中了严重的病毒强行给我按搜索工具（日志您来看下） bbs.ikaka.com

wsy3147 - 2006-9-6 22:37:00

HijackThis_zww汉化版扫描日志 V1.99.1
保存于 22:26:22, 日期 2006-9-6
操作系统： Windows XP (WinNT 5.01.2600)
浏览器： Internet Explorer v6.00 (6.00.2600.0000)

当前运行的进程：
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\FBNClient\FBNClient\fbnClient.exe
D:\QQ\QQ.exe
D:\QQ\TIMPlatfrom.exe
C:\WINDOWS\SYSTEM32\rundll32.exe
D:\TT\TTraveler.exe
C:\WINDOWS\WINLOGON.EXE
E:\专杀工具\hijackthis\HijackThis1991zww.exe

R3 - URLSearchHook: Micrsoft SearchBar - {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - C:\Program Files\Micrsoft SearchBar\SearchBar.dll
F2 - REG:system.ini: Shell=Explorer.exe 1
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O1 - Hosts: 59.34.197.239 www.baidu.com
O1 - Hosts: 59.34.197.239 baidu.com
O1 - Hosts: 59.34.197.239 www.sohu.com
O1 - Hosts: 59.34.197.239 sohu.com
O1 - Hosts: 59.34.197.239 www.sina.com
O1 - Hosts: 59.34.197.239 sina.com
O1 - Hosts: 59.34.197.239 www.sina.com.cn
O1 - Hosts: 59.34.197.239 sina.com.cn
O1 - Hosts: 59.34.197.239 www.163.com
O1 - Hosts: 59.34.197.239 163.com
O1 - Hosts: 59.34.197.239 www.google.com
O1 - Hosts: 59.34.197.239 google.com
O1 - Hosts: 59.34.197.239 www.qq.com
O1 - Hosts: 59.34.197.239 qq.com
O1 - Hosts: 59.34.197.239 www.hao123.com
O1 - Hosts: 59.34.197.239 hao123.com
O1 - Hosts: 59.34.197.239 ttlttt.com
O1 - Hosts: 59.34.197.239 about:blank
O2 - BHO: MyIEHelper Class - {16B770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_5010.dll
O3 - IE工具栏增项: 宏网超级搜霸 - {A790098E-DA46-472A-B77B-683882F78C0D} - C:\WINDOWS\system32\ZGHWIEBAR.dll
O3 - IE工具栏增项: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
O3 - IE工具栏增项: Micrsoft SearchBar - {6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} - C:\Program Files\Micrsoft SearchBar\SearchBar.dll
O4 - 启动项HKLM\\Run: [Torjan Program] C:\WINDOWS\WINLOGON.EXE
O4 - 启动项HKLM\\Run: [TProgram] C:\WINDOWS\SMSS.EXE
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - 启动项HKLM\\Run: [Tray] C:\WINDOWS\command\rundll32.exe
O4 - 启动项HKLM\\Run: [ms] C:\Program Files\Microsoft\svhost32.exe
O4 - 启动项HKLM\\Run: [NTdhcp] C:\WINDOWS\System32\NTdhcp.exe
O4 - 启动项HKLM\\Run: [ToP] C:\WINDOWS\LSASS.exe
O4 - 启动项HKLM\\Run: [SOUNDM] winsmd.exe
O4 - 启动项HKLM\\Run: [zt] C:\WINDOWS\Intel\rundll32.exe
O4 - 启动项HKLM\\Run: [Internet] C:\WINDOWS\System32\Intercpu.exe
O4 - 启动项HKLM\\Run: [Update] C:\Program Files\Common Files\UPDATE2\Update.exe
O4 - 启动项HKLM\\Run: [winla] c:\winla\winla.exe
O4 - 启动项HKLM\\Run: [Desktop] C:\WINDOWS\System32\rundll32.exe "C:\Program Files\DeskAdTop\Run.dll" ,Rundll
O4 - 启动项HKLM\\Run: [RichMedia] C:\WINDOWS\System32\Rundll32.exe "C:\PROGRA~1\pcast\hbcast.dll",WaitWindows
O4 - 启动项HKLM\\Run: [keyboard] c:\\kybrdff_16.exe
O4 - 启动项HKLM\\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - 启动项HKLM\\Run: [newname] c:\\nwnmff_16.exe
O4 - 启动项HKLM\\RunServices: [Torjan Program] C:\WINDOWS\WINLOGON.EXE
O4 - 启动项HKLM\\RunServices: [TProgram] C:\WINDOWS\SMSS.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SoundMan] C:\WINDOWS\S0UNDMAN.exe
O4 - Global Startup: IE-Bar.lnk = C:\Program Files\Common Files\IE-Bar\iebar.exe
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - F:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - IE右键菜单中的新增项目: &使用迅雷下载全部链接 - F:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - D:\QQ\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 使用KuGoo3下载(&K) - F:\Program Files\KuGoo2\KuGoo3DownX.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - D:\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - D:\QQ\SendMMS.htm
O8 - IE右键菜单中的新增项目: 访问通用网址 - C:\Program Files\CNNIC\Cdn\cnnic.htm
O9 - 浏览器额外的按钮: 酷站导航 - {1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} - C:\Program Files\kuzhan\kuzhan.dll
O9 - 浏览器额外的按钮: 天心传奇，国内在线人数最多的传奇 - {3FAA0E5B-4005-431A-BF61-E03983CC9AA7} - http://www.234567.net/ (file missing)
O9 - 浏览器额外的按钮: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - 浏览器额外的“工具”菜单项: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - 浏览器额外的按钮: 开心溜溜娱乐门户网，电影、音乐、DJ、相声、小品、FLASH等等应有尽有 - {6A3AA123-D3AE-4A24-891A-F1232092A719} - http://www.kx66.com/ (file missing)
O9 - 浏览器额外的按钮: 中文网址导航 - {D1DF4E4F-9137-44B7-8061-5F7B41A9D776} - http://www.234567.com/ (file missing)
O9 - 浏览器额外的按钮: 泡游戏，给你推荐最新最好玩的游戏 - {DE2EDC37-FFAD-4B1F-A4E8-D8ADDD349A36} - http://www.paogame.com/ (file missing)
O9 - 浏览器额外的按钮: 百万图库 - {6713E8D2-850A-101B-AFC0-4210102A8DA7} - http://www.26-3.com/star (file missing) (HKCU)
O9 - 浏览器额外的按钮: 铃声图片下载 - {7713E8D2-850A-101B-AFC0-4210102A8DA7} - http://www.26-3.com/sms/index.htm (file missing) (HKCU)
O10 - 未知的文件在 Winsock LSP: c:\windows\system32\quartz32.dll
O10 - 未知的文件在 Winsock LSP: c:\windows\system32\quartz32.dll
O11 - Options group: [CDNCLIENT] 中文上网
O16 - DPF: {098A3F72-3110-4004-B954-2F9DC44934B4} (AddSHCARoot Control) - https://billing.iyoyo.com.cn/Account/AddSHCARootCert.cab
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AXSafeControls.cab
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} (MabinogiWebAvatarRenderer Class) - http://avatarluoqi.tiancity.com/Modules/mabiweb.cab
O16 - DPF: {A8C3B40D-5384-44AD-ACC4-504B4D8A85F5} (BoBo P2P多媒体网络点播/广播/直播系统 V2) - http://www.17bobo.com/Software/BoBo_ActiveX_V2.ocx
O16 - DPF: {E787FD25-8D7C-4693-AE67-9406BC6E22DF} (CPasswordEditCtrl Object) - https://password.qq.com/download/qqedit.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://ps.itv.mop.com/dn/files/pCastCtl-1.0.0.90-signed.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{117A751F-861E-4EBF-B40C-160DF4B3E985}: NameServer = 219.232.48.61,202.106.127.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{117A751F-861E-4EBF-B40C-160DF4B3E985}: NameServer = 219.232.48.61,202.106.127.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{117A751F-861E-4EBF-B40C-160DF4B3E985}: NameServer = 219.232.48.61,202.106.127.1
O17 - HKLM\System\CS4\Services\Tcpip\..\{117A751F-861E-4EBF-B40C-160DF4B3E985}: NameServer = 219.232.48.61,202.106.127.1
O20 - Winlogon Notify: Setup - C:\WINDOWS\system32\domsvinn.dLL
O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\drquery.dll
O20 - Winlogon Notify: WindowsUpdate - C:\WINDOWS\system32\drquery.dll
O21 - SSODL: DelayRun - {5A6F2F95-3191-433B-8533-EB0B596A7BAC} - C:\WINDOWS\System32\62fdbaa0.dll
O23 - NT 服务: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - NT 服务: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - NT 服务: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

wsy3147 - 2006-9-6 22:47:00

2006-09-06,222914

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (httpwww.KZTechs.com)

Windows XP Professional (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联

启动项目
注册表
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
ctfmon.exeCWINDOWSSystem32ctfmon.exe [Microsoft Corporation]
SoundManCWINDOWSS0UNDMAN.exe [Realtek Semiconductor Corp.]
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun]
{68A2692F-0956-2052-1125-020208190056}CProgram FilesCommon Files{68A2692F-0956-2052-1125-020208190056}Update.exe mc-110-12-0000603 []
[HKEY_CURRENT_USERSoftwareMicrosoftWindows NTCurrentVersionWindows]
load []
run []
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
Torjan ProgramCWINDOWSWINLOGON.EXE [u2cOsIK8q3iTQxAwpD9X]
TProgramCWINDOWSSMSS.EXE [kVSjHGJ7KlHMQRricowU]
TkBellExeCProgram FilesCommon FilesRealUpdate_OBrealsched.exe -osboot [RealNetworks, Inc.]
TrayCWINDOWScommandrundll32.exe []
msCProgram FilesMicrosoftsvhost32.exe []
NTdhcpCWINDOWSSystem32NTdhcp.exe []
ToPCWINDOWSLSASS.exe [mXUlJIL9MnJOR0Stk1ep]
SOUNDMwinsmd.exe []
ztCWINDOWSIntelrundll32.exe []
InternetCWINDOWSSystem32Intercpu.exe []
UpdateCProgram FilesCommon FilesUPDATE2Update.exe []
winlacwinlawinla.exe []
DesktopCWINDOWSSystem32rundll32.exe CProgram FilesDeskAdTopRun.dll ,Rundll []
RichMediaCWINDOWSSystem32Rundll32.exe CPROGRA~1pcasthbcast.dll,WaitWindows [Shanghai Henbang Technology Co., Ltd]
keyboardckybrdff_16.exe [...]
CdnCtrCProgram FilesCNNICCdncdnup.exe []
newnamecnwnmff_16.exe [flkmoijeruq3w748r87uthueytewrywey45]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunServices]
Torjan ProgramCWINDOWSWINLOGON.EXE [u2cOsIK8q3iTQxAwpD9X]
TProgramCWINDOWSSMSS.EXE [kVSjHGJ7KlHMQRricowU]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesExplorerRun]
9CWINDOWSSystem32Ravdm.exe [Microsoft Corporation]
1CWINDOWSsvchost.exe []
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogon]
shellExplorer.exe 1 []
UserinitCWINDOWSSystem32Userinit.exe [Microsoft Corporation]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWindows]
AppInit_DLLs []
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogon]
UIHostlogonui.exe [Microsoft Corporation]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
{32CD708B-60A7-4C00-9377-D73EAA495F0F}CWINDOWSsystem32RavExt.dll [Beijing Rising Technology Co., Ltd.]
{57B86673-276A-48B2-BAE7-C6DBB3020EB8}CProgram Filesewido anti-spyware 4.0shellexecutehook.dll [Anti-Malware Development a.s.]
{6E44887F-5214-41F2-AB46-4728735C4CC6}CProgram FilesInternet ExplorerPLUGINSsystem.sys []
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
DelayRunCWINDOWSSystem3262fdbaa0.dll []
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifySetup]
WinlogonNotify SetupCWINDOWSsystem32domsvinn.dLL []
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyTelephony]
WinlogonNotify TelephonyCWINDOWSsystem32drquery.dll []
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWindowsUpdate]
WinlogonNotify WindowsUpdateCWINDOWSsystem32drquery.dll []

==================================
启动文件夹
[IE-Bar]
CDocuments and SettingsAll Users「开始」菜单程序启动IE-Bar.lnkN

==================================
服务
[Ati HotKey Poller Ati HotKey Poller]
CWINDOWSSystem32Ati2evxx.exeATI Technologies Inc.
[ATI Smart ATI Smart]
CWINDOWSsystem32ati2sgag.exe
[ewido anti-spyware 4.0 guard ewido anti-spyware 4.0 guard]
CProgram Filesewido anti-spyware 4.0guard.exeAnti-Malware Development a.s.
[IMAPI CD-Burning COM Service ImapiService]
CWINDOWSSystem32imapi.exeMicrosoft Corporation
[Rising Process Communication Center RsCCenter]
DProgram FilesRisingRavCCenter.exeNA
[RsRavMon Service RsRavMon]
CProgram FilesRisingRavRavmond.exeBeijing Rising Technology Co., Ltd.
[Transac Transactionnocn]
CWINDOWSsytup.cnNA

wsy3147 - 2006-9-6 22:47:00

==================================
浏览器加载项
[MyIEHelper Class]
{16B770A0-0E87-4278-B748-2460D64A8386} CDocuments and SettingsAll UsersApplication DataMicrosoftIEHelperIEHelper_5010.dll, Microsoft Corporation
[QuickBtn]
{1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} CProgram Fileskuzhankuzhan.dll, Fengcent
[天心传奇，国内在线人数最多的传奇]
{3FAA0E5B-4005-431A-BF61-E03983CC9AA7} httpwww.234567.net, NA
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} CPROGRA~1CNNICCdncdnforie.dll, CNNIC
[开心溜溜娱乐门户网，电影、音乐、DJ、相声、小品、FLASH等等应有尽有]
{6A3AA123-D3AE-4A24-891A-F1232092A719} httpwww.kx66.com, NA
[中文网址导航]
{D1DF4E4F-9137-44B7-8061-5F7B41A9D776} httpwww.234567.com, NA
[泡游戏，给你推荐最新最好玩的游戏]
{DE2EDC37-FFAD-4B1F-A4E8-D8ADDD349A36} httpwww.paogame.com, NA
[百万图库]
{6713E8D2-850A-101B-AFC0-4210102A8DA7} httpwww.26-3.comstar, NA
[铃声图片下载]
{7713E8D2-850A-101B-AFC0-4210102A8DA7} httpwww.26-3.comsmsindex.htm, NA
[宏网超级搜霸]
{A790098E-DA46-472A-B77B-683882F78C0D} CWINDOWSsystem32ZGHWIEBAR.dll, 中国宏网
[ToolBar888]
{CBCC61FA-0221-4ccc-B409-CEE865CACA3A} CProgram FilesToolBar888MyToolBar.dll, NA
[Micrsoft SearchBar]
{6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} CProgram FilesMicrsoft SearchBarSearchBar.dll, IE Toolbar
[AddSHCARoot Control]
{098A3F72-3110-4004-B954-2F9DC44934B4} CWINDOWSDOWNLO~1ADDCAR~1.OCX, SHECA
[AxInputControl Class]
{73E4740C-08EB-4133-896B-8D0A7C9EE3CD} CWINDOWSDOWNLO~1INPUTC~1.DLL,
[MabinogiWebAvatarRenderer Class]
{7623BE59-D4CF-4379-ABC4-B39E11854D66} CWINDOWSDownloaded Program Filesmabiwebframe.dll, devcat
[BoBo P2P多媒体网络点播广播直播系统 V2]
{A8C3B40D-5384-44AD-ACC4-504B4D8A85F5} CWINDOWSDOWNLO~1BOBO_A~1.OCX, 广州易播信息科技有限公司
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} CWINDOWSSystem32MacromedFlashFlash9.ocx, Adobe Systems, Inc.
[CPasswordEditCtrl Object]
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} CWINDOWSSystem32qqeditqqedit.dll, 腾讯科技（深圳）有限公司
[pCastPanel Class]
{FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} CWINDOWSDownloaded Program FilesCONFLICT.1pCastCtl.dll,
[&使用迅雷下载]
FProgram FilesThunder NetworkThunderProgramGetUrl.htm, NA
[&使用迅雷下载全部链接]
FProgram FilesThunder NetworkThunderProgramGetAllUrl.htm, NA
[上传到QQ网络硬盘]
DQQAddToNetDisk.htm, NA
[使用KuGoo3下载(&K)]
FProgram FilesKuGoo2KuGoo3DownX.htm, NA
[添加到QQ自定义面板]
DQQAddPanel.htm, NA
[添加到QQ表情]
DQQAddEmotion.htm, NA
[用QQ彩信发送该图片]
DQQSendMMS.htm, NA
[访问通用网址]
CProgram FilesCNNICCdncnnic.htm, NA

==================================
正在运行的进程
[PID 1452][CWINDOWSExplorer.exe] Microsoft Corporation6.00.2600.0000 (xpclient.010817-1148)
[CProgram FilesDeskbardeskbar.dll] Deskbar1, 0, 0, 272
[CWINDOWSsystem32okbc32gt.dll] NANA
[CWINDOWSsystem32RavExt.dll] Beijing Rising Technology Co., Ltd.18, 0, 0, 21
[CProgram Filesewido anti-spyware 4.0shellexecutehook.dll] Anti-Malware Development a.s.4, 0, 0, 172
[CProgram FilesInternet ExplorerPLUGINSsystem.sys] NANA
[CWINDOWSSystem32quartz32.dll] 4, 1, 0, 0
[CWINDOWSSystem32cn_spiEx.dll] NANA
[PID 1604][CWINDOWSSystem32ctfmon.exe] Microsoft Corporation5.1.2600.0 (xpclient.010817-1148)
[CProgram FilesInternet ExplorerPLUGINSsystem.sys] NANA
[PID 1676][CProgram FilesFBNClientFBNClientfbnClient.exe] NANA
[CWINDOWSSystem32qtintf70.dll] Borland Software Corporation7.0.4.258
[CProgram FilesInternet ExplorerPLUGINSsystem.sys] NANA
[CWINDOWSSystem32quartz32.dll] 4, 1, 0, 0
[CWINDOWSsystem32RavExt.dll] Beijing Rising Technology Co., Ltd.18, 0, 0, 21
[CProgram Filesewido anti-spyware 4.0shellexecutehook.dll] Anti-Malware Development a.s.4, 0, 0, 172
[PID 1848][DQQQQ.exe] TENCENT14, 45, 0, 110
[DQQQQBaseClassInDll.dll] 1, 0, 0, 1
[DQQQQHelperDll.dll] 1, 0, 0, 1
[DQQBasicCtrlDll.dll] Tencent0, 3, 3, 6
[CProgram FilesInternet ExplorerPLUGINSsystem.sys] NANA
[DQQLoginCtrl.dll] 1, 0, 0, 1
[DQQQQAPI.dll] 1, 0, 0, 1
[DQQTIMProxy.dll] tencent0, 3, 2, 4
[DQQQQRes.dll] tencent1, 0, 0, 1
[DQQQQMainFrame.dll] NANA
[DQQCQQApplication.dll] NANA
[DQQNewSkin.dll] 1, 0, 0, 1
[DQQHostingMgr.dll] 1, 0, 0, 1
[DQQMailSummary.dll] 1, 0, 0, 1
[DQQQQSpace.dll] 1, 0, 0, 1
[CWINDOWSSystem32msdmo.dll] NANA
[DQQQQSysMsgMng.dll] NANA
[DQQQQConfigPlugin.dll] 1, 0, 0, 1
[DQQQQAllInOne.dll] NANA
[DQQCameraDll.dll] 1, 0, 0, 1
[DQQSCCore.dll] NANA
[DQQQQCustomFace.dll] NANA
[DQQUserDefinedHead.dll] 1, 0, 0, 1
[DQQQQPet.dll] 1, 0, 0, 1
[CWINDOWSSystem32quartz32.dll] 4, 1, 0, 0
[DQQQRingMng.dll] NANA
[DQQPhoneAPI.dll] 1, 0, 0, 1
[DQQDialerAllinOne.dll] tencent1, 4, 0, 0
[DQQFlashAvatarDll.dll] 1, 4, 0, 1
[CWINDOWSSystem32MacromedFlashFlash9.ocx] Adobe Systems, Inc.9,0,16,0
[DQQQQMagicFace.dll] 1, 0, 0, 1
[DQQQQAvatar.dll] NANA
[DQQQQSceneMng.dll] NANA
[DQQLongConnection.dll] tencent0, 3, 3, 8
[DQQImageOle.dll] TODO Company name1.0.0.1
[DQQQQPlugin.dll] NANA
[DQQBQQApplication.dll] NANA
[CWINDOWSsystem32RavExt.dll] Beijing Rising Technology Co., Ltd.18, 0, 0, 21
[CProgram Filesewido anti-spyware 4.0shellexecutehook.dll] Anti-Malware Development a.s.4, 0, 0, 172
[DQQCommercesMng.dll] 1, 0, 0, 1
[DQQPersonalDesktop.dll] 深圳市腾讯计算机系统公司QQ工作小组1, 0, 0, 2
[DQQQQAddr.dll] 深圳市腾讯计算机系统有限公司4, 0, 200, 32
[DQQnpkcntc.dll] INCA Internet Co., Ltd.2005, 9, 1, 1
[DQQnpkpdb.dll] INCA Internet Co., Ltd.2003, 10, 1, 1
[DQQQQPhoneHelper.dll] 腾讯科技（深圳）有限公司2, 0, 6, 60
[CWINDOWSSystem32cn_spiEx.dll] NANA
[PID 1884][DQQTIMPlatfrom.exe] tencent0, 3, 1, 8
[CProgram FilesInternet ExplorerPLUGINSsystem.sys] NANA
[DQQTIMProxy.dll] tencent0, 3, 2, 4
[PID 1168][DTTTTraveler.exe] 腾讯公司3.0.0.246
[CProgram FilesInternet ExplorerPLUGINSsystem.sys] NANA
[DTTPluginsQQFloatBarQQFloatBar4TT2.dll] 腾讯公司1, 1, 0, 5
[DTTPluginsTWeatherTWeather.dll] 1, 0, 0, 3
[DTTPersonalDesktop.dll] 深圳市腾讯计算机系统公司QQ工作小组1, 0, 0, 4
[CWINDOWSSystem32quartz32.dll] 4, 1, 0, 0
[CWINDOWSSystem32MacromedFlashFlash9.ocx] Adobe Systems, Inc.9,0,16,0
[CWINDOWSSystem32cn_spiEx.dll] NANA
[PID 1148][CDOCUME~1WSY~1LOCALS~1Tempoprar.exe] WHITEHOUSE1.0.3.1
[CDOCUME~1WSY~1LOCALS~1Tempd5s.dll] Microsoft Corporation5.00.1764.1
[CWINDOWSSystem32cn_spiEx.dll] NANA
[CProgram FilesInternet ExplorerPLUGINSsystem.sys] NANA
[CDOCUME~1WSY~1LOCALS~1Temppacket.dll] CACE Technologies3, 1, 0, 27
[CDOCUME~1WSY~1LOCALS~1TempWanPacket.dll] CACE Technologies3, 1, 0, 27
[PID 1916][CWINDOWSSystem32conime.exe] Microsoft Corporation5.1.2600.0 (xpclient.010817-1148)
[PID 668][E专杀工具sreng2SREng2SREng.exe] Smallfrogs Studio2.0.21.505
[CWINDOWSSystem32cn_spiEx.dll] NANA
[CProgram FilesInternet ExplorerPLUGINSsystem.sys] NANA
[PID 1992][CWINDOWSWINLOGON.EXE] u2cOsIK8q3iTQxAwpD9X0.00.0102
[CWINDOWSSystem32cn_spiEx.dll] NANA
[CProgram FilesInternet ExplorerPLUGINSsystem.sys] NANA

==================================
文件关联
.TXT OK. [%SystemRoot%system32NOTEPAD.EXE %1]
.EXE Error. [winfiles]
.COM OK. [%1 %]
.PIF OK. [%1 %]
.REG OK. [regedit.exe %1]
.BAT OK. [%1 %]
.SCR OK. [%1 S]
.CHM OK. [CWINDOWShh.exe %1]
.HLP OK. [%SystemRoot%system32winhlp32.exe %1]
.INI OK. [%SystemRoot%system32NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%system32NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%System32WScript.exe %1 %]
.JS OK. [%SystemRoot%System32WScript.exe %1 %]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

瑞星卡卡安全论坛