[CODE]

2007-05-11,16:44:08

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows Server 2003 Enterprise Edition Service Pack 2 (Build 3790) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Component Publisher]
    <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Component Publisher]
    <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Component Publisher]
    <SoundMan><SOUNDMAN.EXE>  [Avance Logic, Inc.]
    <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [NVIDIA Corporation]
    <nwiz><nwiz.exe /install>  [NVIDIA Corporation]
    <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [NVIDIA Corporation]
    <ShutdownEventCheck><%systemroot%\system32\dumprep 0 -s>  [N/A]
    <Super Rabbit Desktop Set><C:\Program Files\Super Rabbit\MagicSet\DS.EXE /Load>  [N/A]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><%SystemRoot%\system32\logonui.exe>  [(Verified)Microsoft Windows Component Publisher]

==================================
启动文件夹
[服务管理器]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\服务管理器.lnk --> C:\PROGRA~1\MICROS~1\80\Tools\Binn\sqlmangr.exe [Microsoft Corporation]><N>

==================================
服务
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[QoS Service / lDOMANE][Stopped/Auto Start]
  <C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE C:\WINDOWS\SYSTEM32\WBEM\CBBZX.DLL,Export 1087><N/A>
[Vsn lijy Service / lijy][Stopped/Auto Start]
  <C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\fdoe\yvwl.dll,Service><Microsoft Corporation>
[Microsoft Search / MSSEARCH][Running/Auto Start]
  <"C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe"><Microsoft Corporation>
[MSSQLSERVER / MSSQLSERVER][Running/Auto Start]
  <C:\PROGRA~1\MICROS~1\MSSQL\binn\sqlservr.exe><Microsoft Corporation>
[MSSQLServerADHelper / MSSQLServerADHelper][Stopped/Manual Start]
  <C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe><Microsoft Corporation>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[OracleOraHome81ClientCache / OracleOraHome81ClientCache][Stopped/Manual Start]
  <c:\oracle\ora81\BIN\ONRSD.EXE><N/A>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[SQLSERVERAGENT / SQLSERVERAGENT][Running/Auto Start]
  <C:\PROGRA~1\MICROS~1\MSSQL\binn\sqlagent.exe><Microsoft Corporation>
[Vsn sxiy Service / sxiy][Stopped/Auto Start]
  <C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\fdoe\mkvl.dll,Service><Microsoft Corporation>
[Std trss Service / trss][Stopped/Auto Start]
  <C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\ljuk\vwex.dll,Service -s><Microsoft Corporation>
[Windows_rejoice / Windows_rejoice][Stopped/Auto Start]
  <><N/A>

==================================
驱动程序
[Service for Avance AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Avance Logic, Inc.>
[AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
  <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[dump_wmimmc / dump_wmimmc][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\dump_wmimmc.sys><N/A>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[HookCont / HookCont][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[ifrjgwxb / ifrjgwxb][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ifrjgwxb.sys><Yahoo! China Corporation>
[IP in IP Tunnel Driver / IpInIp][Stopped/Manual Start]
  <system32\DRIVERS\ipinip.sys><N/A>
[kmsinput / kmsinput][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\kmsinput.sys><N/A>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[niodlbmf / niodlbmf][Running/Boot Start]
  <\SystemRoot\\SystemRoot\System32\drivers\niodlbmf.sys><N/A>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\C:\Program Files\cmak\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[npkycryp / npkycryp][Stopped/Manual Start]
  <\??\C:\Program Files\cmak\QQ\npkycryp.sys><N/A>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SiS PCI Fast Ethernet Adapter Driver / SISNIC][Running/Manual Start]
  <system32\DRIVERS\sisnic.sys><SiS Corporation>

==================================
浏览器加载项
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\cmak\QQ\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <C:\Program Files\cmak\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft Corporation>
[XIsOro Control]
  {48FE89A0-486C-48DF-9DEC-BED22BDC6057} <C:\WINDOWS\DOWNLO~1\XISORO~1.OCX, >
[Oracle JInitiator 1.1.8.18]
  {5e2a3510-4371-11d6-b64c-00c04faedb18} <C:\Program Files\Oracle\JInitiator 1.1.8.19\bin\beans.ocx, Oracle Corporation>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[MUWebControl Class]
  {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, Microsoft Corporation>
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, >
[WebActivater Control]
  {C661F36D-DF85-4EF4-83C7-E107B83D04B1} <C:\WINDOWS\system32\3DShowVM.ocx, QQ>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[CPasswordEditCtrl Object]
  {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
[BoBo P2P多媒体网络点播/广播/直播系统 V3]
  {EC0978ED-24E3-403C-AB7A-060E388553E6} <C:\WINDOWS\DOWNLO~1\BOBO_A~1.OCX, 广州易播信息科技有限公司>
[RASrv Class]
  {FB6CAFD9-61A5-4A97-B4A6-C6A3A3AFCDED} <C:\WINDOWS\system32\msilrai.dll, >
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[CPasswordEditCtrl Object]
  {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
[XML DOM Document]
  {F6D90F11-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A>
[&使用BitComet下载]
  <res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm, N/A>
[&使用BitComet下载全部链接]
  <res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm, N/A>
[&使用BitComet下载本页视频]
  <res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm, N/A>
[&使用迅雷下载]
  <C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
  <C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[上传到QQ网络硬盘]
  <C:\Program Files\cmak\QQ\AddToNetDisk.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
  <C:\Program Files\cmak\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <C:\Program Files\cmak\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <C:\Program Files\cmak\QQ\SendMMS.htm, N/A>

==================================

正在运行的进程
[PID: 268][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
[PID: 324][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 348][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
[PID: 396][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
[PID: 408][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 596][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
[PID: 672][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
[PID: 748][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
[PID: 784][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
[PID: 844][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
[PID: 1764][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.3790.3959 (srv03_sp2_rtm.070216-1710)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
    [C:\WINDOWS\system32\nvcpl.dll]  [NVIDIA Corporation, 6.14.10.5664]
    [C:\WINDOWS\system32\nvshell.dll]  [NVIDIA Corporation, 6.14.10.5664]
    [C:\WINDOWS\system32\NVWRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.5664]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
[PID: 1840][C:\WINDOWS\soundman.exe]  [Avance Logic, Inc., 5, 0, 0, 0]
[PID: 1920][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3018]
[PID: 1944][C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\W95SCM.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\WINDOWS\system32\SQLUNIRL.dll]  [Microsoft Corporation, 2000.080.0728.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLSVC.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\WINDOWS\system32\odbcbcp.dll]  [Microsoft Corporation, 2000.086.3959.00 (srv03_sp2_rtm.070216-1710)]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLRESLD.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\2052\SQLSVC.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\2052\sqlmangr.RLL]  [Microsoft Corporation, 2000.080.0194.00]
[PID: 2332][C:\Program Files\cmak\QQ\QQ.exe]  [TENCENT, 0, 0, 0, 0]
    [C:\Program Files\cmak\QQ\CoralAssist.DLL]  [Coral Team, 4.5.0 build 20060515]
    [C:\Program Files\cmak\QQ\CoralQQ.DLL]  [Coral Team, 4.5.4 Build 20061001]
    [C:\Program Files\cmak\QQ\ipsearcher.dll]  [, 1.0.0.4]
    [C:\Program Files\cmak\QQ\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.42]
    [C:\Program Files\cmak\QQ\mfc42.dll]  [Microsoft Corporation, 6.00.8665.0]
    [C:\Program Files\cmak\QQ\msvcp80.dll]  [Microsoft Corporation, 8.00.50727.42]
    [C:\Program Files\cmak\QQ\QQBaseClassInDll.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\cmak\QQ\QQHelperDll.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\cmak\QQ\BasicCtrlDll.dll]  [Tencent, 5, 0, 200, 370]
    [C:\Program Files\cmak\QQ\RICHED32.DLL]  [Microsoft Corporation, 5.00.2134.1]
    [C:\Program Files\cmak\QQ\RICHED20.dll]  [Microsoft Corporation, 5.31.23.1218]
    [C:\Program Files\cmak\QQ\QQAPI.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\cmak\QQ\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
    [C:\Program Files\cmak\QQ\LoginCtrl.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\cmak\QQ\npkcntc.dll]  [INCA Internet Co., Ltd., 2006, 6, 27, 1]
    [C:\Program Files\cmak\QQ\npkpdb.dll]  [INCA Internet Co., Ltd., 2003, 10, 1, 1]
    [C:\Program Files\cmak\QQ\QQRes.dll]  [tencent, 1, 0, 0, 1]
    [C:\Program Files\cmak\QQ\QQMainFrame.dll]  [N/A, ]
    [C:\Program Files\cmak\QQ\CQQApplication.dll]  [N/A, ]
    [C:\Program Files\cmak\QQ\NewSkin.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\cmak\QQ\HostingMgr.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\cmak\QQ\CameraDll.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\cmak\QQ\MailSummary.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\cmak\QQ\QQSpace.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\cmak\QQ\vbscript.dll]  [Microsoft Corporation, 5.6.0.7426]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [C:\Program Files\cmak\QQ\QQGroupMng.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\cmak\QQ\GroupLive.dll]  [N/A, ]
    [C:\Program Files\cmak\QQ\QQSysMsgMng.dll]  [N/A, ]
    [C:\Program Files\cmak\QQ\UserDefinedHead.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\cmak\QQ\QQPlugin.dll]  [N/A, ]
    [C:\Program Files\cmak\QQ\QQConfigPlugin.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\cmak\QQ\LongConnection.dll]  [tencent, 5, 0, 200, 160]
    [C:\Program Files\cmak\QQ\QQAvatar.dll]  [N/A, ]
    [C:\Program Files\cmak\QQ\FlashAvatarDll.dll]  [, 1, 4, 0, 1]
    [C:\Program Files\cmak\QQ\QRingMng.dll]  [N/A, ]
    [C:\Program Files\cmak\QQ\PhoneAPI.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\cmak\QQ\DialerAllinOne.dll]  [tencent, 1, 4, 0, 0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.2.3790.3959 (srv03_sp2_rtm.070216-1710)]
    [C:\Program Files\cmak\QQ\VPortal.dll]  [, 1, 0, 0, 4]
    [C:\Program Files\cmak\QQ\QQFileTransfer.dll]  [Tencent, 0, 3, 3, 5]
    [C:\Program Files\cmak\QQ\QQPet.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\cmak\QQ\BQQApplication.dll]  [N/A, ]
    [C:\Program Files\cmak\QQ\CommercesMng.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\cmak\QQ\PersonalDesktop.dll]  [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 2]
    [C:\Program Files\cmak\QQ\QQAddr.dll]  [深圳市腾讯计算机系统有限公司, 5, 0, 101, 240]
    [C:\Program Files\cmak\QQ\QQSceneMng.dll]  [N/A, ]
    [C:\Program Files\cmak\QQ\QQPhoneHelper.dll]  [腾讯科技（深圳）有限公司, 2, 1, 8, 81]
    [C:\Program Files\cmak\QQ\QQAllInOne.dll]  [N/A, ]
    [C:\Program Files\cmak\QQ\SCCore.dll]  [TENCENT, 2, 0, 0, 1]
    [C:\Program Files\cmak\QQ\gdiplus.dll]  [Microsoft Corporation, 5.1.3102.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\cmak\QQ\QQCustomFace.dll]  [N/A, ]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\WINDOWS\system32\WINWB86.IME]  [Microsoft Corporation, 5.00.2000.3]
    [C:\WINDOWS\system32\msadp32.acm]  [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
    [C:\Program Files\cmak\QQ\QQMagicFace.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\cmak\QQ\GroupConnection.dll]  [Tencent, 0, 3, 3, 5]
    [C:\Program Files\cmak\QQ\QQZip.dll]  [tencent, 0, 3, 2, 4]
[PID: 2364][C:\Program Files\Tencent\QQ\TIMPlatform.exe]  [tencent, 0, 3, 1, 8]
    [C:\Program Files\cmak\QQ\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
[PID: 2464][C:\Program Files\BitComet\BitComet.exe]  [www.BitComet.com, 0.81]
    [C:\Program Files\BitComet\dbghelp.dll]  [Microsoft Corporation, 6.3.0011.3 (DbgBuild.040120-1256)]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 3696][E:\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 LOCALHOST
219.238.233.202 www.ztztzt.com.cn
219.238.233.202 www.ztztzt.com.cn
219.238.233.202 www.blackzl.com
219.238.233.202 www.blackzl.com
219.238.233.202 www.555125.com
219.238.233.202 www.555125.com
58.218.179.154 www.youxig.com
58.218.179.154 www.youxig.com
58.218.179.154 bbs.youxig.com
58.218.179.154 bbs.youxig.com
58.218.179.154 www.ztztzt.com
58.218.179.154 www.ztztzt.com
58.218.179.154 bbs.ztztzt.com
58.218.179.154 bbs.ztztzt.com
58.218.179.154 ztztzt.com
58.218.179.154 ztztzt.com
219.238.233.202 www.loveuc.com
219.238.233.202 www.loveuc.com
219.238.233.202 www.wowchian.com
219.238.233.202 www.wowchian.com
219.238.233.202 wowchian.com
219.238.233.202 wowchian.com
219.238.233.202 www.zhengtusf.com
219.238.233.202 www.zhengtusf.com
219.238.233.202 zhengtusf.com
219.238.233.202 zhengtusf.com
219.238.233.202 zhengtu.uuh.cn
219.238.233.202 zhengtu.uuh.cn
219.238.233.202 www.ztgmme.com.cn
219.238.233.202 www.ztgmme.com.cn
219.238.233.202 ztgmme.com.cn
219.238.233.202 ztgmme.com.cn
219.238.233.202 www.zt.yn9.cn
219.238.233.202 www.zt.yn9.cn
219.238.233.202 www.221122.net
219.238.233.202 www.221122.net
219.238.233.202 www.171737.com
219.238.233.202 www.171737.com
219.238.233.202 www.yxcb.com
219.238.233.202 www.yxcb.com
219.238.233.202 www.zt930.com
219.238.233.202 www.zt930.com
219.238.233.202 zt930.com
219.238.233.202 zt930.com
219.238.233.202 yxcb.com
219.238.233.202 yxcb.com
219.238.233.202 171737.com
219.238.233.202 171737.com
219.238.233.202 www.sy5832.com
219.238.233.202 www.sy5832.com
219.238.233.202 221122.net
219.238.233.202 221122.net
219.238.233.202 18dmm.com
219.238.233.202 18dmm.com
219.238.233.202 www.18dmm.com
219.238.233.202 www.18dmm.com
219.238.233.202 sa.cn
219.238.233.202 sa.cn
219.238.233.202 1.sa.cn
219.238.233.202 1.sa.cn
219.238.233.202 www.2007ip.com
219.238.233.202 www.2007ip.com
219.238.233.202 2007ip.com
219.238.233.202 2007ip.com
219.238.233.202 56jb.com
219.238.233.202 56jb.com
219.238.233.202 iloveck.com
219.238.233.202 iloveck.com
219.238.233.202 www.iloveck.com
219.238.233.202 www.iloveck.com
219.238.233.202 www.5yip.com
219.238.233.202 www.5yip.com
219.238.233.202 mmm.caifu18.net
219.238.233.202 mmm.caifu18.net
219.238.233.202 d.qbbd.com
219.238.233.202 d.qbbd.com
219.238.233.202 www.5117music.com
219.238.233.202 www.5117music.com
219.238.233.202 www.union123.com
219.238.233.202 www.union123.com
219.238.233.202 www.wu7x.cn
219.238.233.202 www.wu7x.cn
219.238.233.202 www.54699.com
219.238.233.202 www.54699.com
219.238.233.202 60.169.0.66
219.238.233.202 60.169.0.66
219.238.233.202 60.169.1.29
219.238.233.202 60.169.1.29
219.238.233.202 www.97725.com
219.238.233.202 www.97725.com
219.238.233.202 down.97725.com
219.238.233.202 down.97725.com
219.238.233.202 ip.315hack.com
219.238.233.202 ip.315hack.com
219.238.233.202 www.baidulink.com
219.238.233.202 www.baidulink.com
219.238.233.202 do.77276.com
219.238.233.202 do.77276.com
219.238.233.202 www.down.hunll.com
219.238.233.202 www.down.hunll.com
219.238.233.202 www.hunll.com
219.238.233.202 www.hunll.com
219.238.233.202 www.9cyy.com
219.238.233.202 www.9cyy.com
219.238.233.202 www.heixiou.com
219.238.233.202 www.heixiou.com
219.238.233.202 xulao.com
219.238.233.202 xulao.com
219.238.233.202 www.41ip.com
219.238.233.202 www.41ip.com
219.238.233.202 www1.cw988.cn
219.238.233.202 www1.cw988.cn
219.238.233.202 d.77276.com
219.238.233.202 d.77276.com
219.238.233.202 i.96981.com
219.238.233.202 i.96981.com
219.238.233.202 www.my6688.cn
219.238.233.202 www.my6688.cn
219.238.233.202 wm.103715.com
219.238.233.202 wm.103715.com
219.238.233.202 www.guazhan.cn
219.238.233.202 www.guazhan.cn
219.238.233.202 www.f5game.com
219.238.233.202 www.f5game.com
219.238.233.202 222.73.220.45
219.238.233.202 222.73.220.45
219.238.233.202 www1.cw988.cn
219.238.233.202 www1.cw988.cn
219.238.233.202 adnx.yygou.cn
219.238.233.202 adnx.yygou.cn
219.238.233.202 cool.47555.com
219.238.233.202 cool.47555.com
219.238.233.202 www.asdwc.com
219.238.233.202 www.asdwc.com
219.238.233.202 55880.cn
219.238.233.202 55880.cn
219.238.233.202 www.5i73.com
219.238.233.202 www.5i73.com
219.238.233.202 mir2.5i73.com
219.238.233.202 mir2.5i73.com

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

运行SRE 启动程序 WIN32服务 勾选已认证微软
选中下列

[Vsn sxiy Service / sxiy]
[Std trss Service / trss]
[ Windows_rejoice/ Windows_rejoice]
删除服务 设置 否

驱动程序 勾选 隐藏已认证微软 选中
[niodlbmf / niodlbmf]
[npkycryp / npkycryp]
删除服务 设置 否

系统修复 浏览器加载项
删除下列
[QQ]
[QQIEFloatBarCfgCmd Class]
[卡卡上网安全助手]
[XIsOro Control
[WUWebControl Class]
[MUWebControl Class]
[AxInputControl Class]
[WebActivater Control]
[CPasswordEditCtrl Object]
[BoBo P2P多媒体网络点播/广播/直播系统 V3]
[RASrv Class]
[HTML Document]
[SearchAssistantOC]
[卡卡上网安全助手]
[CPasswordEditCtrl Object]
[XML DOM Document]
[&使用BitComet下载]
[&使用BitComet下载全部链接]
[&使用BitComet下载本页视频]
[导出到 Microsoft Office Excel(&X)]





重起机器狂按F8进入安全模式删除下列文件
C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\fdoe\mkvl.dll,Service(压缩 加密123 发送到 lxin008@yahoo.com.cn )
C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\ljuk\vwex.dll,Service -s(压缩 加密123 发送到 lxin008@yahoo.com.cn )
C:\Program Files\cmak\QQ\npkycryp.sys
\SystemRoot\\SystemRoot\System32\drivers\niodlbmf.sys

系统修复  HOSTS 文件
删除 所有网站 或者下载 windows清理助手(或360安全卫士)清理一下后续工作