从360安全卫士扫描出的日志



各位高手：
非常感谢您留心我这份系统诊断报告，小菜鸟十万火急等待您的帮助！
该诊断报告由360安全卫士提供 http://www.360safe.com
诊断时间: 2007-04-07  09:51:03
诊断平台: Microsoft Windows XP  Service Pack 2
IE版本: Internet Explorer V6.0.2900.2180 Build:62900.2180
计算机物理内存:767MB - 当前可用内存:539MB

100 - 未知 - Process: CMDLL32.EXE [] - C:\WINDOWS\system32\CMDLL32.EXE
100 - 未知 - Process: mshtmlsed.exe [] - C:\WINDOWS\system32\mshtmlsed.exe
100 - 未知 - Process: rundll32.exe [动态链接库] - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ADPT1F.DLL,Run
100 - 未知 - Process: eagle1.exe [Vimicro] - C:\WINDOWS\eagle1.exe
100 - 未知 - Process: PPHIDPAD.EXE [] - E:\工具\手写板\Win32\pphidpad.exe
100 - 未知 - Process: runiep.exe [Rising AntiSpyware Monitor] - E:\工具\瑞星卡卡上网助手\runiep.exe
100 - 未知 - Process: RUNDLL2000.EXE [Run a DLL as an App] - C:\WINDOWS\SYSTEM32\RUNDLL2000.EXE C:\WINDOWS\SYSTEM32\WBEM\IDRSO.DLL,Export 1087
100 - 未知 - Process: thfklfe.exe [] - C:\Program Files\Realtek AC97\thfklfe.exe
100 - 未知 - Process: ydgceeg.exe [] - C:\Program Files\WinRAR\ydgceeg.exe
100 - 未知 - Process: QQ.exe [QQ] - D:\Program Files\QQ\QQ.exe
100 - 未知 - Process: TIMPlatform.exe [TIMPlatform] - D:\Program Files\QQ\TIMPlatform.exe
100 - 未知 - Process: MSRundll.exe [Run a DLL as an App] - C:\WINDOWS\system32\MSRundll.exe C:\WINDOWS\system32\player.dll,Always
100 - 未知 - Process: MSRundll.exe [Run a DLL as an App] - C:\WINDOWS\system32\MSRundll.exe C:\WINDOWS\system32\player.dll,Always
100 - 未知 - Process: QQPet.exe [QQ宠物] - D:\Program Files\QQ\qqpet\qqpet.exe
100 - 未知 - Process: REGSVR32.EXE [] -
R0 - 未知 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.7255.com/
O2 - 未知 - BHO: (Thunder Browser Helper) - [XunLeiBHO] - {385AB8C5-FB22-4D17-8834-064E2BA0A6F0} - E:\工具\迅雷\ComDlls\XunLeiBHO_007.dll
O2 - 未知 - BHO: (HelpIE Class) - [无效的CLSID:{589A6FED-A214-4FE3-8D1E-CD07BC634D89}] - {589A6FED-A214-4FE3-8D1E-CD07BC634D89} - C:\WINDOWS\system32\HelpIE.dll
O4 - 未知 - HKLM\..\Run: [thfklfe] [] C:\Program Files\Realtek AC97\thfklfe.exe
O4 - 未知 - HKLM\..\Run: [sys51] [] C:\Documents and Settings\nan\Local Settings\History\E28463.exe
O4 - 未知 - HKLM\..\Run: [sys52] [] C:\Documents and Settings\nan\My Documents\My Pictures\E24405.exe
O4 - 未知 - HKLM\..\Run: [sys11] [] C:\Documents and Settings\nan\Application Data\a1738.exe
O4 - 未知 - HKLM\..\Run: [sys12] [] C:\WINDOWS\system32\a10050.exe
O4 - 未知 - HKLM\..\Run: [sys71] [] C:\WINDOWS\system32\G17192.exe
O4 - 未知 - HKLM\..\Run: [sys72] [] C:\Documents and Settings\NetworkService\My Documents\My Pictures\G6996.exe
O4 - 未知 - HKLM\..\Run: [sys101] [] C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\J16669.exe
O4 - 未知 - HKLM\..\Run: [sys102] [] C:\Documents and Settings\NetworkService\Application Data\J13650.exe
O4 - 未知 - HKLM\..\Run: [sys81] [] C:\Documents and Settings\nan\「开始」菜单\程序\管理工具\H27940.exe
O4 - 未知 - HKLM\..\Run: [sys82] [] C:\Documents and Settings\All Users\「开始」菜单\程序\管理工具\H31059.exe
O4 - 未知 - HKLM\..\Run: [sys31] [] C:\Documents and Settings\nan\Local Settings\Application Data\c23235.exe
O4 - 未知 - HKLM\..\Run: [sys91] [] C:\Documents and Settings\All Users\Documents\I5921.exe
O4 - 未知 - HKLM\..\Run: [sys92] [] C:\Documents and Settings\nan\My Documents\My Pictures\I22355.exe
O4 - 未知 - HKCU\..\Run: [sys51] [] C:\Documents and Settings\nan\Local Settings\History\E28463.exe
O4 - 未知 - HKCU\..\Run: [sys52] [] C:\Documents and Settings\nan\My Documents\My Pictures\E24405.exe
O4 - 未知 - HKCU\..\Run: [sys11] [] C:\Documents and Settings\nan\Application Data\a1738.exe
O4 - 未知 - HKCU\..\Run: [sys12] [] C:\WINDOWS\system32\a10050.exe
O4 - 未知 - HKCU\..\Run: [sys71] [] C:\WINDOWS\system32\G17192.exe
O4 - 未知 - HKCU\..\Run: [sys72] [] C:\Documents and Settings\nan\My Documents\My Pictures\G6996.exe
O4 - 未知 - HKCU\..\Run: [sys101] [] C:\Documents and Settings\nan\Local Settings\Temporary Internet Files\J16669.exe
O4 - 未知 - HKCU\..\Run: [sys102] [] C:\Documents and Settings\nan\Application Data\J13650.exe
O4 - 未知 - HKCU\..\Run: [sys81] [] C:\Documents and Settings\nan\「开始」菜单\程序\管理工具\H27940.exe
O4 - 未知 - HKCU\..\Run: [sys82] [] C:\Documents and Settings\All Users\「开始」菜单\程序\管理工具\H31059.exe
O4 - 未知 - HKCU\..\Run: [sys31] [] C:\Documents and Settings\nan\Local Settings\Application Data\c23235.exe
O4 - 未知 - HKCU\..\Run: [sys91] [] C:\Documents and Settings\All Users\Documents\I5921.exe
O4 - 未知 - HKCU\..\Run: [sys92] [] C:\Documents and Settings\nan\My Documents\My Pictures\I22355.exe
O4 - 未知 - Startup folder: [WanSo.lnk] [] C:\Documents and Settings\All Users\「开始」菜单\程序\启动\WanSo.lnk
O4 - 未知 - Startup folder: [ydgcee.lnk] [] C:\Documents and Settings\All Users\「开始」菜单\程序\启动\ydgcee.lnk
O4 - 未知 - Startup folder: [sys51.lnk] [] C:\Documents and Settings\All Users\「开始」菜单\程序\启动\sys51.lnk
O4 - 未知 - Startup folder: [sys52.lnk] [] C:\Documents and Settings\All Users\「开始」菜单\程序\启动\sys52.lnk
O4 - 未知 - Startup folder: [sys11.lnk] [] C:\Documents and Settings\All Users\「开始」菜单\程序\启动\sys11.lnk
O4 - 未知 - Startup folder: [sys12.lnk] [] C:\Documents and Settings\All Users\「开始」菜单\程序\启动\sys12.lnk
O4 - 未知 - Startup folder: [sys71.lnk] [] C:\Documents and Settings\All Users\「开始」菜单\程序\启动\sys71.lnk
O4 - 未知 - Startup folder: [sys72.lnk] [] C:\Documents and Settings\All Users\「开始」菜单\程序\启动\sys72.lnk
O4 - 未知 - Startup folder: [sys101.lnk] [] C:\Documents and Settings\All Users\「开始」菜单\程序\启动\sys101.lnk
O4 - 未知 - Startup folder: [sys102.lnk] [] C:\Documents and Settings\All Users\「开始」菜单\程序\启动\sys102.lnk
O4 - 未知 - Startup folder: [sys81.lnk] [] C:\Documents and Settings\All Users\「开始」菜单\程序\启动\sys81.lnk
O4 - 未知 - Startup folder: [sys82.lnk] [] C:\Documents and Settings\All Users\「开始」菜单\程序\启动\sys82.lnk
O4 - 未知 - Startup folder: [sys31.lnk] [] C:\Documents and Settings\All Users\「开始」菜单\程序\启动\sys31.lnk
O4 - 未知 - Startup folder: [sys32.lnk] [] C:\Documents and Settings\All Users\「开始」菜单\程序\启动\sys32.lnk
O4 - 未知 - Startup folder: [sys91.lnk] [] C:\Documents and Settings\All Users\「开始」菜单\程序\启动\sys91.lnk
O4 - 未知 - Startup folder: [sys92.lnk] [] C:\Documents and Settings\All Users\「开始」菜单\程序\启动\sys92.lnk
O4 - 未知 - Startup folder: [ruango.lnk] [] C:\Documents and Settings\All Users\「开始」菜单\程序\启动\ruango.lnk
O8 - 未知 - Extra context menu item: &使用超级旋风下载 - D:\Program Files\QQ旋风\geturl.htm
O8 - 未知 - Extra context menu item: &使用超级旋风下载全部链接 - D:\Program Files\QQ旋风\getAllurl.htm
O8 - 未知 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\QQ\AddToNetDisk.htm
O8 - 未知 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\QQ\AddPanel.htm
O8 - 未知 - Extra context menu item: 添加到QQ表情 - D:\Program Files\QQ\AddEmotion.htm
O8 - 未知 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\QQ\SendMMS.htm
O23 - 未知 - Service: CMD_DLL32 [COMMAND DLL32] - C:\WINDOWS\system32\CMDLL32.EXE - (running)
O23 - 未知 - Service: CryptographicServer [ Cryptographic Server] - C:\WINDOWS\system32\mshtmlsed.exe - (running)
O23 - 未知 - Service: Mercha2 [系统事件记录器，如登录 Windows，网络以及电源事件等。] - C:\WINDOWS\SYSTEM32\RUNDLL2000.EXE C:\WINDOWS\SYSTEM32\WBEM\IDRSO.DLL,Export 1087 - (running)
O23 - 未知 - Service: Tech [管理 基于COM+ 组件的错误跟踪。无法终止此服务。] - C:\WINDOWS\system32\ljyli.dll - (running)
O28 - 未知 - IELINK: C:\DOCUME~1\nan\「开始~1\程序\一键还~1\INTERN~1.LNK - www.37021.net

=======================================

接上


100 - 安全 - Process: smss.exe [进程为会话管理子系统用以初始化系统变量，ms-dos驱动名称类似lpt1以及com，调用win32壳子系统和运行在windows登陆过程。] - C:\WINDOWS\System32\smss.exe
100 - 安全 - Process: csrss.exe [客户端服务子系统，用以控制windows图形相关子系统。] - C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=base
100 - 安全 - Process: winlogon.exe [windows nt用户登陆程序。] - C:\WINDOWS\system32\winlogon.exe
100 - 安全 - Process: services.exe [用于管理windows服务系统进程。] - C:\WINDOWS\system32\services.exe
100 - 安全 - Process: lsass.exe [本地安全权限服务控制windows安全机制。] - C:\WINDOWS\system32\lsass.exe
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost -k DcomLaunch
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost -k rpcss
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\System32\svchost.exe -k netsvcs
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost.exe -k NetworkService
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost.exe -k LocalService
100 - 安全 - Process: spoolsv.exe [windows打印任务控制程序，用以打印机就绪。] - C:\WINDOWS\system32\spoolsv.exe
100 - 安全 - Process: explorer.exe [windows program manager或者windows explorer用于控制windows图形shell，包括开始菜单、任务栏，桌面和文件管理。] - C:\WINDOWS\Explorer.EXE
100 - 安全 - Process: soundman.exe [一个软声卡控制台软件。] - C:\WINDOWS\SOUNDMAN.EXE
100 - 安全 - Process: rundll32.exe [windows rundll32为了需要调用dlls的程序。] - C:\WINDOWS\system32\RUNDLL32.EXE
100 - 安全 - Process: 360tray.exe [360安全卫士实时保护模块] - F:\大话战国\360safe\safemon\360Tray.exe
100 - 安全 - Process: nvsvc32.exe [nvidia driver helper service在nvida显卡驱动中被安装。] - C:\WINDOWS\system32\nvsvc32.exe
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost.exe -k imgsvc
100 - 安全 - Process: wdfmgr.exe [windows media player播放器相关程序。] - C:\WINDOWS\system32\wdfmgr.exe
100 - 安全 - Process: alg.exe [这是一个应用层网关服务用于网络共享。] - C:\WINDOWS\System32\alg.exe
100 - 安全 - Process: 360Safe.exe [360安全卫士] - F:\大话战国\360safe\360safe.exe
R1 - 安全 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\system32\blank.htm
R1 - 安全 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\system32\blank.htm
O4 - 安全 - HKLM\..\Run: [IMJPMIG8.1] [微软Microsoft输入法编辑器程序。] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 安全 - HKLM\..\Run: [PHIME2002ASync] [输入法软件相关程序。] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 安全 - HKLM\..\Run: [PHIME2002A] [输入法软件相关程序。] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 安全 - HKLM\..\Run: [NVMixerTray] [nvidia 公司出品的nvidia corporation软件。] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - 安全 - HKLM\..\Run: [SoundMan] [Realtek声卡相关程序。] SOUNDMAN.EXE
O4 - 安全 - HKLM\..\Run: [NvCplDaemon] [是NVIDIA显示卡相关动态链接库文件。] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - 安全 - HKLM\..\Run: [nwiz] [是NVidia的Nview特性相关程序。该程序用于用户对其特性进行配置，将桌面扩展到多台显示器上。 ] nwiz.exe /install
O4 - 安全 - HKLM\..\Run: [NvMediaCenter] [是NVidia显示卡相关文件。] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - 安全 - HKLM\..\Run: [BigDogPath] [网眼摄像头驱动] C:\WINDOWS\eagle1.exe Vimicro USB PC Camera (ZC0301PL)
O4 - 安全 - HKLM\..\Run: [PPHIDPAD] [小蒙恬手写板驱动。] E:\工具\手写板\Win32\pphidpad.exe
O4 - 安全 - HKLM\..\Run: [runeip] [卡卡上网安全助手相关程序。] E:\工具\瑞星卡卡上网助手\runiep.exe
O4 - 安全 - HKLM\..\Run: [360Safetray] [360safe实时保护功能模块。] F:\大话战国\360safe\safemon\360Tray.exe /start
O4 - 安全 - Startup folder: [腾讯QQ.lnk] [qq：即时通讯软件] C:\Documents and Settings\nan\「开始」菜单\程序\启动\腾讯QQ.lnk
O8 - 安全 - Extra context menu item: &使用迅雷下载 - E:\工具\迅雷\Program\geturl.htm
O8 - 安全 - Extra context menu item: &使用迅雷下载全部链接 - E:\工具\迅雷\Program\getallurl.htm
O16 - 安全 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Flash播放器) - http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
O23 - 安全 - Service: NVSvc [是NVIDIA显示卡相关程序。] - C:\WINDOWS\system32\nvsvc32.exe - (running)

=======================================

O40 - svchost.exe - Microsoft Corporation - c:\windows\system32\ljyli.dll - szdj - d64a415c5175855fda84be19e4d2cd37
O40 - Explorer.EXE -  - C:\WINDOWS\system32\vchln.dll -  -
O40 - Explorer.EXE - Beijing Rising Technology Co., Ltd. - E:\工具\瑞星卡卡上网助手\ieprot.dll - IE Protector - 369c1d78953b00cf8306e7028654092d
O40 - Explorer.EXE -  - C:\WINDOWS\system32\eoedjm38.dll -  - 009eb19055782a128fc0aee9958212d5
O40 - Explorer.EXE -  - C:\WINDOWS\system32\xqvfqs59.dll -  - 009eb19055782a128fc0aee9958212d5
O40 - Explorer.EXE - NVIDIA Corporation - C:\WINDOWS\system32\nvshell.dll - NVIDIA Desktop Explorer, Version 56.72  - 2ff7bde31efdb9ddc9cf63b9af6513aa
O40 - Explorer.EXE - NVIDIA Corporation - C:\WINDOWS\system32\NVWRSZHC.DLL - NVIDIA nView Desktop and Window Manager - 22a65e6f5c4507a5ba0bd98d1cf59505
O40 - rundll32.exe - mcsoft - C:\WINDOWS\system32\ADPT1F.DLL - 动态链接库 - 06e18e4ef7801adaa2b727286ba7eb50
O40 - rundll32.exe - Beijing Rising Technology Co., Ltd. - E:\工具\瑞星卡卡上网助手\ieprot.dll - IE Protector - 369c1d78953b00cf8306e7028654092d
O40 - RUNDLL32.EXE - Beijing Rising Technology Co., Ltd. - E:\工具\瑞星卡卡上网助手\ieprot.dll - IE Protector - 369c1d78953b00cf8306e7028654092d

=======================================

O41 - dnxyx - dnxyx - C:\WINDOWS\system32\drivers\dnxyx.sys - (running) -  -  -
O41 - eoedjm38 - Kernel - C:\WINDOWS\system32\drivers\eoedjm38.sys - (running) - Kernel - Microsoft Corporation - b32fb64076c6ace6b35b0874f523f4cc
O41 - ip100xp - ip100xp - C:\WINDOWS\system32\drivers\ipfnd51.sys - (running) -  - IC Plus Corp.                                                                                                                                                                                                                                                  - bb62c1d687488c8e24d827f1c5c3f435
O41 - npkcrypt - nProtect KeyCrypt Driver - D:\Program Files\QQ\npkcrypt.sys - (running) - nProtect KeyCrypt Driver - INCA Internet Co., Ltd. - 8bcb281a2540e7aff0cd00f9878fe21f
O41 - ppmoucls - Mouse Class Driver - C:\WINDOWS\system32\drivers\PPMOUCLS.SYS - (running) - Mouse Class Driver - Windows (R) 2000 DDK provider - 926cbc5dcadcd3470e7876e22f026cf2
O41 - pptchpad - pptchpad - C:\WINDOWS\system32\drivers\PPTCHPD5.SYS - (running) -  -  - 23c89e1ceb0e3b1a7599d161ebcfc692
O41 - RsAntiSpyware - RsBoot - C:\WINDOWS\system32\drivers\RsBoot.sys - (running) - RsBoot - Beijing Rising - 7004bb49aa62317da73a3eba1862eb7f
O41 - usb8028 - NT file system - C:\WINDOWS\system32\drivers\usb8028.sys - (running) - NT file system - Microsoft Corporation - 632351f51cb5057ca4c4a50283a705be
O41 - usb8028x - Windows NT Registry Driver - C:\WINDOWS\system32\drivers\usb8028x.sys - (running) - Windows NT Registry Driver - Windows System Internal - 79e2d1ac7108d61c9bb761bb6e4784f0
O41 - xqvfqs59 - Kernel - C:\WINDOWS\system32\drivers\xqvfqs59.sys - (running) - Kernel - Microsoft Corporation - cc6dc5c91f68ba11ae95c23e909abc84
O41 - ZSMC301b - Video streaming and Capture Device Driver - C:\WINDOWS\system32\drivers\usbVM31b.sys - (running) - Video streaming and Capture Device Driver - VM - 698ecd717ffa57ffe0b20d07ba4bd8e3
O41 - bhhiicje - bhhiicje - C:\WINDOWS\system32\drivers\bhhiicje.sys - (not running) -  -  -
O41 - dump_wmimmc - dump_wmimmc - C:\WINDOWS\system32\drivers\dump_wmimmc.sys - (not running) -  -  -
O41 - fsznfy63 - fsznfy63 - C:\WINDOWS\System32\DRIVERS\fsznfy63.sys - (not running) -  -  -
O41 - hyfnvm24 - hyfnvm24 - C:\WINDOWS\System32\DRIVERS\hyfnvm24.sys - (not running) -  -  -
O41 - javoda91 - javoda91 - C:\WINDOWS\System32\DRIVERS\javoda91.sys - (not running) -  -  -
O41 - lhuqel58 - lhuqel58 - C:\WINDOWS\System32\DRIVERS\lhuqel58.sys - (not running) -  -  -
O41 - NPPTNT2 - nProtect NPSC Kernel Mode Driver for NT - C:\WINDOWS\system32\npptNT2.sys - (not running) - nProtect NPSC Kernel Mode Driver for NT - INCA Internet Co., Ltd. - 9131fe60adfab595c8da53ad6a06aa31
O41 - WINIO - WINIO - G:\winio.sys - (not running) -  -  -

=======================================
360Safe.exe=3.2.1.1002
AntiAdwa.dll=3.2.0.1001
AntiEng.dll=3.0.2.2000
AntiActi.dll=2.0.0.3000
CleanHis.dll=3.0.2.1000
safelive.exe=1.0.0.2007
live.dll=1.0.0.1011

=======================================
操作历史报告：
----------查杀恶意软件历史----------

2007-04-07 09:20
查杀恶意软件 - Cnnic中文上网 - 危险 -
查杀恶意软件 - acpidisk驱动 - 危险 - C:\WINDOWS\system32\drivers\acpidisk.sys
查杀恶意软件 - WinMyFavor Class - 危险 - C:\WINDOWS\system32\MyFavor.dll
查杀恶意软件 - aatievv.exe - 危险 -


----------插件卸载操作历史----------

2007-04-07 09:23
插件管理 - yok搜索工具栏 -

----------全面诊断修复历史----------

2007-04-07 09:20
O4 - 危险 - sys32 - C:\WINDOWS\c25409.exe
O4 - 危险 - sys32 - C:\WINDOWS\c25409.exe

=======================================

360安全卫士，彻底查杀各种流氓软件,全面保护系统安全,并赠送正版卡巴斯基V6.0
最新免费下载：http://www.360safe.com

请下载SREng（最新版） ，使用“智能扫描”，按下“扫描”按钮进行扫描，
扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告
日志文件内容复制-粘贴上来,,日志一次粘不完，分次粘完，请不要修改。

下载地址
http://www.kztechs.com/sreng/sreng2.zip

我不是高手但受过这种流氓软件的折磨，在网站上也没人能给我解决，现在我用一款清除软件搞定了，你想要的话就给我联系。QQ469248178我会发给你的。

为什么那个sreng2会这样

修复sreng2后扫描的结果：
[CODE]

2007-04-07,10:53:18

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <sys51><C:\Documents and Settings\nan\Local Settings\History\E28463.exe>  []
    <sys52><C:\Documents and Settings\nan\My Documents\My Pictures\E24405.exe>  []
    <sys11><C:\Documents and Settings\nan\Application Data\a1738.exe>  []
    <sys12><C:\WINDOWS\system32\a10050.exe>  []
    <sys71><C:\WINDOWS\system32\G17192.exe>  []
    <sys72><C:\Documents and Settings\nan\My Documents\My Pictures\G6996.exe>  []
    <sys101><C:\Documents and Settings\nan\Local Settings\Temporary Internet Files\J16669.exe>  []
    <sys102><C:\Documents and Settings\nan\Application Data\J13650.exe>  []
    <sys81><C:\Documents and Settings\nan\「开始」菜单\程序\管理工具\H27940.exe>  []
    <sys82><C:\Documents and Settings\All Users\「开始」菜单\程序\管理工具\H31059.exe>  []
    <sys31><C:\Documents and Settings\nan\Local Settings\Application Data\c23235.exe>  []
    <sys91><C:\Documents and Settings\All Users\Documents\I5921.exe>  []
    <sys92><C:\Documents and Settings\nan\My Documents\My Pictures\I22355.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <NVMixerTray><"C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe">  [NVIDIA Corporation]
    <SoundMan><SOUNDMAN.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <nwiz><nwiz.exe /install>  [NVIDIA Corporation]
    <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <BigDogPath><C:\WINDOWS\eagle1.exe Vimicro USB PC Camera (ZC0301PL)>  [N/A]
    <PPHIDPAD><E:\工具\手写板\Win32\pphidpad.exe>  []
    <runeip><E:\工具\瑞星卡卡上网助手\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
    <thfklfe><C:\Program Files\Realtek AC97\thfklfe.exe>  []
    <360Safetray><F:\大话战国\360safe\safemon\360Tray.exe /start>  [奇虎网]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <sys51><C:\Documents and Settings\nan\Local Settings\History\E28463.exe>  []
    <sys52><C:\Documents and Settings\nan\My Documents\My Pictures\E24405.exe>  []
    <sys11><C:\Documents and Settings\nan\Application Data\a1738.exe>  []
    <sys12><C:\WINDOWS\system32\a10050.exe>  []
    <sys71><C:\WINDOWS\system32\G17192.exe>  []
    <sys72><C:\Documents and Settings\NetworkService\My Documents\My Pictures\G6996.exe>  []
    <sys101><C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\J16669.exe>  []
    <sys102><C:\Documents and Settings\NetworkService\Application Data\J13650.exe>  []
    <sys81><C:\Documents and Settings\nan\「开始」菜单\程序\管理工具\H27940.exe>  []
    <sys82><C:\Documents and Settings\All Users\「开始」菜单\程序\管理工具\H31059.exe>  []
    <sys31><C:\Documents and Settings\nan\Local Settings\Application Data\c23235.exe>  []
    <sys91><C:\Documents and Settings\All Users\Documents\I5921.exe>  []
    <sys92><C:\Documents and Settings\nan\My Documents\My Pictures\I22355.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]

==================================
启动文件夹
[WanSo]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\WanSo.lnk --> C:\WINDOWS\system32\rundll32.exe [Microsoft Corporation]><N>
[ydgcee]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\ydgcee.lnk --> C:\PROGRA~1\WinRAR\ydgceeg.exe [N/A]><N>
[sys51]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\sys51.lnk --> C:\DOCUME~1\nan\LOCALS~1\History\E28463.exe [N/A]><N>
[sys52]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\sys52.lnk --> C:\DOCUME~1\nan\MYDOCU~1\MYPICT~1\E24405.exe [N/A]><N>
[sys11]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\sys11.lnk --> C:\DOCUME~1\nan\APPLIC~1\a1738.exe [N/A]><N>
[sys12]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\sys12.lnk --> C:\WINDOWS\system32\a10050.exe [N/A]><N>
[sys71]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\sys71.lnk --> C:\WINDOWS\system32\G17192.exe [N/A]><N>
[sys72]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\sys72.lnk --> C:\DOCUME~1\nan\MYDOCU~1\MYPICT~1\G6996.exe [N/A]><N>
[sys101]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\sys101.lnk --> C:\DOCUME~1\NETWOR~1\LOCALS~1\TEMPOR~1\J16669.exe [N/A]><N>
[sys102]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\sys102.lnk --> C:\DOCUME~1\nan\APPLIC~1\J13650.exe [N/A]><N>
[sys81]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\sys81.lnk --> C:\DOCUME~1\nan\「开始~1\程序\管理工具\H27940.exe [N/A]><N>
[sys82]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\sys82.lnk --> C:\DOCUME~1\ALLUSE~1\「开始~1\程序\管理工具\H31059.exe [N/A]><N>
[sys31]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\sys31.lnk --> C:\DOCUME~1\nan\LOCALS~1\APPLIC~1\c23235.exe [N/A]><N>
[sys32]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\sys32.lnk --> C:\WINDOWS\c25409.exe [N/A]><N>
[sys91]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\sys91.lnk --> C:\DOCUME~1\ALLUSE~1\DOCUME~1\I5921.exe [N/A]><N>
[sys92]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\sys92.lnk --> C:\DOCUME~1\nan\MYDOCU~1\MYPICT~1\I22355.exe [N/A]><N>
[ruango]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\ruango.lnk --> C:\WINDOWS\system32\MSRundll.exe [Microsoft Corporation]><N>
[腾讯QQ]
  <C:\Documents and Settings\nan\「开始」菜单\程序\启动\腾讯QQ.lnk --> D:\PROGRA~1\QQ\QQ.exe [TENCENT]><N>

==================================
服务
[COMMAND DLL32 / CMD_DLL32][Running/Auto Start]
  <C:\WINDOWS\system32\CMDLL32.EXE><N/A>
[ Cryptographic Server / CryptographicServer][Running/Auto Start]
  <C:\WINDOWS\system32\mshtmlsed.exe><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[System Event Logger / Mercha2][Running/Auto Start]
  <C:\WINDOWS\SYSTEM32\RUNDLL2000.EXE C:\WINDOWS\SYSTEM32\WBEM\IDRSO.DLL,Export 1087><Microsoft Corporation>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[COM+ Error Report / Tech][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\ljyli.dll><Microsoft Corporation>

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[bhhiicje / bhhiicje][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\bhhiicje.sys><N/A>
[dnxy / dnxyx][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\dnxyx.sys><N/A>
[dump_wmimmc / dump_wmimmc][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\dump_wmimmc.sys><N/A>
[eoedjm3 / eoedjm38][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\eoedjm38.sys><Microsoft Corporation>
[fsznfy6 / fsznfy63][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\fsznfy63.sys><N/A>
[hyfnvm2 / hyfnvm24][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\hyfnvm24.sys><N/A>
[IC Plus IP100 10/100 Fast Ethernet Adapter NT Driver / ip100xp][Running/Manual Start]
  <system32\DRIVERS\ipfnd51.sys><IC Plus Corp.>
[javoda9 / javoda91][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\javoda91.sys><N/A>
[lhuqel5 / lhuqel58][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\lhuqel58.sys><N/A>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\D:\Program Files\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[NPPTNT2 / NPPTNT2][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\npptNT2.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[nvatabus / nvatabus][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\nvatabus.sys><NVIDIA Corporation>
[Service for NVIDIA(R) nForce(TM) Audio Enumerator / nvax][Stopped/Manual Start]
  <system32\drivers\nvax.sys><NVIDIA Corporation>
[Service for NVIDIA(R) nForce(TM) Audio / nvnforce][Stopped/Manual Start]
  <system32\drivers\nvapu.sys><NVIDIA Corporation>
[NVIDIA nForce AGP Bus Filter / nv_agp][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\nv_agp.sys><NVIDIA Corporation>
[ppmoucls / ppmoucls][Running/System Start]
  <System32\DRIVERS\ppmoucls.sys><Windows (R) 2000 DDK provider>
[PenPower Touchpad / pptchpad][Running/System Start]
  <System32\DRIVERS\pptchpd5.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[usb8028 / usb8028][Running/System Start]
  <system32\drivers\usb8028.sys><Microsoft Corporation>
[usb8028x / usb8028x][Running/System Start]
  <system32\drivers\usb8028x.sys><Windows System Internal>
[WINIO / WINIO][Stopped/Manual Start]
  <\??\G:\winio.sys><N/A>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[xqvfqs5 / xqvfqs59][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\xqvfqs59.sys><Microsoft Corporation>
[Vimicro USB PC Camera (ZC0301PL) / ZSMC301b][Running/Manual Start]
  <System32\Drivers\usbVM31b.sys><VM>
[135578 / 135578][Running/]
  <2 - 系统找不到指定的文件。
><N/A>

浏览器加载项
[Thunder Browser Helper]
  {385AB8C5-FB22-4D17-8834-064E2BA0A6F0} <E:\工具\迅雷\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[HelpIE Class]
  {589A6FED-A214-4FE3-8D1E-CD07BC634D89} <C:\WINDOWS\system32\HelpIE.dll, N/A>
[NavigatMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <F:\大话战国\360safe\safemon\safemon.dll, >
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[QQCycloneHelper Class]
  {352E3B39-CAB5-4DBC-B940-C7F84D0447D8} <D:\Program Files\QQ旋风\QQIEHelper01.dll, 腾讯公司>
[Thunder Browser Helper]
  {385AB8C5-FB22-4D17-8834-064E2BA0A6F0} <E:\工具\迅雷\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[HelpIE Class]
  {589A6FED-A214-4FE3-8D1E-CD07BC634D89} <C:\WINDOWS\system32\HelpIE.dll, N/A>
[YOKHttpFilter Class]
  {686D3343-D00D-49A1-96DF-66F3AF62F348} <C:\PROGRA~1\yok\adblock.dll, N/A>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[YOKAdBlock Class]
  {718F4AD3-70D4-425E-9159-5598DFC732ED} <C:\PROGRA~1\yok\adblock.dll, N/A>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <E:\工具\迅雷\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[NavigatMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <F:\大话战国\360safe\safemon\safemon.dll, >
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[&使用超级旋风下载]
  <D:\Program Files\QQ旋风\geturl.htm, N/A>
[&使用超级旋风下载全部链接]
  <D:\Program Files\QQ旋风\getAllurl.htm, N/A>
[&使用迅雷下载]
  <E:\工具\迅雷\Program\geturl.htm, N/A>
[&使用迅雷下载全部链接]
  <E:\工具\迅雷\Program\getallurl.htm, N/A>
[上传到QQ网络硬盘]
  <D:\Program Files\QQ\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
  <D:\Program Files\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\Program Files\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\Program Files\QQ\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 444][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 508][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 532][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 576][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 588][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 736][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 784][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 848][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\windows\system32\ljyli.dll]  [Microsoft Corporation, 5.1.2600.0]
[PID: 892][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 932][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1288][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1356][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\vchln.dll]  [N/A, ]
    [E:\工具\瑞星卡卡上网助手\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [F:\大话战国\360safe\safemon\safemon.dll]  [, 3, 2, 0, 1001]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\eoedjm38.dll]  [, 1, 1, 1, 1006]
    [C:\WINDOWS\system32\xqvfqs59.dll]  [, 1, 1, 1, 1006]
    [C:\WINDOWS\system32\nvcpl.dll]  [NVIDIA Corporation, 6.14.10.5672]
    [C:\WINDOWS\system32\nvshell.dll]  [NVIDIA Corporation, 6.14.10.5672]
    [C:\WINDOWS\system32\NVWRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.5672]
    [E:\工具\迅雷\ComDlls\XunLeiBHO_007.dll]  [Thunder Networking Technologies,LTD, 5, 0, 1, 4]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
[PID: 1620][C:\WINDOWS\system32\CMDLL32.EXE]  [N/A, ]
[PID: 1704][C:\WINDOWS\system32\mshtmlsed.exe]  [N/A, ]
[PID: 1748][C:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\ADPT1F.DLL]  [mcsoft, 1, 0, 0, 0]
    [E:\工具\瑞星卡卡上网助手\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1844][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5, 1, 0, 50]
    [E:\工具\瑞星卡卡上网助手\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1884][C:\WINDOWS\system32\RUNDLL32.EXE]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\NvMcTray.dll]  [NVIDIA Corporation, 6.14.10.5672]
    [E:\工具\瑞星卡卡上网助手\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1900][C:\WINDOWS\eagle1.exe]  [Vimicro, 3, 6, 626, 15]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [C:\WINDOWS\system32\VM31bPrp.Ax]  [Vimicro, 1.00.01.00]
    [E:\工具\瑞星卡卡上网助手\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1912][E:\工具\手写板\Win32\pphidpad.exe]  [N/A, ]
    [E:\工具\瑞星卡卡上网助手\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1940][E:\工具\瑞星卡卡上网助手\runiep.exe]  [Beijing Rising Technology Co., Ltd., 1, 0, 1, 6]
    [E:\工具\瑞星卡卡上网助手\iep_ctrl.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
    [E:\工具\瑞星卡卡上网助手\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1972][F:\大话战国\360safe\safemon\360Tray.exe]  [奇虎网, 3, 2, 1, 1001]
    [F:\大话战国\360safe\safemon\safemon.dll]  [, 3, 2, 0, 1001]
    [F:\大话战国\360safe\safemon\SafeKrnl.dll]  [奇虎网, 3, 2, 0, 1001]
    [F:\大话战国\360safe\AntiAdwa.dll]  [360Safe.com, 3, 2, 0, 1001]
    [E:\工具\瑞星卡卡上网助手\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2340][D:\Program Files\QQ\QQ.exe]  [TENCENT, 0, 0, 0, 0]
    [D:\Program Files\QQ\QQBaseClassInDll.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\QQ\QQHelperDll.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\QQ\BasicCtrlDll.dll]  [Tencent, 7, 0, 101, 80]
    [D:\Program Files\QQ\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [C:\WINDOWS\system32\xqvfqs59.dll]  [, 1, 1, 1, 1006]
    [C:\WINDOWS\system32\eoedjm38.dll]  [, 1, 1, 1, 1006]
    [F:\大话战国\360safe\safemon\safemon.dll]  [, 3, 2, 0, 1001]
    [D:\Program Files\QQ\RICHED32.DLL]  [Microsoft Corporation, 5.00.2134.1]
    [D:\Program Files\QQ\RICHED20.dll]  [Microsoft Corporation, 5.31.23.1218]
    [D:\Program Files\QQ\QQAPI.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\QQ\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
    [E:\工具\瑞星卡卡上网助手\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [D:\Program Files\QQ\LoginCtrl.dll]  [N/A, ]
    [D:\Program Files\QQ\npkcntc.dll]  [INCA Internet Co., Ltd., 2006, 6, 27, 1]
    [D:\Program Files\QQ\npkpdb.dll]  [INCA Internet Co., Ltd., 2003, 10, 1, 1]
    [D:\Program Files\QQ\LoginCtrlRes.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\QQ\QQRes.dll]  [tencent, 1, 0, 0, 1]
    [D:\Program Files\QQ\QQMainFrame.dll]  [N/A, ]
    [D:\Program Files\QQ\CQQApplication.dll]  [N/A, ]
    [D:\Program Files\QQ\NewSkin.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\QQ\HostingMgr.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\QQ\CameraDll.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\QQ\MailSummary.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\QQ\QQKnowledgeSearch.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\QQ\QQAllInOne.dll]  [N/A, ]
    [D:\Program Files\QQ\GroupLive.dll]  [N/A, ]
    [D:\Program Files\QQ\SCCore.dll]  [TENCENT, 2, 0, 0, 1]
    [D:\Program Files\QQ\gdiplus.dll]  [Microsoft Corporation, 5.1.3102.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\Program Files\QQ\QQSpace.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\QQ\vbscript.dll]  [Microsoft Corporation, 5.6.0.7426]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [D:\Program Files\QQ\QQGroupMng.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\QQ\FlashAvatarDll.dll]  [, 1, 4, 0, 1]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [D:\Program Files\QQ\QQAvatar.dll]  [N/A, ]
    [D:\Program Files\QQ\UserDefinedHead.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\QQ\QQPlugin.dll]  [N/A, ]
    [D:\Program Files\QQ\QQConfigPlugin.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\QQ\QRingMng.dll]  [N/A, ]
    [D:\Program Files\QQ\LongConnection.dll]  [tencent, 5, 0, 200, 160]
    [D:\Program Files\QQ\QQPet.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\QQ\PhoneAPI.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\QQ\DialerAllinOne.dll]  [tencent, 1, 4, 0, 0]
    [D:\Program Files\QQ\BQQApplication.dll]  [N/A, ]
    [D:\Program Files\QQ\QQFileTransfer.dll]  [Tencent, 0, 3, 3, 5]
    [D:\Program Files\QQ\CommercesMng.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\QQ\PersonalDesktop.dll]  [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 2]
    [D:\Program Files\QQ\QQAddr.dll]  [深圳市腾讯计算机系统有限公司, 5, 0, 101, 280]
    [D:\Program Files\QQ\QQCustomFace.dll]  [N/A, ]
    [C:\WINDOWS\system32\msadp32.acm]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\Program Files\QQ\ImageOle.dll]  [TODO: <Company name>, 1.0.0.1]
    [D:\Program Files\QQ\QQMagicFace.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\QQ\QQSceneMng.dll]  [N/A, ]
    [D:\Program Files\QQ\GroupConnection.dll]  [Tencent, 0, 3, 3, 5]
    [D:\Program Files\QQ\QQPhoneHelper.dll]  [腾讯科技（深圳）有限公司, 2, 1, 6, 60]
    [D:\Program Files\QQ\QQSysMsgMng.dll]  [N/A, ]
    [D:\Program Files\QQ\QQZip.dll]  [tencent, 0, 3, 2, 4]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
[PID: 2644][D:\Program Files\QQ\TIMPlatform.exe]  [tencent, 0, 3, 1, 8]
    [C:\WINDOWS\system32\xqvfqs59.dll]  [, 1, 1, 1, 1006]
    [C:\WINDOWS\system32\eoedjm38.dll]  [, 1, 1, 1, 1006]
    [F:\大话战国\360safe\safemon\safemon.dll]  [, 3, 2, 0, 1001]

[E:\工具\瑞星卡卡上网助手\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [D:\Program Files\QQ\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
[PID: 2860][C:\WINDOWS\system32\MSRundll.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\player.dll]  [  , 1, 0, 0, 3]
    [C:\WINDOWS\system32\xqvfqs59.dll]  [, 1, 1, 1, 1006]
    [C:\WINDOWS\system32\eoedjm38.dll]  [, 1, 1, 1, 1006]
    [F:\大话战国\360safe\safemon\safemon.dll]  [, 3, 2, 0, 1001]
    [E:\工具\瑞星卡卡上网助手\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 3056][C:\WINDOWS\system32\MSRundll.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\player.dll]  [  , 1, 0, 0, 3]
    [C:\WINDOWS\system32\xqvfqs59.dll]  [, 1, 1, 1, 1006]
    [C:\WINDOWS\system32\eoedjm38.dll]  [, 1, 1, 1, 1006]
    [F:\大话战国\360safe\safemon\safemon.dll]  [, 3, 2, 0, 1001]
[PID: 272][D:\Program Files\QQ\qqpet\qqpet.exe]  [腾讯公司, 2, 54, 101, 7]
    [D:\Program Files\QQ\qqpet\Pnet.dll]  [N/A, ]
    [C:\WINDOWS\system32\odbcbcp.dll]  [Microsoft Corporation, 2000.085.1117.00 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\xqvfqs59.dll]  [, 1, 1, 1, 1006]
    [C:\WINDOWS\system32\eoedjm38.dll]  [, 1, 1, 1, 1006]
    [F:\大话战国\360safe\safemon\safemon.dll]  [, 3, 2, 0, 1001]
    [D:\Program Files\QQ\qqpet\QQPetResDownload.dll]  [, 6, 1, 101, 1]
    [D:\Program Files\QQ\qqpet\QQPetCommunity.dll]  [, 6, 3, 103, 1]
    [E:\工具\瑞星卡卡上网助手\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 2592][E:\工具\Maxthon\Maxthon.exe]  [Maxthon International Ltd., 1, 5, 9, 80]
    [E:\工具\Maxthon\maxzlib.dll]  [ , 1, 0, 0, 2]
    [C:\WINDOWS\system32\xqvfqs59.dll]  [, 1, 1, 1, 1006]
    [C:\WINDOWS\system32\eoedjm38.dll]  [, 1, 1, 1, 1006]
    [F:\大话战国\360safe\safemon\safemon.dll]  [, 3, 2, 0, 1001]
    [C:\WINDOWS\system32\odbcbcp.dll]  [Microsoft Corporation, 2000.085.1117.00 (xpsp_sp2_rtm.040803-2158)]
    [E:\工具\瑞星卡卡上网助手\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [E:\工具\Maxthon\Services\RealTime\real_time.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\windjm38.dll]  [, 1, 1, 1, 1018]
    [C:\WINDOWS\system32\winfqs59.dll]  [, 1, 1, 1, 1017]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
[PID: 4672][D:\Program Files\QQ\QZone\Qzone.exe]  [腾讯公司, 1, 7, 101, 14]
    [D:\Program Files\QQ\QZone\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [C:\WINDOWS\system32\xqvfqs59.dll]  [, 1, 1, 1, 1006]
    [C:\WINDOWS\system32\eoedjm38.dll]  [, 1, 1, 1, 1006]
    [F:\大话战国\360safe\safemon\safemon.dll]  [, 3, 2, 0, 1001]
    [E:\工具\瑞星卡卡上网助手\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 7264][E:\工具\播放器\千千静听\TTPlayer.exe]  [Alen Soft, 4, 6, 9, 0]
    [E:\工具\播放器\千千静听\ttpcomm.dll]  [N/A, ]
    [C:\WINDOWS\system32\xqvfqs59.dll]  [, 1, 1, 1, 1006]
    [C:\WINDOWS\system32\eoedjm38.dll]  [, 1, 1, 1, 1006]
    [F:\大话战国\360safe\safemon\safemon.dll]  [, 3, 2, 0, 1001]
    [E:\工具\播放器\千千静听\ttpres.dll]  [Alen Soft, 4, 6, 9, 0]
    [E:\工具\播放器\千千静听\msdmo.dll]  [Microsoft Corporation, 6.03.01.0400]
    [E:\工具\瑞星卡卡上网助手\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [E:\工具\播放器\千千静听\AddIn\ttp_asf.dll]  [N/A, ]
[PID: 13940][D:\HIJACKTHIS\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\WINDOWS\system32\xqvfqs59.dll]  [, 1, 1, 1, 1006]
    [C:\WINDOWS\system32\eoedjm38.dll]  [, 1, 1, 1, 1006]
    [F:\大话战国\360safe\safemon\safemon.dll]  [, 3, 2, 0, 1001]
    [E:\工具\瑞星卡卡上网助手\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
N/A

==================================
隐藏进程
    [11828] C:\WINDOWS\system32\regsvr32.exe

==================================


[/CODE]

顶

顶起