Logfile of HijackThis v1.99.1
Scan saved at 10:47:55, on 2007-7-4
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
E:\hijackthis\HijackThis.exe

R3 - URLSearchHook: Tencent SearchHook - {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - C:\Program Files\TENCENT\Adplus\SSAddr.dll
R3 - URLSearchHook: SrchHook Class - {EED92A43-CFCE-4548-BD73-B0A405470ED5} - C:\PROGRA~1\CNNIC\Cdn\iesrch.dll (file missing)
O2 - BHO: LpksatHlpr Class - {00C104F7-0F5C-470C-ABCF-A5B2E70752F1} - C:\WINDOWS\system32\lpkwat.dll
O2 - BHO: internet explorer helper - {02C9B9AB-6372-46C5-B356-773FAF3B6B1E} - C:\WINDOWS\fonts\msshapi.dll (file missing)
O2 - BHO: Tencent Browser Helper - {0C7C23EF-A848-485B-873C-0ED954731014} - C:\Program Files\TENCENT\Adplus\SSAddr.dll
O2 - BHO: (no name) - {36BF6929-DCBC-4CCD-A620-C5E3BBA77B95} - (no file)
O2 - BHO: (no name) - {669751ED-D558-49AE-B01A-3B374CC7910E} - C:\WINDOWS\system32\ssup.dll (file missing)
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - C:\PROGRA~1\KuGoo2\KUGOO3~1.OCX (file missing)
O2 - BHO: CPPIE Class - {C6844939-C324-41E0-84D0-D42F8DA5EBAD} - C:\WINDOWS\system32\hbcmd.dll
O2 - BHO: OAid Class - {DCC24EBC-B348-485D-9B32-CFE4B4163E84} - C:\WINDOWS\system32\danim.ocx
O2 - BHO: (no name) - {EB21FA8C-3CEB-402C-A113-5F173BE954ED} - (no file)
O2 - BHO: ff Class - {FAAAC0F6-94BE-4466-934B-7C53666A2F41} - C:\WINDOWS\system32\82d1.dll (file missing)
O3 - Toolbar: 快车(FlashGet) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\Documents and Settings\Administrator\桌烂面鎈\未词使褂用玫的淖桌烂面婵快旖捷莘方绞式絓\fgiebar.dll (file missing)
O3 - Toolbar: 实用搜索工具条2.0 - {03465FF5-00AE-411a-9C34-960ED566EC03} - C:\Program Files\superutilbar\superutilbar.dll
O3 - Toolbar: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - C:\PROGRA~1\Kingsoft\FastAIT\IEBand.dll
O4 - HKLM\..\Run: [runeip] ; e:\Program Files\Rising\AntiSpyware\runiep.exe
O4 - HKLM\..\Run: [ccApp] ; "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [KuGoo3] ; C:\Program Files\KuGoo2\KuGoo.exe
O4 - HKLM\..\Run: [SoundMan] ; SOUNDMAN.EXE
O4 - HKCU\..\Run: [ctfmon.exe] ; C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Kugoo] ; C:\Program Files\KuGoo2\KuGoo.exe
O8 - Extra context menu item: 上传到QQ网络硬盘 - E:\下载夹\AddToNetDisk.htm
O8 - Extra context menu item: 使用KuGoo3下载(&K) - C:\Program Files\KuGoo2\KuGoo3DownX.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - E:\下载夹\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\下载夹\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\下载夹\SendMMS.htm
O9 - Extra button: 酷热影音 - {7D73FF86-05F1-39ed-C850-A423120EC338} - www.kuree.com/index.htm?id=00011001 (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\下载夹\QQ.EXE (file missing)
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\下载夹\QQ.EXE (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [TBH] 中文搜搜
O17 - HKLM\System\CCS\Services\Tcpip\..\{3056E6A9-F294-4CF7-99FB-475AE0AA093E}: NameServer = 202.96.128.68
O18 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\PROGRA~1\KuGoo2\InExtend\KUGOO3~1.OCX
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: error monitor (EmonSrv) - Unknown owner - C:\WINDOWS\system32\lfrmewrk.exe (file missing)
O23 - Service: ms cic (mscic) - Unknown owner - C:\WINDOWS\system32\CIC~1.EXE
O23 - Service: ms ddraw (msddraw) - Unknown owner - C:\WINDOWS\system32\ddraw.exe
O23 - Service: Fax 2Client (ms_2fax) - Unknown owner - C:\WINDOWS\system32\2d441.exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

[CODE]

2007-07-04,11:26:35

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <Kugoo><; C:\Program Files\KuGoo2\KuGoo.exe>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <runeip><; e:\Program Files\Rising\AntiSpyware\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
    <ccApp><"C:\Program Files\Common Files\Symantec Shared\ccApp.exe">  [(Verified)Symantec Corporation]
    <KuGoo3><; C:\Program Files\KuGoo2\KuGoo.exe>  []
    <MSConfig><; C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto>  [(Verified)Microsoft Windows Publisher]
    <SoundMan><; SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <KKDelay><E:\Program Files\Rising\AntiSpyware\RunOnce.exe>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]

==================================
启动文件夹
N/A

==================================
服务
[MOBILL / BKMARKS][Stopped/Auto Start]
  <C:\WINDOWS\SYSTEM32\RUNDLL2000.EXE C:\WINDOWS\SYSTEM32\WBEM\CGOPW.DLL,Export 1087><Microsoft Corporation>
[Symantec Event Manager / ccEvtMgr][Running/Auto Start]
  <"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"><Symantec Corporation>
[Symantec Password Validation / ccPwdSvc][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"><Symantec Corporation>
[Symantec Settings Manager / ccSetMgr][Running/Auto Start]
  <"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"><Symantec Corporation>
[Symantec AntiVirus Definition Watcher / DefWatch][Running/Auto Start]
  <"C:\Program Files\Symantec AntiVirus\DefWatch.exe"><Symantec Corporation>
[error monitor / EmonSrv][Stopped/Auto Start]
  <C:\WINDOWS\system32\lfrmewrk.exe><N/A>
[Volume Optimization / Hardware][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\ebzfy.dll><Microsoft Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[ms cic / mscic][Stopped/Auto Start]
  <C:\WINDOWS\system32\CIC~1.EXE><N/A>
[ms ddraw / msddraw][Running/Auto Start]
  <C:\WINDOWS\system32\ddraw.exe><N/A>
[Fax 2Client / ms_2fax][Stopped/Auto Start]
  <C:\WINDOWS\system32\2d441.exe><N/A>
[SavRoam / SavRoam][Stopped/Manual Start]
  <"C:\Program Files\Symantec AntiVirus\SavRoam.exe"><symantec>
[Servicel / Servicel][Stopped/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\jetspeed.dll><N/A>
[Symantec Network Drivers Service / SNDSrvc][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"><Symantec Corporation>
[Symantec AntiVirus / Symantec AntiVirus][Running/Auto Start]
  <"C:\Program Files\Symantec AntiVirus\Rtvscan.exe"><Symantec Corporation>

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[autoliv / autolive][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\autolive.sys><N/A>
[bjgbbced / bjgbbced][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\bjgbbced.sys><N/A>
[GMSIPCI / GMSIPCI][Stopped/Manual Start]
  <\??\F:\INSTALL\GMSIPCI.SYS><N/A>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[IdeBusDr / IdeBusDr][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\IdeBusDr.sys><Intel Corporation>
[Intel(R) Ultra ATA Controller / IdeChnDr][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\IdeChnDr.sys><Intel Corporation>
[kcsjpjjg / kcsjpjjg][Running/Boot Start]
  <\SystemRoot\\SystemRoot\System32\drivers\kcsjpjjg.sys><N/A>
[kmsinput / kmsinput][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\kmsinput.sys><N/A>
[NAVENG / NAVENG][Running/Manual Start]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070703.025\naveng.sys><Symantec Corporation>
[NAVEX15 / NAVEX15][Running/Manual Start]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070703.025\navex15.sys><Symantec Corporation>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[npkycryp / npkycryp][Stopped/Manual Start]
  <\??\C:\Program Files\Tencent\QQ\npkycryp.sys><N/A>
[Padus ASPI Shell / pfc][Running/Manual Start]
  <system32\drivers\pfc.sys><Padus, Inc.>
[ProcServ / ProcServ][Stopped/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\ProcServ.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[SAVRT / SAVRT][Running/System Start]
  <\??\C:\Program Files\Symantec AntiVirus\savrt.sys><Symantec Corporation>
[SAVRTPEL / SAVRTPEL][Running/Auto Start]
  <\??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys><Symantec Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[Intel (R) System Management BIOS Service / SMBios][Running/Manual Start]
  <system32\DRIVERS\SMBios.sys><Intel Corporation>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
  <system32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[SymEvent / SymEvent][Running/Manual Start]
  <\??\C:\Program Files\Symantec\SYMEVENT.SYS><Symantec Corporation>
[SYMREDRV / SYMREDRV][Stopped/Manual Start]
  <\SystemRoot\System32\Drivers\SYMREDRV.SYS><Symantec Corporation>
[SYMTDI / SYMTDI][Running/System Start]
  <\SystemRoot\System32\Drivers\SYMTDI.SYS><Symantec Corporation>
[tttiqu4 / tttiqu43][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\tttiqu43.sys><N/A>
[Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Running/System Start]
  <system32\drivers\ialmsbw.sys><Intel Corporation>
[Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Running/Manual Start]
  <system32\drivers\ialmkchw.sys><Intel Corporation>
[front / front][Stopped/]
  <2 - 系统找不到指定的文件。
><N/A>
[roreg / roreg][Stopped/]
  <2 - 系统找不到指定的文件。
><N/A>

==================================
浏览器加载项

[internet explorer helper]
  {02C9B9AB-6372-46C5-B356-773FAF3B6B1E} <C:\WINDOWS\fonts\msshapi.dll, N/A>
[Tencent Browser Helper]
  {0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\Adplus\SSAddr.dll, N/A>
[]
  {669751ED-D558-49AE-B01A-3B374CC7910E} <C:\WINDOWS\system32\ssup.dll, N/A>
[]
  {A9930D97-9CF0-42A0-A10D-4F28836579D5} <C:\PROGRA~1\KuGoo2\KUGOO3~1.OCX, N/A>
[CPPIE Class]
  {C6844939-C324-41E0-84D0-D42F8DA5EBAD} <C:\WINDOWS\system32\hbcmd.dll, TODO: <公司名>>
[OAid Class]
  {DCC24EBC-B348-485D-9B32-CFE4B4163E84} <C:\WINDOWS\system32\danim.ocx, microsoft>
[ff Class]
  {FAAAC0F6-94BE-4466-934B-7C53666A2F41} <C:\WINDOWS\system32\82d1.dll, N/A>
[酷热影音]
  {7D73FF86-05F1-39ed-C850-A423120EC338} <www.kuree.com/index.htm?id=00011001, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <E:\下载夹\QQ.EXE, TENCENT>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[快车(FlashGet)]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <E:\Documents and Settings\Administrator\桌烂面鎈\未词使褂用玫的淖桌烂面婵快旖捷莘方绞式絓\fgiebar.dll, N/A>
[实用搜索工具条2.0]
  {03465FF5-00AE-411a-9C34-960ED566EC03} <C:\Program Files\superutilbar\superutilbar.dll, www.shiyongsousuo.com>
[金山快译(&K)]
  {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} <C:\PROGRA~1\Kingsoft\FastAIT\IEBand.dll, >
[internet explorer helper]
  {02C9B9AB-6372-46C5-B356-773FAF3B6B1E} <C:\WINDOWS\fonts\msshapi.dll, N/A>
[实用搜索工具条2.0]
  {03465FF5-00AE-411A-9C34-960ED566EC03} <C:\Program Files\superutilbar\superutilbar.dll, www.shiyongsousuo.com>
[Tencent Browser Helper]
  {0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\Adplus\SSAddr.dll, N/A>
[]
  {669751ED-D558-49AE-B01A-3B374CC7910E} <C:\WINDOWS\system32\ssup.dll, N/A>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[金山快译(&K)]
  {6C3797D2-3FEF-4CD4-B654-D3AE55B4128C} <C:\PROGRA~1\Kingsoft\FastAIT\IEBand.dll, >
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[]
  {A9930D97-9CF0-42A0-A10D-4F28836579D5} <C:\PROGRA~1\KuGoo2\KUGOO3~1.OCX, N/A>
[CPPIE Class]
  {C6844939-C324-41E0-84D0-D42F8DA5EBAD} <C:\WINDOWS\system32\hbcmd.dll, TODO: <公司名>>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[OAid Class]
  {DCC24EBC-B348-485D-9B32-CFE4B4163E84} <C:\WINDOWS\system32\danim.ocx, microsoft>
[快车(FlashGet)]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <E:\Documents and Settings\Administrator\桌烂面鎈\未词使褂用玫的淖桌烂面婵快旖捷莘方绞式絓\fgiebar.dll, N/A>
[ff Class]
  {FAAAC0F6-94BE-4466-934B-7C53666A2F41} <C:\WINDOWS\system32\82d1.dll, N/A>
[上传到QQ网络硬盘]
  <E:\下载夹\AddToNetDisk.htm, N/A>
[使用KuGoo3下载(&K)]
  <C:\Program Files\KuGoo2\KuGoo3DownX.htm, N/A>
[添加到QQ自定义面板]
  <E:\下载夹\AddPanel.htm, N/A>
[添加到QQ表情]
  <E:\下载夹\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <E:\下载夹\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 316 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 372 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 396 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 440 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 452 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 596 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 656 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 712 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\windows\system32\ebzfy.dll]  [Microsoft Corporation, 5.1.2600.0]
[PID: 828 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 840 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 980 / Administrator][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

[C:\WINDOWS\system32\igfxpph.dll]  [Intel Corporation, 3,0,0,2104]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3,0,0,2104]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3,0,0,2104]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3,0,0,2104]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3,0,0,2104]
    [C:\WINDOWS\system32\SZWB.IME]  [广州三讯(3C)信息技术开发有限公司, 3.10.2002]
    [C:\WINDOWS\system32\igfxress.dll]  [Intel Corporation, 3,0,0,2104]
    [C:\WINDOWS\system32\WINWB98.IME]  [Microsoft Corporation, 4.00.950]
    [C:\WINDOWS\system32\JPWB.IME]  [常诚研制, 4.00.950]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll]  [Symantec Corporation, 9.0.0.338]
    [C:\WINDOWS\system32\hbcmd.dll]  [TODO: <公司名>, 1.0.0.1]
    [C:\WINDOWS\system32\danim.ocx]  [microsoft, 1.0.0.1]
    [E:\下载夹\qdshm.dll]  [, 1, 0, 101, 20]
    [E:\下载夹\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
[PID: 1012 / SYSTEM][C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe]  [Symantec Corporation, 2.2.0.577]
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 2.2.0.577]
[PID: 1048 / SYSTEM][C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe]  [Symantec Corporation, 2.2.0.577]
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 2.2.0.577]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\CCSETEVT.DLL]  [Symantec Corporation, 2.2.0.577]
[PID: 1180 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\CNMLM75.DLL]  [CANON INC., 1.90.2.20]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD75.DLL]  [CANON INC., 1.90.2.20]
[PID: 1400 / SYSTEM][C:\Program Files\Symantec AntiVirus\DefWatch.exe]  [Symantec Corporation, 9.0.0.338]
[PID: 1588 / SYSTEM][C:\Program Files\Symantec AntiVirus\Rtvscan.exe]  [Symantec Corporation, 9.0.0.338]
    [C:\WINDOWS\system32\CBA.DLL]  [Intel? Corporation, 6.12.0.112 E]
    [C:\WINDOWS\system32\MsgSys.dll]  [Intel? Corporation, 6.12.0.112 E]
    [C:\WINDOWS\system32\NTS.dll]  [Intel? Corporation, 6.12.0.112 E]
    [C:\WINDOWS\system32\PDS.DLL]  [Intel? Corporation, 6.12.0.112 E]
    [C:\Program Files\Symantec AntiVirus\NAVLU.dll]  [Symantec Corporation, 9.0.0.338]
    [C:\Program Files\Symantec AntiVirus\I2ldvp3.dll]  [Symantec Corporation, 9.0.0.338]
    [C:\Program Files\Symantec AntiVirus\ecmldr32.DLL]  [Symantec Corp., 1.1.0.3]
    [C:\Program Files\Symantec AntiVirus\SAVRT32.DLL]  [Symantec Corporation, 9.3.0.28]
    [C:\Program Files\Symantec AntiVirus\NAVNTUTL.DLL]  [Symantec Corporation, 9.0.0.338]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070703.025\ecmsvr32.dll]  [Symantec Corporation, 71.2.0.12]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070703.025\NAVEX32a.DLL]  [Symantec Corporation, 20071.2.0.18]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070703.025\NAVENG32.DLL]  [Symantec Corporation, 20071.2.0.18]
    [C:\Program Files\Symantec AntiVirus\IMail.dll]  [Symantec Corporation, 9.0.0.338]
    [C:\Program Files\Symantec AntiVirus\NotesExt.dll]  [Symantec Corporation, 9.0.0.338]
    [C:\Program Files\Symantec AntiVirus\vpmsece.dll]  [Symantec Corporation, 9.0.0.338]
    [C:\Program Files\Common Files\Symantec Shared\SSC\scandlgs.dll]  [Symantec Corporation, 9.0.0.338]
    [C:\Program Files\Symantec AntiVirus\DecSDK.dll]  [Symantec Corporation, 3.02.11.32]
    [C:\Program Files\Symantec AntiVirus\Dec2.dll]  [Symantec Corporation, 3.02.11.32]
    [C:\Program Files\Symantec AntiVirus\Dec2ID.dll]  [Symantec Corporation, 3.02.11.32]
    [C:\Program Files\Symantec AntiVirus\Dec2ZIP.dll]  [Symantec Corporation, 3.02.11.32]
    [C:\Program Files\Symantec AntiVirus\Dec2SS.dll]  [Symantec Corporation, 3.02.11.32]
    [C:\Program Files\Symantec AntiVirus\Dec2GZIP.dll]  [Symantec Corporation, 3.02.11.32]
    [C:\Program Files\Symantec AntiVirus\Dec2CAB.dll]  [Symantec Corporation, 3.02.11.32]
    [C:\Program Files\Symantec AntiVirus\Dec2LHA.dll]  [Symantec Corporation, 3.02.11.32]
    [C:\Program Files\Symantec AntiVirus\Dec2ARJ.dll]  [Symantec Corporation, 3.02.11.32]
    [C:\Program Files\Symantec AntiVirus\Dec2TNEF.dll]  [Symantec Corporation, 3.02.11.32]
    [C:\Program Files\Symantec AntiVirus\Dec2LZ.dll]  [Symantec Corporation, 3.02.11.32]
    [C:\Program Files\Symantec AntiVirus\Dec2AMG.dll]  [Symantec Corporation, 3.02.11.32]
    [C:\Program Files\Symantec AntiVirus\Dec2TAR.dll]  [Symantec Corporation, 3.02.11.32]
    [C:\Program Files\Symantec AntiVirus\Dec2RTF.dll]  [Symantec Corporation, 3.02.11.32]
    [C:\Program Files\Symantec AntiVirus\Dec2Text.dll]  [Symantec Corporation, 3.02.11.32]
[PID: 888 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 9748 / Administrator][C:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\cmdl32.dll]  [mcsoft, 1, 0, 0, 0]
    [C:\WINDOWS\system32\GTIAPI.DLL]  [N/A, ]
    [C:\WINDOWS\system32\bofang.dll]  [  , 1, 0, 0, 3]
[PID: 10060 / SYSTEM][C:\WINDOWS\system32\ddraw.exe]  [N/A, ]
[PID: 10124 / Administrator][E:\hijackthis\sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [E:\hijackthis\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
进程特权扫描
N/A

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

服务
[MOBILL / BKMARKS][Stopped/Auto Start]
<C:\WINDOWS\SYSTEM32\RUNDLL2000.EXE C:\WINDOWS\SYSTEM32\WBEM\CGOPW.DLL,Export 1087><Microsoft Corporation>
[error monitor / EmonSrv][Stopped/Auto Start]
<C:\WINDOWS\system32\lfrmewrk.exe><N/A>
[Volume Optimization / Hardware][Running/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\ebzfy.dll><Microsoft Corporation>
[ms cic / mscic][Stopped/Auto Start]
<C:\WINDOWS\system32\CIC~1.EXE><N/A>
[ms ddraw / msddraw][Running/Auto Start]
<C:\WINDOWS\system32\ddraw.exe><N/A>
[Fax 2Client / ms_2fax][Stopped/Auto Start]
<C:\WINDOWS\system32\2d441.exe><N/A>
[Servicel / Servicel][Stopped/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\jetspeed.dll><N/A>
驱动
[autoliv / autolive][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\autolive.sys><N/A>
[bjgbbced / bjgbbced][Stopped/Boot Start]
<\SystemRoot\system32\drivers\bjgbbced.sys><N/A>
[ProcServ / ProcServ][Stopped/Auto Start]
<\??\C:\WINDOWS\system32\drivers\ProcServ.sys><N/A>
[tttiqu4 / tttiqu43][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\tttiqu43.sys><N/A>
[front / front][Stopped/]
<2 - 系统找不到指定的文件。
><N/A>
[roreg / roreg][Stopped/]
<2 - 系统找不到指定的文件。
><N/A>
删除
[PID: 10060 / SYSTEM][C:\WINDOWS\system32\ddraw.exe] [N/A, ]
等高手补充

修复
R3 - URLSearchHook: SrchHook Class - {EED92A43-CFCE-4548-BD73-B0A405470ED5} - C:\PROGRA~1\CNNIC\Cdn\iesrch.dll (file missing)
O2 - BHO: LpksatHlpr Class - {00C104F7-0F5C-470C-ABCF-A5B2E70752F1} - C:\WINDOWS\system32\lpkwat.dll
O2 - BHO: internet explorer helper - {02C9B9AB-6372-46C5-B356-773FAF3B6B1E} - C:\WINDOWS\fonts\msshapi.dll (file missing)
O2 - BHO: (no name) - {36BF6929-DCBC-4CCD-A620-C5E3BBA77B95} - (no file)
O2 - BHO: (no name) - {669751ED-D558-49AE-B01A-3B374CC7910E} - C:\WINDOWS\system32\ssup.dll (file missing)
O2 - BHO: CPPIE Class - {C6844939-C324-41E0-84D0-D42F8DA5EBAD} - C:\WINDOWS\system32\hbcmd.dll
O2 - BHO: OAid Class - {DCC24EBC-B348-485D-9B32-CFE4B4163E84} - C:\WINDOWS\system32\danim.ocx
O2 - BHO: (no name) - {EB21FA8C-3CEB-402C-A113-5F173BE954ED} - (no file)
O2 - BHO: ff Class - {FAAAC0F6-94BE-4466-934B-7C53666A2F41} - C:\WINDOWS\system32\82d1.dll (file missing)
O3 - Toolbar: 快车(FlashGet) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\Documents and Settings\Administrator\桌烂面鎈\未词使褂用玫的淖桌烂面婵快旖捷莘方绞式絓\fgiebar.dll (file missing)


用sreng
删除启动项目=>服务
[MOBILL / BKMARKS][Stopped/Auto Start]
<C:\WINDOWS\SYSTEM32\RUNDLL2000.EXE C:\WINDOWS\SYSTEM32\WBEM\CGOPW.DLL,Export 1087><Microsoft Corporation>
[error monitor / EmonSrv][Stopped/Auto Start]
<C:\WINDOWS\system32\lfrmewrk.exe><N/A>
[Volume Optimization / Hardware][Running/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\ebzfy.dll><Microsoft Corporation>
[ms cic / mscic][Stopped/Auto Start]
<C:\WINDOWS\system32\CIC~1.EXE><N/A>
[ms ddraw / msddraw][Running/Auto Start]
<C:\WINDOWS\system32\ddraw.exe><N/A>
[Fax 2Client / ms_2fax][Stopped/Auto Start]
<C:\WINDOWS\system32\2d441.exe><N/A>

删除文件
C:\WINDOWS\system32\lpkwat.dll
C:\WINDOWS\system32\hbcmd.dll
C:\WINDOWS\system32\danim.ocx
C:\WINDOWS\SYSTEM32\WBEM\CGOPW.DLL
C:\WINDOWS\system32\lfrmewrk.exe
C:\WINDOWS\system32\ebzfy.dll
C:\WINDOWS\system32\CIC~1.EXE
C:\WINDOWS\system32\ddraw.exe
C:\WINDOWS\system32\2d441.exe