AVG Anti-Spyware检测到我的电脑中了Downloader.Agent.bbb木马病毒！病毒路径：c:\WINDOWS\SYSTEM32\vbxmx.dll
这是什么木马病毒？杀毒软件也杀不掉！安全模式下也删除不了！用KILLBOX删除也不行！
请教各位高手帮帮忙！！！谢谢大家！！！

如果手工清除看以下办法:

开始-运行,打services.msc,找到Distributed Application Client (BARCASE)和Clipboard (Templates)将它们停止并禁用.

开始-运行,打regedit,展开HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services,找到 ifbdehdf, ihecjdje,jr,pbohrk32将它们删除(可能是MY123的驱动就很难删除,用下面的方法删除文件后重启删除)

重启电脑到安全模式(有些需要到DOS下),删除:

C:\WINDOWS\SYSTEM32\WBEM\ROLNLM50.DLL
C:\WINDOWS\system32\jsbnqv08.dll
C:\WINDOWS\system32\drivers\jsbnqv08.sys(可能有)
C:\WINDOWS\system32\drivers\ifbdehdf.sys
C:\WINDOWS\system32\ifbdehdf.dll(可能有)
C:\WINDOWS\system32\drivers\ihecjdje.sys
C:\WINDOWS\system32\ihecjdje.dll(可能有)
C:\WINDOWS\system32\drivers\jr.sys
SystemRoot\System32\DRIVERS\pbohrk32.sys
C:\WINDOWS\system32\pbohrk32.dll
C:\WINDOWS\system32\tymhe.dll
C:\WINDOWS\system32\pbohrk32.dll

由于上面的文件怀疑是MY123的文件,建议使用WIN98安装盘启动到DOS下删除,之前要去掉它们的"隐藏""系统"等属性。

友情提示：DOS下解除其属性的命令是：

attrib -s -h -r -a 文件名

另外反间谍专家也可以搞定

谢谢楼上的，在哪下反间谍软件？谢谢！！！

[CODE]

2007-01-31,18:00:33

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <MsnMsgr><; "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background>  [(Verified)Microsoft Corporation]
    <MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <Hcontrol><C:\WINDOWS\ATK0100\Hcontrol.exe>  [(Verified)]
    <ATIModeChange><Ati2mdxx.exe>  [(Verified)ATI Technologies, Inc.]
    <ASUS Live Update><C:\Program Files\ASUS\ASUS Live Update\ALU.exe>  [N/A]
    <Power_Gear><; C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe 1>  [N/A]
    <SynTPLpr><C:\Program Files\Synaptics\SynTP\SynTPLpr.exe>  [(Verified)Synaptics, Inc.]
    <SynTPEnh><C:\Program Files\Synaptics\SynTP\SynTPEnh.exe>  [(Verified)Synaptics, Inc.]
    <ATIPTA><C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe>  [ATI Technologies, Inc.]
    <PRONoMgr.exe><c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe>  [Intel(R) Corporation]
    <nod32kui><"C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE>  [(Verified)Eset ]
    <!AVG Anti-Spyware><"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized>  [Anti-Malware Development a.s.]
    <Super Rabbit SRRestore><C:\PROGRA~1\SUPERR~1\MAGICSET\SRRest.exe /autosave>  [Super Rabbit Soft]
    <TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [(Verified)RealNetworks, Inc.]
    <Look 'n' Stop><"C:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto>  [Soft4Ever]
    <Windows木马防火墙><C:\Program Files\ftc\Trojanwall.exe>  [风云谷]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><E:\工具\屏保\夜光时~1\屏保夜~1\夜光时~1.SCR>  [N/A]

==================================
启动文件夹
[ASUS ChkMail]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\ASUS ChkMail.lnk --> C:\PROGRA~1\Asus\ASUSCH~1\ChkMail.exe [asus]><N>
[ADSL]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\ADSL.lnk -->  [N/A]><N>

==================================
服务
[Application Management / AppMgmt][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
  <C:\WINDOWS\System32\Ati2evxx.exe><N/A>
[AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start]
  <C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe><Anti-Malware Development a.s.>
[DNS Cache / BRGNS][Stopped/Auto Start]
  <C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\BSQHV.DLL,Export 1087><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NOD32 Kernel Service / NOD32krn][Running/Auto Start]
  <"C:\Program Files\Eset\nod32krn.exe"><Eset>
[RegSrvc / RegSrvc][Running/Auto Start]
  <C:\WINDOWS\System32\RegSrvc.exe><Intel Corporation>
[Spectrum24 Event Monitor / S24EventMonitor][Running/Auto Start]
  <C:\WINDOWS\System32\S24EvMon.exe><Intel Corporation>

==================================
驱动程序
[AMON / AMON][Running/Auto Start]
  <\SystemRoot\system32\drivers\amon.sys><Eset>
[ati2mtag / ati2mtag][Running/Manual Start]
  <System32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
  <\??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys><N/A>
[AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
  <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
[Broadcom NetXtreme Gigabit Ethernet / b57w2k][Running/Manual Start]
  <System32\DRIVERS\b57xp32.sys><Broadcom Corporation>
[GDTdiInterceptor / GDTdiInterceptor][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\GDTdiIcpt.sys><>
[HSFHWICH / HSFHWICH][Running/Manual Start]
  <System32\DRIVERS\HSFHWICH.sys><Conexant Systems, Inc.>
[HSF_DP / HSF_DP][Running/Manual Start]
  <System32\DRIVERS\HSF_DP.sys><Conexant Systems, Inc.>
[lnsfw1 / lnsfw1][Running/System Start]
  <system32\drivers\lnsfw1.sys><Soft4Ever>
[AEGIS Protocol (IEEE 802.1x) v2.2.1.0 / MDC8021X][Running/Auto Start]
  <System32\DRIVERS\mdc8021x.sys><Meetinghouse Data Communications>
[mdmxsdk / mdmxsdk][Running/Auto Start]
  <System32\DRIVERS\mdmxsdk.sys><Conexant>
[msqmx / msqmx][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\msqmx.sys><N/A>
[ATK0100 ACPI UTILITY / MTsensor][Running/Manual Start]
  <System32\DRIVERS\ATKACPI.sys><>
[nod32drv / nod32drv][Running/System Start]
  <\SystemRoot\system32\drivers\nod32drv.sys><N/A>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[NSC Infrared Device Driver / NSCIRDA][Running/Manual Start]
  <System32\DRIVERS\nscirda.sys><National Semiconductor Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[qdrm / qdrmh][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\qdrmh.sys><N/A>
[WLAN Transport / s24trans][Running/Auto Start]
  <System32\DRIVERS\s24trans.sys><Intel Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[Look 'n' Stop Driver / SFilter][Running/Manual Start]
  <system32\DRIVERS\lnsfw.sys><Soft4Ever>
[Audio Driver (WDM) - SigmaTel CODEC / STAC97][Running/Manual Start]
  <system32\drivers\stac97.sys><SigmaTel, Inc.>
[Synaptics TouchPad Driver / SynTP][Running/Manual Start]
  <System32\DRIVERS\SynTP.sys><Synaptics, Inc.>
[Intel(R) PRO/Wireless 2200 Adapter 驱动程序 / w22n51][Running/Manual Start]
  <System32\DRIVERS\w22n51.sys><Intel? Corporation>
[winachsf / winachsf][Running/Manual Start]
  <System32\DRIVERS\HSF_CNXT.sys><Conexant Systems, Inc.>

==================================
浏览器加载项
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[&使用迅雷下载]
  <C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
  <C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[上传到QQ网络硬盘]
  <C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
  <C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 1140][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1196][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\ftc\PassProtect.dll]  [Fygsoft and Microsoft, 2.1.0.98]
[PID: 1240][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\ftc\PassProtect.dll]  [Fygsoft and Microsoft, 2.1.0.98]
[PID: 1288][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\ftc\PassProtect.dll]  [Fygsoft and Microsoft, 2.1.0.98]
[PID: 1300][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\ftc\PassProtect.dll]  [Fygsoft and Microsoft, 2.1.0.98]
[PID: 1460][C:\WINDOWS\System32\Ati2evxx.exe]  [N/A, N/A]
    [C:\Program Files\ftc\PassProtect.dll]  [Fygsoft and Microsoft, 2.1.0.98]
[PID: 1472][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\ftc\PassProtect.dll]  [Fygsoft and Microsoft, 2.1.0.98]
[PID: 1536][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\ftc\PassProtect.dll]  [Fygsoft and Microsoft, 2.1.0.98]
[PID: 1564][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\ftc\PassProtect.dll]  [Fygsoft and Microsoft, 2.1.0.98]
    [C:\WINDOWS\System32\imon.dll]  [Eset , 2, 70, 27 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, N/A]
[PID: 1708][C:\WINDOWS\System32\S24EvMon.exe]  [Intel Corporation , 8, 0, 0, 167]
    [C:\Program Files\ftc\PassProtect.dll]  [Fygsoft and Microsoft, 2.1.0.98]
[PID: 1832][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\ftc\PassProtect.dll]  [Fygsoft and Microsoft, 2.1.0.98]
[PID: 500][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\vbxmx.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.6.3 08Aug03]
    [C:\Program Files\ftc\PassProtect.dll]  [Fygsoft and Microsoft, 2.1.0.98]
    [C:\Program Files\Media Player Classic\Codecs\mmfinfo.dll]  [N/A, N/A]
    [C:\Program Files\Media Player Classic\Codecs\mkunicode.dll]  [N/A, N/A]

[E:\工具\绿色软件\系统垃圾清理\清除系统无用的垃圾-WYWZ控制台-Windows橡皮擦消除一切操作及使用痕迹\清除痕迹\Erasext.dll]  [N/A, 1.0.1.2]
    [E:\工具\绿色软件\系统垃圾清理\清除系统无用的垃圾-WYWZ控制台-Windows橡皮擦消除一切操作及使用痕迹\清除痕迹\ERASER.dll]  [N/A, 0.0.1.2]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
    [C:\Program Files\Eset\nodshex.dll]  [N/A, N/A]
    [C:\PROGRA~1\ftc\Commenu.dll]  [Fygsoft and Microsoft, 3.0.0.63]
    [C:\AVK2006\ShellExt.dll]  [, 10, 0, 0, 0]
[PID: 592][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\Program Files\ftc\PassProtect.dll]  [Fygsoft and Microsoft, 2.1.0.98]
[PID: 980][C:\WINDOWS\ATK0100\Hcontrol.exe]  [, 1043, 2, 15, 31]
    [C:\WINDOWS\ATK0100\CMSSC.dll]  [N/A, N/A]
    [C:\WINDOWS\ATK0100\inter_f2.dll]  [ATK, 1043, 2, 15, 31]
    [C:\WINDOWS\ATK0100\ATKWLIOC.DLL]  [ACTIONTEC Electronics,Inc, 2.01.02]
    [C:\WINDOWS\system32\SbrngAPI.dll]  [Intel Corporation, 8, 0, 0, 167]
    [C:\WINDOWS\system32\PfMgrApi.dll]  [Intel Corporation, 8, 0, 0, 167]
    [C:\WINDOWS\system32\PsRegApi.dll]  [Intel Corporation, 8, 0, 0, 167]
    [C:\WINDOWS\system32\WConfig.DLL]  [Intel Corporation, 8, 0, 0, 167]
    [C:\WINDOWS\system32\WiFiAdap.DLL]  [Intel Corporation, 8, 0, 0, 167]
    [C:\WINDOWS\system32\C1XStngs.dll]  [Intel Corporation, 8, 0, 0, 167]
    [C:\WINDOWS\system32\S24MUDLL.dll]  [Intel Corporation, 8, 0, 0, 167]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.6.3 08Aug03]
    [C:\Program Files\ftc\PassProtect.dll]  [Fygsoft and Microsoft, 2.1.0.98]
    [c:\Program Files\Intel\PROSetWireless\PROSet\CHS\PmApiCHS.dll]  [Intel Corporation, 8, 0, 0, 107]
[PID: 996][C:\Program Files\ASUS\ASUS Live Update\ALU.exe]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.6.3 08Aug03]
    [C:\Program Files\ftc\PassProtect.dll]  [Fygsoft and Microsoft, 2.1.0.98]
[PID: 1004][C:\Program Files\Synaptics\SynTP\SynTPLpr.exe]  [Synaptics, Inc., 7.6.3 08Aug03]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.6.3 08Aug03]
    [C:\Program Files\ftc\PassProtect.dll]  [Fygsoft and Microsoft, 2.1.0.98]
[PID: 1024][C:\Program Files\Synaptics\SynTP\SynTPEnh.exe]  [Synaptics, Inc., 7.6.3 08Aug03]
    [C:\WINDOWS\System32\SynCOM.dll]  [Synaptics, Inc., 7.6.3 08Aug03]
    [C:\WINDOWS\system32\SynTPAPI.dll]  [Synaptics, Inc., 7.6.3 08Aug03]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.6.3 08Aug03]
    [C:\Program Files\ftc\PassProtect.dll]  [Fygsoft and Microsoft, 2.1.0.98]
[PID: 1048][C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe]  [ATI Technologies, Inc., 6.14.10.5035]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.6.3 08Aug03]
    [C:\Progra~1\ATI Technologies\ATI Control Panel\atipdsxx.dll]  [ATI Technologies, Inc., 6.14.10.5035]
    [C:\PROGRA~1\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.CHS]  [ATI Technologies, Inc., 6.14.10.5035]
    [C:\Progra~1\ATI Technologies\ATI Control Panel\atipdxxx.dll]  [ATI Technologies, Inc., 6.14.10.5035]
    [c:\Program Files\Intel\PROSetWireless\NCS\PROSet\CHSPGUIR.dll]  [Intel(R) Corporation, 6.1.304.0]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.6.3 08Aug03]
    [c:\WINDOWS\System32\Pn802_11.dll]  [Intel Corporation., 1, 0, 0, 0]
    [c:\WINDOWS\System32\PfMgrApi.dll]  [Intel Corporation, 8, 0, 0, 167]
    [c:\WINDOWS\System32\PsRegApi.dll]  [Intel Corporation, 8, 0, 0, 167]
    [c:\WINDOWS\System32\WConfig.DLL]  [Intel Corporation, 8, 0, 0, 167]
    [c:\WINDOWS\System32\WiFiAdap.DLL]  [Intel Corporation, 8, 0, 0, 167]
    [c:\WINDOWS\System32\C1XStngs.dll]  [Intel Corporation, 8, 0, 0, 167]
    [c:\Program Files\Intel\PROSetWireless\PROSet\CHS\PNC11CHS.dll]  [Intel Corporation., 1, 0, 0, 0]
    [C:\WINDOWS\system32\S24MUDLL.dll]  [Intel Corporation, 8, 0, 0, 167]
    [C:\Program Files\ftc\PassProtect.dll]  [Fygsoft and Microsoft, 2.1.0.98]
    [c:\Program Files\Intel\PROSetWireless\PROSet\CHS\PmApiCHS.dll]  [Intel Corporation, 8, 0, 0, 107]
[PID: 1124][C:\Program Files\Eset\nod32kui.exe]  [Eset , 2, 70, 27 ]
    [C:\Program Files\Eset\nod32rui.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.6.3 08Aug03]
    [C:\Program Files\ftc\PassProtect.dll]  [Fygsoft and Microsoft, 2.1.0.98]
    [C:\Program Files\Eset\pu_amon.dll]  [Eset , 2, 70, 27 ]
    [C:\Program Files\Eset\pr_amon.dll]  [Eset , 2, 70, 27 ]
    [C:\Program Files\Eset\pu_dmon.dll]  [Eset , 2, 70, 27 ]
    [C:\Program Files\Eset\pr_dmon.dll]  [N/A, N/A]
    [C:\Program Files\Eset\pu_emon.dll]  [Eset , 2, 70, 27 ]
    [C:\Program Files\Eset\pr_emon.dll]  [N/A, N/A]
    [C:\Program Files\Eset\pu_imon.dll]  [Eset , 2, 70, 27 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, N/A]
    [C:\Program Files\Eset\pu_nod32.dll]  [Eset , 2, 70, 27 ]
    [C:\Program Files\Eset\pr_nod32.dll]  [Eset , 2, 70, 27 ]
    [C:\Program Files\Eset\pu_upd.dll]  [Eset , 2, 70, 27 ]
    [C:\Program Files\Eset\pr_upd.dll]  [N/A, N/A]
[PID: 1364][C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe]  [Anti-Malware Development a.s., 7, 5, 0, 50]
    [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll]  [Anti-Malware Development a.s., 4, 2, 0, 15]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.6.3 08Aug03]
    [C:\Program Files\ftc\PassProtect.dll]  [Fygsoft and Microsoft, 2.1.0.98]
    [C:\WINDOWS\System32\imon.dll]  [Eset , 2, 70, 27 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, N/A]
[PID: 1800][C:\Program Files\Soft4Ever\looknstop\looknstop.exe]  [Soft4Ever, 2, 0, 0, 5]
    [C:\WINDOWS\system32\fwapi.dll]  [Soft4Ever, 4.01]
    [C:\Program Files\Soft4Ever\looknstop\plugin_language.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.6.3 08Aug03]
    [C:\Program Files\ftc\PassProtect.dll]  [Fygsoft and Microsoft, 2.1.0.98]
[PID: 1808][C:\Program Files\ftc\Trojanwall.exe]  [风云谷, 5.9.0.2183]
    [C:\Program Files\ftc\ftcapi.dll]  [fygsoft, 1.1.0.0]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.6.3 08Aug03]
    [C:\Program Files\ftc\PassProtect.dll]  [Fygsoft and Microsoft, 2.1.0.98]
    [C:\WINDOWS\System32\imon.dll]  [Eset , 2, 70, 27 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, N/A]
[PID: 1948][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.6.3 08Aug03]
    [C:\Program Files\ftc\PassProtect.dll]  [Fygsoft and Microsoft, 2.1.0.98]
[PID: 2024][C:\Program Files\Messenger\msmsgs.exe]  [Microsoft Corporation, 4.7.3001]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.6.3 08Aug03]
    [C:\Program Files\ftc\PassProtect.dll]  [Fygsoft and Microsoft, 2.1.0.98]
[PID: 284][C:\Program Files\Asus\Asus ChkMail\ChkMail.exe]  [asus, 1043, 1, 15, 5]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.6.3 08Aug03]
    [C:\Program Files\ftc\PassProtect.dll]  [Fygsoft and Microsoft, 2.1.0.98]
[PID: 912][C:\Program Files\Eset\nod32krn.exe]  [Eset , 2, 70, 27 ]
    [C:\Program Files\ftc\PassProtect.dll]  [Fygsoft and Microsoft, 2.1.0.98]
    [C:\Program Files\Eset\nod32krr.dll]  [Eset , 2, 70, 27 ]
    [C:\Program Files\Eset\ps_amon.dll]  [Eset , 2, 70, 27 ]
    [C:\Program Files\Eset\pr_amon.dll]  [Eset , 2, 70, 27 ]
    [C:\Program Files\Eset\ps_dmon.dll]  [Eset , 2, 70, 27 ]
    [C:\Program Files\Eset\pr_dmon.dll]  [N/A, N/A]
    [C:\Program Files\Eset\ps_emon.dll]  [Eset , 2, 70, 27 ]
    [C:\Program Files\Eset\pr_emon.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\imon.dll]  [Eset , 2, 70, 27 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, N/A]
    [C:\Program Files\Eset\ps_nod32.dll]  [Eset , 2, 70, 27 ]
    [C:\Program Files\Eset\pr_nod32.dll]  [Eset , 2, 70, 27 ]
    [C:\Program Files\Eset\ps_upd.dll]  [Eset , 2, 70, 27 ]
    [C:\Program Files\Eset\pr_upd.dll]  [N/A, N/A]
[PID: 1760][C:\WINDOWS\System32\RegSrvc.exe]  [Intel Corporation, 8, 0, 0, 167]
    [C:\Program Files\ftc\PassProtect.dll]  [Fygsoft and Microsoft, 2.1.0.98]
[PID: 2004][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
    [C:\Program Files\ftc\PassProtect.dll]  [Fygsoft and Microsoft, 2.1.0.98]
[PID: 2172][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\ftc\PassProtect.dll]  [Fygsoft and Microsoft, 2.1.0.98]
    [C:\WINDOWS\System32\imon.dll]  [Eset , 2, 70, 27 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, N/A]
[PID: 2924][C:\WINDOWS\System32\1XConfig.exe]  [Intel, 8, 0, 0, 167]
    [C:\WINDOWS\System32\IntelAE5.dll]  [Meetinghouse Data Communications, 1, 42, 19, 1]
    [C:\WINDOWS\System32\SSLEAY32.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\LIBEAY32.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\PsRegApi.dll]  [Intel Corporation, 8, 0, 0, 167]
    [C:\Program Files\ftc\PassProtect.dll]  [Fygsoft and Microsoft, 2.1.0.98]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.6.3 08Aug03]
[PID: 3260][C:\WINDOWS\ATK0100\ATKOSD.exe]  [, 1043, 2, 15, 31]
    [C:\Program Files\ftc\PassProtect.dll]  [Fygsoft and Microsoft, 2.1.0.98]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.6.3 08Aug03]
[PID: 3104][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\ftc\PassProtect.dll]  [Fygsoft and Microsoft, 2.1.0.98]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.6.3 08Aug03]
[PID: 2808][E:\System Repair Engineer 2.3.13.690\sreng2-2.3.13.690 版本\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]
    [C:\Program Files\ftc\PassProtect.dll]  [Fygsoft and Microsoft, 2.1.0.98]
    [C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.6.3 08Aug03]
    [C:\WINDOWS\System32\imon.dll]  [Eset , 2, 70, 27 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, N/A]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
NOD32 protected [MSAFD Tcpip [TCP/IP]]
    C:\WINDOWS\System32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [MSAFD Tcpip [UDP/IP]]
    C:\WINDOWS\System32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [MSAFD Tcpip [RAW/IP]]
    C:\WINDOWS\System32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [RSVP UDP Service Provider]
    C:\WINDOWS\System32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [RSVP TCP Service Provider]
    C:\WINDOWS\System32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32
    C:\WINDOWS\System32\imon.dll(Eset , NOD32 IMON - Internet scanning support)

==================================
Autorun.inf
[G:\]
[autorun]
ICON=Kvukill\kvUScan.EXE
OPEN=Kvukill\kvUScan.EXE
shell\volcanosh1\command=Kvukill\kvUScan.EXE
shell\volcanosh1=★内嵌杀毒工具★
shell\volcanosh2\command=加密驱动\SETUP.EXE
shell\volcanosh2=★加密驱动安装★

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
N/A

==================================


[/CODE]