新装的系统 装完了不能打开IE QQ 不能安装各别东西（有的安装还可以用 但重起后还是用不了 QQ就是这样） 然后问个人 他说让我把系统隐藏文件都显示出来 你会看到每个盘下都有AUTO和INF的文件 删除就好了  可我删除了 但又出现别的毛病 重起后还是打不开任何软件了 一打开就提示英文或错误 然后文件夹下会生成一个1_ii和1_ii.bat这2个文件 然后一会就没了 每个盘都会这样  （还是除了QQ可以重新安装 后可以使用）我就装几次QQ了 然后把扫描结果传到这电脑上的 反正装过系统后 就一直没好过 我已经装过不下5遍了  对了 每次重起后 系统会自动提示 1_ii发生错误要关闭 并且EXplorar这个也会关闭 我可什么都没动的情况下

希望能有人帮我啊！

[CODE]

2007-10-18,23:36:06

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <bgswitch><C:\WINDOWS\system32\bgswitch.exe>  []
    <jgxgz35qb><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\iexplorer.exe>  [N/A]
    <tl53w7sryr><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\c0nime.exe>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <SoundMan><SOUNDMAN.EXE>  []
    <ATIModeChange><Ati2mdxx.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <ATIPTA><C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe>  [ATI Technologies, Inc.]
    <load><C:\WINDOWS\uninstall\rundl132.exe>  []
    <WinForm><C:\WINDOWS\WinForm.exe>  []
    <upxdnd><C:\WINDOWS\upxdnd.exe>  []
    <MsIMMs32><C:\WINDOWS\MsIMMs32.exe>  []
    <Microsoft Autorun1><C:\WINDOWS\system32\nwizdh.exe>  []
    <msccrt><C:\WINDOWS\msccrt.exe>  []
    <TIMHost><C:\WINDOWS\TIMHost.exe>  []
    <AVPSrv><C:\WINDOWS\AVPSrv.exe>  []
    <Kvsc3><C:\WINDOWS\Kvsc3.exe>  []
    <YLive.exe><C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe>  [(Verified)Microsoft Windows Publisher]
    <AVP><"D:\卡巴斯基\avp.exe">  [Kaspersky Lab]
    <Microsoft Autorun4><C:\WINDOWS\system32\dllhost32.exe>  []
    <RAV00AE><C:\WINDOWS\system32\RAV00AE.exe>  []
    <RAV008C><C:\WINDOWS\system32\RAV008C.exe>  []
    <Microsoft Autorun7><C:\WINDOWS\system32\nwiztlbu.exe>  []
    <Microsoft Autorun14><C:\WINDOWS\system32\ztinetzt.exe>  []
    <Microsoft Autorun3><C:\WINDOWS\system32\nwizhx2.exe>  []
    <yassistse><c:\progra~1\yahoo!\assistant\yassistse.exe>  [(Verified)"beijing yahoo consulting and service co., ltd."]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <MSDEG32><LYLoader.exe>  []
    <MSDWG32><LYLoadbr.exe>  [N/A]
    <MSDCG32    ><LYLeador.exe>  [N/A]
    <MSDOG32><LYLoador.exe>  [N/A]
    <MSDSG32><LYLoadar.exe>  [N/A]
    <MSDMG32><LYLoadmr.exe>  [N/A]
    <MSDHG32><LYLoadhr.exe>  [N/A]
    <MSDQG32><LYLoadqr.exe>  [N/A]
    <twin><C:\WINDOWS\system32\ctfnom.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows XP Publisher]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{754FB7D8-B8FE-4810-B363-A788CD060F1F}><C:\Program Files\Internet Explorer\PLUGINS\System64.Sys>  []
    <{0FC9D5BB-1D4C-493B-83CF-81DD3490F59E}><C:\WINDOWS\system32\SysPro.dll>  []
    <{C5E87A05-F463-4841-B19E-DD3EC3862368}><C:\Program Files\Internet Explorer\IEXPLORE32.Sys>  []
    <{FEB94F5A-69F3-4645-8C2B-9E71D270AF2E}><C:\Program Files\Internet Explorer\IEXPLORE.Dat>  []
    <{923509F1-45CB-4EC0-BDE0-1DED35B8FD60}><C:\Program Files\Internet Explorer\IEXPLORE.win>  []
    <{3495D328-661A-4FB0-BA67-8ACDD1704D1E}><C:\WINDOWS\system32\CSRSS.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <DL5><C:\WINDOWS\AppPatch\deamon.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
    <WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll>  [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{81716107-A10D-11cf-64CD-11115FE1CF41}]
    <N/A><C:\WINDOWS\system32\nwizzhuxians.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Launcher.exe]
    <IFEO[Launcher.exe]><C:\WINDOWS\system\7.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\my.exe]
    <IFEO[my.exe]><C:\WINDOWS\system\2.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Sungame.exe]
    <IFEO[Sungame.exe]><C:\WINDOWS\system\qjjlmr.exe>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WoW.exe]
    <IFEO[WoW.exe]><C:\WINDOWS\system\7.exe>  []

==================================
启动文件夹
[QQ游戏启动加速程序]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> D:\QQGame\Accel.exe []><N>
[System]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\System.exe -->  [N/A]><H>

==================================

服务
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
  <C:\WINDOWS\system32\Ati2evxx.exe><>
[ATI Smart / ATI Smart][Stopped/Auto Start]
  <C:\WINDOWS\system32\ati2sgag.exe><>
[卡巴斯基反病毒6.0个人版 / AVP][Running/Auto Start]
  <D:\卡巴斯基\avp.exe -r><Kaspersky Lab>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Win32 Debug Service / MSDebugsvc][Stopped/Auto Start]
  <C:\WINDOWS\system32\rundll32.exe msdebug.dll,input><Microsoft Corporation>
[Remote Debug Service / RemoteDbg][Stopped/Auto Start]
  <C:\WINDOWS\system32\rundll32.exe RemoteDbg.dll,input><Microsoft Corporation>
[Windows DHCP Service / WinDHCPsvc][Stopped/Auto Start]
  <C:\WINDOWS\system32\rundll32.exe windhcp.ocx,input><Microsoft Corporation>

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[ati2mtag / ati2mtag][Running/Manual Start]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[DigitalChina DCN-530TX Fast Ethernet Adapter Windows Driver / DCN530][Running/Manual Start]
  <system32\DRIVERS\DCN530N5.SYS><Digitalchina Networks Limited.>
[kl1 / kl1][Running/Boot Start]
  <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[lgjhmjs / lgjhmjs][Running/Boot Start]
  <\SystemRoot\\SystemRoot\System32\drivers\lgjhmjs.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[SynTPS / SynTPS][Running/System Start]
  <system32\drivers\SynTPS.sys><Synaptics, Inc.>
[ViaIde / ViaIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[yaskp / yaskp][Running/Boot Start]
  <\SystemRoot\system32\drivers\yaskp.sys><Copyright (C) yahoo Corporation.>
[milyemia / milyemia][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\milyemia.sys><Yahoo! China Corporation>

==================================
浏览器加载项
[Yahoo!Photo]
  {33BBE430-0E42-4f12-B075-8D21ACB10DCB} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll, Yahoo! China>
[AntiFish Class]
  {38928D50-8A48-44C2-945F-D2F23F771410} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll, yahoo! china>
[DragSearch BHO]
  {62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, yahoo! china>
[assist]
  {FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yassist.dll, Yahoo! China>
[Web反病毒统计]
  {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <D:\卡巴斯基\scieplugin.dll, Kaspersky Lab>
[雅虎助手]
  {5D73EE86-05F1-49ed-B850-E423120EC338} <http://cn.zs.yahoo.com/start.htm?source=yzs_icon&btn=yassistnew, N/A>
[番茄花园]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.tomatolei.com, N/A>
[易趣购物]
  {BE9C13C3-9E46-4db1-BC05-BD8DA44599F2} <http://adfarm.mediaplex.com/ad/ck/4080-22910-9640-151?cn=song;icon;hp&mpro=http://www.ebay.com.cn, N/A>
[雅虎助手]
  {406F94F0-504F-4A40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll, yahoo! china>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[Yahoo!Photo]
  {33BBE430-0E42-4F12-B075-8D21ACB10DCB} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll, Yahoo! China>
[AntiFish Class]
  {38928D50-8A48-44C2-945F-D2F23F771410} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll, yahoo! china>
[雅虎助手]
  {406F94F0-504F-4A40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll, yahoo! china>
[DragSearch BHO]
  {62EED7C6-9F02-42F9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, yahoo! china>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[assist]
  {FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yassist.dll, Yahoo! China>
[添加到雅虎订阅(&Y)]
  <res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrss.dll/YRSSMENUEXT, N/A>
[雅虎搜索]
  <res://C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll/203, N/A>

==================================

正在运行的进程
[PID: 480 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 548 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 572 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\klogon.dll]  [Kaspersky Lab, 6.0.2.621]
[PID: 616 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 628 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 780 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SysProFile.dll]  [N/A, ]
    [C:\WINDOWS\system32\CSRSS.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE.Dat]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE32.Sys]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\System64.Sys]  [N/A, ]
    [C:\WINDOWS\system32\wkpnd.dll]  [N/A, ]
[PID: 840 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 924 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1000 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1132 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1400 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp.050610-1527)]
[PID: 1592 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe]  [, ]
[PID: 1728 / SYSTEM][C:\WINDOWS\system\internat.exe]  [N/A, ]
[PID: 520 / SYSTEM][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 500 / Administrator][C:\WINDOWS\system32\wscntfy.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msdebug.dll]  [N/A, ]
    [C:\WINDOWS\system32\RemoteDbg.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\System64.Sys]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE.Dat]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE32.Sys]  [N/A, ]
    [C:\WINDOWS\system32\CSRSS.dll]  [N/A, ]
    [C:\WINDOWS\system32\SysProFile.dll]  [N/A, ]
    [C:\WINDOWS\system32\wkpnd.dll]  [N/A, ]
[PID: 916 / Administrator][C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe]  [ATI Technologies, Inc., 6.14.10.4000]
    [C:\WINDOWS\system32\msdebug.dll]  [N/A, ]
    [C:\WINDOWS\system32\RemoteDbg.dll]  [N/A, ]
    [C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.CHS]  [ATI Technologies, Inc., 6.14.10.4000]
    [C:\Program Files\Internet Explorer\PLUGINS\System64.Sys]  [N/A, ]
    [C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll]  [ATI Technologies, Inc., 6.14.10.4000]
    [C:\Program Files\Internet Explorer\IEXPLORE.Dat]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE32.Sys]  [N/A, ]
    [C:\WINDOWS\system32\wkpnd.dll]  [N/A, ]
    [C:\WINDOWS\system32\CSRSS.dll]  [N/A, ]
    [C:\WINDOWS\system32\SysProFile.dll]  [N/A, ]
[PID: 1044 / Administrator][C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe]  [Yahoo! China, 3, 2, 4, 1030]
    [C:\WINDOWS\system32\msdebug.dll]  [N/A, ]
    [C:\WINDOWS\system32\RemoteDbg.dll]  [N/A, ]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 1, 0, 1028]
    [C:\Program Files\Internet Explorer\PLUGINS\System64.Sys]  [N/A, ]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\yalive.dll]  [yahoo! china, 3, 7, 4, 1133]
    [C:\Program Files\Internet Explorer\IEXPLORE.Dat]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE32.Sys]  [N/A, ]
    [C:\WINDOWS\system32\wkpnd.dll]  [N/A, ]
    [C:\WINDOWS\system32\CSRSS.dll]  [N/A, ]
    [C:\WINDOWS\system32\SysProFile.dll]  [N/A, ]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\ysearch.dll]  [Yahoo! China, 3, 2, 4, 1026]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\ynotifier.dll]  [yahoo! china, 3, 0, 4, 1004]
[PID: 1516 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msdebug.dll]  [N/A, ]
    [C:\WINDOWS\system32\RemoteDbg.dll]  [N/A, ]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 1, 0, 1028]
    [C:\Program Files\Internet Explorer\PLUGINS\System64.Sys]  [N/A, ]
    [C:\WINDOWS\system32\CSRSS.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE.Dat]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE32.Sys]  [N/A, ]
    [C:\WINDOWS\system32\SysProFile.dll]  [N/A, ]
    [C:\WINDOWS\system32\wkpnd.dll]  [N/A, ]
[PID: 2176 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msdebug.dll]  [N/A, ]
    [C:\WINDOWS\system32\RemoteDbg.dll]  [N/A, ]
[PID: 2848 / Administrator][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msdebug.dll]  [N/A, ]
    [C:\WINDOWS\system32\RemoteDbg.dll]  [N/A, ]
    [D:\卡巴斯基\scrchpg.dll]  [Kaspersky Lab, 6.0.2.621]
    [D:\卡巴斯基\klscav.dll]  [Kaspersky Lab, 6.0.2.621]
    [D:\卡巴斯基\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.42]
    [D:\卡巴斯基\prremote.dll]  [Kaspersky Lab, 6.0.2.621]
    [D:\卡巴斯基\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.42]
    [D:\卡巴斯基\prloader.dll]  [Kaspersky Lab, 6.0.2.621]
    [D:\卡巴斯基\prkernel.ppl]  [Kaspersky Lab, 6.0.2.621]
    [d:\卡巴斯基\params.ppl]  [Kaspersky Lab, 6.0.2.621]
    [d:\卡巴斯基\pxstub.ppl]  [Kaspersky Lab, 6.0.2.621]
    [d:\卡巴斯基\tempfile.ppl]  [Kaspersky Lab, 6.0.2.621]
    [d:\卡巴斯基\nfio.ppl]  [Kaspersky Lab, 6.0.2.621]
    [d:\卡巴斯基\fsdrvplgn.ppl]  [Kaspersky Lab, 6.0.2.621]
    [d:\卡巴斯基\basegui.ppl]  [Kaspersky Lab, 6.0.2.621]
    [d:\卡巴斯基\thpimpl.ppl]  [Kaspersky Lab, 6.0.2.621]
    [d:\卡巴斯基\FSSync.dll]  [Kaspersky Lab, 6.0.5.621]
    [d:\卡巴斯基\winreg.ppl]  [Kaspersky Lab, 6.0.2.621]
    [C:\WINDOWS\RichDll.dll]  [N/A, ]
[PID: 2976 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msdebug.dll]  [N/A, ]
    [C:\WINDOWS\system32\RemoteDbg.dll]  [N/A, ]
[PID: 3144 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msdebug.dll]  [N/A, ]
    [C:\WINDOWS\system32\RemoteDbg.dll]  [N/A, ]
[PID: 3296 / Administrator][C:\WINDOWS\system32\cmd.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msdebug.dll]  [N/A, ]
    [C:\WINDOWS\system32\RemoteDbg.dll]  [N/A, ]
[PID: 3312 / Administrator][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msdebug.dll]  [N/A, ]
    [C:\WINDOWS\system32\RemoteDbg.dll]  [N/A, ]
[PID: 3320 / Administrator][C:\WINDOWS\sys81.exe]  [, 1.0.0.0]
    [C:\WINDOWS\system32\msdebug.dll]  [N/A, ]
    [C:\WINDOWS\system32\RemoteDbg.dll]  [N/A, ]
[PID: 3676 / Administrator][C:\WINDOWS\system32\ntvdm.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msdebug.dll]  [N/A, ]
    [C:\WINDOWS\system32\RemoteDbg.dll]  [N/A, ]
    [C:\WINDOWS\system32\windhcp.ocx]  [N/A, ]
[PID: 876 / Administrator][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msdebug.dll]  [N/A, ]
    [C:\WINDOWS\system32\RemoteDbg.dll]  [N/A, ]
    [C:\WINDOWS\system32\windhcp.ocx]  [N/A, ]
[PID: 356 / Administrator][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

[C:\WINDOWS\system32\msdebug.dll]  [N/A, ]
    [C:\WINDOWS\system32\RemoteDbg.dll]  [N/A, ]
    [C:\WINDOWS\system32\windhcp.ocx]  [N/A, ]
    [D:\卡巴斯基\scrchpg.dll]  [Kaspersky Lab, 6.0.2.621]
    [D:\卡巴斯基\klscav.dll]  [Kaspersky Lab, 6.0.2.621]
    [D:\卡巴斯基\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.42]
    [D:\卡巴斯基\prremote.dll]  [Kaspersky Lab, 6.0.2.621]
    [D:\卡巴斯基\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.42]
    [D:\卡巴斯基\prloader.dll]  [Kaspersky Lab, 6.0.2.621]
    [D:\卡巴斯基\prkernel.ppl]  [Kaspersky Lab, 6.0.2.621]
    [d:\卡巴斯基\params.ppl]  [Kaspersky Lab, 6.0.2.621]
    [d:\卡巴斯基\pxstub.ppl]  [Kaspersky Lab, 6.0.2.621]
    [d:\卡巴斯基\tempfile.ppl]  [Kaspersky Lab, 6.0.2.621]
    [d:\卡巴斯基\nfio.ppl]  [Kaspersky Lab, 6.0.2.621]
    [d:\卡巴斯基\fsdrvplgn.ppl]  [Kaspersky Lab, 6.0.2.621]
    [d:\卡巴斯基\basegui.ppl]  [Kaspersky Lab, 6.0.2.621]
    [d:\卡巴斯基\thpimpl.ppl]  [Kaspersky Lab, 6.0.2.621]
    [d:\卡巴斯基\FSSync.dll]  [Kaspersky Lab, 6.0.5.621]
    [d:\卡巴斯基\winreg.ppl]  [Kaspersky Lab, 6.0.2.621]
    [C:\PROGRA~1\Yahoo!\Assistant\Assist\yasbar.dll]  [yahoo! china, 3, 4, 2, 1117]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\ysearch.dll]  [Yahoo! China, 3, 2, 4, 1026]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasnoad.dll]  [yahoo! china, 3, 0, 3, 1005]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yzsNetProto.dll]  [Yahoo! China, 3, 0, 4, 1005]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll]  [Yahoo! China, 3, 1, 1, 1012]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrss.dll]  [Yahoo! China, 3, 0, 7, 1008]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yaswiper.dll]  [Yahoo! China, 3, 0, 9, 1009]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasiesec.dll]  [Yahoo! China, 3, 1, 0, 1012]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YSETTI~1.DLL]  [yahoo! china, 3, 2, 5, 1039]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\ymailp.dll]  [Yahoo! China, 3, 0, 6, 1012]
    [C:\Program Files\Internet Explorer\PLUGINS\System64.Sys]  [N/A, ]
    [C:\WINDOWS\system32\SysPro.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE32.Sys]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE.Dat]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE.win]  [N/A, ]
    [C:\WINDOWS\system32\CSRSS.dll]  [N/A, ]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll]  [yahoo! china, 3, 0, 6, 1008]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL]  [yahoo! china, 3, 0, 7, 1009]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yassist.dll]  [Yahoo! China, 3, 2, 0, 1025]
[PID: 2684 / Administrator][C:\WINDOWS\explorer.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msdebug.dll]  [N/A, ]
    [C:\WINDOWS\system32\RemoteDbg.dll]  [N/A, ]
    [C:\WINDOWS\system32\windhcp.ocx]  [N/A, ]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 1, 0, 1028]
    [C:\Program Files\Internet Explorer\PLUGINS\System64.Sys]  [N/A, ]
    [C:\WINDOWS\system32\SysPro.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE32.Sys]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE.Dat]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE.win]  [N/A, ]
    [C:\WINDOWS\system32\CSRSS.dll]  [N/A, ]
    [D:\卡巴斯基\scrchpg.dll]  [Kaspersky Lab, 6.0.2.621]
    [C:\WINDOWS\system32\SysProFile.dll]  [N/A, ]
    [C:\WINDOWS\system32\SysProFiles.dll]  [N/A, ]
    [C:\WINDOWS\system32\wreql.dll]  [N/A, ]
    [C:\WINDOWS\system32\wkjhm.dll]  [N/A, ]
    [C:\WINDOWS\system32\huyix.dll]  [N/A, ]
    [C:\WINDOWS\system32\wojhj.dll]  [N/A, ]
    [C:\WINDOWS\system32\wkpnd.dll]  [N/A, ]
    [C:\WINDOWS\system32\zhgnx.dll]  [N/A, ]
    [C:\WINDOWS\system32\nwizzhuxians.dll]  [N/A, ]
    [C:\WINDOWS\c_174.nls]  [N/A, ]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\yalive.dll]  [yahoo! china, 3, 7, 4, 1133]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\ywiper.dll]  [Yahoo! China, 3, 0, 5, 1009]
    [D:\卡巴斯基\ShellEx.dll]  [Kaspersky Lab, 6.0.2.621]
    [D:\卡巴斯基\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.42]
    [D:\卡巴斯基\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.42]
[PID: 1496 / Administrator][c:\progra~1\yahoo!\assistant\yassistse.exe]  [Yahoo! China, 3, 0, 9, 1012]
    [C:\WINDOWS\system32\msdebug.dll]  [N/A, ]
    [C:\WINDOWS\system32\RemoteDbg.dll]  [N/A, ]
    [C:\WINDOWS\system32\windhcp.ocx]  [N/A, ]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 1, 0, 1028]
    [C:\Program Files\Internet Explorer\PLUGINS\System64.Sys]  [N/A, ]
    [c:\progra~1\yahoo!\assistant\shell\yAssecblk.dll]  [Yahoo! China, 3, 2, 1, 1029]
    [c:\progra~1\yahoo!\assistant\shell\yMenuInfo.dll]  [Yahoo! China, 3, 0, 1, 1001]
    [c:\progra~1\yahoo!\assistant\shell\yIEAngel.dll]  [Yahoo! China, 3, 0, 4, 1005]
    [c:\progra~1\yahoo!\assistant\shell\yAsMenu.dll]  [Yahoo! China, 3, 0, 4, 1006]
    [C:\WINDOWS\system32\wkpnd.dll]  [N/A, ]
    [C:\WINDOWS\system32\CSRSS.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE.Dat]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE32.Sys]  [N/A, ]
    [C:\WINDOWS\system32\SysProFile.dll]  [N/A, ]
[PID: 2504 / Administrator][F:\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\WINDOWS\system32\msdebug.dll]  [N/A, ]
    [C:\WINDOWS\system32\RemoteDbg.dll]  [N/A, ]
    [C:\WINDOWS\system32\windhcp.ocx]  [N/A, ]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 1, 0, 1028]
    [C:\Program Files\Internet Explorer\PLUGINS\System64.Sys]  [N/A, ]
    [C:\WINDOWS\system32\wkpnd.dll]  [N/A, ]
    [C:\WINDOWS\system32\CSRSS.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE.Dat]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE32.Sys]  [N/A, ]
    [C:\WINDOWS\system32\SysProFile.dll]  [N/A, ]
    [F:\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================

文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 916, C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 3320, C:\WINDOWS\SYS81.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3320, C:\WINDOWS\SYS81.EXE]

==================================
API HOOK
RVA  错误： LoadLibraryA (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA  错误： LoadLibraryExA (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA  错误： LoadLibraryExW (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA  错误： LoadLibraryW (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA  错误： GetProcAddress (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)

==================================
隐藏进程
N/A

==================================


[/CODE]

求求你们了

来个高手吧

在安全模式下

1用SSM禁止服务产生
[Win32 Debug Service / MSDebugsvc][Stopped/Auto Start]
<C:\WINDOWS\system32\rundll32.exe msdebug.dll,input><Microsoft Corporation>

[Remote Debug Service / RemoteDbg][Stopped/Auto Start]
<C:\WINDOWS\system32\rundll32.exe RemoteDbg.dll,input><Microsoft Corporation>

[Windows DHCP Service / WinDHCPsvc][Stopped/Auto Start]
<C:\WINDOWS\system32\rundll32.exe windhcp.ocx,input><Microsoft Corporation>

2 用冰刃刪除
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\iexplorer.exe

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\c0nime.exe

C:\WINDOWS\uninstall\rundl132.exe

C:\WINDOWS\WinForm.exe

C:\WINDOWS\upxdnd.exe

C:\WINDOWS\MsIMMs32.exe

C:\WINDOWS\system32\nwizdh.exe

C:\WINDOWS\msccrt.exe

C:\WINDOWS\TIMHost.exe


C:\WINDOWS\AVPSrv.exe

C:\WINDOWS\Kvsc3.exe

C:\WINDOWS\system32\dllhost32.exe

C:\WINDOWS\system32\RAV00AE.exe

C:\WINDOWS\system32\RAV008C.exe

C:\WINDOWS\system32\nwiztlbu.exe

C:\WINDOWS\system32\ztinetzt.exe

C:\WINDOWS\system32\nwizhx2.exe

LYLoadqr.exe

C:\Program Files\Internet Explorer\IEXPLORE.win

C:\Program Files\Internet Explorer\IEXPLORE.Dat

C:\Program Files\Internet Explorer\IEXPLORE32.Sys

C:\WINDOWS\system32\SysPro.dll

C:\Program Files\Internet Explorer\PLUGINS\System64.Sys

C:\WINDOWS\system32\CSRSS.dll

%systemroot%\system32\shmgrate.exe

%SystemRoot%\system32\themeui.dll

%ProgramFiles%\Outlook Express\setup50.exe

C:\WINDOWS\system32\nwizzhuxians.exe

C:\WINDOWS\system\7.exe

Launcher.exe

C:\WINDOWS\system\2.exe

C:\WINDOWS\system\qjjlmr.exe

C:\WINDOWS\system\7.exe

C:\Documents and Settings\Administrator\「开始」菜单\程序
\启动\System.exe

\SystemRoot\\SystemRoot\System32\drivers\lgjhmjs.sys

2 删除
C:\WINDOWS\system32\SysProFile.dll
C:\WINDOWS\system32\wkpnd.dll
C:\WINDOWS\system32\windhcp.ocx
C:\WINDOWS\system32\SysProFile.dll
C:\WINDOWS\system32\SysProFiles.dll
C:\WINDOWS\system32\wreql.dll 
C:\WINDOWS\system32\wkjhm.dll
C:\WINDOWS\system32\huyix.dll
C:\WINDOWS\system32\wojhj.dll
C:\WINDOWS\system32\wkpnd.dll
C:\WINDOWS\system32\zhgnx.dll
C:\WINDOWS\system32\nwizzhuxians.dll
C:\WINDOWS\c_174.nls
C:\WINDOWS\system32\SysPro.dll
C:\WINDOWS\sys81.exe

3 在注册表删除相应项目和你所说的东西



我建议楼主来个强力重装，指将所有盘格式化，因为你的电脑很多病毒啊~

清除AV终结者.U盘病毒

【凝逸实验室】-[凝逸反毒]
QQ:503165656
主页:http://hi.baidu.com/503165656
下载:http://groups.google.com/group/503165656/web/nyfd.zip
方法:  1.点【黑洞】
      2.强行关机后,重开机在点次【黑洞】
      3.在用杀软扫除病毒



可能有感染exe?