这是用360的诊断报告~~帮帮忙看是不是中了什么病毒
各位高手：
非常感谢您留心我这份系统诊断报告，小菜鸟十万火急等待您的帮助！
该诊断报告由360安全卫士提供 http://www.360.cn
诊断时间: 2003-01-01  04:51:50
诊断平台: Microsoft Windows XP  Service Pack 2
IE版本: Internet Explorer V6.0.2900.2180 Build:62900.2180
计算机物理内存:511.48MB - 当前可用内存:287.68MB
100 - 未知 - Process: KPfwSvc.EXE [] - F:\kv\KPfwSvc.EXE
100 - 未知 - Process: ShadowService.exe [] - C:\WINDOWS\system32\shadow\ShadowService.exe
R0 - 未知 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.tomatolei.com/
O2 - 未知 - BHO: (ThunderAtOnce Class) - [迅雷浏览器高级特性支持模块] - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - 未知 - BHO: (Thunder Browser Helper) - [XunLeiBHO] - {4E83D566-4697-4F7B-B1F0-A513B01DB89A} - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O8 - 未知 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - 未知 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O8 - 未知 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O9 - 未知 - Extra button: 启动迅雷5(HKLM) - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - 未知 - Extra button: 番茄花园(HKLM) - http://www.tomatolei.com
O21 - 未知 - Protocol Icons: HKCR\http\shell\open\command - "F:\360safe\360se\360SE.exe" "%1"
O21 - 未知 - Protocol Icons: HKCR\ftp\shell\open\command - "F:\360safe\360se\360SE.exe" "%1"
O21 - 未知 - Protocol Icons: HKCR\https\shell\open\command - "F:\360safe\360se\360SE.exe" "%1"
O21 - 未知 - Protocol Icons: HKCR\htmlfile\shell\open\command - "F:\360safe\360se\360SE.exe" "%1"
O23 - 未知 - Service: KPfwSvc [金山网镖网络实时监控服务程序] - "F:\kv\KPfwSvc.EXE" - (running)
O23 - 未知 - Service: Qvod Terminal [QVOD媒体播放服务] - C:\新建文件夹\QvodPlayer\QvodTerminal.exe - (not running)
O23 - 未知 - Service: WMConnectCDS [使用“通用即插即用”与媒体设备共享媒体] - C:\Program Files\Windows Media Connect 2\wmccds.exe - (not running)
=======================================
100 - 安全 - Process: smss.exe [进程为会话管理子系统用以初始化系统变量，ms-dos驱动名称类似lpt1以及com，调用win32壳子系统和运行在windows登陆过程。] - C:\windows\System32\smss.exe
100 - 安全 - Process: csrss.exe [客户端服务子系统，用以控制windows图形相关子系统。] - C:\windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=base
100 - 安全 - Process: winlogon.exe [windows nt用户登陆程序。] - C:\windows\system32\winlogon.exe
100 - 安全 - Process: services.exe [用于管理windows服务系统进程。] - C:\windows\system32\services.exe
100 - 安全 - Process: lsass.exe [本地安全权限服务控制windows安全机制。] - C:\windows\system32\lsass.exe
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\windows\system32\svchost -k DcomLaunch
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\windows\system32\svchost -k rpcss
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\windows\System32\svchost.exe -k netsvcs
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\windows\system32\svchost.exe -k NetworkService
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\windows\system32\svchost.exe -k LocalService
100 - 安全 - Process: spoolsv.exe [windows打印任务控制程序，用以打印机就绪。] - C:\windows\system32\spoolsv.exe
100 - 安全 - Process: explorer.exe [windows program manager或者windows explorer用于控制windows图形shell，包括开始菜单、任务栏，桌面和文件管理。] - C:\windows\Explorer.EXE
100 - 安全 - Process: conime.exe [console ime ime输入法控制台软件。] - C:\windows\system32\conime.exe
100 - 安全 - Process: ctfmon.exe [office xp输入法图标。] - C:\windows\system32\ctfmon.exe
100 - 安全 - Process: nvsvc32.exe [nvidia driver helper service在nvida显卡驱动中被安装。] - C:\windows\system32\nvsvc32.exe
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\windows\system32\svchost.exe -k imgsvc
100 - 安全 - Process: 360tray.exe [360安全卫士实时保护模块] - F:\360\safemon\360tray.exe
100 - 安全 - Process: safeboxtray.exe [360安全卫士保险箱相关程序。] - C:\Program Files\360Safebox\safeboxtray.exe
100 - 安全 - Process: 360Safe.exe [360安全卫士] - F:\360\360Safe.exe
R1 - 安全 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=C:\windows\system32\blank.htm
R1 - 安全 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\system32\blank.htm
O1 - 安全 - Host: 127.0.0.1 gxgxy.net
O1 - 安全 - Host: 127.0.0.1 c0mo.com
O2 - 安全 - BHO: (VnetCookie Class) - [星空极速， 拨号软件。] - {4E83D567-4697-4F7B-B1F0-A513B01DB89A} - c:\PROGRA~1\chinanet\VNETTR~1.DLL
O4 - 安全 - HKLM\..\Run: [360Safetray] [360safe实时保护功能模块。] F:\360\safemon\360tray.exe /start
O4 - 安全 - HKLM\..\Run: [360Safebox] [360安全卫士保险箱相关程序。] "C:\Program Files\360Safebox\safeboxTray.exe" /r
O4 - 安全 - HKLM\..\Run: [360Antiarp] [360安全卫士ARP防火墙相关程序。] F:\360\antiarp\antiarp.exe /start
O4 - 安全 - HKCU\..\Run: [ctfmon.exe] [office xp输入法图标。] C:\windows\system32\ctfmon.exe
O4 - 安全 - HKCU\..\Run: [bgswitch] [微软出品的自动换壁纸程序。] C:\WINDOWS\system32\bgswitch.exe
O4 - 安全 - HKCU\..\Run: [KavPFW] [金山出品的防火墙软件。] "F:\kv\KPFW32.EXE"
O4 - 安全 - HKCU\..\Run: [MSMSGS] [是MSN Messenger网络聊天工具的主程序] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - 安全 - Startup folder: [腾讯QQ.lnk] [qq：即时通讯软件] C:\Documents and Settings\www\「开始」菜单\程序\启动\腾讯QQ.lnk
O8 - 安全 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - 安全 - Extra button: Windows Messenger(HKLM) - C:\Program Files\Messenger\msmsgs.exe
O18 - 安全 - Protocol: OFFICE 相关 - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - 安全 - Service: aswUpdSv [Avast Anti-Virus反病毒产品相关程序,该进程用于管理自动升级。] - "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" - (not running)
O23 - 安全 - Service: avast! Antivirus [Avast Anti-virus反病毒套装的一部分。] - "C:\Program Files\Alwil Software\Avast4\ashServ.exe" - (not running)
O23 - 安全 - Service: avast! Mail Scanner [Alwil公司出品的Avast反病毒产品的一部分。] - "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service - (not running)
O23 - 安全 - Service: avast! Web Scanner [Avast网络安全套件的一部分,用于保护你的电脑免受网络攻击。] - "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service - (not running)
O23 - 安全 - Service: NVSvc [是NVIDIA显示卡相关程序。] - C:\windows\system32\nvsvc32.exe - (running)
O23 - 安全 - Service: ShadowSystemService [影子系统相关服务。] - C:\WINDOWS\system32\shadow\ShadowService.exe - (running)
=======================================
O31 - 未知 - SEApproved: {42071714-76d4-11d1-8b24-00a0c9068ff3} - deskpan.dll -  -  -  - 0 -
O31 - 未知 - SEApproved: 无效的CLSID：Shell extensions for file compression -  -  -  -  - 0 -
O31 - 未知 - SEApproved: 无效的CLSID：加密上下文菜单 -  -  -  -  - 0 -
O31 - 未知 - SEApproved: {0DF44EAA-FF21-4412-828E-260A8728E7F1} -  -  -  -  - 0 -
O31 - 未知 - SEApproved: {00E7B358-F65B-4dcf-83DF-CD026B94BFD4} -  -  -  -  - 0 -
O31 - 未知 - SEApproved: {7A9D77BD-5403-11d2-8785-2E0420524153} -  -  -  -  - 0 -
O31 - 未知 - SEApproved: 无效的CLSID：压缩(zipped)文件夹 -  -  -  -  - 0 -
O31 - 未知 - SEApproved: {B41DB860-8EE4-11D2-9906-E49FADC173CA} - C:\Program Files\WinRAR\rarext.dll -  -  -  - 118784 - d22026bd9e2d0b3c2dba263a1d09921b
O31 - 未知 - SEApproved: {472083B0-C522-11CF-8763-00608CC02F24} - C:\Program Files\Alwil Software\Avast4\ashShell.dll - ALWIL Software - avast! Shell Extension - 4.7.936.0 - 69632 - 5b67334a95ba520fbdaa9917bcc170b8
O31 - 未知 - SEApproved: {1CDB2949-8F65-4355-8456-263E7C208A5D} - C:\windows\system32\nvshell.dll -  -  - 6.14.10.11038 - 466944 - c8ea187df8f1cedf34eb5bab8ab38ebf
O31 - 未知 - SEApproved: {1E9B04FB-F9E5-4718-997B-B8DA88302A47} - C:\windows\system32\nvshell.dll -  -  - 6.14.10.11038 - 466944 - c8ea187df8f1cedf34eb5bab8ab38ebf
O31 - 未知 - SEApproved: {1E9B04FB-F9E5-4718-997B-B8DA88302A48} - C:\windows\system32\nvshell.dll -  -  - 6.14.10.11038 - 466944 - c8ea187df8f1cedf34eb5bab8ab38ebf
O31 - 未知 - Directory Menu: {B41DB860-8EE4-11D2-9906-E49FADC173CA} - C:\Program Files\WinRAR\rarext.dll -  -  -  - 118784 - d22026bd9e2d0b3c2dba263a1d09921b
O31 - 未知 - LSA: Security Packages - sv1_0.dll -  -  -  - 0 -
O31 - 未知 - LSA: Security Packages - channel.dll -  -  -  - 0 -
=======================================
O40 - Explorer.EXE - NVIDIA Corporation - C:\windows\system32\NVRSZHC.DLL - NVIDIA Simplified Chinese language resource library - 7df6a9c481cb51565c636d131bd8199e
O40 - Explorer.EXE -  - C:\windows\system32\nvshell.dll -  - c8ea187df8f1cedf34eb5bab8ab38ebf
O40 - Explorer.EXE - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashShell.dll - avast! Shell Extension - 5b67334a95ba520fbdaa9917bcc170b8
=======================================
O41 - ALCXSENS - Sensaura WDM 3D Audio Driver - C:\WINDOWS\system32\drivers\ALCXSENS.SYS - (running) - Sensaura WDM 3D Audio Driver - Sensaura - ba88534a3ceb6161e7432438b9ea4f54
O41 - d347bus - PnP BIOS Extension - C:\WINDOWS\system32\drivers\d347bus.sys - (running) - PnP BIOS Extension -  - 5776322f93cdb91086111f5ffbfda2a0
O41 - d347prt - SCSI miniport - C:\WINDOWS\system32\drivers\d347prt.sys - (running) - SCSI miniport -  - b49f79ace459763f4e0380071be9cb45
O41 - KNetWch - KNetWatch - F:\kv\KNetWch.SYS - (running) - KNetWatch - Kingsoft Corporation - d2767838f948526572d1501aea811545
O41 - 0005286f - 0005286f - C:\windows\system32\Drivers\0005286f.sys - (not running) -  -  -
O41 - NPF - NPF Driver - TME extensions - C:\WINDOWS\system32\drivers\npf.sys - (not running) - NPF Driver - TME extensions - Politecnico di Torino - f498c5c3399a60933196fc215ef074f9
O41 - SNPSTD3 - PC Camera driver - C:\WINDOWS\system32\drivers\snpstd3.sys - (not running) - PC Camera driver -  -
O41 - WINIO - WINIO - H:\DRIVER\Audio\winio.sys - (not running) -  -  -
=======================================
360Safe.exe=4.2.0.1008
AntiAdwa.dll=4.2.0.1001
AntiEng.dll=4.2.0.1001
AntiActi.dll=2.0.0.3000
CleanHis.dll=4.2.0.1002
live.dll=1.0.1.1027
=======================================
操作历史报告：
----------全面诊断修复历史----------
2003-01-01 04:51
100 - 危险 - internat.exe - C:\windows\system\internat.exe
=======================================
360安全卫士，彻底查杀各种流氓软件,全面保护系统安全,并赠送正版卡巴斯基7.0
最新免费下载：http://www.360.cn/download.html

用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

用winrar进入D盘，看有没有autorun.inf这个文件，有的话删掉
进入D盘之前请先用杀毒软件查杀D盘，可能已经中毒
重启后就可以正常进入D盘了

Ls正解
搞SREng日志吧
扫日志前关闭无用进程，如QQ，迅雷

到大的软件站，如天空，太平洋，下载2.6正式版版的SReng（推荐）

http://www.skycn.com/soft/45002.html
SREng/智能扫描

等扫描完成,保存日志(LOG格式)
日志以附件上传，贴到反病毒区或流行病毒区
PS：如主程序SREng**.exe无法运行,导致无法扫描日志
将主程序改名为小狮子.bat

2003-01-01,16:03:39

System Repair Engineer 2.6.11.992
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\windows\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <bgswitch><C:\WINDOWS\system32\bgswitch.exe>  []
    <KavPFW><"F:\kv\KPFW32.EXE">  []
    <MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <360Safetray><F:\360\safemon\360tray.exe /start>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <360Antiarp><F:\360\antiarp\antiarp.exe /start>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <NvCplDaemon><RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <avast!><; C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe>  [(Verified)ALWIL Software]
    <CameraFixer><; C:\WINDOWS\CameraFixer.exe>  []

==================================
启动文件夹
[腾讯QQ]
  <C:\Documents and Settings\www\「开始」菜单\程序\启动\腾讯QQ.lnk --> C:\PROGRA~1\Tencent\QQ\QQ.exe [TENCENT]><N>

==================================
服务
[avast! iAVS4 Control Service / aswUpdSv][Stopped/Disabled]
  <"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"><N/A>
[avast! Antivirus / avast! Antivirus][Stopped/Disabled]
  <"C:\Program Files\Alwil Software\Avast4\ashServ.exe"><>
[avast! Mail Scanner / avast! Mail Scanner][Stopped/Disabled]
  <"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service><ALWIL Software>
[avast! Web Scanner / avast! Web Scanner][Stopped/Disabled]
  <"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service><ALWIL Software>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\windows\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Kingsoft Personal Firewall Service / KPfwSvc][Stopped/Auto Start]
  <"F:\kv\KPfwSvc.EXE"><(File is missing)>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\windows\system32\nvsvc32.exe><NVIDIA Corporation>
[Qvod Terminal / Qvod Terminal][Stopped/Auto Start]
  <C:\新建文件夹\QvodPlayer\QvodTerminal.exe><(File is missing)>
[Shadow System Service / ShadowSystemService][Running/Auto Start]
  <C:\WINDOWS\system32\shadow\ShadowService.exe><N/A>
[Windows Media Connect Service / WMConnectCDS][Stopped/Manual Start]
  <C:\Program Files\Windows Media Connect 2\wmccds.exe><Microsoft Corporation>
[Windows Driver Foundation - User-mode Driver Framework / WudfSvc][Stopped/Manual Start]
  <C:\windows\system32\svchost.exe -k WudfServiceGroup-->%SystemRoot%\System32\WUDFSvc.dll><Microsoft Corporation>

==================================
驱动程序
[0005286f / 0005286f][Stopped/Manual Start]
  <\??\C:\windows\system32\Drivers\0005286f.sys><N/A>
[360AntiArp / 360AntiArp][Running/System Start]
  <\??\C:\windows\system32\drivers\360AntiArp.sys><360安全中心>
[Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]
  <system32\drivers\ALCXSENS.SYS><Sensaura>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[d347bus / d347bus][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\d347bus.sys><>
[d347prt / d347prt][Running/Boot Start]
  <\SystemRoot\System32\Drivers\d347prt.sys><>
[KNetWch / KNetWch][Running/System Start]
  <\??\F:\kv\KNetWch.SYS><Kingsoft Corporation>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
  <system32\drivers\npf.sys><Politecnico di Torino>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
  <\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[USB PC Camera (SNPSTD3) / SNPSTD3][Running/Manual Start]
  <system32\DRIVERS\snpstd3.sys><>
[WINIO / WINIO][Stopped/Manual Start]
  <\??\H:\DRIVER\Audio\winio.sys><N/A>
[Windows Driver Foundation - User-mode Driver Framework Platform Driver / WudfPf][Stopped/Manual Start]
  <system32\DRIVERS\WudfPf.sys><Microsoft Corporation>
[Windows Driver Foundation - User-mode Driver Framework Reflector / WudfRd][Stopped/Manual Start]
  <system32\DRIVERS\wudfrd.sys><Microsoft Corporation>
[DDK PACKET Protocol / Packet][Running/Manual Start]
  <system32\DRIVERS\ProtoDrv.sys><360安全中心>

==================================
浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
  {4E83D566-4697-4F7B-B1F0-A513B01DB89A} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[VnetCookie Class]
  {4E83D567-4697-4F7B-B1F0-A513B01DB89A} <c:\PROGRA~1\chinanet\VNETTR~1.DLL, >
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <F:\360\safemon\safemon.dll, 360.CN>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[番茄花园]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.tomatolei.com, N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <C:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
  {4E83D566-4697-4F7B-B1F0-A513B01DB89A} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[VnetCookie Class]
  {4E83D567-4697-4F7B-B1F0-A513B01DB89A} <c:\PROGRA~1\chinanet\VNETTR~1.DLL, >
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <F:\360\live.dll, 360.cn>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <F:\360\safemon\safemon.dll, 360.CN>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\windows\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
[QvodCtrl Class]
  {F3D0D36F-23F8-4682-A195-74C92B03D4AF} <C:\新建文件夹\QvodPlayer\QvodInsert.dll, N/A>
[使用迅雷下载]
  <C:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>

==================================
正在运行的进程
[PID: 480 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 540 / SYSTEM][\??\C:\windows\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 580 / SYSTEM][\??\C:\windows\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\windows\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 624 / SYSTEM][C:\windows\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 636 / SYSTEM][C:\windows\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 784 / SYSTEM][C:\windows\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 844 / NETWORK SERVICE][C:\windows\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 920 / SYSTEM][C:\windows\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\wups2.dll]  [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[PID: 972 / NETWORK SERVICE][C:\windows\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1008 / LOCAL SERVICE][C:\windows\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1204 / SYSTEM][C:\windows\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1392 / www][C:\windows\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WPDShServiceObj.dll]  [Microsoft Corporation, 5.2.5358.4827 (WMP_11.060509-2009)]
    [C:\WINDOWS\system32\PortableDeviceTypes.dll]  [Microsoft Corporation, 5.2.5358.4827 (WMP_11.060509-2009)]
    [C:\WINDOWS\system32\PortableDeviceApi.dll]  [Microsoft Corporation, 5.2.5358.4827 (WMP_11.060509-2009)]
    [C:\WINDOWS\system32\nvcpl.dll]  [NVIDIA Corporation, 6.14.10.9131]
    [C:\windows\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.9131]
    [C:\windows\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\windows\system32\nvshell.dll]  [, ]
    [F:\360\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [C:\Program Files\Common Files\Adobe\Shell\PSICON.DLL]  [Adobe Systems, Incorporated, 7.0]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 1, 4]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll]  [, 1, 0, 0, 2]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 4]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
[PID: 1548 / www][F:\360\antiarp\antiarp.exe]  [360安全中心, 2, 0, 0, 1008]
    [F:\360\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
[PID: 1556 / www][C:\windows\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1676 / www][C:\windows\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1768 / SYSTEM][C:\windows\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.9131]
[PID: 1828 / SYSTEM][C:\WINDOWS\system32\shadow\ShadowService.exe]  [N/A, ]
[PID: 1848 / SYSTEM][C:\windows\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3432 / www][F:\360safe\360se\360Start.exe]  [360安全中心 & 凤凰软件工作室, 1, 0, 1, 3]
    [F:\360\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
[PID: 3464 / www][C:\windows\system\internat.exe]  [N/A, ]
[PID: 3484 / www][F:\360safe\360se\360SE.exe]  [360安全中心 & 凤凰软件工作室, 1, 0, 2, 6]
    [F:\360\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL]  [Microsoft Corporation, 11.0.5510]
    [C:\windows\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\windows\system32\Macromed\Flash\Flash9f.ocx]  [Adobe Systems, Inc., 9,0,124,0]
    [F:\360\antispy.dll]  [奇虎网, 4, 2, 0, 1004]
[PID: 2488 / www][C:\Program Files\WinRAR\WinRAR.exe]  [N/A, ]
    [F:\360\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [C:\windows\system32\wpdshext.dll]  [Microsoft Corporation, 5.2.5358.4827 (WMP_11.060509-2009)]
    [C:\WINDOWS\system32\PortableDeviceApi.dll]  [Microsoft Corporation, 5.2.5358.4827 (WMP_11.060509-2009)]
    [C:\windows\system32\Audiodev.dll]  [Microsoft Corporation, 5.2.5358.4827 (WMP_11.060509-2009)]
[PID: 2248 / www][C:\DOCUME~1\www\LOCALS~1\Temp\Rar$EX00.125\SREngLdr.EXE]  [Smallfrogs Studio, 2.6.11.992]
[PID: 2636 / www][C:\DOCUME~1\www\LOCALS~1\Temp\Rar$EX00.125\SRE376b75cf.EXE]  [Smallfrogs Studio, 2.6.11.992]
    [F:\360\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [C:\DOCUME~1\www\LOCALS~1\Temp\Rar$EX00.125\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT  Error. [C:\windows\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  Error. [C:\windows\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1  gxgxy.net
127.0.0.1  c0mo.com

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 3432, F:\360SAFE\360SE\360START.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 3464, C:\WINDOWS\SYSTEM\INTERNAT.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3464, C:\WINDOWS\SYSTEM\INTERNAT.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3484, F:\360SAFE\360SE\360SE.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2248, C:\DOCUME~1\WWW\LOCALS~1\TEMP\RAR$EX00.125\SRENGLDR.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

到C:\WINDOWS\SYSTEM\里找internat.exe看它的大小是不是32k左右
如果大得出奇，有200多K，那就有问题
就喀嚓了
删除驱动
0005286f / 0005286f][Stopped/Manual Start]
  <\??\C:\windows\system32\Drivers\0005286f.sys><N/A>

PS：不要安装多款杀毒软件！！

右键点击键盘的时候，是不是第一项是“自动打开”或是“AUTO”，如果是的话，在“我的电脑”-“工具”-“文件夹选项”－“查看”，然后把“隐藏受保护的操作系统文件”前面的勾去掉，再在下面选择“显示所有文件和文件夹”
然后再点“我的电脑”的菜单栏下面的“文件夹”，进入“资源管理器”，在左边选择点击“D”盘符，看一下里面有没有“AUTO”的隐藏文件，把它删除掉。
最后再下载一个专杀“AUTO”的工具来查杀～～～
希望能帮到你～～

。。。。。。。
就是autorun.inf文件
最简单的方法：
运行
Wsyscheck软件
工具
清除autorun.inf

好了｀～谢谢各位｀～