【求助】可恶的病毒（附扫描日志）还有问题！ bbs.ikaka.com

宝宝心情 - 2006-10-20 15:55:00

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows Server 2003 Enterprise Edition (Build 3790)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
<MsnMsgr><"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background> [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<SoundMan><SOUNDMAN.EXE> [Realtek Semiconductor Corp.]
<IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [(Verified)Microsoft Corporation]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<CnsMin><Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32> [北京三七二一科技有限公司]
<helper.dll><C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32> []
<Torjan Program><C:\WINDOWS\WINLOGON.EXE> [lFVjBhx2wUsWKHo8Rznh]
<Desktop><C:\WINDOWS\system32\rundll32.exe "C:\Program Files\DeskAdTop\Run.dll" ,Rundll> [N/A]
<-164323><C:\WINDOWS\system32\-164323.exe> [N/A]
<ccApp><"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"> [(Verified)Symantec Corporation]
<vptray><C:\PROGRA~1\SYMANT~1\VPTray.exe> [(Verified)Symantec Corporation]
<-736985><C:\WINDOWS\system32\-736985.exe> [N/A]
<Update><C:\Program Files\Common Files\updat\Update.exe> [N/A]
<UpdateRun><C:\Program Files\Common Files\updat\Update.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<Expand String Value><Rundll32 wmpel.dll,EnterPoint> [TODO: <公司名>]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe 1> [N/A]
<Userinit><C:\WINDOWS\system32\userinit.exe,,C:\WINDOWS\system32\internst.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><LogonUI.EXE> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{D157330A-9EF3-49F8-9A67-4141AC41ADD4}><C:\WINDOWS\DOWNLO~1\cnshook.dll> [北京三七二一科技有限公司]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<webwork><C:\WINDOWS\webwork\webwork.dll> [MSWebwork Cop.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
<WinlogonNotify: NavLogon><C:\WINDOWS\system32\NavLogon.dll> [(Verified)Symantec Corporation]

==================================
启动文件夹
N/A

==================================
服务
[Adobe LM Service / Adobe LM Service]
<"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[Apache2 / Apache2]
<"C:\Apache2.2\bin\httpd.exe" -k runservice><Apache Software Foundation>
[Symantec Event Manager / ccEvtMgr]
<"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"><Symantec Corporation>
[Symantec Password Validation / ccPwdSvc]
<"C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"><Symantec Corporation>
[Symantec Settings Manager / ccSetMgr]
<"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"><Symantec Corporation>
[Routing Protect Access / DATEING]
<C:\WINDOWS\SYSTEM32\RUNDLL.EXE C:\WINDOWS\SYSTEM32\WBEM\ULVUWM41.DLL,Export 1087><Microsoft Corporation>
[Symantec AntiVirus Definition Watcher / DefWatch]
<"C:\Program Files\Symantec AntiVirus\DefWatch.exe"><Symantec Corporation>
[Human Interface Device Access / HidServ]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[IPRIP / IPRIP]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\WindowsRem.dll><TODO: <公司名>>
[Event Service / License]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\ipqdie18.dll><Microsoft Corporation>
[Microsoft Search / MSSEARCH]
<"C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe"><Microsoft Corporation>
[MSSQLSERVER / MSSQLSERVER]
<C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlservr.exe><Microsoft Corporation>
[MSSQLServerADHelper / MSSQLServerADHelper]
<C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe><Microsoft Corporation>
[MySql / MySql]
<C:\mysql\bin\mysqld-nt.exe><N/A>
[SavRoam / SavRoam]
<"C:\Program Files\Symantec AntiVirus\SavRoam.exe"><symantec>
[Symantec Network Drivers Service / SNDSrvc]
<"C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"><Symantec Corporation>
[Symantec SPBBCSvc / SPBBCSvc]
<"C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"><Symantec Corporation>
[SQLSERVERAGENT / SQLSERVERAGENT]
<C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlagent.exe><Microsoft Corporation>
[Standard Update Net Service / stdupnet]
<C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\stdupnet.dll,Service -s><Microsoft Corporation>
[Symantec AntiVirus / Symantec AntiVirus]
<"C:\Program Files\Symantec AntiVirus\Rtvscan.exe"><Symantec Corporation>
[Aication / tographicServices]
<C:\Program Files\Common Files\Microsoft Shared\MSInfo\svchsot.exe><TENCENT>
[Windows / Windows]
<C:\WINDOWS\Windows.exe><N/A>

==================================
驱动程序
[00 / 00]
<\SystemRoot\\SystemRoot\System32\drivers\113812.sys><N/A>
[90703 / 90703]
<\SystemRoot\System32\drivers\90703.sys><N/A>
[Albus / Albus]
<\SystemRoot\system32\drivers\Albus.SYS><N/A>
[Service for WDM 3D Audio Driver / ALCXSENS]
<system32\drivers\ALCXSENS.SYS><Sensaura Ltd>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[c160640 / c160640]
<\SystemRoot\System32\drivers\c160640.sys><N/A>
[cdawdm / cdawdm]
<system32\DRIVERS\CDAWDM.sys><N/A>
[CnsMinKP / CnsMinKP]
<\SystemRoot\system32\drivers\CnsMinKP.sys><Copyright (C) 3721 Corporation.>
[Symantec Eraser Control driver / eeCtrl]
<\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys><Symantec Corporation>
[EraserUtilRebootDrv / EraserUtilRebootDrv]
<\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys><N/A>
[VIA Rhine Family Fast Ethernet Adapter Driver / FETNDIS]
<system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[giveio / giveio]
<\SystemRoot\system32\giveio.sys><N/A>
[IP in IP Tunnel Driver / IpInIp]
<system32\DRIVERS\ipinip.sys><N/A>
[NAVENG / NAVENG]
<\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061019.066\naveng.sys><Symantec Corporation>
[NAVEX15 / NAVEX15]
<\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061019.066\navex15.sys><Symantec Corporation>
[npkcrypt / npkcrypt]
<\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[Direct Parallel Link Driver / Ptilink]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[S3SavageNB / S3SavageNB]
<system32\DRIVERS\s3gnbm.sys><S3 Graphics, Inc.>
[SAVRT / SAVRT]
<\??\C:\Program Files\Symantec AntiVirus\savrt.sys><Symantec Corporation>
[SAVRTPEL / SAVRTPEL]
<\??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys><Symantec Corporation>
[Secdrv / Secdrv]
<system32\DRIVERS\secdrv.sys><N/A>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1]
<system32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[SPBBCDrv / SPBBCDrv]
<\??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys><Symantec Corporation>
[speedfan / speedfan]
<\SystemRoot\system32\speedfan.sys><N/A>
[SymEvent / SymEvent]
<\??\C:\Program Files\Symantec\SYMEVENT.SYS><Symantec Corporation>
[SYMREDRV / SYMREDRV]
<\SystemRoot\System32\Drivers\SYMREDRV.SYS><Symantec Corporation>
[SYMTDI / SYMTDI]
<\SystemRoot\System32\Drivers\SYMTDI.SYS><Symantec Corporation>
[ViaIde / ViaIde]
<\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>

==================================
浏览器加载项
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Vision]
{6671A431-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\mmsass~1.dll, N/A>
[NTIECatcher Class]
{C56CB6B0-0D96-11D6-8C65-B2868B609932} <C:\Program Files\Xi\Net Transport\NTIEHelper.dll, Xi>
[CnsHook Class]
{D157330A-9EF3-49F8-9A67-4141AC41ADD4} <C:\WINDOWS\DOWNLO~1\cnshook.dll, 北京三七二一科技有限公司>
[]
{1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} <C:\Program Files\coolsign\coolsign.dll, Fengcent>
[Yahoo 3.5G电邮]
{507F9113-CD77-4866-BA92-0E86DA3D0B97} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail, N/A>
[名品折扣]
{59BC54A2-56B3-44a0-93E5-432D58746E26} <http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=http://www.taobao.com/vertical/mall/pro.php?allyesPara=816, N/A>
[雅虎助手]
{5D73EE86-05F1-49ed-B850-E423120EC338} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist, N/A>
[雅虎WIDGET]
{6354ABE6-05F1-49ed-B850-E423120EC338} <http://cn.widget.yahoo.com/index.htm?source=Cns, N/A>
[信息检索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[金山词霸]
{9A687CA6-D585-4947-9ED9-BE96071F5CD9} <C:\PROGRA~1\Kingsoft\POWERW~1\XDictExB.dll, 金山软件股份有限公司>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[情景聊天]
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg, N/A>
[]
{ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair, N/A>
[]
{FD00D911-7529-4084-9946-A29F1BDF4FE5} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean, N/A>
[@msdxmLC.dll,-1@2052,电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[上传到QQ网络硬盘]
<C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[使用影音传送带下载]
<C:\PROGRA~1\Xi\NETTRA~1\NTAddLink.html, N/A>
[使用影音传送带下载全部链接]
<C:\PROGRA~1\Xi\NETTRA~1\NTAddList.html, N/A>
[添加到QQ自定义面板]
<C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

宝宝心情 - 2006-10-20 15:58:00

==================================
正在运行的进程
[PID: 380][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 428][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 452][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[C:\WINDOWS\system32\NavLogon.dll] [Symantec Corporation, 10.0.0.359]
[PID: 496][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 508][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 700][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 736][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 840][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[c:\windows\system32\windowsrem.dll] [TODO: <公司名>, 1.0.0.1]
[PID: 920][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 936][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 1072][C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe] [Symantec Corporation, 103.5.1.9]
[C:\Program Files\Common Files\Symantec Shared\ccL35.dll] [Symantec Corporation, 103.5.1.9]
[C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 103.5.1.9]
[C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll] [Symantec Corporation, 103.5.1.9]
[PID: 1092][C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe] [Symantec Corporation, 103.5.1.9]
[C:\Program Files\Common Files\Symantec Shared\ccL35.dll] [Symantec Corporation, 103.5.1.9]
[C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 103.5.1.9]
[C:\PROGRA~1\COMMON~1\SYMANT~1\SPBBC\BB.DLL] [Symantec Corporation, 1,5,1,3]
[C:\PROGRA~1\COMMON~1\SYMANT~1\SPBBC\SPBBCEVT.DLL] [Symantec Corporation, 1,5,1,3]
[C:\Program Files\Common Files\Symantec Shared\ccSet.dll] [Symantec Corporation, 103.5.1.9]
[C:\PROGRA~1\COMMON~1\SYMANT~1\CCSETEVT.DLL] [Symantec Corporation, 103.5.1.9]
[PID: 1456][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 1512][C:\WINDOWS\system32\msdtc.exe] [Microsoft Corporation, 2001.12.4720.0 (srv03_rtm.030324-2048)]
[PID: 1628][C:\WINDOWS\SYSTEM32\RUNDLL.EXE] [Microsoft Corporation, 5.00.2134.1]
[PID: 1656][C:\Program Files\Symantec AntiVirus\DefWatch.exe] [Symantec Corporation, 10.0.0.359]
[C:\WINDOWS\WindowsKey.DLL] [N/A, N/A]
[C:\Program Files\Common Files\Microsoft Shared\MSInfo\svchsotKey.DLL] [N/A, N/A]
[C:\WINDOWS\system32\stdstub.dll] [MS Stdup, 1, 0, 0, 4]
[C:\WINDOWS\system32\stdplay.dll] [ , 1, 0, 0, 5]
[PID: 1672][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 1716][C:\WINDOWS\system32\inetsrv\inetinfo.exe] [Microsoft Corporation, 6.0.3790.0 (srv03_rtm.030324-2048)]
[PID: 2016][C:\mysql\bin\mysqld-nt.exe] [N/A, N/A]
[PID: 2044][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 188][C:\WINDOWS\system32\rundll32.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[C:\WINDOWS\system32\stdupnet.dll] [ , 4, 1, 0, 3]
[C:\WINDOWS\system32\albus.dll] [Albus, 1, 0, 0, 3]
[C:\WINDOWS\system32\stdstub.dll] [MS Stdup, 1, 0, 0, 4]
[C:\WINDOWS\system32\stdplay.dll] [ , 1, 0, 0, 5]
[C:\WINDOWS\system32\stdvote.dll] [ , 1, 0, 0, 5]
[C:\Program Files\Common Files\Microsoft Shared\MSInfo\svchsotKey.DLL] [N/A, N/A]
[C:\WINDOWS\WindowsKey.DLL] [N/A, N/A]
[PID: 308][C:\Program Files\Symantec AntiVirus\Rtvscan.exe] [Symantec Corporation, 10.0.0.359]
[C:\WINDOWS\system32\CBA.DLL] [Intel? Corporation, 6.12.0.130 E]
[C:\WINDOWS\system32\MsgSys.dll] [Intel? Corporation, 6.12.0.130 E]
[C:\WINDOWS\system32\NTS.dll] [Intel? Corporation, 6.12.0.130 E]
[C:\WINDOWS\system32\PDS.DLL] [Intel? Corporation, 6.12.0.130 E]
[C:\Program Files\Symantec AntiVirus\NAVLU.dll] [Symantec Corporation, 10.0.0.359]
[C:\Program Files\Symantec AntiVirus\NAVNTUTL.DLL] [Symantec Corporation, 10.0.0.359]
[c:\program files\common files\symantec shared\ssc\ScsComms.dll] [Symantec Corporation, 10.0.0.359]
[C:\Program Files\Symantec AntiVirus\I2ldvp3.dll] [Symantec Corporation, 10.0.0.359]
[C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 103.5.1.9]
[C:\Program Files\Common Files\Symantec Shared\ccL35.dll] [Symantec Corporation, 103.5.1.9]
[C:\Program Files\Common Files\Symantec Shared\ccDec.dll] [Symantec Corporation, 103.5.1.9]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\decsdk.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ID.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Zip.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2SS.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2GZIP.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2CAB.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LHA.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ARJ.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TNEF.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LZ.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2AMG.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RAR.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TAR.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RTF.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Text.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Common Files\Symantec Shared\ccScan.dll] [Symantec Corporation, 103.5.1.9]
[C:\Program Files\Common Files\Symantec Shared\ecmldr32.DLL] [Symantec Corporation, 1.4.0.11]
[C:\Program Files\Symantec AntiVirus\DefUtDCD.dll] [Symantec Corporation, 3.1.13a.0]
[C:\Program Files\Symantec AntiVirus\SAVRT32.DLL] [Symantec Corporation, 9.5.0.44]
[C:\Program Files\Symantec AntiVirus\IMail.dll] [Symantec Corporation, 10.0.0.359]
[C:\WINDOWS\WindowsKey.DLL] [N/A, N/A]
[C:\Program Files\Symantec AntiVirus\NotesExt.dll] [Symantec Corporation, 10.0.0.359]
[C:\Program Files\Symantec AntiVirus\vpmsece3.dll] [Symantec Corporation, 10.0.0.359]
[C:\Program Files\Symantec AntiVirus\SymProtectStorage.dll] [Symantec Corporation, 10.0.0.359]
[C:\Program Files\Common Files\Microsoft Shared\MSInfo\svchsotKey.DLL] [N/A, N/A]
[C:\WINDOWS\system32\stdstub.dll] [MS Stdup, 1, 0, 0, 4]
[C:\WINDOWS\system32\stdplay.dll] [ , 1, 0, 0, 5]
[C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCEvt.dll] [Symantec Corporation, 1,5,1,3]
[C:\Program Files\Common Files\Symantec Shared\SSC\scandlgs.dll] [Symantec Corporation, 10.0.0.359]
[C:\Program Files\Symantec AntiVirus\Cliscan.dll] [Symantec Corporation, 10.0.0.359]
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061019.066\ccEraser.dll] [Symantec Corporation, 106.3.0.29]
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061019.066\ecmsvr32.dll] [Symantec Corporation, 61.3.0.18]
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061019.066\NAVEX32a.DLL] [Symantec Corporation, 20061.3.0.12]
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061019.066\NAVENG32.DLL] [Symantec Corporation, 20061.3.0.12]
[C:\Program Files\Symantec AntiVirus\NAVAP32.DLL] [Symantec Corporation, 9.5.0.44]
[PID: 908][C:\WINDOWS\system32\Dfssvc.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 648][C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe] [Microsoft Corporation, 9.107.5512.0]
[PID: 1236][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 2132][C:\WINDOWS\Explorer.exe] [Microsoft Corporation, 6.00.3790.0 (srv03_rtm.030324-2048)]

宝宝心情 - 2006-10-20 15:59:00

[C:\WINDOWS\WindowsKey.DLL] [N/A, N/A]
[C:\Program Files\Common Files\Microsoft Shared\MSInfo\svchsotKey.DLL] [N/A, N/A]
[C:\WINDOWS\system32\stdstub.dll] [MS Stdup, 1, 0, 0, 4]
[C:\WINDOWS\system32\stdplay.dll] [ , 1, 0, 0, 5]
[C:\WINDOWS\DOWNLO~1\cnshook.dll] [北京三七二一科技有限公司, 1, 0, 4, 1]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 3, 9]
[C:\WINDOWS\webwork\webwork.nls] [MSWebwork Cop., 1, 0, 0, 1]
[C:\WINDOWS\system32\Wmwebpl.dll] [TODO: <公司名>, 1.0.0.1]
[C:\PROGRA~1\3721\helper.dll] [, 1, 1, 0, 1325]
[C:\PROGRA~1\3721\alrex.dll] [, 1, 0, 1, 1001]
[C:\PROGRA~1\3721\autolive.dll] [, 1, 1, 7, 1326]
[C:\PROGRA~1\3721\alLiveEx.dll] [ , 1, 0, 3, 1006]
[C:\WINDOWS\system32\msdmo.dll] [N/A, N/A]
[PID: 2200][C:\WINDOWS\system32\Rundll32.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 3, 9]
[C:\WINDOWS\WindowsKey.DLL] [N/A, N/A]
[C:\Program Files\Common Files\Microsoft Shared\MSInfo\svchsotKey.DLL] [N/A, N/A]
[C:\WINDOWS\system32\stdstub.dll] [MS Stdup, 1, 0, 0, 4]
[C:\WINDOWS\system32\stdplay.dll] [ , 1, 0, 0, 5]
[C:\WINDOWS\DOWNLO~1\CnsMinIO.dll] [北京三七二一科技有限公司, 1, 0, 3, 6]
[C:\WINDOWS\DOWNLO~1\cnsio.dll] [北京三七二一科技有限公司, 1, 0, 2, 7]
[PID: 2288][C:\WINDOWS\WINLOGON.EXE] [lFVjBhx2wUsWKHo8Rznh, 0.00.0118]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 3, 9]
[C:\WINDOWS\WindowsKey.DLL] [N/A, N/A]
[C:\Program Files\Common Files\Microsoft Shared\MSInfo\svchsotKey.DLL] [N/A, N/A]
[C:\WINDOWS\system32\stdstub.dll] [MS Stdup, 1, 0, 0, 4]
[C:\WINDOWS\system32\stdplay.dll] [ , 1, 0, 0, 5]
[PID: 2644][C:\WINDOWS\system32\wbem\wmiprvse.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 2724][C:\WINDOWS\SOUNDMAN.EXE] [Realtek Semiconductor Corp., 5.1.11]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 3, 9]
[C:\WINDOWS\WindowsKey.DLL] [N/A, N/A]
[C:\Program Files\Common Files\Microsoft Shared\MSInfo\svchsotKey.DLL] [N/A, N/A]
[C:\WINDOWS\system32\stdstub.dll] [MS Stdup, 1, 0, 0, 4]
[C:\WINDOWS\system32\stdplay.dll] [ , 1, 0, 0, 5]
[PID: 2800][C:\WINDOWS\ClickServices.exe] [Microsoft Corporation, 1.01.0035]
[C:\WINDOWS\WindowsKey.DLL] [N/A, N/A]
[C:\Program Files\Common Files\Microsoft Shared\MSInfo\svchsotKey.DLL] [N/A, N/A]
[C:\WINDOWS\system32\stdstub.dll] [MS Stdup, 1, 0, 0, 4]
[C:\WINDOWS\system32\stdplay.dll] [ , 1, 0, 0, 5]
[PID: 2892][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3018]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 3, 9]
[C:\WINDOWS\WindowsKey.DLL] [N/A, N/A]
[C:\Program Files\Common Files\Microsoft Shared\MSInfo\svchsotKey.DLL] [N/A, N/A]
[C:\WINDOWS\system32\stdstub.dll] [MS Stdup, 1, 0, 0, 4]
[C:\WINDOWS\system32\stdplay.dll] [ , 1, 0, 0, 5]
[C:\PROGRA~1\3721\helper.dll] [, 1, 1, 0, 1325]
[PID: 2916][C:\WINDOWS\system32\rundll32.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[C:\PROGRA~1\3721\helper.dll] [, 1, 1, 0, 1325]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 3, 9]
[C:\WINDOWS\WindowsKey.DLL] [N/A, N/A]
[C:\Program Files\Common Files\Microsoft Shared\MSInfo\svchsotKey.DLL] [N/A, N/A]
[C:\WINDOWS\system32\stdstub.dll] [MS Stdup, 1, 0, 0, 4]
[C:\WINDOWS\system32\stdplay.dll] [ , 1, 0, 0, 5]
[C:\PROGRA~1\3721\autolive.dll] [, 1, 1, 7, 1326]
[C:\PROGRA~1\3721\notifier.dll] [, 1, 0, 0, 5]
[C:\PROGRA~1\3721\alLiveEx.dll] [ , 1, 0, 3, 1006]
[PID: 2956][C:\Program Files\Common Files\Symantec Shared\ccApp.exe] [Symantec Corporation, 103.5.1.9]
[C:\Program Files\Common Files\Symantec Shared\ccL35.dll] [Symantec Corporation, 103.5.1.9]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 3, 9]
[C:\WINDOWS\WindowsKey.DLL] [N/A, N/A]
[C:\Program Files\Common Files\Microsoft Shared\MSInfo\svchsotKey.DLL] [N/A, N/A]
[C:\WINDOWS\system32\stdstub.dll] [MS Stdup, 1, 0, 0, 4]
[C:\WINDOWS\system32\stdplay.dll] [ , 1, 0, 0, 5]
[C:\PROGRA~1\3721\helper.dll] [, 1, 1, 0, 1325]
[C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 103.5.1.9]
[C:\PROGRA~1\COMMON~1\SYMANT~1\CCALERT.DLL] [Symantec Corporation, 103.5.1.9]
[C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLPXY.DLL] [Symantec Corporation, 103.5.1.9]
[C:\WINDOWS\system32\SYMREDIR.DLL] [Symantec Corporation, 5.5.1.6]
[C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll] [Symantec Corporation, 103.5.1.9]
[C:\Program Files\Symantec AntiVirus\SavEmail.dll] [Symantec Corporation, 10.0.0.359]
[C:\Program Files\Common Files\Symantec Shared\ccProSub.dll] [Symantec Corporation, 103.5.1.9]
[PID: 3024][C:\PROGRA~1\SYMANT~1\VPTray.exe] [Symantec Corporation, 10.0.0.359]
[C:\Program Files\Symantec AntiVirus\SAVRT32.DLL] [Symantec Corporation, 9.5.0.44]
[C:\PROGRA~1\3721\helper.dll] [, 1, 1, 0, 1325]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 3, 9]
[C:\WINDOWS\WindowsKey.DLL] [N/A, N/A]
[C:\Program Files\Common Files\Microsoft Shared\MSInfo\svchsotKey.DLL] [N/A, N/A]
[C:\WINDOWS\system32\stdstub.dll] [MS Stdup, 1, 0, 0, 4]
[C:\WINDOWS\system32\stdplay.dll] [ , 1, 0, 0, 5]
[C:\Program Files\Symantec AntiVirus\Cliproxy.dll] [Symantec Corporation, 10.0.0.359]
[C:\PROGRA~1\SYMANT~1\NAVNTUTL.DLL] [Symantec Corporation, 10.0.0.359]
[C:\Program Files\Symantec AntiVirus\Cliscan.dll] [Symantec Corporation, 10.0.0.359]
[C:\WINDOWS\DOWNLO~1\cnshook.dll] [北京三七二一科技有限公司, 1, 0, 4, 1]
[PID: 3132][C:\Program Files\Common Files\updat\Update.exe] [N/A, N/A]
[C:\PROGRA~1\3721\helper.dll] [, 1, 1, 0, 1325]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 3, 9]
[C:\WINDOWS\WindowsKey.DLL] [N/A, N/A]
[C:\Program Files\Common Files\Microsoft Shared\MSInfo\svchsotKey.DLL] [N/A, N/A]
[C:\WINDOWS\system32\stdstub.dll] [MS Stdup, 1, 0, 0, 4]
[C:\WINDOWS\system32\stdplay.dll] [ , 1, 0, 0, 5]
[PID: 3256][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[C:\PROGRA~1\3721\helper.dll] [, 1, 1, 0, 1325]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 3, 9]
[C:\WINDOWS\WindowsKey.DLL] [N/A, N/A]
[C:\Program Files\Common Files\Microsoft Shared\MSInfo\svchsotKey.DLL] [N/A, N/A]
[C:\WINDOWS\system32\stdstub.dll] [MS Stdup, 1, 0, 0, 4]
[C:\WINDOWS\system32\stdplay.dll] [ , 1, 0, 0, 5]
[PID: 3948][C:\Program Files\Tencent\QQ\TIMPlatform.exe] [tencent, 0, 3, 1, 8]
[C:\PROGRA~1\3721\helper.dll] [, 1, 1, 0, 1325]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 3, 9]
[C:\WINDOWS\WindowsKey.DLL] [N/A, N/A]
[C:\Program Files\Common Files\Microsoft Shared\MSInfo\svchsotKey.DLL] [N/A, N/A]
[C:\WINDOWS\system32\stdstub.dll] [MS Stdup, 1, 0, 0, 4]
[C:\WINDOWS\system32\stdplay.dll] [ , 1, 0, 0, 5]
[C:\Program Files\Tencent\QQ\TIMProxy.dll] [tencent, 0, 3, 2, 4]
[PID: 3632][C:\Program Files\Tencent\QQ\QQ.exe] [TENCENT, 0, 0, 0, 0]
[C:\Program Files\Tencent\QQ\QQBaseClassInDll.dll] [, 1, 0, 0, 1]
[C:\Program Files\Tencent\QQ\QQHelperDll.dll] [, 1, 0, 0, 1]
[C:\Program Files\Tencent\QQ\BasicCtrlDll.dll] [Tencent, 5, 0, 200, 160]
[C:\PROGRA~1\3721\helper.dll] [, 1, 1, 0, 1325]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 3, 9]
[C:\WINDOWS\WindowsKey.DLL] [N/A, N/A]
[C:\Program Files\Common Files\Microsoft Shared\MSInfo\svchsotKey.DLL] [N/A, N/A]
[C:\WINDOWS\system32\stdstub.dll] [MS Stdup, 1, 0, 0, 4]
[C:\WINDOWS\system32\stdplay.dll] [ , 1, 0, 0, 5]
[C:\Program Files\Tencent\QQ\QQAPI.dll] [, 1, 0, 0, 1]
[C:\Program Files\Tencent\QQ\TIMProxy.dll] [tencent, 0, 3, 2, 4]
[C:\Program Files\Tencent\QQ\LoginCtrl.dll] [, 1, 0, 0, 1]
[C:\Program Files\Tencent\QQ\npkcntc.dll] [INCA Internet Co., Ltd., 2006, 3, 2, 1]

宝宝心情 - 2006-10-20 15:59:00

[C:\Program Files\Tencent\QQ\npkpdb.dll] [INCA Internet Co., Ltd., 2003, 10, 1, 1]
[C:\Program Files\Tencent\QQ\QQRes.dll] [tencent, 1, 0, 0, 1]
[C:\Program Files\Tencent\QQ\QQMainFrame.dll] [N/A, N/A]
[C:\Program Files\Tencent\QQ\CQQApplication.dll] [N/A, N/A]
[C:\Program Files\Tencent\QQ\NewSkin.dll] [, 1, 0, 0, 1]
[C:\Program Files\Tencent\QQ\HostingMgr.dll] [, 1, 0, 0, 1]
[C:\Program Files\Tencent\QQ\CameraDll.dll] [, 1, 0, 0, 1]
[C:\Program Files\Tencent\QQ\MailSummary.dll] [, 1, 0, 0, 1]
[C:\Program Files\Tencent\QQ\QQSpace.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\system32\msdmo.dll] [N/A, N/A]
[C:\Program Files\Tencent\QQ\QQGroupMng.dll] [, 1, 0, 0, 1]
[C:\Program Files\Tencent\QQ\GroupLive.dll] [N/A, N/A]
[C:\Program Files\Tencent\QQ\QQSysMsgMng.dll] [N/A, N/A]
[C:\Program Files\Tencent\QQ\UserDefinedHead.dll] [, 1, 0, 0, 1]
[C:\Program Files\Tencent\QQ\QQPlugin.dll] [N/A, N/A]
[C:\Program Files\Tencent\QQ\QQConfigPlugin.dll] [, 1, 0, 0, 1]
[C:\Program Files\Tencent\QQ\QRingMng.dll] [N/A, N/A]
[C:\Program Files\Tencent\QQ\PhoneAPI.dll] [, 1, 0, 0, 1]
[C:\Program Files\Tencent\QQ\DialerAllinOne.dll] [tencent, 1, 4, 0, 0]
[C:\Program Files\Tencent\QQ\QQAvatar.dll] [N/A, N/A]
[C:\Program Files\Tencent\QQ\FlashAvatarDll.dll] [, 1, 4, 0, 1]
[C:\Program Files\Tencent\QQ\LongConnection.dll] [tencent, 5, 0, 200, 160]
[C:\Program Files\Tencent\QQ\QQPet.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\DOWNLO~1\cnshook.dll] [北京三七二一科技有限公司, 1, 0, 4, 1]
[C:\Program Files\Tencent\QQ\BQQApplication.dll] [N/A, N/A]
[C:\Program Files\Tencent\QQ\CommercesMng.dll] [, 1, 0, 0, 1]
[C:\Program Files\Tencent\QQ\PersonalDesktop.dll] [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 2]
[C:\Program Files\Tencent\QQ\QQUdpGetFileLib.dll] [tencent, 0, 2, 2, 3]
[C:\Program Files\Tencent\QQ\QQAddr.dll] [深圳市腾讯计算机系统有限公司, 5, 0, 101, 200]
[C:\Program Files\Tencent\QQ\QQAllInOne.dll] [N/A, N/A]
[C:\Program Files\Tencent\QQ\SCCore.dll] [N/A, N/A]
[C:\Program Files\Tencent\QQ\QQCustomFace.dll] [N/A, N/A]
[C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx] [Macromedia, Inc., 8,0,24,0]
[C:\Program Files\Tencent\QQ\QQSceneMng.dll] [N/A, N/A]
[C:\Program Files\Tencent\QQ\ImageOle.dll] [TODO: <Company name>, 1.0.0.1]
[C:\Program Files\Tencent\QQ\QQFileTransfer.dll] [Tencent, 5, 0, 202, 180]
[C:\Program Files\Tencent\QQ\QQPhoneHelper.dll] [腾讯科技（深圳）有限公司, 2, 0, 6, 60]
[C:\Program Files\Tencent\QQ\GroupConnection.dll] [Tencent, 5, 0, 202, 170]
[PID: 584][C:\Program Files\Maxthon\Maxthon.exe] [Maxthon International Ltd., 1, 5, 2, 21]
[C:\Program Files\Maxthon\maxzlib.dll] [ , 1, 0, 0, 2]
[C:\PROGRA~1\3721\helper.dll] [, 1, 1, 0, 1325]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 3, 9]
[C:\WINDOWS\WindowsKey.DLL] [N/A, N/A]
[C:\Program Files\Common Files\Microsoft Shared\MSInfo\svchsotKey.DLL] [N/A, N/A]
[C:\WINDOWS\system32\stdstub.dll] [MS Stdup, 1, 0, 0, 4]
[C:\WINDOWS\system32\stdplay.dll] [ , 1, 0, 0, 5]
[C:\Program Files\Maxthon\Services\RealTime\real_time.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx] [Macromedia, Inc., 8,0,24,0]
[PID: 2268][C:\Program Files\WinRAR\WinRAR.exe] [N/A, N/A]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 3, 9]
[C:\PROGRA~1\3721\helper.dll] [, 1, 1, 0, 1325]
[C:\WINDOWS\WindowsKey.DLL] [N/A, N/A]
[C:\Program Files\Common Files\Microsoft Shared\MSInfo\svchsotKey.DLL] [N/A, N/A]
[C:\WINDOWS\system32\stdstub.dll] [MS Stdup, 1, 0, 0, 4]
[C:\WINDOWS\system32\stdplay.dll] [ , 1, 0, 0, 5]
[PID: 2672][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX01.188\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 3, 9]
[C:\PROGRA~1\3721\helper.dll] [, 1, 1, 0, 1325]
[C:\WINDOWS\WindowsKey.DLL] [N/A, N/A]
[C:\Program Files\Common Files\Microsoft Shared\MSInfo\svchsotKey.DLL] [N/A, N/A]
[C:\WINDOWS\system32\stdstub.dll] [MS Stdup, 1, 0, 0, 4]
[C:\WINDOWS\system32\stdplay.dll] [ , 1, 0, 0, 5]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE Error. [winfiles]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
[D:\]
[autorun]
OPEN=D:\pagefile.pif

==================================
HOSTS 文件

建能 - 2006-10-20 16:04:00

[Windows / Windows]
<C:\WINDOWS\Windows.exe><N/A>
Aication / tographicServices]
<C:\Program Files\Common Files\Microsoft Shared\MSInfo\svchsot.exe><TENCENT>
[Standard Update Net Service / stdupnet]
<C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\stdupnet.dll,Service -s><Microsoft Corporation>
把这几个服务修复

阿诺8979 - 2006-10-20 16:05:00

用这里的日志工具吧，看到你的日志头都大了，http://free.ys168.com/?enuo8979日志扫描工具。

宝宝心情 - 2006-10-20 16:07:00

好的，谢谢！

阿诺8979 - 2006-10-20 16:09:00

<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<CnsMin><Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32> [北京三七二一科技有限公司]
<helper.dll><C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32> []
<Torjan Program><C:\WINDOWS\WINLOGON.EXE> [lFVjBhx2wUsWKHo8Rznh]
<Desktop><C:\WINDOWS\system32\rundll32.exe "C:\Program Files\DeskAdTop\Run.dll" ,Rundll> [N/A]
<-164323><C:\WINDOWS\system32\-164323.exe> [N/A]
<-736985><C:\WINDOWS\system32\-736985.exe> [N/A]
<Update><C:\Program Files\Common Files\updat\Update.exe> [N/A]
<UpdateRun><C:\Program Files\Common Files\updat\Update.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<Expand String Value><Rundll32 wmpel.dll,EnterPoint> [TODO: <公司名>]
<{D157330A-9EF3-49F8-9A67-4141AC41ADD4}><C:\WINDOWS\DOWNLO~1\cnshook.dll> [北京三七二一科技有限公司]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<webwork><C:\WINDOWS\webwork\webwork.dll> [MSWebwork Cop.]
以上这些都需要清理。

换个帖子贴出来吧！！！！

宝宝心情 - 2006-10-20 16:10:00

【回复“阿诺8979”的帖子】
http://forum.ikaka.com/list.asp?board=28

谢谢、

建能 - 2006-10-20 16:13:00

Autorun.inf
[D:\]
[autorun]
OPEN=D:\pagefile.pif

PID: 2800][C:\WINDOWS\ClickServices.exe] [Microsoft Corporation, 1.01.0035]
[C:\WINDOWS\WindowsKey.DLL] [N/A, N/A]
[C:\Program Files\Common Files\Microsoft Shared\MSInfo\svchsotKey.DLL] [N/A, N/A]
[C:\WINDOWS\system32\stdstub.dll] [MS Stdup, 1, 0, 0, 4]
[C:\WINDOWS\system32\stdplay.dll] [ , 1, 0, 0, 5]
[PID: 3132][C:\Program Files\Common Files\updat\Update.exe] [N/A, N/A]
[C:\PROGRA~1\3721\helper.dll] [, 1, 1, 0, 1325]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 3, 9]
[C:\WINDOWS\WindowsKey.DLL] [N/A, N/A]
[C:\Program Files\Common Files\Microsoft Shared\MSInfo\svchsotKey.DLL] [N/A, N/A]
[C:\WINDOWS\system32\stdstub.dll] [MS Stdup, 1, 0, 0, 4]
[C:\WINDOWS\system32\stdplay.dll] [ , 1, 0, 0, 5]
修复上面各项！把系统的流氓软件都卸载！！

阿诺8979 - 2006-10-20 16:15:00

引用:

【宝宝心情的贴子】【回复“阿诺8979”的帖子】

Logfile of HijackThis v1.99.1
Scan saved at 15:59:40, on 2006-10-20
Platform: Windows 2003 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 (6.00.3790.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\SYSTEM32\RUNDLL.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\Dfssvc.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\WINLOGON.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ClickServices.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\updat\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tencent\QQ\TIMPlatform.exe
C:\Program Files\Tencent\QQ\QQ.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.047\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe 1
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\WINDOWS\system32\internst.exeO2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll (file missing)
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\Net Transport\NTIEHelper.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\DOWNLO~1\cnshook.dll
O3 - Toolbar: @msdxmLC.dll,-1@2052,电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMENameO4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [Torjan Program] C:\WINDOWS\WINLOGON.EXE
O4 - HKLM\..\Run: [Desktop] C:\WINDOWS\system32\rundll32.exe "C:\Program Files\DeskAdTop\Run.dll" ,Rundll - HKLM\..\Run: [-164323] C:\WINDOWS\system32\-164323.exeO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [-736985] C:\WINDOWS\system32\-736985.exe
O4 - HKLM\..\Run: [Update] C:\Program Files\Common Files\updat\Update.exe
O4 - HKLM\..\Run: [UpdateRun] C:\Program Files\Common Files\updat\Update.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用影音传送带下载 - C:\PROGRA~1\Xi\NETTRA~1\NTAddLink.html
O8 - Extra context menu item: 使用影音传送带下载全部链接 - C:\PROGRA~1\Xi\NETTRA~1\NTAddList.html
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: 酷标 - {1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} - C:\Program Files\coolsign\coolsign.dll
O9 - Extra button: Yahoo 3.5G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail (file missing)
O9 - Extra button: 名品折扣 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=http://www.taobao.com/vertical/mall/pro.php?allyesPara=816 (file missing)
O9 - Extra button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist (file missing)
O9 - Extra button: 雅虎WIDGET - {6354ABE6-05F1-49ed-B850-E423120EC338} - http://cn.widget.yahoo.com/index.htm?source=Cns (file missing)O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: 词霸 - {9A687CA6-D585-4947-9ED9-BE96071F5CD9} - C:\PROGRA~1\Kingsoft\POWERW~1\XDictExB.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra ''Tools'' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra ''Tools'' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra ''Tools'' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra ''Tools'' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O9 - Extra ''Tools'' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O11 - Options group: [!CNS] 中文上网
O15 - Trusted Zone: http://www.icbc.com.cn
O18 - Protocol: dic - {C21F5C32-F57A-4A0D-8E0A-B672691C52D0} - C:\PROGRA~1\Kingsoft\POWERW~1\XDictExB.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O21 - SSODL: webwork - {4C611512-2C1D-44b2-A044-872AD2AD5A61} - C:\WINDOWS\webwork\webwork.dllO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2 - Unknown owner - C:\Apache2.2\bin\httpd.exe" -k runservice (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: MySql - Unknown owner - C:\mysql\bin\mysqld-nt.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

………………

有颜色都需要清理，还是刚才那个网址，有流氓软件清理工具。http://free.ys168.com/?enuo8979还有木马专杀工具。你应该好好清理一下你的系统了，垃圾软件、病毒、太多。

宝宝心情 - 2006-10-20 16:17:00

【回复“建能”的帖子】

谢谢您，可是我不晓得如何用这个软件的修复功能，郁闷啊。。。

宝宝心情 - 2006-10-20 16:20:00

【回复“阿诺8979”的帖子】

好，谢谢！

303266474 - 2006-10-20 16:24:00

先下个超级兔子,把三七二一这流氓软件清理掉,然后再清理病毒.

叶·幽思 - 2006-10-20 16:35:00

========Content========
删除启动项:

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]

<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]

<CnsMin><Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32> [北京三七二一科技有限公司]

<helper.dll><C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32> []

<Torjan Program><C:\WINDOWS\WINLOGON.EXE> [lFVjBhx2wUsWKHo8Rznh]

<Desktop><C:\WINDOWS\system32\rundll32.exe "C:\Program Files\DeskAdTop\Run.dll" ,Rundll> [N/A]

<-164323><C:\WINDOWS\system32\-164323.exe> [N/A]

<-736985><C:\WINDOWS\system32\-736985.exe> [N/A]

<Update><C:\Program Files\Common Files\updat\Update.exe> [N/A]

<UpdateRun><C:\Program Files\Common Files\updat\Update.exe> [N/A]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]

<Expand String Value><Rundll32 wmpel.dll,EnterPoint> [TODO: <公司名>]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

<shell><Explorer.exe 1> [N/A]改为 <shell><Explorer.exe> (注意不是删除此项")

<Userinit><C:\WINDOWS\system32\userinit.exe,,C:\WINDOWS\system32\internst.exe> [N/A] 改为 <Userinit><C:\WINDOWS\system32\userinit.exe,> (同上,","不可省略)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

<{D157330A-9EF3-49F8-9A67-4141AC41ADD4}><C:\WINDOWS\DOWNLO~1\cnshook.dll> [北京三七二一科技有限公司]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

<webwork><C:\WINDOWS\webwork\webwork.dll> [MSWebwork Cop.]

删除以下文件:

C:\Program Files\DeskAdTop\Run.dll

C:\WINDOWS\WINLOGON.EXE

C:\WINDOWS\webwork\webwork.dll

C:\WINDOWS\system32\internst.exe

wmpel.dll

C:\WINDOWS\system32\-164323.exe

C:\WINDOWS\system32\-736985.exe

c:\windows\system32\windowsrem.dll

C:\WINDOWS\system32\stdstub.dll

C:\WINDOWS\system32\stdplay.dll

C:\WINDOWS\webwork\webwork.nls

C:\Program Files\Common Files\Microsoft Shared\MSInfo\svchsotKey.DLL

C:\WINDOWS\system32\WindowsRem.dll

C:\WINDOWS\Windows.exe

==================================
服务
[IPRIP / IPRIP]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\WindowsRem.dll><TODO: <公司名>>

[Windows / Windows]
<C:\WINDOWS\Windows.exe><N/A>

==================================
驱动程序

[CnsMinKP / CnsMinKP]
<\SystemRoot\system32\drivers\CnsMinKP.sys><Copyright (C) 3721 Corporation.>

==================================
修复文件关联:

文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE Error. [winfiles]

==================================
右键打开(不要双击)D盘删除:

Autorun.inf、D:\pagefile.pif

运行:regedit,按F3查找"Autorun.inf"、"D:\pagefile.pif"找到后删除,按F3查找下一个.

==================================
用恶意软件清理助手清理流氓软件

恶意软件清理助手　　下载地址:http://www.tommsoft.com/Products.aspx?pid=2

如果以上文件删不了那么进安全模式用kilbox删除(地址见反病毒版置顶贴).

SREng使用手册:http://forum.ikaka.com/topic.asp?board=67&artid=8125594

如何进入安全模式
Windows Xp 进入安全模式方法:
在计算机开启BIOS加载完之后,迅速按下F8键,在出现的WindowsXP高级选项菜单中回车按下[安全模式].
Windows 2000 进入安全模式方法:
启动Windows2000时,当看到白色箭头的进度条,按下F8键,出现Windows2000高级选项菜单中回车按下[安全模式].
Windows98/Me 进入安全模式方法:
启动Windows98/Me时,当出现[Starting Windows 98]的时候,迅速按下F8键,按下启动菜单中选择第三项[Safe Mode].

叶·幽思 - 2006-10-20 16:39:00

.................

还有几个可疑的驱动程序没敢让你删~

宝宝心情 - 2006-10-20 16:58:00

【回复“叶·幽思”的帖子】

非常感谢！晕起来就想不起找帮助文件了。。。

宝宝心情 - 2006-10-20 21:29:00

注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
<MsnMsgr><"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background> [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<SoundMan><SOUNDMAN.EXE> [Realtek Semiconductor Corp.]
<IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [(Verified)Microsoft Corporation]
<ccApp><"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"> [(Verified)Symantec Corporation]
<vptray><C:\PROGRA~1\SYMANT~1\VPTray.exe> [(Verified)Symantec Corporation]
<Torjan Program><C:\WINDOWS\WINLOGON.EXE> [lFVjBhx2wUsWKHo8Rznh]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<alsmt.exe><C:\WINDOWS\system32\alsmt.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe 1> [N/A]
<Userinit><C:\WINDOWS\SYSTEM32\Userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<webwork><C:\WINDOWS\webwork\webwork.dll> [MSWebwork Cop.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
<WinlogonNotify: NavLogon><C:\WINDOWS\system32\NavLogon.dll> [(Verified)Symantec Corporation]

==================================
启动文件夹
N/A

==================================
服务
[Adobe LM Service / Adobe LM Service]
<"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[Apache2 / Apache2]
<"C:\Apache2.2\bin\httpd.exe" -k runservice><Apache Software Foundation>
[Symantec Event Manager / ccEvtMgr]
<"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"><Symantec Corporation>
[Symantec Password Validation / ccPwdSvc]
<"C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"><Symantec Corporation>
[Symantec Settings Manager / ccSetMgr]
<"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"><Symantec Corporation>
[Windows Installer ManagementClick / ClickService]
<C:\WINDOWS\ClickServices.exe><Microsoft Corporation>
[Routing Protect Access / DATEING]
<C:\WINDOWS\SYSTEM32\RUNDLL.EXE C:\WINDOWS\SYSTEM32\WBEM\ULVUWM41.DLL,Export 1087><N/A>
[Symantec AntiVirus Definition Watcher / DefWatch]
<"C:\Program Files\Symantec AntiVirus\DefWatch.exe"><Symantec Corporation>
[Human Interface Device Access / HidServ]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Event Service / License]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\ipqdie18.dll><Microsoft Corporation>
[Microsoft Search / MSSEARCH]
<"C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe"><Microsoft Corporation>
[MSSQLSERVER / MSSQLSERVER]
<C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlservr.exe><Microsoft Corporation>
[MSSQLServerADHelper / MSSQLServerADHelper]
<C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe><Microsoft Corporation>
[MySql / MySql]
<C:\mysql\bin\mysqld-nt.exe><N/A>
[SavRoam / SavRoam]
<"C:\Program Files\Symantec AntiVirus\SavRoam.exe"><symantec>
[Servicel / Servicel]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\jetspeed.dll><>
[Symantec Network Drivers Service / SNDSrvc]
<"C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"><Symantec Corporation>
[Symantec SPBBCSvc / SPBBCSvc]
<"C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"><Symantec Corporation>
[SQLSERVERAGENT / SQLSERVERAGENT]
<C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlagent.exe><Microsoft Corporation>
[Standard Update Net Service / stdupnet]
<C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\stdupnet.dll,Service -s><Microsoft Corporation>
[Symantec AntiVirus / Symantec AntiVirus]
<"C:\Program Files\Symantec AntiVirus\Rtvscan.exe"><Symantec Corporation>
[Aication / tographicServices]
<C:\Program Files\Common Files\Microsoft Shared\MSInfo\svchsot.exe><TENCENT>

==================================
驱动程序
[00 / 00]
<\SystemRoot\\SystemRoot\System32\drivers\113812.sys><N/A>
[90703 / 90703]
<\SystemRoot\System32\drivers\90703.sys><N/A>
[Albus / Albus]
<\SystemRoot\system32\drivers\Albus.SYS><N/A>
[Service for WDM 3D Audio Driver / ALCXSENS]
<system32\drivers\ALCXSENS.SYS><Sensaura Ltd>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[c160640 / c160640]
<\SystemRoot\System32\drivers\c160640.sys><N/A>
[cdawdm / cdawdm]
<system32\DRIVERS\CDAWDM.sys><N/A>
[Symantec Eraser Control driver / eeCtrl]
<\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys><Symantec Corporation>
[EraserUtilRebootDrv / EraserUtilRebootDrv]
<\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys><N/A>
[VIA Rhine Family Fast Ethernet Adapter Driver / FETNDIS]
<system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[giveio / giveio]
<\SystemRoot\system32\giveio.sys><N/A>
[IP in IP Tunnel Driver / IpInIp]
<system32\DRIVERS\ipinip.sys><N/A>
[NAVENG / NAVENG]
<\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061019.066\naveng.sys><Symantec Corporation>
[NAVEX15 / NAVEX15]
<\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061019.066\navex15.sys><Symantec Corporation>
[npkcrypt / npkcrypt]
<\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[Direct Parallel Link Driver / Ptilink]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[S3SavageNB / S3SavageNB]
<system32\DRIVERS\s3gnbm.sys><S3 Graphics, Inc.>
[SAVRT / SAVRT]
<\??\C:\Program Files\Symantec AntiVirus\savrt.sys><Symantec Corporation>
[SAVRTPEL / SAVRTPEL]
<\??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys><Symantec Corporation>
[Secdrv / Secdrv]
<system32\DRIVERS\secdrv.sys><N/A>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1]
<system32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[SPBBCDrv / SPBBCDrv]
<\??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys><Symantec Corporation>
[speedfan / speedfan]
<\SystemRoot\system32\speedfan.sys><N/A>
[SymEvent / SymEvent]
<\??\C:\Program Files\Symantec\SYMEVENT.SYS><Symantec Corporation>
[SYMREDRV / SYMREDRV]
<\SystemRoot\System32\Drivers\SYMREDRV.SYS><Symantec Corporation>
[SYMTDI / SYMTDI]
<\SystemRoot\System32\Drivers\SYMTDI.SYS><Symantec Corporation>

==================================
浏览器加载项
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Vision]
{6671A431-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\mmsass~1.dll, N/A>
[NTIECatcher Class]
{C56CB6B0-0D96-11D6-8C65-B2868B609932} <C:\Program Files\Xi\Net Transport\NTIEHelper.dll, Xi>
[雅虎WIDGET]
{6354ABE6-05F1-49ed-B850-E423120EC338} <http://cn.widget.yahoo.com/index.htm?source=Cns, N/A>
[信息检索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[金山词霸]
{9A687CA6-D585-4947-9ED9-BE96071F5CD9} <C:\PROGRA~1\Kingsoft\POWERW~1\XDictExB.dll, 金山软件股份有限公司>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[@msdxmLC.dll,-1@2052,电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[上传到QQ网络硬盘]
<C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[使用影音传送带下载]
<C:\PROGRA~1\Xi\NETTRA~1\NTAddLink.html, N/A>
[使用影音传送带下载全部链接]
<C:\PROGRA~1\Xi\NETTRA~1\NTAddList.html, N/A>
[添加到QQ自定义面板]
<C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

==================================

宝宝心情 - 2006-10-20 21:30:00

正在运行的进程
[PID: 380][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 428][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 452][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[C:\WINDOWS\system32\NavLogon.dll] [Symantec Corporation, 10.0.0.359]
[PID: 496][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 508][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 716][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 756][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 844][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[c:\windows\system32\jetspeed.dll] [, 1, 0, 0, 1]
[PID: 908][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 924][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 1076][C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe] [Symantec Corporation, 103.5.1.9]
[C:\Program Files\Common Files\Symantec Shared\ccL35.dll] [Symantec Corporation, 103.5.1.9]
[C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 103.5.1.9]
[C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll] [Symantec Corporation, 103.5.1.9]
[PID: 1096][C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe] [Symantec Corporation, 103.5.1.9]
[C:\Program Files\Common Files\Symantec Shared\ccL35.dll] [Symantec Corporation, 103.5.1.9]
[C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 103.5.1.9]
[C:\PROGRA~1\COMMON~1\SYMANT~1\SPBBC\BB.DLL] [Symantec Corporation, 1,5,1,3]
[C:\PROGRA~1\COMMON~1\SYMANT~1\SPBBC\SPBBCEVT.DLL] [Symantec Corporation, 1,5,1,3]
[C:\Program Files\Common Files\Symantec Shared\ccSet.dll] [Symantec Corporation, 103.5.1.9]
[C:\PROGRA~1\COMMON~1\SYMANT~1\CCSETEVT.DLL] [Symantec Corporation, 103.5.1.9]
[PID: 1472][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 1520][C:\WINDOWS\system32\msdtc.exe] [Microsoft Corporation, 2001.12.4720.0 (srv03_rtm.030324-2048)]
[PID: 1628][C:\WINDOWS\ClickServices.exe] [Microsoft Corporation, 1.01.0035]
[C:\Program Files\Common Files\Microsoft Shared\MSInfo\svchsotKey.DLL] [N/A, N/A]
[PID: 1684][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 1748][C:\WINDOWS\system32\inetsrv\inetinfo.exe] [Microsoft Corporation, 6.0.3790.0 (srv03_rtm.030324-2048)]
[PID: 2012][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 2036][C:\WINDOWS\system32\rundll32.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[C:\WINDOWS\system32\stdupnet.dll] [ , 4, 1, 0, 3]
[C:\WINDOWS\system32\albus.dll] [Albus, 1, 0, 0, 3]
[C:\Program Files\Common Files\Microsoft Shared\MSInfo\svchsotKey.DLL] [N/A, N/A]
[C:\WINDOWS\system32\stdvote.dll] [ , 1, 0, 0, 5]
[PID: 312][C:\Program Files\Symantec AntiVirus\Rtvscan.exe] [Symantec Corporation, 10.0.0.359]
[C:\WINDOWS\system32\CBA.DLL] [Intel? Corporation, 6.12.0.130 E]
[C:\WINDOWS\system32\MsgSys.dll] [Intel? Corporation, 6.12.0.130 E]
[C:\WINDOWS\system32\NTS.dll] [Intel? Corporation, 6.12.0.130 E]
[C:\WINDOWS\system32\PDS.DLL] [Intel? Corporation, 6.12.0.130 E]
[C:\Program Files\Symantec AntiVirus\NAVLU.dll] [Symantec Corporation, 10.0.0.359]
[C:\Program Files\Symantec AntiVirus\NAVNTUTL.DLL] [Symantec Corporation, 10.0.0.359]
[c:\program files\common files\symantec shared\ssc\ScsComms.dll] [Symantec Corporation, 10.0.0.359]
[C:\Program Files\Symantec AntiVirus\I2ldvp3.dll] [Symantec Corporation, 10.0.0.359]
[C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 103.5.1.9]
[C:\Program Files\Common Files\Symantec Shared\ccL35.dll] [Symantec Corporation, 103.5.1.9]
[C:\Program Files\Common Files\Symantec Shared\ccDec.dll] [Symantec Corporation, 103.5.1.9]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\decsdk.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ID.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Zip.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2SS.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2GZIP.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2CAB.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LHA.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ARJ.dll] [Symantec Corporation, 3.02.12.35]

宝宝心情 - 2006-10-20 21:31:00

[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TNEF.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LZ.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2AMG.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RAR.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TAR.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RTF.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Text.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Common Files\Symantec Shared\ccScan.dll] [Symantec Corporation, 103.5.1.9]
[C:\Program Files\Common Files\Symantec Shared\ecmldr32.DLL] [Symantec Corporation, 1.4.0.11]
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061019.066\ccEraser.dll] [Symantec Corporation, 106.3.0.29]
[C:\Program Files\Symantec AntiVirus\DefUtDCD.dll] [Symantec Corporation, 3.1.13a.0]
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061019.066\ecmsvr32.dll] [Symantec Corporation, 61.3.0.18]
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061019.066\NAVEX32a.DLL] [Symantec Corporation, 20061.3.0.12]
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061019.066\NAVENG32.DLL] [Symantec Corporation, 20061.3.0.12]
[C:\Program Files\Symantec AntiVirus\NAVAP32.DLL] [Symantec Corporation, 9.5.0.44]
[C:\Program Files\Symantec AntiVirus\SAVRT32.DLL] [Symantec Corporation, 9.5.0.44]
[C:\Program Files\Symantec AntiVirus\IMail.dll] [Symantec Corporation, 10.0.0.359]
[C:\Program Files\Common Files\Microsoft Shared\MSInfo\svchsotKey.DLL] [N/A, N/A]
[C:\Program Files\Symantec AntiVirus\NotesExt.dll] [Symantec Corporation, 10.0.0.359]
[C:\Program Files\Symantec AntiVirus\vpmsece3.dll] [Symantec Corporation, 10.0.0.359]
[C:\Program Files\Symantec AntiVirus\SymProtectStorage.dll] [Symantec Corporation, 10.0.0.359]
[C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCEvt.dll] [Symantec Corporation, 1,5,1,3]
[C:\Program Files\Common Files\Symantec Shared\SSC\scandlgs.dll] [Symantec Corporation, 10.0.0.359]
[C:\Program Files\Symantec AntiVirus\Cliscan.dll] [Symantec Corporation, 10.0.0.359]
[PID: 964][C:\WINDOWS\system32\Dfssvc.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 1228][C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe] [Microsoft Corporation, 9.107.5512.0]
[PID: 1268][C:\WINDOWS\Explorer.exe] [Microsoft Corporation, 6.00.3790.0 (srv03_rtm.030324-2048)]
[C:\Program Files\Common Files\Microsoft Shared\MSInfo\svchsotKey.DLL] [N/A, N/A]
[C:\WINDOWS\webwork\webwork.nls] [MSWebwork Cop., 1, 0, 0, 1]
[C:\Program Files\Xi\Net Transport\NTIEHelper.dll] [Xi, 1.40.9]
[PID: 1292][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 2296][C:\WINDOWS\SOUNDMAN.EXE] [Realtek Semiconductor Corp., 5.1.11]
[C:\Program Files\Common Files\Microsoft Shared\MSInfo\svchsotKey.DLL] [N/A, N/A]
[PID: 2288][C:\Program Files\Common Files\Symantec Shared\ccApp.exe] [Symantec Corporation, 103.5.1.9]
[C:\Program Files\Common Files\Symantec Shared\ccL35.dll] [Symantec Corporation, 103.5.1.9]
[C:\Program Files\Common Files\Microsoft Shared\MSInfo\svchsotKey.DLL] [N/A, N/A]
[C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 103.5.1.9]
[C:\PROGRA~1\COMMON~1\SYMANT~1\CCALERT.DLL] [Symantec Corporation, 103.5.1.9]
[C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLPXY.DLL] [Symantec Corporation, 103.5.1.9]
[C:\WINDOWS\system32\SYMREDIR.DLL] [Symantec Corporation, 5.5.1.6]
[C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll] [Symantec Corporation, 103.5.1.9]
[C:\Program Files\Symantec AntiVirus\SavEmail.dll] [Symantec Corporation, 10.0.0.359]
[C:\Program Files\Common Files\Symantec Shared\ccProSub.dll] [Symantec Corporation, 103.5.1.9]
[PID: 2320][C:\WINDOWS\WINLOGON.EXE] [lFVjBhx2wUsWKHo8Rznh, 0.00.0118]
[C:\Program Files\Common Files\Microsoft Shared\MSInfo\svchsotKey.DLL] [N/A, N/A]
[PID: 3692][C:\WINDOWS\system32\wbem\wmiprvse.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 3772][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.3790.0 (srv03_rtm.030324-2048)]
[C:\Program Files\Common Files\Microsoft Shared\MSInfo\svchsotKey.DLL] [N/A, N/A]
[C:\Program Files\Tencent\QQ\QQIEHelper.dll] [深圳市腾讯计算机系统有限公司, 1, 1, 0, 5]
[C:\Program Files\Xi\Net Transport\NTIEHelper.dll] [Xi, 1.40.9]
[C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx] [Macromedia, Inc., 8,0,24,0]
[PID: 3920][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.594\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605]
[C:\Program Files\Common Files\Microsoft Shared\MSInfo\svchsotKey.DLL] [N/A, N/A]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE Error. [winfiles]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================

瑞星卡卡安全论坛