电脑关机后自动重启，只能进安全模式下关机。
卡吧司机每次开机都查到Trojan-Downloader.Win32.Agent.bbb这个病毒。提示重启后删除，却删不掉。


扫了日志。请高手帮助：
[CODE]

2007-06-13,18:48:34

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 1 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>  [(Verified)Microsoft Windows XP Publisher]
    <swg><C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe>  [(Verified)Google Inc]
    <eMuleAutoStart><; D:\Program Files\eMule\eMule.exe -AutoStart>  [http://www.emule-project.net]
    <MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows XP Publisher]
    <PHIME2002ASync><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows XP Publisher]
    <PHIME2002A><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows XP Publisher]
    <SoundMan><SOUNDMAN.EXE>  [(Verified)Microsoft Windows XP Publisher]
    <IgfxTray><; C:\WINDOWS\System32\igfxtray.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <HotKeysCmds><; C:\WINDOWS\System32\hkcmd.exe>  [(Verified)Microsoft Windows XP Publisher]
    <KAVPersonal50><"d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize>  [Kaspersky Lab]
    <TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot>  [RealNetworks, Inc.]
    <WangWang><; "D:\Program Files\Alisoft\WangWang\WangWang.EXE">  [阿里巴巴软件（上海）有限公司]
    <SysTdSvr><; "C:\WINDOWS\System32\Rundll32.exe" "C:\WINDOWS\System32\SysTdSvr.dll",Start>  []
    <hqghumeay><"C:\WINDOWS\System32\Rundll32.exe" "C:\WINDOWS\System32\cdnprh.dll",Start>  []
    <hfopykyydlzbhcj><#D;]XJOEPXT]Tztufn43]Svoemm43/fyf#!#D;]XJOEPXT]Tztufn43]deoqsi/emm#-Tubsu>  [N/A]
    <qmp><#D;]XJOEPXT]Tztufn43]Svoemm43/fyf#!#D;]XJOEPXT]Tztufn43]deoqsi/emm#-Tubsu>  [N/A]
    <owraitzvvlk><#D;]XJOEPXT]Tztufn43]Svoemm43/fyf#!#D;]XJOEPXT]Tztufn43]deoqsi/emm#-Tubsu>  [N/A]
    <jxeqotsoyvbr><#D;]XJOEPXT]Tztufn43]Svoemm43/fyf#!#D;]XJOEPXT]Tztufn43]deoqsi/emm#-Tubsu>  [N/A]
    <cv><#D;]XJOEPXT]Tztufn43]Svoemm43/fyf#!#D;]XJOEPXT]Tztufn43]deoqsi/emm#-Tubsu>  [N/A]
    <cixqxrikhbduvi><#D;]XJOEPXT]Tztufn43]Svoemm43/fyf#!#D;]XJOEPXT]Tztufn43]deoqsi/emm#-Tubsu>  [N/A]
    <qkpdsx><#D;]XJOEPXT]Tztufn43]Svoemm43/fyf#!#D;]XJOEPXT]Tztufn43]deoqsi/emm#-Tubsu>  [N/A]
    <UnlockerAssistant><"D:\Program Files\Unlocker\UnlockerAssistant.exe">  []
    <so><#D;]XJOEPXT]Tztufn43]Svoemm43/fyf#!#D;]XJOEPXT]Tztufn43]deoqsi/emm#-Tubsu>  [N/A]
    <vwu><#D;]XJOEPXT]Tztufn43]Svoemm43/fyf#!#D;]XJOEPXT]Tztufn43]deoqsi/emm#-Tubsu>  [N/A]
    <oshwfcrqzbyuhh><#D;]XJOEPXT]Tztufn43]Svoemm43/fyf#!#D;]XJOEPXT]Tztufn43]deoqsi/emm#-Tubsu>  [N/A]
    <fotogv><#D;]XJOEPXT]Tztufn43]Svoemm43/fyf#!#D;]XJOEPXT]Tztufn43]deoqsi/emm#-Tubsu>  [N/A]
    <zeozchyinu><#D;]XJOEPXT]Tztufn43]Svoemm43/fyf#!#D;]XJOEPXT]Tztufn43]deoqsi/emm#-Tubsu>  [N/A]
    <qzcbrms><#D;]XJOEPXT]Tztufn43]Svoemm43/fyf#!#D;]XJOEPXT]Tztufn43]deoqsi/emm#-Tubsu>  [N/A]
    <ggoaj><#D;]XJOEPXT]Tztufn43]Svoemm43/fyf#!#D;]XJOEPXT]Tztufn43]deoqsi/emm#-Tubsu>  [N/A]
    <violcuakmkclgpq><#D;]XJOEPXT]Tztufn43]Svoemm43/fyf#!#D;]XJOEPXT]Tztufn43]deoqsi/emm#-Tubsu>  [N/A]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <MSDEG32><LYLoader.exe>  [N/A]
    <MSDWG32><LYLoadbr.exe>  [N/A]
    <MSDCG32    ><LYLeador.exe>  [N/A]
    <MSDOG32><LYLoador.exe>  [N/A]
    <MSDSG32><LYLoadar.exe>  [N/A]
    <MSDMG32><LYLoadmr.exe>  [N/A]
    <MSDHG32><LYLoadhr.exe>  [N/A]
    <MSDQG32><LYLoadqr.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows XP Publisher]
    <Userinit><C:\WINDOWS\System32\userinit.exe,>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows XP Publisher]

==================================
启动文件夹
[CAJViewer Preload]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\CAJViewer Preload.lnk --> D:\PROGRA~1\TTKN\CAJVIE~1.0\CAJVIE~2.EXE [Tsinghua Tongfang Knowledge Network Technology(Beijing) Co., Ltd.]><H>
[Adobe Gamma Loader]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Gamma Loader.lnk --> C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.]><N>

==================================
服务
[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[Google Updater Service / gusvc][Stopped/Manual Start]
  <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[kavsvc / kavsvc][Running/Auto Start]
  <"d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe"><Kaspersky Lab>
[Network IPSEC Connections / Mercha2][Running/Auto Start]
  <C:\WINDOWS\SYSTEM32\RUNDLLFOROUR.EXE C:\WINDOWS\SYSTEM32\WBEM\LMOBC.DLL,Export 1087><Microsoft Corporation>
[Win32 Debug Service / MSDebugsvc][Stopped/Auto Start]
  <C:\WINDOWS\System32\rundll32.exe msdebug.dll,input><Microsoft Corporation>
[Network DDC / Windowsdate][Stopped/Auto Start]
  <><N/A>

==================================
驱动程序
[acpidisk / acpidisk][Running/Auto Start]
  <\??\C:\WINDOWS\System32\drivers\acpidisk.sys><N/A>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[avjhfw7 / avjhfw70][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\avjhfw70.sys><N/A>
[bwzjeo6 / bwzjeo64][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\bwzjeo64.sys><N/A>
[ddqwom9 / ddqwom92][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ddqwom92.sys><N/A>
[ejimhv2 / ejimhv26][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ejimhv26.sys><N/A>
[elrran19 / elrran19][Stopped/Boot Start]
  <\SystemRoot\system32\\drivers\\elrran19.sys><N/A>
[ggyqcg3 / ggyqcg33][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ggyqcg33.sys><N/A>
[gwkxch2 / gwkxch20][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\gwkxch20.sys><Microsoft Corporation>
[ialm / ialm][Running/Manual Start]
  <System32\DRIVERS\ialmnt5.sys><Intel Corporation>
[IdeBusDr / IdeBusDr][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\IdeBusDr.sys><Intel Corporation>
[Intel(R) Ultra ATA Controller / IdeChnDr][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\IdeChnDr.sys><Intel Corporation>
[ifmnyy5 / ifmnyy53][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ifmnyy53.sys><N/A>
[ipdbldr / ipdbldrv][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ipdbldrv.sys><N/A>
[jgdegfhh / jgdegfhh][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\jgdegfhh.sys><N/A>
[kfupdn6 / kfupdn65][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\kfupdn65.sys><N/A>
[Kl1 / Kl1][Running/Boot Start]
  <\SystemRoot\System32\drivers\kl1.sys><Kaspersky Lab>
[Klif / Klif][Running/System Start]
  <System32\drivers\klif.sys><Kaspersky Labs>
[Klmc / Klmc][Running/System Start]
  <System32\drivers\klmc.sys><Kaspersky Lab>
[KWATCH / KWATCH][Stopped/Manual Start]
  <\??\C:\KAV2003\KWATCH.SYS><N/A>
[kyym / kyyme][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\kyyme.sys><N/A>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
  <system32\drivers\npf.sys><CACE Technologies>
[oglgkej / oglgkej][Running/Boot Start]
  <\SystemRoot\\SystemRoot\System32\drivers\oglgkej.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[qjhjtf5 / qjhjtf54][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\qjhjtf54.sys><N/A>
[rowwow7 / rowwow76][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\rowwow76.sys><N/A>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[Intel (R) System Managment BIOS Service / SMBios][Running/Manual Start]
  <System32\DRIVERS\SMBios.sys><Intel Corporation>
[SysTdSvr / SysTdSvr][Stopped/Boot Start]
  <\SystemRoot\system32\\drivers\\SysTdSvr.sys><N/A>
[tfkxyw6 / tfkxyw60][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\tfkxyw60.sys><N/A>
[TSP / TSP][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Labs>
[tviarm88 / tviarm88][Stopped/Boot Start]
  <\SystemRoot\system32\\drivers\\tviarm88.sys><N/A>
[xmoqhm4 / xmoqhm43][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\xmoqhm43.sys><N/A>
[zduvof0 / zduvof04][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\zduvof04.sys><N/A>
[Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Running/System Start]
  <system32\drivers\ialmsbw.sys><Intel Corporation>
[Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Running/Manual Start]
  <system32\drivers\ialmkchw.sys><Intel Corporation>
[vzfngh14 / vzfngh14][Stopped/Boot Start]
  <\SystemRoot\system32\\drivers\\vzfngh14.sys><N/A>

浏览器加载项
[LpkHlpr Class]
  {00C104F7-0F5C-470C-ABCF-A5B2E70752F1} <C:\WINDOWS\system32\wtlhlp.dll, Microsoft Corporation>
[Google Toolbar Helper]
  {AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <d:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[Yahoo 3.5G电邮]
  {507F9113-CD77-4866-BA92-0E86DA3D0B97} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail, N/A>
[名品折扣]
  {59BC54A2-56B3-44a0-93E5-432D58746E26} <http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=http://www.taobao.com/vertical/mall/pro.php?allyesPara=816, N/A>
[雅虎助手]
  {5D73EE86-05F1-49ed-B850-E423120EC338} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist, N/A>
[雅虎WIDGET]
  {6354ABE6-05F1-49ed-B850-E423120EC338} <http://cn.widget.yahoo.com/index.htm?source=Cns, N/A>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[情景聊天]
  {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/, N/A>
[]
  {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair, N/A>
[]
  {FD00D911-7529-4084-9946-A29F1BDF4FE5} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean, N/A>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[&Google]
  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[Edit Class]
  {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\System32\CMBEdit.dll, >
[iTrusPTA Class]
  {1E0DFFCF-27FF-4574-849B-55007349FEDA} <C:\WINDOWS\System32\aliedit\pta.dll, >
[KooPlayer Control]
  {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} <C:\WINDOWS\DOWNLO~1\KOOPLA~1.OCX, Koos>
[XML DOM Document 4.0]
  {88D969C0-F192-11D4-A65F-0040963251E5} <%SystemRoot%\System32\msxml4.dll, N/A>
[GLWebAvt Control]
  {C14D003A-DA41-4FEE-8204-62A94EAA29D1} <C:\WINDOWS\DOWNLO~1\GLWebAvt.ocx, >
[WangWangObj Class]
  {6E213FC7-DD5A-4115-B7E6-D4C7838C361E} <D:\Program Files\Alisoft\WangWang\WangWangX4.dll, 阿里软件（中国）有限公司>
[使用迅雷下载]
  <d:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <d:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>

==================================
正在运行的进程
[PID: 532][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 644][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 668][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\JJN.IME]  [加加在线, 3.11.0.0]
    [C:\WINDOWS\System32\winlib .dll]  [N/A, ]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1896][C:\Program Files\JJOL\IME\JJSvr.EXE]  [加加在线, 3.11.0.1]
    [C:\WINDOWS\System32\JJN.IME]  [加加在线, 3.11.0.0]
[PID: 1956][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5.1.00]
    [C:\WINDOWS\System32\JJN.IME]  [加加在线, 3.11.0.0]
[PID: 1980][D:\Program Files\Unlocker\UnlockerAssistant.exe]  [N/A, ]
    [D:\Program Files\Unlocker\UnlockerHook.dll]  [N/A, ]
    [C:\WINDOWS\System32\JJN.IME]  [加加在线, 3.11.0.0]
[PID: 1988][C:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\JJN.IME]  [加加在线, 3.11.0.0]
    [D:\Program Files\Unlocker\UnlockerHook.dll]  [N/A, ]
[PID: 1996][C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe]  [Google Inc., 1, 2, 1128, 5462]
    [C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\res_en.dll]  [Google Inc., 1, 2, 1128, 5462]
    [C:\WINDOWS\System32\JJN.IME]  [加加在线, 3.11.0.0]
    [C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\swg.dll]  [Google Inc., 1, 2, 1128, 5462]
    [D:\Program Files\Unlocker\UnlockerHook.dll]  [N/A, ]
[PID: 728][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [D:\Program Files\Unlocker\UnlockerHook.dll]  [N/A, ]
    [C:\WINDOWS\System32\JJN.IME]  [加加在线, 3.11.0.0]
    [c:\program files\google\googletoolbar2.dll]  [Google Inc., 4, 0, 1601, 4978]
    [C:\WINDOWS\system32\wtlhlp.dll]  [Microsoft Corporation, 1, 0, 2, 0]
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrchpg.dll]  [Kaspersky Lab, 5.0.1.18]
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrch_ag.dll]  [Kaspersky Lab, 5.0.388.1]
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\FSSync.dll]  [Kaspersky Lab, 5.0.388.0]
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\pr_rmt.dll]  [Kaspersky Lab, 5.0.388.0]
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\ccclient.dll]  [Kaspersky Lab, 5.0.388.1]
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\klipc.dll]  [Kaspersky Lab, 5.0.388.0]
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\KLUtil.dll]  [Kaspersky Lab, 5.0.388.1]
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\rpt.dll]  [Kaspersky Lab, 5.0.388.2]
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\CCIFACE.dll]  [Kaspersky Lab, 5.0.388.1]
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\prloader.dll]  [Kaspersky Lab, 5.0.388.0]
    [d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\prkernel.ppl]  [Kaspersky Lab, 5.0.388.0]
    [d:\program files\kaspersky lab\kaspersky anti-virus personal\prstring.ppl]  [Kaspersky Lab, 5.0.388.0]
    [d:\program files\kaspersky lab\kaspersky anti-virus personal\pr_srv.ppl]  [Kaspersky Lab, 5.0.388.0]
    [d:\program files\kaspersky lab\kaspersky anti-virus personal\pr_clnt.ppl]  [Kaspersky Lab, 5.0.388.0]
    [d:\program files\kaspersky lab\kaspersky anti-virus personal\tempfile.ppl]  [Kaspersky Lab, 5.0.388.0]
    [C:\WINDOWS\System32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,21,75]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 2140][C:\WINDOWS\System32\wuauclt.exe]  [Microsoft Corporation, 5.4.3630.1106 (xpsp1.020828-1920)]
    [D:\Program Files\Unlocker\UnlockerHook.dll]  [N/A, ]
    [C:\WINDOWS\System32\JJN.IME]  [加加在线, 3.11.0.0]
[PID: 3556][C:\WINDOWS\explorer.exe]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [D:\Program Files\Unlocker\UnlockerHook.dll]  [N/A, ]
    [C:\WINDOWS\System32\JJN.IME]  [加加在线, 3.11.0.0]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\SYSTEM32\WBEM\LMOBC.DLL]  [Microsoft Corporation, 5, 1, 2600, 2709]
    [D:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
[PID: 2504][C:\Documents and Settings\Administrator\桌面\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [D:\Program Files\Unlocker\UnlockerHook.dll]  [N/A, ]
    [C:\WINDOWS\System32\JJN.IME]  [加加在线, 3.11.0.0]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
RVA  错误： LoadLibraryA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xB2E636E0)
RVA  错误： LoadLibraryExA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xB2E63820)
RVA  错误： LoadLibraryExW (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xB2E638E0)
RVA  错误： LoadLibraryW (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xB2E63780)

==================================
隐藏进程
    [1425] d:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
    [1965] D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe

==================================


[/CODE]