帮忙看一下，是不是新病毒或变种（安全模式下删除无效,还是没用！） bbs.ikaka.com

simonqqq - 2007-4-13 14:19:00

[DCOMSvr.EXE]
PID=0xc30
CommandLine=C:\WINDOWS\system32\DCOMSvr.EXE
DCOMSvr.EXE
0x400000
C:\WINDOWS\system32\DCOMSvr.EXE

2007-04-1310:44:58

ntdll.dll
0x7c920000
C:\WINDOWS\system32\ntdll.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
NTLayerDLL
2004-08-0400:52:02

kernel32.dll
0x7c800000
C:\WINDOWS\system32\kernel32.dll
5.1.2600.2945(xpsp_sp2_gdr.060704-2349)
MicrosoftCorporation
WindowsNTBASEAPIClientDLL
2006-07-0518:56:00

SHELL32.dll
0x7d590000
C:\WINDOWS\system32\shell32.dll
6.00.2900.3051(xpsp_sp2_gdr.061219-0316)
MicrosoftCorporation
WindowsShellCommonDll
2006-12-2005:49:36

ADVAPI32.dll
0x77da0000
C:\WINDOWS\system32\advapi32.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
AdvancedWindows32BaseAPI
2004-08-0400:52:06

RPCRT4.dll
0x77e50000
C:\WINDOWS\system32\rpcrt4.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
RemoteProcedureCallRuntime
2004-08-0400:52:24

GDI32.dll
0x77ef0000
C:\WINDOWS\system32\gdi32.dll
5.1.2600.3099(xpsp_sp2_gdr.070308-0222)
MicrosoftCorporation
GDIClientDLL
2007-03-0823:37:22

USER32.dll
0x77d10000
C:\WINDOWS\system32\user32.dll
5.1.2600.3099(xpsp_sp2_gdr.070308-0222)
MicrosoftCorporation
WindowsXPUSERAPIClientDLL
2007-03-0823:37:22

msvcrt.dll
0x77be0000
C:\WINDOWS\system32\msvcrt.dll
7.0.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
WindowsNTCRTDLL
2004-08-0400:52:20

SHLWAPI.dll
0x77f40000
C:\WINDOWS\system32\shlwapi.dll
6.00.2900.3059(xpsp_sp2_gdr.070104-0050)
MicrosoftCorporation
ShellLight-weightUtilityLibrary
2007-01-0421:38:36

IMM32.DLL
0x76300000
C:\WINDOWS\system32\imm32.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
WindowsXPIMM32APIClientDLL
2004-08-0400:52:12

LPK.DLL
0x62c20000
C:\WINDOWS\system32\lpk.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
LanguagePack
2004-08-0400:52:14

USP10.dll
0x73fa0000
C:\WINDOWS\system32\usp10.dll
1.0420.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
UniscribeUnicodescriptprocessor
2004-08-0400:52:26

comctl32.dll
0x77180000
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
6.0(xpsp.060825-0040)
MicrosoftCorporation
UserExperienceControlsLibrary
2006-08-2523:49:42

comctl32.dll
0x5d170000
C:\WINDOWS\system32\comctl32.dll
5.82(xpsp.060825-0040)
MicrosoftCorporation
CommonControlsLibrary
2006-08-2523:49:44

Secur32.dll
0x77fc0000
C:\WINDOWS\system32\secur32.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
SecuritySupportProviderInterface
2004-08-0400:52:24

simonqqq - 2007-4-13 14:20:00

[microsoft.exe]
PID=0x9b8
CommandLine=C:\WINDOWS\system32\microsoft.exeC:\WINDOWS\system32\wscuiex.cpl,Run
microsoft.exe
0x1000000
C:\WINDOWS\system32\microsoft.exe
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
RunaDLLasanApp
2004-08-0400:52:38

ntdll.dll
0x7c920000
C:\WINDOWS\system32\ntdll.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
NTLayerDLL
2004-08-0400:52:02

kernel32.dll
0x7c800000
C:\WINDOWS\system32\kernel32.dll
5.1.2600.2945(xpsp_sp2_gdr.060704-2349)
MicrosoftCorporation
WindowsNTBASEAPIClientDLL
2006-07-0518:56:00

msvcrt.dll
0x77be0000
C:\WINDOWS\system32\msvcrt.dll
7.0.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
WindowsNTCRTDLL
2004-08-0400:52:20

GDI32.dll
0x77ef0000
C:\WINDOWS\system32\gdi32.dll
5.1.2600.3099(xpsp_sp2_gdr.070308-0222)
MicrosoftCorporation
GDIClientDLL
2007-03-0823:37:22

USER32.dll
0x77d10000
C:\WINDOWS\system32\user32.dll
5.1.2600.3099(xpsp_sp2_gdr.070308-0222)
MicrosoftCorporation
WindowsXPUSERAPIClientDLL
2007-03-0823:37:22

IMAGEHLP.dll
0x76c60000
C:\WINDOWS\system32\imagehlp.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
WindowsNTImageHelper
2004-08-0400:52:12

IMM32.DLL
0x76300000
C:\WINDOWS\system32\imm32.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
WindowsXPIMM32APIClientDLL
2004-08-0400:52:12

ADVAPI32.dll
0x77da0000
C:\WINDOWS\system32\advapi32.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
AdvancedWindows32BaseAPI
2004-08-0400:52:06

RPCRT4.dll
0x77e50000
C:\WINDOWS\system32\rpcrt4.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
RemoteProcedureCallRuntime
2004-08-0400:52:24

LPK.DLL
0x62c20000
C:\WINDOWS\system32\lpk.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
LanguagePack
2004-08-0400:52:14

USP10.dll
0x73fa0000
C:\WINDOWS\system32\usp10.dll
1.0420.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
UniscribeUnicodescriptprocessor
2004-08-0400:52:26

wscuiex.cpl
0x10000000
C:\WINDOWS\system32\wscuiex.cpl
1,0,0,0
mcsoft
动态链接库
2007-04-1301:51:58

WS2_32.dll
0x71a20000
C:\WINDOWS\system32\ws2_32.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
WindowsSocket2.032-BitDLL
2004-08-0400:52:28

WS2HELP.dll
0x71a10000
C:\WINDOWS\system32\ws2help.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
WindowsSocket2.0HelperforWindowsNT
2004-08-0400:52:28

ole32.dll
0x76990000
C:\WINDOWS\system32\ole32.dll
5.1.2600.2726(xpsp_sp2_gdr.050725-1528)
MicrosoftCorporation
MicrosoftOLEforWindows
2005-07-2612:39:50

WININET.dll
0x76680000
C:\WINDOWS\system32\wininet.dll
6.00.2900.3059(xpsp_sp2_gdr.070104-0050)
MicrosoftCorporation
InternetExtensionsforWin32
2007-01-0421:38:44

CRYPT32.dll
0x765e0000
C:\WINDOWS\system32\crypt32.dll
5.131.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
CryptoAPI32
2004-08-0400:52:08

MSASN1.dll
0x76db0000
C:\WINDOWS\system32\msasn1.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
ASN.1RuntimeAPIs
2004-08-0400:52:16

OLEAUT32.dll
0x770f0000
C:\WINDOWS\system32\oleaut32.dll
5.1.2600.2180
MicrosoftCorporation

2004-08-0400:52:22

SHLWAPI.dll
0x77f40000
C:\WINDOWS\system32\shlwapi.dll
6.00.2900.3059(xpsp_sp2_gdr.070104-0050)
MicrosoftCorporation
ShellLight-weightUtilityLibrary
2007-01-0421:38:36

urlmon.dll
0x75c60000
C:\WINDOWS\system32\urlmon.dll
6.00.2900.3072(xpsp_sp2_gdr.070124-2319)
MicrosoftCorporation
OLE32ExtensionsforWin32
2007-01-2520:52:06

VERSION.dll
0x77bd0000
C:\WINDOWS\system32\version.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
VersionCheckingandFileInstallationLibraries
2004-08-0400:52:26

NETAPI32.dll
0x5fdd0000
C:\WINDOWS\system32\netapi32.dll
5.1.2600.2976(xpsp_sp2_gdr.060817-0106)
MicrosoftCorporation
NetWin32APIDLL
2006-08-1720:29:48

comctl32.dll
0x77180000
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
6.0(xpsp.060825-0040)
MicrosoftCorporation
UserExperienceControlsLibrary
2006-08-2523:49:42

uxtheme.dll
0x5adc0000
C:\WINDOWS\system32\uxtheme.dll
6.00.2900.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
MicrosoftUxThemeLibrary
2004-08-0400:52:26

MSCTF.dll
0x74680000
C:\WINDOWS\system32\MSCTF.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
MSCTFServerDLL
2004-08-0400:52:16

msctfime.ime
0x73640000
C:\WINDOWS\system32\MSCTFIME.IME
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
MicrosoftTextFrameWorkServiceIME
2004-08-0400:51:20

comctl32.dll
0x5d170000
C:\WINDOWS\system32\comctl32.dll
5.82(xpsp.060825-0040)
MicrosoftCorporation
CommonControlsLibrary
2006-08-2523:49:44

CLBCATQ.DLL
0x76fa0000
C:\WINDOWS\system32\clbcatq.dll
2001.12.4414.308
MicrosoftCorporation

2005-07-2612:39:46

COMRes.dll
0x77020000
C:\WINDOWS\system32\comres.dll
2001.12.4414.258
MicrosoftCorporation

2004-08-0400:52:08

shdocvw.dll
0x7e550000
C:\WINDOWS\system32\shdocvw.dll
6.00.2900.3059(xpsp_sp2_gdr.070104-0050)
MicrosoftCorporation
ShellDocObjectandControlLibrary
2007-01-0421:38:32

CRYPTUI.dll
0x75430000
C:\WINDOWS\system32\cryptui.dll
5.131.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
MicrosoftTrustUIProvider
2004-08-0400:52:08

WINTRUST.dll
0x76c00000
C:\WINDOWS\system32\wintrust.dll
5.131.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
MicrosoftTrustVerificationAPIs
2004-08-0400:52:28

WLDAP32.dll
0x76f30000
C:\WINDOWS\system32\wldap32.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
Win32LDAPAPIDLL
2004-08-0400:52:28

xpsp2res.dll
0x20000000
C:\WINDOWS\system32\xpsp2res.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
ServicePack2Messages
2004-08-0400:51:48

msi.dll
0xc70000
C:\WINDOWS\system32\msi.dll
3.1.4000.2435
MicrosoftCorporation
WindowsInstaller
2005-05-0414:45:32

SXS.DLL
0x75e00000
C:\WINDOWS\system32\sxs.dll
5.1.2600.3019(xpsp_sp2_gdr.061019-0414)
MicrosoftCorporation
Fusion2.5
2006-10-2009:37:48

Secur32.dll
0x77fc0000
C:\WINDOWS\system32\secur32.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
SecuritySupportProviderInterface
2004-08-0400:52:24

shell32.dll
0x7d590000
C:\WINDOWS\system32\shell32.dll
6.00.2900.3051(xpsp_sp2_gdr.061219-0316)
MicrosoftCorporation
WindowsShellCommonDll
2006-12-2005:49:36

mlang.dll
0x74cf0000
C:\WINDOWS\system32\mlang.dll
6.00.2900.2530(xpsp.040919-1030)
MicrosoftCorporation
MultiLanguageSupportDLL
2004-10-1604:54:42

wsock32.dll
0x71a40000
C:\WINDOWS\system32\wsock32.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
WindowsSocket32-BitDLL
2004-08-0400:52:28

mswsock.dll
0x719c0000
C:\WINDOWS\system32\mswsock.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
MicrosoftWindowsSockets2.0ServiceProvider
2004-08-0400:52:20

hnetcfg.dll
0x60fd0000
C:\WINDOWS\system32\hnetcfg.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
HomeNetworkingConfigurationManager
2004-08-0400:52:12

RASAPI32.DLL
0x76eb0000
C:\WINDOWS\system32\rasapi32.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
RemoteAccessAPI
2004-08-0400:52:22

rasman.dll
0x76e60000
C:\WINDOWS\system32\rasman.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
RemoteAccessConnectionManager
2004-08-0400:52:24

TAPI32.dll
0x76e80000
C:\WINDOWS\system32\tapi32.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
Microsoft(R)Windows(TM)TelephonyAPIClientDLL
2004-08-0400:52:26

rtutils.dll
0x76e50000
C:\WINDOWS\system32\rtutils.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
RoutingUtilities
2004-08-0400:52:24

WINMM.dll
0x76b10000
C:\WINDOWS\system32\winmm.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
MCIAPIDLL
2004-08-0400:52:28

wshtcpip.dll
0x71a00000
C:\WINDOWS\system32\wshtcpip.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
WindowsSocketsHelperDLL
2004-08-0400:52:28

msv1_0.dll
0x77c40000
C:\WINDOWS\system32\msv1_0.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
MicrosoftAuthenticationPackagev1.0
2004-08-0400:52:20

iphlpapi.dll
0x76d30000
C:\WINDOWS\system32\iphlpapi.dll
5.1.2600.2912(xpsp_sp2_gdr.060519-0003)
MicrosoftCorporation
IPHelperAPI
2006-05-1921:14:08

sensapi.dll
0x72240000
C:\WINDOWS\system32\sensapi.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
SENSConnectivityAPIDLL
2004-08-0400:52:24

USERENV.dll
0x759d0000
C:\WINDOWS\system32\userenv.dll
5.1.2600.2180(xpsp_sp2_rtm.040803-2158)
MicrosoftCorporation
Userenv
2004-08-0400:52:26

rsaenh.dll
0xffd0000
C:\WINDOWS\system32\rsaenh.dll
5.1.2600.2161(xpsp.040706-1629)
MicrosoftCorporation
MicrosoftEnhancedCryptographicProvider
2004-08-0322:31:44

ieprot.dll
0x16e0000
C:\ProgramFiles\Rising\AntiSpyware\ieprot.dll
1,0,0,10
BeijingRisingTechnologyCo.,Ltd.
IEProtector
2007-04-1310:13:26

DNSAPI.dll
0x76ef0000
C:\WINDOWS\system32\dnsapi.dll
5.1.2600.2938(xpsp_sp2_gdr.060626-0020)
MicrosoftCorporation
DNSClientAPIDLL
2006-06-2701:41:40

rasadhlp.dll
0x76f90000
C:\WINDOWS\system32\rasadhlp.dll
5.1.2600.2938(xpsp_sp2_gdr.060626-0020)
MicrosoftCorporation
RemoteAccessAutoDialHelper
2006-06-2701:41:40

simonqqq - 2007-4-13 14:21:00

早上发过一次，似乎被删了，希望别再删了我

过客2007 - 2007-4-13 14:30:00

自助尝试解决:
http://forum.ikaka.com/topic.asp?board=28&artid=8297091

水树雨下 - 2007-4-13 14:31:00

去下载sreng2,关闭qq，下载软件等一切不必要的程序后扫个日志上来，一次贴不完分段贴，不要修改
http://www.kztechs.com/sreng/sreng2.zip

simonqqq - 2007-4-13 14:39:00

[CODE]

2007-04-13,14:21:53

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Publisher]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows Publisher]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows Publisher]
<MSPY2002><C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC> [(Verified)Microsoft Windows Publisher]
<vptray><C:\Program Files\NavNT\vptray.exe> [Symantec Corporation]
<SoundMan><SOUNDMAN.EXE> [Realtek Semiconductor Corp.]
<StormCodec_Helper><"D:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti> []
<Acrobat Assistant 7.0><"d:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"> [Adobe Systems Inc.]
<DAEMON Tools><"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033> [(Verified)DAEMON Tools Code Signing Services]
<dla><C:\WINDOWS\system32\dla\tfswctrl.exe> [Sonic Solutions]
<IMSCMIG40W><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG.EXE /SetPreload /Log> [Microsoft Corporation]
<WangWang><"C:\Program Files\Alisoft\WangWang\WangWang.EXE"> [阿里软件（中国）有限公司]
<FlashGet><D:\Program Files\FlashGet\FlashGet.exe /min> [(Verified)Trend Media Corporation Limited]
<runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<KKDelay><C:\Program Files\Rising\AntiSpyware\RunOnce.exe> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
<WinlogonNotify: NavLogon><C:\WINDOWS\system32\NavLogon.dll> []

==================================
启动文件夹
[Microsoft Office]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk --> C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [Microsoft Corporation]><N>
[Adobe Acrobat Speed Launcher]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Acrobat Speed Launcher.lnk --> C:\WINDOWS\Installer\{AC76BA86-2052-0000-7760-100000000002}\SC_Acrobat.exe [N/A]><N>

==================================
服务
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
<C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart][Stopped/Auto Start]
<C:\WINDOWS\system32\ati2sgag.exe><>
[DefWatch / DefWatch][Running/Auto Start]
<"C:\Program Files\NavNT\defwatch.exe"><Symantec Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Norton AntiVirus 客户端 / Norton AntiVirus Server][Running/Auto Start]
<"C:\Program Files\NavNT\rtvscan.exe"><Symantec Corporation>
[SingleService / SingleService][Stopped/Auto Start]
<C:\WINDOWS\system32\SingleServiceRMS.exe><Microsoft Corporation>
[DCOM Client / DCOMClient][Running/Auto Start]
<C:\WINDOWS\system32\DCOMSvr.EXE><N/A>

==================================

simonqqq - 2007-4-13 14:41:00

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AliIde / AliIde][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\aliide.sys><N/A>
[ati2mtag / ati2mtag][Running/Manual Start]
<system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[CMB8100 / CMB8100][Running/Auto Start]
<\??\C:\WINDOWS\system32\Drivers\CertClient.dat><N/A>
[CMBProtector / CMBProtector][Running/Auto Start]
<\??\C:\WINDOWS\system32\Drivers\CMBProtector.dat><N/A>
[CmdIde / CmdIde][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[drvmcdb / drvmcdb][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\drvmcdb.sys><Sonic Solutions>
[drvnddm / drvnddm][Running/Auto Start]
<system32\drivers\drvnddm.sys><Sonic Solutions>
[dtscsi / dtscsi][Running/Manual Start]
<\SystemRoot\System32\Drivers\dtscsi.sys><N/A>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
<system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[fiifhhic / fiifhhic][Stopped/Boot Start]
<\SystemRoot\system32\drivers\fiifhhic.sys><N/A>
[UsbKey / jxkey][Running/Manual Start]
<system32\DRIVERS\jxkey.sys><Jiangxin Technology Co.,Ltd.>
[MegaIDE / MegaIDE][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\MegaIDE.sys><LSI Logic Corporation.>
[NAVAP / NAVAP][Running/Manual Start]
<\??\C:\Program Files\NavNT\NAVAP.sys><N/A>
[NAVAPEL / NAVAPEL][Running/Auto Start]
<\??\C:\Program Files\NavNT\NAVAPEL.SYS><N/A>
[NAVENG / NAVENG][Running/Manual Start]
<\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070404.032\NAVENG.sys><Symantec Corporation>
[NAVEX15 / NAVEX15][Running/Manual Start]
<\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070404.032\NAVEX15.sys><Symantec Corporation>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\D:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Stopped/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
<\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[Realtek 10/100/1000 PCI NIC Family NDIS XP Driver / RTL8023xp][Running/Manual Start]
<system32\DRIVERS\Rtnicxp.sys><Realtek Semiconductor Corporation>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
<system32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[sptd / sptd][Running/Boot Start]
<\SystemRoot\System32\Drivers\sptd.sys><N/A>
[sscdbhk5 / sscdbhk5][Running/System Start]
<system32\drivers\sscdbhk5.sys><Sonic Solutions>
[ssrtln / ssrtln][Running/System Start]
<system32\drivers\ssrtln.sys><Sonic Solutions>
[SymEvent / SymEvent][Running/Manual Start]
<\??\C:\Program Files\Symantec\SYMEVENT.SYS><Symantec Corporation>
[tfsnboio / tfsnboio][Running/Auto Start]
<system32\dla\tfsnboio.sys><Sonic Solutions>
[tfsncofs / tfsncofs][Running/Auto Start]
<system32\dla\tfsncofs.sys><Sonic Solutions>
[tfsndrct / tfsndrct][Running/Auto Start]
<system32\dla\tfsndrct.sys><Sonic Solutions>
[tfsndres / tfsndres][Running/Auto Start]
<system32\dla\tfsndres.sys><Sonic Solutions>
[tfsnifs / tfsnifs][Running/Auto Start]
<system32\dla\tfsnifs.sys><Sonic Solutions>
[tfsnopio / tfsnopio][Running/Auto Start]
<system32\dla\tfsnopio.sys><Sonic Solutions>
[tfsnpool / tfsnpool][Running/Auto Start]
<system32\dla\tfsnpool.sys><Sonic Solutions>
[tfsnudf / tfsnudf][Running/Auto Start]
<system32\dla\tfsnudf.sys><Sonic Solutions>
[tfsnudfa / tfsnudfa][Running/Auto Start]
<system32\dla\tfsnudfa.sys><Sonic Solutions>
[ViaIde / ViaIde][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[profilenh / profilenh][Running/System Start]
<system32\drivers\profilenh.sys><Microsoft Corporation>
[proregnh / proregnh][Running/System Start]
<system32\drivers\proregnh.sys><Windows System Internal>
[RsAntiSpyware / RsAntiSpyware][Stopped/Boot Start]
<\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>

==================================

simonqqq - 2007-4-13 14:41:00

==================================
浏览器加载项
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <d:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[FGCatchUrl]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <D:\Program Files\FlashGet\jccatch.dll, www.flashget.com>
[BitComet Helper]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <D:\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll, BitComet>
[DriveLetterAccess]
{5CA3D70E-1895-11CF-8E15-001234567890} <C:\WINDOWS\system32\dla\tfswshx.dll, Sonic Solutions>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, N/A>
[AcroIEToolbarHelper Class]
{AE7CD045-E861-484f-8273-0445EE161910} <d:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[Browser Class]
{D8C32D92-3120-4D44-B295-5D4461C6AF95} <C:\WINDOWS\system32\rasapi.DLL, TODO: <公司名>>
[FlashGet GetFlash Class]
{F156768E-81EF-470C-9057-481BA8380DBA} <D:\Program Files\FlashGet\getflash.dll, www.flashget.com>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[快车]
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <D:\Program Files\FlashGet\FlashGet.exe, FlashGet.com>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Adobe PDF]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} <d:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[快车(FlashGet)]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <D:\Program Files\FlashGet\fgiebar.dll, Amaze Soft>
[NSHelp Class]
{485D813E-EE26-4DF8-9FAF-DEDF2885306E} <C:\WINDOWS\Downloaded Program Files\nshelp.dll, Microsoft Corporation>
[CEditCtrl Object]
{488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com>
[AxInputControl Class]
{73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\DOWNLO~1\CONFLICT.1\INPUTC~1.DLL, >
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[CPasswordEditCtrl Object]
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <d:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[FGCatchUrl]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <D:\Program Files\FlashGet\jccatch.dll, www.flashget.com>
[BitComet Helper]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <D:\Program Files\BitComet\tools\BitCometBHO_1.1.3.19.dll, BitComet>
[Adobe PDF]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} <d:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[DriveLetterAccess]
{5CA3D70E-1895-11CF-8E15-001234567890} <C:\WINDOWS\system32\dla\tfswshx.dll, Sonic Solutions>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[WangWangObj Class]
{6E213FC7-DD5A-4115-B7E6-D4C7838C361E} <C:\Program Files\Alisoft\WangWang\WangWangX4.dll, 阿里软件（中国）有限公司>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, N/A>
[AcroIEToolbarHelper Class]
{AE7CD045-E861-484F-8273-0445EE161910} <d:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[Browser Class]
{D8C32D92-3120-4D44-B295-5D4461C6AF95} <C:\WINDOWS\system32\rasapi.DLL, TODO: <公司名>>
[快车(FlashGet)]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <D:\Program Files\FlashGet\fgiebar.dll, Amaze Soft>
[FlashGet GetFlash Class]
{F156768E-81EF-470C-9057-481BA8380DBA} <D:\Program Files\FlashGet\getflash.dll, www.flashget.com>
[FGCatchUrl]
{FB5DA724-162B-11D3-8B9B-AA70B4B0B524} <D:\Program Files\FlashGet\jccatch.dll, www.flashget.com>
[&使用BitComet下载]
<res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm, N/A>
[&使用BitComet下载全部链接]
<res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm, N/A>
[&使用BitComet下载本页视频]
<res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm, N/A>
[&使用快车(FlashGet)下载]
<D:\Program Files\FlashGet\jc_link.htm, N/A>
[&使用快车(FlashGet)下载全部链接]
<D:\Program Files\FlashGet\jc_all.htm, N/A>
[转换为 Adobe PDF]
<res://d:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[转换为现有 PDF]
<res://d:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[转换选定的链接为 Adobe PDF]
<res://d:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html, N/A>
[转换选定的链接为现有 PDF]
<res://d:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html, N/A>
[转换选项为 Adobe PDF]
<res://d:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[转换选项为现有 PDF]
<res://d:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[转换链接目标为 Adobe PDF]
<res://d:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[转换链接目标为现有 PDF]
<res://d:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>

==================================

simonqqq - 2007-4-13 14:43:00

==================================
正在运行的进程
[PID: 520][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 580][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 800][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[d:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[d:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.CHS] [Adobe Systems, Inc., 7.0.0.0]
[d:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 7.0.0.2004121400]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[d:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.chs] [Adobe Systems Inc., 7.0.0.2004121400\0]
[C:\WINDOWS\system32\dla\tfswshx.dll] [Sonic Solutions, 1.04.07b]
[C:\WINDOWS\system32\tfswapi.dll] [Sonic Solutions, 1.04.07b]
[C:\WINDOWS\system32\dla\tfswcres.dll] [Sonic Solutions, 1.04.07b]
[C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll] [Symantec Corporation, 7.60.00.926]
[d:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll] [Adobe Systems Inc., 7.0.0.2004121400\0]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\IMSC40W.IME] [Microsoft Corporation, 6.0.0.2524]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 316][C:\Program Files\NavNT\vptray.exe] [Symantec Corporation, 7.60.00.926]
[C:\Program Files\NavNT\Cliproxy.dll] [Symantec Corporation, 7.60.00.926]
[C:\Program Files\NavNT\NAVNTUTL.DLL] [Symantec/Peter Norton Group, 1, 0, 0, 1]
[C:\Program Files\NavNT\Cliscan.dll] [Symantec Corporation, 7.60.00.926]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 876][C:\WINDOWS\SOUNDMAN.EXE] [Realtek Semiconductor Corp., 5, 1, 0, 54]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2060][D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe] [Adobe Systems Inc., 6.0.1.2004121400]
[D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.chs] [Adobe Systems Inc., 6.0.0.0]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2080][C:\Program Files\DAEMON Tools\daemon.exe] [DT Soft Ltd., 4.03.0.0]
[C:\Program Files\DAEMON Tools\daemon.dll] [DT Soft Ltd., 4.03.0.0]
[C:\Program Files\DAEMON Tools\PFCTOC.DLL] [Padus(R), Inc., 1, 0, 0, 12]
[C:\Program Files\DAEMON Tools\Plugins\Images\bw5mount.dll] [, 1.0.6.0]
[C:\Program Files\DAEMON Tools\Plugins\Images\ccdmount.dll] [GENERIC, 1.10.0.0]
[C:\Program Files\DAEMON Tools\Plugins\Images\mdsmount.dll] [GENERIC, 1.12.0.0]
[C:\Program Files\DAEMON Tools\Plugins\Images\nrgmount.dll] [GENERIC, 1.11.0.0]
[C:\Program Files\DAEMON Tools\Plugins\Images\pdimount.dll] [GENERIC, 1.01.0.0]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2088][C:\WINDOWS\system32\dla\tfswctrl.exe] [Sonic Solutions, 1.04.07b]
[C:\WINDOWS\system32\tfswapi.dll] [Sonic Solutions, 1.04.07b]
[C:\WINDOWS\system32\dla\tfswcres.dll] [Sonic Solutions, 1.04.07b]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2196][C:\WINDOWS\system32\CTFMON.EXE] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2652][C:\Program Files\Rising\AntiSpyware\runiep.exe] [Beijing Rising Technology Co., Ltd., 1, 0, 1, 6]
[C:\Program Files\Rising\AntiSpyware\iep_ctrl.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2488][C:\WINDOWS\system32\microsoft.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\wscuiex.cpl] [mcsoft, 1, 0, 0, 0]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 3776][E:\Downloads\sreng2\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[E:\Downloads\sreng2\Plugins\NWMON.SRE] [Smallfrogs Studio, 1, 0, 0, 8]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================

[/CODE]

瑞星卡卡安全论坛