我的机子会莫名奇妙的出现下面的弹出框，有时候会在IE浏览器未打开的时候也会出现弹出窗口（标题是“欢迎进入NCard富媒体世界”）

HijackThis的报告中有：
O10 - 未知的文件在 Winsock LSP: c:\windows\system32\msplus.dll
O10 - 未知的文件在 Winsock LSP: c:\windows\system32\msplus.dll

安全模式下用LSPFix修复，有这么几项：
文件：          描述：
mswsock.dll      Tcpip
winrnr.dll      NTDS
msplus.dll      (Protocol handler)

选择修复msplus.dll ，
结果msplus.dll变成quartz32.dll    (Protocol handler)
（C:\WINDOWS\system32\quartz32.dll）

再怎么LSPFix也去不掉！

附：
关于roogoo：
http://www.google.com/search?sourceid=navclient-ff&ie=UTF-8&rls=GGGL,GGGL:2006-10,GGGL:zh-CN&q=roogoo
关于MSPlus.dll ：
http://zhidao.baidu.com/question/8791271.html
http://bbs.cnns.net/viewthread.php?tid=8964

注册表里的这个删了也没有用：

附HijackThis报告：
HijackThis_815汉化版扫描日志 V1.99.1
保存于      14:25:17, 日期 2006-7-7
操作系统：  Windows 2003 SP1 (WinNT 5.02.3790)
浏览器：    Internet Explorer v7.00 (7.00.5346.0005)

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe 【微软的安全工具】
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\KV2004\KVSrvXP.exe  【江民杀毒KV2004】
D:\PROGRA~1\MICROS~1\MSSQL\binn\sqlservr.exe 【SQL数据库】
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe 【不知道】
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\KV2004\KVMonXP.kxp
D:\Program Files\SkyNet\FireWall\pfw.exe 【天网防火墙】
C:\WINDOWS\SOUNDMAN.EXE 【声卡管理软件】
C:\Program Files\Windows Defender\MSASCui.exe【微软的安全工具】
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe【google桌面】
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopQQPlugin.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
D:\Program Files\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe 【一个动态换桌面的工具】
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\qq\QQ.exe
D:\Program Files\qq\TIMPlatform.exe
D:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe 【截屏工具】
D:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
D:\Program Files\EQSpyWatch\EQSpyWatch.exe 【一个防流氓软件的工具】
I:\soft\IE修复工具\HijackThis\★HijackThis1991汉化版\HijackThis1991.exe

O1 - Hosts: 145.97.39.132 en.wikipedia.org
O1 - Hosts: 145.97.39.132 zh.wikipedia.org
O1 - Hosts: 145.97.39.132 jp.wikipedia.org
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CookieHlprObj Class - {4DF1DB24-A57C-11d3-A180-00A0C90AE44B} - d:\Program Files\Zilla Popup Killer\Zilla Popup Killer Helper.dll
O2 - BHO: BrowseHelper Class - {80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} - C:\KV2004\KvShell.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - IE工具栏增项: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\fgiebar.dll
O3 - IE工具栏增项: 江民杀毒工具栏 - {B5A34A93-D538-43A7-8371-864CB6148D12} - C:\KV2004\KvShell.dll
O3 - IE工具栏增项: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - IE工具栏增项: &Google Notebook - {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - C:\Program Files\Google\Google Notebook\gnotes1.0.2.4-1882159324.dll
O4 - 启动项HKLM\\Run: [KvMonXP] C:\KV2004\KVMonXP.kxp /auto
O4 - 启动项HKLM\\Run: [SKYNET Personal FireWall] D:\Program Files\SkyNet\FireWall\pfw.exe
O4 - 启动项HKLM\\Run: [SoundMan] SOUNDMAN.EXE
O4 - 启动项HKLM\\Run: [桌面图标文字自动透明] D:\Program Files\Wom\WinMem.exe XP
O4 - 启动项HKLM\\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - 启动项HKLM\\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EQSpyWatch] d:\Program Files\EQSpyWatch\EQSpyWatch.exe /background
O4 - Startup: John's Background Switcher.lnk = D:\Program Files\johnsadventures.com\John's Background Switcher\BackgroundSwitcher.exe
O4 - Startup: 快捷方式 到 rarp.lnk = C:\Documents and Settings\Administrator\My Documents\rarp.bat 【自己做的防ARP木马的批处理文件】
O4 - Global Startup: 服务管理器.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - IE右键菜单中的新增项目: del.icio.us: my page - d:\Program Files\del.icio.us Context Menu\goto-my-del-icio-us.html
O8 - IE右键菜单中的新增项目: del.icio.us: post - d:\Program Files\del.icio.us Context Menu\post-to-del-icio-us.html
O8 - IE右键菜单中的新增项目: Note this (Google Note&book) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.4-1882159324.dll/gn_menu1.html
O8 - IE右键菜单中的新增项目: Note this (Google Notebook) - res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.4-1882159324.dll/gn_menu2.html
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - D:\Program Files\FlashGet\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - D:\Program Files\FlashGet\jc_all.htm
O8 - IE右键菜单中的新增项目: 发到美味书签（del.icio.us） - http://www.ee-studio.com/scripts/post_to_delicious.html
O8 - IE右键菜单中的新增项目: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O10 - 未知的文件在 Winsock LSP: c:\windows\system32\msplus.dll 【★★★】
O10 - 未知的文件在 Winsock LSP: c:\windows\system32\msplus.dll
O15 - “受信任的站点”中添加项: http://www.google.com
O15 - “受信任的站点”中添加项: http://del.icio.us
O15 - “受信任的站点”中添加项: http://login.live.com
O15 - “受信任的站点”中添加项: http://spaces.msn.com
O15 - “受信任的站点”中添加项: http://www.hotmail.msn.com
O15 - “受信任的站点”中添加项: http://www.orkut.com
O16 - DPF: {48FE89A0-486C-48DF-9DEC-BED22BDC6057} (XIsOro Control) - http://duiyi.sina.com.cn/download/OroCheck.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1142566200906
O17 - HKLM\System\CCS\Services\Tcpip\..\{E8473AE4-C50E-4684-8E1E-4858E5DCE3D1}: NameServer = 218.104.95.230,218.104.95.238
O18 - 列举现有的协议: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - 列举现有的协议: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\SYSTEM32\dimsntfy.dll
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O23 - NT 服务: pcAnywhere Host Service (awhost32) - Symantec Corporation - D:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - NT 服务: KVSrvXP - JiangMin Ltd. - C:\KV2004\KVSrvXP.exe
O23 - NT 服务: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

附SecAnalyst（安全分析专家）报告：（这个是用LSPFix修复过的，附【】内为自注释）
---------------------------------------------------------
#T0 SecAnalyst 分析报告 版本:0, 3, 2, 42
#操作系统 : Microsoft Windows Server 2003 family  Enterprise Edition Service Pack 1 (Build 3790) (CHS)
#系统目录 : C:\WINDOWS\system32
#浏览器  : Internet Explorer 7.0.5346.5
#生成时间 : 2006-7-7 15:10:27
#T2 请把报告贴到安全救援中心bbs.s-sos.net,我们的专家会为你做出诊断，另外，报告中的安全风险值仅仅表示可疑程度。
#Q1 (请在此输入你的电脑遇到的问题和异常情况..)


#O4  危险    自启动:[hkml\software\microsoft\windows\currentversion\run\Google Desktop Search]-"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup【google桌面工具，没有危险】
#O4  警告    自启动:[hkml\software\microsoft\windows\currentversion\shell extensions\approved\a?Context Menu Shell Extension]-c:\progra~1\a-squa~1\a2cont~1.dll【这是从微软网站上下的免费的安全工具a-squared StartCenter】
#O4  警告    自启动:[hkml\software\microsoft\windows\currentversion\shell extensions\approved\Shell Extensions for RealOne Player]-d:\program files\ringz studio\storm codec\rpshell.dll
#O4  警告    自启动:[hkml\software\microsoft\windows\currentversion\run\SoundMan]-SOUNDMAN.EXE【声卡管理程序】
#O4  警告    自启动:[hkml\software\microsoft\windows nt\currentversion\windows\Appinit_Dlls]-C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL【google工具】
#O4  低风险  自启动:[hkml\software\microsoft\windows\currentversion\shell extensions\approved\WinRAR shell extension]-c:\program files\winrar\rarext.dll
#O4  低风险  自启动:[hkml\software\microsoft\windows\currentversion\run\KvMonXP]-C:\KV2004\KVMonXP.kxp /auto
#O4  低风险  自启动:[c:\documents and settings\administrator\「开始」菜单\程序\启动]-快捷方式 到 rarp.lnk [file not found]
#O4  低风险  自启动:[c:\documents and settings\administrator\「开始」菜单\程序\启动]-John's Background Switcher.lnk [file not found]
#O4  低风险  自启动:[c:\documents and settings\all users\「开始」菜单\程序\启动]-服务管理器.lnk [file not found]
#O4  低风险  自启动:[hkml\software\microsoft\windows\currentversion\shell extensions\approved\ICQ Lite Shell Extension]-d:\program files\icqlite\icqliteshell.dll
#O4  低风险  自启动:[hkml\software\microsoft\windows\currentversion\shell extensions\approved\HyperTerminal Icon Ext]-hticons.dll [file not found]
#O4  低风险  自启动:[hkml\software\microsoft\windows\currentversion\shell extensions\approved\&Google Notebook]-c:\program files\google\google notebook\gnotes1.0.2.4-1882159324.dll
#O4  低风险  自启动:[hkml\software\microsoft\windows\currentversion\shell extensions\approved\&Google Notebook]-c:\program files\google\google notebook\gnotes1.0.2.4-1882159324.dll
#O4  低风险  自启动:[hkml\software\microsoft\windows\currentversion\run\桌面图标文字自动透明]-D:\Program Files\Wom\WinMem.exe XP
#O4  低风险  自启动:[hkcu\software\microsoft\windows\currentversion\run\EQSpyWatch]-d:\Program Files\EQSpyWatch\EQSpyWatch.exe /background



#O2  警告    BHO: {80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} - C:\KV2004\KvShell.dll【江民杀毒工具】
#O2  低风险  BHO: {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FlashGet\jccatch.dll
#O2  低风险  BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

#O3  警告    Toolbar: {B5A34A93-D538-43A7-8371-864CB6148D12} - VirusDoctor - C:\KV2004\KvShell.dll【江民杀毒工具】
#O3  低风险  Toolbar: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - FlashGet Bar - D:\PROGRA~1\FlashGet\fgiebar.dll
#O3  低风险  Toolbar: {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} - &Google Notebook - C:\Program Files\Google\Google Notebook\gnotes1.0.2.4-1882159324.dll

#M0  危险    DLL:C:\WINDOWS\system32\quartz32.dll【★★★$^*(%&%$%^#%##$$^^】
#M0  危险    DLL:C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll【安全的，google桌面工具】
#M0  警告    DLL:C:\Program Files\Google\Google Desktop Search\gzlib.dll
#M0  警告    DLL:C:\KV2004\KvShell.dll
#M0  警告    DLL:C:\PROGRA~1\Google\GOOGLE~2\GOA66E~1.DLL
#M0  警告    DLL:C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
#M0  低风险  DLL:C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_zh_cn.dll
#M0  低风险  DLL:D:\PROGRA~1\FlashGet\jccatch.dll
#M0  低风险  DLL:C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
#M0  低风险  DLL:C:\KV2004\KVComm_1.dll
#M0  低风险  DLL:C:\Program Files\Google\Google Notebook\gnotes1.0.2.4-1882159324.dll
#M0  低风险  DLL:C:\KV2004\APIImpl.dll
#M0  低风险  DLL:C:\KV2004\UpdateX.dll

#P0  危险    进程:c:\program files\google\google desktop search\googledesktop.exe
#P0  危险    进程:c:\program files\google\google desktop search\googledesktopindex.exe
#P0  警告    进程:c:\kv2004\kvsrvxp.exe
#P0  警告    进程:c:\program files\google\google desktop search\googledesktopqqplugin.exe
#P0  警告    进程:c:\windows\soundman.exe
#P0  警告    进程:c:\program files\google\google desktop search\googledesktopcrawl.exe
#P0  低风险  进程:c:\kv2004\kvmonxp.kxp
#P0  低风险  进程:d:\program files\eqspywatch\eqspywatch.exe

#S0  警告    NT 服务: KVSrvXP - 启动方式: 自动 - 当前状态: 已启动 - C:\KV2004\KVSrvXP.exe -Service

#O10 危险    Winsock LSP: (Protocol handler) - C:\WINDOWS\system32\quartz32.dll

#O18 警告    Protocol: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - C:\WINDOWS\wc98pp.dll


您的电脑整体安全风险为高(120分)，可能已经被破坏，请尽快处理!

2006-07-07,18:04:22

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows Server 2003 Enterprise Edition Service Pack 1 (Build 3790)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [Microsoft Corporation]
    <EQSpyWatch><d:\Program Files\EQSpyWatch\EQSpyWatch.exe /background>  [EQSpyWatch]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <KvMonXP><C:\KV2004\KVMonXP.kxp /auto>  [JiangMin Ltd.]
    <SKYNET Personal FireWall><D:\Program Files\SkyNet\FireWall\pfw.exe>  [天网]
    <SoundMan><SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]
    <桌面图标文字自动透明><D:\Program Files\Wom\WinMem.exe XP>  []
    <Windows Defender><"C:\Program Files\Windows Defender\MSASCui.exe" -hide>  [Microsoft Corporation]
    <Google Desktop Search><"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup>  [Google]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL>  [Google]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><%SystemRoot%\system32\logonui.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PCANotify]
    <WinlogonNotify: PCANotify><PCANotify.dll>  [Symantec Corporation]

==================================
启动文件夹
[服务管理器]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\服务管理器.lnk><N>
[John's Background Switcher]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\John's Background Switcher.lnk><N>
[快捷方式 到 rarp]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\快捷方式 到 rarp.lnk><N>

==================================
服务
[pcAnywhere Host Service / awhost32]
  <D:\Program Files\Symantec\pcAnywhere\awhost32.exe><Symantec Corporation>
[KVSrvXP / KVSrvXP]
  <C:\KV2004\KVSrvXP.exe -Service><JiangMin Ltd.>
[Macromedia Licensing Service / Macromedia Licensing Service]
  <"C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"><N/A>

==================================
浏览器加载项
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[BrowseHelper Class]
  {80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} <C:\KV2004\KvShell.dll, JiangMin Lmt>
[Windows Live Sign-in Helper]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[IeCatch2 Class]
  {A5366673-E8CA-11D3-9CD9-0090271D075B} <D:\PROGRA~1\FlashGet\jccatch.dll, Amaze Soft>
[Google Toolbar Helper]
  {AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <D:\PROGRA~1\FlashGet\fgiebar.dll, Amaze Soft>
[江民杀毒工具栏]
  {B5A34A93-D538-43A7-8371-864CB6148D12} <C:\KV2004\KvShell.dll, JiangMin Lmt>
[&Google]
  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[&Google Notebook]
  {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} <C:\Program Files\Google\Google Notebook\gnotes1.0.2.4-1882159324.dll, N/A>
[Office Update Installation Engine]
  {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} <C:\WINDOWS\opuc.dll, Microsoft Corporation>
[XIsOro Control]
  {48FE89A0-486C-48DF-9DEC-BED22BDC6057} <C:\WINDOWS\DOWNLO~1\XISORO~1.OCX, >
[MSN Photo Upload Tool]
  {4F1E5B1A-2A80-42CA-8532-2D05CB959537} <C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, Microsoft? Corporation>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Java Plug-in]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in]
  {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_06]
  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll, Sun Microsystems, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8a.ocx, Macromedia, Inc.>
[Google Script Object]
  {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[&Google]
  {2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[XML DOM Document]
  {2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\system32\msxml3.dll, N/A>
[IETag Factory]
  {38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, Microsoft Corporation>
[]
  {4F07F79F-087F-42CF-8B36-7A88D06088E9} <C:\PROGRA~1\MSNMES~1\MSGSC8~1.DLL, Microsoft Corporation>
[HHCtrl Object]
  {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[BrowseHelper Class]
  {80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} <C:\KV2004\KvShell.dll, JiangMin Lmt>
[ICQ  Toolbar]
  {855F3B16-6D32-4FE6-8A56-BBB695989046} <D:\Program Files\ICQToolbar\toolbaru.dll, ICQ Inc.>
[Microsoft Web Browser]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[XML HTTP 4.0]
  {88D969C5-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml4.dll, Microsoft Corporation>
[Java Plug-in]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll, Sun Microsystems, Inc.>
[Windows Live Sign-in Helper]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[IeCatch2 Class]
  {A5366673-E8CA-11D3-9CD9-0090271D075B} <D:\PROGRA~1\FlashGet\jccatch.dll, Amaze Soft>
[Google Toolbar Helper]
  {AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[江民杀毒工具栏]
  {B5A34A93-D538-43A7-8371-864CB6148D12} <C:\KV2004\KvShell.dll, JiangMin Lmt>
[&Google Notebook]
  {CCCCCCDB-4DDB-4703-95D4-DD2C526397BF} <C:\Program Files\Google\Google Notebook\gnotes1.0.2.4-1882159324.dll, N/A>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
  {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Windows Live Sign-in Control]
  {D2517915-48CE-4286-970F-921E881B8C5C} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8a.ocx, Macromedia, Inc.>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <D:\PROGRA~1\FlashGet\fgiebar.dll, Amaze Soft>
[XML HTTP Request]
  {ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\system32\msxml3.dll, N/A>
[SFP Class]
  {F236CC5A-F6E4-4011-9EED-C52FDF51CE3D} <C:\WINDOWS\system32\Sbhoplin.dll, 广州众达天网技术有限公司>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A>
[del.icio.us: my page]
  <d:\Program Files\del.icio.us Context Menu\goto-my-del-icio-us.html, N/A>
[del.icio.us: post]
  <d:\Program Files\del.icio.us Context Menu\post-to-del-icio-us.html, N/A>
[Note this (Google Note&book)]
  <res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.4-1882159324.dll/gn_menu1.html, N/A>
[Note this (Google Notebook)]
  <res://C:\Program Files\Google\Google Notebook\gnotes1.0.2.4-1882159324.dll/gn_menu2.html, N/A>
[使用网际快车下载]
  <D:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <D:\Program Files\FlashGet\jc_all.htm, N/A>
[发到美味书签（del.icio.us）]
  <http://www.ee-studio.com/scripts/post_to_delicious.html, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
正在运行的进程
[PID: 416][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.2.3790.1830 (srv03_sp1_rtm.050324-1447)>
[PID: 464][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 488][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.2.3790.1830 (srv03_sp1_rtm.050324-1447)>
    [C:\WINDOWS\system32\PCANotify.dll]  <Symantec Corporation><11.5.0.121>
[PID: 536][C:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.2.3790.1830 (srv03_sp1_rtm.050324-1447)>
    [C:\WINDOWS\system32\quartz32.dll]  <><4, 0, 0, 0>
[PID: 548][C:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
    [C:\WINDOWS\system32\quartz32.dll]  <><4, 0, 0, 0>
[PID: 732][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.2.3790.1830 (srv03_sp1_rtm.050324-1447)>
[PID: 808][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.2.3790.1830 (srv03_sp1_rtm.050324-1447)>
    [C:\WINDOWS\system32\quartz32.dll]  <><4, 0, 0, 0>
[PID: 852][C:\Program Files\Windows Defender\MsMpEng.exe]  <Microsoft Corporation><1.1.1347.0>
[PID: 912][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.2.3790.1830 (srv03_sp1_rtm.050324-1447)>
[PID: 956][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.2.3790.1830 (srv03_sp1_rtm.050324-1447)>
[PID: 976][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.2.3790.1830 (srv03_sp1_rtm.050324-1447)>
    [C:\WINDOWS\system32\quartz32.dll]  <><4, 0, 0, 0>
[PID: 1136][C:\WINDOWS\system32\spoolsv.exe]  <Microsoft Corporation><5.2.3790.1830 (srv03_sp1_rtm.050324-1447)>
    [C:\WINDOWS\system32\awmon.dll]  <Symantec Corporation><9.2.1>
    [C:\WINDOWS\system32\pxc25pm.dll]  <Tracker Software><2.50.0002>
    [C:\WINDOWS\system32\quartz32.dll]  <><4, 0, 0, 0>
[PID: 1216][C:\WINDOWS\system32\msdtc.exe]  <Microsoft Corporation><2001.12.4720.1830 (srv03_sp1_rtm.050324-1447)>
[PID: 1364][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.2.3790.1830 (srv03_sp1_rtm.050324-1447)>
[PID: 1404][C:\WINDOWS\system32\inetsrv\inetinfo.exe]  <Microsoft Corporation><6.0.3790.1830 (srv03_sp1_rtm.050324-1447)>
[PID: 1420][C:\KV2004\KVSrvXP.exe]  <JiangMin Ltd.><8.0.0.311>
    [C:\KV2004\UpdateX.dll]  <JiangMin Ltd.><8.0.0.309>
    [C:\KV2004\KVEnhD.dll]  <JiangMin Ltd.><8.0.0.311>
    [C:\KV2004\KvSPI.dll]  <JiangMin Ltd.><8.0.0.312>
    [C:\KV2004\KVEnhP.dll]  <JiangMin Ltd.><8.0.0.309>
    [C:\KV2004\KVEnhM.dll]  <JiangMin Ltd.><8.0.0.311>
    [C:\KV2004\KVEnhC.DLL]  <JiangMin Ltd.><8.0.0.311>
    [C:\KV2004\KVEnhO_1.dll]  <JiangMin Ltd.><8.0.0.314>
    [C:\KV2004\KVEnhS.dll]  <JiangMin Ltd.><8.0.0.313>
    [C:\KV2004\KVEnhJ.dll]  <JiangMin Ltd.><8.0.0.311>
    [C:\KV2004\KVExtCab.dll]  <Jiangmin New Tech. Co. Ltd.><8.0.0.309>
    [C:\KV2004\KVExtEml.dll]  <JiangMin Ltd.><8.0.0.312>
    [C:\KV2004\KVExtLZH.dll]  <N/A><N/A>
    [C:\KV2004\KvExtRar.dll]  <Jiangmin New Tech. Co. Ltd.><8.0.0.309>
    [C:\KV2004\KvExtZip.dll]  <JiangMin Ltd.><8.0.0.309>
    [C:\KV2004\KVEnhK.dll]  <JiangMin Ltd.><7, 1, 0, 307>
    [C:\KV2004\KvSpiPS.dll]  <JiangMin Ltd.><8.0.0.309>
    [C:\WINDOWS\system32\quartz32.dll]  <><4, 0, 0, 0>
[PID: 1472][D:\PROGRA~1\MICROS~1\MSSQL\binn\sqlservr.exe]  <Microsoft Corporation><2000.080.0760.00>
    [C:\WINDOWS\system32\quartz32.dll]  <><4, 0, 0, 0>
[PID: 1672][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.2.3790.1830 (srv03_sp1_rtm.050324-1447)>
[PID: 1720][C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe]  <Microsoft Corporation><9.107.8320.0>
[PID: 1796][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.2.3790.1830 (srv03_sp1_rtm.050324-1447)>
[PID: 2028][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.2.3790.1830 (srv03_sp1_rtm.050324-1447)>
[PID: 2256][C:\WINDOWS\system32\wbem\wmiprvse.exe]  <Microsoft Corporation><5.2.3790.1830 (srv03_sp1_rtm.050324-1447)>
[PID: 2504][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.3790.1830 (srv03_sp1_rtm.050324-1447)>
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  <Adobe Systems Incorporated><7.0.7.2006011200>
    [C:\KV2004\KvShell.dll]  <JiangMin Lmt><8.0.0.309>
    [C:\KV2004\UpdateX.dll]  <JiangMin Ltd.><8.0.0.309>
    [C:\KV2004\lang\Kvxp0804.lng]  <N/A><N/A>
    [C:\KV2004\KVComm_1.dll]  <JiangMin Ltd.><8.0.0.312>
    [C:\KV2004\APIImpl.dll]  <JiangMin Ltd.><8.0.0.309>
    [D:\PROGRA~1\FlashGet\jccatch.dll]  <Amaze Soft><1, 1, 4, 0>
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  <Adobe Systems, Inc.><7.0.0.0>
    [C:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
    [D:\Program Files\ICQLite\ICQLiteShell.dll]  <><20, 34, 2423, 0>
    [C:\KV2004\KVMonXP.kxp]  <JiangMin Ltd.><8.0.0.309>
    [C:\KV2004\UpdateX.dll]  <JiangMin Ltd.><8.0.0.309>
    [C:\KV2004\lang\Kvxp0804.lng]  <N/A><N/A>
    [C:\KV2004\GUIExt.dll]  <JiangMin Ltd.><8.0.0.309>
    [C:\KV2004\lang\GUIExt0804.lng]  <JiangMin Ltd.><7, 1, 0, 200>
    [C:\KV2004\KVEnhP.dll]  <JiangMin Ltd.><8.0.0.309>
    [C:\KV2004\KvSpiPS.dll]  <JiangMin Ltd.><8.0.0.309>
[PID: 2628][D:\Program Files\SkyNet\FireWall\pfw.exe]  <天网><2.7.3.1100>
    [D:\Program Files\SkyNet\FireWall\SKYMISC.DLL]  <N/A><N/A>
[PID: 2672][C:\Program Files\Windows Defender\MSASCui.exe]  <Microsoft Corporation><1.1.1347.0>
[PID: 2692][C:\WINDOWS\system32\ctfmon.exe]  <Microsoft Corporation><5.2.3790.1830 (srv03_sp1_rtm.050324-1447)>
[PID: 2936][C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe]  <Microsoft Corporation><2000.080.0760.00>
[PID: 3076][C:\WINDOWS\system32\conime.exe]  <Microsoft Corporation><5.2.3790.1830 (srv03_sp1_rtm.050324-1447)>
[PID: 3100][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.2.3790.1830 (srv03_sp1_rtm.050324-1447)>
[PID: 3572][I:\soft\IE修复工具\sreng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>
    [C:\WINDOWS\system32\quartz32.dll]  <><4, 0, 0, 0>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

【回复“我无邪”的帖子】
当然是在安全模式下操作了，仍然没有删掉，
有人叫我用KillBox或者Unlocker工具强删，
但对于LSP劫持的东西，我不敢强删啊！（警告见风之咏者写的HijackThis说明）

【回复“我无邪”的帖子】
没有用，删不掉