马季老先生去世那天 
我从QQ消息知道此事  上网查询关于此事情资料
浏览内容  一点点查感兴趣东西
后来 网络E盘中  下了个文件  名为DOSTOOLS工具
我原以为找到是什么好应用的DOC
下下来是压缩包
没注意到  突然出现问题！

提示本公司检查到你电脑内有本公司盗版软件  电脑马上重起
你的硬盘内部数据被移动到了所定的扇区！
修改了EXE关联方式
用偌顿扫描  无任何发现
我的机器内除WINDOWS 文件夹下文件可以显示
其他所有盘浮只显示文件夹名字，都无任何文件  什么JPG  RAR  MAX GHO 全部不管全不见
不要以为备份找的到
而且在磁盘空间上都显示出更本无东西  空间都没用！
在Dos下 用DIR  也看不到所有的文件
在GHOST也别想找到备份

这个是我在54网管论坛发了帖子
http://bbs.54master.com/thread-129634-1-1.html

截止今天估计中此木马的人还不少！看到我BAIDU留言加我QQ的有好几位
他是通过邮件和下载传播！

以前6月份出的专杀都无效！
现在是隐藏文件的位置都找不到！
是删除了还是？？
删除了硬盘应该有咯咯声音  常识哈
一个重起  160G硬盘的内容就没了！

2006-12-24,16:29:03

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <MSPY2002><; C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC>  [(Verified)N/A]
    <NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)NVIDIA Corporation]
    <nwiz><; nwiz.exe /install>  [(Verified)NVIDIA Corporation]
    <SKYNET Personal FireWall><; C:\Program Files\SkyNet\FireWall\PFWmain.exe>  [sky.net.cn]
    <IMSCMig><; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
    <kis><"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe">  [Kaspersky Lab]
    <RemoteControl><; C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe>  [Cyberlink Corp.]
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,,"G:\bak2\9--9应用工具大全\JM\sciret.exe" un userinit.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll>  [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{6E44887F-5214-41F2-AB46-4728735C4CC6}><C:\Program Files\Internet Explorer\PLUGINS\System8.sys>  [N/A]

==================================
启动文件夹
N/A

==================================
服务
[Adobe LM Service / Adobe LM Service]
  <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[ASP.NET State Service / aspnet_state]
  <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Autodesk Licensing Service / Autodesk Licensing Service]
  <"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"><Autodesk>
[卡巴斯基互联网安全套装 6.0 / AVP]
  <"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r><Kaspersky Lab>
[C-DillaCdaC11BA / C-DillaCdaC11BA]
  <C:\WINDOWS\system32\drivers\CDAC11BA.EXE><Macrovision>
[Human Interface Device Access / HidServ]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NVIDIA Display Driver Service / NVSvc]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[SoundMAX Agent Service / SoundMAX Agent Service (default)]
  <C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>

==================================

服务
[Adobe LM Service / Adobe LM Service]
  <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[ASP.NET State Service / aspnet_state]
  <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Autodesk Licensing Service / Autodesk Licensing Service]
  <"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"><Autodesk>
[卡巴斯基互联网安全套装 6.0 / AVP]
  <"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r><Kaspersky Lab>
[C-DillaCdaC11BA / C-DillaCdaC11BA]
  <C:\WINDOWS\system32\drivers\CDAC11BA.EXE><Macrovision>
[Human Interface Device Access / HidServ]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NVIDIA Display Driver Service / NVSvc]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[SoundMAX Agent Service / SoundMAX Agent Service (default)]
  <C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>

==================================
驱动程序
[aeaudio / aeaudio]
  <system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[CdaC15BA / CdaC15BA]
  <\??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS><Macrovision Europe Ltd>
[kl1 / kl1]
  <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[laguna / laguna]
  <system32\DRIVERS\cl546xm.sys><Microsoft Corporation>
[npkcrypt / npkcrypt]
  <\??\C:\WINDOWS\110\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Padus ASPI Shell / pfc]
  <system32\drivers\pfc.sys><Padus, Inc.>
[Direct Parallel Link Driver / Ptilink]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv]
  <system32\DRIVERS\secdrv.sys><N/A>
[SKNFW / SKNFW]
  <\??\C:\WINDOWS\system32\Drivers\SKNFW.sys><N/A>
[smwdm / smwdm]
  <system32\drivers\smwdm.sys><Analog Devices, Inc.>
[Nokia CA-42 USB / usb2vcom]
  <system32\DRIVERS\usb2vcom.sys><>
[VIA AGP Filter / viaagp1]
  <\SystemRoot\system32\DRIVERS\viaagp1.sys><VIA Technologies, Inc.>
[ViaIde / ViaIde]
  <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[viasraid / viasraid]
  <\SystemRoot\system32\DRIVERS\viasraid.sys><VIA Technologies inc,.ltd>

浏览器加载项
[HttpCOM Class]
  {1C1105D5-AEC0-4255-AF0C-1DA95EEAF8BD} <C:\WINDOWS\HttpCOM\HUDCOM1106.dll, >
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <C:\WINDOWS\110\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[铃声]
  {0713E8D2-850A-101B-AFC0-4210102A8DA7} <http://huanghetv.sms.163.com, N/A>
[浩方对战平台]
  {0A155D3C-68E2-4215-A47A-E800A446447A} <D:\Program Files\浩方对战平台\GameClient.exe, N/A>
[Web反病毒保护]
  {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll, Kaspersky Lab>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\WINDOWS\110\QQ\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <C:\WINDOWS\110\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[WebActivater Control]
  {C661F36D-DF85-4EF4-83C7-E107B83D04B1} <C:\WINDOWS\system32\3DShowVM.ocx, QQ>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <, N/A>
[Microsoft ProgressBar Control, version 5.0 (SP2)]
  {0713E8D2-850A-101B-AFC0-4210102A8DA7} <C:\WINDOWS\system32\comctl32.ocx, Microsoft Corporation>
[HttpCOM Class]
  {1C1105D5-AEC0-4255-AF0C-1DA95EEAF8BD} <C:\WINDOWS\HttpCOM\HUDCOM1106.dll, >
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <C:\WINDOWS\110\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[WebActivater Control]
  {C661F36D-DF85-4EF4-83C7-E107B83D04B1} <C:\WINDOWS\system32\3DShowVM.ocx, QQ>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[TencentVmpCtl Class]
  {D9819BD5-422B-4281-8523-726466ED692B} <C:\Program Files\Tencent\Viewpoint Media Player\AxMetaStream.dll, Viewpoint Corporation>
[上传到QQ网络硬盘]
  <D:\Program Files\QQ\qq2006传美\qq\AddToNetDisk.htm, N/A>
[使用网际快车下载]
  <D:\Program Files\下载辅助软件\FlashGet1.7\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <D:\Program Files\下载辅助软件\FlashGet1.7\jc_all.htm, N/A>
[添加到QQ自定义面板]
  <C:\WINDOWS\110\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <C:\WINDOWS\110\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <C:\WINDOWS\110\QQ\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 616][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 696][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 720][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
[PID: 764][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
[PID: 776][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
[PID: 936][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
[PID: 1000][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
[PID: 1104][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
[PID: 1156][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
[PID: 1216][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
[PID: 1512][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
[PID: 1656][C:\WINDOWS\system32\drivers\CDAC11BA.EXE]  [Macrovision, 4.20.020]
[PID: 1720][C:\WINDOWS\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.5216]
[PID: 1756][C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe]  [Analog Devices, Inc., 3, 2, 6, 0]
[PID: 1780][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 276][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
    [C:\WINDOWS\system32\AcSignIcon.dll]  [Autodesk, 16.2.54.0]
    [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll]  [Autodesk, 16.2.54.0]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
    [C:\WINDOWS\HttpCOM\HUDCOM1106.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\shellex.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\cmext.dll]  [Revenger inc., 1.2.1.2]
[PID: 1164][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
[PID: 2088][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
[PID: 296][C:\WINDOWS\110\QQ\QQ.exe]  [TENCENT, 0, 0, 0, 0]
    [C:\WINDOWS\110\QQ\CoralAssist.DLL]  [Coral Team, 4.5.0 build 20060515]
    [C:\WINDOWS\110\QQ\CoralQQ.DLL]  [Coral Team, 4.5.4 Build 20061001]
    [C:\WINDOWS\110\QQ\ipsearcher.dll]  [N/A, 1.0.0.4]
    [C:\WINDOWS\110\QQ\QQBaseClassInDll.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\110\QQ\QQHelperDll.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\110\QQ\BasicCtrlDll.dll]  [Tencent, 5, 0, 200, 370]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
    [C:\WINDOWS\110\QQ\QQAPI.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\110\QQ\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
    [C:\WINDOWS\110\QQ\LoginCtrl.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\110\QQ\npkcntc.dll]  [INCA Internet Co., Ltd., 2006, 6, 27, 1]
    [C:\WINDOWS\110\QQ\npkpdb.dll]  [INCA Internet Co., Ltd., 2003, 10, 1, 1]
    [C:\WINDOWS\110\QQ\QQRes.dll]  [tencent, 1, 0, 0, 1]
    [C:\WINDOWS\110\QQ\QQMainFrame.dll]  [N/A, N/A]
    [C:\WINDOWS\110\QQ\CQQApplication.dll]  [N/A, N/A]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\WINDOWS\110\QQ\NewSkin.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\110\QQ\HostingMgr.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\110\QQ\CameraDll.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\110\QQ\MailSummary.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\110\QQ\QQSpace.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\msdmo.dll]  [N/A, N/A]
    [C:\WINDOWS\110\QQ\QQSysMsgMng.dll]  [N/A, N/A]
    [C:\WINDOWS\110\QQ\UserDefinedHead.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\110\QQ\QQPlugin.dll]  [N/A, N/A]
    [C:\WINDOWS\110\QQ\QQAllInOne.dll]  [N/A, N/A]
    [C:\WINDOWS\110\QQ\GroupLive.dll]  [N/A, N/A]
    [C:\WINDOWS\110\QQ\SCCore.dll]  [TENCENT, 2, 0, 0, 1]
    [C:\WINDOWS\110\QQ\QQCustomFace.dll]  [N/A, N/A]
    [C:\WINDOWS\110\QQ\QQPet.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\110\QQ\QQGroupMng.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\110\QQ\LongConnection.dll]  [tencent, 5, 0, 200, 160]
    [C:\WINDOWS\110\QQ\QQConfigPlugin.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\110\QQ\QRingMng.dll]  [N/A, N/A]
    [C:\WINDOWS\110\QQ\PhoneAPI.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\110\QQ\DialerAllinOne.dll]  [tencent, 1, 4, 0, 0]
    [C:\WINDOWS\110\QQ\VPortal.dll]  [, 1, 0, 0, 4]
    [C:\WINDOWS\110\QQ\QQAddr.dll]  [深圳市腾讯计算机系统有限公司, 5, 0, 101, 240]
    [C:\WINDOWS\110\QQ\QQAvatar.dll]  [N/A, N/A]
    [C:\WINDOWS\110\QQ\FlashAvatarDll.dll]  [, 1, 4, 0, 1]
    [C:\WINDOWS\110\QQ\QQFileTransfer.dll]  [Tencent, 0, 3, 3, 5]
    [C:\WINDOWS\110\QQ\ShareFiles.dll]  [N/A, N/A]
    [C:\WINDOWS\110\QQ\QQZip.dll]  [tencent, 0, 3, 2, 4]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\WINDOWS\110\QQ\QQSceneMng.dll]  [N/A, N/A]
    [C:\WINDOWS\110\QQ\ImageOle.dll]  [TODO: <Company name>, 1.0.0.1]
    [C:\WINDOWS\110\QQ\QQMagicFace.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\klscav.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\WINDOWS\110\QQ\GroupConnection.dll]  [Tencent, 0, 3, 3, 5]
    [C:\WINDOWS\110\QQ\BQQApplication.dll]  [N/A, N/A]
    [C:\WINDOWS\110\QQ\CommercesMng.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\110\QQ\PersonalDesktop.dll]  [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 2]
    [C:\WINDOWS\110\QQ\OEMApplication.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\110\QQ\QQPhoneHelper.dll]  [腾讯科技（深圳）有限公司, 2, 0, 1, 10]
[PID: 2300][C:\WINDOWS\110\TT\TTraveler.exe]  [腾讯公司, 3.1.0.261]
    [C:\WINDOWS\system32\AcSignIcon.dll]  [Autodesk, 16.2.54.0]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\WINDOWS\110\TT\PersonalDesktop.dll]  [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 4]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\klscav.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prloader.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll]  [Autodesk, 16.2.54.0]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
[PID: 3028][C:\sreng2\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]
    [C:\sreng2\SREng\Plugins\SRECXTMG.SRE]  [Smallfrogs Studio, 1, 5, 0, 55]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.3]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]

从我的上传扫描日志上
大家应该看到它的危害了吧！


我现在的QQ都装了了WINDOWS
文件夹下！

以前的在D盘  QQ是免第二次安装的嘛
在中木马后  文件被收走
装在了默认C:\Program Files\的文件夹下
哪知道复发的时候被收走！

我现在改的注册表文件选项    能把文件全显示出来
但是找不到隐藏文件
比6月份介绍留下记录的更厉害！