桌面自己创建东西了,是一个叫音乐在线的网，下面是日志，帮我看看，我今天用瑞星刚杀出了16个毒

2006-10-11,20:07:18

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 1 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <SoundMan><SOUNDMAN.EXE>  [(Verified)Avance Logic, Inc.]
    <IgfxTray><C:\WINDOWS\System32\igfxtray.exe>  [(Verified)Intel Corporation]
    <HotKeysCmds><C:\WINDOWS\System32\hkcmd.exe>  [(Verified)Intel Corporation]
    <CnsMin><Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32>  [北京三七二一科技有限公司]
    <YLive.exe><C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe>  [Yahoo! China]
    <yassistse><"C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe">  [Yahoo!]
    <RavTask><"D:\瑞星2006\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <R><C:\WINDOWS\System32\rundll32.exe ctfmon.dll s>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <RavStub><"D:\瑞星2006\Rising\Rav\ravstub.exe" /RUNONCE>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\System32\userinit.exe,>  [(Verified)Microsoft Corporation]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{D157330A-9EF3-49F8-9A67-4141AC41ADD4}><C:\WINDOWS\DOWNLO~1\CnsHook.dll>  [北京三七二一科技有限公司]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
    <{E568441B-9EF3-49F8-9A67-4141AC41ADD4}><C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll>  [Yahoo! China]
    <{4BAB150F-DD97-476D-9C1E-41B6CDC0CA7A}><C:\PROGRA~1\Yahoo!\ASSIST~1\yclickon.dll>  [YAHOO Corporation Limited]

==================================
启动文件夹
[Microsoft Office]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk --> C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [Microsoft Corporation]><N>
[腾讯QQ]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\腾讯QQ.lnk --> D:\Program Files\QQ\QQ.exe [N/A]><N>

==================================
服务
[Human Interface Device Access / HidServ]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Kingsoft Personal Firewall Service / KPfwSvc]
  <"D:\shadu\KPfwSvc.EXE"><N/A>
[VeriSign Updater / navi]
  <C:\Program Files\VeriSign\NAVI\naviagent.exe uimode=agentupdate><VeriSign, Inc.>
[Rising Proxy  Service / RfwProxySrv]
  <d:\瑞星2006\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
  <d:\瑞星2006\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
  <"D:\瑞星2006\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
  <"D:\瑞星2006\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[SoftEther Virtual LAN Card / SoftEther]
  <"D:\游戏王-城之内\SoftEther\SoftEther.exe" service><N/A>
[SoftEther Virtual HUB / SoftHUB]
  <"D:\游戏王-城之内\SoftEther\SoftHUB.exe" service><N/A>

==================================
驱动程序
[ajurpg0 / ajurpg05]
  <\SystemRoot\System32\DRIVERS\ajurpg05.sys><Microsoft Corporation>
[Service for Avance AC97 Audio (WDM) / ALCXWDM]
  <system32\drivers\ALCXWDM.SYS><Avance Logic, Inc.>
[Rising TDI Base Driver / BaseTDI]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[CnsMinKP / CnsMinKP]
  <\SystemRoot\System32\drivers\CnsMinKP.sys><Copyright (C) 3721 Corporation.>
[EagleNT / EagleNT]
  <\??\C:\WINDOWS\System32\drivers\EagleNT.sys><N/A>
[ExpScaner / ExpScaner]
  <\??\D:\瑞星2006\Rising\Rav\ExpScan.sys><>
[HookCont / HookCont]
  <\??\D:\瑞星2006\Rising\Rav\HOOKCONT.sys><Rising tech Co. ltd>
[HookReg / HookReg]
  <\??\D:\瑞星2006\Rising\Rav\HookReg.sys><>
[HookSys / HookSys]
  <\??\D:\瑞星2006\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl]
  <\??\D:\瑞星2006\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[ialm / ialm]
  <System32\DRIVERS\ialmnt5.sys><Intel Corporation>
[kmsinput / kmsinput]
  <\??\C:\WINDOWS\System32\drivers\kmsinput.sys><N/A>
[MEMSCAN / MEMSCAN]
  <\??\D:\瑞星2006\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs]
  <\??\d:\瑞星2006\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[npkcrypt / npkcrypt]
  <\??\D:\Program Files\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[Direct Parallel Link Driver / Ptilink]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[rfsafe / rfsafe]
  <\SystemRoot\system32\drivers\rfsafe.sys><N/A>
[RGWatch / RGWatch]
  <\SystemRoot\system32\DRIVERS\RGWatch.sys><Windows (R) Server 2003 DDK provider>
[RsFwDrv / RsFwDrv]
  <\??\D:\瑞星2006\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
  <System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[rzkylj5 / rzkylj59]
  <\SystemRoot\System32\DRIVERS\rzkylj59.sys><Microsoft Corporation>
[Secdrv / Secdrv]
  <System32\DRIVERS\secdrv.sys><N/A>
[SoftEther Device Driver / SoftLAN]
  <System32\DRIVERS\SoftLAN.sys><SoftEther.com>
[vrvfilemon / VRVSYS]
  <\??\c:\bxy_vrv\filemon.sys><BXY>
[World Standard Teletext Codec / WSTCODEC]
  <System32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[USB PC Camera 301P / ZSMC301b]
  <System32\Drivers\usbVM31b.sys><VM>

==================================
浏览器加载项
[Yahoo!Photo]
  {33BBE430-0E42-4f12-B075-8D21ACB10DCB} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll, Yahoo! China>
[AntiFish Class]
  {38928D50-8A48-44C2-945F-D2F23F771410} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll, Yahoo.>
[BandIE Class]
  {77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\PROGRA~1\baidu\bar\BaiduBar.dll, Baidu.com, Inc.>
[]
  {A9930D97-9CF0-42A0-A10D-4F28836579D5} <D:\PROGRA~1\KuGoo3\KUGOO3~1.OCX, N/A>
[CnsHook Class]
  {D157330A-9EF3-49F8-9A67-4141AC41ADD4} <C:\WINDOWS\DOWNLO~1\CnsHook.dll, 北京三七二一科技有限公司>
[Yahoo 3.5G电邮]
  {507F9113-CD77-4866-BA92-0E86DA3D0B97} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail, N/A>
[名品折扣]
  {59BC54A2-56B3-44a0-93E5-432D58746E26} <http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=http://www.taobao.com/vertical/mall/pro.php?allyesPara=816, N/A>
[雅虎助手]
  {5D73EE86-05F1-49ed-B850-E423120EC338} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist, N/A>
[雅虎WIDGET]
  {6354ABE6-05F1-49ed-B850-E423120EC338} <http://cn.widget.yahoo.com/index.htm?source=Cns, N/A>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[情景聊天]
  {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg, N/A>
[]
  {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair, N/A>
[]
  {FD00D911-7529-4084-9946-A29F1BDF4FE5} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean, N/A>
[]
  {974AD624-EA50-4831-A6C0-3040F6665396} <C:\WINDOWS\Downlo~1\rssband.dll, 北京新浪信息技术有限公司>
[新浪点点通阅读器]
  {F0646DC8-58CD-4C64-8F6B-525043914685} <C:\WINDOWS\Downlo~1\rssband.dll, 北京新浪信息技术有限公司>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[百度超级搜霸]
  {B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\BaiduBar.dll, Baidu.com, Inc.>
[IMCv1 Control]
  {6924091F-CD97-41E1-B1D4-D9079409D413} <C:\WINDOWS\DOWNLO~1\imcv1.dll, 北京莲塘软件技术有限公司 Liantang Software Tech. Inc. (http://www.lotuspond.com.cn)>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[!搜一搜]
  <res://C:\Program Files\yisou\yisou.dll/232, N/A>
[上传到QQ网络硬盘]
  <D:\Program Files\QQ\AddToNetDisk.htm, N/A>
[使用KuGoo3下载(&K)]
  <D:\Program Files\KuGoo3\KuGoo3DownX.htm, N/A>
[添加到QQ自定义面板]
  <D:\Program Files\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\Program Files\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\Program Files\QQ\SendMMS.htm, N/A>
[百度-搜索MP3]
  <res://C:\PROGRA~1\baidu\bar\BaiduBar.dll/BAIDUMP3.HTM, N/A>
[百度-搜索图片]
  <res://C:\PROGRA~1\baidu\bar\BaiduBar.dll/BAIDUIMG.HTM, N/A>
[百度-搜索新闻]
  <res://C:\PROGRA~1\baidu\bar\BaiduBar.dll/BAIDUNEWS.HTM, N/A>
[百度-搜索歌词]
  <res://C:\PROGRA~1\baidu\bar\BaiduBar.dll/BAIDULYRIC.HTM, N/A>
[百度-搜索网页]
  <res://C:\PROGRA~1\baidu\bar\BaiduBar.dll/BAIDUSEARCH.HTM, N/A>
[百度-搜索贴吧]
  <res://C:\PROGRA~1\baidu\bar\BaiduBar.dll/BAIDUPOST.HTM, N/A>
[百度-词典搜索]
  <res://C:\PROGRA~1\baidu\bar\BaiduBar.dll/BAIDU_DIC.HTM, N/A>

==================================
正在运行的进程
[PID: 448][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 512][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 536][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.1557 (xpsp2_gdr.040517-1325)]
[PID: 580][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 592][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 748][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\quartz32.dll]  [, 4, 1, 0, 0]
[PID: 824][D:\瑞星2006\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 840][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\quartz32.dll]  [, 4, 1, 0, 0]
[PID: 988][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1020][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\quartz32.dll]  [, 4, 1, 0, 0]
[PID: 1056][D:\瑞星2006\Rising\Rav\Ravmond.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 1, 35]
    [D:\瑞星2006\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 19]
    [D:\瑞星2006\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [D:\瑞星2006\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [D:\瑞星2006\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [D:\瑞星2006\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [D:\瑞星2006\Rising\Rav\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [D:\瑞星2006\Rising\Rav\HOOKSYS.dll]  [Beijing Rising Technology Co., Ltd., 18, 1, 0, 11]
    [D:\瑞星2006\Rising\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 32]
    [D:\瑞星2006\Rising\Rav\libload.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
    [D:\瑞星2006\Rising\Rav\VirusLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 12]
    [D:\瑞星2006\Rising\Rav\regmon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [D:\瑞星2006\Rising\Rav\HookWeb.dll]  [rising, 18, 0, 0, 2]
    [D:\瑞星2006\Rising\Rav\MemMon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
    [D:\瑞星2006\Rising\Rav\expscan.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [D:\瑞星2006\Rising\Rav\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
    [D:\瑞星2006\Rising\Rav\MailMon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [D:\瑞星2006\Rising\Rav\SpamEng.dll]  [N/A, 18, 0, 0, 6]
    [D:\瑞星2006\Rising\Rav\engine.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 34]
    [C:\WINDOWS\System32\quartz32.dll]  [, 4, 1, 0, 0]
    [D:\瑞星2006\Rising\Rav\PostTrt.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 17]
    [D:\瑞星2006\Rising\Rav\UnExe.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [D:\瑞星2006\Rising\Rav\ScanExec.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [D:\瑞星2006\Rising\Rav\ScanEx.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 28]
    [D:\瑞星2006\Rising\Rav\RSUnpack.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 18]
    [D:\瑞星2006\Rising\Rav\NvFile.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 7]
    [D:\瑞星2006\Rising\Rav\ScanMac.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 10]
    [D:\瑞星2006\Rising\Rav\ScanSct.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 19]
    [D:\瑞星2006\Rising\Rav\Unpacker.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [D:\瑞星2006\Rising\Rav\ExtOLE.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
[PID: 1196][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\DOWNLO~1\CnsHook.dll]  [北京三七二一科技有限公司, 1, 0, 3, 7]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 21]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll]  [Yahoo! China, 2, 0, 4, 1007]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\yclickon.dll]  [YAHOO Corporation Limited, 2, 0, 0, 1001]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 8]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [, 2, 0, 9, 1027]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\YAlive.dll]  [, 2, 0, 4, 1030]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]  [ , 2, 0, 1, 1007]
    [C:\PROGRA~1\baidu\bar\BaiduBar.dll]  [Baidu.com, Inc., 2, 0, 2, 49]
    [C:\WINDOWS\System32\quartz32.dll]  [, 4, 1, 0, 0]
    [C:\WINDOWS\System32\igfxpph.dll]  [Intel Corporation, 3,0,0,2082]
    [C:\WINDOWS\System32\hccutils.DLL]  [Intel Corporation, 3,0,0,2082]
    [C:\WINDOWS\System32\igfxres.dll]  [Intel Corporation, 3,0,0,2082]
    [C:\WINDOWS\System32\igfxsrvc.dll]  [Intel Corporation, 3,0,0,2082]
    [C:\WINDOWS\System32\igfxdev.dll]  [Intel Corporation, 3,0,0,2082]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll]  [Yahoo! China, 1, 1, 3, 1035]
    [D:\PROGRA~1\KuGoo3\KUGOO3~1.OCX]  [N/A, N/A]
    [D:\Program Files\QQ\qdshm.dll]  [, 1, 0, 1, 2]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\ywiper.dll]  [N/A, 1, 0, 1, 1014]
    [D:\瑞星2006\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]

[PID: 1240][d:\瑞星2006\rising\rfw\rfwsrv.exe]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 33]
    [d:\瑞星2006\rising\rfw\RfwRule.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 13]
    [d:\瑞星2006\rising\rfw\rfwlog.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 6]
    [d:\瑞星2006\rising\rfw\Rfwdrv.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 21]
    [d:\瑞星2006\rising\rfw\MonDrv.dll]  [rs, 1, 0, 0, 4]
    [d:\瑞星2006\rising\rfw\ProcLib.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 9]
[PID: 1408][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.1699 (xpsp2.050610-1533)]
    [C:\WINDOWS\system32\OLFMNT40.DLL]  [Microsoft Corporation, 9.0.98.0105]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\olfpnt40.dll]  [Microsoft Corporation, 9.0.98.0105]
[PID: 1412][C:\WINDOWS\System32\Rundll32.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 8]
    [C:\WINDOWS\DOWNLO~1\CnsMinIO.dll]  [北京三七二一科技有限公司, 1, 0, 3, 6]
    [C:\WINDOWS\DOWNLO~1\cnsio.dll]  [北京三七二一科技有限公司, 1, 0, 2, 7]
[PID: 1488][D:\瑞星2006\Rising\Rav\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 16]
    [D:\瑞星2006\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [D:\瑞星2006\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 1648][d:\瑞星2006\rising\rfw\RfwMain.exe]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 52]
    [d:\瑞星2006\rising\rfw\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 23]
    [d:\瑞星2006\rising\rfw\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [d:\瑞星2006\rising\rfw\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 8]
[PID: 1744][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\quartz32.dll]  [, 4, 1, 0, 0]
[PID: 1804][C:\Program Files\VeriSign\NAVI\naviagent.exe]  [VeriSign, Inc., 2.0.0.14]
[PID: 1872][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1600][C:\PROGRA~1\VeriSign\NAVI\NAVICL~1.EXE]  [VeriSign, Inc., 2.0.1.0]
    [C:\Program Files\VeriSign\NAVI\naviservice.dll]  [VeriSign, Inc., 2.0.2.0]
[PID: 1784][C:\WINDOWS\SOUNDMAN.EXE]  [Avance Logic, Inc., 5, 0, 0, 0]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 8]
[PID: 1768][C:\WINDOWS\System32\igfxtray.exe]  [Intel Corporation, 3,0,0,2082]
    [C:\WINDOWS\System32\hccutils.DLL]  [Intel Corporation, 3,0,0,2082]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 8]
    [C:\WINDOWS\System32\igfxdev.dll]  [Intel Corporation, 3,0,0,2082]
    [C:\WINDOWS\System32\igfxsrvc.dll]  [Intel Corporation, 3,0,0,2082]
    [C:\WINDOWS\System32\igfxres.dll]  [Intel Corporation, 3,0,0,2082]
    [C:\WINDOWS\System32\igfxress.dll]  [Intel Corporation, 3,0,0,2082]
[PID: 1720][C:\WINDOWS\System32\hkcmd.exe]  [Intel Corporation, 3,0,0,2082]
    [C:\WINDOWS\System32\hccutils.DLL]  [Intel Corporation, 3,0,0,2082]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 8]
    [C:\WINDOWS\System32\igfxdev.dll]  [Intel Corporation, 3,0,0,2082]
    [C:\WINDOWS\System32\igfxsrvc.dll]  [Intel Corporation, 3,0,0,2082]
    [C:\WINDOWS\System32\igfxhk.dll]  [Intel Corporation, 3,0,0,2082]
    [C:\WINDOWS\System32\igfxres.dll]  [Intel Corporation, 3,0,0,2082]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll]  [Yahoo! China, 2, 0, 4, 1007]
[PID: 1896][C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe]  [Yahoo! China, 2, 0, 4, 1007]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll]  [Yahoo! China, 2, 0, 4, 1007]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [, 2, 0, 9, 1027]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 8]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\YAlive.dll]  [, 2, 0, 4, 1030]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]  [ , 2, 0, 1, 1007]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Ynotifier.dll]  [, 1, 0, 0, 5]
[PID: 1840][D:\瑞星2006\Rising\Rav\RavTask.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 22]
    [D:\瑞星2006\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [D:\瑞星2006\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [D:\瑞星2006\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [D:\瑞星2006\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [, 2, 0, 9, 1027]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll]  [Yahoo! China, 2, 0, 4, 1007]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 8]
[PID: 2040][C:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [, 2, 0, 9, 1027]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll]  [Yahoo! China, 2, 0, 4, 1007]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 8]
[PID: 172][D:\瑞星2006\Rising\Rav\Ravmon.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 1, 33]
    [D:\瑞星2006\Rising\Rav\RsGuiLib.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 26]
    [D:\瑞星2006\Rising\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 19]
    [D:\瑞星2006\Rising\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [D:\瑞星2006\Rising\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
    [D:\瑞星2006\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [D:\瑞星2006\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [D:\瑞星2006\Rising\Rav\PngDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 5]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [, 2, 0, 9, 1027]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll]  [Yahoo! China, 2, 0, 4, 1007]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 8]
[PID: 2968][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\103826.exe]  [N/A, N/A]
[PID: 3256][D:\新建文件夹\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [, 2, 0, 9, 1027]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll]  [Yahoo! China, 2, 0, 4, 1007]
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  [北京三七二一科技有限公司, 1, 5, 3, 8]
    [C:\WINDOWS\System32\quartz32.dll]  [, 4, 1, 0, 0]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
MSTCPChain Provider
    C:\WINDOWS\System32\quartz32.dll(, MFClDLL)
MSTCP Provider
    C:\WINDOWS\System32\quartz32.dll(, MFClDLL)

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost
219.139.58.97  www.hao123.com
219.139.58.97  hao123.com
219.139.58.97  www.7b.com.cn
219.139.58.97  7b.com.cn
219.139.58.97  www.7939.com
219.139.58.97  www.maohehe.com
219.139.58.97  www.sina-baidu.com
219.139.58.97  sina-baidu.com
219.139.58.97  www.maipao.com
219.139.58.97  update.virussky.com
219.139.58.97  down.virussky.com
219.139.58.97  www.ycdy.com
219.139.58.97  ycdy.com
219.139.58.97  www.2tu.cn
219.139.58.97  2tu.cn
219.139.58.97  www.91tu.cn
219.139.58.97  91tu.cn
219.139.58.97  www.haotop.com
219.139.58.97  news01.virussky.com
219.139.58.97  news02.virussky.com
219.139.58.97  news03.virussky.com
219.139.58.97  news04.virussky.com
219.139.58.97  news40.virussky.com
219.139.58.97  news41.virussky.com
219.139.58.97  news42.virussky.com
219.139.58.97  www.an85.com
219.139.58.97  an85.com
219.139.58.97  www.360safe.com
219.139.58.97  360safe.com
219.139.58.97  dl.360safe.com
219.139.58.97  bbs.360safe.com
219.139.58.97  www.gao58.com
219.139.58.97  count18.51yes.com
219.139.58.97  www.ok538.com
219.139.58.97  www.3000sss.com
219.139.58.97  3000sss.com
219.139.58.97  www.qq658.com
219.139.58.97  www.53679.com
219.139.58.97  www.17587.net
219.139.58.97  www.17587.com
219.139.58.97  www.an188.com
219.139.58.97  cwzwxm.3322.org
219.139.58.97  www.onediy.net
219.139.58.97  sohu.fswan.com
219.139.58.97  www.hewdq.com
219.139.58.97  go.ipcenter.cn
219.139.58.97  www.32666.com
219.139.58.97  show.googleadsenseagent.com
219.139.58.97  www.2yin.cn
219.139.58.97  2yin.cn
219.139.58.97  www.84442.com
219.139.58.97  www.898333.com
219.139.58.97  hewdq.com
219.139.58.97  84442.com
219.139.58.97  wwww.systeel.com.cn
219.139.58.97  go.baibaoxiang.cn
219.139.58.97  www.btbaicai.com
219.139.58.97  btbaicai.com
219.139.58.97  www.2t2t.cn
219.139.58.97  2t2t.cn
219.139.58.97  3.a.kal.cn
219.139.58.97  www.222978.com
219.139.58.97  www.5yaowan.com
219.139.58.97  show.roogoo.com
219.139.58.97  ip.alexaanywhere.com
219.139.58.97  www.znmq.com
219.139.58.97  www.pctutu.com

==================================

【回复“我无邪”的帖子】219.139.58.97 www.hao123.com
219.139.58.97 hao123.com
219.139.58.97 www.7b.com.cn
219.139.58.97 7b.com.cn
219.139.58.97 www.7939.com
219.139.58.97 www.maohehe.com
219.139.58.97 www.sina-baidu.com
219.139.58.97 sina-baidu.com
219.139.58.97 www.maipao.com
219.139.58.97 update.virussky.com
219.139.58.97 down.virussky.com
219.139.58.97 www.ycdy.com
219.139.58.97 ycdy.com
219.139.58.97 www.2tu.cn
219.139.58.97 2tu.cn
219.139.58.97 www.91tu.cn
219.139.58.97 91tu.cn
219.139.58.97 www.haotop.com
219.139.58.97 news01.virussky.com
219.139.58.97 news02.virussky.com
219.139.58.97 news03.virussky.com
219.139.58.97 news04.virussky.com
219.139.58.97 news40.virussky.com
219.139.58.97 news41.virussky.com
219.139.58.97 news42.virussky.com
219.139.58.97 www.an85.com
219.139.58.97 an85.com
219.139.58.97 www.360safe.com
219.139.58.97 360safe.com
219.139.58.97 dl.360safe.com
219.139.58.97 bbs.360safe.com
219.139.58.97 www.gao58.com
219.139.58.97 count18.51yes.com
219.139.58.97 www.ok538.com
219.139.58.97 www.3000sss.com
219.139.58.97 3000sss.com
219.139.58.97 www.qq658.com
219.139.58.97 www.53679.com
219.139.58.97 www.17587.net
219.139.58.97 www.17587.com
219.139.58.97 www.an188.com
219.139.58.97 cwzwxm.3322.org
219.139.58.97 www.onediy.net
219.139.58.97 sohu.fswan.com
219.139.58.97 www.hewdq.com
219.139.58.97 go.ipcenter.cn
219.139.58.97 www.32666.com
219.139.58.97 show.googleadsenseagent.com
219.139.58.97 www.2yin.cn
219.139.58.97 2yin.cn
219.139.58.97 www.84442.com
219.139.58.97 www.898333.com
219.139.58.97 hewdq.com
219.139.58.97 84442.com
219.139.58.97 wwww.systeel.com.cn
219.139.58.97 go.baibaoxiang.cn
219.139.58.97 www.btbaicai.com
219.139.58.97 btbaicai.com
219.139.58.97 www.2t2t.cn
219.139.58.97 2t2t.cn
219.139.58.97 3.a.kal.cn
219.139.58.97 www.222978.com
219.139.58.97 www.5yaowan.com
219.139.58.97 show.roogoo.com
219.139.58.97 ip.alexaanywhere.com
219.139.58.97 www.znmq.com
219.139.58.97 www.pctutu.com
这些都要删除吗

【回复“我无邪”的帖子】C:\WINDOWS\System32\quartz32.dll这个删除不了