日志如下：
Logfile of HijackThis v1.99.1
Scan saved at 14:17:01, on 2006-9-27
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINNT\system32\vmnat.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\vmnetdhcp.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINNT\system32\ctfmon.exe
D:\Program Bak\cterm-3.25-051122\CTerm\CTerm.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\1.exe
C:\Program Files\Tencent\qq\QQ.exe
D:\Program Bak\BitComet\BitComet.exe
C:\Program Files\Ringz Studio\Storm Codec\mplayerc.exe
D:\Program Bak\hijackthis_PConline\HijackThis.exe

R3 - URLSearchHook: (no name) - {88351CEF-BAC0-4A9B-8380-31A173E2926F} - (no file)
R3 - URLSearchHook: (no name) - {02496EBD-8455-48db-B3C7-5DAC97D9F5A7} - (no file)
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINNT\system32\xunleibho_v4.dll
O2 - BHO: QQMain Class - {2731A491-B72F-4B1B-9543-0EE74BAE2C22} - C:\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA6\VBE7.DLL
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\JCCatch.dll
O2 - BHO: TeachingHandler - {31EBA2E2-58B2-4980-9C41-F12F5F1422C5} - C:\WINNT\system32\TPHANDLE.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll (file missing)
O2 - BHO: AdPutHelper.AdHelper - {631EDC67-F035-49BA-B8BC-983B474E9BB4} - C:\WINNT\system32\AdPutHelper.dll (file missing)
O2 - BHO: (no name) - {75FE2B5A-D3A4-4EFA-AC11-ADC9C9459688} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O2 - BHO: 珊瑚虫 工具栏 - {D74EC18E-3DDD-4174-B1B1-949FE3B8366D} - C:\Program Files\Infofo Bar\infofobar.dll (file missing)
O3 - Toolbar: (no name) - {F869BB38-FFEF-4589-B986-610B7AD0ADA2} - (no file)
O3 - Toolbar: MSN 工具栏 - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\zh-cn\msntb.dll (file missing)
O3 - Toolbar: 珊瑚虫 工具栏 - {D74EC18E-3DDD-4174-B1B1-949FE3B8366D} - C:\Program Files\Infofo Bar\infofobar.dll (file missing)
O3 - Toolbar: (no name) - {92B255FE-94E2-4BCA-958D-3926CE38913F} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\qq\AddToNetDisk.htm
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\qq\SendMMS.htm
O9 - Extra button: 珊瑚虫 工具栏 - {8507326C-B5C1-4559-BB91-0919E753836F} - C:\Program Files\Infofo Bar\infofobar.dll (file missing)
O9 - Extra 'Tools' menuitem: 珊瑚虫 工具栏 - {8507326C-B5C1-4559-BB91-0919E753836F} - C:\Program Files\Infofo Bar\infofobar.dll (file missing)
O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll (file missing)
O16 - DPF: {001290E5-CD10-4957-9D2B-FD2B74990219} - http://211.157.104.94:8080/sipo/zljs/GovActive/GovTifActiveX.ocx
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) - https://www.sz1.cmbchina.com/download/CMBEdit.cab
O16 - DPF: {4734B753-40D1-47CD-A58B-3D3943AF110E} (FileUpload Control) - http://10.15.61.246/idl/MdEdios.ocx
O16 - DPF: {5467862B-C477-437F-886E-EC5006B37DCA} (PwdEdit Control) - https://ebank.cmbc.com.cn/PwdEdit.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{73520440-7F36-43CB-B77D-F42A4DFFF430}: NameServer = 10.10.0.21
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINNT\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINNT\system32\vmnat.exe

2006-09-27,14:29:10

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional Service Pack 4 (Build 2195)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><; ctfmon.exe>  [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><; >  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <nod32kui><"C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE>  [Eset ]
    <Synchronization Manager><; mobsync.exe /logon>  [Microsoft Corporation]
    <IMSCMig><; >  []
    <MINI_BFYY><; >  []
    <Picasa Media Detector><; C:\Program Files\Picasa2\PicasaMediaDetector.exe>  [Google Inc.]
    <SiS Tray><; C:\WINNT\system32\sistray.EXE>  [Silicon Integrated Systems Corporation]
    <StormCodec_Helper><; "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti>  []
    <thunder_mini><; >  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\WINNT\system32\userinit.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{EFAE7B4A-FA39-4818-ACAC-6B6D851CEFF4}><C:\Program Files\Internet Explorer\WinHook.sys>  []

==================================
启动文件夹
服务
[Logical Disk Manager Administrative Service / dmadmin]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[InstallDriver Table Manager / IDriverT]
  <"C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"><Macrovision Corporation>
[NOD32 Kernel Service / NOD32krn]
  <"C:\Program Files\Eset\nod32krn.exe"><Eset>
[VMware Authorization Service / VMAuthdService]
  <C:\Program Files\VMware\VMware Workstation\vmware-authd.exe><VMware, Inc.>
[VMware DHCP Service / VMnetDHCP]
  <C:\WINNT\system32\vmnetdhcp.exe><VMware, Inc.>
[VMware Virtual Mount Manager Extended / vmount2]
  <"C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe"><VMware, Inc.>
[VMware NAT Service / VMware NAT Service]
  <C:\WINNT\system32\vmnat.exe><VMware, Inc.>

==================================
浏览器加载项
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINNT\system32\xunleibho_v4.dll, >
[QQMain Class]
  {2731A491-B72F-4B1B-9543-0EE74BAE2C22} <C:\PROGRA~1\COMMON~1\MICROS~1\VBA\VBA6\VBE7.DLL, Microsoft Corporation>
[IeCatch5 Class]
  {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <C:\Program Files\FlashGet\JCCatch.dll, FlashGet>
[IEHandle Class]
  {31EBA2E2-58B2-4980-9C41-F12F5F1422C5} <C:\WINNT\system32\TPHANDLE.dll, 江苏科建教育软件有限责任公司>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, N/A>
[AdPutHelper.AdHelper]
  {631EDC67-F035-49BA-B8BC-983B474E9BB4} <C:\WINNT\system32\AdPutHelper.dll, N/A>
[Google Toolbar Helper]
  {AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, N/A>
[珊瑚虫 工具栏]
  {D74EC18E-3DDD-4174-B1B1-949FE3B8366D} <C:\Program Files\Infofo Bar\infofobar.dll, N/A>
[珊瑚虫 工具栏]
  {8507326C-B5C1-4559-BB91-0919E753836F} <C:\Program Files\Infofo Bar\infofobar.dll, N/A>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, N/A>
[MSN 工具栏]
  {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\MSN Toolbar\01.01.2607.0\zh-cn\msntb.dll, N/A>
[珊瑚虫 工具栏]
  {D74EC18E-3DDD-4174-B1B1-949FE3B8366D} <C:\Program Files\Infofo Bar\infofobar.dll, N/A>
[&Google]
  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, N/A>
[Edit Class]
  {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINNT\system32\CMBEdit.dll, >
[FileUpload Control]
  {4734B753-40D1-47CD-A58B-3D3943AF110E} <C:\WINNT\DOWNLO~1\MdEdios.ocx, idl>
[PwdEdit Control]
  {5467862B-C477-437F-886E-EC5006B37DCA} <C:\WINNT\DOWNLO~1\PwdEdit.ocx, adtec>
[&Google Search]
  <res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html, N/A>
[&Translate English Word]
  <res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html, N/A>
[Backward Links]
  <res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html, N/A>
[Cached Snapshot of Page]
  <res://c:\program files\google\GoogleToolbar2.dll/cmcache.html, N/A>
[Similar Pages]
  <res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html, N/A>
[Translate Page into English]
  <res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html, N/A>
[上传到QQ网络硬盘]
  <C:\Program Files\Tencent\qq\AddToNetDisk.htm, N/A>
[使用网际快车下载]
  <C:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <C:\Program Files\FlashGet\jc_all.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
  <C:\Program Files\Tencent\qq\AddPanel.htm, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\qq\AddEmotion.htm, N/A>
[珊瑚虫搜索]
  <, N/A>
[用QQ彩信发送该图片]
  <C:\Program Files\Tencent\qq\SendMMS.htm, N/A>

正在运行的进程
[PID: 140][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.00.2195.6601>
[PID: 164][\??\C:\WINNT\system32\csrss.exe]  <Microsoft Corporation><5.00.2195.6601>
[PID: 184][\??\C:\WINNT\system32\winlogon.exe]  <Microsoft Corporation><5.00.2195.6997>
[PID: 212][C:\WINNT\system32\services.exe]  <Microsoft Corporation><5.00.2195.7035>
    [C:\WINNT\system32\dmserver.dll]  <VERITAS Software Corp.><2195.6605.297.3>
[PID: 224][C:\WINNT\system32\lsass.exe]  <Microsoft Corporation><5.00.2195.7011>
[PID: 408][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 432][C:\WINNT\system32\spoolsv.exe]  <Microsoft Corporation><5.00.2195.7059>
    [C:\WINNT\system32\pdfports.dll]  <Adobe Systems Incorporated.><5.0.000>
    [C:\Program Files\Adobe\Acrobat 5.0\Distillr\ADistRes.CHS]  <Adobe Systems Incorporated.><5.0.0.0>
[PID: 468][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 504][C:\Program Files\Eset\nod32krn.exe]  <Eset ><2, 51, 8 >
    [C:\Program Files\Eset\ps_amon.dll]  <Eset ><2, 51, 8 >
    [C:\Program Files\Eset\ps_dmon.dll]  <Eset ><2, 51, 8 >
    [C:\Program Files\Eset\ps_emon.dll]  <Eset ><2, 51, 8 >
    [C:\WINNT\system32\imon.dll]  <Eset ><2, 51, 8 >
    [C:\Program Files\Eset\ps_mirr.dll]  <Eset ><2, 51, 8 >
    [C:\Program Files\Eset\ps_nod32.dll]  <Eset ><2, 51, 8 >
    [C:\Program Files\Eset\ps_upd.dll]  <Eset ><2, 51, 8 >
[PID: 600][C:\WINNT\system32\regsvc.exe]  <Microsoft Corporation><5.00.2195.6701>
[PID: 620][C:\WINNT\system32\MSTask.exe]  <Microsoft Corporation><4.71.2195.6972>
[PID: 688][C:\Program Files\VMware\VMware Workstation\vmware-authd.exe]  <VMware, Inc.><5.5.0 build-18463>
[PID: 724][C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe]  <VMware, Inc.><5.5.0 build-18463>
    [C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmxScsiLib.dll]  <VMware, Inc.><5.5.0 build-18463>
[PID: 768][C:\WINNT\system32\vmnat.exe]  <VMware, Inc.><5.5.0 build-18463>
[PID: 796][C:\WINNT\System32\WBEM\WinMgmt.exe]  <Microsoft Corporation><1.50.1085.0100>
[PID: 804][C:\WINNT\system32\svchost.exe]  <Microsoft Corporation><5.00.2134.1>
[PID: 816][C:\WINNT\system32\vmnetdhcp.exe]  <VMware, Inc.><5.5.0 build-18463>
[PID: 944][C:\WINNT\Explorer.EXE]  <Microsoft Corporation><5.00.3700.6690>
    [C:\Program Files\Internet Explorer\WinHook.sys]  <N/A><N/A>
    [C:\Program Files\FlashGet\JCCatch.dll]  <FlashGet><1, 1, 5, 0>
    [C:\WINNT\system32\nmhxy.dll]  <N/A><N/A>
    [C:\WINNT\system32\xunleibho_v4.dll]  <><4, 3, 2, 29>
    [C:\WINNT\system32\L3codeca.acm]  <Fraunhofer Institut Integrierte Schaltungen IIS><1, 2, 0, 63>
[PID: 1024][C:\Program Files\Eset\nod32kui.exe]  <Eset ><2, 51, 8 >
    [C:\Program Files\Internet Explorer\WinHook.sys]  <N/A><N/A>
    [C:\Program Files\Eset\pu_amon.dll]  <Eset ><2, 51, 8 >
    [C:\Program Files\Eset\pu_dmon.dll]  <Eset ><2, 51, 8 >
    [C:\Program Files\Eset\pu_emon.dll]  <Eset ><2, 51, 8 >
    [C:\Program Files\Eset\pu_imon.dll]  <Eset ><2, 51, 8 >
    [C:\Program Files\Eset\pu_mirr.dll]  <Eset ><2, 51, 8 >
    [C:\Program Files\Eset\pu_nod32.dll]  <Eset ><2, 51, 8 >
    [C:\Program Files\Eset\pu_upd.dll]  <Eset ><2, 51, 8 >
    [C:\WINNT\system32\nmhxy.dll]  <N/A><N/A>
[PID: 1044][C:\WINNT\system32\ctfmon.exe]  <Microsoft Corporation><1.00.2409.34 built by: Lab06_N>
    [C:\Program Files\Internet Explorer\WinHook.sys]  <N/A><N/A>
    [C:\WINNT\system32\nmhxy.dll]  <N/A><N/A>
[PID: 776][D:\Program Bak\cterm-3.25-051122\CTerm\CTerm.exe]  <><3, 2, 6, 2>
    [D:\Program Bak\cterm-3.25-051122\CTerm\python25.dll]  <Python Software Foundation><2.5c1>
    [C:\Program Files\Internet Explorer\WinHook.sys]  <N/A><N/A>
    [C:\WINNT\system32\nmhxy.dll]  <N/A><N/A>
[PID: 272][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\1.exe]  <N/A><N/A>
    [C:\Program Files\Internet Explorer\WinHook.sys]  <N/A><N/A>
    [C:\WINNT\system32\nmhxy.dll]  <N/A><N/A>
[PID: 512][C:\Program Files\Tencent\qq\QQ.exe]  <TENCENT><0, 0, 0, 0>
    [C:\Program Files\Tencent\qq\QQBaseClassInDll.dll]  <><1, 0, 0, 1>
    [C:\Program Files\Tencent\qq\QQHelperDll.dll]  <><1, 0, 0, 1>
    [C:\Program Files\Tencent\qq\BasicCtrlDll.dll]  <Tencent><5, 0, 200, 370>
    [C:\WINNT\system32\nmhxy.dll]  <N/A><N/A>
    [C:\Program Files\Internet Explorer\WinHook.sys]  <N/A><N/A>
    [C:\Program Files\Tencent\qq\LoginCtrl.dll]  <><1, 0, 0, 1>
    [C:\Program Files\Tencent\qq\npkcntc.dll]  <INCA Internet Co., Ltd.><2006, 6, 27, 1>
    [C:\Program Files\Tencent\qq\npkpdb.dll]  <INCA Internet Co., Ltd.><2003, 10, 1, 1>
    [C:\Program Files\Tencent\qq\QQAPI.dll]  <><1, 0, 0, 1>
    [C:\Program Files\Tencent\qq\QQRes.dll]  <tencent><1, 0, 0, 1>
    [C:\Program Files\Tencent\qq\QQMainFrame.dll]  <N/A><N/A>
    [C:\Program Files\Tencent\qq\CQQApplication.dll]  <N/A><N/A>
    [C:\Program Files\Tencent\qq\NewSkin.dll]  <><1, 0, 0, 1>
    [C:\Program Files\Tencent\qq\HostingMgr.dll]  <><1, 0, 0, 1>
    [C:\Program Files\Tencent\qq\CameraDll.dll]  <><1, 0, 0, 1>
    [C:\Program Files\Tencent\qq\MailSummary.dll]  <><1, 0, 0, 1>
    [C:\WINNT\system32\devenum.dll]  <N/A><N/A>
    [C:\Program Files\Tencent\qq\QQGroupMng.dll]  <><1, 0, 0, 1>
    [C:\Program Files\Tencent\qq\GroupLive.dll]  <N/A><N/A>
    [C:\Program Files\Tencent\qq\QQSysMsgMng.dll]  <N/A><N/A>
    [C:\Program Files\Tencent\qq\UserDefinedHead.dll]  <><1, 0, 0, 1>
    [C:\Program Files\Tencent\qq\QQPlugin.dll]  <N/A><N/A>
    [C:\Program Files\Tencent\qq\QQConfigPlugin.dll]  <><1, 0, 0, 1>
    [C:\Program Files\Tencent\qq\QRingMng.dll]  <N/A><N/A>
    [C:\Program Files\Tencent\qq\QQAllInOne.dll]  <N/A><N/A>
    [C:\Program Files\Tencent\qq\SCCore.dll]  <TENCENT><2, 0, 0, 1>
    [C:\Program Files\Tencent\qq\QQCustomFace.dll]  <N/A><N/A>
    [C:\Program Files\Tencent\qq\GroupConnection.dll]  <Tencent><0, 3, 3, 5>
    [C:\Program Files\Tencent\qq\QQAvatar.dll]  <N/A><N/A>
    [C:\Program Files\Tencent\qq\FlashAvatarDll.dll]  <><1, 4, 0, 1>
    [C:\Program Files\Tencent\qq\LongConnection.dll]  <tencent><5, 0, 200, 160>
    [C:\Program Files\Tencent\qq\CommercesMng.dll]  <><1, 0, 0, 1>
    [C:\Program Files\Tencent\qq\PersonalDesktop.dll]  <深圳市腾讯计算机系统公司QQ工作小组><1, 0, 0, 2>
    [C:\Program Files\Tencent\qq\QQAddr.dll]  <深圳市腾讯计算机系统有限公司><5, 0, 101, 240>
    [C:\Program Files\Tencent\qq\QQSceneMng.dll]  <N/A><N/A>
    [C:\Program Files\Tencent\qq\QQPhoneHelper.dll]  <腾讯科技（深圳）有限公司><2, 0, 6, 60>
    [C:\WINNT\system32\Macromed\Flash\Flash9.ocx]  <Adobe Systems, Inc.><9,0,16,0>
    [C:\Program Files\Tencent\qq\QQMagicFace.dll]  <><1, 0, 0, 1>
[PID: 1352][D:\Program Bak\BitComet\BitComet.exe]  <www.BitComet.com><0.59.>
    [C:\WINNT\system32\nmhxy.dll]  <N/A><N/A>
    [C:\Program Files\Internet Explorer\WinHook.sys]  <N/A><N/A>
[PID: 1148][D:\Program Bak\flashfxp_v3.0.1030\FlashFXP.exe]  <IniCom Networks, Inc.><3.0.1.1030>
    [C:\WINNT\system32\nmhxy.dll]  <N/A><N/A>
    [C:\Program Files\Internet Explorer\WinHook.sys]  <N/A><N/A>
    [C:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
    [C:\Program Files\Eset\nodshex.dll]  <N/A><N/A>
[PID: 1180][C:\Documents and Settings\Administrator\My Documents\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>
    [C:\WINNT\system32\nmhxy.dll]  <N/A><N/A>
    [C:\Program Files\Internet Explorer\WinHook.sys]  <N/A><N/A>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  Error. [winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

【回复“独孤小白”的帖子】
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\1.exe
R3 - URLSearchHook: (no name) - {88351CEF-BAC0-4A9B-8380-31A173E2926F} - (no file)
R3 - URLSearchHook: (no name) - {02496EBD-8455-48db-B3C7-5DAC97D9F5A7} - (no file)C:\WINNT\system32\nmhxy.dll] <N/A><N/A>
[C:\Program Files\Internet Explorer\WinHook.sys] <N/A><N/A>
[C:\Program Files\Eset\nodshex.dll] <N/A><N/A>