系统莫名其妙上传数据，数据量还比较大。

电脑环境 windowsXP sp3

安全软件为360安全卫士，账号保险箱

系统补丁基本上全部补齐，未发现电脑有别的异常

但是由于是无线上网，是按流量收费的，进来发现上传数据量经常异常。windows清理助手查找不出问题。

上传数据量特别大。大概以每秒100KB左右的速度上传 数据

下面是DU meter的显示情况

netstat -a
的截图如下：


总是与gxgxy。net 建立ESTABLISHED

sreng日志如下

[code]
2008-11-21,02:27:04
System Repair Engineer 2.7.0.1210
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 3 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描
    计划任务
    API HOOK
    隐藏进程

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <PPS Accelerator><E:\My Program\PPStream\ppsap.exe>  [(Verified)SHANGHAI ZHONGYUAN NETWORKS LIMITED]
    <L08AXLRD_5857933><"F:\Student 2008\Microsoft Student with Encarta Premium 2008 DVD\EDICT.EXE" -m>  [(Verified)Microsoft Corporation]
    <DU Meter><C:\Program Files\DU Meter\DUMeter.exe>  [Hagel Technologies Ltd]
    <Google Update><"C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c>  [(Verified)Google Inc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <360Safetray><C:\Documents and Settings\Administrator\My Documents\360safe-v3.61final\360safe-v3.61final\safemon\360Tray.exe /start>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <Google IME Autoupdater><"C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe">  [(Verified)Google Inc]
    <Adobe Reader Speed Launcher><"C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe">  [(Verified)"Adobe Systems, Incorporated"]
    <360Antiarp><C:\Documents and Settings\Administrator\My Documents\360safe-v3.61final\360safe-v3.61final\antiarp\AntiArp.exe /start>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <UnlockerAssistant><"C:\Program Files\Unlocker\UnlockerAssistant.exe">  [File is missing]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Component Publisher]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <WebCheck><%SystemRoot%\system32\webcheck.dll>  [(Verified)Microsoft Windows Component Publisher]
    <SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Component Publisher]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Component Publisher]
    <IconPackager Repair><E:\My Program\Stardock\Object Desktop\IconPackager\iprepair.dll>  [Stardock.net, Inc]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
    <WinlogonNotify: dimsntfy><%SystemRoot%\System32\dimsntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    <WinlogonNotify: WgaLogon><WgaLogon.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
    <浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [Microsoft Corporation]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINDOWS\system32\sspipes.scr>  [(Verified)Microsoft Windows Component Publisher]
==================================
启动文件夹
[Service Manager]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Service Manager.lnk --> C:\PROGRA~1\MI6841~1\80\Tools\Binn\sqlmangr.exe [Microsoft Corporation]><N>
==================================
服务
[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[Contrl Center of Storm Media / ccosm][Running/Auto Start]
  <E:\My Program\Storm Codec\stormliv.exe /asservice><北京暴风网际科技有限公司>
[Cmb WebProtect Support / CMBWPS][Running/Auto Start]
  <C:\Program Files\CMBCHINA\WebProtect\WPService.exe /start><China Merchants Bank>
[Crypkey License / Crypkey License][Running/Auto Start]
  <crypserv.exe><N/A>
[DU Meter Service / DUMeterSvc][Running/Auto Start]
  <C:\Program Files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService><Hagel Technologies Ltd>
[Google Updater Service / gusvc][Stopped/Manual Start]
  <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[PIXMA Extended Survey Program / IJPLMSVC][Stopped/Auto Start]
  <C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE><(File is missing)>
[MSSQLSERVER / MSSQLSERVER][Running/Auto Start]
  <f:\PROGRA~1\MICROS~1\MSSQL\binn\sqlservr.exe><Microsoft Corporation>
[MSSQLServerADHelper / MSSQLServerADHelper][Stopped/Manual Start]
  <C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe><Microsoft Corporation>
[Remote Packet Capture Protocol v.0 (experimental) / rpcapd][Stopped/Manual Start]
  <"C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini"><CACE Technologies>
[ServiceLayer / ServiceLayer][Stopped/Manual Start]
  <"C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"><Nokia.>
[SQLSERVERAGENT / SQLSERVERAGENT][Stopped/Manual Start]
  <f:\PROGRA~1\MICROS~1\MSSQL\binn\sqlagent.exe><Microsoft Corporation>
==================================
驱动程序
[000883f8 / 000883f8][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\Drivers\000883f8.sys><N/A>
[360AntiArp / 360AntiArp][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\360AntiArp.sys><360安全中心>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[CO_Mon / CO_Mon][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\Drivers\CO_Mon.sys><N/A>
[d347bus / d347bus][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\d347bus.sys><>
[d347prt / d347prt][Running/Boot Start]
  <\SystemRoot\System32\Drivers\d347prt.sys><>
[EagleNT / EagleNT][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\EagleNT.sys><N/A>
[Huawei DataCard USB Modem and USB Serial / hwdatacard][Running/Manual Start]
  <system32\DRIVERS\ewusbmdm.sys><Huawei Technologies Co., Ltd.>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[NetworkX / NetworkX][Running/System Start]
  <\SystemRoot\system32\ckldrv.sys><N/A>
[Nokia USB Phone Parent / nmwcd][Stopped/Manual Start]
  <system32\drivers\ccdcmb.sys><Nokia>
[Nokia USB Generic / nmwcdc][Stopped/Manual Start]
  <system32\drivers\ccdcmbo.sys><Nokia>
[NetGroup Packet Filter Driver / NPF][Stopped/Manual Start]
  <system32\drivers\npf.sys><CACE Technologies>
[DDK PACKET Protocol / Packet][Running/Manual Start]
  <system32\DRIVERS\ProtoDrv.sys><360安全中心>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[BlackBerry 智能手机 / RimUsb][Stopped/Manual Start]
  <System32\Drivers\RimUsb.sys><Research In Motion Limited>
[RIM Virtual Serial Port v2 / RimVSerPort][Running/Manual Start]
  <system32\DRIVERS\RimSerial.sys><Research in Motion Ltd>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\SafeBoxKrnl.sys><360安全中心>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SkyProcs / SkyProcs][Stopped/Manual Start]
  <\??\C:\Documents and Settings\Administrator\桌面\SkyNet\SkyNet\FireWall\SkyProcs.sys><N/A>
[SMC IrCC Miniport Device Driver / SMCIRDA][Running/Manual Start]
  <system32\DRIVERS\smcirda.sys><SMC>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[upperdev / upperdev][Stopped/Manual Start]
  <system32\DRIVERS\usbser_lowerflt.sys><Windows (R) Codename Longhorn DDK provider>
[UsbserFilt / UsbserFilt][Stopped/Manual Start]
  <system32\DRIVERS\usbser_lowerfltj.sys><Windows (R) Codename Longhorn DDK provider>
[Driver for XLPPoEPC Device / XLPPoEPC][Running/Manual Start]
  <system32\DRIVERS\XLPPoEPC.sys><西安信利软件系统公司>
[VIMICRO USB PC Camera (ZC0301PLH) / ZSMC303][Stopped/Manual Start]
  <System32\Drivers\usbVM303.sys><Vimicro Corporation>
[Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Running/Manual Start]
  <system32\drivers\ialmsbw.sys><Intel Corporation>
[Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Running/Manual Start]
  <system32\drivers\ialmkchw.sys><Intel Corporation>
==================================
浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <E:\My Program\迅雷\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[Adobe PDF Link Helper]
  {18DF081C-E8AD-4283-A596-FA578C2EBDC3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll, (Signed) Adobe Systems Incorporated>
[Skype add-on (mastermind)]
  {22BF413B-C6D2-4d91-82A9-A0F997BA588C} <C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll, Skype Technologies S.A.>
[wxbSoftShutDown Class]
  {3597E186-1674-49C8-88C7-580F0357E2BF} <C:\Program Files\MicroShut\DLLRun.dll, N/A>
[WebProtect]
  {53763D1D-9CA8-4C7C-9756-A8E6B8FC063B} <C:\Program Files\CMBCHINA\WebProtect\WebProtect.dll, (Signed) China Merchants Bank>
[Click-to-Call BHO]
  {5C255C8A-E604-49b4-9D64-90988571CECB} <C:\Program Files\Windows Live\Messenger\wlchtc.dll, (Signed) Microsoft Corporation>
[Search Helper]
  {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} <C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll, (Signed) Microsoft Corp.>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <E:\My Program\迅雷\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[Windows Live Sign-in Helper]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, (Signed) Microsoft Corporation>
[CBBrowerBuddy Class]
  {A412E581-59B2-485E-834F-C5F0C0268C79} <e:\Kingsoft\PowerWord Lite\CBEBand.dll, (Signed) Copyright (c) Kingsoft Corporation Limited. All rights reserved.>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Documents and Settings\Administrator\My Documents\360safe-v3.61final\360safe-v3.61final\safemon\safemon.dll, (Signed) 360.CN>
[Windows Live Toolbar Beta]
  {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} <C:\Program Files\Windows Live\Toolbar\wltcore.dll, (Signed) Microsoft Corporation>
[]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <, >
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <E:\My Program\迅雷\Thunder.exe, Thunder Networking Technologies,LTD>
[BlogThisToolbarButton Class]
  {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} <C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll, (Signed) Microsoft Corporation>
[Create Mobile Favorite]
  {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} <E:\PROGRA~1\MICROS~1\INetRepl.dll, (Signed) Microsoft Corporation>
[Create Mobile Favorite]
  {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} <E:\PROGRA~1\MICROS~1\INetRepl.dll, (Signed) Microsoft Corporation>
[Skype add-on (button)]
  {77BF5300-1474-4EC7-9980-D32B190E9B07} <C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll, Skype Technologies S.A.>
[CBBrowerBuddy Class]
  {A412E581-59B2-485E-834F-C5F0C0268C79} <e:\Kingsoft\PowerWord Lite\CBEBand.dll, (Signed) Copyright (c) Kingsoft Corporation Limited. All rights reserved.>
[Encarta Search Bar]
  {B205A35E-1FC4-4CE3-818B-899DBBB3388C} <C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL, (Signed) Microsoft Corporation>
[]
  {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, (Signed) Microsoft Corporation>
[&Windows Live Toolbar Beta]
  {21FA44EF-376D-4D53-9B0F-8A89D3229068} <C:\Program Files\Windows Live\Toolbar\wltcore.dll, (Signed) Microsoft Corporation>
[Edit Class]
  {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\system32\CMBEdit.dll, >
[iTrusPTA Class]
  {1E0DFFCF-27FF-4574-849B-55007349FEDA} <C:\WINDOWS\system32\aliedit\pta.dll, (Signed) >
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, (Signed) >
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, (Signed) Microsoft Corporation>
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\system32\INPUTC~1.DLL, >
[Java Plug-in 1.4.2_13]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\j2re1.4.2_13\bin\npjpi142_13.dll, JavaSoft / Sun Microsystems, Inc.>
[CCTVUpdateInstall]
  {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} <C:\WINDOWS\Downloaded Program Files\CCTVUpdateInstall.dll, (Signed) >
[Java Plug-in 1.4.2_13]
  {CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA} <C:\Program Files\Java\j2re1.4.2_13\bin\npjpi142_13.dll, JavaSoft / Sun Microsystems, Inc.>
[JuniperSetupSP1 Control]
  {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} <C:\WINDOWS\DOWNLO~1\JUNIPE~1.OCX, Juniper Networks>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <E:\My Program\迅雷\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[QuickTime Object]
  {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <E:\My Program\Storm Codec\QTSystem\QTPlugin.ocx, Apple Computer, Inc.>
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, N/A>
[]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <, >
[]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <, >
[GerneralPeerID Class]
  {0A47E819-F82E-4D5D-B806-6A9EA94D68CD} <E:\My Program\迅雷\Components\InMedia\peerid.dll, >
[Adobe PDF Link Helper]
  {18DF081C-E8AD-4283-A596-FA578C2EBDC3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll, (Signed) Adobe Systems Incorporated>
[iTrusPTA Class]
  {1E0DFFCF-27FF-4574-849B-55007349FEDA} <C:\WINDOWS\system32\aliedit\pta.dll, (Signed) >
[Google Update Plugin]
  {20742C4F-F847-47AB-9154-FD89B34913B0} <C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.2.131.27\npGoogleOneClick6.dll, (Signed) Google Inc.>
[]
  {219C3416-8CB2-491A-A3C7-D9FCDDC9D600} <, >
[&Windows Live Toolbar Beta]
  {21FA44EF-376D-4D53-9B0F-8A89D3229068} <C:\Program Files\Windows Live\Toolbar\wltcore.dll, (Signed) Microsoft Corporation>
[Skype add-on (mastermind)]
  {22BF413B-C6D2-4D91-82A9-A0F997BA588C} <C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll, Skype Technologies S.A.>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, (Signed) Microsoft Corporation>
[]
  {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} <, >
[]
  {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} <, >
[HtmlDlgSafeHelper Class]
  {3050F819-98B5-11CF-BB82-00AA00BDCE0B} <C:\WINDOWS\system32\mshtmled.dll, (Signed) Microsoft Corporation>
[wxbSoftShutDown Class]
  {3597E186-1674-49C8-88C7-580F0357E2BF} <C:\Program Files\MicroShut\DLLRun.dll, N/A>
[GDGetTokenInfo Class]
  {3AA9CF07-DF20-48FF-98BE-DED276E40146} <C:\WINDOWS\system32\GDREAD~1.DLL, >
[Confidence Online for Web Applications]
  {3BA494B1-D507-4C11-9BDA-D47E1A65DFCF} <C:\Documents and Settings\Administrator\Application Data\WholeSecurity\AXXPEE.dll, (Signed) WholeSecurity,Inc.>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <E:\My Program\迅雷\ComDlls\ThunderAgent_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, (Signed) >
[TVAnts ActiveX Control]
  {4C833081-D026-4FF8-968F-7EAB660D2FBA} <E:\MYPROG~1\TVAnts\TvantsX.ocx, N/A>
[Microsoft Terminal Services Client Control (redist)]
  {4eb89ff4-7f78-4a0f-8b8d-2bf02e94e4b2} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[Microsoft Terminal Services Client Control (redist)]
  {4EDCB26C-D24C-4e72-AF07-B576699AC0DE} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[WebProtect]
  {53763D1D-9CA8-4C7C-9756-A8E6B8FC063B} <C:\Program Files\CMBCHINA\WebProtect\WebProtect.dll, (Signed) China Merchants Bank>
[Click-to-Call BHO]
  {5C255C8A-E604-49B4-9D64-90988571CECB} <C:\Program Files\Windows Live\Messenger\wlchtc.dll, (Signed) Microsoft Corporation>
[InfoSecNetSign Class]
  {5CB840B5-A94E-4AD9-B785-4866E3B04476} <C:\WINDOWS\system32\ICBCNE~1.DLL, Infosec Technologies Co., Ltd.>
[PowerPlayer Control]
  {5EC7C511-CD0F-42E6-830C-1BD9882F3458} <E:\MYPROG~1\PPStream\110~1.262\POWERP~1.DLL, (Signed) PPStream Inc.>
[XMP Class]
  {6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, Xunlei Networking Technologies,LTD>
[XDRM]
  {693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[WangWangObj Class]
  {6E213FC7-DD5A-4115-B7E6-D4C7838C361E} <E:\Program Files\Alisoft\WangWang\WangWangX6.dll, (Signed) 阿里巴巴软件(上海)有限公司>
[Search Helper]
  {6EBF7485-159F-4BFF-A14F-B9E3AAC4465B} <C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll, (Signed) Microsoft Corp.>
[Microsoft Terminal Services Client Control (redist)]
  {7390f3d8-0439-4c05-91e3-cf5cb290c3d0} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\system32\INPUTC~1.DLL, >
[Microsoft Terminal Services Client Control (redist)]
  {7584c670-2274-4efb-b00b-d6aaba6d3850} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[MediaComm Class]
  {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <E:\My Program\迅雷\Components\InMedia\MediaAddin17.dll, Thunder Networking Technologies,LTD>
[Skype add-on (button)]
  {77BF5300-1474-4EC7-9980-D32B190E9B07} <C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll, Skype Technologies S.A.>
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Documents and Settings\Administrator\My Documents\360safe-v3.61final\360safe-v3.61final\live.dll, (Signed) 360.cn>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, (Signed) Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <E:\My Program\迅雷\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[AxSubmitControl Class]
  {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\system32\SUBMIT~1.DLL, >
[SopCore Control]
  {8FEFF364-6A5F-4966-A917-A3AC28411659} <E:\MYPROG~1\SopCast\sopocx.ocx, www.sopcast.com>
[Windows Live Sign-in Helper]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, (Signed) Microsoft Corporation>
[Microsoft Terminal Services Client Control (redist)]
  {9059f30f-4eb1-4bd2-9fdc-36f43a218f4a} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[CBBrowerBuddy Class]
  {A412E581-59B2-485E-834F-C5F0C0268C79} <e:\Kingsoft\PowerWord Lite\CBEBand.dll, (Signed) Copyright (c) Kingsoft Corporation Limited. All rights reserved.>
[RMGetLicense Class]
  {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, (Signed) Microsoft Corporation>
[CCTVUpdateInstall]
  {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} <C:\WINDOWS\Downloaded Program Files\CCTVUpdateInstall.dll, (Signed) >
[DapCtrl Class]
  {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.1.5805.77.(594).dll, ShenZhen Thunder Networking Technologies Ltd.>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, (Signed) Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Documents and Settings\Administrator\My Documents\360safe-v3.61final\360safe-v3.61final\safemon\safemon.dll, (Signed) 360.CN>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\system\msadc\msadco.dll, (Signed) Microsoft Corporation>
[KooPlayer Control]
  {C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\DOCUME~1\ADMINI~1\APPLIC~1\CCTV\tv\CCTVPL~1.OCX, (Signed) CCTV.COM>
[VIDEO__X_MS_ASF Moniker Class]
  {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <E:\My Program\Storm Codec\Codec\rmoc3260.dll, (Signed) RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, (Signed) Adobe Systems, Inc.>
[BKNet Class]
  {DA0BDD3D-724A-4CED-9456-BE98F04EE72D} <C:\Program Files\VU\BKPlayer.dll, a Bit Cool>
[Windows Live Toolbar Beta]
  {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} <C:\Program Files\Windows Live\Toolbar\wltcore.dll, (Signed) Microsoft Corporation>
[]
  {E2E2DD38-D088-4134-82B7-F2BA38496583} <, >
[JuniperSetupSP1 Control]
  {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} <C:\WINDOWS\DOWNLO~1\JUNIPE~1.OCX, Juniper Networks>
[IcbcSslCacheCleanerCtrl Class]
  {E9707834-5BF7-4CFF-A639-398427DE1991} <C:\WINDOWS\Downloaded Program Files\IcbcSslCacheCleaner.dll, 中国工商银行>
[Thunder DapPlayer]
  {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <E:\My Program\迅雷\Components\DownAndPlay\DapPlayer3.0.5712.71.812.dll, ShenZhen Thunder Networking Technologies Ltd.>
[XPPlayer Class]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Program Files\Common Files\Thunder Network\KanKan\PPlayer.2.1.5853.212.(594).dll, Xunlei Networking Technologies,LTD>
[]
  {FB5F1910-F110-11D2-BB9E-00C04F795683} <, >
[使用迅雷下载]
  <E:\My Program\迅雷\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <E:\My Program\迅雷\Program\getallurl.htm, N/A>
[添加到QQ表情]
  <E:\My Program\QQ\AddEmotion.htm, N/A>
==================================
正在运行的进程
[PID: 844 / SYSTEM][\SystemRoot\System32\smss.exe]  [N/A, ]
[PID: 948 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 976 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[PID: 1020 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1032 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[PID: 1200 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1248 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1284 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1324 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1464 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1680 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1820 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
    [C:\WINDOWS\system32\CNMLM8M.DLL]  [CANON INC., 2.05.2.40]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD8M.DLL]  [CANON INC., 2.05.2.40]
[PID: 372 / SYSTEM][E:\My Program\Storm Codec\stormliv.exe]  [北京暴风网际科技有限公司, 3, 8, 10, 29]
    [E:\My Program\Storm Codec\bfoptdll.dll]  [北京暴风网际科技有限公司, 3, 8, 7, 16]
[PID: 392 / SYSTEM][C:\Program Files\CMBCHINA\WebProtect\WPService.exe]  [China Merchants Bank, 1, 0, 0, 1]
    [C:\Program Files\CMBCHINA\WebProtect\WebProtectPlus.dll]  [China Merchants Bank, 1, 0, 0, 1]
[PID: 404 / SYSTEM][C:\WINDOWS\system32\crypserv.exe]  [N/A, ]
[PID: 444 / SYSTEM][C:\Program Files\DU Meter\DUMeterSvc.exe]  [Hagel Technologies Ltd, 4.0 Build R3009]
    [C:\Program Files\DU Meter\sqlite3.dll]  [Hagel Technologies Ltd, 3.4.2]
[PID: 632 / Administrator][f:\PROGRA~1\MICROS~1\MSSQL\binn\sqlservr.exe]  [Microsoft Corporation, 2000.080.0194.00]
    [f:\PROGRA~1\MICROS~1\MSSQL\binn\OPENDS60.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [f:\PROGRA~1\MICROS~1\MSSQL\binn\UMS.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [f:\PROGRA~1\MICROS~1\MSSQL\binn\SQLSORT.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [f:\PROGRA~1\MICROS~1\MSSQL\binn\Resources\1033\sqlevn70.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [f:\PROGRA~1\MICROS~1\MSSQL\binn\SSNETLIB.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [f:\PROGRA~1\MICROS~1\MSSQL\binn\SSNMPN70.dll]  [Microsoft Corporation, 2000.080.0194.00]
    [f:\PROGRA~1\MICROS~1\MSSQL\binn\SSmsLPCn.dll]  [Microsoft Corporation, 2000.080.0194.00]
[PID: 900 / Administrator][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\Documents and Settings\Administrator\My Documents\360safe-v3.61final\360safe-v3.61final\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [E:\My Program\Stardock\Object Desktop\IconPackager\iprepair.dll]  [Stardock.net, Inc, 3.10.00]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 9.0.0.2008061100]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.CHS]  [Adobe Systems, Inc., 9.0.0.0]
    [C:\WINDOWS\system32\igfxpph.dll]  [Intel Corporation, 3.0.0.2285]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.2285]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.2285]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.2285]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3.0.0.2285]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [E:\My Program\迅雷\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.29]
    [E:\My Program\迅雷\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 96]
    [E:\My Program\迅雷\Components\ResWorker\DsBho_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 20]
    [E:\My Program\迅雷\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
    [E:\Kingsoft\PowerWord Lite\CBSText.dll]  [Copyright (c) Kingsoft Corporation Limited. All rights reserved., 0.0.1.10]
[PID: 1160 / SYSTEM][E:\Study Tools\Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe]  [Microsoft Corporation, 8.0.50727.42 (RTM.050727-4200)]
[PID: 1520 / SYSTEM][E:\Study Tools\Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe]  [Microsoft Corporation, 8.0.50727.42 (RTM.050727-4200)]
[PID: 1592 / Administrator][C:\Documents and Settings\Administrator\My Documents\360safe-v3.61final\360safe-v3.61final\safemon\360Tray.exe]  [奇虎网, 5, 0, 0, 1002]
    [C:\Documents and Settings\Administrator\My Documents\360safe-v3.61final\360safe-v3.61final\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [C:\Documents and Settings\Administrator\My Documents\360safe-v3.61final\360safe-v3.61final\safemon\SafeKrnl.dll]  [奇虎网, 4, 3, 0, 1003]
    [C:\Documents and Settings\Administrator\My Documents\360safe-v3.61final\360safe-v3.61final\AntiAdwa.dll]  [360Safe.com, 4, 2, 0, 1001]
    [C:\Documents and Settings\Administrator\My Documents\360safe-v3.61final\360safe-v3.61final\live.dll]  [360.cn, 1, 0, 1, 1028]
    [E:\My Program\Stardock\Object Desktop\IconPackager\iprepair.dll]  [Stardock.net, Inc, 3.10.00]
    [E:\Kingsoft\PowerWord Lite\CBSText.dll]  [Copyright (c) Kingsoft Corporation Limited. All rights reserved., 0.0.1.10]
[PID: 1500 / Administrator][C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe]  [Google Inc., 1, 0, 0, 1]
    [C:\Documents and Settings\Administrator\My Documents\360safe-v3.61final\360safe-v3.61final\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [E:\Kingsoft\PowerWord Lite\CBSText.dll]  [Copyright (c) Kingsoft Corporation Limited. All rights reserved., 0.0.1.10]
[PID: 1624 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1664 / Administrator][C:\Documents and Settings\Administrator\My Documents\360safe-v3.61final\360safe-v3.61final\antiarp\AntiArp.exe]  [360安全中心, 2, 0, 0, 1008]
    [E:\My Program\Stardock\Object Desktop\IconPackager\iprepair.dll]  [Stardock.net, Inc, 3.10.00]
    [C:\Documents and Settings\Administrator\My Documents\360safe-v3.61final\360safe-v3.61final\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [E:\Kingsoft\PowerWord Lite\CBSText.dll]  [Copyright (c) Kingsoft Corporation Limited. All rights reserved., 0.0.1.10]
[PID: 1988 / Administrator][C:\WINDOWS\system32\wscntfy.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108)]
    [C:\Documents and Settings\Administrator\My Documents\360safe-v3.61final\360safe-v3.61final\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [E:\Kingsoft\PowerWord Lite\CBSText.dll]  [Copyright (c) Kingsoft Corporation Limited. All rights reserved., 0.0.1.10]
[PID: 144 / Administrator][E:\My Program\PPStream\ppsap.exe]  [PPStream Inc, 1, 0, 11, 139]
    [C:\Documents and Settings\Administrator\My Documents\360safe-v3.61final\360safe-v3.61final\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [E:\My Program\PPStream\1.0.11.139\vodnet.dll]  [PPStream Inc., 1, 0, 11, 139]
    [E:\My Program\PPStream\1.0.11.139\vodres.dll]  [PPStream Inc., 1, 0, 11, 139]
    [E:\My Program\PPStream\1.0.11.139\ppssg.dll]  [PPStream Inc., 1, 0, 11, 139]
    [E:\My Program\PPStream\1.1.0.2621\fds.dll]  [PPStream Inc., 1, 0, 0, 82]
    [E:\Kingsoft\PowerWord Lite\CBSText.dll]  [Copyright (c) Kingsoft Corporation Limited. All rights reserved., 0.0.1.10]
[PID: 184 / Administrator][F:\Student 2008\Microsoft Student with Encarta Premium 2008 DVD\EDICT.EXE]  [Microsoft Corporation, 16.0.0.1117]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\MFC80CHS.DLL]  [Microsoft Corporation, 8.00.50727.42]
    [C:\Documents and Settings\Administrator\My Documents\360safe-v3.61final\360safe-v3.61final\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [C:\Program Files\Common Files\Microsoft Shared\Reference 2008\ERSREGPR.DLL]  [, ]
    [C:\Program Files\Common Files\Microsoft Shared\Reference 2008\MSENCDAT.DLL]  [, ]
    [C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll]  [Microsoft Corporation, 5.40.1171.1]
    [C:\Program Files\Common Files\Microsoft Shared\Reference 2008\ENCCONT.DLL]  [, ]
    [E:\My Program\Stardock\Object Desktop\IconPackager\iprepair.dll]  [Stardock.net, Inc, 3.10.00]
    [C:\Program Files\Common Files\Microsoft Shared\Reference 2008\MSENCXML.DLL]  [, ]
    [F:\Student 2008\Microsoft Student with Encarta Premium 2008 DVD\EDICTEIT.EBK]  [, ]
    [C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\itircl54.dll]  [Microsoft Corporation, 5.40.1171.1]
    [F:\Student 2008\Microsoft Student with Encarta Premium 2008 DVD\custsat.dll]  [Microsoft Corporation, 9.0.3790.2428 (srv03_sp1_qfe.050422-1043)]
    [E:\Kingsoft\PowerWord Lite\CBSText.dll]  [Copyright (c) Kingsoft Corporation Limited. All rights reserved., 0.0.1.10]
[PID: 252 / Administrator][C:\Program Files\DU Meter\DUMeter.exe]  [Hagel Technologies Ltd, 4.0 Build R3009]
    [C:\Documents and Settings\Administrator\My Documents\360safe-v3.61final\360safe-v3.61final\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [E:\My Program\Stardock\Object Desktop\IconPackager\iprepair.dll]  [Stardock.net, Inc, 3.10.00]
    [E:\Kingsoft\PowerWord Lite\CBSText.dll]  [Copyright (c) Kingsoft Corporation Limited. All rights reserved., 0.0.1.10]
[PID: 276 / Administrator][C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe]  [Google Inc., 1.2.131.7]
    [C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.2.131.27\goopdate.dll]  [Google Inc., 1.2.131.27]
    [C:\Documents and Settings\Administrator\My Documents\360safe-v3.61final\360safe-v3.61final\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [E:\Kingsoft\PowerWord Lite\CBSText.dll]  [Copyright (c) Kingsoft Corporation Limited. All rights reserved., 0.0.1.10]
[PID: 2160 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
[PID: 2552 / Administrator][C:\Program Files\O2\O2 Broadband USB Modem\O2 Broadband.exe]  [Huawei Technologies Co., Ltd., HOSTA63.11.06.01.02.116]
    [C:\Program Files\O2\O2 Broadband USB Modem\MFC71U.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\O2\O2 Broadband USB Modem\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\O2\O2 Broadband USB Modem\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [E:\My Program\Stardock\Object Desktop\IconPackager\iprepair.dll]  [Stardock.net, Inc, 3.10.00]
    [C:\Documents and Settings\Administrator\My Documents\360safe-v3.61final\360safe-v3.61final\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [C:\Program Files\O2\O2 Broadband USB Modem\HostAPI.dll]  [N/A, ]
    [E:\Kingsoft\PowerWord Lite\CBSText.dll]  [Copyright (c) Kingsoft Corporation Limited. All rights reserved., 0.0.1.10]
[PID: 2900 / Administrator][E:\My Program\QQ\QQ.exe]  [TENCENT, 8,0,714,1791]
    [E:\My Program\QQ\QQBaseClassInDll.dll]  [TENCENT, 8,0,714,1791]
    [E:\My Program\QQ\QQHelperDll.dll]  [TENCENT, 8,0,714,1791]
    [E:\My Program\QQ\BasicCtrlDll.dll]  [TENCENT, 8,0,713,1791]
    [E:\My Program\Stardock\Object Desktop\IconPackager\iprepair.dll]  [Stardock.net, Inc, 3.10.00]
    [C:\Documents and Settings\Administrator\My Documents\360safe-v3.61final\360safe-v3.61final\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [E:\My Program\QQ\QQAPI.dll]  [TENCENT, 8,0,713,1791]
    [E:\My Program\QQ\LoginCtrl.dll]  [TENCENT, 8,0,714,1791]
    [E:\My Program\QQ\LoginCtrlRes.dll]  [TENCENT, 8,0,714,1791]
    [E:\My Program\QQ\QQRes.dll]  [TENCENT, 8,0,714,1791]
    [E:\My Program\QQ\QQMainFrame.dll]  [N/A, ]
    [E:\My Program\QQ\UnReadMsgMgr.dll]  [N/A, ]
    [E:\My Program\QQ\QQPlugin.dll]  [N/A, ]
    [E:\My Program\QQ\CQQApplication.dll]  [N/A, ]
    [E:\My Program\QQ\FlashAvatarDll.dll]  [, 1, 4, 0, 1]
    [E:\My Program\QQ\NewSkin.dll]  [TENCENT, 8,0,713,1791]
    [E:\My Program\QQ\MailSummary.dll]  [TENCENT, 8,0,713,1791]
    [E:\My Program\QQ\QQSpace.dll]  [TENCENT, 8,0,713,1791]
    [E:\My Program\QQ\msdmo.dll]  [, ]
    [E:\My Program\QQ\QQKnowledgeSearch.dll]  [TENCENT, 8,0,713,1791]
    [E:\My Program\QQ\OEMApplication.dll]  [TENCENT, 8,0,713,1791]
    [E:\My Program\QQ\QQGroupMng.dll]  [TENCENT, 8,0,713,1791]
    [E:\My Program\QQ\UserDefinedHead.dll]  [TENCENT, 8,0,713,1791]
    [E:\My Program\QQ\QQAllInOne.dll]  [TENCENT, 8,0,713,1791]
    [E:\My Program\QQ\SCCore.dll]  [TENCENT, 1, 6, 0, 2]
    [E:\My Program\QQ\CameraDll.dll]  [TENCENT, 8,0,713,1791]
    [E:\My Program\QQ\QQCustomFace.dll]  [N/A, ]
    [E:\My Program\QQ\QQPet.dll]  [TENCENT, 8,0,713,1791]
    [E:\My Program\QQ\QRingMng.dll]  [N/A, ]
    [E:\My Program\QQ\QQConfigPlugin.dll]  [TENCENT, 8,0,713,1791]
    [E:\My Program\QQ\ImageOle.dll]  [TENCENT, 8,0,713,1791]
    [E:\My Program\QQ\QQLiveQMng.dll]  [TENCENT, 8,0,713,1791]
    [E:\My Program\QQ\QQMagicFace.dll]  [TENCENT, 8,0,713,1791]
    [E:\My Program\QQ\QQSceneMng.dll]  [N/A, ]
    [E:\My Program\QQ\QQAvatar.dll]  [N/A, ]
    [E:\My Program\QQ\LongConnection.dll]  [TENCENT, 8,0,713,1791]
    [E:\My Program\QQ\PhoneAPI.dll]  [TENCENT, 8,0,713,1791]
    [E:\My Program\QQ\DialerAllinOne.dll]  [tencent, 1, 4, 0, 0]
    [E:\My Program\QQ\QQSysMsgMng.dll]  [N/A, ]
    [E:\My Program\QQ\BQQApplication.dll]  [N/A, ]
    [E:\My Program\QQ\CommercesMng.dll]  [TENCENT, 8,0,713,1791]
    [E:\My Program\QQ\PersonalDesktop.dll]  [TENCENT, 8,0,713,1791]
    [E:\My Program\QQ\QQAddr.dll]  [深圳市腾讯计算机系统有限公司, 5, 0, 101, 330]
    [E:\My Program\QQ\GroupConnection.dll]  [TENCENT, 8,0,713,1791]
    [E:\My Program\QQ\AddrSearch.dll]  [腾讯科技（深圳）有限公司, 2, 2, 1, 19]
    [E:\Kingsoft\PowerWord Lite\CBSText.dll]  [Copyright (c) Kingsoft Corporation Limited. All rights reserved., 0.0.1.10]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx]  [Adobe Systems, Inc., 9,0,124,0]
    [E:\My Program\QQ\QQFileTransfer.dll]  [TENCENT, 8,0,713,1791]
[PID: 2940 / Administrator][E:\My Program\QQ\TXPlatform.exe]  [Tencent, 1, 0, 170, 0]
    [E:\My Program\Stardock\Object Desktop\IconPackager\iprepair.dll]  [Stardock.net, Inc, 3.10.00]
    [C:\Documents and Settings\Administrator\My Documents\360safe-v3.61final\360safe-v3.61final\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [E:\Kingsoft\PowerWord Lite\CBSText.dll]  [Copyright (c) Kingsoft Corporation Limited. All rights reserved., 0.0.1.10]
[PID: 3156 / Administrator][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
    [E:\My Program\Stardock\Object Desktop\IconPackager\iprepair.dll]  [Stardock.net, Inc, 3.10.00]
    [C:\Documents and Settings\Administrator\My Documents\360safe-v3.61final\360safe-v3.61final\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [E:\Kingsoft\PowerWord Lite\CBSText.dll]  [Copyright (c) Kingsoft Corporation Limited. All rights reserved., 0.0.1.10]
[PID: 3888 / Administrator][C:\Program Files\Mozilla Firefox\firefox.exe]  [Mozilla Corporation, 1.8.1.18: 2008102918]
    [C:\Program Files\Mozilla Firefox\js3250.dll]  [Netscape Communications Corporation, 4.0]
    [C:\Program Files\Mozilla Firefox\nspr4.dll]  [Netscape Communications Corporation, 4.6.8]
    [C:\Program Files\Mozilla Firefox\xpcom_core.dll]  [Mozilla Foundation, 1.8.1.18: 2008102918]
    [C:\Program Files\Mozilla Firefox\plc4.dll]  [Netscape Communications Corporation, 4.6.8]
    [C:\Program Files\Mozilla Firefox\plds4.dll]  [Netscape Communications Corporation, 4.6.8]
    [C:\Program Files\Mozilla Firefox\smime3.dll]  [Mozilla Foundation, 3.11.9.0 Basic ECC]
    [C:\Program Files\Mozilla Firefox\nss3.dll]  [Mozilla Foundation, 3.11.9.0 Basic ECC]
    [C:\Program Files\Mozilla Firefox\softokn3.dll]  [Mozilla Foundation, 3.11.4 Basic ECC]
    [C:\Program Files\Mozilla Firefox\ssl3.dll]  [Mozilla Foundation, 3.11.9.0 Basic ECC]
    [C:\Program Files\Mozilla Firefox\xpcom_compat.dll]  [Mozilla Foundation, 1.8.1.18: 2008102918]
    [E:\My Program\Stardock\Object Desktop\IconPackager\iprepair.dll]  [Stardock.net, Inc, 3.10.00]
    [C:\Documents and Settings\Administrator\My Documents\360safe-v3.61final\360safe-v3.61final\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [C:\Program Files\Mozilla Firefox\components\myspell.dll]  [Mozilla Foundation, 1.8.1.18: 2008102918]
    [C:\Program Files\Mozilla Firefox\components\jar50.dll]  [Mozilla Foundation, 1.8.1.18: 2008102918]
    [C:\Program Files\Mozilla Firefox\freebl3.dll]  [Mozilla Foundation, 3.11.4 Basic ECC]
    [C:\Program Files\Mozilla Firefox\nssckbi.dll]  [Mozilla Foundation, 1.65]
    [C:\Program Files\Mozilla Firefox\components\spellchk.dll]  [Mozilla Foundation, 1.8.1.18: 2008102918]
    [C:\WINDOWS\system32\GOOGLEPINYIN.IME]  [Google Inc., ]
    [E:\Kingsoft\PowerWord Lite\CBSText.dll]  [Copyright (c) Kingsoft Corporation Limited. All rights reserved., 0.0.1.10]
[PID: 3716 / Administrator][C:\WINDOWS\system32\cmd.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 4076 / Administrator][E:\Kingsoft\PowerWord Lite\XDict.exe]  [Copyright (c) Kingsoft Corporation Limited. All rights reserved., 0.0.1.233]
    [E:\Kingsoft\PowerWord Lite\CBSelectText.dll]  [Copyright (c) Kingsoft Corporation Limited. All rights reserved., 0.0.1.7]
    [E:\Kingsoft\PowerWord Lite\CBSText.dll]  [Copyright (c) Kingsoft Corporation Limited. All rights reserved., 0.0.1.10]
    [E:\My Program\Stardock\Object Desktop\IconPackager\iprepair.dll]  [Stardock.net, Inc, 3.10.00]
    [C:\Documents and Settings\Administrator\My Documents\360safe-v3.61final\360safe-v3.61final\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [e:\Kingsoft\PowerWord Lite\CBGrabProxy.dll]  [Copyright (c) Kingsoft Corporation Limited. All rights reserved., 0.0.1.85]
    [e:\Kingsoft\PowerWord Lite\CBNetModule.dll]  [Copyright (c) Kingsoft Corporation Limited. All rights reserved., 0.0.1.75]
    [E:\Kingsoft\PowerWord Lite\google_service.dll]  [Google Inc., 1.0.2.5]
    [E:\Kingsoft\PowerWord Lite\KSAudio.dll]  [Copyright (c) Kingsoft Corporation Limited. All rights reserved., 0.0.1.82]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx]  [Adobe Systems, Inc., 9,0,124,0]
    [e:\Kingsoft\PowerWord Lite\CBDPLayer.dll]  [Copyright (c) Kingsoft Corporation Limited. All rights reserved., 0.0.1.112]
    [e:\Kingsoft\PowerWord Lite\Plugin\CBDict08\CBDataSet.dll]  [Copyright (c) Kingsoft Corporation Limited. All rights reserved., 0.0.1.153]
    [e:\Kingsoft\PowerWord Lite\Plugin\CBDict08\CBDBCore11.dll]  [Copyright (c) Kingsoft Corporation Limited. All rights reserved., 0.0.1.107]
    [e:\Kingsoft\PowerWord Lite\CBPassport.dll]  [Copyright (c) Kingsoft Corporation Limited. All rights reserved., 0.0.1.83]
    [e:\Kingsoft\PowerWord Lite\CBParser.dll]  [Copyright (c) Kingsoft Corporation Limited. All rights reserved., 0.0.1.110]
    [e:\Kingsoft\PowerWord Lite\Plugin\CBNetDict08\CBNetDataSet.dll]  [Copyright (c) Kingsoft Corporation Limited. All rights reserved., 0.0.1.56]
    [e:\Kingsoft\PowerWord Lite\plugin\CBGoogleDataSet\CBGoogleDataSet.dll]  [Copyright (c) Kingsoft Corporation Limited. All rights reserved., 0.0.1.8]
    [e:\Kingsoft\PowerWord Lite\cache.dll]  [Copyright (c) Kingsoft Corporation Limited. All rights reserved., 0.0.1.10]
    [C:\WINDOWS\system32\GOOGLEPINYIN.IME]  [Google Inc., ]
    [E:\Kingsoft\PowerWord Lite\dbghelp.dll]  [Microsoft Corporation, 6.5.0003.7 (vbl_core_fbrel(jshay).050527-1915)]
[PID: 2216 / Administrator][C:\Documents and Settings\Administrator\桌面\kztechssuite\SREngLdr.EXE]  [Smallfrogs Studio, 2.7.0.1210]
[PID: 3576 / Administrator][C:\Documents and Settings\Administrator\桌面\kztechssuite\SREb6c5bf4d.EXE]  [Smallfrogs Studio, 2.7.0.1210]
    [E:\My Program\Stardock\Object Desktop\IconPackager\iprepair.dll]  [Stardock.net, Inc, 3.10.00]
    [C:\Documents and Settings\Administrator\My Documents\360safe-v3.61final\360safe-v3.61final\safemon\safemon.dll]  [360.CN, 4, 2, 0, 1005]
    [E:\Kingsoft\PowerWord Lite\CBSText.dll]  [Copyright (c) Kingsoft Corporation Limited. All rights reserved., 0.0.1.10]
    [C:\Documents and Settings\Administrator\桌面\kztechssuite\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
==================================
文件关联
.TXT  Error. [%SystemRoot%\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1  gxgxy.net127.0.0.1  c0mo.com
127.0.0.1  xx.gxgxy.net
127.0.0.1  x.gxgxy.net
127.0.0.1  360.gxgxy.net
127.0.0.1  *.gxgxy.net
==================================
进程特权扫描
特殊特权被允许： SeDebugPrivilege [PID = 252, C:\PROGRAM FILES\DU METER\DUMETER.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2552, C:\PROGRAM FILES\O2\O2 BROADBAND USB MODEM\O2 BROADBAND.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2216, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\KZTECHSSUITE\SRENGLDR.EXE]
==================================
计划任务
N/A
==================================
API HOOK
N/A
==================================
隐藏进程
N/A
==================================
[/code]

跪求高人 解救。

开着网 流量就不停的向上跳。。。

不知不觉开始上传数据


系统没有电驴 bt 等p2p 软件

没有打开迅雷等下载软件。

正常上网 下载和上传的比例 应该是4：1  现在正好相反，变成1：4了。。。。 我都不敢打开拨号上网程序了。

附上syslog

我被他折磨死了，求论坛高人和版主给个面子，帮帮忙吧~

中了个这么神奇的病毒。你说病毒没事使劲下载东西 ，乱访问网站，这正常，他没事给我上传数据，这是干嘛的啊。十分不解。在线等:Q :Q :Q

Autorun

D:\Autorun.inf
    open=autorun.exe [N/A, C:2000-04-28 15:07 M:2000-04-28 15:07]
H:\Autorun.inf
    open=autorun.exe [Huawei Technologies Co., Ltd., 1, 0, 0, 1, C:2007-03-04 02:19 M:2007-03-04 02:19]
Autorun.inf、autorun.exe这两个文件是免疫文件么？如果不是，请传上来看看，上传可能和迅雷有关，即使从设置里面取消上传，仍然可以暗中上传，关掉迅雷再看看

d盘 为虚拟光驱。
H盘 为华为的E220无线modem ，autorun.inf是写在固件了的。
迅雷没有打开，上传速度一般在100Kbs-150kbs左右。

一般联网7-10分钟后开始急速上传。不知道原因在何。

每次上传开始的时候 netstat -a 都会看到 gxgxy.net 这样的内容

楼主把症状写得很详细啊，值得提倡，呵呵:victory:

你按照下面的方法处理一下：

到别的XP SP3的机器上考一个smss.exe，替换你系统中的文件，可以使用这个替换工具[attach]19250[/attach]

路径：c:\windows\system32\smss.exe

然后按照下面的步骤清理

[b]1.建议使用XDelBox删除以下文件[/b]：([url=http://www.dodudou.com/down/index.php?dirpath=./01.原创软件&order=0][color=#2f5fa1]XDelBox最新版[/color][/url])
使用说明：删除时复制所有要删除文件的路径，在待删除文件列表里点击右键选择从剪贴板[b]“不检查路径”[/b]导入，勾选“抑制再生”，导入后在要删除文件上点击右键，选择立刻重启删除，电脑会重启进入DOS界面进行删除操作。运行xdelbox前最好卸载所有可移动存储介质（包括U盘，MP3，手机存储卡等）。

c:\windows\system32\drivers\000883f8.sys

[b]2.删除重启后使用SREng修复下面各项：[/b]

    启动项目 －－ 服务－－ 驱动程序之如下项删除：
[000883f8 / 000883f8]    <\??\C:\WINDOWS\system32\Drivers\000883f8.sys>

    系统修复－－ HOSTS文件－－重置

[b]3.完成清理[/b]

下载windows清理助手清理恶意软件
[url]http://www.arswp.com/download.html[/url]

下载临时文件清理工具
[url]http://www.dodudou.com/down/download.php?fname=./02.[/url]常用工具/ATF-Cleaner-cn.exe

楼上的每次都一套方法，不是病毒原因，得对症下药，原因是有人连接到你无线路由器上，免费上网，首先，更改其默认密码，并对其无线加密。再设置好策略。

谢谢 shoo  ，操作后，无效。


oyfsystem 上网方式是广域无线网卡上网，设备为华为e220，网络公司为02.  不存在无线路由。

又开始上传了。。。高手指点下啊

C:\WINDOWS\system32\crypserv.exe

这是个什么程序？

看看是哪些进程在上传？

很多进程都在疯狂上传。crypserv见附件