启动文件夹
[腾讯QQ]
  <C:\Documents and Settings\xwq\「开始」菜单\程序\启动\腾讯QQ.lnk --> C:\PROGRA~1\Tencent\qq\QQ.exe [TENCENT]><N>
[QQ游戏启动加速程序]
  <C:\Documents and Settings\xwq\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> C:\PROGRA~1\Tencent\QQGame\Accel.exe [深圳市腾讯计算机系统有限公司]><N>

==================================
服务
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
  <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Transaction Provisioning Service / foxjame][Stopped/Auto Start]
  <C:\WINDOWS\System32\temp1.exe><N/A>
[Provisioning Service Transaction / h2k3_3333][Stopped/Auto Start]
  <C:\WINDOWS\System32\winloginb.exe><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[kavsvc / kavsvc][Running/Auto Start]
  <D:\Kaspersky Anti-Virus Personal\kavsvc.exe><Kaspersky Lab>
[WinFast(R) Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation>
[Windows Accounts Driver Extensions / RemoteStorage][Stopped/Auto Start]
  <C:\WINDOWS\System32\winloginc.exe><N/A>
[Windows DHCP Service / WinDHCPsvc][Stopped/Auto Start]
  <C:\WINDOWS\System32\rundll32.exe windhcp.ocx,start><Microsoft Corporation>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\System32\mspmsnsv.dll><Microsoft Corporation>

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AMD Processor Driver / AmdK8][Running/System Start]
  <System32\DRIVERS\AmdK8.sys><Advanced Micro Devices>
[Cdsys / Cdsys][Stopped/Manual Start]
  <\??\C:\WINDOWS\System32\cdcd.sys><N/A>
[EagleNT / EagleNT][Stopped/Manual Start]
  <\??\C:\WINDOWS\System32\drivers\EagleNT.sys><N/A>
[GMSIPCI / GMSIPCI][Stopped/Manual Start]
  <\??\K:\INSTALL\GMSIPCI.SYS><N/A>
[Klif / Klif][Running/System Start]
  <System32\drivers\klif.sys><Kaspersky Labs>
[Klmc / Klmc][Running/System Start]
  <System32\drivers\klmc.sys><Kaspersky Lab>
[kmsinput / kmsinput][Stopped/Manual Start]
  <\??\C:\WINDOWS\System32\drivers\kmsinput.sys><N/A>
[Logitech PS/2 Mouse Filter Driver / L8042pr2][Running/Manual Start]
  <System32\DRIVERS\L8042pr2.Sys><Logitech, Inc.>
[Logitech Mouse Class Filter Driver / LMouFlt2][Running/Manual Start]
  <System32\DRIVERS\LMouFlt2.Sys><Logitech, Inc.>
[MSICPL / MSICPL][Stopped/Manual Start]
  <\??\L:\install4\MSICPL.sys><N/A>
[Netpas Win32 Virtual Network Adapter / netpasadapter1][Running/Manual Start]
  <System32\DRIVERS\netpas.sys><Netpas>
[npkcrypt / npkcrypt][Stopped/Auto Start]
  <\??\C:\Program Files\Tencent\qq\npkcrypt.sys><N/A>
[npkycryp / npkycryp][Stopped/Manual Start]
  <\??\C:\Program Files\Tencent\qq\npkycryp.sys><N/A>
[NTACCESS / NTACCESS][Stopped/Manual Start]
  <\??\L:\NTACCESS.sys><N/A>
[nv / nv][Running/Manual Start]
  <System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[nvata / nvata][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\nvata.sys><NVIDIA Corporation>
[NVIDIA nForce Networking Controller Driver / NVENETFD][Running/Manual Start]
  <System32\DRIVERS\NVENETFD.sys><NVIDIA Corporation>
[NVIDIA Network Bus Enumerator / nvnetbus][Running/Manual Start]
  <System32\DRIVERS\nvnetbus.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\PxHelp20.sys><Sonic Solutions>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[SetupNTGLM7X / SetupNTGLM7X][Stopped/Manual Start]
  <\??\L:\NTGLM7X.sys><N/A>
[TSP / TSP][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Labs>
[WiseGroup device driver / VendorJoystickEnabler][Running/Manual Start]
  <System32\DRIVERS\psjoy.sys><Beijing WiseGrup.,Ltd (gamepad.yeah.net)>
[Via4in1 / Via4in1][Stopped/Manual Start]
  <\??\K:\DATA\fscommand\Via4in1.sys><N/A>
[WINFOXIO / WINFOXIO][Stopped/Manual Start]
  <\??\C:\WINDOWS\System32\Drivers\WINFOXIO.SYS><Leadtek Research Inc.>

浏览器加载项
[超级兔子上网精灵]
  {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <C:\PROGRA~1\SUPERR~1\MAGICSET\haokanbar.dll, Xiang Feng Technology>
[浩方对战平台]
  {0A155D3C-68E2-4215-A47A-E800A446447A} <F:\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\qq\QQ.EXE, TENCENT>
[易趣购物]
  {DE60714F-AC17-427e-861A-FD60CBDF119A} <http://click2.ad4all.net/url2/urlmanage/url.asp?id=1, N/A>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <C:\Program Files\Tencent\qq\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft>
[MMCPlayer Class]
  {05C1004E-2596-48E5-8E26-39362985EEB9} <C:\WINDOWS\Downloaded Program Files\MMCShell.dll, Sohu.com Inc.>
[SSOClientAgent Class]
  {05DA0521-0B6B-458C-BFB1-1EFEF1F3C8FF} <, N/A>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\System32\wuweb.dll, Microsoft Corporation>
[AxSubmitControl Class]
  {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\DOWNLO~1\SUBMIT~1.DLL, >
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[上传到QQ网络硬盘]
  <C:\Program Files\Tencent\qq\AddToNetDisk.htm, N/A>
[使用网际快车下载]
  <C:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <C:\Program Files\FlashGet\jc_all.htm, N/A>
[添加到QQ自定义面板]
  <C:\Program Files\Tencent\qq\AddPanel.htm, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <C:\Program Files\Tencent\qq\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 720][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 796][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 820][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 872][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 884][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 1044][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll]  [Logitech Inc., 1.1.0]
[PID: 1172][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1316][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1396][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1632][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[PID: 1876][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll]  [Logitech Inc., 1.1.0]
    [C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll]  [Logitech Inc., 9.80.019]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
    [D:\Kaspersky Anti-Virus Personal\shellex.dll]  [Kaspersky Lab, 5.0.142.1]
    [C:\WINDOWS\System32\nvcpl.dll]  [NVIDIA Corporation, 6.14.10.7750]
    [C:\WINDOWS\System32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.7750]
    [C:\WINDOWS\System32\nvshell.dll]  [NVIDIA Corporation, 6.14.10.10523]
[PID: 284][C:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll]  [Logitech Inc., 1.1.0]
[PID: 296][C:\Program Files\Logitech\MouseWare\system\em_exec.exe]  [Logitech Inc., 9.80.019]
    [C:\Program Files\Logitech\MouseWare\system\EVENTEX.dll]  [Logitech Inc., 9.80.019]
    [C:\WINDOWS\System32\COMNCTR.dll]  [Logitech Inc., 9.80.019]
    [C:\Program Files\Logitech\MouseWare\system\ccresrce.dll]  [Logitech Inc., 9.80.019]
    [C:\Program Files\Logitech\MouseWare\system\GlbResLt.dll]  [Logitech Inc., 9.80.019]
    [C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll]  [Logitech Inc., 1.1.0]
    [C:\Program Files\Logitech\MouseWare\System\devices.dll]  [Logitech Inc., 9.80.019]
    [C:\Program Files\Logitech\MouseWare\system\ccstmglb.dll]  [Logitech Inc., 9.80.019]
    [C:\Program Files\Logitech\MouseWare\system\ccustom.dll]  [Logitech Inc., 9.80.019]
    [C:\Program Files\Logitech\MouseWare\system\ccmsghk.dll]  [Logitech Inc., 9.80.019]
    [C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll]  [Logitech Inc., 9.80.019]
[PID: 356][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 468][C:\WINDOWS\System32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.7750]
[PID: 924][C:\WINDOWS\System32\conime.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll]  [Logitech Inc., 9.80.019]
    [C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll]  [Logitech Inc., 1.1.0]
[PID: 540][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [C:\PROGRA~1\SUPERR~1\MAGICSET\haokanbar.dll]  [Xiang Feng Technology, 2, 2, 0, 1612]
[PID: 800][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll]  [Logitech Inc., 9.80.019]
    [C:\PROGRA~1\SUPERR~1\MAGICSET\haokanbar.dll]  [Xiang Feng Technology, 2, 2, 0, 1612]
    [C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll]  [Logitech Inc., 1.1.0]
    [D:\Kaspersky Anti-Virus Personal\avpscrch.dll]  [Kaspersky Lab, 1.0.142.342]
    [D:\Kaspersky Anti-Virus Personal\concl.dll]  [Kaspersky Lab, 1.0.142.3]
    [D:\Kaspersky Anti-Virus Personal\FSSync.dll]  [Kaspersky Lab, 5.0.0.0]
    [D:\Kaspersky Anti-Virus Personal\ipc.dll]  [Kaspersky Lab, 5.0.142.0]
[PID: 1232][C:\Program Files\teamspeak2_RC2\TeamSpeak.exe]  [Dominating Bytes Design, 2.0.32.60.04.8.1 中文版]
    [C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll]  [Logitech Inc., 9.80.019]
    [C:\Program Files\teamspeak2_RC2\hvdi.dll]  [N/A, N/A]
    [C:\Program Files\teamspeak2_RC2\libspeex.dll]  [N/A, N/A]
    [C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll]  [Logitech Inc., 1.1.0]
[PID: 2196][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll]  [Logitech Inc., 9.80.019]
    [C:\PROGRA~1\SUPERR~1\MAGICSET\haokanbar.dll]  [Xiang Feng Technology, 2, 2, 0, 1612]
    [C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll]  [Logitech Inc., 1.1.0]
    [D:\Kaspersky Anti-Virus Personal\avpscrch.dll]  [Kaspersky Lab, 1.0.142.342]
    [D:\Kaspersky Anti-Virus Personal\concl.dll]  [Kaspersky Lab, 1.0.142.3]
    [D:\Kaspersky Anti-Virus Personal\FSSync.dll]  [Kaspersky Lab, 5.0.0.0]
    [D:\Kaspersky Anti-Virus Personal\ipc.dll]  [Kaspersky Lab, 5.0.142.0]
    [C:\WINDOWS\System32\Macromed\Flash\Flash8b.ocx]  [Macromedia, Inc., 8,0,24,0]
[PID: 848][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll]  [Logitech Inc., 9.80.019]
    [C:\PROGRA~1\SUPERR~1\MAGICSET\haokanbar.dll]  [Xiang Feng Technology, 2, 2, 0, 1612]
    [C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll]  [Logitech Inc., 1.1.0]
    [D:\Kaspersky Anti-Virus Personal\avpscrch.dll]  [Kaspersky Lab, 1.0.142.342]
    [D:\Kaspersky Anti-Virus Personal\concl.dll]  [Kaspersky Lab, 1.0.142.3]
    [D:\Kaspersky Anti-Virus Personal\FSSync.dll]  [Kaspersky Lab, 5.0.0.0]
    [D:\Kaspersky Anti-Virus Personal\ipc.dll]  [Kaspersky Lab, 5.0.142.0]
[PID: 2188][E:\杀毒\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]
    [C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll]  [Logitech Inc., 9.80.019]
    [C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll]  [Logitech Inc., 1.1.0]

文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
警告！System Repair Engineer 提醒
你下面的函数内容与预期值不符，他
们可能被一些恶意的软件所修改：
RVA  错误： LoadLibraryA
RVA  错误： LoadLibraryExA
RVA  错误： LoadLibraryExW
RVA  错误： LoadLibraryW

==================================


[/CODE]

谢谢 2位! 再帮偶看看

运行(双击)SRENG2，点“启动项目，服务，点“Win32服务应用程序”
勾选“隐藏微软服务”选中病毒服务
Transaction Provisioning Service
Windows DHCP Service
，选择“删除服务”
点“设置”选择“否”
重启按F８进入安全模式下
显示隐藏文件
删除：   
windhcp.ocx,
C:\WINDOWS\System32\temp1.exe

C:\WINDOWS\System32\twunk32.exe
参考
http://forum.ikaka.com/topic.asp?board=28&artid=8237996

可疑文件
<C:\WINDOWS\System32\winloginb.exe
C:\WINDOWS\System32\winloginc.exe

.....

【回复“123321”的帖子】
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<WinFoxV2><C:\WINDOWS\System32\WF2K.EXE Initial> [N/A]
<WinFast2KLoadDefault><rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings> [Leadtek Research Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<twin><C:\WINDOWS\System32\twunk32.exe> [N/A]


[Transaction Provisioning Service / foxjame][Stopped/Auto Start]
<C:\WINDOWS\System32\temp1.exe><N/A>
[Provisioning Service Transaction / h2k3_3333][Stopped/Auto Start]
<C:\WINDOWS\System32\winloginb.exe><N/A>
[Windows Accounts Driver Extensions / RemoteStorage][Stopped/Auto Start]
<C:\WINDOWS\System32\winloginc.exe><N/A>
[Windows DHCP Service / WinDHCPsvc][Stopped/Auto Start]
<C:\WINDOWS\System32\rundll32.exe windhcp.ocx,start><Microsoft Corporation>

[Cdsys / Cdsys][Stopped/Manual Start]
<\??\C:\WINDOWS\System32\cdcd.sys><N/A>
[EagleNT / EagleNT][Stopped/Manual Start]
<\??\C:\WINDOWS\System32\drivers\EagleNT.sys><N/A>
[GMSIPCI / GMSIPCI][Stopped/Manual Start]
<\??\K:\INSTALL\GMSIPCI.SYS><N/A>
[MSICPL / MSICPL][Stopped/Manual Start]
<\??\L:\install4\MSICPL.sys><N/A>
[NTACCESS / NTACCESS][Stopped/Manual Start]
<\??\L:\NTACCESS.sys><N/A>
[SetupNTGLM7X / SetupNTGLM7X][Stopped/Manual Start]
<\??\L:\NTGLM7X.sys><N/A>
[Via4in1 / Via4in1][Stopped/Manual Start]
<\??\K:\DATA\fscommand\Via4in1.sys><N/A>


XPSP1 ？缺多少补丁！！狂汗！！

与补丁欠缺相比，这几个毒都是小事。
不打上必要的补丁，您就跟病毒玩儿吧！杀完了——还来。除非你不上网。