我中了Trojan.Mnless.jar病毒``怎么办啊```QQ也被盗了`` bbs.ikaka.com

PIG猪猪 - 2007-4-8 10:35:00

[CODE]

2007-04-08,10:11:22

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
<eREAD><E:\eREAD.exe> [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<boss><C:\WINDOWS\system32\friends.exe> [N/A]
<rx><C:\WINDOWS\system32\explore.exe> [N/A]
<zz><C:\WINDOWS\system32\intenet.exe> [N/A]
<zx><C:\WINDOWS\system32\intenet.exe> [N/A]
<wow><C:\WINDOWS\system32\Launcher.exe> [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<SoundMan><SOUNDMAN.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<IgfxTray><C:\WINDOWS\system32\igfxtray.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<SoundMam><C:\WINDOWS\system32\SVOHOST.exe> [N/A]
<C:\Program Files\Common Files\dwnSetup\SetupCmd.exe><C:\Program Files\Common Files\dwnSetup\SetupCmd.exe> [N/A]
<BigDog303><C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)> [N/A]
<Teache><C:\WINDOWS\system32\Teache.exe> [bcnet]
<WindowOutNew><C:\WINDOWS\system32\windowoutnew.exe> [N/A]
<SOUNDM><winsmd.exe> [N/A]
<RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
<ISUSPM Startup><C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup> [InstallShield Software Corporation]
<ISUSScheduler><"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start> [InstallShield Software Corporation]
<PSC><C:\Program Files\ChinaEdu\PSC\psc.exe> [ChinaEdu(弘成科技)]
<WebThunder><C:\Program Files\Thunder Network\WebThunder\WebThunder.exe> [(Verified)ShenZhen Thunder Networking Technologies Ltd.]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [(Verified)Microsoft Windows XP Publisher]
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<Desktop><"C:\WINDOWS\system32\internet.exe"> []
<stup.exe><C:\PROGRA~1\TENCENT\Adplus\stup.exe> [Tencent]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
<Userinit><userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><C:\WINDOWS\system32\NTDLL32.dll> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

PIG猪猪 - 2007-4-8 10:36:00

<DVDBurn><C:\WINDOWS\Downloaded Program Files\AfxEdit.dll> [N/A]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\Program Files\疯狂赛车\data\GUI\mov\kartss.scr> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Publisher]
<PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [N/A]
<PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [N/A]
<StormCodec_Helper><; "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti> [N/A]

==================================
启动文件夹
[腾讯QQ]
<C:\Documents and Settings\new\「开始」菜单\程序\启动\腾讯QQ.lnk --> E:\Q\QQ.exe [TENCENT]><N>

==================================
服务
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Internet Connection Manager / Internet Connection Manager][Stopped/Auto Start]
<"C:\WINDOWS\system32\internet.exe"><N/A>
[Rising Proxy Service / RfwProxySrv][Stopped/Manual Start]
<c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
<c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
<"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Application Accelerator / Tech][Stopped/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\bqywmm64.dll><N/A>

==================================
驱动程序
[a320raid / a320raid][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\a320raid.sys><Adaptec, Inc.>
[AAC / AAC][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\AAC.SYS><Adaptec, Inc.>
[aar1210 / aar1210][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\aar1210.sys><Adaptec, Inc.>
[abp480n5 / abp480n5][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\abp480n5.sys><Microsoft Corporation>
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
<system32\drivers\ac97intc.sys><Intel Corporation>
[adpu160m / adpu160m][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\adpu160m.sys><Microsoft Corporation>
[adpu320 / adpu320][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\adpu320.sys><Adaptec, Inc.>
[ACARD AEC6210UF UltraDMA33 Controller / aec6210][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\aec6210.sys><ACARD Technology Corp.>
[ACARD AEC6260 UltraDMA-66 Controller / aec6260][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\aec6260.sys><ACARD Technology Corp.>
[aec6280 / aec6280][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\aec6280.sys><ACARD Technology Corp.>
[AEC6290 / AEC6290][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\AEC6290.SYS><ACARD Technology Corp.>
[AEC67160 / AEC67160][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\AEC67160.SYS><ACARD Technology Corp.>
[AEC671X / AEC671X][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\AEC671X.SYS><ACARD Technology Corp.>
[AEC6880 / AEC6880][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\AEC6880.SYS><ACARD Technology Corp.>
[AEC6890 / AEC6890][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\AEC6890.sys><ACARD Technology Corp.>
[aec68x5 / aec68x5][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\aec68x5.sys><ACARD Technology Corp.>
[Aha154x / Aha154x][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\aha154x.sys><Microsoft Corporation>
[aic78u2 / aic78u2][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\aic78u2.sys><Microsoft Corporation>
[aic78xx / aic78xx][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\aic78xx.sys><Microsoft Corporation>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AliIde / AliIde][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD K8 Processor Driver / AmdK8][Stopped/Manual Start]
<System32\DRIVERS\amdk8.sys><Microsoft Corporation>
[arc / arc][Stopped/Boot Start]
<\SystemRoot\system32\drivers\arc.sys><Adaptec, Inc.>
[asc / asc][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\asc.sys><Advanced System Products, Inc.>
[asc3550 / asc3550][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\asc3550.sys><Advanced System Products, Inc.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[蓝牙音频设备 / btaudio][Stopped/Manual Start]
<system32\drivers\btaudio.sys><N/A>
[蓝牙虚拟通信驱动程序 / BTDriver][Stopped/Manual Start]
<system32\DRIVERS\btport.sys><N/A>
[蓝牙总线枚举器 / BTKRNL][Stopped/Manual Start]
<system32\DRIVERS\btkrnl.sys><N/A>
[蓝牙局域网接入服务器 / BTWDNDIS][Stopped/Manual Start]
<system32\DRIVERS\btwdndis.sys><N/A>
[CmdIde / CmdIde][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[dac2w2k / dac2w2k][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\dac2w2k.sys><Mylex Corporation>
[dpti2o / dpti2o][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\dpti2o.sys><Microsoft Corporation>
[elxstor / elxstor][Stopped/Boot Start]
<\SystemRoot\system32\drivers\elxstor.sys><Emulex>
[ExpScaner / ExpScaner][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[FASTSX / FASTSX][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\FASTSX.SYS><Promise Technology, Inc.>
[fasttrak / fasttrak][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\fasttrak.sys><Promise Technology, Inc.>
[fasttx2k / fasttx2k][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\fasttx2k.sys><Promise Technology, Inc.>
[fasttx2k2 / fasttx2k2][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\fasttx2k2.sys><Promise Technology, Inc.>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
<system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[gifgfejc / gifgfejc][Stopped/Boot Start]
<\SystemRoot\system32\drivers\gifgfejc.sys><N/A>
[HookCont / HookCont][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
<\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[HpCISSs / HpCISSs][Stopped/Boot Start]
<\SystemRoot\system32\drivers\hpcisss.sys><Hewlett-Packard Company>
[Hpt366 / Hpt366][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\Hpt366.sys><Microsoft Corporation>
[HPT371 / HPT371][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\HPT371.sys><HighPoint Technologies, Inc.>
[hpt374 / hpt374][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\hpt374.sys><HighPoint Technologies, Inc.>
[hpt3xx / hpt3xx][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\hpt3xx.sys><HighPoint Technologies, Inc.>

PIG猪猪 - 2007-4-8 10:37:00

[hptmv / hptmv][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\hptmv.sys><HighPoint Technologies, Inc.>
[hptpro / hptpro][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\hptpro.sys><HighPoint Technologies, Inc.>
[ialm / ialm][Running/Manual Start]
<system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[Intel Integrated RAID / iaStor][Stopped/Boot Start]
<\SystemRoot\system32\drivers\iaStor.sys><Intel Corporation>
[iirsp / iirsp][Stopped/Boot Start]
<\SystemRoot\system32\drivers\iirsp.sys><Intel Corp./ICP vortex GmbH>
[ini910u / ini910u][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\ini910u.sys><Microsoft Corporation>
[ITERAID_Service_Install / iteraid][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\iteraid.sys><Integrated Technology Express, Inc.>
[kmsinput / kmsinput][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\drivers\kmsinput.sys><N/A>
[LSI_SAS / LSI_SAS][Stopped/Boot Start]
<\SystemRoot\system32\drivers\lsi_sas.sys><LSI Logic>
[LSI_SCSI / LSI_SCSI][Stopped/Boot Start]
<\SystemRoot\system32\drivers\lsi_scsi.sys><LSI Logic>
[m5228 / m5228][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\m5228.sys><ALi Corporation.>
[m5281 / m5281][Stopped/Boot Start]
<\SystemRoot\system32\drivers\m5281.sys><ALi Corporation>
[MegaIDE / MegaIDE][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\MegaIDE.sys><LSI Logic Corporation.>
[megasas / megasas][Stopped/Boot Start]
<\SystemRoot\system32\drivers\megasas.sys><LSI Logic Corporation>
[MEMSCAN / MEMSCAN][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs][Running/Auto Start]
<\??\c:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[mraid2k / mraid2k][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\mraid2k.sys><American Megatrends, Inc.>
[mraid35x / mraid35x][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\mraid35x.sys><American Megatrends Inc.>
[mspcidrv / mspcidrv][Running/System Start]
<system32\DRIVERS\mspcidrv.sys><Windows (R) 2000 DDK provider>
[nfrd960 / nfrd960][Stopped/Boot Start]
<\SystemRoot\system32\drivers\nfrd960.sys><IBM Corporation>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\E:\Q\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Stopped/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Intel SCSI Controller / NvAtaBus][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\NVATABUS.SYS><NVIDIA Corporation>
[NVIDIA nForce(tm) RAID Class Driver / nvraid][Stopped/Boot Start]
<\SystemRoot\system32\DRIVERS\nvraid.sys><NVIDIA Corporation>
[PNP649R / PNP649R][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\PNP649R.SYS><CMD Technology, Inc.>
[SiI 680 ATA Controller / Pnp680][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\pnp680.sys><Silicon Image, Inc.>
[Silicon Image SiI 0680 Medley Raid Controller / Pnp680r][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\pnp680r.sys><Silicon Image, Inc>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[ql1080 / ql1080][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\ql1080.sys><QLogic Corporation>
[Ql10wnt / Ql10wnt][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\ql10wnt.sys><Microsoft Corporation>
[ql12160 / ql12160][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\ql12160.sys><QLogic Corporation>
[ql1280 / ql1280][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\ql1280.sys><QLogic Corporation>
[QLogic Fibre Channel SCSI Miniport Driver / ql2300][Stopped/Boot Start]
<\SystemRoot\system32\drivers\ql2300.sys><QLogic Corporation>
[RAIDSRC / RAIDSRC][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\RAIDSRC.SYS><Intel/ICP>
[RsFwDrv / RsFwDrv][Running/Auto Start]
<\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp][Running/Manual Start]
<system32\DRIVERS\Rtnicxp.sys><Realtek Semiconductor Corporation>
[S150SX8 / S150SX8][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\S150SX8.SYS><Promise Technology, Inc.>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[Sentinel / Sentinel][Running/Auto Start]
<\SystemRoot\System32\Drivers\SENTINEL.SYS><>
[SiI-3512 SATALink Controller / SI3112][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\SI3112.sys><Silicon Image, Inc.>
[Silicon Image SiI 3512 SATARaid Controller / SI3112r][Stopped/Boot Start]
<\SystemRoot\system32\drivers\SI3112r.sys><Silicon Image, Inc>
[SiI-3114 SATALink Controller / SI3114][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\SI3114.sys><Silicon Image, Inc.>
[SiI-3114 SATARaid Controller / SI3114r][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\SI3114R.sys><Silicon Image, Inc>
[SiI-3124 SATALink Controller / SI3124][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\SI3124.sys><Silicon Image, Inc.>
[SiI-3124 SATARaid Controller / SI3124r][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\SI3124R.sys><Silicon Image, Inc>
[SATALink driver accelerator / SiFilter][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\SiWinAcc.sys><Silicon Image, Inc.>
[SISIDE / SISIDE][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\SISIDE.SYS><Silicon Integrated Systems Corp.>
[SiSRaid / SiSRaid][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\SiSRaid.sys><Silicon Integrated Systems>
[SiSRaid1 / SiSRaid1][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\SiSRaid1.sys><Silicon Integrated Systems>
[SISRAIDS / SISRAIDS][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\SISRAIDS.SYS><Silicon Integrated Systems Corp>
[Sparrow / Sparrow][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\sparrow.sys><Adaptec, Inc.>
[sptrak / sptrak][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\sptrak.sys><Promise Technology, Inc.>
[squell / squell][Stopped/Manual Start]
<\??\C:\DOCUME~1\new\LOCALS~1\Temp\wincab.sys><N/A>
[symc810 / symc810][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\symc810.sys><Symbios Logic Inc.>
[symc8xx / symc8xx][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\symc8xx.sys><LSI Logic>
[SYMMPI / SYMMPI][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\SYMMPI.SYS><LSI Logic>
[sym_hi / sym_hi][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\sym_hi.sys><LSI Logic>
[sym_u3 / sym_u3][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\sym_u3.sys><LSI Logic>
[TosIde / TosIde][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\toside.sys><Microsoft Corporation>
[UlSata / UlSata][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\ulsata.sys><Promise Technology, Inc.>
[ULSATAS / ULSATAS][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\ULSATAS.SYS><Promise Technology, Inc.>
[ultra / ultra][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\ultra.sys><Promise Technology, Inc.>
[Motorola USB Modem Driver for MPT / usbsermpt][Stopped/Manual Start]
<system32\DRIVERS\usbsermpt.sys><Microsoft Corporation>
[ViaIde / ViaIde][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\viaide.sys><Microsoft Corporation>
[viamraid / viamraid][Stopped/Boot Start]
<\SystemRoot\system32\DRIVERS\viamraid.sys><VIA Technologies inc,.ltd>
[VIA ATA/ATAPI Host Controller / viapdsk][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\viapdsk.sys><VIA Technologies, Inc.>
[viaraid / viaraid][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\viaraid.sys><VIA Technologies inc,.ltd>
[viasraid / viasraid][Stopped/Boot Start]
<\SystemRoot\system32\drivers\viasraid.sys><VIA Technologies inc,.ltd>
[vmscsi / vmscsi][Stopped/Boot Start]
<\SystemRoot\system32\drivers\vmscsi.sys><VMware, Inc.>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[VIMICRO USB PC Camera (ZC0301PLH) / ZSMC303][Stopped/Manual Start]
<System32\Drivers\usbVM303.sys><N/A>

PIG猪猪 - 2007-4-8 10:37:00

==================================
浏览器加载项
[WebThunder Browser Helper]
{00000AAA-A363-466E-BEF5-9BB68697AA7F} <C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_016.dll, Thunder Networking Technologies,LTD>
[IEMonitor Class]
{08A312BB-5409-49FC-9347-54BB7D069AC6} <C:\WINDOWS\system32\IESHEL~1.DLL, N/A>
[Tencent Browser Helper]
{0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\Adplus\SSAddr.dll, Tencent>
[CAdLogic Object]
{11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\CPUSH\cpush1.dll, N/A>
[Advance Helper]
{8E25AC4A-B129-451B-BEE2-3B510BB751DA} <C:\WINDOWS\system32\NTDLL32.dll, Microsoft Corporation>
[XBTP03129 Class]
{B07D1F6B-6B8C-4904-8EE8-5E5A2B4624B3} <C:\PROGRA~1\SEARCH~1\tbu01983\SEARCH~1.DLL, N/A>
[conimehlp Class]
{B10343BD-1DC6-442F-9BA2-D44C708CEE83} <C:\WINDOWS\system32\mskey32.dll, N/A>
[NTIECatcher Class]
{C56CB6B0-0D96-11D6-8C65-B2868B609932} <C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll, Xi>
[IE Browser Helper]
{D0903A3B-F0EA-434a-9742-98C5335C7946} <C:\WINDOWS\system32\IEHelper.dll, Mass Effect Network>
[Flash Assistant]
{E29F0B13-0D84-45aa-81EC-CC629BC07566} <C:\WINDOWS\system32\Flasher0.dll, N/A>
[]
{FFFFFFFF-74CC-4B7C-B5F1-45913F368388} <C:\PROGRA~1\SYSTEM~1\SYSTEM~1.DLL, N/A>
[]
{1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} <C:\Program Files\coolsign\coolsign.dll, N/A>
[微软]
{6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.microsoft.com/china/index.htm, N/A>
[启动Web迅雷]
{962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <E:\新建文件夹\QQ.EXE, N/A>
[SearchCar]
{6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} <C:\Program Files\SearchCar\tbu01983\SearchCar.dll, N/A>
[Edit Class]
{0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\system32\CMBEdit.dll, >
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft? Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[WebThunder Browser Helper]
{00000AAA-A363-466E-BEF5-9BB68697AA7F} <C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_016.dll, Thunder Networking Technologies,LTD>
[ActiveMovieControl Object]
{05589FA1-C356-11CE-BF01-00AA0055595A} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[IEMonitor Class]
{08A312BB-5409-49FC-9347-54BB7D069AC6} <C:\WINDOWS\system32\IESHEL~1.DLL, N/A>
[Web Browser Applet Control]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\msjava.dll, Microsoft Corporation>
[Tencent Browser Helper]
{0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\Adplus\SSAddr.dll, Tencent>
[Edit Class]
{0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\system32\CMBEdit.dll, >
[CAdLogic Object]
{11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\CPUSH\cpush1.dll, N/A>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[]
{669751ED-D558-49AE-B01A-3B374CC7910E} <C:\WINDOWS\system32\ssup.dll, TENCENT>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[SearchCar]
{6D53ADB7-6AD5-4A59-BFE4-7B57D2F4AA89} <C:\Program Files\SearchCar\tbu01983\SearchCar.dll, N/A>
[MediaComm Class]
{7670648D-461B-42AF-BDFE-46D26AF5EFF2} <C:\Program Files\Thunder Network\WebThunder\MediaAddin12.dll, Thunder Networking Technologies,LTD>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Advance Helper]
{8E25AC4A-B129-451B-BEE2-3B510BB751DA} <C:\WINDOWS\system32\NTDLL32.dll, Microsoft Corporation>
[PPRich]
{9D966685-3D58-4170-B008-05BD7C1628B0} <C:\PROGRA~1\PPRich\PPRich.ocx, N/A>
[XBTP03129 Class]
{B07D1F6B-6B8C-4904-8EE8-5E5A2B4624B3} <C:\PROGRA~1\SEARCH~1\tbu01983\SEARCH~1.DLL, N/A>
[conimehlp Class]
{B10343BD-1DC6-442F-9BA2-D44C708CEE83} <C:\WINDOWS\system32\mskey32.dll, N/A>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Microsoft DirectAnimation Control]
{B6FFC24C-7E13-11D0-9B47-00C04FC2F51D} <C:\WINDOWS\system32\danim.dll, Microsoft Corporation>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[NTIECatcher Class]
{C56CB6B0-0D96-11D6-8C65-B2868B609932} <C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll, Xi>
[AUDIO__X_MS_WMA Moniker Class]
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[IE Browser Helper]
{D0903A3B-F0EA-434A-9742-98C5335C7946} <C:\WINDOWS\system32\IEHelper.dll, Mass Effect Network>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[Flash Assistant]
{E29F0B13-0D84-45AA-81EC-CC629BC07566} <C:\WINDOWS\system32\Flasher0.dll, N/A>
[CPasswordEditCtrl Object]
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
[]
{FFFFFFFF-74CC-4B7C-B5F1-45913F368388} <C:\PROGRA~1\SYSTEM~1\SYSTEM~1.DLL, N/A>
[上传到QQ网络硬盘]
<E:\Q\AddToNetDisk.htm, N/A>
[使用Web迅雷下载]
<C:\Program Files\Thunder Network\WebThunder\GetUrl.htm, N/A>
[使用Web迅雷下载全部链接]
<C:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm, N/A>
[使用影音传送带下载]
<C:\Program Files\Xi\NetTransport 2\NTAddLink.html, N/A>
[使用影音传送带下载全部链接]
<C:\Program Files\Xi\NetTransport 2\NTAddList.html, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到eREAD表情]
<, N/A>
[添加到QQ自定义面板]
<E:\Q\AddPanel.htm, N/A>
[添加到QQ表情]
<E:\Q\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<E:\Q\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 548][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 616][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 640][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\NTDLL32.dll] [Microsoft Corporation, 5.1.2600.2180]
[C:\WINDOWS\system32\webpageparser.dll] [N/A, ]
[C:\WINDOWS\system32\Charset.dll] [N/A, ]
[C:\WINDOWS\system32\CreateDomTree.dll] [N/A, ]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 684][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 696][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 852][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 936][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1064][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 1140][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1300][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1552][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\TENCENT\Adplus\Adplus.dll] [Tencent, 4, 5, 1, 15]

PIG猪猪 - 2007-4-8 10:39:00

[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[E:\Q\qdshm.dll] [, 1, 0, 101, 20]
[E:\Q\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\WINDOWS\system32\IEHelper.dll] [Mass Effect Network, 5.1.2600.0]
[PID: 1700][C:\Program Files\Rising\Rav\RavStub.exe] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 1820][c:\program files\rising\rfw\RfwMain.exe] [Beijing Rising Technology Co., Ltd., 4, 0, 0, 52]
[c:\program files\rising\rfw\RsGuiLib.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 23]
[c:\program files\rising\rfw\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[c:\program files\rising\rfw\PngDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[C:\Program Files\TENCENT\Adplus\Adplus.dll] [Tencent, 4, 5, 1, 15]
[PID: 1828][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 336][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 360][C:\WINDOWS\SOUNDMAN.EXE] [Realtek Semiconductor Corp., 5, 1, 0, 48]
[C:\Program Files\TENCENT\Adplus\Adplus.dll] [Tencent, 4, 5, 1, 15]
[PID: 368][C:\WINDOWS\system32\igfxtray.exe] [Intel Corporation, 3.0.0.4342]
[C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3.0.0.4342]
[C:\WINDOWS\system32\igfxdev.dll] [Intel Corporation, 3.0.0.4342]
[C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.4342]
[C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 3.0.0.4342]
[C:\WINDOWS\system32\igfxress.dll] [Intel Corporation, 3.0.0.4342]
[C:\Program Files\TENCENT\Adplus\Adplus.dll] [Tencent, 4, 5, 1, 15]
[PID: 460][C:\WINDOWS\system32\hkcmd.exe] [Intel Corporation, 3.0.0.4342]
[C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3.0.0.4342]
[C:\WINDOWS\system32\igfxdev.dll] [Intel Corporation, 3.0.0.4342]
[C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.4342]
[C:\WINDOWS\system32\igfxhk.dll] [Intel Corporation, 3.0.0.4342]
[C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 3.0.0.4342]
[C:\Program Files\TENCENT\Adplus\Adplus.dll] [Tencent, 4, 5, 1, 15]
[PID: 608][C:\WINDOWS\system32\Teache.exe] [bcnet, 1.00]
[C:\WINDOWS\system32\MSVBVM60.DLL] [Microsoft Corporation, 6.00.9690]
[C:\WINDOWS\system32\vb6chs.dll] [Microsoft Corporation, 6.00.8169]
[C:\Program Files\TENCENT\Adplus\Adplus.dll] [Tencent, 4, 5, 1, 15]
[PID: 1012][C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe] [InstallShield Software Corporation, 3, 20, 100, 1123]
[PID: 1132][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3760]
[C:\Program Files\TENCENT\Adplus\Adplus.dll] [Tencent, 4, 5, 1, 15]
[PID: 1676][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\TENCENT\Adplus\Adplus.dll] [Tencent, 4, 5, 1, 15]
[PID: 3004][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\TENCENT\Adplus\Adplus.dll] [Tencent, 4, 5, 1, 15]
[C:\Program Files\TENCENT\Adplus\SSAddr.dll] [Tencent, 4, 4, 3, 30]
[C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_016.dll] [Thunder Networking Technologies,LTD, 6, 0, 0, 5]
[C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll] [Xi, 1.91.12]
[C:\WINDOWS\system32\IEHelper.dll] [Mass Effect Network, 5.1.2600.0]
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[C:\WINDOWS\system32\xpsp3res.dll] [Microsoft Corporation, 5.1.2600.3059 (xpsp_sp2_gdr.070104-0050)]
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
[C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL] [Microsoft Corporation, 11.0.5510]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[PID: 3872][E:\Q\QQ.exe] [TENCENT, 0, 0, 0, 0]

PIG猪猪 - 2007-4-8 10:40:00

[E:\Q\QQBaseClassInDll.dll] [, 1, 0, 0, 1]
[E:\Q\QQHelperDll.dll] [, 1, 0, 0, 1]
[E:\Q\BasicCtrlDll.dll] [Tencent, 7, 0, 101, 80]
[E:\Q\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
[C:\Program Files\TENCENT\Adplus\Adplus.dll] [Tencent, 4, 5, 1, 15]
[E:\Q\RICHED32.DLL] [Microsoft Corporation, 5.00.2134.1]
[E:\Q\RICHED20.dll] [Microsoft Corporation, 5.31.23.1218]
[E:\Q\QQAPI.dll] [, 1, 0, 0, 1]
[E:\Q\TIMProxy.dll] [tencent, 0, 3, 2, 4]
[E:\Q\LoginCtrl.dll] [N/A, ]
[E:\Q\npkcntc.dll] [INCA Internet Co., Ltd., 2006, 6, 27, 1]
[E:\Q\npkpdb.dll] [INCA Internet Co., Ltd., 2003, 10, 1, 1]
[E:\Q\LoginCtrlRes.dll] [, 1, 0, 0, 1]
[E:\Q\QQRes.dll] [tencent, 1, 0, 0, 1]
[E:\Q\WizardCtrl.dll] [, 1, 0, 0, 1]
[E:\Q\QQMainFrame.dll] [N/A, ]
[C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[E:\Q\CQQApplication.dll] [N/A, ]
[E:\Q\NewSkin.dll] [, 1, 0, 0, 1]
[E:\Q\HostingMgr.dll] [, 1, 0, 0, 1]
[E:\Q\CameraDll.dll] [, 1, 0, 0, 1]
[E:\Q\MailSummary.dll] [, 1, 0, 0, 1]
[E:\Q\QQKnowledgeSearch.dll] [, 1, 0, 0, 1]
[E:\Q\QQAllInOne.dll] [N/A, ]
[E:\Q\GroupLive.dll] [N/A, ]
[E:\Q\SCCore.dll] [TENCENT, 2, 0, 0, 1]
[E:\Q\gdiplus.dll] [Microsoft Corporation, 5.1.3102.2180 (xpsp_sp2_rtm.040803-2158)]
[E:\Q\QQSpace.dll] [, 1, 0, 0, 1]
[E:\Q\vbscript.dll] [Microsoft Corporation, 5.6.0.7426]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[E:\Q\QQGroupMng.dll] [, 1, 0, 0, 1]
[E:\Q\UserDefinedHead.dll] [, 1, 0, 0, 1]
[E:\Q\QQPlugin.dll] [N/A, ]
[E:\Q\QQConfigPlugin.dll] [, 1, 0, 0, 1]
[E:\Q\QRingMng.dll] [N/A, ]
[E:\Q\LongConnection.dll] [tencent, 5, 0, 200, 160]
[E:\Q\QQAvatar.dll] [N/A, ]
[E:\Q\FlashAvatarDll.dll] [, 1, 4, 0, 1]
[E:\Q\QQPet.dll] [, 1, 0, 0, 1]
[E:\Q\PhoneAPI.dll] [, 1, 0, 0, 1]
[E:\Q\DialerAllinOne.dll] [tencent, 1, 4, 0, 0]
[E:\Q\BQQApplication.dll] [N/A, ]
[E:\Q\QQSysMsgMng.dll] [N/A, ]
[E:\Q\CommercesMng.dll] [, 1, 0, 0, 1]
[E:\Q\PersonalDesktop.dll] [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 2]
[E:\Q\QQAddr.dll] [深圳市腾讯计算机系统有限公司, 5, 0, 101, 280]
[E:\Q\QQPhoneHelper.dll] [腾讯科技（深圳）有限公司, 2, 1, 6, 60]
[E:\Q\QQSceneMng.dll] [N/A, ]
[E:\Q\QQCustomFace.dll] [N/A, ]
[E:\Q\ImageOle.dll] [TODO: <Company name>, 1.0.0.1]
[E:\Q\GroupConnection.dll] [Tencent, 0, 3, 3, 5]
[E:\Q\QQZip.dll] [tencent, 0, 3, 2, 4]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
[E:\Q\QQMsgFriendMng.dll] [N/A, ]
[C:\WINDOWS\system32\msadp32.acm] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[E:\Q\QQMagicFace.dll] [, 1, 0, 0, 1]
[E:\Q\QQFileTransfer.dll] [Tencent, 0, 3, 3, 5]
[C:\WINDOWS\system32\UNISPIM5.IME] [北京紫光华宇软件股份有限公司, 5.0.0.5076]
[PID: 1368][E:\Q\TIMPlatform.exe] [tencent, 0, 3, 1, 8]
[C:\Program Files\TENCENT\Adplus\Adplus.dll] [Tencent, 4, 5, 1, 15]
[E:\Q\TIMProxy.dll] [tencent, 0, 3, 2, 4]
[PID: 3876][E:\Q\QQ.exe] [TENCENT, 0, 0, 0, 0]
[E:\Q\QQBaseClassInDll.dll] [, 1, 0, 0, 1]
[E:\Q\QQHelperDll.dll] [, 1, 0, 0, 1]
[E:\Q\BasicCtrlDll.dll] [Tencent, 7, 0, 101, 80]
[E:\Q\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
[C:\Program Files\TENCENT\Adplus\Adplus.dll] [Tencent, 4, 5, 1, 15]
[E:\Q\RICHED32.DLL] [Microsoft Corporation, 5.00.2134.1]
[E:\Q\RICHED20.dll] [Microsoft Corporation, 5.31.23.1218]
[E:\Q\QQAPI.dll] [, 1, 0, 0, 1]
[E:\Q\TIMProxy.dll] [tencent, 0, 3, 2, 4]
[E:\Q\LoginCtrl.dll] [N/A, ]
[E:\Q\npkcntc.dll] [INCA Internet Co., Ltd., 2006, 6, 27, 1]
[E:\Q\npkpdb.dll] [INCA Internet Co., Ltd., 2003, 10, 1, 1]
[E:\Q\LoginCtrlRes.dll] [, 1, 0, 0, 1]
[E:\Q\QQRes.dll] [tencent, 1, 0, 0, 1]
[E:\Q\QQMainFrame.dll] [N/A, ]
[E:\Q\CQQApplication.dll] [N/A, ]
[E:\Q\NewSkin.dll] [, 1, 0, 0, 1]
[E:\Q\HostingMgr.dll] [, 1, 0, 0, 1]
[E:\Q\CameraDll.dll] [, 1, 0, 0, 1]
[E:\Q\MailSummary.dll] [, 1, 0, 0, 1]
[E:\Q\QQKnowledgeSearch.dll] [, 1, 0, 0, 1]
[E:\Q\QQAllInOne.dll] [N/A, ]
[E:\Q\GroupLive.dll] [N/A, ]
[E:\Q\SCCore.dll] [TENCENT, 2, 0, 0, 1]
[E:\Q\gdiplus.dll] [Microsoft Corporation, 5.1.3102.2180 (xpsp_sp2_rtm.040803-2158)]
[E:\Q\QQSpace.dll] [, 1, 0, 0, 1]
[E:\Q\vbscript.dll] [Microsoft Corporation, 5.6.0.7426]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[E:\Q\UserDefinedHead.dll] [, 1, 0, 0, 1]
[E:\Q\QQPlugin.dll] [N/A, ]
[E:\Q\QQConfigPlugin.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[E:\Q\QQAvatar.dll] [N/A, ]
[E:\Q\FlashAvatarDll.dll] [, 1, 4, 0, 1]
[E:\Q\PhoneAPI.dll] [, 1, 0, 0, 1]
[E:\Q\DialerAllinOne.dll] [tencent, 1, 4, 0, 0]
[E:\Q\BQQApplication.dll] [N/A, ]
[E:\Q\CommercesMng.dll] [, 1, 0, 0, 1]
[E:\Q\PersonalDesktop.dll] [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 2]
[E:\Q\QQAddr.dll] [深圳市腾讯计算机系统有限公司, 5, 0, 101, 280]
[E:\Q\QQSceneMng.dll] [N/A, ]
[E:\Q\QQPhoneHelper.dll] [腾讯科技（深圳）有限公司, 2, 1, 6, 60]
[C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL] [Microsoft Corporation, 11.0.5510]
[PID: 2668][C:\Documents and Settings\new\桌面\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]
[C:\Program Files\TENCENT\Adplus\Adplus.dll] [Tencent, 4, 5, 1, 15]

==================================
文件关联
.TXT Error. [C:\WINDOWS\notepad.exe %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. ["hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost
127.0.0.1 219.139.58.97
127.0.0.1 ads.520fantong.com
127.0.0.1 www.520fantong.com
127.0.0.1 w2.520fantong.com
127.0.0.1 125.91.1.20
127.0.0.1 61.162.230.31
127.0.0.1 61.141.31.11
127.0.0.1 bd.jacai.com
127.0.0.1 www.9505.com
127.0.0.1 www.4199.com
127.0.0.1 update.ssdlh.com
127.0.0.1 down.ssdlh.com
127.0.0.1 file.checkthisdoor.com
127.0.0.1 count.checkthisdoor.com

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================

[/CODE]

PIG猪猪 - 2007-4-8 10:40:00

好了```全发了```帮帮我``谢谢```

newcenturymoon - 2007-4-8 10:46:00

安全模式下(开机后不断按F8键然后出来一个高级菜单选择第一项安全模式进入系统)

打开sreng （就是你扫日志的软件）
启动项目注册表删除如下项目 (如果有哪项你认识或者确认不是病毒请不要删除)
<boss><C:\WINDOWS\system32\friends.exe> [N/A]
<rx><C:\WINDOWS\system32\explore.exe> [N/A]
<zz><C:\WINDOWS\system32\intenet.exe> [N/A]
<zx><C:\WINDOWS\system32\intenet.exe> [N/A]
<wow><C:\WINDOWS\system32\Launcher.exe> [N/A]
<SoundMam><C:\WINDOWS\system32\SVOHOST.exe> [N/A
<Teache><C:\WINDOWS\system32\Teache.exe> [bcnet]
<WindowOutNew><C:\WINDOWS\system32\windowoutnew.exe> [N/A]
<SOUNDM><winsmd.exe> [N/A]
<Desktop><"C:\WINDOWS\system32\internet.exe"> []
双击AppInit_DLLs 把其键值改为空

“启动项目”-“服务”-“Win32服务应用程序”中点“隐藏经认证的微软项目”，
选中以下项目，点“删除服务”，再点“设置”，在弹出的框中点“否”：
Internet Connection Manager / Internet Connection Manager
Application Accelerator / Tech

双击我的电脑，工具，文件夹选项，查看，单击选取"显示隐藏文件或文件夹" 并清除"隐藏受保护的操作系统文件（推荐）"前面的钩。在提示确定更改时，单击“是” 然后确定
然后删除
C:\WINDOWS\system32\internet.exe
C:\WINDOWS\system32\bqywmm64.dll
C:\WINDOWS\system32\friends.exe
C:\WINDOWS\system32\explore.exe
C:\WINDOWS\system32\intenet.exe

C:\WINDOWS\system32\Launcher.exe
C:\WINDOWS\system32\SVOHOST.exe
C:\WINDOWS\system32\Teache.exe
C:\WINDOWS\system32\windowoutnew.exe
C:\WINDOWS\system32\webpageparser.dll
C:\WINDOWS\system32\Charset.dll
C:\WINDOWS\system32\CreateDomTree.dll
C:\WINDOWS\system32\IEHelper.dll

瑞星卡卡安全论坛