瑞星卡卡安全论坛

以上图上说明就是最基本的删除方法，只要知道病毒的路径，复制粘贴上就可以删除它们。
不需要手动查找，也不受注册表的限制，方便，快捷，而且安全，最适合菜鸟的使用。

对于删除一些运行中的DLL或EXE等文件，且需要一些小技巧
比如
删除运行中的DLL
可以尝试勾选，“删除前先结束Explorer.EXE进程”不行再试着勾选"删除DLL文件前反注册此文件"通常能得到很好的效果。
另外还有，勾选，“替换后重启电脑”与“替换文件”，用这招，我曾用这招成功删除过运行中的SYS驱动文件。
每删除一个文件，KillBox都会提示备份，如果不备份且不能删除，删除后，会在分区根目录上生成一个叫！submit的文件夹，可以直接删除。

以上几项相信不难看懂，很实用，希望众菜鸟们能用心记下来，并灵活运用。
另外，在“工具”选项里，还有一些额外的，便捷的运行方式。
另有一个以知的问题
比如，在删除文件时，有时桌面的进程会死掉（桌面一片蓝色，什么都没有）这时可以ALT+CTRL+DELETE调出任务管理器，点“文件”“新任务”“浏览”找C:\WINDOWS\explorer.exe
“确定”就能恢复正常。
好，KillBox就介绍到这里，若喜欢，请到www.27814939.ys168.com,点“我的软件”下载

最后再讨论一下使用心得。
本人认为
KillBox.exe并不像它号称的那样能删除任何文件的利器，它只是集成了一些命令，能让人更容易的运用。
所以，如果你总是无法删除时，就得想想其它原因了。
这个时候，建议立个帖子
下载 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完，分次粘完，请不要修改


（看不清楚图片可以双击图片，或右击选择“图片另存为”下载到本地硬盘上）

附件: 31769720069205639.jpg

无邪大哥这么晚还在。。。辛苦了

你不也一样吗？你也辛苦了

手工删除病毒对于菜鸟来讲的确是件难事，每日里这类的问题不知有多少，为了以后没必要太辛苦，就选择发了这个帖子

希望菜鸟能学会这几招。

恩，但你太晚发了，如果斑竹看到，能置一下顶就好了
希望多些人看到，我觉得KILLBOX还是挺好用的

呵呵，我还在呀。现在置顶帖那块太挤了，每置顶一个就要自动把另一个取消置顶。
已加入置顶的重要帖子索引中了。

好的，小聪今天在线很久了，辛苦了

killbox用“替换后重启电脑”与“替换文件”来删除文件，实质上应该是利用了系统延迟删除的功能。
对于延迟删除的原理，System Repair Engineer的作者smallfrogs曾有详细解析，有兴趣的，可以到http://www.kztechs.com/下载他的原创文章《延迟删除的故事》来了解。

【回复“轩辕小聪”的帖子】
谢谢 就是看不明白这个  下了看看去

真好！

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [Microsoft Corporation]
    <iDuba Personal FireWall><>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
    <run><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [Microsoft Corporation]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [NVIDIA Corporation]
    <nwiz><nwiz.exe /install>  []
    <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [NVIDIA Corporation]
    <SoundMan><SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]
    <LHotkey><LHotkey.exe>  [Chicony]
    <Kavrun><>  []
    <iDuba Personal FireWall><>  []
    <KavStart><"C:\kav2005\KAVStart.exe" -startup>  [Kingsoft Corporation]
    <FixCamera><C:\WINDOWS\FixCamera.exe>  []
    <tsnpstd3><C:\WINDOWS\tsnpstd3.exe>  []
    <stup.exe><C:\PROGRA~1\TENCENT\Adplus\stup.exe>  [Tencent]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <CONFIGURATION><rundll32.exe C:\WINDOWS\system32\tapidef.dll,Start>  []
    <DEFAULT><rundll32.exe C:\WINDOWS\system32\SYSPOL~1.DLL,Start>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <stdup><>  []
    <Vision><>  []

==================================
启动文件夹
服务
[dlcg_device / dlcg_device]
  <C:\WINDOWS\system32\dlcgcoms.exe -service><>
[Windows Rwxf / FRundlll]
  <C:\WINDOWS\system32\lasss.exe -NetSata><N/A>
[Kingsoft Antivirus KWatch Service / KWatchSvc]
  <C:\kav2005\KWatch.EXE><Kingsoft Corporation>
[NetWork Download / NetworkWUP]
  <C:\WINDOWS\system32\WinMgmt.exe><N/A>
[NVIDIA Display Driver Service / NVSvc]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[system30 / system30]
  <C:\WINDOWS\system30.exe><N/A>
[UpdateService / UpdateService]
  <C:\WINDOWS\system32\UpdateService.exe><N/A>

==================================
浏览器加载项
[MyIEHelper Class]
  {16B770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper200687_4559.dll, N/A>
[BandIE Class]
  {77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[启动迅雷]
  {0062C9BD-B349-40DE-91A0-755F37ACD559} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[Yahoo 3.5G电邮]
  {507F9113-CD77-4866-BA92-0E86DA3D0B97} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail, N/A>
[寻宝乐趣多]
  {59BC54A2-56B3-44a0-93E5-432D58746E26} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=taobao, N/A>
[雅虎助手]
  {5D73EE86-05F1-49ed-B850-E423120EC338} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist, N/A>
[情景聊天]
  {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg, N/A>
[]
  {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair, N/A>
[]
  {FD00D911-7529-4084-9946-A29F1BDF4FE5} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean, N/A>
[雅虎助手]
  {406F94F0-504F-4A40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, yahoo! china>
[百度超级搜霸]
  {B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[WebActivater Control]
  {3D8F74EE-8692-4F8F-B8D2-7522E732519E} <C:\WINDOWS\system32\WEBACT~1.OCX, QQ>
[Internet System]
  {49E0E0F0-5C30-11D4-945D-000000007667} <C:\WINDOWS\system32\IESeven.dll, 7667.Com .Inc>
[Downloader Class]
  {5932517A-3326-4439-A708-1C98EDB5C549} <C:\WINDOWS\system32\iMopDl.dll, >
[VnetAnprIns Class]
  {74447F9C-5691-4A9A-8BE4-564092E40B03} <C:\WINDOWS\Downloaded Program Files\anprins.dll, 中国电信股份有限公司>
[Qzone Media Tools]
  {A96C48EA-AA88-4BBD-B58C-7B41146A6EAC} <d:\Tencent\qq\QZONE\QZONEM~1.OCX, Tencent Technology (Shenzhen) Company Limited>
[photo_uploader Control]
  {A984ED9F-E8DA-44E5-BC18-C14B9ABEF79D} <C:\WINDOWS\DOWNLO~1\PHOTO_~1.OCX, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[Tencent Browser Helper]
  {0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\Adplus\SSAddr.dll, Tencent>
[MyIEHelper Class]
  {16B770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper200687_4559.dll, N/A>
[MemoryManager Class]
  {2CE7166E-8BBA-4E76-BA7E-02AB3C573011} <C:\WINDOWS\system32\cytdcli.dll, 北京创原天地科技有限公司>
[Yahoo!Photo]
  {33BBE430-0E42-4F12-B075-8D21ACB10DCB} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll, Yahoo! China>
[AntiFish Class]
  {38928D50-8A48-44C2-945F-D2F23F771410} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll, N/A>
[雅虎助手]
  {406F94F0-504F-4A40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, yahoo! china>
[超级兔子上网精灵]
  {43869BB3-22FD-4F15-9B46-238106BA2F4E} <, N/A>
[Internet System]
  {49E0E0F0-5C30-11D4-945D-000000007667} <C:\WINDOWS\system32\IESeven.dll, 7667.Com .Inc>
[]
  {669751ED-D558-49AE-B01A-3B374CC7910E} <C:\WINDOWS\system32\ssup.dll, TENCENT>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[超级兔子上网精灵]
  {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <, N/A>
[MediaComm Class]
  {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <C:\Program Files\Thunder Network\Thunder\Components\InMedia\MediaAddin07.dll, Thunder Networking Technologies,LTD>
[BandIE Class]
  {77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[百度超级搜霸]
  {B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[QuickBtn]
  {D1BB7CF4-4463-4E91-88D7-ECC3CE0A13B7} <C:\Program Files\kuzhan\kuzhan.dll, Fengcent>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[&使用迅雷下载]
  <C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
  <C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[上传到QQ网络硬盘]
  <d:\Tencent\qq\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
  <d:\Tencent\qq\AddPanel.htm, N/A>
[添加到QQ表情]
  <d:\Tencent\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <d:\Tencent\qq\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 484][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 540][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 564][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 612][C:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>

[C:\WINDOWS\system32\UpdateModule.dll]  <N/A><N/A>
[PID: 624][C:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 776][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 836][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 904][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 956][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1032][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1092][C:\kav2005\KWatch.EXE]  <Kingsoft Corporation><2005, 11, 21, 53>
    [C:\kav2005\KAVIPC2.DLL]  <Kingsoft Corporation><2004, 12, 28, 20>
    [C:\kav2005\KAEPlat.DLL]  <Kingsoft Corp.><2004, 11, 26, 53>
    [C:\kav2005\KAEMem.DAT]  <Kingsoft><2004, 11, 9, 11>
[PID: 1164][C:\WINDOWS\system32\spoolsv.exe]  <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
    [C:\WINDOWS\system32\dlcglmpm.DLL]  < ><1.154.24.0>
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\dlcgPP5C.dll]  <Dell, Inc.><2.15.114.68>
[PID: 1992][C:\WINDOWS\system32\lasss.exe]  <N/A><N/A>
[PID: 2028][C:\WINDOWS\system32\nvsvc32.exe]  <NVIDIA Corporation><6.14.10.8185>
[PID: 192][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\Program Files\Dell AIO 810\dlcgdrs.dll]  <Dell><2.6.65.22>
    [C:\WINDOWS\system32\dlcgcfg.dll]  <><1, 0, 0, 1>
    [C:\Program Files\Dell AIO 810\dlcgcnv4.dll]  <N/A><N/A>
[PID: 412][C:\WINDOWS\system32\UpdateService.exe]  <N/A><N/A>
[PID: 1636][C:\WINDOWS\System32\alg.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1808][C:\WINDOWS\system32\dlcgcoms.exe]  < ><1.154.24.0>
    [C:\WINDOWS\system32\dlcgprox.dll]  < ><1.154.24.0>
    [C:\WINDOWS\system32\dlcgserv.dll]  < ><1.154.24.0>
    [C:\WINDOWS\system32\dlcgusb1.dll]  < ><1.154.24.0>
[PID: 456][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\downlo~1\Orea.dll]  <Tencent><4, 2, 5, 51>
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 9>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <Yahoo! China><3, 0, 2, 1020>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll]  <Yahoo! China><3, 0, 9, 1015>
    [C:\kav2005\KASocket.dll]  <Kingsoft Corporation><2005, 2, 22, 233>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\yalive.dll]  <yahoo! china><3, 2, 5, 1075>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]  <Yahoo! China><3, 0, 1, 1010>
    [C:\PROGRA~1\baidu\bar\baidubar.dll]  <Baidu.com, Inc.><2, 0, 2, 106>
[PID: 1216][C:\WINDOWS\SOUNDMAN.EXE]  <Realtek Semiconductor Corp.><5, 1, 0, 51>
    [C:\kav2005\KASocket.dll]  <Kingsoft Corporation><2005, 2, 22, 233>
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 9>
    [C:\WINDOWS\downlo~1\Orea.dll]  <Tencent><4, 2, 5, 51>
[PID: 1856][C:\WINDOWS\LHotkey.exe]  <Chicony><1. 0. 0. 1>
    [C:\WINDOWS\HKNTDLL.dll]  <N/A><N/A>
    [C:\kav2005\KASocket.dll]  <Kingsoft Corporation><2005, 2, 22, 233>
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 9>
    [C:\WINDOWS\downlo~1\Orea.dll]  <Tencent><4, 2, 5, 51>
[PID: 524][C:\kav2005\KAVStart.exe]  <Kingsoft Corporation><2005, 10, 10, 150>
    [C:\kav2005\KAVIPC2.DLL]  <Kingsoft Corporation><2004, 12, 28, 20>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll]  <Yahoo! China><3, 0, 9, 1015>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <Yahoo! China><3, 0, 2, 1020>
    [C:\WINDOWS\downlo~1\Orea.dll]  <Tencent><4, 2, 5, 51>
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 9>
    [C:\kav2005\KASocket.dll]  <Kingsoft Corporation><2005, 2, 22, 233>
[PID: 3672][C:\WINDOWS\FixCamera.exe]  <><1, 0, 0, 3>
    [C:\kav2005\KASocket.dll]  <Kingsoft Corporation><2005, 2, 22, 233>
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 9>
    [C:\WINDOWS\downlo~1\Orea.dll]  <Tencent><4, 2, 5, 51>
[PID: 3884][C:\WINDOWS\tsnpstd3.exe]  <><1, 1, 3, 1>
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 9>
    [C:\WINDOWS\downlo~1\Orea.dll]  <Tencent><4, 2, 5, 51>
    [C:\kav2005\KASocket.dll]  <Kingsoft Corporation><2005, 2, 22, 233>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <Yahoo! China><3, 0, 2, 1020>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll]  <Yahoo! China><3, 0, 9, 1015>
[PID: 284][C:\Program Files\Dell AIO 810\dlcgmon.exe]  <Dell><2.6.65.22>
    [C:\Program Files\Dell AIO 810\dlcgscw.dll]  <Dell><2.6.65.22>
    [C:\Program Files\Dell AIO 810\dlcgcfg.dll]  <><1, 0, 0, 1>
    [C:\Program Files\Dell AIO 810\dlcgtsfw.dll]  <><2.6.11.5>
    [C:\Program Files\Dell AIO 810\dlcgdrec.dll]  <><2.0.15.2>
    [C:\WINDOWS\downlo~1\Orea.dll]  <Tencent><4, 2, 5, 51>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <Yahoo! China><3, 0, 2, 1020>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll]  <Yahoo! China><3, 0, 9, 1015>
    [C:\Program Files\Dell AIO 810\dlcgcomc.dll]  < ><1.154.24.0>
    [C:\Program Files\Dell AIO 810\dlcgpplc.dll]  < ><1.154.24.0>
    [C:\WINDOWS\system32\dlcgprox.dll]  < ><1.154.24.0>
    [C:\kav2005\KASocket.dll]  <Kingsoft Corporation><2005, 2, 22, 233>
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 9>
[PID: 320][C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe]  <Yahoo! China><3, 0, 9, 1015>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll]  <Yahoo! China><3, 0, 9, 1015>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <Yahoo! China><3, 0, 2, 1020>
    [C:\WINDOWS\downlo~1\Orea.dll]  <Tencent><4, 2, 5, 51>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\yalive.dll]  <yahoo! china><3, 2, 5, 1075>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]  <Yahoo! China><3, 0, 1, 1010>
    [C:\kav2005\KASocket.dll]  <Kingsoft Corporation><2005, 2, 22, 233>
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 9>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Ynotifier.dll]  <yahoo! china><3, 0, 0, 1000>
[PID: 1024][C:\Program Files\Yahoo!\Assistant\yassistse.exe]  <Yahoo! China><3, 0, 0, 1001>
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 9>
    [C:\WINDOWS\downlo~1\Orea.dll]  <Tencent><4, 2, 5, 51>
    [C:\Program Files\Yahoo!\Assistant\shell\yAssecblk.dll]  <Yahoo! China><3, 0, 1, 1003>
    [C:\Program Files\Yahoo!\Assistant\shell\yAsMenu.dll]  <Yahoo! China><3, 0, 0, 1001>
    [C:\Program Files\Yahoo!\Assistant\shell\yMenuInfo.dll]  <Yahoo! China><3, 0, 0, 1000>
    [C:\Program Files\Yahoo!\Assistant\shell\yIEAngel.dll]  <Yahoo! China><3, 0, 0, 1000>
    [C:\kav2005\KASocket.dll]  <Kingsoft Corporation><2005, 2, 22, 233>
[PID: 3016][C:\WINDOWS\system32\Rundll32.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 9>
    [C:\WINDOWS\downlo~1\Orea.dll]  <Tencent><4, 2, 5, 51>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <Yahoo! China><3, 0, 2, 1020>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll]  <Yahoo! China><3, 0, 9, 1015>
    [C:\WINDOWS\DOWNLO~1\CnsMinIO.dll]  <北京三七二一科技有限公司><1, 0, 3, 6>
    [C:\WINDOWS\DOWNLO~1\cnsio.dll]  <北京三七二一科技有限公司><1, 0, 2, 7>

[C:\kav2005\KASocket.dll]  <Kingsoft Corporation><2005, 2, 22, 233>
[PID: 2996][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  <RealNetworks, Inc.><0.1.0.3512>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <Yahoo! China><3, 0, 2, 1020>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll]  <Yahoo! China><3, 0, 9, 1015>
    [C:\WINDOWS\downlo~1\Orea.dll]  <Tencent><4, 2, 5, 51>
    [C:\kav2005\KASocket.dll]  <Kingsoft Corporation><2005, 2, 22, 233>
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 9>
[PID: 1768][C:\WINDOWS\system32\s3trayx.exe]  <N/A><N/A>
[PID: 2092][C:\WINDOWS\system32\ctfmon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\downlo~1\Orea.dll]  <Tencent><4, 2, 5, 51>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <Yahoo! China><3, 0, 2, 1020>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll]  <Yahoo! China><3, 0, 9, 1015>
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 9>
    [C:\kav2005\KASocket.dll]  <Kingsoft Corporation><2005, 2, 22, 233>
[PID: 3424][C:\kav2005\KMailMon.EXE]  <Kingsoft Corporation><2005, 6, 30, 74>
    [C:\kav2005\KAntiSpm.dll]  <N/A><1, 0, 0, 2>
    [C:\kav2005\KAVIPC2.DLL]  <Kingsoft Corporation><2004, 12, 28, 20>
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 9>
    [C:\WINDOWS\downlo~1\Orea.dll]  <Tencent><4, 2, 5, 51>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <Yahoo! China><3, 0, 2, 1020>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll]  <Yahoo! China><3, 0, 9, 1015>
    [C:\kav2005\KAECall2.DLL]  <Kingsoft Corporation><2004, 12, 28, 7>
    [C:\kav2005\KAEPlat.DLL]  <Kingsoft Corp.><2004, 11, 26, 53>
    [C:\kav2005\KAEMem.DAT]  <Kingsoft><2004, 11, 9, 11>
    [C:\kav2005\KAConfig.DLL]  <Kingsoft Corporation><2005, 3, 23, 30>
    [C:\kav2005\KASocket.dll]  <Kingsoft Corporation><2005, 2, 22, 233>
[PID: 3404][d:\Tencent\qq\QQ.exe]  <TENCENT><0, 0, 0, 0>
    [d:\Tencent\qq\CoralAssist.DLL]  <Coral Team><4.5.0 build 20060515>
    [d:\Tencent\qq\CoralQQ.DLL]  <Coral Team><4.5.1 Build 20060620>
    [d:\Tencent\qq\ipsearcher.dll]  <><1.0.0.3>
    [d:\Tencent\qq\QQBaseClassInDll.dll]  <><1, 0, 0, 1>
    [d:\Tencent\qq\QQHelperDll.dll]  <><1, 0, 0, 1>
    [d:\Tencent\qq\BasicCtrlDll.dll]  <Tencent><5, 0, 200, 160>
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 9>
    [C:\WINDOWS\downlo~1\Orea.dll]  <Tencent><4, 2, 5, 51>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <Yahoo! China><3, 0, 2, 1020>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll]  <Yahoo! China><3, 0, 9, 1015>
    [C:\kav2005\KASocket.dll]  <Kingsoft Corporation><2005, 2, 22, 233>
    [d:\Tencent\qq\QQAPI.dll]  <><1, 0, 0, 1>
    [d:\Tencent\qq\TIMProxy.dll]  <tencent><0, 3, 2, 4>
    [d:\Tencent\qq\LoginCtrl.dll]  <><1, 0, 0, 1>
    [d:\Tencent\qq\npkcntc.dll]  <INCA Internet Co., Ltd.><2006, 3, 2, 1>
    [d:\Tencent\qq\npkpdb.dll]  <INCA Internet Co., Ltd.><2003, 10, 1, 1>
    [d:\Tencent\qq\QQRes.dll]  <tencent><1, 0, 0, 1>
    [d:\Tencent\qq\QQMainFrame.dll]  <N/A><N/A>
    [d:\Tencent\qq\CQQApplication.dll]  <N/A><N/A>
    [d:\Tencent\qq\NewSkin.dll]  <><1, 0, 0, 1>
    [d:\Tencent\qq\HostingMgr.dll]  <><1, 0, 0, 1>
    [d:\Tencent\qq\CameraDll.dll]  <><1, 0, 0, 1>
    [d:\Tencent\qq\MailSummary.dll]  <><1, 0, 0, 1>
    [d:\Tencent\qq\QQSpace.dll]  <><1, 0, 0, 1>
    [C:\WINDOWS\system32\msdmo.dll]  <N/A><N/A>
    [d:\Tencent\qq\QQGroupMng.dll]  <><1, 0, 0, 1>
    [d:\Tencent\qq\GroupLive.dll]  <N/A><N/A>
    [d:\Tencent\qq\QRingMng.dll]  <N/A><N/A>
    [d:\Tencent\qq\QQAvatar.dll]  <N/A><N/A>
    [d:\Tencent\qq\FlashAvatarDll.dll]  <><1, 4, 0, 1>
    [C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx]  <Adobe Systems, Inc.><9,0,16,0>
    [d:\Tencent\qq\LongConnection.dll]  <tencent><5, 0, 200, 160>
    [d:\Tencent\qq\QQPlugin.dll]  <N/A><N/A>
    [d:\Tencent\qq\ShareFiles.dll]  <N/A><N/A>
    [d:\Tencent\qq\QQZip.dll]  <tencent><0, 3, 2, 4>
    [d:\Tencent\qq\QQSysMsgMng.dll]  <N/A><N/A>
    [d:\Tencent\qq\UserDefinedHead.dll]  <><1, 0, 0, 1>
    [d:\Tencent\qq\QQConfigPlugin.dll]  <><1, 0, 0, 1>
    [d:\Tencent\qq\QQAllInOne.dll]  <N/A><N/A>
    [d:\Tencent\qq\SCCore.dll]  <N/A><N/A>
    [d:\Tencent\qq\QQPet.dll]  <><1, 0, 0, 1>
    [d:\Tencent\qq\QQCustomFace.dll]  <N/A><N/A>
    [d:\Tencent\qq\QQSceneMng.dll]  <N/A><N/A>
    [d:\Tencent\qq\ImageOle.dll]  <TODO: <Company name>><1.0.0.1>
    [C:\WINDOWS\HKNTDLL.dll]  <N/A><N/A>
    [d:\Tencent\qq\BQQApplication.dll]  <N/A><N/A>
    [d:\Tencent\qq\CommercesMng.dll]  <><1, 0, 0, 1>
    [d:\Tencent\qq\PersonalDesktop.dll]  <深圳市腾讯计算机系统公司QQ工作小组><1, 0, 0, 2>
    [d:\Tencent\qq\QQUdpGetFileLib.dll]  <tencent><0, 2, 2, 3>
    [d:\Tencent\qq\QQAddr.dll]  <深圳市腾讯计算机系统有限公司><5, 0, 101, 200>
    [d:\Tencent\qq\QQMagicFace.dll]  <><1, 0, 0, 1>
    [d:\Tencent\qq\QQPhoneHelper.dll]  <腾讯科技（深圳）有限公司><2, 0, 6, 60>
    [d:\Tencent\qq\QQFileTransfer.dll]  <Tencent><5, 0, 202, 180>
    [d:\Tencent\qq\GroupConnection.dll]  <Tencent><5, 0, 202, 170>
[PID: 2688][D:\Tencent\QQ\TIMPlatform.exe]  <tencent><0, 3, 1, 8>
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 9>
    [C:\WINDOWS\downlo~1\Orea.dll]  <Tencent><4, 2, 5, 51>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <Yahoo! China><3, 0, 2, 1020>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll]  <Yahoo! China><3, 0, 9, 1015>
    [C:\kav2005\KASocket.dll]  <Kingsoft Corporation><2005, 2, 22, 233>
    [d:\Tencent\qq\TIMProxy.dll]  <tencent><0, 3, 2, 4>
[PID: 1444][D:\Tencent\TT\TTraveler.exe]  <腾讯公司><3.1.0.259>
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 9>
    [C:\WINDOWS\downlo~1\Orea.dll]  <Tencent><4, 2, 5, 51>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <Yahoo! China><3, 0, 2, 1020>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll]  <Yahoo! China><3, 0, 9, 1015>
    [C:\kav2005\KASocket.dll]  <Kingsoft Corporation><2005, 2, 22, 233>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\yalive.dll]  <yahoo! china><3, 2, 5, 1075>
    [D:\Tencent\TT\Plugins\QQFloatBar\QQFloatBar4TT2.dll]  <腾讯公司><1, 1, 0, 5>
    [D:\Tencent\TT\Plugins\TWeather\TWeather.dll]  <><1, 0, 0, 3>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]  <Yahoo! China><3, 0, 1, 1010>
    [D:\Tencent\TT\PersonalDesktop.dll]  <深圳市腾讯计算机系统公司QQ工作小组><1, 0, 0, 4>
    [C:\WINDOWS\HKNTDLL.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx]  <Adobe Systems, Inc.><9,0,16,0>
[PID: 2648][C:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe]  <Thunder Networking Technologies,LTD><5.3.0.220>
    [C:\Program Files\Thunder Network\Thunder\Program\UpdateDownload.dll]  <Thunder Networking Technologies,LTD><1, 0, 1, 8>
    [C:\Program Files\Thunder Network\Thunder\Program\download_interface.dll]  <Thunder Networking Technologies,LTD><1, 0, 4, 71>
    [C:\Program Files\Thunder Network\Thunder\Program\log4cplus.dll]  <><1, 0, 2, 1>
    [C:\Program Files\Thunder Network\Thunder\Program\stlport_vc646.dll]  <STLport Consulting, Inc.><4.6.2003.1031>
    [C:\Program Files\Thunder Network\Thunder\Program\asyn_dns.dll]  <N/A><N/A>
    [C:\Program Files\Thunder Network\Thunder\Program\msgmanage.dll]  <Thunder Networking Technologies,LTD><1, 0, 0, 15>
    [C:\Program Files\Thunder Network\Thunder\Program\historyinfo_manage.dll]  <Thunder Networking Technologies,LTD><5, 2, 0, 148>
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 9>
    [C:\WINDOWS\downlo~1\Orea.dll]  <Tencent><4, 2, 5, 51>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <Yahoo! China><3, 0, 2, 1020>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll]  <Yahoo! China><3, 0, 9, 1015>
    [C:\kav2005\KASocket.dll]  <Kingsoft Corporation><2005, 2, 22, 233>
    [C:\Program Files\Thunder Network\Thunder\Program\RegisterDll.dll]  <Thunder Networking Technologies,LTD><2, 1, 0, 18>
    [C:\Program Files\Thunder Network\Thunder\Program\FloatBar.dll]  <Thunder Networking Technologies,LTD><1, 0, 0, 2>
    [C:\Program Files\Thunder Network\Thunder\Plugins\TingTing\TingTing.dll]  <Thunder Networking Technologies,LTD><1, 1, 1, 9>
    [C:\Program Files\Thunder Network\Thunder\Components\InMedia\iEmbedShell.dll]  <　><1, 0, 0, 11>
    [C:\Program Files\Thunder Network\Thunder\Components\InMedia\iEmbed04.dll]  <　><2, 3, 0, 37>
    [C:\Program Files\Thunder Network\Thunder\Components\P4PClient\P4PClient.dll]  <Thunder Networking Technologies,LTD><1, 0, 3, 8>
    [C:\Program Files\Thunder Network\Thunder\Program\iTargetAd.dll]  <Thunder Networking Technologies,LTD><1, 0, 1, 55>
    [C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx]  <Adobe Systems, Inc.><9,0,16,0>
    [C:\WINDOWS\HKNTDLL.dll]  <N/A><N/A>
[PID: 2364][F:\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 9>
    [C:\WINDOWS\downlo~1\Orea.dll]  <Tencent><4, 2, 5, 51>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <Yahoo! China><3, 0, 2, 1020>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll]  <Yahoo! China><3, 0, 9, 1015>
    [C:\kav2005\KASocket.dll]  <Kingsoft Corporation><2005, 2, 22, 233>

文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

你给的东西好深奥啊。我都看不懂，看来我家的电脑是没救了，次次都要受折磨。看来我是疯定了啊~

哈哈，正好用上，谢谢啦。！！！学习ING~~~

【回复“小凯色色”的帖子】
注意，自己立个帖子，把你修复后的日志粘到你的帖子上来，再给我回个悄悄话。

下载超级兔子。
http://www.pctutu.com/srmsdown.asp
安装好后，打开“超级兔子优化王”“专业卸载,卸载所有提示的垃圾软件，卸载是不要打开任何浏览窗口。卸载不了可以重启后再去卸载。
卸载完后

打开System Repair Engineer（也就是你的扫描日志软件SREng.exe），点“启动项目，服务，点“Win32服务应用程序”勾选“隐藏微软服务”选中病毒服务Windows Rwxf,NetWork Download ,system30,UpdateService，选择“删除服务”点“设置”选择“否”最后重启。（每一个逗号隔开的就是一个病毒的服务，请逐一删除）

关闭所有浏览窗口以及一些不必要的程序
打开System Repair Engineer（也就是你的扫描日志软件SREng.exe），使用“系统修复，浏览器加载项”来删除以下选项。
C:\WINDOWS\system32\IESeven.dll
C:\WINDOWS\system32\cytdcli.dll

请到www.27814939.ys168.com,点“我的软件”下载KillBox.exe
重新启动电脑, 开机检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式进入Windows
双击打开KillBox.exe，分别删除
C:\WINDOWS\system32\tapidef.dll
C:\WINDOWS\system32\SYSPOL~1.DLL
C:\WINDOWS\system32\lasss.exe
C:\WINDOWS\system32\WinMgmt.exe
C:\WINDOWS\system30.exe
C:\WINDOWS\system32\UpdateService.exe
C:\WINDOWS\system32\IESeven.dll
C:\WINDOWS\system32\cytdcli.dll
C:\WINDOWS\system32\UpdateModule.dll
（删除时勾选“删除前先结束Explorer.EXE进程”不行再试着勾选"删除DLL文件前反注册此文件"
给菜鸟的东东—KillBox的使用技巧
http://forum.ikaka.com/topic.asp?board=28&artid=8160799

打开System Repair Engineer（也就是你的扫描日志软件SREng.exe），使用“启动项目，注册表”来删除以下选项。
C:\WINDOWS\system32\tapidef.dll
C:\WINDOWS\system32\SYSPOL~1.DLL
完后重启，再扫个日志粘上来。

本人扫描结果

Logfile of Kaka v2. 0. 0. 9 Scan Module v2. 0. 0. 1
Scan saved at 20:34:41, on 2006-10-09
Platform: Microsoft Windows XP Professional Service Pack 2 (Build 2600)
MSIE: Internet Explorer v6.00 SP2; (6.00.2900.2180 (xpsp_sp2_rtm.040803-2158))


Running processes:
[SMSS.EXE]
CommandLine =

[CSRSS.EXE]
CommandLine = C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

[WINLOGON.EXE]
CommandLine = winlogon.exe

[SERVICES.EXE]
CommandLine = C:\WINDOWS\system32\services.exe

[LSASS.EXE]
CommandLine = C:\WINDOWS\system32\lsass.exe

[SVCHOST.EXE]
CommandLine = C:\WINDOWS\system32\svchost -k DcomLaunch

[SVCHOST.EXE]
CommandLine = C:\WINDOWS\system32\svchost -k rpcss

[CCenter.exe]
CommandLine = "E:\Program Files\Rising\Rav\CCenter.exe"

[SVCHOST.EXE]
CommandLine = C:\WINDOWS\System32\svchost.exe -k netsvcs

[SVCHOST.EXE]
CommandLine = C:\WINDOWS\system32\svchost.exe -k NetworkService

[SVCHOST.EXE]
CommandLine = C:\WINDOWS\system32\svchost.exe -k LocalService

[RavMonD.exe]
CommandLine = "E:\Program Files\Rising\Rav\Ravmond.exe"

[EXPLORER.EXE]
CommandLine = C:\WINDOWS\Explorer.EXE

[SPOOLSV.EXE]
CommandLine = C:\WINDOWS\system32\spoolsv.exe

[RavStub.exe]
CommandLine = "E:\Program Files\Rising\Rav\RavStub.exe" /RAVMOND

[NETDDE.EXE]
CommandLine = C:\WINDOWS\system32\netdde.exe

[daemon.exe]
CommandLine = "G:\Program Files\D-Tools\daemon.exe" -lang 2052

[CLIPSRV.EXE]
CommandLine = C:\WINDOWS\system32\clipsrv.exe

[CTFMON.EXE]
CommandLine = "C:\WINDOWS\system32\ctfmon.exe"

[ALG.EXE]
CommandLine = C:\WINDOWS\System32\alg.exe

[Rav.exe]
CommandLine = "E:\Program Files\Rising\Rav\Rav.exe"

[YLIVE.EXE]
CommandLine = "C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe"

[Thunder5.exe]
CommandLine = "e:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe" /192.168.1.8zz-85ad8613114f7E9

[KkScan.exe]
CommandLine = "G:\Program Files\Rising\KakaToolBar\KkScan.exe"

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\system32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page=http://www.yahoo.com.cn
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page=http://www.yahoo.com.cn
R3 - URLSearchHook: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar0.dll
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 59.34.148.98 www.hao123.com
O1 - Hosts: 59.34.148.98 www.4199.com
O1 - Hosts: 59.34.148.98 www.9505.com
O1 - Hosts: 59.34.148.98 www.7322.com
O1 - Hosts: 218.5.76.175 www.huoche.com.cn
O2 - BHO: (file missing)
O2 - BHO: (file missing)
O2 - BHO: (file missing)
O2 - BHO: (file missing)
O2 - BHO: 卡卡上网安全助手 - {AFF6E516-CBE5-4F8A-9C2F-38A68013E766} - C:\WINDOWS\system32\kakatool.dll
O2 - BHO: conimehlp Class - {B10343BD-1DC6-442F-9BA2-D44C708CEE83} - C:\WINDOWS\system32\mskey32.dll
O2 - BHO: (file missing)
O2 - BHO: (file missing)
O2 - BHO: (file missing)
O3 - Toolbar: (file missing)
O3 - Toolbar: (file missing)
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\kakatool.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Run: [DAEMON Tools-2052] "G:\Program Files\D-Tools\daemon.exe" -lang 2052
O4 - Startup: desktop.ini =
O4 - Startup: 腾讯QQ.lnk = E:\QQ\QQ.exe
O4 - Global Startup: desktop.ini =
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &使用迅雷下载 - e:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O9 - Extra Button: Yahoo 3.5G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97}? - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail (file missing)
O9 - Extra Button: 名品折扣 - {59BC54A2-56B3-44a0-93E5-432D58746E26}? - http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=http://www.taobao.com/vertical/mall/pro.php?allyesPara=816 (file missing)
O9 - Extra Button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338}? - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist (file missing)
O9 - Extra Button: 雅虎WIDGET - {6354ABE6-05F1-49ed-B850-E423120EC338}? - http://cn.widget.yahoo.com/index.htm?source=Cns (file missing)
O9 - Extra Button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b}? - E:\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b}? - E:\QQ\QQ.EXE
O9 - Extra Button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}? - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg (file missing)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra Button: 访问瑞星网站 - {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E444} - http://www.rising.com.cn/?u=RSTB (file missing)
O9 - Extra Button: 访问卡卡社区 - {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E445} - http://www.ikaka.com/?u=RSTB (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
O15 - Trusted Zone: http://localhost
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) - https://www.sz1.cmbchina.com/download/CMBEdit.cab
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://ps.itv.mop.com/dn/files/pCastCtl-1.0.0.90-signed.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE80B122-4063-4EFC-9489-1378C4562A6B}: NameServer = 202.103.96.112
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - C:\WINDOWS\wc98pp.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll
O18 - Protocol: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O23 - Service: Human Interface Device Access (HidServ) - - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - "E:\Program Files\Rising\Rav\CCenter.exe"
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - "E:\Program Files\Rising\Rav\Ravmond.exe

本人用橙色八月专杀发现可疑病毒，，但在安全模式下也无法删除，文件名为２ＣＥ４ＦＢ７Ｆ．ＤＬＬ，在Ｃ盘

这个软件那里有下载

【回复“足球爱好者之一”的帖子】
KillBox不是万能的，你的解决方法不到点上
自己立个帖子，扫个日志，把帖子的链接通过悄悄话发给我。

谢谢，别人帮我做好了，

谢谢!很实用!

ftmsdtcu.dll
C:\WINDOWS\system32\ftmsdtcu.dll
怎么都清不掉
试了替换也不行。

http://forum.ikaka.com/topic.asp?board=67&artid=8207640&page=1
烦楼主帮忙看看。谢。

lz，帮我看看吧，我的机子也中了rootkit，该怎么办呢，一下是我的扫描日志
System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <MsnMsgr><"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background>  [(Verified)Microsoft Corporation]
    <MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background>  [(Verified)Microsoft Windows Publisher]
    <jiajiasr><C:\Program Files\jj4\jiajiasr.exe>  [加加工作组]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <PCDrProfiler><"C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe" -r>  []
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Publisher]
    <nwiz><nwiz.exe /install>  []
    <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <RTHDCPL><RTHDCPL.EXE>  [N/A]
    <Alcmtr><ALCMTR.EXE>  [(Verified)Microsoft Windows Publisher]
    <kav><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe">  [Kaspersky Lab]
    <runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe>  [N/A]
    <360Safetray><D:\360safe\safemon\360Tray.exe /start>  [奇虎网]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\Windows\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
    <UIHost><"\Program Files\Logonui\Logonui.exe">  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
    <WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll>  [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    <WinlogonNotify: WgaLogon><WgaLogon.dll>  [(Verified)Microsoft Corporation]

==================================
启动文件夹
[AutoCAD 启动加速器]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\AutoCAD 启动加速器.lnk --> C:\PROGRA~1\COMMON~1\AUTODE~1\ACSTAR~1.EXE [Autodesk, Inc]><N>

==================================
服务
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
  <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Autodesk Licensing Service / Autodesk Licensing Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"><Autodesk>
[卡巴斯基反病毒6.0 / AVP][Running/Auto Start]
  <"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r><Kaspersky Lab>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
  <"C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"><Macrovision Corporation>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[TabletService / TabletService][Running/Auto Start]
  <C:\WINDOWS\system32\Tablet.exe><Wacom Technology, Corp.>
[Windows Spooler / Windows Spooler][Stopped/Auto Start]
  <C:\Program Files\Common Files\Microsoft Shared\MSINFO\Servecer.exe><N/A>

==================================
驱动程序
[AliIde / AliIde][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\aliide.sys><N/A>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[CmdIde / CmdIde][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[cpuz / cpuz][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\cpuz.sys><N/A>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
  <system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[kl1 / kl1][Running/Boot Start]
  <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[MegaIDE / MegaIDE][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\MegaIDE.sys><LSI Logic Corporation.>
[npkcrypt / npkcrypt][Stopped/Auto Start]
  <\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><N/A>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[nvata / nvata][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\nvata.sys><NVIDIA Corporation>
[NVIDIA nForce Networking Controller Driver / NVENETFD][Running/Manual Start]
  <system32\DRIVERS\NVENETFD.sys><NVIDIA Corporation>
[NVIDIA Network Bus Enumerator / nvnetbus][Running/Manual Start]
  <system32\DRIVERS\nvnetbus.sys><NVIDIA Corporation>
[Pen Class / PenClass][Running/Boot Start]
  <\SystemRoot\system32\Drivers\penclass.sys><Wacom Technology Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
  <system32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[SVKP / SVKP][Running/Auto Start]
  <\??\C:\WINDOWS\system32\SVKP.sys><AntiCracking>
[TSP / TSP][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[ViaIde / ViaIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>

浏览器加载项
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[NavigatMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <D:\360safe\safemon\safemon.dll, >
[Web反病毒保护]
  {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll, Kaspersky Lab>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, N/A>
[Edit Class]
  {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\system32\CMBEdit.dll, >
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft Corporation>
[MSN Photo Upload Tool]
  {4F1E5B1A-2A80-42CA-8532-2D05CB959537} <C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, Microsoft? Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <D:\Thunder\ComDlls\TDAtOnce_Now.dll, N/A>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Web Browser Applet Control]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\Msjava.dll, Microsoft Corporation>
[Edit Class]
  {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\system32\CMBEdit.dll, >
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft Corporation>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\Mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[IETag Factory]
  {38481807-CA0E-42D2-BF39-B33AF135CC4D} <c:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, Microsoft Corporation>
[Microsoft Office Control]
  {4453D895-F2A1-4A38-A285-1EF9BD3F6D5D} <c:\PROGRA~1\MICROS~3\OFFICE11\AUTHZAX.DLL, Microsoft Corporation>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <D:\Thunder\ComDlls\ThunderAgent_Now.dll, N/A>
[MSN Photo Upload Tool]
  {4F1E5B1A-2A80-42CA-8532-2D05CB959537} <C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, Microsoft? Corporation>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Active Desktop Mover]
  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\Mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[]
  {B69003B3-C55E-4B48-836C-BC5946FC3B28} <C:\Program Files\Messenger\msgsc.dll, Microsoft Corporation>
[NavigatMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <D:\360safe\safemon\safemon.dll, >
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[AUDIO__MID Moniker Class]
  {CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
  {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[]
  {FB7199AB-79BF-11D2-8D94-0000F875C541} <C:\Program Files\Messenger\msgsc.dll, Microsoft Corporation>
[上传到QQ网络硬盘]
  <C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://c:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000, N/A>
[导出当前页到超星阅览器(&A)]
  <C:\Program Files\SSREADER36\ss_all.htm, N/A>
[导出选中部分到超星阅览器(&S)]
  <C:\Program Files\SSREADER36\ss_select.htm, N/A>
[添加到QQ自定义面板]
  <C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 640][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 720][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 752][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\klogon.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\WINDOWS\system32\WgaLogon.dll]  [Microsoft Corporation, 1.7.0018.5]
    [C:\WINDOWS\system32\PYJJ4.IME]  [加加工作组, 4, 1, 0, 42]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 796][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 808][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 964][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1008][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1116][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\wups2.dll]  [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
[PID: 3452][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\360safe\safemon\safemon.dll]  [, 3, 4, 0, 1001]
    [C:\WINDOWS\system32\tabhook.dll]  [Wacom Technology, Corp., 4.78-4]
    [C:\WINDOWS\system32\PYJJ4.IME]  [加加工作组, 4, 1, 0, 42]
    [C:\WINDOWS\system32\AcSignIcon.dll]  [Autodesk, 16.2.54.0]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.0.2004121400]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [c:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\pr_remote.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl]  [Kaspersky Lab, 6.0.0.304]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl]  [Kaspersky Lab, 6.0.0.299]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl]  [Kaspersky Lab, 6.0.0.299]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl]  [Kaspersky Lab, 6.0.0.299]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl]  [Kaspersky Lab, 6.0.0.299]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl]  [Kaspersky Lab, 6.0.0.299]
[PID: 2188][C:\Program Files\WinRAR\WinRAR.exe]  [N/A, ]
    [D:\360safe\safemon\safemon.dll]  [, 3, 4, 0, 1001]
    [C:\WINDOWS\system32\tabhook.dll]  [Wacom Technology, Corp., 4.78-4]
    [C:\WINDOWS\system32\PYJJ4.IME]  [加加工作组, 4, 1, 0, 42]
    [C:\WINDOWS\system32\AcSignIcon.dll]  [Autodesk, 16.2.54.0]
    [C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll]  [Microsoft Corporation, 8.1.0178.00]
    [C:\WINDOWS\system32\Audiodev.dll]  [Microsoft Corporation, 5.2.3790.3646 built by: DNSRV(bld4act)]
[PID: 2236][C:\DOCUME~1\user\LOCALS~1\Temp\Rar$EX00.078\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [D:\360safe\safemon\safemon.dll]  [, 3, 4, 0, 1001]
    [C:\WINDOWS\system32\tabhook.dll]  [Wacom Technology, Corp., 4.78-4]
    [C:\WINDOWS\system32\PYJJ4.IME]  [加加工作组, 4, 1, 0, 42]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
RVA  错误： LoadLibraryA (危险等级: 高,  被下面模块所HOOK: Dest Addr: 0xF5113B25)
RVA  错误： LoadLibraryExA (危险等级: 高,  被下面模块所HOOK: Dest Addr: 0xF5113D67)
RVA  错误： LoadLibraryExW (危险等级: 高,  被下面模块所HOOK: Dest Addr: 0xF5113F0B)
RVA  错误： LoadLibraryW (危险等级: 高,  被下面模块所HOOK: Dest Addr: 0xF5113C49)
RVA  错误： GetProcAddress (危险等级: 高,  被下面模块所HOOK: Dest Addr: 0xF5113E8F)

==================================
隐藏进程
    [560] C:\WINDOWS\Explorer.EXE
    [1416] C:\WINDOWS\system32\RUNDLL32.EXE
    [1608] D:\360safe\safemon\360Tray.exe
    [1848] C:\WINDOWS\system32\ctfmon.exe
    [1868] C:\Program Files\jj4\jiajiasr.exe
    [1884] C:\WINDOWS\System32\alg.exe
    [2808] C:\WINDOWS\system32\wuauclt.exe

==================================


[/CODE]

瞎发贴。

努力学习中.