以下是我用HIJACK扫描的结果.
Logfile of HijackThis v1.99.1
Scan saved at 20:08:32, on 2006-12-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
d:\KAV2006\KWatch.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
d:\KAV2006\KPfwSvc.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
d:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\yccnc\LOCALS~1\Temp\Rar$EX00.406\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\xfwgkx.exe
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - e:\Program Files\Thunder\ComDlls\XunLeiBHO_002.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [KavPFW] "D:\KAV2006\KPFW32.EXE"
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用迅雷下载 - e:\Program Files\Thunder\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - e:\Program Files\Thunder\Program\getallurl.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE (file missing)
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {26700CD9-6157-4B72-B46F-EC93C952F19C} (SWToolSet.Engine) - http://221.6.233.12/SWToolset.exe
O16 - DPF: {9627E9EB-3636-42AF-80C2-3CE2E5541930} (FileClient Control) - http://10.35.0.2:7001/FlowEngineWeb/workflow/FileClient.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{890C2B90-4974-4FA8-8363-BF63D83EFCF5}: NameServer = 221.6.4.66
O17 - HKLM\System\CS1\Services\Tcpip\..\{890C2B90-4974-4FA8-8363-BF63D83EFCF5}: NameServer = 221.6.4.66
O17 - HKLM\System\CS2\Services\Tcpip\..\{890C2B90-4974-4FA8-8363-BF63D83EFCF5}: NameServer = 221.6.4.66
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Kingsoft Personal Firewall Service (KPfwSvc) - Kingsoft Corporation - d:\KAV2006\KPfwSvc.EXE
O23 - Service: Kingsoft Antivirus KWatch Service (KWatchSvc) - Kingsoft Corporation - d:\KAV2006\KWatch.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

急,在线等.

Quote:

引用第11楼myicq123于2006-12-14 00:11发表的:
检查发现还是中了SXS.EXE病毒啊,有什么好的清楚方法吗?

如果下次遇到这个问题后。请你使用一下这个查杀sxs的批处理文件。

C:\WINDOWS\system32\savedump.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\xfwgkx.exe
O16 - DPF: {26700CD9-6157-4B72-B46F-EC93C952F19C} (SWToolSet.Engine) - http://221.6.233.12/SWToolset.exe
O16 - DPF: {9627E9EB-3636-42AF-80C2-3CE2E5541930} (FileClient Control) - http://10.35.0.2:7001/FlowEngineWeb/workflow/FileClient.ocx


修复上述文件。

重新启动后删除相应文件