HijackThis_815汉化版扫描日志 V1.99.1
保存于      13:20:59, 日期 2006-12-20
操作系统：  Windows XP SP2 (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Rundll32.exe
D:\新建文件夹\avp.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\SocksA.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mhs2.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rxzs.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wlzs.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\zts2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\Serverx.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\wuauclt.exe
D:\新建文件夹\avp.exe
C:\WINDOWS\svchost.exe
D:\HijackThis1991zww.exe

R3 - URLSearchHook: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\迅雷\ComDlls\XunLeiBHO_002.dll
O2 - BHO: (no name) - {AAC73F50-03DD-47E5-AD18-FDD65BF29E3D} - (no file)
O2 - BHO: PrjZKBaiduBHO.ZKBaiduBHO - {BBF3E65D-762A-41AC-BFDA-7C6D97E65A73} - C:\WINDOWS\system32\zkbaidubho.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\DOWNLO~1\CnsHook.dll
O3 - IE工具栏增项: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [ASocksrv] SocksA.exe
O4 - 启动项HKLM\\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - 启动项HKLM\\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - 启动项HKLM\\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - 启动项HKLM\\Run: [CnsMin] Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32
O4 - 启动项HKLM\\Run: [StormCodec_Helper] "D:\暴风影音\Storm Codec\StormSet.exe" /S /opti
O4 - 启动项HKLM\\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - 启动项HKLM\\Run: [mhs2] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mhs2.exe
O4 - 启动项HKLM\\Run: [rxzs] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rxzs.exe
O4 - 启动项HKLM\\Run: [wlzs] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wlzs.exe
O4 - 启动项HKLM\\Run: [zts2] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\zts2.exe
O4 - 启动项HKLM\\Run: [kis] "D:\新建文件夹\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [bgswitch] C:\WINDOWS\system32\bgswitch.exe
O4 - HKCU\..\Run: [Serverx] C:\WINDOWS\system32\Serverx.exe
O4 - Startup: 腾讯QQ.lnk = ?
O8 - IE右键菜单中的新增项目:  发送图片到手机 - C:\Program Files\Moyu\MenuSendImg.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - D:\迅雷\Program\GetUrl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - D:\迅雷\Program\GetAllUrl.htm
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - D:\腾讯QQ\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 导出到 Microsoft Office Excel(&X) - res://D:\OFFICE~1\asppsa.com\OFFICE11\EXCEL.EXE/3000
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - D:\腾讯QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\腾讯QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 添加到雅虎订阅(&Y) - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrss.dll/YRSSMENUEXT
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - D:\腾讯QQ\SendMMS.htm
O8 - IE右键菜单中的新增项目: 雅虎搜索 - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/246
O9 - 浏览器额外的按钮: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - D:\迅雷\Thunder.exe
O9 - 浏览器额外的“工具”菜单项: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - D:\迅雷\Thunder.exe
O9 - 浏览器额外的按钮: Web反病毒保护 - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\新建文件夹\scieplugin.dll
O9 - 浏览器额外的按钮: Yahoo 3.5G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail (file missing)
O9 - 浏览器额外的按钮: 名品折扣 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=http://www.taobao.com/vertical/mall/pro.php?allyesPara=816 (file missing)
O9 - 浏览器额外的按钮: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist (file missing)
O9 - 浏览器额外的按钮: 番茄花园 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.tomatolei.com (file missing)
O9 - 浏览器额外的“工具”菜单项: 番茄花园 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.tomatolei.com (file missing)
O9 - 浏览器额外的按钮: 雅虎WIDGET - {6354ABE6-05F1-49ed-B850-E423120EC338} - http://cn.widget.yahoo.com/index.htm?source=Cns (file missing)
O9 - 浏览器额外的按钮: 易趣购物 - {BE9C13C3-9E46-4db1-BC05-BD8DA44599F2} - http://adfarm.mediaplex.com/ad/ck/4080-22910-9640-151?cn=song;icon;hp&mpro=http://www.ebay.com.cn (file missing)
O9 - 浏览器额外的“工具”菜单项: 易趣购物 - {BE9C13C3-9E46-4db1-BC05-BD8DA44599F2} - http://adfarm.mediaplex.com/ad/ck/4080-22910-9640-151?cn=song;icon;hp&mpro=http://www.ebay.com.cn (file missing)
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\腾讯QQ\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\腾讯QQ\QQ.EXE
O9 - 浏览器额外的按钮: 易趣购物 - {DE607141-AC19-421e-864A-4D70ABDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=5 (file missing)
O9 - 浏览器额外的“工具”菜单项: 易趣购物 - {DE607141-AC19-421e-864A-4D70ABDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=5 (file missing)
O9 - 浏览器额外的按钮: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\腾讯QQ\QQIEHelper.dll
O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\腾讯QQ\QQIEHelper.dll
O9 - 浏览器额外的按钮: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg (file missing)
O9 - 浏览器额外的按钮: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - 浏览器额外的“工具”菜单项: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - 浏览器额外的按钮: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O9 - 浏览器额外的“工具”菜单项: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O11 - Options group: [!CNS]  中文上网
O14 - IERESET.INF: START_PAGE_URL=http://www.tomatolei.com
O20 - AppInit_DLLs: 455373M.BMP
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - NT 服务: 卡巴斯基互联网安全套装 6.0 (AVP) - Kaspersky Lab - D:\新建文件夹\avp.exe

2006-12-20,21:14:12

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <bgswitch><C:\WINDOWS\system32\bgswitch.exe>  [N/A]
    <Serverx><C:\WINDOWS\system32\Serverx.exe>  [N/A]
    <svc><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wmbose.exe>  [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <ASocksrv><SocksA.exe>  [1]
    <Cmaudio><RunDll32 cmicnfg.cpl,CMICtrlWnd>  [N/A]
    <helper.dll><C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32>  []
    <CnsMin><Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32>  [北京三七二一科技有限公司]
    <mhs2><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mhs2.exe>  [N/A]
    <rxzs><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rxzs.exe>  [N/A]
    <wlzs><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wlzs.exe>  [N/A]
    <zts2><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\zts2.exe>  [N/A]
    <kis><"D:\新建文件夹\avp.exe">  [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><455373M.BMP>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{4BAB150F-DD97-476D-9C1E-41B6CDC0CA7A}><C:\PROGRA~1\Yahoo!\ASSIST~1\yclickon.dll>  [YAHOO Corporation Limited]
    <{D157330A-9EF3-49F8-9A67-4141AC41ADD4}><C:\WINDOWS\DOWNLO~1\CnsHook.dll>  [北京三七二一科技有限公司]
    <{E568441B-9EF3-49F8-9A67-4141AC41ADD4}><C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll>  [Yahoo! China]
    <{6E44887F-5214-41F2-AB46-4728735C4CC6}><C:\Program Files\Internet Explorer\PLUGINS\System8.sys>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
    <WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll>  [Kaspersky Lab]

==================================
启动文件夹
[腾讯QQ]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\腾讯QQ.lnk --> D:\腾讯QQ\QQ.exe [TENCENT]><N>

==================================
服务
[卡巴斯基互联网安全套装 6.0 / AVP]
  <D:\新建文件夹\avp.exe -r><Kaspersky Lab>
[Human Interface Device Access / HidServ]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Windows DHCP Service / WinDHCPsvc]
  <C:\WINDOWS\system32\rundll32.exe windhcp.ocx,start><Microsoft Corporation>

==================================
驱动程序
[C-Media WDM Audio Interface / cmuda]
  <system32\drivers\cmuda.sys><C-Media Inc>
[CnsMinKP / CnsMinKP]
  <\SystemRoot\system32\drivers\CnsMinKP.sys><Copyright (C) 3721 Corporation.>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS]
  <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[fxowmc3 / fxowmc34]
  <\SystemRoot\System32\DRIVERS\fxowmc34.sys><Microsoft Corporation>
[kl1 / kl1]
  <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[naqdpej / naqdpej]
  <\SystemRoot\\SystemRoot\System32\drivers\naqdpej.sys><N/A>
[Netgroup Packet Filter / NPF]
  <system32\DRIVERS\npf.sys><CACE Technologies>
[npkcrypt / npkcrypt]
  <\??\D:\腾讯QQ\npkcrypt.sys><N/A>
[nv / nv]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Secdrv / Secdrv]
  <system32\DRIVERS\secdrv.sys><N/A>
[ViaIde / ViaIde]
  <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[R2A / R2A]
  <\??\C:\WINDOWS\system32a2.sys><N/A>

==================================
浏览器加载项
[Yahoo!Photo]
  {33BBE430-0E42-4f12-B075-8D21ACB10DCB} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll, Yahoo! China>
[AntiFish Class]
  {38928D50-8A48-44C2-945F-D2F23F771410} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll, Yahoo.>
[雅虎助手]
  {406F94F0-504F-4a40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, Yahoo!>
[DragSearch BHO]
  {62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, >
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\迅雷\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[PrjZKBaiduBHO.ZKBaiduBHO]
  {BBF3E65D-762A-41AC-BFDA-7C6D97E65A73} <C:\WINDOWS\system32\zkbaidubho.dll, baiduu>
[CnsHook Class]
  {D157330A-9EF3-49F8-9A67-4141AC41ADD4} <C:\WINDOWS\DOWNLO~1\CnsHook.dll, 北京三七二一科技有限公司>
[Web反病毒保护]
  {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <D:\新建文件夹\scieplugin.dll, Kaspersky Lab>
[Yahoo 3.5G电邮]
  {507F9113-CD77-4866-BA92-0E86DA3D0B97} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail, N/A>
[名品折扣]
  {59BC54A2-56B3-44a0-93E5-432D58746E26} <http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=http://www.taobao.com/vertical/mall/pro.php?allyesPara=816, N/A>
[雅虎助手]
  {5D73EE86-05F1-49ed-B850-E423120EC338} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist, N/A>
[番茄花园]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.tomatolei.com, N/A>
[雅虎WIDGET]
  {6354ABE6-05F1-49ed-B850-E423120EC338} <http://cn.widget.yahoo.com/index.htm?source=Cns, N/A>
[易趣购物]
  {BE9C13C3-9E46-4db1-BC05-BD8DA44599F2} <http://adfarm.mediaplex.com/ad/ck/4080-22910-9640-151?cn=song;icon;hp&mpro=http://www.ebay.com.cn, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\腾讯QQ\QQ.EXE, TENCENT>
[易趣购物]
  {DE607141-AC19-421e-864A-4D70ABDF119A} <http://click2.ad4all.net/url2/urlmanage/url.asp?id=5, N/A>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <D:\腾讯QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[情景聊天]
  {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg, N/A>
[]
  {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair, N/A>
[]
  {FD00D911-7529-4084-9946-A29F1BDF4FE5} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean, N/A>
[雅虎助手]
  {406F94F0-504F-4a40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, Yahoo!>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[Yahoo!Photo]
  {33BBE430-0E42-4F12-B075-8D21ACB10DCB} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll, Yahoo! China>
[AntiFish Class]
  {38928D50-8A48-44C2-945F-D2F23F771410} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll, Yahoo.>
[雅虎助手]
  {406F94F0-504F-4A40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, Yahoo!>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <D:\腾讯QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[DragSearch BHO]
  {62EED7C6-9F02-42F9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, >
[AutoLive]
  {7CA83CF1-3AEA-42D0-A4E3-1594FC6E48B2} <C:\PROGRA~1\3721\autolive.dll, >
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\迅雷\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[PrjZKBaiduBHO.ZKBaiduBHO]
  {BBF3E65D-762A-41AC-BFDA-7C6D97E65A73} <C:\WINDOWS\system32\zkbaidubho.dll, baiduu>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[CnsHook Class]
  {D157330A-9EF3-49F8-9A67-4141AC41ADD4} <C:\WINDOWS\DOWNLO~1\CnsHook.dll, 北京三七二一科技有限公司>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[  发送图片到手机]
  <C:\Program Files\Moyu\MenuSendImg.htm, N/A>
[&使用迅雷下载]
  <D:\迅雷\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
  <D:\迅雷\Program\GetAllUrl.htm, N/A>
[上传到QQ网络硬盘]
  <D:\腾讯QQ\AddToNetDisk.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://D:\OFFICE~1\asppsa.com\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
  <D:\腾讯QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\腾讯QQ\AddEmotion.htm, N/A>
[添加到雅虎订阅(&Y)]
  <res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrss.dll/YRSSMENUEXT, N/A>
[用QQ彩信发送该图片]
  <D:\腾讯QQ\SendMMS.htm, N/A>
[雅虎搜索]
  <res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/246, N/A>

==================================
正在运行的进程
[PID: 604][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 664][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 688][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\455373M.BMP]  [N/A, N/A]
    [C:\WINDOWS\system32\klogon.dll]  [Kaspersky Lab, 6.0.0.299]
[PID: 744][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\455373M.BMP]  [N/A, N/A]
[PID: 756][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\455373M.BMP]  [N/A, N/A]
[PID: 936][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\455373M.BMP]  [N/A, N/A]
[PID: 1012][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\455373M.BMP]  [N/A, N/A]
[PID: 1116][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\455373M.BMP]  [N/A, N/A]
    [D:\新建文件夹\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
[PID: 1168][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\455373M.BMP]  [N/A, N/A]
[PID: 1228][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\455373M.BMP]  [N/A, N/A]
[PID: 1572][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\455373M.BMP]  [N/A, N/A]
[PID: 1816][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\455373M.BMP]  [N/A, N/A]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\yclickon.dll]  [YAHOO Corporation Limited, 2, 0, 1, 1002]
    [C:\WINDOWS\DOWNLO~1\CnsHook.dll]  [北京三七二一科技有限公司, 1, 0, 4, 2]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll]  [Yahoo! China, 2, 0, 4, 1007]
    [C:\Program Files\Internet Explorer\PLUGINS\System8.sys]  [N/A, N/A]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 4, 1]
    [C:\WINDOWS\system32\windhcp.ocx]  [N/A, N/A]
    [C:\PROGRA~1\3721\helper.dll]  [, 1, 1, 1, 1327]
    [C:\PROGRA~1\3721\alrex.dll]  [, 1, 0, 1, 1001]
    [D:\新建文件夹\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\PROGRA~1\3721\autolive.dll]  [, 1, 2, 0, 1330]
    [C:\PROGRA~1\3721\alLiveEx.dll]  [ , 1, 0, 3, 1006]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll]  [Yahoo! China, 1, 1, 3, 1035]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll]  [Yahoo!, 2, 1, 9, 1049]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL]  [, 1, 2, 7, 1006]
    [D:\迅雷\ComDlls\XunLeiBHO_002.dll]  [Thunder Networking Technologies,LTD, 5, 0, 0, 2]
    [C:\WINDOWS\system32\zkbaidubho.dll]  [baiduu, 1.02.0081]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
    [D:\新建文件夹\shellex.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\ywiper.dll]  [N/A, 1, 0, 1, 1014]
[PID: 1864][C:\WINDOWS\system32\Rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\455373M.BMP]  [N/A, N/A]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 4, 1]
    [C:\WINDOWS\DOWNLO~1\CnsMinIO.dll]  [北京三七二一科技有限公司, 1, 0, 3, 7]
    [C:\WINDOWS\DOWNLO~1\cnsio.dll]  [北京三七二一科技有限公司, 1, 0, 2, 8]
    [D:\新建文件夹\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\WINDOWS\DOWNLO~1\CnsMinEx.dll]  [国风因特软件(北京)有限公司, 1, 0, 3, 5]
    [C:\Program Files\Internet Explorer\PLUGINS\System8.sys]  [N/A, N/A]
[PID: 180][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
    [C:\WINDOWS\455373M.BMP]  [N/A, N/A]
[PID: 1728][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\455373M.BMP]  [N/A, N/A]
[PID: 1400][C:\WINDOWS\system32\RunDll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\455373M.BMP]  [N/A, N/A]
    [C:\WINDOWS\system\cmicnfg.cpl]  [C-Media Corporation, 1, 0, 41, 25]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 4, 1]
    [C:\Program Files\Internet Explorer\PLUGINS\System8.sys]  [N/A, N/A]
    [C:\PROGRA~1\3721\helper.dll]  [, 1, 1, 1, 1327]
    [C:\WINDOWS\System32\udaprop.dll]  [C-Media Corporation, 1.0.2.2]
[PID: 1664][C:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\455373M.BMP]  [N/A, N/A]
    [C:\PROGRA~1\3721\helper.dll]  [, 1, 1, 1, 1327]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 4, 1]
    [C:\Program Files\Internet Explorer\PLUGINS\System8.sys]  [N/A, N/A]
    [C:\PROGRA~1\3721\autolive.dll]  [, 1, 2, 0, 1330]
    [C:\PROGRA~1\3721\notifier.dll]  [, 1, 0, 0, 5]
    [D:\新建文件夹\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\PROGRA~1\3721\alLiveEx.dll]  [ , 1, 0, 3, 1006]
[PID: 2080][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mhs2.exe]  [N/A, N/A]
    [C:\WINDOWS\455373M.BMP]  [N/A, N/A]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mhs2.dll]  [N/A, N/A]
[PID: 2180][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rxzs.exe]  [N/A, N/A]
    [C:\WINDOWS\455373M.BMP]  [N/A, N/A]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\rxzs.dll]  [N/A, N/A]
[PID: 2232][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wlzs.exe]  [N/A, N/A]
    [C:\WINDOWS\455373M.BMP]  [N/A, N/A]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wlzs.dll]  [N/A, N/A]
[PID: 2280][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\zts2.exe]  [N/A, N/A]
    [C:\WINDOWS\455373M.BMP]  [N/A, N/A]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\zts2.dll]  [N/A, N/A]
[PID: 2364][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\455373M.BMP]  [N/A, N/A]
    [C:\PROGRA~1\3721\helper.dll]  [, 1, 1, 1, 1327]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 4, 1]
    [C:\Program Files\Internet Explorer\PLUGINS\System8.sys]  [N/A, N/A]
[PID: 3928][C:\WINDOWS\system32\wuauclt.exe]  [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
    [C:\PROGRA~1\3721\helper.dll]  [, 1, 1, 1, 1327]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 4, 1]
    [C:\Program Files\Internet Explorer\PLUGINS\System8.sys]  [N/A, N/A]
[PID: 1644][D:\遨游\Maxthon\Maxthon.exe]  [Maxthon International Ltd., 1, 5, 8, 116]
    [D:\遨游\Maxthon\maxzlib.dll]  [ , 1, 0, 0, 2]
    [C:\PROGRA~1\3721\helper.dll]  [, 1, 1, 1, 1327]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 4, 1]
    [D:\遨游\Maxthon\Services\RealTime\real_time.dll]  [, 1, 0, 0, 1]
    [D:\新建文件夹\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
    [D:\新建文件夹\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
    [D:\新建文件夹\klscav.dll]  [Kaspersky Lab, 6.0.0.299]
    [D:\新建文件夹\pr_remote.dll]  [Kaspersky Lab, 6.0.0.299]
    [D:\新建文件夹\prloader.dll]  [Kaspersky Lab, 6.0.0.299]
    [D:\新建文件夹\prkernel.ppl]  [Kaspersky Lab, 6.0.0.304]
    [d:\新建文件夹\params.ppl]  [Kaspersky Lab, 6.0.0.299]
    [d:\新建文件夹\pxstub.ppl]  [Kaspersky Lab, 6.0.0.299]
    [d:\新建文件夹\tempfile.ppl]  [Kaspersky Lab, 6.0.0.299]
    [d:\新建文件夹\nfio.ppl]  [Kaspersky Lab, 6.0.0.299]
    [d:\新建文件夹\fsdrvplgn.ppl]  [Kaspersky Lab, 6.0.0.299]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx]  [Adobe Systems, Inc., 9,0,16,0]
    [C:\Program Files\Internet Explorer\PLUGINS\System8.sys]  [N/A, N/A]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll]  [Yahoo! China, 2, 0, 4, 1007]
[PID: 2720][C:\WINDOWS\system32\Serverx.exe]  [N/A, N/A]
    [C:\WINDOWS\455373M.BMP]  [N/A, N/A]
[PID: 3816][C:\WINDOWS\svchost.exe]  [1, 1.00]
    [C:\WINDOWS\455373M.BMP]  [N/A, N/A]
    [C:\PROGRA~1\3721\helper.dll]  [, 1, 1, 1, 1327]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 4, 1]
    [C:\Program Files\Internet Explorer\PLUGINS\System8.sys]  [N/A, N/A]
[PID: 2880][D:\新建文件夹 (2)\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]
    [C:\WINDOWS\455373M.BMP]  [N/A, N/A]
    [C:\PROGRA~1\3721\helper.dll]  [, 1, 1, 1, 1327]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 4, 1]
    [C:\Program Files\Internet Explorer\PLUGINS\System8.sys]  [N/A, N/A]
    [D:\新建文件夹\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
[C:\]
[AutoRun]
open=tel.xls.exe
shellexecute=tel.xls.exe
shell\Auto\command=tel.xls.exe
shell=Auto
[D:\]
[AutoRun]
open=tel.xls.exe
shellexecute=tel.xls.exe
shell\Auto\command=tel.xls.exe
shell=Auto
[E:\]
[AutoRun]
open=tel.xls.exe
shellexecute=tel.xls.exe
shell\Auto\command=tel.xls.exe
shell=Auto
[F:\]
[AutoRun]
open=tel.xls.exe
shellexecute=tel.xls.exe
shell\Auto\command=tel.xls.exe
shell=Auto

==================================
HOSTS 文件
127.0.0.1      localhost

==================================

昨天把C盘格了重装后还有病毒
把盘全格式化了再重装行吗