**** Run Keys ****

RUN: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
RUN: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
RUN: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
RUN: [SoundMan] SOUNDMAN.EXE
RUN: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
RUN: [nwiz] nwiz.exe /install
RUN: [MINI_MINIPP] C:\Program Files\MINIPP\MINIPP.exe
RUN: [Timplatform] C:\Program Files\qmail\Timplatform.exe
RUN: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
RUN: [CnsMin] Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
RUN: [ywwvc.exe] C:\WINDOWS\system\ywwvc.exe
RUN: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
RUN: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
RUN: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
RUN: [Kugoo] C:\PROGRA~1\KuGoo2\KuGoo.exe


**** Browser Helper Objects ****

BHO: [ThunderIEHelper Class] C:\WINDOWS\system32\xunleibho_v4.dll
BHO: [CPub Object] C:\Program Files\P4P\SoDAIE.dll
BHO: [IeCatch2 Class] C:\PROGRA~1\FlashGet\jccatch.dll
BHO: [IeCatch2 Class] C:\PROGRA~1\FlashGet\jccatch.dll
BHO: [上网助手] C:\PROGRA~1\3721\Assist\asbar.dll
BHO: [CnsHook Class] C:\WINDOWS\downlo~1\CnsHook.dll
BHO: [Infofo 工具栏] C:\Program Files\Infofo Bar\infofobar.dll


**** IE Toolbars ****

TOOLBAR: [BitCometBar] C:\Program Files\BitComet\BitCometBar\BitCometBar0.1.dll
TOOLBAR: [BitCometBar] C:\Program Files\BitComet\BitCometBar\BitCometBar0.1.dll
TOOLBAR: [Infofo 工具栏] C:\Program Files\Infofo Bar\infofobar.dll
TOOLBAR: [FlashGet Bar] C:\PROGRA~1\FlashGet\fgiebar.dll
TOOLBAR: [上网助手] C:\PROGRA~1\3721\Assist\asbar.dll
TOOLBAR: [搜狗直通车] C:\PROGRA~1\P4P\ToolBar.dll


**** IE Extensions ****

IEExt: [手机短信] http://sms.3721.com/ie/index.htm
IEExt: [Yahoo 1G电邮] http://cn.mail.yahoo.com/promo/rd1
IEExt: [寻宝乐趣多] http://hot.3721.com/rd/shop_btn.htm
IEExt: [上网助手] http://assistant.3721.com/index.htm?fb=Cns
IEExt: [Infofo 工具栏] http://assistant.3721.com/index.htm?fb=Cns
IEExt: [SoQ] http://www.soq.com
IEExt: [易趣购物] http://adfarm.mediaplex.com/ad/ck/4080-23171-9517-195?cn=song;icon;hp&mpro=http://www.ebay.com.cn
IEExt: [FlashGet] C:\PROGRA~1\FlashGet\flashget.exe
IEExt: [情景聊天] http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/
IEExt: [情景聊天] http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/
IEExt: [Messenger] C:\Program Files\Messenger\msmsgs.exe
IEExt: [Messenger] C:\Program Files\Messenger\msmsgs.exe


**** Hosts File Entries ****

HOSTS: 127.0.0.1      localhost
HOSTS: 127.0.0.1      19ku.com
HOSTS: 127.0.0.1        www.19ku.com
HOSTS: 127.0.0.1        www.19ku.com



**** IE Settings ****

Default Page: http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default Search: http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Local Page: C:\WINDOWS\system32\blank.htm
Search Page: http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch


**** IE Context Menu (Right click) ****

IEContext: [!搜一搜] res://C:\WINDOWS\downlo~1\CnsMinEx.dll/1003
IEContext: [&使用迷你PP下载] C:\Program Files\MINIPP\geturl.htm
IEContext: [Download All by FlashGet] C:\PROGRA~1\FlashGet\jc_all.htm
IEContext: [Download using FlashGet] C:\PROGRA~1\FlashGet\jc_link.htm
IEContext: [使用Kugoo下载] C:\PROGRA~1\KuGoo2\KugooDownX.htm
IEContext: [使用TRYHEAR播放] C:\Program Files\TryHear3.0\Plugins\load.htm
IEContext: [使用TRYHEAR播放全部链接] C:\Program Files\TryHear3.0\Plugins\loadall.htm
IEContext: [使用搜狗直通车下载] C:\PROGRA~1\P4P\dl.htm
IEContext: [添加到QQ自定义面板] C:\Program Files\Tencent\qq\AddPanel.htm
IEContext: [添加到QQ表情] C:\Program Files\Tencent\qq\AddEmotion.htm
IEContext: [用QQ彩信发送该图片] C:\Program Files\Tencent\qq\SendMMS.htm
IEContext: [百度-搜索MP3] res://C:\Program Files\BaiDu\bar\BaiduBar.dll/BAIDUMP3.HTM
IEContext: [百度-搜索图片] res://C:\Program Files\BaiDu\bar\BaiduBar.dll/BAIDUIMG.HTM
IEContext: [百度-搜索新闻] res://C:\Program Files\BaiDu\bar\BaiduBar.dll/BAIDUNEWS.HTM
IEContext: [百度-搜索歌词] res://C:\Program Files\BaiDu\bar\BaiduBar.dll/BAIDULYRIC.HTM
IEContext: [百度-搜索网页] res://C:\Program Files\BaiDu\bar\BaiduBar.dll/BAIDUSEARCH.HTM
IEContext: [百度-搜索贴吧] res://C:\Program Files\BaiDu\bar\BaiduBar.dll/BAIDUPOST.HTM
IEContext: [百度-词典搜索] res://C:\Program Files\BaiDu\bar\BaiduBar.dll/BAIDU_DIC.HTM


**** Layered Service Providers ****

LSP: MSAFD Tcpip [TCP/IP]
LSP: MSAFD Tcpip [UDP/IP]
LSP: RSVP UDP Service Provider
LSP: RSVP TCP Service Provider
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2F29B282-3BAD-409E-9E84-1780412D99C0}] SEQPACKET 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2F29B282-3BAD-409E-9E84-1780412D99C0}] DATAGRAM 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2D3B6217-E4FA-4166-B027-81DE171F43C6}] SEQPACKET 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2D3B6217-E4FA-4166-B027-81DE171F43C6}] DATAGRAM 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4574975E-2F85-4F31-811E-CB4879D722E5}] SEQPACKET 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{4574975E-2F85-4F31-811E-CB4879D722E5}] DATAGRAM 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{069BB2BB-246E-463F-81EB-C3230B341722}] SEQPACKET 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{069BB2BB-246E-463F-81EB-C3230B341722}] DATAGRAM 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FA51A829-D958-4EB0-8BA3-F54360D735C1}] SEQPACKET 4
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{FA51A829-D958-4EB0-8BA3-F54360D735C1}] DATAGRAM 4


**** Blocked Control Panel Items ****

BLOCKED: [ncpa.cpl] No
BLOCKED: [odbccp32.cpl] No


**** Downloaded Program Files ****

{D27CDB6E-AE6D-11CF-96B8-444553540000} [http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab]


**** Windows Services ****

[Alerter] %SystemRoot%\system32\svchost.exe -k LocalService
[ALG] %SystemRoot%\System32\alg.exe
[AppMgmt] %SystemRoot%\system32\svchost.exe -k netsvcs
[AudioSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[BITS] %SystemRoot%\system32\svchost.exe -k netsvcs
[Browser] %SystemRoot%\system32\svchost.exe -k netsvcs
[ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
[ccPwdSvc] "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"
[ccSetMgr] "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
[CiSvc] %SystemRoot%\system32\cisvc.exe
[ClipSrv] %SystemRoot%\system32\clipsrv.exe
[COMSysApp] C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
[CryptSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[DcomLaunch] %SystemRoot%\system32\svchost -k DcomLaunch
[DefWatch] "C:\Program Files\Symantec AntiVirus\DefWatch.exe"
[Dhcp] %SystemRoot%\system32\svchost.exe -k netsvcs
[dmadmin] %SystemRoot%\System32\dmadmin.exe /com
[dmserver] %SystemRoot%\System32\svchost.exe -k netsvcs
[Dnscache] %SystemRoot%\system32\svchost.exe -k NetworkService
[ERSvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[Eventlog] %SystemRoot%\system32\services.exe
[EventSystem] C:\WINDOWS\system32\svchost.exe -k netsvcs
[FastUserSwitchingCompatibility] %SystemRoot%\System32\svchost.exe -k netsvcs
[helpsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[HidServ] %SystemRoot%\System32\svchost.exe -k netsvcs
[HTTPFilter] %SystemRoot%\System32\svchost.exe -k HTTPFilter
[ImapiService] C:\WINDOWS\system32\imapi.exe
[lanmanserver] %SystemRoot%\system32\svchost.exe -k netsvcs
[lanmanworkstation] %SystemRoot%\system32\svchost.exe -k netsvcs
[LmHosts] %SystemRoot%\system32\svchost.exe -k LocalService
[Messenger] %SystemRoot%\system32\svchost.exe -k netsvcs
[mnmsrvc] C:\WINDOWS\system32\mnmsrvc.exe
[MSDTC] C:\WINDOWS\system32\msdtc.exe
[MSIServer] C:\WINDOWS\system32\msiexec.exe /V
[NetDDE] %SystemRoot%\system32\netdde.exe
[NetDDEdsdm] %SystemRoot%\system32\netdde.exe
[Netlogon] %SystemRoot%\system32\lsass.exe
[Netman] %SystemRoot%\System32\svchost.exe -k netsvcs
[Nla] %SystemRoot%\system32\svchost.exe -k netsvcs
[NtLmSsp] %SystemRoot%\system32\lsass.exe
[NtmsSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[NVSvc] %SystemRoot%\system32\nvsvc32.exe
[P4P Service] C:\Program Files\P4P\p2psvr.exe
[PlugPlay] %SystemRoot%\system32\services.exe
[PolicyAgent] %SystemRoot%\system32\lsass.exe
[ProtectedStorage] %SystemRoot%\system32\lsass.exe
[RasAuto] %SystemRoot%\system32\svchost.exe -k netsvcs
[RasMan] %SystemRoot%\system32\svchost.exe -k netsvcs
[RDSessMgr] C:\WINDOWS\system32\sessmgr.exe
[RemoteAccess] %SystemRoot%\system32\svchost.exe -k netsvcs
[RemoteRegistry] %SystemRoot%\system32\svchost.exe -k LocalService
[RpcLocator] %SystemRoot%\system32\locator.exe
[RpcSs] %SystemRoot%\system32\svchost -k rpcss
[RSVP] %SystemRoot%\system32\rsvp.exe
[SamSs] %SystemRoot%\system32\lsass.exe
[SavRoam] "C:\Program Files\Symantec AntiVirus\SavRoam.exe"
[SCardSvr] %SystemRoot%\System32\SCardSvr.exe
[Schedule] %SystemRoot%\System32\svchost.exe -k netsvcs
[seclogon] %SystemRoot%\System32\svchost.exe -k netsvcs
[SENS] %SystemRoot%\system32\svchost.exe -k netsvcs
[SharedAccess] %SystemRoot%\system32\svchost.exe -k netsvcs
[ShellHWDetection] %SystemRoot%\System32\svchost.exe -k netsvcs
[SNDSrvc] "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"
[Spooler] %SystemRoot%\system32\spoolsv.exe
[srservice] %SystemRoot%\system32\svchost.exe -k netsvcs
[SSDPSRV] %SystemRoot%\system32\svchost.exe -k LocalService
[stisvc] %SystemRoot%\system32\svchost.exe -k imgsvc
[SwPrv] C:\WINDOWS\system32\dllhost.exe /Processid:{C52DA0EE-4B73-49D0-B331-8855EA119595}
[Symantec AntiVirus] "C:\Program Files\Symantec AntiVirus\Rtvscan.exe"
[SysmonLog] %SystemRoot%\system32\smlogsvc.exe
[TapiSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[TermService] %SystemRoot%\System32\svchost -k DComLaunch
[Themes] %SystemRoot%\System32\svchost.exe -k netsvcs
[TlntSvr] C:\WINDOWS\system32\tlntsvr.exe
[TrkWks] %SystemRoot%\system32\svchost.exe -k netsvcs
[upnphost] %SystemRoot%\system32\svchost.exe -k LocalService
[UPS] %SystemRoot%\System32\ups.exe
[VSS] %SystemRoot%\System32\vssvc.exe
[W32Time] %SystemRoot%\System32\svchost.exe -k netsvcs
[WebClient] %SystemRoot%\system32\svchost.exe -k LocalService
[winmgmt] %systemroot%\system32\svchost.exe -k netsvcs
[WmdmPmSN] %SystemRoot%\System32\svchost.exe -k netsvcs
[Wmi] %SystemRoot%\System32\svchost.exe -k netsvcs
[WmiApSrv] C:\WINDOWS\system32\wbem\wmiapsrv.exe
[wscsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[wuauserv] %systemroot%\system32\svchost.exe -k netsvcs
[WZCSVC] %SystemRoot%\System32\svchost.exe -k netsvcs
[xmlprov] %SystemRoot%\System32\svchost.exe -k netsvcs

**** Custom IE Search Items ****

SEARCH: [SearchAssistant] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
SEARCH: [CustomizeSearch] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
SEARCH: [OCustomizeSearch] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
SEARCH: [OSearchAssistant] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


**** Complete IE Options ****

IEOPT: [NoUpdateCheck] 
IEOPT: [NoJITSetup] 
IEOPT: [Disable Script Debugger] yes
IEOPT: [Show_ChannelBand] No
IEOPT: [Anchor Underline] yes
IEOPT: [Cache_Update_Frequency] Once_Per_Session
IEOPT: [Display Inline Images] yes
IEOPT: [Do404Search] 
IEOPT: [Local Page] C:\WINDOWS\system32\blank.htm
IEOPT: [Save_Session_History_On_Exit] no
IEOPT: [Show_FullURL] no
IEOPT: [Show_StatusBar] yes
IEOPT: [Show_ToolBar] yes
IEOPT: [Show_URLinStatusBar] yes
IEOPT: [Show_URLToolBar] yes
IEOPT: [Start Page] about:blank
IEOPT: [Use_DlgBox_Colors] yes
IEOPT: [Search Page] http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IEOPT: [FullScreen] no
IEOPT: [Window_Placement] ,
IEOPT: [AddToFavoritesExpanded] 
IEOPT: [NotifyDownloadComplete] no
IEOPT: [Use FormSuggest] yes
IEOPT: [CNSMenu] 
IEOPT: [CNSHint] 
IEOPT: [CNSReset] 
IEOPT: [CNSEnable] 
IEOPT: [CNSList] 
IEOPT: [CNSAutoUpdate] 
IEOPT: [Default_Page_URL] http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IEOPT: [Default_Search_URL] http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IEOPT: [Search Page] http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IEOPT: [Enable_Disk_Cache] yes
IEOPT: [Cache_Percent_of_Disk] 
IEOPT: [Delete_Temp_Files_On_Exit] yes
IEOPT: [Local Page] %SystemRoot%\system32\blank.htm
IEOPT: [Anchor_Visitation_Horizon] 
IEOPT: [Use_Async_DNS] yes
IEOPT: [Placeholder_Width] 
IEOPT: [Placeholder_Height] 
IEOPT: [Start Page] http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IEOPT: [CompanyName] Microsoft Corporation
IEOPT: [Custom_Key] MICROSO
IEOPT: [Wizard_Version] 6.0.2600.0000
IEOPT: [FullScreen] no

【回复“158498821”的帖子】
请先参考：
关于---http://www.19ku.com/和QQ尾巴http://www.18hi.com/123.exe---的解决方法1
http://forum.ikaka.com/topic.asp?board=67&artid=6351594

问题仍在建议您下载并使用HijackThis1.99.1

运行HijackThis，先点[扫描]或[Scan]按钮，扫描完成后，[扫描]或[Scan]按钮会变为[保存Log]或[Save Log]按钮，点击它，LOG将会在记事本中显示，再从记事本里复制/粘贴到贴子里。

如果LOG比较长，一贴发不完，你可以分成几个部分发在回贴里。