HijackThis@Qoo的扫描日志  V1.97.7
Scan saved at 23:31:14, on 2005-11-3
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Netease\popo2004\popo.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\PROGRA~1\RISING\RAV\RsAgent.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\conime.exe
C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
c:\program files\rising\rav\RAVMON.EXE
C:\WINDOWS\system32\utilman.exe
C:\Documents and Settings\chenlan\桌面\www.happydown.com-mmsk\mmsk\mmsk.exe
C:\Documents and Settings\chenlan\桌面\hijackthis1.97_qoo\HijackThis.exe

O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O3 - Toolbar: ????? - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\System32\kakatool.dll
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
O4 - HKLM\..\Run: [IMSCMIG40W] C:\Program Files\Common Files\Microsoft Shared\IME\IMSC40W\IMSCMIG.EXE /SetPreload /Log
O4 - HKLM\..\Run: [MS-4011 Memory Patch] D:\Downloads\RavSasser.exe -Patch
O4 - HKLM\..\Run: [RavTimer] C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] C:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKLM\..\Run: [popo2004] C:\Program Files\Netease\popo2004\Start.exe
O4 - HKLM\..\Run: [PSDll] Rundll32 "C:\WINDOWS\System32\psdll.dll",Start
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\system32\dllcache\imjpmig.exe /Spoil /RemAdvDef /Migration32
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: NTUSER.DAT
O4 - Startup: NTUSER.DAT.LOG
O4 - Startup: ntuser.ini
O4 - Startup: welcome.txt
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\qq\AddToNetDisk.htm
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\qq\SendMMS.htm
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

====================================
这个是今天扫描的，谢谢了

修复
O4 - HKLM\..\Run: [PSDll] Rundll32 "C:\WINDOWS\System32\psdll.dll",Start
删除
C:\WINDOWS\System32\psdll.dll

问题仍在的话，请用最新版Hijackthis1.99.1扫描一个log贴上来。

hijackThis下载地址见置顶贴
[必读]本版说明及常用小软件下载
http://forum.ikaka.com/topic.asp?board=67&artid=5188931

好的，下班回去试一下，谢谢

为啥那个psdll.dll删不掉呢

如果文件无法删除，请到

[必读]反浏览器劫持论坛说明及常用小软件下载
http://forum.ikaka.com/topic.asp?board=67&artid=5188931

下载KillBox来删除。

使用方法可参考：
介绍 KillBox@Qoo 的使用
http://forum.ikaka.com/topic.asp?board=28&artid=5454397