总有可疑文件在运行（cnscheck100.dll,001.exe,svhost32.exe,Windows.sys,IEXPLORE.Sys,IEXPLORE.Dat）
用SREng的日志如下：
注册表

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
(load)(C:\PROGRA~1\svhost32.exe) [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
(PHIME2002ASync)(C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC) [(Verified)Microsoft Corporation]
(PHIME2002A)(C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName) [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(shell)(Explorer.exe) [(Verified)Microsoft Corporation]
(Userinit)(C:\WINDOWS\system32\userinit.exe,) [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
(AppInit_DLLs)(NVDESK32.DLL) [NVIDIA Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(UIHost)(logonui.exe) [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
({AEB6717E-7E19-11d0-97EE-00C04FD91972})(shell32.dll) [(Verified)Microsoft Corporation]
({11760322-2400-4AC3-9605-6CAF086E809E})(C:\Program Files\Internet Explorer\PLUGINS\Windows.sys) [N/A]
({99F1D023-7CEB-4586-80F7-BB1A98DB7602})(C:\Program Files\Internet Explorer\IEXPLORE.Sys) [N/A]
({FEB94F5A-69F3-4645-8C2B-9E71D270AF2E})(C:\Program Files\Internet Explorer\IEXPLORE.Dat) [N/A]
({9A0CFC58-5A6F-41ba-9FFE-4320F4F62FB1})(C:\WINDOWS\system32\cnscheck100.dll) [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
(PostBootReminder)(%SystemRoot%\system32\SHELL32.dll) [(Verified)Microsoft Corporation]
(CDBurn)(%SystemRoot%\system32\SHELL32.dll) [(Verified)Microsoft Corporation]
(WebCheck)(%SystemRoot%\system32\webcheck.dll) [(Verified)Microsoft Corporation]
(SysTray)(C:\WINDOWS\system32\stobject.dll) [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
(WinlogonNotify: crypt32chain)(crypt32.dll) [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
(WinlogonNotify: cryptnet)(cryptnet.dll) [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
(WinlogonNotify: cscdll)(cscdll.dll) [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
(WinlogonNotify: ScCertProp)(wlnotify.dll) [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
(WinlogonNotify: Schedule)(wlnotify.dll) [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
(WinlogonNotify: sclgntfy)(sclgntfy.dll) [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
(WinlogonNotify: SensLogn)(WlNotify.dll) [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
(WinlogonNotify: termsrv)(wlnotify.dll) [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
(WinlogonNotify: wlballoon)(wlnotify.dll) [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
({438755C2-A8BA-11D1-B96B-00A0C90312E1})(%SystemRoot%\system32\browseui.dll) [(Verified)Microsoft Corporation]
({8C7461EF-2B13-11d2-BE35-3078302C2030})(%SystemRoot%\system32\browseui.dll) [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Control Panel\Desktop]
(SCRNSAVE.EXE)(C:\WINDOWS\System32\logon.scr) [(Verified)Microsoft Corporation]

启动文件夹

N/A



--------------------------------------------------------------------------------



服务

[Human Interface Device Access / HidServ]
(C:\WINDOWS\System32\svchost.exe -k netsvcs--)%SystemRoot%\System32\hidserv.dll)(N/A)
[Spectrum24 Events Monitor / IPRIP]
(C:\WINDOWS\System32\svchost.exe -k netsvcs--)C:\WINDOWS\system32\acss.dll)(LINKMEDIA Tech)
[Kingsoft Personal Firewall Service / KPfwSvc]
("C:\KAV2006\KPfwSvc.EXE")(Kingsoft Corporation)
[Kingsoft Antivirus KWatch Service / KWatchSvc]
(C:\KAV2006\KWatch.EXE)(Kingsoft Corporation)
[NetMeeting Remote Desktop Agent / Nwsapagent]
(C:\WINDOWS\System32\svchost.exe -k netsvcs--)C:\WINDOWS\system32\Nwsapagent.dll)(LINKMEDIA Tech)
[AdsWinIe / AdsWinIe]
(C:\WINDOWS\system32\AdsWin.exe -service)(Microsoft Corporation)



--------------------------------------------------------------------------------



驱动程序

[KNetWch / KNetWch]
(\??\C:\KAV2006\KNetWch.SYS)(Kingsoft Corporation)
[KWatch3 / KWatch3]
(\??\C:\WINDOWS\system32\drivers\KWatch3.SYS)(Kingsoft Corporation)
[nv / nv]
(system32\DRIVERS\nv4_mini.sys)(NVIDIA Corporation)
[nv4 / nv4]
(system32\DRIVERS\nv4_mini.sys)(NVIDIA Corporation)
[Direct Parallel Link Driver / Ptilink]
(system32\DRIVERS\ptilink.sys)(Parallel Technologies, Inc.)
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
(system32\DRIVERS\RTL8139.SYS)(Realtek Semiconductor Corporation)
[Secdrv / Secdrv]
(system32\DRIVERS\secdrv.sys)(N/A)



--------------------------------------------------------------------------------



浏览器加载项

[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated)
[信息检索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} (C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation)
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} (C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation)
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} (%SystemRoot%\system32\mshtml.dll, N/A)
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} (C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation)
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} (C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation)
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} (C:\WINDOWS\system32\macromed\flash\flash.ocx, Macromedia, Inc.)
[导出到 Microsoft Office Excel(&X)]
(res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A)

正在运行的进程

[PID: 372][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 432][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 456][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\NVDESK32.DLL] [NVIDIA Corporation, 4.12.01.0752]
[PID: 500][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\NVDESK32.DLL] [NVIDIA Corporation, 4.12.01.0752]
[PID: 512][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\NVDESK32.DLL] [NVIDIA Corporation, 4.12.01.0752]
[PID: 656][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\NVDESK32.DLL] [NVIDIA Corporation, 4.12.01.0752]
[PID: 724][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\NVDESK32.DLL] [NVIDIA Corporation, 4.12.01.0752]
[PID: 808][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\NVDESK32.DLL] [NVIDIA Corporation, 4.12.01.0752]
[PID: 840][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\NVDESK32.DLL] [NVIDIA Corporation, 4.12.01.0752]
[PID: 904][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\NVDESK32.DLL] [NVIDIA Corporation, 4.12.01.0752]
[PID: 1348][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\NVDESK32.DLL] [NVIDIA Corporation, 4.12.01.0752]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[C:\Program Files\Internet Explorer\PLUGINS\Windows.sys] [N/A, N/A]
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] [N/A, N/A]
[C:\WINDOWS\system32\cnscheck100.dll] [N/A, N/A]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, N/A]
[PID: 1796][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\NVDESK32.DLL] [NVIDIA Corporation, 4.12.01.0752]
[C:\Program Files\Internet Explorer\PLUGINS\Windows.sys] [N/A, N/A]
[C:\WINDOWS\system32\cnscheck100.dll] [N/A, N/A]
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] [N/A, N/A]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, N/A]
[PID: 1108][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\NVDESK32.DLL] [NVIDIA Corporation, 4.12.01.0752]
[C:\WINDOWS\system32\cnscheck100.dll] [N/A, N/A]
[PID: 1720][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\NVDESK32.DLL] [NVIDIA Corporation, 4.12.01.0752]
[C:\WINDOWS\system32\cnscheck100.dll] [N/A, N/A]
[PID: 1880][C:\WINDOWS\csrss.exe] [Microsoft Corporation, 5.01.2600]
[C:\WINDOWS\system32\NVDESK32.DLL] [NVIDIA Corporation, 4.12.01.0752]
[C:\WINDOWS\system32\cnscheck100.dll] [N/A, N/A]
[C:\DOCUME~1\ml\LOCALS~1\Laoding.bat] [N/A, N/A]
[C:\WINDOWS\system32\NVDESK32.DLL] [NVIDIA Corporation, 4.12.01.0752]
[C:\WINDOWS\system32\cnscheck100.dll] [N/A, N/A]
[PID: 1232][C:\DOCUME~1\ml\LOCALS~1\Temp\RarSFX5\001.exe] [aaaa, 1.00]
[C:\WINDOWS\system32\NVDESK32.DLL] [NVIDIA Corporation, 4.12.01.0752]
[C:\WINDOWS\system32\cnscheck100.dll] [N/A, N/A]
[PID: 1860][C:\WINDOWS\explorer.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\NVDESK32.DLL] [NVIDIA Corporation, 4.12.01.0752]
[C:\WINDOWS\system32\cnscheck100.dll] [N/A, N/A]
[PID: 396][C:\KAV2006\TrojanDetector.EXE] [金山软件, 2006, 2, 8, 10]
[C:\WINDOWS\system32\NVDESK32.DLL] [NVIDIA Corporation, 4.12.01.0752]
[C:\Program Files\Internet Explorer\PLUGINS\Windows.sys] [N/A, N/A]
[C:\WINDOWS\system32\cnscheck100.dll] [N/A, N/A]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, N/A]
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] [N/A, N/A]
[PID: 1484][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\NVDESK32.DLL] [NVIDIA Corporation, 4.12.01.0752]
[C:\Program Files\Internet Explorer\PLUGINS\Windows.sys] [N/A, N/A]
[C:\WINDOWS\system32\cnscheck100.dll] [N/A, N/A]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, N/A]
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] [N/A, N/A]
[C:\KAV2006\KAScript.DLL] [Kingsoft Corporation, 2006, 2, 10, 60]
[C:\KAV2006\KAEPlat.DLL] [Kingsoft Corp., 2006, 5, 30, 59]
[C:\KAV2006\KAEMem.DAT] [Kingsoft, 2006, 9, 25, 16]
[C:\KAV2006\KAEUnpack.DAT] [Kingsoft Corp., 2006, 7, 27, 59]
[C:\WINDOWS\system32\macromed\flash\flash.ocx] [Macromedia, Inc., 6,0,79,0]
[PID: 704][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\NVDESK32.DLL] [NVIDIA Corporation, 4.12.01.0752]
[C:\WINDOWS\system32\cnscheck100.dll] [N/A, N/A]
[C:\KAV2006\KAScript.DLL] [Kingsoft Corporation, 2006, 2, 10, 60]
[C:\KAV2006\KAEPlat.DLL] [Kingsoft Corp., 2006, 5, 30, 59]
[C:\KAV2006\KAEMem.DAT] [Kingsoft, 2006, 9, 25, 16]
[C:\KAV2006\KAEUnpack.DAT] [Kingsoft Corp., 2006, 7, 27, 59]
[C:\WINDOWS\system32\macromed\flash\flash.ocx] [Macromedia, Inc., 6,0,79,0]
[C:\Program Files\Internet Explorer\PLUGINS\Windows.sys] [N/A, N/A]
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] [N/A, N/A]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, N/A]
[C:\DOCUME~1\ml\LOCALS~1\Laoding.bat] [N/A, N/A]
[C:\WINDOWS\system32\NVDESK32.DLL] [NVIDIA Corporation, 4.12.01.0752]
[C:\WINDOWS\system32\cnscheck100.dll] [N/A, N/A]
[PID: 1296][C:\DOCUME~1\ml\LOCALS~1\Temp\RarSFX6\001.exe] [aaaa, 1.00]
[C:\WINDOWS\system32\NVDESK32.DLL] [NVIDIA Corporation, 4.12.01.0752]
[C:\WINDOWS\system32\cnscheck100.dll] [N/A, N/A]
[PID: 1188][C:\Documents and Settings\ml\桌面\KillBox.exe] [Option^Explicit Software vbtechcd@gmail.com, 2.00.0532]
[C:\WINDOWS\system32\NVDESK32.DLL] [NVIDIA Corporation, 4.12.01.0752]
[C:\Program Files\Internet Explorer\PLUGINS\Windows.sys] [N/A, N/A]
[C:\WINDOWS\system32\cnscheck100.dll] [N/A, N/A]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, N/A]
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] [N/A, N/A]
[PID: 892][C:\Documents and Settings\ml\桌面\sreng2\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605]
[C:\WINDOWS\system32\NVDESK32.DLL] [NVIDIA Corporation, 4.12.01.0752]
[C:\Program Files\Internet Explorer\PLUGINS\Windows.sys] [N/A, N/A]
[C:\WINDOWS\system32\cnscheck100.dll] [N/A, N/A]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, N/A]
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] [N/A, N/A]

文件关联

.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. ["hh.exe" %1]
.HLP Error. [winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]



--------------------------------------------------------------------------------



Winsock 提供者

N/A



--------------------------------------------------------------------------------



Autorun.inf

[D:\]
[autorun]
OPEN=D:\pagefile.pif
[E:\]
[AutoRun]
open=pagefile.pif



--------------------------------------------------------------------------------



HOSTS 文件

127.0.0.1 localhost

我现在有金山毒霸２００６，System Repair Engineer 2.2 正式版，KILLBOX请高手指教！！！