瑞星卡卡安全论坛

Logfile of HijackThis v1.99.1
Scan saved at 14:44:13, on 2005-7-19
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
c:\program files\rising\rfw\RfwMain.exe
D:\HEROSOFT\Hero3000\SYSEXPLR.EXE
D:\Real\RealPlayer\RealPlay.exe
C:\Program Files\WeirdOnTheWeb\WeirdOnTheWeb.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\WINDOWS\System32\msxct.exe
C:\WINDOWS\System32\05roriof.exe
c:\windows\system32\cdpuqs.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
C:\PROGRA~1\RISING\RAV\RAVMON.EXE
C:\Program Files\wsearch\Search.exe
C:\WINDOWS\system32\usbn.exe
C:\WINDOWS\System32\BCUP.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Microtek\ScanWizard 5\ScannerFinder.exe
C:\WINDOWS\System32\conime.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\inscdm\evuhebnsyb.exe
C:\WINDOWS\Explorer.exe
D:\新建文件夹\HijackThis.exe

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O1 - Hosts: 220.189.243.194 www.sha88.com
O1 - Hosts: 220.189.243.194 sha88.com
O1 - Hosts: 220.189.243.194 www.hao6.com
O1 - Hosts: 220.189.243.194 hao6.com
O1 - Hosts: 220.189.243.194 www.hao123.com
O1 - Hosts: 220.189.243.194 hao123.com
O1 - Hosts: 220.189.243.194 www.zhao123.com
O1 - Hosts: 220.189.243.194 zhao123.com
O1 - Hosts: 220.189.243.194 www.heiqq.com
O1 - Hosts: 220.189.243.194 heiqq.com
O1 - Hosts: 220.189.243.194 www.go.ezeem.com
O1 - Hosts: 220.189.243.194 go.ezeem.com
O1 - Hosts: 220.189.243.194 www.pagead2.googlesyndication.com
O1 - Hosts: 220.189.243.194 pagead2.googlesyndication.com
O1 - Hosts: 220.189.243.194 www.shaniuniu.com
O1 - Hosts: 220.189.243.194 shaniuniu.com
O1 - Hosts: 220.189.243.194 www.t3j4.com
O1 - Hosts: 220.189.243.194 t3j4.com
O1 - Hosts: 220.189.243.194 www.ayqq.com
O1 - Hosts: 220.189.243.194 ayqq.com
O1 - Hosts: 220.189.243.194 www.chinasite.com.cn
O1 - Hosts: 220.189.243.194 chinasite.com.cn
O1 - Hosts: 220.189.243.194 www.17sky.com
O1 - Hosts: 220.189.243.194 17sky.com
O1 - Hosts: 220.189.243.194 www.ku333.com
O1 - Hosts: 220.189.243.194 ku333.com
O1 - Hosts: 220.189.243.194 www.tanle.com
O1 - Hosts: 220.189.243.194 tanle.com
O1 - Hosts: 220.189.243.194 www.haodx.com
O1 - Hosts: 220.189.243.194 haodx.com
O1 - Hosts: 220.189.243.194 www.luow.com
O1 - Hosts: 220.189.243.194 luow.com
O1 - Hosts: 220.189.243.194 www.516.com
O1 - Hosts: 220.189.243.194 516.com
O1 - Hosts: 220.189.243.194 www.258.com
O1 - Hosts: 220.189.243.194 258.com
O1 - Hosts: 220.189.243.194 www.265.com
O1 - Hosts: 220.189.243.194 265.com
O1 - Hosts: 220.189.243.194 www.114.com.cn
O1 - Hosts: 220.189.243.194 114.com.cn
O1 - Hosts: 220.189.243.194 www.5566.net
O1 - Hosts: 220.189.243.194 5566.net
O1 - Hosts: 220.189.243.194 www.jc365.com
O1 - Hosts: 220.189.243.194 jc365.com
O1 - Hosts: 220.189.243.194 www.365.com
O1 - Hosts: 220.189.243.194 365.com
O1 - Hosts: 220.189.243.194 www.v111.com
O1 - Hosts: 220.189.243.194 v111.com
O1 - Hosts: 220.189.243.194 www.wu35.com
O1 - Hosts: 220.189.243.194 wu35.com
O1 - Hosts: 220.189.243.194 www.sinawz.com
O1 - Hosts: 220.189.243.194 sinawz.com
O1 - Hosts: 220.189.243.194 www.5d123.com
O1 - Hosts: 220.189.243.194 5d123.com
O1 - Hosts: 220.189.243.194 www.5sogua.com
O1 - Hosts: 220.189.243.194 5sogua.com
O1 - Hosts: 220.189.243.194 www.hao333.com
O1 - Hosts: 220.189.243.194 hao333.com
O1 - Hosts: 220.189.243.194 www.284.com.cn
O1 - Hosts: 220.189.243.194 284.com.cn
O1 - Hosts: 220.189.243.194 www.8ku.com
O1 - Hosts: 220.189.243.194 8ku.com
O1 - Hosts: 220.189.243.194 www.lx168.net
O1 - Hosts: 220.189.243.194 lx168.net
O1 - Hosts: 220.189.243.194 www.haourl.com
O1 - Hosts: 220.189.243.194 haourl.com
O1 - Hosts: 220.189.243.194 www.898.cc
O1 - Hosts: 220.189.243.194 898.cc
O1 - Hosts: 220.189.243.194 www.33c.net
O1 - Hosts: 220.189.243.194 33c.net
O1 - Hosts: 220.189.243.194 www.tang8.com
O1 - Hosts: 220.189.243.194 tang8.com
O1 - Hosts: 220.189.243.194 www.661661.com
O1 - Hosts: 220.189.243.194 661661.com
O1 - Hosts: 220.189.243.194 www.98988.net
O1 - Hosts: 220.189.243.194 98988.net
O1 - Hosts: 220.189.243.194 www.zhao114.com
O1 - Hosts: 220.189.243.194 zhao114.com
O1 - Hosts: 220.189.243.194 www.wo111.com
O1 - Hosts: 220.189.243.194 wo111.com
O1 - Hosts: 220.189.243.194 www.souou.com
O1 - Hosts: 220.189.243.194 souou.com
O1 - Hosts: 220.189.243.194 www.zui8.com
O1 - Hosts: 220.189.243.194 zui8.com
O1 - Hosts: 220.189.243.194 www.yan88.com
O1 - Hosts: 220.189.243.194 yan88.com
O1 - Hosts: 220.189.243.194 www.k369.com
O1 - Hosts: 220.189.243.194 k369.com
O1 - Hosts: 220.189.243.194 www.uhot.net
O1 - Hosts: 220.189.243.194 uhot.net
O1 - Hosts: 220.189.243.194 www.z369.com
O1 - Hosts: 220.189.243.194 z369.com
O1 - Hosts: 220.189.243.194 www.wo365.com
O1 - Hosts: 220.189.243.194 wo365.com
O1 - Hosts: 220.189.243.194 www.221111.com
O1 - Hosts: 220.189.243.194 221111.com
O1 - Hosts: 220.189.243.194 www.zhao99.com
O1 - Hosts: 220.189.243.194 zhao99.com
O1 - Hosts: 220.189.243.194 www.haozs.com
O1 - Hosts: 220.189.243.194 haozs.com
O1 - Hosts: 220.189.243.194 www.865.cn

O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll (file missing)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: IDDTInitObj Class - {15DDE989-CD45-4561-BF99-D22C0D5C2B74} - C:\WINDOWS\Downlo~1\ddtinit.dll
O2 - BHO: viviband - {15DDE989-CD45-4561-BF99-D22C0D5C2B85} - C:\WINDOWS\Downlo~1\vivimin.dll
O2 - BHO: 上网助手 - {1B0E7716-898E-48cc-9690-4E338E8DE1D3} - C:\PROGRA~1\3721\Assist\assist.dll
O2 - BHO: (no name) - {2AEE1EC3-29FB-2330-150F-D0F318C3CB46} - C:\WINDOWS\inscdm\evuhebnsyb.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\Tencent\QQ\QQIEHelper.dll
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll (file missing)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\FlashGet\jccatch.dll
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\System32\qylhelper.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\DOWNLO~1\CnsHook.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: 博采 - {4DA2EE61-6399-4C39-AEB9-0D990E610D29} - C:\WINDOWS\System32\BOCAIT~1.DLL
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\FlashGet\fgiebar.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: 上网助手 - {1B0E7716-898E-48cc-9690-4E338E8DE1D3} - C:\PROGRA~1\3721\Assist\assist.dll
O3 - Toolbar: 新浪ViVi收藏夹 - {15DDE989-CD45-4561-BF99-D22C0D5C2B85} - C:\WINDOWS\Downlo~1\vivimin.dll
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll
O4 - HKLM\..\Run: [SysExplr] D:\HEROSOFT\Hero3000\SYSEXPLR.EXE
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [RealTray] D:\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\System32\Isass.exe
O4 - HKLM\..\Run: [] regedit -s C:\$NtUninstallQ5926809$\sp4custom.dll
O4 - HKLM\..\Run: [WIN32] win32.exe
O4 - HKLM\..\Run: [Windows Management Instrumentation] wmimgr.exe
O4 - HKLM\..\Run: [WeirdOnTheWeb] "C:\Program Files\WeirdOnTheWeb\WeirdOnTheWeb.exe"
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [msxct] msxct.exe
O4 - HKLM\..\Run: [05roriof] C:\WINDOWS\System32\05roriof.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RavTimer] C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] C:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [MoveSearch] C:\Program Files\wsearch\Search.exe
O4 - HKLM\..\Run: [usbn] C:\WINDOWS\system32\usbn.exe -go -c77 -w
O4 - HKLM\..\Run: [BCUpdate] C:\WINDOWS\System32\BCUP.exe
O4 - HKLM\..\Run: [ilzrflm] c:\windows\system32\cdpuqs.exe r
O4 - HKLM\..\RunServices: [WIN32] win32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [] regedit -s C:\$NtUninstallQ5926809$\sp4custom.dll
O4 - HKCU\..\Run: [3721] C:\$NtUninstallQ5926809$\3721.bat
O4 - HKCU\..\Run: [WIN32] win32.exe
O4 - Global Startup: Microtek 扫描仪探测器.lnk = D:\Microtek\ScanWizard 5\ScannerFinder.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: 使用网际快车下载 - D:\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - D:\FlashGet\jc_all.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 收藏此页到新浪ViVi - http://vivi.sina.com.cn/collect/click.php?agent=viviband
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: 解霸实时播放 - D:\HEROSOFT\Hero3000\MPURLGET.HTM
O9 - Extra button: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm?pid=28372_1006 (file missing)
O9 - Extra button: 解霸 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - D:\HEROSOFT\Hero3000\MPLAYER.EXE
O9 - Extra 'Tools' menuitem: 超级解霸 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - D:\HEROSOFT\Hero3000\MPLAYER.EXE
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - Extra button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://hot.3721.com/rd/shop_btn.htm (file missing)
O9 - Extra button: 上网助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.3721.com/index.htm?fb=Cns (file missing)
O9 - Extra button: 词霸 - {8DE0FCD4-5EB5-11D3-AD25-00002100131B} - d:\kingsoft\ieplugin.DLL
O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: 卓越 - {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} - d:\kingsoft\ieplugin.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Tencent\QQ\QQ.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Tencent\QQ\QQIEHelper.dll
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O11 - Options group: [!CNS]  网络实名
O16 - DPF: {15DDE989-CD45-4561-BF99-D22C0D5C2B85} (新浪ViVi收藏夹) - http://image2.sina.com.cn/pfp/iweb/vivimin.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1117522761968
O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - http://bar.baidu.com/update/IESearch.cab
O16 - DPF: {DA984A6D-508E-11D6-AA49-0050FF3C628D} (Ravonline) - http://download.rising.com.cn/QQ/QQkill/rsonline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{06755F31-85C6-4BD1-B23E-6C6C6E6B6F43}: NameServer = 202.98.160.68,202.98.161.68
O17 - HKLM\System\CCS\Services\Tcpip\..\{FE8DBBCB-3A19-4DF2-BBC7-830296B33A07}: NameServer = 202.98.160.68 202.98.161.68
O17 - HKLM\System\CS1\Services\Tcpip\..\{06755F31-85C6-4BD1-B23E-6C6C6E6B6F43}: NameServer = 202.98.160.68,202.98.161.68
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Unknown owner - D:\RISING\RAV\Ravmond.exe (file missing)
O23 - Service: System Startup Service  (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe

建议修复（如果楼主认为安全可以不选）
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
所有01项
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll (file missing)
O2 - BHO: (no name) - {2AEE1EC3-29FB-2330-150F-D0F318C3CB46} - C:\WINDOWS\inscdm\evuhebnsyb.dll
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll (file missing)
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\System32\qylhelper.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\System32\Isass.exe
O4 - HKLM\..\Run: [] regedit -s C:\$NtUninstallQ5926809$\sp4custom.dll
O4 - HKLM\..\Run: [WIN32] win32.exe
O4 - HKLM\..\Run: [msxct] msxct.exe
O4 - HKLM\..\Run: [05roriof] C:\WINDOWS\System32\05roriof.exe
O4 - HKLM\..\Run: [MoveSearch] C:\Program Files\wsearch\Search.exe
O4 - HKLM\..\Run: [usbn] C:\WINDOWS\system32\usbn.exe -go -c77 -w
O4 - HKLM\..\Run: [BCUpdate] C:\WINDOWS\System32\BCUP.exe
O4 - HKLM\..\Run: [ilzrflm] c:\windows\system32\cdpuqs.exe r
O4 - HKLM\..\RunServices: [WIN32] win32.exe
O4 - HKCU\..\Run: [] regedit -s C:\$NtUninstallQ5926809$\sp4custom.dll
O4 - HKCU\..\Run: [3721] C:\$NtUninstallQ5926809$\3721.bat
O4 - HKCU\..\Run: [WIN32] win32.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab
O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe

重起进安全模式
管理工具--服务--停止并禁用System Startup Service (SvcProc)
我的电脑--工具--文件夹选项--查看--显示所有文件（如图，或参考本版基本操作说明http://forum.ikaka.com/topic.asp?board=67&artid=6789825）
查找并删除
C:\WINDOWS\Nail.exe
C:\WINDOWS\inscdm\evuhebnsyb.dll
C:\WINDOWS\System32\qylhelper.dll
C:\WINDOWS\System32\msbe.dll
C:\WINDOWS\System32\Isass.exe
C:\$NtUninstallQ5926809$\sp4custom.dll
win32.exe
msxct.exe
C:\WINDOWS\System32\05roriof.exe
C:\Program Files\wsearch\Search.exe
C:\WINDOWS\system32\usbn.exe
c:\windows\system32\cdpuqs.exe
C:\WINDOWS\System32\BCUP.exe
C:\$NtUninstallQ5926809$\3721.bat
c:\ex.cab
c:\eied_s7.cab
C:\WINDOWS\System32\vbsys2.dll
C:\WINDOWS\svcproc.exe
清空IE临时文件夹

附件: 5221632005719154051.gif

01项全部修复....