'病毒'一词对我本是即讨厌又心惊的概念,寄托于杀毒软件也是非常无奈,病毒倒是越来越厉害,"瑞星在线杀毒"连杀三天,乱七八糟的电影网站照弹不误,无助. 这几天看了论坛的帖子与教程,确是受益非浅,觉得'病毒'并不神秘;扫了日志文件,看得是懂非懂,只是不敢举妄动.还请大家帮我看看日志文件,都有什么东西,该怎动作.先谢谢大家!!!!
  附日志文件,02项网上查过,大部分都没查到,也不知方法对了没有.




Logfile of HijackThis v1.99.1
Scan saved at 21:32:30, on 2006-10-18
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cjnr4r43217275.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\bsense.exe
C:\windows\system32\_mzu_stonedrv3.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
E:\Program Files\hijackthis\HijackThis.exe

R3 - URLSearchHook: (no name) - {BB936323-19FA-4521-BA29-ECA6A121BC78} - (no file)
O2 - BHO: (no name) - _{00C6482D-C502-44C8-8409-FCE54AD9C208} - (no file)
O2 - BHO: Ad Engine - _{077FD0C3-1291-4104-A356-41E36B252682} - (no file)
O2 - BHO: SohuDAIEHelper - _{0CA51D02-7739-43EA-8D9A-1E8AD4327B03} - (no file)
O2 - BHO: yPhtb - _{33BBE430-0E42-4f12-B075-8D21ACB10DCB} - (no file)
O2 - BHO: Anti Fish - _{38928D50-8A48-44C2-945F-D2F23F771410} - (no file)
O2 - BHO: YDragSearch - _{62EED7C6-9F02-42f9-B634-98E2899E147B} - (no file)
O2 - BHO: (no name) - _{8D139DD1-6BB5-4103-8C89-41560FF2E107} - (no file)
O2 - BHO: (no name) - _{A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: Fav Manager - _{CD8BFE70-5809-4C73-9EEE-E5672C2B79D7} - (no file)
O2 - BHO: SohuDAIEHelper - {0CA51D02-7739-43EA-8D9A-1E8AD4327B03} - C:\Program Files\P4P\sodaie.dll (file missing)
O2 - BHO: Router Layer - {5EB7CB50-E375-4718-B4C0-9AD12EFA2F84} - C:\WINDOWS\System32\aclayer.dll (file missing)
O2 - BHO: (no name) - {8D139DD1-6BB5-4103-8C89-41560FF2E107} - C:\WINDOWS\system32\3721_1.dll (file missing)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] rem C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] rem C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [DocumentInfo] rem C:\WINDOWS\System32\lsvrss.exe
O4 - HKLM\..\Run: [run] rem C:\WINDOWS\System32\rundll32.exe rsrc.dll s
O4 - HKLM\..\Run: [_mzu_stonedrv3] c:\windows\system32\_mzu_stonedrv3.exe
O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [YDTMain.exe] C:\PROGRA~1\YDT\YDTMain.exe
O4 - HKLM\..\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - HKLM\..\RunServices: [_mzu_stonedrv3] c:\windows\system32\_mzu_stonedrv3.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE
O4 - HKCU\..\Run: [_mzu_stonedrv3] c:\windows\system32\_mzu_stonedrv3.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: 导出到 Microsoft Excel(&x) - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - C:\Program Files\浩方对战平台\GameClient.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: _{F917534D-535B-416B-8E8F-0C04756C31A8} - http://download.ourgame.com/IEDown5.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O20 - Winlogon Notify: winsys2freg - C:\Documents and Settings\All Users.WINDOWS\Documents\Settings\winsys2f.dll
O21 - SSODL: ydxHiSWV - {D0EAB543-7A40-1FE9-8635-36F6B20B5D73} - C:\WINDOWS\System32\yapjt.dll
O21 - SSODL: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - C:\WINDOWS\System32\rvrtn.dll
O23 - Service: Print Spooler Service (b1x6ubnzq) - Unknown owner - C:\WINDOWS\System32\cjnr4r43217275.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Groove Installer Service (GrooveInstallerService) - Unknown owner - C:\Program Files\Groove Networks\Groove\Bin\GrooveInstallerService.exe (file missing)

谢谢 秋日里的蓝天!!!
马上动手!!!
再谢!!!

动作受阻,求助!!!
"控制面板－－管理工具－－服务－－查找--Print Spooler Service --启动类型－－设置为已禁止--服务类型－－设置为停止"

我操作:服务类型－－设置为停止,显示"在本地计算机,无法终止Print Spooler Service 服务.
我怎么办?

谢谢“秋日里的蓝天”!!!
我已按你的指导守成操作，但C:\WINDOWS\System32\yapjt.dll未能删除，提示为有程序在用；另有两个要删除项没找到。
请你早点休息！抽时间给我指导！！！
附扫描日志：
2006-10-19,00:51:36

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional  (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>  [Microsoft Corporation]
    <MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background>  [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32>  [Microsoft Corporation]
    <PHIME2002ASync><rem C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [Microsoft Corporation]
    <PHIME2002A><rem C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [Microsoft Corporation]
    <YLive.exe><C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe>  []
    <YDTMain.exe><C:\PROGRA~1\YDT\YDTMain.exe>  []
    <yassistse><"C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe">  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <WinAutoUp><C:\WINDOWS\AutoUp.exe>  []
    <UserInit><usrinit.exe>  []
    <adsnt><C:\WINDOWS\AdsNT.exe>  []
    <AlxInit><C:\WINDOWS\System32\AlxUp.exe>  []
    <wininiti><C:\WINDOWS\System32\bsense.exe>  []
    <Ver><2006.10.10>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [Microsoft Corporation]
    <UIHost><logonui.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{E568441B-9EF3-49F8-9A67-4141AC41ADD4}><C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll>  []
    <{4BAB150F-DD97-476D-9C1E-41B6CDC0CA7A}><C:\PROGRA~1\Yahoo!\ASSIST~1\yclickon.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <ydxHiSWV><C:\WINDOWS\System32\yapjt.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winsys2freg]
    <WinlogonNotify: winsys2freg><C:\Documents and Settings\All Users.WINDOWS\Documents\Settings\winsys2f.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{2C1CD3D7-86AC-4068-93BC-A02304BB2236}><>  []

==================================
启动文件夹
服务
[Print Spooler Service / b1x6ubnzq]
  <C:\WINDOWS\System32\cjnr4r43217275.exe /service><N/A>
[C-DillaSrv / C-DillaSrv]
  <C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE><C-Dilla Ltd>
[Groove Installer Service / GrooveInstallerService]
  <C:\Program Files\Groove Networks\Groove\Bin\GrooveInstallerService.exe><N/A>
[IMAPI CD-Burning COM Service / ImapiService]
  <C:\WINDOWS\System32\imapi.exe><Microsoft Corporation>

==================================
浏览器加载项
[浩方对战平台]
  {0A155D3C-68E2-4215-A47A-E800A446447A} <C:\Program Files\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[FlashGet]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\PROGRA~1\FlashGet\flashget.exe, Amaze Soft>
[情景聊天]
  {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/, N/A>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FlashGet\fgiebar.dll, Amaze Soft>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[导出到 Microsoft Excel(&x)]
  <res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000, N/A>

==================================
正在运行的进程
[PID: 452][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 500][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 524][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
    [C:\Documents and Settings\All Users.WINDOWS\Documents\Settings\winsys2f.dll]  <N/A><N/A>
[PID: 568][C:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 580][C:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 752][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 804][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 996][C:\Program Files\Internet Explorer\iexplore.exe]  <Microsoft Corporation><6.00.2600.0000 (xpclient.010817-1148)>
[PID: 1024][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 1092][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 1184][C:\WINDOWS\system32\spoolsv.exe]  <Microsoft Corporation><5.1.2600.0 (XPClient.010817-1148)>
[PID: 1300][C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE]  <C-Dilla Ltd><3.24.010>
[PID: 1344][C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe]  <Microsoft Corporation><7.00.9064.9150>
[PID: 1400][C:\WINDOWS\System32\wdfmgr.exe]  <Microsoft Corporation><5.2.3790.1230 built by: DNSRV(bld4act)>
[PID: 1740][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.2600.0000 (xpclient.010817-1148)>
    [C:\WINDOWS\System32\yapjt.dll]  <N/A><N/A>
    [C:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
[PID: 1984][C:\WINDOWS\System32\bsense.exe]  <><1, 0, 0, 1>
[PID: 156][C:\WINDOWS\System32\CTFMON.EXE]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 208][C:\Program Files\Messenger\msmsgs.exe]  <Microsoft Corporation><4.0.0155>
[PID: 936][C:\Program Files\Internet Explorer\iexplore.exe]  <Microsoft Corporation><6.00.2600.0000 (xpclient.010817-1148)>
[PID: 1376][C:\WINDOWS\System32\conime.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 1776][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  <Microsoft Corporation><6.00.2600.0000 (xpclient.010817-1148)>
[PID: 1632][E:\Program Files\SRENG2\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

向“秋日里的蓝天”求助!!!!!!!

谢谢：“秋日里的蓝天”!
我已按你的指导完成了一次操作，问题如下：
1。运行SREng2,使用“启动项目”－－注册表－－选中以下的项删除

但： C:\WINDOWS\System32\yapjt.dll删了又有，总删不掉。
2。显示隐藏文件
删除：
但： C:\WINDOWS\System32\bsense.exe
C:\WINDOWS\System32\yapjt.dll
被拒绝删除。
另外：1.C:\WINDOWS\AutoUp.exe搜索不到。好象没有该文件.

2. WinlogonNotify: winsys2freg C:\Documents and Settings\All Users.WINDOWS\Documents\Settings\winsys2f.dll> 被SRENG2蓝色显示。且不能删除。

重启新扫的日志文件:

006-10-19,20:29:37

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional  (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><rem C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><rem C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <YLive.exe><C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe>  [N/A]
    <YDTMain.exe><C:\PROGRA~1\YDT\YDTMain.exe>  [N/A]
    <yassistse><"C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe">  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <UserInit><usrinit.exe>  [N/A]
    <wininiti><C:\WINDOWS\System32\bsense.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <ydxHiSWV><C:\WINDOWS\System32\yapjt.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winsys2freg]
    <WinlogonNotify: winsys2freg><C:\Documents and Settings\All Users.WINDOWS\Documents\Settings\winsys2f.dll>  [N/A]

==================================
启动文件夹
N/A

==================================
服务
[C-DillaSrv / C-DillaSrv]
  <C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE><C-Dilla Ltd>
[Groove Installer Service / GrooveInstallerService]
  <C:\Program Files\Groove Networks\Groove\Bin\GrooveInstallerService.exe><N/A>
[IMAPI CD-Burning COM Service / ImapiService]
  <C:\WINDOWS\System32\imapi.exe><Microsoft Corporation>
[Machine Debug Manager / MDM]
  <"C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"><Microsoft Corporation>

==================================
驱动程序
[00 / 00]
  <\SystemRoot\\SystemRoot\System32\drivers\86614.sys><N/A>
[104590 / 104590]
  <\SystemRoot\System32\drivers\104590.sys><N/A>
[a0 / a0]
  <\SystemRoot\\SystemRoot\System32\drivers\104590.sys><N/A>
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[C-Dilla / C-Dilla]
  <\??\C:\WINDOWS\System32\drivers\CDANT.SYS><Macrovision>
[hardlock / hardlock]
  <\??\C:\WINDOWS\System32\drivers\hardlock.sys><Aladdin Knowledge Systems>
[Haspnt / Haspnt]
  <\??\C:\WINDOWS\System32\drivers\Haspnt.sys><Aladdin Knowledge Systems>
[ECOM EM-56HAMi V92 Data Fax Voice Modem / Intels51]
  <System32\DRIVERS\Intels51.sys><Intel Corporation>
[kmsinput / kmsinput]
  <\??\C:\WINDOWS\System32\drivers\kmsinput.sys><N/A>
[MZU_RK / MZU_RK]
  <\??\C:\WINDOWS\System32\MZU_DRV.sys><N/A>
[npkcrypt / npkcrypt]
  <\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><N/A>
[npkcusb / npkcusb]
  <\??\C:\Program Files\Tencent\QQ\npkcusb.sys><N/A>
[nv4 / nv4]
  <System32\DRIVERS\nv4.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
  <System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv]
  <System32\DRIVERS\secdrv.sys><N/A>

==================================
浏览器加载项
[浩方对战平台]
  {0A155D3C-68E2-4215-A47A-E800A446447A} <C:\Program Files\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[FlashGet]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\PROGRA~1\FlashGet\flashget.exe, Amaze Soft>
[情景聊天]
  {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/, N/A>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FlashGet\fgiebar.dll, Amaze Soft>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[导出到 Microsoft Excel(&x)]
  <res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000, N/A>

==================================
正在运行的进程
[PID: 452][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 500][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 524][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Documents and Settings\All Users.WINDOWS\Documents\Settings\winsys2f.dll]  [N/A, N/A]
[PID: 568][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 580][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 748][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 800][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 988][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
[PID: 1004][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1092][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1184][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[PID: 1304][C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE]  [C-Dilla Ltd, 3.24.010]
[PID: 1344][C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe]  [Microsoft Corporation, 7.00.9064.9150]
[PID: 1392][C:\WINDOWS\System32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: DNSRV(bld4act)]
[PID: 1736][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\yapjt.dll]  [N/A, N/A]
[PID: 1976][C:\WINDOWS\System32\bsense.exe]  [, 1, 0, 0, 1]
[PID: 184][C:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 176][C:\Program Files\Messenger\msmsgs.exe]  [Microsoft Corporation, 4.0.0155]
[PID: 1652][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
[PID: 1724][E:\Program Files\SRENG2\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

向“秋日里的蓝天”求助!!!!!!!