我同学的电脑，刚开始是被4199劫持了，后来，连卡卡的论坛都上不了，用记事本给我发日志也发不过来了~~后来发邮箱里，终于把日志搞来啦，大虾们帮俺们看看~~对了，她没有杀软~ 用反间谍专家查的时候我从他发来的图里看到了worm.win32.viking.ae_14~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 12:40:03, on 2006-10-8
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
d:\Program Files\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\MRTServ.exe
C:\WINDOWS\system32\VKTServ.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\agetltfes.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\conime.exe
D:\Program Files\Tencent\QQ\QQ.exe
D:\Program Files\Tencent\QQ\TIMPlatfrom.exe
C:\WINDOWS\system32\msiexec.exe
D:\TDdownload\HijackThis\HijackThis.exe
O1 - Hosts: 125.91.1.20 localhost
O1 - Hosts: 125.91.1.20 www.7322.com
O1 - Hosts: 125.91.1.20 www.5566.net
O1 - Hosts: 125.91.1.20 www.v111.com
O1 - Hosts: 125.91.1.20 www.gjj.cc
O1 - Hosts: 125.91.1.20 www.hao123.com
O1 - Hosts: 125.91.1.20 hao123.com
O1 - Hosts: 125.91.1.20 www.265.com
O1 - Hosts: 125.91.1.20 265.com
O1 - Hosts: 125.91.1.20 www.9991.com
O1 - Hosts: 125.91.1.20 9991.com
O1 - Hosts: 125.91.1.20 www.v111.com
O1 - Hosts: 125.91.1.20 www.gjj.cc
O1 - Hosts: 61.162.230.31 www.7939.com
O1 - Hosts: 61.162.230.31 7939.com
O1 - Hosts: 61.162.230.31 59.34.148.98
O1 - Hosts: 61.162.230.31 about:blank
O1 - Hosts: 61.141.31.11 down.Virussky.com
O1 - Hosts: 61.141.31.11 60.191.60.108
O1 - Hosts: 61.141.31.11 219.153.20.209
O1 - Hosts: 61.141.31.11 forum.ikaka.com
O1 - Hosts: 61.141.31.11 bbs.360safe.com
O1 - Hosts: 61.141.31.11 www.360safe.com
O1 - Hosts: 61.141.31.11 www.piaoxue.com
O1 - Hosts: 61.141.31.11 61.129.58.12
O1 - Hosts: 61.141.31.11 forum.jiangmin.com
O1 - Hosts: 61.141.31.11 luosoft.com
O1 - Hosts: 125.91.1.20 post.baidu.com
O1 - Hosts: 61.141.31.11 60.191.60.107
O1 - Hosts: 61.141.31.11 219.139.58.97
O1 - Hosts: 61.141.31.11 59.34.148.81
O1 - Hosts: 125.91.1.20 60.191.60.114
O1 - Hosts: 125.91.1.20 www.ycdy.com
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - D:\PROGRA~1\KuGoo3\KUGOO3~1.OCX
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [C-Media Echo Control] C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe
O4 - HKLM\..\Run: [Tray] C:\WINDOWS\command\rundll32.exe
O4 - HKLM\..\Run: [SOUNDM] winsmd.exe
O4 - HKLM\..\Run: [Ljx] C:\WINDOWS\inf\rundll32.exe
O4 - HKLM\..\Run: [zt] C:\WINDOWS\Intel\rundll32.exe
O4 - HKLM\..\Run: [RavUpes] C:\WINDOWS\system32\agetltfes.exe
O4 - HKLM\..\Run: [run] C:\WINDOWS\system32\rundll32.exe rsrc.dll s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: 腾讯QQ.lnk = D:\Program Files\Tencent\QQ\QQ.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: 番茄花园 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://tomatolei.com (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\Tencent\QQ\QQIEHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wsd_sock32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wsd_sock32.dll
O14 - IERESET.INF: START_PAGE_URL=http://tomatolei.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{4F137FBA-3041-485B-B0B6-1CDCA0BCFCE8}: NameServer = 218.6.200.139 61.139.2.69
O20 - AppInit_DLLs: KB896588M.LOG
O21 - SSODL: DVDBurn - {790448C3-4239-45AF-C98B-367991A8B103} - C:\WINDOWS\Downloaded Program Files\AfxEdit.dll
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - d:\Program Files\Rising\Rav\CCenter.exe

这是sreng的
2006-10-08,12:56:08
System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能
以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <CoolSwitch><C:\WINDOWS\system32\taskswitch.exe>  [N/A]
    <Device Detector><DevDetect.exe -autorun>  [N/A]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <C-Media Mixer><Mixer.exe /startup>  [(Verified)C-Media Electronic Inc. (www.cmedia.com.tw)]
    <C-Media Echo Control><C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe>  [N/A]
    <Tray><C:\WINDOWS\command\rundll32.exe>  [N/A]
    <SOUNDM><winsmd.exe>  [N/A]
    <Ljx><C:\WINDOWS\inf\rundll32.exe>  [N/A]
    <zt><C:\WINDOWS\Intel\rundll32.exe>  [N/A]
    <RavUpes><C:\WINDOWS\system32\agetltfes.exe>  []
    <run><C:\WINDOWS\system32\rundll32.exe rsrc.dll s>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <NiceSoft><C:\WINDOWS\system32\Call.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><KB896588M.LOG>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <DVDBurn><C:\WINDOWS\Downloaded Program Files\AfxEdit.dll>  [N/A]
==================================
启动文件夹
[Microsoft Office]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk --> D:\PROGRA~1\MICROS~1\Office\OSA9.EXE [Microsoft Corporation]><N>
[腾讯QQ]
  <C:\Documents and Settings\dream\「开始」菜单\程序\启动\腾讯QQ.lnk --> D:\PROGRA~1\Tencent\QQ\QQ.exe [TENCENT]><N>
==================================
服务
[Human Interface Device Access / HidServ]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[MRTServ / MRTServ]
  <C:\WINDOWS\system32\MRTServ.exe><Microsoft Corporation>
[Rising Process Communication Center / RsCCenter]
  <"d:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[VKTServ / VKTServ]
  <C:\WINDOWS\system32\VKTServ.exe><Microsoft Corporation>
[Portable Media Serial Number Service / WmdmPmSN]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\mspmsnsv.dll><Microsoft Corporation>
==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[C-Media PCI Audio Driver (WDM) / cmpci]
  <system32\drivers\cmaudio.sys><C-Media Inc>
[ExpScaner / ExpScaner]
  <\??\D:\TDdownload\Rising\Rav\ExpScan.sys><N/A>
[kmsinput / kmsinput]
  <\??\C:\WINDOWS\system32\drivers\kmsinput.sys><N/A>
[NetGroup Packet Filter Driver / Npf]
  <system32\drivers\npf.sys><CACE Technologies>
[npkcrypt / npkcrypt]
  <\??\D:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv]
  <system32\DRIVERS\secdrv.sys><N/A>
[TCP/IP Protocol Driver / Tcpip]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
==================================

浏览器加载项
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <D:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[]
  {A9930D97-9CF0-42A0-A10D-4F28836579D5} <D:\PROGRA~1\KuGoo3\KUGOO3~1.OCX, N/A>
[番茄花园]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://tomatolei.com, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <D:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <D:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[]
  {A9930D97-9CF0-42A0-A10D-4F28836579D5} <D:\PROGRA~1\KuGoo3\KUGOO3~1.OCX, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[上传到QQ网络硬盘]
  <D:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
  <D:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\Program Files\Tencent\QQ\SendMMS.htm, N/A>
==================================
正在运行的进程
[PID: 440][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 488][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 512][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\KB896588M.LOG]  [N/A, N/A]
[PID: 564][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\KB896588M.LOG]  [N/A, N/A]
[PID: 576][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\KB896588M.LOG]  [N/A, N/A]
[PID: 740][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\KB896588M.LOG]  [N/A, N/A]
[PID: 796][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\KB896588M.LOG]  [N/A, N/A]
    [C:\WINDOWS\system32\WSD_SOCK32.dll]  [N/A, N/A]
[PID: 900][d:\Program Files\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
    [C:\WINDOWS\KB896588M.LOG]  [N/A, N/A]
[PID: 940][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\KB896588M.LOG]  [N/A, N/A]
    [C:\WINDOWS\system32\WSD_SOCK32.dll]  [N/A, N/A]
[PID: 1044][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\KB896588M.LOG]  [N/A, N/A]
[PID: 1120][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\KB896588M.LOG]  [N/A, N/A]
    [C:\WINDOWS\system32\WSD_SOCK32.dll]  [N/A, N/A]
[PID: 1300][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\KB896588M.LOG]  [N/A, N/A]
[PID: 1424][C:\WINDOWS\system32\MRTServ.exe]  [Microsoft Corporation, 1.18.1507.0]
    [C:\WINDOWS\KB896588M.LOG]  [N/A, N/A]
[PID: 1484][C:\WINDOWS\system32\VKTServ.exe]  [Microsoft Corporation, 1.1.2600.2180]
    [C:\WINDOWS\KB896588M.LOG]  [N/A, N/A]
[PID: 1804][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\KB896588M.LOG]  [N/A, N/A]
    [C:\WINDOWS\system32\WSD_SOCK32.dll]  [N/A, N/A]
[PID: 1084][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\KB896588M.LOG]  [N/A, N/A]
    [C:\WINDOWS\system32\rsrc.dll]  [N/A, N/A]
    [C:\WINDOWS\Downloaded Program Files\swflash.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\WSD_SOCK32.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\KB8965886.LOG]  [N/A, N/A]
    [D:\PROGRA~1\KuGoo3\KUGOO3~1.OCX]  [N/A, N/A]
[PID: 1100][C:\WINDOWS\system32\wscntfy.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\KB896588M.LOG]  [N/A, N/A]
    [C:\WINDOWS\system32\rsrc.dll]  [N/A, N/A]
[PID: 1976][C:\WINDOWS\system32\taskswitch.exe]  [N/A, N/A]
    [C:\WINDOWS\KB896588M.LOG]  [N/A, N/A]
[PID: 2016][C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe]  [ACD Systems, Ltd., 3,0,9,0]
    [C:\WINDOWS\KB896588M.LOG]  [N/A, N/A]
    [C:\WINDOWS\system32\rsrc.dll]  [N/A, N/A]
[PID: 160][C:\WINDOWS\Mixer.exe]  [C-Media Electronic Inc. (www.cmedia.com.tw), 1.48]
    [C:\WINDOWS\KB896588M.LOG]  [N/A, N/A]
    [C:\WINDOWS\System32\cmnprop.dll]  [C-Media Corporation, 5.00.2195.9]
    [C:\WINDOWS\system32\rsrc.dll]  [N/A, N/A]
[PID: 168][C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe]  [, 1, 0, 0, 1]
    [C:\WINDOWS\KB896588M.LOG]  [N/A, N/A]
    [C:\WINDOWS\System32\cmnprop.dll]  [C-Media Corporation, 5.00.2195.9]
    [C:\WINDOWS\system32\rsrc.dll]  [N/A, N/A]
[PID: 192][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\KB896588M.LOG]  [N/A, N/A]
[PID: 1696][C:\WINDOWS\system32\agetltfes.exe]  [, ]
    [C:\WINDOWS\KB896588M.LOG]  [N/A, N/A]
    [C:\WINDOWS\system32\rsrc.dll]  [N/A, N/A]
[PID: 228][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\KB896588M.LOG]  [N/A, N/A]
    [C:\WINDOWS\system32\rsrc.dll]  [N/A, N/A]
[PID: 2516][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\KB896588M.LOG]  [N/A, N/A]
    [C:\WINDOWS\system32\rsrc.dll]  [N/A, N/A]
[PID: 3308][D:\Program Files\Tencent\QQ\QQ.exe]  [TENCENT, 0, 0, 0, 0]
    [D:\Program Files\Tencent\QQ\QQBaseClassInDll.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\Tencent\QQ\QQHelperDll.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\Tencent\QQ\BasicCtrlDll.dll]  [Tencent, 5, 0, 200, 370]
    [C:\WINDOWS\KB896588M.LOG]  [N/A, N/A]
    [C:\WINDOWS\system32\rsrc.dll]  [N/A, N/A]
    [D:\Program Files\Tencent\QQ\QQAPI.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\Tencent\QQ\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
    [D:\Program Files\Tencent\QQ\LoginCtrl.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\Tencent\QQ\npkcntc.dll]  [INCA Internet Co., Ltd., 2006, 6, 27, 1]
    [D:\Program Files\Tencent\QQ\npkpdb.dll]  [INCA Internet Co., Ltd., 2003, 10, 1, 1]
    [D:\Program Files\Tencent\QQ\QQRes.dll]  [tencent, 1, 0, 0, 1]
    [D:\Program Files\Tencent\QQ\QQMainFrame.dll]  [N/A, N/A]
    [D:\Program Files\Tencent\QQ\CQQApplication.dll]  [N/A, N/A]
    [D:\Program Files\Tencent\QQ\NewSkin.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\Tencent\QQ\HostingMgr.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\Tencent\QQ\CameraDll.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\Tencent\QQ\MailSummary.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\Tencent\QQ\QQSpace.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\WSD_SOCK32.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\msdmo.dll]  [N/A, N/A]
    [D:\Program Files\Tencent\QQ\QQGroupMng.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\Tencent\QQ\GroupLive.dll]  [N/A, N/A]
    [D:\Program Files\Tencent\QQ\QQSysMsgMng.dll]  [N/A, N/A]
    [D:\Program Files\Tencent\QQ\UserDefinedHead.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\Tencent\QQ\QQPlugin.dll]  [N/A, N/A]
    [D:\Program Files\Tencent\QQ\QQConfigPlugin.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\Tencent\QQ\QQAllInOne.dll]  [N/A, N/A]
    [D:\Program Files\Tencent\QQ\SCCore.dll]  [TENCENT, 2, 0, 0, 1]
    [D:\Program Files\Tencent\QQ\QQPet.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\Tencent\QQ\QQCustomFace.dll]  [N/A, N/A]
    [D:\Program Files\Tencent\QQ\FlashAvatarDll.dll]  [, 1, 4, 0, 1]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx]  [Adobe Systems, Inc., 9,0,16,0]
    [D:\Program Files\Tencent\QQ\QRingMng.dll]  [N/A, N/A]
    [D:\Program Files\Tencent\QQ\ImageOle.dll]  [TODO: <Company name>, 1.0.0.1]
    [D:\Program Files\Tencent\QQ\QQAvatar.dll]  [N/A, N/A]
    [D:\Program Files\Tencent\QQ\QQSceneMng.dll]  [N/A, N/A]
    [D:\Program Files\Tencent\QQ\PhoneAPI.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\Tencent\QQ\DialerAllinOne.dll]  [tencent, 1, 4, 0, 0]
    [D:\Program Files\Tencent\QQ\VPortal.dll]  [, 1, 0, 0, 4]
    [D:\Program Files\Tencent\QQ\LongConnection.dll]  [tencent, 5, 0, 200, 160]
    [D:\Program Files\Tencent\QQ\BQQApplication.dll]  [N/A, N/A]
    [D:\Program Files\Tencent\QQ\videodevice.dll]  [Tencent, 1, 6, 0, 0]
    [D:\Program Files\Tencent\QQ\inplus.dll]  [Tencent, 1, 6, 0, 0]
    [C:\WINDOWS\system32\l3codeca.acm]  [Fraunhofer Institut Integrierte Schaltungen IIS, 1, 9, 0, 0305]
    [D:\Program Files\Tencent\QQ\QQMagicFace.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\Tencent\QQ\CommercesMng.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\Tencent\QQ\PersonalDesktop.dll]  [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 2]
    [D:\Program Files\Tencent\QQ\QQAddr.dll]  [深圳市腾讯计算机系统有限公司, 5, 0, 101, 240]
    [D:\Program Files\Tencent\QQ\QQPhoneHelper.dll]  [腾讯科技（深圳）有限公司, 2, 0, 6, 60]
    [D:\Program Files\Tencent\QQ\GroupConnection.dll]  [Tencent, 0, 3, 3, 5]
    [D:\Program Files\Tencent\QQ\QQFileTransfer.dll]  [Tencent, 0, 3, 3, 5]
    [D:\Program Files\Tencent\QQ\QQZip.dll]  [tencent, 0, 3, 2, 4]
[PID: 3360][D:\Program Files\Tencent\QQ\TIMPlatfrom.exe]  [tencent, 0, 3, 1, 8]
    [C:\WINDOWS\KB896588M.LOG]  [N/A, N/A]
    [C:\WINDOWS\system32\rsrc.dll]  [N/A, N/A]
    [D:\Program Files\Tencent\QQ\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
[PID: 3836][D:\TDdownload\HijackThis\HijackThis.exe]  [Soeperman Enterprises Ltd., 1.99.0001]
    [C:\WINDOWS\KB896588M.LOG]  [N/A, N/A]
    [C:\WINDOWS\system32\rsrc.dll]  [N/A, N/A]
[PID: 268][C:\WINDOWS\system32\NOTEPAD.EXE]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[C:\WINDOWS\KB896588M.LOG]  [N/A, N/A]
    [C:\WINDOWS\system32\rsrc.dll]  [N/A, N/A]
[PID: 1660][D:\TDdownload\ske\TrojanAssistant.exe]  [Yahoo! CN, 2.1.2.1003]
    [C:\WINDOWS\KB896588M.LOG]  [N/A, N/A]
    [C:\WINDOWS\system32\rsrc.dll]  [N/A, N/A]
    [D:\TDdownload\ske\fsk.dll]  [3721.com, 2, 1, 2, 1030]
    [D:\TDdownload\ske\wmpns.dll]  [---, 1, 1, 8, 1324]
    [C:\WINDOWS\system32\WSD_SOCK32.dll]  [N/A, N/A]
    [D:\TDdownload\ske\snpmw.dll]  [---, 1, 2, 2, 1336]
[PID: 2204][D:\TDdownload\sreng2\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]
    [C:\WINDOWS\KB896588M.LOG]  [N/A, N/A]
    [C:\WINDOWS\system32\rsrc.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\WSD_SOCK32.dll]  [N/A, N/A]
==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
MSAFD Tcpip [TCP/IP]
    C:\WINDOWS\system32\WSD_SOCK32.dll(N/A, N/A)
MT-TcpFilter
    C:\WINDOWS\system32\WSD_SOCK32.dll(N/A, N/A)
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
125.91.1.20 localhost
125.91.1.20 www.7322.com
125.91.1.20 www.5566.net
125.91.1.20 www.v111.com
125.91.1.20 www.gjj.cc
125.91.1.20 www.hao123.com
125.91.1.20 hao123.com
125.91.1.20 www.265.com
125.91.1.20 265.com
125.91.1.20 www.9991.com
125.91.1.20 9991.com
125.91.1.20 www.v111.com
125.91.1.20 www.gjj.cc
61.162.230.31 www.7939.com
61.162.230.31 7939.com
61.162.230.31 59.34.148.98
61.162.230.31 about:blank
61.141.31.11 down.Virussky.com
61.141.31.11 60.191.60.108
61.141.31.11 219.153.20.209
61.141.31.11 forum.ikaka.com
61.141.31.11 bbs.360safe.com
61.141.31.11 www.360safe.com
61.141.31.11 www.piaoxue.com
61.141.31.11 61.129.58.12
61.141.31.11 forum.jiangmin.com
61.141.31.11 luosoft.com
125.91.1.20 post.baidu.com
61.141.31.11 60.191.60.107
61.141.31.11 219.139.58.97
61.141.31.11 59.34.148.81
125.91.1.20 60.191.60.114
125.91.1.20 www.ycdy.com
==================================

这丫是不是还中了传说中的viking了呢？
我看到她的声卡驱动里都有这个东西~现在电脑没声音了

迅速的沉了下去………………

这个是俺从网上复制来的：
“网上很难搜到相关知识，用google搜到一条记录，其中有这么一段
30.P00 - 正在运行的服务 - MRTServ，Microsoft Corporation，
相关文件：C:\WINDOWS\system32\MRTServ.exe
内容：C:\WINDOWS\system32\MRTServ.exe
可见是微软自带的系统服务，因此是系统进程。像优化大师、木马克星等软件都可以查到这个进程并给予描述（来源、作用等）。
我在两台装XP的电脑上看了一下，一台电脑的system32下根本没有这个文件，另一台也没有，但有一个MRT.exe程序，我运行了一下，是微软官方的恶意软件清理工具。所以我估计MRTServ.exe是恶意软件免疫程序，是微软对XP的更新或补丁包里的，也可能是其它杀毒软件给你安装的微软的Service Pack。”

又下去了…………………………

哼哧哼哧~~~~