昨天中午别人用我的电脑，不会用ssm，让病毒进来了。到晚上我开的时候除系统盘外其它分区的文件已经全部没掉，只剩下一堆空的文件夹。开始菜单里面的运行、关机等选项都没了。工具——文件夹选项也没了。后缀名被隐藏，系统文件和隐藏文件不显示。下面是昨天的ssm记录



Application activity    创建进程    2007/1/16 下午 07:11:20    C:\WINDOWS\system32\winlogon.exe    C:\WINDOWS\system32\taskmgr.exe               
Notification    效验和不匹配    2007/1/16 下午 07:11:10    C:\WINDOWS\system32\taskmgr.exe                   
Application activity    创建进程    2007/1/16 下午 07:10:26    C:\WINDOWS\explorer.exe    C:\ha_hijackthis_1991\HijackThis.exe               
Application activity    创建进程    2007/1/16 下午 07:10:13    C:\WINDOWS\explorer.exe    C:\Program Files\WinRAR\WinRAR.exe               
Module alert (开始菜单)    移除    2007/1/16 下午 07:04:50                       
Module alert (开始菜单)    移除    2007/1/16 下午 07:04:46                       
Application activity    创建进程    2007/1/16 下午 07:04:00    C:\WINDOWS\explorer.exe    C:\WINDOWS\system32\notepad.exe               
Application activity    创建进程    2007/1/16 下午 07:02:23    C:\WINDOWS\explorer.exe    C:\sreng2_PConline\SREng.EXE               
Application activity    创建进程    2007/1/16 下午 07:02:05    C:\WINDOWS\explorer.exe    C:\Program Files\WinRAR\WinRAR.exe               
Application activity    创建进程    2007/1/16 下午 07:01:27    C:\Program Files\Internet Explorer\IEXPLORE.EXE    C:\WINDOWS\system32\rundll32.exe               
Application activity    创建进程    2007/1/16 下午 07:01:26    C:\Program Files\FlashGet\flashget.exe    C:\Program Files\Internet Explorer\IEXPLORE.EXE               
Application activity    创建进程    2007/1/16 下午 07:00:23    C:\Program Files\FlashGet\flashget.exe    C:\WINDOWS\system32\rundll32.exe               
Application activity    创建进程    2007/1/16 下午 07:00:22    C:\Program Files\Thunder Network\Thunder\Thunder.exe    C:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe               
Application activity    创建进程    2007/1/16 下午 07:00:22    C:\Program Files\Internet Explorer\IEXPLORE.EXE    C:\Program Files\FlashGet\flashget.exe               
Application activity    创建进程    2007/1/16 下午 07:00:21    C:\Program Files\Internet Explorer\IEXPLORE.EXE    C:\Program Files\Thunder Network\Thunder\Thunder.exe               
Application activity    创建进程    2007/1/16 下午 06:58:45    C:\Program Files\Internet Explorer\IEXPLORE.EXE    C:\WINDOWS\system32\rundll32.exe               
Application activity    创建进程    2007/1/16 下午 06:58:45    C:\WINDOWS\explorer.exe    C:\Program Files\Internet Explorer\IEXPLORE.EXE               
Application activity    创建进程    2007/1/16 下午 06:58:00    C:\WINDOWS\explorer.exe    C:\WINDOWS\system32\rundll32.exe               
Application activity    创建进程    2007/1/16 下午 06:57:42    C:\Program Files\Internet Explorer\IEXPLORE.EXE    C:\WINDOWS\system32\rundll32.exe               
Application activity    创建进程    2007/1/16 下午 06:57:42    C:\WINDOWS\explorer.exe    C:\Program Files\Internet Explorer\IEXPLORE.EXE               
Application activity    创建进程    2007/1/16 下午 06:57:34    C:\WINDOWS\explorer.exe    C:\WINDOWS\system32\rundll32.exe               
Application activity    创建进程    2007/1/16 下午 06:56:28    C:\WINDOWS\explorer.exe    C:\WINDOWS\system32\rundll32.exe               
Application activity    创建进程    2007/1/16 下午 06:56:20    C:\WINDOWS\explorer.exe    C:\Program Files\Windows Media Player\wmplayer.exe               
Application activity    创建进程    2007/1/16 下午 06:55:51    C:\WINDOWS\explorer.exe    C:\WINDOWS\system32\rundll32.exe               
Application activity    创建进程    2007/1/16 下午 06:54:39    C:\WINDOWS\explorer.exe    C:\WINDOWS\system32\rundll32.exe               
Application activity    创建进程    2007/1/16 下午 06:54:31    C:\WINDOWS\system32\services.exe    C:\WINDOWS\system32\svchost.exe               
Application activity    创建进程    2007/1/16 下午 06:54:30    C:\WINDOWS\system32\services.exe    C:\Program Files\Eset\nod32krn.exe               
Application activity    创建进程    2007/1/16 下午 06:54:29    C:\WINDOWS\system32\services.exe    C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe               
Application activity    创建进程    2007/1/16 下午 06:54:29    C:\WINDOWS\system32\services.exe    C:\WINDOWS\system32\ati2sgag.exe               
Application activity    创建进程    2007/1/16 下午 06:54:29    C:\WINDOWS\system32\services.exe    C:\WINDOWS\system32\alg.exe               
Application activity    创建进程    2007/1/16 下午 06:54:29    C:\WINDOWS\explorer.exe    C:\WINDOWS\system32\notepad.exe               
Application activity    创建进程    2007/1/16 下午 06:54:24    C:\WINDOWS\explorer.exe    C:\Documents and Settings\All Users\「开始」菜单\程序\启动\svchost.com               
Application activity    创建进程    2007/1/16 下午 06:54:24    C:\WINDOWS\explorer.exe    C:\Documents and Settings\All Users\「开始」菜单\程序\启动\iexplore.pif               
Application activity    创建进程    2007/1/16 下午 06:54:23    C:\WINDOWS\explorer.exe    C:\Program Files\Microsoft Office\Office10\OSA.EXE               
Application activity    创建进程    2007/1/16 下午 06:54:23    C:\WINDOWS\explorer.exe    C:\WINDOWS\system32\ctfmon.exe               
Application activity    创建进程    2007/1/16 下午 06:54:23    C:\WINDOWS\explorer.exe    C:\Documents and Settings\All Users\Application Data\Microsoft\win1ogon.exe               
Application activity    创建进程    2007/1/16 下午 06:54:15    C:\WINDOWS\explorer.exe    C:\Program Files\Eset\nod32kui.exe               
Application activity    关闭系统    2007/1/16 下午 12:52:46    C:\WINDOWS\system32\winlogon.exe                   
Application activity    创建进程    2007/1/16 下午 12:52:46    C:\WINDOWS\system32\winlogon.exe    C:\WINDOWS\system32\logonui.exe               
Application activity    关闭系统    2007/1/16 下午 12:52:46    C:\WINDOWS\system32\logoff.exe                   
Application activity    创建进程    2007/1/16 下午 12:52:45    C:\WINDOWS\system32\logoff.exe    C:\WINDOWS\system32\conime.exe               
Application activity    创建进程    2007/1/16 下午 12:52:44    C:\Documents and Settings\All Users\「开始」菜单\程序\启动\iexplore.pif    C:\WINDOWS\system32\logoff.exe               
Application activity    创建进程    2007/1/16 下午 12:46:16    c:\dzh\internet\hypmain.exe    C:\WINDOWS\system32\regsvr32.exe               
Application activity    创建进程    2007/1/16 下午 12:46:15    C:\dzh\internet\hypwise.exe    c:\dzh\internet\hypmain.exe               
Application activity    创建进程    2007/1/16 下午 12:46:15    C:\WINDOWS\explorer.exe    C:\dzh\internet\hypwise.exe               
Application activity    关闭系统    2007/1/16 下午 12:45:58    C:\WINDOWS\system32\winlogon.exe                   
Application activity    创建进程    2007/1/16 下午 12:45:58    C:\WINDOWS\system32\winlogon.exe    C:\WINDOWS\system32\logonui.exe               
Application activity    关闭系统    2007/1/16 下午 12:45:58    C:\WINDOWS\system32\logoff.exe                   
Application activity    创建进程    2007/1/16 下午 12:45:57    C:\WINDOWS\system32\logoff.exe    C:\WINDOWS\system32\conime.exe               
Application activity    创建进程    2007/1/16 下午 12:45:57    C:\Documents and Settings\All Users\「开始」菜单\程序\启动\svchost.com    C:\WINDOWS\system32\logoff.exe               
Application activity    创建进程    2007/1/16 下午 12:45:47    C:\WINDOWS\explorer.exe    C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe               
Application activity    创建进程    2007/1/16 下午 12:45:22    C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe    C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe               
Application activity    创建进程    2007/1/16 下午 12:45:17    C:\WINDOWS\explorer.exe    C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe               
Application activity    创建进程    2007/1/16 下午 12:44:46    C:\WINDOWS\explorer.exe    C:\Program Files\Windows Media Player\wmplayer.exe               
Application activity    关闭系统    2007/1/16 下午 12:44:26    C:\WINDOWS\system32\logoff.exe                   
Application activity    创建进程    2007/1/16 下午 12:44:25    C:\WINDOWS\system32\logoff.exe    C:\WINDOWS\system32\conime.exe               
Application activity    关闭系统    2007/1/16 下午 12:44:25    C:\WINDOWS\system32\winlogon.exe                   
Application activity    创建进程    2007/1/16 下午 12:44:25    C:\WINDOWS\system32\winlogon.exe    C:\WINDOWS\system32\logonui.exe               
Application activity    关闭系统    2007/1/16 下午 12:44:25    C:\WINDOWS\system32\logoff.exe                   
Application activity    创建进程    2007/1/16 下午 12:44:24    C:\WINDOWS\system32\logoff.exe    C:\WINDOWS\system32\conime.exe               
Application activity    创建进程    2007/1/16 下午 12:44:24    C:\Documents and Settings\All Users\「开始」菜单\程序\启动\svchost.com    C:\WINDOWS\system32\logoff.exe               
Application activity    创建进程    2007/1/16 下午 12:44:23    C:\Documents and Settings\All Users\Application Data\Microsoft\win1ogon.exe    C:\WINDOWS\system32\logoff.exe               
Application activity    创建进程    2007/1/16 下午 12:44:22    C:\Documents and Settings\All Users\「开始」菜单\程序\启动\iexplore.pif    C:\WINDOWS\system32\logoff.exe               
Application activity    创建进程    2007/1/16 下午 12:44:03    C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe    C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe               
Application activity    创建进程    2007/1/16 下午 12:43:56    C:\WINDOWS\explorer.exe    C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe               
Application activity    创建进程    2007/1/16 下午 12:42:24    C:\WINDOWS\explorer.exe    C:\Program Files\Windows Media Player\wmplayer.exe               
Application activity    创建进程    2007/1/16 下午 12:42:04    C:\WINDOWS\system32\logoff.exe    C:\WINDOWS\system32\conime.exe               
Application activity    关闭系统    2007/1/16 下午 12:42:04    C:\WINDOWS\system32\winlogon.exe                   
Application activity    创建进程    2007/1/16 下午 12:42:04    C:\WINDOWS\system32\winlogon.exe    C:\WINDOWS\system32\logonui.exe               
Application activity    关闭系统    2007/1/16 下午 12:42:04    C:\WINDOWS\system32\logoff.exe                   
Application activity    创建进程    2007/1/16 下午 12:42:03    C:\Documents and Settings\All Users\「开始」菜单\程序\启动\iexplore.pif    C:\WINDOWS\system32\logoff.exe               
Application activity    创建进程    2007/1/16 下午 12:41:19    F:\Program Files\Chinagames\iGame\iGame.exe    F:\Program Files\Chinagames\iGame\IDownLoad.exe               
Application activity    创建进程    2007/1/16 下午 12:40:14    F:\Program Files\Chinagames\iGame\IDownLoad.exe    F:\Program Files\Chinagames\iGame\Upgrade.exe               
Application activity    创建进程    2007/1/16 下午 12:40:09    F:\Program Files\Chinagames\iGame\iGame.exe    F:\Program Files\Chinagames\iGame\bbRing.exe               
Application activity    创建进程    2007/1/16 下午 12:40:08    F:\Program Files\Chinagames\iGame\iGame.exe    F:\Program Files\Chinagames\iGame\IDownLoad.exe               
Application activity    创建进程    2007/1/16 下午 12:40:00    C:\WINDOWS\explorer.exe    F:\Program Files\Chinagames\iGame\iGame.exe               
Application activity    创建进程    2007/1/16 下午 12:39:17    C:\WINDOWS\explorer.exe    C:\Program Files\Windows Media Player\wmplayer.exe               
Module alert (开始菜单)    添加    2007/1/16 下午 12:39:10                        
Application activity    创建进程    2007/1/16 下午 12:39:09    C:\WINDOWS\explorer.exe    C:\Documents and Settings\All Users\「开始」菜单\程序\启动\iexplore.pif               
Application activity    创建进程    2007/1/16 下午 12:39:07    C:\WINDOWS\explorer.exe    C:\Program Files\Microsoft Office\Office10\OSA.EXE               
Application activity    创建进程    2007/1/16 下午 12:39:07    C:\WINDOWS\explorer.exe    C:\WINDOWS\system32\ctfmon.exe               
Application activity    创建进程    2007/1/16 下午 12:39:07    C:\WINDOWS\explorer.exe    C:\Program Files\Eset\nod32kui.exe               

再下面是日志（已经被我清过一下）
[CODE]

2007-01-16,20:06:11

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 1 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <Vagaa><; "C:\Vagaa\Vagaa.exe" -tray>  [Vagaa Development Team]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <PHIME2002ASync><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <nod32kui><"C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE>  [(Verified)Eset ]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\System32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><LogonUI.EXE>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\System Safety Monitor]
    <WinlogonNotify: System Safety Monitor><SSMWinlogonEx.dll>  [(Verified)System Safety Limited]

==================================
启动文件夹
[Microsoft Office]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk --> C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [Microsoft Corporation]><N>
[NkbMonitor.exe]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\NkbMonitor.exe.lnk --> C:\PROGRA~1\Nikon\PICTUR~1\NKBMON~1.EXE [Nikon Corporation]><H>

==================================
服务
[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
  <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
  <C:\WINDOWS\System32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart][Stopped/Auto Start]
  <C:\WINDOWS\system32\ati2sgag.exe><>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NkPtpEnumP2 / NkPtpEnumP2][Running/Auto Start]
  <"C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe" -a -d="C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpip.dll"><Nikon Corporation>
[NOD32 Kernel Service / NOD32krn][Running/Auto Start]
  <"C:\Program Files\Eset\nod32krn.exe"><Eset>
[StyleXPService / StyleXPService][Stopped/Disabled]
  <"C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe"><N/A>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\System32\mspmsnsv.dll><Microsoft Corporation>

==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]
  <system32\drivers\ALCXSENS.SYS><Sensaura Ltd>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AMON / AMON][Running/Auto Start]
  <\SystemRoot\system32\drivers\amon.sys><Eset>
[ati2mtaa / ati2mtaa][Stopped/Manual Start]
  <System32\DRIVERS\ati2mtaa.sys><ATI Technologies Inc.>
[ati2mtag / ati2mtag][Running/Manual Start]
  <System32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[nod32drv / nod32drv][Running/System Start]
  <\SystemRoot\system32\drivers\nod32drv.sys><N/A>
[npkcrypt / npkcrypt][Stopped/Auto Start]
  <\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><N/A>
[StarForce Protection Environment Driver v6 / prodrv06][Running/System Start]
  <\SystemRoot\System32\drivers\prodrv06.sys><Protection Technology>
[StarForce Protection Helper Driver v2 / prohlp02][Running/Boot Start]
  <\SystemRoot\System32\drivers\prohlp02.sys><Protection Technology>
[StarForce Protection Synchronization Driver v1 / prosync1][Running/Boot Start]
  <\SystemRoot\System32\drivers\prosync1.sys><Protection Technology>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8029(AS)-based PCI Ethernet Adapter NT Driver / rtl8029][Stopped/Manual Start]
  <System32\DRIVERS\RTL8029.SYS><Realtek Semiconductor Corporation>
[Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver / rtl8139][Running/Manual Start]
  <System32\DRIVERS\R8139n51.SYS><Realtek Semiconductor Corporation>
[System Safety Monitor 2.0 Core Engine / safemon][Running/Boot Start]
  <\SystemRoot\system32\drivers\safemon.sys><System Safety Limited>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[StarForce Protection Environment Driver (version 1.x) / sfdrv01][Running/Boot Start]
  <\SystemRoot\System32\drivers\sfdrv01.sys><Protection Technology>
[StarForce Protection Helper Driver / sfhlp01][Running/Boot Start]
  <\SystemRoot\System32\drivers\sfhlp01.sys><Protection Technology>
[StarForce Protection Helper Driver (version 2.x) / sfhlp02][Running/Boot Start]
  <\SystemRoot\System32\drivers\sfhlp02.sys><Protection Technology>
[StarForce Protection Synchronization Driver (version 2.x) / sfsync02][Running/Boot Start]
  <\SystemRoot\System32\drivers\sfsync02.sys><Protection Technology>
[sptd / sptd][Running/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[Virtual Bus / VBus][Running/Manual Start]
  <System32\DRIVERS\NkVBus.sys><Nikon Corporation>
[VIA AC'97 Audio Controller (WDM) / VIAudio][Stopped/Manual Start]
  <system32\drivers\ac97via.sys><VIA Technologies, Inc.>
[xinstall / xinstall][Stopped/Auto Start]
  <\??\C:\WINDOWS\System32\drivers\xinstall.sys><N/A>

==================================
浏览器加载项
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\System32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, N/A>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[浩方对战平台]
  {0A155D3C-68E2-4215-A47A-E800A446447A} <D:\浩方\GameClient.exe, N/A>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, N/A>
[快车]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\flashget.exe, FlashGet.com>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, N/A>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[快车(FlashGet)]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\Program Files\FlashGet\fgiebar.dll, Amaze Soft>
[Yahoo! 相册轻松上载工具 Class]
  {0150EB11-5FB4-4D9E-85EA-0F155705227E} <C:\WINDOWS\Downloaded Program Files\YDropperCN.dll, Yahoo! Inc.>
[163Uploader Control]
  {8686F2A6-DC01-4E8F-BDE3-DCC7DBBAD6AE} <C:\WINDOWS\System32\163UPL~1.OCX, 广州网易互动娱乐有限公司>
[photo_uploader Control]
  {A984ED9F-E8DA-44E5-BC18-C14B9ABEF79D} <C:\WINDOWS\DOWNLO~1\PHOTO_~1.OCX, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[Rising Web Scan Object]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\DOWNLO~1\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[&使用快车(FlashGet)下载]
  <C:\Program Files\FlashGet\jc_link.htm, N/A>
[&使用快车(FlashGet)下载全部链接]
  <C:\Program Files\FlashGet\jc_all.htm, N/A>
[&使用迅雷下载]
  <C:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[&使用迅雷下载全部链接]
  <C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>
[上传到QQ网络硬盘]
  <C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[导出到 Microsoft Excel(&x)]
  <res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
  <C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 492][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 556][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 580][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.1557 (xpsp2_gdr.040517-1325)]
    [C:\WINDOWS\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4107]
    [C:\WINDOWS\system32\SSMWinlogonEx.dll]  [System Safety Limited, 2.3.0.608]
[PID: 624][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 636][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\imon.dll]  [Eset , 2, 70, 16 ]
    [C:\Program Files\Eset\pr_imon.dll]  [Eset , 2, 70, 16 ]
[PID: 792][C:\WINDOWS\System32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4107]
    [C:\WINDOWS\System32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2495]
[PID: 824][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\imon.dll]  [Eset , 2, 70, 16 ]
    [C:\Program Files\Eset\pr_imon.dll]  [Eset , 2, 70, 16 ]
[PID: 884][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [c:\windows\system32\uxtuneup.dll]  [TuneUp Software GmbH, 1.0.0.2]
    [C:\WINDOWS\System32\imon.dll]  [Eset , 2, 70, 16 ]
    [C:\Program Files\Eset\pr_imon.dll]  [Eset , 2, 70, 16 ]
[PID: 1056][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\imon.dll]  [Eset , 2, 70, 16 ]
    [C:\Program Files\Eset\pr_imon.dll]  [Eset , 2, 70, 16 ]
[PID: 1112][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\imon.dll]  [Eset , 2, 70, 16 ]
    [C:\Program Files\Eset\pr_imon.dll]  [Eset , 2, 70, 16 ]
[PID: 1248][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.1699 (xpsp2.050610-1533)]
[PID: 1540][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4107]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2495]
[PID: 1588][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\xunleibho_v14.dll]  [Thunder Networking Technologies,LTD, 4, 6, 0, 62]
[PID: 1652][C:\Program Files\Eset\nod32kui.exe]  [Eset , 2, 70, 16 ]
    [C:\Program Files\Eset\nod32rui.dll]  [N/A, N/A]
    [C:\Program Files\Eset\pu_amon.dll]  [Eset , 2, 70, 16 ]
    [C:\Program Files\Eset\pr_amon.dll]  [Eset , 2, 70, 16 ]
    [C:\Program Files\Eset\pu_dmon.dll]  [Eset , 2, 70, 16 ]
    [C:\Program Files\Eset\pr_dmon.dll]  [Eset , 2, 70, 16 ]
    [C:\Program Files\Eset\pu_emon.dll]  [Eset , 2, 70, 16 ]
    [C:\Program Files\Eset\pr_emon.dll]  [Eset , 2, 70, 16 ]
    [C:\Program Files\Eset\pu_imon.dll]  [Eset , 2, 70, 16 ]
    [C:\Program Files\Eset\pr_imon.dll]  [Eset , 2, 70, 16 ]
    [C:\Program Files\Eset\pu_nod32.dll]  [Eset , 2, 70, 16 ]
    [C:\Program Files\Eset\pr_nod32.dll]  [Eset , 2, 70, 16 ]
    [C:\Program Files\Eset\pu_upd.dll]  [Eset , 2, 70, 16 ]
    [C:\Program Files\Eset\pr_upd.dll]  [Eset , 2, 70, 16 ]
[PID: 1664][C:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 1884][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\imon.dll]  [Eset , 2, 70, 16 ]
    [C:\Program Files\Eset\pr_imon.dll]  [Eset , 2, 70, 16 ]
[PID: 1996][C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpEnum.exe]  [Nikon Corporation, 1.0.0.3210]
    [C:\Program Files\Nikon\Wireless Camera Setup Utility\NkPtpip.dll]  [Nikon Corporation, 1.0.0.3229]
    [C:\WINDOWS\System32\imon.dll]  [Eset , 2, 70, 16 ]
    [C:\Program Files\Eset\pr_imon.dll]  [Eset , 2, 70, 16 ]
[PID: 2044][C:\Program Files\Eset\nod32krn.exe]  [Eset , 2, 70, 16 ]
    [C:\Program Files\Eset\nod32krr.dll]  [Eset , 2, 70, 16 ]
    [C:\Program Files\Eset\ps_amon.dll]  [Eset , 2, 70, 16 ]
    [C:\Program Files\Eset\pr_amon.dll]  [Eset , 2, 70, 16 ]
    [C:\Program Files\Eset\ps_dmon.dll]  [Eset , 2, 70, 16 ]
    [C:\Program Files\Eset\pr_dmon.dll]  [Eset , 2, 70, 16 ]
    [C:\Program Files\Eset\ps_emon.dll]  [Eset , 2, 70, 16 ]
    [C:\Program Files\Eset\pr_emon.dll]  [Eset , 2, 70, 16 ]
    [C:\WINDOWS\System32\imon.dll]  [Eset , 2, 70, 16 ]
    [C:\Program Files\Eset\pr_imon.dll]  [Eset , 2, 70, 16 ]
    [C:\Program Files\Eset\ps_nod32.dll]  [Eset , 2, 70, 16 ]
    [C:\Program Files\Eset\pr_nod32.dll]  [Eset , 2, 70, 16 ]
    [C:\Program Files\Eset\ps_upd.dll]  [Eset , 2, 70, 16 ]
    [C:\Program Files\Eset\pr_upd.dll]  [Eset , 2, 70, 16 ]
[PID: 404][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 996][C:\sreng2_PConline\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]
    [C:\WINDOWS\System32\imon.dll]  [Eset , 2, 70, 16 ]
    [C:\Program Files\Eset\pr_imon.dll]  [Eset , 2, 70, 16 ]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
NOD32 protected [MSAFD Tcpip [TCP/IP]]
    C:\WINDOWS\System32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [MSAFD Tcpip [UDP/IP]]
    C:\WINDOWS\System32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [MSAFD Tcpip [RAW/IP]]
    C:\WINDOWS\System32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [RSVP UDP Service Provider]
    C:\WINDOWS\System32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [RSVP TCP Service Provider]
    C:\WINDOWS\System32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32
    C:\WINDOWS\System32\imon.dll(Eset , NOD32 IMON - Internet scanning support)

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
N/A

==================================


[/CODE]



另外桌面还多了一个文本文件，说我用了盗版软件云云..

什么病毒啊..很恶劣啊..

参见：http://forum.ikaka.com/topic.asp?board=28&artid=8252224

太狠了...


现在系统还未恢复正常..