Logfile of Kaka v2. 0. 2. 6 Scan Module v1. 0. 4. 5
Scan saved at 21:27:10, on 2007-02-22
Platform: Microsoft Windows XP Professional Service Pack 2 (Build 2600)
MSIE: Internet Explorer v6.00 SP2; (6.00.2900.2180 (xpsp_sp2_rtm.040803-2158))


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=http://www.ld123.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://www.ld123.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://hao123.union123.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,default_page_url=http://www.ld123.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=http://www.ld123.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page=http://www.ld123.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=http://hao123.union123.com/index.htm
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: BitComet Helper - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: C:\WINDOWS\system32\4249cfsb.dll
O2 - BHO: QQBrowserHelperObject Class - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO:  (file missing)
O2 - BHO: 17f - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4845ntos.dll
O2 - BHO: cnwin Class - {EC497BD8-460F-44F0-B2A4-8C2B2198035B} - C:\WINDOWS\system32\cnwin.dll (file missing)
O2 - BHO: vfhg - {F9A521A6-37A5-4971-B13B-40C7AC74EA58} - C:\PROGRA~1\COMMON~1\boqp\fsut.dll
O3 - Toolbar: 17f - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4845ntos.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunOnce: [KKDelay] C:\Program Files\Rising\AntiSpyware\RunOnce.exe
O4 - Startup: desktop.ini =
O4 - Global Startup: desktop.ini =
O8 - Extra context menu item: !搜一搜(&S) - res://C:\Program Files\YiSou\yisou.dll/232
O8 - Extra context menu item: &使用BitComet下载 - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &使用BitComet下载全部链接 - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &使用BitComet下载本页视频 - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra Button: 番茄花园 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.tomatolei.com (file missing)
O9 - Extra Button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra Button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} - http://p3p.sogou.com/MMCShell.cab
O16 - DPF: {52FF336D-A05D-4A14-A3A1-7B6B4B427F88} (UploadControl Control) - http://blog.163.com/bin/UploadControl.cab
O16 - DPF: {79312BD7-AB1A-4730-829F-F43C984D0A9D} (ACNSTAT Class) - http://www.ctsunion.com/cts.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3E6CC7C8-0547-46F4-8167-B9216FF91F25}: NameServer = 219.150.32.132,219.146.0.130
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll
O18 - Protocol: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O20 - Winlogon Notify: cryptimg
O20 - Winlogon Notify: rpcc
O21 - SSODL: webwork - {4C611512-2C1D-44b2-A044-872AD2AD5A61} - C:\WINDOWS\webwork\webwork.dll
O23 - Service: Adobe LM Service (Adobe LM Service) - Adobe Systems - "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
O23 - Service: Creative Service for CDROM Access (Creative Service for CDROM Access) - Creative Technology Ltd - C:\WINDOWS\system32\ctsvccda.exe
O23 - Service: Human Interface Device Access (HidServ) -  - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Std psba Service (psba) -  - C:\WINDOWS\system32\rundll32.exe c:\progra~1\huwv\uegf.dll,service -s
O23 - Service: RestoreService (RestoreService) - Microsoft Corporation All rights reserved - C:\WINDOWS\system32\svchost.exe -k restoreservice
O23 - Service: Microsoft Update Service (SoSCAR) -  - C:\WINDOWS\system32\rundllfromwin2000.exe c:\windows\system32\wbem\cksfp.dll,export 1087
O23 - Service: Vsn vikj Service (vikj) -  - C:\WINDOWS\system32\rundll32.exe c:\progra~1\common~1\boqp\ivxw.dll,service

用sreng2扫描结果
[CODE]

2007-02-22,21:55:52

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><; C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)NVIDIA Corporation]
    <CTSysVol><; C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r>  [Creative Technology Ltd]
    <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <NvMediaCenter><; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [(Verified)NVIDIA Corporation]
    <nwiz><; nwiz.exe /install>  [N/A]
    <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <runeip><; C:\Program Files\Rising\AntiSpyware\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
    <TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot>  [RealNetworks, Inc.]
    <UpdReg><; C:\WINDOWS\UpdReg.EXE>  [Creative Technology Ltd.]
    <System><C:\Program Files\Common Files\System\Updaterun.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <KKDelay><C:\Program Files\Rising\AntiSpyware\RunOnce.exe>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{4ED6E0B5-F47A-4609-A940-11CF60FDC3C3}><C:\WINDOWS\system32\mctet.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <webwork><C:\WINDOWS\webwork\webwork.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptimg]
    <WinlogonNotify: cryptimg><cryptimg.dll>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rpcc]
    <WinlogonNotify: rpcc><C:\WINDOWS\system32\rpcc.dll>  [N/A]

==================================
启动文件夹
N/A

==================================
服务
[4A1A526E / 4A1A526E][Stopped/Auto Start]
  <C:\WINDOWS\system32\4A1A526E.EXE -service><Microsoft Corporation>
[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[Creative Service for CDROM Access / Creative Service for CDROM Access][Running/Auto Start]
  <C:\WINDOWS\system32\CTsvcCDA.exe><Creative Technology Ltd>
[E393B45 / E393B45][Stopped/Auto Start]
  <C:\WINDOWS\system32\E393B45.EXE -service><Microsoft Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[jsefusf / jsefusf][Stopped/Auto Start]
  <C:\WINDOWS\system32\jsefusf.exe -service><Microsoft Corporation>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Std psba Service / psba][Running/Auto Start]
  <C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\huwv\uegf.dll,Service -s><Microsoft Corporation>
[RestoreService / RestoreService][Running/Auto Start]
  <C:\WINDOWS\system32\Svchost.exe -k RestoreService-->C:\WINDOWS\system32\drivers\restore.dll><Microsoft Corporation All rights reserved>
[Vsn vikj Service / vikj][Running/Auto Start]
  <C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\COMMON~1\boqp\ivxw.dll,Service><Microsoft Corporation>
[WMDM PMSP Service / WMDM PMSP Service][Running/Auto Start]
  <C:\WINDOWS\system32\MsPMSPSv.exe><Microsoft Corporation>
[Microsoft Update Service / SoSCAR][Running/Auto Start]
  <C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE C:\WINDOWS\SYSTEM32\WBEM\KPGDF.DLL,Export 1087><Microsoft Corporation>
[Clipboard / AtWork][Stopped/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\brhqv.dll><Microsoft Corporation>

==================================
驱动程序
[0000433d / 0000433d][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\0000433d.SYS><N/A>
[00004ceb / 00004ceb][Stopped/]
  <2 - 系统找不到指定的文件。
><N/A>
[acpidisk / acpidisk][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\acpidisk.sys><N/A>
[ast / ast][Stopped/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\ast.sys><N/A>
[Creative SoundFont Management Device Driver / ctsfm2k][Running/Manual Start]
  <system32\DRIVERS\ctsfm2k.sys><Creative Technology Ltd>
[ffpbek / ffpbek][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\ffpbek.sys><Microsoft Corporation>
[hidproc / hidproc][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\hidproc.sys><Microsoft Corporation>
[msusbbux / msusbbux][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\msusbbux.sys><Microsoft Corporation>
[nekhm / nekhm][Running/Boot Start]
  <\SystemRoot\\SystemRoot\System32\drivers\nekhm.sys><N/A>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Creative OS Services Driver / ossrv][Running/Manual Start]
  <system32\DRIVERS\ctoss2k.sys><Creative Technology Ltd.>
[Sound Blaster Live! 24-bit / P17][Running/Manual Start]
  <system32\drivers\P17.sys><Creative Technology Ltd.>
[PfModNT / PfModNT][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\PfModNT.sys><Creative Technology Ltd.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[ViaIde / ViaIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[xqxpfuy / xqxpfuy][Running/Boot Start]
  <\SystemRoot\system32\drivers\xqxpfuy.sys><N/A>
[zuqbzh4 / zuqbzh43][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\zuqbzh43.sys><N/A>
[msboy / msboy][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\msboy.sys><N/A>

==================================
浏览器加载项
[BitComet Helper]
  {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <C:\Program Files\BitComet\tools\BitCometBHO.dll, BitComet>
[]
  {4e8390bd-31ce-4249-8b0d-4e03f37a8dbf} <C:\WINDOWS\system32\4249cfsb.dll, N/A>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[实用搜索]
  {6CFD436C-7AAD-4e50-992F-C0C87A94CAD2} <C:\Program Files\superutilbar\superutilbar.dll, www.shiyongsousuo.com>
[17f]
  {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} <C:\WINDOWS\system32\4845ntos.dll, N/A>
[cnwin Class]
  {EC497BD8-460F-44F0-B2A4-8C2B2198035B} <C:\WINDOWS\system32\cnwin.dll, N/A>
[vfhg]
  {F9A521A6-37A5-4971-B13B-40C7AC74EA58} <C:\PROGRA~1\COMMON~1\boqp\fsut.dll, >
[番茄花园]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.tomatolei.com, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[CaiFuCOM Class]
  {C1F0024B-8278-4999-B7E6-2718426D9FE6} <C:\Program Files\财富通\caif.dll, N/A>
[17f]
  {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} <C:\WINDOWS\system32\4845ntos.dll, N/A>
[实用搜索工具条2.0]
  {03465FF5-00AE-411a-9C34-960ED566EC03} <C:\Program Files\superutilbar\superutilbar.dll, www.shiyongsousuo.com>
[UploadControl Control]
  {52FF336D-A05D-4A14-A3A1-7B6B4B427F88} <C:\WINDOWS\system32\UPLOAD~1.OCX, 广州网易互动娱乐有限公司>
[ACNSTAT Class]
  {79312BD7-AB1A-4730-829F-F43C984D0A9D} <C:\WINDOWS\system32\ACNSTAT.dll, >
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[BitComet Helper]
  {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <C:\Program Files\BitComet\tools\BitCometBHO.dll, BitComet>
[]
  {4E8390BD-31CE-4249-8B0D-4E03F37A8DBF} <C:\WINDOWS\system32\4249cfsb.dll, N/A>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[17f]
  {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} <C:\WINDOWS\system32\4845ntos.dll, N/A>
[cnwin Class]
  {EC497BD8-460F-44F0-B2A4-8C2B2198035B} <C:\WINDOWS\system32\cnwin.dll, N/A>
[vfhg]
  {F9A521A6-37A5-4971-B13B-40C7AC74EA58} <C:\PROGRA~1\COMMON~1\boqp\fsut.dll, >
[!搜一搜(&S)]
  <res://C:\Program Files\YiSou\yisou.dll/232, N/A>
[&使用BitComet下载]
  <res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm, N/A>
[&使用BitComet下载全部链接]
  <res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm, N/A>
[&使用BitComet下载本页视频]
  <res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm, N/A>
[上传到QQ网络硬盘]
  <C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
  <C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 456][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 512][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 552][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\winlib .dll]  [N/A, N/A]
    [C:\WINDOWS\system32\jsefusf.dll]  [Microsoft Corporation, N/A]
[PID: 596][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 608][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 760][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 804][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 868][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 976][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1012][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1260][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\mctet.dll]  [, 5, 3, 1, 120]
    [C:\WINDOWS\system32\zuqbzh43.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\xqxpfuy.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\jsefusf.dll]  [Microsoft Corporation, N/A]
    [C:\PROGRA~1\huwv\xhji.dll]  [, 1, 0, 0, 6]
    [C:\PROGRA~1\huwv\smon.dll]  [ , 1, 0, 0, 6]
    [C:\Program Files\BitComet\tools\BitCometBHO.dll]  [BitComet, 20061116]
    [C:\PROGRA~1\COMMON~1\boqp\fsut.dll]  [, 1, 2, 0, 8]
    [C:\WINDOWS\system32\oyuoz.dll]  [N/A, N/A]
[PID: 1288][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1420][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\vprproc.dll]  [Windows (R) 2000 DDK provider, 5.00.2195.1620]
[PID: 1480][C:\WINDOWS\system32\RUNDLL32.EXE]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\umtcap.dll]  [, 5.1.1800.2813]
    [C:\PROGRA~1\huwv\xhji.dll]  [, 1, 0, 0, 6]
    [C:\PROGRA~1\huwv\smon.dll]  [ , 1, 0, 0, 6]
[PID: 1888][C:\WINDOWS\system32\CTsvcCDA.exe]  [Creative Technology Ltd, 1.0.1.0]
[PID: 172][C:\WINDOWS\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.9131]
    [C:\PROGRA~1\huwv\xhji.dll]  [, 1, 0, 0, 6]
    [C:\PROGRA~1\huwv\smon.dll]  [ , 1, 0, 0, 6]
[PID: 212][C:\WINDOWS\system32\1C4D7CA5.exe]  [N/A, N/A]
    [C:\PROGRA~1\huwv\xhji.dll]  [, 1, 0, 0, 6]
    [C:\PROGRA~1\huwv\smon.dll]  [ , 1, 0, 0, 6]
[PID: 244][C:\WINDOWS\system32\ffudf.exe]  [N/A, N/A]
    [C:\PROGRA~1\huwv\xhji.dll]  [, 1, 0, 0, 6]
    [C:\PROGRA~1\huwv\smon.dll]  [ , 1, 0, 0, 6]
[PID: 260][C:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRA~1\huwv\uegf.dll]  [ , 4, 1, 0, 4]
    [C:\PROGRA~1\huwv\xhji.dll]  [, 1, 0, 0, 6]
    [C:\PROGRA~1\huwv\smon.dll]  [ , 1, 0, 0, 6]
    [C:\PROGRA~1\huwv\wjlk.dll]  [ , 1, 0, 0, 6]
[PID: 848][C:\WINDOWS\system32\Svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\windows\system32\drivers\restore.dll]  [Microsoft Corporation All rights reserved, 1, 0, 0, 1]
[PID: 968][C:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRA~1\COMMON~1\boqp\ivxw.dll]  [, 1, 2, 0, 8]
    [C:\PROGRA~1\huwv\xhji.dll]  [, 1, 0, 0, 6]
    [C:\PROGRA~1\huwv\smon.dll]  [ , 1, 0, 0, 6]
[PID: 1092][C:\WINDOWS\system32\MsPMSPSv.exe]  [Microsoft Corporation, 7.00.00.1954]
[PID: 2132][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2156][C:\WINDOWS\system32\wscntfy.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRA~1\huwv\xhji.dll]  [, 1, 0, 0, 6]
    [C:\PROGRA~1\huwv\smon.dll]  [ , 1, 0, 0, 6]
[PID: 3732][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRA~1\huwv\xhji.dll]  [, 1, 0, 0, 6]
    [C:\PROGRA~1\huwv\smon.dll]  [ , 1, 0, 0, 6]
[PID: 3160][C:\Program Files\Tencent\TT\TTraveler.exe]  [腾讯公司, 3.2.200.275]
    [C:\PROGRA~1\huwv\xhji.dll]  [, 1, 0, 0, 6]
    [C:\PROGRA~1\huwv\smon.dll]  [ , 1, 0, 0, 6]
    [C:\Program Files\Tencent\TT\Plugins\QQFloatBar\QQFloatBar4TT2.dll]  [腾讯公司, 1, 1, 0, 5]
    [C:\Program Files\Tencent\TT\Plugins\TWeather\TWeather.dll]  [, 1, 0, 0, 3]
    [C:\Program Files\Tencent\TT\PersonalDesktop.dll]  [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 4]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx]  [Adobe Systems, Inc., 9,0,16,0]
[PID: 2804][C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE]  [Microsoft Corporation, 5.00.2134.1]
[PID: 3336][C:\Documents and Settings\mzs\桌面\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]
    [C:\PROGRA~1\huwv\xhji.dll]  [, 1, 0, 0, 6]
    [C:\PROGRA~1\huwv\smon.dll]  [ , 1, 0, 0, 6]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
N/A

==================================


[/CODE]