瑞星卡卡安全论坛

今天电脑出问题了,我用卡卡上网助手清掉了 NTService32.dll的Trojan.Dropper病毒,完了我双击D:跟E:跳出来的却是打开方式,要用右键再选打开才能正常打开,怎么办哈

mizuki.ys168.com下载sreng2,关闭所有不必要的程序后扫个日志上来，一次贴不完分段贴，不要修改

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <vptray><C:\PROGRA~1\SYMANT~1\VPTray.exe>  [(Verified)Symantec Corporation]
    <runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{D157330A-9EF3-49F8-9A67-4141AC41ADD4}><>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <webwork><C:\WINDOWS\webwork\webwork.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptimg]
    <WinlogonNotify: cryptimg><cryptig.dll>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
    <WinlogonNotify: NavLogon><C:\WINDOWS\system32\NavLogon.dll>  [(Verified)Symantec Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{B63BFF8C-2E25-4CCC-9A01-68807F567AA7}><C:\WINDOWS\system32\WsReource.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <!AVG Anti-Spyware><; >  [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <8833c2b7f9b2cafa0959326fec723e07><; >  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <bgoomain.exe><; >  [N/A]
    <BigDog303><; C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)>  [N/A]
    <ccApp><; "C:\Program Files\Common Files\Symantec Shared\ccApp.exe">  [(Verified)Symantec Corporation]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><; C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <DAEMON Tools-2052><; "C:\Program Files\D-Tools\daemon.exe"  -lang 2052>  [DAEMON'S HOME]
    <Desktop><; C:\WINDOWS\system32\rundll32.exe "C:\WINDOWS\system32\NTService32.dll" ,Run>  [N/A]
    <dfsf><; RUNDLL32.EXE C:\WINDOWS\system\Mvvp.dll,DImmcv>  [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <H/PC Connection Agent><; "C:\Program Files\Microsoft ActiveSync\wcescomm.exe">  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <helper.dll><; C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32>  [N/A]
    <HF_GameClient><; d:\浩方对战平台\gameclient.exe>  [上海浩方在线信息技术有限公司]
    <KernelFaultCheck><; %systemroot%\system32\dumprep 0 -k>  [N/A]
    <KillTrojanMaster><; >  [N/A]
    <res><; >  [N/A]
    <sdafdsafds><; D;]XJOEPXT]ufnq]te264/fyf>  [N/A]
    <StormCodec_Helper><; >  [N/A]
    <Update><; >  [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <UUpdate><; C:\Program Files\UUSee\UUpdate.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <WangWang><; "C:\Program Files\淘宝网\淘宝旺旺\WangWang.EXE">  [淘宝（中国）软件有限公司]
    <yassistse><; >  [N/A]
    <YLive.exe><; C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe>  [N/A]
    <木马清除专家><; >  [N/A]

启动文件夹
[1]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\1.lnk -->  [N/A]><N>

==================================
服务
[Print Manager / BRGNS][Stopped/Auto Start]
  <C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A>
[Symantec Event Manager / ccEvtMgr][Running/Auto Start]
  <"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"><Symantec Corporation>
[Symantec Password Validation / ccPwdSvc][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"><Symantec Corporation>
[Symantec Settings Manager / ccSetMgr][Running/Auto Start]
  <"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"><Symantec Corporation>
[Symantec AntiVirus Definition Watcher / DefWatch][Running/Auto Start]
  <"C:\Program Files\Symantec AntiVirus\DefWatch.exe"><Symantec Corporation>
[Vsn gtvi Service / gtvi][Running/Auto Start]
  <C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\mwyo\tdfv.dll,Service><Microsoft Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Logical Disk Manager Administrator Service / Logical Disk Manager Administrator Service][Running/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\ntxml.dll><>
[mms-up / mms-up][Stopped/Auto Start]
  <><N/A>
[Computer Storage / MOVEESS][Stopped/Auto Start]
  <C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\SMTPCONFS.DLL,Export 1087><N/A>
[Remote Registry Protect / NtStub][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\szdj.dll><Microsoft Corporation>
[Provisioning Service Transaction / pqc_222][Stopped/Auto Start]
  <C:\WINDOWS\system32\svchoost.exe><N/A>
[SavRoam / SavRoam][Stopped/Manual Start]
  <"C:\Program Files\Symantec AntiVirus\SavRoam.exe"><symantec>
[Symantec Network Drivers Service / SNDSrvc][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"><Symantec Corporation>
[Symantec AntiVirus / Symantec AntiVirus][Running/Auto Start]
  <"C:\Program Files\Symantec AntiVirus\Rtvscan.exe"><Symantec Corporation>
[Remote Access Connection Management / Remote Access Connection Management][Stopped/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\ncxml.dll><>

驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[ast / ast][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\ast.sys><N/A>
[d347bus / d347bus][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\d347bus.sys><>
[d347prt / d347prt][Running/Boot Start]
  <\SystemRoot\System32\Drivers\d347prt.sys><>
[Intel(R) PRO Adapter Driver / E100B][Running/Manual Start]
  <system32\DRIVERS\e100b325.sys><Intel Corporation>
[fsb / fsb][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\fsb.sys><N/A>
[ihejcgef / ihejcgef][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\ihejcgef.sys><N/A>
[Sony Ericsson 750 driver (WDM) / k750bus][Stopped/Manual Start]
  <system32\DRIVERS\k750bus.sys><MCCI>
[Sony Ericsson 750 USB WMC Modem Filter / k750mdfl][Stopped/Manual Start]
  <system32\DRIVERS\k750mdfl.sys><MCCI>
[Sony Ericsson 750 USB WMC Modem Drivers / k750mdm][Stopped/Manual Start]
  <system32\DRIVERS\k750mdm.sys><MCCI>
[Sony Ericsson 750 USB WMC Device Management Drivers / k750mgmt][Stopped/Manual Start]
  <system32\DRIVERS\k750mgmt.sys><MCCI>
[kbmjmapc / kbmjmapc][Running/Boot Start]
  <\SystemRoot\\SystemRoot\System32\drivers\kbmjmapc.sys><N/A>
[kmsinput / kmsinput][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\kmsinput.sys><N/A>
[MRxSmb / MRxSmb][Stopped/System Start]
  <system32\DRIVERS\mrxsmb.sys><N/A>
[NAVENG / NAVENG][Running/Manual Start]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070124.024\naveng.sys><Symantec Corporation>
[NAVEX15 / NAVEX15][Running/Manual Start]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070124.024\navex15.sys><Symantec Corporation>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[npkycryp / npkycryp][Stopped/Manual Start]
  <\??\C:\Program Files\Tencent\QQ\npkycryp.sys><N/A>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[oqgknc6 / oqgknc64][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\oqgknc64.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Rdbss / Rdbss][Running/System Start]
  <system32\DRIVERS\rdbss.sys><Microsoft Corporation>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[SAVRT / SAVRT][Running/System Start]
  <\??\C:\Program Files\Symantec AntiVirus\savrt.sys><Symantec Corporation>
[SAVRTPEL / SAVRTPEL][Running/Auto Start]
  <\??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys><Symantec Corporation>
[Secdrv / Secdrv][Running/Auto Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[sq_goe / sq_goe][Running/Boot Start]
  <\SystemRoot\system32\drivers\sq_goe.sys><N/A>
[SymEvent / SymEvent][Running/Manual Start]
  <\??\C:\Program Files\Symantec\SYMEVENT.SYS><Symantec Corporation>
[SYMREDRV / SYMREDRV][Stopped/Manual Start]
  <\SystemRoot\System32\Drivers\SYMREDRV.SYS><Symantec Corporation>
[SYMTDI / SYMTDI][Running/System Start]
  <\SystemRoot\System32\Drivers\SYMTDI.SYS><Symantec Corporation>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[tvrvkbn / tvrvkbn][Running/Boot Start]
  <\SystemRoot\system32\drivers\tvrvkbn.sys><N/A>
[VCD VNC Virtual Network Adapter / vcddev][Running/Manual Start]
  <system32\DRIVERS\vcdvnic.sys><VNN B.J.>
[vcharp / vcharp][Stopped/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\vcharp.sys><N/A>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[海天地摄像头301PLH / ZSMC303][Running/Manual Start]
  <System32\Drivers\usbVM303.sys><Vimicro Corporation>
[voodoo / voodoo][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\voodoo.sys><N/A>
[0000196b / 0000196b][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\0000196b.SYS><N/A>

浏览器加载项
[dqsf]
  {24930CDF-D5B4-4A63-B48D-CA86FAD42676} <C:\PROGRA~1\mwyo\qacs.dll, >
[Eye Class]
  {41BE3A3D-6E4B-43F4-AAEB-5B4E95971968} <C:\WINDOWS\system32\edplzkdp.dll, >
[BhoObj Class]
  {7E29089E-5ADF-72AA-DBBF-77E41E89D3AE} <C:\WINDOWS\system32\syabjnkt.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <, N/A>
[]
  {db78a260-6a4a-447f-8b0d-4e03f37a8dbf} <C:\WINDOWS\system32\447fcfsb.dll, N/A>
[73bd]
  {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} <C:\WINDOWS\system32\404antos.dll, N/A>
[启动迅雷]
  {0062C9BD-B349-40DE-91A0-755F37ACD559} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[浩方对战平台]
  {0A155D3C-68E2-4215-A47A-E800A446447A} <D:\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司>
[Create Mobile Favorite]
  {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} <C:\PROGRA~1\MICROS~2\INetRepl.dll, Microsoft Corporation>
[Create Mobile Favorite]
  {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} <C:\PROGRA~1\MICROS~2\INetRepl.dll, Microsoft Corporation>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[CaiFuCOM Class]
  {C1F0024B-8278-4999-B7E6-2718426D9FE6} <C:\Program Files\财富通\caifu.dll, N/A>
[73bd]
  {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} <C:\WINDOWS\system32\404antos.dll, N/A>
[Virusscan Control]
  {1514341E-C046-4839-AE53-291C41A315CB} <C:\WINDOWS\DOWNLO~1\scan.ocx, zhuoer>
[CEditCtrl Object]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com>
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, >
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[Virusscan Control]
  {1514341E-C046-4839-AE53-291C41A315CB} <C:\WINDOWS\DOWNLO~1\scan.ocx, zhuoer>
[dqsf]
  {24930CDF-D5B4-4A63-B48D-CA86FAD42676} <C:\PROGRA~1\mwyo\qacs.dll, >
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[Eye Class]
  {41BE3A3D-6E4B-43F4-AAEB-5B4E95971968} <C:\WINDOWS\system32\edplzkdp.dll, >
[CEditCtrl Object]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <, N/A>
[BhoObj Class]
  {7E29089E-5ADF-72AA-DBBF-77E41E89D3AE} <C:\WINDOWS\system32\syabjnkt.dll, Microsoft Corporation>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <, N/A>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[AUDIO__WAV Moniker Class]
  {CD3AFA7B-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[]
  {DB78A260-6A4A-447F-8B0D-4E03F37A8DBF} <C:\WINDOWS\system32\447fcfsb.dll, N/A>
[73bd]
  {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} <C:\WINDOWS\system32\404antos.dll, N/A>
[  发送本篇文字(小说)到手机]
  <, N/A>
[  发送选定文字(小说)到手机]
  <, N/A>
[&使用迅雷下载]
  <C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
  <C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[上传到QQ网络硬盘]
  <C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
  <C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

正在运行的进程
[PID: 648][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1220][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1244][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\NavLogon.dll]  [Symantec Corporation, 9.0.1.1000]
[PID: 1292][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1304][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1452][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1524][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1692][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\windows\system32\ntxml.dll]  [, 1, 0, 0, 1]
[PID: 1800][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1872][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 280][C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe]  [Symantec Corporation, 2.2.1.004]
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 2.2.1.004]
[PID: 356][C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe]  [Symantec Corporation, 2.2.1.004]
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 2.2.1.004]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\CCSETEVT.DLL]  [Symantec Corporation, 2.2.1.004]
[PID: 540][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 704][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\sq_goe.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\tvrvkbn.dll]  [N/A, N/A]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
    [C:\WINDOWS\system32\syabjnkt.dll]  [Microsoft Corporation, 1, 0, 0, 25]
    [C:\WINDOWS\system32\msdmo.dll]  [N/A, N/A]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
    [C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll]  [Symantec Corporation, 9.0.1.1000]
    [C:\Program Files\Sony Ericsson\Mobile\File Manager\fmgrguil.dll]  [Sony Ericsson Mobile Communications AB, 1, 1, 2, 0]
    [C:\PROGRA~1\mwyo\qacs.dll]  [, 1, 2, 0, 8]
    [C:\WINDOWS\system32\edplzkdp.dll]  [, 1, 0, 0, 10]
[PID: 980][C:\PROGRA~1\SYMANT~1\VPTray.exe]  [Symantec Corporation, 9.0.1.1000]
    [C:\Program Files\Symantec AntiVirus\SAVRT32.DLL]  [Symantec Corporation, 9.3.0.28]
    [C:\Program Files\Symantec AntiVirus\Cliscan.dll]  [Symantec Corporation, 9.0.1.1000]
    [C:\PROGRA~1\SYMANT~1\NAVNTUTL.DLL]  [Symantec Corporation, 9.0.1.1000]
    [C:\Program Files\Symantec AntiVirus\Cliproxy.dll]  [Symantec Corporation, 9.0.1.1000]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 996][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 340][C:\Program Files\Symantec AntiVirus\DefWatch.exe]  [Symantec Corporation, 9.0.1.1000]
[PID: 624][C:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRA~1\mwyo\tdfv.dll]  [, 1, 2, 0, 8]
[PID: 1680][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1752][C:\Program Files\Symantec AntiVirus\Rtvscan.exe]  [Symantec Corporation, 9.0.1.1000]
    [C:\WINDOWS\system32\CBA.DLL]  [Intel? Corporation, 6.12.0.126 E]
    [C:\WINDOWS\system32\MsgSys.dll]  [Intel? Corporation, 6.12.0.126 E]
    [C:\WINDOWS\system32\NTS.dll]  [Intel? Corporation, 6.12.0.126 E]
    [C:\WINDOWS\system32\PDS.DLL]  [Intel? Corporation, 6.12.0.126 E]
    [C:\Program Files\Symantec AntiVirus\NAVLU.dll]  [Symantec Corporation, 9.0.1.1000]
    [C:\Program Files\Symantec AntiVirus\I2ldvp3.dll]  [Symantec Corporation, 9.0.1.1000]
    [C:\Program Files\Symantec AntiVirus\ecmldr32.DLL]  [Symantec Corp., 1.1.0.3]
    [C:\Program Files\Symantec AntiVirus\SAVRT32.DLL]  [Symantec Corporation, 9.3.0.28]
    [C:\Program Files\Symantec AntiVirus\NAVNTUTL.DLL]  [Symantec Corporation, 9.0.1.1000]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070124.024\ecmsvr32.dll]  [Symantec Corporation, 71.1.0.11]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070124.024\NAVEX32a.DLL]  [Symantec Corporation, 20071.1.0.15]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070124.024\NAVENG32.DLL]  [Symantec Corporation, 20071.1.0.15]
    [C:\Program Files\Symantec AntiVirus\IMail.dll]  [Symantec Corporation, 9.0.1.1000]
    [C:\Program Files\Symantec AntiVirus\NotesExt.dll]  [Symantec Corporation, 9.0.1.1000]
    [C:\Program Files\Symantec AntiVirus\vpmsece2.dll]  [Symantec Corporation, 9.0.1.1000]
    [C:\Program Files\Common Files\Symantec Shared\SSC\scandlgs.dll]  [Symantec Corporation, 9.0.1.1000]
    [C:\Program Files\Symantec AntiVirus\DecSDK.dll]  [Symantec Corporation, 3.02.12.09]
    [C:\Program Files\Symantec AntiVirus\Dec2.dll]  [Symantec Corporation, 3.02.12.09]
    [C:\Program Files\Symantec AntiVirus\Dec2ID.dll]  [Symantec Corporation, 3.02.12.09]
    [C:\Program Files\Symantec AntiVirus\Dec2ZIP.dll]  [Symantec Corporation, 3.02.12.09]
    [C:\Program Files\Symantec AntiVirus\Dec2SS.dll]  [Symantec Corporation, 3.02.12.09]
    [C:\Program Files\Symantec AntiVirus\Dec2GZIP.dll]  [Symantec Corporation, 3.02.12.09]
    [C:\Program Files\Symantec AntiVirus\Dec2CAB.dll]  [Symantec Corporation, 3.02.12.09]
    [C:\Program Files\Symantec AntiVirus\Dec2LHA.dll]  [Symantec Corporation, 3.02.12.09]
    [C:\Program Files\Symantec AntiVirus\Dec2ARJ.dll]  [Symantec Corporation, 3.02.12.09]
    [C:\Program Files\Symantec AntiVirus\Dec2TNEF.dll]  [Symantec Corporation, 3.02.12.09]
    [C:\Program Files\Symantec AntiVirus\Dec2LZ.dll]  [Symantec Corporation, 3.02.12.09]
    [C:\Program Files\Symantec AntiVirus\Dec2AMG.dll]  [Symantec Corporation, 3.02.12.09]
    [C:\Program Files\Symantec AntiVirus\Dec2TAR.dll]  [Symantec Corporation, 3.02.12.09]
    [C:\Program Files\Symantec AntiVirus\Dec2RTF.dll]  [Symantec Corporation, 3.02.12.09]
    [C:\Program Files\Symantec AntiVirus\Dec2Text.dll]  [Symantec Corporation, 3.02.12.09]
[PID: 1200][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3220][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 696][C:\WINDOWS\system32\wuauclt.exe]  [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
[PID: 1568][C:\Documents and Settings\Administrator\桌面\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]

除了C盘,其他的盘上有好多资料啊,以前也遇到过一次,我重装系统后再格掉全部分区,这回我不想格了,有啥办法