已删除: 广告程序 not-a-virus:AdWare.Win32.Cydoor 文件: C:\System Volume Information\_restore{D7CF3D9E-189B-4FD5-AB28-4C52C51EE0EE}\RP432\A0308303.dll/PECompact
已删除: 广告程序 not-a-virus:AdWare.Win32.Cydoor 文件: C:\System Volume Information\_restore{D7CF3D9E-189B-4FD5-AB28-4C52C51EE0EE}\RP432\A0308304.dll/PECompact
已删除: 广告程序 not-a-virus:AdWare.Win32.Dm.o 文件: C:\System Volume Information\_restore{D7CF3D9E-189B-4FD5-AB28-4C52C51EE0EE}\RP432\A0308317.dll/UPX
已删除: 木马程序 Trojan-Downloader.Win32.Delf.awi 文件: C:\System Volume Information\_restore{D7CF3D9E-189B-4FD5-AB28-4C52C51EE0EE}\RP434\A0310078.dll
已删除: 木马程序 Trojan-Downloader.Win32.Delf.awi 文件: C:\System Volume Information\_restore{D7CF3D9E-189B-4FD5-AB28-4C52C51EE0EE}\RP434\A0310079.exe
已删除: 木马程序 Trojan-Downloader.Win32.Delf.awi 文件: C:\System Volume Information\_restore{D7CF3D9E-189B-4FD5-AB28-4C52C51EE0EE}\RP434\A0310080.exe
已删除: 木马程序 Trojan-Downloader.Win32.Delf.awi 文件: C:\System Volume Information\_restore{D7CF3D9E-189B-4FD5-AB28-4C52C51EE0EE}\RP434\A0310081.dll
已删除: 木马程序 Trojan-Downloader.Win32.Delf.awi 文件: C:\System Volume Information\_restore{D7CF3D9E-189B-4FD5-AB28-4C52C51EE0EE}\RP434\A0310082.dll
已删除: 木马程序 Trojan-Downloader.Win32.Delf.awi 文件: C:\System Volume Information\_restore{D7CF3D9E-189B-4FD5-AB28-4C52C51EE0EE}\RP434\A0310083.exe
已删除: 木马程序 Trojan-Downloader.Win32.Delf.awi 文件: C:\System Volume Information\_restore{D7CF3D9E-189B-4FD5-AB28-4C52C51EE0EE}\RP434\A0310084.exe
已删除: 木马程序 Trojan-Downloader.Win32.Delf.awi 文件: C:\System Volume Information\_restore{D7CF3D9E-189B-4FD5-AB28-4C52C51EE0EE}\RP434\A0310085.exe
已删除: 木马程序 Trojan-Downloader.Win32.Delf.awi 文件: C:\System Volume Information\_restore{D7CF3D9E-189B-4FD5-AB28-4C52C51EE0EE}\RP434\A0310086.dll
已删除: 木马程序 Trojan-Downloader.NSIS.Agent.r 文件: F:\System Volume Information\_restore{D7CF3D9E-189B-4FD5-AB28-4C52C51EE0EE}\RP434\A0309992.exe/Stream/data0020/stream/Script
已删除: 广告程序 not-a-virus:AdWare.Win32.Cydoor 文件: E:\anycall game\AsdeGame\download\mahsetup.exe/WISE0007.BIN/cd_clint.dll/PECompact
已删除: 广告程序 not-a-virus:AdWare.Win32.Cydoor 文件: E:\anycall game\AsdeGame\download\mahsetup.exe/WISE0007.BIN/cd_htm.dll/PECompact
已删除: 广告程序 not-a-virus:AdWare.Win32.Cydoor 文件: E:\anycall game\AsdeGame\download\triadsetup.exe/WISE0007.BIN
已删除: 广告程序 not-a-virus:AdWare.Win32.Cydoor 文件: E:\anycall game\AsdeGame\download\junqisetup.exe/WISE0008.BIN
已删除: 广告程序 not-a-virus:AdWare.Win32.Cydoor 文件: E:\anycall game\AsdeGame\download\suohasetup.exe/WISE0007.BIN
已删除: 广告程序 not-a-virus:AdWare.Win32.Agent.x 文件: E:\qq\qq2006beta2sp1full.exe/stream/data2249/UPX/file0.dat
已删除: 广告程序 not-a-virus:AdWare.Win32.Cydoor 文件: F:\anycal soft\FLASHGET\fg160.exe/WISE0015.BIN/cd_clint.dll/PECompact
已删除: 广告程序 not-a-virus:AdWare.Win32.Boran.e 文件: F:\anycal soft\暴风影音\StormCodec6.04.08.exe/stream/data0023/data0003/UPX
已删除: 木马程序 Trojan-Downloader.JS.IstBar.ai 文件: F:\cc\新建文件夹\IE临时文件夹\Temporary Internet Files\Content.IE5\9XCDF431\picqic2[1].htm
已检测到: 风险软件 Trojan.generic 运行进程: C:\Documents and Settings\Bluewater\Local Settings\Temp\g0ld.com




Logfile of HijackThis v1.99.1
Scan saved at 0:16:31, on 2006-9-12
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
F:\angelgao wg\木马杀客\木马杀客\mmsk.exe
C:\WINDOWS\System32\rundll32.exe
E:\卡巴斯基\Kaspersky Anti-Virus Personal\avp.exe
E:\卡巴斯基\Kaspersky Anti-Virus Personal\avp.exe
F:\angelgao wg\系统日志扫描\HijackThis.exe

O2 - BHO: QQBrowserHelperObject Class - {54EBD53A-9BC1-480B-966A-843A333CA162} - E:\qq\QQIEHelper.dll
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\baidubar.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: BHelper Class - {F2E37336-BFDB-409B-8D0E-6F013C438B20} - C:\WINDOWS\System32\6baoe4c0.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\baidubar.dll
O3 - Toolbar: 超级兔子上网精灵 - {FEDF637B-F631-4583-A210-33CC828D42DB} - F:\ANYCAL~1\MagicSet\HAOKAN~1.DLL
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IMJPMIG8.1] ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002A] ; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PHIME2002ASync] ; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [kav] "E:\卡巴斯基\Kaspersky Anti-Virus Personal\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: 宽带连接.lnk = ?
O8 - Extra context menu item: 上传到QQ网络硬盘 - E:\qq\AddToNetDisk.htm
O8 - Extra context menu item: 使用影音传送带下载 - F:\anycal soft\yingyin\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: 使用影音传送带下载全部链接 - F:\anycal soft\yingyin\NetTransport 2\NTAddList.html
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - E:\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\qq\AddEmotion.htm
O8 - Extra context menu item: 添加到雅虎订阅(&Y) - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrss.dll/YRSSMENUEXT
O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\qq\SendMMS.htm
O8 - Extra context menu item: 用比特精灵下载(&B) - D:\Anycall\bt精灵\BitSpirit\BitSpirit\bsurl.htm
O9 - Extra button: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm (file missing)
O9 - Extra button: Web反病毒保护 - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - E:\卡巴斯基\Kaspersky Anti-Virus Personal\scieplugin.dll
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file)
O9 - Extra button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - Extra button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://hot.3721.com/rd/shop_btn.htm (file missing)
O9 - Extra button: 上网助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.3721.com/index.htm?fb=Cns (file missing)
O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\qq\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\qq\QQ.EXE
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: 易趣购物 - {DE607144-AC19-424e-868A-8D70ABDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=5 (file missing)
O9 - Extra 'Tools' menuitem: 易趣购物 - {DE607144-AC19-424e-868A-8D70ABDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=5 (file missing)
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - E:\qq\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - E:\qq\QQIEHelper.dll
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - (no file) (HKCU)
O16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} (WebActivater Control) - http://game.qq.com/QQGame2.cab
O16 - DPF: {59CCB4A0-727D-11CF-AC36-00AA00A47DD2} (Timer Object) - http://vod.xs163.net/tools/ietimer.cab
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A9991480-214E-4763-8A3B-3389725C42D5}: NameServer = 202.101.172.46 202.101.172.47
O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll
O23 - Service: 卡巴斯基反病毒软件6.0 (AVP) - Kaspersky Lab - E:\卡巴斯基\Kaspersky Anti-Virus Personal\avp.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

谢谢

2006-09-12,14:06:57

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 1 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>  [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
    <run><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup>  [NVIDIA Corporation]
    <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [Microsoft Corporation]
    <PHIME2002A><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [Microsoft Corporation]
    <PHIME2002ASync><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [Microsoft Corporation]
    <kav><"E:\卡巴斯基\Kaspersky Anti-Virus Personal\avp.exe">  [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
    <WinlogonNotify: klogon><C:\WINDOWS\System32\klogon.dll>  [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <BigDog305><; >  []
    <BigDogPath><; >  []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><; C:\WINDOWS\System32\ctfmon.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <DAEMON Tools-1033><; ; "F:\anycal soft\虚拟光区\daemon300\daemon300\daemon.exe"  -lang 1033>  []
    <IMSCMig><; ; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [Microsoft Corporation]
    <KAVPersonal50><; "E:\卡巴斯基\Kaspersky Anti-Virus Personal\kav.exe" /minimize>  []
    <KernelFaultCheck><; %systemroot%\system32\dumprep 0 -k>  []
    <Net><; ; >  []
    <poco><; ; F:\anycal soft\poco\Poco2004.exe>  []
    <popo2004><; ; F:\anycal soft\POPO2004\popo2004\start.exe>  []
    <RavTask><; "C:\Program Files\rising\Rav\RavTask.exe" -system>  []
    <RealTray><; ; >  []
    <res><; >  []
    <RfwMain><; "E:\瑞星杀毒软件\瑞星防火墙\Rising\Rfw\rfwmain.exe" -Startup>  []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <SDO2005><; ; >  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <StormCodec_Helper><; "F:\anycal soft\暴风影音\Storm Codec\StormSet.exe" /S /opti>  []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <Super Rabbit IEPro><; ; F:\anycal soft\超级魔法兔子\MagicSet\SRIECLI.EXE /LOAD>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <TkBellExe><; ; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <uninstallex.exe><; ; >  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <yassistse><; >  []
    <YDTMain.exe><; ; >  []
    <YLive.exe><; >  []

==================================
启动文件夹
[宽带连接]
  <C:\Documents and Settings\Bluewater\「开始」菜单\程序\启动\宽带连接.lnk><N>

==================================
服务
[卡巴斯基反病毒软件6.0 / AVP]
  <E:\卡巴斯基\Kaspersky Anti-Virus Personal\avp.exe -r><Kaspersky Lab>
[C-DillaSrv / C-DillaSrv]
  <C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE><C-Dilla Ltd>
[NVIDIA Display Driver Service / NVSvc]
  <C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation>
[Remote Packet Capture Protocol v.0 (experimental) / rpcapd]
  <"C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini"><N/A>
[Sypwdr / Sypwdr]
  <><N/A>
[Windows User Mode Driver Framework / UMWdf]
  <><N/A>
[Windows Install Helper / WIDETS]
  <C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A>

==================================
浏览器加载项
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <E:\qq\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[BandIE Class]
  {77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[BHelper Class]
  {F2E37336-BFDB-409B-8D0E-6F013C438B20} <C:\WINDOWS\System32\6baoe4c0.dll, N/A>
[Web反病毒保护]
  {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <E:\卡巴斯基\Kaspersky Anti-Virus Personal\scieplugin.dll, Kaspersky Lab>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <E:\qq\QQ.EXE, TENCENT>
[FlashGet]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\flashget.exe, Amaze Soft>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <E:\qq\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft>
[百度超级搜霸]
  {B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[超级兔子上网精灵]
  {FEDF637B-F631-4583-A210-33CC828D42DB} <F:\ANYCAL~1\MagicSet\HAOKAN~1.DLL, 超级兔子>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>
[WebActivater Control]
  {3D8F74EE-8692-4F8F-B8D2-7522E732519E} <C:\WINDOWS\System32\WEBACT~1.OCX, QQ>
[Timer Object]
  {59CCB4A0-727D-11CF-AC36-00AA00A47DD2} <C:\WINDOWS\Downloaded Program Files\ietimer.ocx, Microsoft Corporation>
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, >
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <E:\qq\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[BandIE Class]
  {77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[百度超级搜霸]
  {B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[BHelper Class]
  {F2E37336-BFDB-409B-8D0E-6F013C438B20} <C:\WINDOWS\System32\6baoe4c0.dll, N/A>
[上传到QQ网络硬盘]
  <E:\qq\AddToNetDisk.htm, N/A>
[使用影音传送带下载]
  <F:\anycal soft\yingyin\NetTransport 2\NTAddLink.html, N/A>
[使用影音传送带下载全部链接]
  <F:\anycal soft\yingyin\NetTransport 2\NTAddList.html, N/A>
[使用网际快车下载]
  <C:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <C:\Program Files\FlashGet\jc_all.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
  <E:\qq\AddPanel.htm, N/A>
[添加到QQ表情]
  <E:\qq\AddEmotion.htm, N/A>
[添加到雅虎订阅(&Y)]
  <res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrss.dll/YRSSMENUEXT, N/A>
[用QQ彩信发送该图片]
  <E:\qq\SendMMS.htm, N/A>
[用比特精灵下载(&B)]
  <D:\Anycall\bt精灵\BitSpirit\BitSpirit\bsurl.htm, N/A>

正在运行的进程
[PID: 344][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 456][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 480][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.1557 (xpsp2_gdr.040517-1325)>
    [C:\WINDOWS\System32\klogon.dll]  <Kaspersky Lab><6.0.0.299>
[PID: 524][C:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 536][C:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 696][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 760][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 840][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 872][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 1072][C:\WINDOWS\system32\spoolsv.exe]  <Microsoft Corporation><5.1.2600.1699 (xpsp2.050610-1533)>
[PID: 1240][C:\WINDOWS\System32\alg.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 1288][C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE]  <C-Dilla Ltd><3.25.010>
[PID: 1328][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE]  <Microsoft Corporation><7.00.9466>
[PID: 1360][C:\WINDOWS\System32\nvsvc32.exe]  <NVIDIA Corporation><6.14.10.5303>
[PID: 1424][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.2800.1106 (xpsp1.020828-1920)>
    [C:\WINDOWS\System32\nvshell.dll]  <NVIDIA Corporation><6.14.10.5303>
    [C:\WINDOWS\System32\NVWRSZHC.DLL]  <NVIDIA Corporation><6.14.10.5303>
    [C:\PROGRA~1\baidu\bar\baidubar.dll]  <Baidu.com, Inc.><2, 0, 2, 99>
[PID: 1308][C:\WINDOWS\System32\ctfmon.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 432][F:\angelgao wg\木马杀客\木马杀客\mmsk.exe]  <木马杀客><2,0,0,6>
    [F:\angelgao wg\木马杀客\木马杀客\krnln.fnr]  <><1, 0, 0, 1>
    [F:\angelgao wg\木马杀客\木马杀客\iext2.fne]  <><1, 0, 0, 1>
    [F:\angelgao wg\木马杀客\木马杀客\iext.fne]  <><1, 0, 0, 1>
    [F:\angelgao wg\木马杀客\木马杀客\HYExtLib.fne]  <N/A><N/A>
    [F:\angelgao wg\木马杀客\木马杀客\HtmlView.fne]  <><1, 0, 0, 1>
    [F:\angelgao wg\木马杀客\木马杀客\TrayIcon.fne]  <><1, 0, 0, 1>
    [F:\angelgao wg\木马杀客\木马杀客\iext3.fne]  <><1, 0, 0, 1>
    [F:\angelgao wg\木马杀客\木马杀客\xplib.fne]  <N/A><N/A>
    [F:\angelgao wg\木马杀客\木马杀客\mmskskin.dll]  <><2, 0, 0, 6>
    [F:\angelgao wg\木马杀客\木马杀客\SkinPPWTL.dll]  <http://www.skinplusplus.com><2, 1, 0, 0>
    [F:\angelgao wg\木马杀客\木马杀客\shell.fne]  <N/A><N/A>
    [F:\angelgao wg\木马杀客\木马杀客\EThread.fne]  <N/A><N/A>
    [F:\angelgao wg\木马杀客\木马杀客\dp1.fne]  <N/A><N/A>
    [F:\angelgao wg\木马杀客\木马杀客\eAPI.fne]  <><1, 0, 0, 1>
    [E:\卡巴斯基\Kaspersky Anti-Virus Personal\scr_ch_pg.dll]  <Kaspersky Lab><1.0.6.299>
    [E:\卡巴斯基\Kaspersky Anti-Virus Personal\klscav.dll]  <Kaspersky Lab><6.0.0.299>
    [E:\卡巴斯基\Kaspersky Anti-Virus Personal\pr_remote.dll]  <Kaspersky Lab><6.0.0.299>
    [E:\卡巴斯基\Kaspersky Anti-Virus Personal\prloader.dll]  <Kaspersky Lab><6.0.0.299>
    [E:\卡巴斯基\Kaspersky Anti-Virus Personal\prkernel.ppl]  <Kaspersky Lab><6.0.0.299>
    [e:\卡巴斯基\kaspersky anti-virus personal\params.ppl]  <Kaspersky Lab><6.0.0.299>
    [e:\卡巴斯基\kaspersky anti-virus personal\pxstub.ppl]  <Kaspersky Lab><6.0.0.299>
    [e:\卡巴斯基\kaspersky anti-virus personal\tempfile.ppl]  <Kaspersky Lab><6.0.0.299>
    [e:\卡巴斯基\kaspersky anti-virus personal\nfio.ppl]  <Kaspersky Lab><6.0.0.299>
    [e:\卡巴斯基\kaspersky anti-virus personal\fsdrvplgn.ppl]  <Kaspersky Lab><6.0.0.299>
[PID: 1032][F:\anycal soft\foobar\foobar2000\foobar2000.exe]  <N/A><N/A>
    [F:\anycal soft\foobar\foobar2000\utf8api.dll]  <N/A><N/A>
    [F:\anycal soft\foobar\foobar2000\components\foo_ui_std.dll]  <N/A><N/A>
    [F:\anycal soft\foobar\foobar2000\components\foo_input_std.dll]  <N/A><N/A>
    [F:\anycal soft\foobar\foobar2000\components\foo_output_std.dll]  <N/A><N/A>
    [F:\anycal soft\foobar\foobar2000\components\foo_vis_manager.dll]  <N/A><N/A>
    [F:\anycal soft\foobar\foobar2000\components\foo_ui_columns.dll]  <N/A><N/A>
    [F:\anycal soft\foobar\foobar2000\components\foo_uie_tabs.dll]  <N/A><N/A>
    [F:\anycal soft\foobar\foobar2000\components\foo_uie_albumlist.dll]  <N/A><N/A>
    [F:\anycal soft\foobar\foobar2000\components\foo_uie_dbexplorer.dll]  <N/A><N/A>
    [F:\anycal soft\foobar\foobar2000\components\foo_uie_volume.dll]  <N/A><N/A>
    [F:\anycal soft\foobar\foobar2000\components\foo_uie_simple_spectrum.dll]  < ><0, 1, 6, 1>
    [F:\anycal soft\foobar\foobar2000\components\foo_cdda.dll]  <N/A><N/A>
    [F:\anycal soft\foobar\foobar2000\components\foo_flac.dll]  <N/A><N/A>
    [F:\anycal soft\foobar\foobar2000\components\foo_ape.dll]  <N/A><N/A>
    [F:\anycal soft\foobar\foobar2000\components\foo_wavpack.dll]  <N/A><N/A>
    [F:\anycal soft\foobar\foobar2000\components\foo_speex.dll]  <N/A><N/A>
    [F:\anycal soft\foobar\foobar2000\components\foo_dumb.dll]  <N/A><N/A>
    [F:\anycal soft\foobar\foobar2000\components\foo_wma.dll]  <><1.0.9>
    [F:\anycal soft\foobar\foobar2000\components\foo_spc.dll]  <N/A><N/A>
    [F:\anycal soft\foobar\foobar2000\components\foo_ac3.dll]  <N/A><N/A>
    [F:\anycal soft\foobar\foobar2000\components\foo_nez.dll]  <N/A><N/A>
    [F:\anycal soft\foobar\foobar2000\components\foo_matroska.dll]  <N/A><N/A>
    [F:\anycal soft\foobar\foobar2000\components\foo_ofr.dll]  <N/A><N/A>
    [F:\anycal soft\foobar\foobar2000\OptimFROG.dll]  <Florin Ghido, FlorinGhido@yahoo.com><1.100>
    [F:\anycal soft\foobar\foobar2000\components\foo_out_dsound_ex.dll]  <N/A><N/A>
    [F:\anycal soft\foobar\foobar2000\components\foo_out_dsound_ex2.dll]  <N/A><N/A>
    [F:\anycal soft\foobar\foobar2000\components\foo_out_ks.dll]  <N/A><N/A>
    [F:\anycal soft\foobar\foobar2000\components\foo_console.dll]  <N/A><N/A>
    [F:\anycal soft\foobar\foobar2000\components\foo_read_http.dll]  <N/A><N/A>
    [F:\anycal soft\foobar\foobar2000\components\foo_rgscan.dll]  <N/A><N/A>
    [F:\anycal soft\foobar\foobar2000\components\foo_albumlist.dll]  <N/A><N/A>
    [F:\anycal soft\foobar\foobar2000\components\foo_masstag.dll]  <N/A><N/A>
    [F:\anycal soft\foobar\foobar2000\components\foo_codepage_action.dll]  <N/A><N/A>
    [F:\anycal soft\foobar\foobar2000\components\foo_infobox.dll]  <N/A><N/A>
    [F:\anycal soft\foobar\foobar2000\components\foo_shuffle.dll]  <N/A><N/A>
    [F:\anycal soft\foobar\foobar2000\components\foo_unpack.dll]  <N/A><N/A>
    [F:\anycal soft\foobar\foobar2000\components\foo_id3v2.dll]  <N/A><N/A>
    [F:\anycal soft\foobar\foobar2000\components\foo_burninate.dll]  <N/A><N/A>
    [F:\anycal soft\foobar\foobar2000\components\foo_syfm.dll]  <N/A><N/A>
    [F:\anycal soft\foobar\foobar2000\components\foo_freedb.dll]  <N/A><N/A>
    [F:\anycal soft\foobar\foobar2000\components\foo_scheduler.dll]  <N/A><N/A>
    [F:\anycal soft\foobar\foobar2000\components\foo_playlistgen.dll]  <N/A><N/A>
    [F:\anycal soft\foobar\foobar2000\components\foo_dsp_extra.dll]  <N/A><N/A>
    [F:\anycal soft\foobar\foobar2000\components\foo_dsp_soundtouch.dll]  <N/A><N/A>
    [F:\anycal soft\foobar\foobar2000\components\foo_dsp_pause.dll]  <N/A><N/A>
    [F:\anycal soft\foobar\foobar2000\components\foo_convolve.dll]  <N/A><N/A>
    [F:\anycal soft\foobar\foobar2000\components\foo_diskwriter.dll]  <N/A><N/A>
    [F:\anycal soft\foobar\foobar2000\components\foo_monkey.dll]  <N/A><N/A>
    [F:\anycal soft\foobar\foobar2000\components\foo_faac.dll]  <N/A><N/A>
    [F:\anycal soft\foobar\foobar2000\components\foo_clienc.dll]  <N/A><N/A>
    [F:\anycal soft\foobar\foobar2000\components\foo_shell.dll]  <N/A><N/A>
[PID: 2784][C:\WINDOWS\System32\rundll32.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
    [C:\DOCUME~1\BLUEWA~1\TEMPLA~1\2f8c51d\1.dll]  <千橡互联><3, 0, 1, 0>
    [C:\DOCUME~1\BLUEWA~1\TEMPLA~1\2f8c51d\3.dll]  <千橡互联><3, 0, 1, 0>
    [C:\DOCUME~1\BLUEWA~1\TEMPLA~1\2f8c51d\4.dll]  <千橡互联><3, 0, 1, 0>
[PID: 2840][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 3068][F:\angelgao wg\System Repair Engineer\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  Error. ["E:\asp\Dreamweaver MX\Dreamweaver.exe" "%1"]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]