我的浏览器被劫持了怎么办？

2006-10-15,12:31:36

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 1 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <S3TRAY2><S3Tray2.exe>  [S3 Graphics, Inc.]
    <BluetoothAuthenticationAgent><rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent>  [(Verified)Microsoft Corporation]
    <TpShocks><TpShocks.exe>  [IBM Corp.]
    <TPHOTKEY><C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe>  [N/A]
    <BMMLREF><C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE>  [N/A]
    <TPKMAPHELPER><C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper>  [IBM Corp.]
    <TP4EX><tp4ex.exe>  [IBM Corporation]
    <EZEJMNAP><C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe>  [IBM Corp.]
    <SynTPLpr><C:\Program Files\Synaptics\SynTP\SynTPLpr.exe>  [(Verified)Synaptics, Inc.]
    <SynTPEnh><C:\Program Files\Synaptics\SynTP\SynTPEnh.exe>  [(Verified)Synaptics, Inc.]
    <AGRSMMSG><AGRSMMSG.exe>  [(Verified)Agere Systems]
    <ATIPTA><C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe>  [ATI Technologies, Inc.]
    <ATIModeChange><Ati2mdxx.exe>  [(Verified)ATI Technologies, Inc.]
    <tgcmd><"C:\Program Files\Support.com\bin\tgcmd.exe" /server>  [SupportSoft, Inc.]
    <QCWLICON><C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE>  [IBM Corp.]
    <IMEKRMIG6.1><C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE>  [(Verified)Microsoft Corporation]
    <MSPY2002><C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC>  [(Verified)N/A]
    <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
    <AVG7_CC><C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP>  [GRISOFT, s.r.o.]
    <RichMedia><C:\WINDOWS\System32\Rundll32.exe  "C:\PROGRA~1\pcast\hbcast.dll",WaitWindows>  [Shanghai Henbang Technology Co., Ltd]
    <CdnCtr><C:\Program Files\CNNIC\Cdn\cdnup.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <ibmmessages><; C:\Program Files\IBM\Messages By IBM\ibmmessages.exe>  [IBM]

==================================
启动文件夹
N/A

==================================
服务
[Application Management / AppMgmt]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[ASP.NET State Service / aspnet_state]
  <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Ati HotKey Poller / Ati HotKey Poller]
  <C:\WINDOWS\System32\Ati2evxx.exe><N/A>
[Autodesk Licensing Service / Autodesk Licensing Service]
  <"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"><Autodesk>
[AVG7 Alert Manager Server / Avg7Alrt]
  <C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe><GRISOFT, s.r.o.>
[AVG7 Update Service / Avg7UpdSvc]
  <C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe><GRISOFT, s.r.o.>
[AVG E-mail Scanner / AVGEMS]
  <C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe><GRISOFT, s.r.o.>
[ClipBook / ClipBook]
  <C:\WINDOWS\system32\clipsvr.exe><Microsoft Corporation>
[Network Security / Framework]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\System32\mssapi.dll><N/A>
[Human Interface Device Access / HidServ]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[IBM PM Service / IBMPMSVC]
  <C:\WINDOWS\System32\ibmpmsvc.exe><N/A>
[QCONSVC / QCONSVC]
  <System32\QCONSVC.EXE><N/A>
[RegSrvc / RegSrvc]
  <C:\WINDOWS\System32\RegSrvc.exe><Intel Corporation>
[Spectrum24 Event Monitor / S24EventMonitor]
  <C:\WINDOWS\System32\S24EvMon.exe><Intel Corporation>
[IBM KCU Service / TpKmpSVC]
  <C:\WINDOWS\system32\TpKmpSVC.exe><N/A>

==================================
驱动程序
[00 / 00]
  <\SystemRoot\\SystemRoot\System32\drivers\140862.sys><N/A>
[abp480n5 / abp480n5]
  <\SystemRoot\System32\DRIVERS\ABP480N5.SYS><Microsoft Corporation>
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[adpu160m / adpu160m]
  <\SystemRoot\System32\DRIVERS\adpu160m.sys><Microsoft Corporation>
[aeaudio / aeaudio]
  <system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[Agere Systems Soft Modem / AgereSoftModem]
  <System32\DRIVERS\AGRSM.sys><Agere Systems>
[Aha154x / Aha154x]
  <\SystemRoot\System32\DRIVERS\aha154x.sys><Microsoft Corporation>
[aic78u2 / aic78u2]
  <\SystemRoot\System32\DRIVERS\aic78u2.sys><Microsoft Corporation>
[aic78xx / aic78xx]
  <\SystemRoot\System32\DRIVERS\aic78xx.sys><Microsoft Corporation>
[AliIde / AliIde]
  <\SystemRoot\System32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD AGP Bus Filter Driver / amdagp]
  <\SystemRoot\System32\DRIVERS\amdagp.sys><Advanced Micro Devices, Inc.>
[ANC / ANC]
  <System32\drivers\ANC.SYS><N/A>
[asc / asc]
  <\SystemRoot\System32\DRIVERS\asc.sys><Advanced System Products, Inc.>
[asc3350p / asc3350p]
  <\SystemRoot\System32\DRIVERS\asc3350p.sys><Microsoft Corporation>
[asc3550 / asc3550]
  <\SystemRoot\System32\DRIVERS\asc3550.sys><Advanced System Products, Inc.>
[ati2mtag / ati2mtag]
  <System32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[AVG7 Kernel / Avg7Core]
  <\SystemRoot\System32\Drivers\avg7core.sys><GRISOFT, s.r.o.>
[AVG7 Wrap Driver / Avg7RsW]
  <\SystemRoot\System32\Drivers\avg7rsw.sys><GRISOFT, s.r.o.>
[AVG7 Resident Driver XP / Avg7RsXP]
  <\SystemRoot\System32\Drivers\avg7rsxp.sys><GRISOFT, s.r.o.>
[AVG Network Redirector / AvgTdi]
  <\SystemRoot\System32\Drivers\avgtdi.sys><GRISOFT, s.r.o.>
[cd20xrnt / cd20xrnt]
  <\SystemRoot\System32\DRIVERS\cd20xrnt.sys><Microsoft Corporation>
[cdnprot / cdnprot]
  <\SystemRoot\system32\drivers\cdnprot.sys><中国互联网络信息中心(CNNIC)>
[CmdIde / CmdIde]
  <\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[dac2w2k / dac2w2k]
  <\SystemRoot\System32\DRIVERS\dac2w2k.sys><Mylex Corporation>
[dpti2o / dpti2o]
  <\SystemRoot\System32\DRIVERS\dpti2o.sys><Microsoft Corporation>
[Intel(R) PRO/1000 Adapter Driver / E1000]
  <System32\DRIVERS\e1000325.sys><Intel Corporation>
[Intel(R) PRO Adapter Driver / E100B]
  <System32\DRIVERS\e100b325.sys><Intel Corporation>
[Intel GV3 Processor Driver / gv3]
  <System32\DRIVERS\gv3.sys><Microsoft Corporation>
[IBMPMDRV / IBMPMDRV]
  <System32\DRIVERS\ibmpmdrv.sys><IBM Corp.>
[IBMTPCHK / IBMTPCHK]
  <System32\drivers\IBMBLDID.SYS><N/A>
[ini910u / ini910u]
  <\SystemRoot\System32\DRIVERS\ini910u.sys><Microsoft Corporation>
[Lucent Technologies Soft Modem / LucentSoftModem]
  <System32\DRIVERS\LTSM.sys><Lucent Technologies>
[AEGIS Protocol (IEEE 802.1x) v2.2.1.0 / MDC8021X]
  <System32\DRIVERS\mdc8021x.sys><Meetinghouse Data Communications>
[mraid35x / mraid35x]
  <\SystemRoot\System32\DRIVERS\mraid35x.sys><American Megatrends Inc.>
[NSC Infrared Device Driver / NSCIRDA]
  <System32\DRIVERS\nscirda.sys><National Semiconductor Corporation>
[PMEM / PMEM]
  <\??\C:\WINDOWS\system32\drivers\PMEMNT.SYS><Microsoft Corporation>
[Direct Parallel Link Driver / Ptilink]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[ql1080 / ql1080]
  <\SystemRoot\System32\DRIVERS\ql1080.sys><QLogic Corporation>
[Ql10wnt / Ql10wnt]
  <\SystemRoot\System32\DRIVERS\ql10wnt.sys><Microsoft Corporation>
[ql12160 / ql12160]
  <\SystemRoot\System32\DRIVERS\ql12160.sys><QLogic Corporation>
[ql1280 / ql1280]
  <\SystemRoot\System32\DRIVERS\ql1280.sys><QLogic Corporation>
[WLAN Transport / s24trans]
  <System32\DRIVERS\s24trans.sys><Intel Corporation>
[S3SSavage / S3SSavage]
  <System32\DRIVERS\s3ssavm.sys><S3 Graphics, Inc.>
[Secdrv / Secdrv]
  <System32\DRIVERS\secdrv.sys><N/A>
[ShockMgr / ShockMgr]
  <C:\WINDOWS\SYSTEM32\DRIVERS\ShockMgr.SYS><IBM Corporation>
[Shockprf / Shockprf]
  <C:\WINDOWS\SYSTEM32\DRIVERS\Shockprf.SYS><IBM Corporation>
[SIS AGP Bus Filter / sisagp]
  <\SystemRoot\System32\DRIVERS\sisagp.sys><Silicon Integrated Systems Corporation>
[Smapint / Smapint]
  <System32\drivers\Smapint.sys><Microsoft Corporation>
[smwdm / smwdm]
  <system32\drivers\smwdm.sys><Analog Devices, Inc.>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1]
  <System32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[Sparrow / Sparrow]
  <\SystemRoot\System32\DRIVERS\sparrow.sys><Adaptec, Inc.>
[symc810 / symc810]
  <\SystemRoot\System32\DRIVERS\symc810.sys><Symbios Logic Inc.>
[symc8xx / symc8xx]
  <\SystemRoot\System32\DRIVERS\symc8xx.sys><LSI Logic>
[sym_hi / sym_hi]
  <\SystemRoot\System32\DRIVERS\sym_hi.sys><LSI Logic>
[sym_u3 / sym_u3]
  <\SystemRoot\System32\DRIVERS\sym_u3.sys><LSI Logic>
[Synaptics TouchPad Driver / SynTP]
  <System32\DRIVERS\SynTP.sys><Synaptics, Inc.>
[TDSMAPI / TDSMAPI]
  <System32\drivers\TDSMAPI.SYS><N/A>
[TosIde / TosIde]
  <\SystemRoot\System32\DRIVERS\toside.sys><Microsoft Corporation>
[TPHKDRV / TPHKDRV]
  <C:\WINDOWS\SYSTEM32\DRIVERS\TPHKDRV.SYS><IBM Corporation>
[TPPWR / TPPWR]
  <System32\drivers\Tppwr.sys><IBM Corp.>
[TSMAPIP / TSMAPIP]
  <System32\drivers\TSMAPIP.SYS><N/A>
[IBM PS/2 TrackPoint Filter Driver / TwoTrack]
  <System32\DRIVERS\TwoTrack.sys><IBM Corporation>
[ultra / ultra]
  <\SystemRoot\System32\DRIVERS\ultra.sys><Promise Technology, Inc.>
[Intel(R) PRO/Wireless 7100 Adapter 驱动程序 / w70n51]
  <System32\DRIVERS\w70n51.sys><Intel? Corporation>

浏览器加载项
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[MonitorURL Class]
  {08A312BB-5409-49FC-9347-54BB7D069AC6} <C:\PROGRA~1\DESKAD~1\deskipn.dll, N/A>
[BHO.clsInetSpeak]
  {0CD5C894-57C5-44BB-9D73-84AE18E2D938} <C:\WINDOWS\System32\msidb.dll, Microsoft Corporation>
[MyIEHelper Class]
  {16B770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_5084.dll, Microsoft Corporation>
[DragSearch BHO]
  {62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, N/A>
[AcroIEToolbarHelper Class]
  {AE7CD045-E861-484f-8273-0445EE161910} <C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll, N/A>
[T2BHO Class]
  {B1D147E7-873E-4909-8127-695D9BB78728} <C:\WINDOWS\Downloaded Program Files\barhelp24.0.dll, HDT, Inc.>
[信息检索]
  {CE7C3CF0-98A8-474D-B2B5-1ED7E2E3B004} <C:\WINDOWS\system32\IEHelper.dll, N/A>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\MSMSGS.EXE, Microsoft Corporation>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[Adobe PDF]
  {47833539-D0C5-4125-9FA8-0819E2EAAC93} <C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll, N/A>
[天下搜索]
  {56A7DC70-E102-4408-A34A-AE06FEF01586} <, N/A>
[Java Plug-in 1.4.1]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll, IBM.>
[Java Plug-in 1.4.1 <applet> redirector]
  {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} <C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll, IBM.>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[访问通用网址]
  <C:\Program Files\CNNIC\Cdn\cnnic.htm, N/A>

==================================
正在运行的进程
[PID: 836][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 888][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 948][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\system32\Ati2evxx.dll]  [N/A, N/A]
[PID: 996][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1008][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 1160][C:\WINDOWS\System32\ibmpmsvc.exe]  [N/A, N/A]
[PID: 1224][C:\WINDOWS\System32\Ati2evxx.exe]  [N/A, N/A]
[PID: 1264][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1424][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1544][C:\WINDOWS\System32\S24EvMon.exe]  [Intel Corporation , 4, 1, 0, 3]
[PID: 1764][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1808][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 204][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.1699 (xpsp2.050610-1533)]
    [C:\WINDOWS\System32\AdobePDF.dll]  [Adobe Systems Incorporated., 6.0.000]
    [C:\Program Files\Adobe\Acrobat 6.0\Distillr\AdistRes.CHS]  [N/A, N/A]
    [C:\WINDOWS\system32\hpbmmon.dll]  [Hewlett-Packard, 10.00.14]
    [C:\WINDOWS\system32\hpdomon.dll]  [Hewlett-Packard, 03.42.00]
    [C:\WINDOWS\system32\HPBHealr.dll]  [N/A, N/A]
[PID: 1328][C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe]  [GRISOFT, s.r.o., 7,1,0,365]
    [C:\PROGRA~1\Grisoft\AVGFRE~1\avglog.dll]  [GRISOFT, s.r.o., 7,1,0,349]
    [C:\Program Files\Grisoft\AVG Free\avgcfg.dll]  [GRISOFT, s.r.o., 7,1,0,404]
    [C:\Program Files\Grisoft\AVG Free\avgklib.dll]  [GRISOFT, s.r.o., 7,1,0,321]
    [C:\Program Files\Grisoft\AVG Free\avglng.dll]  [GRISOFT, s.r.o., 7,1,0,400]
    [C:\Program Files\Grisoft\AVG Free\avgamint.dll]  [GRISOFT, s.r.o., 7,1,0,349]
    [C:\Program Files\Grisoft\AVG Free\avgamsps.dll]  [GRISOFT, s.r.o., 7,1,0,285]
[PID: 1352][C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe]  [GRISOFT, s.r.o., 7,1,0,349]
    [C:\Program Files\Grisoft\AVG Free\avgupd.dll]  [GRISOFT, s.r.o., 7,1,0,404]
    [C:\Program Files\Grisoft\AVG Free\avgupsvc.dll]  [GRISOFT, s.r.o., 7,1,0,285]
    [C:\Program Files\Grisoft\AVG Free\avgcfg.dll]  [GRISOFT, s.r.o., 7,1,0,404]
    [C:\Program Files\Grisoft\AVG Free\avgklib.dll]  [GRISOFT, s.r.o., 7,1,0,321]
    [C:\PROGRA~1\Grisoft\AVGFRE~1\avglog.dll]  [GRISOFT, s.r.o., 7,1,0,349]
    [C:\Program Files\Grisoft\AVG Free\avgamsps.dll]  [GRISOFT, s.r.o., 7,1,0,285]
[PID: 1392][C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe]  [GRISOFT, s.r.o., 7,1,0,400]
    [C:\PROGRA~1\Grisoft\AVGFRE~1\libsasl.dll]  [GRISOFT, s.r.o., 7,1,0,285]
    [C:\Program Files\Grisoft\AVG Free\avgcfg.dll]  [GRISOFT, s.r.o., 7,1,0,404]
    [C:\Program Files\Grisoft\AVG Free\avgklib.dll]  [GRISOFT, s.r.o., 7,1,0,321]
    [C:\PROGRA~1\Grisoft\AVGFRE~1\avglog.dll]  [GRISOFT, s.r.o., 7,1,0,349]
    [C:\Program Files\Grisoft\AVG Free\avglng.dll]  [GRISOFT, s.r.o., 7,1,0,400]
    [C:\Program Files\Grisoft\AVG Free\avgscan.dll]  [GRISOFT, s.r.o., 7,1,0,406]
    [C:\Program Files\Grisoft\AVG Free\avgunarc.dll]  [GRISOFT, s.r.o., 7,1,0,407]
    [C:\PROGRA~1\Grisoft\AVGFRE~1\saslcrammd5.dll]  [GRISOFT, s.r.o., 7,1,0,285]
    [C:\PROGRA~1\Grisoft\AVGFRE~1\sasldigestmd5.dll]  [GRISOFT, s.r.o., 7,1,0,285]
    [C:\PROGRA~1\Grisoft\AVGFRE~1\sasllogin.dll]  [GRISOFT, s.r.o., 7,1,0,285]
    [C:\PROGRA~1\Grisoft\AVGFRE~1\saslplain.dll]  [GRISOFT, s.r.o., 7,1,0,300]
    [C:\Program Files\Grisoft\AVG Free\avgmail.dll]  [GRISOFT, s.r.o., 7,1,0,400]
    [C:\PROGRA~1\Grisoft\AVGFRE~1\avgemcps.dll]  [GRISOFT, s.r.o., 7, 0, 0, 238]
[PID: 1416][C:\WINDOWS\system32\clipsvr.exe]  [Microsoft Corporation, 5, 2, 3790, 0]
[PID: 1532][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE]  [Microsoft Corporation, 7.00.9466]
[PID: 1680][C:\WINDOWS\System32\QCONSVC.EXE]  [IBM Corp., 2, 7, 2, 0]
    [C:\PROGRA~1\ThinkPad\CONNEC~1\Qcon.dll]  [IBM Corp., 2, 7, 2, 0]
    [C:\PROGRA~1\ThinkPad\CONNEC~1\MerlinC201.dll]  [Novatel Wireless Inc., 1, 0, 0, 1]
[PID: 1804][C:\WINDOWS\System32\RegSrvc.exe]  [Intel Corporation, 4, 1, 0, 0]
[PID: 356][C:\WINDOWS\system32\TpKmpSVC.exe]  [N/A, N/A]
[PID: 1948][C:\WINDOWS\system32\Ati2evxx.exe]  [N/A, N/A]
[PID: 280][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]

[C:\WINDOWS\System32\AcSignIcon.dll]  [Autodesk, 16.2.54.0]
    [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll]  [Autodesk, 16.2.54.0]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 0, 0, 2]
    [C:\WINDOWS\System32\SynTPFcs.dll]  [Synaptics, Inc., 7.5.17.6 28Aug03]
    [C:\WINDOWS\system32\IEHelper.dll]  [N/A, 1, 0, 0, 1]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 6.0.0.2003051500]
[PID: 1856][c:\windows\powermsgr.exe]  [Microsoft Corporation, 5.2.3790.1830]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 0, 0, 2]
[PID: 548][C:\Program Files\CNNIC\Cdn\cdnup.exe]  [, 2, 4, 0, 6]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 0, 0, 2]
[PID: 1924][C:\WINDOWS\System32\TpShocks.exe]  [IBM Corp., 1, 0, 0, 1]
    [C:\WINDOWS\System32\Sensor.dll]  [N/A, N/A]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 0, 0, 2]
    [C:\WINDOWS\System32\SynTPFcs.dll]  [Synaptics, Inc., 7.5.17.6 28Aug03]
[PID: 2200][C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe]  [N/A, N/A]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 0, 0, 2]
    [C:\Program Files\ThinkPad\PkgMgr\HOTKEY_2\tphk_2k.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\Oemdspif.dll]  [ATI Technologies, Inc., 6.14.0010]
[PID: 2376][C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe]  [IBM Corp., 1, 0, 0, 0]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 0, 0, 2]
[PID: 2388][C:\Program Files\Synaptics\SynTP\SynTPLpr.exe]  [Synaptics, Inc., 7.5.17.6 28Aug03]
    [C:\WINDOWS\System32\SynTPFcs.dll]  [Synaptics, Inc., 7.5.17.6 28Aug03]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 0, 0, 2]
[PID: 2436][C:\Program Files\Synaptics\SynTP\SynTPEnh.exe]  [Synaptics, Inc., 7.5.17.6 28Aug03]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 0, 0, 2]
    [C:\WINDOWS\System32\SynCOM.dll]  [Synaptics, Inc., 7.5.17.6 28Aug03]
    [C:\WINDOWS\System32\SynTPAPI.dll]  [Synaptics, Inc., 7.5.17.6 28Aug03]
    [C:\WINDOWS\System32\SynTPFcs.dll]  [Synaptics, Inc., 7.5.17.6 28Aug03]
[PID: 2468][C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe]  [N/A, N/A]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 0, 0, 2]
[PID: 2480][C:\WINDOWS\AGRSMMSG.exe]  [Agere Systems, 2.1.31 2.1.31 06/27/2003 08:53:31]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 0, 0, 2]
[PID: 2488][C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe]  [IBM Corporation, 1.06]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 0, 0, 2]
[PID: 2652][C:\Program Files\Support.com\bin\tgcmd.exe]  [SupportSoft, Inc., 5,8,136,0]
    [C:\Program Files\Support.com\bin\2052\tglocale.dll]  [N/A, N/A]
    [C:\Program Files\Support.com\bin\sdcmon.dll]  [SupportSoft, Inc., 5,8,136,0]
    [C:\WINDOWS\System32\SynTPFcs.dll]  [Synaptics, Inc., 7.5.17.6 28Aug03]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 0, 0, 2]
[PID: 2692][C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE]  [IBM Corp., 2, 7, 2, 0]
    [C:\Program Files\ThinkPad\ConnectUtilities\QCON.dll]  [IBM Corp., 2, 7, 2, 0]
    [C:\Program Files\ThinkPad\ConnectUtilities\MerlinC201.dll]  [Novatel Wireless Inc., 1, 0, 0, 1]
    [C:\WINDOWS\System32\SbrngAPI.dll]  [Intel Corporation, 1, 7, 0, 0]
    [C:\WINDOWS\System32\PfMgrApi.dll]  [Intel Corporation, 4, 1, 0, 0]
    [C:\WINDOWS\System32\PsRegApi.dll]  [Intel Corporation, 4, 1, 0, 0]
    [C:\WINDOWS\System32\WConfig.DLL]  [Intel Corporation, 4, 1, 0, 1]
    [C:\WINDOWS\System32\WiFiAdap.DLL]  [Intel Corporation, 4, 1, 0, 0]
    [C:\WINDOWS\System32\S24MUDLL.dll]  [Intel Corporation, 4, 1, 0, 3]
    [C:\WINDOWS\System32\SynTPFcs.dll]  [Synaptics, Inc., 7.5.17.6 28Aug03]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 0, 0, 2]
[PID: 2872][C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe]  [GRISOFT, s.r.o., 7,1,0,406]
    [C:\PROGRA~1\Grisoft\AVGFRE~1\AvgTMgr.dll]  [GRISOFT, s.r.o., 7,1,0,400]
    [C:\PROGRA~1\Grisoft\AVGFRE~1\AvgCtrl.dll]  [GRISOFT, s.r.o., 7,1,0,405]
    [C:\PROGRA~1\Grisoft\AVGFRE~1\AvgAbout.dll]  [GRISOFT, s.r.o., 7,1,0,407]
    [C:\PROGRA~1\Grisoft\AVGFRE~1\AvgTest.dll]  [GRISOFT, s.r.o., 7,1,0,400]
    [C:\PROGRA~1\Grisoft\AVGFRE~1\AvgTRes.dll]  [GRISOFT, s.r.o., 7,1,0,402]
    [C:\PROGRA~1\Grisoft\AVGFRE~1\AvgSet.dll]  [N/A, N/A]
    [C:\PROGRA~1\Grisoft\AVGFRE~1\avglog.dll]  [GRISOFT, s.r.o., 7,1,0,349]
    [C:\WINDOWS\System32\SynTPFcs.dll]  [Synaptics, Inc., 7.5.17.6 28Aug03]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 0, 0, 2]
    [C:\Program Files\Grisoft\AVG Free\avgcfg.dll]  [GRISOFT, s.r.o., 7,1,0,404]
    [C:\Program Files\Grisoft\AVG Free\avgklib.dll]  [GRISOFT, s.r.o., 7,1,0,321]
    [C:\Program Files\Grisoft\AVG Free\avglng.dll]  [GRISOFT, s.r.o., 7,1,0,400]
    [C:\Program Files\Grisoft\AVG Free\avgf.dll]  [N/A, N/A]
    [C:\Program Files\Grisoft\AVG Free\AVGRES.DLL]  [N/A, N/A]
    [C:\Program Files\Grisoft\AVG Free\avgcckrn.dll]  [GRISOFT, s.r.o., 7,1,0,400]
    [C:\Program Files\Grisoft\AVG Free\avgvault.dll]  [GRISOFT, s.r.o., 7,1,0,285]
    [C:\Program Files\Grisoft\AVG Free\avgscan.dll]  [GRISOFT, s.r.o., 7,1,0,406]
    [C:\Program Files\Grisoft\AVG Free\avgunarc.dll]  [GRISOFT, s.r.o., 7,1,0,407]
    [C:\Program Files\Grisoft\AVG Free\avgrep.dll]  [GRISOFT, s.r.o., 7,1,0,311]
    [C:\PROGRA~1\Grisoft\AVGFRE~1\avgemsui.dll]  [GRISOFT, s.r.o., 7,1,0,400]
    [C:\PROGRA~1\Grisoft\AVGFRE~1\avgemcps.dll]  [GRISOFT, s.r.o., 7, 0, 0, 238]
[PID: 2892][C:\WINDOWS\System32\Rundll32.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\PROGRA~1\pcast\hbcast.dll]  [Shanghai Henbang Technology Co., Ltd, 1, 1, 3, 8]
    [C:\WINDOWS\System32\SynTPFcs.dll]  [Synaptics, Inc., 7.5.17.6 28Aug03]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 0, 0, 2]
[PID: 3072][C:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\SynTPFcs.dll]  [Synaptics, Inc., 7.5.17.6 28Aug03]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 0, 0, 2]
[PID: 3180][C:\Program Files\Messenger\msmsgs.exe]  [Microsoft Corporation, 4.7.2010]
    [C:\WINDOWS\System32\SynTPFcs.dll]  [Synaptics, Inc., 7.5.17.6 28Aug03]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 0, 0, 2]
    [C:\WINDOWS\System32\msdmo.dll]  [N/A, N/A]
[PID: 1000][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\SynTPFcs.dll]  [Synaptics, Inc., 7.5.17.6 28Aug03]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 0, 0, 2]
    [C:\WINDOWS\System32\AcSignIcon.dll]  [Autodesk, 16.2.54.0]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll]  [N/A, N/A]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.CHS]  [N/A, N/A]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 6.0.0.2003051500]
    [C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_5084.dll]  [Microsoft Corporation, 1, 3, 5, 0]
    [C:\WINDOWS\Downloaded Program Files\barhelp24.0.dll]  [HDT, Inc., 1, 9, 5, 0]
    [C:\WINDOWS\system32\IEHelper.dll]  [N/A, 1, 0, 0, 1]
[PID: 2828][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\SynTPFcs.dll]  [Synaptics, Inc., 7.5.17.6 28Aug03]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 0, 0, 2]
    [C:\WINDOWS\System32\AcSignIcon.dll]  [Autodesk, 16.2.54.0]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll]  [N/A, N/A]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.CHS]  [N/A, N/A]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 6.0.0.2003051500]
    [C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_5084.dll]  [Microsoft Corporation, 1, 3, 5, 0]
    [C:\WINDOWS\Downloaded Program Files\barhelp24.0.dll]  [HDT, Inc., 1, 9, 5, 0]
    [C:\WINDOWS\system32\IEHelper.dll]  [N/A, 1, 0, 0, 1]
    [C:\WINNT\system32\Macromed\Flash\Flash9.ocx]  [Adobe Systems, Inc., 9,0,16,0]
[PID: 2804][C:\Documents and Settings\yangzhiqiang\桌面\sreng最新版\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]
    [C:\WINDOWS\System32\SynTPFcs.dll]  [Synaptics, Inc., 7.5.17.6 28Aug03]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 0, 0, 2]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  Error. [AutoCADScriptFile]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================

运行(双击)SRENG2，点“启动项目，服务，点“Win32服务应用程序”
勾选“隐藏微软服务”选中病毒服务Network Security 选择“删除服务”
点“设置”选择“否”


显示隐藏文件
重启按F8进入安全模式下删除：
C:\WINDOWS\System32\mssapi.dll
C:\PROGRA~1\pcast\hbcast.dll