未知家族病毒分析
扫描结果:
C:\WINDOWS\services.exe --> 与 Trojan.Dragodor 66%相似.


系统活动进程
C:\WINDOWS\SYSTEM32\SMSS.EXE
C:\WINDOWS\SYSTEM32\CSRSS.EXE
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\SYSTEM32\MSACM32.DRV

C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\SYSTEM32\LSASS.EXE
C:\PROGRAM FILES\CHINANET\VNETCLIENT.EXE
C:\PROGRAM FILES\CHINANET\COMMUNICATE.DLL
C:\PROGRAM FILES\CHINANET\DIALMODULE.DLL
C:\PROGRAM FILES\CHINANET\MFC42.DLL
C:\PROGRA~1\CHINANET\CLIENT~1.DLL
C:\PROGRA~1\CHINANET\PLUGIN~1.OCX
C:\PROGRA~1\CHINANET\SIGN.DLL
C:\PROGRA~1\CHINANET\POSTPLUG.DLL
C:\PROGRA~1\CHINANET\ADVERT~1.OCX
C:\PROGRA~1\CHINANET\VNETBS.OCX
C:\PROGRA~1\CHINANET\ACCOUN~2.DLL
C:\PROGRA~1\CHINANET\ACCOUNTMGR.DLL
C:\PROGRA~1\CHINANET\PLUGIN~2.OCX
C:\PROGRA~1\CHINANET\NEWMES~1.DLL
C:\PROGRA~1\CHINANET\PASSCTRL.DLL
C:\WINDOWS\SYSTEM32\WPCAP.DLL
C:\WINDOWS\SYSTEM32\PTHREADVC.DLL
C:\WINDOWS\SYSTEM32\PACKET.DLL
C:\PROGRA~1\CHINANET\PLUGPUSH.DLL
C:\PROGRA~1\CHINANET\ALLINT~1.DLL
C:\PROGRA~1\CHINANET\VNETLO~1.OCX
C:\PROGRA~1\CHINANET\STATNUM.DLL
C:\PROGRA~1\CHINANET\VNETON~1.OCX
C:\PROGRA~1\CHINANET\ALLFUN~1.DLL
C:\PROGRA~1\CHINANET\VNETOPTLOG.DLL
C:\PROGRA~1\CHINANET\DIALOGSTYLE.DLL
C:\PROGRA~1\CHINANET\TIMER.OCX
C:\PROGRA~1\CHINANET\VNETSKIN.OCX
C:\PROGRA~1\CHINANET\VNETUP~1.OCX
C:\WINDOWS\SYSTEM32\MSACM32.DRV
C:\PROGRA~1\CHINANET\DLGSKIN.OCX
C:\WINDOWS\SYSTEM32\MACROMED\FLASH\SWFLASH.OCX

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\SYSTEM32\CTFMON.EXE
C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\HELPSVC.EXE
C:\WINDOWS\SYSTEM32\NVSVC32.EXE
C:\WINDOWS\SYSTEM32\NVRSZHC.DLL

G:\工具安装\RSDETECT.EXE
C:\WINDOWS\SYSTEM32\WDFMGR.EXE
C:\WINDOWS\SERVICES.EXE
C:\WINDOWS\SYSTEM32\MSVBVM60.DLL
C:\WINDOWS\SYSTEM32\VB6CHS.DLL

C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM32\NVCPL.DLL
C:\WINDOWS\SYSTEM32\NVRSZHC.DLL
C:\WINDOWS\SYSTEM32\NVSHELL.DLL
C:\WINDOWS\SYSTEM32\MSACM32.DRV
C:\PROGRAM FILES\WINRAR\RAREXT.DLL

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM32\XUNLEIBHO_V13.DLL
C:\PROGRA~1\CHINANET\VNETTR~1.DLL
C:\PROGRA~1\CHINANET\COMMUNICATE.DLL
C:\PROGRA~1\CHINANET\CLIENT~1.DLL
E:\软件\腾讯QQ\QQIEHELPER.DLL
C:\WINDOWS\SYSTEM32\MSACM32.DRV
C:\WINDOWS\SYSTEM32\MACROMED\FLASH\SWFLASH.OCX

C:\WINDOWS\SYSTEM32\ALG.EXE

普通自启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\SYSTEM32\NVCPL.DLL,NVSTARTUP
services = C:\WINDOWS\SERVICES.EXE

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
services = C:\WINDOWS\SERVICES.EXE

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe = C:\WINDOWS\SYSTEM32\CTFMON.EXE
services = C:\WINDOWS\SERVICES.EXE

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
services = C:\WINDOWS\SERVICES.EXE


AppInit_DLLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs =


系统文件关联
.exe ==> exefile = "%1" %*
.com ==> comfile = "%1" %*
.cmd ==> cmdfile = "%1" %*
.bat ==> batfile = "%1" %*
.txt ==> txtfile = %SystemRoot%\system32\NOTEPAD.EXE %1
.scr ==> scrfile = "%1" /S
.reg ==> regfile = regedit.exe "%1"
.doc ==> WordPad.Document.1 = "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"

其它启动项
D:\Autorun.inf
AUTORUN = D:\pagefile.pif

WIN.INI
RUN = C:\WINDOWS\services.exe

SYSTEM.INI
SHELL = Explorer.exe


Winlogon 启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
crypt32chain = CRYPT32.DLL
cryptnet = CRYPTNET.DLL
cscdll = CSCDLL.DLL
ScCertProp = WLNOTIFY.DLL
Schedule = WLNOTIFY.DLL
sclgntfy = SCLGNTFY.DLL
SensLogn = WLNOTIFY.DLL
termsrv = WLNOTIFY.DLL
wlballoon = WLNOTIFY.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit = C:\WINDOWS\SYSTEM32\USERINIT.EXE,
shell = EXPLORER.EXE


IE - BHO
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{0005A87D-D626-4B3A-84F9-1D9571695F55} = C:\WINDOWS\system32\xunleibho_v13.dll
{4E83D567-4697-4F7B-B1F0-A513B01DB89A} = C:\PROGRA~1\ChinaNet\VNETTR~1.DLL
{54EBD53A-9BC1-480B-966A-843A333CA162} = E:\软件\腾讯QQ\QQIEHelper.dll


Winsock SPI
MSAFD Tcpip [TCP/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [UDP/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [RAW/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
RSVP UDP Service Provider = C:\WINDOWS\SYSTEM32\RSVPSP.DLL
RSVP TCP Service Provider = C:\WINDOWS\SYSTEM32\RSVPSP.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{4AC0F0E7-2F62-4471-B125-3EC710F43AAA}] SEQPACKET 0 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{4AC0F0E7-2F62-4471-B125-3EC710F43AAA}] DATAGRAM 0 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{A68244ED-F4BD-4DB9-8995-90141AD60AE0}] SEQPACKET 1 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{A68244ED-F4BD-4DB9-8995-90141AD60AE0}] DATAGRAM 1 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{EA591507-82EB-4210-AABA-ED31CC9345D8}] SEQPACKET 2 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{EA591507-82EB-4210-AABA-ED31CC9345D8}] DATAGRAM 2 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{5C3DA9E0-FEEB-4509-A3C2-46B4C813A3AC}] SEQPACKET 3 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{5C3DA9E0-FEEB-4509-A3C2-46B4C813A3AC}] DATAGRAM 3 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{2DFAA2E4-3554-421C-98F2-AC8FF0AD7F17}] SEQPACKET 4 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{2DFAA2E4-3554-421C-98F2-AC8FF0AD7F17}] DATAGRAM 4 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL

系统服务项
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
Alerter = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
ALG = C:\WINDOWS\SYSTEM32\ALG.EXE
AppMgmt = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
AudioSrv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
BITS = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Browser = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
CiSvc = C:\WINDOWS\SYSTEM32\CISVC.EXE
ClipSrv = C:\WINDOWS\SYSTEM32\CLIPSRV.EXE
COMSysApp = C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{02D4B3F1-FD88-11D1-960D-00805FC79235}
CryptSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
DcomLaunch = C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH
Dhcp = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
dmadmin = C:\WINDOWS\SYSTEM32\DMADMIN.EXE /COM
dmserver = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Dnscache = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETWORKSERVICE
ERSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Eventlog = C:\WINDOWS\SYSTEM32\SERVICES.EXE
EventSystem = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
FastUserSwitchingCompatibility = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
helpsvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
HidServ = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
HTTPFilter = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K HTTPFILTER
ImapiService = C:\WINDOWS\SYSTEM32\IMAPI.EXE
lanmanserver = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
lanmanworkstation = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
LmHosts = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
Messenger = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
mnmsrvc = C:\WINDOWS\SYSTEM32\MNMSRVC.EXE
MSDTC = C:\WINDOWS\SYSTEM32\MSDTC.EXE
MSIServer = C:\WINDOWS\SYSTEM32\MSIEXEC.EXE /V
NetDDE = C:\WINDOWS\SYSTEM32\NETDDE.EXE
NetDDEdsdm = C:\WINDOWS\SYSTEM32\NETDDE.EXE
Netlogon = C:\WINDOWS\SYSTEM32\LSASS.EXE
Netman = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Nla = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
NtLmSsp = C:\WINDOWS\SYSTEM32\LSASS.EXE
NtmsSvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
NVSvc = C:\WINDOWS\SYSTEM32\NVSVC32.EXE
PlugPlay = C:\WINDOWS\SYSTEM32\SERVICES.EXE
PolicyAgent = C:\WINDOWS\SYSTEM32\LSASS.EXE
ProtectedStorage = C:\WINDOWS\SYSTEM32\LSASS.EXE
RasAuto = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RasMan = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RDSessMgr = C:\WINDOWS\SYSTEM32\SESSMGR.EXE
RemoteAccess = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
RemoteRegistry = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
RpcLocator = C:\WINDOWS\SYSTEM32\LOCATOR.EXE
RpcSs = C:\WINDOWS\SYSTEM32\SVCHOST -K RPCSS
RSVP = C:\WINDOWS\SYSTEM32\RSVP.EXE
SamSs = C:\WINDOWS\SYSTEM32\LSASS.EXE
SCardSvr = C:\WINDOWS\SYSTEM32\SCARDSVR.EXE
Schedule = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
seclogon = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SENS = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SharedAccess = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
ShellHWDetection = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Spooler = C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
srservice = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
SSDPSRV = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
stisvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K IMGSVC
SwPrv = C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{CBDAACDE-7DC6-4340-98BE-80CF549A01E4}
SysmonLog = C:\WINDOWS\SYSTEM32\SMLOGSVC.EXE
TapiSrv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
TermService = C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH
Themes = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
TlntSvr = C:\WINDOWS\SYSTEM32\TLNTSVR.EXE
TrkWks = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
UMWdf = C:\WINDOWS\SYSTEM32\WDFMGR.EXE
upnphost = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
UPS = C:\WINDOWS\SYSTEM32\UPS.EXE
VSS = C:\WINDOWS\SYSTEM32\VSSVC.EXE
W32Time = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WebClient = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
winmgmt = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WmdmPmSN = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
Wmi = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WmiApSrv = C:\WINDOWS\SYSTEM32\WBEM\WMIAPSRV.EXE
wscsvc = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
wuauserv = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
WZCSVC = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS
xmlprov = C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS

为什么没有人 回啊 ！救救我吧 ！我把系统还原了一下 但是别的盘子里还是有许多大小是32KB的怪文件 怎么删也删不掉  而且每个文件夹包括子文件夹里面都有！哪位大哥知道怎么解决就请告诉我吧  急盼！

Logfile of HijackThis v1.99.1
Scan saved at 19:02:37, on 2006-8-4
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ctfmon.exe
E:\软件\迅雷\Thunder.exe
C:\WINDOWS\services.exe
E:\软件\hijackthis\HijackThis.exe

O2 - BHO: ThunderIEHelper - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v13.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - E:\软件\腾讯QQ\QQIEHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: iongwumyuf.exe
O4 - Global Startup: ingieng720.exe
O8 - Extra context menu item: &使用迅雷下载 - E:\软件\迅雷\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - E:\软件\迅雷\getallurl.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - E:\软件\腾讯QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\软件\腾讯QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\软件\腾讯QQ\SendMMS.htm
O9 - Extra button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - D:\浩方对战平台\浩方对战平台\GameClient.exe
O9 - Extra 'Tools' menuitem: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - D:\浩方对战平台\浩方对战平台\GameClient.exe
O9 - Extra button: 番茄花园 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://tomatolei.com (file missing)
O9 - Extra 'Tools' menuitem: 番茄花园 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://tomatolei.com (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\软件\腾讯QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\软件\腾讯QQ\QQ.EXE
O9 - Extra button: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - E:\软件\腾讯QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - E:\软件\腾讯QQ\QQIEHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

谢谢  我马上去下！

下好了 不知道怎么用啊  传什么上来？

2006-08-04,19:18:36

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
    <run><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [NVIDIA Corporation]
    <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [Microsoft Corporation]
    <LiveMonitor><; C:\Program Files\MSI\Live Update 3\LMonitor.exe>  []
    <NVCLOCK><; Rundll32 nvclock.dll,fnNvclock>  [Micro-Star Int'l]
    <NvMediaCenter><; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [NVIDIA Corporation]
    <nwiz><; nwiz.exe /install>  [NVIDIA Corporation]
    <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [Microsoft Corporation]
    <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [Microsoft Corporation]
    <SoundMan><; SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]
    <TkBellExe><; ; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [Microsoft Corporation]

==================================
启动文件夹
服务
[NVIDIA Display Driver Service / NVSvc]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>

==================================
浏览器加载项
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v13.dll, Thunder Networking Technologies,LTD>
[VnetCookie Class]
  {4E83D567-4697-4F7B-B1F0-A513B01DB89A} <c:\PROGRA~1\chinanet\VNETTR~1.DLL, >
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <E:\软件\腾讯QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[浩方对战平台]
  {0A155D3C-68E2-4215-A47A-E800A446447A} <D:\浩方对战平台\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司>
[番茄花园]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://tomatolei.com, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <E:\软件\腾讯QQ\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <E:\软件\腾讯QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v13.dll, Thunder Networking Technologies,LTD>
[VnetCookie Class]
  {4E83D567-4697-4F7B-B1F0-A513B01DB89A} <c:\PROGRA~1\chinanet\VNETTR~1.DLL, >
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <E:\软件\腾讯QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[&使用迅雷下载]
  <E:\软件\迅雷\geturl.htm, N/A>
[&使用迅雷下载全部链接]
  <E:\软件\迅雷\getallurl.htm, N/A>
[添加到QQ自定义面板]
  <E:\软件\腾讯QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <E:\软件\腾讯QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <E:\软件\腾讯QQ\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 552][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 604][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 628][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 672][C:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 684][C:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 844][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 892][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 928][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 980][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1028][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1256][C:\WINDOWS\system32\spoolsv.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1448][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\nvcpl.dll]  <NVIDIA Corporation><6.14.10.7125>
    [C:\WINDOWS\system32\NVRSZHC.DLL]  <NVIDIA Corporation><6.14.10.7125>
    [C:\WINDOWS\system32\nvshell.dll]  <NVIDIA Corporation><6.14.10.10028>
    [C:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
[PID: 1504][C:\WINDOWS\system32\nvsvc32.exe]  <NVIDIA Corporation><6.14.10.7125>
    [C:\WINDOWS\system32\NVRSZHC.DLL]  <NVIDIA Corporation><6.14.10.7125>
[PID: 1556][C:\WINDOWS\system32\wdfmgr.exe]  <Microsoft Corporation><5.2.3790.1230 built by: DNSRV(bld4act)>
[PID: 1776][C:\WINDOWS\system32\ctfmon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1952][C:\WINDOWS\System32\alg.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1796][C:\WINDOWS\services.exe]  <erdfqweuiassfxiosdldxf><5.00.0001>
[PID: 1332][C:\Program Files\ChinaNet\VnetClient.exe]  <><2005, 3, 7, 1>
    [C:\Program Files\ChinaNet\Communicate.dll]  <0><2005, 3, 3, 1>
    [C:\Program Files\ChinaNet\DialModule.dll]  <><2005, 3, 22, 1>
    [C:\PROGRA~1\ChinaNet\CLIENT~1.DLL]  <><2004, 2, 28, 1>
    [C:\PROGRA~1\ChinaNet\PLUGIN~1.OCX]  <><2005, 3, 7, 1>
    [C:\PROGRA~1\ChinaNet\sign.dll]  <0><2004, 12, 1, 1>
    [C:\PROGRA~1\ChinaNet\PostPlug.dll]  <><2004, 12, 16, 2>
    [C:\PROGRA~1\ChinaNet\ADVERT~1.OCX]  <><2004, 12, 30, 0>
    [C:\PROGRA~1\ChinaNet\VnetBs.ocx]  <><2004, 11, 18, 1>
    [C:\PROGRA~1\ChinaNet\ACCOUN~2.DLL]  <><2005, 3, 3, 1>
    [C:\PROGRA~1\ChinaNet\AccountMgr.dll]  <><2005, 3, 7, 2>
    [C:\PROGRA~1\ChinaNet\PLUGIN~2.OCX]  <><2005, 2, 24, 1>
    [C:\PROGRA~1\ChinaNet\NEWMES~1.DLL]  <><2004, 11, 25, 0>
    [C:\PROGRA~1\ChinaNet\PassCtrl.dll]  <><1, 0, 0, 1>
    [C:\WINDOWS\system32\wpcap.dll]  <Politecnico di Torino><3, 0, 0, 18>
    [C:\WINDOWS\system32\pthreadVC.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\packet.dll]  <Politecnico di Torino><3, 0, 0, 18>
    [C:\PROGRA~1\ChinaNet\PlugPush.dll]  <><2004, 12, 21, 1>
    [C:\PROGRA~1\ChinaNet\ALLINT~1.DLL]  <><2004, 11, 23, 1>
    [C:\PROGRA~1\ChinaNet\VNetLog.ocx]  <><2005, 10, 9, 1>
    [C:\PROGRA~1\ChinaNet\StatNum.dll]  <><2004, 11, 18, 1>
    [C:\PROGRA~1\ChinaNet\VNETON~1.OCX]  <><2005, 3, 2, 1>
    [C:\PROGRA~1\ChinaNet\ALLFUN~1.DLL]  <><2005, 3, 9, 1>
    [C:\PROGRA~1\ChinaNet\VnetOptLog.dll]  <><2004, 11, 23, 1>
    [C:\PROGRA~1\ChinaNet\DialogStyle.dll]  <><1, 0, 0, 1>
    [C:\PROGRA~1\ChinaNet\Timer.ocx]  <><2004, 11, 25, 1>
    [C:\PROGRA~1\ChinaNet\VnetSkin.ocx]  <GDDC><1, 0, 0, 1>
    [C:\PROGRA~1\ChinaNet\VNETUP~1.OCX]  <><1, 0, 0, 1>
    [C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx]  <Adobe Systems, Inc.><9,0,16,0>
    [C:\PROGRA~1\ChinaNet\DlgSkin.ocx]  <><1, 0, 0, 1>
[PID: 780][C:\Program Files\Internet Explorer\iexplore.exe]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\xunleibho_v13.dll]  <Thunder Networking Technologies,LTD><4, 6, 0, 48>
    [c:\PROGRA~1\chinanet\VNETTR~1.DLL]  <><2005, 4, 6, 1>
    [c:\PROGRA~1\chinanet\Communicate.dll]  <0><2005, 3, 3, 1>
    [C:\PROGRA~1\ChinaNet\CLIENT~1.DLL]  <><2004, 2, 28, 1>
    [E:\软件\腾讯QQ\QQIEHelper.dll]  <深圳市腾讯计算机系统有限公司><1, 1, 0, 5>
    [C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx]  <Adobe Systems, Inc.><9,0,16,0>
[PID: 316][E:\软件\System Repair Engineer\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>
    [E:\软件\System Repair Engineer\SREng2\Plugins\SREngPluginDemo.SRE]  <Smallfrogs Studio><1, 1, 1, 0>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

但是我硬盘里有好多怪文件啊 名字不一样 但是大小都是32KB

还有啊 我进程中老是有svchost这个进程而且是好多 删也不能删 一删就死机 重启了又有  请问是什么毛病啊？