[CODE]

2007-08-11,21:41:15

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <XDeskShow2><C:\Program Files\鱼鱼软件\鱼鱼桌面秀2\XDeskShow2.exe>  [鱼鱼软件]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [NVIDIA Corporation]
    <!AVG Anti-Spyware><"D:\AVG Anti-Spyware 7.5\avgas.exe" /minimized>  [(Verified)GRISOFT LTD]
    <360Safetray><C:\Program Files\360safe\safemon\360Tray.exe /start>  [奇虎网]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
    <UIHost><logonui.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><D:\AVG Anti-Spyware 7.5\shellexecutehook.dll>  [(Verified)GRISOFT LTD]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
    <IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINDOWS\system32\FLURRY.SCR>  [Matt Ginzton]

==================================
启动文件夹
N/A

==================================
服务
[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[avast! iAVS4 Control Service / aswUpdSv][Stopped/Disabled]
  <><N/A>
[avast! Antivirus / avast! Antivirus][Stopped/Disabled]
  <><N/A>
[avast! Mail Scanner / avast! Mail Scanner][Stopped/Disabled]
  <><N/A>
[avast! Web Scanner / avast! Web Scanner][Stopped/Disabled]
  <><N/A>
[AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start]
  <D:\AVG Anti-Spyware 7.5\guard.exe><GRISOFT s.r.o.>
[DCOM Server Process / DCOM Server Process][Stopped/Auto Start]
  <><N/A>
[DCOM Server process launch / DSPL][Stopped/Auto Start]
  <C:\Program Files\Common Files\Microsoft Shared\MSINFO\rejoice4.exe><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
  <"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[iPodService / iPodService][Stopped/Manual Start]
  <C:\Program Files\iPod\bin\iPodService.exe><Apple Computer, Inc.>
[Macromedia Licensing Service / Macromedia Licensing Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"><>
[Windows Installer / MSIServer][Stopped/Manual Start]
  <><N/A>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[P4P Service / P4P Service][Stopped/Auto Start]
  <C:\Program Files\Common Files\Sogou PXP\p2psvr.exe><N/A>
[Remote Packet Capture Protocol v.0 (experimental) / rpcapd][Stopped/Manual Start]
  <"C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini"><N/A>
[ServiceLayer / ServiceLayer][Stopped/Manual Start]
  <"C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"><Nokia.>
[System Server / System Server][Stopped/Auto Start]
  <C:\WINDOWS\smss.exe><N/A>
[Network Management Center Task / W32Tasks][Stopped/Auto Start]
  <C:\WINDOWS\system32\taskman32.exe><N/A>

==================================
驱动程序
[amdfix / amdfix][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\amdfix.sys><Microsoft Corporation>
[AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
  <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
[C-Media WDM Audio Interface / cmuda][Running/Manual Start]
  <system32\drivers\cmuda.sys><C-Media Inc>
[EagleNT / EagleNT][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\EagleNT.sys><N/A>
[ehcaefif / ehcaefif][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\ehcaefif.sys><N/A>
[EntDrv51 / EntDrv51][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\EntDrv51.sys><Network Associates, Inc>
[GEARAspiWDM / GEARAspiWDM][Running/Manual Start]
  <System32\Drivers\GEARAspiWDM.sys><GEAR Software Inc.>
[hagcfbhi / hagcfbhi][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\hagcfbhi.sys><N/A>
[hardlock / hardlock][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\hardlock.sys><Aladdin Knowledge Systems>
[Haspnt / Haspnt][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\Haspnt.sys><Aladdin Knowledge Systems>
[jefacibi / jefacibi][Running/Boot Start]
  <\SystemRoot\system32\drivers\jefacibi.sys><中国互联网络信息中心(CNNIC)>
[jfqqc / jfqqca][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\jfqqca.sys><N/A>
[khbr / khbrg][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\khbrg.sys><N/A>
[kk7bs4n9 / kk7bs4n9][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\kk7bs4n9.sys><N/A>
[kl1 / kl1][Running/Boot Start]
  <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[NaiAvFilter1 / NaiAvFilter1][Stopped/Manual Start]
  <system32\drivers\naiavf5x.sys><Network Associates, Inc.>
[NaiAvTdi1 / NaiAvTdi1][Running/System Start]
  <system32\drivers\mvstdi5x.sys><Network Associates, Inc.>
[Nokia USB Phone Parent / nmwcd][Stopped/Manual Start]
  <system32\drivers\nmwcd.sys><Nokia>
[Nokia USB Generic / nmwcdc][Stopped/Manual Start]
  <system32\drivers\nmwcdc.sys><Nokia>
[Nokia USB Port / nmwcdcj][Stopped/Manual Start]
  <system32\drivers\nmwcdcj.sys><Nokia>
[Nokia USB Modem / nmwcdcm][Stopped/Manual Start]
  <system32\drivers\nmwcdcm.sys><Nokia>
[NetGroup Packet Filter Driver / NPF][Stopped/Manual Start]
  <system32\drivers\npf.sys><Politecnico di Torino>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\D:\ww\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[BlackBerry 设备 / RimUsb][Stopped/Manual Start]
  <System32\Drivers\RimUsb.sys><Research In Motion Limited>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[System Safety Monitor 2.0 Core Engine / safemon][Running/Boot Start]
  <\SystemRoot\system32\drivers\safemon.sys><System Safety Limited>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[Sentinel / Sentinel][Running/Auto Start]
  <\SystemRoot\System32\Drivers\SENTINEL.SYS><Rainbow Technologies, Inc.>
[ShareShield Filter Miniport / SFilter][Running/Manual Start]
  <system32\DRIVERS\ssfilter.sys><Microsoft Corporation>
[SiS315 / SiS315][Stopped/Manual Start]
  <system32\DRIVERS\sisgrp.sys><Silicon Integrated Systems Corporation>
[SiSkp / SiSkp][Running/System Start]
  <system32\DRIVERS\srvkp.sys><Silicon Integrated Systems Corporation>
[SiS PCI Fast Ethernet Adapter Driver / SISNIC][Running/Manual Start]
  <system32\DRIVERS\sisnic.sys><SiS Corporation>
[Rainbow USB SuperPro / Sntnlusb][Stopped/Manual Start]
  <system32\DRIVERS\SNTNLUSB.SYS><Rainbow Technologies Inc.>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
  <system32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[sptd / sptd][Running/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[TSP / TSP][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[Virtual CD-ROM Device Driver / vcdrom][Running/System Start]
  <\??\G:\丰灿\a\MSVCD\VCDROM.SYS><Microsoft Corporation>
[xinstall / xinstall][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\xinstall.sys><N/A>


[用户系统信息]Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; InfoPath.2; GreenBrowser)

【回复“雨鹤”的帖子】
==================================
浏览器加载项
[]
  {105E4D0C-5E21-41ED-90F9-013EEF271BD6} <C:\WINDOWS\system32\widgetdownload.dll, 鱼鱼桌面秀widget插件下载工具>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\x迅雷\ComDlls\XunLeiBHO_006.dll, Thunder Networking Technologies,LTD>
[NavigatMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, >
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <D:\x迅雷\Thunder.exe, Thunder Networking Technologies,LTD>
[启动Web迅雷]
  {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\ww\QQ.EXE, TENCENT>
[PicUploadCtrl Class]
  {BF8C499A-AC6E-4F58-82EA-9E5FCC41C34B} <C:\WINDOWS\Downloaded Program Files\PicUpload.dll, Sohu.com Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>
[PasswordEditCtrl Class]
  {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技（深圳）有限公司>
[WebThunder Browser Helper]
  {00000AAA-A363-466E-BEF5-9BB68697AA7F} <D:\x迅雷\WebThunderBHO_Now.dll, Thunder Networking Technologies,LTD>
[WebThunder Class]
  {03507A1A-E0C5-4404-AA26-205385C0892D} <, N/A>
[]
  {105E4D0C-5E21-41ED-90F9-013EEF271BD6} <C:\WINDOWS\system32\widgetdownload.dll, 鱼鱼桌面秀widget插件下载工具>
[XML DOM Document]
  {2933BF90-7B36-11D2-B20E-00C04F983E60} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360safe.com>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\x迅雷\ComDlls\XunLeiBHO_006.dll, Thunder Networking Technologies,LTD>
[XML DOM Document 5.0]
  {88D969E5-F192-11D4-A65F-0040963251E5} <C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll, Microsoft Corporation>
[NavigatMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, >
[QQPlayerSvr Proxy Control]
  {CD108273-D434-43E6-AA90-1469F97EB398} <D:\ww\QQPlayerProxy.dll, Tencent>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
  {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[&使用迅雷下载]
  <D:\x迅雷\Program\GetUrl.htm, N/A>
[上传到QQ网络硬盘]
  <D:\ww\AddToNetDisk.htm, N/A>
[导出到 Microsoft Excel(&x)]
  <res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
  <D:\ww\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\ww\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\ww\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 476 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 552 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 576 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 624 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\AppPatch\AcAdProc.dll]  [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)]
[PID: 636 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 800 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 848 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 916 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5243.0 (vbl_ux_partners_ie.051011-1845)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16473 (vista_gdr.070420-1500)]
    [C:\WINDOWS\system32\wups2.dll]  [Microsoft Corporation, 7.0.6000.374 (winmain(wmbla).070416-2057)]
[PID: 1016 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\windows\system32\wudfsvc.dll]  [Microsoft Corporation, 6.0.5730.0 (winmain.060915-1845)]
    [c:\windows\system32\WUDFPlatform.dll]  [Microsoft Corporation, 6.0.5730.0 (winmain.060915-1845)]
[PID: 1124 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1176 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5243.0 (vbl_ux_partners_ie.051011-1845)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16473 (vista_gdr.070420-1500)]
[PID: 1324 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\hpzll3xu.dll]  [Hewlett-Packard Company, 60.051.641.00]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\hpzpp3xu.dll]  [Hewlett-Packard Corporation, 60.051.641.00]
[PID: 1676 / Administrator][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5243.0 (vbl_ux_partners_ie.051011-1845)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16473 (vista_gdr.070420-1500)]
    [D:\AVG Anti-Spyware 7.5\shellexecutehook.dll]  [GRISOFT s.r.o., 7, 5, 1, 36]
    [C:\WINDOWS\system32\ieframe.dll]  [Microsoft Corporation, 7.00.6000.16473 (vista_gdr.070420-1500)]
    [C:\Program Files\360safe\safemon\safemon.dll]  [, 3, 5, 0, 1001]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\widgetdownload.dll]  [鱼鱼桌面秀widget插件下载工具, 1.3.0.0]
    [D:\x迅雷\ComDlls\XunLeiBHO_006.dll]  [Thunder Networking Technologies,LTD, 5, 0, 0, 3]
    [C:\WINDOWS\system32\PortableDeviceApi.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\Program Files\Microsoft Office\Office12\msohevi.dll]  [Microsoft Corporation, 12.0.4518.1014]
[PID: 1752 / SYSTEM][D:\AVG Anti-Spyware 7.5\guard.exe]  [GRISOFT s.r.o., 7, 5, 1, 22]
    [D:\AVG Anti-Spyware 7.5\engine.dll]  [GRISOFT s.r.o., 4, 2, 0, 19]
[PID: 1884 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.8466]
[PID: 1912 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 904 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1216 / Administrator][D:\AVG Anti-Spyware 7.5\avgas.exe]  [GRISOFT s.r.o., 7, 5, 1, 43]
    [D:\AVG Anti-Spyware 7.5\engine.dll]  [GRISOFT s.r.o., 4, 2, 0, 19]
    [C:\Program Files\360safe\safemon\safemon.dll]  [, 3, 5, 0, 1001]
    [C:\WINDOWS\system32\ieframe.dll]  [Microsoft Corporation, 7.00.6000.16473 (vista_gdr.070420-1500)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16473 (vista_gdr.070420-1500)]
[PID: 1232 / Administrator][C:\Program Files\360safe\safemon\360Tray.exe]  [奇虎网, 3, 5, 2, 1001]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16473 (vista_gdr.070420-1500)]
    [C:\Program Files\360safe\safemon\safemon.dll]  [, 3, 5, 0, 1001]
    [C:\Program Files\360safe\safemon\SafeKrnl.dll]  [奇虎网, 3, 5, 0, 1001]
    [C:\Program Files\360safe\AntiAdwa.dll]  [360Safe.com, 3, 5, 1, 1001]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5243.0 (vbl_ux_partners_ie.051011-1845)]
[PID: 1260 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\360safe\safemon\safemon.dll]  [, 3, 5, 0, 1001]
[PID: 1364 / Administrator][C:\Program Files\鱼鱼软件\鱼鱼桌面秀2\XDeskShow2.exe]  [鱼鱼软件, 2.0.6.718]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5243.0 (vbl_ux_partners_ie.051011-1845)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16473 (vista_gdr.070420-1500)]
    [C:\Program Files\360safe\safemon\safemon.dll]  [, 3, 5, 0, 1001]
[PID: 376 / SYSTEM][C:\WINDOWS\system32\wuauclt.exe]  [Microsoft Corporation, 7.0.6000.374 (winmain(wmbla).070416-2057)]
    [C:\WINDOWS\system32\wups2.dll]  [Microsoft Corporation, 7.0.6000.374 (winmain(wmbla).070416-2057)]
[PID: 1556 / NETWORK SERVICE][C:\WINDOWS\system32\wbem\wmiprvse.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1760 / Administrator][D:\SREngPS.bat]  [Smallfrogs Studio, 2.5.16.900]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5243.0 (vbl_ux_partners_ie.051011-1845)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16473 (vista_gdr.070420-1500)]
    [C:\Program Files\360safe\safemon\safemon.dll]  [, 3, 5, 0, 1001]

【回复“雨鹤”的帖子】
==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost
127.0.0.1localclient.qyule.com

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 1676, C:\WINDOWS\EXPLORER.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1884, C:\WINDOWS\SYSTEM32\NVSVC32.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 1232, C:\PROGRAM FILES\360SAFE\SAFEMON\360TRAY.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1232, C:\PROGRAM FILES\360SAFE\SAFEMON\360TRAY.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1364, C:\PROGRAM FILES\鱼鱼软件\鱼鱼桌面秀2\XDESKSHOW2.EXE]

==================================
API HOOK
RVA  错误： LoadLibraryA (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA  错误： LoadLibraryExA (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA  错误： LoadLibraryExW (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA  错误： LoadLibraryW (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA  错误： GetProcAddress (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)

==================================
隐藏进程
N/A

==================================


[/CODE]

各位帮忙看看谢谢了

现在附上hj日志：
HijackThis_815汉化版扫描日志 V1.99.1
保存于      08:37:51, 日期 2007-8-12
操作系统：  Windows XP SP2 (WinNT 5.01.2600)
浏览器：    Unable to get Internet Explorer version!

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
D:\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\360safe\safemon\360Tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\鱼鱼软件\鱼鱼桌面秀2\XDeskShow2.exe
C:\WINDOWS\system32\wuauclt.exe
D:\GreenBrowser\GreenBrowser.exe
D:\HijackThis\HijackThis1991zww.bat

O2 - BHO: (no name) - {105E4D0C-5E21-41ED-90F9-013EEF271BD6} - C:\WINDOWS\system32\widgetdownload.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\x迅雷\ComDlls\XunLeiBHO_006.dll
O2 - BHO: NavigatMon Class - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - C:\Program Files\360safe\safemon\safemon.dll
O3 - IE工具栏增项: (no name) - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - (no file)
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: [!AVG Anti-Spyware] "D:\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - 启动项HKLM\\Run: [360Safetray] C:\Program Files\360safe\safemon\360Tray.exe /start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [XDeskShow2] C:\Program Files\鱼鱼软件\鱼鱼桌面秀2\XDeskShow2.exe
O8 - IE右键菜单中的新增项目: &使用迅雷下载 - D:\x迅雷\Program\GetUrl.htm
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - D:\ww\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 导出到 Microsoft Excel(&x) - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - D:\ww\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\ww\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - D:\ww\SendMMS.htm
O9 - 浏览器额外的按钮: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - D:\x迅雷\Thunder.exe
O9 - 浏览器额外的“工具”菜单项: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - D:\x迅雷\Thunder.exe
O9 - 浏览器额外的按钮: 启动Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)
O9 - 浏览器额外的“工具”菜单项: 启动Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\ww\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\ww\QQ.EXE
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/
O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} -
O16 - DPF: {BF8C499A-AC6E-4F58-82EA-9E5FCC41C34B} (PicUploadCtrl Class) -
O16 - DPF: {E787FD25-8D7C-4693-AE67-9406BC6E22DF} (PasswordEditCtrl Class) -
O18 - 列举现有的协议: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - NT 服务: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - NT 服务: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\AVG Anti-Spyware 7.5\guard.exe
O23 - NT 服务: DCOM Server process launch (DSPL) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSINFO\rejoice4.exe
O23 - NT 服务: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - NT 服务: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - NT 服务: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - NT 服务: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - NT 服务: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - NT 服务: System Server - Unknown owner - C:\WINDOWS\smss.exe (file missing)
O23 - NT 服务: Network Management Center Task (W32Tasks) - Unknown owner - C:\WINDOWS\system32\taskman32.exe (file missing)

删除服务
[avast! iAVS4 Control Service / aswUpdSv][Stopped/Disabled]
<><N/A>
[avast! Antivirus / avast! Antivirus][Stopped/Disabled]
<><N/A>
[avast! Mail Scanner / avast! Mail Scanner][Stopped/Disabled]
<><N/A>
[avast! Web Scanner / avast! Web Scanner][Stopped/Disabled]
<><N/A>
[DCOM Server Process / DCOM Server Process][Stopped/Auto Start]
<><N/A>
[DCOM Server process launch / DSPL][Stopped/Auto Start]
<C:\Program Files\Common Files\Microsoft Shared\MSINFO\rejoice4.exe><N/A>
[Windows Installer / MSIServer][Stopped/Manual Start]
<><N/A>
[System Server / System Server][Stopped/Auto Start]
<C:\WINDOWS\smss.exe><N/A>
[Network Management Center Task / W32Tasks][Stopped/Auto Start]
<C:\WINDOWS\system32\taskman32.exe><N/A>

删除驱动服务
[ehcaefif / ehcaefif][Stopped/Boot Start]
<\SystemRoot\system32\drivers\ehcaefif.sys><N/A>
[hagcfbhi / hagcfbhi][Stopped/Boot Start]
<\SystemRoot\system32\drivers\hagcfbhi.sys><N/A>
jefacibi / jefacibi][Running/Boot Start]
<\SystemRoot\system32\drivers\jefacibi.sys><中国互联网络信息中心(CNNIC)>
[jfqqc / jfqqca][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\jfqqca.sys><N/A>
[khbr / khbrg][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\khbrg.sys><N/A>
[kk7bs4n9 / kk7bs4n9][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\kk7bs4n9.sys><N/A
[xinstall / xinstall][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\xinstall.sys><N/A>

重启删除
C:\Program Files\Common Files\Microsoft Shared\MSINFO\rejoice4.exe
C:\WINDOWS\smss.exe
C:\WINDOWS\system32\taskman32.exe
SystemRoot\system32\drivers\ehcaefif.sys
SystemRoot\system32\drivers\hagcfbhi.sys
SystemRoot\system32\drivers\jefacibi.sysSystem32\DRIVERS\jfqqca.sys><N/A>
System32\DRIVERS\khbrg.sys><N/A>
C:\WINDOWS\system32\drivers\kk7bs4n9.sys><N/A
C:\WINDOWS\system32\drivers\xinstall.sys><N/A>

删除不掉的文件尝试用XDelBox1.3一次性删除
(enao.ys168.com 下载)
打开XDelBox1.3==>在 文件路径 填上文件具体路径==>点 添加==>勾选上 抑制再生==>选中 列表中的文件 点 右键(若要一次性删除多个文件，可以按住键盘的Ctrl,进行多选)==>立刻重启执行删除

谢谢了,以按照方法做了.以下文件没有找到:

C:\WINDOWS\smss.exe
C:\WINDOWS\system32\taskman32.exe
SystemRoot\system32\drivers\ehcaefif.sys
System32\DRIVERS\khbrg.sys><N/A>


这样可以么?
多谢了