Logfile of HijackThis v1.99.1
Scan saved at 17:14:13, on 2006-8-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

运行进程:           
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\ibmpmsvc.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Rising\Rav\CCenter.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\S24EvMon.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\SYSTEM32\RUNDLL32.EXE
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\WinMgmt.exe
E:\WINDOWS\system32\iexplorer.exe
E:\WINDOWS\System32\QCONSVC.EXE
E:\WINDOWS\system32\RegSrvc.exe
E:\PROGRA~1\baigoo\bgoomain.exe
E:\PROGRA~1\Yahoo!\Assistant\yassistse.exe
E:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
E:\Program Files\Rising\Rav\RavTask.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\TpKmpSVC.exe
E:\WINDOWS\system32\ctfmon.exe
E:\WINDOWS\System32\alg.exe
E:\WINDOWS\system32\rundll32.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\WinRAR\WinRAR.exe
E:\DOCUME~1\周建颂\LOCALS~1\Temp\Rar$EX02.738\HijackThis v1.99.1 汉化版\HijackThis.exe

R3 - URLSearchHook: YOK Search Class - {88351CEF-BAC0-4A9B-8380-31A173E2926F} - E:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll
F2 - REG:system.ini: UserInit=E:\WINDOWS\system32\userinit.exe,E:\WINDOWS\system32\mouser.exe
O1 - Hosts: .
O1 - Hosts: .
O1 - Hosts: .
O1 - Hosts: .
O1 - Hosts: .
O1 - Hosts: .
O2 - BHO: ThunderIEHelper - {0005A87D-D626-4B3A-84F9-1D9571695F55}? - (没有文件) 
O2 - BHO: Shockwave Flash Object - {14A21378-5BB1-4BC4-95D5-5D3F51527F6F} - E:\WINDOWS\system32\smflash.ocx
O2 - BHO: (no name) - {14A21378-5BB1-4BC4-95D5-5D3F51527F6F}? - (没有文件) 
O2 - BHO: (no name) - {1D49D58D-5C84-4B50-8359-D9809BEB2B32}? - (没有文件) 
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB}? - (没有文件) 
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410}? - (没有文件) 
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - E:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O2 - BHO: (no name) - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108}? - (没有文件) 
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B}? - (没有文件) 
O2 - BHO: YOK超级搜索 - {75FE2B5A-D3A4-4EFA-AC11-ADC9C9459688} - E:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll
O2 - BHO: (no name) - {75FE2B5A-D3A4-4EFA-AC11-ADC9C9459688}? - (没有文件) 
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - E:\Progra~1\Baidu\bar\BaiDuBar.dll
O2 - BHO: (no name) - {77FEF28E-EB96-44FF-B511-3185DEA48697}? - (没有文件) 
O2 - BHO: bg - {7BDAF75A-0D6F-4F50-AFE9-333D08DF4005} - E:\Program Files\baigoo\BGooBHO.dll
O2 - BHO: bg - {7BDAF75A-0D6F-4F50-AFE9-333D08DF4005}? - (没有文件) 
O2 - BHO: NewWeb Controller - {9ACEEE31-1440-471B-AA46-72B061FE7D61}? - (没有文件) 
O2 - BHO: (no name) - {9E1E1371-9D8F-4421-81B9-F8D2E1773A59}? - (没有文件) 
O2 - BHO: XBTP03129 - {B07D1F6B-6B8C-4904-8EE8-5E5A2B4624B3}? - (没有文件) 
O2 - BHO: (no name) - {B8CCDD47-38E4-4CD2-B7FA-3B4B690F74BD}? - (没有文件) 
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4}? - (没有文件) 
O2 - BHO: (no name) - {D424FE4E-CAF9-4fdd-BC5F-E6E6B91D53BF} - (没有文件) 
O2 - BHO: (no name) - {D424FE4E-CAF9-4fdd-BC5F-E6E6B91D53BF}? - (没有文件) 
O2 - BHO: (no name) - {EA4BC1B6-C454-157F-1C8D-8CA71B6E8498}? - (没有文件) 
O2 - BHO: (no name) - {F2E37336-BFDB-409B-8D0E-6F013C438B20}? - (没有文件) 
O2 - BHO: (no name) - {F5824EFB-728A-4726-A5A5-85A68B20EDC3}? - (没有文件) 
O2 - BHO: AssistHelper - {FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8}? - (没有文件) 
O3 - Toolbar: (no name) - {6B2455FD-3669-4555-8DF8-69FD5BC846F8}? - (没有文件) 
O3 - Toolbar: (no name) - {F869BB38-FFEF-4589-B986-610B7AD0ADA2}? - (没有文件) 
O3 - Toolbar: (no name) - {B580CF65-E151-49C3-B73F-70B13FCA8E86}? - (没有文件) 
O3 - Toolbar: (no name) - {406F94F0-504F-4A40-8DFD-58B0666ABEBD}? - (没有文件) 
O3 - Toolbar: (no name) - {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89}? - (没有文件) 
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - E:\WINDOWS\system32\kakatool.dll
O3 - Toolbar: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - E:\Progra~1\Baidu\bar\BaiDuBar.dll
O3 - Toolbar: YOK超级搜索 - {F869BB38-FFEF-4589-B986-610B7AD0ADA2} - E:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll
O4 - HKLM\..\Run: [CdnCtr] E:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - HKLM\..\Run: [RavTask] ; "E:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [YOKAssiant] ; Rundll32.exe E:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll,YOKAssiant
O4 - HKLM\..\Run: [ATIPTA] ; E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [bgoomain.exe] ; E:\PROGRA~1\baigoo\bgoomain.exe
O4 - HKLM\..\Run: [BigDogPath] ; E:\WINDOWS\VM_STI.EXE FAMETECH USB PC CAMERA
O4 - HKLM\..\Run: [BMMLREF] ; E:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] ; rundll32.exe E:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [CnsMHlp.exe] ; E:\WINDOWS\Downloaded Program files\CnsMHlp.exe
O4 - HKLM\..\Run: [EZEJMNAP] ; E:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [helper.dll] ; E:\WINDOWS\system32\rundll32.exe E:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [IESAddr] ; E:\WINDOWS\system32\rundll32.exe E:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [inetsvr] ; E:\Program Files\ieup\inetsvr.exe
O4 - HKLM\..\Run: [KernelFaultCheck] ; %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [PHIME2002A] ; E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PHIME2002ASync] ; E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [popo2004] ; E:\Program Files\Netease\popo2004\Start.exe
O4 - HKLM\..\Run: [QCWLIcon] ; E:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [res] ; rem E:\WINDOWS\system32\res.exe
O4 - HKLM\..\Run: [SoundMAX] ; "E:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SoundMAXPnP] ; E:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [spoolsv] ;
O4 - HKLM\..\Run: [StormCodec_Helper] ; "E:\Program Files\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [SynTPEnh] ; E:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynTPLpr] ; E:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [Thunder] ; "E:\Program Files\Thunder Network\Thunder\ThunderShell.exe" /s
O4 - HKLM\..\Run: [TkBellExe] ; rem "E:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [TPHOTKEY] ; E:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] ; E:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [Update] ; E:\Program Files\Common Files\UPDAT\Update.exe
O4 - HKLM\..\Run: [WinampAgent] ; rem E:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [yassistse] ; rem "E:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - HKLM\..\Run: [YLive.exe] ; rem E:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [娱乐助手] ; E:\PROGRA~1\ylzs\ylzs.exe
O4 - HKLM\..\Run: [娱乐助手升级程序] ; E:\PROGRA~1\COMMON~1\ylzs\upylzs.exe
O4 - HKCU\..\Run: [ctfmon.exe] ; E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] ; "E:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Google Desktop Search] ; "E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [H/PC Connection Agent] ; "E:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Instant Access] ; E:\WINDOWS\system32\procia.exe /run
O4 - HKCU\..\Run: [MSMSGS] ; "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] ; "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [msq] ; E:\WINDOWS\system32\iExplorer.exe

O4 - HKCU\..\Run: [RTEGPRS] ; "C:\Program Files\Common Files\RTE\RTEGPRS.exe" tray
O4 - HKCU\..\Run: [Xplus] ; "E:\Program Files\Xplus\Xplus_Wait.exe" /min
O9 - Extra button: Yahoo 3.5G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97}? - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail (文件故障)
O9 - Extra button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26}? - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=taobao (文件故障)
O9 - Extra button: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - E:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra 'Tools' menuitem: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - E:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra button: (no name) - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108}? - (没有文件) 
O9 - Extra button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338}? - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist (文件故障)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm (文件故障)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - E:\WINDOWS\web\related.htm (文件故障)
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}? - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg (文件故障)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71}? - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (文件故障)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71}? - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (文件故障)
O9 - Extra button: YOK超级搜索 - {F869BB38-FFEF-4589-B986-610B7AD0ADA2}? - http://www.yok.com (文件故障)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5}? - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (文件故障)
O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5}? - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (文件故障)
O9 - Extra button: 访问瑞星网站 - {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E444} - http://www.rising.com.cn/?u=RSTB (文件故障)
O9 - Extra button: 访问卡卡社区 - {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E445} - http://www.ikaka.com/?u=RSTB (文件故障)
O10 - Unknown file in Winsock LSP: e:\windows\system32\cdnns.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\secur.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\secur.dll
O11 - Options group: [CDNCLIENT]  中文上网
O17 - HKLM\System\CCS\Services\Tcpip\..\{A0F47F3C-F291-4180-B98B-71C388C21A28}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{A0F47F3C-F291-4180-B98B-71C388C21A28}: NameServer = 192.168.1.1
O21 - SSODL: DelayRun - {5A6F2F95-3191-433B-8533-EB0B596A7BAC} - E:\WINDOWS\system32\5f7da3d0.dll (文件故障)

R3 - URLSearchHook: YOK Search Class - {88351CEF-BAC0-4A9B-8380-31A173E2926F} - E:\PROGRA~1\YOK.com\SUPERS~1\YOK_SuperSearch.dll
F2 - REG:system.ini: UserInit=E:\WINDOWS\system32\userinit.exe,E:\WINDOWS\system32\mouser.exe
O1 - Hosts: .
O1 - Hosts: .
O1 - Hosts: .
O1 - Hosts: .
O1 - Hosts: .
O1 - Hosts: .
O2 - BHO: ThunderIEHelper - {0005A87D-D626-4B3A-84F9-1D9571695F55}? -
O21 - SSODL: DelayRun - {5A6F2F95-3191-433B-8533-EB0B596A7BAC} - E:\WINDOWS\system32\5f7da3d0.dll (文件故障)
(所有名为没有文件
运行扫描的,在前面的方框里打钩,修复)

O10 - Unknown file in Winsock LSP: e:\windows\system32\cdnns.dll
到的的空间下载:恶意软件清理助手
http://free5.ys168.com/?ufwihgu168

O10 - Unknown file in Winsock LSP: e:\windows\system32\secur.dll
O10 - Unknown file in Winsock LSP: e:\windows\system32\secur.dll
请下载LSPFix.exe和WinsockXPFix

运行LSPFix.exe
删除
wshcon32.dll
附说明一份
LSPFix.exe这个软件主要用来辅助修复HijackThis扫描发现的O10项。
使用时，请关闭所有IE界面和文件夹界面后运行LSPFix，运行后，把要修复的那一个O10项从左边转到右边，点“Finish”即可。（不过这之前，需要在“I know what I`m doing”前面打勾。）
双击我的电脑，工具，文件夹选项，查看，单击选取"显示隐藏文件或文件夹"清除"隐藏受保护的操作系统文件（推荐）"复选框。在提示确定更改时，单击“是”，清除“隐藏已知文件类型的扩展名
删除
e:\windows\system32\secur.dll
修复后重启，如果无法上网，请运行WinsockXPFix，让它修复一下

重启到安全模式下删除
E:\Program Files\CNNIC
E:\WINDOWS\system32\mouser.exe
E:\WINDOWS\system32\5f7da3d0.dll

修复后,重新扫描上来

上面的日志不全
把雅虎助手和中文上网在添加删除里面卸载