==================================
驱动程序
[aeaudio / aeaudio]
  <system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[Albus / Albus]
  <\SystemRoot\System32\drivers\Albus.SYS><N/A>
[C-Dilla / C-Dilla]
  <\??\C:\WINDOWS\System32\drivers\CDANT.SYS><Macrovision>
[cszkkchz / cszkkchz]
  <\??\C:\Program Files\cszkkchz.sys><N/A>
[d347bus / d347bus]
  <\SystemRoot\System32\DRIVERS\d347bus.sys><>
[d347prt / d347prt]
  <\SystemRoot\System32\Drivers\d347prt.sys><>
[Intel(R) PRO/1000 Adapter Driver / E1000]
  <System32\DRIVERS\e1000325.sys><Intel Corporation>
[ialm / ialm]
  <System32\DRIVERS\ialmnt5.sys><Intel Corporation>
[Sony IC Recorder (SX) / ICDSX]
  <System32\Drivers\ICDSX.sys><Sony Corporation>
[NAVAP / NAVAP]
  <\??\C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAP.sys><Symantec Corporation>
[NAVAPEL / NAVAPEL]
  <\??\C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS><Symantec Corporation>
[NAVENG / NAVENG]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061115.018\NAVENG.sys><Symantec Corporation>
[NAVEX15 / NAVEX15]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061115.018\NAVEX15.sys><Symantec Corporation>
[npkcrypt / npkcrypt]
  <\??\C:\Program Files\Tencent\qq\npkcrypt.sys><INCA Internet Co., Ltd.>
[OMCI / OMCI]
  <\SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS><Dell Computer Corporation>
[Direct Parallel Link Driver / Ptilink]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Secdrv / Secdrv]
  <System32\DRIVERS\secdrv.sys><N/A>
[smwdm / smwdm]
  <system32\drivers\smwdm.sys><Analog Devices, Inc.>
[SymEvent / SymEvent]
  <\??\C:\Program Files\Symantec\SYMEVENT.SYS><Symantec Corporation>
[U3sHlpDr / U3sHlpDr]
  <\??\C:\WINDOWS\System32\Drivers\U3sHlpDr.sys><N/A>

==================================
浏览器加载项
[Vision]
  {6671A431-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\mmsass~1.dll, >
[ST]
  {9394EDE7-C8B5-483E-8773-474BF36AF6E4} <C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll, Microsoft Corporation>
[MSNToolBandBHO]
  {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll, Microsoft Corporation>
[MMSAssistMenu]
  {6671A433-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\MMSASS~1\mmsass~1.dll, >
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[MSN]
  {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll, Microsoft Corporation>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[>>彩信发送<<]
  <res://C:\PROGRA~1\MMSASS~1\mmsass~1.dll/mms.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
正在运行的进程
[PID: 640][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 696][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 720][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.1557 (xpsp2_gdr.040517-1325)]
    [C:\WINDOWS\System32\NavLogon.dll]  [N/A, N/A]
[PID: 764][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 776][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 968][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1060][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1192][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1224][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1384][C:\WINDOWS\System32\brsvc01a.exe]  [brother Industries Ltd, 1, 0, 0, 3]
[PID: 1408][C:\WINDOWS\System32\brss01a.exe]  [brother Industries Ltd, 1.004]
[PID: 1416][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.1699 (xpsp2.050610-1533)]
    [C:\WINDOWS\system32\hpbmmon.dll]  [Hewlett-Packard, 10.00.16]
    [C:\WINDOWS\system32\hppamon0.dll]  [HP, 7, 0, 5, 0]
    [C:\WINDOWS\system32\hpdomon.dll]  [Hewlett-Packard, 03.42.00]
    [C:\WINDOWS\system32\HPBHealr.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\hptcpmon.dll]  [Hewlett Packard, 2.43.01.004]
    [C:\WINDOWS\system32\HPZJSN01.dll]  [Hewlett Packard Company, 1, 0, 0, 3]
    [C:\WINDOWS\system32\hpzjfw01.dll]  [Hewlett-Packard, 4.02.009.0]
    [C:\WINDOWS\system32\hptcpmib.dll]  [Hewlett Packard, 2.41.01.021]
    [C:\WINDOWS\System32\pxc25pm.dll]  [Tracker Software, 2.50.0002]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\brmfpp1.dll]  [Brother Industries ,Ltd , 1.10]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\hpprn05.dll]  [Hewlett-Packard Corporation, 60.05.72.21]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\hpzpp042.dll]  [Hewlett-Packard Corporation, 60.042.108.11]
    [C:\WINDOWS\system32\hppadt40.dll]  [HP, 7, 0, 5, 0]
    [C:\WINDOWS\system32\HPZidr12.dll]  [HP, 7, 0, 5, 0]
[PID: 1780][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[PID: 1836][C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE]  [C-Dilla Ltd, 3.24.010]
[PID: 1908][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[PID: 1924][C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe]  [Symantec Corporation, 8.1.0.821]
[PID: 1968][C:\WINDOWS\System32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\PROGRA~1\MMSASS~1\MMSSVER.DLL]  [, 1, 2, 0, 6]
[PID: 2040][C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe]  [Symantec Corporation, 8.1.0.821]
    [C:\WINDOWS\System32\CBA.DLL]  [Intel? Corporation, 6.12.0.105 E]
    [C:\WINDOWS\System32\MsgSys.dll]  [Intel? Corporation, 6.12.0.105 E]
    [C:\WINDOWS\System32\NTS.dll]  [Intel? Corporation, 6.12.0.105 E]
    [C:\WINDOWS\System32\PDS.DLL]  [Intel? Corporation, 6.12.0.105 E]
    [C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVLU.dll]  [Symantec Corporation, 8.1.0.821]
    [C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVNTUTL.DLL]  [Symantec/Peter Norton Group, 1, 0, 0, 1]
    [C:\PROGRA~1\SYMANT~1\SYMANT~1\i2ldvp3.dll]  [Symantec Corporation, 8.1.0.821]
    [C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAPI32.DLL]  [Symantec Corp., 4.2.0.7]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061115.018\NAVEX32a.DLL]  [Symantec Corporation, 20061.3.0.12]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061115.018\NAVENG32.DLL]  [Symantec Corporation, 20061.3.0.12]
    [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP32.DLL]  [Symantec Corporation, 9.1.0.26]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\SSC\Scandlgs.dll]  [Symantec Corporation, 8.1.0.821]
[PID: 276][C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe]  [Symantec Corporation, 8.1.0.821]
    [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Cliscan.dll]  [Symantec Corporation, 8.1.0.821]
    [C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVNTUTL.DLL]  [Symantec/Peter Norton Group, 1, 0, 0, 1]
[PID: 324][C:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 360][C:\Program Files\Messenger\msmsgs.exe]  [Microsoft Corporation, 4.7.2010]
    [C:\WINDOWS\System32\msdmo.dll]  [N/A, N/A]
[PID: 456][C:\WINDOWS\System32\nutsrv4.exe]  [DataFocus, Inc., 4.50.0000]
    [C:\WINDOWS\System32\nutmsg4.dll]  [DataFocus, Inc., 4.50.0000]
[PID: 292][C:\WINDOWS\System32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: DNSRV(bld4act)]
[PID: 548][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [C:\PROGRA~1\MMSASS~1\mmsass~1.dll]  [, 1, 2, 0, 6]
    [C:\PROGRA~1\MMSASS~1\albus.dll]  [Albus, 1, 0, 0, 2]
    [C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll]  [Microsoft Corporation, 01.02.3000.1001]
    [C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll]  [Microsoft Corporation, 01.02.5000.1021]
    [C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\mtbres.dll]  [Microsoft Corporation, 01.02.5000.1021]
    [C:\WINDOWS\System32\UNISPIM.IME]  [北京清华紫光软件股份有限公司, 3.0.0.3045]
    [C:\WINDOWS\System32\upengine.dll]  [北京清华紫光软件股份有限公司, 3.0.0.3045]
    [C:\WINDOWS\System32\msdmo.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\l3codeca.acm]  [Fraunhofer Institut Integrierte Schaltungen IIS, 1, 9, 0, 0305]
    [C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx]  [Adobe Systems, Inc., 9,0,16,0]
[PID: 2492][C:\Program Files\WinRAR\WinRAR.exe]  [Eugene Roshal, 3.30]
[PID: 2776][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX01.844\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  Error. [AutoCADScriptFile]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================

【回复“leeves”的帖子】
运行(双击)SRENG2，点“启动项目，服务，点“Win32服务应用程序”
勾选“隐藏微软服务”选中病毒服务
aucup
aukld
aumms
Logical Disk Manager
JMediaService
winaua
WinkldUP
winmum
winmus
WintUPp
winyok
qq update
，选择“删除服务”
点“设置”选择“否”
重启按F８进入安全模式下
显示隐藏文件
删除：
C:\PROGRA~1\MMSASS~1\MMSSVER.DLL
ProgramFiles%\cszkkchz.dll
C:\WINDOWS\qq update.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\清空文件夹

我还是用GHOST还原吧！

我照做了，还是不行啊，红兄

谢谢

请将你桌面上的所有浏览器(包括快速起动栏里的浏览器)丢到回收站里,然后清空,再从开始按钮里,把浏览器发到桌面上,这样就可以去掉那该死的123了,哈哈哈哈,误打误撞居然就成了,哈哈哈