进程中有,且有一个Build Reglstry Protects 服务,停止后下次重启会再次启动.....如果删除对应的文件C:\Windows\systme32\BuildRegA.exe,会弹出一个对话框然后重建这个文件

系统没有明显变慢的迹象,就是上网超慢.....一大早就有700-800ms

这是病毒么?还是木马? 虚心求助,谢谢大家


付个日志:

Logfile of HijackThis v1.99.1
Scan saved at 9:09:53, on 2006-11-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\KAV6\KAVSvc.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\KAV6\KpopMon.EXE
C:\KAV6\KAVPFW.EXE
C:\KAV6\KWatchUI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\KAV6\KAVPlus.EXE
C:\WINDOWS\system32\conime.exe
D:\Program Files\Maxthon\Maxthon.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\BuildRegA.exe
C:\WINDOWS\System32\svchost.exe
d:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ZTW\LOCALS~1\Temp\Rar$EX00.547\HijackThis.exe

O2 - BHO: QQOnline-Live - {A42E8C75-6E81-4F2B-8A6D-6D37A5B682DE} - C:\WINDOWS\system32\ColateCel.dll
O3 - Toolbar: 金山毒霸 - {A9BE2902-C447-420A-BB7F-A5DE921E6138} - C:\KAV6\KAIEPlus.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KAVRun] C:\KAV6\KAVRUN.EXE
O4 - HKLM\..\Run: [Kulansyn] C:\KAV6\Kulansyn.EXE
O4 - HKLM\..\Run: [KpopMon] C:\KAV6\KpopMon.EXE
O4 - HKLM\..\Run: [iDuba Personal FireWall] C:\KAV6\KAVPFW.EXE
O4 - HKCU\..\Run: [iDuba Personal FireWall] C:\KAV6\KAVPFW.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &使用迅雷下载 - d:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - d:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - d:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - d:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: 金山毒霸网站 - {e1fc9760-7b95-49cd-80b9-8c9e41017b93} - url:http://www.duba.net (file missing)
O9 - Extra 'Tools' menuitem: 金山毒霸网站 - {e1fc9760-7b95-49cd-80b9-8c9e41017b93} - url:http://www.duba.net (file missing)
O9 - Extra button: 在线查毒 - {f58d36c3-40be-4418-a786-d8fbe3eb3554} - C:\KAV6\kavie.HTM
O9 - Extra 'Tools' menuitem: 在线查毒 - {f58d36c3-40be-4418-a786-d8fbe3eb3554} - C:\KAV6\kavie.HTM
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} (MMCPlayer Class) - http://p3p.sogou.com/MMCShell.cab
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview 控件) - file:///D:/Program%20Files/AutoCAD%202002/AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{C4F594A9-324D-49DB-80DE-BBA448D1B017}: NameServer = 192.168.1.2
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Build Reglstry Proitects (BuildReeg) - Unknown owner - C:\WINDOWS\system32\BuildRegA.exeO23 - Service: Kingsoft AntiVirus Service (kavsvc) - kingsoft Antivirus - C:\KAV6\KAVSvc.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - d:\Program Files\SiSoftware\SiSoftware Sandra Pro Home 2007\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - d:\Program Files\SiSoftware\SiSoftware Sandra Pro Home 2007\RpcSandraSrv.exe
O23 - Service: Registry Remote Protect (ServNRegs) - Unknown owner - C:\WINDOWS\system32\beijin90.exe (file missing)

删不了啊,删掉就弹出个框然后把文件重建了.....

5555~~ 好像还是不行,总会弹出个对话框提示:
"Service 'Build Reglstry Proitects' failed to install with error"

刚刚还发现QQ的键盘加密技术被关掉了.....肯定是木马无疑了....