我家电脑前两天中了这个病毒,各个硬盘分区都生产autorun.inf和setup.exe,在windows\system中有logogo.exe 和inudhya.dll病毒文件,用icesword删除上述文件后恢复正常,可运行迅雷和魔兽(war3)后在icesword中看到这个两个程序调启动了1_.ii  ,接着又运行了logogo.exe  怎么才能解决啊,貌似这个病毒插入了我的正常程序里了

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)

下载 System Repair Engineer系统扫描工具软件，下载地址如下：
http://www.kztechs.com/sreng/download.html
扫描和上传日志的方法：
1、解压缩所下载的sreng2.zip压缩包；
2、打开已经解压缩的SRENG文件夹，双击运行其中的SREng.exe（如果不能运行，请删除已经解压的SRENG文件夹和其包含的所有文件，重新下载新的压缩包或用已下载的压缩包重新解压，解压时请将解压后的文件夹名改为111，解压后，进入111文件夹，不要运行其中的SREng.exe这个可执行文件，先将其直接改名为111.bat、111.scr、111.com或111.pif，或者改为111.exe，然后再双击运行）；
3、依次按“智能扫描”、“扫描”、“保存报告”，将日志保存到硬盘上；
4、找到并打开日志，把日志中的内容用“复制”--“粘贴”命令拷贝到帖子上，不要修改地传上来（日志很长，一个帖子搞不完，请手动将全部内容分多个回复帖子传上来）。
友情提示：
扫描日志前关闭所有手工打开的软件和窗口。
注意在没有进一步提示前，请勿用SRENG工具胡乱修复，否则系统可能变的情况更糟。




发贴时间:2007-9-2 15:30:34

如果上面说的不行```我建议你重装下系统```任何病毒木马都不见```最好自己买个系统``我们这里一般的是5元``10元到15元的算很好了```不知道你们那里多少钱``这样的话```如果中毒和很深就可以自己装系统了```不需要请电脑公司的了```认为我说的好加我QQ493114178``认为我说的不好就算了

[CODE]

2007-09-02,17:53:24

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 1 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows XP Publisher]
    <SoundMan><SOUNDMAN.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <IntelliPoint><"C:\Program Files\Microsoft IntelliPoint\point32.exe">  [Microsoft Corporation]
    <BigDogPath><C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera>  [N/A]
    <RemoteControl><"F:\cyberlink dvd\PowerDVD\PDVDServ.exe">  [Cyberlink Corp.]
    <MSConfig><C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto>  [(Verified)Microsoft Windows XP Publisher]
    <AVP><"F:\New Folder\avp.exe">  [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <twin><C:\WINDOWS\System32\ctfnom.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows XP Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><fycpri.dll>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{D157330A-9EF3-49F8-9A67-4141AC41ADD4}><>  [N/A]
    <{A6011F8F-A7F8-49AA-9ADA-49127D43138F}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.bmt>  [N/A]
    <{3495D328-661A-4FB0-BA67-8ACDD1704D1E}><C:\WINDOWS\System32\jh.dll>  []
    <{754FB7D8-B8FE-4810-B363-A788CD060F1F}><C:\Program Files\Internet Explorer\PLUGINS\System64.Sys>  [N/A]
    <{12311A42-AC1B-158F-FD32-5674345F23A1}><C:\WINDOWS\System32\dhapri.dll>  [N/A]
    <{26368135-64FA-BC34-DA32-DCF4FD431C92}><C:\WINDOWS\System32\qhbpri.dll>  [N/A]
    <{014A26F5-FBAD-4549-9CA1-C38210704BD1}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\System16.ins>  [N/A]
    <{613AF41A-21B1-131B-1BFC-D2A90DF4A2B6}><C:\WINDOWS\System32\xyepri.dll>  [N/A]
    <{713AF41A-21B1-131B-1BFC-D2A90DF4A2B7}><C:\WINDOWS\System32\xyfpri.dll>  [N/A]
    <{40117B96-998D-4D80-8F89-5E9DBD9F3460}><C:\Program Files\Internet Explorer\PLUGINS\SysWin64.Sys>  [N/A]
    <{3562452F-FA36-BA4F-892A-FF5FBBAC5313}><C:\WINDOWS\System32\mycpri.dll>  [N/A]
    <{1182C1EB-375C-573D-1F5E-234552345211}><C:\WINDOWS\System32\wldpri.dll>  [N/A]
    <{22311A42-AC1B-158F-FD32-5674345F23A2}><C:\WINDOWS\System32\dhbpri.dll>  [N/A]
    <{112BC423-3713-224D-3F55-32B35C62B111}><C:\WINDOWS\System32\tllpri.dll>  [N/A]
    <{559AFD5B-159F-ACD8-954C-ACD545FA6585}><C:\WINDOWS\System32\jzepri.dll>  [N/A]
    <{212BC423-3713-224D-3F55-32B35C62B112}><C:\WINDOWS\System32\tlmpri.dll>  [N/A]
    <{52311A42-AC1B-158F-FD32-5674345F23A5}><C:\WINDOWS\System32\dhepri.dll>  [N/A]
    <{2231A43A-1642-641A-64FD-146ADAB223B2}><C:\WINDOWS\System32\mxbman.dll>  [N/A]
    <{352D2432-37A2-324F-2A54-21BF5CF2F1A3}><C:\WINDOWS\System32\jhbpri.dll>  [N/A]
    <{A12BC423-3713-224D-3F55-32B35C62B11A}><C:\WINDOWS\System32\tlupri.dll>  [N/A]
    <{8562452F-FA36-BA4F-892A-FF5FBBAC5318}><C:\WINDOWS\System32\myhpri.dll>  [N/A]
    <{5182C1EB-375C-573D-1F5E-234552345215}><C:\WINDOWS\System32\wlhpri.dll>  [N/A]
    <{46368135-64FA-BC34-DA32-DCF4FD431C94}><C:\WINDOWS\System32\qhdpri.dll>  [N/A]
    <{725AB2F3-234A-7469-2F43-E341713ABFA7}><C:\WINDOWS\System32\wggpri.dll>  [N/A]
    <{33472AF2-174F-AC37-197C-CAC3BCA146C3}><C:\WINDOWS\System32\fycpri.dll>  [N/A]
    <{959AFD5B-159F-ACD8-954C-ACD545FA6589}><C:\WINDOWS\System32\jzipri.dll>  [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
    <WinlogonNotify: klogon><C:\WINDOWS\System32\klogon.dll>  [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\reset5]
    <WinlogonNotify: reset5><reset5.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{306D6C21-C1B6-4629-986C-E59E1875B8AF}]
    <N/A><"C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Install.PerUser>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <cmdbcs><; C:\WINDOWS\cmdbcs.exe>  []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <eMuleAutoStart><; F:\emule\emule.exe -AutoStart>  [http://www.emule-project.net]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <H2O><; C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe>  [Team H2O]
    <KernelFaultCheck><; %systemroot%\system32\dumprep 0 -k>  [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    <Load><; ?矵??矵??矵???苠>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <logogo><; C:\WINDOWS\system\logogo.exe>  [N/A]
    <mhs3><; C:\WINDOWS\mhs3.exe>  [N/A]
    <Microsoft Autorun11><; C:\WINDOWS\System32\nwizwlwzs.exe>  [N/A]
    <Microsoft Autorun5><; C:\WINDOWS\System32\mosou.exe>  [N/A]
    <Microsoft Autorun7><; C:\WINDOWS\System32\nwiztlbu.exe>  [N/A]
    <Microsoft Autorun9><; C:\WINDOWS\System32\Ravasktao.exe>  [N/A]
    <mppds><; C:\WINDOWS\mppds.exe>  [N/A]
    <msccrt><; C:\WINDOWS\msccrt.exe>  [N/A]
    <PCSuiteTrayApplication><; F:\nokia\NOKIAP~1\LAUNCH~1.EXE -startup>  [Nokia]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <PcSync><; F:\nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog>  [Time Information Services Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <PHIME2002A><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows XP Publisher]
    <PHIME2002ASync><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows XP Publisher]
    <RAV008C><; C:\WINDOWS\System32\RAV008C.exe>  [N/A]
    <RAV0094><; C:\WINDOWS\System32\RAV0094.exe>  [N/A]
    <RAV009B><; C:\WINDOWS\System32\RAV009B.exe>  [N/A]
    <RAV00A0><; C:\WINDOWS\System32\RAV00A0.exe>  [N/A]
    <RAV00AE><; C:\WINDOWS\System32\RAV00AE.exe>  [N/A]
    <RAV00CF><; C:\WINDOWS\System32\RAV00CF.exe>  [N/A]
    <RAV0138><; C:\WINDOWS\System32\RAV0138.exe>  [N/A]
    <ravdhmon><; C:\Program Files\NetMeeting\ravdhmon.exe>  [N/A]
    <ravmsmon><; C:\Program Files\NetMeeting\ravmsmon.exe>  [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <ravshell><; C:\WINDOWS\rund1132.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <stup.exe><; C:\PROGRA~1\TENCENT\Adplus\stup.exe>  [N/A]
    <TIMHost><; C:\WINDOWS\TIMHost.exe>  [N/A]
    <WinForm><; C:\WINDOWS\WinForm.exe>  []

==================================
启动文件夹
N/A

==================================
服务
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
  <C:\WINDOWS\System32\Ati2evxx.exe><>
[卡巴斯基互联网安全套装6.0个人版 / AVP][Running/Auto Start]
  <F:\New Folder\avp.exe -r><Kaspersky Lab>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Remote Debug Service / RemoteDbg][Stopped/Auto Start]
  <C:\WINDOWS\System32\rundll32.exe RemoteDbg.dll,input><Microsoft Corporation>
[Reset 5 / Reset 5][Running/Auto Start]
  <C:\WINDOWS\system32\srvany.exe><N/A>
[ServiceLayer / ServiceLayer][Stopped/Manual Start]
  <"C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe"><Nokia.>
[Ulead Burning Helper / UleadBurningHelper][Running/Auto Start]
  <C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe><Ulead Systems, Inc.>

==================================
驱动程序
[ADProt / ADProt][Stopped/System Start]
  <\SystemRoot\system32\drivers\ADProt.sys><N/A>
[Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]
  <system32\drivers\ALCXSENS.SYS><Sensaura Ltd>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[ati2mtag / ati2mtag][Running/Manual Start]
  <System32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Team H2O CLEDX service / CLEDX][Running/Manual Start]
  <System32\DRIVERS\cledx.sys><Team H2O>
[Sony Ericsson USB Flash Driver / ggsemc][Stopped/Manual Start]
  <System32\DRIVERS\ggsemc.sys><Sony Ericsson Mobile Communications>
[GMSIPCI / GMSIPCI][Stopped/Manual Start]
  <\??\G:\INSTALL\GMSIPCI.SYS><N/A>
[HOOKAPI / HOOKAPI][Stopped/Auto Start]
  <\??\C:\PROGRAM FILES\RISING\RAV\HOOKAPI.SYS><N/A>
[kl1 / kl1][Running/Boot Start]
  <\SystemRoot\System32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif][Running/System Start]
  <\??\C:\WINDOWS\System32\drivers\klif.sys><Kaspersky Lab>
[New0 / New0][Running/Auto Start]
  <\??\C:\WINDOWS\System32\new.sys><N/A>
[Nokia USB Generic / Nokia USB Generic][Stopped/Manual Start]
  <system32\drivers\nmwcdc.sys><Nokia>
[Nokia USB Modem / Nokia USB Modem][Stopped/Manual Start]
  <system32\drivers\nmwcdcm.sys><Nokia>
[Nokia USB Phone Parent / Nokia USB Phone Parent][Stopped/Manual Start]
  <system32\drivers\nmwcd.sys><Nokia>
[Nokia USB Port / Nokia USB Port][Stopped/Manual Start]
  <system32\drivers\nmwcdcj.sys><Nokia>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\E:\qq3\npkcrypt.sys><INCA Internet Co., Ltd.>
[Padus ASPI Shell / pfc][Running/Manual Start]
  <system32\drivers\pfc.sys><Padus, Inc.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver / RTL8023][Running/Manual Start]
  <System32\DRIVERS\Rtlnic51.sys><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
  <System32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[TSP / TSP][Stopped/Manual Start]
  <\??\C:\WINDOWS\System32\drivers\klif.sys><Kaspersky Lab>
[Sony Ericsson W300 Driver driver (WDM) / w300bus][Stopped/Manual Start]
  <System32\DRIVERS\w300bus.sys><MCCI>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <System32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[VIMICRO USB PC Camera / ZSMC302][Running/Manual Start]
  <System32\Drivers\usbVM31b.sys><VM>

==================================
浏览器加载项
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx, >
[DragSearch BHO]
  {62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, N/A>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <F:\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[IeCatch2 Class]
  {A5366673-E8CA-11D3-9CD9-0090271D075B} <C:\PROGRA~1\FLASHGET\jccatch.dll, Amaze Soft>
[启动迅雷]
  {0062C9BD-B349-40DE-91A0-755F37ACD559} <F:\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[浩方对战平台]
  {0A155D3C-68E2-4215-A47A-E800A446447A} <C:\Program Files\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司>
[Web反病毒统计]
  {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <F:\New Folder\scieplugin.dll, Kaspersky Lab>
[豪杰超级解霸V8]
  {367E0A21-8601-4986-9C9A-153BF5ACA118} <C:\Herosoft\HeroV8\STHSDVD.EXE, N/A>
[Yahoo 3.5G电邮]
  {507F9113-CD77-4866-BA92-0E86DA3D0B97} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail, N/A>
[名品折扣]
  {59BC54A2-56B3-44a0-93E5-432D58746E26} <http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=http://www.taobao.com/vertical/mall/pro.php?allyesPara=816, N/A>
[雅虎助手]
  {5D73EE86-05F1-49ed-B850-E423120EC338} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist, N/A>
[雅虎WIDGET]
  {6354ABE6-05F1-49ed-B850-E423120EC338} <http://cn.widget.yahoo.com/index.htm?source=Cns, N/A>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <E:\qq3\QQ.EXE, TENCENT>
[FlashGet]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\flashget.exe, Amaze Soft>
[情景聊天]
  {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg, N/A>
[]
  {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair, N/A>
[]
  {FD00D911-7529-4084-9946-A29F1BDF4FE5} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean, N/A>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[WebActivater Control]
  {3D8F74EE-8692-4F8F-B8D2-7522E732519E} <C:\WINDOWS\System32\WEBACT~1.OCX, QQ>
[Tencent Safety Online Base Module]
  {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <C:\WINDOWS\System32\TSOBase\TSOBase.ocx, Tencent Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>
[&使用迅雷下载]
  <F:\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
  <F:\Thunder\Program\GetAllUrl.htm, N/A>
[上传到QQ网络硬盘]
  <E:\qq3\AddToNetDisk.htm, N/A>
[使用网际快车下载]
  <C:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <C:\Program Files\FlashGet\jc_all.htm, N/A>
[添加到QQ自定义面板]
  <E:\qq3\AddPanel.htm, N/A>
[添加到QQ表情]
  <E:\qq3\AddEmotion.htm, N/A>
[添加到反广告黑名单]
  <F:\New Folder\ie_banner_deny.htm, N/A>
[添加到雅虎订阅(&Y)]
  <, N/A>
[用QQ彩信发送该图片]
  <E:\qq3\SendMMS.htm, N/A>
[百度Flash搜索]
  <res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/FLASHSEARCH.HTM, N/A>
[百度mp3搜索]
  <res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUMP3.HTM, N/A>
[百度信息快递搜索]
  <res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUIE.HTM, N/A>
[百度图片搜索]
  <res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUIMG.HTM, N/A>
[百度搜索]
  <res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUSEARCH.HTM, N/A>
[百度新闻搜索]
  <res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUNEWS.HTM, N/A>
[豪杰超级解霸V8实时播放]
  <C:\Herosoft\HeroV8\MPURLGET.HTM, N/A>

==================================
正在运行的进程
[PID: 496 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 564 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 588 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\klogon.dll]  [Kaspersky Lab, 6.0.2.621]
    [C:\WINDOWS\system32\reset5.dll]  [N/A, ]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 632 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 644 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 812 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 836 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [F:\New Folder\adialhk.dll]  [Kaspersky Lab, 6.0.2.621]
[PID: 908 / NETWORK SERVICE][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 920 / LOCAL SERVICE][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1092 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\system32\EBPMON2.DLL]  [SEIKO EPSON CORPORATION, 2, 30, 0, 0]
[PID: 1224 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [F:\New Folder\adialhk.dll]  [Kaspersky Lab, 6.0.2.621]
[PID: 1240 / SYSTEM][C:\WINDOWS\System32\Ati2evxx.exe]  [, ]
[PID: 1420 / SYSTEM][C:\WINDOWS\system32\srvany.exe]  [N/A, ]
    [C:\WINDOWS\System32\RemoteDbg.dll]  [N/A, ]
[PID: 1448 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\RemoteDbg.dll]  [N/A, ]
[PID: 1468 / SYSTEM][C:\WINDOWS\system32\resetservice.exe]  [N/A, ]
    [C:\WINDOWS\system32\MSVBVM60.DLL]  [Microsoft Corporation, 6.00.9237]
    [C:\WINDOWS\System32\RemoteDbg.dll]  [N/A, ]
[PID: 1476 / SYSTEM][C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe]  [Ulead Systems, Inc., 1, 0, 0, 4]
    [C:\WINDOWS\System32\RemoteDbg.dll]  [N/A, ]
[PID: 1648 / LOCAL SERVICE][C:\WINDOWS\System32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: DNSRV(bld4act)]
[PID: 1800 / wzh][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\RemoteDbg.dll]  [N/A, ]
    [F:\New Folder\scrchpg.dll]  [Kaspersky Lab, 6.0.2.621]
    [C:\WINDOWS\System32\jh.dll]  [N/A, ]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system\inudhya.dll]  [N/A, ]
    [C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx]  [, 1, 0, 0, 1]
    [F:\Thunder\ComDlls\XunLeiBHO_002.dll]  [Thunder Networking Technologies,LTD, 5, 0, 0, 2]
    [C:\PROGRA~1\FLASHGET\jccatch.dll]  [Amaze Soft, 1, 1, 4, 0]
    [F:\New Folder\adialhk.dll]  [Kaspersky Lab, 6.0.2.621]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Herosoft\HeroV8\VCvtShell.dll]  [herosoft, 1, 0, 0, 1]
    [C:\Program Files\ACDSee\picaview.dll]  [ACD Systems, Ltd., 2, 0, 0, 78]
    [C:\Program Files\ACDSee\PlugIns\IDE_ACDStd.apl]  [ACD Systems, Ltd., 1, 3, 4, 22]
    [F:\New Folder\ShellEx.dll]  [Kaspersky Lab, 6.0.2.621]
[PID: 2024 / wzh][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5.1.0.24]
    [C:\WINDOWS\System32\RemoteDbg.dll]  [N/A, ]
    [C:\WINDOWS\system\inudhya.dll]  [N/A, ]
    [C:\WINDOWS\System32\jh.dll]  [N/A, ]
    [C:\Herosoft\HeroV8\VCvtShell.dll]  [herosoft, 1, 0, 0, 1]
[PID: 2036 / wzh][C:\Program Files\Microsoft IntelliPoint\point32.exe]  [Microsoft Corporation, 5.00.174.0]
    [C:\Program Files\Microsoft IntelliPoint\point32.dll]  [Microsoft Corporation, 5.00.174.0]
    [C:\Program Files\Microsoft IntelliPoint\dpgcmd.dll]  [Microsoft Corporation, 5.00.174.0]
    [C:\WINDOWS\System32\RemoteDbg.dll]  [N/A, ]
    [C:\Program Files\Microsoft IntelliPoint\ipres.dll]  [Microsoft Corporation, 5.00.154.0]
    [C:\Program Files\Microsoft IntelliPoint\srres.dll]  [Microsoft Corporation, 5.00.154.0]
    [C:\WINDOWS\System32\jh.dll]  [N/A, ]
    [C:\WINDOWS\system\inudhya.dll]  [N/A, ]
    [C:\Herosoft\HeroV8\VCvtShell.dll]  [herosoft, 1, 0, 0, 1]
[PID: 2044 / wzh][C:\WINDOWS\VM_STI.EXE]  [BIGDOG, 4, 2, 610, 4]
    [C:\WINDOWS\System32\RemoteDbg.dll]  [N/A, ]
    [C:\WINDOWS\System32\msdmo.dll]  [, ]
    [C:\WINDOWS\System32\VM31bPrp.Ax]  [Vimicro, 1.00.01.00]
    [C:\WINDOWS\System32\jh.dll]  [N/A, ]
    [C:\WINDOWS\system\inudhya.dll]  [N/A, ]
    [C:\Herosoft\HeroV8\VCvtShell.dll]  [herosoft, 1, 0, 0, 1]
[PID: 192 / wzh][F:\cyberlink dvd\PowerDVD\PDVDServ.exe]  [Cyberlink Corp., 5.00.0000]
    [C:\WINDOWS\System32\RemoteDbg.dll]  [N/A, ]
    [C:\Program Files\CyberLink\Shared Files\CLRCEngine2.dll]  [CyberLink Corp., 3.20.0000]
    [C:\WINDOWS\system\inudhya.dll]  [N/A, ]
    [C:\WINDOWS\System32\jh.dll]  [N/A, ]
    [C:\Herosoft\HeroV8\VCvtShell.dll]  [herosoft, 1, 0, 0, 1]
[PID: 396 / wzh][C:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\RemoteDbg.dll]  [N/A, ]
    [C:\WINDOWS\system\inudhya.dll]  [N/A, ]
    [C:\WINDOWS\System32\jh.dll]  [N/A, ]
    [C:\Herosoft\HeroV8\VCvtShell.dll]  [herosoft, 1, 0, 0, 1]
[PID: 3296 / wzh][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]