刚才在好好地上网,忽然自动关机了.再开机时一进入帐户后马上自动开始关机.我怀疑是有个关机程序在开机时自动运行了,所以我再刚进入帐户的瞬间打开任务管理器果然看到有个以前没见过的"工程"在运行,于是马上关了它,就不关机了,可是我总不能每次开机都这么做吧,而且动作慢了就又会被关机了.那应该是个病毒,可又查不出,我的是XP,怎么办?谢谢

怎么删除相关文件啊?

启动项报告：      2005-8-4, 21:20:39
启动项扫描器版本： 1.52.2
开始于：      D:\软件安装程序\HijackThis1991汉化版\HijackThis1991zww.EXE
系统检测：    Windows XP SP2 (WinNT 5.01.2600)
系统检测：    Internet Explorer v6.00 SP2 (6.00.2900.2180)
* 使用默认选项             
* 选择“列出全部(全面)”方式                           
==================================================

当前运行的进程：         

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\KAV6\KAVSvc.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\flexlm\SolidWorks SolidNetWork License Manager\lmgrd.exe
C:\WINDOWS\system32\svchost.exe
C:\flexlm\SolidWorks SolidNetWork License Manager\SW_D.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\KAV6\Kulansyn.EXE
C:\KAV6\KWatchUI.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\KAV6\MailMon.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\KAV6\KPopMon.EXE
C:\Program Files\Nokia\PC Suite for Nokia 3660\connmngmntbox.exe
C:\Program Files\Nokia\PC Suite for Nokia 3660\ectaskscheduler.exe
C:\KAV6\KAVPlus.EXE
D:\软件安装区\应用软件\Microtek\ScanWizard 5\ScannerFinder.exe
C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\3721\assistse.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\软件安装区\应用软件\QQ.EXE
D:\软件安装区\应用软件\TIMPlatform.exe
D:\软件安装程序\HijackThis1991汉化版\HijackThis1991zww.exe

--------------------------------------------------

文件夹中的启动项                 

Shell folders Startup:
[C:\Documents and Settings\Admin\「开始」菜单\程序\启动]
腾讯QQ.lnk = ?

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\「开始」菜单\程序\启动]
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
PCSuiteForNokia3650 Detect.lnk = ?
PCSuiteForNokia3650 TS.lnk = ?
Microtek 扫描仪探测器.lnk = ?

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
* 未找到相关注册表键值 *         

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
* 未找到相关注册表键值 *           

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
* 未找到相关注册表键值 *         

--------------------------------------------------

注册表中的启动项:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

IMJPMIG8.1 = "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
PHIME2002ASync = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
MSPY2002 = C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
SoundMan = SOUNDMAN.EXE
IgfxTray = C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds = C:\WINDOWS\system32\hkcmd.exe
ASUS Live Update = C:\Program Files\ASUS\ASUS Live Update\ALU.exe
NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
ServiceLayer = C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
Nokia Tray Application = C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
BluetoothAuthenticationAgent = rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
KAVRun = C:\KAV6\KAVRun.EXE
Kulansyn = C:\KAV6\Kulansyn.EXE
PS1 = C:\WINDOWS\system32\ps1.exe
exp.exe = rem C:\WINDOWS\system32\exp.exe
VBouncer = C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe
WeirdOnTheWeb = "C:\Program Files\WeirdOnTheWeb\WeirdOnTheWeb.exe"
C:\WINDOWS\VCMnet11.exe = C:\WINDOWS\VCMnet11.exe
BullsEye Network = C:\Program Files\BullsEye Network\bin\bargains.exe
NaviSearch = C:\Program Files\NaviSearch\bin\nls.exe
CashBack = C:\Program Files\CashBack\bin\cashback.exe
(Default) = C:\WINDOWS\system32\conPragrs.exe
helper.dll = C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
assistse = "C:\PROGRA~1\3721\assistse.exe"
CnsMin = Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32

--------------------------------------------------

注册表中的启动项:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

3721C:\PROGRA~1\3721\autolive.dll455004 = regsvr32 /s C:\PROGRA~1\3721\autolive.dll

--------------------------------------------------

注册表中的启动项:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

* 未找到值 *       

--------------------------------------------------

注册表中的启动项:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

* 未找到值 *       

--------------------------------------------------

注册表中的启动项:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

* 未找到相关注册表键值 *         

--------------------------------------------------

注册表中的启动项:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
KpopMon = C:\KAV6\KPopMon.EXE

--------------------------------------------------

注册表中的启动项:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

* 未找到相关注册表键值 *         

--------------------------------------------------

注册表中的启动项:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

* 未找到相关注册表键值 *         

--------------------------------------------------

注册表中的启动项:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

* 未找到相关注册表键值 *         

--------------------------------------------------

注册表中的启动项:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

* 未找到相关注册表键值 *         

--------------------------------------------------

注册表中的启动项:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

* 未找到相关注册表键值 *         

--------------------------------------------------

注册表中的启动项:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

* 未找到相关注册表键值 *         

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
* 未找到值 *       

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
* 未找到相关注册表键值 *         

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
* 未找到相关注册表键值 *         

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
* 未找到相关注册表键值 *         

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
* 未找到相关注册表键值 *         

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
* 未找到相关注册表键值 *         

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
* 未找到相关注册表键值 *         

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
* 未找到相关注册表键值 *         

--------------------------------------------------

文件打开方式关联 for    .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(黙认) =  "%1" %*

--------------------------------------------------

文件打开方式关联 for    .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(黙认) =  "%1" %*

--------------------------------------------------

文件打开方式关联 for    .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(黙认) =  "%1" %*

--------------------------------------------------

文件打开方式关联 for    .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(黙认) =  "%1" %*

--------------------------------------------------

文件打开方式关联 for    .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(黙认) =  "%1" /S

--------------------------------------------------

文件打开方式关联 for    .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(黙认) =  C:\WINDOWS\system32\mshta.exe "%1" %*

--------------------------------------------------

文件打开方式关联 for    .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(黙认) =  %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

* 未找到相关注册表键值 *         

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=* 未找到INI相关项目值 *       
run=* 未找到INI相关项目值 *       

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=* 未找到相关注册表键值 *           
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=* 未找到相关注册表键值 *           
HKLM\..\Windows\CurrentVersion\WinLogon: load=* 未找到相关注册表键值 *         
HKLM\..\Windows\CurrentVersion\WinLogon: run=* 未找到相关注册表键值 *         
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=* 未找到相关注册表键值 *           
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=* 未找到相关注册表键值 *           
HKCU\..\Windows\CurrentVersion\WinLogon: load=* 未找到相关注册表键值 *         
HKCU\..\Windows\CurrentVersion\WinLogon: run=* 未找到相关注册表键值 *         
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=* 未找到相关注册表键值 *           
HKLM\..\Windows NT\CurrentVersion\Windows: load=* 未找到相关注册表键值 *           
HKLM\..\Windows NT\CurrentVersion\Windows: run=* 未找到相关注册表键值 *           
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

外壳扩展和屏幕保护程序的键值  从            C:\WINDOWS\SYSTEM.INI:

Shell=* 未找到INI相关项目值 *       
SCRNSAVE.EXE=* 未找到INI相关项目值 *       
drivers=* 未找到INI相关项目值 *       

外壳扩展和屏幕保护程序的键值  从  注册表             

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\NOKIA3~1.SCR
drivers=* 未找到相关注册表键值 *           

Policies Shell key:

HKCU\..\Policies: Shell=* 未找到相关注册表键值 *         
HKLM\..\Policies: Shell=* 未找到相关注册表键值 *           

--------------------------------------------------


列举IE浏览器辅助对象(BHO模块):               

(no name) - C:\WINDOWS\system32\xunleibho_v5.dll - {0005A87D-D626-4B3A-84F9-1D9571695F55}
(no name) - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll (file missing) - {28CAEFF3-0F18-4036-B504-51D73BD81ABC}
(no name) - C:\PROGRA~1\FLASHGET\jccatch.dll - {A5366673-E8CA-11D3-9CD9-0090271D075B}
(no name) - C:\WINDOWS\system32\nvms.dll - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344}
(no name) - C:\PROGRA~1\3721\Assist\asbar.dll - {BB936323-19FA-4521-BA29-ECA6A121BC78}
(no name) - C:\WINDOWS\system32\mscb.dll - {CE188402-6EE7-4022-8868-AB25173A3E14}
IE - C:\WINDOWS\downlo~1\CnsHook.dll - {D157330A-9EF3-49F8-9A67-4141AC41ADD4}
(no name) - C:\PROGRA~1\FlashFXP\IEFlash.dll - {E5A1691B-D188-4419-AD02-90002030B8EE}
(no name) - C:\WINDOWS\system32\msbe.dll - {F4E04583-354E-4076-BE7D-ED6A80FD66DA}

--------------------------------------------------

列举“计划任务”服务:                   

*No jobs found*

--------------------------------------------------

列举下载的程序文件：                       

[Edit Class]
InProcServer32 = C:\WINDOWS\system32\CMBEdit.dll
CODEBASE = https://www.sz1.cmbchina.com/download/CMBEdit.cab

[KX-HCM10 Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\kxhcm10.ocx
CODEBASE = http://sakura777.miemasu.net/kxhcm10.ocx

[XIsOro Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\XISORO~1.OCX
CODEBASE = http://www.sinago.com/download/OroCheck.cab

[MSN Photo Upload Tool]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
CODEBASE = http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\macromed\flash\Flash.ocx
CODEBASE = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[{EC51659D-721F-4CBF-9CEA-5E776D89CEA9}]
CODEBASE = http://www.pacimedia.com/install/pcs_0029.exe

--------------------------------------------------

列举 Winsock LSP 文件：           

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
NameSpace #4: C:\WINDOWS\system32\wshbth.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll
Protocol #18: C:\WINDOWS\system32\mswsock.dll
Protocol #19: C:\WINDOWS\system32\mswsock.dll
Protocol #20: C:\WINDOWS\system32\mswsock.dll
Protocol #21: C:\WINDOWS\system32\mswsock.dll
Protocol #22: C:\WINDOWS\system32\mswsock.dll
Protocol #23: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\PROGRA~1\3721\3721\MENUINFO.DLL => C:\PROGRA~1\3721\shell\MenuInfo.dll|C:\PROGRA~1\3721\3721\IEANGEL.DLL => C:\PROGRA~1\3721\shell\IEAngel.dll|C:\PROGRA~1\3721\3721\ASMENU.DLL => C:\PROGRA~1\3721\shell\AsMenu.dll|C:\WINDOWS\downlo~1\CnsInst.dll||C:\WINDOWS\downlo~1\3721\cns1u.cpr||C:\WINDOWS\downlo~1\CnsDtu.dll||C:\PROGRA~1\3721\3721\helper.dll => C:\PROGRA~1\3721\helper.dll|C:\WINDOWS\downlo~1\autolive.dll => C:\PROGRA~1\3721\autolive.dll|C:\WINDOWS\downlo~1\autolive.dll => C:\PROGRA~1\3721\autolive.dll|C:\WINDOWS\downlo~1\autolive.dll


--------------------------------------------------

列举 ShellServiceObjectDelayLoad 项目：           

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll

--------------------------------------------------
注册表中的启动项:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

* 未找到值 *       

--------------------------------------------------

注册表中的启动项:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

* 未找到相关注册表键值 *         

--------------------------------------------------

报告完毕，共 17,810 字节         
报告生成用时：0.701秒     

Command line options:
  /verbose  - to add additional info on each section
  /complete - to include empty sections and unsuspicious data
  /full    - to include several rarely-important sections
  /force9x  - to include Win9x-only startups even if running on WinNT
  /forcent  - to include WinNT-only startups even if running on Win9x
  /forceall - to include all Win9x and WinNT startups, regardless of platform
  /history  - to list version history only

我用HijackThis生成启动项列表,就是上面的两楼的东西,帮分析下,谢谢

HijackThis_zww汉化版扫描日志 V1.99.1
保存于      21:27:57, 日期 2005-8-4
操作系统：  Windows XP SP2 (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\KAV6\KAVSvc.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\flexlm\SolidWorks SolidNetWork License Manager\lmgrd.exe
C:\WINDOWS\system32\svchost.exe
C:\flexlm\SolidWorks SolidNetWork License Manager\SW_D.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\KAV6\Kulansyn.EXE
C:\KAV6\KWatchUI.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\KAV6\MailMon.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\KAV6\KPopMon.EXE
C:\Program Files\Nokia\PC Suite for Nokia 3660\connmngmntbox.exe
C:\Program Files\Nokia\PC Suite for Nokia 3660\ectaskscheduler.exe
C:\KAV6\KAVPlus.EXE
D:\软件安装区\应用软件\Microtek\ScanWizard 5\ScannerFinder.exe
C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\3721\assistse.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\软件安装区\应用软件\QQ.EXE
D:\软件安装区\应用软件\TIMPlatform.exe
D:\软件安装程序\HijackThis1991汉化版\HijackThis1991zww.exe

R3 - URLSearchHook: assist - {1B0E7716-898E-48cc-9690-4E338E8DE1D3} - C:\PROGRA~1\3721\Assist\assist.dll
R3 - URLSearchHook: 上网助手 - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\PROGRA~1\3721\Assist\asbar.dll
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v5.dll
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll (file missing)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\system32\nvms.dll
O2 - BHO: AssistII - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\PROGRA~1\3721\Assist\asbar.dll
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\system32\mscb.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\CnsHook.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\system32\msbe.dll
O3 - IE工具栏增项: 上网助手 - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\PROGRA~1\3721\Assist\asbar.dll
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - 启动项HKLM\\Run: [SoundMan] SOUNDMAN.EXE
O4 - 启动项HKLM\\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - 启动项HKLM\\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - 启动项HKLM\\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - 启动项HKLM\\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - 启动项HKLM\\Run: [ServiceLayer] C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
O4 - 启动项HKLM\\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - 启动项HKLM\\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - 启动项HKLM\\Run: [KAVRun] C:\KAV6\KAVRun.EXE
O4 - 启动项HKLM\\Run: [Kulansyn] C:\KAV6\Kulansyn.EXE
O4 - 启动项HKLM\\Run: [PS1] C:\WINDOWS\system32\ps1.exe
O4 - 启动项HKLM\\Run: [exp.exe] rem C:\WINDOWS\system32\exp.exe
O4 - 启动项HKLM\\Run: [VBouncer] C:\PROGRA~1\VBOUNCER\VirtualBouncer.exe
O4 - 启动项HKLM\\Run: [WeirdOnTheWeb] "C:\Program Files\WeirdOnTheWeb\WeirdOnTheWeb.exe"
O4 - 启动项HKLM\\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe
O4 - 启动项HKLM\\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - 启动项HKLM\\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe
O4 - 启动项HKLM\\Run: [CashBack] C:\Program Files\CashBack\bin\cashback.exe
O4 - 启动项HKLM\\Run: [] C:\WINDOWS\system32\conPragrs.exe
O4 - 启动项HKLM\\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - 启动项HKLM\\Run: [assistse] "C:\PROGRA~1\3721\assistse.exe"
O4 - 启动项HKLM\\Run: [CnsMin] Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
O4 - 启动项HKLM\\RunOnce: [3721C:\PROGRA~1\3721\autolive.dll455004] regsvr32 /s C:\PROGRA~1\3721\autolive.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [KpopMon] C:\KAV6\KPopMon.EXE
O4 - Startup: 腾讯QQ.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PCSuiteForNokia3650 Detect.lnk = ?
O4 - Global Startup: PCSuiteForNokia3650 TS.lnk = ?
O4 - Global Startup: Microtek 扫描仪探测器.lnk = ?
O8 - IE右键菜单中的新增项目: !搜一搜 - res://C:\WINDOWS\downlo~1\CnsMinEx.dll/1003
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - D:\软件安装区\应用软件\Thunder Network\Thunder\geturl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - D:\软件安装区\应用软件\Thunder Network\Thunder\getAllurl.htm
O8 - IE右键菜单中的新增项目: 下载编码内容(&D.S.Lite) - D:\未处理的东西\DSLite2.07.44\DSLite2\dl_text.html
O8 - IE右键菜单中的新增项目: 下载编码文件内容(&D.S.Lite) - D:\未处理的东西\DSLite2.07.44\DSLite2\dl_url.html
O8 - IE右键菜单中的新增项目: 使用影音传送带下载 - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - IE右键菜单中的新增项目: 使用影音传送带下载全部链接 - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - IE右键菜单中的新增项目: 导出到 Microsoft Excel(&x) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - D:\软件安装区\应用软件\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\软件安装区\应用软件\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - D:\软件安装区\应用软件\SendMMS.htm
O9 - 浏览器额外的按钮: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm (file missing)
O9 - 浏览器额外的按钮: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - 浏览器额外的按钮: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://hot.3721.com/rd/shop_btn.htm (file missing)
O9 - 浏览器额外的按钮: 上网助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.3721.com/index.htm?fb=Cns (file missing)
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\软件安装区\应用软件\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\软件安装区\应用软件\QQ.EXE
O9 - 浏览器额外的按钮: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - 浏览器额外的“工具”菜单项: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - 浏览器额外的按钮: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\软件安装区\应用软件\QQIEHelper.dll
O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\软件安装区\应用软件\QQIEHelper.dll
O9 - 浏览器额外的按钮: 金山毒霸网站 - {e1fc9760-7b95-49cd-80b9-8c9e41017b93} - url:http://www.duba.net (file missing)
O9 - 浏览器额外的按钮: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - 浏览器额外的按钮: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - 浏览器额外的“工具”菜单项: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - 浏览器额外的按钮: 在线查毒 - {f58d36c3-40be-4418-a786-d8fbe3eb3554} - C:\KAV6\kavie.htm
O9 - 浏览器额外的按钮: D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - D:\未处理的东西\DSLite2.07.44\DSLite2\DSLite.exe
O9 - 浏览器额外的“工具”菜单项: &D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - D:\未处理的东西\DSLite2.07.44\DSLite2\DSLite.exe
O9 - 浏览器额外的按钮: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - 浏览器额外的“工具”菜单项: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - 浏览器额外的按钮: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - 浏览器额外的“工具”菜单项: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O11 - Options group: [!CNS]  上网助手-地址栏搜索
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) - https://www.sz1.cmbchina.com/download/CMBEdit.cab
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://sakura777.miemasu.net/kxhcm10.ocx
O16 - DPF: {48FE89A0-486C-48DF-9DEC-BED22BDC6057} (XIsOro Control) - http://www.sinago.com/download/OroCheck.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {EC51659D-721F-4CBF-9CEA-5E776D89CEA9} - http://www.pacimedia.com/install/pcs_0029.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E7F354D-167E-49EB-AA7B-07DD83B8BA80}: NameServer = 192.168.0.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{E5031D47-5711-4602-9F2B-5D479C94574C}: NameServer = 202.106.0.20 202.106.46.151
O17 - HKLM\System\CS1\Services\Tcpip\..\{0E7F354D-167E-49EB-AA7B-07DD83B8BA80}: NameServer = 192.168.0.10
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - NT 服务: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - NT 服务: Kingsoft AntiVirus Service (KAVSvc) - kingsoft Antivirus - C:\KAV6\KAVSvc.EXE
O23 - NT 服务: SolidWorks SolidNetWork License Manager - Macrovision Corporation - C:\flexlm\SolidWorks SolidNetWork License Manager\lmgrd.exe
O23 - NT 服务: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe

谁能帮看一下~谢谢