[C:\WINDOWS\system32\WmlCore.dll]  [N/A, ]
    [C:\WINDOWS\system32\WmlRun.dll]  [N/A, ]
[PID: 4020 / Administrator][C:\Program Files\WinRAR\WinRAR.exe]  [N/A, ]
    [C:\Program Files\360safe\safemon\safemon.dll]  [, 3, 4, 0, 1001]
    [C:\WINDOWS\system32\wpdshext.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\PortableDeviceApi.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\Audiodev.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[PID: 500 / SYSTEM][C:\WINDOWS\system32\wbem\wmiprvse.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nmp.dll]  [NVIDIA Corporation, 2, 2, 0, 464]
    [C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nv_common.dll]  [NVIDIA, 2, 2, 0, 464]
[PID: 2604 / Administrator][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX32.781\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\Program Files\360safe\safemon\safemon.dll]  [, 3, 4, 0, 1001]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX32.781\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
    [C:\WINDOWS\system32\nvappfilter.dll]  [NVIDIA, 1, 0, 2, 0]

==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
NVIDIA App Filter over [MSAFD Tcpip [TCP/IP]]
    C:\WINDOWS\system32\nvappfilter.dll(NVIDIA, NVIDIA IAM LSP)
NVIDIA App Filter over [MSAFD Tcpip [UDP/IP]]
    C:\WINDOWS\system32\nvappfilter.dll(NVIDIA, NVIDIA IAM LSP)
NVIDIA App Filter over [MSAFD Tcpip [RAW/IP]]
    C:\WINDOWS\system32\nvappfilter.dll(NVIDIA, NVIDIA IAM LSP)
NVIDIA App Filter over [RSVP UDP Service Provider]
    C:\WINDOWS\system32\nvappfilter.dll(NVIDIA, NVIDIA IAM LSP)
NVIDIA App Filter over [RSVP TCP Service Provider]
    C:\WINDOWS\system32\nvappfilter.dll(NVIDIA, NVIDIA IAM LSP)
NVIDIA App Filter over [MSAFD NetBIOS [\Device\NetBT_Tcpip_{300E6161-3043-4FC4-A8C2-9113B7CB714C}] SEQPACKET 0]
    C:\WINDOWS\system32\nvappfilter.dll(NVIDIA, NVIDIA IAM LSP)
NVIDIA App Filter over [MSAFD NetBIOS [\Device\NetBT_Tcpip_{300E6161-3043-4FC4-A8C2-9113B7CB714C}] DATAGRAM 0]
    C:\WINDOWS\system32\nvappfilter.dll(NVIDIA, NVIDIA IAM LSP)
NVIDIA App Filter over [MSAFD NetBIOS [\Device\NetBT_Tcpip_{26322E8E-8498-4FA4-97E8-69203EF9F7CA}] SEQPACKET 1]
    C:\WINDOWS\system32\nvappfilter.dll(NVIDIA, NVIDIA IAM LSP)
NVIDIA App Filter over [MSAFD NetBIOS [\Device\NetBT_Tcpip_{26322E8E-8498-4FA4-97E8-69203EF9F7CA}] DATAGRAM 1]
    C:\WINDOWS\system32\nvappfilter.dll(NVIDIA, NVIDIA IAM LSP)
NVIDIA App Filter over [MSAFD NetBIOS [\Device\NetBT_Tcpip_{11578FCD-D77D-4F50-81E5-9BF33F218DA2}] SEQPACKET 2]
    C:\WINDOWS\system32\nvappfilter.dll(NVIDIA, NVIDIA IAM LSP)
NVIDIA App Filter over [MSAFD NetBIOS [\Device\NetBT_Tcpip_{11578FCD-D77D-4F50-81E5-9BF33F218DA2}] DATAGRAM 2]
    C:\WINDOWS\system32\nvappfilter.dll(NVIDIA, NVIDIA IAM LSP)
NVIDIA App Filter over [MSAFD NetBIOS [\Device\NetBT_Tcpip_{78B204BD-92F4-431D-A763-87C60A2E0C09}] SEQPACKET 3]
    C:\WINDOWS\system32\nvappfilter.dll(NVIDIA, NVIDIA IAM LSP)
NVIDIA App Filter over [MSAFD NetBIOS [\Device\NetBT_Tcpip_{78B204BD-92F4-431D-A763-87C60A2E0C09}] DATAGRAM 3]
    C:\WINDOWS\system32\nvappfilter.dll(NVIDIA, NVIDIA IAM LSP)
NVIDIA App Filter over [MSAFD NetBIOS [\Device\NetBT_Tcpip_{45DF95F4-41D3-4182-8E27-CC679B2D31B9}] SEQPACKET 4]
    C:\WINDOWS\system32\nvappfilter.dll(NVIDIA, NVIDIA IAM LSP)
NVIDIA App Filter over [MSAFD NetBIOS [\Device\NetBT_Tcpip_{45DF95F4-41D3-4182-8E27-CC679B2D31B9}] DATAGRAM 4]
    C:\WINDOWS\system32\nvappfilter.dll(NVIDIA, NVIDIA IAM LSP)
NVIDIA App Filter
    C:\WINDOWS\system32\nvappfilter.dll(NVIDIA, NVIDIA IAM LSP)

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 1916, C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 336, C:\PROGRAM FILES\360SAFE\SAFEMON\360TRAY.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 336, C:\PROGRAM FILES\360SAFE\SAFEMON\360TRAY.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 424, C:\PROGRAM FILES\NVIDIA CORPORATION\NETWORKACCESSMANAGER\BIN\NSVCIP.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 592, C:\PROGRAM FILES\NVIDIA CORPORATION\NETWORKACCESSMANAGER\BIN\NSVCLOG.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 928, C:\WINDOWS\SYSTEM32\NVSVC32.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 4020, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]

==================================
API HOOK
入口点错误：CreateProcessA (危险等级: 高,  被下面模块所HOOK: C:\Program Files\360safe\safemon\safemon.dll)
入口点错误：CreateProcessW (危险等级: 高,  被下面模块所HOOK: C:\Program Files\360safe\safemon\safemon.dll)

==================================
隐藏进程
N/A

==================================


[/CODE]

[CODE]

2007-08-25,21:40:32

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描

我已经成功解决这个病毒 在我的空间有详细介绍
http://hi.baidu.com/hhxxttsw/blog/item/844af4c800232e157e3e6f4c.html

C:\WINDOWS\system32\winmessenger.exe

找到 加密码123压缩发送到

taylor0577@qq.com


删除服务
[WinMessenger / WinMessenger][Running/Auto Start]
<C:\WINDOWS\system32\winmessenger.exe><Microsoft Corporation>

为什么有些文件在删除时！瑞星会告诉你文件需解压缩后删除！
不懂该怎么弄！
哪位高手能告诉我怎么做啊！
麻烦了啊！

解压缩后删除,看压缩包，如过你有用
就解压到文件夹，然后清除病毒后
再打包（删除原压缩包）

如果没有用或者没见过，就整个将压缩包删除