运行System Repair Engineer，使用“系统修复，文件关联，勾选“全选”点“修复”使所有扩展名都恢复正常
运行System Repair Engineer，点“启动项目，服务，勾选“隐藏微软服务”选中病毒服务StdService，Indexing Data选择“删除所选服务”“否”最后重启。（每一个逗号隔开的就是一个病毒的服务，请逐一删除）
关闭所有浏览窗口以及一些不必要的程序
运行System Repair Engineer，使用“启动项目，注册表”来删除以下选项。
（如果在注册表里无法识别那一下，可以选中一项后，点“编辑”这样会有很明细的路径）
[]
<supdate2.dll><; >
运行System Repair Engineer，使用“系统修复，浏览器加载项”来删除以下选项。
[Edit Class]
{0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\system32\CMBEdit.dll, >
[pcastup Class]
{87CCFDB0-C4BE-4BC2-A78C-9EAA7CF96667} <C:\WINDOWS\Downloaded Program Files\vodupdate.dll, >
[HBHelper.HBActivex]
{038318E8-0C2D-4DF5-A7AF-B4FB373F501E} <C:\PROGRA~1\HBClient\hbhelper.dll, N/A>
双击我的电脑--工具---文件夹选项--查看--单击选取"显示隐藏文件或文件夹"清除"隐藏受保护的操作系统文件（推荐）"复选框。在提示您确定更改时，单击“是”
(请按上述步骤操作，不要略过)
然后找到如下文件并删除（如果有的话）
C:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL
C:\WINDOWS\Downloaded Program Files\vodupdate.dll
C:\WINDOWS\system32\CMBEdit.dll
C:\WINDOWS\System32\STDSVER.DLL,

谢谢“不言放弃”和“我无邪”你们详细的解答.我根据你们所说的做了一下但是还有些你们说的不能理解。
1、“通过System Repair Engineer或卡卡助手导出的日志查找IRJIT.DLL创建的系统服务

开始－－控制面板－－管理工具－－服务
禁用其服务”
其服务是哪个服务项目,是否为Indexing Data这个服务项目。
但是我禁用了其启动后扫描服务里还有该项目。
2、“运行System Repair Engineer，使用“系统修复，文件关联，勾选“全选”点“修复”使所有扩展名都恢复正常”
我不能理解为什么要这么做。
3、“运行System Repair Engineer，点“启动项目，服务，勾选“隐藏微软服务”选中病毒服务StdService，Indexing Data选择“删除所选服务”“否”最后重启。（每一个逗号隔开的就是一个病毒的服务，请逐一删除）”
为什么禁用扫描服务里还有该项目,不过我后来还是删除了.

最后清毒效果我观察后再发上来.

自己想想吧，当初我也是这么过来的。

还是没有完全清光病毒,不过以前实时临控会弹出好几个窗品,现在只会弹出5楼那个窗口了,我还怀疑我进程中有个WINLOGON.EXE是不是一个病毒.如果是,怎么清.

请再扫份报告粘上来。

C:\WINDOWS\msagent\AgentSvr.exe
C:\Documents and Settings\zl\My Documents\我喜爱的音乐\HijackThis.exe

R3 - URLSearchHook: (no name) - {BB936323-19FA-4521-BA29-ECA6A121BC78} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: ThunderIEHelper - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v14.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Acrobatchs\ActiveX\AcroIEHelper.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - d:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\CnsHook.dll
O3 - Toolbar: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - d:\PROGRA~1\Kingsoft\FASTAI~1\IEBand.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: BitComet工具栏 - {3F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\Program Files\BitComet\BitCometBar\BitCometBar0.5.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [LHotkey] LHotkey.exe
O4 - HKLM\..\Run: [SysExplr] ; d:\Herosoft\HeroV8\SYSEXPLR.EXE
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 301P
O4 - HKLM\..\Run: [Super Rabbit SRRestore] C:\Program Files\Super Rabbit\MagicSet\srrest.exe /autosave
O4 - HKLM\..\Run: [Super Rabbit SafeEdit] C:\Program Files\Super Rabbit\MagicSet\SRFC.EXE /Load
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\getallurl.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail (file missing)
O9 - Extra button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=taobao (file missing)
O9 - Extra button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - d:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - d:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - d:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O11 - Options group: [!CNS]  上网助手-地址栏搜索
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (AxInputControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {A3CD7F74-93C9-4BC4-B892-CCDF1514F714} (Submit Class) - https://pbank.95559.com.cn/personbank/ocx/safe.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

2006-05-15,15:59:43

System Repair Engineer 2.0.12.350 (2.0 RC 1)
    Windows XP Professional Service Pack 2 - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <load><>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <shell><Explorer.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <Userinit><C:\WINDOWS\system32\userinit.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <AppInit_DLLs><>

==================================
启动文件夹
[AutoCAD 启动加速器]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\AutoCAD 启动加速器.lnk><N>
[Adobe Reader Speed Launch]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Reader Speed Launch.lnk><N>

==================================
服务
[Adobe LM Service / Adobe LM Service]
  <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[Ati HotKey Poller / Ati HotKey Poller]
  <C:\WINDOWS\system32\Ati2evxx.exe><N/A>
[ATI Smart / ATI Smart]
  <C:\WINDOWS\system32\ati2sgag.exe><>
[Autodesk Licensing Service / Autodesk Licensing Service]
  <"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"><Autodesk, Inc.>
[ewido security suite control / ewido security suite control]
  <d:\Program Files\ewido anti-malware\ewidoctrl.exe><ewido networks>
[ewido security suite guard / ewido security suite guard]
  <d:\Program Files\ewido anti-malware\ewidoguard.exe><ewido networks>
[Macromedia Licensing Service / Macromedia Licensing Service]
  <"C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"><N/A>
[NOD32 Kernel Service / NOD32krn]
  <"C:\Program Files\Eset\nod32krn.exe"><Eset >

==================================
浏览器加载项
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <D:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[浩方对战平台]
  {0A155D3C-68E2-4215-A47A-E800A446447A} <F:\Program Files\HFGameOPT\GameClient.exe, 上海浩方在线信息技术有限公司>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[金山快译(&K)]
  {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} <D:\Program Files\Kingsoft\FastAIT 2006\IEBand.dll, 金山软件股份有限公司>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corp.>
[RealPlayer SMIL Download Handler]
  {224E833B-2CC6-42D9-AE39-90B6A38A4FA2} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[Tabular Data Control]
  {333C7BC4-460F-11D0-BC04-0080C7055A83} <C:\WINDOWS\system32\tdc.ocx, Microsoft Corporation>
[HHCtrl Object]
  {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\Hhctrl.ocx, Microsoft Corporation>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <D:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[金山快译(&K)]
  {6C3797D2-3FEF-4CD4-B654-D3AE55B4128C} <D:\Program Files\Kingsoft\FastAIT 2006\IEBand.dll, 金山软件股份有限公司>
[Active Desktop Mover]
  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[MediaComm Class]
  {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <d:\Program Files\Thunder Network\Thunder\MediaAddin03.dll, Thunder Networking Technologies,LTD>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[IE标准栏]
  {954F618B-0DEC-4D1A-9317-E0FC96F87865} <C:\WINDOWS\system32\amstreamxb.dll, >
[RMGetLicense Class]
  {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[TencentVmpCtl Class]
  {D9819BD5-422B-4281-8523-726466ED692B} <C:\Program Files\Tencent\Viewpoint Media Player\AxMetaStream.dll, Viewpoint Corporation>
[IERPCtl Class]
  {FDC7A535-4070-4B92-A0EA-D9994BCC0DC5} <d:\Program Files\Real\RealPlayer\rpplugins\ierpplug.dll, RealNetworks, Inc.>
[&使用迅雷下载]
  <d:\Program Files\Thunder Network\Thunder\geturl.htm, N/A>
[&使用迅雷下载全部链接]
  <d:\Program Files\Thunder Network\Thunder\getallurl.htm, N/A>
[上传到QQ网络硬盘]
  <D:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[导出到 Microsoft Excel(&x)]
  <res://D:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
  <D:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 612][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 684][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 708][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 752][C:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 764][C:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\imon.dll]  <Eset ><2, 51, 26 >
    [C:\Program Files\Eset\pr_imon.dll]  <N/A><N/A>
[PID: 912][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 956][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\imon.dll]  <Eset ><2, 51, 26 >
    [C:\Program Files\Eset\pr_imon.dll]  <N/A><N/A>
[PID: 1052][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\imon.dll]  <Eset ><2, 51, 26 >
    [C:\Program Files\Eset\pr_imon.dll]  <N/A><N/A>
[PID: 1100][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\imon.dll]  <Eset ><2, 51, 26 >
    [C:\Program Files\Eset\pr_imon.dll]  <N/A><N/A>
[PID: 1216][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\imon.dll]  <Eset ><2, 51, 26 >
    [C:\Program Files\Eset\pr_imon.dll]  <N/A><N/A>
[PID: 1436][C:\WINDOWS\system32\spoolsv.exe]  <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
    [C:\WINDOWS\system32\CNMLM4s.DLL]  <CANON INC.><1.63.2.9>
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD4s.DLL]  <CANON INC.><1.63.2.9>
[PID: 1480][C:\WINDOWS\System32\SCardSvr.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1632][C:\WINDOWS\system32\Ati2evxx.exe]  <N/A><N/A>
[PID: 1684][d:\Program Files\ewido anti-malware\ewidoctrl.exe]  <ewido networks><3, 0, 0, 1>
    [d:\Program Files\ewido anti-malware\lang.dll]  <privat><1, 0, 0, 1>
[PID: 1800][C:\Program Files\Eset\nod32krn.exe]  <Eset ><2, 51, 26 >
    [C:\Program Files\Eset\nod32krr.dll]  <Eset ><2, 51, 26 >
    [C:\Program Files\Eset\ps_amon.dll]  <Eset ><2, 51, 26 >
    [C:\Program Files\Eset\pr_amon.dll]  <Eset ><2, 51, 26 >
    [C:\Program Files\Eset\ps_dmon.dll]  <Eset ><2, 51, 26 >
    [C:\Program Files\Eset\pr_dmon.dll]  <N/A><N/A>
    [C:\Program Files\Eset\ps_emon.dll]  <Eset ><2, 51, 26 >
    [C:\Program Files\Eset\pr_emon.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\imon.dll]  <Eset ><2, 51, 26 >
    [C:\Program Files\Eset\pr_imon.dll]  <N/A><N/A>
    [C:\Program Files\Eset\ps_nod32.dll]  <Eset ><2, 51, 26 >
    [C:\Program Files\Eset\pr_nod32.dll]  <Eset ><2, 51, 26 >
    [C:\Program Files\Eset\ps_upd.dll]  <Eset ><2, 51, 26 >
    [C:\Program Files\Eset\pr_upd.dll]  <N/A><N/A>
[PID: 1932][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2020][C:\WINDOWS\system32\wdfmgr.exe]  <Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)>
[PID: 472][C:\WINDOWS\System32\alg.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\imon.dll]  <Eset ><2, 51, 26 >
    [C:\Program Files\Eset\pr_imon.dll]  <N/A><N/A>
[PID: 800][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\AcSignIcon.dll]  <Autodesk><16.1.63.0>
    [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll]  <Autodesk><16.1.63.0>
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  <Adobe Systems, Inc.><7.0.0.0>
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  <Adobe Systems Incorporated><7.0.7.2006011200>
    [d:\Program Files\ewido anti-malware\shellhook.dll]  <N/A><N/A>
    [d:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
    [f:\PROGRA~1\Kingsoft\KnightV\Tools\KVD\kscdrush.dll]  <金山软件股份有限公司><5, 0, 0, 0>
    [C:\Program Files\Eset\nodshex.dll]  <N/A><N/A>
    [d:\Program Files\ewido anti-malware\context.dll]  <ewido networks><1.0.0.1>
    [d:\Program Files\ewido anti-malware\lang.dll]  <privat><1, 0, 0, 1>
    [C:\WINDOWS\system32\imon.dll]  <Eset ><2, 51, 26 >
    [C:\Program Files\Eset\pr_imon.dll]  <N/A><N/A>
[PID: 3732][C:\Program Files\Eset\nod32kui.exe]  <Eset ><2, 51, 26 >
    [C:\Program Files\Eset\nod32rui.dll]  <N/A><N/A>
    [C:\Program Files\Eset\pu_amon.dll]  <Eset ><2, 51, 26 >
    [C:\Program Files\Eset\pr_amon.dll]  <Eset ><2, 51, 26 >
    [C:\Program Files\Eset\pu_dmon.dll]  <Eset ><2, 51, 26 >
    [C:\Program Files\Eset\pr_dmon.dll]  <N/A><N/A>
    [C:\Program Files\Eset\pu_emon.dll]  <Eset ><2, 51, 26 >
    [C:\Program Files\Eset\pr_emon.dll]  <N/A><N/A>
    [C:\Program Files\Eset\pu_imon.dll]  <Eset ><2, 51, 26 >
    [C:\Program Files\Eset\pr_imon.dll]  <N/A><N/A>
    [C:\Program Files\Eset\pu_nod32.dll]  <Eset ><2, 51, 26 >
    [C:\Program Files\Eset\pr_nod32.dll]  <Eset ><2, 51, 26 >
    [C:\Program Files\Eset\pu_upd.dll]  <Eset ><2, 51, 26 >
    [C:\Program Files\Eset\pr_upd.dll]  <N/A><N/A>
[PID: 3316][C:\WINDOWS\system32\ctfmon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2796][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\AcSignIcon.dll]  <Autodesk><16.1.63.0>
    [D:\Program Files\Kingsoft\FastAIT 2006\IEBand.dll]  <金山软件股份有限公司><4, 0, 0, 0>
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  <Adobe Systems Incorporated><7.0.7.2006011200>
    [C:\WINDOWS\system32\imon.dll]  <Eset ><2, 51, 26 >
    [C:\Program Files\Eset\pr_imon.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\JPWB.IME]  <常诚研制><4.00.950>
    [C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx]  <Macromedia, Inc.><8,0,22,0>
[PID: 1548][D:\Program Files\Tencent\QQ\QQ.exe]  <TENCENT><0, 0, 0, 0>
    [D:\Program Files\Tencent\QQ\QQBaseClassInDll.dll]  <><1, 0, 0, 1>
    [D:\Program Files\Tencent\QQ\QQHelperDll.dll]  <><1, 0, 0, 1>
    [D:\Program Files\Tencent\QQ\BasicCtrlDll.dll]  <Tencent><5, 0, 200, 14>
    [D:\Program Files\Tencent\QQ\QQAPI.dll]  <><1, 0, 0, 1>
    [D:\Program Files\Tencent\QQ\TIMProxy.dll]  <tencent><0, 3, 2, 4>
    [D:\Program Files\Tencent\QQ\LoginCtrl.dll]  <><1, 0, 0, 1>
    [D:\Program Files\Tencent\QQ\npkcntc.dll]  <INCA Internet Co., Ltd.><2005, 9, 1, 1>
    [D:\Program Files\Tencent\QQ\npkpdb.dll]  <INCA Internet Co., Ltd.><2003, 10, 1, 1>
    [D:\Program Files\Tencent\QQ\QQRes.dll]  <tencent><1, 0, 0, 1>
    [D:\Program Files\Tencent\QQ\QQMainFrame.dll]  <N/A><N/A>
    [D:\Program Files\Tencent\QQ\CQQApplication.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\imon.dll]  <Eset ><2, 51, 26 >
    [C:\Program Files\Eset\pr_imon.dll]  <N/A><N/A>
    [D:\Program Files\Tencent\QQ\NewSkin.dll]  <><1, 0, 0, 1>
    [D:\Program Files\Tencent\QQ\HostingMgr.dll]  <><1, 0, 0, 1>
    [D:\Program Files\Tencent\QQ\CameraDll.dll]  <><1, 0, 0, 1>
    [D:\Program Files\Tencent\QQ\MailSummary.dll]  <><1, 0, 0, 1>
    [D:\Program Files\Tencent\QQ\QQSpace.dll]  <><1, 0, 0, 1>
    [C:\WINDOWS\system32\msdmo.dll]  <N/A><N/A>
    [D:\Program Files\Tencent\QQ\QQGroupMng.dll]  <><1, 0, 0, 1>
    [D:\Program Files\Tencent\QQ\QQSysMsgMng.dll]  <N/A><N/A>
    [D:\Program Files\Tencent\QQ\UserDefinedHead.dll]  <><1, 0, 0, 1>
    [D:\Program Files\Tencent\QQ\QQPlugin.dll]  <N/A><N/A>
    [D:\Program Files\Tencent\QQ\QQConfigPlugin.dll]  <><1, 0, 0, 1>
    [D:\Program Files\Tencent\QQ\QQAllInOne.dll]  <N/A><N/A>
    [D:\Program Files\Tencent\QQ\SCCore.dll]  <N/A><N/A>
    [D:\Program Files\Tencent\QQ\QQCustomFace.dll]  <N/A><N/A>
    [D:\Program Files\Tencent\QQ\QRingMng.dll]  <N/A><N/A>
    [D:\Program Files\Tencent\QQ\PhoneAPI.dll]  <><1, 0, 0, 1>
    [D:\Program Files\Tencent\QQ\DialerAllinOne.dll]  <tencent><1, 4, 0, 0>
    [D:\Program Files\Tencent\QQ\LongConnection.dll]  <tencent><5, 0, 201, 14>
    [D:\Program Files\Tencent\QQ\QQAvatar.dll]  <N/A><N/A>
    [D:\Program Files\Tencent\QQ\FlashAvatarDll.dll]  <><1, 4, 0, 1>
    [D:\Program Files\Tencent\QQ\QQPet.dll]  <><1, 0, 0, 1>
    [D:\Program Files\Tencent\QQ\BQQApplication.dll]  <N/A><N/A>
    [d:\Program Files\ewido anti-malware\shellhook.dll]  <N/A><N/A>
    [D:\Program Files\Tencent\QQ\CommercesMng.dll]  <><1, 0, 0, 1>
    [D:\Program Files\Tencent\QQ\PersonalDesktop.dll]  <深圳市腾讯计算机系统公司QQ工作小组><1, 0, 0, 2>
    [D:\Program Files\Tencent\QQ\QQAddr.dll]  <深圳市腾讯计算机系统有限公司><5, 0, 101, 140>
    [C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx]  <Macromedia, Inc.><8,0,22,0>
    [D:\Program Files\Tencent\QQ\QQSceneMng.dll]  <N/A><N/A>
    [D:\Program Files\Tencent\QQ\QQPhoneHelper.dll]  <腾讯科技（深圳）有限公司><2, 0, 2, 21>
[PID: 3460][D:\Program Files\Tencent\QQ\TIMPlatform.exe]  <tencent><0, 3, 1, 8>
    [D:\Program Files\Tencent\QQ\TIMProxy.dll]  <tencent><0, 3, 2, 4>
[PID: 1240][d:\Program Files\WinRAR\WinRAR.exe]  <N/A><N/A>
    [C:\WINDOWS\system32\AcSignIcon.dll]  <Autodesk><16.1.63.0>
[PID: 2628][C:\DOCUME~1\1xjun1\LOCALS~1\Temp\Rar$EX00.079\SREng.exe]  <Smallfrogs Studio><2.0.12.350>
    [C:\WINDOWS\system32\imon.dll]  <Eset ><2, 51, 26 >
    [C:\Program Files\Eset\pr_imon.dll]  <N/A><N/A>

==================================

文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
NOD32 protected [MSAFD Tcpip [TCP/IP]]
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [MSAFD Tcpip [UDP/IP]]
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [MSAFD Tcpip [RAW/IP]]
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [RSVP UDP Service Provider]
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [RSVP TCP Service Provider]
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)

==================================

日志看不出问题来。