大家知道正常情况下这个东西位于c:\windows\system32目录下，跟打印服务有关。问题是本人没有安装打印机，也没有开启打印功能，而且我的这个程序已经从上面的目录里和从DLLCACHE中全部删除了。可是我的电脑总是在毫无察觉的情况下开启这个进程，而且程序位于c:\windows目录下，隐藏属性，可以删除，可是不久又会自动爆出来，一旦开启，就会不停的向网络不固定的ip地址发出连接要求。程序大小为258kb,属性显示是微软公司发布的。可是偶觉得不可信。请哪位达人指点一二。

没有用的，我把相关的注册表项目也全部清除了，禁用了打印服务，可是还是莫明其妙的自动出现这个东西。

[CODE]

2007-02-01,12:57:06

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\windows\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <KvXP><; "D:\KV2006\KvXP.kxp" /ScanBoot /ScanSys>  [Jiangmin Co.Ltd]
    <bgswitch><; C:\WINDOWS\system32\bgswitch.exe>  [N/A]
    <dianlei><; "D:\Program Files\Dianlei\dianlei.exe" -Tray>  [N/A]
    <KVFW><; "C:\Program Files\KVFW\kvfw.exe" -silent>  [Beijing Jiangmin.]
    <PcSync><; >  [N/A]
    <xvcclip><; >  [N/A]
    <eMuleAutoStart><D:\Program Files\eMule\emule.exe -AutoStart>  [http://www.emule-project.net]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <ATICCC><; "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay>  [N/A]
    <DAEMON Tools><; "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033>  [(Verified)DT Soft Ltd.]
    <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <KvMonXP><; "D:\KV2006\KVMonXP.kxp" /auto>  [Jiangmin Co.Ltd]
    <NeroFilterCheck><; C:\WINDOWS\system32\NeroCheck.exe>  [Ahead Software Gmbh]
    <PCSuiteTrayApplication><; C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup>  [Nokia]
    <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <SoundMan><; SOUNDMAN.EXE>  [(Verified)Realtek Semiconductor Corp.]
    <SunJavaUpdateSched><; C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RegMon32]
    <WinlogonNotify: RegMon32><cryptchr.dll>  [Microsoft Corporation]

==================================
启动文件夹
N/A

==================================
服务
[Ati HotKey Poller / Ati HotKey Poller][Stopped/Disabled]
  <C:\windows\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart][Stopped/Disabled]
  <C:\WINDOWS\system32\ati2sgag.exe><>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\windows\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT][Stopped/Disabled]
  <"C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"><Macrovision Corporation>
[KVSrvXP / KVSrvXP][Stopped/Disabled]
  <D:\KV2006\KVSrvXP.exe /Service><Jiangmin Co. Ltd>
[KVWSC / KVWSC][Stopped/Disabled]
  <"D:\KV2006\kvwsc.exe"><Jiangmin Co.Ltd>
[LightScribeService Direct Disc Labeling Service / LightScribeService][Stopped/Disabled]
  <"C:\Program Files\Common Files\LightScribe\LSSrvc.exe"><Hewlett-Packard Company>
[MPSVC Service / MPSVCService][Stopped/Auto Start]
  <D:\weidian\Micropoint\MPSVC.exe><Micropoint Corporation>
[Remote Packet Capture Protocol v.0 (experimental) / rpcapd][Stopped/Disabled]
  <"C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini"><CACE Technologies>
[ServiceLayer / ServiceLayer][Stopped/Disabled]
  <"C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"><Nokia.>
[Shadow System Service / ShadowSystemService][Stopped/Disabled]
  <C:\WINDOWS\system32\shadow\ShadowService.exe><N/A>
[InternetExplorer / SocksCap][Stopped/Disabled]
  <><N/A>
[Print Spooler / Spooler][Stopped/Disabled]
  <><N/A>
[Windows Media Player / Windows Media Player][Stopped/Disabled]
  <C:\windows\system32\com\player><N/A>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
  <C:\windows\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\mspmsnsv.dll><Microsoft Corporation>

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[ati2mtag / ati2mtag][Running/Manual Start]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Bluetooth Audio Service / BlueletAudio][Stopped/Manual Start]
  <system32\DRIVERS\blueletaudio.sys><IVT Corporation>
[Bluetooth PAN Network Adapter / BT][Stopped/Manual Start]
  <system32\DRIVERS\btnetdrv.sys><IVT Corporation>
[Bluetooth USB For Bluetooth Service / Btcsrusb][Stopped/Manual Start]
  <System32\Drivers\btcusb.sys><IVT Corporation>
[Bluetooth HID Enumerator / BTHidEnum][Stopped/Manual Start]
  <system32\DRIVERS\vbtenum.sys><N/A>
[Bluetooth HID Manager Service / BTHidMgr][Running/Boot Start]
  <\SystemRoot\System32\Drivers\BTHidMgr.sys><IVT Corporation>
[Bluetooth Network Filter / BTNetFilter][Stopped/Manual Start]
  <\??\C:\windows\system32\drivers\BTNetFilter.sys><N/A>
[Yamaha DS1 Audio Driver (WDM) / ds1][Running/Manual Start]
  <system32\drivers\ds1wdm.sys><Yamaha Corp.>
[GMSIPCI / GMSIPCI][Stopped/Manual Start]
  <\??\H:\INSTALL\GMSIPCI.SYS><N/A>
[Network Fire Hydrant / HdFw_slot][Running/Auto Start]
  <\??\C:\Program Files\KVFW\hdfw.sys><北京江民新科技术有限公司>
[KRegEx / KRegEx][Running/System Start]
  <\??\D:\KV2006\KRegEx.sys><Jiangmin Co. Ltd.>
[KSysCall Service / KSysCall][Running/System Start]
  <\??\D:\KV2006\KSysCall.sys><Jiangmin Co. Ltd.>
[KVDriver for NT (KVDP) / KVDP][Stopped/Manual Start]
  <\??\D:\KV2006\KVDP_1.sys><Jiangmin Co., Ltd.>
[KVDP_1 / KVDP_1][Stopped/Manual Start]
  <\??\D:\KV2006\KVDP_1.sys><Jiangmin Co., Ltd.>
[KvMemon / KvMemon][Stopped/Manual Start]
  <\??\D:\KV2006\KvMemon.sys><Jiangmin Co. Ltd.>
[KVREDIR / KVREDIR][Running/System Start]
  <\??\D:\KV2006\KVREDIR.sys><Jiangmin Co. Ltd>
[mp110001 / mp110001][Running/Auto Start]
  <system32\drivers\mp110001.sys><MicroPoint Corporation>
[mp110002 / mp110002][Running/Auto Start]
  <system32\drivers\mp110002.sys><Micropoint Corporation>
[mp110003 / mp110003][Running/Boot Start]
  <\SystemRoot\system32\drivers\mp110003.sys><Micropoint Corporation>
[mp110004 / mp110004][Running/Auto Start]
  <system32\drivers\mp110004.sys><Micropoint Corporation>
[mp110005 / mp110005][Running/Manual Start]
  <system32\drivers\mp110005.sys><Micropoint Corporation>
[mp110006 / mp110006][Running/System Start]
  <system32\drivers\mp110006.sys><Micropoint Corporation>
[mp110007 / mp110007][Running/System Start]
  <system32\drivers\mp110007.sys><Micropoint Corporation>
[mp110008 / mp110008][Running/Auto Start]
  <system32\drivers\mp110008.sys><Micropoint Corporation>
[mp110009 / mp110009][Running/System Start]
  <system32\drivers\mp110009.sys><Micropoint Corporation>
[mp110010 / mp110010][Running/Boot Start]
  <\SystemRoot\system32\drivers\mp110010.sys><Micropoint Corporation>
[mp110011 / mp110011][Running/System Start]
  <system32\drivers\mp110011.sys><Micropoint Corporation>
[mp110012 / mp110012][Stopped/Manual Start]
  <system32\drivers\mp110012.sys><Micropoint Corporation>
[mp110013 / mp110013][Running/Boot Start]
  <\SystemRoot\system32\drivers\mp110013.sys><Micropoint Corporation>
[Nokia USB Generic / Nokia USB Generic][Stopped/Manual Start]
  <system32\drivers\nmwcdc.sys><Nokia>
[Nokia USB Modem / Nokia USB Modem][Stopped/Manual Start]
  <system32\drivers\nmwcdcm.sys><Nokia>
[Nokia USB Phone Parent / Nokia USB Phone Parent][Stopped/Manual Start]
  <system32\drivers\nmwcd.sys><Nokia>
[NetGroup Packet Filter Driver / NPF][Stopped/Manual Start]
  <system32\drivers\npf.sys><CACE Technologies>
[NTACCESS / NTACCESS][Stopped/Manual Start]
  <\??\H:\NTACCESS.sys><N/A>
[PProtect / PProtect][Running/System Start]
  <\??\D:\KV2006\PProtect.sys><Jiangmin Co. Ltd.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp][Running/Manual Start]
  <system32\DRIVERS\Rtlnicxp.sys><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[SetupNTGLM7X / SetupNTGLM7X][Stopped/Manual Start]
  <\??\H:\NTGLM7X.sys><N/A>
[sptd / sptd][Running/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[Virtual Serial port driver / VComm][Stopped/Manual Start]
  <system32\DRIVERS\VComm.sys><IVT Corporation>
[Bluetooth VComm Manager Service / VcommMgr][Stopped/Manual Start]
  <System32\Drivers\VcommMgr.sys><IVT Corporation>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>

==================================
浏览器加载项
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <d:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[网中漫步]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://bbs.hz0752.net, N/A>
[启动Web迅雷]
  {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
[快车]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <D:\PROGRA~1\FlashGet\flashget.exe, FlashGet.com>
[江民杀毒工具栏]
  {B5A34A93-D538-43A7-8371-864CB6148D12} <D:\KV2006\KvShell.dll, Jiangmin Co.Ltd>
[快车(FlashGet)]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <D:\Program Files\FlashGet\fgiebar.dll, Amaze Soft>
[&Google]
  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, N/A>
[CEditCtrl Object]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <, N/A>
[Java Plug-in 1.4.2_06]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll, JavaSoft / Sun Microsystems, Inc.>
[Java Plug-in 1.4.2_06]
  {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} <C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll, JavaSoft / Sun Microsystems, Inc.>
[WebThunder Browser Helper]
  {00000AAA-A363-466E-BEF5-9BB68697AA7F} <C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_016.dll, Thunder Networking Technologies,LTD>
[&Google]
  {2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, N/A>
[BitComet Helper]
  {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <, N/A>
[FiltrateWebObj Class]
  {42AFACEE-2A77-41EB-9EE2-D9F8AF827F90} <D:\KV2006\KVBHO.dll, Jiangmin Co.Ltd>
[BHOHelper Class]
  {67A90DD6-128D-43AB-B97C-565D2DD42A28} <, N/A>
[WangWangObj Class]
  {6E213FC7-DD5A-4115-B7E6-D4C7838C361E} <D:\Program Files\淘宝网\淘宝旺旺\WangWangX4.dll, 阿里软件（中国）有限公司>
[Active Desktop Mover]
  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[BrowseHelper Class]
  {80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} <D:\KV2006\KvShell.dll, Jiangmin Co.Ltd>
[Google Toolbar Helper]
  {AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, N/A>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[江民杀毒工具栏]
  {B5A34A93-D538-43A7-8371-864CB6148D12} <D:\KV2006\KvShell.dll, Jiangmin Co.Ltd>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[快车(FlashGet)]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <D:\Program Files\FlashGet\fgiebar.dll, Amaze Soft>
[ADXAutoLive]
  {E5212437-921F-44a3-8865-11C0B9BA4AF2} <C:\Program Files\real\autolive.dll, Microsoft Corporation>
[gFlash Class]
  {F156768E-81EF-470C-9057-481BA8380DBA} <, N/A>
[&使用BitComet下载]
  <res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm, N/A>
[&使用BitComet下载全部链接]
  <res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm, N/A>
[&使用BitComet下载本页视频]
  <res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm, N/A>
[&使用快车(FlashGet)下载]
  <D:\Program Files\FlashGet\jc_link.htm, N/A>
[&使用快车(FlashGet)下载全部链接]
  <D:\Program Files\FlashGet\jc_all.htm, N/A>
[&使用迅雷下载]
  <d:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
  <d:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[使用Web迅雷下载]
  <C:\Program Files\Thunder Network\WebThunder\GetUrl.htm, N/A>
[使用Web迅雷下载全部链接]
  <C:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm, N/A>

==================================
正在运行的进程
[PID: 448][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 504][\??\C:\windows\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 528][\??\C:\windows\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\weidian\Micropoint\mp110031.dll]  [Micropoint Corporation, 1.2.10032]
    [C:\windows\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4128]
[PID: 572][C:\windows\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\weidian\Micropoint\mp110031.dll]  [Micropoint Corporation, 1.2.10032]
[PID: 584][C:\windows\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\weidian\Micropoint\mp110031.dll]  [Micropoint Corporation, 1.2.10032]
[PID: 744][C:\windows\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\weidian\Micropoint\mp110031.dll]  [Micropoint Corporation, 1.2.10032]
[PID: 952][C:\windows\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\weidian\Micropoint\mp110031.dll]  [Micropoint Corporation, 1.2.10032]
[PID: 1056][C:\windows\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\weidian\Micropoint\mp110031.dll]  [Micropoint Corporation, 1.2.10032]
[PID: 1136][C:\windows\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\weidian\Micropoint\mp110031.dll]  [Micropoint Corporation, 1.2.10032]
[PID: 1224][C:\windows\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\weidian\Micropoint\mp110031.dll]  [Micropoint Corporation, 1.2.10032]
[PID: 1872][C:\windows\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\weidian\Micropoint\mp110031.dll]  [Micropoint Corporation, 1.2.10032]
    [C:\PROGRA~1\Nokia\NOKIAP~1\Lang\ConnectionManager_chi-sc.nlr]  [Nokia, 6, 82, 52, 0]
    [d:\Program Files\K-Lite Codec Pack\filters\vsfilter.dll]  [Gabest, 1, 0, 0, 9]
    [d:\Program Files\Thunder Network\Thunder\Components\VPShell\RealMediaSplitter.ax]  [Gabest, 1, 0, 1, 0]
    [d:\Program Files\K-Lite Codec Pack\ffdshow\ffdshow.ax]  [N/A, 1.0.2.2012]
    [d:\Program Files\K-Lite Codec Pack\filters\xvid.ax]  [N/A, N/A]
    [C:\Program Files\Common Files\Ahead\DSFilter\NeVideo.ax]  [Nero AG, 3,2,0,18]
    [C:\Program Files\Common Files\Ahead\Lib\AdvrCntr.dll]  [Ahead Software AG, 1,2,12, 2310]
    [d:\Program Files\K-Lite Codec Pack\filters\divxdec.ax]  [DivXNetworks, Inc., 5.2.1.1335]
[PID: 1040][C:\windows\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1672][C:\windows\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\weidian\Micropoint\mp110031.dll]  [Micropoint Corporation, 1.2.10032]
[PID: 2348][C:\windows\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\weidian\Micropoint\mp110031.dll]  [Micropoint Corporation, 1.2.10032]
[PID: 2444][D:\KV2006\UIHost.exe]  [Jiangmin Co. Ltd, 9.2.0.50822]
    [D:\KV2006\UpdateX.dll]  [JiangMin Co.Ltd., 9, 0, 5, 831]
    [D:\KV2006\ComUI.dll]  [Jiangmin Ltd., 9. 0. 0.509]
    [D:\weidian\Micropoint\mp110031.dll]  [Micropoint Corporation, 1.2.10032]
    [D:\KV2006\ComUIPS.dll]  [Jiangmin Ltd., 9. 5. 5. 20]
    [D:\KV2006\GUIExt.dll]  [Jiangmin Co.Ltd, 9, 0, 5, 927]
    [D:\KV2006\lang\GUIExt0804.lng]  [JiangMin Ltd., 7, 1, 0, 200]
[PID: 2752][D:\Program Files\eMule\emule.exe]  [http://www.emule-project.net, 0.47.2 Unicode]
    [D:\Program Files\eMule\lang\zh_CN.dll]  [http://www.emule-project.net, 0.47.2]
    [D:\weidian\Micropoint\mp110031.dll]  [Micropoint Corporation, 1.2.10032]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
[PID: 960][D:\Program Files\Video Converter\VideoConverter.exe]  [MZ, 1, 0, 0, 1]
    [D:\Program Files\Video Converter\MediaInfo.dll]  [http://mediainfo.sourceforge.net, 0.7.2.1]
    [D:\weidian\Micropoint\mp110031.dll]  [Micropoint Corporation, 1.2.10032]
    [C:\windows\system32\msdmo.dll]  [N/A, N/A]
    [d:\Program Files\K-Lite Codec Pack\filters\vsfilter.dll]  [Gabest, 1, 0, 0, 9]
    [d:\Program Files\Thunder Network\Thunder\Components\VPShell\RealMediaSplitter.ax]  [Gabest, 1, 0, 1, 0]
    [d:\Program Files\K-Lite Codec Pack\ffdshow\ffdshow.ax]  [N/A, 1.0.2.2012]
    [d:\Program Files\K-Lite Codec Pack\filters\ac3filter.ax]  [, 1.01a]
    [C:\Program Files\Common Files\Ahead\DSFilter\NeVideo.ax]  [Nero AG, 3,2,0,18]
    [C:\Program Files\Common Files\Ahead\Lib\AdvrCntr.dll]  [Ahead Software AG, 1,2,12, 2310]
[PID: 2344][C:\windows\system32\cmd.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3168][C:\windows\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3904][C:\windows\spoolsv.exe]  [Microsoft Corporation., 0.0.0.1]
    [D:\weidian\Micropoint\mp110031.dll]  [Micropoint Corporation, 1.2.10032]
[PID: 1280][D:\Program Files\Video Converter\mencoder.exe]  [, Sherpya-MinGW-20060312-4.1.0]
    [D:\Program Files\Video Converter\codecs\drv43260.dll]  [RealNetworks, Inc., 6.0.7.2389]
    [C:\windows\system32\PNCRT.dll]  [Real Networks, Inc, 6.0.0.0]
[PID: 3992][C:\PROGRA~1\Zipghost\Zipghost.exe]  [Guohua Software, 3.7.0.510]
    [D:\weidian\Micropoint\mp110031.dll]  [Micropoint Corporation, 1.2.10032]
[PID: 1964][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ZG0012\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]
    [D:\weidian\Micropoint\mp110031.dll]  [Micropoint Corporation, 1.2.10032]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\windows\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost
127.0.0.1 mmsk.cn
127.0.0.1 bbs.mmsk.cn
127.0.0.1 www.mmsk.cn
127.0.0.1 soudong.com
127.0.0.1 www.soudong.com

==================================
API HOOK
N/A

==================================


[/CODE]

偶再贴个图片，可以看到问件属性和生成的时间。

再发个昨天用**监控的记录

PcSync这个东西是安装NOKIApcsuite时安装的文件
xvcclip这个我也不知道
GMSIPCI / GMSIPCI][Stopped/Manual Start]
<\??\H:\INSTALL\GMSIPCI.SYS><N/A>
[NTACCESS / NTACCESS][Stopped/Manual Start]
<\??\H:\NTACCESS.sys><N/A>
[SetupNTGLM7X / SetupNTGLM7X][Stopped/Manual Start]
<\??\H:\NTGLM7X.sys><N/A>
不认识的驱动
这一段是安装某个驱动时（H:是光驱号）留下的东西，木马克星也老是报告这个东西，但是没办法找到删除。用的是随机的正版，应该不是病毒之类的东西。（因为安装的多了，一时想不起是那个硬件或者数码产品的驱动，不好意思）
C:\windows\system32\com\player没有找到

报告版主：偶把那个npf.sys干掉后，这两天都没看见这个讨厌的spoolsv.exe出来了，可是在这之前偶忘了保存样本，唉！自我鄙视中......
PS:一旦发现再次中毒，我立即给您发送病毒样本。
谢谢您的指点！！！