瑞星卡卡安全论坛

我的电脑有以下几个怪现象，请大家帮我看看到底是中毒了还是我的机子有问题：

1、杀毒程序失效：杀毒程序运行不了，无论你怎么点软件图标，它就是无动于衷，没反应！

2、日志扫描程序失效：本来想扫个日志上来叫各位大虾看一下，结果出现的问题同第 1 点一样！

3、在网上搜索的时候碰到更奇怪的事：只要我搜索的字里面有包括“病毒”、“瑞星”、“金山毒霸”等等杀毒软件或病毒的名称，网页就立即全部自动关闭。这就意味我即不能下载也不能安装，就算侥幸被我安装上了，也同样运行不了。对付病毒的这些办法完全失效。

4、后来想想或许到“安全模式”下，杀毒程序可以运行，更没想到的是，我怎么进都进不了安全模式，情况是这样滴：我选了安全模式，过了一会它会自动返回按照正常的进入系统，无论试多少次，最后进入都是正常模式。

5、想想前面那些都不行，我把它全格了，重新装还不成嘛！于是就重新分区、格式化、重装系统，好不容易全OK了，带着侥幸的心理打几个字去搜索搜索一下，结果真是让我彻底崩溃了，还是老样子~~~~~~~~~~~~~~~~~~~~~~

为了向大家求救，唯一的办法就是我现在正在做的换一台电脑。。。。。。。。

我的电脑怎么了？？？？？？我到底该怎么办？？？？？？？？？
如果这是病毒的话，那我要说我真是太佩服你了，你就饶了我吧！！！！！

请各位高手救救我的机子吧~~~~~~~~~鄙人在此跪谢了！！！！

我自己来顶。。。。。。

高手快来啊~~~~~~~~

将你的系统日期对正确

下载 System Repair Engineer，到你的“Windows”文件夹里。

http://www.kztechs.com/sreng/download.html

1 解压缩sreng2.zip
2 将SREng.exe重命名为abc.exe运行.(一定得改名）
3 智能扫描=》扫描=》保存报告
4 把日志中的报告完整拷贝分段贴上来，不要修改

还有如果愿意重装系统，就可以轻松搞定：

可以在新系统安装完毕，进入的第一次，绝不使用原机任何文件，绝不打开任何磁盘，绝不使用U盘。

然后直接去网上的自己的邮箱里下载先备份上传的解压缩工具WinRAR，下载到桌面，安装后，立即用WinRAR打开各个磁盘，手工在WinRAR中删除各盘根目录下的文件：
Autorun.inf及Autorun.inf内容所指向的文件。

然后安装并升级杀软至最新版本，全盘杀毒。

至于U盘，可以在插入电脑前，按住“Shift”键不放手，直至系统检测完毕.
再用WinRAR打开U盘，删除根目录下的同样文件，就可以了。但是里面的所有文件，也得再彻底杀毒。

嗯．．．重新下个ＳＲＥ

！！

不行就改名为1.exe\1.bat\1.scr之类的运行！

========Content========
Windows XP Home Edition Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <iDuba Personal FireWall><>  [N/A]
    <msnmsgr><"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <SoundMan><SOUNDMAN.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <DingolOKS><C:\Program Files\Lenovo\Dinoks\DingolOKS.exe>  [Lenovo]
    <DingolVLR><C:\Program Files\联想（Lenovo）\LenovoDingol\DingolVLR.exe>  [Bitland Information Technology Co.,Ltd.]
    <Mydevice><"C:\Program Files\Common Files\Lenovo\digitalsuit\commondll\MyDevice.exe">  []
    <Kavrun><>  [N/A]
    <iDuba Personal FireWall><>  [N/A]
    <DMXLauncher><C:\Program Files\Lenovo\dvdburning\DMXLauncher.exe>  []
    <System><C:\Program Files\Common Files\system\Updaterun.exe>  []
    <Microsoft Pinyin IME Migration><C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{5A20C4A5-C4A5-A200-A5A2-4A5204A5A200}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\C4A5A200.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe]
    <IFEO[360rpt.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe]
    <IFEO[360Safe.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe]
    <IFEO[360tray.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adam.exe]
    <IFEO[adam.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AgentSvr.exe]
    <IFEO[AgentSvr.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AppSvc32.exe]
    <IFEO[AppSvc32.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe]
    <IFEO[autoruns.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe]
    <IFEO[avgrssvc.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe]
    <IFEO[AvMonitor.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com]
    <IFEO[avp.com]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe]
    <IFEO[avp.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe]
    <IFEO[CCenter.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe]
    <IFEO[ccSvcHst.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FileDsty.exe]
    <IFEO[FileDsty.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FTCleanerShell.exe]
    <IFEO[FTCleanerShell.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe]
    <IFEO[HijackThis.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IceSword.exe]
    <IFEO[IceSword.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmo.exe]
    <IFEO[iparmo.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.exe]
    <IFEO[Iparmor.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\isPwdSvc.exe]
    <IFEO[isPwdSvc.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kabaload.exe]
    <IFEO[kabaload.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KaScrScn.SCR]
    <IFEO[KaScrScn.SCR]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe]
    <IFEO[KASMain.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe]
    <IFEO[KASTask.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe]
    <IFEO[KAV32.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe]
    <IFEO[KAVDX.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.exe]
    <IFEO[KAVPFW.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVSetup.exe]
    <IFEO[KAVSetup.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe]
    <IFEO[KAVStart.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KISLnchr.exe]
    <IFEO[KISLnchr.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMailMon.exe]
    <IFEO[KMailMon.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMFilter.exe]
    <IFEO[KMFilter.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe]
    <IFEO[KPFW32.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe]
    <IFEO[KPFW32X.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFWSvc.exe]
    <IFEO[KPFWSvc.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRegEx.exe]
    <IFEO[KRegEx.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\krepair.COM]
    <IFEO[krepair.COM]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KsLoader.exe]
    <IFEO[KsLoader.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVCenter.kxp]
    <IFEO[KVCenter.kxp]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvDetect.exe]
    <IFEO[KvDetect.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvfwMcl.exe]
    <IFEO[KvfwMcl.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.kxp]
    <IFEO[KVMonXP.kxp]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP_1.kxp]
    <IFEO[KVMonXP_1.kxp]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvol.exe]
    <IFEO[kvol.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvolself.exe]
    <IFEO[kvolself.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvReport.kxp]
    <IFEO[KvReport.kxp]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVScan.kxp]
    <IFEO[KVScan.kxp]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.exe]
    <IFEO[KVSrvXP.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVStub.kxp]
    <IFEO[KVStub.kxp]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvupload.exe]
    <IFEO[kvupload.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvwsc.exe]
    <IFEO[kvwsc.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP.kxp]
    <IFEO[KvXP.kxp]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP_1.kxp]
    <IFEO[KvXP_1.kxp]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch.exe]
    <IFEO[KWatch.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch9x.exe]
    <IFEO[KWatch9x.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatchX.exe]
    <IFEO[KWatchX.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\loaddll.exe]
    <IFEO[loaddll.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MagicSet.exe]
    <IFEO[MagicSet.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcconsol.exe]
    <IFEO[mcconsol.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmqczj.exe]
    <IFEO[mmqczj.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmsk.exe]
    <IFEO[mmsk.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVSetup.exe]
    <IFEO[NAVSetup.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe]
    <IFEO[nod32krn.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32kui.exe]
    <IFEO[nod32kui.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFW.exe]
    <IFEO[PFW.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFWLiveUpdate.exe]
    <IFEO[PFWLiveUpdate.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QHSET.exe]
    <IFEO[QHSET.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ras.exe]
    <IFEO[Ras.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rav.exe]
    <IFEO[Rav.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMon.exe]
    <IFEO[RavMon.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMonD.exe]
    <IFEO[RavMonD.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavStub.exe]
    <IFEO[RavStub.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTask.exe]
    <IFEO[RavTask.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegClean.exe]
    <IFEO[RegClean.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwcfg.exe]
    <IFEO[rfwcfg.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RfwMain.exe]
    <IFEO[RfwMain.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwProxy.exe]
    <IFEO[rfwProxy.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.exe]
    <IFEO[rfwsrv.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsAgent.exe]
    <IFEO[RsAgent.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rsaupd.exe]
    <IFEO[Rsaupd.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\runiep.exe]
    <IFEO[runiep.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safelive.exe]
    <IFEO[safelive.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe]
    <IFEO[scan32.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shcfg32.exe]
    <IFEO[shcfg32.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SmartUp.exe]
    <IFEO[SmartUp.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SREng.exe]
    <IFEO[SREng.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvc.exe]
    <IFEO[symlcsvc.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SysSafe.exe]
    <IFEO[SysSafe.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojanDetector.exe]
    <IFEO[TrojanDetector.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Trojanwall.exe]
    <IFEO[Trojanwall.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojDie.kxp]
    <IFEO[TrojDie.kxp]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UIHost.exe]
    <IFEO[UIHost.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAgent.exe]
    <IFEO[UmxAgent.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAttachment.exe]
    <IFEO[UmxAttachment.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxCfg.exe]
    <IFEO[UmxCfg.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxFwHlp.exe]
    <IFEO[UmxFwHlp.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxPol.exe]
    <IFEO[UmxPol.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UpLive.EXE.exe]
    <IFEO[UpLive.EXE.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WoptiClean.exe]
    <IFEO[WoptiClean.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zxsweep.exe]
    <IFEO[zxsweep.exe]><C:\PROGRA~1\COMMON~1\MICROS~1\MSINFO\C4A5A200.dat>  []

==================================
启动文件夹
[金山词霸 2006]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\金山词霸 2006.lnk --> C:\PROGRA~1\xdict\xdict.exe [Kingsoft Co, Ltd.]><N>
[腾讯QQ]
  <C:\Documents and Settings\Owner\「开始」菜单\程序\启动\腾讯QQ.lnk --> D:\PROGRA~1\Tencent\QQ\QQ.exe [TENCENT]><N>

==================================

服务
[Application Management / AppMgmt][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[Windows aqqp RunThem / aqqp][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\PROGRA~1\vllk\fvvu.dll>< >
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
  <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[Intranet Messenger / DATEING][Running/Auto Start]
  <C:\WINDOWS\SYSTEM32\RUNDLLFOROUR.EXE C:\WINDOWS\SYSTEM32\WBEM\SYUWQ.DLL,DllRegisterServer 1087><Microsoft Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Kingsoft Antivirus KWatch Service / KWatchSvc][Stopped/Disabled]
  <C:\kav2005\KWatch.EXE><Kingsoft Corporation>
[Windows Gateway / License][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\vqoaa.dll><Microsoft Corporation>
[Fax 2Client / ms_2fax][Running/Auto Start]
  <C:\WINDOWS\system32\bc991.exe><N/A>
[SCCMonitor / SCCMonitor][Running/Auto Start]
  <"C:\Program Files\Lenovo\联想智能控制中心\SCC\SCCMonitor.exe"><>
[Ulead Burning Helper / UleadBurningHelper][Running/Auto Start]
  <C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe><Ulead Systems, Inc.>
[Windows Live Setup Service / WLSetupSvc][Stopped/Manual Start]
  <"C:\Program Files\Windows Live\installer\WLSetupSvc.exe"><>

==================================
驱动程序
[acpidisk / acpidisk][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\acpidisk.sys><N/A>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[ati2mtag / ati2mtag][Running/Manual Start]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[CALLKEY_IO / CALLKEY_IO][Stopped/Manual Start]
  <\??\G:\CALLKEY.sys><N/A>
[cnprov / cnprov][Running/Boot Start]
  <\SystemRoot\system32\drivers\cnprov.sys><中国互联网络信息中心(CNNIC)>
[Conexant 23880 Video Capture / CX23880][Running/Auto Start]
  <system32\drivers\cx88vid.sys><Conexant Systems, Inc.>
[Conexant 2388x Crossbar / CX88XBAR][Running/Auto Start]
  <system32\drivers\CX88XBAR.sys><Conexant Systems, Inc.>
[Conexant 2388x Tuner / CXTUNE][Running/Auto Start]
  <system32\drivers\CX88TUNE.sys><Conexant Systems, Inc.>
[idnaux / idnaux][Running/Auto Start]
  <system32\drivers\idnaux.sys><中国互联网络信息中心(CNNIC)>
[KWatch3 / KWatch3][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>
[MarsUsb / MarsUsb][Running/Manual Start]
  <system32\DRIVERS\MarsUsb.sys><Bitland Information Technology Co.,Ltd>
[msqmx / msqmx][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\msqmx.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[sptd / sptd][Running/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[Virtual Drive / VirtualDrive][Stopped/Manual Start]
  <\??\C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.797\Virtual Drive Manager1.2.3\vdd-x86.sys><N/A>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[PNDIO / PNDIO][Running/Manual Start]
  <\??\C:\Program Files\Lenovo\Dinoks\pndio.sys><N/A>

==================================
浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
  {11F09AFC-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[CAdLogic Object]
  {11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\CPUSH\cpush0.dll, >
[Info cache]
  {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll, 金泰丰(广州)科技有限公司>
[IEAux Class]
  {7605CC7C-00FD-4A5F-BAFD-828342DE6279} <C:\PROGRA~1\OCINS\ieaux.dll, 中国互联网络信息中心(CNNIC)>
[Windows Live Sign-in Helper]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[ff Class]
  {FAAAC0F6-94BE-4466-934B-7C53666A2F41} <C:\WINDOWS\system32\ebc1.dll, TODO: <公司名>>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[雅虎助手]
  {5D73EE86-05F1-49ed-B850-E423120EC338} <http://cn.zs.yahoo.com/start.htm?source=yzs_icon&btn=yassistnew, N/A>
[联想]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.lenovo.com, N/A>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL, Microsoft Corporation>
[中文上网]
  {B012491E-8FA4-4851-AA9B-22E33784FBAD} <C:\Program Files\OCINS\config.exe, 中国互联网络信息中心(CNNIC)>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <, N/A>
[MUWebControl Class]
  {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[Rising Web Scan Object]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
  {11F09AFC-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[CAdLogic Object]
  {11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\CPUSH\cpush0.dll, >
[Yahoo!Photo]
  {33BBE430-0E42-4F12-B075-8D21ACB10DCB} <C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll, Yahoo! China>
[Info cache]
  {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll, 金泰丰(广州)科技有限公司>
[AntiFish Class]
  {38928D50-8A48-44C2-945F-D2F23F771410} <C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll, yahoo! china>
[雅虎助手]
  {406F94F0-504F-4A40-8DFD-58B0666ABEBD} <C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll, yahoo! china>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <C:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[Yahoo!Live]
  {57421194-58FB-49AE-9B4F-FD48869B9AD4} <C:\Program Files\Yahoo!\Assistant\yaLive.dll, yahoo! china>
[DragSearch BHO]
  {62EED7C6-9F02-42F9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, yahoo! china>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[MUWebControl Class]
  {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, Microsoft Corporation>
[IEAux Class]
  {7605CC7C-00FD-4A5F-BAFD-828342DE6279} <C:\PROGRA~1\OCINS\ieaux.dll, 中国互联网络信息中心(CNNIC)>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[Windows Live Sign-in Helper]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[Rising Web Scan Object]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[Vod Class]
  {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <C:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DapPlayer1.0.0.41.dll, XunLei>
[yFlashDl Class]
  {F166BC04-3C84-44CC-A6E9-2315EC4844B9} <C:\Program Files\Yahoo!\Assistant\Assist\yflashdl.dll, Yahoo! China>
[ff Class]
  {FAAAC0F6-94BE-4466-934B-7C53666A2F41} <C:\WINDOWS\system32\ebc1.dll, TODO: <公司名>>
[assist]
  {FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} <C:\Program Files\Yahoo!\Assistant\Assist\yassist.dll, Yahoo! China>
[&访问通用网址]
  <C:\Program Files\OCINS\cnrbtn.html, N/A>

[使用迅雷下载]
  <C:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>
[导出到 Microsoft Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
  <d:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[添加到雅虎订阅(&Y)]
  <res://C:\Program Files\Yahoo!\Assistant\Assist\yrss.dll/YRSSMENUEXT, N/A>
[雅虎搜索]
  <res://C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll/203, N/A>

==================================
正在运行的进程
[PID: 520 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 572 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 600 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4131]
    [C:\WINDOWS\system32\winlib .dll]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 648 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 660 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 820 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4131]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2500]
    [c:\progra~1\vllk\iyyx.dll]  [, 5, 0, 0, 4]
    [c:\progra~1\vllk\nddc.dll]  [ , 5, 0, 0, 4]
[PID: 836 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 900 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 968 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\windows\system32\vqoaa.dll]  [Microsoft Corporation, 5.1.2600.0]
[PID: 1060 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1092 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1256 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\hpzsnt09.dll]  [HP, 2.236.4.0]
[PID: 1428 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\progra~1\vllk\fvvu.dll]  [ , 5, 0, 0, 4]
    [c:\progra~1\vllk\iyyx.dll]  [, 5, 0, 0, 4]
    [c:\progra~1\vllk\nddc.dll]  [ , 5, 0, 0, 4]
    [c:\progra~1\vllk\kaaz.dll]  [ , 5, 0, 0, 4]
    [c:\progra~1\vllk\brrq.dll]  [, 5, 0, 0, 2]

[PID: 1448 / SYSTEM][C:\WINDOWS\SYSTEM32\RUNDLLFOROUR.EXE]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINDOWS\SYSTEM32\WBEM\SYUWQ.DLL]  [Microsoft Corporation, 5, 1, 2600, 2709]
[PID: 1508 / SYSTEM][C:\WINDOWS\system32\bc991.exe]  [N/A, ]
[PID: 1708 / Owner][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4131]
    [c:\progra~1\vllk\iyyx.dll]  [, 5, 0, 0, 4]
    [c:\progra~1\vllk\nddc.dll]  [ , 5, 0, 0, 4]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2500]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\C4A5A200.dll]  [N/A, ]
[PID: 1812 / SYSTEM][C:\Program Files\Lenovo\联想智能控制中心\SCC\SCCMonitor.exe]  [, ]
    [C:\Program Files\Lenovo\联想智能控制中心\SCC\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
[PID: 1880 / SYSTEM][C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe]  [Ulead Systems, Inc., 1, 0, 0, 4]
[PID: 444 / Owner][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5, 1, 0, 51]
    [c:\progra~1\vllk\iyyx.dll]  [, 5, 0, 0, 4]
    [c:\progra~1\vllk\nddc.dll]  [ , 5, 0, 0, 4]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\C4A5A200.dll]  [N/A, ]
[PID: 420 / Owner][C:\Program Files\Lenovo\Dinoks\DingolOKS.exe]  [Lenovo, 1, 2, 1, 0]
    [c:\progra~1\vllk\iyyx.dll]  [, 5, 0, 0, 4]
    [c:\progra~1\vllk\nddc.dll]  [ , 5, 0, 0, 4]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\C4A5A200.dll]  [N/A, ]
[PID: 508 / Owner][C:\Program Files\联想（Lenovo）\LenovoDingol\DingolVLR.exe]  [Bitland Information Technology Co.,Ltd., 1, 0, 0, 10]
    [c:\progra~1\vllk\iyyx.dll]  [, 5, 0, 0, 4]
    [c:\progra~1\vllk\nddc.dll]  [ , 5, 0, 0, 4]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\C4A5A200.dll]  [N/A, ]
[PID: 560 / Owner][C:\Program Files\Common Files\Lenovo\digitalsuit\commondll\MyDevice.exe]  [, 1, 0, 0, 1]
    [c:\progra~1\vllk\iyyx.dll]  [, 5, 0, 0, 4]
    [c:\progra~1\vllk\nddc.dll]  [ , 5, 0, 0, 4]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\C4A5A200.dll]  [N/A, ]
[PID: 712 / Owner][C:\Program Files\Lenovo\dvdburning\DMXLauncher.exe]  [N/A, ]
    [c:\progra~1\vllk\iyyx.dll]  [, 5, 0, 0, 4]
    [c:\progra~1\vllk\nddc.dll]  [ , 5, 0, 0, 4]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\C4A5A200.dll]  [N/A, ]
[PID: 1032 / Owner][C:\Program Files\Lenovo\联想智能控制中心\SCC\LenovoSmartControlCenter.exe]  [N/A, ]
    [C:\Program Files\Lenovo\联想智能控制中心\SCC\LxSimpleOsd.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Lenovo\联想智能控制中心\SCC\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Lenovo\联想智能控制中心\SCC\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [c:\progra~1\vllk\iyyx.dll]  [, 5, 0, 0, 4]
    [c:\progra~1\vllk\nddc.dll]  [ , 5, 0, 0, 4]
    [C:\Program Files\Lenovo\联想智能控制中心\SCC\Remled.dll]  [N/A, ]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\C4A5A200.dll]  [N/A, ]
[PID: 1328 / Owner][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\progra~1\vllk\iyyx.dll]  [, 5, 0, 0, 4]
    [c:\progra~1\vllk\nddc.dll]  [ , 5, 0, 0, 4]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\C4A5A200.dll]  [N/A, ]
[PID: 1300 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2208 / Owner][C:\WINDOWS\explorer.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\progra~1\vllk\iyyx.dll]  [, 5, 0, 0, 4]
    [c:\progra~1\vllk\nddc.dll]  [ , 5, 0, 0, 4]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\C4A5A200.dll]  [N/A, ]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.2.9]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 3, 11]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll]  [, 1, 0, 0, 4]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 6]
    [C:\WINDOWS\system32\ebc1.dll]  [TODO: <公司名>, 1.0.0.1]
    [C:\kav2005\KAVEXT.DLL]  [Kingsoft Corporation, 2005, 2, 21, 13]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ywiper.dll]  [Yahoo! China, 3, 0, 5, 1009]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\WINDOWS\SYSTEM32\WBEM\SYUWQ.DLL]  [Microsoft Corporation, 5, 1, 2600, 2709]
    [C:\Program Files\Lenovo\recordnow\shlext.dll]  [, 7.0.0.0]
    [C:\Program Files\Lenovo\recordnow\MSVCR70.dll]  [Microsoft Corporation, 7.00.9466.0]
    [C:\Program Files\Windows Live\Messenger\fsshext.8.5.1235.0517.dll]  [Microsoft Corporation, 8.5.1235.0517]
    [C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll]  [Microsoft Corporation, 12.0.6020.5000]
    [c:\windows\system32\vqoaa.dll]  [Microsoft Corporation, 5.1.2600.0]
    [C:\Program Files\Microsoft Office\Office12\msohevi.dll]  [Microsoft Corporation, 12.0.4518.1014]
[PID: 2780 / SYSTEM][C:\Program Files\Windows Live\Messenger\usnsvc.exe]  [Microsoft Corporation, 8.5.1235.0517]
    [C:\Program Files\Windows Live\Messenger\usnsvcps.dll]  [Microsoft Corporation, 8.5.1235.0517]
[PID: 2524 / Owner][C:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\8e1.dll]  [  , 1, 0, 0, 3]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\C4A5A200.dll]  [N/A, ]
    [c:\progra~1\vllk\iyyx.dll]  [, 5, 0, 0, 4]
    [c:\progra~1\vllk\nddc.dll]  [ , 5, 0, 0, 4]
[PID: 4080 / Owner][C:\Program Files\Lenovo\Dinoks\DingolOKS.exe]  [Lenovo, 1, 2, 1, 0]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\C4A5A200.dll]  [N/A, ]
    [c:\progra~1\vllk\iyyx.dll]  [, 5, 0, 0, 4]
    [c:\progra~1\vllk\nddc.dll]  [ , 5, 0, 0, 4]
[PID: 2660 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3044 / Owner][D:\Firefox_1.5.0.12RC2chs\Firefox_1.5.0.12RC2chs\Mozilla Firefox\firefox.exe]  [Mozilla Corporation, 1.8.0.12: 2007050813]
    [D:\Firefox_1.5.0.12RC2chs\Firefox_1.5.0.12RC2chs\Mozilla Firefox\js3250.dll]  [Netscape Communications Corporation, 4.0]
    [D:\Firefox_1.5.0.12RC2chs\Firefox_1.5.0.12RC2chs\Mozilla Firefox\nspr4.dll]  [Netscape Communications Corporation, 4.6.7]
    [D:\Firefox_1.5.0.12RC2chs\Firefox_1.5.0.12RC2chs\Mozilla Firefox\xpcom_core.dll]  [Mozilla Foundation, 1.8.0.12: 2007050813]
    [D:\Firefox_1.5.0.12RC2chs\Firefox_1.5.0.12RC2chs\Mozilla Firefox\plc4.dll]  [Netscape Communications Corporation, 4.6.7]
    [D:\Firefox_1.5.0.12RC2chs\Firefox_1.5.0.12RC2chs\Mozilla Firefox\plds4.dll]  [Netscape Communications Corporation, 4.6.7]
    [D:\Firefox_1.5.0.12RC2chs\Firefox_1.5.0.12RC2chs\Mozilla Firefox\smime3.dll]  [Mozilla Foundation, 3.11.5]
    [D:\Firefox_1.5.0.12RC2chs\Firefox_1.5.0.12RC2chs\Mozilla Firefox\nss3.dll]  [Mozilla Foundation, 3.11.5]
    [D:\Firefox_1.5.0.12RC2chs\Firefox_1.5.0.12RC2chs\Mozilla Firefox\softokn3.dll]  [Mozilla Foundation, 3.11.4]
    [D:\Firefox_1.5.0.12RC2chs\Firefox_1.5.0.12RC2chs\Mozilla Firefox\ssl3.dll]  [Mozilla Foundation, 3.11.5]
    [D:\Firefox_1.5.0.12RC2chs\Firefox_1.5.0.12RC2chs\Mozilla Firefox\xpcom_compat.dll]  [Mozilla Foundation, 1.8.0.12: 2007050813]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\C4A5A200.dll]  [N/A, ]
    [c:\progra~1\vllk\iyyx.dll]  [, 5, 0, 0, 4]
    [c:\progra~1\vllk\nddc.dll]  [ , 5, 0, 0, 4]
    [D:\Firefox_1.5.0.12RC2chs\Firefox_1.5.0.12RC2chs\Mozilla Firefox\components\jar50.dll]  [Mozilla Foundation, 1.8.0.12: 2007050813]
    [D:\Firefox_1.5.0.12RC2chs\Firefox_1.5.0.12RC2chs\Mozilla Firefox\freebl3.dll]  [Mozilla Foundation, 3.11.4]
    [D:\Firefox_1.5.0.12RC2chs\Firefox_1.5.0.12RC2chs\Mozilla Firefox\nssckbi.dll]  [Mozilla Foundation, 1.62]
[PID: 3604 / Owner][C:\WINDOWS\sreng2\abc.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\C4A5A200.dll]  [N/A, ]
    [c:\progra~1\vllk\iyyx.dll]  [, 5, 0, 0, 4]
    [c:\progra~1\vllk\nddc.dll]  [ , 5, 0, 0, 4]
    [C:\WINDOWS\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================

文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
[D:\]
[AutoRun]
open=C4A5A200.exe
shell\open=打开(&O)
shell\open\Command=C4A5A200.exe
shell\open\Default=1
shell\explore=资源管理器(&X)
shell\explore\Command=C4A5A200.exe
[E:\]
[AutoRun]
open=C4A5A200.exe
shell\open=打开(&O)
shell\open\Command=C4A5A200.exe
shell\open\Default=1
shell\explore=资源管理器(&X)
shell\explore\Command=C4A5A200.exe
[F:\]
[AutoRun]
open=C4A5A200.exe
shell\open=打开(&O)
shell\open\Command=C4A5A200.exe
shell\open\Default=1
shell\explore=资源管理器(&X)
shell\explore\Command=C4A5A200.exe
[L:\]
[AutoRun]
open=C4A5A200.exe
shell\open=打开(&O)
shell\open\Command=C4A5A200.exe
shell\open\Default=1
shell\explore=资源管理器(&X)
shell\explore\Command=C4A5A200.exe
[M:\]
[AutoRun]
open=C4A5A200.exe
shell\open=打开(&O)
shell\open\Command=C4A5A200.exe
shell\open\Default=1
shell\explore=资源管理器(&X)
shell\explore\Command=C4A5A200.exe

==================================
HOSTS 文件
127.0.0.1      localhost
127.0.0.1      www.jack.coyo.eu
127.0.0.1      www.51zc.com
127.0.0.1      www.caiyi8.com
127.0.0.1      vod.caiyi8.com

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 420, C:\PROGRAM FILES\LENOVO\DINOKS\DINGOLOKS.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 508, C:\PROGRAM FILES\联想（LENOVO）\LENOVODINGOL\DINGOLVLR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 560, C:\PROGRAM FILES\COMMON FILES\LENOVO\DIGITALSUIT\COMMONDLL\MYDEVICE.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 712, C:\PROGRAM FILES\LENOVO\DVDBURNING\DMXLAUNCHER.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1032, C:\PROGRAM FILES\LENOVO\联想智能控制中心\SCC\LENOVOSMARTCONTROLCENTER.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 4080, C:\PROGRAM FILES\LENOVO\DINOKS\DINGOLOKS.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3044, D:\FIREFOX_1.5.0.12RC2CHS\FIREFOX_1.5.0.12RC2CHS\MOZILLA FIREFOX\FIREFOX.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================

以上就是我所有的日志，麻烦帮我看一下！！谢谢谢谢！！！

ＳＲＥ２．５就是不同啊．．！！！呵

http://forum.ikaka.com/topic.asp?board=28&artid=8322881
看这贴子，有专杀．！

关键是你现在毒在内存的
兄弟！
你可能忘了给 内存杀毒
一般你重新装 就是 杀不了 内存的毒

试试吧，在专杀杀完以后：
这里下载冰刃（1.2版本）：http://forum.ikaka.com/topic.asp?board=67&artid=8283060
也一样下载到Windows文件夹里。然后改名。
然后断网，关闭一切能关闭的东西，包括防火墙，杀软，网页，QQ，已断网了，所有加入内存的软件，都尽量退出。

尽量进安全模式下，不能进就算了。呵呵1！！

用扫日志的SRENG工具删除下面注册表项。

启动项目
注册表
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<System><C:\Program Files\Common Files\system\Updaterun.exe> []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{5A20C4A5-C4A5-A200-A5A2-4A5204A5A200}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\C4A5A200.dll> []
————————————————————————————————————
用扫日志的SRENG工具将下面的各项启动类型改为“Disabled”

服务
[Windows aqqp RunThem / aqqp][Running/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\PROGRA~1\vllk\fvvu.dll>< >

[Intranet Messenger / DATEING][Running/Auto Start]
<C:\WINDOWS\SYSTEM32\RUNDLLFOROUR.EXE C:\WINDOWS\SYSTEM32\WBEM\SYUWQ.DLL,DllRegisterServer 1087><Microsoft Corporation>

[Windows Gateway / License][Running/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\vqoaa.dll><Microsoft Corporation>

[Fax 2Client / ms_2fax][Running/Auto Start]
<C:\WINDOWS\system32\bc991.exe><N/A>

[Windows Live Setup Service / WLSetupSvc][Stopped/Manual Start]
<"C:\Program Files\Windows Live\installer\WLSetupSvc.exe"><>

驱动程序
[acpidisk / acpidisk][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\acpidisk.sys><N/A>

[msqmx / msqmx][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\msqmx.sys><N/A>

[Virtual Drive / VirtualDrive][Stopped/Manual Start]
<\??\C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.797\Virtual Drive Manager1.2.3\vdd-x86.sys><N/A>
——————————————————————————————————————————————————————————
用扫日志的SRENG工具删除下面

浏览器加载项
[CAdLogic Object]
{11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\CPUSH\cpush0.dll, >
[Info cache]
{385AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll, 金泰丰(广州)科技有限公司>
[ff Class]
{FAAAC0F6-94BE-4466-934B-7C53666A2F41} <C:\WINDOWS\system32\ebc1.dll, TODO: <公司名>>
[CAdLogic Object]
{11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\CPUSH\cpush0.dll, >
[Info cache]
{385AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll, 金泰丰(广州)科技有限公司>
[ff Class]
{FAAAC0F6-94BE-4466-934B-7C53666A2F41} <C:\WINDOWS\system32\ebc1.dll, TODO: <公司名>>
[&访问通用网址]
<C:\Program Files\OCINS\cnrbtn.html, N/A>

HOSTS 文件
127.0.0.1 localhost
127.0.0.1 www.jack.coyo.eu
127.0.0.1 www.51zc.com
127.0.0.1 www.caiyi8.com
127.0.0.1 vod.caiyi8.com
——————————————————————————————————————————————————
冰刃改名运行，强制删除下面文件，（或者去这里下载xdelbox到Windows文件夹里，删除下面文件。http://www.i170.com/Attach/51FD704F-C0BD-41E7-B0E9-60673A888FD6 下载)
（删不了的改名，重启删）
C:\WINDOWS\system32\winlib .dll
[c:\windows\system32\vqoaa.dll
[c:\progra~1\vllk\fvvu.dll
c:\progra~1\vllk\iyyx.dll
c:\progra~1\vllk\nddc.dll
c:\progra~1\vllk\kaaz.dll
c:\progra~1\vllk\brrq.dll
C:\WINDOWS\SYSTEM32\RUNDLLFOROUR.EXE
C:\WINDOWS\SYSTEM32\WBEM\SYUWQ.DLL
C:\WINDOWS\system32\bc991.exe
C:\Program Files\Common Files\Microsoft Shared\MSINFO\C4A5A200.dll
C:\WINDOWS\system32\8e1.dll

包括各盘根目录下的文件：

Autorun.inf
C4A5A200.exe
————————————————————————————————————————————————————————————
重启电脑，去这里（http://forum.ikaka.com/topic.asp?board=67&artid=8283060）下载autoruns到Windows文件夹里，改名运行。
删除映像劫持里除了图中所示的，其他都删除。
——————————————————————————————————————————————————
重启电脑，不行，就再扫日志。
没异常，就安装并升级杀软至最新版本，全盘杀毒。


附件: 839077200778134936.jpg

我中的和你 的一样,被我给干了