[CODE]

2007-04-17,14:22:27

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <SoundMan><SOUNDMAN.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <igfxtray><C:\WINDOWS\system32\igfxtray.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <igfxhkcmd><C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <igfxpers><C:\WINDOWS\system32\igfxpers.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
    <BIE><Rundll32 C:\WINDOWS\DOWNLO~1\BDPlugin.dll,Rundll32>  []
    <OfficeScanNT Monitor><"C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow>  [Trend Micro Inc.]
    <SysExplr><C:\Herosoft\HeroV8\SysExplr.EXE>  []
    <hp 1000 firmware><C:\Program Files\hp LaserJet 1000\fwdl.exe>  [Zenographics]
    <360tray.exe><C:\Program Files\safe360\360tray.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\UserInit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{BC207F7D-3E63-4ACA-99B5-FB5F8428200C}><C:\WINDOWS\DOWNLO~1\BDPlugin.dll>  []
    <{A16CA976-4B8D-47FC-A9F4-651C17B636EC}><C:\WINDOWS\system32\msow32cn.dll>  [TEC Solutions Limited.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    <WinlogonNotify: igfxcui><igfxdev.dll>  [(Verified)Microsoft Windows Publisher]

==================================
启动文件夹
[Acrobat Assistant]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Acrobat Assistant.lnk --> C:\PROGRA~1\Adobe\ACROBA~1.0\Distillr\acrotray.exe [Adobe Systems Inc.]><N>

服务
[Application Management / AppMgmt][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[C-DillaCdaC11BA / C-DillaCdaC11BA][Running/Auto Start]
  <C:\WINDOWS\system32\drivers\CDAC11BA.EXE><Macrovision>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[OfficeScanNT 实时扫描 / ntrtscan][Running/Auto Start]
  <"C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe"><Trend Micro Inc.>
[OfficeScanNT 个人防火墙 / OfcPfwSvc][Running/Auto Start]
  <"C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe"><Trend Micro Inc.>
[OfficeScanNT 侦听程序 / tmlisten][Running/Auto Start]
  <"C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe"><Trend Micro Inc.>
[Windows_rejoice / Windows_rejoice][Stopped/Auto Start]
  <C:\Program Files\Common Files\Microsoft Shared\MSINFO\rejoice4.exe><N/A>
[Windows Explorer Helper / Winehplr][Stopped/Auto Start]
  <C:\Program Files\Common Files\System\WinRdg32.exe><TEC Solutions Limited.>

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[CdaC15BA / CdaC15BA][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS><Macrovision Europe Ltd>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[Network Packet Filter / IPNPF][Running/Manual Start]
  <system32\drivers\ipnpf.sys><Politecnico di Torino>
[Padus ASPI Shell / pfc][Running/Manual Start]
  <system32\drivers\pfc.sys><Padus, Inc.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp][Running/Manual Start]
  <system32\DRIVERS\Rtlnicxp.sys><Realtek Semiconductor Corporation>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[Trend Micro Filter / TmFilter][Running/Auto Start]
  <\??\C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys><Trend Micro Inc.>
[Trend Micro PreFilter / TmPreFilter][Running/Auto Start]
  <\??\C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys><Trend Micro Inc.>
[Common Firewall Driver / TM_CFW][Running/Auto Start]
  <\??\C:\Program Files\Trend Micro\OfficeScan Client\tm_cfw.sys><Trend Micro Inc.>
[Trend Micro VSAPI NT / VSApiNt][Running/Auto Start]
  <\??\C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys><Trend Micro Inc.>

浏览器加载项
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[BHOHelper Class]
  {67A90DD6-128D-43AB-B97C-565D2DD42A28} <C:\Program Files\safe360\atloader.dll, 奇虎网>
[GetURL Class]
  {74E6FD24-0206-4E47-997D-BA6B88C8489D} <C:\WINDOWS\system32\CatchURL.dll, TEC Solutions Limited.>
[Google Toolbar Helper]
  {AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, N/A>
[AcroIEToolbarHelper Class]
  {AE7CD045-E861-484f-8273-0445EE161910} <C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll, N/A>
[百度搜霸]
  {B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\WINDOWS\DOWNLO~1\BaiDuBar.dll, >
[豪杰超级解霸V8]
  {367E0A21-8601-4986-9C9A-153BF5ACA118} <C:\Herosoft\HeroV8\STHSDVD.EXE, N/A>
[联想]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.lenovo.com, N/A>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Adobe PDF]
  {47833539-D0C5-4125-9FA8-0819E2EAAC93} <C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll, N/A>
[百度搜霸]
  {B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\WINDOWS\DOWNLO~1\BaiDuBar.dll, >
[&Google]
  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, N/A>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Adobe PDF]
  {47833539-D0C5-4125-9FA8-0819E2EAAC93} <C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll, N/A>
[BHOHelper Class]
  {67A90DD6-128D-43AB-B97C-565D2DD42A28} <C:\Program Files\safe360\atloader.dll, 奇虎网>
[GetURL Class]
  {74E6FD24-0206-4E47-997D-BA6B88C8489D} <C:\WINDOWS\system32\CatchURL.dll, TEC Solutions Limited.>
[Google Toolbar Helper]
  {AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, N/A>
[AcroIEToolbarHelper Class]
  {AE7CD045-E861-484F-8273-0445EE161910} <C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll, N/A>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[百度搜霸]
  {B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\WINDOWS\DOWNLO~1\BaiDuBar.dll, >
[safe360AutoLive]
  {E5212438-921F-44a3-8865-11C0B9BA4AF2} <C:\Program Files\safe360\autolive.dll, Microsoft Corporation>
[&Google Search]
  <res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html, N/A>
[&Translate English Word]
  <res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html, N/A>
[Backward Links]
  <res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html, N/A>
[Cached Snapshot of Page]
  <res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html, N/A>
[Similar Pages]
  <res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html, N/A>
[Translate Page into English]
  <res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[百度Flash搜索]
  <res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/FLASHSEARCH.HTM, N/A>
[百度mp3搜索]
  <res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUMP3.HTM, N/A>
[百度信息快递搜索]
  <res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUIE.HTM, N/A>
[百度图片搜索]
  <res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUIMG.HTM, N/A>
[百度搜索]
  <res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUSEARCH.HTM, N/A>
[百度新闻搜索]
  <res://C:\WINDOWS\DOWNLO~1\BaiDuBar.dll/BAIDUNEWS.HTM, N/A>
[豪杰超级解霸V8实时播放]
  <C:\Herosoft\HeroV8\MPURLGET.HTM, N/A>

正在运行的进程
[PID: 444][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 492][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 516][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WinWdg32.dll]  [TEC Solutions Limited., 2, 84, 2915, 0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 560][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 572][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 752][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\winoa32.dll]  [TEC Solutions Limited., 2, 84, 2915, 0]
    [C:\WINDOWS\system32\thooks.dll]  [TEC Solutions Limited., 2, 84, 2915, 0]
    [C:\WINDOWS\system32\oblknet.dll]  [TEC Solutions Limited., 2, 84, 2718, 0]
    [C:\WINDOWS\system32\ippcap.dll]  [Politecnico di Torino, 3, 0, 0, 18]
    [C:\WINDOWS\system32\IPpacket.dll]  [Politecnico di Torino, 3, 0, 0, 20]
    [C:\WINDOWS\system32\orcsdll.dll]  [TEC Solutions Limited., 2, 84, 2718, 0]
    [C:\WINDOWS\system32\orcshook.dll]  [TEC Solutions Limited., 2, 84, 2718, 0]
    [C:\WINDOWS\system32\winhafn.dll]  [TEC Solutions Limited., 1, 0, 8, 7]
    [C:\WINDOWS\system32\ipddraw.DLL]  [TEC Solutions Limited., 2, 84, 2718, 0]
[PID: 2012][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\AcSignIcon.dll]  [Autodesk, 16.0.0.86]
    [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll]  [Autodesk, 16.0.0.86]
    [C:\WINDOWS\DOWNLO~1\BDPlugin.dll]  [, 1, 0, 1, 1]
    [C:\WINDOWS\system32\thooks.dll]  [TEC Solutions Limited., 2, 84, 2915, 0]
    [C:\WINDOWS\system32\winhafn.dll]  [TEC Solutions Limited., 1, 0, 8, 7]
    [C:\WINDOWS\system32\winhason.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\WINDOWS\system32\winhashn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\WINDOWS\system32\shlcn32.dll]  [TEC Solutions Limited., 2, 84, 2915, 0]
    [C:\WINDOWS\system32\winimhs.dll]  [TEC Solutions Limited, 2, 84, 2718, 0]
    [C:\WINDOWS\system32\winimhc.dll]  [TEC Solutions Limited, 2, 84, 2718, 0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\safe360\adx.dll]  [奇虎网, 5, 1, 2607, 309]
    [C:\Program Files\safe360\autolive.dll]  [Microsoft Corporation, 5, 1, 2607, 309]
    [C:\Program Files\safe360\bhomgr.dll]  [Microsoft Corporation, 5, 1, 2607, 309]
    [C:\Program Files\safe360\urlcatch.dll]  [Microsoft Corporation, 5, 1, 2607, 309]
    [C:\Program Files\safe360\atloader.dll]  [奇虎网, 5, 1, 2607, 225]
    [C:\WINDOWS\system32\igfxpph.dll]  [Intel Corporation, 3.0.0.4396]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.4396]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.4396]
    [C:\WINDOWS\system32\igfxress.dll]  [Intel Corporation, 3.0.0.4396]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4396]
    [C:\WINDOWS\system32\msow32cn.dll]  [TEC Solutions Limited., 2, 84, 2915, 0]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 6.0.1.2003110300]
    [C:\WINDOWS\DOWNLO~1\BaiDuBar.dll]  [, 2, 0, 0, 0]
[PID: 904][C:\WINDOWS\system32\Rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\DOWNLO~1\BDPlugin.dll]  [, 1, 0, 1, 1]
    [C:\WINDOWS\system32\winimhc.dll]  [TEC Solutions Limited, 2, 84, 2718, 0]
    [C:\WINDOWS\system32\winhafn.dll]  [TEC Solutions Limited., 1, 0, 8, 7]
    [C:\WINDOWS\system32\winhashn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\WINDOWS\system32\thooks.dll]  [TEC Solutions Limited., 2, 84, 2915, 0]
[PID: 2120][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5, 1, 0, 51]
    [C:\WINDOWS\system32\winimhc.dll]  [TEC Solutions Limited, 2, 84, 2718, 0]
    [C:\WINDOWS\DOWNLO~1\BDPlugin.dll]  [, 1, 0, 1, 1]
    [C:\WINDOWS\system32\winhafn.dll]  [TEC Solutions Limited., 1, 0, 8, 7]
    [C:\WINDOWS\system32\winhashn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\WINDOWS\system32\thooks.dll]  [TEC Solutions Limited., 2, 84, 2915, 0]
[PID: 2136][C:\WINDOWS\system32\hkcmd.exe]  [Intel Corporation, 3.0.0.4396]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.4396]
    [C:\WINDOWS\system32\winimhc.dll]  [TEC Solutions Limited, 2, 84, 2718, 0]
    [C:\WINDOWS\DOWNLO~1\BDPlugin.dll]  [, 1, 0, 1, 1]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4396]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.4396]
    [C:\WINDOWS\system32\winhafn.dll]  [TEC Solutions Limited., 1, 0, 8, 7]
    [C:\WINDOWS\system32\winhashn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\WINDOWS\system32\thooks.dll]  [TEC Solutions Limited., 2, 84, 2915, 0]
[PID: 2144][C:\WINDOWS\system32\igfxpers.exe]  [Intel Corporation, 3.0.0.4396]
    [C:\WINDOWS\system32\winimhc.dll]  [TEC Solutions Limited, 2, 84, 2718, 0]
    [C:\WINDOWS\DOWNLO~1\BDPlugin.dll]  [, 1, 0, 1, 1]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4396]
    [C:\WINDOWS\system32\winhafn.dll]  [TEC Solutions Limited., 1, 0, 8, 7]
    [C:\WINDOWS\system32\winhashn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\WINDOWS\system32\thooks.dll]  [TEC Solutions Limited., 2, 84, 2915, 0]
[PID: 2192][C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe]  [Trend Micro Inc., 7.3.0.1028]
    [C:\Program Files\Trend Micro\OfficeScan Client\loadhttp.dll]  [Trend Micro Inc., 7.3.0.1028]
    [C:\Program Files\Trend Micro\OfficeScan Client\Pwd.dll]  [Trend Micro Inc., 7.3.0.1028]
    [C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInAPI.dll]  [Trend Micro Inc., 7.3.0.1028]
    [C:\Program Files\Trend Micro\OfficeScan Client\OfcPIPC.dll]  [N/A, ]
    [C:\Program Files\Trend Micro\OfficeScan Client\TimeString.dll]  [N/A, ]
    [C:\Program Files\Trend Micro\OfficeScan Client\ntmonres.dll]  [Trend Micro Inc., 7.3.0.1028]
    [C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInMain.dll]  [Trend Micro Inc., 7.3.0.1028]
    [C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInTray.dll]  [Trend Micro Inc., 7.3.0.1028]
    [C:\Program Files\Trend Micro\OfficeScan Client\tmdbg20.dll]  [trend_company_name, 1, 0, 0, 1]
    [C:\WINDOWS\system32\winimhc.dll]  [TEC Solutions Limited, 2, 84, 2718, 0]
    [C:\WINDOWS\DOWNLO~1\BDPlugin.dll]  [, 1, 0, 1, 1]
    [C:\WINDOWS\system32\winhafn.dll]  [TEC Solutions Limited., 1, 0, 8, 7]
    [C:\WINDOWS\system32\winhashn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\WINDOWS\system32\thooks.dll]  [TEC Solutions Limited., 2, 84, 2915, 0]
    [C:\Program Files\safe360\bhomgr.dll]  [Microsoft Corporation, 5, 1, 2607, 309]
[PID: 2212][C:\Herosoft\HeroV8\SysExplr.EXE]  [N/A, ]
    [C:\Herosoft\HeroV8\HttpReq.dll]  [N/A, ]
    [C:\Herosoft\HeroV8\CoolMenu.dll]  [N/A, ]
    [C:\Herosoft\HeroV8\httphlp.dll]  [N/A, ]
    [C:\Herosoft\HeroV8\AVCDROM.dll]  [N/A, ]

[C:\Program Files\safe360\bhomgr.dll]  [Microsoft Corporation, 5, 1, 2607, 309]
    [C:\WINDOWS\system32\winimhc.dll]  [TEC Solutions Limited, 2, 84, 2718, 0]
    [C:\WINDOWS\DOWNLO~1\BDPlugin.dll]  [, 1, 0, 1, 1]
    [C:\Herosoft\HeroV8\Sys936.DLL]  [N/A, ]
    [C:\WINDOWS\system32\winhafn.dll]  [TEC Solutions Limited., 1, 0, 8, 7]
    [C:\WINDOWS\system32\winhashn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\WINDOWS\system32\thooks.dll]  [TEC Solutions Limited., 2, 84, 2915, 0]
[PID: 2248][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\winimhc.dll]  [TEC Solutions Limited, 2, 84, 2718, 0]
    [C:\WINDOWS\DOWNLO~1\BDPlugin.dll]  [, 1, 0, 1, 1]
    [C:\WINDOWS\system32\winhafn.dll]  [TEC Solutions Limited., 1, 0, 8, 7]
    [C:\WINDOWS\system32\winhashn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\WINDOWS\system32\thooks.dll]  [TEC Solutions Limited., 2, 84, 2915, 0]
[PID: 2440][C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe]  [Adobe Systems Inc., 6.0.1.2003102300]
    [C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.chs]  [Adobe Systems Inc., 6.0.0.0]
    [C:\Program Files\safe360\bhomgr.dll]  [Microsoft Corporation, 5, 1, 2607, 309]
    [C:\WINDOWS\system32\winimhc.dll]  [TEC Solutions Limited, 2, 84, 2718, 0]
    [C:\WINDOWS\DOWNLO~1\BDPlugin.dll]  [, 1, 0, 1, 1]
    [C:\WINDOWS\system32\winhafn.dll]  [TEC Solutions Limited., 1, 0, 8, 7]
    [C:\WINDOWS\system32\winhashn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\WINDOWS\system32\thooks.dll]  [TEC Solutions Limited., 2, 84, 2915, 0]
[PID: 3736][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\safe360\bhomgr.dll]  [Microsoft Corporation, 5, 1, 2607, 309]
    [C:\WINDOWS\system32\winimhc.dll]  [TEC Solutions Limited, 2, 84, 2718, 0]
    [C:\WINDOWS\DOWNLO~1\BDPlugin.dll]  [, 1, 0, 1, 1]
    [C:\WINDOWS\system32\AcSignIcon.dll]  [Autodesk, 16.0.0.86]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll]  [N/A, ]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ATL.DLL]  [Microsoft Corporation, 3.00.8449]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 6.0.1.2003110300]
    [C:\Program Files\safe360\atloader.dll]  [奇虎网, 5, 1, 2607, 225]
    [C:\WINDOWS\system32\CatchURL.dll]  [TEC Solutions Limited., 2, 84, 2915, 0]
    [C:\WINDOWS\DOWNLO~1\BaiDuBar.dll]  [, 2, 0, 0, 0]
    [C:\WINDOWS\system32\winhafn.dll]  [TEC Solutions Limited., 1, 0, 8, 7]
    [C:\WINDOWS\system32\winhason.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\WINDOWS\system32\winhashn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\WINDOWS\system32\thooks.dll]  [TEC Solutions Limited., 2, 84, 2915, 0]
    [C:\Program Files\safe360\urlcatch.dll]  [Microsoft Corporation, 5, 1, 2607, 309]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
[PID: 3972][C:\Documents and Settings\Owner\桌面\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\Program Files\safe360\bhomgr.dll]  [Microsoft Corporation, 5, 1, 2607, 309]
    [C:\WINDOWS\system32\winimhc.dll]  [TEC Solutions Limited, 2, 84, 2718, 0]
    [C:\WINDOWS\DOWNLO~1\BDPlugin.dll]  [, 1, 0, 1, 1]
    [C:\WINDOWS\system32\winhafn.dll]  [TEC Solutions Limited., 1, 0, 8, 7]
    [C:\WINDOWS\system32\winhashn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\WINDOWS\system32\thooks.dll]  [TEC Solutions Limited., 2, 84, 2915, 0]
[PID: 3988][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\safe360\bhomgr.dll]  [Microsoft Corporation, 5, 1, 2607, 309]
    [C:\WINDOWS\system32\winimhc.dll]  [TEC Solutions Limited, 2, 84, 2718, 0]
    [C:\WINDOWS\DOWNLO~1\BDPlugin.dll]  [, 1, 0, 1, 1]
    [C:\WINDOWS\system32\AcSignIcon.dll]  [Autodesk, 16.0.0.86]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll]  [N/A, ]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ATL.DLL]  [Microsoft Corporation, 3.00.8449]
    [C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 6.0.1.2003110300]
    [C:\Program Files\safe360\atloader.dll]  [奇虎网, 5, 1, 2607, 225]
    [C:\WINDOWS\system32\CatchURL.dll]  [TEC Solutions Limited., 2, 84, 2915, 0]
    [C:\WINDOWS\DOWNLO~1\BaiDuBar.dll]  [, 2, 0, 0, 0]
    [C:\WINDOWS\system32\winhafn.dll]  [TEC Solutions Limited., 1, 0, 8, 7]
    [C:\WINDOWS\system32\winhason.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\WINDOWS\system32\winhashn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\WINDOWS\system32\thooks.dll]  [TEC Solutions Limited., 2, 84, 2915, 0]
    [C:\Program Files\safe360\urlcatch.dll]  [Microsoft Corporation, 5, 1, 2607, 309]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\WINWB86.IME]  [Microsoft Corporation, 4.00.950]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
[C:\]
[AutoRun]
OPEN=setup.exe
shellexecute=setup.exe
shell\Auto\command=setup.exe
[E:\]
[AutoRun]
OPEN=setup.exe
shellexecute=setup.exe
shell\Auto\command=setup.exe

==================================
HOSTS 文件
127.0.0.1      localhost

==================================

API HOOK
入口点错误：DeleteFileA (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\winhafn.dll)
入口点错误：DeleteFileW (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\winhafn.dll)
入口点错误：MoveFileA (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\winhafn.dll)
入口点错误：MoveFileExA (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\winhafn.dll)
入口点错误：MoveFileExW (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\winhafn.dll)
入口点错误：MoveFileW (危险等级: 高,  被下面模块所HOOK: C:\WINDOWS\system32\winhafn.dll)
入口点错误：CreateProcessA (危险等级: 一般,  被下面模块所HOOK: C:\WINDOWS\system32\winhafn.dll)
入口点错误：CreateProcessW (危险等级: 一般,  被下面模块所HOOK: C:\WINDOWS\system32\winhafn.dll)

==================================
隐藏进程
N/A

多谢各位！
把上那几个文件删掉之后，病毒好像是没有了，
但是IE打不开二级网页，不知道是不是误删了什么有用的文件

<C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>这个文件因为找不到，我是把
C:\WINDOWS\system32\svchost.exe 整个删掉的，现在进程里面一个svchost都没有，这下惨了，有没有什么办法可以修复啊？没有做备份的。