[PID: 9048][F:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe]  [Thunder Networking Technologies,LTD, 5, 5, 2, 252]
    [C:\Program Files\Internet Explorer\PLUGINS\system16.sys]  [N/A, N/A]
    [F:\Program Files\Thunder Network\Thunder\Program\TaskManager.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 10]
    [F:\Program Files\Thunder Network\Thunder\Program\download_interface.dll]  [Thunder Networking Technologies,LTD, 2, 11, 2, 22]
    [F:\Program Files\Thunder Network\Thunder\Program\stlport_vc646.dll]  [STLport Consulting, Inc., 4.6.2003.1031]
    [F:\Program Files\Thunder Network\Thunder\Program\log4cplus.dll]  [, 1, 0, 2, 1]
    [F:\Program Files\Thunder Network\Thunder\Program\asyn_dns.dll]  [Thunder Networking Technologies,LTD, 2, 11, 2, 22]
    [F:\Program Files\Thunder Network\Thunder\Program\BHOStub.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 8]
    [f:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 3]
    [C:\WINDOWS\tdll.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\dllt.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\dms.dll]  [N/A, N/A]
    [F:\Program Files\Thunder Network\Thunder\Program\iTargetAD.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 12]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [F:\Program Files\Thunder Network\Thunder\Components\DTAG\DTAG.dll]  [, 1, 0, 0, 1]
    [F:\Program Files\Thunder Network\Thunder\Program\LiveUpdate.dll]  [, 1, 0, 0, 9]
    [F:\Program Files\Thunder Network\Thunder\Program\UpdateDownload.dll]  [Thunder Networking Technologies,LTD, 1, 0, 1, 8]
    [F:\Program Files\Thunder Network\Thunder\Components\InMedia\iEmbedShell.dll]  [　, 1, 0, 0, 14]
    [f:\Program Files\Thunder Network\Thunder\Components\InMedia\iEmbed07.dll]  [　, 3, 1, 0, 58]
    [F:\Program Files\Thunder Network\Thunder\Components\Community\XLCommunity.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 10]
    [F:\Program Files\Thunder Network\Thunder\Program\RegisterDll.dll]  [Thunder Networking Technologies,LTD, 2, 2, 1, 42]
    [F:\Program Files\Thunder Network\Thunder\Components\Search\XLSearch.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 1]
    [F:\Program Files\Thunder Network\Thunder\Components\P4PClient\P4PClient.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 3]
    [F:\Program Files\Thunder Network\Thunder\Plugins\BhoAdv\bho_adv.dll]  [深圳市迅雷网络技术有限公司, 1.0.1.0]
    [F:\Program Files\Thunder Network\Thunder\Program\msgmanage.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 15]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\WinInfo.rxk]  [N/A, N/A]
    [C:\WINDOWS\system32\mjbpck.dll]  [N/A, N/A]

[F:\Program Files\KV2006\kvscan.kxp]  [Jiangmin Software, 9, 0, 0, 501]
    [C:\WINDOWS\system32\mjbpck.dll]  [N/A, N/A]
    [C:\Program Files\Internet Explorer\PLUGINS\system16.sys]  [N/A, N/A]
    [F:\Program Files\KV2006\UpdateX.dll]  [JiangMin Co.Ltd., 9, 0, 5, 831]
    [F:\Program Files\KV2006\lang\KVScan0804.lng]  [N/A, 1, 0, 0, 1]
    [F:\Program Files\KV2006\ComUI.dll]  [Jiangmin Ltd., 9. 0. 0.509]
    [F:\Program Files\KV2006\ComUIPS.dll]  [Jiangmin Ltd., 9. 5. 5. 20]
    [f:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 3]
    [F:\Program Files\KV2006\Scan_1.dll]  [Jiangmin Co., Ltd., 1.0.6.07110]
    [F:\Program Files\KV2006\KVEnhS.dll]  [Jiangmin Co., Ltd., 9, 2, 6, 02040]
    [F:\Program Files\KV2006\KVEnhJ.dll]  [Jiangmin Co.Ltd, 9, 1, 0, 50822]
    [F:\Program Files\KV2006\KVExtCab.dll]  [JiangMin Co. Ltd, 9, 2, 0, 50822]
    [F:\Program Files\KV2006\KVExtLZH.dll]  [JiangMin Co. Ltd., 9, 2, 6, 0316]
    [F:\Program Files\KV2006\KvExtRar.dll]  [JiangMin Co. Ltd., 9, 2, 6, 04020]
    [F:\Program Files\KV2006\KvExtZip.dll]  [JiangMin Co Ltd., 9, 2, 0, 50822]
    [F:\Program Files\KV2006\KVExtZ.dll]  [Jiangmin Co. Ltd, 9.2.0.503]
    [F:\Program Files\KV2006\KVExtTar.dll]  [Jiangmin Co. Ltd, 9, 2, 0, 50822]
    [F:\Program Files\KV2006\KVExtEml.dll]  [Jiangmin Co. Ltd., 9, 2, 6, 07050]
    [F:\Program Files\KV2006\lang\KVExtEml0804.lng]  [N/A, N/A]
    [F:\Program Files\KV2006\KVExtGz.dll]  [Jiangmin Co. Ltd, 9, 0, 6, 04200]
    [F:\Program Files\KV2006\KVEnhK.dll]  [Jiangmin Co.Ltd, 9, 1, 0, 51209]
    [F:\Program Files\KV2006\Fix.dll]  [Jiangmin Co.Ltd, 9, 2, 6, 07110]
[PID: 9540][C:\WINDOWS\system32\drivers\spoclsv.exe]  [N/A, N/A]
    [f:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 3]
    [C:\Program Files\Internet Explorer\PLUGINS\system16.sys]  [N/A, N/A]
    [C:\WINDOWS\system32\mjbpck.dll]  [N/A, N/A]
[PID: 10176][C:\WINDOWS\system32\drivers\spoclsv.exe]  [N/A, N/A]
    [f:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 3]
    [C:\Program Files\Internet Explorer\PLUGINS\system16.sys]  [N/A, N/A]
    [C:\WINDOWS\system32\mjbpck.dll]  [N/A, N/A]
[PID: 9556][C:\DOCUME~1\zhang\LOCALS~1\Temp\Rar$EX00.813\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]
    [C:\Program Files\Internet Explorer\PLUGINS\system16.sys]  [N/A, N/A]
    [f:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 3]
    [C:\WINDOWS\tdll.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\dllt.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\dms.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\mjbpck.dll]  [N/A, N/A]
[PID: 1480][C:\WINDOWS\system32\mjbpck.exe]  [N/A, N/A]
    [C:\WINDOWS\system32\mjbpck.dll]  [N/A, N/A]

[C:\Program Files\Internet Explorer\PLUGINS\system16.sys]  [N/A, N/A]
    [f:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 3]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
[C:\]
[AutoRun]
OPEN=setup.exe
shellexecute=setup.exe
shell\Auto\command=setup.exe
[D:\]
[AutoRun]
OPEN=setup.exe
shellexecute=setup.exe
shell\Auto\command=setup.exe
[E:\]
[AutoRun]
OPEN=setup.exe
shellexecute=setup.exe
shell\Auto\command=setup.exe
[F:\]
[AutoRun]
OPEN=setup.exe
shellexecute=setup.exe
shell\Auto\command=setup.exe

==================================
HOSTS 文件
127.0.0.1      localhost

==================================

运行SREng2,使用“启动项目”－－注册表－－删除
mhs2><C:\DOCUME~1\zhang\LOCALS~1\Temp\smss.exe> [N/A]
<ms><C:\Program Files\Microsoft\svhost32.exe> [N/A]
<sys><C:\WINDOWS\Intel\rundll32.exe> [N/A]
<r><C:\WINDOWS\down\rundll32.exe> [N/A]
<wl><C:\WINDOWS\Download\svhost32.exe> [N/A]
<oowywx><C:\WINDOWS\system32\mjbpck.exe> [N/A]
<{06A48AD9-FF57-4E73-937B-B493E72F4226}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\WinInfo.rxk> [N/A]
<{6E44887F-5214-41F2-AB46-4728735C4CC6}><C:\Program Files\Internet Explorer\PLUGINS\system16.sys> [N/A]

重启按F８进入安全模式下
显示隐藏文件
删除：   

C:\DOCUME~1\zhang\LOCALS~1\Temp清空文件夹
C:\Program Files\Microsoft\svhost32.exe
C:\WINDOWS\Intel\rundll32.exe
C:\WINDOWS\down\rundll32.exe
C:\WINDOWS\Download\svhost32.exe
C:\WINDOWS\system32\mjbpck.exe
C:\Program Files\Common Files\Microsoft Shared\MSINFO\WinInfo.rxk
C:\Program Files\Internet Explorer\PLUGINS\system16.
C:\WINDOWS\system32\mjbpck.dll
C:\WINDOWS\tdll.dll
C:\WINDOWS\system32\dllt.dll
[C:\WINDOWS\system32\dms.dll]

右键打开,不要双击,删除每个盘的根目录隐藏文件
Autorun.inf
setup.exe