梦幻西游盗号者PE.Win32.PSWTroj.OnLineGames.*在线查毒查出30多个PE.Win32.PSWTroj.OnLineGames.*的病毒（*是不固定的）金山2008套装今天（26号）升级之后杀了，提示重启。我重启机器后金山就不管用了，双击无反应（毒霸，清理专家，网镖均无反应）。我打算重新安装但安装到最后提示安装失败。。。
现在毒霸也没了，请问怎么杀啊？
我是花198元买的正版的金山用户啊。。。在线杀毒又没卡。。。

请下载使用 SREng工具（下载） ，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREngLOG.LOG），其中包含启动项、服务、浏览器加载项、进程和文件关联等信息，把保存的报告日志文件内容复制-粘贴上来.

复制内容到剪贴板

代码:

2008-03-26,15:40:37

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <ISUSPM Startup><C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup>  [InstallShield Software Corporation]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Publisher]
    <nwiz><nwiz.exe /install>  []
    <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <tciocp32><C:\WINDOWS\tciocp32.exe>  []
    <KAVTool><"G:\杀毒\12\121r.com" noshow>  [N/A]
    <mppds><C:\WINDOWS\mppds.exe>  []
    <SHAProc><C:\WINDOWS\SHAProc.exe>  []
    <SoundMan><SoundMan.exe>  [1]
    <MsIMMs32><C:\WINDOWS\MsIMMs32.exE>  []
    <upxdnd><C:\WINDOWS\upxdnd.exe>  []
    <msccrt><C:\WINDOWS\msccrt.exe>  []
    <tooxpaan><C:\WINDOWS\oxanbfni.exe>  []
    <PTSShell><C:\WINDOWS\PTSShell.exe>  []
    <LotusHlp><C:\WINDOWS\LotusHlp.exe>  []
    <Kvsc3><C:\WINDOWS\Kvsc3.exE>  []
    <WINSvr32><C:\WINDOWS\WINSvr32.exE>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\Userinit.exe>  [(Verified)Microsoft Windows Publisher]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{D29DCEE0-457B-45A2-A92D-741B95B7723B}><C:\Program Files\Internet Explorer\PLUGINS\NewSys55.Sys>  []
    <{50632D5C-B71B-4ba0-B012-3DC6F15C011B}><C:\WINDOWS\system32\msosiocp.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
    <IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <7Code><; >  [N/A]
    <CnsMin><; Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32>  [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><; C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <helper.dll><; C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32>  [N/A]
    <hxgame-update><; >  [N/A]
    <ISUSPM Startup><; C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup>  [InstallShield Software Corporation]
    <ISUSScheduler><; "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start>  [InstallShield Software Corporation]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <KavPFW><; >  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <LiveUpatePower><; rem MyUpdate.exe>  [N/A]
    <NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <NvMediaCenter><; RunDLL32.exe NvMCTray.dll,NvTaskbarInit>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <nwiz><; nwiz.exe /install>  []
    <StormCodec_Helper><; "F:\影音风暴\Storm Codec\StormSet.exe" /S /opti>  []
    <VVSN><; >  [N/A]
    <wcmdmgr><; C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch>  [WildTangent, Inc.]
    <yassistse><; >  [N/A]
    <YLive.exe><; C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe>  [N/A]
    <桌面图标文字自动透明><; >  [N/A]

==================================
启动文件夹
N/A

==================================
服务
[A9BC6E2D / A9BC6E2D][Stopped/Auto Start]
  <C:\WINDOWS\system32\F22A5D6D.EXE -k><N/A>
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
  <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Help and Support / helpsvc][Stopped/Auto Start]
  <C:\WINDOWS\system32\interne.exe-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><Microsoft Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Kingsoft Personal Firewall Service / KPfwSvc][Stopped/Auto Start]
  <"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KPfwSvc.EXE"><N/A>
[Kingsoft Antivirus KWatch Service / KWatchSvc][Stopped/Auto Start]
  <"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KWatch.EXE"><N/A>
[max / max][Stopped/Auto Start]
  <><N/A>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Rising Process Communication Center / RsCCenter][Stopped/Auto Start]
  <"G:\瑞性\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>

==================================
驱动程序
[Aero-Info PCI JScard / AIPCI_Device][Running/Manual Start]
  <System32\Drivers\AIPCI.sys><Your Corporation>
[Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]
  <system32\drivers\ALCXSENS.SYS><Sensaura Ltd>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[ATITool Overclocking Utility / ATITool][Stopped/System Start]
  <system32\DRIVERS\ATITool.sys><>
[Antivirus Filter Driver / AvFlt][Stopped/Manual Start]
  <\SystemRoot\system32\drivers\av5flt.sys><N/A>
[BM Win32 Network Adapter / bmnadapter][Stopped/Manual Start]
  <system32\DRIVERS\bmnet.sys><The OpenVPN Project>
[Cdsys / Cdsys][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\cdcd.sys><N/A>
[cjahadgh / cjahadgh][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\cjahadgh.sys><N/A>
[cqit / cqit][Stopped/Auto Start]
  <\??\C:\DOCUME~1\Zll\LOCALS~1\Temp\tmp21.tmp><N/A>
[dohs / dohs][Stopped/Auto Start]
  <\??\C:\DOCUME~1\Zll\LOCALS~1\Temp\tmp55.tmp><N/A>
[drop / drop][Stopped/Auto Start]
  <\??\C:\DOCUME~1\Zll\LOCALS~1\Temp\tmp45.tmp><N/A>
[dtscsi / dtscsi][Running/Manual Start]
  <\SystemRoot\System32\Drivers\dtscsi.sys><N/A>
[ENTECH / ENTECH][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\DRIVERS\ENTECH.SYS><EnTech Taiwan>
[fpids32 / fpids32][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\msosfpids32.sys><N/A>
[GPKiller / GPKiller][Stopped/Auto Start]
  <\SystemRoot\system32\drivers\gpkiller.sys><N/A>
[hidcfjcc / hidcfjcc][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\hidcfjcc.sys><N/A>
[IdeBusDr / IdeBusDr][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\IdeBusDr.sys><Intel Corporation>
[Intel(R) Ultra ATA Controller / IdeChnDr][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\IdeChnDr.sys><Intel Corporation>
[jejjebjj / jejjebjj][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\jejjebjj.sys><N/A>
[jtio / jtio][Stopped/Auto Start]
  <\??\C:\DOCUME~1\Zll\LOCALS~1\Temp\tmp4B.tmp><N/A>
[mhfp / mhfp][Stopped/Auto Start]
  <\??\C:\DOCUME~1\Zll\LOCALS~1\Temp\tmp4D.tmp><N/A>
[mnsf / mnsf][Stopped/Auto Start]
  <\??\C:\DOCUME~1\Zll\LOCALS~1\Temp\tmp2E.tmp><N/A>
[Nokia USB Generic / Nokia USB Generic][Stopped/Manual Start]
  <system32\drivers\nmwcdc.sys><Nokia>
[Nokia USB Modem / Nokia USB Modem][Stopped/Manual Start]
  <system32\drivers\nmwcdcm.sys><Nokia>
[Nokia USB Phone Parent / Nokia USB Phone Parent][Stopped/Manual Start]
  <system32\drivers\nmwcd.sys><Nokia>
[Nokia USB Port / Nokia USB Port][Stopped/Manual Start]
  <system32\drivers\nmwcdcj.sys><Nokia>
[NetGroup Packet Filter Driver / NPF][Stopped/Manual Start]
  <system32\drivers\npf.sys><NetGroup - Politecnico di Torino>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[oreans32 / oreans32][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\oreans32.sys><N/A>
[PnpWmkDrv / PnpWmkDrv][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\PnpWmkDrv.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[sptd / sptd][Running/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[SVKP / SVKP][Running/Auto Start]
  <\??\C:\WINDOWS\system32\SVKP.sys><AntiCracking>
[Nokia CA-42 USB / usb2vcom][Stopped/Manual Start]
  <system32\DRIVERS\usb2vcom.sys><>
[WatchKey / WatchKey][Stopped/Manual Start]
  <System32\Drivers\wdkey.sys><Beijing WatchData System Co., Ltd.>
[WinDriver PNP Client / wdpnp][Stopped/Manual Start]
  <System32\Drivers\wdpnp.sys><Jungo>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[XDva013 / XDva013][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\XDva013.sys><N/A>
[XTrapD12 / XTrapD12][Stopped/Manual Start]
  <\??\D:\英雄Online\XTrap\XTrapD12.sys><N/A>
[ZSMC USB PC Camera / ZSMC301b][Stopped/Manual Start]
  <System32\Drivers\usbVM31b.sys><VM>

==================================
浏览器加载项
[WebThunder Browser Helper]
  {00000AAA-A363-466E-BEF5-9BB68697AA7F} <F:\xunlei\WebThunderBHO_Now.dll, Thunder Networking Technologies,LTD>
[FGCatchUrl]
  {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <F:\网际快车\jccatch.dll, www.flashget.com>
[]
  {D29DCEE0-457B-45A2-A92D-741B95B7723B} <C:\Program Files\Internet Explorer\PLUGINS\NewSys55.Sys, N/A>
[FlashGet GetFlash Class]
  {F156768E-81EF-470C-9057-481BA8380DBA} <F:\网际快车\getflash.dll, www.flashget.com>
[浩方对战平台]
  {0A155D3C-68E2-4215-A47A-E800A446447A} <F:\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司>
[启动WEB迅雷]
  {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[快车]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <F:\网际快车\FlashGet.exe, FlashGet.com>
[KVFileUpdate Class]
  {CA234A53-E68D-44D5-A07C-481C051D0C7B} <C:\WINDOWS\Downloaded Program Files\OLDown.dll, Jiangmin Co.,Ltd>
[KUpdateObj2 Class]
  {D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>
[WebThunder Browser Helper]
  {00000AAA-A363-466E-BEF5-9BB68697AA7F} <F:\xunlei\WebThunderBHO_Now.dll, Thunder Networking Technologies,LTD>
[WebThunder Class]
  {03507A1A-E0C5-4404-AA26-205385C0892D} <, N/A>
[ActiveMovieControl Object]
  {05589FA1-C356-11CE-BF01-00AA0055595A} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[MMCPlayer Class]
  {05C1004E-2596-48E5-8E26-39362985EEB9} <C:\Program Files\Sogou PXP\MMCShell.dll, N/A>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <, N/A>
[ULiveCtrl Control]
  {070CA17A-4BD2-4612-83B4-32B1B9159B47} <C:\WINDOWS\system32\UCLIVE~1.OCX, 北京新浪信息技术有限公司>
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation>
[RealPlayer SMIL Download Handler]
  {224E833B-2CC6-42D9-AE39-90B6A38A4FA2} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[SuperStream Control]
  {285C55C4-B32C-4EC0-8539-BBCE97FDF380} <F:\浩方对~1\SUPERS~1.OCX, 盛大网络>
[XML DOM Document]
  {2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\system32\msxml3.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[WebThunder DapPlayer]
  {2EEDA47E-8D5C-4d7e-B4B6-E16E19218555} <F:\xunlei\DownAndPlay\DapPlayer3.0.41.65.244.dll, ShenZhen Thunder Networking Technologies Ltd.>
[FGCatchUrl]
  {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <F:\网际快车\jccatch.dll, www.flashget.com>
[Tabular Data Control]
  {333C7BC4-460F-11D0-BC04-0080C7055A83} <C:\WINDOWS\system32\tdc.ocx, Microsoft Corporation>
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, N/A>
[KLeakScan Class]
  {4BB7444F-E4DA-4E02-AAAD-505A0E9855D4} <C:\Program Files\KOS\KosClean.dll, Kingsoft Corporation>
[HHCtrl Object]
  {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[XMP Class]
  {6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
[Microsoft 外壳 UI 帮助程序]
  {64AB4BB7-111E-11D1-8F79-00C04FC2FBE1} <%SystemRoot%\system32\shdocvw.dll, N/A>
[XDRM]
  {693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Active Desktop Mover]
  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[MediaComm Class]
  {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <F:\xunlei\InMedia\MediaAddin13.dll, Thunder Networking Technologies,LTD>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[RMGetLicense Class]
  {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[Google Toolbar Helper]
  {AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, N/A>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Microsoft DirectAnimation Control]
  {B6FFC24C-7E13-11D0-9B47-00C04FC2F51D} <C:\WINDOWS\system32\danim.dll, Microsoft Corporation>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[OWSMiscApis Class]
  {BDEADE44-C265-11D0-BCED-00A0C90AB50F} <G:\OFFICE~1\Office\OWS.DLL, >
[KScanSpyWare Class]
  {C847FDE7-B612-47ED-B32C-4000C9DD26B6} <C:\Program Files\KOS\KosClean.dll, Kingsoft Corporation>
[Adobe Acrobat Control for ActiveX]
  {CA8A9780-280D-11CF-A24D-444553540000} <g:\ACROBA~1.0\Reader\ActiveX\pdf.ocx, Adobe Systems Incorporated>
[QQPlayerSvr Proxy Control]
  {CD108273-D434-43E6-AA90-1469F97EB398} <C:\Program Files\Tencent\QQ\QQPlayerProxy.dll, Tencent>
[AUDIO__MID Moniker Class]
  {CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__WAV Moniker Class]
  {CD3AFA7B-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
  {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
  {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[IEDown Class]
  {D0A29C6C-AA71-4423-8C4A-5998B774C448} <C:\WINDOWS\system32\GLIEDown2.dll, 联众公司>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[]
  {D29DCEE0-457B-45A2-A92D-741B95B7723B} <C:\Program Files\Internet Explorer\PLUGINS\NewSys55.Sys, N/A>
[KUpdateObj2 Class]
  {D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, Kingsoft Corporation>
[KVirusScan Class]
  {E176B817-4905-4CDF-8C9C-0AF3EA3B4AC7} <C:\Program Files\KOS\KosClean.dll, Kingsoft Corporation>
[KAccountManager Class]
  {E176B817-4905-4CDF-8C9C-0AF3EA3B4AC9} <C:\Program Files\KOS\KosClean.dll, Kingsoft Corporation>
[Thunder DapCtrl]
  {EF1EA76E-5428-4e40-85A1-D4DD2893183A} <F:\xunlei\DownAndPlay\DapCtrl1.2.13.16.244.dll, ShenZhen Thunder Networking Technologies Ltd.>
[FlashGet GetFlash Class]
  {F156768E-81EF-470C-9057-481BA8380DBA} <F:\网际快车\getflash.dll, www.flashget.com>
[XPPlayer Class]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\pplayer.dll_1_work, Thunder>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A>
[IEDown Class]
  {F917534D-535B-416B-8E8F-0C04756C31A8} <C:\WINDOWS\system32\GLIEDown2.dll, 联众公司>
[FGCatchUrl]
  {FB5DA724-162B-11D3-8B9B-AA70B4B0B524} <F:\网际快车\jccatch.dll, www.flashget.com>
[&V使用Vagaa哇嘎下载]
  <G:\s7-200\Help\Vagaa\Data\vg.htm, N/A>
[&使用快车(FlashGet)下载]
  <F:\网际快车\jc_link.htm, N/A>
[&使用快车(FlashGet)下载全部链接]
  <F:\网际快车\jc_all.htm, N/A>
[使用Web迅雷下载]
  <F:\xunlei\GetUrl.htm, N/A>
[使用Web迅雷下载全部链接]
  <F:\xunlei\GetAllUrl.htm, N/A>

==================================
正在运行的进程
[PID: 504 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 552 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 576 / SYSTEM][\??\C:\WINDOWS\SYSTEM32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\SYSTEM32\duygnef.dll]  [N/A, ]
    [C:\WINDOWS\SYSTEM32\ijougiemnaw.dll]  [N/A, ]
    [C:\WINDOWS\SYSTEM32\pahzij.dll]  [N/A, ]
    [C:\WINDOWS\SYSTEM32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 624 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\duygnef.dll]  [N/A, ]
    [C:\WINDOWS\system32\ijougiemnaw.dll]  [N/A, ]
    [C:\WINDOWS\system32\pahzij.dll]  [N/A, ]
[PID: 636 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\duygnef.dll]  [N/A, ]
    [C:\WINDOWS\system32\ijougiemnaw.dll]  [N/A, ]
    [C:\WINDOWS\system32\pahzij.dll]  [N/A, ]
[PID: 796 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\duygnef.dll]  [N/A, ]
    [C:\WINDOWS\system32\ijougiemnaw.dll]  [N/A, ]
    [C:\WINDOWS\system32\pahzij.dll]  [N/A, ]
[PID: 844 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\duygnef.dll]  [N/A, ]
    [C:\WINDOWS\system32\ijougiemnaw.dll]  [N/A, ]
    [C:\WINDOWS\system32\pahzij.dll]  [N/A, ]
[PID: 932 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\duygnef.dll]  [N/A, ]
    [C:\WINDOWS\System32\ijougiemnaw.dll]  [N/A, ]
    [C:\WINDOWS\System32\pahzij.dll]  [N/A, ]
    [C:\WINDOWS\system32\wups2.dll]  [Microsoft Corporation, 7.0.6000.374 (winmain(wmbla).070416-2057)]
[PID: 972 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\duygnef.dll]  [N/A, ]
    [C:\WINDOWS\system32\ijougiemnaw.dll]  [N/A, ]
    [C:\WINDOWS\system32\pahzij.dll]  [N/A, ]
[PID: 1076 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\duygnef.dll]  [N/A, ]
    [C:\WINDOWS\system32\ijougiemnaw.dll]  [N/A, ]
    [C:\WINDOWS\system32\pahzij.dll]  [N/A, ]
[PID: 1292 / Zll][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\duygnef.dll]  [N/A, ]
    [C:\WINDOWS\system32\ijougiemnaw.dll]  [N/A, ]
    [C:\WINDOWS\system32\pahzij.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\NewSys55.Sys]  [N/A, ]
    [C:\WINDOWS\system32\tciocp32.dll]  [N/A, ]
    [C:\WINDOWS\system32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\system32\SHAProc.dat]  [N/A, ]
    [C:\WINDOWS\system32\MsIMMs32.dll]  [N/A, ]
    [C:\WINDOWS\system32\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\system32\msccrt.dll]  [N/A, ]
    [C:\WINDOWS\system32\hojaatyf.dll]  [N/A, ]
    [C:\WINDOWS\system32\PTSShell.dll]  [N/A, ]
    [C:\WINDOWS\system32\LotusHlp.dll]  [N/A, ]
    [C:\WINDOWS\system32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\system32\WINSvr32.dll]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\nvcpl.dll]  [NVIDIA Corporation, 6.14.10.8198]
    [C:\WINDOWS\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.8198]
    [C:\WINDOWS\system32\nvshell.dll]  [, ]
    [F:\xunlei\WebThunderBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 52]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\WINDOWS\system32\msosiocp.dll]  [N/A, ]
[PID: 1416 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\duygnef.dll]  [N/A, ]
    [C:\WINDOWS\system32\ijougiemnaw.dll]  [N/A, ]
    [C:\WINDOWS\system32\pahzij.dll]  [N/A, ]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\vprproc.dll]  [Windows (R) 2000 DDK provider, 5.00.2195.1620]
[PID: 2004 / Zll][C:\WINDOWS\SoundMan.exe]  [1, 1.00]
    [C:\WINDOWS\system32\MSVBVM60.DLL]  [Microsoft Corporation, 6.00.9782]
    [C:\WINDOWS\system32\duygnef.dll]  [N/A, ]
    [C:\WINDOWS\system32\ijougiemnaw.dll]  [N/A, ]
    [C:\WINDOWS\system32\pahzij.dll]  [N/A, ]
    [C:\WINDOWS\system32\vb6chs.dll]  [Microsoft Corporation, 6.00.8988]
[PID: 2028 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.8198]
    [C:\WINDOWS\system32\duygnef.dll]  [N/A, ]
    [C:\WINDOWS\system32\ijougiemnaw.dll]  [N/A, ]
    [C:\WINDOWS\system32\pahzij.dll]  [N/A, ]
[PID: 1892 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\duygnef.dll]  [N/A, ]
    [C:\WINDOWS\system32\ijougiemnaw.dll]  [N/A, ]
    [C:\WINDOWS\system32\pahzij.dll]  [N/A, ]
[PID: 412 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
    [C:\WINDOWS\system32\duygnef.dll]  [N/A, ]
    [C:\WINDOWS\system32\ijougiemnaw.dll]  [N/A, ]
    [C:\WINDOWS\system32\pahzij.dll]  [N/A, ]
[PID: 1284 / Zll][C:\Program Files\Maxthon\Maxthon.exe]  [Maxthon International Ltd., 1, 6, 1, 22]
    [C:\Program Files\Maxthon\maxzlib.dll]  [ , 1, 0, 0, 2]
    [C:\WINDOWS\system32\duygnef.dll]  [N/A, ]
    [C:\WINDOWS\system32\ijougiemnaw.dll]  [N/A, ]
    [C:\WINDOWS\system32\pahzij.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\NewSys55.Sys]  [N/A, ]
    [F:\xunlei\WebThunderBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 52]
    [C:\WINDOWS\system32\odbcbcp.dll]  [Microsoft Corporation, 2000.085.1117.00 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\mscoree.dll]  [Microsoft Corporation, 1.1.4322.573]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CorperfmonExt.dll]  [Microsoft Corporation, 1.1.4322.573]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\LotusHlp.dll]  [N/A, ]
    [C:\WINDOWS\system32\PTSShell.dll]  [N/A, ]
    [C:\WINDOWS\system32\SHAProc.dat]  [N/A, ]
    [C:\Program Files\Maxthon\Services\RealTime\real_time.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\WINSvr32.dll]  [N/A, ]
    [C:\WINDOWS\system32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\system32\hojaatyf.dll]  [N/A, ]
    [C:\WINDOWS\system32\msccrt.dll]  [N/A, ]
    [C:\WINDOWS\system32\MsIMMs32.dll]  [N/A, ]
    [C:\WINDOWS\system32\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\system32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\system32\tciocp32.dll]  [N/A, ]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [F:\影音风暴\Storm Codec\Codecs\VSFilter.dll]  [Gabest, 1, 0, 1, 3]
    [F:\影音风暴\Storm Codec\Codecs\PmpSplt.ax]  [cooleyes, 1, 0, 0, 8]
    [C:\WINDOWS\system32\ffdshow.ax]  [, 1.0.2.2028]
    [C:\WINDOWS\wt\webdriver\wtwmplug.ax]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
[PID: 2868 / SYSTEM][C:\WINDOWS\system32\wuauclt.exe]  [Microsoft Corporation, 7.0.6000.374 (winmain(wmbla).070416-2057)]
    [C:\WINDOWS\system32\duygnef.dll]  [N/A, ]
    [C:\WINDOWS\system32\ijougiemnaw.dll]  [N/A, ]
    [C:\WINDOWS\system32\pahzij.dll]  [N/A, ]
    [C:\WINDOWS\system32\wups2.dll]  [Microsoft Corporation, 7.0.6000.374 (winmain(wmbla).070416-2057)]
[PID: 3024 / Zll][G:\金山\sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\WINDOWS\system32\duygnef.dll]  [N/A, ]
    [C:\WINDOWS\system32\ijougiemnaw.dll]  [N/A, ]
    [C:\WINDOWS\system32\pahzij.dll]  [N/A, ]
    [C:\Program Files\Internet Explorer\PLUGINS\NewSys55.Sys]  [N/A, ]
    [C:\WINDOWS\system32\LotusHlp.dll]  [N/A, ]
    [C:\WINDOWS\system32\PTSShell.dll]  [N/A, ]
    [C:\WINDOWS\system32\SHAProc.dat]  [N/A, ]
    [C:\WINDOWS\system32\WINSvr32.dll]  [N/A, ]
    [C:\WINDOWS\system32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\system32\hojaatyf.dll]  [N/A, ]
    [C:\WINDOWS\system32\msccrt.dll]  [N/A, ]
    [C:\WINDOWS\system32\MsIMMs32.dll]  [N/A, ]
    [C:\WINDOWS\system32\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\system32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\system32\tciocp32.dll]  [N/A, ]
    [G:\金山\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  Error. [winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1        js.k0102.com
127.0.0.1        360.gxgxy.net
127.0.0.1        w.c0mo.com
127.0.0.1        jj.gxgxy.net

==================================
进程特权扫描
特殊特权被允许： SeDebugPrivilege [PID = 1284, C:\PROGRAM FILES\MAXTHON\MAXTHON.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1284, C:\PROGRAM FILES\MAXTHON\MAXTHON.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================

新下载的清理专家和杀毒主程序都安装了，安装之后双击桌面图标无反应

[2008/3/26 15:50:3] Start SetupWizard on INSTALL mode for Kingsoft Internet Security Suit.

[RegisterComponents] ...
  Failed:   Register G:\金山\Kingsoft Internet Security 2008\Flash.OCX with result #5.
  Successfully:   Register G:\金山\Kingsoft Internet Security 2008\KAVEvent.DLL with result #0.

[RegisterServers_DB] ...
  Failed:  Register BootClean with result #-1.
  Successfully:   [WRITE REGISTRY] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\KavPFW="G:\金山\Kingsoft Internet Security 2008\KAVPFW.exe" with result #0.
  Successfully:   [WRITE REGISTRY] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\KavStart="G:\金山\Kingsoft Internet Security 2008\KAVStart.exe" -startup with result #0.
  Successfully:   Register KISSvc server with result #0.
  Successfully:   Register KWatch server with result #0.
  Failed:   Register KPfwSvc server with result #-2147467259.

[StartService_PFW] ...
  Successfully:   LaunchAppEx for G:\金山\Kingsoft Internet Security 2008\KPfwSvc.EXE -r successfully.
  Failed:   Exit code from G:\金山\Kingsoft Internet Security 2008\KPfwSvc.EXE is -2147467259.

[StartService_DB] ...
  Successfully:   LaunchAppEx for G:\金山\Kingsoft Internet Security 2008\KISSvc.EXE /start successfully.
  Failed:   Exit code from G:\金山\Kingsoft Internet Security 2008\KISSvc.EXE is 1307.
  Successfully:   LaunchAppEx for G:\金山\Kingsoft Internet Security 2008\KWatch.exe /start successfully.
  Failed:   Exit code from G:\金山\Kingsoft Internet Security 2008\KWatch.exe is -2147467259.
  Successfully:   Launch G:\金山\Kingsoft Internet Security 2008\KavStart.exe successfully.


Install Failed!

在线等啊！单位机器，不知道怎么就中这招了。。。

病毒还是挺多的
c:\windows\system32\duygnef.dll
c:\windows\system32\ijougiemnaw.dll
c:\windows\system32\pahzij.dll
c:\program files\internet explorer\plugins\newsys55.sys
c:\windows\system32\hojaatyf.dll
c:\windows\system32\kvsc3.dll
c:\windows\system32\lotushlp.dll
c:\windows\system32\mppds.dll
c:\windows\system32\msccrt.dll
c:\windows\system32\msimms32.dll
c:\windows\system32\msosiocp.dll
c:\windows\system32\ptsshell.dll
c:\windows\system32\shaproc.dat
c:\windows\system32\tciocp32.dll
c:\windows\system32\upxdnd.dll
c:\windows\system32\winsvr32.dll
c:\windows\soundman.exe
c:\windows\winsvr32.exe
c:\windows\kvsc3.exe
c:\windows\lotushlp.exe
c:\windows\ptsshell.exe
c:\windows\oxanbfni.exe
c:\windows\msccrt.exe
c:\windows\upxdnd.exe
c:\windows\msimms32.exe
c:\windows\shaproc.exe
c:\windows\mppds.exe
c:\windows\tciocp32.exe
c:\windows\system32\f22a5d6d.exe
c:\docume~1\zll\locals~1\temp\tmp2e.tmp
c:\docume~1\zll\locals~1\temp\tmp4d.tmp
c:\docume~1\zll\locals~1\temp\tmp4b.tmp
c:\windows\system32\drivers\jejjebjj.sys
c:\windows\system32\drivers\hidcfjcc.sys
c:\windows\system32\drivers\gpkiller.sys
c:\windows\system32\drivers\msosfpids32.sys
c:\windows\system32\drivers\dtscsi.sys
c:\docume~1\zll\locals~1\temp\tmp45.tmp
c:\docume~1\zll\locals~1\temp\tmp55.tmp
c:\docume~1\zll\locals~1\temp\tmp21.tmp
c:\windows\system32\drivers\cjahadgh.sys
c:\windows\system32\cdcd.sys
c:\windows\system32\drivers\av5flt.sys

引用:

  
建议使用XDelBox删除以上文件(XDelBox1.6下载)使用说明：删除时复制所有要删除文件的路径，在待删除文件列表里点击右键选择从剪贴板导入，导入后在要删除文件上点击右键，选择立刻重启删除，电脑会重启进入DOS界面进行删除操作。建议解压缩任意文件再运行xdelbox，运行前最好卸载所有可移动存储介质（包括U盘，MP3，手机存储卡等）。[选择备份，勾选“抑制文件再生”有提示不存在该文件就忽略,继续添加其它文件]

注：以下操作如果觉得有困难，可以省略，是清理注册表垃圾信息的扫尾，但同时需要指出，如果不处理可能会出现开机报“加载……失败”的错误提示

SREng的常见操作http://bbs.duba.net/thread-21830192-1-1.html
【以下操作有风险，必须看懂上面的方法再操作。】
【打开SREng后提醒“警告！下面的函数内容与预期值不符他们可能被一些恶意的软件所修改”的错误请忽略，是您装杀软后的正常修改。】
2.删除重启后使用SREng修复下面各项：

    启动项目 －－ 注册表之如下项删除：
[{50632D5C-B71B-4ba0-B012-3DC6F15C011B}]    <C:\WINDOWS\system32\msosiocp.dll>
[{D29DCEE0-457B-45A2-A92D-741B95B7723B}]    <C:\Program Files\Internet Explorer\PLUGINS\NewSys55.Sys>
[WINSvr32]    <C:\WINDOWS\WINSvr32.exE>
[Kvsc3]    <C:\WINDOWS\Kvsc3.exE>
[LotusHlp]    <C:\WINDOWS\LotusHlp.exe>
[PTSShell]    <C:\WINDOWS\PTSShell.exe>
[tooxpaan]    <C:\WINDOWS\oxanbfni.exe>
[msccrt]    <C:\WINDOWS\msccrt.exe>
[upxdnd]    <C:\WINDOWS\upxdnd.exe>
[MsIMMs32]    <C:\WINDOWS\MsIMMs32.exE>
[SHAProc]    <C:\WINDOWS\SHAProc.exe>
[mppds]    <C:\WINDOWS\mppds.exe>
[tciocp32]    <C:\WINDOWS\tciocp32.exe>
[SoundMan]    <SoundMan.exe>

    启动项目 －－ 服务 －－ Win32服务应用程序之如下项删除：
[A9BC6E2D / A9BC6E2D]    <C:\WINDOWS\system32\F22A5D6D.EXE -k>
[max / max]    <>

    启动项目 －－ 服务－－ 驱动程序之如下项删除：
[mnsf / mnsf]    <\??\C:\DOCUME~1\Zll\LOCALS~1\Temp\tmp2E.tmp>
[mhfp / mhfp]    <\??\C:\DOCUME~1\Zll\LOCALS~1\Temp\tmp4D.tmp>
[jtio / jtio]    <\??\C:\DOCUME~1\Zll\LOCALS~1\Temp\tmp4B.tmp>
[jejjebjj / jejjebjj]    <\SystemRoot\system32\drivers\jejjebjj.sys>
[hidcfjcc / hidcfjcc]    <\SystemRoot\system32\drivers\hidcfjcc.sys>
[GPKiller / GPKiller]    <\SystemRoot\system32\drivers\gpkiller.sys>
[fpids32 / fpids32]    <\??\C:\WINDOWS\system32\drivers\msosfpids32.sys>
[dtscsi / dtscsi]    <\SystemRoot\System32\Drivers\dtscsi.sys>
[drop / drop]    <\??\C:\DOCUME~1\Zll\LOCALS~1\Temp\tmp45.tmp>
[dohs / dohs]    <\??\C:\DOCUME~1\Zll\LOCALS~1\Temp\tmp55.tmp>
[cqit / cqit]    <\??\C:\DOCUME~1\Zll\LOCALS~1\Temp\tmp21.tmp>
[cjahadgh / cjahadgh]    <\SystemRoot\system32\drivers\cjahadgh.sys>
[Cdsys / Cdsys]    <\??\C:\WINDOWS\system32\cdcd.sys>
[Antivirus Filter Driver / AvFlt]    <\SystemRoot\system32\drivers\av5flt.sys>

    系统修复－－　浏览器加载项之如下项删除：
[]    <C:\Program Files\Internet Explorer\PLUGINS\NewSys55.Sys>

最后，将xdelbox文件夹下的backups文件夹压缩发上来看下，谢谢