2006-08-13,16:55:27

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><E:\WINDOWS\system32\ctfmon.exe>  [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <CdnCtr><E:\Program Files\CNNIC\Cdn\cdnup.exe>  []
    <RavTask><"E:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <YOKAssiant><Rundll32.exe E:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll,YOKAssiant>  [www.YOK.com]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <DTService><rundll32.exe E:\WINDOWS\system32\soundmix.dll,Load>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><E:\WINDOWS\system32\userinit.exe,E:\WINDOWS\system32\mouser.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <_{AEB6717E-7E19-11d0-97EE-00C04FD91972}><>  []
    <{D157330A-9EF3-49F8-9A67-4141AC41ADD4}><>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <DelayRun><E:\WINDOWS\system32\5f7da3d0.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <ATIPTA><; E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe>  [ATI Technologies, Inc.]
    <bgoomain.exe><; E:\PROGRA~1\baigoo\bgoomain.exe>  [BGoo]
    <BigDogPath><; E:\WINDOWS\VM_STI.EXE FAMETECH USB PC CAMERA>  []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <BitTorrent><; "E:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <BMMLREF><; E:\Program Files\ThinkPad\Utilities\BMMLREF.EXE>  []

<BMMMONWND><; rundll32.exe E:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor>  []
    <CnsMHlp.exe><; E:\WINDOWS\Downloaded Program files\CnsMHlp.exe>  []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><; E:\WINDOWS\system32\ctfmon.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <EZEJMNAP><; E:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe>  [IBM Corp.]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <Google Desktop Search><; "E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup>  []
    <H/PC Connection Agent><; "E:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE">  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <helper.dll><; E:\WINDOWS\system32\rundll32.exe E:\PROGRA~1\3721\helper.dll,Rundll32>  []
    <IESAddr><; E:\WINDOWS\system32\rundll32.exe E:\PROGRA~1\3721\helper.dll,Rundll32>  []
    <inetsvr><; E:\Program Files\ieup\inetsvr.exe>  []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <Instant Access><; E:\WINDOWS\system32\procia.exe /run>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <KernelFaultCheck><; %systemroot%\system32\dumprep 0 -k>  []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <MSMSGS><; "E:\Program Files\Messenger\msmsgs.exe" /background>  [Microsoft Corporation]
    <msnmsgr><; "C:\Program Files\MSN Messenger\msnmsgr.exe" /background>  []
    <msq><; E:\WINDOWS\system32\iExplorer.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <PHIME2002A><; E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [Microsoft Corporation]
    <PHIME2002ASync><; E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [Microsoft Corporation]
    <popo2004><; E:\Program Files\Netease\popo2004\Start.exe>  [网易(163.com)]
    <QCWLIcon><; E:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE>  [IBM Corp.]
    <RavTask><; "E:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <res><; rem E:\WINDOWS\system32\res.exe>  []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <RTEGPRS><; "C:\Program Files\Common Files\RTE\RTEGPRS.exe" tray>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <SoundMAX><; "E:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray>  [Analog Devices, Inc.]
    <SoundMAXPnP><; E:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe>  [Analog Devices, Inc.]
    <spoolsv><; >  []
    <StormCodec_Helper><; "E:\Program Files\Storm Codec\StormSet.exe" /S /opti>  []
    <SynTPEnh><; E:\Program Files\Synaptics\SynTP\SynTPEnh.exe>  [Synaptics, Inc.]
    <SynTPLpr><; E:\Program Files\Synaptics\SynTP\SynTPLpr.exe>  [Synaptics, Inc.]
    <Thunder><; "E:\Program Files\Thunder Network\Thunder\ThunderShell.exe" /s>  [Thunder Networking Technologies,LTD]
    <TkBellExe><; rem "E:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  []
    <TPHOTKEY><; E:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe>  []
    <TPKMAPHELPER><; E:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper>  [IBM Corp.]
    <Update><; E:\Program Files\Common Files\UPDAT\Update.exe>  []
    <WinampAgent><; rem E:\Program Files\Winamp\winampa.exe>  []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <Xplus><; "E:\Program Files\Xplus\Xplus_Wait.exe" /min>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <yassistse><; rem "E:\PROGRA~1\Yahoo!\Assistant\yassistse.exe">  [Yahoo! China]
    <YLive.exe><; rem E:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe>  [Yahoo! China]
    <YOKAssiant><; Rundll32.exe E:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll,YOKAssiant>  [www.YOK.com]
    <娱乐助手><; E:\PROGRA~1\ylzs\ylzs.exe>  [娱乐助手]
    <娱乐助手升级程序><; E:\PROGRA~1\COMMON~1\ylzs\upylzs.exe>  [www.pp265.com]

==================================
启动文件夹
服务
[Local Connection Manager / 8NASCAR]
  <E:\WINDOWS\SYSTEM32\RUNDLL32.EXE E:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A>
[Ati HotKey Poller / Ati HotKey Poller]
  <E:\WINDOWS\system32\Ati2evxx.exe><N/A>
[IBM PM Service / IBMPMSVC]
  <E:\WINDOWS\system32\ibmpmsvc.exe><N/A>
[NetWork Download / NetworkWUP]
  <E:\WINDOWS\system32\WinMgmt.exe><N/A>
[QCONSVC / QCONSVC]
  <System32\QCONSVC.EXE><IBM Corp.>
[RegSrvc / RegSrvc]
  <E:\WINDOWS\system32\RegSrvc.exe><Intel Corporation>
[Rising Process Communication Center / RsCCenter]
  <"E:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Spectrum24 Event Monitor / S24EventMonitor]
  <E:\WINDOWS\system32\S24EvMon.exe><Intel Corporation>
[Network ConnectionPPO2 / ServicePPO2]
  <E:\WINDOWS\popo\server.exe><N/A>
[SoundMAX Agent Service / SoundMAX Agent Service (default)]
  <E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>
[IBM KCU Service / TpKmpSVC]
  <E:\WINDOWS\system32\TpKmpSVC.exe><N/A>

==================================
浏览器加载项
[Shockwave Flash Object]
  {14A21378-5BB1-4BC4-95D5-5D3F51527F6F} <E:\WINDOWS\system32\smflash.ocx, Macromedia, Inc.>
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <E:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[YOK超级搜索]
  {75FE2B5A-D3A4-4EFA-AC11-ADC9C9459688} <E:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll, www.YOK.com>
[BandIE Class]
  {77FEF28E-EB96-44FF-B511-3185DEA48697} <E:\Progra~1\Baidu\bar\BaiDuBar.dll, Baidu.com, Inc.>
[Status Class]
  {7BDAF75A-0D6F-4F50-AFE9-333D08DF4005} <E:\Program Files\baigoo\BGooBHO.dll, >
[Yahoo 3.5G电邮]
  {507F9113-CD77-4866-BA92-0E86DA3D0B97}? <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail, N/A>
[寻宝乐趣多]
  {59BC54A2-56B3-44a0-93E5-432D58746E26}? <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=taobao, N/A>
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <E:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[雅虎助手]
  {5D73EE86-05F1-49ed-B850-E423120EC338}? <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist, N/A>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[情景聊天]
  {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}? <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg, N/A>
[]
  {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71}? <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair, N/A>
[YOK超级搜索]
  {F869BB38-FFEF-4589-B986-610B7AD0ADA2}? <http://www.yok.com, N/A>
[]
  {FD00D911-7529-4084-9946-A29F1BDF4FE5}? <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean, N/A>
[访问瑞星网站]
  {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E444} <http://www.rising.com.cn/?u=RSTB, N/A>
[访问卡卡社区]
  {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E445} <http://www.ikaka.com/?u=RSTB, N/A>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <E:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[百度超级搜霸]
  {B580CF65-E151-49C3-B73F-70B13FCA8E86} <E:\Progra~1\Baidu\bar\BaiDuBar.dll, Baidu.com, Inc.>
[YOK超级搜索]
  {F869BB38-FFEF-4589-B986-610B7AD0ADA2} <E:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll, www.YOK.com>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <E:\WINDOWS\system32\Macromed\Flash\Flash8a.ocx, Macromedia, Inc.>
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55} <E:\WINDOWS\system32\xunleibho_v14.dll, N/A>
[Shockwave Flash Object]
  {14A21378-5BB1-4BC4-95D5-5D3F51527F6F} <E:\WINDOWS\system32\smflash.ocx, Macromedia, Inc.>
[FltSetUp Class]

{1D49D58D-5C84-4B50-8359-D9809BEB2B32} <C:\Program Files\Internet Explorer\Connection Wizard\icwuti1.dll, N/A>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <E:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[Yahoo!Photo]
  {33BBE430-0E42-4F12-B075-8D21ACB10DCB} <E:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll, Yahoo! China>
[雅虎助手]
  {406F94F0-504F-4A40-8DFD-58B0666ABEBD} <E:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll, yahoo! china>
[Yahoo!Live]
  {57421194-58FB-49AE-9B4F-FD48869B9AD4} <E:\PROGRA~1\Yahoo!\ASSIST~1\YAlive.dll, yahoo! china>
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <E:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[DragSearch BHO]
  {62EED7C6-9F02-42F9-B634-98E2899E147B} <E:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, yahoo! china>
[系统标准按钮(&E)]
  {6B2455FD-3669-4555-8DF8-69FD5BC846F8} <E:\WINDOWS\system32\SystemToolbar.dll, N/A>
[YOK超级搜索]
  {75FE2B5A-D3A4-4EFA-AC11-ADC9C9459688} <E:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll, www.YOK.com>
[BandIE Class]
  {77FEF28E-EB96-44FF-B511-3185DEA48697} <E:\Progra~1\Baidu\bar\BaiDuBar.dll, Baidu.com, Inc.>
[Status Class]
  {7BDAF75A-0D6F-4F50-AFE9-333D08DF4005} <E:\Program Files\baigoo\BGooBHO.dll, >
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <E:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[WinSC Class]
  {9ACEEE31-1440-471B-AA46-72B061FE7D61} <E:\WINDOWS\system32\WinSC64.dll, N/A>
[Internet_Explorer_Service]
  {9E1E1371-9D8F-4421-81B9-F8D2E1773A59} <E:\WINDOWS\system32\HelperService.dll, N/A>
[RMGetLicense Class]
  {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <E:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <E:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[卡卡上网安全助手]
  {AFF6E516-CBE5-4F8A-9C2F-38A68013E766} <E:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[XBTP03129 Class]
  {B07D1F6B-6B8C-4904-8EE8-5E5A2B4624B3} <E:\PROGRA~1\MICRSO~1\SEARCH~1.DLL, IE Toolbar>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[百度超级搜霸]
  {B580CF65-E151-49C3-B73F-70B13FCA8E86} <E:\Progra~1\Baidu\bar\BaiDuBar.dll, Baidu.com, Inc.>
[Flash 8 ocx ]
  {B8CCDD47-38E4-4CD2-B7FA-3B4B690F74BD} <E:\WINDOWS\system32\flash8.dll, MACROMEDlA>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <E:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
  {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <E:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <E:\WINDOWS\system32\Macromed\Flash\Flash8a.ocx, Macromedia, Inc.>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <E:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[KdiUcofm Class]
  {EA4BC1B6-C454-157F-1C8D-8CA71B6E8498} <E:\WINDOWS\DOWNLO~1\amsgz.dll, fkigrsoft>
[BHelper Class]
  {F2E37336-BFDB-409B-8D0E-6F013C438B20} <E:\WINDOWS\system\5f7oa3d0.dll, N/A>
[WMHlprObj Class]
  {F5824EFB-728A-4726-A5A5-85A68B20EDC3} <E:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll, N/A>
[YOK超级搜索]
  {F869BB38-FFEF-4589-B986-610B7AD0ADA2} <E:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll, www.YOK.com>
[assist]
  {FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} <E:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yassist.dll, Yahoo! China>

==================================
正在运行的进程

[PID: 648][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 724][\??\E:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 776][\??\E:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 820][E:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [E:\WINDOWS\system32\secur.dll]  <><4, 0, 0, 0>
[PID: 832][E:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 984][E:\WINDOWS\system32\ibmpmsvc.exe]  <N/A><N/A>
[PID: 1024][E:\WINDOWS\system32\Ati2evxx.exe]  <N/A><N/A>
[PID: 1040][E:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1120][E:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [E:\WINDOWS\system32\secur.dll]  <><4, 0, 0, 0>
    [E:\WINDOWS\system32\cdnns.dll]  <CNNIC><2, 0, 0, 0>
[PID: 1212][E:\Program Files\Rising\Rav\CCenter.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 1228][E:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [E:\WINDOWS\system32\secur.dll]  <><4, 0, 0, 0>
    [E:\WINDOWS\system32\cdnns.dll]  <CNNIC><2, 0, 0, 0>
[PID: 1316][E:\WINDOWS\system32\S24EvMon.exe]  <Intel Corporation ><7, 1, 3, 0>
[PID: 1412][E:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1476][E:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1668][E:\WINDOWS\system32\spoolsv.exe]  <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
    [E:\WINDOWS\system32\cdnns.dll]  <CNNIC><2, 0, 0, 0>
[PID: 1848][E:\WINDOWS\system32\mouser.exe]  <N/A><N/A>
    [E:\WINDOWS\system32\secur.dll]  <><4, 0, 0, 0>
    [E:\WINDOWS\system32\cdnns.dll]  <CNNIC><2, 0, 0, 0>
    [E:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <Yahoo! China><3, 0, 2, 1020>
    [E:\PROGRA~1\baigoo\bgoohk.dll]  < ><1, 0, 0, 1007>
[PID: 1888][E:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [E:\WINDOWS\system32\soundmix.dll]  <><1, 4, 0, 0>
    [E:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <Yahoo! China><3, 0, 2, 1020>
    [E:\PROGRA~1\baigoo\bgoohk.dll]  < ><1, 0, 0, 1007>
    [E:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll]  <www.YOK.com><2.0.1.7>
    [E:\WINDOWS\system32\ext\dtdl.dll]  <N/A><N/A>
    [E:\WINDOWS\system32\ext\dtsm.dll]  <N/A><N/A>
    [E:\WINDOWS\system32\cdnns.dll]  <CNNIC><2, 0, 0, 0>
    [E:\WINDOWS\system32\secur.dll]  <><4, 0, 0, 0>
[PID: 224][E:\WINDOWS\SYSTEM32\RUNDLL32.EXE]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 332][E:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 416][E:\WINDOWS\system32\WinMgmt.exe]  <N/A><N/A>
[PID: 436][E:\WINDOWS\system32\iexplorer.exe]  <N/A><N/A>
    [E:\WINDOWS\system32\cdnns.dll]  <CNNIC><2, 0, 0, 0>
    [E:\WINDOWS\system32\secur.dll]  <><4, 0, 0, 0>
[PID: 500][E:\WINDOWS\System32\QCONSVC.EXE]  <IBM Corp.><3, 5, 3, 0>
[PID: 556][E:\WINDOWS\system32\RegSrvc.exe]  <Intel Corporation><4, 1, 0, 0>
[PID: 580][E:\PROGRA~1\baigoo\bgoomain.exe]  <BGoo><1, 0, 0, 1006>
    [E:\PROGRA~1\baigoo\bgoohk.dll]  < ><1, 0, 0, 1007>
    [E:\PROGRA~1\baigoo\bgooex.dll]  <><1, 0, 0, 1007>
[PID: 636][E:\PROGRA~1\Yahoo!\Assistant\yassistse.exe]  <Yahoo! China><3, 0, 0, 1001>
    [E:\PROGRA~1\Yahoo!\Assistant\shell\yAsMenu.dll]  <Yahoo! China><3, 0, 0, 1001>
    [E:\PROGRA~1\Yahoo!\Assistant\shell\yIEAngel.dll]  <Yahoo! China><3, 0, 0, 1000>
    [E:\PROGRA~1\Yahoo!\Assistant\shell\yMenuInfo.dll]  <Yahoo! China><3, 0, 0, 1000>
[PID: 1104][E:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe]  <Yahoo! China><3, 0, 1, 1007>
    [E:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <Yahoo! China><3, 0, 2, 1020>
    [E:\PROGRA~1\baigoo\bgoohk.dll]  < ><1, 0, 0, 1007>
    [E:\PROGRA~1\Yahoo!\ASSIST~1\YAlive.dll]  <yahoo! china><3, 2, 4, 1073>
    [E:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]  <Yahoo! China><3, 0, 1, 1010>
    [E:\PROGRA~1\Yahoo!\ASSIST~1\ynotifier.dll]  <yahoo! china><3, 0, 0, 1000>
[PID: 1148][E:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [E:\WINDOWS\system32\cdnns.dll]  <CNNIC><2, 0, 0, 0>
    [E:\WINDOWS\system32\secur.dll]  <><4, 0, 0, 0>
[PID: 1260][E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe]  <Analog Devices, Inc.><3, 2, 6, 0>
[PID: 1304][E:\Program Files\Rising\Rav\RavTask.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
    [E:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [E:\Program Files\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [E:\Program Files\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
    [E:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [E:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <Yahoo! China><3, 0, 2, 1020>
    [E:\PROGRA~1\baigoo\bgoohk.dll]  < ><1, 0, 0, 1007>
[PID: 1312][E:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1308][E:\WINDOWS\system32\TpKmpSVC.exe]  <N/A><N/A>
[PID: 1608][E:\WINDOWS\system32\ctfmon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [E:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <Yahoo! China><3, 0, 2, 1020>
    [E:\PROGRA~1\baigoo\bgoohk.dll]  < ><1, 0, 0, 1007>
[PID: 2180][E:\WINDOWS\System32\alg.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [E:\WINDOWS\system32\secur.dll]  <><4, 0, 0, 0>

[PID: 3172][E:\WINDOWS\system32\rundll32.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [E:\DOCUME~1\周建颂\TEMPLA~1\23e8db9\1.dll]  <千橡互联><3, 0, 1, 0>
    [E:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <Yahoo! China><3, 0, 2, 1020>
    [E:\PROGRA~1\baigoo\bgoohk.dll]  < ><1, 0, 0, 1007>
    [E:\DOCUME~1\周建颂\TEMPLA~1\23e8db9\3.dll]  <千橡互联><3, 0, 1, 0>
    [E:\DOCUME~1\周建颂\TEMPLA~1\23e8db9\4.dll]  <千橡互联><3, 0, 1, 0>
    [E:\WINDOWS\system32\cdnns.dll]  <CNNIC><2, 0, 0, 0>
    [E:\WINDOWS\system32\secur.dll]  <><4, 0, 0, 0>
[PID: 1944][E:\Program Files\Internet Explorer\iexplore.exe]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [E:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <Yahoo! China><3, 0, 2, 1020>
    [E:\PROGRA~1\Yahoo!\ASSIST~1\yscrblock.dll]  <Yahoo! China><3, 0, 0, 1000>
    [E:\PROGRA~1\baigoo\bgoohk.dll]  < ><1, 0, 0, 1007>
    [E:\PROGRA~1\Yahoo!\ASSIST~1\YAlive.dll]  <yahoo! china><3, 2, 4, 1073>
    [E:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]  <Yahoo! China><3, 0, 1, 1010>
    [E:\Progra~1\Baidu\bar\BaiDuBar.dll]  <Baidu.com, Inc.><2, 0, 2, 99>
    [E:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll]  <www.YOK.com><2.0.1.7>
    [E:\WINDOWS\system32\smflash.ocx]  <Macromedia, Inc.><9.0.25.0>
    [E:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll]  <Yahoo! China><3, 0, 1, 1001>
    [E:\PROGRA~1\CNNIC\Cdn\cdnforie.dll]  <CNNIC><2, 0, 0, 2>
    [E:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL]  <yahoo! china><3, 0, 0, 1000>
    [E:\Program Files\baigoo\BGooBHO.dll]  <><1, 0, 0, 1>
    [E:\PROGRA~1\MICRSO~1\SEARCH~1.DLL]  <IE Toolbar><1, 0, 0, 4>
    [E:\WINDOWS\system32\flash8.dll]  <MACROMEDlA><1, 4, 0, 0>
    [E:\WINDOWS\DOWNLO~1\amsgz.dll]  <fkigrsoft><1, 0, 0, 2>
    [E:\WINDOWS\system\5f7oa3d0.dll]  <N/A><N/A>
    [E:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yassist.dll]  <Yahoo! China><3, 0, 7, 1012>
    [E:\WINDOWS\system32\cdnns.dll]  <CNNIC><2, 0, 0, 0>
    [E:\WINDOWS\system32\secur.dll]  <><4, 0, 0, 0>
    [E:\PROGRA~1\baigoo\bgook.dll]  <BAIGOO.COM><1, 0, 0, 1007>
    [E:\PROGRA~1\baigoo\plugin\bgoobar\bgoobar.dll]  <BAIGOO><1, 0, 0, 1007>
    [E:\WINDOWS\system32\Macromed\Flash\Flash8a.ocx]  <Macromedia, Inc.><8,0,24,0>
[PID: 2076][E:\Program Files\Internet Explorer\iexplore.exe]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [E:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <Yahoo! China><3, 0, 2, 1020>
    [E:\PROGRA~1\Yahoo!\ASSIST~1\yscrblock.dll]  <Yahoo! China><3, 0, 0, 1000>
    [E:\PROGRA~1\baigoo\bgoohk.dll]  < ><1, 0, 0, 1007>
    [E:\PROGRA~1\Yahoo!\ASSIST~1\YAlive.dll]  <yahoo! china><3, 2, 4, 1073>
    [E:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]  <Yahoo! China><3, 0, 1, 1010>
    [E:\Progra~1\Baidu\bar\BaiDuBar.dll]  <Baidu.com, Inc.><2, 0, 2, 99>
    [E:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll]  <www.YOK.com><2.0.1.7>
    [E:\WINDOWS\system32\smflash.ocx]  <Macromedia, Inc.><9.0.25.0>
    [E:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll]  <Yahoo! China><3, 0, 1, 1001>
    [E:\PROGRA~1\CNNIC\Cdn\cdnforie.dll]  <CNNIC><2, 0, 0, 2>
    [E:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL]  <yahoo! china><3, 0, 0, 1000>
    [E:\Program Files\baigoo\BGooBHO.dll]  <><1, 0, 0, 1>
    [E:\PROGRA~1\MICRSO~1\SEARCH~1.DLL]  <IE Toolbar><1, 0, 0, 4>
    [E:\WINDOWS\system32\flash8.dll]  <MACROMEDlA><1, 4, 0, 0>
    [E:\WINDOWS\DOWNLO~1\amsgz.dll]  <fkigrsoft><1, 0, 0, 2>
    [E:\WINDOWS\system\5f7oa3d0.dll]  <N/A><N/A>
    [E:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yassist.dll]  <Yahoo! China><3, 0, 7, 1012>
    [E:\PROGRA~1\baigoo\bgook.dll]  <BAIGOO.COM><1, 0, 0, 1007>
    [E:\PROGRA~1\baigoo\plugin\bgoobar\bgoobar.dll]  <BAIGOO><1, 0, 0, 1007>
    [E:\WINDOWS\system32\cdnns.dll]  <CNNIC><2, 0, 0, 0>
    [E:\WINDOWS\system32\secur.dll]  <><4, 0, 0, 0>
    [E:\WINDOWS\system32\Macromed\Flash\Flash8a.ocx]  <Macromedia, Inc.><8,0,24,0>
[PID: 3636][E:\Program Files\WinRAR\WinRAR.exe]  <N/A><N/A>
    [E:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <Yahoo! China><3, 0, 2, 1020>
    [E:\PROGRA~1\baigoo\bgoohk.dll]  < ><1, 0, 0, 1007>
[PID: 3960][E:\DOCUME~1\周建颂\LOCALS~1\Temp\Rar$EX00.307\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>
    [E:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <Yahoo! China><3, 0, 2, 1020>
    [E:\PROGRA~1\baigoo\bgoohk.dll]  < ><1, 0, 0, 1007>
    [E:\WINDOWS\system32\cdnns.dll]  <CNNIC><2, 0, 0, 0>
    [E:\WINDOWS\system32\secur.dll]  <><4, 0, 0, 0>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["E:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

Logfile of HijackThis v1.99.1
Scan saved at 17:07:03, on 2006-8-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\ibmpmsvc.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Rising\Rav\CCenter.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\S24EvMon.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\SYSTEM32\RUNDLL32.EXE
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\WinMgmt.exe
E:\WINDOWS\system32\iexplorer.exe
E:\WINDOWS\System32\QCONSVC.EXE
E:\WINDOWS\system32\RegSrvc.exe
E:\PROGRA~1\baigoo\bgoomain.exe
E:\PROGRA~1\Yahoo!\Assistant\yassistse.exe
E:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
E:\Program Files\Rising\Rav\RavTask.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\TpKmpSVC.exe
E:\WINDOWS\system32\ctfmon.exe
E:\WINDOWS\System32\alg.exe
E:\WINDOWS\system32\rundll32.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\WinRAR\WinRAR.exe
E:\DOCUME~1\周建颂\LOCALS~1\Temp\Rar$EX00.637\HijackThis.exe

R3 - URLSearchHook: YOK Search Class - {88351CEF-BAC0-4A9B-8380-31A173E2926F} - E:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll
F2 - REG:system.ini: UserInit=E:\WINDOWS\system32\userinit.exe,E:\WINDOWS\system32\mouser.exe
O1 - Hosts: .
O1 - Hosts: .
O1 - Hosts: .
O1 - Hosts: .
O1 - Hosts: .
O1 - Hosts: .
O2 - BHO: ThunderIEHelper - {0005A87D-D626-4B3A-84F9-1D9571695F55}? - (no file)
O2 - BHO: Shockwave Flash Object - {14A21378-5BB1-4BC4-95D5-5D3F51527F6F} - E:\WINDOWS\system32\smflash.ocx
O2 - BHO: (no name) - {14A21378-5BB1-4BC4-95D5-5D3F51527F6F}? - (no file)
O2 - BHO: (no name) - {1D49D58D-5C84-4B50-8359-D9809BEB2B32}? - (no file)
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB}? - (no file)
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410}? - (no file)
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - E:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O2 - BHO: (no name) - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108}? - (no file)
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B}? - (no file)
O2 - BHO: YOK超级搜索 - {75FE2B5A-D3A4-4EFA-AC11-ADC9C9459688} - E:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll
O2 - BHO: (no name) - {75FE2B5A-D3A4-4EFA-AC11-ADC9C9459688}? - (no file)
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - E:\Progra~1\Baidu\bar\BaiDuBar.dll
O2 - BHO: (no name) - {77FEF28E-EB96-44FF-B511-3185DEA48697}? - (no file)
O2 - BHO: bg - {7BDAF75A-0D6F-4F50-AFE9-333D08DF4005} - E:\Program Files\baigoo\BGooBHO.dll
O2 - BHO: bg - {7BDAF75A-0D6F-4F50-AFE9-333D08DF4005}? - (no file)
O2 - BHO: NewWeb Controller - {9ACEEE31-1440-471B-AA46-72B061FE7D61}? - (no file)
O2 - BHO: (no name) - {9E1E1371-9D8F-4421-81B9-F8D2E1773A59}? - (no file)
O2 - BHO: XBTP03129 - {B07D1F6B-6B8C-4904-8EE8-5E5A2B4624B3}? - (no file)
O2 - BHO: (no name) - {B8CCDD47-38E4-4CD2-B7FA-3B4B690F74BD}? - (no file)
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4}? - (no file)
O2 - BHO: (no name) - {D424FE4E-CAF9-4fdd-BC5F-E6E6B91D53BF} - (no file)
O2 - BHO: (no name) - {D424FE4E-CAF9-4fdd-BC5F-E6E6B91D53BF}? - (no file)
O2 - BHO: (no name) - {EA4BC1B6-C454-157F-1C8D-8CA71B6E8498}? - (no file)
O2 - BHO: (no name) - {F2E37336-BFDB-409B-8D0E-6F013C438B20}? - (no file)
O2 - BHO: (no name) - {F5824EFB-728A-4726-A5A5-85A68B20EDC3}? - (no file)

O2 - BHO: AssistHelper - {FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8}? - (no file)
O3 - Toolbar: (no name) - {6B2455FD-3669-4555-8DF8-69FD5BC846F8}? - (no file)
O3 - Toolbar: (no name) - {F869BB38-FFEF-4589-B986-610B7AD0ADA2}? - (no file)
O3 - Toolbar: (no name) - {B580CF65-E151-49C3-B73F-70B13FCA8E86}? - (no file)
O3 - Toolbar: (no name) - {406F94F0-504F-4A40-8DFD-58B0666ABEBD}? - (no file)
O3 - Toolbar: (no name) - {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89}? - (no file)
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - E:\WINDOWS\system32\kakatool.dll
O3 - Toolbar: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - E:\Progra~1\Baidu\bar\BaiDuBar.dll
O3 - Toolbar: YOK超级搜索 - {F869BB38-FFEF-4589-B986-610B7AD0ADA2} - E:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll
O4 - HKLM\..\Run: [CdnCtr] E:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - HKLM\..\Run: [RavTask] ; "E:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [YOKAssiant] ; Rundll32.exe E:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll,YOKAssiant
O4 - HKLM\..\Run: [ATIPTA] ; E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [bgoomain.exe] ; E:\PROGRA~1\baigoo\bgoomain.exe
O4 - HKLM\..\Run: [BigDogPath] ; E:\WINDOWS\VM_STI.EXE FAMETECH USB PC CAMERA
O4 - HKLM\..\Run: [BMMLREF] ; E:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] ; rundll32.exe E:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [CnsMHlp.exe] ; E:\WINDOWS\Downloaded Program files\CnsMHlp.exe
O4 - HKLM\..\Run: [EZEJMNAP] ; E:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [helper.dll] ; E:\WINDOWS\system32\rundll32.exe E:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [IESAddr] ; E:\WINDOWS\system32\rundll32.exe E:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [inetsvr] ; E:\Program Files\ieup\inetsvr.exe
O4 - HKLM\..\Run: [KernelFaultCheck] ; %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [PHIME2002A] ; E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PHIME2002ASync] ; E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [popo2004] ; E:\Program Files\Netease\popo2004\Start.exe
O4 - HKLM\..\Run: [QCWLIcon] ; E:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [res] ; rem E:\WINDOWS\system32\res.exe
O4 - HKLM\..\Run: [SoundMAX] ; "E:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SoundMAXPnP] ; E:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [spoolsv] ;
O4 - HKLM\..\Run: [StormCodec_Helper] ; "E:\Program Files\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [SynTPEnh] ; E:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynTPLpr] ; E:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [Thunder] ; "E:\Program Files\Thunder Network\Thunder\ThunderShell.exe" /s
O4 - HKLM\..\Run: [TkBellExe] ; rem "E:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [TPHOTKEY] ; E:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] ; E:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [Update] ; E:\Program Files\Common Files\UPDAT\Update.exe
O4 - HKLM\..\Run: [WinampAgent] ; rem E:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [yassistse] ; rem "E:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - HKLM\..\Run: [YLive.exe] ; rem E:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [娱乐助手] ; E:\PROGRA~1\ylzs\ylzs.exe
O4 - HKLM\..\Run: [娱乐助手升级程序] ; E:\PROGRA~1\COMMON~1\ylzs\upylzs.exe
O4 - HKCU\..\Run: [ctfmon.exe] ; E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] ; "E:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Google Desktop Search] ; "E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [H/PC Connection Agent] ; "E:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Instant Access] ; E:\WINDOWS\system32\procia.exe /run
O4 - HKCU\..\Run: [MSMSGS] ; "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] ; "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [msq] ; E:\WINDOWS\system32\iExplorer.exe
O4 - HKCU\..\Run: [RTEGPRS] ; "C:\Program Files\Common Files\RTE\RTEGPRS.exe" tray
O4 - HKCU\..\Run: [Xplus] ; "E:\Program Files\Xplus\Xplus_Wait.exe" /min
O9 - Extra button: Yahoo 3.5G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97}? - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail (file missing)
O9 - Extra button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26}? - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=taobao (file missing)
O9 - Extra button: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - E:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra 'Tools' menuitem: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - E:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra button: (no name) - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108}? - (no file)
O9 - Extra button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338}? - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm (file missing)
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}? - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71}? - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71}? - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra button: YOK超级搜索 - {F869BB38-FFEF-4589-B986-610B7AD0ADA2}? - http://www.yok.com (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5}? - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5}? - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O9 - Extra button: 访问瑞星网站 - {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E444} - http://www.rising.com.cn/?u=RSTB (file missing)
O9 - Extra button: 访问卡卡社区 - {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E445} - http://www.ikaka.com/?u=RSTB (file missing)
O10 - Unknown file in Winsock LSP: e:\windows\system32\cdnns.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\secur.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\secur.dll
O11 - Options group: [CDNCLIENT]  中文上网

O17 - HKLM\System\CCS\Services\Tcpip\..\{A0F47F3C-F291-4180-B98B-71C388C21A28}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{A0F47F3C-F291-4180-B98B-71C388C21A28}: NameServer = 192.168.1.1
O21 - SSODL: DelayRun - {5A6F2F95-3191-433B-8533-EB0B596A7BAC} - E:\WINDOWS\system32\5f7da3d0.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - E:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: NetWork Download (NetworkWUP) - Unknown owner - E:\WINDOWS\system32\WinMgmt.exe
O23 - Service: QCONSVC - IBM Corp. - E:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: RegSrvc - Intel Corporation - E:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - E:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - E:\WINDOWS\system32\S24EvMon.exe
O23 - Service: Network ConnectionPPO2 (ServicePPO2) - Unknown owner - E:\WINDOWS\popo\server.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - E:\WINDOWS\system32\TpKmpSVC.exe

Logfile of HijackThis v1.99.1
Scan saved at 17:14:13, on 2006-8-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

运行进程:           
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\ibmpmsvc.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Rising\Rav\CCenter.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\S24EvMon.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\SYSTEM32\RUNDLL32.EXE
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\WinMgmt.exe
E:\WINDOWS\system32\iexplorer.exe
E:\WINDOWS\System32\QCONSVC.EXE
E:\WINDOWS\system32\RegSrvc.exe
E:\PROGRA~1\baigoo\bgoomain.exe
E:\PROGRA~1\Yahoo!\Assistant\yassistse.exe
E:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
E:\Program Files\Rising\Rav\RavTask.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\TpKmpSVC.exe
E:\WINDOWS\system32\ctfmon.exe
E:\WINDOWS\System32\alg.exe
E:\WINDOWS\system32\rundll32.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\WinRAR\WinRAR.exe
E:\DOCUME~1\周建颂\LOCALS~1\Temp\Rar$EX02.738\HijackThis v1.99.1 汉化版\HijackThis.exe

R3 - URLSearchHook: YOK Search Class - {88351CEF-BAC0-4A9B-8380-31A173E2926F} - E:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll
F2 - REG:system.ini: UserInit=E:\WINDOWS\system32\userinit.exe,E:\WINDOWS\system32\mouser.exe
O1 - Hosts: .
O1 - Hosts: .
O1 - Hosts: .
O1 - Hosts: .
O1 - Hosts: .
O1 - Hosts: .
O2 - BHO: ThunderIEHelper - {0005A87D-D626-4B3A-84F9-1D9571695F55}? - (没有文件) 
O2 - BHO: Shockwave Flash Object - {14A21378-5BB1-4BC4-95D5-5D3F51527F6F} - E:\WINDOWS\system32\smflash.ocx
O2 - BHO: (no name) - {14A21378-5BB1-4BC4-95D5-5D3F51527F6F}? - (没有文件) 
O2 - BHO: (no name) - {1D49D58D-5C84-4B50-8359-D9809BEB2B32}? - (没有文件) 
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB}? - (没有文件) 
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410}? - (没有文件) 
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - E:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O2 - BHO: (no name) - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108}? - (没有文件) 
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B}? - (没有文件) 
O2 - BHO: YOK超级搜索 - {75FE2B5A-D3A4-4EFA-AC11-ADC9C9459688} - E:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll
O2 - BHO: (no name) - {75FE2B5A-D3A4-4EFA-AC11-ADC9C9459688}? - (没有文件) 
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - E:\Progra~1\Baidu\bar\BaiDuBar.dll
O2 - BHO: (no name) - {77FEF28E-EB96-44FF-B511-3185DEA48697}? - (没有文件) 
O2 - BHO: bg - {7BDAF75A-0D6F-4F50-AFE9-333D08DF4005} - E:\Program Files\baigoo\BGooBHO.dll
O2 - BHO: bg - {7BDAF75A-0D6F-4F50-AFE9-333D08DF4005}? - (没有文件) 
O2 - BHO: NewWeb Controller - {9ACEEE31-1440-471B-AA46-72B061FE7D61}? - (没有文件) 
O2 - BHO: (no name) - {9E1E1371-9D8F-4421-81B9-F8D2E1773A59}? - (没有文件) 
O2 - BHO: XBTP03129 - {B07D1F6B-6B8C-4904-8EE8-5E5A2B4624B3}? - (没有文件) 
O2 - BHO: (no name) - {B8CCDD47-38E4-4CD2-B7FA-3B4B690F74BD}? - (没有文件) 
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4}? - (没有文件) 
O2 - BHO: (no name) - {D424FE4E-CAF9-4fdd-BC5F-E6E6B91D53BF} - (没有文件) 
O2 - BHO: (no name) - {D424FE4E-CAF9-4fdd-BC5F-E6E6B91D53BF}? - (没有文件) 
O2 - BHO: (no name) - {EA4BC1B6-C454-157F-1C8D-8CA71B6E8498}? - (没有文件) 
O2 - BHO: (no name) - {F2E37336-BFDB-409B-8D0E-6F013C438B20}? - (没有文件) 
O2 - BHO: (no name) - {F5824EFB-728A-4726-A5A5-85A68B20EDC3}? - (没有文件) 
O2 - BHO: AssistHelper - {FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8}? - (没有文件) 
O3 - Toolbar: (no name) - {6B2455FD-3669-4555-8DF8-69FD5BC846F8}? - (没有文件) 
O3 - Toolbar: (no name) - {F869BB38-FFEF-4589-B986-610B7AD0ADA2}? - (没有文件) 
O3 - Toolbar: (no name) - {B580CF65-E151-49C3-B73F-70B13FCA8E86}? - (没有文件) 
O3 - Toolbar: (no name) - {406F94F0-504F-4A40-8DFD-58B0666ABEBD}? - (没有文件) 
O3 - Toolbar: (no name) - {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89}? - (没有文件) 
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - E:\WINDOWS\system32\kakatool.dll
O3 - Toolbar: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - E:\Progra~1\Baidu\bar\BaiDuBar.dll
O3 - Toolbar: YOK超级搜索 - {F869BB38-FFEF-4589-B986-610B7AD0ADA2} - E:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll
O4 - HKLM\..\Run: [CdnCtr] E:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - HKLM\..\Run: [RavTask] ; "E:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [YOKAssiant] ; Rundll32.exe E:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll,YOKAssiant
O4 - HKLM\..\Run: [ATIPTA] ; E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [bgoomain.exe] ; E:\PROGRA~1\baigoo\bgoomain.exe
O4 - HKLM\..\Run: [BigDogPath] ; E:\WINDOWS\VM_STI.EXE FAMETECH USB PC CAMERA
O4 - HKLM\..\Run: [BMMLREF] ; E:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] ; rundll32.exe E:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [CnsMHlp.exe] ; E:\WINDOWS\Downloaded Program files\CnsMHlp.exe
O4 - HKLM\..\Run: [EZEJMNAP] ; E:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [helper.dll] ; E:\WINDOWS\system32\rundll32.exe E:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [IESAddr] ; E:\WINDOWS\system32\rundll32.exe E:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [inetsvr] ; E:\Program Files\ieup\inetsvr.exe
O4 - HKLM\..\Run: [KernelFaultCheck] ; %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [PHIME2002A] ; E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PHIME2002ASync] ; E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [popo2004] ; E:\Program Files\Netease\popo2004\Start.exe
O4 - HKLM\..\Run: [QCWLIcon] ; E:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [res] ; rem E:\WINDOWS\system32\res.exe
O4 - HKLM\..\Run: [SoundMAX] ; "E:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SoundMAXPnP] ; E:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [spoolsv] ;
O4 - HKLM\..\Run: [StormCodec_Helper] ; "E:\Program Files\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [SynTPEnh] ; E:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynTPLpr] ; E:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [Thunder] ; "E:\Program Files\Thunder Network\Thunder\ThunderShell.exe" /s
O4 - HKLM\..\Run: [TkBellExe] ; rem "E:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [TPHOTKEY] ; E:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] ; E:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [Update] ; E:\Program Files\Common Files\UPDAT\Update.exe
O4 - HKLM\..\Run: [WinampAgent] ; rem E:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [yassistse] ; rem "E:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - HKLM\..\Run: [YLive.exe] ; rem E:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [娱乐助手] ; E:\PROGRA~1\ylzs\ylzs.exe
O4 - HKLM\..\Run: [娱乐助手升级程序] ; E:\PROGRA~1\COMMON~1\ylzs\upylzs.exe
O4 - HKCU\..\Run: [ctfmon.exe] ; E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] ; "E:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Google Desktop Search] ; "E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [H/PC Connection Agent] ; "E:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Instant Access] ; E:\WINDOWS\system32\procia.exe /run
O4 - HKCU\..\Run: [MSMSGS] ; "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] ; "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [msq] ; E:\WINDOWS\system32\iExplorer.exe