[CODE]

2007-06-01,00:34:43

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background>  [(Verified)Microsoft Windows Publisher]
    <vwrc8d4v><C:\DOCUME~1\kiliksy\LOCALS~1\Temp\c0nime.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <SKYNET Personal FireWall><D:\天网\FIREWALL\pfw.exe>  [广州众达天网技术有限公司]
    <kav><"D:\杀软\品牌杀软\卡巴\avp.exe">  [Kaspersky Lab]
    <runeip><D:\kaka\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe>  [(Verified)Microsoft Windows Publisher]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
    <WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll>  [Kaspersky Lab]

==================================
启动文件夹
N/A

==================================
服务
[47A8A42 / 47A8A42][Stopped/Auto Start]
  <C:\WINDOWS\system32\A0E9A85E.EXE -d><Microsoft Corporation>
[643DAE66 / 643DAE66][Stopped/Auto Start]
  <C:\WINDOWS\system32\281EFA4A.EXE -k><Microsoft Corporation>
[卡巴斯基反病毒6.0 / AVP][Stopped/Auto Start]
  <D:\杀软\品牌杀软\卡巴\avp.exe -r><Kaspersky Lab>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>

==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[8139D Fast Ethernet Adapter Driver Service / FETNDISB][Running/Manual Start]
  <system32\DRIVERS\fetnd5b.sys><VIA Technologies, Inc.>
[kl1 / kl1][Running/Boot Start]
  <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[Netgroup Packet Filter / NPF][Running/Manual Start]
  <system32\drivers\npf.sys><CACE Technologies>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\D:\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[NTSIM / NTSIM][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\ntsim.sys><VIA Technologies, Inc.>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[SKNFW / SKNFW][Running/System Start]
  <\??\C:\WINDOWS\system32\Drivers\SKNFW.sys><N/A>
[SkyProcs / SkyProcs][Running/Manual Start]
  <\??\D:\天网\FIREWALL\SkyProcs.sys><N/A>

==================================
浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <D:\迅雷\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\迅雷\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[Web反病毒保护]
  {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <D:\杀软\品牌杀软\卡巴\scieplugin.dll, Kaspersky Lab>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[金山毒霸在线产品升级]
  {E847C78C-C210-4195-8799-FBF3BF89797D} <C:\PROGRA~1\KOS\KOSInit.OCX, N/A>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <D:\迅雷\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\迅雷\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[金山毒霸在线产品升级]
  {E847C78C-C210-4195-8799-FBF3BF89797D} <C:\PROGRA~1\KOS\KOSInit.OCX, N/A>
[上传到QQ网络硬盘]
  <D:\QQ\AddToNetDisk.htm, N/A>
[使用迅雷下载]
  <D:\迅雷\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <D:\迅雷\Thunder\Program\getallurl.htm, N/A>
[添加到QQ自定义面板]
  <D:\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\QQ\SendMMS.htm, N/A>

==================================

正在运行的进程
[PID: 636][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 720][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\281EFA4A.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\system32\7E7F4AB4.DLL]  [Microsoft Corporation, ]
[PID: 744][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\klogon.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\281EFA4A.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\system32\7E7F4AB4.DLL]  [Microsoft Corporation, ]
[PID: 788][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\281EFA4A.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\system32\7E7F4AB4.DLL]  [Microsoft Corporation, ]
[PID: 800][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\281EFA4A.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\system32\7E7F4AB4.DLL]  [Microsoft Corporation, ]
[PID: 956][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\281EFA4A.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\system32\7E7F4AB4.DLL]  [Microsoft Corporation, ]
[PID: 1572][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\moyu103.dll]  [N/A, ]
    [D:\kaka\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\system32\7E7F4AB4.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\system32\281EFA4A.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\mh103.dll]  [N/A, ]
    [D:\wrar\rarext.dll]  [N/A, ]
    [D:\杀软\品牌杀软\卡巴\shellex.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\WINDOWS\system32\vhluxy.dll]  [N/A, ]
    [C:\WINDOWS\system32\wdjmot.dll]  [N/A, ]
    [C:\WINDOWS\system32\vkenux.dll]  [N/A, ]
    [C:\WINDOWS\system32\yufqgb.dll]  [N/A, ]
    [C:\WINDOWS\system32\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\system32\imhami.dll]  [N/A, ]
    [C:\DOCUME~1\kiliksy\LOCALS~1\Temp\Gjzo0.dll]  [N/A, ]
    [C:\WINDOWS\system32\ochxba.dll]  [N/A, ]
[PID: 1928][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\kaka\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\system32\281EFA4A.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\system32\7E7F4AB4.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\system32\upxdnd.dll]  [N/A, ]
[PID: 2620][C:\WINDOWS\system32\wscntfy.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\kaka\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\system32\upxdnd.dll]  [N/A, ]
[PID: 3200][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\kaka\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\system32\upxdnd.dll]  [N/A, ]
[PID: 3372][D:\QQ\QQ.exe]  [TENCENT, 0, 0, 0, 0]
    [D:\QQ\QQBaseClassInDll.dll]  [, 1, 0, 0, 1]
    [D:\QQ\QQHelperDll.dll]  [, 1, 0, 0, 1]
    [D:\QQ\BasicCtrlDll.dll]  [Tencent, 6, 0, 200, 320]
    [D:\QQ\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [D:\QQ\RICHED32.DLL]  [Microsoft Corporation, 5.00.2134.1]
    [D:\QQ\RICHED20.dll]  [Microsoft Corporation, 5.31.23.1218]
    [D:\QQ\QQAPI.dll]  [, 1, 0, 0, 1]
    [D:\QQ\LoginCtrl.dll]  [, 1, 0, 0, 1]
    [D:\QQ\npkcntc.dll]  [INCA Internet Co., Ltd., 2006, 6, 27, 1]
    [D:\QQ\npkpdb.dll]  [INCA Internet Co., Ltd., 2003, 10, 1, 1]
    [D:\kaka\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [D:\QQ\QQRes.dll]  [tencent, 1, 0, 0, 1]
    [D:\QQ\QQMainFrame.dll]  [N/A, ]
    [D:\QQ\CQQApplication.dll]  [N/A, ]
    [D:\QQ\NewSkin.dll]  [, 1, 0, 0, 1]
    [D:\QQ\HostingMgr.dll]  [, 1, 0, 0, 1]
    [D:\QQ\CameraDll.dll]  [, 1, 0, 0, 1]
    [D:\QQ\MailSummary.dll]  [, 1, 0, 0, 1]
    [D:\QQ\QQKnowledgeSearch.dll]  [, 1, 0, 0, 1]
    [D:\QQ\QQAllInOne.dll]  [N/A, ]
    [D:\QQ\GroupLive.dll]  [N/A, ]
    [D:\QQ\SCCore.dll]  [TENCENT, 2, 0, 0, 1]
    [D:\QQ\gdiplus.dll]  [Microsoft Corporation, 5.1.3102.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\QQ\QQSpace.dll]  [, 1, 0, 0, 1]
    [D:\QQ\vbscript.dll]  [Microsoft Corporation, 5.6.0.7426]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [D:\QQ\QQGroupMng.dll]  [, 1, 0, 0, 1]
    [D:\QQ\UserDefinedHead.dll]  [, 1, 0, 0, 1]
    [D:\QQ\QQPlugin.dll]  [N/A, ]
    [D:\QQ\QQConfigPlugin.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [D:\QQ\QRingMng.dll]  [N/A, ]
    [D:\QQ\QQAvatar.dll]  [N/A, ]

[D:\QQ\FlashAvatarDll.dll]  [, 1, 4, 0, 1]
    [D:\QQ\LongConnection.dll]  [tencent, 5, 0, 200, 160]
    [D:\QQ\PhoneAPI.dll]  [, 1, 0, 0, 1]
    [D:\QQ\DialerAllinOne.dll]  [tencent, 1, 4, 0, 0]
    [D:\QQ\QQPet.dll]  [, 1, 0, 0, 1]
    [D:\QQ\BQQApplication.dll]  [N/A, ]
    [D:\QQ\QQCustomFace.dll]  [N/A, ]
    [D:\QQ\QQSceneMng.dll]  [N/A, ]
    [D:\QQ\ImageOle.dll]  [TODO: <Company name>, 1.0.0.1]
    [C:\WINDOWS\system32\msadp32.acm]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\QQ\QQMagicFace.dll]  [, 1, 0, 0, 1]
    [D:\QQ\CommercesMng.dll]  [, 1, 0, 0, 1]
    [D:\QQ\PersonalDesktop.dll]  [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 2]
    [D:\QQ\QQAddr.dll]  [深圳市腾讯计算机系统有限公司, 5, 0, 101, 271]
    [D:\QQ\QQPhoneHelper.dll]  [腾讯科技（深圳）有限公司, 2, 1, 9, 92]
    [D:\QQ\QQSysMsgMng.dll]  [N/A, ]
    [D:\QQ\DShared.dll]  [Tencent, 1, 6, 0, 0]
    [D:\杀软\品牌杀软\卡巴\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
    [D:\杀软\品牌杀软\卡巴\klscav.dll]  [Kaspersky Lab, 6.0.0.299]
    [D:\QQ\qqgroupdisk.dll]  [深圳腾讯科技, 2, 1, 101, 40]
    [C:\WINDOWS\system32\vhluxy.dll]  [N/A, ]
    [C:\WINDOWS\system32\wdjmot.dll]  [N/A, ]
    [C:\WINDOWS\system32\vkenux.dll]  [N/A, ]
    [C:\WINDOWS\system32\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\system32\yufqgb.dll]  [N/A, ]
    [C:\WINDOWS\system32\imhami.dll]  [N/A, ]
    [C:\DOCUME~1\kiliksy\LOCALS~1\Temp\Gjzo0.dll]  [N/A, ]
    [C:\WINDOWS\system32\ochxba.dll]  [N/A, ]
    [D:\QQ\GroupConnection.dll]  [Tencent, 0, 3, 3, 5]
    [D:\QQ\QQZip.dll]  [tencent, 0, 3, 2, 4]
    [D:\QQ\QQMsgFriendMng.dll]  [N/A, ]
    [D:\QQ\QQFileTransfer.dll]  [Tencent, 0, 3, 3, 5]
[PID: 4084][C:\WINDOWS\Explorer.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\7E7F4AB4.DLL]  [Microsoft Corporation, ]
    [D:\QQ\DShared.dll]  [Tencent, 1, 6, 0, 0]
[PID: 1624][D:\迅雷\Thunder\Program\Thunder5.exe]  [Thunder Networking Technologies,LTD, 5, 6, 1, 292]
    [D:\迅雷\Thunder\Program\TaskManager.dll]  [Thunder Networking Technologies,LTD, 1, 1, 0, 20]
    [D:\迅雷\Thunder\Program\download_interface.dll]  [Thunder Networking Technologies,LTD, 2, 14, 2, 77]
    [D:\迅雷\Thunder\Program\stlport_vc646.dll]  [STLport Consulting, Inc., 4.6.2003.1031]
    [D:\迅雷\Thunder\Program\asyn_dns.dll]  [Thunder Networking Technologies,LTD, 2, 14, 2, 77]
    [D:\迅雷\Thunder\Program\BHOStub.dll]  [Thunder Networking Technologies,LTD, 1, 1, 0, 8]
    [D:\迅雷\Thunder\Components\DownAndPlay\DownAndPlay.dll]  [, 1, 0, 0, 2]
    [D:\kaka\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [D:\迅雷\Thunder\Program\iTargetAD.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 26]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [D:\迅雷\Thunder\Components\InMedia\iEmbedShell.dll]  [　, 1, 0, 0, 17]
    [D:\迅雷\Thunder\Components\Community\XLCommunity.dll]  [Thunder Networking Technologies,LTD, 1, 0, 8, 30]
    [D:\迅雷\Thunder\Program\LiveUpdate.dll]  [Thunder Networking Technologies,LTD, 1, 1, 1, 20]
    [D:\迅雷\Thunder\Components\Search\XLSearch.dll]  [Thunder Networking Technologies,LTD, 1, 1, 1, 10]
    [D:\迅雷\Thunder\Components\P4PClient\P4PClient.dll]  [Thunder Networking Technologies,LTD, 2, 2, 1, 46]
    [D:\迅雷\Thunder\Components\DiagnoseHelper\DiagnoseHelper.dll]  [Thunder Networking Technologies,LTD, 1, 1, 1, 16]
    [D:\迅雷\Thunder\Components\ExplorerHelper\ExplorerHelper.dll]  [Thunder Networking Technologies,LTD, 1, 0, 4, 15]
    [D:\迅雷\Thunder\Components\Tips\TipsClient.dll]  [Thunder Networking Technologies,LTD, 2, 1, 3, 58]
    [D:\迅雷\Thunder\Components\VPSHELL\VPSHELL.dll]  [XunLei, 1, 2, 0, 8]
    [D:\迅雷\Thunder\Components\UserExperience\UserExperience.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 1]
    [D:\迅雷\Thunder\Components\ResWorker\DsXlCom.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 4]
    [D:\迅雷\Thunder\Components\InMedia\iEmbed09.dll]  [　, 3, 3, 0, 80]
    [D:\迅雷\Thunder\Program\RegisterDll.dll]  [Thunder Networking Technologies,LTD, 2, 13, 2, 61]
    [D:\迅雷\Thunder\Plugins\BhoAdv\bho_adv.dll]  [深圳市迅雷网络技术有限公司, 1.0.1.0]
    [D:\迅雷\Thunder\Components\VPSHELL\VideoPicture.dll]  [XunLei, 1, 2, 0, 9]
    [D:\杀软\品牌杀软\卡巴\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
    [D:\杀软\品牌杀软\卡巴\klscav.dll]  [Kaspersky Lab, 6.0.0.299]
    [D:\杀软\品牌杀软\卡巴\prloader.dll]  [Kaspersky Lab, 6.0.0.299]
    [D:\迅雷\Thunder\Components\ResWorker\DataProcessor.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 1]
    [D:\迅雷\Thunder\Program\XLNet.Dll]  [Thunder Networking Technologies,LTD, 1, 2, 0, 8]
    [D:\迅雷\Thunder\Components\ResWorker\MediaWorker.dll]  [Thunder Networking Technologies,LTD, 1, 2, 0, 8]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [C:\WINDOWS\system32\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\system32\ochxba.dll]  [N/A, ]
    [C:\DOCUME~1\kiliksy\LOCALS~1\Temp\Gjzo0.dll]  [N/A, ]
    [C:\WINDOWS\system32\imhami.dll]  [N/A, ]
    [C:\WINDOWS\system32\yufqgb.dll]  [N/A, ]
    [C:\WINDOWS\system32\vkenux.dll]  [N/A, ]
    [C:\WINDOWS\system32\wdjmot.dll]  [N/A, ]
    [C:\WINDOWS\system32\vhluxy.dll]  [N/A, ]

[PID: 4048][C:\WINDOWS\system32\nslookupi.exe]  [N/A, ]
    [C:\WINDOWS\system32\WPCAP.DLL]  [CACE Technologies, 3, 1, 0, 27]
    [C:\WINDOWS\system32\packet.dll]  [CACE Technologies, 3, 1, 0, 27]
    [C:\WINDOWS\system32\WanPacket.dll]  [CACE Technologies, 3, 1, 0, 27]
    [D:\QQ\DShared.dll]  [Tencent, 1, 6, 0, 0]
[PID: 772][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\迅雷\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.0.4]
    [D:\迅雷\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 2, 17]
    [C:\WINDOWS\system32\upxdnd.dll]  [N/A, ]
    [D:\kaka\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\system32\ochxba.dll]  [N/A, ]
    [C:\DOCUME~1\kiliksy\LOCALS~1\Temp\Gjzo0.dll]  [N/A, ]
    [C:\WINDOWS\system32\imhami.dll]  [N/A, ]
    [C:\WINDOWS\system32\yufqgb.dll]  [N/A, ]
    [C:\WINDOWS\system32\vkenux.dll]  [N/A, ]
    [C:\WINDOWS\system32\wdjmot.dll]  [N/A, ]
    [C:\WINDOWS\system32\vhluxy.dll]  [N/A, ]
    [D:\杀软\品牌杀软\卡巴\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
    [D:\杀软\品牌杀软\卡巴\klscav.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [D:\杀软\品牌杀软\卡巴\prloader.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
[PID: 3956][C:\Program Files\Windows NT\Accessories\WORDPAD.EXE]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\kaka\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\system32\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\system32\ochxba.dll]  [N/A, ]
    [C:\DOCUME~1\kiliksy\LOCALS~1\Temp\Gjzo0.dll]  [N/A, ]
    [C:\WINDOWS\system32\imhami.dll]  [N/A, ]
    [C:\WINDOWS\system32\yufqgb.dll]  [N/A, ]
    [C:\WINDOWS\system32\vkenux.dll]  [N/A, ]
    [C:\WINDOWS\system32\wdjmot.dll]  [N/A, ]
    [C:\WINDOWS\system32\vhluxy.dll]  [N/A, ]
[PID: 1656][D:\杀软\辅助专杀\杀毒专用工具\sreng\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [D:\kaka\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\WINDOWS\system32\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\system32\ochxba.dll]  [N/A, ]
    [C:\DOCUME~1\kiliksy\LOCALS~1\Temp\Gjzo0.dll]  [N/A, ]
    [C:\WINDOWS\system32\imhami.dll]  [N/A, ]
    [C:\WINDOWS\system32\yufqgb.dll]  [N/A, ]
    [C:\WINDOWS\system32\vkenux.dll]  [N/A, ]
    [C:\WINDOWS\system32\wdjmot.dll]  [N/A, ]
    [C:\WINDOWS\system32\vhluxy.dll]  [N/A, ]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  Error. [winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
RVA  错误： LoadLibraryA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xF5DE5B25)
RVA  错误： LoadLibraryExA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xF5DE5D67)
RVA  错误： LoadLibraryExW (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xF5DE5F0B)
RVA  错误： LoadLibraryW (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xF5DE5C49)
RVA  错误： GetProcAddress (危险等级: 高,  被下面模块所HOOK: Dest Addr: 0xF5DE5E8F)

==================================
隐藏进程
N/A

==================================


[/CODE]

这些是病毒文件名：

upxdnd.exe
Kvsc3.exe
msccrt.exe
cmdbcs.exe
mppds.exe
AVPSrv.exe
MsIMMs32.exe
281EFA4A.EXE
A0E9A85E.EXE
281EFA4A.DLL
7E7F4AB4.DLL
upxdnd.dll
mh103.dll
AVPSrv.dll
mppds.dll
cmdbcs.dll
MsIMMs32.dll
msccrt.dll
Gjzo0.dll
moyu103.dll

感谢 过客2007 陪我杀到晚上12点虽然没杀掉 还是谢谢他 要病毒样本的去找他 ，另外感谢 天月来了

过客说我中的什么毒王 挺棘手 难搞的很，那位老大是网通的线帮我搞搞，我菜鸟的很，对病毒狗P不通 谢啦！！

[47A8A42 / 47A8A42][Stopped/Auto Start]
  <C:\WINDOWS\system32\A0E9A85E.EXE -d><Microsoft Corporation>
[643DAE66 / 643DAE66][Stopped/Auto Start]
  <C:\WINDOWS\system32\281EFA4A.EXE -k><Microsoft Corporation>

A0E9A85E.EXE

281EFA4A.EXE

要我把这个删了，找不到

[47A8A42 / 47A8A42][Stopped/Auto Start]
  <C:\WINDOWS\system32\A0E9A85E.EXE -d><Microsoft Corporation>
[643DAE66 / 643DAE66][Stopped/Auto Start]
  <C:\WINDOWS\system32\281EFA4A.EXE -k><Microsoft Corporation>

A0E9A85E.EXE

281EFA4A.EXE

要我把这个删了，找不到

C:\WINDOWS\system32\vhluxy.dll] [N/A, ]
[C:\WINDOWS\system32\wdjmot.dll] [N/A, ]
[C:\WINDOWS\system32\vkenux.dll] [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
[C:\WINDOWS\system32\yufqgb.dll] [N/A, ]
[C:\WINDOWS\system32\imhami.dll] [N/A, ]
[C:\DOCUME~1\kiliksy\LOCALS~1\Temp\Gjzo0.dll] [N/A, ]
[C:\WINDOWS\system32\ochxba.dll] [N/A, ]

[C:\WINDOWS\system32\7E7F4AB4.DLL] [Microsoft Corporation, ]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
[C:\WINDOWS\system32\ochxba.dll] [N/A, ]
[C:\DOCUME~1\kiliksy\LOCALS~1\Temp\Gjzo0.dll] [N/A, ]
[C:\WINDOWS\system32\imhami.dll] [N/A, ]
[C:\WINDOWS\system32\yufqgb.dll] [N/A, ]
[C:\WINDOWS\system32\vkenux.dll] [N/A, ]
[C:\WINDOWS\system32\wdjmot.dll] [N/A, ]
[C:\WINDOWS\system32\vhluxy.dll] [N/A

这些都是什么？为什么高手不叫你把它们删了？
“天月”参与了的还搞不定？
太夸张了吧？一天也没搞定？
为什么装了卡巴，但不把它的服务打开，让它保护你的系统？