今天打开电脑后发现QQ、BT等也不能用了，它们的图表都被换了而且在每个硬盘里多出一个文件程序图表下面有图参考左边的图表是被替换的、右边的图表是多出来的，我怀疑有病毒感染了！高手来看看日志，指点一下我有没有病毒！
     
       

2007-06-27,22:16:39

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background>  [(Verified)Microsoft Corporation]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <ATIPTA><C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe>  [ATI Technologies, Inc.]
    <SoundMan><SOUNDMAN.EXE>  [(Verified)Realtek Semiconductor Corp.]
    <NeroFilterCheck><C:\WINDOWS\system32\NeroCheck.exe>  [Ahead Software Gmbh]
    <InCD><C:\Program Files\Ahead\InCD\InCD.exe>  [Ahead Software AG]
    <RavTask><"G:\瑞星杀毒软件\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <RfwMain><"G:\瑞星防火墙\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <BigDog303><C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)>  [N/A]
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [N/A]
    <PCSuiteTrayApplication><G:\NOKIA套件\Nokia PC Suite 6\LaunchApplication.exe -startup>  [Nokia]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\Userinit.exe,userinit.exe,regedit32.com>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]

==================================
启动文件夹
[Microsoft Office]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk --> C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [Microsoft Corporation]><N>
[startup]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\startup.bat -->  [N/A]><N>
[QQ游戏启动加速程序]
  <C:\Documents and Settings\QQ\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> D:\QQ游戏~1\QQGAME\Accel.exe [深圳市腾讯计算机系统有限公司]><N>
[腾讯QQ]
  <C:\Documents and Settings\QQ\「开始」菜单\程序\启动\腾讯QQ.lnk --> D:\2006珊~1\安装QQ\qq2007\QQ.exe [TENCENT]><N>

==================================
服务
[Ati HotKey Poller / Ati HotKey Poller]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart]
  <C:\WINDOWS\system32\ati2sgag.exe><>
[C-DillaCdaC11BA / C-DillaCdaC11BA]
  <C:\WINDOWS\system32\drivers\CDAC11BA.EXE><Macrovision>
[Human Interface Device Access / HidServ]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InCD Helper / InCDsrv]
  <C:\Program Files\Ahead\InCD\InCDsrv.exe><Ahead Software AG>
[Machine Debug Manager / MDM]
  <"C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"><Microsoft Corporation>
[Rising Proxy  Service / RfwProxySrv]
  <g:\瑞星防火墙\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
  <g:\瑞星防火墙\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
  <"G:\瑞星杀毒软件\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon]
  <"G:\瑞星杀毒软件\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[ServiceLayer / ServiceLayer]
  <"C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"><Nokia.>

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[ati2mtag / ati2mtag]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Rising TDI Base Driver / BaseTDI]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[CdaC15BA / CdaC15BA]
  <\??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS><Macrovision Europe Ltd>
[ExpScaner / ExpScaner]
  <\??\G:\瑞星杀毒软件\Rising\Rav\ExpScan.sys><>
[HookCont / HookCont]
  <\??\G:\瑞星杀毒软件\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg]
  <\??\G:\瑞星杀毒软件\Rising\Rav\HookReg.sys><>
[HookSys / HookSys]
  <\??\G:\瑞星杀毒软件\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl]
  <\??\G:\瑞星防火墙\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[InCD File System / InCDfs]
  <C:\WINDOWS\SYSTEM32\DRIVERS\InCDfs.SYS><Ahead Software AG>
[InCDPass / InCDPass]
  <System32\DRIVERS\InCDPass.sys><Ahead Software AG>
[MEMSCAN / MEMSCAN]
  <\??\G:\瑞星杀毒软件\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs]
  <\??\g:\瑞星防火墙\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[Nokia USB Generic / Nokia USB Generic]
  <system32\drivers\nmwcdc.sys><Nokia>
[Nokia USB Modem / Nokia USB Modem]
  <system32\drivers\nmwcdcm.sys><Nokia>
[Nokia USB Phone Parent / Nokia USB Phone Parent]
  <system32\drivers\nmwcd.sys><Nokia>
[Nokia USB Port / Nokia USB Port]
  <system32\drivers\nmwcdcj.sys><Nokia>
[npkcrypt / npkcrypt]
  <\??\D:\2006珊瑚虫\安装QQ\QQ\npkcrypt.sys><N/A>
[Direct Parallel Link Driver / Ptilink]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsFwDrv / RsFwDrv]
  <\??\G:\瑞星防火墙\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS]
  <\??\G:\瑞星杀毒软件\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv]
  <system32\DRIVERS\secdrv.sys><N/A>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1]
  <system32\DRIVERS\SONYPVU1.SYS><Sony Corporation>

==================================
浏览器加载项
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Alexa]
  {3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B} <C:\WINDOWS\system32\SHDOCVW.DLL, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[CPPMediaCtrl Object]
  {FCD61199-E187-4ADD-88E5-9AF238486D11} <C:\WINDOWS\system32\forcetv.dll, N/A>
[Microsoft Outlook 8.0 Object Library]
  {0006F033-0000-0000-C000-000000000046} <, N/A>
[Microsoft Outlook]
  {0006F03A-0000-0000-C000-000000000046} <, N/A>
[PeerDraw Class]
  {10072CEC-8CC1-11D1-986E-00A0C955B42E} <C:\Program Files\Common Files\Microsoft Shared\VGX\vgx.dll, Microsoft Corporation>
[CEnroll Class]
  {127698E4-E730-4E5C-A2B1-21490A70C8A1} <C:\WINDOWS\system32\xenroll.dll, Microsoft Corporation>
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation>
[iTrusPTA Class]
  {1E0DFFCF-27FF-4574-849B-55007349FEDA} <C:\WINDOWS\system32\aliedit\pta.dll, >
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[Menu Class]
  {27D784D7-9217-4227-B43B-E06E4781E0CB} <C:\WINDOWS\system32\AlxTB1.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[RealPlayer RAM Download Handler]
  {2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Tabular Data Control]
  {333C7BC4-460F-11D0-BC04-0080C7055A83} <C:\WINDOWS\system32\tdc.ocx, Microsoft Corporation>
[Alexa]
  {3CEFF6CD-6F08-4E4D-BCCD-FF7415288C3B} <C:\WINDOWS\system32\SHDOCVW.DLL, Microsoft Corporation>
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, >
[HHCtrl Object]
  {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[WangWangObj Class]
  {6E213FC7-DD5A-4115-B7E6-D4C7838C361E} <C:\Program Files\Alisoft\WangWang\WangWangX4.dll, 阿里软件（中国）有限公司>
[Microsoft Web 浏览器]

{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Tencent Safety Online Base Module]
  {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <C:\WINDOWS\system32\TSOBase\TSOBase.ocx, Tencent Corporation>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
  {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
  {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[Microsoft DirectAnimation Path]
  {D7A7D7C3-D47F-11D0-89D3-00A0C90833E6} <C:\WINDOWS\system32\daxctle.ocx, Microsoft Corporation>
[TencentVmpCtl Class]
  {D9819BD5-422B-4281-8523-726466ED692B} <C:\Program Files\Tencent\Viewpoint Media Player\AxMetaStream.dll, Viewpoint Corporation>
[PasswordEditCtrl Class]
  {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
[CPPMediaCtrl Object]
  {FCD61199-E187-4ADD-88E5-9AF238486D11} <C:\WINDOWS\system32\forcetv.dll, N/A>
[Alexa Web Search]
  <http://client.alexa.com/holiday/script/actions/search.htm, N/A>
[Get Alexa Data]
  <http://client.alexa.com/holiday/script/actions/sitedata.htm, N/A>
[Mail to a Friend...]
  <http://client.alexa.com/holiday/script/actions/mailto.htm, N/A>
[See Related Links]
  <http://client.alexa.com/holiday/script/actions/related.htm, N/A>
[Write a Review...]
  <http://client.alexa.com/holiday/script/actions/review.htm, N/A>
[导出到 Microsoft Excel(&x)]
  <res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
  <D:\2006珊瑚虫\安装QQ\qq2007\AddEmotion.htm, N/A>

==================================
正在运行的进程
[PID: 444][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 520][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 544][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4107]
[PID: 588][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 600][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 748][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4107]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2495]
[PID: 760][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 816][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 912][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 932][C:\Program Files\Ahead\InCD\InCDsrv.exe]  [Ahead Software AG, 4, 2, 12, 0]
    [C:\Program Files\Common Files\Ahead\Lib\AdvrCntr.dll]  [Ahead Software AG, 1,0,13, 2121]
    [C:\Program Files\Common Files\Ahead\Lib\DriveLocker.dll]  [Ahead Software AG, 1, 0, 0, 13]
    [C:\Program Files\Ahead\InCD\incdshx.dll]  [Ahead Software AG, 4, 2, 12, 0]
[PID: 1172][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1268][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4107]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2495]
[PID: 1336][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\AcSignIcon.dll]  [Autodesk, 16.0.0.86]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll]  [Autodesk, 16.0.0.86]
    [G:\瑞星杀毒软件\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [G:\NOKIA套件\Nokia PC Suite 6\PhoneBrowser.dll]  [Nokia, 6, 82, 63, 9]
    [G:\NOKIA套件\Nokia PC Suite 6\PCSCM.dll]  [Nokia, 6, 82, 77, 0]
    [C:\Program Files\PC Connectivity Solution\ConnAPI.DLL]  [Nokia., 6, 82, 72, 2]
    [G:\NOKIA套件\Nokia PC Suite 6\Lang\PhoneBrowser_chi-sc.nlr]  [Nokia, 6, 82, 36, 1]
    [G:\NOKIA套件\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr]  [Nokia, 6, 82, 14, 0]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
    [C:\Program Files\Ahead\InCD\incdshx.dll]  [Ahead Software AG, 4, 2, 12, 0]
    [G:\NOKIA~1\NOKIAP~1\Lang\ConnectionManager_chi-sc.nlr]  [Nokia, 6, 82, 52, 0]
[PID: 1364][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1632][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1932][g:\瑞星防火墙\rising\rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 72]
    [g:\瑞星防火墙\rising\rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
    [g:\瑞星防火墙\rising\rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [g:\瑞星防火墙\rising\rfw\RfwCtrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [g:\瑞星防火墙\rising\rfw\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [g:\瑞星防火墙\rising\rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[PID: 2020][C:\WINDOWS\system32\drivers\CDAC11BA.EXE]  [Macrovision, 4.20.020]
[PID: 164][C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe]  [Microsoft Corporation, 7.00.9064.9150]
[PID: 232][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 344][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 2104][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2204][C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe]  [ATI Technologies, Inc., 6.14.10.5125]
    [C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll]  [ATI Technologies, Inc., 6.14.10.5125]
    [C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.CHS]  [ATI Technologies, Inc., 6.14.10.5125]
    [C:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll]  [ATI Technologies, Inc., 6.14.10.5125]
[PID: 2248][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5.1.0.30]
[PID: 2340][C:\Program Files\Ahead\InCD\InCD.exe]  [Ahead Software AG, 4, 2, 12, 0]
    [C:\Program Files\Ahead\InCD\InCDapi.dll]  [Ahead Software AG, 4, 2, 12, 0]
    [C:\Program Files\Common Files\Ahead\Lib\DriveLocker.dll]  [Ahead Software AG, 1, 0, 0, 13]
    [C:\Program Files\Ahead\InCD\incdshx.dll]  [Ahead Software AG, 4, 2, 12, 0]
[PID: 2412][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3536]
[PID: 2476][C:\WINDOWS\VM303_STI.EXE]  [Vimicro, 4, 3, 625, 61]
    [C:\WINDOWS\system32\msdmo.dll]  [N/A, N/A]
[PID: 2556][C:\Program Files\Messenger\msmsgs.exe]  [Microsoft Corporation, 4.7.3001]
[PID: 2592][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2828][C:\Program Files\PC Connectivity Solution\ServiceLayer.exe]  [Nokia., 6, 82, 69, 3]
    [C:\Program Files\PC Connectivity Solution\NclTools.dll]  [Nokia, 6, 82, 26, 3]
    [C:\Program Files\PC Connectivity Solution\Transports\NCLIrDAMM.dll]  [Nokia Corp., 6, 82, 31, 0]
    [C:\Program Files\PC Connectivity Solution\Transports\NCLRSMM.dll]  [Nokia Corp., 6, 82, 39, 1]
    [C:\Program Files\PC Connectivity Solution\Transports\NCLUSBMM.dll]  [Nokia Corp., 6, 82, 48, 0]
    [C:\Program Files\PC Connectivity Solution\Transports\NclMSBTMM.dll]  [Nokia Corp., 6, 82, 47, 1]
[PID: 2936][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 4028][C:\WINDOWS\system32\wuauclt.exe]  [Microsoft Corporation, 7.0.6000.374 (winmain(wmbla).070416-2057)]
[PID: 3476][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3396][D:\2006珊瑚虫\安装QQ\qq2007\QQ.exe]  [TENCENT, 7,0,313,1681]
    [D:\2006珊瑚虫\安装QQ\qq2007\QQBaseClassInDll.dll]  [TENCENT, 7,0,313,1681]
    [D:\2006珊瑚虫\安装QQ\qq2007\QQHelperDll.dll]  [TENCENT, 7,0,313,1681]

[D:\2006珊瑚虫\安装QQ\qq2007\BasicCtrlDll.dll]  [TENCENT, 7, 0, 225, 1651]
    [D:\2006珊瑚虫\安装QQ\qq2007\QQAPI.dll]  [TENCENT, 7,0,313,1681]
    [D:\2006珊瑚虫\安装QQ\qq2007\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
    [D:\2006珊瑚虫\安装QQ\qq2007\LoginCtrl.dll]  [TENCENT, 7,0,313,1681]
    [D:\2006珊瑚虫\安装QQ\qq2007\LoginCtrlRes.dll]  [TENCENT, 7,0,313,1681]
    [D:\2006珊瑚虫\安装QQ\qq2007\QQRes.dll]  [TENCENT, 7,0,313,1681]
    [D:\2006珊瑚虫\安装QQ\qq2007\WizardCtrl.dll]  [TENCENT, 7,0,313,1681]
    [D:\2006珊瑚虫\安装QQ\qq2007\QQMainFrame.dll]  [N/A, N/A]
    [D:\2006珊瑚虫\安装QQ\qq2007\CQQApplication.dll]  [N/A, N/A]
    [D:\2006珊瑚虫\安装QQ\qq2007\FlashAvatarDll.dll]  [, 1, 4, 0, 1]
    [D:\2006珊瑚虫\安装QQ\qq2007\NewSkin.dll]  [TENCENT, 7,0,313,1681]
    [D:\2006珊瑚虫\安装QQ\qq2007\HostingMgr.dll]  [TENCENT, 7,0,313,1681]
    [D:\2006珊瑚虫\安装QQ\qq2007\CameraDll.dll]  [TENCENT, 7,0,313,1681]
    [D:\2006珊瑚虫\安装QQ\qq2007\MailSummary.dll]  [TENCENT, 7,0,313,1681]
    [D:\2006珊瑚虫\安装QQ\qq2007\QQKnowledgeSearch.dll]  [TENCENT, 7,0,313,1681]
    [D:\2006珊瑚虫\安装QQ\qq2007\QQAllInOne.dll]  [TENCENT, 7,0,313,1681]
    [D:\2006珊瑚虫\安装QQ\qq2007\SCCore.dll]  [TENCENT, 1, 6, 0, 2]
    [D:\2006珊瑚虫\安装QQ\qq2007\QQSpace.dll]  [TENCENT, 7,0,313,1681]
    [C:\WINDOWS\system32\msdmo.dll]  [N/A, N/A]
    [D:\2006珊瑚虫\安装QQ\qq2007\QQGroupMng.dll]  [TENCENT, 7,0,313,1681]
    [D:\2006珊瑚虫\安装QQ\qq2007\UserDefinedHead.dll]  [TENCENT, 7,0,313,1681]
    [D:\2006珊瑚虫\安装QQ\qq2007\QQPlugin.dll]  [N/A, N/A]
    [D:\2006珊瑚虫\安装QQ\qq2007\QQConfigPlugin.dll]  [TENCENT, 7,0,313,1681]
    [D:\2006珊瑚虫\安装QQ\qq2007\QQAvatar.dll]  [N/A, N/A]
    [D:\2006珊瑚虫\安装QQ\qq2007\QRingMng.dll]  [N/A, N/A]
    [D:\2006珊瑚虫\安装QQ\qq2007\LongConnection.dll]  [TENCENT, 7,0,313,1681]
    [D:\2006珊瑚虫\安装QQ\qq2007\PhoneAPI.dll]  [TENCENT, 7,0,313,1681]
    [D:\2006珊瑚虫\安装QQ\qq2007\DialerAllinOne.dll]  [tencent, 1, 4, 0, 0]
    [D:\2006珊瑚虫\安装QQ\qq2007\QQPet.dll]  [TENCENT, 7,0,313,1681]
    [D:\2006珊瑚虫\安装QQ\qq2007\BQQApplication.dll]  [N/A, N/A]
    [D:\2006珊瑚虫\安装QQ\qq2007\QQSysMsgMng.dll]  [N/A, N/A]
    [G:\瑞星杀毒软件\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [D:\2006珊瑚虫\安装QQ\qq2007\CommercesMng.dll]  [TENCENT, 7,0,313,1681]
    [D:\2006珊瑚虫\安装QQ\qq2007\PersonalDesktop.dll]  [TENCENT, 7,0,313,1681]
    [D:\2006珊瑚虫\安装QQ\qq2007\QQAddr.dll]  [深圳市腾讯计算机系统有限公司, 5, 0, 101, 310]
    [D:\2006珊瑚虫\安装QQ\qq2007\QQSceneMng.dll]  [N/A, N/A]
    [D:\2006珊瑚虫\安装QQ\qq2007\AddrSearch.dll]  [腾讯科技（深圳）有限公司, 2, 1, 9, 93]
    [D:\QQ游戏大厅安装\QQGAME\GamePublic.dll]  [N/A, N/A]
    [D:\QQ游戏大厅安装\QQGAME\Common\Utility.dll]  [N/A, N/A]
    [D:\QQ游戏大厅安装\QQGAME\Factory.dll]  [N/A, N/A]
    [D:\QQ游戏大厅安装\QQGAME\Logic\UIStyle.dll]  [N/A, N/A]
    [D:\QQ游戏大厅安装\QQGAME\ProtHand\QQProt.dll]  [N/A, N/A]
    [D:\QQ游戏大厅安装\QQGAME\Socket\NetMod.dll]  [N/A, N/A]
    [D:\2006珊瑚虫\安装QQ\qq2007\QQCustomFace.dll]  [N/A, N/A]
    [D:\2006珊瑚虫\安装QQ\qq2007\ImageOle.dll]  [TENCENT, 7,0,313,1681]
    [D:\2006珊瑚虫\安装QQ\qq2007\QQLiveQMng.dll]  [TENCENT, 7,0,313,1681]
    [C:\WINDOWS\system32\AcSignIcon.dll]  [Autodesk, 16.0.0.86]
    [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll]  [Autodesk, 16.0.0.86]
    [D:\2006珊瑚虫\安装QQ\qq2007\GroupConnection.dll]  [TENCENT, 7,0,313,1681]
[PID: 972][D:\2006珊瑚虫\安装QQ\qq2007\TIMPlatform.exe]  [TENCENT, 7,0,313,1681]
    [D:\2006珊瑚虫\安装QQ\qq2007\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
[PID: 3832][G:\瑞星杀毒软件\Rising\Rav\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
    [G:\瑞星杀毒软件\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [G:\瑞星杀毒软件\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 3936][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\AcSignIcon.dll]  [Autodesk, 16.0.0.86]
    [G:\瑞星杀毒软件\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll]  [Autodesk, 16.0.0.86]
    [C:\WINDOWS\WEB\G1S 1.com]  [wintray, 2007.00.0056]
    [C:\WINDOWS\TEMP\G3S 3.com]  [wintray, 2007.00.0056]
    [C:\WINDOWS\TEMP\G3S 3.com]  [wintray, 2007.00.0056]
    [C:\WINDOWS\TEMP\G3S 3.com]  [wintray, 2007.00.0056]
[PID: 1076][G:\SREng2智能扫描软件\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]

==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
[D:\]
[autorun]
OPEN=Comand.com
[E:\]
[autorun]
OPEN=Comand.com
[G:\]
[autorun]
OPEN=Comand.com

==================================
HOSTS 文件
127.0.0.1      localhost

==================================

打开SREng-启动项目->启动文件夹->删除以下项目
[startup]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\startup.bat --> [N/A]><N>
删除下面的服务（运行SRENG--->启动项目--->服务--->Win32服务应用程序--->选择要删除的服务--->选择删除服务--->点击设置--->出现提示里选择否，确认删除。）
[SystemUpdate / SystemUpdate][Running/Auto Start]
<C:\Program Files\Windows Media Player\xp32s.exe><N/A>

显示隐藏文件后，删除以下文件（不要双击磁盘，可用右键或资源管理器打开）
D:\Autorun.inf
E:\Autorun.inf
G:\Autorun.inf
D:\Comand.com
E:\Comand.com
G:\Comand.com
C:\Program Files\Windows Media Player\xp32s.exe

删不掉的用冰刃删。

【回复“一个菜鸟的无奈”的帖子】
1、用SRENG编辑<Userinit>项（只保留C:\WINDOWS\system32\Userinit.exe），确定。删除[startup]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\startup.bat --> [N/A]><N>
2、修复文件关联。
3、删除D、E、G分区根目录下的Autorun.inf和Comand.com。删除regedit32.com。
4、下列文件是什么？
[C:\WINDOWS\WEB\G1S 1.com] [wintray, 2007.00.0056]
[C:\WINDOWS\TEMP\G3S 3.com] [wintray, 2007.00.0056]
[C:\WINDOWS\TEMP\G3S 3.com] [wintray, 2007.00.0056]
[C:\WINDOWS\TEMP\G3S 3.com] [wintray, 2007.00.0056]

【回复“
火影忍者”的帖子】
1、[SystemUpdate / SystemUpdate][Running/Auto Start]<C:\Program Files\Windows Media Player\xp32s.exe><N/A>  这个文件在Win32服务应用程序 找不到啊？
2、D:\Autorun.inf  E:\Autorun.inf  G:\Autorun.inf  C:\Program Files\Windows Media Player\xp32s.exe 显示了隐藏后都找不到啊？
3、D:\Comand.com    E:\Comand.com    G:\Comand.com 这个怎么删除了自己又回来了？

真是郁闷死我了，你看看怎么回事/

正在学习看日志中～～
说的肯定有不对的，
以下是我认为有问题的地方，只给你做参考



服务
<C:\WINDOWS\system32\drivers\CDAC11BA.EXE><Macrovision>

驱动
[CdaC15BA / CdaC15BA]
<\??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS><Macrovision Europe Ltd>

进程
[PID: 2020][C:\WINDOWS\system32\drivers\CDAC11BA.EXE] [Macrovision, 4.20.020]

[C:\WINDOWS\system32\msdmo.dll] [N/A, N/A]　这个不知道是干什么的　可疑

[C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.0.0.86]这个不知道是干什么的　可疑
[C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] [Autodesk, 16.0.0.86]　这个不知道是干什么的　可疑

[C:\WINDOWS\WEB\G1S 1.com] [wintray, 2007.00.0056]
[C:\WINDOWS\TEMP\G3S 3.com] [wintray, 2007.00.0056]
[C:\WINDOWS\TEMP\G3S 3.com] [wintray, 2007.00.0056]
[C:\WINDOWS\TEMP\G3S 3.com] [wintray, 2007.00.0056]　　　这些不知道是什么

[autorun]
OPEN=Comand.com
[E:\]
[autorun]
OPEN=Comand.com
[G:\]
[autorun]
OPEN=Comand.com
这个地方是很可疑的

回6、7楼
服务找不到，有的可能在SSM或SEG里才能看见吧？！你要先用SSM禁止进程、服务产生，在安全模式下用冰刃删除文件和修复注册表，再把服务删除，再查漏补缺

引用:

【一个菜鸟的无奈的贴子】【回复“ 火影忍者”的帖子】 1、[SystemUpdate / SystemUpdate][Running/Auto Start]<C:\Program Files\Windows Media Player\xp32s.exe><N/A>  这个文件在Win32服务应用程序 找不到啊？ 2、D:\Autorun.inf      E:\Autorun.inf      G:\Autorun.inf      C:\Program Files\Windows Media Player\xp32s.exe 显示了隐藏后都找不到啊？ 3、D:\Comand.com        E:\Comand.com      G:\Comand.com 这个怎么删除了自己又回来了？ 真是郁闷死我了，你看看怎么回事/ ………………