今天上午，党支部书记问：怎么上不了网？去看后发现，“本地连接”图标上有个红“X”（电缆已拔出），而且是“已启用”状态。以为网线有问题，谁知道换了线依然如此。无意扫了一下SRENG日志，发现了万马奔腾的壮观场面。杀毒后，“本地连接”图标上的红“X”依然还在，还是不能上网。难道有这么厉害的病毒？
下面是我的杀毒前后的日志比较：

启动项目/注册表(中毒后)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <swg><C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe>  [(Verified)Google Inc]
    <ApabiAgent><; "C:\Program Files\Founder\Apabi Reader 3.0\ApabiAgent.exe">  []
  <t7s25r377c2fuz><C:\DOCUME~1\user\LOCALS~1\Temp\Rav.exe>  []
    <yli9h90t6><C:\DOCUME~1\user\LOCALS~1\Temp\iexp1ore.exe>  []
    <k><C:\DOCUME~1\user\LOCALS~1\Temp\crasos.exe>  []
    <dx9rq55syxc6b><C:\DOCUME~1\user\LOCALS~1\Temp\iexp10re.exe>  []
    <h><C:\DOCUME~1\user\LOCALS~1\Temp\c0nime.exe>  []
    <juc><C:\DOCUME~1\user\LOCALS~1\Temp\iexpl0re.exe>  []
    <fm50ki4><C:\DOCUME~1\user\LOCALS~1\Temp\1explore.exe>  []
    <ji520wx01gwd7kd><C:\DOCUME~1\user\LOCALS~1\Temp\exp10rer.exe>  []
    <ev96w><C:\DOCUME~1\user\LOCALS~1\Temp\iexplorer.exe>  []
    <tzrywvw3d><C:\DOCUME~1\user\LOCALS~1\Temp\explorei.exe>  []
    <f8r03l0ew9w><C:\DOCUME~1\user\LOCALS~1\Temp\winlog0n.exe>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <KavStart><"C:\KAV2006\KAVStart.exe" -startup>  [Kingsoft Corporation]
    <KernelFaultCheck><; %systemroot%\system32\dumprep 0 -k>  [N/A]
    <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <jmekey><; C:\Program Files\jmesoft\hotkey.exe>  [JME Co.,Ltd.]
    <NvMediaCenter><; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <nwiz><; nwiz.exe /install>  []
    <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <SoundMan><; SOUNDMAN.EXE>  [(Verified)Microsoft Windows Publisher]
    <Thunder><"E:\迅雷\Thunder.exe" /s>  [Thunder Networking Technologies,LTD]
    <TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <miniQQLive><"E:\qqlive\MiniQQLive.exe">  [Tencent]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{99F1D023-7CEB-4586-80F7-BB1A98DB7602}><C:\Program Files\Internet Explorer\IEXPLORE.Sys>  []
    <{1496D5ED-7A09-46D0-8C92-B8E71A4304DF}><C:\WINDOWS\system32\msacn.dll>  [N/A]
    <{0EA66AD2-CF26-2E23-532B-B292E22F3266}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewTemp.dll>  []
    <{754FB7D8-B8FE-4810-B363-A788CD060F1F}><C:\Program Files\Internet Explorer\PLUGINS\System64.Sys>  []
    <{FEB94F5A-69F3-4645-8C2B-9E71D270AF2E}><C:\Program Files\Internet Explorer\IEXPLORE.Dat>  []
    <{923509F1-45CB-4EC0-BDE0-1DED35B8FD60}><C:\Program Files\Internet Explorer\IEXPLORE.win>  []

启动项目/注册表（杀毒后）
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <ApabiAgent><; "C:\Program Files\Founder\Apabi Reader 3.0\ApabiAgent.exe">  []
    <swg><; C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe>  [(Verified)Google Inc]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <KavStart><"C:\KAV2006\KAVStart.exe" -startup>  [Kingsoft Corporation]
    <NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <jmekey><; C:\Program Files\jmesoft\hotkey.exe>  [JME Co.,Ltd.]
    <KernelFaultCheck><; %systemroot%\system32\dumprep 0 -k>  [N/A]
    <miniQQLive><; "E:\qqlive\MiniQQLive.exe">  [Tencent]
    <NvMediaCenter><; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <nwiz><; nwiz.exe /install>  []
    <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <SoundMan><; SOUNDMAN.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <Thunder><; "E:\迅雷\Thunder.exe" /s>  [Thunder Networking Technologies,LTD]
    <TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]

启动文件夹（中毒后）
[QQ游戏启动加速程序]
  <C:\Documents and Settings\user\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> E:\QQGAME\Accel.exe [深圳市腾讯计算机系统有限公司]><N>
==================================
服务（中毒后）
[Application Management / AppMgmt][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[Asynchronous UPnP Support Services / Asynchronous UPnP Support Services][Running/Auto Start]
  <C:\WINDOWS\system32\upnpsvc.exe><Microsoft Corporatio>
[Error Reporting Service / ERSvc][Running/Auto Start]
  <2 - 系统找不到指定的文件。
><N/A>
[Google Updater Service / gusvc][Stopped/Manual Start]
  <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]
  <C:\KAV2006\KWatch.EXE><Kingsoft Corporation>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Sysbak hotkey Server / Sysbak_hotkey_Server][Running/Auto Start]
  <C:\Program Files\Founder\Emergency Center\Hotkey.exe><N/A>
[Telephonyl / WindowsDown][Stopped/Auto Start]
  <C:\WINDOWS\system32\servet.exe><N/A>
[kernl32 / kernl32][Running/Auto Start]
  <C:\WINDOWS\system32\kernl32.exe><N/A>
[svchost / svchost][Running/Auto Start]
  <C:\WINDOWS\svchost.exe><N/A>
[4F87E3B8 / 4F87E3B8][Stopped/Auto Start]
  <C:\WINDOWS\system32\27B33F88.EXE -p><Microsoft Corporation>
[kusn33sd / kusn33sd][Stopped/Auto Start]
  <C:\WINDOWS\system32\kusn33sd.exe -j><Microsoft Corporation>
[Provisioning Transaction Service / ttt_21][Running/Auto Start]
  <C:\WINDOWS\system32\g.exe><N/A>

启动文件夹（杀毒后）
N/A
==================================
服务（杀毒后）
[Application Management / AppMgmt][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[Google Updater Service / gusvc][Stopped/Manual Start]
  <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]
  <C:\KAV2006\KWatch.EXE><Kingsoft Corporation>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Sysbak hotkey Server / Sysbak_hotkey_Server][Running/Auto Start]
  <C:\Program Files\Founder\Emergency Center\Hotkey.exe><N/A>

驱动程序（中毒后）
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Apaidi / Apaidi][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\Apaidi.sys><N/A>
[KWatch3 / KWatch3][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>
[Softlumos Multi-Platform / Mulsys][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\Mulsys.SYS><Softlumos Corporation>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
  <system32\drivers\npf.sys><N/A>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[PauseDrv / PauseDrv][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\Drivers\PauseDrv.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[Softlumos ShowLogo / ShowLogo][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ShowLogo.sys><N/A>
[ViaIde / ViaIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[videX32 / videX32][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\videX32.sys><VIA Technologies, Inc.>
[VIA SATA IDE Hot-plug Driver / xfilt][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\xfilt.sys><VIA Technologies,Inc>
[npkcrypt / npkcrypt][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\npkcrypt.sys><N/A>
[npkycryp / npkycryp][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\npkycryp.sys><N/A>

驱动程序（杀毒后）
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Apaidi / Apaidi][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\Apaidi.sys><N/A>
[KWatch3 / KWatch3][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>
[Softlumos Multi-Platform / Mulsys][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\Mulsys.SYS><Softlumos Corporation>
[Netgroup Packet Filter / NPF][Stopped/Disabled]
  <system32\drivers\npf.sys><N/A>
[npkcrypt / npkcrypt][Stopped/Disabled]
  <\??\C:\WINDOWS\system32\npkcrypt.sys><N/A>
[npkycryp / npkycryp][Stopped/Disabled]
  <\??\C:\WINDOWS\system32\npkycryp.sys><N/A>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[PauseDrv / PauseDrv][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\Drivers\PauseDrv.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[Softlumos ShowLogo / ShowLogo][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ShowLogo.sys><N/A>
[ViaIde / ViaIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[videX32 / videX32][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\videX32.sys><VIA Technologies, Inc.>
[VIA SATA IDE Hot-plug Driver / xfilt][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\xfilt.sys><VIA Technologies,Inc>

浏览器加载项（中毒后）
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <E:\迅雷\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[IeHelper Class]
  {0D42E1BD-09DD-4873-A826-9C7E793EB7B6} <E:\迅雷\Components\ResWorker\DSIeHelper.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
  {55302804-482E-470E-8A57-6795A1487F90} <E:\迅雷\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[CBrowseStakeout Class]
  {55302805-482E-470E-8A57-6795A1487F90} <C:\KAV2006\KAVAFish.DLL, Kingsoft Corporation>
[Google Toolbar Helper]
  {AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[Google Toolbar Notifier BHO]
  {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <E:\迅雷\Thunder.exe, Thunder Networking Technologies,LTD>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[&Google]
  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[Google Script Object]
  {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <E:\迅雷\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[ActiveMovieControl Object]
  {05589FA1-C356-11CE-BF01-00AA0055595A} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[IeHelper Class]
  {0D42E1BD-09DD-4873-A826-9C7E793EB7B6} <E:\迅雷\Components\ResWorker\DSIeHelper.dll, Thunder Networking Technologies,LTD>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[&Google]
  {2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[Thunder Browser Helper]
  {55302804-482E-470E-8A57-6795A1487F90} <E:\迅雷\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[CBrowseStakeout Class]
  {55302805-482E-470E-8A57-6795A1487F90} <C:\KAV2006\KAVAFish.DLL, Kingsoft Corporation>
[PowerPlayer Control]
  {5EC7C511-CD0F-42E6-830C-1BD9882F3458} <E:\pps\PPStream\POWERP~1.DLL, PPStream Inc.>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <E:\迅雷\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[Google Toolbar Helper]
  {AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[Google Toolbar Notifier BHO]
  {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[使用“方正畅听”朗读选定内容]
  <C:\Program Files\iFly Info Tek\MagicVoice\\bin\ir_Select.htm, N/A>
[使用迅雷下载]
  <E:\迅雷\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <E:\迅雷\Program\getallurl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[金山毒霸反钓鱼...]
  <C:\KAV2006\KAF\ShowSet.htm, N/A>

浏览器加载项（杀毒后）
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <E:\迅雷\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[IeHelper Class]
  {0D42E1BD-09DD-4873-A826-9C7E793EB7B6} <E:\迅雷\Components\ResWorker\DSIeHelper.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
  {55302804-482E-470E-8A57-6795A1487F90} <E:\迅雷\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[CBrowseStakeout Class]
  {55302805-482E-470E-8A57-6795A1487F90} <C:\KAV2006\KAVAFish.DLL, Kingsoft Corporation>
[Google Toolbar Helper]
  {AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[Google Toolbar Notifier BHO]
  {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <E:\迅雷\Thunder.exe, Thunder Networking Technologies,LTD>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[&Google]
  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[Google Script Object]
  {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <E:\迅雷\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[ActiveMovieControl Object]
  {05589FA1-C356-11CE-BF01-00AA0055595A} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[IeHelper Class]
  {0D42E1BD-09DD-4873-A826-9C7E793EB7B6} <E:\迅雷\Components\ResWorker\DSIeHelper.dll, Thunder Networking Technologies,LTD>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[&Google]
  {2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[Thunder Browser Helper]
  {55302804-482E-470E-8A57-6795A1487F90} <E:\迅雷\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[CBrowseStakeout Class]
  {55302805-482E-470E-8A57-6795A1487F90} <C:\KAV2006\KAVAFish.DLL, Kingsoft Corporation>
[PowerPlayer Control]
  {5EC7C511-CD0F-42E6-830C-1BD9882F3458} <E:\pps\PPStream\POWERP~1.DLL, PPStream Inc.>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <E:\迅雷\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[Google Toolbar Helper]
  {AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[Google Toolbar Notifier BHO]
  {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[使用“方正畅听”朗读选定内容]
  <C:\Program Files\iFly Info Tek\MagicVoice\\bin\ir_Select.htm, N/A>
[使用迅雷下载]
  <E:\迅雷\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <E:\迅雷\Program\getallurl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[金山毒霸反钓鱼...]
  <C:\KAV2006\KAF\ShowSet.htm, N/A>

正在运行的进程（中毒后）
[PID: 440][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 492][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 516][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\kusn433sd3.dll]  [Microsoft Corporation, ]
[PID: 1460][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Internet Explorer\IEXPLORE.Sys]  [N/A, ]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewTemp.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\System64.Sys]  [N/A, ]
    [C:\KAV2006\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [C:\KAV2006\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\nvcpl.dll]  [NVIDIA Corporation, 6.14.10.9381]
    [C:\WINDOWS\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.9381]
    [C:\WINDOWS\system32\nvapi.dll]  [N/A, ]
    [C:\WINDOWS\system32\nvshell.dll]  [, ]
    [C:\Program Files\Internet Explorer\IEXPLORE.Dat]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE.win]  [N/A, ]
    [C:\DOCUME~1\user\LOCALS~1\Temp\Ravs0.dll]  [N/A, ]
    [C:\DOCUME~1\user\LOCALS~1\Temp\LgSy0r.dll]  [N/A, ]
    [C:\DOCUME~1\user\LOCALS~1\Temp\Msxo0.dll]  [N/A, ]
    [C:\DOCUME~1\user\LOCALS~1\Temp\qjzo0.dll]  [N/A, ]
    [C:\DOCUME~1\user\LOCALS~1\Temp\Gjzo0.dll]  [N/A, ]
    [C:\DOCUME~1\user\LOCALS~1\Temp\LgSy0.dll]  [N/A, ]
    [C:\DOCUME~1\user\LOCALS~1\Temp\fyzo0.dll]  [N/A, ]
    [C:\DOCUME~1\user\LOCALS~1\Temp\txzo0.dll]  [N/A, ]
    [C:\DOCUME~1\user\LOCALS~1\Temp\zxzo0.dll]  [N/A, ]
    [C:\DOCUME~1\user\LOCALS~1\Temp\tlzo0.dll]  [N/A, ]
    [C:\DOCUME~1\user\LOCALS~1\Temp\LgSy1.dll]  [N/A, ]
    [C:\WINDOWS\system32\kusn433sd3.dll]  [Microsoft Corporation, ]
    [E:\迅雷\Components\ResWorker\DSIeHelper.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
    [E:\迅雷\Components\ResWorker\DataProcessor.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 1]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\Founder\Emergency Center\SBHotkey.dll]  [N/A, ]
    [E:\迅雷\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 2, 17]
    [C:\KAV2006\KAVEXT.DLL]  [Kingsoft Corporation, 2007, 5, 11, 28]
[PID: 1556][C:\KAV2006\KAVStart.exe]  [Kingsoft Corporation, 2007, 5, 9, 272]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\KAV2006\KAVIPC2.DLL]  [Kingsoft Corporation, 2004, 12, 28, 20]
    [C:\KAV2006\SvcTimer.DLL]  [Kingsoft Corporation, 2006.12.22.84]
    [C:\Program Files\Internet Explorer\PLUGINS\System64.Sys]  [N/A, ]
    [C:\KAV2006\KAVPassp.dll]  [Kingsoft Corporation, 2006, 9, 7, 270]
    [C:\KAV2006\PopSprt3.dll]  [Kingsoft Corporation, 2007, 1, 16, 45]
    [C:\Program Files\Internet Explorer\IEXPLORE.Sys]  [N/A, ]
    [C:\KAV2006\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [C:\KAV2006\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\Program Files\Internet Explorer\IEXPLORE.Dat]  [N/A, ]
    [C:\DOCUME~1\user\LOCALS~1\Temp\LgSy1.dll]  [N/A, ]
    [C:\DOCUME~1\user\LOCALS~1\Temp\tlzo0.dll]  [N/A, ]
    [C:\DOCUME~1\user\LOCALS~1\Temp\zxzo0.dll]  [N/A, ]
    [C:\DOCUME~1\user\LOCALS~1\Temp\txzo0.dll]  [N/A, ]
    [C:\DOCUME~1\user\LOCALS~1\Temp\fyzo0.dll]  [N/A, ]
    [C:\DOCUME~1\user\LOCALS~1\Temp\LgSy0.dll]  [N/A, ]
    [C:\DOCUME~1\user\LOCALS~1\Temp\Gjzo0.dll]  [N/A, ]
    [C:\DOCUME~1\user\LOCALS~1\Temp\qjzo0.dll]  [N/A, ]
    [C:\DOCUME~1\user\LOCALS~1\Temp\Msxo0.dll]  [N/A, ]
    [C:\DOCUME~1\user\LOCALS~1\Temp\LgSy0r.dll]  [N/A, ]
    [C:\DOCUME~1\user\LOCALS~1\Temp\Ravs0.dll]  [N/A, ]
[PID: 1588][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Internet Explorer\IEXPLORE.Sys]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\System64.Sys]  [N/A, ]
    [C:\KAV2006\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [C:\Program Files\Internet Explorer\IEXPLORE.Dat]  [N/A, ]
[PID: 1596][C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe]  [Google Inc., 2, 0, 301, 1654]
    [C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\gtn.dll]  [Google Inc., 2, 0, 301, 7164]
    [C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\res_zh-CN.dll]  [Google Inc., 2, 0, 301, 7164]
    [C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll]  [Google Inc., 2, 0, 301, 7164]
    [C:\Program Files\Internet Explorer\PLUGINS\System64.Sys]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE.Sys]  [N/A, ]
    [C:\KAV2006\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [C:\Program Files\Internet Explorer\IEXPLORE.Dat]  [N/A, ]
[PID: 1820][C:\KAV2006\KMailMon.EXE]  [Kingsoft Corporation, 2007, 2, 25, 948]
    [C:\KAV2006\KAntiSpm.dll]  [Kingsoft Corporation, 2007, 2, 25, 129]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\KAV2006\KAVIPC2.DLL]  [Kingsoft Corporation, 2004, 12, 28, 20]
    [C:\Program Files\Internet Explorer\PLUGINS\System64.Sys]  [N/A, ]
    [C:\KAV2006\KAECall2.DLL]  [Kingsoft Corporation, 2004, 12, 28, 7]
    [C:\KAV2006\KAEPlat.DLL]  [Kingsoft Corp., 2006, 8, 29, 60]
    [C:\KAV2006\KAEMem.DAT]  [Kingsoft, 2006, 9, 25, 16]
    [C:\KAV2006\KAEUnpack.DAT]  [Kingsoft Corp., 2007, 5, 9, 120]
    [C:\KAV2006\KAConfig.DLL]  [Kingsoft Corporation, 2007, 1, 11, 41]
    [C:\KAV2006\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [C:\KAV2006\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\Program Files\Internet Explorer\IEXPLORE.Sys]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE.Dat]  [N/A, ]
[PID: 2732][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Internet Explorer\PLUGINS\System64.Sys]  [N/A, ]
[PID: 2024][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3736][C:\WINDOWS\system32\l.exe]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\System64.Sys]  [N/A, ]
[PID: 3780][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Internet Explorer\PLUGINS\System64.Sys]  [N/A, ]
[PID: 3796][C:\program files\internet explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Internet Explorer\PLUGINS\System64.Sys]  [N/A, ]
[PID: 2328][C:\WINDOWS\system32\dgd4bs.exe]  [N/A, ]
    [C:\WINDOWS\system32\MSVBVM60.DLL]  [Microsoft Corporation, 6.00.9690]
    [C:\KAV2006\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\KAV2006\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [C:\Program Files\Internet Explorer\PLUGINS\System64.Sys]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE.Dat]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE.Sys]  [N/A, ]
[PID: 936][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\program files\google\googletoolbar2.dll]  [Google Inc., 4, 0, 1601, 4978]
    [E:\迅雷\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.0.4]
    [E:\迅雷\Components\ResWorker\DSIeHelper.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
    [E:\迅雷\Components\ResWorker\DataProcessor.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 1]
    [E:\迅雷\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 2, 17]
    [C:\KAV2006\KAVAFish.DLL]  [Kingsoft Corporation, 2006, 10, 25, 27]
    [C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll]  [Google Inc., 2, 0, 301, 7164]
    [C:\Program Files\Internet Explorer\PLUGINS\System64.Sys]  [N/A, ]
    [C:\KAV2006\KAScript.DLL]  [Kingsoft Corporation, 2006, 12, 11, 72]
    [C:\KAV2006\KAEPlat.DLL]  [Kingsoft Corp., 2006, 8, 29, 60]
    [C:\KAV2006\KAEMem.DAT]  [Kingsoft, 2006, 9, 25, 16]
    [C:\KAV2006\KAEUnpack.DAT]  [Kingsoft Corp., 2007, 5, 9, 120]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\xpsp3res.dll]  [Microsoft Corporation, 5.1.2600.2838 (xpsp_sp2_gdr.060131-1513)]
[PID: 344][I:\abc\abc.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\KAV2006\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\KAV2006\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [C:\Program Files\Internet Explorer\PLUGINS\System64.Sys]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE.Dat]  [N/A, ]
    [C:\Program Files\Internet Explorer\IEXPLORE.Sys]  [N/A, ]
    [C:\DOCUME~1\user\LOCALS~1\Temp\LgSy1.dll]  [N/A, ]
    [C:\DOCUME~1\user\LOCALS~1\Temp\tlzo0.dll]  [N/A, ]
    [C:\DOCUME~1\user\LOCALS~1\Temp\zxzo0.dll]  [N/A, ]
    [C:\DOCUME~1\user\LOCALS~1\Temp\txzo0.dll]  [N/A, ]
    [C:\DOCUME~1\user\LOCALS~1\Temp\fyzo0.dll]  [N/A, ]
    [C:\DOCUME~1\user\LOCALS~1\Temp\LgSy0.dll]  [N/A, ]
    [C:\DOCUME~1\user\LOCALS~1\Temp\Gjzo0.dll]  [N/A, ]
    [C:\DOCUME~1\user\LOCALS~1\Temp\qjzo0.dll]  [N/A, ]
    [C:\DOCUME~1\user\LOCALS~1\Temp\Msxo0.dll]  [N/A, ]
    [C:\DOCUME~1\user\LOCALS~1\Temp\LgSy0r.dll]  [N/A, ]
    [C:\DOCUME~1\user\LOCALS~1\Temp\Ravs0.dll]  [N/A, ]

正在运行的进程（杀毒后）
[PID: 436][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 488][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 512][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 556][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 568][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1392][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\KAV2006\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [C:\KAV2006\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [E:\迅雷\Components\ResWorker\DSIeHelper.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
    [E:\迅雷\Components\ResWorker\DataProcessor.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 1]
    [C:\WINDOWS\system32\nvcpl.dll]  [NVIDIA Corporation, 6.14.10.9381]
    [C:\WINDOWS\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.9381]
    [C:\WINDOWS\system32\nvapi.dll]  [N/A, ]
    [C:\WINDOWS\system32\nvshell.dll]  [, ]
    [E:\迅雷\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 2, 17]
[PID: 1620][C:\KAV2006\KAVStart.exe]  [Kingsoft Corporation, 2007, 5, 9, 272]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\KAV2006\KAVIPC2.DLL]  [Kingsoft Corporation, 2004, 12, 28, 20]
    [C:\KAV2006\SvcTimer.DLL]  [Kingsoft Corporation, 2006.12.22.84]
    [C:\KAV2006\KAVPassp.dll]  [Kingsoft Corporation, 2006, 9, 7, 270]
    [C:\KAV2006\PopSprt3.dll]  [Kingsoft Corporation, 2007, 1, 16, 45]
    [C:\KAV2006\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
[PID: 1680][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\KAV2006\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
[PID: 1784][C:\KAV2006\KMailMon.EXE]  [Kingsoft Corporation, 2007, 2, 25, 948]
    [C:\KAV2006\KAntiSpm.dll]  [Kingsoft Corporation, 2007, 2, 25, 129]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\KAV2006\KAVIPC2.DLL]  [Kingsoft Corporation, 2004, 12, 28, 20]
    [C:\KAV2006\KAECall2.DLL]  [Kingsoft Corporation, 2004, 12, 28, 7]
    [C:\KAV2006\KAEPlat.DLL]  [Kingsoft Corp., 2006, 8, 29, 60]
    [C:\KAV2006\KAEMem.DAT]  [Kingsoft, 2006, 9, 25, 16]
    [C:\KAV2006\KAEUnpack.DAT]  [Kingsoft Corp., 2007, 5, 9, 120]
    [C:\KAV2006\KAConfig.DLL]  [Kingsoft Corporation, 2007, 1, 11, 41]
    [C:\KAV2006\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]
    [C:\KAV2006\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
[PID: 304][I:\abc\abc.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\KAV2006\KMailOEBand.dll]  [Kingsoft Corporation, 2006, 12, 1, 139]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\KAV2006\KASocket.dll]  [Kingsoft Corporation, 2005, 2, 22, 233]

文件关联（中毒后）
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  Error. [winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者（中毒后）
N/A
==================================
Autorun.inf（中毒后）
[E:\]
[AutoRun]
open=SysAuto.exe
shellexecute=SysAuto.exe
shell\打开(&O)\command=SysAuto.exe
==================================
HOSTS 文件（中毒后）
127.0.0.1      localhost
==================================
API HOOK（中毒后）
入口点错误：LoadLibraryExW (危险等级: 一般,  被下面模块所HOOK: C:\KAV2006\KASocket.dll)
==================================
隐藏进程（中毒后）
N/A


文件关联（杀毒后）
杀毒后.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  Error. [winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者（杀毒后）
N/A
==================================
Autorun.inf（杀毒后）
N/A
==================================
HOSTS 文件（杀毒后）
127.0.0.1      localhost
==================================
API HOOK（杀毒后）
入口点错误：LoadLibraryExW (危险等级: 一般,  被下面模块所HOOK: C:\KAV2006\KASocket.dll)
==================================
隐藏进程（杀毒后）
N/A

有四点疑问：
1、我杀毒后，解决了开机时间变为2005年的问题,但不知是否还有残留的DD，请指教！
2、中毒后的毒服务项目[svchost / svchost][Running/Auto Start]<C:\WINDOWS\svchost.exe><N/A>，在删除该服务项目后，对应的C:\WINDOWS\svchost.exe却怎么也找不到了，为什么呢？
3、[Netgroup Packet Filter / NPF][Stopped/Manual Start]<system32\drivers\npf.sys><N/A>这个服务项目到底是不是正常的服务项目？目前貌似尚无一个权威的解释。哪位高手能说说？
4、当时单位别的机器都是能上网的，难道是网管封闭了端口所至（局域网）？如果不是网管的杰作，是否能有病毒能够直接将网络状态改成“电缆已拔出”的状态？
请诸位高手赐教！

--THE END--

还占不哦...不占我就占了哦...呵...