我也是收到别人发来的东西中毒的,打开RAR里是一个TIF文件，双击该文件就中毒了~~~

然后就自动发送给好友同样的文件

不是以前流行的MSN性感鸡,我用05年的专杀杀不掉~

可能是个新病毒

求助!!我身边很多人中了,就是昨天下午的事!

[CODE]

2007-03-27,06:56:22

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <MsnMsgr><"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background>  [(Verified)Microsoft Corporation]
    <TPKMAPMN><C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe>  []
    <ibmmessages><C:\Program Files\IBM\Messages By IBM\ibmmessages.exe>  [IBM]
    <RAMSaverPro><D:\Install\内存释放\ramsaver\ramsaver\ramsaverpro.exe>  []
    <LogitechSoftwareUpdate><"D:\Program Files\Logitech\Video\ManifestEngine.exe" boot>  [N/A]
    <swg><C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe>  [(Verified)Google Inc]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)]
    <PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <ATIModeChange><Ati2mdxx.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <ATIPTA><C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe>  [ATI Technologies, Inc.]
    <TPHOTKEY><C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe>  []
    <ibmmessages><C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe>  [IBM]
    <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
    <DAEMON Tools-2052><"C:\Program Files\D-Tools\daemon.exe"  -lang 2052>  [DAEMON'S HOME]
    <BMMLREF><C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE>  []
    <BMMGAG><RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor>  [IBM Corp.]
    <ccApp><"C:\Program Files\Common Files\Symantec Shared\ccApp.exe">  [(Verified)Symantec Corporation]
    <VPTray><"C:\Program Files\Symantec AntiVirus\VPTray.exe">  [(Verified)Symantec Corporation]
    <QCTray><C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe>  [IBM Corp.]
    <QuickTime Task><"D:\Program Files\QuickTime\qttask.exe" -atboottime>  [Apple Computer, Inc.]
    <LVCOMSX><C:\WINDOWS\system32\LVCOMSX.EXE>  [Logitech Inc.]
    <LogitechVideoRepair><d:\Program Files\Logitech\Video\ISStart.exe >  [Logitech Inc.]
    <LogitechVideoTray><d:\Program Files\Logitech\Video\LogiTray.exe>  [Logitech Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><userinit.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{4BAB150F-DD97-476D-9C1E-41B6CDC0CA7A}><>  [N/A]
    <{E568441B-9EF3-49F8-9A67-4141AC41ADD4}><>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <rdshost><rdshost.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
    <WinlogonNotify: NavLogon><C:\WINDOWS\system32\NavLogon.dll>  [(Verified)Symantec Corporation]

==================================
启动文件夹
[Logitech Desktop Messenger]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Logitech Desktop Messenger.lnk --> C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LDMConf.exe [Logitech]><N>
[Adobe Reader Speed Launch]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Reader Speed Launch.lnk --> C:\PROGRA~1\Adobe\ACROBA~3.0\Reader\READER~1.EXE [Adobe Systems Incorporated]><N>

==================================
服务
[ACU Configuration Service / ACS][Stopped/Manual Start]
  <C:\WINDOWS\system32\acs.exe><N/A>
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
  <C:\WINDOWS\System32\Ati2evxx.exe><>
[BlueSoleil Hid Service / BlueSoleil Hid Service][Running/Auto Start]
  <d:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe><N/A>
[BrSplService / Brother XP spl Service][Running/Auto Start]
  <C:\WINDOWS\system32\brsvc01a.exe><brother Industries Ltd>
[Symantec Event Manager / ccEvtMgr][Running/Auto Start]
  <"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"><Symantec Corporation>
[Symantec Password Validation / ccPwdSvc][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"><Symantec Corporation>
[Symantec Settings Manager / ccSetMgr][Running/Auto Start]
  <"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"><Symantec Corporation>
[Symantec AntiVirus Definition Watcher / DefWatch][Running/Auto Start]
  <"C:\Program Files\Symantec AntiVirus\DefWatch.exe"><Symantec Corporation>
[Juniper Network Connect Service / dsNcService][Running/Auto Start]
  <C:\Program Files\Juniper Networks\Common Files\dsNcService.exe><Juniper Networks>
[EvtEng / EvtEng][Running/Auto Start]
  <C:\Program Files\Intel\Wireless\Bin\EvtEng.exe><Intel Corporation>
[Google Updater Service / gusvc][Stopped/Manual Start]
  <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[IBM PM Service / IBMPMSVC][Running/Auto Start]
  <C:\WINDOWS\System32\ibmpmsvc.exe><N/A>
[Machine Debug Manager / MDM][Running/Auto Start]
  <"C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"><Microsoft Corporation>
[MSSQLSERVER / MSSQLSERVER][Stopped/Manual Start]
  <C:\PROGRA~1\MICROS~3\MSSQL\binn\sqlservr.exe><Microsoft Corporation>
[MSSQLServerADHelper / MSSQLServerADHelper][Stopped/Manual Start]
  <C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe><Microsoft Corporation>
[OwnershipProtocol / OwnershipProtocol][Running/Auto Start]
  <C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe><Intel Corporation>
[QCONSVC / QCONSVC][Running/Auto Start]
  <System32\QCONSVC.EXE><N/A>
[RegSrvc / RegSrvc][Running/Auto Start]
  <C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe><Intel Corporation>
[Remote Log / Remote Log][Stopped/Auto Start]
  <system32\ServeHost.exe><N/A>
[Spectrum24 Event Monitor / S24EventMonitor][Running/Auto Start]
  <C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe><Intel Corporation>
[Sandra Data Service / SandraDataSrv][Stopped/Manual Start]
  <d:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2\RpcDataSrv.exe><SiSoftware>
[Sandra Service / SandraTheSrv][Stopped/Manual Start]
  <d:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR2\RpcSandraSrv.exe><SiSoftware>
[SavRoam / SavRoam][Stopped/Manual Start]
  <"C:\Program Files\Symantec AntiVirus\SavRoam.exe"><symantec>
[Symantec Network Drivers Service / SNDSrvc][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"><Symantec Corporation>
[SoundMAX Agent Service / SoundMAX Agent Service (default)][Running/Auto Start]
  <C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>
[Symantec SPBBCSvc / SPBBCSvc][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"><Symantec Corporation>
[SQLSERVERAGENT / SQLSERVERAGENT][Stopped/Manual Start]
  <C:\PROGRA~1\MICROS~3\MSSQL\binn\sqlagent.exe><Microsoft Corporation>
[Symantec AntiVirus / Symantec AntiVirus][Running/Auto Start]
  <"C:\Program Files\Symantec AntiVirus\Rtvscan.exe"><Symantec Corporation>
[IBM KCU Service / TpKmpSVC][Running/Auto Start]
  <C:\WINDOWS\system32\TpKmpSVC.exe><N/A>
[Visual Studio Analyzer RPC bridge / Visual Studio Analyzer RPC bridge][Stopped/Manual Start]
  <C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe><Microsoft Corporation>
[VMware Authorization Service / VMAuthdService][Running/Auto Start]
  <C:\Program Files\VMware\VMware Workstation\vmware-authd.exe><VMware, Inc.>
[VMware DHCP Service / VMnetDHCP][Running/Auto Start]
  <C:\WINDOWS\system32\vmnetdhcp.exe><VMware, Inc.>
[VMware NAT Service / VMware NAT Service][Running/Auto Start]
  <C:\WINDOWS\system32\vmnat.exe><VMware, Inc.>
[WLANKEEPER / WLANKEEPER][Running/Auto Start]
  <C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe><Intel? Corporation>

==================================
驱动程序
[1574333 / 1574333][Running/Boot Start]
  <\SystemRoot\System32\drivers\1574333.sys><N/A>
[aeaudio / aeaudio][Running/Manual Start]
  <system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[AEGIS Protocol (IEEE 802.1x) v3.1.6.0 / AegisP][Running/Auto Start]
  <system32\DRIVERS\AegisP.sys><Meetinghouse Data Communications>
[ANC / ANC][Running/System Start]
  <System32\drivers\ANC.SYS><IBM Corp.>
[Anfad / Anfad][Stopped/System Start]
  <system32\drivers\Anfad.sys><N/A>
[ati2mtag / ati2mtag][Running/Manual Start]
  <System32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Bluetooth Audio Service / BlueletAudio][Running/Manual Start]
  <system32\DRIVERS\blueletaudio.sys><IVT Corporation>
[Bluetooth PAN Network Adapter / BT][Stopped/Manual Start]
  <system32\DRIVERS\btnetdrv.sys><IVT Corporation>
[Bluetooth USB For Bluetooth Service / Btcsrusb][Stopped/Manual Start]
  <System32\Drivers\btcusb.sys><IVT Corporation>
[Bluetooth HID Enumerator / BTHidEnum][Running/Manual Start]
  <system32\DRIVERS\vbtenum.sys><N/A>
[Bluetooth HID Manager Service / BTHidMgr][Running/Boot Start]
  <\SystemRoot\System32\Drivers\BTHidMgr.sys><IVT Corporation>
[Bluetooth Network Filter / BTNetFilter][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys><N/A>
[WIDCOMM USB Bluetooth Driver / BTWUSB][Stopped/Manual Start]
  <System32\Drivers\btwusb.sys><N/A>
[Xircom CardBus Ethernet 10/100 Adapter family Driver / CBEN5][Stopped/Manual Start]
  <system32\DRIVERS\cben5.sys><Xircom, Inc.>
[d347bus / d347bus][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\d347bus.sys><>
[d347prt / d347prt][Running/Boot Start]
  <\SystemRoot\System32\Drivers\d347prt.sys><>
[UnisDC 4200 - PC Camera / DCamUSBGT892x][Stopped/Manual Start]
  <System32\Drivers\GT892xV.SYS><Grandtech Semiconductor Corp.>
[Juniper Network Connect Adapter / dsNcAdpt][Running/Manual Start]
  <system32\DRIVERS\dsNcAdpt.sys><Juniper Networks>
[Intel(R) PRO/1000 Adapter Driver / E1000][Running/Manual Start]
  <System32\DRIVERS\e1000325.sys><Intel Corporation>
[Symantec Eraser Control driver / eeCtrl][Running/System Start]
  <\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys><Symantec Corporation>
[IBM Access Support / EGATHDRV][Running/Auto Start]
  <\??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS><IBM Corporation>
[Elobus Filter Driver / EloBus][Stopped/Manual Start]
  <system32\DRIVERS\EloBus.sys><N/A>
[Elo Serial Driver / EloSer][Stopped/Manual Start]
  <system32\DRIVERS\EloSer.sys><N/A>
[FAD / FAD][Stopped/System Start]
  <system32\drivers\FAD.sys><N/A>
[Filter Service / FilterService][Stopped/Manual Start]
  <System32\Drivers\filter.sys><Windows (R) 2000 DDK provider>
[gtflt20 / gtflt20][Stopped/Manual Start]
  <system32\DRIVERS\gtflt20.sys><>
[VMware hcmon / hcmon][Running/Auto Start]
  <\??\C:\WINDOWS\system32\Drivers\hcmon.sys><VMware, Inc.>
[USB-HID -> COM Driver Service / HidCom][Stopped/Auto Start]
  <system32\DRIVERS\HidCom.sys><Cypress Semiconductor>
[HSFHWICH / HSFHWICH][Running/Manual Start]
  <System32\DRIVERS\HSFHWICH.sys><Conexant Systems, Inc.>
[HSF_DP / HSF_DP][Running/Manual Start]
  <System32\DRIVERS\HSF_DP.sys><Conexant Systems, Inc.>
[IBMPMDRV / IBMPMDRV][Running/Manual Start]
  <System32\DRIVERS\ibmpmdrv.sys><IBM Corp.>
[IBMTPCHK / IBMTPCHK][Running/System Start]
  <System32\drivers\IBMBLDID.SYS><N/A>
[iRiver Internet Audio Player IFP-100 / IFPUSB][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\ifpusb.sys><iRiver, Inc.>
[Intel Wireless Connection Agent Miniport for Win XP / IWCA][Running/Manual Start]
  <system32\DRIVERS\iwca.sys><Intel Corporation>
[Logitech USB Monitor Filter / LVUSBSta][Stopped/Manual Start]
  <system32\drivers\lvusbsta.sys><Logitech Inc.>
[AEGIS Protocol (IEEE 802.1x) v2.3.1.9 / MDC8021X][Running/Auto Start]
  <system32\DRIVERS\mdc8021x.sys><Meetinghouse Data Communications>
[mdmxsdk / mdmxsdk][Running/Auto Start]
  <System32\DRIVERS\mdmxsdk.sys><Conexant>
[USB MP3 Driver / MP3300AI][Stopped/Auto Start]
  <System32\Drivers\CyFxUsb.sys><Sunplus CO., LTD.>
[NAVENG / NAVENG][Running/Manual Start]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070325.025\naveng.sys><Symantec Corporation>
[NAVEX15 / NAVEX15][Running/Manual Start]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070325.025\navex15.sys><Symantec Corporation>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[NSC Infrared Device Driver / NSCIRDA][Running/Manual Start]
  <System32\DRIVERS\nscirda.sys><National Semiconductor Corporation>
[OX16C95x Serial port driver / oxser][Stopped/System Start]
  <system32\DRIVERS\oxser.sys><OEM>
[QuickCam IM(PID_08A0) / PID_08A0][Stopped/Manual Start]
  <system32\DRIVERS\LV302AV.SYS><Logitech Inc.>
[PMEM / PMEM][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\PMEMNT.SYS><Microsoft Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\PxHelp20.sys><Sonic Solutions>
[QCNDISIF / QCNDISIF][Stopped/Manual Start]
  <System32\drivers\qcndisif.SYS><IBM Corporation.>
[R2A / R2A][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32a2.sys><N/A>
[WLAN Transport / s24trans][Running/Auto Start]
  <system32\DRIVERS\s24trans.sys><Intel Corporation>
[SAVRT / SAVRT][Running/System Start]
  <\??\C:\Program Files\Symantec AntiVirus\savrt.sys><Symantec Corporation>
[SAVRTPEL / SAVRTPEL][Running/System Start]
  <\??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys><Symantec Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[Prolific2 Serial port driver / Ser2pl][Stopped/Manual Start]
  <system32\DRIVERS\ser2pl.sys><Prolific Technology Inc.>
[Smapint / Smapint][Running/System Start]
  <System32\drivers\Smapint.sys><Microsoft Corporation>
[smwdm / smwdm][Running/Manual Start]
  <system32\drivers\smwdm.sys><Analog Devices, Inc.>
[SPBBCDrv / SPBBCDrv][Stopped/Manual Start]
  <\??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys><Symantec Corporation>
[SymEvent / SymEvent][Running/Disabled]
  <\??\C:\Program Files\Symantec\SYMEVENT.SYS><Symantec Corporation>
[SYMREDRV / SYMREDRV][Stopped/Manual Start]
  <\SystemRoot\System32\Drivers\SYMREDRV.SYS><Symantec Corporation>
[SYMTDI / SYMTDI][Running/System Start]
  <\SystemRoot\System32\Drivers\SYMTDI.SYS><Symantec Corporation>
[Synaptics TouchPad Driver / SynTP][Running/Manual Start]
  <system32\DRIVERS\SynTP.sys><Synaptics, Inc.>
[TDSMAPI / TDSMAPI][Running/System Start]
  <System32\drivers\TDSMAPI.SYS><N/A>
[TPPWR / TPPWR][Running/System Start]
  <System32\drivers\Tppwr.sys><IBM Corp.>
[Virtual Serial port driver / VComm][Running/Manual Start]
  <system32\DRIVERS\VComm.sys><IVT Corporation>
[Bluetooth VComm Manager Service / VcommMgr][Running/Manual Start]
  <System32\Drivers\VcommMgr.sys><IVT Corporation>
[Bluetooth HID Device Service / VHidMinidrv][Running/Manual Start]
  <system32\drivers\VHIDMini.sys><IVT Corporation>
[VMware Virtual Ethernet Adapter Driver / VMnetAdapter][Stopped/Manual Start]
  <system32\DRIVERS\vmnetadapter.sys><VMware, Inc.>
[VMware Bridge Protocol / VMnetBridge][Running/Auto Start]
  <system32\DRIVERS\vmnetbridge.sys><VMware, Inc.>
[VMware Network Application Interface / VMnetuserif][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\vmnetuserif.sys><VMware, Inc.>
[VMware VMparport / VMparport][Running/Auto Start]
  <\??\C:\WINDOWS\system32\Drivers\VMparport.sys><VMware, Inc.>
[VMware vmx86 / vmx86][Running/Auto Start]
  <\??\C:\WINDOWS\system32\Drivers\vmx86.sys><VMware, Inc.>
[适用于 Windows XP 的英特尔(R) PRO/无线 2200 适配器驱动程序 / w22n51][Stopped/Manual Start]
  <System32\DRIVERS\w22n51.sys><Intel? Corporation>
[用于 Windows XP 的英特尔(R) PRO/无线 2200BG 网络连接驱动程序 / w29n51][Running/Manual Start]
  <system32\DRIVERS\w29n51.sys><Intel? Corporation>
[winachsf / winachsf][Running/Manual Start]
  <System32\DRIVERS\HSF_CNXT.sys><Conexant Systems, Inc.>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[xinstall / xinstall][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\xinstall.sys><N/A>

==================================
浏览器加载项
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[IeCatch5 Class]
  {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <C:\PROGRA~1\FLASHGET\jccatch.dll, FlashGet>
[Google Toolbar Helper]
  {AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft>
[&Google]
  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[MMCPlayer Class]
  {05C1004E-2596-48E5-8E26-39362985EEB9} <D:\Program Files\Sogou PXP\MMCShell.dll, Sohu.com Inc.>
[Recorder Control]
  {2423AB16-9F42-457B-A337-FE3B11964DB0} <C:\WINDOWS\DOWNLO~1\recorder.ocx, Bluesky Studio (http://www.bluesky.cn)>
[BlueskyVideo Control]
  {2EA6D939-4445-43F1-A12B-8CB3DDA8B855} <C:\WINDOWS\DOWNLO~1\v2.ocx, 蓝天工作室(http://www.bluesky.cn)>
[Share Control]
  {3072B1F1-0C4D-4E76-A7C6-FBAF129DBCC9} <C:\WINDOWS\DOWNLO~1\share.ocx, http://www.bluesky.cn>
[CEditCtrl Object]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com>
[NeoterisSetup Control]
  {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} <C:\WINDOWS\DOWNLO~1\NEOTER~1.OCX, Juniper Networks>
[]
  {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} <C:\WINDOWS\system32\macromed\download\Download.dll, Macromedia, Inc.>
[Blueskyvoice Control]
  {991481A7-4669-4E15-8C24-100404E1F5CB} <C:\WINDOWS\DOWNLO~1\BLUESK~1.OCX, 蓝天工作室(http://www.bluesky.cn)>
[Play Control]
  {CC20DDA1-9A21-4DEC-B5BE-E61E0351FCA9} <C:\WINDOWS\DOWNLO~1\play.ocx, Bluesky Studio (http://www.bluesky.cn)>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[Google Script Object]
  {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[QuickTime Object]
  {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <d:\Program Files\QuickTime\QTPlugin.ocx, Apple Computer, Inc.>
[MMCPlayer Class]
  {05C1004E-2596-48E5-8E26-39362985EEB9} <D:\Program Files\Sogou PXP\MMCShell.dll, Sohu.com Inc.>
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Web Browser Applet Control]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\msjava.dll, Microsoft Corporation>
[Edit Class]
  {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\system32\CMBEdit.dll, >
[PeerDraw Class]
  {10072CEC-8CC1-11D1-986E-00A0C955B42E} <C:\Program Files\Common Files\Microsoft Shared\VGX\vgx.dll, Microsoft Corporation>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[&Google]
  {2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[Recorder Control]
  {2423AB16-9F42-457B-A337-FE3B11964DB0} <C:\WINDOWS\DOWNLO~1\recorder.ocx, Bluesky Studio (http://www.bluesky.cn)>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[BlueskyVideo Control]
  {2EA6D939-4445-43F1-A12B-8CB3DDA8B855} <C:\WINDOWS\DOWNLO~1\v2.ocx, 蓝天工作室(http://www.bluesky.cn)>
[IeCatch5 Class]
  {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <C:\PROGRA~1\FLASHGET\jccatch.dll, FlashGet>
[Share Control]
  {3072B1F1-0C4D-4E76-A7C6-FBAF129DBCC9} <C:\WINDOWS\DOWNLO~1\share.ocx, http://www.bluesky.cn>
[CEditCtrl Object]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com>
[NeoterisSetup Control]
  {4CC35DAD-40EA-4640-ACC2-A1A3B6FB3E06} <C:\WINDOWS\DOWNLO~1\NEOTER~1.OCX, Juniper Networks>
[HHCtrl Object]
  {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\HHCTRL.OCX, Microsoft Corporation>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\System32\shdocvw.dll, N/A>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\System32\shdocvw.dll, Microsoft Corporation>
[]
  {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} <C:\WINDOWS\system32\macromed\download\Download.dll, Macromedia, Inc.>
[Blueskyvoice Control]
  {991481A7-4669-4E15-8C24-100404E1F5CB} <C:\WINDOWS\DOWNLO~1\BLUESK~1.OCX, 蓝天工作室(http://www.bluesky.cn)>
[RMGetLicense Class]
  {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[Google Toolbar Helper]
  {AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\System32\shdocvw.dll, N/A>
[]
  {B69003B3-C55E-4B48-836C-BC5946FC3B28} <C:\Program Files\Messenger\msgsc.dll, Microsoft Corporation>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\system\msadc\msadco.dll, Microsoft Corporation>
[OWSClientMiscApis Class]
  {BDEADE3F-C265-11D0-BCED-00A0C90AB50F} <C:\PROGRA~1\MICROS~2\OFFICE11\OWSCLT.DLL, Microsoft Corporation>
[OWSBrowserUI Class]
  {BDEADE43-C265-11D0-BCED-00A0C90AB50F} <C:\PROGRA~1\MICROS~2\OFFICE11\OWSCLT.DLL, Microsoft Corporation>
[SMI MapView Control]
  {CA828031-4325-11D4-BDB2-00105A776E78} <C:\WINDOWS\system32\SMIWMap.DLL, 上海市测绘院基础地理信息中心, Shanghai Municipal Instatute of Surveying & Mapping,毕俊, 021-6254955>
[Play Control]
  {CC20DDA1-9A21-4DEC-B5BE-E61E0351FCA9} <C:\WINDOWS\DOWNLO~1\play.ocx, Bluesky Studio (http://www.bluesky.cn)>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
  {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__MPEG Moniker Class]
  {CD3AFA89-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft>
[上传到QQ网络硬盘]
  <C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[使用网际快车下载]
  <C:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <C:\Program Files\FlashGet\jc_all.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
  <C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 676][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 740][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 764][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\NavLogon.dll]  [Symantec Corporation, 10.0.1.1000]
[PID: 808][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 820][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2696][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\rdshost.dll]  [N/A, ]
    [C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll]  [IBM Corp., 1, 0, 0, 0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.9.2006121800]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\PROGRA~1\FLASHGET\jccatch.dll]  [FlashGet, 1, 1, 5, 0]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
[PID: 3552][C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\ThinkPad\PkgMgr\HOTKEY_2\tphk_2k.dll]  [N/A, ]
    [C:\WINDOWS\system32\Oemdspif.dll]  [ATI Technologies, Inc., 6.14.0010]
[PID: 3676][C:\Program Files\IBM\Messages By IBM\ibmmessages.exe]  [IBM, 2.100]
    [C:\WINDOWS\system32\AIBMRUNL.dll]  [N/A, ]
    [C:\Program Files\IBM\Messages By IBM\AcpPollingEngine.dll]  [, 1, 0, 0, 4]
    [C:\WINDOWS\Downloaded Program Files\IbmEgath.dll]  [IBM Corporation, 3, 0, 0, 11]
[PID: 3724][C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe]  [N/A, ]
[PID: 3732][C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe]  [IBM Corporation, 1.06]
[PID: 3812][C:\Program Files\D-Tools\daemon.exe]  [DAEMON'S HOME, 3.47.0.0]
    [C:\WINDOWS\daemon.dll]  [, 3.47.0.0]
    [C:\Program Files\D-Tools\PFCTOC.DLL]  [Padus(R), Inc., 1, 0, 0, 12]
    [C:\Program Files\D-Tools\Plugins\Images\ccdmount.dll]  [GENERIC, 1.02.0.0]
    [C:\Program Files\D-Tools\Plugins\Images\mdsmount.dll]  [GENERIC, 1.01.0.0]
    [C:\Program Files\D-Tools\Plugins\Images\pdimount.dll]  [GENERIC, 1.01.0.0]
    [C:\Program Files\D-Tools\Plugins\Images\nrgmount.dll]  [GENERIC, 1.02.0.0]
    [C:\Program Files\D-Tools\Plugins\Images\bw5mount.dll]  [, 1.0.2.0]
[PID: 3836][C:\WINDOWS\system32\RunDll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll]  [IBM Corp., 1, 0, 0, 0]
    [C:\PROGRA~1\ThinkPad\UTILIT~1\tppwrw32.dll]  [IBM Corp., 1, 0, 0, 0]
[PID: 3844][C:\Program Files\Common Files\Symantec Shared\ccApp.exe]  [Symantec Corporation, 103.5.4.3]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Common Files\Symantec Shared\ccL35.dll]  [Symantec Corporation, 103.5.4.3]
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 103.5.4.3]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\CCALERT.DLL]  [Symantec Corporation, 103.5.4.3]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLPXY.DLL]  [Symantec Corporation, 103.5.4.3]
    [C:\WINDOWS\system32\SYMREDIR.DLL]  [Symantec Corporation, 5.5.2.1]
    [C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll]  [Symantec Corporation, 103.5.4.3]
    [C:\Program Files\Common Files\Symantec Shared\ccProSub.dll]  [Symantec Corporation, 103.5.4.3]
    [C:\Program Files\Symantec AntiVirus\SavEmail.dll]  [Symantec Corporation, 10.0.1.1000]
[PID: 3876][C:\Program Files\Symantec AntiVirus\VPTray.exe]  [Symantec Corporation, 10.0.1.1000]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Symantec AntiVirus\SAVRT32.DLL]  [Symantec Corporation, 9.5.0.44]
    [C:\Program Files\Symantec AntiVirus\Cliproxy.dll]  [Symantec Corporation, 10.0.1.1000]
    [C:\Program Files\Symantec AntiVirus\NAVNTUTL.DLL]  [Symantec Corporation, 10.0.1.1000]
    [c:\progra~1\common~1\symant~1\ssc\ScsComms.dll]  [Symantec Corporation, 10.0.1.1000]
    [C:\WINDOWS\system32\nts.dll]  [LANDesk Software Ltd., 6.12.0.137 E]
    [C:\WINDOWS\system32\cba.dll]  [LANDesk Software Ltd., 6.12.0.137 E]
    [C:\WINDOWS\system32\MsgSys.dll]  [LANDesk Software Ltd., 6.12.0.137 E]
    [C:\WINDOWS\system32\PDS.DLL]  [LANDesk Software Ltd., 6.12.0.137 E]
[PID: 3996][C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe]  [IBM Corp., 3, 3, 0, 0]
    [C:\PROGRA~1\ThinkPad\CONNEC~1\QCON.dll]  [IBM Corp., 3, 3, 0, 0]
    [C:\PROGRA~1\ThinkPad\CONNEC~1\MerlinC201.dll]  [Novatel Wireless Inc., 1, 0, 0, 1]
    [C:\PROGRA~1\ThinkPad\CONNEC~1\Res\CH\TrayRes.dll]  [N/A, ]
    [C:\PROGRA~1\ThinkPad\CONNEC~1\ANCA.dll]  [IBM Corp., 8.3]
    [C:\PROGRA~1\ThinkPad\CONNEC~1\ANC.dll]  [IBM Corp., 8.3]
[PID: 4076][D:\Program Files\QuickTime\qttask.exe]  [Apple Computer, Inc., 6.5.1]
[PID: 352][C:\WINDOWS\system32\LVCOMSX.EXE]  [Logitech Inc., 8.4.7.1036]
    [C:\WINDOWS\system32\lvmaenum.dll]  [Logitech Inc., 8.4.7.1036]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\lvcomcx.dll]  [Logitech Inc., 8.4.7.1036]
[PID: 1348][D:\Program Files\Logitech\Video\LogiTray.exe]  [Logitech Inc., 8.4.7.1034]
    [D:\Program Files\Logitech\Video\QCUI2.dll]  [Logitech Inc., 8.4.7.1034]
    [D:\Program Files\Logitech\Video\LTWVC12n.dll]  [LEAD Technologies, Inc., 12.1.0.058]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [D:\Program Files\Logitech\Video\LTFIL12n.DLL]  [LEAD Technologies, Inc., 12.1.0.058]
    [D:\Program Files\Logitech\Video\LTKRN12n.dll]  [LEAD Technologies, Inc., 12.1.0.058]
    [C:\WINDOWS\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [D:\Program Files\Logitech\Video\LQCUI2.dll]  [Logitech Inc., 8.4.7.1034]
    [D:\Program Files\Logitech\Video\LLogTray.dll]  [Logitech Inc., 8.4.7.1034]
    [D:\Program Files\Logitech\Video\LTDIS12N.DLL]  [LEAD Technologies, Inc., 12.1.0.058]
    [D:\Program Files\Logitech\Video\LTIMG12N.DLL]  [LEAD Technologies, Inc., 12.1.0.058]
    [D:\Program Files\Logitech\Video\LTEFX12N.DLL]  [LEAD Technologies, Inc., 12.1.0.058]
    [D:\Program Files\Logitech\Video\LFFAX12N.DLL]  [LEAD Technologies, Inc., 12.1.0.020]
    [D:\Program Files\Logitech\Video\LFCMP12N.DLL]  [LEAD Technologies, Inc., 12.1.0.058]
    [D:\Program Files\Logitech\Video\LFTIF12N.DLL]  [LEAD Technologies, Inc., 12.1.0.058]
    [D:\Program Files\Logitech\Video\LFBMP12N.DLL]  [LEAD Technologies, Inc., 12.1.0.058]
    [C:\WINDOWS\system32\lvmaenum.dll]  [Logitech Inc., 8.4.7.1036]
    [C:\WINDOWS\system32\lvcomcx.dll]  [Logitech Inc., 8.4.7.1036]
    [D:\Program Files\Logitech\Video\FXSvrps.dll]  [Logitech Inc., 8.4.7.1034]
[PID: 1836][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 552][C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe]  [N/A, ]
    [C:\Program Files\ThinkPad\Utilities\TpKmapHk.dll]  [N/A, ]
[PID: 2952][D:\Install\内存释放\ramsaver\ramsaver\ramsaverpro.exe]  [N/A, ]
[PID: 3372][C:\Program Files\Outlook Express\msimn.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1800][C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe]  [Google Inc., 1, 2, 1128, 5462]
    [C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\res_zh-CN.dll]  [Google Inc., 1, 2, 1128, 5462]
    [C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\swg.dll]  [Google Inc., 1, 2, 1128, 5462]
[PID: 1228][D:\Program Files\Logitech\Video\FxSvr2.exe]  [Logitech Inc., 8.4.7.1034]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\lvmaenum.dll]  [Logitech Inc., 8.4.7.1036]
    [C:\WINDOWS\system32\lvcomcx.dll]  [Logitech Inc., 8.4.7.1036]
    [D:\Program Files\Logitech\Video\FXSvrps.dll]  [Logitech Inc., 8.4.7.1034]
[PID: 800][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\program files\google\googletoolbar2.dll]  [Google Inc., 4, 0, 1601, 4978]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.9.2006121800]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\PROGRA~1\FLASHGET\jccatch.dll]  [FlashGet, 1, 1, 5, 0]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\Program Files\Sony Ericsson\Mobile\File Manager\fmgrguil.dll]  [Sony Ericsson Mobile Communications AB, 1, 1, 1, 1]
    [C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL]  [Microsoft Corporation, 11.0.5510]
    [C:\WINDOWS\system32\xpsp3res.dll]  [Microsoft Corporation, 5.1.2600.3059 (xpsp_sp2_gdr.070104-0050)]
[PID: 2364][D:\Program Files\UltraEdit\UEDIT32.EXE]  [IDM Computer Solutions, Inc., 9.00.c]
    [D:\Program Files\UltraEdit\SSCE4332.dll]  [Wintertree Software Inc., 4.22.061]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LGULJ01A.DLL]  [Brother Industries Ltd., 1.44]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LGLLJ01A.DLL]  [Brother Industries Ltd., 1.44]
[PID: 1516][C:\Program Files\FlashGet\flashget.exe]  [FlashGet.com, 1, 7, 2, 0]
[PID: 3820][C:\Downloads\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]

==================================
正在运行的进程
[PID: 676][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 740][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 764][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\NavLogon.dll]  [Symantec Corporation, 10.0.1.1000]
[PID: 808][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 820][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2696][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\rdshost.dll]  [N/A, ]
    [C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll]  [IBM Corp., 1, 0, 0, 0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.9.2006121800]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\PROGRA~1\FLASHGET\jccatch.dll]  [FlashGet, 1, 1, 5, 0]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
[PID: 3552][C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\ThinkPad\PkgMgr\HOTKEY_2\tphk_2k.dll]  [N/A, ]
    [C:\WINDOWS\system32\Oemdspif.dll]  [ATI Technologies, Inc., 6.14.0010]
[PID: 3676][C:\Program Files\IBM\Messages By IBM\ibmmessages.exe]  [IBM, 2.100]
    [C:\WINDOWS\system32\AIBMRUNL.dll]  [N/A, ]
    [C:\Program Files\IBM\Messages By IBM\AcpPollingEngine.dll]  [, 1, 0, 0, 4]
    [C:\WINDOWS\Downloaded Program Files\IbmEgath.dll]  [IBM Corporation, 3, 0, 0, 11]
[PID: 3724][C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe]  [N/A, ]
[PID: 3732][C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe]  [IBM Corporation, 1.06]
[PID: 3812][C:\Program Files\D-Tools\daemon.exe]  [DAEMON'S HOME, 3.47.0.0]
    [C:\WINDOWS\daemon.dll]  [, 3.47.0.0]
    [C:\Program Files\D-Tools\PFCTOC.DLL]  [Padus(R), Inc., 1, 0, 0, 12]
    [C:\Program Files\D-Tools\Plugins\Images\ccdmount.dll]  [GENERIC, 1.02.0.0]
    [C:\Program Files\D-Tools\Plugins\Images\mdsmount.dll]  [GENERIC, 1.01.0.0]
    [C:\Program Files\D-Tools\Plugins\Images\pdimount.dll]  [GENERIC, 1.01.0.0]
    [C:\Program Files\D-Tools\Plugins\Images\nrgmount.dll]  [GENERIC, 1.02.0.0]
    [C:\Program Files\D-Tools\Plugins\Images\bw5mount.dll]  [, 1.0.2.0]
[PID: 3836][C:\WINDOWS\system32\RunDll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll]  [IBM Corp., 1, 0, 0, 0]
    [C:\PROGRA~1\ThinkPad\UTILIT~1\tppwrw32.dll]  [IBM Corp., 1, 0, 0, 0]
[PID: 3844][C:\Program Files\Common Files\Symantec Shared\ccApp.exe]  [Symantec Corporation, 103.5.4.3]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Common Files\Symantec Shared\ccL35.dll]  [Symantec Corporation, 103.5.4.3]
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 103.5.4.3]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\CCALERT.DLL]  [Symantec Corporation, 103.5.4.3]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLPXY.DLL]  [Symantec Corporation, 103.5.4.3]
    [C:\WINDOWS\system32\SYMREDIR.DLL]  [Symantec Corporation, 5.5.2.1]
    [C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll]  [Symantec Corporation, 103.5.4.3]
    [C:\Program Files\Common Files\Symantec Shared\ccProSub.dll]  [Symantec Corporation, 103.5.4.3]
    [C:\Program Files\Symantec AntiVirus\SavEmail.dll]  [Symantec Corporation, 10.0.1.1000]
[PID: 3876][C:\Program Files\Symantec AntiVirus\VPTray.exe]  [Symantec Corporation, 10.0.1.1000]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Symantec AntiVirus\SAVRT32.DLL]  [Symantec Corporation, 9.5.0.44]
    [C:\Program Files\Symantec AntiVirus\Cliproxy.dll]  [Symantec Corporation, 10.0.1.1000]
    [C:\Program Files\Symantec AntiVirus\NAVNTUTL.DLL]  [Symantec Corporation, 10.0.1.1000]
    [c:\progra~1\common~1\symant~1\ssc\ScsComms.dll]  [Symantec Corporation, 10.0.1.1000]
    [C:\WINDOWS\system32\nts.dll]  [LANDesk Software Ltd., 6.12.0.137 E]
    [C:\WINDOWS\system32\cba.dll]  [LANDesk Software Ltd., 6.12.0.137 E]
    [C:\WINDOWS\system32\MsgSys.dll]  [LANDesk Software Ltd., 6.12.0.137 E]
    [C:\WINDOWS\system32\PDS.DLL]  [LANDesk Software Ltd., 6.12.0.137 E]
[PID: 3996][C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe]  [IBM Corp., 3, 3, 0, 0]
    [C:\PROGRA~1\ThinkPad\CONNEC~1\QCON.dll]  [IBM Corp., 3, 3, 0, 0]
    [C:\PROGRA~1\ThinkPad\CONNEC~1\MerlinC201.dll]  [Novatel Wireless Inc., 1, 0, 0, 1]
    [C:\PROGRA~1\ThinkPad\CONNEC~1\Res\CH\TrayRes.dll]  [N/A, ]
    [C:\PROGRA~1\ThinkPad\CONNEC~1\ANCA.dll]  [IBM Corp., 8.3]
    [C:\PROGRA~1\ThinkPad\CONNEC~1\ANC.dll]  [IBM Corp., 8.3]
[PID: 4076][D:\Program Files\QuickTime\qttask.exe]  [Apple Computer, Inc., 6.5.1]
[PID: 352][C:\WINDOWS\system32\LVCOMSX.EXE]  [Logitech Inc., 8.4.7.1036]
    [C:\WINDOWS\system32\lvmaenum.dll]  [Logitech Inc., 8.4.7.1036]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\lvcomcx.dll]  [Logitech Inc., 8.4.7.1036]
[PID: 1348][D:\Program Files\Logitech\Video\LogiTray.exe]  [Logitech Inc., 8.4.7.1034]
    [D:\Program Files\Logitech\Video\QCUI2.dll]  [Logitech Inc., 8.4.7.1034]
    [D:\Program Files\Logitech\Video\LTWVC12n.dll]  [LEAD Technologies, Inc., 12.1.0.058]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [D:\Program Files\Logitech\Video\LTFIL12n.DLL]  [LEAD Technologies, Inc., 12.1.0.058]
    [D:\Program Files\Logitech\Video\LTKRN12n.dll]  [LEAD Technologies, Inc., 12.1.0.058]
    [C:\WINDOWS\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [D:\Program Files\Logitech\Video\LQCUI2.dll]  [Logitech Inc., 8.4.7.1034]
    [D:\Program Files\Logitech\Video\LLogTray.dll]  [Logitech Inc., 8.4.7.1034]
    [D:\Program Files\Logitech\Video\LTDIS12N.DLL]  [LEAD Technologies, Inc., 12.1.0.058]
    [D:\Program Files\Logitech\Video\LTIMG12N.DLL]  [LEAD Technologies, Inc., 12.1.0.058]
    [D:\Program Files\Logitech\Video\LTEFX12N.DLL]  [LEAD Technologies, Inc., 12.1.0.058]
    [D:\Program Files\Logitech\Video\LFFAX12N.DLL]  [LEAD Technologies, Inc., 12.1.0.020]
    [D:\Program Files\Logitech\Video\LFCMP12N.DLL]  [LEAD Technologies, Inc., 12.1.0.058]
    [D:\Program Files\Logitech\Video\LFTIF12N.DLL]  [LEAD Technologies, Inc., 12.1.0.058]
    [D:\Program Files\Logitech\Video\LFBMP12N.DLL]  [LEAD Technologies, Inc., 12.1.0.058]
    [C:\WINDOWS\system32\lvmaenum.dll]  [Logitech Inc., 8.4.7.1036]
    [C:\WINDOWS\system32\lvcomcx.dll]  [Logitech Inc., 8.4.7.1036]
    [D:\Program Files\Logitech\Video\FXSvrps.dll]  [Logitech Inc., 8.4.7.1034]
[PID: 1836][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 552][C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe]  [N/A, ]
    [C:\Program Files\ThinkPad\Utilities\TpKmapHk.dll]  [N/A, ]
[PID: 2952][D:\Install\内存释放\ramsaver\ramsaver\ramsaverpro.exe]  [N/A, ]
[PID: 3372][C:\Program Files\Outlook Express\msimn.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1800][C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe]  [Google Inc., 1, 2, 1128, 5462]
    [C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\res_zh-CN.dll]  [Google Inc., 1, 2, 1128, 5462]
    [C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\swg.dll]  [Google Inc., 1, 2, 1128, 5462]
[PID: 1228][D:\Program Files\Logitech\Video\FxSvr2.exe]  [Logitech Inc., 8.4.7.1034]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\lvmaenum.dll]  [Logitech Inc., 8.4.7.1036]
    [C:\WINDOWS\system32\lvcomcx.dll]  [Logitech Inc., 8.4.7.1036]
    [D:\Program Files\Logitech\Video\FXSvrps.dll]  [Logitech Inc., 8.4.7.1034]
[PID: 800][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\program files\google\googletoolbar2.dll]  [Google Inc., 4, 0, 1601, 4978]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.9.2006121800]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\PROGRA~1\FLASHGET\jccatch.dll]  [FlashGet, 1, 1, 5, 0]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\Program Files\Sony Ericsson\Mobile\File Manager\fmgrguil.dll]  [Sony Ericsson Mobile Communications AB, 1, 1, 1, 1]
    [C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL]  [Microsoft Corporation, 11.0.5510]
    [C:\WINDOWS\system32\xpsp3res.dll]  [Microsoft Corporation, 5.1.2600.3059 (xpsp_sp2_gdr.070104-0050)]
[PID: 2364][D:\Program Files\UltraEdit\UEDIT32.EXE]  [IDM Computer Solutions, Inc., 9.00.c]
    [D:\Program Files\UltraEdit\SSCE4332.dll]  [Wintertree Software Inc., 4.22.061]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LGULJ01A.DLL]  [Brother Industries Ltd., 1.44]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LGLLJ01A.DLL]  [Brother Industries Ltd., 1.44]
[PID: 1516][C:\Program Files\FlashGet\flashget.exe]  [FlashGet.com, 1, 7, 2, 0]
[PID: 3820][C:\Downloads\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost
10.10.10.6      dell2850
10.10.10.3      hp1k01

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

顶上去

【回复“北极黑熊”的帖子】
建议用IceSword按下列顺序操作。
1、禁止进程创建。
2、结束下列进程：

[PID: 2696][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\rdshost.dll] [N/A, ]

3、删除下列启动项、服务项、驱动项：
启动：
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{4BAB150F-DD97-476D-9C1E-41B6CDC0CA7A}><> [N/A]
<{E568441B-9EF3-49F8-9A67-4141AC41ADD4}><> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<rdshost><rdshost.dll> []
服务：
[Remote Log / Remote Log][Stopped/Auto Start]
<system32\ServeHost.exe><N/A>
驱动：
[1574333 / 1574333][Running/Boot Start]
<\SystemRoot\System32\drivers\1574333.sys><N/A>
[R2A / R2A][Stopped/Manual Start]
<\??\C:\WINDOWS\system32a2.sys><N/A>
[xinstall / xinstall][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\xinstall.sys><N/A>

4、删除上述启动项、服务项、驱动项指向的文件。

5、取消IceSword的“禁止进程创建”。