内存够  它说不够  老妈的QQ被盗了  但还是杀不到  帮忙看下谢谢
2006-06-22,21:32:03

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [Microsoft Corporation]
    <2d2fe4f21b680ee5a6f27b4d137ddb67><"E:\dl1123dbwb06w.821.0.exe" -t 821.0>  []
    <iDuba Personal FireWall><>  []
    <MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background>  [Microsoft Corporation]
    <Microsoft TAP><C:\WINDOWS\system32\AppEvent.exe>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <KB83072651><C:\WINDOWS\system32\AppEvent.exe>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [Microsoft Corporation]
    <SiS Windows KeyHook><C:\WINDOWS\system32\keyhook.exe>  [Silicon Integrated Systems Corporation]
    <HTpatch><C:\WINDOWS\htpatch.exe>  []
    <SoundMan><SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <Kavrun><>  []
    <iDuba Personal FireWall><>  []
    <zcom><\zPlatform.exe MIN>  []
    <helper.dll><C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32>  []
    <CnsMin><Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32>  [北京三七二一科技有限公司]
    <YLive.exe><C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe>  [ ]
    <bgoomain.exe><C:\PROGRA~1\baigoo\bgoomain.exe>  [BGoo]
    <SOUNDM><winsmd.exe>  []
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><EXPLORER.EXE>  [Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><KB273100M.LOG>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
    <{D157330A-9EF3-49F8-9A67-4141AC41ADD4}><C:\WINDOWS\DOWNLO~1\CnsHook.dll>  [北京三七二一科技有限公司]
    <{05EF2868-C051-4B7C-BF55-88C73777A871}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\MsInfo.rx>  []
    <{99F1D023-7CEB-4586-80F7-BB1A98DB7602}><C:\Program Files\Internet Explorer\IEXPLORE.Sys>  []
    <{C17F45F1-E862-47EA-8668-BFAAC82C2895}><C:\WINDOWS\inf\mutou410.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <DLMon><C:\WINDOWS\system32\DLMain.dll>  []

==================================
启动文件夹
[Utility Tray]
  <C:\Documents and Settings\All Users.WINDOWS\「开始」菜单\程序\启动\Utility Tray.lnk><N>

==================================
服务
[Alerter / Alerter]
  <><N/A>
[Rising Process Communication Center / RsCCenter]
  <"E:\Program Files\Rising\Rav\CCenter.exe"><N/A>
[RsRavMon Service / RsRavMon]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
浏览器加载项
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[Ad Engine]
  {077FD0C3-1291-4104-A356-41E36B252682} <C:\Program Files\Yayad\AdCore.dll, CDM>
[Yahoo!Photo]
  {33BBE430-0E42-4f12-B075-8D21ACB10DCB} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll, Yahoo! China>
[AntiFish Class]
  {38928D50-8A48-44C2-945F-D2F23F771410} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll, Yahoo.>
[雅虎助手]
  {406F94F0-504F-4a40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, Yahoo!>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <E:\QQQ2005\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Status Class]
  {7BDAF75A-0D6F-4F50-AFE9-333D08DF4005} <C:\Program Files\baigoo\BGooBHO.dll, >
[]
  {A9930D97-9CF0-42A0-A10D-4F28836579D5} <C:\PROGRA~1\KuGoo3\KUGOO3~1.OCX, N/A>
[CnsHook Class]
  {D157330A-9EF3-49F8-9A67-4141AC41ADD4} <C:\WINDOWS\DOWNLO~1\CnsHook.dll, 北京三七二一科技有限公司>
[浩方对战平台]
  {0A155D3C-68E2-4215-A47A-E800A446447A} <F:\Program Files\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司>
[Yahoo 1G电邮]
  {507F9113-CD77-4866-BA92-0E86DA3D0B97} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail, N/A>
[寻宝乐趣多]
  {59BC54A2-56B3-44a0-93E5-432D58746E26} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=taobao, N/A>
[雅虎助手]
  {5D73EE86-05F1-49ed-B850-E423120EC338} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <E:\QQQ2005\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <E:\QQQ2005\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[情景聊天]
  {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg, N/A>
[]
  {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair, N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[]
  {FD00D911-7529-4084-9946-A29F1BDF4FE5} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean, N/A>
[雅虎助手]
  {406F94F0-504F-4a40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, Yahoo!>
[LiveMediaOcx Control]
  {9242BB35-0DB0-43AC-8DFC-8EA07E63B92A} <E:\QQLIVE~1\QQLive.ocx, >
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[Ad Engine]
  {077FD0C3-1291-4104-A356-41E36B252682} <C:\Program Files\Yayad\AdCore.dll, CDM>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[Yahoo!Photo]
  {33BBE430-0E42-4F12-B075-8D21ACB10DCB} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll, Yahoo! China>
[AntiFish Class]
  {38928D50-8A48-44C2-945F-D2F23F771410} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll, Yahoo.>
[雅虎助手]
  {406F94F0-504F-4A40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, Yahoo!>
[HHCtrl Object]
  {41B23C28-488E-4E5C-ACE2-BB0BBABE99E8} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <E:\QQQ2005\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[MediaComm Class]
  {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <D:\xunlei\MediaAddin03.dll, Thunder Networking Technologies,LTD>
[Status Class]
  {7BDAF75A-0D6F-4F50-AFE9-333D08DF4005} <C:\Program Files\baigoo\BGooBHO.dll, >
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[]
  {A9930D97-9CF0-42A0-A10D-4F28836579D5} <C:\PROGRA~1\KuGoo3\KUGOO3~1.OCX, N/A>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__MPEG Moniker Class]
  {CD3AFA89-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[CnsHook Class]
  {D157330A-9EF3-49F8-9A67-4141AC41ADD4} <C:\WINDOWS\DOWNLO~1\CnsHook.dll, 北京三七二一科技有限公司>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[Windows Script Host Shell Object]
  {F935DC22-1CF0-11D0-ADB9-00C04FD58A0B} <C:\WINDOWS\system32\wshom.ocx, Microsoft Corporation>
[&使用迅雷下载]
  <D:\xunlei\geturl.htm, N/A>
[&使用迅雷下载全部链接]
  <D:\xunlei\getallurl.htm, N/A>
[上传到QQ网络硬盘]
  <E:\QQQ2005\AddToNetDisk.htm, N/A>
[使用KuGoo3下载(&K)]
  <C:\Program Files\KuGoo3\KuGoo3DownX.htm, N/A>
[添加到QQ自定义面板]
  <E:\QQQ2005\AddPanel.htm, N/A>
[添加到QQ表情]
  <E:\QQQ2005\AddEmotion.htm, N/A>
[添加到雅虎订阅(&Y)]
  <res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrss.dll/YRSSMENUEXT, N/A>
[用QQ彩信发送该图片]
  <E:\QQQ2005\SendMMS.htm, N/A>
[雅虎搜索]
  <res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/246, N/A>

==================================

正在运行的进程
[PID: 432][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 496][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 520][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\KB273100M.LOG]  <N/A><N/A>
[PID: 572][C:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\KB273100M.LOG]  <N/A><N/A>
[PID: 584][C:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\KB273100M.LOG]  <N/A><N/A>
[PID: 748][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\KB273100M.LOG]  <N/A><N/A>
[PID: 816][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\KB273100M.LOG]  <N/A><N/A>
[PID: 892][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\KB273100M.LOG]  <N/A><N/A>
[PID: 944][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\KB273100M.LOG]  <N/A><N/A>
[PID: 1060][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\KB273100M.LOG]  <N/A><N/A>
[PID: 1240][C:\WINDOWS\system32\spoolsv.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\KB273100M.LOG]  <N/A><N/A>
[PID: 1476][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\KB273100M.LOG]  <N/A><N/A>
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 1>
    [C:\PROGRA~1\3721\helper.dll]  <><1, 0, 9, 1324>
    [C:\PROGRA~1\3721\alrex.dll]  <><1, 0, 1, 1001>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
    [C:\PROGRA~1\baigoo\bgoohk.dll]  < ><1, 0, 0, 1005>
    [C:\WINDOWS\system32\KB2731006.LOG]  <N/A><N/A>
    [C:\WINDOWS\inf\mutou410.dll]  <N/A><N/A>
    [C:\PROGRA~1\3721\autolive.dll]  <><1, 1, 5, 1324>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\YAlive.dll]  <><2, 1, 4, 1044>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]  < ><2, 0, 1, 1007>
    [C:\WINDOWS\system32\xunleibho_v14.dll]  <Thunder Networking Technologies,LTD><4, 6, 0, 62>
    [C:\WINDOWS\DOWNLO~1\CnsHook.dll]  <北京三七二一科技有限公司><1, 0, 2, 7>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll]  <Yahoo! China><1, 1, 3, 1035>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll]  <Yahoo!><2, 1, 8, 1048>
    [C:\Program Files\baigoo\BGooBHO.dll]  <><1, 0, 0, 1>
    [C:\PROGRA~1\KuGoo3\KUGOO3~1.OCX]  <N/A><N/A>
    [C:\WINDOWS\system32\RavExt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
    [C:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
[PID: 1580][C:\WINDOWS\system32\Rundll32.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\KB273100M.LOG]  <N/A><N/A>
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 1>
    [C:\WINDOWS\DOWNLO~1\CnsMinIO.dll]  <北京三七二一科技有限公司><1, 0, 3, 6>
    [C:\WINDOWS\DOWNLO~1\cnsio.dll]  <北京三七二一科技有限公司><1, 0, 2, 7>
    [C:\WINDOWS\DOWNLO~1\CnsMinEx.dll]  <国风因特软件(北京)有限公司><1, 0, 3, 1>
[PID: 1756][C:\WINDOWS\LSASS.exe]  <cs55d><0.00.0073>
    [C:\WINDOWS\KB273100M.LOG]  <N/A><N/A>
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 1>
[PID: 1792][C:\WINDOWS\system32\ctfmon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\KB273100M.LOG]  <N/A><N/A>
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 1>
[PID: 1352][C:\Program Files\Rising\Rav\RavTask.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
    [C:\WINDOWS\KB273100M.LOG]  <N/A><N/A>
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\Program Files\Rising\Rav\RSAPPMGR.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
    [C:\Program Files\Rising\Rav\CfgDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
    [C:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
    [C:\PROGRA~1\baigoo\bgoohk.dll]  < ><1, 0, 0, 1005>
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 1>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
[PID: 1340][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  <RealNetworks, Inc.><0.1.0.3249>
    [C:\WINDOWS\KB273100M.LOG]  <N/A><N/A>
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 1>
    [C:\PROGRA~1\3721\helper.dll]  <><1, 0, 9, 1324>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
    [C:\PROGRA~1\baigoo\bgoohk.dll]  < ><1, 0, 0, 1005>
[PID: 1384][C:\PROGRA~1\baigoo\bgoomain.exe]  <BGoo><1, 0, 0, 1005>
    [C:\WINDOWS\KB273100M.LOG]  <N/A><N/A>
    [C:\PROGRA~1\baigoo\bgoohk.dll]  < ><1, 0, 0, 1005>
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 1>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
    [C:\PROGRA~1\baigoo\bgooex.dll]  <><1, 0, 0, 1007>
[PID: 1396][C:\WINDOWS\system32\keyhook.exe]  <Silicon Integrated Systems Corporation><0.0.0.3580>
    [C:\WINDOWS\system32\SiSApCom.dll]  <Silicon Integrated Systems Corporation><0.0.0.3580>
    [C:\WINDOWS\system32\SiSBase.dll]  <Silicon Integrated Systems Corporation><6.14.10.3580>
    [C:\WINDOWS\KB273100M.LOG]  <N/A><N/A>
    [C:\WINDOWS\system32\InstFunc.dll]  <Silicon Integrated Systems Corporation><6.14.10.3580>
    [C:\WINDOWS\system32\SiSParse.dll]  <Silicon Integrated Systems Corporation><6.14.10.3580>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
    [C:\PROGRA~1\baigoo\bgoohk.dll]  < ><1, 0, 0, 1005>
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 1>
    [C:\PROGRA~1\3721\helper.dll]  <><1, 0, 9, 1324>
[PID: 1452][C:\WINDOWS\htpatch.exe]  <N/A><N/A>
    [C:\WINDOWS\WINIO.dll]  <http://www.internals.com><2.0>
    [C:\WINDOWS\KB273100M.LOG]  <N/A><N/A>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
    [C:\PROGRA~1\baigoo\bgoohk.dll]  < ><1, 0, 0, 1005>
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 1>
[PID: 1128][C:\WINDOWS\system32\wscntfy.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\KB273100M.LOG]  <N/A><N/A>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
    [C:\PROGRA~1\baigoo\bgoohk.dll]  < ><1, 0, 0, 1005>
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 1>
    [C:\PROGRA~1\3721\helper.dll]  <><1, 0, 9, 1324>
[PID: 1052][C:\WINDOWS\SOUNDMAN.EXE]  <Realtek Semiconductor Corp.><5.1.0.24>
    [C:\WINDOWS\KB273100M.LOG]  <N/A><N/A>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
    [C:\PROGRA~1\baigoo\bgoohk.dll]  < ><1, 0, 0, 1005>
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 1>
    [C:\PROGRA~1\3721\helper.dll]  <><1, 0, 9, 1324>
[PID: 1068][C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe]  < ><2, 0, 0, 1002>
    [C:\WINDOWS\KB273100M.LOG]  <N/A><N/A>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
    [C:\PROGRA~1\baigoo\bgoohk.dll]  < ><1, 0, 0, 1005>
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 1>
    [C:\PROGRA~1\3721\helper.dll]  <><1, 0, 9, 1324>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\YAlive.dll]  <><2, 1, 4, 1044>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]  < ><2, 0, 1, 1007>
    [C:\WINDOWS\inf\mutou410.dll]  <N/A><N/A>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Ynotifier.dll]  <><1, 0, 0, 5>
[PID: 1696][C:\WINDOWS\System32\alg.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\KB273100M.LOG]  <N/A><N/A>

[PID: 1528][C:\WINDOWS\system32\rundll32.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\KB273100M.LOG]  <N/A><N/A>
    [C:\PROGRA~1\3721\helper.dll]  <><1, 0, 9, 1324>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
    [C:\PROGRA~1\baigoo\bgoohk.dll]  < ><1, 0, 0, 1005>
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 1>
    [C:\PROGRA~1\3721\autolive.dll]  <><1, 1, 5, 1324>
    [C:\WINDOWS\inf\mutou410.dll]  <N/A><N/A>
    [C:\PROGRA~1\3721\notifier.dll]  <><1, 0, 0, 5>
[PID: 2072][C:\WINDOWS\system32\sistray.exe]  <Silicon Integrated Systems Corporation><0.0.0.3580>
    [C:\WINDOWS\system32\SiSApCom.dll]  <Silicon Integrated Systems Corporation><0.0.0.3580>
    [C:\WINDOWS\system32\SiSBase.dll]  <Silicon Integrated Systems Corporation><6.14.10.3580>
    [C:\WINDOWS\KB273100M.LOG]  <N/A><N/A>
    [C:\WINDOWS\system32\InstFunc.dll]  <Silicon Integrated Systems Corporation><6.14.10.3580>
    [C:\WINDOWS\system32\SiSParse.dll]  <Silicon Integrated Systems Corporation><6.14.10.3580>
    [C:\PROGRA~1\3721\helper.dll]  <><1, 0, 9, 1324>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
    [C:\PROGRA~1\baigoo\bgoohk.dll]  < ><1, 0, 0, 1005>
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 1>
[PID: 2080][C:\Program Files\Messenger\msmsgs.exe]  <Microsoft Corporation><4.7.3000>
    [C:\WINDOWS\KB273100M.LOG]  <N/A><N/A>
    [C:\PROGRA~1\3721\helper.dll]  <><1, 0, 9, 1324>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
    [C:\PROGRA~1\baigoo\bgoohk.dll]  < ><1, 0, 0, 1005>
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 1>
[PID: 3164][C:\Program Files\Yayad\AdPop.Exe]  <CDM><1.0.0.1>
    [C:\WINDOWS\KB273100M.LOG]  <N/A><N/A>
    [C:\WINDOWS\inf\mutou410.dll]  <N/A><N/A>
    [C:\PROGRA~1\3721\helper.dll]  <><1, 0, 9, 1324>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
    [C:\PROGRA~1\baigoo\bgoohk.dll]  < ><1, 0, 0, 1005>
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 1>
    [C:\Program Files\Yayad\autoupdate.dll]  <CDM><1.0.0.1>
[PID: 3616][C:\Program Files\Internet Explorer\iexplore.exe]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\KB273100M.LOG]  <N/A><N/A>
    [C:\WINDOWS\inf\mutou410.dll]  <N/A><N/A>
    [C:\PROGRA~1\3721\helper.dll]  <><1, 0, 9, 1324>
    [C:\PROGRA~1\3721\scrblock.dll]  <3721><1, 0, 1, 1000>
    [C:\PROGRA~1\3721\alrex.dll]  <><1, 0, 1, 1001>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\yscrblock.dll]  <Yahoo><1, 0, 2, 1002>
    [C:\PROGRA~1\baigoo\bgoohk.dll]  < ><1, 0, 0, 1005>
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 1>
    [C:\WINDOWS\DOWNLO~1\CnsHint.dll]  <3721><1, 0, 0, 7>
    [C:\PROGRA~1\3721\autolive.dll]  <><1, 1, 5, 1324>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\YAlive.dll]  <><2, 1, 4, 1044>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]  < ><2, 0, 1, 1007>
    [C:\WINDOWS\DOWNLO~1\cnsplus.dll]  <3721><1, 0, 0, 2>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll]  <Yahoo!><2, 1, 8, 1048>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasiesec.dll]  <Yahoo><1, 0, 2, 1003>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasnoad.dll]  <><1, 1, 4, 1006>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yzsNetProto.dll]  <Yahoo><1, 0, 0, 1>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll]  <Yahoo! China><1, 1, 3, 1035>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrss.dll]  <Yahoo! China><1, 0, 1, 1015>
    [C:\WINDOWS\system32\RavExt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
    [C:\WINDOWS\DOWNLO~1\CnsHook.dll]  <北京三七二一科技有限公司><1, 0, 2, 7>
    [C:\WINDOWS\system32\xunleibho_v14.dll]  <Thunder Networking Technologies,LTD><4, 6, 0, 62>
    [C:\Program Files\Yayad\AdCore.dll]  <CDM><1.0.0.1>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll]  <Yahoo.><1, 0, 2, 1002>
    [E:\QQQ2005\QQIEHelper.dll]  <深圳市腾讯计算机系统有限公司><1, 1, 0, 5>
    [C:\Program Files\baigoo\BGooBHO.dll]  <><1, 0, 0, 1>
    [C:\PROGRA~1\KuGoo3\KUGOO3~1.OCX]  <N/A><N/A>
    [C:\PROGRA~1\baigoo\bgook.dll]  <BAIGOO.COM><1, 0, 0, 1007>
    [C:\PROGRA~1\baigoo\plugin\bgoobar\bgoobar.dll]  <BAIGOO><1, 0, 0, 1006>
    [C:\PROGRA~1\baigoo\plugin\bgoocos\bgoocos.dll]  <BAIGOO><1.0.0.1007>
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
    [C:\WINDOWS\DOWNLO~1\CnsMinIO.dll]  <北京三七二一科技有限公司><1, 0, 3, 6>
    [C:\WINDOWS\DOWNLO~1\cnsio.dll]  <北京三七二一科技有限公司><1, 0, 2, 7>
    [C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx]  <Macromedia, Inc.><8,0,22,0>
[PID: 3968][D:\xunlei\Thunder.exe]  <Thunder Networking Technologies,LTD><5.1.5.189>
    [D:\xunlei\UpdateDownload.dll]  <Thunder Networking Technologies,LTD><1, 0, 0, 2>
    [D:\xunlei\download_interface.dll]  <Thunder Networking Technologies,LTD><1, 0, 2, 74>
    [D:\xunlei\log4cplus.dll]  <><1, 0, 2, 1>
    [D:\xunlei\stlport_vc646.dll]  <STLport Consulting, Inc.><4.6.2003.1031>
    [D:\xunlei\msgmanage.dll]  <Thunder Networking Technologies,LTD><1, 0, 0, 15>
    [D:\xunlei\historyinfo_manage.dll]  <Thunder Networking Technologies,LTD><5, 2, 0, 148>
    [C:\WINDOWS\KB273100M.LOG]  <N/A><N/A>
    [C:\WINDOWS\inf\mutou410.dll]  <N/A><N/A>
    [C:\PROGRA~1\3721\helper.dll]  <><1, 0, 9, 1324>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
    [C:\PROGRA~1\baigoo\bgoohk.dll]  < ><1, 0, 0, 1005>
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 1>
    [D:\xunlei\iEmbed.dll]  <Thunder Networking Technologies,LTD><1, 1, 0, 22>
    [D:\xunlei\RegisterDll.dll]  <Thunder Networking Technologies,LTD><1, 2, 0, 7>
    [D:\xunlei\FloatBar.dll]  <Thunder Networking Technologies,LTD><1, 0, 0, 2>
    [D:\xunlei\Plugins\TingTing\TingTing.dll]  <Thunder Networking Technologies,LTD><1, 0, 0, 7>
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
    [D:\xunlei\iTargetAd.dll]  <Thunder Networking Technologies,LTD><1, 0, 0, 59>
    [C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx]  <Macromedia, Inc.><8,0,22,0>
    [C:\WINDOWS\system32\RavExt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
    [C:\WINDOWS\DOWNLO~1\CnsHook.dll]  <北京三七二一科技有限公司><1, 0, 2, 7>
[PID: 424][F:\sreng2\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>
    [C:\WINDOWS\KB273100M.LOG]  <N/A><N/A>
    [C:\WINDOWS\inf\mutou410.dll]  <N/A><N/A>
    [C:\PROGRA~1\3721\helper.dll]  <><1, 0, 9, 1324>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 1, 1018>
    [C:\PROGRA~1\baigoo\bgoohk.dll]  < ><1, 0, 0, 1005>
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 1>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

[PID: 1756][C:\WINDOWS\LSASS.exe] <cs55d><0.00.0073>
木马