[CODE]

2007-07-06,13:13:23

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <QQDownload><"C:\Program Files\Tencent\QQDownload\QQDownload.exe" autostart>  [N/A]
    <eMuleAutoStart><; C:\Program Files\eMule\eMule.exe -AutoStart>  [http://www.emule-project.net]
    <H/PC Connection Agent><; "C:\Program Files\Microsoft ActiveSync\wcescomm.exe">  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <CnsMin><Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32>  [(Verified)"INTER CHINA NETWORK SOFTWARE (BEIJING) CO., LTD."]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <yok.exe><C:\PROGRA~1\yok\yok.exe>  [YOK.Com]
    <MSConfig><C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto>  [(Verified)Microsoft Windows Publisher]
    <AutoUpdate><; >  [N/A]
    <enf><; C:\Program Files\Wincph\enf.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{D157330A-9EF3-49F8-9A67-4141AC41ADD4}><C:\WINDOWS\DOWNLO~1\CnsHook.dll>  [(Verified)"INTER CHINA NETWORK SOFTWARE (BEIJING) CO., LTD."]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    <WinlogonNotify: WgaLogon><WgaLogon.dll>  [(Verified)Microsoft Corporation]

==================================

启动文件夹
N/A

==================================
服务
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Navoct / Navoct][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\PROGRA~1\Iesnap\navoct.dll>< >
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================

驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AliIde / AliIde][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD K8 Processor Driver / AmdK8][Stopped/Manual Start]
  <System32\DRIVERS\amdk8.sys><Advanced Micro Devices>
[ati2mtag / ati2mtag][Running/Manual Start]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[BaseTDI / BaseTDI][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\basetdi.sys><Beijing Rising Technology Co., Ltd.>
[CmdIde / CmdIde][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[CnsMinKP / CnsMinKP][Running/Boot Start]
  <\SystemRoot\system32\drivers\CnsMinKP.sys><国风因特软件（北京）有限公司>
[CnsStd / CnsStd][Running/Auto Start]
  <\SystemRoot\System32\drivers\CnsStd.sys><北京三七二一科技有限公司>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\ExpScan.sys><>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
  <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[HookCont / HookCont][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\HookSys.sys><Rising>
[leojqfpc / leojqfpc][Running/Boot Start]
  <\SystemRoot\\SystemRoot\System32\drivers\leojqfpc.sys><N/A>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\MEMSCAN.sys><瑞星软件有限公司>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Stopped/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[PProtect / PProtect][Stopped/System Start]
  <\??\C:\PROGRA~1\KV2006\PProtect.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\RSPPSYS.sys><Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[ATI-437A Serial ATA Controller / SI3112r][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\SI3112r.sys><Silicon Image, Inc.>
[TYKeeper / TYKeeper][Running/Boot Start]
  <\SystemRoot\system32\drivers\TYKeeper.sys><YOK.Com>
[R2A / R2A][Stopped/Disabled]
  <\??\C:\WINDOWS\system32a2.sys><N/A>

==================================

浏览器加载项
[QQCycloneHelper Class]
  {00000000-12C9-4305-82F9-43058F20E8D2} <C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll, 腾讯公司>
[WebThunder Browser Helper]
  {00000AAA-A363-466E-BEF5-9BB68697AA7F} <C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_015.dll, Thunder Networking Technologies,LTD>
[IDMIEHlprObj Class]
  {0055C089-8582-441B-A0BF-17B458C2A3A8} <C:\Program Files\Internet Download Manager\IDMIECC.dll, Tonec Inc.>
[BitComet Helper]
  {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll, BitComet>
[]
  {75FE2B5A-D3A4-4EFA-AC11-ADC9C9459688} <C:\PROGRA~1\yok\toolbar.dll, YOK.Com>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[CnsHook Class]
  {D157330A-9EF3-49F8-9A67-4141AC41ADD4} <C:\WINDOWS\DOWNLO~1\CnsHook.dll, 国风因特软件（北京）有限公司>
[bho Class]
  {ED8DFC5C-10EF-45AB-9DC2-0639AFF5A270} <C:\PROGRA~1\COMMON~1\Wnwb\wnwbio.dll, 深圳世强软件开发部>
[Create Mobile Favorite]
  {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} <C:\PROGRA~1\MICROS~3\INetRepl.dll, Microsoft Corporation>
[Create Mobile Favorite]
  {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} <C:\PROGRA~1\MICROS~3\INetRepl.dll, Microsoft Corporation>
[Yahoo 3.5G电邮]
  {507F9113-CD77-4866-BA92-0E86DA3D0B97} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail, N/A>
[名品折扣]
  {59BC54A2-56B3-44a0-93E5-432D58746E26} <http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=http://www.taobao.com/vertical/mall/pro.php?allyesPara=816, N/A>
[雅虎助手]
  {5D73EE86-05F1-49ed-B850-E423120EC338} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist, N/A>
[雅虎WIDGET]
  {6354ABE6-05F1-49ed-B850-E423120EC338} <http://cn.widget.yahoo.com/index.htm?source=Cns, N/A>

[启动Web迅雷]
  {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
[情景聊天]
  {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg, N/A>
[]
  {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair, N/A>
[]
  {FD00D911-7529-4084-9946-A29F1BDF4FE5} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean, N/A>
[IE搜索工具条]
  {BE830FD4-E393-417F-9F4B-CC70ABB3384C} <C:\WINDOWS\system32\IETool.dll, N/A>
[金山快译(&K)]
  {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} <C:\Program Files\Common Files\Kingsoft\Extract\AddIns\IEBand.dll, 金山软件股份有限公司>
[Edit Class]
  {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\system32\CMBEdit.dll, >
[VqqSpeedDlProxy Class]
  {9ADACAA6-533E-4383-AFA7-F0A66650B6D8} <C:\WINDOWS\vqqsdl10.dll, Tencent Technology (Shenzhen) Company Limited>
[Tencent Safety Online Base Module]
  {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <C:\WINDOWS\DOWNLO~1\TSOBase.ocx, Tencent Corporation>
[VqqSpeedDlProxy Class]
  {F138084D-84D7-48CD-BEA8-04772457516E} <C:\WINDOWS\vqqsdl.dll, Tencent>
[QQCycloneHelper Class]
  {00000000-12C9-4305-82F9-43058F20E8D2} <C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll, 腾讯公司>
[WebThunder Browser Helper]
  {00000AAA-A363-466E-BEF5-9BB68697AA7F} <C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_015.dll, Thunder Networking Technologies,LTD>
[IDMIEHlprObj Class]
  {0055C089-8582-441B-A0BF-17B458C2A3A8} <C:\Program Files\Internet Download Manager\IDMIECC.dll, Tonec Inc.>
[Edit Class]
  {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\system32\CMBEdit.dll, >
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[BitComet Helper]
  {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll, BitComet>
[XML Data Source Object]
  {550DDA30-0541-11D2-9CA9-0060B0EC3D39} <%SystemRoot%\system32\msxml3.dll, N/A>
[YOKHttpFilter Class]
  {686D3343-D00D-49A1-96DF-66F3AF62F348} <C:\PROGRA~1\yok\adblock.dll, YOK.Com>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[金山快译(&K)]
  {6C3797D2-3FEF-4CD4-B654-D3AE55B4128C} <C:\Program Files\Common Files\Kingsoft\Extract\AddIns\IEBand.dll, 金山软件股份有限公司>
[YOKAdBlock Class]
  {718F4AD3-70D4-425E-9159-5598DFC732ED} <C:\PROGRA~1\yok\adblock.dll, YOK.Com>
[]
  {75FE2B5A-D3A4-4EFA-AC11-ADC9C9459688} <C:\PROGRA~1\yok\toolbar.dll, YOK.Com>
[AutoLive]
  {7CA83CF1-3AEA-42D0-A4E3-1594FC6E48B2} <C:\PROGRA~1\3721\autolive.dll, 北京三七二一科技有限公司>
[YOKAutoLive]
  {7D0E8987-BA21-483a-B1AC-149DA2F39A5A} <C:\Program Files\yok\autolive.dll, YOK.Com>
[ContextSearch Class]
  {88351CEF-BAC0-4A9B-8380-31A173E2926F} <C:\PROGRA~1\yok\toolbar.dll, YOK.Com>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[VqqSpeedDlProxy Class]
  {9ADACAA6-533E-4383-AFA7-F0A66650B6D8} <C:\WINDOWS\vqqsdl10.dll, Tencent Technology (Shenzhen) Company Limited>
[相关搜索]
  {A29F7F71-DCDB-412D-B19A-2002DC966E33} <C:\PROGRA~1\yok\relband.dll, YOK.Com>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[IE搜索工具条]
  {BE830FD4-E393-417F-9F4B-CC70ABB3384C} <C:\WINDOWS\system32\IETool.dll, N/A>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[CnsHook Class]
  {D157330A-9EF3-49F8-9A67-4141AC41ADD4} <C:\WINDOWS\DOWNLO~1\CnsHook.dll, 国风因特软件（北京）有限公司>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[bho Class]
  {ED8DFC5C-10EF-45AB-9DC2-0639AFF5A270} <C:\PROGRA~1\COMMON~1\Wnwb\wnwbio.dll, 深圳世强软件开发部>
[]
  {F869BB38-FFEF-4589-B986-610B7AD0ADA2} <C:\PROGRA~1\yok\toolbar.dll, YOK.Com>
[&使用BitComet下载]
  <res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm, N/A>
[&使用BitComet下载全部链接]
  <res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm, N/A>
[&使用BitComet下载本页视频]
  <res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm, N/A>
[&使用超级旋风下载]
  <C:\Program Files\Tencent\QQDownload\geturl.htm, N/A>
[&使用超级旋风下载全部链接]
  <C:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>
[使用 IDM 下载]
  <C:\Program Files\Internet Download Manager\IEExt.htm, N/A>
[使用 IDM 下载所有链接]
  <C:\Program Files\Internet Download Manager\IEGetAll.htm, N/A>
[使用Web迅雷下载]
  <C:\Program Files\Thunder Network\WebThunder\GetUrl.htm, N/A>
[使用Web迅雷下载全部链接]
  <C:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm, N/A>
[使用迅雷下载]
  <C:\Program Files\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <C:\Program Files\Thunder\Program\getallurl.htm, N/A>
[在Foxmail中添加该RSS频道/频道组]
  <res://C:\WINDOWS\system32\fmrsslink.dll/201, N/A>
[天天升级网]
  <http://www.sdup.net/abc.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
  <F:\新建文件夹\AddEmotion.htm, N/A>
[珊瑚虫超级搜索]
  <, N/A>

==================================

正在运行的进程
[PID: 424][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 480][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 508][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4146]
    [C:\WINDOWS\system32\WgaLogon.dll]  [Microsoft Corporation, 1.7.0018.5]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 552][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 564][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 720][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4146]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2504]
    [c:\progra~1\iesnap\navstub.dll]  [, 1, 0, 1, 5]
[PID: 732][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 820][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 920][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\progra~1\iesnap\navoct.dll]  [ , 1, 0, 1, 4]
    [c:\progra~1\iesnap\navstub.dll]  [, 1, 0, 1, 5]
[PID: 968][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1004][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4146]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2504]
    [C:\WINDOWS\system32\ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4146]
    [c:\progra~1\iesnap\navstub.dll]  [, 1, 0, 1, 5]
[PID: 1204][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1368][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [c:\progra~1\iesnap\navstub.dll]  [, 1, 0, 1, 5]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [国风因特软件（北京）有限公司, 2.5.1.0]
    [C:\PROGRA~1\yok\yok.dll]  [YOK.Com, 3, 0, 0, 1005]
    [C:\PROGRA~1\yok\protect.dll]  [YOK.Com, 3, 0, 0, 1002]
    [C:\PROGRA~1\yok\adblock.dll]  [YOK.Com, 3, 0, 0, 1003]
    [C:\PROGRA~1\yok\relband.dll]  [YOK.Com, 3, 1, 0, 1004]
    [C:\PROGRA~1\yok\buttonmail.dll]  [, 1, 0, 0, 1]
    [C:\PROGRA~1\yok\toolbar.dll]  [YOK.Com, 3, 1, 0, 1008]
    [C:\PROGRA~1\yok\autolive.dll]  [YOK.Com, 3, 0, 0, 1002]
    [C:\WINDOWS\DOWNLO~1\CnsHook.dll]  [国风因特软件（北京）有限公司, 2.5.1.6]
    [C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_015.dll]  [Thunder Networking Technologies,LTD, 6, 0, 0, 5]
    [C:\Program Files\Internet Download Manager\IDMIECC.dll]  [Tonec Inc., 3, 0, 2, 1]
    [C:\Program Files\Internet Download Manager\idmmkb.dll]  [Tonec Inc., 4, 0, 0, 1]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\PROGRA~1\Wincph\cntxmenu.dll]  [N/A, ]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Thunder\ComDlls\XunLeiBHO_007.dll]  [Thunder Networking Technologies,LTD, 5, 0, 1, 4]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
[PID: 1268][C:\Program Files\Tencent\QQDownload\QQDownload.exe]  [Tencent Technology (Shenzhen) Company Limited, 1, 3, 101, 101]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [国风因特软件（北京）有限公司, 2.5.1.0]
    [c:\progra~1\iesnap\navstub.dll]  [, 1, 0, 1, 5]
    [C:\Program Files\Tencent\QQDownload\QQDownload.dll]  [Tencent Technology (Shenzhen) Company Limited, 1, 3, 101, 101]
    [C:\Program Files\Tencent\QQDownload\TNProxy.dll]  [Tencent Technology(Shenzhen) Company Limited, 2, 1, 101, 80]
    [C:\Program Files\Tencent\QQDownload\BT\BTDownload.dll]  [Tencent Technology (Shenzhen) Company Limited, 1, 3, 101, 101]
    [C:\Program Files\Tencent\QQDownload\BT\ATL80.DLL]  [Microsoft Corporation, 8.00.50727.42]
    [C:\Program Files\Tencent\QQDownload\BT\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.42]
    [C:\Program Files\Tencent\QQDownload\BT\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.42]

[PID: 2464][F:\新建文件夹\QQ.exe]  [TENCENT, 7,0,313,1681]
    [F:\新建文件夹\QQBaseClassInDll.dll]  [TENCENT, 7,0,313,1681]
    [F:\新建文件夹\QQHelperDll.dll]  [TENCENT, 7,0,313,1681]
    [F:\新建文件夹\BasicCtrlDll.dll]  [TENCENT, 7, 0, 225, 1651]
    [F:\新建文件夹\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [国风因特软件（北京）有限公司, 2.5.1.0]
    [c:\progra~1\iesnap\navstub.dll]  [, 1, 0, 1, 5]
    [F:\新建文件夹\RICHED32.DLL]  [Microsoft Corporation, 5.00.2134.1]
    [F:\新建文件夹\RICHED20.dll]  [Microsoft Corporation, 5.31.23.1218]
    [F:\新建文件夹\QQAPI.dll]  [TENCENT, 7,0,313,1681]
    [F:\新建文件夹\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
    [F:\新建文件夹\LoginCtrl.dll]  [TENCENT, 7,0,313,1681]
    [F:\新建文件夹\LoginCtrlRes.dll]  [TENCENT, 7,0,313,1681]
    [F:\新建文件夹\QQRes.dll]  [TENCENT, 7,0,313,1681]
    [F:\新建文件夹\MailSummary.dll]  [TENCENT, 7,0,313,1681]
    [F:\新建文件夹\QQMainFrame.dll]  [N/A, ]
    [F:\新建文件夹\gdiplus.dll]  [Microsoft Corporation, 5.1.3102.2180 (xpsp_sp2_rtm.040803-2158)]
    [F:\新建文件夹\CQQApplication.dll]  [N/A, ]
    [F:\新建文件夹\FlashAvatarDll.dll]  [, 1, 4, 0, 1]
    [F:\新建文件夹\NewSkin.dll]  [TENCENT, 7,0,313,1681]
    [F:\新建文件夹\HostingMgr.dll]  [TENCENT, 7,0,313,1681]
    [F:\新建文件夹\CameraDll.dll]  [TENCENT, 7,0,313,1681]
    [F:\新建文件夹\QQKnowledgeSearch.dll]  [TENCENT, 7,0,313,1681]
    [F:\新建文件夹\QQAllInOne.dll]  [TENCENT, 7,0,313,1681]
    [F:\新建文件夹\SCCore.dll]  [TENCENT, 1, 6, 0, 2]
    [F:\新建文件夹\QQSpace.dll]  [TENCENT, 7,0,313,1681]
    [F:\新建文件夹\vbscript.dll]  [Microsoft Corporation, 5.6.0.7426]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [F:\新建文件夹\QQGroupMng.dll]  [TENCENT, 7,0,313,1681]
    [F:\新建文件夹\QQSysMsgMng.dll]  [N/A, ]
    [F:\新建文件夹\UserDefinedHead.dll]  [TENCENT, 7,0,313,1681]
    [F:\新建文件夹\QQPlugin.dll]  [N/A, ]
    [F:\新建文件夹\QQConfigPlugin.dll]  [TENCENT, 7,0,313,1681]
    [F:\新建文件夹\QQAvatar.dll]  [N/A, ]
    [F:\新建文件夹\QQCustomFace.dll]  [N/A, ]
    [F:\新建文件夹\QRingMng.dll]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\msadp32.acm]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [F:\新建文件夹\QQPet.dll]  [TENCENT, 7,0,313,1681]
    [F:\新建文件夹\LongConnection.dll]  [TENCENT, 7,0,313,1681]
    [F:\新建文件夹\PhoneAPI.dll]  [TENCENT, 7,0,313,1681]
    [F:\新建文件夹\DialerAllinOne.dll]  [tencent, 1, 4, 0, 0]
    [F:\新建文件夹\ImageOle.dll]  [TENCENT, 7,0,313,1681]
    [F:\新建文件夹\QQLiveQMng.dll]  [TENCENT, 7,0,313,1681]
    [F:\新建文件夹\QQSceneMng.dll]  [N/A, ]
    [F:\新建文件夹\GroupConnection.dll]  [TENCENT, 7,0,313,1681]
    [F:\新建文件夹\CommercesMng.dll]  [TENCENT, 7,0,313,1681]
    [F:\新建文件夹\QQAddr.dll]  [深圳市腾讯计算机系统有限公司, 5, 0, 101, 310]
    [F:\新建文件夹\BQQApplication.dll]  [N/A, ]
    [F:\新建文件夹\QQZip.dll]  [TENCENT, 7,0,313,1681]
    [F:\新建文件夹\PersonalDesktop.dll]  [TENCENT, 7,0,313,1681]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [F:\新建文件夹\VqqModule.dll]  [TENCENT, 7,0,313,1681]
    [F:\新建文件夹\VqqAllInOne.dll]  [Tencent, 1, 6, 0, 2]
    [F:\新建文件夹\InPlus.dll]  [Tencent, 1, 6, 0, 2]
    [F:\新建文件夹\tencent-proto1.dll]  [tencent, 1, 6, 0, 2]
    [F:\新建文件夹\tencent-comlib.dll]  [tencent, 1, 6, 0, 2]
    [F:\新建文件夹\tencent-proto2.dll]  [tencent, 1, 6, 0, 2]
    [F:\新建文件夹\AddrSearch.dll]  [腾讯科技（深圳）有限公司, 2, 1, 9, 93]
    [F:\新建文件夹\QQMagicFace.dll]  [TENCENT, 7,0,313,1681]
    [F:\新建文件夹\DShared.dll]  [Tencent, 1, 6, 0, 2]
    [F:\新建文件夹\QQFileTransfer.dll]  [TENCENT, 7,0,313,1681]
[PID: 2508][F:\新建文件夹\TIMPlatform.exe]  [TENCENT, 7,0,313,1681]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [国风因特软件（北京）有限公司, 2.5.1.0]
    [c:\progra~1\iesnap\navstub.dll]  [, 1, 0, 1, 5]
    [F:\新建文件夹\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
    [F:\新建文件夹\DShared.dll]  [Tencent, 1, 6, 0, 2]
[PID: 2876][C:\WINDOWS\system32\taskmgr.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [国风因特软件（北京）有限公司, 2.5.1.0]
    [c:\progra~1\iesnap\navstub.dll]  [, 1, 0, 1, 5]
[PID: 3852][C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [国风因特软件（北京）有限公司, 2.5.1.0]
    [c:\progra~1\iesnap\navstub.dll]  [, 1, 0, 1, 5]
[PID: 2692][C:\Documents and Settings\Administrator\桌面\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [国风因特软件（北京）有限公司, 2.5.1.0]
    [c:\progra~1\iesnap\navstub.dll]  [, 1, 0, 1, 5]

==================================

==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost
0.0.0.0 182838.com
0.0.0.0 204.177.92.68
0.0.0.0 asiafriendfinder.com
0.0.0.0 asqin123.51.net
0.0.0.0 babe520.5188.org
0.0.0.0 music.feifa.com
0.0.0.0 music.v111.com
0.0.0.0 www.jpbeauty.com
0.0.0.0 beautishow.com
0.0.0.0 goodmovies88.com
0.0.0.0 hothack.home.chinaren.com
0.0.0.0 hualiao.net
0.0.0.0 iplus.allyes.com
0.0.0.0 jjkafei.longcity.net
0.0.0.0 kaomm.8m.cn
0.0.0.0 l3iaoliao.com
0.0.0.0 lingaonbvm.myrice.com
0.0.0.0 lovejava.boy.net.cn
0.0.0.0 love7liao.com
0.0.0.0 asqin123.51.net
0.0.0.0 babe520.5188.org
0.0.0.0 music.feifa.com
0.0.0.0 jjkafei.longcity.net
0.0.0.0 kaomm.8m.cn
0.0.0.0 l3iaoliao.com
0.0.0.0 l3iaoliao.com
0.0.0.0 lingaonbvm.myrice.com
0.0.0.0 lovejava.boy.net.cn
0.0.0.0 love7liao.com
0.0.0.0 babe520.5188.org
0.0.0.0 music.feifa.com
0.0.0.0 music.v111.com
0.0.0.0 babe520.5188.org
0.0.0.0 music.feifa.com
0.0.0.0 jjkafei.longcity.net
0.0.0.0 kaomm.8m.cn
0.0.0.0 l3iaoliao.com
0.0.0.0 l3iaoliao.com
0.0.0.0 lingaonbvm.myrice.com
0.0.0.0 lovejava.boy.net.cn
0.0.0.0 love7liao.com
0.0.0.0 babe520.5188.org
0.0.0.0 music.feifa.com
0.0.0.0 music.v111.com
219.153.32.215 auto.search.msn.com

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

别沉了，帮朋友发的

继续顶下，帮我看看