请大侠帮助！！
我中了病毒却杀不掉．这是日志，请帮我分析一下：
HijackThis@Qoo的扫描日志  V1.97.7
Scan saved at 20:01:36, on 2005-10-5
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\3721\assistse.exe
C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
C:\PROGRA~1\RISING\RAV\RAVMON.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\d11host.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\3721\ske\TrojanAssistant.exe
C:\Program Files\rising\Rav\Rav.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
E:\qq\QQ.exe
E:\qq\TIMPlatform.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\aaa\LOCALS~1\Temp\Rar$EX01.047\HijackThis.exe

O2 - BHO: (no name) - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\System32\xunleibho_v5.dll
O2 - BHO: (no name) - {01A7A372-71E8-4022-9D76-B66BECF71A2E} - C:\WINDOWS\system32\IEBHODLL.dll
O2 - BHO: (no name) - {2CE7166E-8BBA-4E76-BA7E-02AB3C573011} - C:\WINDOWS\DOWNLO~1\cytdcli.dll
O2 - BHO: (no name) - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll
O2 - BHO: (no name) - {54EBD53A-9BC1-480B-966A-843A333CA162} - E:\qq\QQIEHelper.dll
O2 - BHO: (no name) - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
O2 - BHO: (no name) - {6E28339B-7A2A-47B6-AEB2-46BA53782379} - E:\PROGRA~1\IS\BhoPlugin.dll (file missing)
O2 - BHO: (no name) - {AEF6F648-78D8-4456-BEE7-5ADE23D209FD} - C:\Program Files\HBClient\hapast.dll
O2 - BHO: (no name) - {FA591380-7716-4B27-A8AC-75910B25D9DD} - C:\WINDOWS\System32\spfit.dll (file missing)
O2 - BHO: (no name) - {FF01F40B-8A04-478A-A9F2-8880781AA7B2} - C:\WINDOWS\System32\mstzr.dll (file missing)
O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
O3 - Toolbar: (no name) - {D74EC18E-3DDD-4174-B1B1-949FE3B8366D} - (no file)
O3 - Toolbar: (no name) - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [NvCplDaemon] ; RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [assistse] "C:\PROGRA~1\3721\assistse.exe"
O4 - HKLM\..\Run: [RavTimer] C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [Super Rabbit SRRestore] C:\Program Files\Super Rabbit\MagicSet\srrest.exe /autosave
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [RavMon] C:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKLM\..\Run: [yahoo_mini] ; C:\Program Files\3721\Dlaccel\YDownloader.exe
O4 - HKLM\..\Run: [NMGameX_AutoRun] ; C:\WINDOWS\System32\Rundll32.exe NMGameX.dll,LiveProcess /aa
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Kavrun] ;
O4 - HKLM\..\Run: [iDuba Personal FireWall] ;
O4 - HKLM\..\Run: [d11host] C:\WINDOWS\System32\d11host.exe
O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [hbpassport] C:\PROGRA~1\HBCLIENT\hbast.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] ; "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] ; "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: NTUSER.DAT
O4 - Startup: ntuser.dat.LOG
O4 - Startup: ntuser.ini
O4 - Startup: Recent.000
O4 - Startup: Recent.001
O4 - Startup: Thumbs.db
O8 - Extra context menu item: &使用下载加速专家下载 - C:\Program Files\3721\Dlaccel\geturl.htm
O8 - Extra context menu item: 使用IS下载 - E:\PROGRA~1\IS\IS.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - E:\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\qq\SendMMS.htm
O8 - Extra context menu item: 百度-搜索MP3 - res://C:\Program Files\BaiDu\bar\BaiduBar.dll/BAIDUMP3.HTM
O8 - Extra context menu item: 百度-搜索图片 - res://C:\Program Files\BaiDu\bar\BaiduBar.dll/BAIDUIMG.HTM
O8 - Extra context menu item: 百度-搜索新闻 - res://C:\Program Files\BaiDu\bar\BaiduBar.dll/BAIDUNEWS.HTM
O8 - Extra context menu item: 百度-搜索歌词 - res://C:\Program Files\BaiDu\bar\BaiduBar.dll/BAIDULYRIC.HTM
O8 - Extra context menu item: 百度-搜索网页 - res://C:\Program Files\BaiDu\bar\BaiduBar.dll/BAIDUSEARCH.HTM
O8 - Extra context menu item: 百度-搜索贴吧 - res://C:\Program Files\BaiDu\bar\BaiduBar.dll/BAIDUPOST.HTM
O8 - Extra context menu item: 百度-词典搜索 - res://C:\Program Files\BaiDu\bar\BaiduBar.dll/BAIDU_DIC.HTM
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: QQ (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O11 - Options group: [TBH] QQ
O16 - DPF: {2EA6D939-4445-43F1-A12B-8CB3DDA8B855} - http://www.bluesky.cn/download/v2_60.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} - http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
O16 - DPF: {43331111-1111-1111-1111-611111195622} - file://c:\ex.cab
O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {98A62E3F-A8C5-4EF0-8A00-C70CF9D18A89} (LoaderCore Class) - http://tb.sogou.com/DLLoader.cab
O16 - DPF: {991481A7-4669-4E15-8C24-100404E1F5CB} - http://www.bluesky.cn/download/blueskyvoice_60.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {BE9D5F13-40C1-44CA-9950-B9211E4B60DD} (MeChatU Class) - http://www.sg369.com:8000/video/MeChatUser.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DA984A6D-508E-11D6-AA49-0050FF3C628D} (Ravonline) - http://download.rising.com.cn/QQ/QQkill/rsonline.cab
O16 - DPF: {F381FC65-D92D-4410-B865-E4E9713994E8} (Cytd Encipherment Memory) - http://202.99.42.177/sso/ccitpay.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB8D3A70-4A3A-42D2-BF0E-A1062FA89684}: NameServer = 211.91.120.129 211.94.33.193

重新启动到安全模式（进入安全模式的方法:重新启动电脑, 开机自动检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式(Safe Mode)进入Windows。）

先终止下面的进程（关闭所有窗口，同时按下CTRL+ALT+DELETE，在打开的窗口中选中要终止的进程，然后按下“结束任务”或者“结束进程”，最后关闭该窗口。
C:\WINDOWS\System32\d11host.exe

请关闭所有IE界面，重新使用HijackThis扫描一次，选中下面建议修复的项目，让HijackThis修复，修复前请允许HijackThis保留备份。（如果楼主知道是安全的可以不必勾选）
O2 - BHO: (no name) - {01A7A372-71E8-4022-9D76-B66BECF71A2E} - C:\WINDOWS\system32\IEBHODLL.dll
O2 - BHO: (no name) - {2CE7166E-8BBA-4E76-BA7E-02AB3C573011} - C:\WINDOWS\DOWNLO~1\cytdcli.dll
O2 - BHO: (no name) - {6E28339B-7A2A-47B6-AEB2-46BA53782379} - E:\PROGRA~1\IS\BhoPlugin.dll (file missing)
O2 - BHO: (no name) - {FA591380-7716-4B27-A8AC-75910B25D9DD} - C:\WINDOWS\System32\spfit.dll (file missing)
O2 - BHO: (no name) - {FF01F40B-8A04-478A-A9F2-8880781AA7B2} - C:\WINDOWS\System32\mstzr.dll (file missing)
O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
O3 - Toolbar: (no name) - {D74EC18E-3DDD-4174-B1B1-949FE3B8366D} - (no file)
O3 - Toolbar: (no name) - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - (no file)
O4 - HKLM\..\Run: [d11host] C:\WINDOWS\System32\d11host.exe
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab
O16 - DPF: {43331111-1111-1111-1111-611111195622} - file://c:\ex.cab
O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {BE9D5F13-40C1-44CA-9950-B9211E4B60DD} (MeChatU Class) - http://www.sg369.com:8000/video/MeChatUser.cab
O16 - DPF: {F381FC65-D92D-4410-B865-E4E9713994E8} (Cytd Encipherment Memory) - http://202.99.42.177/sso/ccitpay.CAB

然后打开我的电脑→再点工具→打开文件夹选项→查看→把隐藏受保护的系统文件（推荐）和隐藏已知文件类型的扩展名的勾去掉→再显示所有文件→找到以下文件并删除：
C:\WINDOWS\system32\IEBHODLL.dll
C:\WINDOWS\DOWNLO~1\cytdcli.dll
C:\WINDOWS\System32\d11host.exe
c:\ex.cab
c:\eied_s7.cab


问题仍在请用新版HijackThis1.99.1 扫描个日志贴上来

HijackThis下载地址请参考：
【必读】本版说明及常用小软件下载
http://forum.ikaka.com/topic.asp?board=67&artid=5188931

版主：
我已按照你说的去做了。这两个都没有搜索到，所以没删除成：
C:\WINDOWS\system32\IEBHODLL.dll
C:\WINDOWS\DOWNLO~1\cytdcli.dll
另外：现在一打开游览器就弹出一个铃声广告，也消不掉。再次扫描的日志如下：
HijackThis_815汉化版扫描日志 V1.99.1
保存于      22:16:36, 日期 2005-10-5
操作系统：  Windows XP SP1 (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 SP1 (6.00.2800.1106)

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
D:\HijackThis1991zww.exe

O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\System32\xunleibho_v5.dll
O2 - BHO: AntiFish Class - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll
O2 - BHO: QQBrowserHelperObject Class - {54EBD53A-9BC1-480B-966A-843A333CA162} - E:\qq\QQIEHelper.dll
O2 - BHO: DragSearch BHO - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
O2 - BHO: BrowserHAP Class - {AEF6F648-78D8-4456-BEE7-5ADE23D209FD} - C:\Program Files\HBClient\hapast.dll
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [NvCplDaemon] ; RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: [assistse] "C:\PROGRA~1\3721\assistse.exe"
O4 - 启动项HKLM\\Run: [RavTimer] C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - 启动项HKLM\\Run: [Super Rabbit SRRestore] C:\Program Files\Super Rabbit\MagicSet\srrest.exe /autosave
O4 - 启动项HKLM\\Run: [internat.exe] internat.exe
O4 - 启动项HKLM\\Run: [RavMon] C:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - 启动项HKLM\\Run: [yahoo_mini] ; C:\Program Files\3721\Dlaccel\YDownloader.exe
O4 - 启动项HKLM\\Run: [NMGameX_AutoRun] ; C:\WINDOWS\System32\Rundll32.exe NMGameX.dll,LiveProcess /aa
O4 - 启动项HKLM\\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - 启动项HKLM\\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - 启动项HKLM\\Run: [Kavrun] ;
O4 - 启动项HKLM\\Run: [iDuba Personal FireWall] ;
O4 - 启动项HKLM\\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - 启动项HKLM\\Run: [hbpassport] C:\PROGRA~1\HBCLIENT\hbast.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] ; "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] ; "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: 腾讯QQ.lnk = E:\qq\QQ.exe
O8 - IE右键菜单中的新增项目: &使用下载加速专家下载 - C:\Program Files\3721\Dlaccel\geturl.htm
O8 - IE右键菜单中的新增项目: 使用IS下载 - E:\PROGRA~1\IS\IS.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - E:\qq\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - E:\qq\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - E:\qq\SendMMS.htm
O8 - IE右键菜单中的新增项目: 百度-搜索MP3 - res://C:\Program Files\BaiDu\bar\BaiduBar.dll/BAIDUMP3.HTM
O8 - IE右键菜单中的新增项目: 百度-搜索图片 - res://C:\Program Files\BaiDu\bar\BaiduBar.dll/BAIDUIMG.HTM
O8 - IE右键菜单中的新增项目: 百度-搜索新闻 - res://C:\Program Files\BaiDu\bar\BaiduBar.dll/BAIDUNEWS.HTM
O8 - IE右键菜单中的新增项目: 百度-搜索歌词 - res://C:\Program Files\BaiDu\bar\BaiduBar.dll/BAIDULYRIC.HTM
O8 - IE右键菜单中的新增项目: 百度-搜索网页 - res://C:\Program Files\BaiDu\bar\BaiduBar.dll/BAIDUSEARCH.HTM
O8 - IE右键菜单中的新增项目: 百度-搜索贴吧 - res://C:\Program Files\BaiDu\bar\BaiduBar.dll/BAIDUPOST.HTM
O8 - IE右键菜单中的新增项目: 百度-词典搜索 - res://C:\Program Files\BaiDu\bar\BaiduBar.dll/BAIDU_DIC.HTM
O9 - 浏览器额外的按钮: Infofo 工具栏 - {8507326C-B5C1-4559-BB91-0919E753836F} - C:\WINDOWS\System32\shdocvw.dll
O9 - 浏览器额外的“工具”菜单项: Infofo 工具栏 - {8507326C-B5C1-4559-BB91-0919E753836F} - C:\WINDOWS\System32\shdocvw.dll
O9 - 浏览器额外的按钮: 易趣购物 - {BE9C13C3-9E46-4db1-BC05-BD8DA44599F2} - http://adfarm.mediaplex.com/ad/ck/4080-23171-9517-195?cn=song;icon;hp&mpro=http://www.ebay.com.cn (file missing)
O9 - 浏览器额外的“工具”菜单项: 易趣购物 - {BE9C13C3-9E46-4db1-BC05-BD8DA44599F2} - http://adfarm.mediaplex.com/ad/ck/4080-23171-9517-195?cn=song;icon;hp&mpro=http://www.ebay.com.cn (file missing)
O9 - 浏览器额外的按钮: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的“工具”菜单项: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\qq\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\qq\QQ.EXE
O9 - 浏览器额外的按钮: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - E:\qq\QQIEHelper.dll
O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - E:\qq\QQIEHelper.dll
O9 - 浏览器额外的按钮: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - 浏览器额外的“工具”菜单项: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O11 - Options group: [TBH] QQ地址栏搜索
O16 - DPF: {2EA6D939-4445-43F1-A12B-8CB3DDA8B855} - http://www.bluesky.cn/download/v2_60.cab
O16 - DPF: {98A62E3F-A8C5-4EF0-8A00-C70CF9D18A89} (LoaderCore Class) - http://tb.sogou.com/DLLoader.cab
O16 - DPF: {991481A7-4669-4E15-8C24-100404E1F5CB} - http://www.bluesky.cn/download/blueskyvoice_60.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {DA984A6D-508E-11D6-AA49-0050FF3C628D} (Ravonline) - http://download.rising.com.cn/QQ/QQkill/rsonline.cab
O18 - 列举现有的协议: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - 列举现有的协议: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\system32\urlmon.dll
O18 - 列举现有的协议: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\msvidctl.dll
O18 - 列举现有的协议: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - 列举现有的协议: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - 列举现有的协议: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - 列举现有的协议: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - 列举现有的协议: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - 列举现有的协议: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - C:\WINDOWS\wc98pp.dll
O18 - 列举现有的协议: ipp - (no CLSID) - (no file)
O18 - 列举现有的协议: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll
O18 - 列举现有的协议: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - 列举现有的协议: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - 列举现有的协议: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - 列举现有的协议: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll
O18 - 列举现有的协议: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - 列举现有的协议: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll
O18 - 列举现有的协议: msdaipp - (no CLSID) - (no file)
O18 - 列举现有的协议: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - 列举现有的协议: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll
O18 - 列举现有的协议: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\msvidctl.dll
O18 - 列举现有的协议: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - 列举现有的协议: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\System32\msdxm.ocx
O18 - 列举现有的协议: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll (file missing)
O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - NT 服务: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - NT 服务: ADSL上网 (用ADSL上网) - Unknown owner - C:\WINDOWS\W_Server.exe

【回复“凌空飞燕”的帖子】
修复:
O2 - BHO: BrowserHAP Class - {AEF6F648-78D8-4456-BEE7-5ADE23D209FD} - C:\Program Files\HBClient\hapast.dll
O4 - 启动项HKLM\\Run: [hbpassport] C:\PROGRA~1\HBCLIENT\hbast.exe

删除:C:\Program Files\HBClient\hapast.dll
C:\Program Files\HBClient\hapast.exe

另,显示隐藏文件和受保护的文件找C:\WINDOWS\W_Server.exe请把此文件压缩加密为virus发到我的邮箱  rsvirus@163.com 并注明此贴地址，谢谢合作。

》》如何压缩加密？----http://forum.ikaka.com/topic.asp?board=67&artid=7241343

版主：现已按你要求将C:\WINDOWS\W_Server.exe文件压缩加密为virus发到邮箱 rsvirus@163.com 并注明此贴地址lkfy@xilu.com 。
但删除:C:\Program Files\HBClient\hapast.dll没能完成，该文件删除不掉。不知道是否有影响？

建议您重新启动到安全模式，然后删除:C:\Program Files\HBClient\hapast.dll

【回复“凌空飞燕”的帖子】
>>您好,您打包错了.我要的是C:\WINDOWS\目录下的W_Server.exe,而您传的是C:\WINDOWS\Prefetch\目录下的W_Server.exe

看这个文件也不是好东西.停止"ADSL上网"服务:开始--控制面版--管理工具--服务--找到"ADSL上网"属性--改成已禁用

显示隐藏文件找到以下删除:(如果有的话)
C:\WINDOWS\W_Server.exe
C:\WINDOWS\W_Server.dll
C:\WINDOWS\W_Serverkey.dll
C:\WINDOWS\W_Server_Hook.dll

把注册表展开到HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services下查找“W_Server.exe”，然后删除，重新启动

....辛苦````学习```

C:\WINDOWS\目录下没有W_Server.exe，所以只找到C:\WINDOWS\Prefetch\目录下的W_Server.exe
注册表展开到HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services下也没有“W_Server.exe”，只在C:\WINDOWS\Prefetch\目录下找到，怎么办？