A84BD\「开始」菜单\程序\启动\腾讯QQ.lnk --> E:\qq\QQ.exe [TENCENT]><N>

==================================
服务
[Performance Moniter / 8NASCAR]
  <C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE C:\WINDOWS\SYSTEM32\WBEM\TTBSDE65.DLL,Export 1087><Microsoft Corporation>
[Ati HotKey Poller / Ati HotKey Poller]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart]
  <C:\WINDOWS\system32\ati2sgag.exe><>
[Human Interface Device Access / HidServ]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Application Accelerator / Live]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\lspzit42.dll><Microsoft Corporation>
[MessageServices / MessageServices]
  <C:\WINDOWS\system32\Svchost.exe -k MessageServices-->C:\WINDOWS\system32\MsServices\update\svchost.dll><N/A>
[P4P Service / P4P Service]
  <C:\Program Files\Common Files\Sogou PXP\p2psvr.exe><Sohu.com Inc.>
[Rising Personal Firewall Service / RfwService]
  <d:\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Distributed Link Tracking Server / TrkWks]
  <C:\WINDOWS\system32\svchost.exe -k netsvsc-->%SystemRoot%\system32\est.dll><Microsoft Corporation>
[Windows Media Connect Service / WMConnectCDS]
  <C:\Program Files\Windows Media Connect 2\wmccds.exe><Microsoft Corporation>

==================================
驱动程序
[aeaudio / aeaudio]
  <system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[ati2mtag / ati2mtag]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Rising TDI Base Driver / BaseTDI]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[cdnprot / cdnprot]
  <\SystemRoot\system32\drivers\cdnprot.sys><N/A>
[d347bus / d347bus]
  <\SystemRoot\system32\DRIVERS\d347bus.sys><>
[d347prt / d347prt]
  <\SystemRoot\System32\Drivers\d347prt.sys><>
[HookUrl / HookUrl]
  <\??\D:\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[mProcRs / mProcRs]
  <\??\d:\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[npkcrypt / npkcrypt]
  <\??\E:\qq\npkcrypt.sys><INCA Internet Co., Ltd.>
[paraudio / paraudio]
  <\??\C:\WINDOWS\system32\drivers\paraudio.sys><Microsoft Corporation>
[Direct Parallel Link Driver / Ptilink]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsFwDrv / RsFwDrv]
  <\??\D:\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv]
  <system32\DRIVERS\secdrv.sys><N/A>
[smwdm / smwdm]
  <system32\drivers\smwdm.sys><Analog Devices, Inc.>
[tiessh9 / tiessh94]
  <\SystemRoot\System32\DRIVERS\tiessh94.sys><N/A>

==================================
浏览器加载项
[wmpdrm]
  {0E674588-66B7-4E19-9D0E-2053B800F69F} <C:\WINDOWS\system32\wmpdrm.dll, N/A>
[CAdLogic Object]
  {11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\CPUSH\cpush0.dll, N/A>
[MyIEHelper Class]
  {16B770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\UserData\IEHelper_5001.dll, Microsoft Corporation>
[raObject Class]
  {46F194EB-B7DB-4B7A-BD42-5FF39FD17664} <C:\PROGRA~1\pcast\hbcast.dll, Shanghai Henbang Technology Co., Ltd>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <E:\qq\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, N/A>
[]
  {68A3B225-BCC2-40E6-BBD9-569CAEA30746} <C:\WINDOWS\system32\addIDhelper.dll, N/A>
[BHOImp Class]
  {70AFF2CB-9DA2-499C-8D15-900729FCE83D} <C:\WINDOWS\system32\YHBO.dll, N/A>
[WinSC Class]
  {9ACEEE31-1440-471B-AA46-72B061FE7D61} <C:\WINDOWS\system32\WinSC.dll, N/A>
[Spoolsv Class]
  {9C363D55-07D7-433d-A13E-D9C105202F6F} <C:\WINDOWS\system32\drivers\spoolsv.dll, >
[888Bar]
  {C004DEC2-2623-438e-9CA2-C9043AB28508} <C:\Program Files\Common Files\{3C5D07FF-09E5-2052-1202-040408110056}\888Bar.dll, N/A>
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, N/A>
[番茄花园]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.tomatolei.com, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <E:\qq\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <E:\qq\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[888Bar]
  {C004DEC2-2623-438e-9CA2-C9043AB28508} <C:\Program Files\Common Files\{3C5D07FF-09E5-2052-1202-040408110056}\888Bar.dll, N/A>
[MMCPlayer Class]
  {05C1004E-2596-48E5-8E26-39362985EEB9} <C:\WINDOWS\Downloaded Program Files\MMCShell.dll, Sohu.com Inc.>
[MMCPlayer Class]
  {05C1004E-2596-48E5-8E26-39362985EEB9} <C:\WINDOWS\Downloaded Program Files\MMCShell.dll, Sohu.com Inc.>
[wmpdrm]
  {0E674588-66B7-4E19-9D0E-2053B800F69F} <C:\WINDOWS\system32\wmpdrm.dll, N/A>
[CAdLogic Object]
  {11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\CPUSH\cpush0.dll, N/A>
[MyIEHelper Class]
  {16B770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\UserData\IEHelper_5001.dll, Microsoft Corporation>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[raObject Class]
  {46F194EB-B7DB-4B7A-BD42-5FF39FD17664} <C:\PROGRA~1\pcast\hbcast.dll, Shanghai Henbang Technology Co., Ltd>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <E:\qq\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, N/A>
[]
  {68A3B225-BCC2-40E6-BBD9-569CAEA30746} <C:\WINDOWS\system32\addIDhelper.dll, N/A>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[BHOImp Class]
  {70AFF2CB-9DA2-499C-8D15-900729FCE83D} <C:\WINDOWS\system32\YHBO.dll, N/A>
[WinSC Class]
  {9ACEEE31-1440-471B-AA46-72B061FE7D61} <C:\WINDOWS\system32\WinSC.dll, N/A>
[Spoolsv Class]
  {9C363D55-07D7-433D-A13E-D9C105202F6F} <C:\WINDOWS\system32\drivers\spoolsv.dll, >
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[888Bar]
  {C004DEC2-2623-438E-9CA2-C9043AB28508} <C:\Program Files\Common Files\{3C5D07FF-09E5-2052-1202-040408110056}\888Bar.dll, N/A>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9a.ocx, Adobe Systems, Inc.>
[上传到QQ网络硬盘]
  <E:\qq\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
  <E:\qq\AddPanel.htm, N/A>
[添加到QQ表情]
  <E:\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <E:\qq\SendMMS.htm, N/A>
[访问通用网址]
  <, N/A>

==================================
正在运行的进程
[PID: 460][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 520][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 544][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4113]
[PID: 588][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 600][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 748][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4113]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2496]
[PID: 768][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 832][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 916][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 992][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1096][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1136][d:\rising\rfw\rfwsrv.exe]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 33]
    [d:\rising\rfw\RfwRule.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 13]
    [d:\rising\rfw\rfwlog.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 6]
    [d:\rising\rfw\Rfwdrv.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 21]
    [d:\rising\rfw\MonDrv.dll]  [rs, 1, 0, 0, 4]
    [d:\rising\rfw\ProcLib.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 9]
[PID: 1328][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1400][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4113]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2496]
[PID: 1476][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 21]
    [C:\WINDOWS\system32\tiessh94.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\drivers\spoolsv.dll]  [, 1, 0, 1, 1]
    [C:\WINDOWS\system32\addIDhelper.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\WinSC.dll]  [N/A, N/A]
    [C:\Program Files\Common Files\{3C5D07FF-09E5-2052-1202-040408110056}\888Bar.dll]  [N/A, 1, 0, 0, 1]
[PID: 1684][d:\rising\rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 52]
    [d:\rising\rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 23]
    [d:\rising\rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [d:\rising\rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[PID: 1776][C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE]  [Microsoft Corporation, 5.00.2134.1]
[PID: 1852][C:\WINDOWS\system32\Svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\windows\system32\msservices\update\svchost.dll]  [N/A, N/A]
    [c:\windows\system32\msservices\update\MsService.dll]  [Microsoft Corporation All rights reserved, 1, 0, 0, 1]
    [c:\windows\system32\msservices\update\unreg1.dll]  [N/A, N/A]
    [c:\windows\system32\msservices\update\OldUnReg.dll]  [N/A, N/A]
[PID: 1884][C:\Program Files\Common Files\Sogou PXP\p2psvr.exe]  [Sohu.com Inc., 2, 0, 0, 25]
    [C:\Program Files\Sogou PXP\vodsvr.dll]  [Sohu.com Inc., 2, 0, 0, 24]
    [C:\Program Files\Sogou PXP\pxpnet.dll]  [Sohu.com Inc., 1, 0, 0, 3]
    [C:\Program Files\Sogou PXP\p2pclient.dll]  [Sohu.com Inc., 2, 0, 0, 5]
[PID: 1948][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1968][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 276][C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe]  [ATI Technologies, Inc., 6.14.10.5142]
    [C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll]  [ATI Technologies, Inc., 6.14.10.5142]
    [C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.CHS]  [ATI Technologies, Inc., 6.14.10.5142]
    [C:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll]  [ATI Technologies, Inc., 6.14.10.5142]
[PID: 296][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5, 1, 0, 56]
[PID: 308][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3292]
[PID: 352][C:\WINDOWS\system32\Rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRA~1\pcast\hbcast.dll]  [Shanghai Henbang Technology Co., Ltd, 1, 1, 3, 8]
[PID: 408][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 564][E:\qq\QQ.exe]  [TENCENT, 0, 0, 0, 0]
    [E:\qq\QQBaseClassInDll.dll]  [, 1, 0, 0, 1]
    [E:\qq\QQHelperDll.dll]  [, 1, 0, 0, 1]
    [E:\qq\BasicCtrlDll.dll]  [Tencent, 5, 0, 200, 370]
    [E:\qq\QQAPI.dll]  [, 1, 0, 0, 1]
    [E:\qq\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
    [E:\qq\LoginCtrl.dll]  [, 1, 0, 0, 1]
    [E:\qq\npkcntc.dll]  [INCA Internet Co., Ltd., 2006, 6, 27, 1]
    [E:\qq\npkpdb.dll]  [INCA Internet Co., Ltd., 2003, 10, 1, 1]
    [E:\qq\QQRes.dll]  [tencent, 1, 0, 0, 1]
    [E:\qq\WizardCtrl.dll]  [, 1, 0, 0, 1]
    [E:\qq\QQMainFrame.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9a.ocx]  [Adobe Systems, Inc., 9,0,0,296]
    [E:\qq\CQQApplication.dll]  [N/A, N/A]
    [E:\qq\NewSkin.dll]  [, 1, 0, 0, 1]
    [E:\qq\HostingMgr.dll]  [, 1, 0, 0, 1]
    [E:\qq\CameraDll.dll]  [, 1, 0, 0, 1]
    [E:\qq\MailSummary.dll]  [, 1, 0, 0, 1]
    [E:\qq\QQSpace.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\msdmo.dll]  [N/A, N/A]
    [E:\qq\QQGroupMng.dll]  [, 1, 0, 0, 1]
    [E:\qq\GroupLive.dll]  [N/A, N/A]
    [E:\qq\QQSysMsgMng.dll]  [N/A, N/A]
    [E:\qq\UserDefinedHead.dll]  [, 1, 0, 0, 1]
    [E:\qq\QQPlugin.dll]  [N/A, N/A]
    [E:\qq\QQConfigPlugin.dll]  [, 1, 0, 0, 1]
    [E:\qq\QQAvatar.dll]  [N/A, N/A]
    [E:\qq\FlashAvatarDll.dll]  [, 1, 4, 0, 1]
    [E:\qq\QRingMng.dll]  [N/A, N/A]
    [E:\qq\PhoneAPI.dll]  [, 1, 0, 0, 1]
    [E:\qq\DialerAllinOne.dll]  [tencent, 1, 4, 0, 0]
    [E:\qq\VPortal.dll]  [, 1, 0, 0, 4]
    [E:\qq\QQAllInOne.dll]  [N/A, N/A]
    [E:\qq\SCCore.dll]  [TENCENT, 2, 0, 0, 1]
    [E:\qq\QQAddr.dll]  [深圳市腾讯计算机系统有限公司, 5, 0, 101, 240]
    [E:\qq\LongConnection.dll]  [tencent, 5, 0, 200, 160]
    [E:\qq\QQPet.dll]  [, 1, 0, 0, 1]
    [E:\qq\BQQApplication.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 21]
    [E:\qq\CommercesMng.dll]  [, 1, 0, 0, 1]
    [E:\qq\PersonalDesktop.dll]  [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 2]
    [E:\qq\QQSceneMng.dll]  [N/A, N/A]
[PID: 1656][E:\qq\TIMPlatform.exe]  [tencent, 0, 3, 1, 8]
    [E:\qq\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
[PID: 2032][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2616][C:\WINDOWS\system32\wuauclt.exe]  [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
[PID: 3756][E:\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]
    [E:\SREng\Plugins\SRECXTMG.SRE]  [Smallfrogs Studio, 1, 5, 0, 55]
[PID: 3192][C:\Program Files\Windows NT\Accessories\WORDPAD.EXE]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
61.135.150.114 www.8000qq.com
61.135.150.114 www.800f.net
61.135.150.114 www.1000sf.cn
61.135.150.114 jfengsha.comfb
61.135.150.114 www.1000yf.net
61.135.150.114 www.159sifu.com
61.135.150.114 www.9s5.cn
61.135.150.114 www.spbuy.net
61.135.150.114 www.wym.cn
61.135.150.114 www.cc4f.cn
61.135.150.114 mafan.net
61.135.150.114 www.6688qn.net
61.135.150.114 www.177z.com
61.135.150.114 www.131sf.net
61.135.150.114 tj.cntg.cn
61.135.150.114 www.spbuy.net
61.135.150.114 www.china45.net
61.135.150.114 www.ok22.com
61.135.150.114 www.17mi.net
61.135.150.114 www.sf8.com.cn
61.135.150.114 www.13177.com
61.135.150.114 ip94.fd4f.com
61.135.150.114 www.521it.net
61.135.150.114 www.ytdj.cn
61.135.150.114 www.fwoool.cn
61.135.150.114 www.5u37.net
61.135.150.114 www.87sf.com
61.135.150.114 ww1.swoool.com
61.135.150.114 wooljsz.cn
61.135.150.114 www.57wool.com
61.135.150.114 www.58816.com
61.135.150.114 www.spbuy.net
61.135.150.114 chuanqisjsf.blwool.com
61.135.150.114 www.woool188.com
61.135.150.114 www.sf1260.com
61.135.150.114 linf23.b12.cnwg.cn
61.135.150.114 www.wooolweb.com
61.135.150.114 www.yq520.net
61.135.150.114 www.cs222.com
61.135.150.114 www.ok22.com
61.135.150.114 www.7100sf.com
61.135.150.114 www.1352sf.com
61.135.150.114 www.458wool.cn
61.135.150.114 www.555woool.cn
61.135.150.114 www.kaosf.com
61.135.150.114 www.siyuwl.com
61.135.150.114 www.csjsz.cn
61.135.150.114 www.13177.com
61.135.150.114 www.458cs.com
61.135.150.114 www.5573.com
61.135.150.114 www.02945.com
61.135.150.114 www.pkchina.net
61.135.150.114 www.5181314.com
61.135.150.114 www.fknf2.com
61.135.150.114 www2.yoursf.com
61.135.150.114 www.paocs.com
61.135.150.114 www.sfboke.com
61.135.150.114 www.tt878.com
61.135.150.114 ww1.woool188.com
61.135.150.114 www.cs119.com
61.135.150.114 www.xdwoool.net
61.135.150.114 www.tt515.com
61.135.150.114 www.cs176.com
61.135.150.114 www.552sf.com
61.135.150.114 www.ipmir.com
61.135.150.114 www.898woool.com
61.135.150.114 www.qqks.com
61.135.150.114 www.368idc.com
61.135.150.114 www.csbaba.com
61.135.150.114 www.4745.cn
61.135.150.114 www.636400.com
61.135.150.114 www.oursf.cn
61.135.150.114 www.laiba173.com
61.135.150.114 www.14455.com
61.135.150.114 www.zheshan.net
61.135.150.114 zt.aaaaasf.cn
61.135.150.114 www.zt1314.cn
61.135.150.114 www.zt4f.net
61.135.150.114 www.zt002.com
61.135.150.114 www.amir3.com
61.135.150.114 www.sf1717.com
61.135.150.114 www.cq333.cn
61.135.150.114 www.3316.cn
61.135.150.114 www.sosmir3.com
61.135.150.114 www.95279.com
61.135.150.114 www.sf1788.com
61.135.150.114 www.4fboss.com
61.135.150.114 www.45net.net
61.135.150.114 www.ytdj.cn
61.135.150.114 www.laiba173.com
61.135.150.114 www.wow1314.com
61.135.150.114 www.zgwow.com
61.135.150.114 www.1000wow.net
61.135.150.114 www.gowowsf.com
61.135.150.114 www.wowsf.com
61.135.150.114 www.wxwow.com
61.135.150.114 520.xinwow.com
61.135.150.114 www.wowhelp.cn
61.135.150.114 www.800wow.com
61.135.150.114 www.56wow.com
61.135.150.114 www.45wow.com
61.135.150.114 www.sfhao123.net
61.135.150.114 www.lian2.cn
61.135.150.114 www.14455.com
61.135.150.114 www.sfgoogle.cn
61.135.150.114 www.45top.com
61.135.150.114 www.915mu.com
61.135.150.114 www.gm911.net
61.135.150.114 www.4000mu.com
61.135.150.114 www.99musf.com
61.135.150.114 www.mu45.com
61.135.150.114 www.369mu.com
61.135.150.114 www.525sf.com
61.135.150.114 www.2345w.com
61.135.150.114 www.3jsf.net
61.135.150.114 www.ttfsf.com
61.135.150.114 www.521ee.com
61.135.150.114 www.997j.com
61.135.150.114 www.wz4f.net
61.135.150.114 www.hott2.com
61.135.150.114 www.398q.com
61.135.150.114 www.tt1314.com
61.135.150.114 www.tt2sf.net
61.135.150.114 www.sifu114.com
61.135.150.114 www.2z2.cn
61.135.150.114 www.haosf.com
61.135.150.114 www.cqsf999.com
61.135.150.114 www.zhaosf.com
61.135.150.114 www.920666.com
61.135.150.114 www.450666.com
61.135.150.114 www.3000ok.com
61.135.150.114 www.3000ok.net
61.135.150.114 www.sf001.com
61.135.150.114 www.92045.com
61.135.150.114 www.45bang.com
61.135.150.114 www.30ok.com
61.135.150.114 www.cqsf999.com
61.135.150.114 www.sf123.com
61.135.150.114 www.sf920.com
61.135.150.114 www.99945.com
61.135.150.114 www.176sf.com
61.135.150.114 www.mir2mir2.com
61.135.150.114 www.33520.com
61.135.150.114 www.xp13.com
61.135.150.114 www.45yes.com
61.135.150.114 www.920666.com
61.135.150.114 www.450666.com
61.135.150.114 www.92095.com
61.135.150.114 www.17ww.com
61.135.150.114 www.4000sf.com
61.135.150.114 www.haouc.com
61.135.150.114 www.921uc.com
61.135.150.114 17126.uc999.com
61.135.150.114 www.45pao.com
61.135.150.114 www.177g.com
61.135.150.114 www.95217.com
61.135.150.114 www.2345sf.com

==================================

使用360等软件查杀流氓软件!!!!一般可以解决问题!!!
360安全卫士

下载:http://220.181.34.241/setup.exe