昨天不知道上了什么网站。。。让人给黑了！。。
  高人帮忙！！！（更详细的报告在2~4楼）
Logfile of Kaka v2. 0. 3. 0 Scan Module v1. 0. 6. 1
Scan saved at 21:16:47, on 2007-04-02
Platform: Microsoft Windows XP Professional Service Pack 2 (Build 2600)
MSIE: Internet Explorer v6.00 SP2; (6.00.2900.2180 (xpsp_sp2_rtm.040803-2158))


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://www.google.com/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.ali213.net
R3 - Default URLSearchHook is missing
O2 - BHO: 实用搜索 - {6CFD436C-7AAD-4e50-992F-C0C87A94CAD2} - C:\Program Files\superutilbar\superutilbar.dll
O2 - BHO: Thunder Browser Helper - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll
O3 - Toolbar: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - D:\PROGRA~1\IEBand.dll
O3 - Toolbar:  (file missing)
O3 - Toolbar: 江民杀毒工具栏 - {B5A34A93-D538-43A7-8371-864CB6148D12} - C:\Program Files\KV2006\KVShell_1.dll
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\KakaTool.dll
O3 - Toolbar: 实用搜索工具条2.0 - {03465FF5-00AE-411a-9C34-960ED566EC03} - C:\Program Files\superutilbar\superutilbar.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [KVFW] C:\Program Files\KVFW\kvfw.exe -silent
O4 - HKCU\..\Run: [System Boot Check] C:\Documents and Settings\lyp8\Local Settings\Temporary Internet Files\Content.IE5\TYWIVTD4\qq[1].exe
O4 - HKCU\..\Run: [thshc5rc15dz] C:\DOCUME~1\lyp8\LOCALS~1\Temp\iexpl0re.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KvMonXP] "C:\Program Files\KV2006\KVMonXP.kxp" /auto
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [upxdnd] C:\WINDOWS\TEMP\upxdnd.exe
O4 - HKLM\..\Run: [mppds] C:\WINDOWS\mppds.exe
O4 - HKLM\..\Run: [wsttrs] C:\WINDOWS\wsttrs.exe
O4 - HKLM\..\Run: [IEBarUp] RunDll32 "C:\WINDOWS\system32\NTUP1.dll",Run
O4 - HKLM\..\Run: [System] C:\Program Files\Common Files\System\Updaterun.exe
O4 - HKLM\..\RunOnce: [KKDelay] C:\Program Files\Rising\AntiSpyware\RunOnce.exe
O4 - Startup: desktop.ini =
O4 - Global Startup: desktop.ini =
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\QQ\SendMMS.htm
O9 - Extra Button: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra Button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - D:\浩方对战平台\GameClient.exe
O9 - Extra Button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\QQ\QQ.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) - https://www.sz1.cmbchina.com/download/CMBEdit.cab
O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://download.ppstream.com/bin/powerplayer.cab
O16 - DPF: {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} (Tencent Safety Online Base Module) - http://safe.qq.com/cgi-bin/tso/TSOBase.ocx
O16 - DPF: {C661F36D-DF85-4EF4-83C7-E107B83D04B1} (WebActivater Control) - http://dl_dir.qq.com/3dshow/3DShowVM.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E230144A-2626-4BAE-8933-7EEA74FEDD71}: NameServer = 202.96.128.86,202.96.134.133
O18 - Filter : application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll
O18 - Filter : application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll
O18 - Filter : application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll
O18 - Protocol: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O20 - Winlogon Notify: WgaLogon
O21 - SSODL: nbja - {8AC46EB0-CF1F-4657-AC5A-6D8DE43DBD41} - C:\PROGRA~1\mais\nbja.dll
O23 - Service: Human Interface Device Access (HidServ) -  - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"
O23 - Service: KVSrvXP (KVSrvXP) - Jiangmin Co. Ltd - C:\Program Files\KV2006\KVSrvXP.exe /Service
O23 - Service: KVWSC (KVWSC) - Jiangmin Co - "C:\Program Files\KVFW\KVwsc.exe"
O23 - Service: Navoct (Navoct) -  - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Std pdlv Service (pdlv) -  - C:\WINDOWS\system32\rundll32.exe c:\progra~1\hvdn\uiqx.dll,service -s
O23 - Service: User Privilege Service (usprserv) - Microsoft Corporation - C:\WINDOWS\system32\svchost.exe -k netsvcs

O4 - HKLM\..\Run: [upxdnd] C:\WINDOWS\TEMP\upxdnd.exe
O4 - HKLM\..\Run: [mppds] C:\WINDOWS\mppds.exe
O4 - HKLM\..\Run: [wsttrs] C:\WINDOWS\wsttrs.exe
下载 System Repair Engineer，
http://www.kztechs.com/sreng/download.html
1 解压缩sreng2.zip
2 运行SREng.exe
3 智能扫描=》扫描=》保存报告
4 把日志中的报告完整拷贝贴上来，不要修改

[CODE]

2007-04-03,02:52:40

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <KVFW><C:\Program Files\KVFW\kvfw.exe -silent>  [Beijing Jiangmin.]
    <System Boot Check><C:\Documents and Settings\lyp8\Local Settings\Temporary Internet Files\Content.IE5\TYWIVTD4\qq[1].exe>  [N/A]
    <thshc5rc15dz><C:\DOCUME~1\lyp8\LOCALS~1\Temp\iexpl0re.exe>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <nwiz><nwiz.exe /install>  [NVIDIA Corporation]
    <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <KvMonXP><"C:\Program Files\KV2006\KVMonXP.kxp" /auto>  [Jiangmin Co.Ltd]
    <BigDog303><C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)>  [N/A]
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [N/A]
    <SoundMan><SOUNDMAN.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <upxdnd><C:\DOCUME~1\lyp8\LOCALS~1\Temp\upxdnd.exe>  []
    <mppds><C:\WINDOWS\mppds.exe>  []
    <wsttrs><C:\WINDOWS\wsttrs.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <KKDelay><C:\Program Files\Rising\AntiSpyware\RunOnce.exe>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <nbja><C:\PROGRA~1\mais\nbja.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    <WinlogonNotify: WgaLogon><WgaLogon.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <StormCodec_Helper><; "D:\fengbao\Storm Codec\StormSet.exe" /S /opti>  []

==================================
启动文件夹
N/A

==================================
服务
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
  <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
  <"C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"><Macrovision Corporation>
[KVSrvXP / KVSrvXP][Running/Auto Start]
  <C:\Program Files\KV2006\KVSrvXP.exe /Service><Jiangmin Co. Ltd>
[KVWSC / KVWSC][Running/Auto Start]
  <"C:\Program Files\KVFW\KVwsc.exe"><Jiangmin Co>
[Microsoft Update Service / MOVEESS][Running/Auto Start]
  <C:\WINDOWS\SYSTEM32\RUNDLL2000.EXE C:\WINDOWS\SYSTEM32\WBEM\HAIUL.DLL,Export 1087><Microsoft Corporation>
[Net Power Supply / MSSoftwareShadow][Stopped/Disabled]
  <><N/A>
[Navoct / Navoct][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\Program Files\iesnap\navoct.dll>< >
[Volume Optimization / NtStub][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\rlsgg.dll><Microsoft Corporation>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Std pdlv Service / pdlv][Running/Auto Start]
  <C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\hvdn\uiqx.dll,Service -s><Microsoft Corporation>
[WebPrint / WebPrint][Stopped/Auto Start]
  <c:\windows\system32\webprint.exe><Microsoft Corporation>

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[EagleNT / EagleNT][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\EagleNT.sys><N/A>
[FreshIO / FreshIO][Stopped/Manual Start]
  <\??\E:\FreshDiagnose测试\FreshIO.sys><N/A>
[hardlock / hardlock][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\hardlock.sys><Aladdin Knowledge Systems>
[Haspnt / Haspnt][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\Haspnt.sys><Aladdin Knowledge Systems>
[hcwb / hcwbd][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\hcwbd.sys><N/A>
[Network Fire Hydrant / HdFw_slot][Running/Auto Start]
  <\??\C:\Program Files\KVFW\hdfw.sys><北京江民新科技术有限公司>
[KRegEx / KRegEx][Running/System Start]
  <\??\C:\PROGRA~1\KV2006\KRegEx.sys><Jiangmin Co. Ltd.>
[KSysCall / KSysCall][Running/System Start]
  <\??\C:\PROGRA~1\KV2006\KSysCall.sys><Jiangmin Co. Ltd.>
[KVDP_1 / KVDP_1][Running/Manual Start]
  <\??\C:\Program Files\KV2006\KVDP_1.sys><Jiangmin Co., Ltd.>
[KvMemon / KvMemon][Running/Manual Start]
  <\??\C:\PROGRA~1\KV2006\KvMemon.sys><Jiangmin Co. Ltd.>
[KVREDIR / KVREDIR][Running/System Start]
  <\??\C:\Program Files\KV2006\KVREDIR.sys><Jiangmin Co. Ltd>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\D:\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[npkycryp / npkycryp][Stopped/Manual Start]
  <\??\D:\QQ\npkycryp.sys><N/A>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[nwlnksipx / nwlnksipx][Stopped/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\nwlnksipx.sys><N/A>
[oreans32 / oreans32][Stopped/System Start]
  <\??\C:\WINDOWS\system32\drivers\oreans32.sys><N/A>
[PProtect / PProtect][Running/System Start]
  <\??\C:\PROGRA~1\KV2006\PProtect.sys><Jiangmin Co. Ltd.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[TVICHW32 / TVICHW32][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS><N/A>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[VIMICRO USB PC Camera / ZSMC301b][Stopped/Manual Start]
  <System32\Drivers\usbVM31b.sys><N/A>
[VIMICRO USB PC Camera (ZC0301PLH) / ZSMC303][Running/Manual Start]
  <System32\Drivers\usbVM303.sys><Vimicro Corporation>

==================================
浏览器加载项
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[浩方对战平台]
  {0A155D3C-68E2-4215-A47A-E800A446447A} <D:\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\QQ\QQ.EXE, TENCENT>
[金山快译(&K)]
  {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} <D:\PROGRA~1\IEBand.dll, >
[江民杀毒工具栏]
  {B5A34A93-D538-43A7-8371-864CB6148D12} <C:\Program Files\KV2006\KVShell_1.dll, Jiangmin Co.Ltd>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[实用搜索工具条2.0]
  {03465FF5-00AE-411a-9C34-960ED566EC03} <C:\Program Files\superutilbar\superutilbar.dll, www.shiyongsousuo.com>
[Edit Class]
  {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\system32\CMBEdit.dll, >
[PowerPlayer Control]
  {5EC7C511-CD0F-42E6-830C-1BD9882F3458} <C:\WINDOWS\DOWNLO~1\POWERP~1.DLL, PPStream Inc.>
[Tencent Safety Online Base Module]
  {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <C:\WINDOWS\DOWNLO~1\TSOBase.ocx, Tencent Corporation>
[WebActivater Control]
  {C661F36D-DF85-4EF4-83C7-E107B83D04B1} <C:\WINDOWS\system32\3DShowVM.ocx, QQ>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[实用搜索工具条2.0]
  {03465FF5-00AE-411A-9C34-960ED566EC03} <C:\Program Files\superutilbar\superutilbar.dll, www.shiyongsousuo.com>
[Edit Class]
  {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\system32\CMBEdit.dll, >
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[Tabular Data Control]
  {333C7BC4-460F-11D0-BC04-0080C7055A83} <C:\WINDOWS\system32\tdc.ocx, Microsoft Corporation>
[FiltrateWebObj Class]
  {42AFACEE-2A77-41EB-9EE2-D9F8AF827F90} <C:\Program Files\KV2006\KVBHO_1.dll, Jiangmin Co.Ltd>
[超级兔子上网精灵]
  {43869BB3-22FD-4F15-9B46-238106BA2F4E} <, N/A>
[PwdEdit Control]
  {5467862B-C477-437F-886E-EC5006B37DCA} <C:\WINDOWS\system32\PwdEdit.ocx, adtec>
[PowerPlayer Control]
  {5EC7C511-CD0F-42E6-830C-1BD9882F3458} <C:\WINDOWS\DOWNLO~1\POWERP~1.DLL, PPStream Inc.>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[金山快译(&K)]
  {6C3797D2-3FEF-4CD4-B654-D3AE55B4128C} <D:\PROGRA~1\IEBand.dll, >
[Active Desktop Mover]
  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[超级兔子上网精灵]
  {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <, N/A>
[BrowseHelper Class]
  {80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} <C:\Program Files\KV2006\KVShell_1.dll, Jiangmin Co.Ltd>
[SecClient Control]
  {85599589-00AA-11D7-A7D0-00E04C3F6D70} <C:\WINDOWS\system32\SECCLI~1.OCX, bj-union>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[Qzone Media Tools]
  {A96C48EA-AA88-4BBD-B58C-7B41146A6EAC} <D:\QQ\QZone\QZONEM~1.OCX, Tencent Technology (Shenzhen) Company Limited>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[江民杀毒工具栏]
  {B5A34A93-D538-43A7-8371-864CB6148D12} <C:\Program Files\KV2006\KVShell_1.dll, Jiangmin Co.Ltd>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Tencent Safety Online Base Module]
  {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <C:\WINDOWS\DOWNLO~1\TSOBase.ocx, Tencent Corporation>
[WebActivater Control]
  {C661F36D-DF85-4EF4-83C7-E107B83D04B1} <C:\WINDOWS\system32\3DShowVM.ocx, QQ>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
  {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
  {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[TencentVmpCtl Class]
  {D9819BD5-422B-4281-8523-726466ED692B} <C:\Program Files\Tencent\Viewpoint Media Player\AxMetaStream.dll, Viewpoint Corporation>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[上传到QQ网络硬盘]
  <D:\QQ\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
  <D:\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\QQ\SendMMS.htm, N/A>

正在运行的进程
[PID: 460][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 524][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 548][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WgaLogon.dll]  [Microsoft Corporation, 1.7.0018.5]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\PROGRA~1\hvdn\xlta.dll]  [, 1, 0, 0, 6]
    [C:\PROGRA~1\hvdn\sqvf.dll]  [ , 1, 0, 0, 6]
    [c:\PROGRA~1\iesnap\navstub.dll]  [, 1, 0, 1, 1]
[PID: 592][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 604][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1500][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\akhlh.dll]  [N/A, ]
    [C:\PROGRA~1\hvdn\xlta.dll]  [, 1, 0, 0, 6]
    [C:\PROGRA~1\hvdn\sqvf.dll]  [ , 1, 0, 0, 6]
    [c:\PROGRA~1\iesnap\navstub.dll]  [, 1, 0, 1, 1]
    [C:\PROGRA~1\mais\nbja.nls]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\mppds.dll]  [N/A, ]
    [C:\DOCUME~1\lyp8\LOCALS~1\Temp\upxdnd.dll]  [N/A, ]
    [C:\DOCUME~1\lyp8\LOCALS~1\Temp\LgSy0.dll]  [N/A, ]
    [C:\WINDOWS\system32\nvcpl.dll]  [NVIDIA Corporation, 6.14.10.7645]
    [C:\WINDOWS\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.7645]
    [C:\Program Files\KV2006\KVShell_1.dll]  [Jiangmin Co.Ltd, 9, 0, 5, 830]
    [C:\Program Files\KV2006\UpdateX.dll]  [JiangMin Co.Ltd., 9, 0, 5, 831]
    [C:\Program Files\KV2006\lang\Kvxp0804_1.lng]  [N/A, ]
    [C:\Program Files\KV2006\APIImpl_1.dll]  [JiangMin Ltd., 9.0.0.500]
    [C:\WINDOWS\system32\nvshell.dll]  [NVIDIA Corporation, 6.14.10.10518]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll]  [Thunder Networking Technologies,LTD, 5, 0, 1, 4]
    [C:\Program Files\KV2006\KVMonXP.kxp]  [Jiangmin Co.Ltd, 9, 2, 0, 60905]
    [C:\Program Files\KV2006\UpdateX.dll]  [JiangMin Co.Ltd., 9, 0, 5, 831]
    [C:\Program Files\KV2006\lang\Kvxp0804_1.lng]  [N/A, ]
    [C:\PROGRA~1\hvdn\xlta.dll]  [, 1, 0, 0, 6]
    [C:\PROGRA~1\hvdn\sqvf.dll]  [ , 1, 0, 0, 6]
    [c:\PROGRA~1\iesnap\navstub.dll]  [, 1, 0, 1, 1]
    [C:\DOCUME~1\lyp8\LOCALS~1\Temp\LgSy0.dll]  [N/A, ]
    [C:\Program Files\KV2006\GUIExt.dll]  [Jiangmin Co.Ltd, 9, 0, 5, 927]
    [C:\Program Files\KV2006\lang\GUIExt0804_1.lng]  [JiangMin Ltd., 7, 1, 0, 200]
    [C:\Program Files\KV2006\EngFace.dll]  [Jiangmin Co.Ltd, 9.0.0.50809]
    [C:\Program Files\KV2006\EngPS.dll]  [Jiangmin Co.Ltd, 9, 2, 0, 50817]
    [C:\Program Files\KV2006\KvMemory.dll]  [Jiangmin Co. Ltd., 9, 0, 6, 0214]
    [C:\Program Files\KV2006\KvOffice.dll]  [JiangMin New Tech., 9.0.0.1213]
    [C:\Program Files\KV2006\lang\KVOffice0804.lng]  [N/A, ]
    [C:\Program Files\KV2006\VirusUpload.dll]  [, 2, 16, 6, 7260]
    [C:\Program Files\KV2006\PProtect.dll]  [Jiangmin Co. Ltd., 9.0.0.921]
[PID: 224][C:\WINDOWS\VM303_STI.EXE]  [Vimicro, 4, 3, 625, 61]
    [C:\PROGRA~1\hvdn\xlta.dll]  [, 1, 0, 0, 6]
    [C:\PROGRA~1\hvdn\sqvf.dll]  [ , 1, 0, 0, 6]
    [c:\PROGRA~1\iesnap\navstub.dll]  [, 1, 0, 1, 1]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [C:\WINDOWS\system32\VM303Prp.Ax]  [Vimicro, 4.3. 625.61]
[PID: 264][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5, 1, 0, 54]
    [C:\PROGRA~1\hvdn\xlta.dll]  [, 1, 0, 0, 6]
    [C:\PROGRA~1\hvdn\sqvf.dll]  [ , 1, 0, 0, 6]
    [c:\PROGRA~1\iesnap\navstub.dll]  [, 1, 0, 1, 1]
[PID: 348][C:\WINDOWS\wsttrs.exe]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\wsttrs.dll]  [N/A, ]
[PID: 360][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRA~1\hvdn\xlta.dll]  [, 1, 0, 0, 6]
    [C:\PROGRA~1\hvdn\sqvf.dll]  [ , 1, 0, 0, 6]
    [c:\PROGRA~1\iesnap\navstub.dll]  [, 1, 0, 1, 1]
[PID: 400][C:\Program Files\KVFW\kvfw.exe]  [Beijing Jiangmin., 9.0.5.1205]
    [C:\PROGRA~1\hvdn\xlta.dll]  [, 1, 0, 0, 6]
    [C:\PROGRA~1\hvdn\sqvf.dll]  [ , 1, 0, 0, 6]
    [c:\PROGRA~1\iesnap\navstub.dll]  [, 1, 0, 1, 1]
    [C:\Program Files\KVFW\KVFWUtil.DLL]  [, 1, 0, 0, 1]
    [C:\DOCUME~1\lyp8\LOCALS~1\Temp\LgSy0.dll]  [N/A, ]
[PID: 1840][C:\WINDOWS\system32\WgaTray.exe]  [Microsoft Corporation, 1.7.0018.5]
    [C:\PROGRA~1\hvdn\xlta.dll]  [, 1, 0, 0, 6]
    [C:\PROGRA~1\hvdn\sqvf.dll]  [ , 1, 0, 0, 6]
    [c:\PROGRA~1\iesnap\navstub.dll]  [, 1, 0, 1, 1]
    [C:\DOCUME~1\lyp8\LOCALS~1\Temp\LgSy0.dll]  [N/A, ]
[PID: 2488][c:\PROGRA~1\iesnap\navplay.exe]  [, 1, 0, 1, 1]
    [C:\PROGRA~1\hvdn\xlta.dll]  [, 1, 0, 0, 6]
    [C:\PROGRA~1\hvdn\sqvf.dll]  [ , 1, 0, 0, 6]
    [c:\PROGRA~1\iesnap\navstub.dll]  [, 1, 0, 1, 1]
[PID: 3428][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRA~1\hvdn\xlta.dll]  [, 1, 0, 0, 6]
    [C:\PROGRA~1\hvdn\sqvf.dll]  [ , 1, 0, 0, 6]
    [c:\PROGRA~1\iesnap\navstub.dll]  [, 1, 0, 1, 1]
    [C:\Program Files\superutilbar\superutilbar.dll]  [www.shiyongsousuo.com, 2, 1, 8, 24]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll]  [Thunder Networking Technologies,LTD, 5, 0, 1, 4]
    [C:\DOCUME~1\lyp8\LOCALS~1\Temp\LgSy0.dll]  [N/A, ]
    [c:\PROGRA~1\iesnap\navpref.dll]  [, 1, 0, 1, 1]
    [c:\PROGRA~1\iesnap\navseg.dll]  [, 1, 0, 1, 1]
    [c:\PROGRA~1\iesnap\navneg.dll]  [, 1, 0, 1, 1]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 3988][E:\系统日志\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\PROGRA~1\hvdn\xlta.dll]  [, 1, 0, 0, 6]
    [C:\PROGRA~1\hvdn\sqvf.dll]  [ , 1, 0, 0, 6]
    [c:\PROGRA~1\iesnap\navstub.dll]  [, 1, 0, 1, 1]
    [C:\DOCUME~1\lyp8\LOCALS~1\Temp\LgSy0.dll]  [N/A, ]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================
API HOOK
N/A

==================================
隐藏进程
    [1952] c:\windows\system32\webpnt.exe

==================================


[/CODE]

卡卡也查不出来咯！自动弹广告。。。。
！高人怎么干掉他！！

为什么隐藏启动项删不掉..!

安全模式下(开机后不断 按F8键  然后出来一个高级菜单 选择第一项 安全模式 进入系统)

打开sreng （就是你扫日志的软件）
启动项目  注册表 删除如下项目 (如果有哪项你认识或者确认不是病毒 请不要删除)
<upxdnd><C:\DOCUME~1\lyp8\LOCALS~1\Temp\upxdnd.exe> []
<mppds><C:\WINDOWS\mppds.exe> []
<wsttrs><C:\WINDOWS\wsttrs.exe> []
<nbja><C:\PROGRA~1\mais\nbja.dll> []


“启动项目”-“服务”-“Win32服务应用程序”中点“隐藏经认证的微软项目”，
选中以下项目，点“删除服务”，再点“设置”，在弹出的框中点“否”：

Navoct / Navoct
Volume Optimization / NtStub
Std pdlv Service / pdlv
WebPrint / WebPrint
在“启动项目”-“服务”-“驱动程序”中点“隐藏经认证的微软项目”，
选中以下项目，点“删除服务”，再点“设置”，在弹出的框中点“否”：
oreans32 / oreans32



双击我的电脑，工具，文件夹选项，查看，单击选取"显示隐藏文件或文件夹" 并清除"隐藏受保护的操作系统文件（推荐）"前面的钩。在提示确定更改时，单击“是” 然后确定
然后删除
C:\Program Files\iesnap整个文件夹
C:\WINDOWS\system32\rlsgg.dll
C:\PROGRA~1\hvdn整个文件夹
c:\windows\system32\webprint.exe
C:\WINDOWS\system32\drivers\oreans32.sys
C:\WINDOWS\system32\akhlh.dll
清空C:\DOCUME~1\lyp8\LOCALS~1\Temp
c:\windows\system32\webpnt.exe
C:\WINDOWS\mppds.exe
C:\WINDOWS\wsttrs.exe
C:\PROGRA~1\mais整个文件夹
注：Documents and Settings=DOCUME~1  Administrator=ADMINI~1    Local Settings=LOCALS~1

OnlineGrams
usysload3.exe
upxdnd.exe
cmdbcs.exe
rav20.dll
等专杀吧！~麦英病毒，江湖人称：“卖淫”病毒，真正的“再生侠”
麦英病毒2007年3月31日开始全面发飙，现在杀毒软件清除都不彻底。
可以手动，再加俄罗斯军方杀毒软件drweb-cureit，把关联的EXE文件干掉，就不会重生了。最牛B的是感染ghost文件，变成记事本图标，恢复系统无效。

晕想不到这么黑！
我去试