置顶的转杀下不了
我去下了江民的专杀怎么发都发现不了病毒啊 安全模式也杀了也杀不了,卡巴给病毒关了开不了 logo1_.exe真害人啊  用ewido.exe也发现不了 但是超级兔子能发现也给病毒破坏的 不能工作了  硬盘也打不开 只有系统所在盘能打开 所有图标全给改成空白色了  CPU100%  安全模式下双击硬盘 E  D  F盘随便哪个盘竟然打开的超级兔子  奇怪!! C盘正常
安全模式下logo1_.exe进程里也有 在普通模式下进程表里logo1_.exe关不掉
我不想重装系统啊  有办法吗
操作系统：  Windows XP SP2 (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\logo1_.exe
C:\WINDOWS\logo1_.exe
C:\WINDOWS\system32\ctfmon.exe
D:\鱼鱼桌面秀\XDeskShow.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\logo1_.exe
D:\新建文件夹 (2)\cfosdnt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\logo1_.exe
F:\Hijackthis1991zww\HijackThis1991zww.exe
C:\WINDOWS\logo1_.exe
F:\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\logo1_.exe

O2 - BHO: (no name) - {105E4D0C-5E21-41ED-90F9-013EEF271BD6} - C:\WINDOWS\system32\widgetdownload.dll
O2 - BHO: 超级兔子上网精灵 - {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} - D:\MAGICSET\haokanbar.dll
O3 - IE工具栏增项: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - IE工具栏增项: 超级兔子上网精灵 - {43869BB3-22FD-4F15-9B46-238106BA2F4E} - D:\MAGICSET\haokanbar.dll
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - 启动项HKLM\\Run: [ATIPTA] ; C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - 启动项HKLM\\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - 启动项HKLM\\Run: [kav] "F:\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - 启动项HKLM\\Run: [BigDogPath] ; C:\WINDOWS\VM_STI.EXE 双飞燕 PK-635 数码眼
O4 - 启动项HKLM\\Run: [logo1_.exe] C:\WINDOWS\logo1_.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [XDeskShow] D:\鱼鱼桌面秀\XDeskShow.exe
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - D:\QQ\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 使用Web迅雷下载 - d:\WebThunder\GetUrl.htm
O8 - IE右键菜单中的新增项目: 使用Web迅雷下载全部链接 - d:\WebThunder\GetAllUrl.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - D:\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\QQ\AddEmotion.htm
O9 - 浏览器额外的按钮: 启动Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)
O9 - 浏览器额外的“工具”菜单项: 启动Web迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\QQ\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\QQ\QQ.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8B367A5-1664-4CF7-9BA4-3799F1CE4A80}: NameServer = 202.101.224.69 202.101.226.68
O20 - AppInit_DLLs: 919331M.BMP
O23 - NT 服务: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - NT 服务: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - NT 服务: 卡巴斯基反病毒软件6.0 (AVP) - Unknown owner - F:\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)

2007-01-10,22:03:30

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <XDeskShow><D:\鱼鱼桌面秀\XDeskShow.exe>  [鱼鱼软件]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <NVMixerTray><"C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe">  [NVIDIA Corporation]
    <ATIPTA><; C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe>  [N/A]
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [N/A]
    <kav><"F:\Kaspersky Anti-Virus 6.0\avp.exe">  [N/A]
    <BigDogPath><; C:\WINDOWS\VM_STI.EXE 双飞燕 PK-635 数码眼>  [N/A]
    <logo1_.exe><C:\WINDOWS\logo1_.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <logo1_.exe><C:\WINDOWS\logo1_.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><919331M.BMP>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <ATICCC><; "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe">  [N/A]
    <logo1_.exe><; C:\WINDOWS\logo1_.exe>  [N/A]
    <StormCodec_Helper><; "D:\Storm Codec\StormSet.exe" /S /opti>  [N/A]
    <SunJavaUpdateSched><; "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe">  [Sun Microsystems, Inc.]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <SymhMy><; C:\WINDOWS\system32\iexpl0re.exe>  [N/A]
    <SyrxMy><; C:\WINDOWS\system32\iexp1ore.exe>  [N/A]
    <SywlMy><; C:\WINDOWS\system32\lexplore.exe>  [N/A]
    <SyztMy><; C:\WINDOWS\system32\expiorer.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <wsvbs><; C:\WINDOWS\2.exe>  [N/A]

==================================
启动文件夹
N/A

==================================
服务
[Ati HotKey Poller / Ati HotKey Poller]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart]
  <C:\WINDOWS\system32\ati2sgag.exe><>
[卡巴斯基反病毒软件6.0 / AVP]
  <"F:\Kaspersky Anti-Virus 6.0\avp.exe" -r><N/A>
[ewido anti-spyware 4.0 guard / ewido anti-spyware 4.0 guard]
  <F:\ewido_4.0.0.172c\ewido anti-spyware 4.0\guard.exe><N/A>
[ewido security suite guard / ewido security suite guard]
  <><N/A>
[Human Interface Device Access / HidServ]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT]
  <"C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"><Macrovision Corporation>
[Distributed Link Tracking ClientIkanKan / ServiceIkanKan]
  <><N/A>
[Windows DHCP Service / WinDHCPsvc]
  <C:\WINDOWS\system32\rundll32.exe windhcp.ocx,start><Microsoft Corporation>

驱动程序
[ati2mtag / ati2mtag]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[atksgt / atksgt]
  <system32\DRIVERS\atksgt.sys><N/A>
[Rising TDI Base Driver / BaseTDI]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[cFosNT / cFosNT]
  <\SystemRoot\System32\Drivers\cFosNT.sys><cFos Software GmbH>
[dtscsi / dtscsi]
  <\SystemRoot\System32\Drivers\dtscsi.sys><N/A>
[ewido anti-spyware 4.0 driver / ewido anti-spyware 4.0 driver]
  <\??\F:\ewido_4.0.0.172c\ewido anti-spyware 4.0\guard.sys><N/A>
[ewido security suite driver / ewido security suite driver]
  <\??\D:\EWIDO3.5\EWIDO3.5\guard.sys><N/A>
[HOOKAPI / HOOKAPI]
  <\??\D:\RAV\HookApi.Sys><N/A>
[ithsgt / ithsgt]
  <system32\DRIVERS\ithsgt.sys><N/A>
[kl1 / kl1]
  <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[lcook / lcook]
  <\??\C:\WINDOWS\TEMP\cbtb.sys><N/A>
[lilsgt / lilsgt]
  <system32\DRIVERS\lilsgt.sys><N/A>
[lirsgt / lirsgt]
  <system32\DRIVERS\lirsgt.sys><N/A>
[litsgt / litsgt]
  <system32\DRIVERS\litsgt.sys><N/A>
[Netgroup Packet Filter / NPF]
  <system32\DRIVERS\npf.sys><CACE Technologies>
[npkcrypt / npkcrypt]
  <\??\D:\QQ\npkcrypt.sys><N/A>
[npkycryp / npkycryp]
  <\??\D:\QQ\npkycryp.sys><N/A>
[nvata / nvata]
  <\SystemRoot\system32\DRIVERS\nvata.sys><NVIDIA Corporation>
[Service for NVIDIA(R) nForce(TM) Audio Enumerator / nvax]
  <system32\drivers\nvax.sys><NVIDIA Corporation>
[NVIDIA nForce Networking Controller Driver / NVENETFD]
  <system32\DRIVERS\NVENETFD.sys><NVIDIA Corporation>
[NVIDIA Network Bus Enumerator / nvnetbus]
  <system32\DRIVERS\nvnetbus.sys><NVIDIA Corporation>
[Service for NVIDIA(R) nForce(TM) Audio / nvnforce]
  <system32\drivers\nvapu.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[QuakeDRV / QuakeDRV]
  <\SystemRoot\system32\DRIVERS\quakedrv.sys><N/A>
[Secdrv / Secdrv]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[StarForce Protection Environment Driver (version 1.x) / sfdrv01]
  <\SystemRoot\System32\drivers\sfdrv01.sys><Protection Technology>
[StarForce Protection Helper Driver (version 2.x) / sfhlp02]
  <\SystemRoot\System32\drivers\sfhlp02.sys><Protection Technology>
[StarForce Protection Synchronization Driver (version 2.x) / sfsync02]
  <\SystemRoot\System32\drivers\sfsync02.sys><Protection Technology>
[sptd / sptd]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[tansgt / tansgt]
  <system32\DRIVERS\tansgt.sys><N/A>
[TCP/IP Protocol Driver / Tcpip]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[TSP / TSP]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>

==================================
浏览器加载项
[]
  {105E4D0C-5E21-41ED-90F9-013EEF271BD6} <C:\WINDOWS\system32\widgetdownload.dll, 鱼鱼桌面秀widget插件下载工具>
[超级兔子上网精灵]
  {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <D:\MAGICSET\haokanbar.dll, Xiang Feng Technology>
[启动Web迅雷]
  {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\QQ\QQ.EXE, TENCENT>
[&Google]
  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <, N/A>
[超级兔子上网精灵]
  {43869BB3-22FD-4F15-9B46-238106BA2F4E} <D:\MAGICSET\haokanbar.dll, Xiang Feng Technology>
[Java Plug-in 1.5.0_10]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll, N/A>
[Java Plug-in 1.5.0_10]
  {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll, N/A>
[Java Plug-in 1.5.0_10]
  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll, Sun Microsystems, Inc.>
[]
  {105E4D0C-5E21-41ED-90F9-013EEF271BD6} <C:\WINDOWS\system32\widgetdownload.dll, 鱼鱼桌面秀widget插件下载工具>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[&Google]
  {2318C2B1-4965-11D4-9B18-009027A5CD4F} <, N/A>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[超级兔子上网精灵]
  {43869BB3-22FD-4F15-9B46-238106BA2F4E} <D:\MAGICSET\haokanbar.dll, Xiang Feng Technology>
[Flash 7]
  {492B8F66-B8CF-4F7A-B0EE-B7383B92F5BA} <C:\WINDOWS\system\IceHBO.dll, N/A>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[超级兔子上网精灵]
  {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <D:\MAGICSET\haokanbar.dll, Xiang Feng Technology>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Blueskyvoice Control]
  {991481A7-4669-4E15-8C24-100404E1F5CB} <C:\PROGRA~1\Bluesky\BLUESK~1\BLUESK~2.OCX, 蓝天工作室(http://www.bluesky.cn)>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[上传到QQ网络硬盘]
  <D:\QQ\AddToNetDisk.htm, N/A>
[使用Web迅雷下载]
  <d:\WebThunder\GetUrl.htm, N/A>
[使用Web迅雷下载全部链接]
  <d:\WebThunder\GetAllUrl.htm, N/A>
[添加到QQ自定义面板]
  <D:\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <, N/A>

正在运行的进程
[PID: 884][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 948][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 988][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4152]
[PID: 1036][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1048][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1212][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4152]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2509]
    [C:\WINDOWS\system32\atipdlxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2513]
[PID: 1224][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1292][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1508][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1556][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4152]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2509]
    [C:\WINDOWS\system32\atipdlxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2513]
    [C:\WINDOWS\system32\ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4152]
[PID: 1596][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1688][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1952][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 364][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\widgetdownload.dll]  [鱼鱼桌面秀widget插件下载工具, 1.3.0.0]
    [C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll]  [, 1, 0, 0, 1]
    [d:\WinRAR\rarext.dll]  [N/A, N/A]
    [D:\KnightV\Tools\KVD\kscdrush.dll]  [金山软件股份有限公司, 5, 0, 0, 0]
    [F:\Kaspersky Anti-Virus 6.0\shellex.dll]  [Kaspersky Lab, 6.0.0.299]
    [F:\ewido_4.0.0.172c\ewido anti-spyware 4.0\context.dll]  [Anti-Malware Development a.s., 4, 0, 0, 172]
    [C:\WINDOWS\system32\CmdLineExt.dll]  [Sony DADC Austria AG., 1,0,201,0]
[PID: 600][C:\WINDOWS\logo1_.exe]  [N/A, N/A]
[PID: 616][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 632][D:\鱼鱼桌面秀\XDeskShow.exe]  [鱼鱼软件, 1.8.2.903]
    [D:\鱼鱼桌面秀\Res\Dll\weather100.dll]  [, 1.3.0.428]
    [D:\鱼鱼桌面秀\Res\Dll\calendar100.dll]  [, 1.2.0.317]
[PID: 484][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1416][C:\WINDOWS\system32\taskmgr.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1436][C:\WINDOWS\logo1_.exe]  [N/A, N/A]
[PID: 1228][D:\新建文件夹 (2)\cfosdnt.exe]  [cFos Software GmbH, 7.04.2968]
[PID: 940][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3088][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\MAGICSET\haokanbar.dll]  [Xiang Feng Technology, 2, 2, 0, 1612]
    [C:\WINDOWS\system32\widgetdownload.dll]  [鱼鱼桌面秀widget插件下载工具, 1.3.0.0]
    [F:\Kaspersky Anti-Virus 6.0\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
    [F:\Kaspersky Anti-Virus 6.0\klscav.dll]  [Kaspersky Lab, 6.0.0.299]
    [F:\Kaspersky Anti-Virus 6.0\prloader.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\WINDOWS\system32\gamepy.ime]  [PRIVATE, 1, 0, 0, 1]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx]  [Adobe Systems, Inc., 9,0,7,0]
[PID: 5736][C:\WINDOWS\logo1_.exe]  [N/A, N/A]
[PID: 3288][E:\BitComet\BitComet.exe]  [www.BitComet.com, 0.70]
    [F:\Kaspersky Anti-Virus 6.0\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
    [F:\Kaspersky Anti-Virus 6.0\klscav.dll]  [Kaspersky Lab, 6.0.0.299]
    [F:\Kaspersky Anti-Virus 6.0\prloader.dll]  [Kaspersky Lab, 6.0.0.299]
[PID: 4816][C:\sreng2\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
[D:\]
[AutoRun]
OPEN=pif.exe
shellexecute=pif.exe
shell\打开(&O)\command=pif.exe

==================================
HOSTS 文件
N/A

sreng2已经扫描呈上.机子比较卡啊 ,有热血高手教我手工删除一下不

我按UFO达人的第一步就是删除注册表和服务做
您第4步打开打开HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run删除以下项目
<logo1_.exe><C:\WINDOWS\logo1_.exe> 
这个<logo1_.exe>没有呀
还有那步为空是不是把键值删除为空就可以了 我能做的都做了 但是进程表还是有<logo1_.exe>  不过进程表可以关掉这进程了
您说的第2大步 打开文件强行删除C:\WINDOWS\system32\iexp1ore.

您说的用冰刃打开文件删除 这几样找不到 L别的删掉了
C:\WINDOWS\system32\iexp1ore.exe
C:\WINDOWS\system32\lexplore.exe
C:\WINDOWS\system32\expiorer.exe
919331M.BMP（应该在c:\windows或者c:\windows\system32下）
windhcp.ocx（应该在c:\windows或者c:\windows\system32下）

恩 我来结合结合2位达人的意见再重器电脑扫一遍上来