[CODE]

2008-09-04,17:37:28

System Repair Engineer 2.6.11.992
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 3 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Antispy ARP><D:\Program Files\Kingsoft\Antiarp\KASArp.EXE>  [(Verified)KINGSOFT CORPORATION]
    <Foxmail><"D:\Program Files\Tencent\Foxmail\Foxmail.exe" -min>  [(Verified)Tencent Technology(Shenzhen) Company Limited]
    <Google Update><; "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c>  [(Verified)Google Inc]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <SoundMan><; SOUNDMAN.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [(Verified)"RealNetworks, Inc."]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Component Publisher]

==================================
启动文件夹
[QQ游戏启动加速程序]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> D:\PROGRA~1\Tencent\QQGame\Accel.exe [深圳市腾讯计算机系统有限公司]><N>

==================================
服务
[Contrl Center of Storm Media / ccosm][Running/Auto Start]
  <d:\Program Files\StormII\3\stormliv.exe /asservice><北京暴风网际科技有限公司>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[ServiceLayer / ServiceLayer][Stopped/Manual Start]
  <"C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"><Nokia.>
[Apache Tomcat / Tomcat6][Stopped/Manual Start]
  <"d:\Program Files\Apache Software Foundation\Tomcat 6.0\bin\tomcat6.exe" //RS//Tomcat6><Apache Software Foundation>

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AMD Processor Driver / AmdK8][Running/System Start]
  <system32\DRIVERS\AmdK8.sys><Advanced Micro Devices>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
  <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[Kingsoft AntiARP NIDS Driver / KAntiarp][Running/Manual Start]
  <system32\DRIVERS\kantiarp.sys><Kingsoft Corporation>
[Nokia USB Phone Parent / nmwcd][Stopped/Manual Start]
  <system32\drivers\nmwcd.sys><Nokia>
[Nokia USB Generic / nmwcdc][Stopped/Manual Start]
  <system32\drivers\nmwcdc.sys><Nokia>
[Nokia USB Port / nmwcdcj][Stopped/Manual Start]
  <system32\drivers\nmwcdcj.sys><Nokia>
[Nokia USB Modem / nmwcdcm][Stopped/Manual Start]
  <system32\drivers\nmwcdcm.sys><Nokia>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[NVIDIA nForce Networking Controller Driver / NVENETFD][Running/Manual Start]
  <system32\DRIVERS\NVENETFD.sys><NVIDIA Corporation>
[nvgts / nvgts][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\nvgts.sys><NVIDIA Corporation>
[NVIDIA Network Bus Enumerator / nvnetbus][Running/Manual Start]
  <system32\DRIVERS\nvnetbus.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SATALink driver accelerator / SiFilter][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\SiWinAcc.sys><Silicon Image, Inc.>
[ddsxeiservice2 / ddsxeiservice][Running/Manual Start]
  <\??\D:\Program Files\sXe Injected\ddsxei.sys><N/A>

==================================
浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <d:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll, Sun Microsystems, Inc.>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <d:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[Java Plug-in 1.6.0_07]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll, Sun Microsystems, Inc.>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <d:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[Zcom 杂志]
  {4045D313-1D5E-4fe4-93A0-A34630B6A00B} <d:\Zcom\E-Space.exe, 智通无限>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[]
  {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, >
[UploadControl Control]
  {52FF336D-A05D-4A14-A3A1-7B6B4B427F88} <C:\WINDOWS\system32\UPLOAD~1.OCX, 网易（杭州）网络有限公司>
[Java Plug-in 1.6.0_07]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll, Sun Microsystems, Inc.>
[CCTVUpdateInstall]
  {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} <C:\WINDOWS\Downloaded Program Files\CCTVUpdateInstall.dll, >
[Java Plug-in 1.4.2_18]
  {CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_02]
  {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_05]
  {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_07]
  {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_07]
  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll, Sun Microsystems, Inc.>
[PhotoUploadCtrlMini Control]
  {D9306BD1-2325-4C28-8632-B02330C1BB02} <C:\WINDOWS\system32\PHOTOU~1.OCX, 广州网易互动娱乐有限公司>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <d:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Web Browser Applet Control]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\msjava.dll, Microsoft Corporation>
[GerneralPeerID Class]
  {0A47E819-F82E-4D5D-B806-6A9EA94D68CD} <d:\Program Files\Thunder Network\Thunder\Components\InMedia\peerid.dll, >
[iTrusPTA Class]
  {1E0DFFCF-27FF-4574-849B-55007349FEDA} <C:\WINDOWS\system32\aliedit\pta.dll, >
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[ZComActiveX Class]
  {3A7698F3-1BCC-4838-B3BF-EF4E3C5E209A} <d:\Zcom\ZComAgent.dll, 智通无限>
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <d:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, >
[XMP Class]
  {6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
[XDRM]
  {693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[WangWangObj Class]
  {6E213FC7-DD5A-4115-B7E6-D4C7838C361E} <D:\Program Files\Alisoft\WangWang\WangWangX4.dll, 阿里巴巴软件(上海)有限公司>
[Active Desktop Mover]
  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll, Sun Microsystems, Inc.>
[MediaComm Class]
  {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <d:\Program Files\Thunder Network\Thunder\Components\InMedia\MediaAddin17.dll, Thunder Networking Technologies,LTD>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <d:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[Google Update Plugin]
  {90CBC988-683B-4868-BA2B-8A99187D0C55} <C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.2.131.11\npGoogleOneClick5.dll, Google Inc.>
[RMGetLicense Class]
  {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[DapCtrl Class]
  {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.1.5803.60.(375).dll, ShenZhen Thunder Networking Technologies Ltd.>
[AUDIO__WAV Moniker Class]
  {CD3AFA7B-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
[Thunder DapPlayer]
  {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <d:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DapPlayer3.0.5712.71.375.dll, ShenZhen Thunder Networking Technologies Ltd.>
[XPPlayer Class]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Program Files\Common Files\Thunder Network\KanKan\PPlayer.2.0.0.181.(375).dll, Xunlei Networking Technologies,LTD>
[使用UUSee下载]
  <d:\Program Files\uusee\geturltodown.htm, N/A>
[使用UUSee加速播放]
  <d:\Program Files\uusee\geturltoplay.htm, N/A>
[使用迅雷下载]
  <d:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[使用迅雷下载全部链接]
  <d:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[在Foxmail中添加该RSS频道/频道组]
  <res://C:\WINDOWS\system32\fmrsslink.dll/201, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
  <d:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用比特精灵下载(&B)]
  <D:\Program Files\BitSpirit\bsurl.htm, N/A>

用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; CIBA; MAXTHON 2.0)

==================================
正在运行的进程
[PID: 704 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 768 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 792 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 848 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\AppPatch\AcAdProc.dll]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
[PID: 860 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[PID: 1020 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1080 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1200 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1256 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1776 / Administrator][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [d:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.29]
    [d:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 96]
    [d:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_01.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 20]
    [d:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_01.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [D:\Program Files\Nokia\Nokia PC Suite 6\phonebrowser.dll]  [Nokia, 6, 85, 89, 5]
    [D:\Program Files\Nokia\Nokia PC Suite 6\PCSCM.dll]  [Nokia, 6, 85, 107, 5]
    [D:\Program Files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_chi-sc.nlr]  [Nokia, 6, 85, 59, 0]
    [D:\Program Files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr]  [Nokia, 6, 85, 17, 0]
    [d:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\Common Files\JDVTMPDX.dat]  [N/A, ]
    [C:\WINDOWS\system32\icm32.dll]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
    [d:\PROGRA~1\StormII\3\spfa.dll]  [北京暴风网际科技有限公司, 2, 7, 4, 2]
[PID: 1908 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
    [C:\Program Files\Common Files\JDVTMPDX.dat]  [N/A, ]
[PID: 1916 / Administrator][D:\Program Files\Kingsoft\Antiarp\KASArp.EXE]  [Kingsoft Corporation, 2008,01,24,160]
    [D:\Program Files\Kingsoft\Antiarp\kantiarpdevc.dll]  [Kingsoft Corporation, 2007,12,18,123]
    [D:\Program Files\Kingsoft\Antiarp\NetConfig.dll]  [Kingsoft Corporation, 2007,12,18,123]
    [C:\Program Files\Common Files\JDVTMPDX.dat]  [N/A, ]
[PID: 1924 / Administrator][D:\Program Files\Tencent\Foxmail\Foxmail.exe]  [Tencent Inc., 6, 10, 201, 20]
    [C:\WINDOWS\system32\MAPI32.DLL]  [Microsoft Corporation, 1.0.2536.0 (XPClient.010817-1148)]
    [D:\Program Files\Tencent\Foxmail\FoxAntiSpam.dll]  [N/A, ]
    [D:\Program Files\Tencent\Foxmail\pcre.dll]  [N/A, ]
    [D:\Program Files\Tencent\Foxmail\3rdParty\punylib.dll]  [CNNIC, 1, 0, 0, 3]
    [C:\Program Files\Common Files\JDVTMPDX.dat]  [N/A, ]
[PID: 136 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.11.6921]
    [C:\WINDOWS\system32\nvapi.dll]  [NVIDIA Corporation, 6.14.11.6921]
    [C:\Program Files\Common Files\JDVTMPDX.dat]  [N/A, ]
[PID: 932 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1500 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
[PID: 620 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 4000 / Administrator][D:\Program Files\China Mobile\Fetion\VmDotNet\v2.0.50727\FetionVM.exe]  [China Mobile, 1.0.0.0]
    [D:\Program Files\China Mobile\Fetion\VmDotNet\v2.0.50727\rsdeploy.dll]  [Remotesoft Inc., 1, 0, 6, 0]
    [D:\Program Files\China Mobile\Fetion\VmDotNet\v2.0.50727\mscoree.dll]  [Microsoft Corporation, 2.0.50727.1433 (REDBITS.050727-1400)]
    [D:\Program Files\China Mobile\Fetion\VmDotNet\v2.0.50727\FetionVM.rsm]  [N/A, ]
    [D:\Program Files\China Mobile\Fetion\VmDotNet\v2.0.50727\v2.0.50727\mscorwks.dll]  [Microsoft Corporation, 2.0.50727.1433 (REDBITS.050727-1400)]
    [D:\Program Files\China Mobile\Fetion\VmDotNet\v2.0.50727\c\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll]  [Microsoft Corporation, 2.0.50727.1433 (REDBITS.050727-1400)]
    [D:\Program Files\China Mobile\Fetion\VmDotNet\v2.0.50727\v2.0.50727\mscorjit.dll]  [Microsoft Corporation, 2.0.50727.1433 (REDBITS.050727-1400)]
    [D:\Program Files\China Mobile\Fetion\VmDotNet\v2.0.50727\c\windows\assembly\NativeImages_v2.0.50727_32\FetionVM\a87393057972c752eb50061d4235f9ec\FetionVM.ni.exe]  [China Mobile, 1.0.0.0]
    [D:\Program Files\China Mobile\Fetion\VmDotNet\v2.0.50727\System\System.Windows.Forms.dll]  [Microsoft Corporation, 2.0.50727.214 (QFE.050727-2100)]
    [D:\Program Files\China Mobile\Fetion\VmDotNet\v2.0.50727\System\System.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [D:\Program Files\China Mobile\Fetion\ImpsControls.dll]  [China Mobile, 3.0.0.0]
    [D:\Program Files\China Mobile\Fetion\VmDotNet\v2.0.50727\System\System.Drawing.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [D:\Program Files\China Mobile\Fetion\ImpsPcBase.dll]  [China Mobile, 3.0.0.0]
    [D:\Program Files\China Mobile\Fetion\VmDotNet\v2.0.50727\System\System.Xml.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [D:\Program Files\China Mobile\Fetion\ImpsClientBase.dll]  [China Mobile, 3.0.0.0]
    [D:\Program Files\China Mobile\Fetion\ImpsClientUtils.dll]  [China Mobile, 3.0.0.0]
    [D:\Program Files\China Mobile\Fetion\ImpsClientResource.dll]  [China Mobile, 3.0.0.0]
    [D:\Program Files\China Mobile\Fetion\ImpsClientCore.dll]  [China Mobile, 3.0.0.0]
    [D:\Program Files\China Mobile\Fetion\ImpsBase.dll]  [China Mobile, 3.0.0.0]
    [D:\Program Files\China Mobile\Fetion\VmDotNet\v2.0.50727\System\Accessibility.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [D:\Program Files\China Mobile\Fetion\VmDotNet\v2.0.50727\System\System.Configuration.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [D:\Program Files\China Mobile\Fetion\NCindy.dll]  [China Mobile, 3.0.0.0]
    [C:\Program Files\Common Files\JDVTMPDX.dat]  [N/A, ]
    [D:\Program Files\China Mobile\Fetion\Interop.DynamicGifCtlLib.dll]  [ , 1.0.0.0]
    [D:\Program Files\China Mobile\Fetion\ImpsPcCommLayer.dll]  [China Mobile, 3.0.0.0]
    [D:\Program Files\China Mobile\Fetion\ImpsClientData.dll]  [China Mobile, 3.0.0.0]
    [D:\Program Files\China Mobile\Fetion\SQLite.Interop.DLL]  [, 1.0.44.0]
    [D:\Program Files\China Mobile\Fetion\sensmon.dll]  [China Mobile, 1.0.0.1]
    [d:\Program Files\China Mobile\Fetion\DynamicGifCtl.dll]  [China Mobile, 2.0.0.0]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 3.5.0.0]
    [d:\Program Files\SogouInput\Plugin\SgImeWord.dll]  [Sogou.com Inc., 3.5.0.0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 2044 / Administrator][D:\Program Files\Tencent\QQ\QQ.exe]  [TENCENT, 7,1,644,1777]
    [D:\Program Files\Tencent\QQ\QQBaseClassInDll.dll]  [TENCENT, 7,1,644,1777]
    [D:\Program Files\Tencent\QQ\QQHelperDll.dll]  [TENCENT, 7,1,644,1777]
    [D:\Program Files\Tencent\QQ\BasicCtrlDll.dll]  [TENCENT, 7,1,638,1773]
    [D:\Program Files\Tencent\QQ\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [D:\Program Files\Tencent\QQ\RICHED32.DLL]  [Microsoft Corporation, 5.00.2134.1]
    [D:\Program Files\Tencent\QQ\RICHED20.dll]  [Microsoft Corporation, 5.31.23.1218]
    [D:\Program Files\Tencent\QQ\QQAPI.dll]  [TENCENT, 7,1,638,1773]
    [C:\Program Files\Common Files\JDVTMPDX.dat]  [N/A, ]
    [D:\Program Files\Tencent\QQ\LoginCtrl.dll]  [TENCENT, 7,1,644,1777]
    [D:\Program Files\Tencent\QQ\LoginCtrlRes.dll]  [TENCENT, 7,1,644,1777]
    [D:\Program Files\Tencent\QQ\QQRes.dll]  [TENCENT, 7,1,644,1777]
    [D:\Program Files\Tencent\QQ\QQMainFrame.dll]  [N/A, ]
    [D:\Program Files\Tencent\QQ\gdiplus.dll]  [Microsoft Corporation, 5.1.3102.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\Program Files\Tencent\QQ\QQPlugin.dll]  [N/A, ]
    [D:\Program Files\Tencent\QQ\UnReadMsgMgr.dll]  [N/A, ]
    [D:\Program Files\Tencent\QQ\CQQApplication.dll]  [N/A, ]
    [D:\Program Files\Tencent\QQ\FlashAvatarDll.dll]  [, 1, 4, 0, 1]
    [D:\Program Files\Tencent\QQ\NewSkin.dll]  [TENCENT, 7,1,638,1773]
    [D:\Program Files\Tencent\QQ\MailSummary.dll]  [TENCENT, 7,1,638,1773]
    [D:\Program Files\Tencent\QQ\QQSpace.dll]  [TENCENT, 7,1,638,1773]
    [D:\Program Files\Tencent\QQ\vbscript.dll]  [Microsoft Corporation, 5.6.0.7426]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [D:\Program Files\Tencent\QQ\QQKnowledgeSearch.dll]  [TENCENT, 7,1,638,1773]
    [D:\Program Files\Tencent\QQ\OEMApplication.dll]  [TENCENT, 7,1,638,1773]
    [D:\Program Files\Tencent\QQ\QQGroupMng.dll]  [TENCENT, 7,1,638,1773]
    [D:\Program Files\Tencent\QQ\QQAllInOne.dll]  [TENCENT, 7,1,638,1773]
    [D:\Program Files\Tencent\QQ\SCCore.dll]  [TENCENT, 1, 6, 0, 2]
    [D:\Program Files\Tencent\QQ\CameraDll.dll]  [TENCENT, 7,1,638,1773]
    [D:\Program Files\Tencent\QQ\QQPet.dll]  [TENCENT, 7,1,638,1773]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [D:\Program Files\Tencent\QQ\QRingMng.dll]  [N/A, ]
    [D:\Program Files\Tencent\QQ\UserDefinedHead.dll]  [TENCENT, 7,1,638,1773]
    [D:\Program Files\Tencent\QQ\QQConfigPlugin.dll]  [TENCENT, 7,1,638,1773]
    [D:\Program Files\Tencent\QQ\QQCustomFace.dll]  [N/A, ]
    [D:\Program Files\Tencent\QQ\LongConnection.dll]  [TENCENT, 7,1,638,1773]
    [D:\Program Files\Tencent\QQ\QQAvatar.dll]  [N/A, ]
    [D:\Program Files\Tencent\QQ\ImageOle.dll]  [TENCENT, 7,1,638,1773]
    [D:\Program Files\Tencent\QQ\QQLiveQMng.dll]  [TENCENT, 7,1,638,1773]
    [D:\Program Files\Tencent\QQ\QQMagicFace.dll]  [TENCENT, 7,1,638,1773]
    [D:\Program Files\Tencent\QQ\QQSceneMng.dll]  [N/A, ]
    [D:\Program Files\Tencent\QQ\PhoneAPI.dll]  [TENCENT, 7,1,638,1773]
    [D:\Program Files\Tencent\QQ\DialerAllinOne.dll]  [tencent, 1, 4, 0, 0]
    [D:\Program Files\Tencent\QQ\QQSysMsgMng.dll]  [N/A, ]
    [D:\Program Files\Tencent\QQ\BQQApplication.dll]  [N/A, ]
    [D:\Program Files\Tencent\QQ\GroupConnection.dll]  [TENCENT, 7,1,638,1773]
    [D:\Program Files\Tencent\QQ\CommercesMng.dll]  [TENCENT, 7,1,638,1773]
    [D:\Program Files\Tencent\QQ\PersonalDesktop.dll]  [TENCENT, 7,1,638,1773]
    [D:\Program Files\Tencent\QQ\QQAddr.dll]  [深圳市腾讯计算机系统有限公司, 5, 0, 101, 330]
    [D:\Program Files\Tencent\QQ\AddrSearch.dll]  [腾讯科技（深圳）有限公司, 2, 2, 1, 16]
    [C:\WINDOWS\system32\msadp32.acm]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0845)]
[PID: 2020 / Administrator][d:\Program Files\Tencent\QQ\TXPlatform.exe]  [Tencent, 1, 0, 170, 0]
    [C:\Program Files\Common Files\JDVTMPDX.dat]  [N/A, ]
[PID: 2508 / SYSTEM][d:\Program Files\StormII\3\stormliv.exe]  [北京暴风网际科技有限公司, 3, 8, 3, 15]
    [d:\Program Files\StormII\3\MSVCP60.dll]  [Microsoft Corporation, 6.02.3104.0]
[PID: 1620 / Administrator][C:\Documents and Settings\Administrator\桌面\SREngLdr.EXE]  [Smallfrogs Studio, 2.6.11.992]
[PID: 2424 / Administrator][C:\Documents and Settings\Administrator\桌面\SREc41ec331.EXE]  [Smallfrogs Studio, 2.6.11.992]
    [C:\Program Files\Common Files\JDVTMPDX.dat]  [N/A, ]

==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
进程特权扫描
特殊特权被允许： SeDebugPrivilege [PID = 4000, D:\PROGRAM FILES\CHINA MOBILE\FETION\VMDOTNET\V2.0.50727\FETIONVM.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 4000, D:\PROGRAM FILES\CHINA MOBILE\FETION\VMDOTNET\V2.0.50727\FETIONVM.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 1620, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\SRENGLDR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1620, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\SRENGLDR.EXE]

==================================
API HOOK
入口点错误：NtQuerySystemInformation (危险等级: 高,  被下面模块所HOOK: C:\Program Files\Common Files\JDVTMPDX.dat)
入口点错误：NtTerminateProcess (危险等级: 高,  被下面模块所HOOK: C:\Program Files\Common Files\JDVTMPDX.dat)
入口点错误：ZwTerminateProcess (危险等级: 高,  被下面模块所HOOK: C:\Program Files\Common Files\JDVTMPDX.dat)
入口点错误：RegEnumKeyExA (危险等级: 高,  被下面模块所HOOK: C:\Program Files\Common Files\JDVTMPDX.dat)
入口点错误：RegEnumKeyExW (危险等级: 高,  被下面模块所HOOK: C:\Program Files\Common Files\JDVTMPDX.dat)
入口点错误：EnumServicesStatusA (危险等级: 高,  被下面模块所HOOK: C:\Program Files\Common Files\JDVTMPDX.dat)
入口点错误：EnumServicesStatusW (危险等级: 高,  被下面模块所HOOK: C:\Program Files\Common Files\JDVTMPDX.dat)
入口点错误：FindNextFileA (危险等级: 高,  被下面模块所HOOK: C:\Program Files\Common Files\JDVTMPDX.dat)
入口点错误：FindNextFileW (危险等级: 高,  被下面模块所HOOK: C:\Program Files\Common Files\JDVTMPDX.dat)

==================================
隐藏进程
    [3176] C:\WINDOWS\system32\winlogon.exe

==================================


[/CODE]

建议：将C:\Program Files\Common Files\JDVTMPDX.dat用WINRAR压缩，把压缩包发到“可疑文件交流区”鉴定。

找不到JDVTMPDX.dat 这个文件 我开了隐藏文件和系统文件的查看`
请高手救命啊

用冰刃看看

用解压工具WinRAR依路径打开，也找不到吗？？

那就这样：
这里官网下载冰刃，在“文件”中找那文件选择右键菜单的“复制”，将文件复制出来：
http://mail.ustc.edu.cn/~jfpan/download/IceSword122cn.zip

急需要那个文件，千万不能弄不来。

还有你到底有没有其他安全软件被删除的情况？？？

1、下载附件，解压运行其中的wsyscheck.exe；

2、看图操作：

用wsyscheck0204.rar  找不到JDVTMPDX.dat  但用兵刃可以找到 (已复制在附件) 
还有我本来是裸奔(因为是在校园网) 现在装了个 大蜘蛛

中毒后电脑没异常 木马??

用WinRAR 也找不到``
因为没安全软件 所以没其他安全软件被删除的情况

用冰刃删除它

并立即重启电脑

或者我置顶贴文件粉碎器都去试试粉碎去

或者我置顶贴41楼关于用冰刃替换文件头的方式，干掉那文件
http://bbs.ikaka.com/showtopic.aspx?topicid=8442813&page=5