昨天瑞星查出了：Trojan.PSW.CabalOnLine.r和Trojan.PSW.XYOnLine.mx这两个病毒，相关文件有:C:\Windows\temp\下的upxdnd.dll  ;  upxdnd.exe    ;    LgSy2.dll 等等...和C:\Windows\system32\下的  1.exe    2.exe    cmdbcs.exe

查完之后电脑暂时正常了，可我一运行一个程序，瑞星的监控就提示自动转为嵌入式杀毒，然后进程中就多出了iexplore.exe和notepad.exe       
C:\Windows\temp\下也多出了winlog0n.exe  ；upxdnd.exe  ；rundl132.exe  ；iexpl0re.exe  ；crasos.exe  ；c0nime.exe

启动选项里也多出了它们的身影...
这些明显是病毒，可瑞星却再也查不到，直接对它们查毒也没用，载了个金山毒霸2007也不行，没反应。后来用Windows优化大师的流氓软件清除器和木马克星才查出它们来，瑞星卡卡没去试过。

现在虽然病毒不发作了，可有个很头痛的问题，所有的.exe文件在中毒那天都被修改过，显然是被病毒感染，我现在每开个程序病毒就发作一次，都不知道该怎么办了....

有没哪个高手能帮帮？谢谢了....

呵呵，我现在暂时不受病毒搔扰，因为我只开些我常用的程序，我每开个程序虽然会激活病毒一次，可我手动删除了之后再去开开过的程序就没事了，现在看看PPlive，上上QQ，然后就是等着瑞星升级到能杀净它的版本了，希望瑞星的动作能快些-_-!!!

这是我把病毒激活后检查的日志，为什么这个软件检查后会在注册表中添加很多个空白的启动项？正常吗？


[CODE]

2007-03-30,22:54:23

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <jiajiabx><G:\☆系统工具及应用软件\拼音加加\jjbxb41a\jjbxb\jiajiabx.exe>  [加加工作组]
    <l9vuj7f5699g><C:\WINDOWS\TEMP\iexpl0re.exe>  []
    <m5srk5ir4><C:\WINDOWS\TEMP\crasos.exe>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <RavTask><"D:\工具\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <SoundMan><SOUNDMAN.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <DAEMON Tools><"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033>  [(Verified)DAEMON Tools Code Signing Services]
    <RfwMain><"D:\工具\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <IMJPMIG8.1><; >  [N/A]
    <IMSCMig><; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
    <MoveSearch><; >  [N/A]
    <nwiz><; nwiz.exe /install>  []
    <PHIME2002A><; >  [N/A]
    <PHIME2002ASync><; >  [N/A]
    <RealTray><; >  [N/A]
    <SKYNET Personal FireWall><; >  [N/A]
    <VVSN><; >  [N/A]
    <upxdnd><C:\WINDOWS\TEMP\upxdnd.exe>  []
    <cmdbcs><C:\WINDOWS\cmdbcs.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <KAV7NEEDREBOOT><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\Userinit.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]

==================================
启动文件夹
N/A

==================================
服务
[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[Apache2 / Apache2][Stopped/Auto Start]
  <"D:\工具\Java\Apache\bin\httpd.exe" -k runservice><Apache Software Foundation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Rising Proxy  Service / RfwProxySrv][Stopped/Manual Start]
  <d:\工具\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
  <d:\工具\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"D:\工具\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"D:\工具\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
驱动程序
[a320raid / a320raid][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\a320raid.sys><Adaptec, Inc.>
[AAC / AAC][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\AAC.SYS><Adaptec, Inc.>
[aar1210 / aar1210][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\aar1210.sys><Adaptec, Inc.>
[abp480n5 / abp480n5][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\abp480n5.sys><Microsoft Corporation>
[adpu160m / adpu160m][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\adpu160m.sys><Microsoft Corporation>
[adpu320 / adpu320][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\adpu320.sys><Adaptec, Inc.>
[ACARD AEC6210UF UltraDMA33 Controller / aec6210][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\aec6210.sys><ACARD Technology Corp.>
[ACARD AEC6260 UltraDMA-66 Controller / aec6260][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\aec6260.sys><ACARD Technology Corp.>
[aec6280 / aec6280][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\aec6280.sys><ACARD Technology Corp.>
[AEC6290 / AEC6290][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\AEC6290.SYS><ACARD Technology Corp.>
[AEC67160 / AEC67160][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\AEC67160.SYS><ACARD Technology Corp.>
[AEC671X / AEC671X][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\AEC671X.SYS><ACARD Technology Corp.>
[AEC6880 / AEC6880][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\AEC6880.SYS><ACARD Technology Corp.>
[AEC6890 / AEC6890][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\AEC6890.sys><ACARD Technology Corp.>
[aec68x5 / aec68x5][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\aec68x5.sys><ACARD Technology Corp.>
[Aha154x / Aha154x][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\aha154x.sys><Microsoft Corporation>
[aic78u2 / aic78u2][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\aic78u2.sys><Microsoft Corporation>
[aic78xx / aic78xx][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\aic78xx.sys><Microsoft Corporation>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[ALi Based Ethernet NT Driver / ALI5261][Stopped/Manual Start]
  <system32\DRIVERS\ALI5261.SYS><Acer Laboratories Inc.>
[AliIde / AliIde][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD K8 Processor Driver / AmdK8][Stopped/Manual Start]
  <System32\DRIVERS\amdk8.sys><Microsoft Corporation>
[arc / arc][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\arc.sys><Adaptec, Inc.>
[asc / asc][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\asc.sys><Advanced System Products, Inc.>
[asc3550 / asc3550][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\asc3550.sys><Advanced System Products, Inc.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[CmdIde / CmdIde][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[dac2w2k / dac2w2k][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\dac2w2k.sys><Mylex Corporation>
[dpti2o / dpti2o][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\dpti2o.sys><Microsoft Corporation>
[dtscsi / dtscsi][Running/Manual Start]
  <\SystemRoot\System32\Drivers\dtscsi.sys><N/A>
[elxstor / elxstor][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\elxstor.sys><Emulex>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\D:\工具\Rising\Rav\ExpScan.sys><>
[FASTSX / FASTSX][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\FASTSX.SYS><Promise Technology, Inc.>
[fasttrak / fasttrak][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\fasttrak.sys><Promise Technology, Inc.>
[fasttx2k / fasttx2k][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\fasttx2k.sys><Promise Technology, Inc.>
[fasttx2k2 / fasttx2k2][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\fasttx2k2.sys><Promise Technology, Inc.>
[VIA Rhine Family Fast Ethernet Adapter Driver Service / FETNDISB][Stopped/Manual Start]
  <system32\DRIVERS\fetnd5b.sys><VIA Technologies, Inc.>

[GMSIPCI / GMSIPCI][Stopped/Manual Start]
  <\??\J:\INSTALL\GMSIPCI.SYS><N/A>
[HookCont / HookCont][Running/Auto Start]
  <\??\D:\工具\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\D:\工具\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\D:\工具\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\D:\工具\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[HpCISSs / HpCISSs][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\hpcisss.sys><Hewlett-Packard Company>
[Hpt366 / Hpt366][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\Hpt366.sys><Microsoft Corporation>
[HPT371 / HPT371][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\HPT371.sys><HighPoint Technologies, Inc.>
[hpt374 / hpt374][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\hpt374.sys><HighPoint Technologies, Inc.>
[hpt3xx / hpt3xx][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\hpt3xx.sys><HighPoint Technologies, Inc.>
[hptmv / hptmv][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\hptmv.sys><HighPoint Technologies, Inc.>
[hptpro / hptpro][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\hptpro.sys><HighPoint Technologies, Inc.>
[Intel Integrated RAID / iaStor][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\iaStor.sys><Intel Corporation>
[iirsp / iirsp][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\iirsp.sys><Intel Corp./ICP vortex GmbH>
[ini910u / ini910u][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\ini910u.sys><Microsoft Corporation>
[IntelIde / IntelIde][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\intelide.sys><N/A>
[ITERAID_Service_Install / iteraid][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\iteraid.sys><Integrated Technology Express, Inc.>
[LSI_FC / LSI_FC][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\lsi_fc.sys><LSI Logic>
[LSI_SAS / LSI_SAS][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\lsi_sas.sys><LSI Logic>
[LSI_SCSI / LSI_SCSI][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\lsi_scsi.sys><LSI Logic>
[m5228 / m5228][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\m5228.sys><ALi Corporation.>
[m5281 / m5281][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\m5281.sys><ALi Corporation>
[MegaIDE / MegaIDE][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\MegaIDE.sys><LSI Logic Corporation.>
[megasas / megasas][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\megasas.sys><LSI Logic Corporation>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\D:\工具\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs][Running/Auto Start]
  <\??\d:\工具\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[mraid2k / mraid2k][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\mraid2k.sys><American Megatrends, Inc.>
[mraid35x / mraid35x][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\mraid35x.sys><American Megatrends Inc.>
[nfrd960 / nfrd960][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\nfrd960.sys><IBM Corporation>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\D:\工具\TENCENT\npkcrypt.sys><INCA Internet Co., Ltd.>
[NTACCESS / NTACCESS][Stopped/Manual Start]
  <\??\J:\NTACCESS.sys><N/A>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Intel SCSI Controller / NvAtaBus][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\NVATABUS.SYS><NVIDIA Corporation>
[NVIDIA nForce(tm) RAID Class Driver / nvraid][Stopped/Boot Start]
  <\SystemRoot\system32\DRIVERS\nvraid.sys><NVIDIA Corporation>
[PNP649R / PNP649R][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\PNP649R.SYS><CMD Technology, Inc.>
[SiI 680 ATA Controller / Pnp680][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\pnp680.sys><Silicon Image, Inc.>
[Silicon Image SiI 0680 Medley Raid Controller / Pnp680r][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\pnp680r.sys><Silicon Image, Inc>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[ql1080 / ql1080][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\ql1080.sys><QLogic Corporation>
[Ql10wnt / Ql10wnt][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\ql10wnt.sys><Microsoft Corporation>
[ql12160 / ql12160][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\ql12160.sys><QLogic Corporation>
[ql1280 / ql1280][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\ql1280.sys><QLogic Corporation>
[QLogic Fibre Channel SCSI Miniport Driver / ql2300][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\ql2300.sys><QLogic Corporation>
[RAIDSRC / RAIDSRC][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\RAIDSRC.SYS><Intel/ICP>
[RsAntiSpyware / RsAntiSpyware][Stopped/Disabled]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[RsFwDrv / RsFwDrv][Running/Auto Start]
  <\??\D:\工具\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\D:\工具\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp][Running/Manual Start]
  <system32\DRIVERS\Rtnicxp.sys><Realtek Semiconductor Corporation>
[S150SX8 / S150SX8][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\S150SX8.SYS><Promise Technology, Inc.>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[SetupNTGLM7X / SetupNTGLM7X][Stopped/Manual Start]
  <\??\J:\NTGLM7X.sys><N/A>

[SiI-3512 SATALink Controller / SI3112][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\SI3112.sys><Silicon Image, Inc.>
[Silicon Image SiI 3512 SATARaid Controller / SI3112r][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\SI3112r.sys><Silicon Image, Inc>
[SiI-3114 SATALink Controller / SI3114][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\SI3114.sys><Silicon Image, Inc.>
[SiI-3114 SATARaid Controller / SI3114r][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\SI3114R.sys><Silicon Image, Inc>
[SiI-3124 SATALink Controller / SI3124][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\SI3124.sys><Silicon Image, Inc.>
[SiI-3124 SATARaid Controller / SI3124r][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\SI3124R.sys><Silicon Image, Inc>
[SATALink driver accelerator / SiFilter][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\SiWinAcc.sys><Silicon Image, Inc.>
[SISIDE / SISIDE][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\SISIDE.SYS><Silicon Integrated Systems Corp.>
[SiSRaid / SiSRaid][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\SiSRaid.sys><Silicon Integrated Systems>
[SiSRaid1 / SiSRaid1][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\SiSRaid1.sys><Silicon Integrated Systems>
[SISRAIDS / SISRAIDS][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\SISRAIDS.SYS><Silicon Integrated Systems Corp>
[Sparrow / Sparrow][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\sparrow.sys><Adaptec, Inc.>
[sptd / sptd][Running/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[sptrak / sptrak][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\sptrak.sys><Promise Technology, Inc.>
[symc810 / symc810][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\symc810.sys><Symbios Logic Inc.>
[symc8xx / symc8xx][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\symc8xx.sys><LSI Logic>
[SYMMPI / SYMMPI][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\SYMMPI.SYS><LSI Logic>
[sym_hi / sym_hi][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\sym_hi.sys><LSI Logic>
[sym_u3 / sym_u3][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\sym_u3.sys><LSI Logic>
[TosIde / TosIde][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\toside.sys><Microsoft Corporation>
[UlSata / UlSata][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\ulsata.sys><Promise Technology, Inc.>
[ULSATAS / ULSATAS][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\ULSATAS.SYS><Promise Technology, Inc.>
[ultra / ultra][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\ultra.sys><Promise Technology, Inc.>
[ViaIde / ViaIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\viaidexp.sys><VIA Technologies, Inc.>
[viamraid / viamraid][Stopped/Boot Start]
  <\SystemRoot\system32\DRIVERS\viamraid.sys><VIA Technologies inc,.ltd>
[VIA ATA/ATAPI Host Controller / viapdsk][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\viapdsk.sys><VIA Technologies, Inc.>
[viaraid / viaraid][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\viaraid.sys><VIA Technologies inc,.ltd>
[viasraid / viasraid][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\viasraid.sys><VIA Technologies inc,.ltd>
[vmscsi / vmscsi][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\vmscsi.sys><VMware, Inc.>
[VIA USB Host Controller Lower Filter / vulfnths][Stopped/Manual Start]
  <\SystemRoot\System32\Drivers\vulfnth.sys><VIA Technologies, Inc.>
[VIA USB Roothub Lower Filter / vulfntrs][Running/Manual Start]
  <\SystemRoot\System32\Drivers\vulfntr.sys><VIA Technologies, Inc.>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[XPROTECTOR / XPROTECTOR][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\Xprotector.sys><N/A>
[VICKEY 4 USB PC Camera / ZSMC0305][Running/Manual Start]
  <System32\Drivers\usbVM305.sys><Vimicro Corporation>
[KWatch3 / KWatch3][Running/Disabled]
  <\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>
[KNetWch / KNetWch][Running/]
  <2 - 系统找不到指定的文件。
><N/A>

==================================
浏览器加载项
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55} <, N/A>
[KAVIEHelper Class]
  {1B2F92A1-CDAF-4511-9382-91E3F5CE0880} <, N/A>
[BitComet Helper]
  {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <D:\工具\BitComet\tools\BitCometBHO_1.1.2.7.dll, BitComet>
[江民在线杀毒]
  {06926B30-424E-4f1c-8EE3-543CD96573DC} <http://online.jiangmin.com/online.asp, N/A>
[浩方对战平台]
  {0A155D3C-68E2-4215-A47A-E800A446447A} <E:\浩方对战平台\GameClient.exe, N/A>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <D:\工具\OFFICE~1\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[金山毒霸安全助手]
  {EF72500A-C234-46C4-BF0A-9AA6913DDF34} <C:\Program Files\KOS\KOSIEBar.DLL, N/A>
[CEditCtrl Object]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[CPasswordEditCtrl Object]
  {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
[金山毒霸在线产品升级]
  {E847C78C-C210-4195-8799-FBF3BF89797D} <C:\PROGRA~1\KOS\KOSInit.ocx, 金山软件股份有限公司>
[KvScanOnline Control]
  {EF6205C1-3F17-4829-BCB5-1336ED89E356} <C:\WINDOWS\system32\KvDown.ocx, dreamersoft>
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55} <, N/A>
[Web Browser Applet Control]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\msjava.dll, Microsoft Corporation>
[KAVIEHelper Class]
  {1B2F92A1-CDAF-4511-9382-91E3F5CE0880} <, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>

[金山毒霸安全助手-可疑文件扫描]
  {2EC585DF-A578-4A51-A66D-BB68460E6148} <C:\PROGRA~1\KOS\KOSTRO~1.OCX, 金山软件股份有限公司>
[Tabular Data Control]
  {333C7BC4-460F-11D0-BC04-0080C7055A83} <C:\WINDOWS\system32\tdc.ocx, Microsoft Corporation>
[BitComet Helper]
  {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <D:\工具\BitComet\tools\BitCometBHO_1.1.2.7.dll, BitComet>
[CEditCtrl Object]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Active Desktop Mover]
  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[AquaRealOcx Control]
  {7DB39A0D-580F-4BE9-9195-8BFCD226F6C2} <D:\工具\Fish\AquaReal.ocx, formosoft>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[RMGetLicense Class]
  {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[CPasswordEditCtrl Object]
  {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
[金山毒霸在线产品升级]
  {E847C78C-C210-4195-8799-FBF3BF89797D} <C:\PROGRA~1\KOS\KOSInit.ocx, 金山软件股份有限公司>
[金山毒霸安全助手]
  {EF72500A-C234-46C4-BF0A-9AA6913DDF34} <C:\Program Files\KOS\KOSIEBar.DLL, N/A>
[上传到QQ网络硬盘]
  <D:\工具\TENCENT\AddToNetDisk.htm, N/A>
[使用迅雷下载]
  <C:\Program Files\Thunder\geturl.htm, N/A>
[添加到QQ自定义面板]
  <D:\工具\TENCENT\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\工具\TENCENT\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\工具\TENCENT\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 636][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 708][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 732][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 780][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 792][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 952][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1016][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1132][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1176][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1240][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1768][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1880][d:\工具\rising\rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 70]
    [d:\工具\rising\rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 33]
    [d:\工具\rising\rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [d:\工具\rising\rfw\RfwCtrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [d:\工具\rising\rfw\RsXML.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 2]
    [d:\工具\rising\rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
[PID: 204][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE]  [Microsoft Corporation, 7.00.9466]
    [C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\2052\mdmui.dll]  [Microsoft Corporation, 7.00.9466]
[PID: 368][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5, 1, 0, 56]
[PID: 444][C:\Program Files\DAEMON Tools\daemon.exe]  [DT Soft Ltd., 4.03.0.0]
    [C:\Program Files\DAEMON Tools\daemon.dll]  [DT Soft Ltd., 4.03.0.0]
    [C:\Program Files\DAEMON Tools\PFCTOC.DLL]  [Padus(R), Inc., 1, 0, 0, 12]
    [C:\Program Files\DAEMON Tools\Plugins\Images\bw5mount.dll]  [, 1.0.6.0]
    [C:\Program Files\DAEMON Tools\Plugins\Images\ccdmount.dll]  [GENERIC, 1.10.0.0]
    [C:\Program Files\DAEMON Tools\Plugins\Images\mdsmount.dll]  [GENERIC, 1.12.0.0]
    [C:\Program Files\DAEMON Tools\Plugins\Images\nrgmount.dll]  [GENERIC, 1.11.0.0]
    [C:\Program Files\DAEMON Tools\Plugins\Images\pdimount.dll]  [GENERIC, 1.01.0.0]

[PID: 496][G:\☆系统工具及应用软件\拼音加加\jjbxb41a\jjbxb\jiajiabx.exe]  [加加工作组, 4, 1, 0, 47]
[PID: 564][C:\WINDOWS\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.8198]
[PID: 624][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 664][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 1600][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3200][D:\工具\TENCENT\QQ.exe]  [TENCENT, 0, 0, 0, 0]
    [D:\工具\TENCENT\QQBaseClassInDll.dll]  [, 1, 0, 0, 1]
    [D:\工具\TENCENT\QQHelperDll.dll]  [, 1, 0, 0, 1]
    [D:\工具\TENCENT\BasicCtrlDll.dll]  [Tencent, 6, 0, 200, 320]
    [D:\工具\TENCENT\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [D:\工具\TENCENT\RICHED32.DLL]  [Microsoft Corporation, 5.00.2134.1]
    [D:\工具\TENCENT\RICHED20.dll]  [Microsoft Corporation, 5.31.23.1218]
    [D:\工具\TENCENT\QQAPI.dll]  [, 1, 0, 0, 1]
    [D:\工具\TENCENT\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
    [D:\工具\TENCENT\LoginCtrl.dll]  [, 1, 0, 0, 1]
    [D:\工具\TENCENT\npkcntc.dll]  [INCA Internet Co., Ltd., 2006, 6, 27, 1]
    [D:\工具\TENCENT\npkpdb.dll]  [INCA Internet Co., Ltd., 2003, 10, 1, 1]
    [D:\工具\TENCENT\QQRes.dll]  [tencent, 1, 0, 0, 1]
    [D:\工具\TENCENT\QQMainFrame.dll]  [N/A, ]
    [D:\工具\TENCENT\CQQApplication.dll]  [N/A, ]
    [D:\工具\TENCENT\NewSkin.dll]  [, 1, 0, 0, 1]
    [D:\工具\TENCENT\HostingMgr.dll]  [, 1, 0, 0, 1]
    [D:\工具\TENCENT\CameraDll.dll]  [, 1, 0, 0, 1]
    [D:\工具\TENCENT\MailSummary.dll]  [, 1, 0, 0, 1]
    [D:\工具\TENCENT\QQKnowledgeSearch.dll]  [, 1, 0, 0, 1]
    [D:\工具\TENCENT\QQAllInOne.dll]  [N/A, ]
    [D:\工具\TENCENT\GroupLive.dll]  [N/A, ]
    [D:\工具\TENCENT\SCCore.dll]  [TENCENT, 2, 0, 0, 1]
    [D:\工具\TENCENT\gdiplus.dll]  [Microsoft Corporation, 5.1.3102.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\工具\TENCENT\QQSpace.dll]  [, 1, 0, 0, 1]
    [D:\工具\TENCENT\vbscript.dll]  [Microsoft Corporation, 5.6.0.7426]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [D:\工具\TENCENT\QQGroupMng.dll]  [, 1, 0, 0, 1]
    [D:\工具\TENCENT\FlashAvatarDll.dll]  [, 1, 4, 0, 1]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [D:\工具\TENCENT\QQAvatar.dll]  [N/A, ]
    [D:\工具\TENCENT\UserDefinedHead.dll]  [, 1, 0, 0, 1]
    [D:\工具\TENCENT\QQPlugin.dll]  [N/A, ]
    [D:\工具\TENCENT\QQConfigPlugin.dll]  [, 1, 0, 0, 1]
    [D:\工具\TENCENT\QRingMng.dll]  [N/A, ]
    [D:\工具\TENCENT\LongConnection.dll]  [tencent, 5, 0, 200, 160]
    [D:\工具\TENCENT\PhoneAPI.dll]  [, 1, 0, 0, 1]
    [D:\工具\TENCENT\DialerAllinOne.dll]  [tencent, 1, 4, 0, 0]
    [D:\工具\TENCENT\QQPet.dll]  [, 1, 0, 0, 1]
    [D:\工具\TENCENT\QQCustomFace.dll]  [N/A, ]
    [D:\工具\TENCENT\BQQApplication.dll]  [N/A, ]
    [D:\工具\TENCENT\PersonalDesktop.dll]  [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 2]
    [D:\工具\TENCENT\CommercesMng.dll]  [, 1, 0, 0, 1]
    [D:\工具\TENCENT\QQAddr.dll]  [深圳市腾讯计算机系统有限公司, 5, 0, 101, 271]
    [D:\工具\TENCENT\QQSceneMng.dll]  [N/A, ]
    [D:\工具\TENCENT\GroupConnection.dll]  [Tencent, 0, 3, 3, 5]
    [D:\工具\TENCENT\QQPhoneHelper.dll]  [腾讯科技（深圳）有限公司, 2, 1, 6, 60]
    [D:\工具\TENCENT\QQSysMsgMng.dll]  [N/A, ]
    [D:\工具\TENCENT\VqqModule.dll]  [, 1, 0, 0, 1]
    [D:\工具\TENCENT\VqqAllInOne.dll]  [Tencent, 1, 6, 0, 1]
    [D:\工具\TENCENT\InPlus.dll]  [Tencent, 1, 6, 0, 0]
    [D:\工具\TENCENT\tencent-proto1.dll]  [tencent, 1, 6, 0, 0]
    [D:\工具\TENCENT\tencent-comlib.dll]  [tencent, 1, 6, 0, 0]
    [D:\工具\TENCENT\tencent-proto2.dll]  [tencent, 1, 6, 0, 0]
    [D:\工具\TENCENT\ImageOle.dll]  [TODO: <Company name>, 1.0.0.1]
    [C:\WINDOWS\system32\JJBX.IME]  [加加工作组, 4, 1, 0, 47]
    [C:\WINDOWS\system32\msadp32.acm]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\工具\TENCENT\QQMagicFace.dll]  [, 1, 0, 0, 1]
    [D:\工具\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [D:\工具\TENCENT\QQZip.dll]  [tencent, 0, 3, 2, 4]
    [D:\工具\TENCENT\vqqset.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
[PID: 3332][D:\工具\TENCENT\TIMPlatform.exe]  [tencent, 0, 3, 1, 8]
    [D:\工具\TENCENT\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
[PID: 2276][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\JJBX.IME]  [加加工作组, 4, 1, 0, 47]
[PID: 3700][C:\WINDOWS\explorer.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\工具\Office2003\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\msadp32.acm]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [D:\工具\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Program Files\Picaview\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Picaview\msvcr71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\JJBX.IME]  [加加工作组, 4, 1, 0, 47]
    [D:\工具\金山毒霸\KAVEXT.DLL]  [Kingsoft Corporation, 2005, 8, 5, 16]
    [C:\Program Files\Picaview\PicaView.dll]  [ACD Systems, Ltd., 2, 0, 0, 84]
    [C:\Program Files\Picaview\IDE_ACDStd.apl]  [ACD Systems, Ltd., 3,2,62,0]
    [C:\Program Files\KOS\MFC42.DLL]  [Microsoft Corporation, 6.02.4131.0]
    [C:\Program Files\KOS\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
    [C:\WINDOWS\system32\mscoree.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Shfusion.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Fusion.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\culture.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\zh-CHS\ShFusRes.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\TEMP\LgSy0.dll]  [N/A, ]
    [C:\WINDOWS\TEMP\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS\TEMP\Msxo0.dll]  [N/A, ]
    [C:\WINDOWS\TEMP\Gjzo0.dll]  [N/A, ]
    [C:\WINDOWS\TEMP\Rav20.dll]  [N/A, ]
    [C:\WINDOWS\TEMP\LgSy1.dll]  [N/A, ]

[PID: 344][G:\☆系统工具及应用软件\QQPetNurse\QQPetNurse.exe]  [永恒E网, 2.2.0.1]
    [C:\WINDOWS\system32\ESPI11.dll]  [DYWT, 1, 1, 0, 0]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1844][D:\工具\TENCENT\qqpet\qqpet.exe]  [腾讯公司, 2, 54, 101, 7]
    [D:\工具\TENCENT\qqpet\Pnet.dll]  [N/A, ]
    [C:\WINDOWS\system32\odbcbcp.dll]  [Microsoft Corporation, 2000.085.1117.00 (xpsp_sp2_rtm.040803-2158)]
    [D:\工具\TENCENT\qqpet\QQPetResDownload.dll]  [, 6, 1, 101, 1]
    [D:\工具\TENCENT\qqpet\QQPetCommunity.dll]  [, 6, 3, 103, 1]
    [C:\WINDOWS\system32\ESPI11.dll]  [DYWT, 1, 1, 0, 0]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 2472][D:\工具\GoSuRF2\gsfbwsr.exe]  [mmjd.com, 2.75.611.7563]
    [D:\工具\GoSuRF2\Resources\Themes\pictures.theme]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\msadp32.acm]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\ESPI11.dll]  [DYWT, 1, 1, 0, 0]
    [C:\WINDOWS\system32\JJBX.IME]  [加加工作组, 4, 1, 0, 47]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\WINDOWS\system32\xpsp3res.dll]  [Microsoft Corporation, 5.1.2600.3059 (xpsp_sp2_gdr.070104-0050)]
    [C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL]  [Microsoft Corporation, 11.0.5510]
    [C:\Program Files\Thunder\xunleibho_v13.dll]  [Thunder Networking Technologies,LTD, 4, 6, 0, 48]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[PID: 3868][D:\工具\PPLive\PPLive.exe]  [N/A, ]
    [D:\工具\PPLive\UI.DLL]  [, 1, 6, 0, 1]
    [D:\工具\PPLive\common.dll]  [, 1, 0, 0, 1]
    [D:\工具\PPLive\NetTools.dll]  [, 1.0.0.2]
    [D:\工具\PPLive\SYNACA~1.OCX]  [, 1, 6, 18, 0]
    [D:\工具\PPLive\ETS.DLL]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\ESPI11.dll]  [DYWT, 1, 1, 0, 0]
    [D:\工具\PPLive\SYNACA~2.OCX]  [Synacast, 1, 6, 0, 7]
    [D:\工具\PPLive\PPK.DLL]  [N/A, ]
    [D:\工具\PPLive\FWUpnp.dll]  [N/A, ]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
[PID: 2536][D:\工具\PPLive\PPLive.exe]  [N/A, ]
    [D:\工具\PPLive\MngModule.dll]  [, 1, 0, 0, 2]
[PID: 3736][C:\Program Files\Thunder\Thunder.exe]  [Thunder Networking Technologies,LTD, 5.1.2.166]
    [C:\Program Files\Thunder\UpdateDownload.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
    [C:\Program Files\Thunder\download_interface.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 57]
    [C:\Program Files\Thunder\log4cplus.dll]  [, 1, 0, 2, 1]
    [C:\Program Files\Thunder\stlport_vc646.dll]  [STLport Consulting, Inc., 4.6.2003.1031]
    [C:\Program Files\Thunder\msgmanage.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 13]
    [C:\Program Files\Thunder\historyinfo_manage.dll]  [Thunder Networking Technologies,LTD, 5, 2, 0, 148]
    [C:\Program Files\Thunder\iEmbed.dll]  [Thunder Networking Technologies,LTD, 1, 0, 1, 14]
    [C:\Program Files\Thunder\RegisterDll.dll]  [Thunder Networking Technologies,LTD, 1, 2, 0, 6]
    [C:\Program Files\Thunder\FloatBar.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
    [C:\WINDOWS\system32\ESPI11.dll]  [DYWT, 1, 1, 0, 0]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[PID: 4004][G:\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\WINDOWS\system32\ESPI11.dll]  [DYWT, 1, 1, 0, 0]
    [C:\WINDOWS\TEMP\LgSy1.dll]  [N/A, ]
    [C:\WINDOWS\TEMP\Rav20.dll]  [N/A, ]
    [C:\WINDOWS\TEMP\Gjzo0.dll]  [N/A, ]
    [C:\WINDOWS\TEMP\Msxo0.dll]  [N/A, ]
    [C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS\TEMP\LgSy0.dll]  [N/A, ]
[PID: 1716][C:\program files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\工具\BitComet\tools\BitCometBHO_1.1.2.7.dll]  [BitComet, 20070207]
    [C:\WINDOWS\system32\ESPI11.dll]  [DYWT, 1, 1, 0, 0]
    [D:\工具\Office2003\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
[PID: 2068][C:\WINDOWS\system32\notepad.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 412][C:\program files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\工具\BitComet\tools\BitCometBHO_1.1.2.7.dll]  [BitComet, 20070207]
    [C:\WINDOWS\system32\ESPI11.dll]  [DYWT, 1, 1, 0, 0]
    [D:\工具\Office2003\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. [Compiled Help Module]
.HLP  Error. [winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
MSAFD Tcpip [TCP/IP]
    C:\WINDOWS\system32\ESPI11.dll(DYWT, ESPI)
MSAFD Tcpip [UDP/IP]
    C:\WINDOWS\system32\ESPI11.dll(DYWT, ESPI)
MSAFD Tcpip [RAW/IP]
    C:\WINDOWS\system32\ESPI11.dll(DYWT, ESPI)
RSVP UDP Service Provider
    C:\WINDOWS\system32\ESPI11.dll(DYWT, ESPI)
RSVP TCP Service Provider
    C:\WINDOWS\system32\ESPI11.dll(DYWT, ESPI)

==================================
Autorun.inf
[D:\]
[autorun]
icon=Woa05.ico
[E:\]
[autorun]
ICON=game.ICO
[F:\]
[autorun]
ICON=FauxS-55.ico
[G:\]
[autorun]
ICON=Control_panel.ico

==================================
HOSTS 文件
127.0.0.1      localhost
127.0.0.1      mmm.caifu18.net
127.0.0.1      www.18dmm.com
127.0.0.1      d.qbbd.com
127.0.0.1      www.5117music.com
127.0.0.1      www.union123.com
127.0.0.1      www.wu7x.cn
127.0.0.1      www.54699.com
127.0.0.1      60.169.0.66
127.0.0.1      60.169.1.29
127.0.0.1      www.97725.com
127.0.0.1      down.97725.com
127.0.0.1      ip.315hack.com
127.0.0.1      ip.54liumang.com
127.0.0.1      www.41ip.com
127.0.0.1      xulao.com
127.0.0.1      www.heixiou.com
127.0.0.1      www.9cyy.com
127.0.0.1      www.hunll.com
127.0.0.1      www.down.hunll.com
127.0.0.1      do.77276.com
127.0.0.1      www.baidulink.com
127.0.0.1      adnx.yygou.cn
127.0.0.1      222.73.220.45
127.0.0.1      www.f5game.com
127.0.0.1      www.guazhan.cn
127.0.0.1      wm,103715.com
127.0.0.1      www.my6688.cn
127.0.0.1      i.96981.com
127.0.0.1      d.77276.com
127.0.0.1      www1.cw988.cn
127.0.0.1      cool.47555.com
127.0.0.1      www.asdwc.com
127.0.0.1      55880.cn

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

好长的日志啊...论坛里有教怎么看日志的帖子吗？在哪个版块？我自己也学着看看