求助，猛烈的病毒，凡杀毒软件的病毒！ bbs.ikaka.com

菜菜新手 - 2007-7-1 16:12:00

这是我用hijackthis扫描的结果，希望高手帮忙看看是中了什么病毒顺便教教我怎样清除，在这里先谢谢各位大虾了！！！！！！！

当前运行的进程：
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\95B857E5.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\KAV2006\KAVStart.exe
C:\WINDOWS\VMSnap3.EXE
C:\WINDOWS\Domino.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\KAV2006\KMailMon.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tencent\QQDownload\QQDownload.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\ChinaNet\VnetClient.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tencent\QQ\TIMPlatform.exe
C:\Program Files\Founder\Emergency Center\Hotkey.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Tencent\QQ\QQ.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\95B857E5.exe
C:\Documents and Settings\Home\桌面\HijackThis1991zww.exe

O2 - BHO: QQCycloneHelper - {00000000-12C9-4305-82F9-43058F20E8D2} - C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: ThunderBHO - {4E83D566-4697-4F7B-B1F0-A513B01DB89A} - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: VnetCookie Class - {4E83D567-4697-4F7B-B1F0-A513B01DB89A} - c:\PROGRA~1\chinanet\VNETTR~1.DLL
O4 - 启动项HKLM\\Run: [KavStart] "C:\KAV2006\KAVStart.exe" -startup
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE
O4 - 启动项HKLM\\Run: [Domino] C:\WINDOWS\Domino.EXE
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - 启动项HKLM\\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - 启动项HKLM\\Run: [mppds] C:\WINDOWS\mppds.exe
O4 - 启动项HKLM\\Run: [Microsoft Autorun5] C:\WINDOWS\system32\mosou.exe
O4 - 启动项HKLM\\Run: [Microsoft Autorun7] C:\WINDOWS\system32\nwiztlbu.exe
O4 - 启动项HKLM\\Run: [TIMHost] C:\WINDOWS\TIMHost.exe
O4 - 启动项HKLM\\Run: [upxdnd] C:\WINDOWS\upxdnd.exe
O4 - 启动项HKLM\\Run: [Microsoft Autorun9] C:\WINDOWS\system32\Ravasktao.exe
O4 - 启动项HKLM\\Run: [Microsoft Autorun1] C:\WINDOWS\system32\nwizdh.exe
O4 - 启动项HKLM\\Run: [Microsoft Autorun4] C:\WINDOWS\system32\dllhost32.exe
O4 - 启动项HKLM\\Run: [AVPSrv] C:\WINDOWS\AVPSrv.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Shell] "C:\WINDOWS\system32\Rundll32.exe" "C:\WINDOWS\system32\shell32.dll",Control_RunDLL "C:\DOCUME~1\Home\LOCALS~1\Temp\dat19.tmp"
O4 - HKCU\..\Run: [QQDownload] "C:\Program Files\Tencent\QQDownload\QQDownload.exe" autostart
O4 - Startup: QQ游戏启动加速程序.lnk = C:\Program Files\Tencent\QQGame\Accel.exe
O4 - Startup: 腾讯QQ.lnk = C:\Program Files\Tencent\QQ\QQ.exe
O4 - Global Startup: 星空极速.lnk = C:\Program Files\ChinaNet\VnetClient.exe
O8 - IE右键菜单中的新增项目: &使用超级旋风下载 - C:\Program Files\Tencent\QQDownload\geturl.htm
O8 - IE右键菜单中的新增项目: &使用超级旋风下载全部链接 - C:\Program Files\Tencent\QQDownload\getAllurl.htm
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 使用“方正畅听”朗读选定内容 - C:\Program Files\iFly Info Tek\MagicVoice\\bin\ir_Select.htm
O8 - IE右键菜单中的新增项目: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - IE右键菜单中的新增项目: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O8 - IE右键菜单中的新增项目: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - 浏览器额外的按钮: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - 浏览器额外的“工具”菜单项: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - 浏览器额外的按钮: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - 浏览器额外的按钮: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - 浏览器额外的“工具”菜单项: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.foundertech.com
O16 - DPF: {2354A44B-3CEB-4829-9940-545B03103538} (PowerPlr Control) - http://bb.008vod.com/plugin/PowerPlr.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{47629DE8-D68B-4CE8-82D4-EC1D5CD54E1D}: NameServer = 202.103.44.150 202.103.24.68
O17 - HKLM\System\CCS\Services\Tcpip\..\{83A37FB0-9513-49F7-ADBC-126CB1F34FE1}: NameServer = 202.103.44.150
O23 - NT 服务: Kingsoft Antivirus KWatch Service (KWatchSvc) - Kingsoft Corporation - C:\KAV2006\KWatch.EXE
O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - NT 服务: Sysbak hotkey Server (Sysbak_hotkey_Server) - Unknown owner - C:\Program Files\Founder\Emergency Center\Hotkey.exe

baohe - 2007-7-1 16:17:00

【回复“菜菜新手”的帖子】
C:\WINDOWS\system32\95B857E5.exe
找到这个文件，打包，加密（密码：123），发到：baohelin@yahoo.com.cn

超级游戏迷 - 2007-7-1 16:17:00

。

超级游戏迷 - 2007-7-1 16:18:00

当前运行的进程：
C:\WINDOWS\system32\95B857E5.exe
O4 - 启动项HKLM\\Run: [mppds] C:\WINDOWS\mppds.exe
O4 - 启动项HKLM\\Run: [Microsoft Autorun5] C:\WINDOWS\system32\mosou.exe
O4 - 启动项HKLM\\Run: [Microsoft Autorun7] C:\WINDOWS\system32\nwiztlbu.exe
O4 - 启动项HKLM\\Run: [TIMHost] C:\WINDOWS\TIMHost.exe
O4 - 启动项HKLM\\Run: [upxdnd] C:\WINDOWS\upxdnd.exe
O4 - 启动项HKLM\\Run: [Microsoft Autorun9] C:\WINDOWS\system32\Ravasktao.exe
O4 - 启动项HKLM\\Run: [Microsoft Autorun1] C:\WINDOWS\system32\nwizdh.exe
O4 - 启动项HKLM\\Run: [Microsoft Autorun4] C:\WINDOWS\system32\dllhost32.exe
O4 - 启动项HKLM\\Run: [AVPSrv] C:\WINDOWS\AVPSrv.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Shell] "C:\WINDOWS\system32\Rundll32.exe" "C:\WINDOWS\system32\shell32.dll",Control_RunDLL "C:\DOCUME~1\Home\LOCALS~1\Temp\dat19.tmp"
问题不少啊！换SRENG日志上来！

下载 System Repair Engineer系统扫描工具软件，下载地址如下：
http://www.kztechs.com/sreng/download.html
扫描和上传日志的方法：
1、解压缩所下载的sreng2.zip压缩包；
2、请确认当前你机的系统时间是和真实时间一致的，如果被病毒篡改为1980年、1990年、2005年等不正常的时间（这里先要排除主板电池没电的原因，辨别方法是看BIOS中的时间和登陆系统后系统显示的时间是否一致，如果不一致则为病毒影响，如果一致则可能电池没电），请双击系统托盘的时间图标将系统时间改为正常。
3、打开已经解压缩的SRENG文件夹，双击运行其中的SREng.exe（如果不能运行，请删除已经用压缩包解压的SRENG文件夹和其包含的所有文件，重新下载新的压缩包或用已下载的压缩包重新解压，解压时请将解压后的文件夹名改为111，解压后，进入111文件夹，不要运行其中的SREng.exe这个可执行文件，先将其直接改名为111.bat、111.scr、111.com或111.pif，或者改为111.exe，然后再双击运行）；
4、依次按“智能扫描”、“扫描”、“保存报告”，将日志保存到硬盘上；
5、找到并打开日志，把日志中的内容用“复制”--“粘贴”命令拷贝到帖子上，不要修改地传上来（日志很长，一个帖子搞不完，请手动将全部内容在同一个主题帖下分多个回复帖子传上来）。
友情提示：
1、扫描日志前请先关闭所有打开的软件（如QQ、迅雷等下载程序什么的）和IE窗口。
2、注意在没有进一步提示前，请勿用SRENG工具胡乱修复，否则系统可能变的情况更糟。
3、SRENG操作图文详解：http://forum.ikaka.com/topic.asp?board=67&artid=8125594

菜菜新手 - 2007-7-1 16:19:00

好的

菜菜新手 - 2007-7-1 16:30:00

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
<Shell><"C:\WINDOWS\system32\Rundll32.exe" "C:\WINDOWS\system32\shell32.dll",Control_RunDLL "C:\DOCUME~1\Home\LOCALS~1\Temp\dat19.tmp"> [N/A]
<QQDownload><"C:\Program Files\Tencent\QQDownload\QQDownload.exe" autostart> [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<KavStart><"C:\KAV2006\KAVStart.exe" -startup> [Kingsoft Corporation]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<VMSnap3><C:\WINDOWS\VMSnap3.EXE> [ZSMCSNAP]
<Domino><C:\WINDOWS\Domino.EXE> [Vimicro]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<BigDog303><C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)> [N/A]
<mppds><C:\WINDOWS\mppds.exe> []
<Microsoft Autorun5><C:\WINDOWS\system32\mosou.exe> []
<Microsoft Autorun7><C:\WINDOWS\system32\nwiztlbu.exe> []
<TIMHost><C:\WINDOWS\TIMHost.exe> []
<upxdnd><C:\WINDOWS\upxdnd.exe> []
<Microsoft Autorun9><C:\WINDOWS\system32\Ravasktao.exe> []
<Microsoft Autorun1><C:\WINDOWS\system32\nwizdh.exe> []
<Microsoft Autorun4><C:\WINDOWS\system32\dllhost32.exe> []
<AVPSrv><C:\WINDOWS\AVPSrv.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{88A46432-969E-4F5E-913D-3AAF4B6A3051}><C:\WINDOWS\system32\SvTime.dll> []
<{754FB7D8-B8FE-4810-B363-A788CD060F1F}><C:\Program Files\Internet Explorer\PLUGINS\System64.Sys> []
<{13BA17B6-1BA7-1F95-2376-27542B3D2F32}><C:\WINDOWS\system32\k118326793322qso.dll> []
<{E25C29AB-12B9-4523-A53C-324B5FBA648C}><C:\DOCUME~1\Home\LOCALS~1\Temp\dat19.tmp> []
<{13BB17B6-1BA7-1F95-2376-27542B3D2F32}><C:\WINDOWS\system32\k118326809263qso.dll> []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<ApabiAgent><; "C:\Program Files\Founder\Apabi Reader 3.0\ApabiAgent.exe"> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Publisher]
<IMSCMig><; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [(Verified)Microsoft Corporation]
<jmekey><; C:\Program Files\jmesoft\hotkey.exe> [JME Co.,Ltd.]
<NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<NvMediaCenter><; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<nwiz><; nwiz.exe /install> []
<PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows Publisher]
<PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows Publisher]
<SoundMan><; SOUNDMAN.EXE> [(Verified)Microsoft Corporation]
<StormCodec_Helper><; "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti> []
<TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]

菜菜新手 - 2007-7-1 16:34:00

启动文件夹
[星空极速]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\星空极速.lnk --> C:\PROGRA~1\ChinaNet\VNETCL~1.EXE []><N>
[QQ游戏启动加速程序]
<C:\Documents and Settings\Home\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> C:\PROGRA~1\Tencent\QQGame\Accel.exe [深圳市腾讯计算机系统有限公司]><N>
[腾讯QQ]
<C:\Documents and Settings\Home\「开始」菜单\程序\启动\腾讯QQ.lnk --> C:\PROGRA~1\Tencent\QQ\QQ.exe [TENCENT]><N>

==================================
服务
[972EB96C / 972EB96C][Stopped/Auto Start]
<C:\WINDOWS\system32\3489944A.EXE -972EB96C><Microsoft Corporation>
[Application Management / AppMgmt][Stopped/Manual Start]
<C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[E72553BE / E72553BE][Stopped/Auto Start]
<C:\WINDOWS\system32\EB1B3AFC.EXE -k><Microsoft Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Kingsoft Antivirus KWatch Service / KWatchSvc][Stopped/Auto Start]
<C:\KAV2006\KWatch.EXE><Kingsoft Corporation>
[Win32 Debug Service / MSDebugsvc][Stopped/Auto Start]
<C:\WINDOWS\system32\rundll32.exe msdebug.dll,input><Microsoft Corporation>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Remote Debug Service / RemoteDbg][Stopped/Auto Start]
<C:\WINDOWS\system32\rundll32.exe RemoteDbg.dll,input><Microsoft Corporation>
[Sysbak hotkey Server / Sysbak_hotkey_Server][Running/Auto Start]
<C:\Program Files\Founder\Emergency Center\Hotkey.exe><N/A>
[Wireless Service / WZCSRVC][Stopped/Auto Start]
<C:\WINDOWS\system32\rundll32.exe netsrvcs.dll,input><Microsoft Corporation>

菜菜新手 - 2007-7-1 16:34:00

驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Apaidi / Apaidi][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\Apaidi.sys><N/A>
[KWatch3 / KWatch3][Running/System Start]
<\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>
[Softlumos Multi-Platform / Mulsys][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\Mulsys.SYS><Softlumos Corporation>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[PauseDrv / PauseDrv][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\Drivers\PauseDrv.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[Softlumos ShowLogo / ShowLogo][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\ShowLogo.sys><N/A>
[SynTPS / SynTPS][Running/System Start]
<system32\drivers\SynTPS.sys><Synaptics, Inc.>
[ViaIde / ViaIde][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[videX32 / videX32][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\videX32.sys><VIA Technologies, Inc.>
[vmfilter303 / vmfilter303][Running/Manual Start]
<system32\drivers\vmfilter303.sys><Vimicro Corporation>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[VIA SATA IDE Hot-plug Driver / xfilt][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\xfilt.sys><VIA Technologies,Inc>
[Teclast WE 303 PC Camera (Vimicro Neptune) / ZSMC303][Running/Manual Start]
<System32\Drivers\usbVM303.sys><Vimicro Corporation>

菜菜新手 - 2007-7-1 16:35:00

浏览器加载项
[QQCycloneHelper Class]
{00000000-12C9-4305-82F9-43058F20E8D2} <C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll, 腾讯公司>
[ThunderAtOnce Class]
{01443AEC-0FD1-40fd-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
{4E83D566-4697-4F7B-B1F0-A513B01DB89A} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[VnetCookie Class]
{4E83D567-4697-4F7B-B1F0-A513B01DB89A} <c:\PROGRA~1\chinanet\VNETTR~1.DLL, >
[启动迅雷5]
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[信息检索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[PowerPlr Control]
{2354A44B-3CEB-4829-9940-545B03103538} <C:\WINDOWS\DOWNLO~1\PowerPlr.ocx, 创智数码科技股份有限公司>
[QQCycloneHelper Class]
{00000000-12C9-4305-82F9-43058F20E8D2} <C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll, 腾讯公司>
[ThunderAtOnce Class]
{01443AEC-0FD1-40FD-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[PowerPlr Control]
{2354A44B-3CEB-4829-9940-545B03103538} <C:\WINDOWS\DOWNLO~1\PowerPlr.ocx, 创智数码科技股份有限公司>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[Thunder Agent Class]
{485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <C:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
{4E83D566-4697-4F7B-B1F0-A513B01DB89A} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[VnetCookie Class]
{4E83D567-4697-4F7B-B1F0-A513B01DB89A} <c:\PROGRA~1\chinanet\VNETTR~1.DLL, >
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Active Desktop Mover]
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[RMGetLicense Class]
{A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[Vod Class]
{EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <C:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DapPlayer1.0.0.41.dll, XunLei>
[&使用超级旋风下载]
<C:\Program Files\Tencent\QQDownload\geturl.htm, N/A>
[&使用超级旋风下载全部链接]
<C:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>
[上传到QQ网络硬盘]
<C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[使用“方正畅听”朗读选定内容]
<C:\Program Files\iFly Info Tek\MagicVoice\\bin\ir_Select.htm, N/A>
[使用迅雷下载]
<C:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
<C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
<C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

菜菜新手 - 2007-7-1 16:36:00

在运行的进程
[PID: 456][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 508][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\3F3FFD3A.DLL] [Microsoft Corporation, ]
[PID: 532][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\ACC80195.DLL] [Microsoft Corporation, ]
[C:\WINDOWS\system32\3F3FFD3A.DLL] [Microsoft Corporation, ]
[C:\DOCUME~1\Home\LOCALS~1\Temp\dat1B.tmp] [N/A, ]
[PID: 576][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\3F3FFD3A.DLL] [Microsoft Corporation, ]
[PID: 588][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\3F3FFD3A.DLL] [Microsoft Corporation, ]
[PID: 752][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\3F3FFD3A.DLL] [Microsoft Corporation, ]
[PID: 808][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\3F3FFD3A.DLL] [Microsoft Corporation, ]
[PID: 872][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\3F3FFD3A.DLL] [Microsoft Corporation, ]
[PID: 1680][C:\WINDOWS\system32\95B857E5.exe] [N/A, ]
[C:\WINDOWS\system32\MSVBVM60.DLL] [Microsoft Corporation, 6.00.9690]
[C:\WINDOWS\system32\k118326809263qso.dll] [N/A, ]
[C:\WINDOWS\system32\k118326793322qso.dll] [N/A, ]
[C:\KAV2006\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 1, 6, 0, 2]
[C:\WINDOWS\system32\GetsFile.dll] [N/A, ]
[C:\WINDOWS\system32\wkjbj.dll] [N/A, ]
[C:\WINDOWS\system32\hjtdx.dll] [N/A, ]
[C:\WINDOWS\system32\whgdm.dll] [N/A, ]
[C:\WINDOWS\system32\wgfdl.dll] [N/A, ]
[C:\WINDOWS\system32\hread.dll] [N/A, ]
[C:\WINDOWS\system32\Hhgda.dll] [N/A, ]
[C:\WINDOWS\system32\zerwx.dll] [N/A, ]
[C:\WINDOWS\system32\wkufd.dll] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\System64.Sys] [N/A, ]
[PID: 1996][C:\KAV2006\KAVStart.exe] [Kingsoft Corporation, 2005, 12, 15, 192]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\msdebug.dll] [N/A, ]
[C:\WINDOWS\system32\k118326809263qso.dll] [N/A, ]
[C:\WINDOWS\system32\k118326793322qso.dll] [N/A, ]
[C:\KAV2006\KAVIPC2.DLL] [Kingsoft Corporation, 2004, 12, 28, 20]
[C:\KAV2006\KAVPassp.dll] [Kingsoft Corporation, 2005, 12, 14, 227]
[C:\KAV2006\PopSprt3.dll] [Kingsoft Corporation, 2005, 12, 6, 30]
[C:\KAV2006\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 1, 6, 0, 2]
[PID: 2012][C:\WINDOWS\VMSnap3.EXE] [ZSMCSNAP, 3, 6, 818, 7]
[C:\WINDOWS\system32\msdebug.dll] [N/A, ]
[C:\WINDOWS\system32\k118326809263qso.dll] [N/A, ]
[C:\WINDOWS\system32\k118326793322qso.dll] [N/A, ]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[C:\WINDOWS\system32\VM303Prp.Ax] [Vimicro, 3, 6, 411, 13]
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 1, 6, 0, 2]
[C:\WINDOWS\system32\GetsFile.dll] [N/A, ]
[C:\WINDOWS\system32\whgdm.dll] [N/A, ]
[C:\WINDOWS\system32\wgfdl.dll] [N/A, ]
[C:\WINDOWS\system32\zerwx.dll] [N/A, ]
[C:\WINDOWS\system32\wkufd.dll] [N/A, ]
[C:\WINDOWS\system32\wkjbj.dll] [N/A, ]
[C:\WINDOWS\system32\hjtdx.dll] [N/A, ]
[C:\WINDOWS\system32\hread.dll] [N/A, ]
[C:\WINDOWS\system32\Hhgda.dll] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\System64.Sys] [N/A, ]
[PID: 2020][C:\WINDOWS\Domino.EXE] [Vimicro, 4, 2, 1124, 6]
[C:\WINDOWS\system32\msdebug.dll] [N/A, ]
[C:\WINDOWS\system32\k118326809263qso.dll] [N/A, ]
[C:\WINDOWS\system32\k118326793322qso.dll] [N/A, ]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[PID: 2028][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3536]
[C:\WINDOWS\system32\msdebug.dll] [N/A, ]
[C:\WINDOWS\system32\k118326809263qso.dll] [N/A, ]
[C:\WINDOWS\system32\k118326793322qso.dll] [N/A, ]
[C:\KAV2006\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 1, 6, 0, 2]
[PID: 212][C:\KAV2006\KMailMon.EXE] [Kingsoft Corporation, 2005, 10, 8, 85]
[C:\WINDOWS\system32\msdebug.dll] [N/A, ]
[C:\KAV2006\KAntiSpm.dll] [, 1, 0, 0, 2]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\KAV2006\KAVIPC2.DLL] [Kingsoft Corporation, 2004, 12, 28, 20]
[C:\WINDOWS\system32\k118326809263qso.dll] [N/A, ]
[C:\WINDOWS\system32\k118326793322qso.dll] [N/A, ]
[C:\KAV2006\KAECall2.DLL] [Kingsoft Corporation, 2004, 12, 28, 7]
[C:\KAV2006\KAEPlat.DLL] [Kingsoft Corp., 2004, 11, 26, 53]
[C:\KAV2006\KAEMem.DAT] [Kingsoft, 2004, 11, 9, 11]
[C:\KAV2006\KAConfig.DLL] [Kingsoft Corporation, 2005, 3, 23, 30]
[C:\KAV2006\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 1, 6, 0, 2]
[PID: 264][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\msdebug.dll] [N/A, ]
[C:\KAV2006\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\WINDOWS\system32\k118326809263qso.dll] [N/A, ]
[C:\WINDOWS\system32\k118326793322qso.dll] [N/A, ]
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 1, 6, 0, 2]
[C:\WINDOWS\system32\hread.dll] [N/A, ]
[C:\WINDOWS\system32\Hhgda.dll] [N/A, ]
[C:\WINDOWS\system32\zerwx.dll] [N/A, ]
[C:\WINDOWS\system32\wkufd.dll] [N/A, ]
[C:\WINDOWS\system32\wkjbj.dll] [N/A, ]
[C:\WINDOWS\system32\hjtdx.dll] [N/A, ]
[C:\WINDOWS\system32\whgdm.dll] [N/A, ]
[C:\WINDOWS\system32\wgfdl.dll] [N/A, ]
[C:\WINDOWS\system32\GetsFile.dll] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\System64.Sys] [N/A, ]
[PID: 772][C:\Program Files\ChinaNet\VnetClient.exe] [, 2005, 11, 14, 1]
[C:\Program Files\ChinaNet\Communicate.dll] [0, 2005, 3, 3, 1]
[C:\Program Files\ChinaNet\DialModule.dll] [GDCN, 2006, 6, 26, 10]
[C:\Program Files\ChinaNet\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
[C:\WINDOWS\system32\msdebug.dll] [N/A, ]
[C:\WINDOWS\system32\RemoteDbg.dll] [N/A, ]
[C:\WINDOWS\system32\netsrvcs.dll] [N/A, ]
[C:\KAV2006\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\WINDOWS\system32\k118326809263qso.dll] [N/A, ]
[C:\WINDOWS\system32\k118326793322qso.dll] [N/A, ]
[C:\PROGRA~1\ChinaNet\CLIENT~1.DLL] [, 2004, 2, 28, 1]
[C:\PROGRA~1\ChinaNet\PLUGIN~1.OCX] [, 2005, 7, 27, 1]
[C:\PROGRA~1\ChinaNet\sign.dll] [0, 2004, 12, 1, 1]
[C:\PROGRA~1\ChinaNet\PostPlug.dll] [, 2004, 12, 16, 2]
[C:\PROGRA~1\ChinaNet\ADVERT~1.OCX] [, 2005, 10, 13, 1]
[C:\PROGRA~1\ChinaNet\Gif89a.dll] [, 2005, 6, 21, 1]
[C:\PROGRA~1\ChinaNet\VnetBs.ocx] [, 2004, 11, 18, 1]
[C:\PROGRA~1\ChinaNet\ACCOUN~2.DLL] [, 2005, 11, 14, 1]
[C:\PROGRA~1\ChinaNet\AccountMgr.dll] [, 2005, 11, 14, 17]
[C:\PROGRA~1\ChinaNet\VnetSkin.ocx] [GDDC, 2005, 11, 14, 1]
[C:\PROGRA~1\ChinaNet\DialogStyle.dll] [, 1, 0, 0, 1]
[C:\PROGRA~1\ChinaNet\Timer.ocx] [, 2005, 10, 9, 14]

菜菜新手 - 2007-7-1 16:37:00

[C:\PROGRA~1\ChinaNet\PLUGIN~2.OCX] [, 2005, 2, 24, 1]
[C:\PROGRA~1\ChinaNet\NEWMES~1.DLL] [, 2005, 8, 26, 1]
[C:\PROGRA~1\ChinaNet\PassCtrl.dll] [, 1, 0, 0, 1]
[C:\PROGRA~1\ChinaNet\PlugPush.dll] [, 2004, 12, 21, 1]
[C:\PROGRA~1\ChinaNet\ALLINT~1.DLL] [, 2004, 11, 23, 1]
[C:\PROGRA~1\ChinaNet\VNETLO~1.OCX] [, 2005, 10, 9, 1]
[C:\PROGRA~1\ChinaNet\StatNum.dll] [, 2004, 11, 18, 1]
[C:\PROGRA~1\ChinaNet\VNETON~1.OCX] [, 2005, 3, 2, 1]
[C:\PROGRA~1\ChinaNet\ALLFUN~1.DLL] [GDCN, 2005, 10, 9, 1]
[C:\PROGRA~1\ChinaNet\VnetOptLog.dll] [, 2005, 9, 13, 9]
[C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\PDM.DLL] [Microsoft Corporation, 7.00.9466]
[C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\2052\mdmui.dll] [Microsoft Corporation, 7.00.9466]
[C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MSDBG2.DLL] [Microsoft Corporation, 7.00.9466]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\PROGRA~1\ChinaNet\DlgSkin.ocx] [, 2005, 11, 14, 1]
[C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 1, 6, 0, 2]
[C:\WINDOWS\system32\GetsFile.dll] [N/A, ]
[C:\WINDOWS\system32\wgfdl.dll] [N/A, ]
[C:\WINDOWS\system32\whgdm.dll] [N/A, ]
[C:\WINDOWS\system32\hjtdx.dll] [N/A, ]
[C:\WINDOWS\system32\wkjbj.dll] [N/A, ]
[C:\WINDOWS\system32\wkufd.dll] [N/A, ]
[C:\WINDOWS\system32\zerwx.dll] [N/A, ]
[C:\WINDOWS\system32\Hhgda.dll] [N/A, ]
[C:\WINDOWS\system32\hread.dll] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\System64.Sys] [N/A, ]
[PID: 620][C:\Program Files\Tencent\QQ\TIMPlatform.exe] [TENCENT, 7,0,313,1681]
[C:\WINDOWS\system32\msdebug.dll] [N/A, ]
[C:\WINDOWS\system32\RemoteDbg.dll] [N/A, ]
[C:\WINDOWS\system32\MOSOU.dll] [N/A, ]
[C:\KAV2006\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\WINDOWS\system32\k118326809263qso.dll] [N/A, ]
[C:\WINDOWS\system32\k118326793322qso.dll] [N/A, ]
[C:\WINDOWS\system32\hread.dll] [N/A, ]
[C:\WINDOWS\system32\Hhgda.dll] [N/A, ]
[C:\WINDOWS\system32\zerwx.dll] [N/A, ]
[C:\WINDOWS\system32\wkufd.dll] [N/A, ]
[C:\WINDOWS\system32\wkjbj.dll] [N/A, ]
[C:\WINDOWS\system32\hjtdx.dll] [N/A, ]
[C:\WINDOWS\system32\whgdm.dll] [N/A, ]
[C:\WINDOWS\system32\wgfdl.dll] [N/A, ]
[C:\Program Files\Tencent\QQ\TIMProxy.dll] [tencent, 0, 3, 2, 4]
[C:\Program Files\Internet Explorer\PLUGINS\System64.Sys] [N/A, ]
[PID: 3840][C:\Program Files\Tencent\QQ\QQ.exe] [TENCENT, 7,0,313,1681]
[C:\Program Files\Tencent\QQ\QQBaseClassInDll.dll] [TENCENT, 7,0,313,1681]
[C:\Program Files\Tencent\QQ\QQHelperDll.dll] [TENCENT, 7,0,313,1681]
[C:\Program Files\Tencent\QQ\BasicCtrlDll.dll] [TENCENT, 7, 0, 225, 1651]
[C:\Program Files\Tencent\QQ\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
[C:\KAV2006\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\WINDOWS\system32\k118326809263qso.dll] [N/A, ]
[C:\WINDOWS\system32\k118326793322qso.dll] [N/A, ]
[C:\WINDOWS\system32\msdebug.dll] [N/A, ]
[C:\WINDOWS\system32\RemoteDbg.dll] [N/A, ]
[C:\WINDOWS\system32\netsrvcs.dll] [N/A, ]
[C:\Program Files\Tencent\QQ\RICHED32.DLL] [Microsoft Corporation, 5.00.2134.1]
[C:\Program Files\Tencent\QQ\RICHED20.dll] [Microsoft Corporation, 5.31.23.1218]
[C:\Program Files\Tencent\QQ\QQAPI.dll] [TENCENT, 7,0,313,1681]
[C:\Program Files\Tencent\QQ\TIMProxy.dll] [tencent, 0, 3, 2, 4]
[C:\Program Files\Tencent\QQ\LoginCtrl.dll] [TENCENT, 7,0,313,1681]
[C:\Program Files\Tencent\QQ\LoginCtrlRes.dll] [TENCENT, 7,0,313,1681]
[C:\Program Files\Tencent\QQ\QQRes.dll] [TENCENT, 7,0,313,1681]
[C:\Program Files\Tencent\QQ\MailSummary.dll] [TENCENT, 7,0,313,1681]
[C:\Program Files\Tencent\QQ\QQMainFrame.dll] [N/A, ]
[C:\Program Files\Tencent\QQ\gdiplus.dll] [Microsoft Corporation, 5.1.3102.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Tencent\QQ\CQQApplication.dll] [N/A, ]
[C:\Program Files\Tencent\QQ\FlashAvatarDll.dll] [, 1, 4, 0, 1]
[C:\Program Files\Tencent\QQ\NewSkin.dll] [TENCENT, 7,0,313,1681]
[C:\Program Files\Tencent\QQ\HostingMgr.dll] [TENCENT, 7,0,313,1681]
[C:\Program Files\Tencent\QQ\CameraDll.dll] [TENCENT, 7,0,313,1681]
[C:\Program Files\Tencent\QQ\QQKnowledgeSearch.dll] [TENCENT, 7,0,313,1681]
[C:\Program Files\Tencent\QQ\QQAllInOne.dll] [TENCENT, 7,0,313,1681]
[C:\Program Files\Tencent\QQ\SCCore.dll] [TENCENT, 1, 6, 0, 2]
[C:\Program Files\Tencent\QQ\QQSpace.dll] [TENCENT, 7,0,313,1681]
[C:\Program Files\Tencent\QQ\vbscript.dll] [Microsoft Corporation, 5.6.0.7426]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[C:\Program Files\Tencent\QQ\QQGroupMng.dll] [TENCENT, 7,0,313,1681]
[C:\Program Files\Tencent\QQ\QQSysMsgMng.dll] [N/A, ]
[C:\Program Files\Tencent\QQ\UserDefinedHead.dll] [TENCENT, 7,0,313,1681]
[C:\Program Files\Tencent\QQ\QQPlugin.dll] [N/A, ]
[C:\Program Files\Tencent\QQ\QQConfigPlugin.dll] [TENCENT, 7,0,313,1681]
[C:\Program Files\Tencent\QQ\QQAvatar.dll] [N/A, ]
[C:\Program Files\Tencent\QQ\QRingMng.dll] [N/A, ]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Tencent\QQ\QQCustomFace.dll] [N/A, ]
[C:\Program Files\Tencent\QQ\ImageOle.dll] [TENCENT, 7,0,313,1681]
[C:\Program Files\Tencent\QQ\QQLiveQMng.dll] [TENCENT, 7,0,313,1681]
[C:\Program Files\Tencent\QQ\QQSceneMng.dll] [N/A, ]
[C:\Program Files\Tencent\QQ\QQPet.dll] [TENCENT, 7,0,313,1681]
[C:\Program Files\Tencent\QQ\LongConnection.dll] [TENCENT, 7,0,313,1681]
[C:\Program Files\Tencent\QQ\PhoneAPI.dll] [TENCENT, 7,0,313,1681]
[C:\Program Files\Tencent\QQ\DialerAllinOne.dll] [tencent, 1, 4, 0, 0]
[C:\Program Files\Founder\Emergency Center\SBHotkey.dll] [N/A, ]
[C:\WINDOWS\system32\SOGOUPY.IME] [Sohu.com Inc., 2, 0, 0, 1]
[C:\WINDOWS\system32\dllMergeDict.dll] [N/A, ]
[C:\Program Files\SogouInput\Plugin\SgImeWord.dll] [, 1, 0, 0, 31]
[C:\Program Files\Tencent\QQ\BQQApplication.dll] [N/A, ]
[C:\Program Files\Tencent\QQ\GroupConnection.dll] [TENCENT, 7,0,313,1681]
[C:\WINDOWS\system32\msadp32.acm] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

菜菜新手 - 2007-7-1 16:38:00

[C:\Program Files\Tencent\QQ\CommercesMng.dll] [TENCENT, 7,0,313,1681]
[C:\Program Files\Tencent\QQ\PersonalDesktop.dll] [TENCENT, 7,0,313,1681]
[C:\Program Files\Tencent\QQ\QQAddr.dll] [深圳市腾讯计算机系统有限公司, 5, 0, 101, 310]
[C:\Program Files\Tencent\QQ\QQZip.dll] [TENCENT, 7,0,313,1681]
[C:\Program Files\Tencent\QQ\AddrSearch.dll] [腾讯科技（深圳）有限公司, 2, 1, 9, 93]
[C:\Program Files\Tencent\QQ\QQMagicFace.dll] [TENCENT, 7,0,313,1681]
[C:\Program Files\Tencent\QQ\QQFileTransfer.dll] [TENCENT, 7,0,313,1681]
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 1, 6, 0, 2]
[C:\DOCUME~1\Home\LOCALS~1\Temp\dat19.tmp] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\System64.Sys] [N/A, ]
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 5.00.2000.3]
[C:\WINDOWS\system32\JPWB.IME] [常诚研制, 4.00.950]
[C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[C:\Program Files\Tencent\QQ\VqqModule.dll] [TENCENT, 7,0,313,1681]
[C:\Program Files\Tencent\QQ\VqqAllInOne.dll] [Tencent, 1, 6, 0, 2]
[C:\Program Files\Tencent\QQ\InPlus.dll] [Tencent, 1, 6, 0, 2]
[C:\Program Files\Tencent\QQ\tencent-proto1.dll] [tencent, 1, 6, 0, 2]
[C:\Program Files\Tencent\QQ\tencent-comlib.dll] [tencent, 1, 6, 0, 2]
[C:\Program Files\Tencent\QQ\tencent-proto2.dll] [tencent, 1, 6, 0, 2]
[C:\WINDOWS\system32\GetsFile.dll] [N/A, ]
[C:\WINDOWS\system32\wgfdl.dll] [N/A, ]
[C:\WINDOWS\system32\whgdm.dll] [N/A, ]
[C:\WINDOWS\system32\hjtdx.dll] [N/A, ]
[C:\WINDOWS\system32\wkjbj.dll] [N/A, ]
[C:\WINDOWS\system32\wkufd.dll] [N/A, ]
[C:\WINDOWS\system32\zerwx.dll] [N/A, ]
[C:\WINDOWS\system32\Hhgda.dll] [N/A, ]
[C:\WINDOWS\system32\hread.dll] [N/A, ]
[PID: 3092][C:\WINDOWS\system32\95B857E5.exe] [N/A, ]
[C:\WINDOWS\system32\MSVBVM60.DLL] [Microsoft Corporation, 6.00.9690]
[C:\WINDOWS\system32\msdebug.dll] [N/A, ]
[C:\WINDOWS\system32\RemoteDbg.dll] [N/A, ]
[C:\WINDOWS\system32\netsrvcs.dll] [N/A, ]
[C:\KAV2006\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\WINDOWS\system32\k118326809263qso.dll] [N/A, ]
[C:\WINDOWS\system32\k118326793322qso.dll] [N/A, ]
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 1, 6, 0, 2]
[C:\WINDOWS\system32\GetsFile.dll] [N/A, ]
[C:\WINDOWS\system32\hread.dll] [N/A, ]
[C:\WINDOWS\system32\Hhgda.dll] [N/A, ]
[C:\WINDOWS\system32\zerwx.dll] [N/A, ]
[C:\WINDOWS\system32\wkufd.dll] [N/A, ]
[C:\WINDOWS\system32\wkjbj.dll] [N/A, ]
[C:\WINDOWS\system32\hjtdx.dll] [N/A, ]
[C:\WINDOWS\system32\whgdm.dll] [N/A, ]
[C:\WINDOWS\system32\wgfdl.dll] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\System64.Sys] [N/A, ]
[PID: 1944][C:\WINDOWS\explorer.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\msdebug.dll] [N/A, ]
[C:\WINDOWS\system32\RemoteDbg.dll] [N/A, ]
[C:\WINDOWS\system32\netsrvcs.dll] [N/A, ]
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 1, 6, 0, 2]
[C:\KAV2006\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\WINDOWS\system32\ACC80195.DLL] [Microsoft Corporation, ]
[C:\WINDOWS\system32\3F3FFD3A.DLL] [Microsoft Corporation, ]
[C:\WINDOWS\c_878.nls] [N/A, ]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\SvTime.dll] [N/A, ]
[C:\WINDOWS\system32\GetsFile.dll] [N/A, ]
[C:\WINDOWS\system32\GetsFiles.dll] [N/A, ]
[C:\WINDOWS\system32\wgfdl.dll] [N/A, ]
[C:\WINDOWS\system32\whgdm.dll] [N/A, ]
[C:\WINDOWS\system32\hjtdx.dll] [N/A, ]
[C:\WINDOWS\system32\wkjbj.dll] [N/A, ]
[C:\WINDOWS\system32\wkufd.dll] [N/A, ]
[C:\WINDOWS\system32\zerwx.dll] [N/A, ]
[C:\WINDOWS\system32\Hhgda.dll] [N/A, ]
[C:\WINDOWS\system32\hread.dll] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\System64.Sys] [N/A, ]
[C:\WINDOWS\system32\k118326793322qso.dll] [N/A, ]
[C:\DOCUME~1\Home\LOCALS~1\Temp\dat19.tmp] [N/A, ]
[C:\WINDOWS\system32\k118326809263qso.dll] [N/A, ]
[PID: 3968][C:\WINDOWS\system32\95B857E5.exe] [N/A, ]
[C:\WINDOWS\system32\MSVBVM60.DLL] [Microsoft Corporation, 6.00.9690]
[C:\WINDOWS\system32\msdebug.dll] [N/A, ]
[C:\WINDOWS\system32\RemoteDbg.dll] [N/A, ]
[C:\WINDOWS\system32\netsrvcs.dll] [N/A, ]
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 1, 6, 0, 2]
[C:\KAV2006\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\WINDOWS\system32\GetsFile.dll] [N/A, ]
[C:\WINDOWS\system32\k118326793322qso.dll] [N/A, ]
[C:\WINDOWS\system32\hread.dll] [N/A, ]
[C:\WINDOWS\system32\Hhgda.dll] [N/A, ]
[C:\WINDOWS\system32\zerwx.dll] [N/A, ]
[C:\WINDOWS\system32\wkufd.dll] [N/A, ]
[C:\WINDOWS\system32\wkjbj.dll] [N/A, ]
[C:\WINDOWS\system32\hjtdx.dll] [N/A, ]
[C:\WINDOWS\system32\whgdm.dll] [N/A, ]
[C:\WINDOWS\system32\wgfdl.dll] [N/A, ]
[C:\WINDOWS\system32\k118326809263qso.dll] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\System64.Sys] [N/A, ]
[PID: 1368][C:\Documents and Settings\Home\桌面\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]
[C:\WINDOWS\system32\msdebug.dll] [N/A, ]
[C:\WINDOWS\system32\RemoteDbg.dll] [N/A, ]
[C:\WINDOWS\system32\netsrvcs.dll] [N/A, ]
[C:\WINDOWS\system32\k118326809263qso.dll] [N/A, ]
[C:\WINDOWS\system32\k118326793322qso.dll] [N/A, ]
[C:\Program Files\Tencent\QQ\DShared.dll] [Tencent, 1, 6, 0, 2]
[C:\KAV2006\KASocket.dll] [Kingsoft Corporation, 2005, 2, 22, 233]
[C:\WINDOWS\system32\hread.dll] [N/A, ]
[C:\WINDOWS\system32\Hhgda.dll] [N/A, ]
[C:\WINDOWS\system32\zerwx.dll] [N/A, ]
[C:\WINDOWS\system32\wkufd.dll] [N/A, ]
[C:\WINDOWS\system32\wkjbj.dll] [N/A, ]
[C:\WINDOWS\system32\hjtdx.dll] [N/A, ]
[C:\WINDOWS\system32\whgdm.dll] [N/A, ]
[C:\WINDOWS\system32\wgfdl.dll] [N/A, ]
[C:\WINDOWS\system32\GetsFile.dll] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\System64.Sys] [N/A, ]

菜菜新手 - 2007-7-1 16:38:00

文件关联
.TXT Error. [C:\WINDOWS\notepad.exe %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. ["hh.exe" %1]
.HLP Error. [winhlp32.exe %1]
.INI Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
[C:\]
[AutoRun]
open=auto.exe
shellexecute=auto.exe
shell\Auto\command=auto.exe
[D:\]
[AutoRun]
open=auto.exe
shellexecute=auto.exe
shell\Auto\command=auto.exe
[E:\]
[AutoRun]
open=auto.exe
shellexecute=auto.exe
shell\Auto\command=auto.exe
[F:\]
[AutoRun]
open=auto.exe
shellexecute=auto.exe
shell\Auto\command=auto.exe
[G:\]
[AutoRun]
open=auto.exe
shellexecute=auto.exe
shell\Auto\command=auto.exe

==================================
HOSTS 文件
127.0.0.1 localhost

==================================
API HOOK
入口点错误：LoadLibraryExW (危险等级: 一般, 被下面模块所HOOK: C:\KAV2006\KASocket.dll)

==================================
隐藏进程
N/A

==================================

[/CODE]

菜菜新手 - 2007-7-1 16:40:00

高手帮帮忙！

菜菜新手 - 2007-7-1 16:44:00

在线等待！！

超级游戏迷 - 2007-7-1 17:08:00

先下载冰刃（1.2版本）：http://forum.ikaka.com/topic.asp?board=67&artid=8283060
开机按F8进入安全模式（不能进入安全模式的就在正常模式下操作,正常模式下最好断开网络，并关闭QQ等一切能关闭的东西）后，按照以下步骤进行：
一、在双击打开SRENG扫描工具的窗口，“启动项目”--“注册表”--在列表中选中以下有问题的注册表值项，点下方的删除按钮，删除这些注册表值项：
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<mppds><C:\WINDOWS\mppds.exe> []
<Microsoft Autorun5><C:\WINDOWS\system32\mosou.exe> []
<Microsoft Autorun7><C:\WINDOWS\system32\nwiztlbu.exe> []
<TIMHost><C:\WINDOWS\TIMHost.exe> []
<upxdnd><C:\WINDOWS\upxdnd.exe> []
<Microsoft Autorun9><C:\WINDOWS\system32\Ravasktao.exe> []
<Microsoft Autorun1><C:\WINDOWS\system32\nwizdh.exe> []
<Microsoft Autorun4><C:\WINDOWS\system32\dllhost32.exe> []
<AVPSrv><C:\WINDOWS\AVPSrv.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{88A46432-969E-4F5E-913D-3AAF4B6A3051}><C:\WINDOWS\system32\SvTime.dll> []
<{754FB7D8-B8FE-4810-B363-A788CD060F1F}><C:\Program Files\Internet Explorer\PLUGINS\System64.Sys> []
<{13BA17B6-1BA7-1F95-2376-27542B3D2F32}><C:\WINDOWS\system32\k118326793322qso.dll> []
<{E25C29AB-12B9-4523-A53C-324B5FBA648C}><C:\DOCUME~1\Home\LOCALS~1\Temp\dat19.tmp> []
<{13BB17B6-1BA7-1F95-2376-27542B3D2F32}><C:\WINDOWS\system32\k118326809263qso.dll> []
==================================
二、在双击打开SRENG扫描工具的窗口，“启动项目”--“服务”--“Win32服务应用程序”--在弹出对话框中选中右下角的“隐藏已认证的微软服务”--在服务项目列表找到下面名称的服务项目并单击选中--单击“删除服务”--单击“设置”按钮--在弹出的窗口中选择“NO（否）”，就可以删除这些有问题的服务项目。如果有些服务项目不能删除，单击选中该服务项目，在“启动类型”列表中将其启动方式改为“disabled”,单击“修改启动类型”最后单击“设置”，将此服务项目禁用：
[972EB96C / 972EB96C][Stopped/Auto Start]
<C:\WINDOWS\system32\3489944A.EXE -972EB96C><Microsoft Corporation>
[E72553BE / E72553BE][Stopped/Auto Start]
<C:\WINDOWS\system32\EB1B3AFC.EXE -k><Microsoft Corporation>
[Win32 Debug Service / MSDebugsvc][Stopped/Auto Start]
<C:\WINDOWS\system32\rundll32.exe msdebug.dll,input><Microsoft Corporation>
[Remote Debug Service / RemoteDbg][Stopped/Auto Start]
<C:\WINDOWS\system32\rundll32.exe RemoteDbg.dll,input><Microsoft Corporation>
[Wireless Service / WZCSRVC][Stopped/Auto Start]
<C:\WINDOWS\system32\rundll32.exe netsrvcs.dll,input><Microsoft Corporation>
==================================
三、删除以下文件：
C:\WINDOWS\mppds.exe
C:\WINDOWS\system32\mosou.exe
C:\WINDOWS\system32\nwiztlbu.exe
C:\WINDOWS\TIMHost.exe
C:\WINDOWS\upxdnd.exe
C:\WINDOWS\system32\Ravasktao.exe
C:\WINDOWS\system32\nwizdh.exe
C:\WINDOWS\system32\dllhost32.exe
C:\WINDOWS\AVPSrv.exe
C:\WINDOWS\system32\SvTime.dll> []
C:\Program Files\Internet Explorer\PLUGINS\System64.Sys
C:\WINDOWS\system32\k118326793322qso.dll
C:\DOCUME~1\Home\LOCALS~1\Temp\dat19.tmp
C:\WINDOWS\system32\k118326809263qso.dll
C:\WINDOWS\system32\3489944A.EXE
C:\WINDOWS\system32\EB1B3AFC.EXE
C:\WINDOWS\system32\msdebug.dll
C:\WINDOWS\system32\RemoteDbg.dll
C:\WINDOWS\system32\netsrvcs.dll
[C:\WINDOWS\system32\GetsFile.dll] [N/A, ]
[C:\WINDOWS\system32\wkjbj.dll] [N/A, ]
[C:\WINDOWS\system32\hjtdx.dll] [N/A, ]
[C:\WINDOWS\system32\whgdm.dll] [N/A, ]
[C:\WINDOWS\system32\wgfdl.dll] [N/A, ]
[C:\WINDOWS\system32\hread.dll] [N/A, ]
[C:\WINDOWS\system32\Hhgda.dll] [N/A, ]
[C:\WINDOWS\system32\zerwx.dll] [N/A, ]
[C:\WINDOWS\system32\wkufd.dll] [N/A, ]
C:\WINDOWS\system32\95B857E5.exe
==================================
四、按“CTRL”+“ALT”+“DEL”组合键调出任务管理器，“文件”--“新建任务（运行）”--输入“WINRAR.EXE”--回车，在弹出窗口找到各驱动器根目录下的autorun.inf和auto.exe并选中,然后用窗口上方常用工具栏的“删除”按钮一一予以删除。
==================================
五、用瑞星全盘杀毒，收拾病毒剩余的残留。
提示：不能用常规方法删除的文件可以用冰刃的强制删除。以上操作期间，不可用双击打开任何驱动器盘符，也不可选择鼠标右键的“AUTO”菜单项。

建议重装系统，重装系统后进行步骤四就可以了。
总体感觉：毒窝。

菜菜新手 - 2007-7-1 17:11:00

小弟在这里谢谢各位高手了！

baohe - 2007-7-1 17:40:00

引用:

【菜菜新手的贴子】在线等待！！
………………

可以尝试用IceSword手工杀毒：

1、禁止进程创建。尝试强制卸除下列进程中的病毒模块C:\WINDOWS\system32\3F3FFD3A.DLL、C:\WINDOWS\system32\ACC80195.DLL以及C:\DOCUME~1\Home\LOCALS~1\Temp\dat1B.tmp：
[PID: 508][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID: 532][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID: 576][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID: 588][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID: 752][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID: 808][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID: 872][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

2、结束下列病毒进程和被病毒插入的应用程序进程：
[PID: 1680][C:\WINDOWS\system32\95B857E5.exe] [N/A, ]

[PID: 1996][C:\KAV2006\KAVStart.exe] [Kingsoft Corporation, 2005, 12, 15, 192]

[PID: 2020][C:\WINDOWS\Domino.EXE] [Vimicro, 4, 2, 1124, 6]

[PID: 2028][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3536]

[PID: 264][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

[PID: 772][C:\Program Files\ChinaNet\VnetClient.exe] [, 2005, 11, 14, 1]

[PID: 620][C:\Program Files\Tencent\QQ\TIMPlatform.exe] [TENCENT, 7,0,313,1681]

[PID: 3840][C:\Program Files\Tencent\QQ\QQ.exe] [TENCENT, 7,0,313,1681]

[PID: 3092][C:\WINDOWS\system32\95B857E5.exe] [N/A, ]

[PID: 1944][C:\WINDOWS\explorer.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

[PID: 3968][C:\WINDOWS\system32\95B857E5.exe] [N/A, ]

[PID: 1368][C:\Documents and Settings\Home\桌面\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]

3、删除下列病毒文件：
C:\WINDOWS\mppds.exe
C:\WINDOWS\system32\mosou.exe
C:\WINDOWS\system32\nwiztlbu.exe
C:\WINDOWS\system32\nwiztlbu.exe
C:\WINDOWS\TIMHost.exe
C:\WINDOWS\system32\95B857E5.ex
C:\WINDOWS\system32\3F3FFD3A.DLL
C:\WINDOWS\system32\ACC80195.DLL
C:\WINDOWS\system32\3F3FFD3A.DLL
C:\WINDOWS\c_878.nls
C:\WINDOWS\system32\msdebug.dll
C:\WINDOWS\system32\RemoteDbg.dll
C:\WINDOWS\system32\netsrvcs.dll
C:\WINDOWS\system32\k118326809263qso.dll
C:\WINDOWS\system32\k118326793322qso.dll
C:\WINDOWS\system32\GetsFile.dll
C:\WINDOWS\system32\hread.dll
C:\WINDOWS\system32\Hhgda.dll
C:\WINDOWS\system32\zerwx.dll
C:\WINDOWS\system32\wkufd.dll
C:\WINDOWS\system32\wkjbj.dll
C:\WINDOWS\system32\hjtdx.dll
C:\WINDOWS\system32\whgdm.dll
C:\WINDOWS\system32\wgfdl.dll
C:\WINDOWS\system32\dllMergeDict.dll
C:\DOCUME~1\Home\LOCALS~1\Temp\dat19.tmp
C:\Program Files\Internet Explorer\PLUGINS\System64.Sys
C:\WINDOWS\system32\GetsFile.dll
C:\WINDOWS\upxdnd.exe
C:\WINDOWS\system32\Ravasktao.exe
C:\WINDOWS\system32\nwizdh.exe
C:\WINDOWS\system32\dllhost32.exe
C:\WINDOWS\AVPSrv.exe
C:\WINDOWS\system32\SvTime.dll
C:\WINDOWS\system32\3489944A.EXE
C:\WINDOWS\system32\EB1B3AFC.EXE
C:\WINDOWS\system32\drivers\Apaidi.sys
C:\WINDOWS\system32\Drivers\PauseDrv.sys
C:\WINDOWS\SystemRoot\System32\DRIVERS\ShowLogo.sys
C、D、E、F、G分区根目录下的Autorun.inf和auto.exe

4、删除下列注册表内容

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run分支下的：
mppds
Microsoft Autorun5
Microsoft Autorun7
TIMHost
upxdnd
Microsoft Autorun9
Microsoft Autorun1
Microsoft Autorun4
AVPSrv
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks分支下的：
{88A46432-969E-4F5E-913D-3AAF4B6A3051}
{754FB7D8-B8FE-4810-B363-A788CD060F1F}
{13BA17B6-1BA7-1F95-2376-27542B3D2F32}
{E25C29AB-12B9-4523-A53C-324B5FBA648C}
{13BB17B6-1BA7-1F95-2376-27542B3D2F32}
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES分支下的：
972EB96C
E72553BE
MSDebugsvc
RemoteDbg
WZCSRVC
Apaidi
PauseDrv
ShowLogo
5、取消IceSword的“禁止进程创建”。

6、用SRENG修复文件关联。

瑞星卡卡安全论坛