刚才在好好地上网,忽然自动关机了.再开机时一进入帐户后马上自动开始关机.我怀疑是有个关机程序在开机时自动运行了,所以我再刚进入帐户的瞬间打开任务管理器果然看到有个以前没见过的"工程"在运行,于是马上关了它,就不关机了,可是我总不能每次开机都这么做吧,而且动作慢了就又会被关机了.那应该是个病毒,可又查不出,我的是XP,怎么办?谢谢

在windows优化大师里禁止即可，然后杀毒

结束此进程/删除相关文件.到安全模式查毒

怎么删除相关文件啊?

关注

引用:

【月轮的贴子】 刚才在好好地上网,忽然自动关机了.再开机时一进入帐户后马上自动开始关机.我怀疑是有个关机程序在开机时自动运行了,所以我再刚进入帐户的瞬间打开任务管理器果然看到有个以前没见过的"工程"在运行,于是马上关了它,就不关机了,可是我总不能每次开机都这么做吧,而且动作慢了就又会被关机了.那应该是个病毒,可又查不出,我的是XP,怎么办?谢谢 ...........................

请下载并使用HijackThis1.99.1,把HijackThis
                  1.99.1生成的log日志文件的内容贴上来，方便大家分析。

                  有关操作方法可参考：
                  【推荐】反浏览器劫持的一些常用操作
                  http://forum.ikaka.com/topic.asp?board=67&artid=6490491

启动项报告：      2005-8-4, 21:20:39
启动项扫描器版本： 1.52.2
开始于：      D:\软件安装程序\HijackThis1991汉化版\HijackThis1991zww.EXE
系统检测：    Windows XP SP2 (WinNT 5.01.2600)
系统检测：    Internet Explorer v6.00 SP2 (6.00.2900.2180)
* 使用默认选项             
* 选择“列出全部(全面)”方式                           
==================================================

当前运行的进程：         

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\KAV6\KAVSvc.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\flexlm\SolidWorks SolidNetWork License Manager\lmgrd.exe
C:\WINDOWS\system32\svchost.exe
C:\flexlm\SolidWorks SolidNetWork License Manager\SW_D.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\KAV6\Kulansyn.EXE
C:\KAV6\KWatchUI.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\KAV6\MailMon.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\KAV6\KPopMon.EXE
C:\Program Files\Nokia\PC Suite for Nokia 3660\connmngmntbox.exe
C:\Program Files\Nokia\PC Suite for Nokia 3660\ectaskscheduler.exe
C:\KAV6\KAVPlus.EXE
D:\软件安装区\应用软件\Microtek\ScanWizard 5\ScannerFinder.exe
C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\3721\assistse.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\软件安装区\应用软件\QQ.EXE
D:\软件安装区\应用软件\TIMPlatform.exe
D:\软件安装程序\HijackThis1991汉化版\HijackThis1991zww.exe

--------------------------------------------------

文件夹中的启动项                 

Shell folders Startup:
[C:\Documents and Settings\Admin\「开始」菜单\程序\启动]
腾讯QQ.lnk = ?

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\「开始」菜单\程序\启动]
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
PCSuiteForNokia3650 Detect.lnk = ?
PCSuiteForNokia3650 TS.lnk = ?
Microtek 扫描仪探测器.lnk = ?

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
* 未找到相关注册表键值 *         

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
* 未找到相关注册表键值 *           

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
* 未找到相关注册表键值 *         

--------------------------------------------------

注册表中的启动项:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

IMJPMIG8.1 = "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
PHIME2002ASync = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
MSPY2002 = C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
SoundMan = SOUNDMAN.EXE
IgfxTray = C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds = C:\WINDOWS\system32\hkcmd.exe
ASUS Live Update = C:\Program Files\ASUS\ASUS Live Update\ALU.exe
NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
ServiceLayer = C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
Nokia Tray Application = C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
BluetoothAuthenticationAgent = rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
KAVRun = C:\KAV6\KAVRun.EXE
Kulansyn = C:\KAV6\Kulansyn.EXE
PS1 = C:\WINDOWS\system32\ps1.exe
exp.exe = rem C:\WINDOWS\system32\exp.exe
VBouncer = C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe
WeirdOnTheWeb = "C:\Program Files\WeirdOnTheWeb\WeirdOnTheWeb.exe"
C:\WINDOWS\VCMnet11.exe = C:\WINDOWS\VCMnet11.exe
BullsEye Network = C:\Program Files\BullsEye Network\bin\bargains.exe
NaviSearch = C:\Program Files\NaviSearch\bin\nls.exe
CashBack = C:\Program Files\CashBack\bin\cashback.exe
(Default) = C:\WINDOWS\system32\conPragrs.exe
helper.dll = C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
assistse = "C:\PROGRA~1\3721\assistse.exe"
CnsMin = Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32

--------------------------------------------------

注册表中的启动项:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

3721C:\PROGRA~1\3721\autolive.dll455004 = regsvr32 /s C:\PROGRA~1\3721\autolive.dll

--------------------------------------------------

注册表中的启动项:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

* 未找到值 *       

--------------------------------------------------

注册表中的启动项:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

* 未找到值 *       

--------------------------------------------------

注册表中的启动项:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

* 未找到相关注册表键值 *         

--------------------------------------------------

注册表中的启动项:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
KpopMon = C:\KAV6\KPopMon.EXE

--------------------------------------------------

注册表中的启动项:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

* 未找到相关注册表键值 *         

--------------------------------------------------

注册表中的启动项:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

* 未找到相关注册表键值 *         

--------------------------------------------------

注册表中的启动项:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

* 未找到相关注册表键值 *         

--------------------------------------------------

注册表中的启动项:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

* 未找到相关注册表键值 *         

--------------------------------------------------

注册表中的启动项:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

* 未找到相关注册表键值 *         

--------------------------------------------------

注册表中的启动项:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

* 未找到相关注册表键值 *         

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
* 未找到值 *       

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
* 未找到相关注册表键值 *         

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
* 未找到相关注册表键值 *         

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
* 未找到相关注册表键值 *         

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
* 未找到相关注册表键值 *         

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
* 未找到相关注册表键值 *         

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
* 未找到相关注册表键值 *         

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
* 未找到相关注册表键值 *         

--------------------------------------------------

文件打开方式关联 for    .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(黙认) =  "%1" %*

--------------------------------------------------

文件打开方式关联 for    .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(黙认) =  "%1" %*

--------------------------------------------------

文件打开方式关联 for    .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(黙认) =  "%1" %*

--------------------------------------------------

文件打开方式关联 for    .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(黙认) =  "%1" %*

--------------------------------------------------

文件打开方式关联 for    .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(黙认) =  "%1" /S

--------------------------------------------------

文件打开方式关联 for    .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(黙认) =  C:\WINDOWS\system32\mshta.exe "%1" %*

--------------------------------------------------

文件打开方式关联 for    .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(黙认) =  %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

* 未找到相关注册表键值 *         

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=* 未找到INI相关项目值 *       
run=* 未找到INI相关项目值 *       

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=* 未找到相关注册表键值 *           
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=* 未找到相关注册表键值 *           
HKLM\..\Windows\CurrentVersion\WinLogon: load=* 未找到相关注册表键值 *         
HKLM\..\Windows\CurrentVersion\WinLogon: run=* 未找到相关注册表键值 *         
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=* 未找到相关注册表键值 *           
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=* 未找到相关注册表键值 *           
HKCU\..\Windows\CurrentVersion\WinLogon: load=* 未找到相关注册表键值 *         
HKCU\..\Windows\CurrentVersion\WinLogon: run=* 未找到相关注册表键值 *         
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=* 未找到相关注册表键值 *           
HKLM\..\Windows NT\CurrentVersion\Windows: load=* 未找到相关注册表键值 *           
HKLM\..\Windows NT\CurrentVersion\Windows: run=* 未找到相关注册表键值 *           
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

外壳扩展和屏幕保护程序的键值  从            C:\WINDOWS\SYSTEM.INI:

Shell=* 未找到INI相关项目值 *       
SCRNSAVE.EXE=* 未找到INI相关项目值 *       
drivers=* 未找到INI相关项目值 *       

外壳扩展和屏幕保护程序的键值  从  注册表             

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\NOKIA3~1.SCR
drivers=* 未找到相关注册表键值 *           

Policies Shell key:

HKCU\..\Policies: Shell=* 未找到相关注册表键值 *         
HKLM\..\Policies: Shell=* 未找到相关注册表键值 *           

--------------------------------------------------


列举IE浏览器辅助对象(BHO模块):               

(no name) - C:\WINDOWS\system32\xunleibho_v5.dll - {0005A87D-D626-4B3A-84F9-1D9571695F55}
(no name) - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll (file missing) - {28CAEFF3-0F18-4036-B504-51D73BD81ABC}
(no name) - C:\PROGRA~1\FLASHGET\jccatch.dll - {A5366673-E8CA-11D3-9CD9-0090271D075B}
(no name) - C:\WINDOWS\system32\nvms.dll - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}
(no name) - C:\PROGRA~1\3721\Assist\asbar.dll - {BB936323-19FA-4521-BA29-ECA6A121BC78}
(no name) - C:\WINDOWS\system32\mscb.dll - {CE188402-6EE7-4022-8868-AB25173A3E14}
IE - C:\WINDOWS\downlo~1\CnsHook.dll - {D157330A-9EF3-49F8-9A67-4141AC41ADD4}
(no name) - C:\PROGRA~1\FlashFXP\IEFlash.dll - {E5A1691B-D188-4419-AD02-90002030B8EE}
(no name) - C:\WINDOWS\system32\msbe.dll - {F4E04583-354E-4076-BE7D-ED6A80FD66DA}

--------------------------------------------------

列举“计划任务”服务:                   

*No jobs found*

--------------------------------------------------

列举下载的程序文件：                       

[Edit Class]
InProcServer32 = C:\WINDOWS\system32\CMBEdit.dll
CODEBASE = https://www.sz1.cmbchina.com/download/CMBEdit.cab

[KX-HCM10 Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\kxhcm10.ocx
CODEBASE = http://sakura777.miemasu.net/kxhcm10.ocx

[XIsOro Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\XISORO~1.OCX
CODEBASE = http://www.sinago.com/download/OroCheck.cab

[MSN Photo Upload Tool]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
CODEBASE = http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\macromed\flash\Flash.ocx
CODEBASE = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[{EC51659D-721F-4CBF-9CEA-5E776D89CEA9}]
CODEBASE = http://www.pacimedia.com/install/pcs_0029.exe

--------------------------------------------------

列举 Winsock LSP 文件：           

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
NameSpace #4: C:\WINDOWS\system32\wshbth.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll
Protocol #18: C:\WINDOWS\system32\mswsock.dll
Protocol #19: C:\WINDOWS\system32\mswsock.dll
Protocol #20: C:\WINDOWS\system32\mswsock.dll
Protocol #21: C:\WINDOWS\system32\mswsock.dll
Protocol #22: C:\WINDOWS\system32\mswsock.dll
Protocol #23: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\PROGRA~1\3721\3721\MENUINFO.DLL => C:\PROGRA~1\3721\shell\MenuInfo.dll|C:\PROGRA~1\3721\3721\IEANGEL.DLL => C:\PROGRA~1\3721\shell\IEAngel.dll|C:\PROGRA~1\3721\3721\ASMENU.DLL => C:\PROGRA~1\3721\shell\AsMenu.dll|C:\WINDOWS\downlo~1\CnsInst.dll||C:\WINDOWS\downlo~1\3721\cns1u.cpr||C:\WINDOWS\downlo~1\CnsDtu.dll||C:\PROGRA~1\3721\3721\helper.dll => C:\PROGRA~1\3721\helper.dll|C:\WINDOWS\downlo~1\autolive.dll => C:\PROGRA~1\3721\autolive.dll|C:\WINDOWS\downlo~1\autolive.dll => C:\PROGRA~1\3721\autolive.dll|C:\WINDOWS\downlo~1\autolive.dll


--------------------------------------------------

列举 ShellServiceObjectDelayLoad 项目：           

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll

--------------------------------------------------
注册表中的启动项:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

* 未找到值 *       

--------------------------------------------------

注册表中的启动项:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

* 未找到相关注册表键值 *         

--------------------------------------------------

报告完毕，共 17,810 字节         
报告生成用时：0.701秒     

Command line options:
  /verbose  - to add additional info on each section
  /complete - to include empty sections and unsuspicious data
  /full    - to include several rarely-important sections
  /force9x  - to include Win9x-only startups even if running on WinNT
  /forcent  - to include WinNT-only startups even if running on Win9x
  /forceall - to include all Win9x and WinNT startups, regardless of platform
  /history  - to list version history only

我用HijackThis生成启动项列表,就是上面的两楼的东西,帮分析下,谢谢

HijackThis_zww汉化版扫描日志 V1.99.1
保存于      21:27:57, 日期 2005-8-4
操作系统：  Windows XP SP2 (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\KAV6\KAVSvc.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\flexlm\SolidWorks SolidNetWork License Manager\lmgrd.exe
C:\WINDOWS\system32\svchost.exe
C:\flexlm\SolidWorks SolidNetWork License Manager\SW_D.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\KAV6\Kulansyn.EXE
C:\KAV6\KWatchUI.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\KAV6\MailMon.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\KAV6\KPopMon.EXE
C:\Program Files\Nokia\PC Suite for Nokia 3660\connmngmntbox.exe
C:\Program Files\Nokia\PC Suite for Nokia 3660\ectaskscheduler.exe
C:\KAV6\KAVPlus.EXE
D:\软件安装区\应用软件\Microtek\ScanWizard 5\ScannerFinder.exe
C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\3721\assistse.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\软件安装区\应用软件\QQ.EXE
D:\软件安装区\应用软件\TIMPlatform.exe
D:\软件安装程序\HijackThis1991汉化版\HijackThis1991zww.exe

R3 - URLSearchHook: assist - {1B0E7716-898E-48cc-9690-4E338E8DE1D3} - C:\PROGRA~1\3721\Assist\assist.dll
R3 - URLSearchHook: 上网助手 - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\PROGRA~1\3721\Assist\asbar.dll
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v5.dll
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll (file missing)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\system32\nvms.dll
O2 - BHO: AssistII - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\PROGRA~1\3721\Assist\asbar.dll
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\system32\mscb.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\CnsHook.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\system32\msbe.dll
O3 - IE工具栏增项: 上网助手 - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\PROGRA~1\3721\Assist\asbar.dll
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - 启动项HKLM\\Run: [SoundMan] SOUNDMAN.EXE
O4 - 启动项HKLM\\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe