紧急求助

显示全部楼层 · 发表于 2007-10-9 16:29:30

今天上午，同事的机器发现中毒，我用u盘拷了一杀毒软件给他。几分钟后，发现我的也中毒了。
症状：1、打开任务管理器，很快自动关闭。
      2、打开命令提示符，很快关闭
      3、用运行功能，注册表、msconfig等都自动关闭，
      4、用冰刃查看，每个盘目录下都有autorun.inf和用户名.vbs
      5、找了几个专杀工具，都没有杀掉。
请各位大侠帮忙，俺是菜鸟，讲解越清晰越好。

估计这病毒得手动清除才能彻底吧。

谢谢各位了。再次感谢。
我把用冰刃查看的进程和文件发上来
启动组：
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
BluetoothAuthenticationAgent
rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
IMSCMig
C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
kis
"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
PCSuiteTrayApplication
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
pyjj
D:\jiajia\jj4\jjsvr4.exe
C:\Documents and Settings\All Users\「开始」菜单\程序\启动
desktop.ini

C:\Documents and Settings\i\「开始」菜单\程序\启动
desktop.ini

内核模块：
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\System32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
compbatt.sys
\WINDOWS\System32\DRIVERS\BATTC.SYS
aliide.sys
\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
pcmcia.sys
MountMgr.sys
ftdisk.sys
ACPIEC.sys
\WINDOWS\System32\DRIVERS\OPRGHDLR.SYS
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
sr.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
Mup.sys
kl1.sys
\WINDOWS\system32\drivers\TDI.SYS
atisgkaf.sys
\SystemRoot\System32\DRIVERS\intelppm.sys
\SystemRoot\System32\DRIVERS\ati2mtag.sys
\SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\usbohci.sys
\SystemRoot\System32\DRIVERS\USBPORT.SYS
\SystemRoot\System32\DRIVERS\AGRSM.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\drivers\smwdm.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\aeaudio.sys
\SystemRoot\System32\DRIVERS\i8042prt.sys
\SystemRoot\System32\DRIVERS\kbdclass.sys
\SystemRoot\System32\DRIVERS\tp4track.sys
\SystemRoot\System32\DRIVERS\mouclass.sys
\SystemRoot\System32\DRIVERS\parport.sys
\SystemRoot\System32\DRIVERS\CmBatt.sys
\SystemRoot\System32\DRIVERS\ibmpmdrv.sys
\SystemRoot\System32\DRIVERS\b57xp32.sys
\SystemRoot\System32\DRIVERS\cdrom.sys
\SystemRoot\System32\DRIVERS\redbook.sys
\SystemRoot\System32\DRIVERS\fsvga.sys
\SystemRoot\System32\DRIVERS\audstub.sys
\SystemRoot\System32\DRIVERS\rasl2tp.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\DRIVERS\ndiswan.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\raspptp.sys
\SystemRoot\System32\DRIVERS\psched.sys
\SystemRoot\System32\DRIVERS\msgpc.sys
\SystemRoot\System32\DRIVERS\ptilink.sys
\SystemRoot\System32\DRIVERS\raspti.sys
\SystemRoot\System32\DRIVERS\termdd.sys
\SystemRoot\System32\DRIVERS\swenum.sys
\SystemRoot\System32\DRIVERS\update.sys
\SystemRoot\System32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\DRIVERS\usbhub.sys
\SystemRoot\System32\DRIVERS\USBD.SYS
\??\C:\WINDOWS\system32\drivers\PnpWmkDrv.sys
\SystemRoot\System32\Drivers\i2omgmt.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\System32\DRIVERS\ipsec.sys
\SystemRoot\System32\DRIVERS\tcpip.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbios.sys
\??\C:\WINDOWS\system32\drivers\WmTimeProDrv.sys
\SystemRoot\System32\drivers\TSMAPIP.SYS
\SystemRoot\System32\drivers\Tppwr.sys
\SystemRoot\System32\Drivers\TPHKDRV.SYS
\SystemRoot\System32\drivers\TDSMAPI.SYS
\SystemRoot\System32\drivers\Smapint.sys
\SystemRoot\System32\DRIVERS\rdbss.sys
\SystemRoot\System32\DRIVERS\mrxsmb.sys
\??\C:\WINDOWS\system32\drivers\klif.sys
\SystemRoot\System32\drivers\IBMBLDID.SYS
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\DRIVERS\ipnat.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\System32\DRIVERS\hidusb.sys
\SystemRoot\System32\DRIVERS\HIDCLASS.SYS
\SystemRoot\System32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati3d1ag.dll
\SystemRoot\System32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\??\C:\WINDOWS\system32\drivers\Apaidi.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\WINDOWS\system32\drivers\PMEMNT.SYS
\SystemRoot\system32\drivers\kmixer.sys
\SystemRoot\System32\Drivers\IsDrv122.sys
\WINDOWS\system32\ntdll.dll
进程：
System Idle Process
System
C:\Program Files\Common Files\Sogou PXP\p2psvr.exe
C:\WINDOWS\system32\wscript.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
D:\jiajia\jj4\jjsvr4.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\QCONSVC.EXE
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\完美卸~1\PnpWMmng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\alg.exe
E:\DownLoads\IceSword122cn\IceSword.exe
D:\soft\QQ\QQ.exe
D:\soft\QQ\TIMPlatform.exe

[ 本帖最后由 pink0z 于 2007-10-9 16:31 编辑 ]

显示全部楼层 · 发表于 2007-10-9 16:33:30

http://www2.usbcleaner.cn/download.htm  http://www.onlinedown.net/soft/57679.htm  U盘病毒专杀工具-USBCleaner
http://down.www.kingsoft.com/db/download/othertools/DubaTool_AV_Killer2.COM

http://www.arswp.com/download/arswp2/arswp2.zip  Windows清理助手升级下载到桌面到查一下。
System Repair Engineer2.5(SREng)或者System Repair Engineer2.5(SREng)下载System Repair Engineer2.5扫描日志上来.
如果不能运行将下载的SREngPS.EXE重命名为SREngPS.com(SREngPS.scr\SREngPS.bat\SREngPS.pif)或者改名为11BD.abc等等自己随便改运行.
sreng——智能扫描——扫描——保存日志——打开日志记事本SREngLOG——Ctrl+A——Ctrl+C——到论坛回复——Ctrl+V。

[ 本帖最后由风雪于 2007-10-9 16:37 编辑 ]

显示全部楼层 · 发表于 2007-10-9 17:13:36

[CODE]
2007-10-09,17:09:11
System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)
Windows XP Home Edition Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<pyjj><D:\jiajia\jj4\jjsvr4.exe>  [加加开发组]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><C:\WINDOWS\system32\i.vbs>  []
<run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<BluetoothAuthenticationAgent><rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent>  [(Verified)Microsoft Windows Publisher]
<IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
<kis><"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe">  [Kaspersky Lab]
<PCSuiteTrayApplication><C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup>  [Nokia]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{798977F1-34FC-4DDD-AF6D-1B5C196B4EB4}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\System6.ins>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
<WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll>  [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
<WinlogonNotify: WgaLogon><WgaLogon.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\WINDOWS\迪斯尼~1.SCR>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<AGRSMMSG><; AGRSMMSG.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<ATIModeChange><; Ati2mdxx.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<ATIPTA><; C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe>  [ATI Technologies, Inc.]
<BCONSET><; regedit /s "C:\Program Files\ThinkPad\ConnectUtilities\bconprof.reg">  [N/A]
<BigDogPath><; C:\WINDOWS\VM_STI.EXE PHILIPS PC Camera>  [N/A]
<BMMGAG><; RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor>  [IBM Corp.]
<BMMLREF><; C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE>  []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><; C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<EZEJMNAP><; C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe>  [IBM Corp.]
<ibmmessages><; C:\Program Files\IBM\Messages By IBM\ibmmessages.exe>  [IBM]
<IMEKRMIG6.1><; C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE>  [(Verified)Microsoft Windows Publisher]
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
<IMSCMig><; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<MsnMsgr><; "C:\Program Files\MSN Messenger\msnmsgr.exe" /background>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<MSPY2002><; C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<Nokia.PCSync><; C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog>  [Time Information Services Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<PCSuiteTrayApplication><; C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup>  [Nokia]
<PHIME2002A><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
<PHIME2002ASync><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<Picasa Media Detector><; C:\Program Files\Picasa2\PicasaMediaDetector.exe>  [(Verified)Google Inc.]
<pyjj><; D:\jiajia\jj4\jjsvr4.exe>  [加加开发组]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<QCWLICON><; C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE>  []
<REGSHAVE><; C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN>  [FUJI PHOTO FILM CO., LTD.]
<S3TRAY2><; S3Tray2.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher, E=""]
<Storm2Set><; >  [N/A]
<tgcmd><; "C:\Program Files\Support.com\bin\tgcmd.exe" /server>  [N/A]
<TkBellExe><; "realsched.exe"  -osboot>  [N/A]
<TP4EX><; tp4ex.exe>  [IBM Corporation]
<TPHOTKEY><; C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe>  []
<TPKMAPMN><; C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe>  []
<TrackPointSrv><; tp4serv.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<WangWang><; "D:\小软件\WangWang\WangWang.EXE">  [阿里巴巴软件（上海）有限公司]

显示全部楼层 · 发表于 2007-10-9 17:14:04

==================================
启动文件夹
N/A

==================================
服务
[Application Management / AppMgmt][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
  <C:\WINDOWS\System32\Ati2evxx.exe><>
[卡巴斯基互联网安全套装 6.0 / AVP][Running/Auto Start]
  <"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r><Kaspersky Lab>
[Google Updater Service / gusvc][Stopped/Manual Start]
  <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[IBM PM Service / IBMPMSVC][Running/Auto Start]
  <C:\WINDOWS\System32\ibmpmsvc.exe><N/A>
[P4P Service / P4P Service][Running/Auto Start]
  <C:\Program Files\Common Files\Sogou PXP\p2psvr.exe><Sohu.com Inc.>
[PACSPTISVR / PACSPTISVR][Stopped/Manual Start]
  <C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe><Sony Corporation>
[PnpWMmng / PnpWMmng][Running/Auto Start]
  <C:\PROGRA~1\完美卸~1\PnpWMmng.exe><完美卸载>
[QCONSVC / QCONSVC][Running/Auto Start]
  <System32\QCONSVC.EXE><N/A>
[ServiceLayer / ServiceLayer][Stopped/Manual Start]
  <"C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"><Nokia.>
[Sony SPTI Service / SPTISRV][Stopped/Manual Start]
  <C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe><Sony Corporation>

==================================
驱动程序
[abp480n5 / abp480n5][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\ABP480N5.SYS><Microsoft Corporation>
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[adpu160m / adpu160m][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\adpu160m.sys><Microsoft Corporation>
[aeaudio / aeaudio][Running/Manual Start]
  <system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[Agere Systems Soft Modem / AgereSoftModem][Running/Manual Start]
  <System32\DRIVERS\AGRSM.sys><Agere Systems>
[Aha154x / Aha154x][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\aha154x.sys><Microsoft Corporation>
[aic78u2 / aic78u2][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\aic78u2.sys><Microsoft Corporation>
[aic78xx / aic78xx][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\aic78xx.sys><Microsoft Corporation>
[AliIde / AliIde][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD AGP Bus Filter Driver / amdagp][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\amdagp.sys><Advanced Micro Devices, Inc.>
[Apaidi / Apaidi][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\Apaidi.sys><N/A>
[asc / asc][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\asc.sys><Advanced System Products, Inc.>
[asc3350p / asc3350p][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\asc3350p.sys><Microsoft Corporation>
[asc3550 / asc3550][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\asc3550.sys><Advanced System Products, Inc.>
[ati2mtag / ati2mtag][Running/Manual Start]
  <System32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Broadcom NetXtreme Fast Ethernet / b57w2k][Running/Manual Start]
  <System32\DRIVERS\b57xp32.sys><Broadcom Corporation>
[ATI Cabo AGP Filter / caboagp][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\atisgkaf.sys><ATI Technologies Inc.>
[cd20xrnt / cd20xrnt][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\cd20xrnt.sys><Microsoft Corporation>
[CmdIde / CmdIde][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[dac2w2k / dac2w2k][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\dac2w2k.sys><Mylex Corporation>
[dpti2o / dpti2o][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\dpti2o.sys><Microsoft Corporation>
[Intel(R) PRO Adapter Driver / E100B][Stopped/Manual Start]
  <System32\DRIVERS\e100b325.sys><Intel Corporation>
[FinePix Digital Camera 020523 / FINEPIX_PCC][Stopped/Manual Start]
  <System32\Drivers\V4CB0115.SYS><FUJI PHOTO FILM CO.,LTD.>
[IBMPMDRV / IBMPMDRV][Running/Manual Start]
  <System32\DRIVERS\ibmpmdrv.sys><IBM Corp.>
[IBMTPCHK / IBMTPCHK][Running/System Start]
  <System32\drivers\IBMBLDID.SYS><N/A>
[ini910u / ini910u][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\ini910u.sys><Microsoft Corporation>
[kl1 / kl1][Running/Boot Start]
  <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[Lucent Technologies Soft Modem / LucentSoftModem][Stopped/Manual Start]
  <System32\DRIVERS\LTSM.sys><Lucent Technologies>
[mraid35x / mraid35x][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\mraid35x.sys><American Megatrends Inc.>
[Nokia USB Phone Parent / nmwcd][Stopped/Manual Start]
  <system32\drivers\nmwcd.sys><Nokia>
[Nokia USB Generic / nmwcdc][Stopped/Manual Start]
  <system32\drivers\nmwcdc.sys><Nokia>
[Nokia USB Modem / nmwcdcm][Stopped/Manual Start]
  <system32\drivers\nmwcdcm.sys><Nokia>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
  <system32\drivers\npf.sys><Politecnico di Torino>
[npkcrypt / npkcrypt][Stopped/Auto Start]
  <\??\D:\soft\QQ\npkcrypt.sys><N/A>
[NSC Infrared Device Driver / NSCIRDA][Stopped/Manual Start]
  <System32\DRIVERS\nscirda.sys><National Semiconductor Corporation>
[PMEM / PMEM][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\PMEMNT.SYS><Microsoft Corporation>
[PnpWmkDrv / PnpWmkDrv][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\PnpWmkDrv.sys><Windows (R) 2000 DDK provider>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[ql1080 / ql1080][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\ql1080.sys><QLogic Corporation>
[Ql10wnt / Ql10wnt][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\ql10wnt.sys><Microsoft Corporation>
[ql12160 / ql12160][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\ql12160.sys><QLogic Corporation>
[ql1280 / ql1280][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\ql1280.sys><QLogic Corporation>
[S3SSavage / S3SSavage][Stopped/Manual Start]
  <System32\DRIVERS\s3ssavm.sys><S3 Graphics, Inc.>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[SIS AGP Bus Filter / sisagp][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\sisagp.sys><Silicon Integrated Systems Corporation>
[Smapint / Smapint][Running/System Start]
  <System32\drivers\Smapint.sys><Microsoft Corporation>
[smwdm / smwdm][Running/Manual Start]
  <system32\drivers\smwdm.sys><Analog Devices, Inc.>
[Sparrow / Sparrow][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\sparrow.sys><Adaptec, Inc.>
[Samsung Mobile USB Device II 1.0 driver (WDM) / ssm_bus][Stopped/Manual Start]
  <system32\DRIVERS\ssm_bus.sys><MCCI>
[Samsung Mobile USB Modem II 1.0 Filter / ssm_mdfl][Stopped/Manual Start]
  <system32\DRIVERS\ssm_mdfl.sys><MCCI>
[Samsung Mobile USB Modem II 1.0 Drivers / ssm_mdm][Stopped/Manual Start]
  <system32\DRIVERS\ssm_mdm.sys><MCCI>
[Samsung Mobile USB Device 1.0 driver (WDM) / ss_bus][Stopped/Manual Start]
  <system32\DRIVERS\ss_bus.sys><MCCI>
[SAMSUNG Mobile USB Modem 1.0 Filter / ss_mdfl][Stopped/Manual Start]
  <system32\DRIVERS\ss_mdfl.sys><MCCI>
[SAMSUNG Mobile USB Modem 1.0 Drivers / ss_mdm][Stopped/Manual Start]
  <system32\DRIVERS\ss_mdm.sys><MCCI>
[symc810 / symc810][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\symc810.sys><Symbios Logic Inc.>
[symc8xx / symc8xx][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\symc8xx.sys><LSI Logic>
[sym_hi / sym_hi][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\sym_hi.sys><LSI Logic>
[sym_u3 / sym_u3][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\sym_u3.sys><LSI Logic>
[TDSMAPI / TDSMAPI][Running/System Start]
  <System32\drivers\TDSMAPI.SYS><N/A>
[TosIde / TosIde][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\toside.sys><Microsoft Corporation>
[IBM PS/2 TrackPoint Driver / Tp4Track][Running/Manual Start]
  <System32\DRIVERS\tp4track.sys><IBM Corporation>
[TPPWR / TPPWR][Running/System Start]
  <System32\drivers\Tppwr.sys><IBM Corp.>
[TSMAPIP / TSMAPIP][Running/System Start]
  <System32\drivers\TSMAPIP.SYS><N/A>
[IBM PS/2 TrackPoint Filter Driver / TwoTrack][Stopped/Manual Start]
  <System32\DRIVERS\TwoTrack.sys><IBM Corporation>
[ultra / ultra][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\ultra.sys><Promise Technology, Inc.>
[ViaIde / ViaIde][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\viaide.sys><Microsoft Corporation>
[WmTimeProDrv / WmTimeProDrv][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\WmTimeProDrv.sys><N/A>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <System32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[PHILIPS PC Camera / ZSMC301b][Stopped/Manual Start]
  <System32\Drivers\usbVM31b.sys><VM>

显示全部楼层 · 发表于 2007-10-9 17:14:27

浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <D:\soft\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[BitComet Helper]
  {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll, BitComet>
[VnetCookie Class]
  {4E83D567-4697-4F7B-B1F0-A513B01DB89A} <c:\PROGRA~1\chinanet\VNETTR~1.DLL, >
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\soft\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <D:\soft\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[Web反病毒保护]
  {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll, Kaspersky Lab>
[BitComet Button]
  {461CC20B-FB6E-4f16-8FE8-C29359DB100E} <C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll, BitComet>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\soft\QQ\QQ.EXE, TENCENT>
[FlashGet]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <D:\soft\FLASHGET\flashget.exe, N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <D:\soft\FLASHGET\fgiebar.dll, Amaze Soft>
[MMCPlayer Class]
  {05C1004E-2596-48E5-8E26-39362985EEB9} <C:\Program Files\Sogou PXP\MMCShell.dll, Sohu.com Inc.>
[Windows Live Photo Upload Control]
  {7FC1B346-83E6-4774-8D20-1A6B09B0E737} <C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MsnPUpld.dll, Microsoft? Corporation>
[AxSubmitControl Class]
  {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\DOWNLO~1\SUBMIT~1.DLL, >
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>
[KvScanOnline Control]
  {EF6205C1-3F17-4829-BCB5-1336ED89E356} <C:\WINDOWS\System32\KvDown.ocx, dreamersoft>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <D:\soft\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Web Browser Applet Control]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\System32\msjava.dll, Microsoft Corporation>
[iTrusPTA Class]
  {1E0DFFCF-27FF-4574-849B-55007349FEDA} <C:\WINDOWS\system32\aliedit\pta.dll, >
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\System32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[BitComet Helper]
  {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll, BitComet>
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, >
[VnetCookie Class]
  {4E83D567-4697-4F7B-B1F0-A513B01DB89A} <c:\PROGRA~1\chinanet\VNETTR~1.DLL, >
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[WangWangObj Class]
  {6E213FC7-DD5A-4115-B7E6-D4C7838C361E} <D:\小软件\WangWang\WangWangX4.dll, 阿里软件（中国）有限公司>
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, >
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\System32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\soft\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[AxSubmitControl Class]
  {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\DOWNLO~1\SUBMIT~1.DLL, >
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\System32\shdocvw.dll, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <D:\soft\FLASHGET\fgiebar.dll, Amaze Soft>
[&使用BitComet下载]
  <res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm, N/A>
[&使用BitComet下载全部链接]
  <res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm, N/A>
[&使用BitComet下载本页视频]
  <res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm, N/A>
[使用网际快车下载]
  <D:\soft\FLASHGET\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <D:\soft\FLASHGET\jc_all.htm, N/A>
[使用迅雷下载]
  <D:\soft\Thunder\Program\GetUrl.htm, N/A>
[使用迅雷下载全部链接]
  <D:\soft\Thunder\Program\GetAllUrl.htm, N/A>

显示全部楼层 · 发表于 2007-10-9 17:15:17

正在运行的进程
[PID: 620 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 680 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 704 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\klogon.dll]  [Kaspersky Lab, 6.0.0.299]
[C:\WINDOWS\system32\WgaLogon.dll]  [Microsoft Corporation, 1.7.0018.5]
[C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 748 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 760 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 920 / SYSTEM][C:\WINDOWS\System32\ibmpmsvc.exe]  [N/A, ]
[PID: 976 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1068 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1152 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
[PID: 1236 / SYSTEM][C:\PROGRA~1\完美卸~1\PnpWMmng.exe]  [完美卸载, 5.1.2600.2937 ]
[PID: 1272 / NETWORK SERVICE][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1368 / LOCAL SERVICE][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
[PID: 1484 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\mdimon.dll]  [Microsoft Corporation, 11.3.1897.0]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll]  [Microsoft Corporation, 11.3.1897.0]
[PID: 1724 / i][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
[C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\shellex.dll]  [Kaspersky Lab, 6.0.0.299]
[D:\soft\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.15]
[D:\soft\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 18]
[D:\soft\Thunder\Components\ResWorker\DsBho_00.dll]  [, 1, 0, 0, 11]
[D:\soft\Thunder\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 12]
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
[C:\WINDOWS\system32\Audiodev.dll]  [Microsoft Corporation, 5.2.3790.3646 built by: DNSRV(bld4act)]
[C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll]  [Nokia, 6, 83, 74, 9]
[C:\Program Files\Nokia\Nokia PC Suite 6\PCSCM.dll]  [Nokia, 6, 83, 92, 11]
[C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_chi-sc.nlr]  [Nokia, 6, 83, 47, 1]
[C:\Program Files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr]  [Nokia, 6, 83, 15, 1]
[PID: 1848 / SYSTEM][C:\WINDOWS\System32\Ati2evxx.exe]  [, ]
[PID: 156 / SYSTEM][C:\Program Files\Common Files\Sogou PXP\p2psvr.exe]  [Sohu.com Inc., 2, 0, 0, 32]
[C:\Program Files\Sogou PXP\vodsvr.dll]  [Sohu.com Inc., 3, 0, 0, 35]
[C:\Program Files\Sogou PXP\pxpnet.dll]  [Sohu.com Inc., 2, 0, 0, 18]
[C:\Program Files\Sogou PXP\p2pclient.dll]  [Sohu.com Inc., 2, 9, 1, 20]
[PID: 204 / i][C:\WINDOWS\System32\WScript.exe]  [Microsoft Corporation, 5.6.0.8820]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\klscav.dll]  [Kaspersky Lab, 6.0.0.299]
[PID: 288 / i][D:\jiajia\jj4\jjsvr4.exe]  [加加开发组, 4.0.0.19]
[PID: 488 / SYSTEM][C:\WINDOWS\System32\QCONSVC.EXE]  [N/A, ]
[PID: 648 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1012 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: DNSRV(bld4act)]
[PID: 2480 / NETWORK SERVICE][C:\WINDOWS\System32\wbem\wmiprvse.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2548 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3776 / i][D:\soft\QQ\QQ.exe]  [TENCENT, 7,0,365,1701]
[D:\soft\QQ\CoralAssist.dll]  [Coral Team, 5.0.0 build 20060829]
[D:\soft\QQ\CoralQQ.dll]  [Coral Team, 5.0.2 Build 20070716]
[D:\soft\QQ\kql.dll]  [Coral Team, 5.0.2 build 20070703]
[D:\soft\QQ\mfc42.dll]  [Microsoft Corporation, 6.00.8665.0]
[D:\soft\QQ\ipsearcher.dll]  [, 1.0.0.5]
[D:\soft\QQ\QQBaseClassInDll.dll]  [TENCENT, 7,0,365,1701]
[D:\soft\QQ\QQHelperDll.dll]  [TENCENT, 7,0,365,1701]
[D:\soft\QQ\BasicCtrlDll.dll]  [TENCENT, 7,0,365,1701]
[D:\soft\QQ\NoDisturbFilter.cqx]  [Coral Team, 1.0]
[D:\soft\QQ\ConfigHotkey.cqx]  [Coral Team, 1.0]
[D:\soft\QQ\RICHED32.DLL]  [Microsoft Corporation, 5.00.2134.1]
[D:\soft\QQ\RICHED20.dll]  [Microsoft Corporation, 5.31.23.1218]
[D:\soft\QQ\QQAPI.dll]  [TENCENT, 7,0,365,1701]
[D:\soft\QQ\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
[D:\soft\QQ\AutoReconnect.cqx]  [Coral Team, 1.0.0]
[D:\soft\QQ\LoginCtrl.dll]  [TENCENT, 7,0,365,1701]
[D:\soft\QQ\LoginCtrlRes.dll]  [TENCENT, 7,0,365,1701]
[D:\soft\QQ\QQRes.dll]  [TENCENT, 7,0,365,1701]
[D:\soft\QQ\QQMainFrame.dll]  [N/A, ]
[D:\soft\QQ\gdiplus.dll]  [Microsoft Corporation, 5.1.3102.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\soft\QQ\CQQApplication.dll]  [N/A, ]
[D:\soft\QQ\FlashAvatarDll.dll]  [, 1, 4, 0, 1]
[D:\soft\QQ\NewSkin.dll]  [TENCENT, 7,0,365,1701]
[D:\soft\QQ\HostingMgr.dll]  [TENCENT, 7,0,365,1701]
[D:\soft\QQ\CameraDll.dll]  [TENCENT, 7,0,365,1701]
[D:\soft\QQ\MailSummary.dll]  [TENCENT, 7,0,365,1701]
[D:\soft\QQ\CoralHotkey.cqx]  [Coral Team, 1.0]
[D:\soft\QQ\QQKnowledgeSearch.dll]  [TENCENT, 7,0,365,1701]
[C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\msadp32.acm]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\soft\QQ\QQAllInOne.dll]  [TENCENT, 7,0,365,1701]
[D:\soft\QQ\SCCore.dll]  [TENCENT, 1, 6, 0, 2]
[D:\soft\QQ\QQSpace.dll]  [TENCENT, 7,0,365,1701]
[D:\soft\QQ\vbscript.dll]  [Microsoft Corporation, 5.6.0.7426]
[C:\WINDOWS\system32\msdmo.dll]  [, ]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
[D:\soft\QQ\QQGroupMng.dll]  [TENCENT, 7,0,365,1701]
[D:\soft\QQ\QQSysMsgMng.dll]  [N/A, ]
[D:\soft\QQ\LongConnection.dll]  [TENCENT, 7,0,365,1701]
[D:\soft\QQ\QQPlugin.dll]  [N/A, ]
[D:\soft\QQ\UserDefinedHead.dll]  [TENCENT, 7,0,365,1701]
[D:\soft\QQ\QQConfigPlugin.dll]  [TENCENT, 7,0,365,1701]
[D:\soft\QQ\QQCustomFace.dll]  [N/A, ]
[D:\soft\QQ\QQAvatar.dll]  [N/A, ]
[D:\soft\QQ\QRingMng.dll]  [N/A, ]
[D:\soft\QQ\PhoneAPI.dll]  [TENCENT, 7,0,365,1701]
[D:\soft\QQ\DialerAllinOne.dll]  [tencent, 1, 4, 0, 0]
[D:\soft\QQ\QQPet.dll]  [TENCENT, 7,0,365,1701]
[D:\soft\QQ\QQFileTransfer.dll]  [TENCENT, 7,0,365,1701]
[D:\soft\QQ\BQQApplication.dll]  [N/A, ]
[D:\soft\QQ\PersonalDesktop.dll]  [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 2]
[D:\soft\QQ\CommercesMng.dll]  [TENCENT, 7,0,365,1701]
[D:\soft\QQ\QQAddr.dll]  [深圳市腾讯计算机系统有限公司, 5, 0, 101, 320]
[D:\soft\QQ\QQSceneMng.dll]  [N/A, ]
[D:\soft\QQ\AddrSearch.dll]  [腾讯科技（深圳）有限公司, 2, 1, 9, 95]
[D:\soft\QQ\GroupConnection.dll]  [TENCENT, 7,0,365,1701]
[D:\soft\QQ\QQLiveQMng.dll]  [TENCENT, 7,0,365,1701]
[D:\soft\QQ\ImageOle.dll]  [TENCENT, 7,0,365,1701]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\klscav.dll]  [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\pr_remote.dll]  [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prloader.dll]  [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prkernel.ppl]  [Kaspersky Lab, 6.0.0.304]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\params.ppl]  [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\pxstub.ppl]  [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\tempfile.ppl]  [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\nfio.ppl]  [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\fsdrvplgn.ppl]  [Kaspersky Lab, 6.0.0.299]
[D:\soft\QQ\QQMagicFace.dll]  [TENCENT, 7,0,365,1701]
[C:\WINDOWS\system32\PYJJ4.IME]  [加加工作组, 4.0.0.20]
[D:\soft\QQ\QQZip.dll]  [TENCENT, 7,0,365,1701]
[PID: 3928 / i][D:\soft\QQ\TIMPlatform.exe]  [TENCENT, 7,0,365,1701]
[D:\soft\QQ\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
[PID: 312 / i][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\soft\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.15]
[C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll]  [BitComet, 20070830]
[c:\PROGRA~1\chinanet\VNETTR~1.DLL]  [, 2005, 4, 6, 1]
[c:\PROGRA~1\chinanet\Communicate.dll]  [0, 2005, 3, 3, 1]
[C:\PROGRA~1\Chinanet\CLIENT~1.DLL]  [, 2004, 2, 28, 1]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
[D:\soft\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 18]
[D:\soft\Thunder\Components\ResWorker\DsBho_00.dll]  [, 1, 0, 0, 11]
[D:\soft\Thunder\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 12]
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\klscav.dll]  [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\pr_remote.dll]  [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prloader.dll]  [Kaspersky Lab, 6.0.0.299]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prkernel.ppl]  [Kaspersky Lab, 6.0.0.304]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\params.ppl]  [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\pxstub.ppl]  [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\tempfile.ppl]  [Kaspersky Lab, 6.0.0.299]
[D:\小软件\WangWang\WangWangX4.dll]  [阿里软件（中国）有限公司, 1, 0, 0, 1]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\nfio.ppl]  [Kaspersky Lab, 6.0.0.299]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\fsdrvplgn.ppl]  [Kaspersky Lab, 6.0.0.299]
[C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx]  [Adobe Systems, Inc., 9,0,47,0]
[C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\xpsp3res.dll]  [Microsoft Corporation, 5.1.2600.3157 (xpsp_sp2_gdr.070614-0013)]
[D:\soft\Thunder\ComDlls\ThunderAgent_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 4, 22]
[PID: 2828 / i][E:\DownLoads\sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
[E:\DownLoads\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]

==================================
文件关联
.TXT  Error. [%SystemRoot%\System32\WScript.exe "C:\WINDOWS\i.vbs" %1 %* ]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  Error. [%SystemRoot%\System32\WScript.exe "C:\WINDOWS\i.vbs" %1 %* ]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. [%SystemRoot%\System32\WScript.exe "C:\WINDOWS\i.vbs" %1 %* ]
.HLP  Error. [%SystemRoot%\System32\WScript.exe "C:\WINDOWS\i.vbs" %1 %* ]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
[C:\]
[AutoRun]
Shellexecute=WScript.exe i.vbs "AutoRun"
shell\AutoRun=打开(&O)
shell\AutoRun\command=WScript.exe i.vbs "AutoRun"
shell\AutoRun1=资源管理器(&X)
shell\AutoRun1\command=WScript.exe i.vbs "AutoRun"
[D:\]
[AutoRun]
Shellexecute=WScript.exe i.vbs "AutoRun"
shell\AutoRun=打开(&O)
shell\AutoRun\command=WScript.exe i.vbs "AutoRun"
shell\AutoRun1=资源管理器(&X)
shell\AutoRun1\command=WScript.exe i.vbs "AutoRun"
[E:\]
[AutoRun]
Shellexecute=WScript.exe i.vbs "AutoRun"
shell\AutoRun=打开(&O)
shell\AutoRun\command=WScript.exe i.vbs "AutoRun"
shell\AutoRun1=资源管理器(&X)
shell\AutoRun1\command=WScript.exe i.vbs "AutoRun"

==================================
HOSTS 文件
127.0.0.1    localhost

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 288, D:\JIAJIA\JJ4\JJSVR4.EXE]

==================================
API HOOK
RVA  错误： LoadLibraryA (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA  错误： LoadLibraryExA (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA  错误： LoadLibraryExW (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA  错误： LoadLibraryW (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA  错误： GetProcAddress (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)

==================================
隐藏进程
N/A

==================================

[/CODE]

显示全部楼层 · 发表于 2007-10-9 17:45:18

右键"我的电脑"—>属性—>系统还原—>"在所有驱动器上关闭系统还原" 打勾即可。(病毒清理后请自己决定是否打开)
关闭IE用下面的工具，清理系统临时文件和IE临时文件夹
http://hzqedison.mm9mm.com/hanhua/ATF-Cleaner-cn.exe
用xdelbox(http://www.i170.com/attach/97670969-F47C-4A8B-9529-F0F602EFA902下载)删除下面文件（按住鼠标左键向下拖动，用鼠标从第一行拖动从上往下到最后一行，右键复制，或者（添入“文件路径”点击“添加”路径），在xdelbox窗口空白处点右键-从剪贴板导入,在抑制再生前打钩,在要删除文件上点击右键，选择立刻重启删除,如果有提示不用理会，确定。运行xdelbox前最好卸载所有可移动存储介质（包括U盘，MP3，手机存储卡等））。
C:\WScript.exe
C:\Autorun.inf
D:\WScript.exe
D:\Autorun.inf
E:\WScript.exe
E:\Autorun.inf
C:\WINDOWS\system32\i.vbs
C:\Program Files\Common Files\Microsoft Shared\MSINFO\System6.ins
C:\WINDOWS\system32\drivers\Apaidi.sys
C:\WINDOWS\System32\WScript.exe

运行SREngPS.EXE——启动项目——注册表删除下面的。
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><C:\WINDOWS\system32\i.vbs>  []修改为<>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{798977F1-34FC-4DDD-AF6D-1B5C196B4EB4}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\System6.ins>  [N/A]

运行 SREngPS.EXE在"启动项目->服务->"驱动程序"选中"隐藏微软服务" 然后将下面名称的服务
"删除服务"->"设置"->"否" (注意: 按"否"是确认删除服务,按"是"为取消操作)
[Apaidi / Apaidi][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\Apaidi.sys><N/A>

运行SREngPS.EXE——系统修复—文件关联——修复下面的项
.TXT  Error. [%SystemRoot%\System32\WScript.exe "C:\WINDOWS\i.vbs" %1 %* ]
.REG  Error. [%SystemRoot%\System32\WScript.exe "C:\WINDOWS\i.vbs" %1 %* ]
.CHM  Error. [%SystemRoot%\System32\WScript.exe "C:\WINDOWS\i.vbs" %1 %* ]
.HLP  Error. [%SystemRoot%\System32\WScript.exe "C:\WINDOWS\i.vbs" %1 %* ]

升级杀毒软件及Windows清理助手全盘查杀，修改QQ密码。http://www.arswp.com/download/arswp2/arswp2.zip
http://www.cisrt.org/bbs/viewthread.php?tid=1016 2.5 常用操作

[ 本帖最后由风雪于 2007-10-9 18:02 编辑 ]

显示全部楼层 · 发表于 2007-10-9 17:58:42

用xdelbox(http://www.i170.com/attach/97670969-F47C-4A8B-9529-F0F602EFA902下载)删除下面文件（按住鼠标左键向下拖动，用鼠标从第一行拖动从上往下到最后一行，右键复制，或者（添入“文件路径”点击“添加”路径），在xdelbox窗口空白处点右键-从剪贴板导入,在抑制再生前打钩,在要删除文件上点击右键，选择立刻重启删除,如果有提示不用理会，确定。运行xdelbox前最好卸载所有可移动存储介质（包括U盘，MP3，手机存储卡等））。
C:\WINDOWS\System32\WScript.exe
这个也删除。

显示全部楼层 · 发表于 2007-10-10 11:35:22

SREngLOG-1.rar (8.98 KB, 下载次数: 114)

显示全部楼层 · 发表于 2007-10-10 11:42:56

用xdelbox(http://www.i170.com/attach/97670969-F47C-4A8B-9529-F0F602EFA902下载)删除下面文件（按住鼠标左键向下拖动，用鼠标从第一行拖动从上往下到最后一行，右键复制，或者（添入“文件路径”点击“添加”路径），在xdelbox窗口空白处点右键-从剪贴板导入,在抑制再生前打钩,在要删除文件上点击右键，选择立刻重启删除,如果有提示不用理会，确定。运行xdelbox前最好卸载所有可移动存储介质（包括U盘，MP3，手机存储卡等））。
C:\Program Files\Common Files\Microsoft Shared\MSINFO\System6.ins

运行SREngPS.EXE——启动项目——注册表删除下面的。
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<System6><C:\Program Files\Common Files\Microsoft Shared\MSINFO\System6.ins>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{798977F1-34FC-4DDD-AF6D-1B5C196B4EB4}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\System6.ins>  [N/A]

下面是卡巴产生不用理会。
RVA  错误： LoadLibraryA (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA  错误： LoadLibraryExA (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA  错误： LoadLibraryExW (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA  错误： LoadLibraryW (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA  错误： GetProcAddress (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)

Windows清理助手升级查一下：
http://www.arswp.com/download/arswp2/arswp2.zip

[ 本帖最后由风雪于 2007-10-10 11:46 编辑 ]

紧急求助

SREngLOG

风雪兄，最新报告