[CODE]

2007-02-07,18:28:40

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <updatereal><C:\WINDOWS\realupdate.exe other>  [N/A]
    <winsamps><C:\WINDOWS\winamps.exe>  [N/A]
    <Windows installer><C:\winstall.exe>  [N/A]
    <UUpdate><C:\Program Files\UUSee\UUpdate.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [NVIDIA Corporation]
    <nwiz><nwiz.exe /install>  [N/A]
    <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [NVIDIA Corporation]
    <mppds><C:\WINDOWS\20072623452665391.exe>  [N/A]
    <upxdnd><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\upxdnd.exe>  [N/A]
    <C:\WINDOWS\system32\drivers\sna.exe><rem C:\WINDOWS\system32\drivers\sna.exe>  [N/A]
    <System><C:\Program Files\Common Files\System\Updaterun.exe>  [N/A]
    <CdnCtr><C:\Program Files\CNNIC\Cdn\cdnup.exe>  [CNNIC]
    <0y><rundll32.exe C:\WINDOWS\lej205mucs.dll _start@16>  [N/A]
    <yok.exe><rem C:\Program Files\yok\yok.exe>  [N/A]
    <ccApp><C:\Program Files\Common Files\Symantec Shared\ccApp.exe>  [(Verified)Symantec Corporation]
    <ccRegVfy><C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe>  [(Verified)Symantec Corporation]
    <Symantec NetDriver Monitor><C:\PROGRA~1\SYMNET~1\SNDMon.exe>  [(Verified)Symantec Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <alsmt.exe><C:\WINDOWS\system32\alsmt.exe>  [N/A]
    <vajx_n><%systemroot%\system32\rundll32.exe %systemroot%\system32\vajx_n.dll,Run>  [(Verified)Microsoft Corporation]
    <pvty_w><%systemroot%\system32\rundll32.exe %systemroot%\system32\pvty_w.dll,Run>  [(Verified)Microsoft Corporation]
    <ftaqwwz><%systemroot%\system32\rundll32.exe %systemroot%\system32\ftaqwwz.dll,Run>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <main><rundll32.exe "C:\program files\internet explorer\use15.dll" mymain>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,c:\WINDOWS\eHVxH.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><C:\WINDOWS\system32\svchn2.dll>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Corporation]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Corporation]
    <WebCheck><%SystemRoot%\system32\webcheck.dll>  [(Verified)Microsoft Corporation]
    <SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rpcc]
    <WinlogonNotify: rpcc><C:\WINDOWS\system32\rpcc.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCardLogn]
    <WinlogonNotify: ScCardLogn><C:\WINDOWS\ScNotify.dll>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Corporation]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINDOWS\System32\logon.scr>  [(Verified)Microsoft Corporation]

==================================
启动文件夹
[开元奇迹去广告.bat]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\开元奇迹去广告.bat.lnk --> E:\game\Webzen\开元奇~1.BAT [N/A]><N>

==================================
服务
[22B7B07A / 22B7B07A][Stopped/Auto Start]
  <C:\WINDOWS\system32\22B7B07A.EXE -service><Microsoft Corporation>
[98E9177C / 98E9177C][Stopped/Auto Start]
  <C:\WINDOWS\system32\98E9177C.EXE -service><Microsoft Corporation>
[Symantec Password Validation Service / ccPwdSvc][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"><Symantec Corporation>
[Registry Protector / DATEING][Stopped/Auto Start]
  <C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE C:\WINDOWS\SYSTEM32\WBEM\MMGJP.DLL,Export 1087><Microsoft Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Vsn lbxx Service / lbxx][Stopped/Auto Start]
  <C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\COMMON~1\rhad\yohk.dll,Service><Microsoft Corporation>
[Indexing Manager / License][Stopped/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\mksox.dll><Microsoft Corporation>
[Messenger / Messenger][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost -k DcomLaunch-->C:\WINDOWS\system32\msgsvc.dll><Microsoft Corporation>
[Norton AntiVirus 自动防护服务 / navapsvc][Stopped/Auto Start]
  <D:\Program Files\Norton AntiVirus\navapsvc.exe><Symantec Corporation>
[WindowsNt Workstation / NTWorkStan][Stopped/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k NTWorkStan-->c:\windows\system32\ntworkstan.dll><Microsoft Corporation>
[NVIDIA Display Driver Service / NVSvc][Stopped/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[ScriptBlocking Service / SBService][Stopped/Auto Start]
  <C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe><Symantec Corporation>
[Symantec Network Drivers Service / SNDSrvc][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"><Symantec Corporation>
[sqlserver support for winnt / sqlservech][Stopped/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k sqlservech-->c:\windows\system32\sqlservech.dll><Microsoft Corporation>
[Standard Update Net Service / stdupnet][Stopped/Auto Start]
  <C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\stdupnet.dll,Service -s><Microsoft Corporation>
[VisionService / VisionService][Stopped/Auto Start]
  <C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\vision\VISVER.DLL,Service><Microsoft Corporation>
[WindowsNt Network Engine / wnttech][Stopped/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k wnttech-->c:\windows\system32\wnttech.dll><Microsoft Corporation>

==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[Albus / Albus][Running/Boot Start]
  <\SystemRoot\system32\drivers\Albus.SYS><N/A>
[ATSpy / ATSpy][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\ATSpy.sys><N/A>
[ftaqwwz / ftaqwwz][Running/Boot Start]
  <\SystemRoot\system32\drivers\ftaqwwz.sys><N/A>
[i81x / i81x][Stopped/Manual Start]
  <system32\DRIVERS\i81xnt5.sys><Intel(R) Corporation>
[iAimFP0 / iAimFP0][Stopped/Manual Start]
  <system32\DRIVERS\wADV01nt.sys><Intel(R) Corporation>
[iAimFP1 / iAimFP1][Stopped/Manual Start]
  <system32\DRIVERS\wADV02NT.sys><Intel(R) Corporation>
[iAimFP2 / iAimFP2][Stopped/Manual Start]
  <system32\DRIVERS\wADV05NT.sys><Intel(R) Corporation>
[iAimFP3 / iAimFP3][Stopped/Manual Start]
  <system32\DRIVERS\wSiINTxx.sys><Intel(R) Corporation>
[iAimFP4 / iAimFP4][Stopped/Manual Start]
  <system32\DRIVERS\wVchNTxx.sys><Intel(R) Corporation>
[iAimFP5 / iAimFP5][Stopped/Manual Start]
  <system32\DRIVERS\wADV07nt.sys><Intel(R) Corporation>
[iAimFP6 / iAimFP6][Stopped/Manual Start]
  <system32\DRIVERS\wADV08nt.sys><Intel(R) Corporation>
[iAimFP7 / iAimFP7][Stopped/Manual Start]
  <system32\DRIVERS\wADV09nt.sys><Intel(R) Corporation>
[iAimTV0 / iAimTV0][Stopped/Manual Start]
  <system32\DRIVERS\wATV01nt.sys><Intel(R) Corporation>
[iAimTV1 / iAimTV1][Stopped/Manual Start]
  <system32\DRIVERS\wATV02NT.sys><Intel(R) Corporation>
[iAimTV3 / iAimTV3][Stopped/Manual Start]
  <system32\DRIVERS\wATV04nt.sys><Intel(R) Corporation>
[iAimTV4 / iAimTV4][Stopped/Manual Start]
  <system32\DRIVERS\wCh7xxNT.sys><Intel(R) Corporation>
[iAimTV5 / iAimTV5][Stopped/Manual Start]
  <system32\DRIVERS\wATV10nt.sys><Intel(R) Corporation>
[iAimTV6 / iAimTV6][Stopped/Manual Start]
  <system32\DRIVERS\wATV06nt.sys><Intel(R) Corporation>
[NAVENG / NAVENG][Stopped/Manual Start]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070131.021\NAVENG.Sys><Symantec Corporation>
[NAVEX15 / NAVEX15][Stopped/Manual Start]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070131.021\NavEx15.Sys><Symantec Corporation>
[npkcrypt / npkcrypt][Stopped/Auto Start]
  <\??\D:\Program Files\Tencent\qqq\npkcrypt.sys><INCA Internet Co., Ltd.>
[npkycryp / npkycryp][Stopped/Manual Start]
  <\??\D:\Program Files\Tencent\qqq\npkycryp.sys><N/A>
[nv / nv][Stopped/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8029(AS)-based PCI Ethernet Adapter NT Driver / rtl8029][Stopped/Manual Start]
  <system32\DRIVERS\RTL8029.SYS><Realtek Semiconductor Corporation>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[SAVRT / SAVRT][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\Drivers\SAVRT.SYS><Symantec Corporation>
[SAVRTPEL / SAVRTPEL][Stopped/Auto Start]
  <\??\C:\WINDOWS\system32\Drivers\SAVRTPEL.SYS><Symantec Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[SVKP / SVKP][Stopped/Auto Start]
  <\??\C:\WINDOWS\system32\SVKP.sys><AntiCracking>
[SymEvent / SymEvent][Stopped/Manual Start]
  <\??\C:\Program Files\Symantec\SYMEVENT.SYS><Symantec Corporation>
[SYMREDRV / SYMREDRV][Stopped/Manual Start]
  <\SystemRoot\System32\Drivers\SYMREDRV.SYS><Symantec Corporation>
[SYMTDI / SYMTDI][Stopped/System Start]
  <\SystemRoot\System32\Drivers\SYMTDI.SYS><Symantec Corporation>

==================================
浏览器加载项
[iyux]
  {18A824E4-C9E9-4F7B-B36B-104CDBBC1FBC} <C:\PROGRA~1\COMMON~1\rhad\vleh.dll, >
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <d:\Program Files\Tencent\qqq\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[]
  {6671A431-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\COMMON~1\rhad\.dll, N/A>
[实用搜索]
  {6CFD436C-7AAD-4e50-992F-C0C87A94CAD2} <C:\Program Files\superutilbar\superutilbar.dll, www.shiyongsousuo.com>
[WinSC Class]
  {9ACEEE31-1440-471B-AA46-72B061FE7D61} <C:\WINDOWS\system32\SCIntruder.dll, N/A>
[Google Toolbar Helper]
  {AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[XTTBPos00 Class]
  {BBBE1C1A-89F7-4AF6-ABD1-2B2EF2D7A73B} <C:\PROGRA~1\SOFTTO~1\soft.dll, IE Toolbar>
[CNavExtBho Class]
  {BDF3E430-B101-42AD-A544-FADC6B084872} <D:\Program Files\Norton AntiVirus\NavShExt.dll, Symantec Corporation>
[EyeOnIE]
  {C14393E1-95FF-4DFF-9BE0-EA008D4EF930} <C:\WINDOWS\system32\atsldr.dll, N/A>
[IEHlprObj Class]
  {DE7C3CF0-4B15-11D1-ABED-709549C10000} <C:\WINDOWS\POPNTS.DLL, >
[cnwin Class]
  {EC497BD8-460F-44F0-B2A4-8C2B2198035B} <C:\WINDOWS\system32\cnwin.dll, N/A>
[TBSB03263 Class]
  {EEC7E620-B32A-4E3B-B200-291660803474} <C:\PROGRA~1\搜索栏\eqiso.dll, >
[IOWEN]
  {F9A0F1CC-C551-499A-91A0-CE36C5EBBADE} <C:\WINDOWS\system32\PVDMSAGNW.DLL, N/A>
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[番茄花园]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.tomatolei.com, N/A>
[sofa]
  {B7D3E479-CC68-42B5-A338-C6B1F168274C} <C:\Program Files\SoftToolbar\soft.dll, IE Toolbar>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\Program Files\Tencent\qqq\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <d:\Program Files\Tencent\qqq\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[&Google]
  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[实用搜索工具条2.0]
  {03465FF5-00AE-411a-9C34-960ED566EC03} <C:\Program Files\superutilbar\superutilbar.dll, www.shiyongsousuo.com>
[sofa]
  {B7D3E479-CC68-42B5-A338-C6B1F168274C} <C:\Program Files\SoftToolbar\soft.dll, IE Toolbar>
[Norton AntiVirus]
  {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} <D:\Program Files\Norton AntiVirus\NavShExt.dll, Symantec Corporation>
[搜索栏]
  {33E640D8-EB95-4B22-B475-1852B7D35993} <C:\Program Files\搜索栏\eqiso.dll, >
[Tencent Safety Online Base Module]
  {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <C:\WINDOWS\DOWNLO~1\TSOBase.ocx, Tencent Corporation>
[金山毒霸在线产品升级]
  {E847C78C-C210-4195-8799-FBF3BF89797D} <C:\PROGRA~1\KOS\KOSInit.OCX, 金山软件股份有限公司>
[Google Script Object]
  {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[实用搜索工具条2.0]
  {03465FF5-00AE-411A-9C34-960ED566EC03} <C:\Program Files\superutilbar\superutilbar.dll, www.shiyongsousuo.com>
[iyux]
  {18A824E4-C9E9-4F7B-B36B-104CDBBC1FBC} <C:\PROGRA~1\COMMON~1\rhad\vleh.dll, >
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[&Google]
  {2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[Norton AntiVirus]
  {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} <D:\Program Files\Norton AntiVirus\NavShExt.dll, Symantec Corporation>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <d:\Program Files\Tencent\qqq\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[]
  {6671A431-5C3D-463D-A7CF-5587F9B7E191} <C:\PROGRA~1\COMMON~1\rhad\.dll, N/A>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[实用搜索]
  {6CFD436C-7AAD-4E50-992F-C0C87A94CAD2} <C:\Program Files\superutilbar\superutilbar.dll, www.shiyongsousuo.com>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[WinSC Class]
  {9ACEEE31-1440-471B-AA46-72B061FE7D61} <C:\WINDOWS\system32\SCIntruder.dll, N/A>
[相关搜索]
  {A29F7F71-DCDB-412D-B19A-2002DC966E33} <C:\Program Files\yok\relband.dll, N/A>
[Google Toolbar Helper]
  {AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[sofa]
  {B7D3E479-CC68-42B5-A338-C6B1F168274C} <C:\Program Files\SoftToolbar\soft.dll, IE Toolbar>
[XTTBPos00 Class]
  {BBBE1C1A-89F7-4AF6-ABD1-2B2EF2D7A73B} <C:\PROGRA~1\SOFTTO~1\soft.dll, IE Toolbar>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[CNavExtBho Class]
  {BDF3E430-B101-42AD-A544-FADC6B084872} <D:\Program Files\Norton AntiVirus\NavShExt.dll, Symantec Corporation>
[EyeOnIE]
  {C14393E1-95FF-4DFF-9BE0-EA008D4EF930} <C:\WINDOWS\system32\atsldr.dll, N/A>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
  {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[IEHlprObj Class]
  {DE7C3CF0-4B15-11D1-ABED-709549C10000} <C:\WINDOWS\POPNTS.DLL, >
[cnwin Class]
  {EC497BD8-460F-44F0-B2A4-8C2B2198035B} <C:\WINDOWS\system32\cnwin.dll, N/A>
[TBSB03263 Class]
  {EEC7E620-B32A-4E3B-B200-291660803474} <C:\PROGRA~1\搜索栏\eqiso.dll, >
[IOWEN]
  {F9A0F1CC-C551-499A-91A0-CE36C5EBBADE} <C:\WINDOWS\system32\PVDMSAGNW.DLL, N/A>
[上传到QQ网络硬盘]
  <D:\Program Files\Tencent\qqq\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
  <D:\Program Files\Tencent\qqq\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\Program Files\Tencent\qqq\AddEmotion.htm, N/A>
[珊瑚虫搜索]
  <C:\Program Files\YOK.com\SuperSearch\yoksch.htm, N/A>
[用QQ彩信发送该图片]
  <D:\Program Files\Tencent\qqq\SendMMS.htm, N/A>
[访问通用网址]
  <C:\Program Files\CNNIC\Cdn\cnnic.htm, N/A>

==================================
正在运行的进程
[PID: 384][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 444][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 468][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 512][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 524][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 680][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 728][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 832][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 884][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 968][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1040][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1252][c:\WINDOWS\eHVxH.exe]  [N/A, N/A]
[PID: 1268][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1732][F:\软件\SREng\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
[D:\]
[autorun]
open=eHVxH.exe
shellexecute=eHVxH.exe
shell\Auto\command=eHVxH.exe
shell=Auto
[E:\]
[autorun]
open=eHVxH.exe
shellexecute=eHVxH.exe
shell\Auto\command=eHVxH.exe
shell=Auto
[F:\]
[autorun]
open=eHVxH.exe
shellexecute=eHVxH.exe
shell\Auto\command=eHVxH.exe
shell=Auto

==================================
HOSTS 文件
127.0.0.1      localhost
127.0.0.1    test.nicemm.cn
127.0.0.1    new3.etsoft.com.cn
127.0.0.1    www.djdj110.com
127.0.0.1    www.gaodumm.com
127.0.0.1    www.88cc8.com
127.0.0.1    wg770.com
127.0.0.1    www.y988.com
127.0.0.1    ads.9168a.com
127.0.0.1    www.flashsky.com

==================================
API HOOK
N/A

==================================


[/CODE]

第一次看到这么多病毒的.
C:\WINDOWS\realupdate.exe 
C:\WINDOWS\winamps.exe
C:\winstall.exe
C:\WINDOWS\20072623452665391.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\upxdnd.exe
C:\WINDOWS\system32\drivers\sna.exe
C:\Program Files\Common Files\System\Updaterun.exe
rundll32.exe C:\WINDOWS\lej205mucs.dll _start@16
C:\WINDOWS\system32\alsmt.exe
<vajx_n><%systemroot%\system32\rundll32.exe %systemroot%\system32\vajx_n.dll,Run> [(Verified)Microsoft Corporation]
<pvty_w><%systemroot%\system32\rundll32.exe %systemroot%\system32\pvty_w.dll,Run> [(Verified)Microsoft Corporation]
<ftaqwwz><%systemroot%\system32\rundll32.exe %systemroot%\system32\ftaqwwz.dll,Run>
C:\program files\internet explorer\use15.dll
C:\WINDOWS\system32\userinit.exe,c:\WINDOWS\eHVxH.exe
C:\WINDOWS\system32\svchn2.dll
C:\WINDOWS\System32\logon.scr

删除上面的.太多了. 应该还有

用winrar等工具,删除x:\autorun.inf x:\eHVxH.exe
修复hosts.

建议安装一个好点的杀毒软件

第一次回帖.希望指正

C:\WINDOWS\system32\alsmt.exe
<vajx_n><%systemroot%\system32\rundll32.exe %systemroot%\system32\vajx_n.dll,Run> [(Verified)Microsoft Corporation]
<pvty_w><%systemroot%\system32\rundll32.exe %systemroot%\system32\pvty_w.dll,Run> [(Verified)Microsoft Corporation]
<ftaqwwz><%systemroot%\system32\rundll32.exe %systemroot%\system32\ftaqwwz.dll,Run>  看不明

C:\WINDOWS\realupdate.exe      C:\WINDOWS\winamps.exe 这2个找不到


C:\Program Files\Common Files\System\Updaterun.exe
rundll32.exe C:\WINDOWS\lej205mucs.dll _start@16  这个什么意思