启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <ctfmon.exe><D:\WINDOWS\system32\ctfmon.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <load><>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <IMJPMIG8.1><"D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <PHIME2002ASync><D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <PHIME2002A><D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <NvCplDaemon><RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <nwiz><nwiz.exe /install>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <NvMediaCenter><RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <NVIDIA nTune><"D:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <SoundMan><SOUNDMAN.EXE>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <CaAvTray><"E:\TOOL\eTrust EZ Antivirus\CAVTray.exe">
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <CAVRID><"E:\TOOL\eTrust EZ Antivirus\CAVRID.exe">
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <Logitech Utility><Logi_MwX.Exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <SKYNET Personal FireWall><E:\TOOL\SKYNET\FIREWALL\pfw.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <TkBellExe><"D:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <YLive.exe><D:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <StormCodec_Helper><"F:\电视剧\宫特辑版\影音风暴\Storm Codec\StormSet.exe" /S /opti>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <bgoomain.exe><D:\PROGRA~1\baigoo\bgoomain.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <CdnCtr><D:\Program Files\CNNIC\Cdn\cdnup.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <IMSCMig><; D:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <qcsszjcz><; c:\chenhu2\chenqxms.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <Super Rabbit SRRestore><; E:\TOOL\MagicSet\srrest.exe /autosave>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <ToP><D:\WINDOWS\LSASS.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <TProgram><D:\WINDOWS\SMSS.EXE>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <shell><Explorer.exe 1>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <Userinit><D:\WINDOWS\system32\userinit.exe,>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <AppInit_DLLs><>

正在运行的进程
[PID: 648][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 712][\??\D:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 840][\??\D:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [D:\WINDOWS\system32\NavLogon.dll]  <N/A><N/A>
[PID: 884][D:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 896][D:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1076][D:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1120][D:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [D:\WINDOWS\system32\VetRedir.dll]  <Computer Associates International, Inc.><Version 11.0.1.4>
    [D:\WINDOWS\system32\ISafeIf.dll]  <Computer Associates International, Inc.><Version 11.0.1.4>
    [D:\WINDOWS\system32\cdnns.dll]  <CNNIC><2, 0, 0, 0>
[PID: 1208][D:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [D:\WINDOWS\system32\VetRedir.dll]  <Computer Associates International, Inc.><Version 11.0.1.4>
    [D:\WINDOWS\system32\ISafeIf.dll]  <Computer Associates International, Inc.><Version 11.0.1.4>
    [D:\WINDOWS\system32\cdnns.dll]  <CNNIC><2, 0, 0, 0>
[PID: 1300][D:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1408][D:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [D:\WINDOWS\system32\VetRedir.dll]  <Computer Associates International, Inc.><Version 11.0.1.4>
    [D:\WINDOWS\system32\ISafeIf.dll]  <Computer Associates International, Inc.><Version 11.0.1.4>
[PID: 1660][D:\WINDOWS\Explorer.exe]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [D:\PROGRA~1\baigoo\bgoohk.dll]  < ><1, 0, 0, 1005>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 0, 1013>
    [D:\Program Files\CNNIC\Cdn\cdndet.dll]  <><2, 0, 0, 6>
    [D:\Program Files\CNNIC\Cdn\cdnspie.dll]  <><2, 0, 0, 3>
    [D:\Program Files\CNNIC\Cdn\imaoe.dll]  <cnnic><2, 0, 0, 1>
    [D:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll]  <Logitech Inc.><1.1.0>
    [D:\Program Files\Logitech\MouseWare\System\LgWndHk.dll]  <Logitech Inc.><9.80.019>
    [D:\WINDOWS\system32\nvcpl.dll]  <NVIDIA Corporation><6.14.10.8194>
    [D:\WINDOWS\system32\NVRSZHC.DLL]  <NVIDIA Corporation><6.14.10.8194>
    [D:\WINDOWS\system32\nvshell.dll]  <N/A><N/A>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\YAlive.dll]  <><2, 0, 3, 1028>
    [D:\WINDOWS\system32\xunleibho_v14.dll]  <Thunder Networking Technologies,LTD><4, 6, 0, 62>
    [E:\TOOL\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll]  <Adobe Systems Incorporated><6.0.1.2003110300>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll]  <Yahoo!><2, 0, 1, 1015>
    [D:\PROGRA~1\baidu\bar\baidubar.dll]  <Baidu.com, Inc.><2, 0, 2, 78>
    [D:\Program Files\baigoo\BGooBHO.dll]  <><1, 0, 0, 1>
    [e:\tool\test\Thunder\ComDlls\XunLeiBHO_001.dll]  <Thunder Networking Technologies,LTD><5, 0, 0, 1>
[PID: 1708][D:\WINDOWS\system32\spoolsv.exe]  <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
    [D:\WINDOWS\system32\cdnns.dll]  <CNNIC><2, 0, 0, 0>
[PID: 208][D:\WINDOWS\SMSS.EXE]  <UFO2><0.00.0070>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 0, 1013>
    [D:\PROGRA~1\baigoo\bgoohk.dll]  < ><1, 0, 0, 1005>
    [D:\Program Files\CNNIC\Cdn\imaoe.dll]  <cnnic><2, 0, 0, 1>
    [D:\Program Files\CNNIC\Cdn\cdnspie.dll]  <><2, 0, 0, 3>
    [D:\Program Files\CNNIC\Cdn\cdndet.dll]  <><2, 0, 0, 6>
    [D:\Program Files\Logitech\MouseWare\System\LgWndHk.dll]  <Logitech Inc.><9.80.019>
    [D:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll]  <Logitech Inc.><1.1.0>
[PID: 256][D:\WINDOWS\LSASS.exe]  <KJFlw><0.00.0070>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 0, 1013>
    [D:\PROGRA~1\baigoo\bgoohk.dll]  < ><1, 0, 0, 1005>
    [D:\Program Files\CNNIC\Cdn\cdndet.dll]  <><2, 0, 0, 6>
    [D:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll]  <Logitech Inc.><1.1.0>
[PID: 268][D:\WINDOWS\SOUNDMAN.EXE]  <Realtek Semiconductor Corp.><5, 1, 0, 50>
    [D:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll]  <Logitech Inc.><1.1.0>
    [D:\Program Files\CNNIC\Cdn\cdndet.dll]  <><2, 0, 0, 6>
[PID: 292][E:\TOOL\eTrust EZ Antivirus\CAVTray.exe]  <Computer Associates International, Inc.><Version 11.0.1.4>
    [E:\TOOL\eTrust EZ Antivirus\CAVScan.dll]  <Computer Associates International, Inc.><Version 11.0.1.4>
    [E:\TOOL\eTrust EZ Antivirus\DriverIf.dll]  <Computer Associates International, Inc.><Version 11.0.1.4>
    [E:\TOOL\eTrust EZ Antivirus\CAVFrm.dll]  <Computer Associates International, Inc.><Version 11.0.1.4>
    [D:\WINDOWS\system32\ISafeIf.dll]  <Computer Associates International, Inc.><Version 11.0.1.4>
    [D:\WINDOWS\system32\iSafProd.dll]  <Computer Associates International, Inc.><Version 11.0.1.4>
    [E:\TOOL\eTrust EZ Antivirus\EZAVLic.dll]  <Computer Associates International, Inc.><Version 11.0.1.4>
    [E:\TOOL\eTrust EZ Antivirus\CAVProd.dll]  <Computer Associates International, Inc.><Version 11.0.1.4>
    [E:\TOOL\eTrust EZ Antivirus\CAVres.dll]  <Computer Associates International, Inc.><Version 11.0.1.4>
    [D:\WINDOWS\system32\VetRedir.dll]  <Computer Associates International, Inc.><Version 11.0.1.4>
    [D:\PROGRA~1\baigoo\bgoohk.dll]  < ><1, 0, 0, 1005>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 0, 1013>
    [D:\Program Files\Logitech\MouseWare\System\LgWndHk.dll]  <Logitech Inc.><9.80.019>
    [D:\Program Files\CNNIC\Cdn\cdnspie.dll]  <><2, 0, 0, 3>
    [D:\Program Files\CNNIC\Cdn\imaoe.dll]  <cnnic><2, 0, 0, 1>
    [D:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll]  <Logitech Inc.><1.1.0>
    [D:\Program Files\CNNIC\Cdn\cdndet.dll]  <><2, 0, 0, 6>
[PID: 320][E:\TOOL\eTrust EZ Antivirus\CAVRID.exe]  <Computer Associates International, Inc.><Version 11.0.1.4>
    [E:\TOOL\eTrust EZ Antivirus\CAVFrm.dll]  <Computer Associates International, Inc.><Version 11.0.1.4>
    [E:\TOOL\eTrust EZ Antivirus\CAVProd.dll]  <Computer Associates International, Inc.><Version 11.0.1.4>
    [E:\TOOL\eTrust EZ Antivirus\CAVres.dll]  <Computer Associates International, Inc.><Version 11.0.1.4>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 0, 1013>
    [D:\PROGRA~1\baigoo\bgoohk.dll]  < ><1, 0, 0, 1005>
    [D:\Program Files\CNNIC\Cdn\cdndet.dll]  <><2, 0, 0, 6>
    [D:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll]  <Logitech Inc.><1.1.0>
[PID: 452][E:\TOOL\SKYNET\FIREWALL\pfw.exe]  <广州众达天网技术有限公司><2.7.6.1005>
    [E:\TOOL\SKYNET\FIREWALL\SKYMISC.DLL]  <N/A><N/A>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 0, 1013>
    [D:\PROGRA~1\baigoo\bgoohk.dll]  < ><1, 0, 0, 1005>
    [D:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll]  <Logitech Inc.><1.1.0>
    [D:\Program Files\CNNIC\Cdn\cdndet.dll]  <><2, 0, 0, 6>
    [D:\Program Files\Logitech\MouseWare\System\LgWndHk.dll]  <Logitech Inc.><9.80.019>
    [D:\Program Files\CNNIC\Cdn\cdnspie.dll]  <><2, 0, 0, 3>
    [D:\Program Files\CNNIC\Cdn\imaoe.dll]  <cnnic><2, 0, 0, 1>

[PID: 464][D:\Program Files\Common Files\Real\Update_OB\realsched.exe]  <RealNetworks, Inc.><0.1.0.3510>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 0, 1013>
    [D:\PROGRA~1\baigoo\bgoohk.dll]  < ><1, 0, 0, 1005>
    [D:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll]  <Logitech Inc.><1.1.0>
    [D:\Program Files\CNNIC\Cdn\cdndet.dll]  <><2, 0, 0, 6>
[PID: 524][D:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe]  < ><2, 0, 0, 1001>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 0, 1013>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\YAlive.dll]  <><2, 0, 3, 1028>
    [D:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll]  <Logitech Inc.><1.1.0>
    [D:\Program Files\CNNIC\Cdn\cdndet.dll]  <><2, 0, 0, 6>
    [D:\Program Files\Logitech\MouseWare\System\LgWndHk.dll]  <Logitech Inc.><9.80.019>
    [D:\Program Files\CNNIC\Cdn\cdnspie.dll]  <><2, 0, 0, 3>
    [D:\Program Files\CNNIC\Cdn\imaoe.dll]  <cnnic><2, 0, 0, 1>
    [D:\PROGRA~1\baigoo\bgoohk.dll]  < ><1, 0, 0, 1005>
    [D:\WINDOWS\system32\cdnns.dll]  <CNNIC><2, 0, 0, 0>
    [D:\WINDOWS\system32\VetRedir.dll]  <Computer Associates International, Inc.><Version 11.0.1.4>
    [D:\WINDOWS\system32\ISafeIf.dll]  <Computer Associates International, Inc.><Version 11.0.1.4>
[PID: 536][E:\TOOL\eTrust EZ Antivirus\ISafe.exe]  <Computer Associates International, Inc.><Version 11.0.1.4>
    [D:\WINDOWS\system32\iSafProd.dll]  <Computer Associates International, Inc.><Version 11.0.1.4>
    [E:\TOOL\eTrust EZ Antivirus\Arclib.dll]  <Computer Associates International, Inc.><7.2.1.4>
    [D:\WINDOWS\system32\ISafeIf.dll]  <Computer Associates International, Inc.><Version 11.0.1.4>
    [D:\WINDOWS\system32\VetRedir.dll]  <Computer Associates International, Inc.><Version 11.0.1.4>
    [E:\TOOL\eTrust EZ Antivirus\ISafeEngine.dll]  <Computer Associates International, Inc.><Version 12.4.1.0>
[PID: 584][D:\PROGRA~1\baigoo\bgoomain.exe]  <BGoo><1, 0, 0, 1005>
    [D:\PROGRA~1\baigoo\bgoohk.dll]  < ><1, 0, 0, 1005>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 0, 1013>
    [D:\PROGRA~1\baigoo\bgooex.dll]  <><1, 0, 0, 1006>
    [D:\Program Files\CNNIC\Cdn\cdnspie.dll]  <><2, 0, 0, 3>
    [D:\Program Files\CNNIC\Cdn\imaoe.dll]  <cnnic><2, 0, 0, 1>
    [D:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll]  <Logitech Inc.><1.1.0>
    [D:\Program Files\CNNIC\Cdn\cdndet.dll]  <><2, 0, 0, 6>
    [D:\WINDOWS\system32\cdnns.dll]  <CNNIC><2, 0, 0, 0>
    [D:\WINDOWS\system32\VetRedir.dll]  <Computer Associates International, Inc.><Version 11.0.1.4>
    [D:\WINDOWS\system32\ISafeIf.dll]  <Computer Associates International, Inc.><Version 11.0.1.4>
    [D:\Program Files\Logitech\MouseWare\System\LgWndHk.dll]  <Logitech Inc.><9.80.019>
[PID: 612][D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE]  <Microsoft Corporation><7.00.9466>
[PID: 720][D:\Program Files\CNNIC\Cdn\cdnup.exe]  <><2, 1, 0, 5>
    [D:\PROGRA~1\baigoo\bgoohk.dll]  < ><1, 0, 0, 1005>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 0, 1013>
    [D:\Program Files\CNNIC\Cdn\cdnglo.dll]  <><2, 0, 0, 6>
    [D:\Program Files\CNNIC\Cdn\cdndet.dll]  <><2, 0, 0, 6>
    [D:\Program Files\CNNIC\Cdn\imaoe.dll]  <cnnic><2, 0, 0, 1>
    [D:\Program Files\CNNIC\Cdn\cdnspie.dll]  <><2, 0, 0, 3>
    [D:\Program Files\CNNIC\Cdn\cdntdns.dll]  <CNNIC><2, 0, 0, 1>
    [D:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll]  <Logitech Inc.><1.1.0>
    [D:\Program Files\Logitech\MouseWare\System\LgWndHk.dll]  <Logitech Inc.><9.80.019>
[PID: 1156][D:\Program Files\Logitech\MouseWare\system\em_exec.exe]  <Logitech Inc.><9.80.019>
    [D:\Program Files\Logitech\MouseWare\system\EVENTEX.dll]  <Logitech Inc.><9.80.019>
    [D:\WINDOWS\system32\COMNCTR.dll]  <Logitech Inc.><9.80.019>
    [D:\Program Files\CNNIC\Cdn\cdnspie.dll]  <><2, 0, 0, 3>
    [D:\Program Files\CNNIC\Cdn\imaoe.dll]  <cnnic><2, 0, 0, 1>
    [D:\PROGRA~1\baigoo\bgoohk.dll]  < ><1, 0, 0, 1005>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 0, 1013>
    [D:\Program Files\Logitech\MouseWare\system\ccresrce.dll]  <Logitech Inc.><9.80.019>
    [D:\Program Files\Logitech\MouseWare\system\GlbResLt.dll]  <Logitech Inc.><9.80.019>
    [D:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll]  <Logitech Inc.><1.1.0>
    [D:\Program Files\Logitech\MouseWare\System\devices.dll]  <Logitech Inc.><9.80.019>
    [D:\Program Files\Logitech\MouseWare\system\ccstmglb.dll]  <Logitech Inc.><9.80.019>
    [D:\Program Files\Logitech\MouseWare\system\ccustom.dll]  <Logitech Inc.><9.80.019>
    [D:\Program Files\Logitech\MouseWare\system\ccmsghk.dll]  <Logitech Inc.><9.80.019>
    [D:\Program Files\Logitech\MouseWare\System\LgWndHk.dll]  <Logitech Inc.><9.80.019>
    [D:\Program Files\CNNIC\Cdn\cdndet.dll]  <><2, 0, 0, 6>
[PID: 1168][D:\WINDOWS\system32\ctfmon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [D:\Program Files\CNNIC\Cdn\cdnspie.dll]  <><2, 0, 0, 3>
    [D:\Program Files\CNNIC\Cdn\imaoe.dll]  <cnnic><2, 0, 0, 1>
    [D:\PROGRA~1\baigoo\bgoohk.dll]  < ><1, 0, 0, 1005>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 0, 1013>
    [D:\Program Files\Logitech\MouseWare\System\LgWndHk.dll]  <Logitech Inc.><9.80.019>
    [D:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll]  <Logitech Inc.><1.1.0>
    [D:\Program Files\CNNIC\Cdn\cdndet.dll]  <><2, 0, 0, 6>
[PID: 1276][D:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [d:\program files\gaov\mysee2\runtime.dll]  <北京高维视讯科技有限公司><1, 0, 0, 3>
    [D:\WINDOWS\system32\MycAce551vc71.dll]  <N/A><5.5.1>
    [D:\WINDOWS\system32\VetRedir.dll]  <Computer Associates International, Inc.><Version 11.0.1.4>
    [D:\WINDOWS\system32\ISafeIf.dll]  <Computer Associates International, Inc.><Version 11.0.1.4>
    [D:\WINDOWS\system32\cdnns.dll]  <CNNIC><2, 0, 0, 0>
[PID: 1528][D:\WINDOWS\system32\nvsvc32.exe]  <NVIDIA Corporation><6.14.10.8194>
[PID: 1636][E:\TOOL\eTrust EZ Antivirus\VetMsg.exe]  <Computer Associates International, Inc.><Version 11.0.1.4>
    [E:\TOOL\eTrust EZ Antivirus\DriverIf.dll]  <Computer Associates International, Inc.><Version 11.0.1.4>
    [E:\TOOL\eTrust EZ Antivirus\VetNtMsg.dll]  <N/A><N/A>
    [D:\WINDOWS\system32\ISafeIf.dll]  <Computer Associates International, Inc.><Version 11.0.1.4>
    [D:\WINDOWS\system32\VetRedir.dll]  <Computer Associates International, Inc.><Version 11.0.1.4>
    [D:\WINDOWS\system32\iSafProd.dll]  <Computer Associates International, Inc.><Version 11.0.1.4>

[PID: 2120][D:\WINDOWS\System32\alg.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [D:\WINDOWS\system32\VetRedir.dll]  <Computer Associates International, Inc.><Version 11.0.1.4>
    [D:\WINDOWS\system32\ISafeIf.dll]  <Computer Associates International, Inc.><Version 11.0.1.4>
[PID: 2692][D:\Program Files\Internet Explorer\IEXPLORE.EXE]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [D:\Program Files\Logitech\MouseWare\System\LgWndHk.dll]  <Logitech Inc.><9.80.019>
    [D:\Program Files\CNNIC\Cdn\cdnspie.dll]  <><2, 0, 0, 3>
    [D:\Program Files\CNNIC\Cdn\imaoe.dll]  <cnnic><2, 0, 0, 1>
    [D:\PROGRA~1\baigoo\bgoohk.dll]  < ><1, 0, 0, 1005>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 0, 1013>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\YAlive.dll]  <><2, 0, 3, 1028>
    [D:\WINDOWS\system32\xunleibho_v14.dll]  <Thunder Networking Technologies,LTD><4, 6, 0, 62>
    [E:\TOOL\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll]  <Adobe Systems Incorporated><6.0.1.2003110300>
    [D:\PROGRA~1\CNNIC\Cdn\cdniehlp.dll]  <><2, 0, 0, 6>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll]  <Yahoo!><2, 0, 1, 1015>
    [D:\PROGRA~1\baidu\bar\baidubar.dll]  <Baidu.com, Inc.><2, 0, 2, 78>
    [D:\Program Files\baigoo\BGooBHO.dll]  <><1, 0, 0, 1>
    [e:\tool\test\Thunder\ComDlls\XunLeiBHO_001.dll]  <Thunder Networking Technologies,LTD><5, 0, 0, 1>
    [d:\program files\google\googletoolbar2.dll]  <Google Inc.><3, 0, 131, 0>
    [D:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll]  <Logitech Inc.><1.1.0>
    [D:\Program Files\CNNIC\Cdn\cdndet.dll]  <><2, 0, 0, 6>
    [D:\PROGRA~1\baigoo\bgook.dll]  <BAIGOO.COM><1, 0, 0, 1005>
    [D:\PROGRA~1\baigoo\plugin\bgoobar\bgoobar.dll]  <BAIGOO><1, 0, 0, 1006>
    [D:\WINDOWS\system32\cdnns.dll]  <CNNIC><2, 0, 0, 0>
    [D:\WINDOWS\system32\VetRedir.dll]  <Computer Associates International, Inc.><Version 11.0.1.4>
    [D:\WINDOWS\system32\ISafeIf.dll]  <Computer Associates International, Inc.><Version 11.0.1.4>
    [D:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx]  <Macromedia, Inc.><8,0,24,0>
    [D:\WINDOWS\system32\CHENHU4.IME]  <chenhu><5.7>
[PID: 2700][D:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 3436][D:\WINDOWS\system32\wuauclt.exe]  <Microsoft Corporation><5.8.0.2469 built by: lab01_n(wmbla)>
[PID: 3512][D:\WINDOWS\system32\wbem\wmiprvse.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1564][G:\shadu\sreng2\SREng.exe]  <Smallfrogs Studio><2.0.12.350>
    [D:\Program Files\Logitech\MouseWare\System\LgWndHk.dll]  <Logitech Inc.><9.80.019>
    [D:\Program Files\CNNIC\Cdn\cdnspie.dll]  <><2, 0, 0, 3>
    [D:\Program Files\CNNIC\Cdn\imaoe.dll]  <cnnic><2, 0, 0, 1>
    [D:\PROGRA~1\baigoo\bgoohk.dll]  < ><1, 0, 0, 1005>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 0, 1013>
    [D:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll]  <Logitech Inc.><1.1.0>
    [D:\Program Files\CNNIC\Cdn\cdndet.dll]  <><2, 0, 0, 6>
    [D:\WINDOWS\system32\cdnns.dll]  <CNNIC><2, 0, 0, 0>
    [D:\WINDOWS\system32\VetRedir.dll]  <Computer Associates International, Inc.><Version 11.0.1.4>
    [D:\WINDOWS\system32\ISafeIf.dll]  <Computer Associates International, Inc.><Version 11.0.1.4>

http://forum.ikaka.com/topic.asp?board=28&artid=6979213
一楼附件...下载HijackThis...把日志帖上来..

参考http://forum.ikaka.com/topic.asp?board=28&artid=8046765

[PID: 208][D:\WINDOWS\SMSS.EXE] <UFO2><0.00.0070>
[PID: 256][D:\WINDOWS\LSASS.exe] <KJFlw><0.00.0070>
这两项很象

HijackThis@Qoo的扫描日志  V1.97.7
Scan saved at 19:13:01, on 2006-6-5
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\SMSS.EXE
D:\WINDOWS\LSASS.exe
D:\WINDOWS\SOUNDMAN.EXE
E:\TOOL\eTrust EZ Antivirus\CAVTray.exe
E:\TOOL\eTrust EZ Antivirus\CAVRID.exe
E:\TOOL\SKYNET\FIREWALL\pfw.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
E:\TOOL\eTrust EZ Antivirus\ISafe.exe
D:\PROGRA~1\baigoo\bgoomain.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Program Files\CNNIC\Cdn\cdnup.exe
D:\Program Files\Logitech\MouseWare\system\em_exec.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\nvsvc32.exe
E:\TOOL\eTrust EZ Antivirus\VetMsg.exe
D:\WINDOWS\System32\alg.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\WINDOWS\System32\svchost.exe
F:\淘宝网\淘宝旺旺\WangWang.exe
F:\淘宝网\淘宝旺旺\WangWang.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\电视剧\新建文件夹\HijackThis.exe

R3 - URLSearchHook:
O1 - Hosts: 255.0.0.1 go.bcz888.com
O1 - Hosts: 255.0.0.1 b1.hxwg.cn
O1 - Hosts: 255.0.0.1 www.yocksky.com
O1 - Hosts: 255.0.0.1 www.6657.com
O1 - Hosts: 255.0.0.1 www.waigua8.com
O1 - Hosts: 255.0.0.1 www.72z.net
O1 - Hosts: 255.0.0.1 www.fxin2008.com
O1 - Hosts: 255.0.0.1 bbs.72z.net
O1 - Hosts: 255.0.0.1 waigua8.com
O1 - Hosts: 255.0.0.1 fxin2008.com
O1 - Hosts: 255.0.0.1 chinawg.net
O1 - Hosts: 255.0.0.1 yocksky.com
O1 - Hosts: 255.0.0.1 www.17wpk.com
O1 - Hosts: 255.0.0.1 17wpk.com
O1 - Hosts: 255.0.0.1 www.zhaosf.com
O1 - Hosts: 255.0.0.1 www.hahawg.com
O1 - Hosts: 255.0.0.1 hahawg.com
O1 - Hosts: 255.0.0.1 www.gameswg.com
O1 - Hosts: 255.0.0.1 gameswg.com
O1 - Hosts: 255.0.0.1 www.zhaosf.com
O1 - Hosts: 255.0.0.1 www.chuanqi.com
O1 - Hosts: 255.0.0.1 www.wg999.com
O1 - Hosts: 255.0.0.1 wg999.com
O1 - Hosts: 255.0.0.1 www.512game.com
O1 - Hosts: 255.0.0.1 game.yule.com.cn
O1 - Hosts: 255.0.0.1 www.9432.com
O1 - Hosts: 255.0.0.1 www.cnsmallgame.com
O1 - Hosts: 255.0.0.1 www.wgwang.com
O1 - Hosts: 255.0.0.1 www.mirx.net
O1 - Hosts: 255.0.0.1 www.babeijiu.com
O1 - Hosts: 255.0.0.1 www.wg222.com
O1 - Hosts: 255.0.0.1 www.heiyun.net
O1 - Hosts: 255.0.0.1 www.mir2down.com
O1 - Hosts: 255.0.0.1 www.heiyun.net
O1 - Hosts: 255.0.0.1 www.ayxz.com
O1 - Hosts: 255.0.0.1 www.wgx8.com
O1 - Hosts: 255.0.0.1 3000ok.com
O1 - Hosts: 255.0.0.1 www.3000ok.com
O1 - Hosts: 255.0.0.1 www.xp13.com
O1 - Hosts: 255.0.0.1 www.57sf.com
O1 - Hosts: 255.0.0.1 www.xp13.net
O2 - BHO: ThunderIEHelper - {0005A87D-D626-4B3A-84F9-1D9571695F55} - D:\WINDOWS\system32\xunleibho_v14.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\TOOL\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {35980F6E-A137-4E50-953D-813BB8556899} - D:\PROGRA~1\CNNIC\Cdn\cdniehlp.dll
O2 - BHO:
O2 - BHO: (no name) - {77FEF28E-EB96-44FF-B511-3185DEA48697} - D:\PROGRA~1\baidu\bar\baidubar.dll
O2 - BHO: bg - {7BDAF75A-0D6F-4F50-AFE9-333D08DF4005} - D:\Program Files\baigoo\BGooBHO.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - e:\tool\test\Thunder\ComDlls\XunLeiBHO_001.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
O3 - Toolbar: ????? - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - D:\PROGRA~1\baidu\bar\baidubar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O3 - Toolbar: ????? - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVIDIA nTune] "D:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CaAvTray] "E:\TOOL\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "E:\TOOL\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SKYNET Personal FireWall] E:\TOOL\SKYNET\FIREWALL\pfw.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [YLive.exe] D:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [StormCodec_Helper] "F:\
O4 - HKLM\..\Run: [bgoomain.exe] D:\PROGRA~1\baigoo\bgoomain.exe
O4 - HKLM\..\Run: [CdnCtr] D:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - HKLM\..\Run: [IMSCMig] ; D:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [qcsszjcz] ; c:\chenhu2\chenqxms.exe
O4 - HKLM\..\Run: [Super Rabbit SRRestore] ; E:\TOOL\MagicSet\srrest.exe /autosave
O4 - HKLM\..\Run: [ToP] D:\WINDOWS\LSASS.exe
O4 - HKLM\..\Run: [TProgram] D:\WINDOWS\SMSS.EXE
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - Startup: NTUSER.DAT
O4 - Startup: ntuser.dat.LOG
O4 - Startup: ntuser.ini
O4 - Global Startup: ntuser.dat
O4 - Global Startup: ntuser.dat.LOG
O8 - Extra context menu item: !搜一搜 - res://D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/246
O8 - Extra context menu item: &使用迅雷下载 - e:\tool\test\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - e:\tool\test\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: Google 搜索(&G) - res://d:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: 上传到QQ网络硬盘 - E:\TOOL\qq\AddToNetDisk.htm
O8 - Extra context menu item: 反向链接 - res://d:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://E:\TOOL\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - E:\TOOL\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\TOOL\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\TOOL\qq\SendMMS.htm
O8 - Extra context menu item: 百度--MP3搜索 - RES://D:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUMP3.HTM
O8 - Extra context menu item: 百度--图片搜索 - RES://D:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUIMG.HTM
O8 - Extra context menu item: 百度--新闻搜索 - RES://D:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUNEWS.HTM
O8 - Extra context menu item: 百度--歌词搜索 - RES://D:\PROGRA~1\baidu\bar\baidubar.dll/BAIDULYRIC.HTM
O8 - Extra context menu item: 百度--网页搜索 - RES://D:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUSEARCH.HTM
O8 - Extra context menu item: 百度--词典搜索 - RES://D:\PROGRA~1\baidu\bar\baidubar.dll/BAIDU_DIC.HTM
O8 - Extra context menu item: 百度--贴吧搜索 - RES://D:\PROGRA~1\baidu\bar\baidubar.dll/BAIDUPOST.HTM
O8 - Extra context menu item: 类似网页 - res://d:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: 缓存的网页快照 - res://d:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: 翻译英文字词(&T) - res://d:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O10 - Unknown file in Winsock LSP: d:\windows\system32\cdnns.dll
O11 - Options group: [CDNCLIENT] 
O16 - DPF: {2354A44B-3CEB-4829-9940-545B03103538} (PowerPlr Control) - http://kp.wuhan.net.cn/plugin/PowerPlr.ocx
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/1007/aliedit.cab
O16 - DPF: {53AF6E02-F18F-4228-AC13-3E79773FBE50} (CMCBooter Object) - http://download.mysee.com/plugin/booter.cab
O16 - DPF: {9242BB35-0DB0-43AC-8DFC-8EA07E63B92A} (LiveMediaOcx Control) - http://dl_dir.qq.com/qqtv/QQLiveOcxSetup.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B2458C3-3E9D-4880-82E5-8C39D1A5BA59}: NameServer = 202.103.0.68,202.103.24.68
O17 - HKLM\System\CS1\Services\Tcpip\..\{2B2458C3-3E9D-4880-82E5-8C39D1A5BA59}: NameServer = 202.103.0.68,202.103.24.68
O17 - HKLM\System\CS2\Services\Tcpip\..\{2B2458C3-3E9D-4880-82E5-8C39D1A5BA59}: NameServer = 202.103.0.68,202.103.24.68