请看http://forum.ikaka.com/topic.asp?board=28&artid=8368045,根据猫叔的解决方法,有些文件没找到(C:\WINDOWS\system32\avzxamn.dll,C:\Program Files\Internet Explorer\PLUGINS\WinSys64.Sys)没找到
.现在DBGHLP32.DLL病毒又来了~~[CODE]

2007-09-16,13:16:23

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <w><%SystemRoot%\WinRaR.exe>  [N/A]
    <wm><%SystemRoot%\winlogor.exe>  []
    <wl><%SystemRoot%\intent.exe>  [N/A]
    <mm><%SystemRoot%\sourro.exe>  [N/A]
    <zx><%SystemRoot%\winadr.exe>  [N/A]
    <rx><%SystemRoot%\winnt.exe>  [N/A]
    <aa><%SystemRoot%\SVchont.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <kav><"F:\卡巴\avp.exe">  [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <RavRuneip><C:\WINDOWS\system32\RacvSvc.EXE wdkqbgmsye.dll,HHanMa>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
    <WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll>  [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]

==================================
启动文件夹
N/A

==================================
服务
[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
  <C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe><N/A>
[卡巴斯基反病毒6.0 / AVP][Running/Auto Start]
  <F:\卡巴\avp.exe -r><Kaspersky Lab>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>

==================================
驱动程序
[15867609 / 15867609][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\Drivers\15867578.sys><N/A>
[2310_00 / 2310_00][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\2310_00.sys><HighPoint Technologies, Inc.>
[3WAREDRV / 3WAREDRV][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\3WAREDRV.SYS><N/A>
[3WAREGSM / 3WAREGSM][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\3waregsm.sys><N/A>
[3WDRV100 / 3WDRV100][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\3WDRV100.SYS><N/A>
[A320RAID / A320RAID][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\a320raid.sys><Adaptec, Inc.>
[AAC / AAC][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\aac.sys><Adaptec, Inc.>
[AACSAS / AACSAS][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\aacsas.sys><Adaptec, Inc.>
[AAR81XX / AAR81XX][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\aar81xx.sys><Adaptec, Inc.>
[AARSI3X / AARSI3X][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\aarsi3x.sys><Adaptec, Inc.>
[ADP94XX / ADP94XX][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\adp94xx.sys><Adaptec, Inc.>
[adpu160m / adpu160m][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\adpu160m.sys><Microsoft Corporation>
[ADPU320 / ADPU320][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\adpu320.sys><Adaptec, Inc.>
[aeaudio / aeaudio][Stopped/Manual Start]
  <system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[AEC6210 / AEC6210][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\aec6210.sys><ACARD Technology Corp.>
[AEC6260 / AEC6260][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\aec6260.sys><ACARD Technology Corp.>
[AEC6280 / AEC6280][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\aec6280.sys><ACARD Technology Corp.>
[AEC67160 / AEC67160][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\aec67160.sys><ACARD Technology Corp.>
[AEC67162 / AEC67162][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\aec67162.sys><ACARD Technology Corp.>
[AEC671X / AEC671X][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\AEC671X.sys><ACARD Technology Corp.>
[AEC6880 / AEC6880][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\AEC6880.sys><ACARD Technology Corp.>
[AEC6897 / AEC6897][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\aec6897.sys><ACARD Technology Corp.>
[AEC68X5 / AEC68X5][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\aec68x5.sys><ACARD Technology Corp.>
[aic78u2 / aic78u2][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\aic78u2.sys><Microsoft Corporation>
[aic78xx / aic78xx][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\aic78xx.sys><Microsoft Corporation>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter / AN983][Running/Manual Start]
  <system32\DRIVERS\AN983.sys><ADMtek Incorporated.>
[ARCM_X86 / ARCM_X86][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\arcm_x86.sys><ARECA  Technology Corporation>
[asc / asc][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\asc.sys><Advanced System Products, Inc.>
[BCHTSW32 / BCHTSW32][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\bchtsw32.sys><Broadcom Corporation>
[buslogic / buslogic][Stopped/Boot Start]
  <\SystemRoot\System32\bird\buslogic.sys><Microsoft Corporation>
[CDA1000 / CDA1000][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\cda1000.sys><Adaptec, Inc.>
[CmdIde / CmdIde][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\cmdide.sys><CMD Technology, Inc.>
[CPQARRY2 / CPQARRY2][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\cpqarry2.sys><Compaq Computer Corporation>
[CPQCISSM / CPQCISSM][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\cpqcissm.sys><Hewlett-Packard Company>
[CSB6IDE / CSB6IDE][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\csb6ide.sys><ServerWorks Corporation>
[d347bus / d347bus][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\d347bus.sys><>
[d347prt / d347prt][Running/Boot Start]
  <\SystemRoot\System32\Drivers\d347prt.sys><>
[dac2w2k / dac2w2k][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\dac2w2k.sys><Mylex Corporation>
[DMX3191 / DMX3191][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\DMX3191.sys><Microsoft Corporation>
[DMX3194 / DMX3194][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\dmx3194.sys><Microsoft Corporation>
[dpti2o / dpti2o][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\dpti2o.sys><Microsoft Corporation>
[DPTSCSI / DPTSCSI][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\dptscsi.sys><Distributed Processing Technology Corp.>
[dtscsi / dtscsi][Stopped/Manual Start]
  <\SystemRoot\System32\Drivers\dtscsi.sys><DT Soft Ltd.>
[FASTSX / FASTSX][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\fastsx.sys><Promise Technology, Inc.>
[FASTTRAK / FASTTRAK][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\fasttrak.sys><Promise Technology, Inc.>
[FASTTX2K / FASTTX2K][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\fasttx2k.sys><Promise Technology, Inc.>
[fd16_700 / fd16_700][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\fd16_700.sys><Microsoft Corporation>
[fireport / fireport][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\fireport.sys><Microsoft Corporation>
[flashpnt / flashpnt][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\flashpnt.sys><Mylex,Corp.>
[FT8300 / FT8300][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\ft8300.sys><Promise Technology, Inc.>
[FTSATA2 / FTSATA2][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\ftsata2.sys><N/A>
[GD31244 / GD31244][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\gd31244.sys><Intel Corporation>
[HPCISSS2 / HPCISSS2][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\hpcisss2.sys><Hewlett-Packard Company>
[HPT371 / HPT371][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\HPT371.sys><HighPoint Technologies, Inc.>
[HPT374 / HPT374][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\hpt374.sys><HighPoint Technologies, Inc.>
[HPT3XX / HPT3XX][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\hpt3xx.sys><HighPoint Technologies, Inc.>

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; TencentTraveler )

[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[IASTOR / IASTOR][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\iaStor.sys><Intel Corporation>
[IFT2000 / IFT2000][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\ift2000.sys><Infortrend Technology, Inc.>
[ini910u / ini910u][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\ini910u.sys><Microsoft Corporation>
[INIA100 / INIA100][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\INIA100.sys><Initio corp.>
[IPSRAIDN / IPSRAIDN][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\ipsraidn.sys><IBM Corporation>
[ITERAID / ITERAID][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\iteraid.sys><Integrated Technology Express, Inc.>
[JRAID / JRAID][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\JRAID.SYS><JMicron Technology Corp.>
[kfqbqind / kfqbqind][Running/Boot Start]
  <\SystemRoot\\SystemRoot\System32\drivers\kfqbqind.sys><N/A>
[kl1 / kl1][Running/Boot Start]
  <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[M5228 / M5228][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\m5228.sys><ALi Corporation.>
[M5281 / M5281][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\m5281.sys><ALi Corporation>
[M5287 / M5287][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\m5287.sys><ULi Electronics Inc.>
[M5288 / M5288][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\m5288.sys><ULi Electronics Inc.>
[M5289 / M5289][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\m5289.sys><ULi Electronics Inc.>
[MEGAIDE / MEGAIDE][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\MegaIDE.sys><LSI Logic Corporation.>
[mraid35x / mraid35x][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\mraid35x.sys><LSI Logic Corporation>
[NFRD960 / NFRD960][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\nfrd960.sys><IBM Corporation>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
  <system32\DRIVERS\npf.sys><CACE Technologies>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\E:\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[npkycryp / npkycryp][Stopped/Manual Start]
  <\??\E:\Tencent\QQ\npkycryp.sys><N/A>
[nv / nv][Stopped/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[NVATABUS / NVATABUS][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\NVATABUS.SYS><NVIDIA Corporation>
[NVRAID / NVRAID][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\NVRAID.SYS><NVIDIA Corporation>
[perc2 / perc2][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\perc2.sys><Adaptec, Inc.>
[PNP649R / PNP649R][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\pnp649r.sys><CMD Technology, Inc.>
[PNP680 / PNP680][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\pnp680.sys><Silicon Image, Inc.>
[PNP680R / PNP680R][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\pnp680r.sys><Silicon Image, Inc>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[QKeyServiceDisplay / QKeyService][Running/Boot Start]
  <\SystemRoot\system32\KeyCrypt.sys><Tencent Technology (Shenzhen) Company Limited>
[ql1080 / ql1080][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\ql1080.sys><QLogic Corporation>
[Ql10wnt / Ql10wnt][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\ql10wnt.sys><Microsoft Corporation>
[ql12160 / ql12160][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\ql12160.sys><QLogic Corporation>
[ql1280 / ql1280][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\ql1280.sys><QLogic Corporation>
[RAIDSRC / RAIDSRC][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\raidsrc.sys><Intel/ICP>
[RR232X / RR232X][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\rr232x.sys><HighPoint Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[S150SX8 / S150SX8][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\S150sx8.sys><Promise Technology, Inc.>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[SI3112 / SI3112][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\SI3112.sys><Silicon Image, Inc.>
[SI3112R / SI3112R][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\SI3112r.sys><Silicon Image, Inc>
[SI3114 / SI3114][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\SI3114.sys><Silicon Image, Inc.>
[SI3114R / SI3114R][Stopped/Boot Start]
  <\SystemRoot\SYSTEM32\BIRD\SI3114R.sys><Silicon Image, Inc>
[SI3114R5 / SI3114R5][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\Si3114r5.sys><Silicon Image, Inc>
[SI3124 / SI3124][Stopped/Boot Start]
  <\SystemRoot\SYSTEM32\BIRD\SI3124.sys><Silicon Image, Inc.>
[SI3124R / SI3124R][Stopped/Boot Start]
  <\SystemRoot\SYSTEM32\BIRD\SI3124R.sys><Silicon Image, Inc>
[SI3124R5 / SI3124R5][Stopped/Boot Start]
  <\SystemRoot\SYSTEM32\BIRD\Si3124r5.sys><Silicon Image, Inc>
[SI3132 / SI3132][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\SI3132.sys><Silicon Image, Inc.>
[SI3132R5 / SI3132R5][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\Si3132r5.sys><Silicon Image, Inc>
[SIS AGP Bus Filter / sisagp][Stopped/Boot Start]
  <\SystemRoot\system32\DRIVERS\sisagp.sys><Silicon Integrated Systems Corporation>
[SISRAID / SISRAID][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\SiSRaid.sys><Silicon Integrated Systems>
[SISRAID2 / SISRAID2][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\SiSRaid2.sys><Silicon Integrated Systems Corp>
[SISRAID4 / SISRAID4][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\SiSRaid4.sys><Silicon Integrated Systems>
[smwdm / smwdm][Stopped/Manual Start]
  <system32\drivers\smwdm.sys><Analog Devices, Inc.>
[sptd / sptd][Running/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[SPTRAK / SPTRAK][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\sptrak.sys><Promise Technology, Inc.>
[ST8350 / ST8350][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\st8350.sys><Promise Technology, Inc.>
[symc810 / symc810][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\symc810.sys><Symbios Logic Inc.>
[symc8xx / symc8xx][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\symc8xx.sys><LSI Logic>
[SYMMPI / SYMMPI][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\symmpi.sys><LSI Logic>
[sym_hi / sym_hi][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\sym_hi.sys><LSI Logic>
[sym_u3 / sym_u3][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\sym_u3.sys><LSI Logic>
[TRM3X5 / TRM3X5][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\trm3x5.sys><Tekram Technology Co., Ltd.>
[TSP / TSP][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[ULSATA / ULSATA][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\ulsata.sys><Promise Technology, Inc.>
[ULSATA2 / ULSATA2][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\ulsata2.sys><Promise Technology, Inc.>
[ULTIMA / ULTIMA][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\Ultima.sys><Aralion INC.>
[ULTIMARX / ULTIMARX][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\UltimaRX.sys><Aralion INC.>
[ultra / ultra][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\ultra.sys><Promise Technology, Inc.>
[VIAMRAID / VIAMRAID][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\viamraid.sys><VIA Technologies inc,.ltd>
[W2KADV / W2KADV][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\w2kadv.sys><ConnectCom Solutions, Inc.>
[WD7296A / WD7296A][Stopped/Boot Start]
  <\SystemRoot\System32\BIRD\wd7296a.sys><Western Digital Corporation>
[WINIO / WINIO][Stopped/Manual Start]
  <\??\C:\Documents and Settings\Administrator\桌面\592wg.com-qqsg-xc1.06\QQSGHelper106\winio.sys><N/A>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[新泰超级摄像头 / ZSMC301b][Running/Manual Start]
  <System32\Drivers\usbVM31b.sys><VM>

==================================
浏览器加载项
[Thunder Browser Helper]
  {11F09AFC-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[XBTB05774 Class]
  {129DD540-E5E4-4601-825A-43ED660159E0} <C:\WINDOWS\Downloaded Program Files\CONFLICT.4\00110.dll, N/A>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[浩方对战平台]
  {0A155D3C-68E2-4215-A47A-E800A446447A} <F:\HFGameOPT-v1.31\GameClient.exe, 上海浩方在线信息技术有限公司>
[Web反病毒保护]
  {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <F:\卡巴\scieplugin.dll, Kaspersky Lab>
[JUJU猫]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.jujumao.com, N/A>
[PhotoDraw Class]
  {2375BEE5-F175-4F1C-81EC-8E4E2E72E2DD} <C:\WINDOWS\system32\QQPhotoDraw.dll, TENCENT>
[VnetAnprIns Class]
  {74447F9C-5691-4A9A-8BE4-564092E40B03} <C:\WINDOWS\Downloaded Program Files\anprins.dll, 中国电信股份有限公司>
[Tencent Safety Online Base Module]
  {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <C:\WINDOWS\DOWNLO~1\TSOBase.ocx, Tencent Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[PasswordEditCtrl Class]
  {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
[BoBoControl Class]
  {EC0978ED-24E3-403C-AB7A-060E388553E6} <C:\WINDOWS\Downloaded Program Files\BoBo_ActiveX_V3.ocx, 广州易播信息科技有限公司>
[ActiveMovieControl Object]
  {05589FA1-C356-11CE-BF01-00AA0055595A} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {11F09AFC-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[XBTB05774 Class]
  {129DD540-E5E4-4601-825A-43ED660159E0} <C:\WINDOWS\Downloaded Program Files\CONFLICT.4\00110.dll, N/A>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\Mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[Vod Class]
  {2EEDA47E-8D5C-4d7e-B4B6-E16E19218555} <F:\webxun\DownAndPlay\DapPlayer1.1.0.46.dll, N/A>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VnetAnprIns Class]
  {74447F9C-5691-4A9A-8BE4-564092E40B03} <C:\WINDOWS\Downloaded Program Files\anprins.dll, 中国电信股份有限公司>
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <F:\360safe\live.dll, 360safe.com>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[RMGetLicense Class]
  {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\Mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[AUDIO__MID Moniker Class]
  {CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\System32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[PasswordEditCtrl Class]
  {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
[&使用迅雷下载]
  <C:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[&使用迅雷下载全部链接]
  <C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
  <E:\Tencent\QQ\AddEmotion.htm, N/A>

==================================
正在运行的进程
[PID: 540 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 612 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 636 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\klogon.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 688 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 708 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 864 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 912 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 976 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1024 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1168 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1392 / Administrator][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\ifc222.dll]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1484 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1996 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xp

[PID: 3704 / Administrator][E:\Tencent\QQ\QQ.exe]  [TENCENT, 7,0,365,1701]
    [E:\Tencent\QQ\QQBaseClassInDll.dll]  [TENCENT, 7,0,365,1701]
    [E:\Tencent\QQ\QQHelperDll.dll]  [TENCENT, 7,0,365,1701]
    [E:\Tencent\QQ\BasicCtrlDll.dll]  [TENCENT, 7,0,365,1701]
    [E:\Tencent\QQ\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [E:\Tencent\QQ\RICHED32.DLL]  [Microsoft Corporation, 5.00.2134.1]
    [E:\Tencent\QQ\RICHED20.dll]  [Microsoft Corporation, 5.31.23.1218]
    [E:\Tencent\QQ\QQAPI.dll]  [TENCENT, 7,0,365,1701]
    [E:\Tencent\QQ\LoginCtrl.dll]  [TENCENT, 7,0,365,1701]
    [E:\Tencent\QQ\LoginCtrlRes.dll]  [TENCENT, 7,0,365,1701]
    [C:\WINDOWS\ifc222.dll]  [N/A, ]
    [E:\Tencent\QQ\QQRes.dll]  [TENCENT, 7,0,365,1701]
    [E:\Tencent\QQ\WizardCtrl.dll]  [TENCENT, 7,0,365,1701]
    [E:\Tencent\QQ\QQMainFrame.dll]  [N/A, ]
    [E:\Tencent\QQ\gdiplus.dll]  [Microsoft Corporation, 5.1.3102.2180 (xpsp_sp2_rtm.040803-2158)]
    [E:\Tencent\QQ\CQQApplication.dll]  [N/A, ]
    [E:\Tencent\QQ\FlashAvatarDll.dll]  [, 1, 4, 0, 1]
    [E:\Tencent\QQ\NewSkin.dll]  [TENCENT, 7,0,365,1701]
    [E:\Tencent\QQ\HostingMgr.dll]  [TENCENT, 7,0,365,1701]
    [E:\Tencent\QQ\CameraDll.dll]  [TENCENT, 7,0,365,1701]
    [E:\Tencent\QQ\MailSummary.dll]  [TENCENT, 7,0,365,1701]
    [E:\Tencent\QQ\QQKnowledgeSearch.dll]  [TENCENT, 7,0,365,1701]
    [E:\Tencent\QQ\QQAllInOne.dll]  [TENCENT, 7,0,365,1701]
    [E:\Tencent\QQ\SCCore.dll]  [TENCENT, 1, 6, 0, 2]
    [E:\Tencent\QQ\QQSpace.dll]  [TENCENT, 7,0,365,1701]
    [E:\Tencent\QQ\vbscript.dll]  [Microsoft Corporation, 5.6.0.7426]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [E:\Tencent\QQ\QQGroupMng.dll]  [TENCENT, 7,0,365,1701]
    [E:\Tencent\QQ\QQSysMsgMng.dll]  [N/A, ]
    [E:\Tencent\QQ\UserDefinedHead.dll]  [TENCENT, 7,0,365,1701]
    [E:\Tencent\QQ\QQPlugin.dll]  [N/A, ]
    [E:\Tencent\QQ\QQConfigPlugin.dll]  [TENCENT, 7,0,365,1701]
    [E:\Tencent\QQ\QQAvatar.dll]  [N/A, ]
    [E:\Tencent\QQ\QQCustomFace.dll]  [N/A, ]
    [E:\Tencent\QQ\QRingMng.dll]  [N/A, ]
    [E:\Tencent\QQ\LongConnection.dll]  [TENCENT, 7,0,365,1701]
    [E:\Tencent\QQ\PhoneAPI.dll]  [TENCENT, 7,0,365,1701]
    [E:\Tencent\QQ\DialerAllinOne.dll]  [tencent, 1, 4, 0, 0]
    [E:\Tencent\QQ\QQPet.dll]  [TENCENT, 7,0,365,1701]
    [E:\Tencent\QQ\BQQApplication.dll]  [N/A, ]
    [E:\Tencent\QQ\CommercesMng.dll]  [TENCENT, 7,0,365,1701]
    [E:\Tencent\QQ\PersonalDesktop.dll]  [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 2]
    [E:\Tencent\QQ\QQAddr.dll]  [深圳市腾讯计算机系统有限公司, 5, 0, 101, 320]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\msadp32.acm]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [E:\Tencent\QQ\ImageOle.dll]  [TENCENT, 7,0,365,1701]
    [E:\Tencent\QQ\QQLiveQMng.dll]  [TENCENT, 7,0,365,1701]
    [F:\卡巴\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
    [F:\卡巴\klscav.dll]  [Kaspersky Lab, 6.0.0.299]
    [F:\卡巴\pr_remote.dll]  [Kaspersky Lab, 6.0.0.299]
    [F:\卡巴\prloader.dll]  [Kaspersky Lab, 6.0.0.299]
    [F:\卡巴\prkernel.ppl]  [Kaspersky Lab, 6.0.0.304]
    [f:\卡巴\params.ppl]  [Kaspersky Lab, 6.0.0.299]
    [f:\卡巴\pxstub.ppl]  [Kaspersky Lab, 6.0.0.299]
    [f:\卡巴\tempfile.ppl]  [Kaspersky Lab, 6.0.0.299]
    [E:\Tencent\QQ\GroupConnection.dll]  [TENCENT, 7,0,365,1701]
    [E:\Tencent\QQ\QQSceneMng.dll]  [N/A, ]
    [E:\Tencent\QQ\AddrSearch.dll]  [腾讯科技（深圳）有限公司, 2, 1, 9, 95]
    [E:\Tencent\QQ\QQFileTransfer.dll]  [TENCENT, 7,0,365,1701]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx]  [Adobe Systems, Inc., 9,0,45,0]
[PID: 3224 / Administrator][E:\Tencent\TT\TTraveler.exe]  [腾讯公司, 3.2.200.275]
    [E:\Tencent\TT\Plugins\QQFloatBar\QQFloatBar4TT2.dll]  [腾讯公司, 1, 1, 0, 5]
    [E:\Tencent\TT\Plugins\TWeather\TWeather.dll]  [, 1, 0, 0, 3]
    [C:\WINDOWS\ifc222.dll]  [N/A, ]
    [E:\Tencent\TT\PersonalDesktop.dll]  [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 4]
    [F:\卡巴\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
    [F:\卡巴\klscav.dll]  [Kaspersky Lab, 6.0.0.299]
    [F:\卡巴\pr_remote.dll]  [Kaspersky Lab, 6.0.0.299]
    [F:\卡巴\prloader.dll]  [Kaspersky Lab, 6.0.0.299]
    [F:\卡巴\prkernel.ppl]  [Kaspersky Lab, 6.0.0.304]
    [f:\卡巴\params.ppl]  [Kaspersky Lab, 6.0.0.299]
    [f:\卡巴\pxstub.ppl]  [Kaspersky Lab, 6.0.0.299]
    [f:\卡巴\tempfile.ppl]  [Kaspersky Lab, 6.0.0.299]
    [f:\卡巴\nfio.ppl]  [Kaspersky Lab, 6.0.0.299]
    [f:\卡巴\fsdrvplgn.ppl]  [Kaspersky Lab, 6.0.0.299]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx]  [Adobe Systems, Inc., 9,0,45,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\UNISPIM5.IME]  [北京紫光华宇软件股份有限公司, 5.0.0.5091]
[PID: 3436 / Administrator][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sreng2.zip 的临时目录 1\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\WINDOWS\ifc222.dll]  [N/A, ]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
218.6.9.218 bbs.65522.com
61.128.173.210 www.988199.net
218.6.9.194 www.hkyzx.com
219.153.55.68 www.zst001.com
203.120.112.200 www.singaporepools.com.sg
220.162.238.187 www.fjtc.com.cn
125.91.11.19 bbs.lllfff.com
204.16.192.11 k1122.cn
222.76.216.142 fj1.liaob.net
218.6.12.67 bbs.190hk.com
218.6.12.81 www.sss000.com
210.51.170.64 www.tm2007.net
219.153.34.100 www.bai66.com
125.64.92.207 www.zggpw.com
125.91.12.231 www.5959888.com
219.238.235.101 forum.ikaka.com
58.218.202.212 www.qqgexing.com
58.61.39.224 blog.xunlei.com
61.129.76.78 movieso.xunlei.com
58.61.39.224 blog.xunlei.com
61.152.238.179 sscn.tqiu.com
221.233.134.12 www.foxgas.com
125.90.207.68 space.ouou.com
219.153.18.140 www.sunaa.com
125.90.204.163 www.56.com
125.90.204.163 www.56.com
125.90.204.163 www.56.com

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 3224, E:\TENCENT\TT\TTRAVELER.EXE]

==================================
API HOOK
RVA  错误： LoadLibraryA (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA  错误： LoadLibraryExA (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA  错误： LoadLibraryExW (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA  错误： LoadLibraryW (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA  错误： GetProcAddress (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)

==================================
隐藏进程
N/A

==================================


[/CODE]

一、用SRENG扫描工具删除如下注册表项目：
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<w><%SystemRoot%\WinRaR.exe> [N/A]
<wm><%SystemRoot%\winlogor.exe> []
<wl><%SystemRoot%\intent.exe> [N/A]
<mm><%SystemRoot%\sourro.exe> [N/A]
<zx><%SystemRoot%\winadr.exe> [N/A]
<rx><%SystemRoot%\winnt.exe> [N/A]
<aa><%SystemRoot%\SVchont.exe> [N/A]
==================================
二、用SRENG扫描工具删除如下驱动程序：
[15867609 / 15867609][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\Drivers\15867578.sys><N/A>
[kfqbqind / kfqbqind][Running/Boot Start]
<\SystemRoot\\SystemRoot\System32\drivers\kfqbqind.sys><N/A>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
<system32\DRIVERS\npf.sys><CACE Technologies>
[npkycryp / npkycryp][Stopped/Manual Start]
<\??\E:\Tencent\QQ\npkycryp.sys><N/A>
==================================
四、重启进入安全模式，双击“我的电脑”--工具--文件夹选项--查看--勾选“显示系统文件和文件夹”，取消勾选“隐藏受保护的操作系统文件（推荐）”，之后勾选“显示所有的文件和文件夹”--确定--找到以下文件，删除(找不到就算了)：
C:\WINDOWS\System32\drivers\kfqbqind.sys
C:\WINDOWS\system32\Drivers\15867578.sys
c:\windows\system32\DRIVERS\npf.sys
E:\Tencent\QQ\npkycryp.sys
c:\windows\WinRaR.exe
c:\windows\winlogor.exe
c:\windows\intent.exe
c:\windows\sourro.exe
c:\windows\winadr.exe
c:\windows\winnt.exe
c:\windows\SVchont.exe
C:\WINDOWS\ifc222.dll
==================================
五、安全模式下全盘杀毒。
==================================
六、用SRENG扫描工具重置HOSTS文件。