同事电脑最近变得超慢，打开IE后CPU使用率为100%。曾被www.9991.com劫持(已按论坛中介绍的方法解决)，可仍然很慢，几乎无法上网。现将扫描日志上传，请高手指点。
  Logfile of HijackThis v1.99.1
Scan saved at 13:45:29, on 2006-5-26
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\KAV2006\KWatch.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\KAV2006\KPfwSvc.EXE
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\CNAB4RPK.EXE
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\KAV2006\KAVStart.exe
C:\KAV2006\KMailMon.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\KAV2006\KPFW32.EXE
G:\HijackThis.exe

R3 - URLSearchHook: (no name) - {982CB676-38F0-4D9A-BB72-D9371ABE876E} - (no file)
R3 - URLSearchHook: (no name) - {BAB1AC41-6FF7-4F2E-A04E-5C592CCFEA7D} - (no file)
R3 - URLSearchHook: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
R3 - URLSearchHook: (no name) - {70B8D49F-84E9-4601-8657-0D41828E67FB} - C:\WINDOWS\System32\Hkser.dll
R3 - URLSearchHook: (no name) - {CE66C91D-47AB-4932-948B-C9F079AAA22D} - C:\WINDOWS\System32\Dmefr.dll
R3 - URLSearchHook: (no name) - {6B39C0AE-1ACA-41B4-985A-B8A4DE10535A} - C:\WINDOWS\System32\Ubugib.dll
R3 - URLSearchHook: (no name) - {5BF6CFD7-458F-4B3C-9DA9-F2ED15952393} - C:\WINDOWS\System32\Oexka.dll
R3 - URLSearchHook: (no name) - {23B0B958-B9D9-4250-AA48-AB12CE4C85D9} - C:\WINDOWS\System32\Aktgtm.dll
R3 - URLSearchHook: (no name) - {44FC0DE4-15CA-45DC-9E00-50C60569404F} - C:\WINDOWS\System32\Eaocx.dll
O2 - BHO: SohuDAIEHelper - {0CA51D02-7739-43EA-8D9A-1E8AD4327B03} - C:\Program Files\P4P\sodaie.dll (file missing)
O2 - BHO: (no name) - {23B0B958-B9D9-4250-AA48-AB12CE4C85D9} - C:\WINDOWS\System32\Aktgtm.dll
O2 - BHO: Yahoo!Photo - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll
O2 - BHO: AntiFish Class - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll
O2 - BHO: (no name) - {3C9C6737-213F-4555-919B-032CC81CDCCF} - C:\WINDOWS\System32\Tcmvn.dll
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O2 - BHO: (no name) - {44FC0DE4-15CA-45DC-9E00-50C60569404F} - C:\WINDOWS\System32\Eaocx.dll
O2 - BHO: (no name) - {5BF6CFD7-458F-4B3C-9DA9-F2ED15952393} - C:\WINDOWS\System32\Oexka.dll
O2 - BHO: DragSearch BHO - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
O2 - BHO: (no name) - {6B39C0AE-1ACA-41B4-985A-B8A4DE10535A} - C:\WINDOWS\System32\Ubugib.dll
O2 - BHO: (no name) - {70B8D49F-84E9-4601-8657-0D41828E67FB} - C:\WINDOWS\System32\Hkser.dll
O2 - BHO: (no name) - {789BD0AD-8638-4986-A50F-F766A5479BE8} - C:\WINDOWS\System32\Mcrj.dll
O2 - BHO: (no name) - {CE66C91D-47AB-4932-948B-C9F079AAA22D} - C:\WINDOWS\System32\Dmefr.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\DOWNLO~1\CnsHook.dll
O2 - BHO: (no name) - {FA7D1FCF-952B-4863-AA20-CBF1F0E4EB61} - C:\WINDOWS\System32\Xttudb.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - HKLM\..\Run: [KavStart] "C:\KAV2006\KAVStart.exe" -startup
O4 - HKLM\..\Run: [stup.exe] C:\PROGRA~1\TENCENT\Adplus\stup.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [KavPFW] "C:\KAV2006\KPFW32.EXE"
O8 - Extra context menu item: Easy-WebPrint打印 - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint添加到打印列表 - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint预览 - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint高速打印 - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 添加到雅虎订阅(&Y) - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrss.dll/YRSSMENUEXT
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: 雅虎搜索 - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/246
O9 - Extra button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail (file missing)
O9 - Extra button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=taobao (file missing)
O9 - Extra button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O11 - Options group: [!CNS]  网络实名
O15 - Trusted IP range: http://23.160.2.3
O15 - Trusted IP range: http://23.160.2.33
O16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} (WebActivater Control) - http://game.qq.com/QQGame2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121906209406
O16 - DPF: {811ECB2D-AC14-11D5-966D-0050BA63530B} (OAPrint.OAClass) - http://23.160.2.3/wxdz/cab/OAPrint.CAB
O16 - DPF: {DA984A6D-508E-11D6-AA49-0050FF3C628D} (Ravonline) - http://download.rising.com.cn/ravkill/rsonline.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0CB1E974-C419-45BC-8B02-54E2954CF823}: NameServer = 61.128.128.68,23.160.2.33
O17 - HKLM\System\CS1\Services\Tcpip\..\{0CB1E974-C419-45BC-8B02-54E2954CF823}: NameServer = 61.128.128.68,23.160.2.33
O17 - HKLM\System\CS2\Services\Tcpip\..\{0CB1E974-C419-45BC-8B02-54E2954CF823}: NameServer = 61.128.128.68,23.160.2.33
O21 - SSODL: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - (no file)
O23 - Service: ClipManage (8NASCAR) -  - (no file)
O23 - Service: Kingsoft Personal Firewall Service (KPfwSvc) - Kingsoft Corporation - C:\KAV2006\KPfwSvc.EXE
O23 - Service: Kingsoft Antivirus KWatch Service (

用SREng扫描如下：
2006-05-26,13:46:40

System Repair Engineer 2.0.12.350 (2.0 RC 1)
    Windows XP Professional Service Pack 1 - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <KavPFW><"C:\KAV2006\KPFW32.EXE">
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <load><>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <CnsMin><Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <helper.dll><C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <YLive.exe><C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <yassistse><"C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe">
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <KavStart><"C:\KAV2006\KAVStart.exe" -startup>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <stup.exe><C:\PROGRA~1\TENCENT\Adplus\stup.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <shell><Explorer.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <Userinit><C:\WINDOWS\System32\userinit.exe,>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  <stup.exe><; C:\PROGRA~1\TENCENT\Adplus\stup.exe>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  <TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>

==================================
启动文件夹
服务
[ClipManage / 8NASCAR]
  <><N/A>
[Kingsoft Personal Firewall Service / KPfwSvc]
  <"C:\KAV2006\KPfwSvc.EXE"><Kingsoft Corporation>
[Kingsoft Antivirus KWatch Service / KWatchSvc]
  <C:\KAV2006\KWatch.EXE><Kingsoft Corporation>

==================================
浏览器加载项
[CPub Object]
  {0CA51D02-7739-43EA-8D9A-1E8AD4327B03} <C:\Program Files\P4P\sodaie.dll, N/A>
[]
  {23B0B958-B9D9-4250-AA48-AB12CE4C85D9} <C:\WINDOWS\System32\Aktgtm.dll, N/A>
[Yahoo!Photo]
  {33BBE430-0E42-4f12-B075-8D21ACB10DCB} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll, Yahoo! China>
[AntiFish Class]
  {38928D50-8A48-44C2-945F-D2F23F771410} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll, Yahoo.>
[]
  {3C9C6737-213F-4555-919B-032CC81CDCCF} <C:\WINDOWS\System32\Tcmvn.dll, N/A>
[雅虎助手]
  {406F94F0-504F-4a40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, Yahoo!>
[]
  {44FC0DE4-15CA-45DC-9E00-50C60569404F} <C:\WINDOWS\System32\Eaocx.dll, N/A>
[]
  {5BF6CFD7-458F-4B3C-9DA9-F2ED15952393} <C:\WINDOWS\System32\Oexka.dll, N/A>
[DragSearch BHO]
  {62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, >
[]
  {6B39C0AE-1ACA-41B4-985A-B8A4DE10535A} <C:\WINDOWS\System32\Ubugib.dll, N/A>
[]
  {70B8D49F-84E9-4601-8657-0D41828E67FB} <C:\WINDOWS\System32\Hkser.dll, N/A>
[]
  {789BD0AD-8638-4986-A50F-F766A5479BE8} <C:\WINDOWS\System32\Mcrj.dll, N/A>
[]
  {CE66C91D-47AB-4932-948B-C9F079AAA22D} <C:\WINDOWS\System32\Dmefr.dll, N/A>
[CnsHook Class]
  {D157330A-9EF3-49F8-9A67-4141AC41ADD4} <C:\WINDOWS\DOWNLO~1\CnsHook.dll, 北京三七二一科技有限公司>
[]
  {FA7D1FCF-952B-4863-AA20-CBF1F0E4EB61} <C:\WINDOWS\System32\Xttudb.dll, N/A>
[Yahoo 1G电邮]
  {507F9113-CD77-4866-BA92-0E86DA3D0B97} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail, N/A>
[寻宝乐趣多]
  {59BC54A2-56B3-44a0-93E5-432D58746E26} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=taobao, N/A>
[雅虎助手]
  {5D73EE86-05F1-49ed-B850-E423120EC338} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist, N/A>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[情景聊天]
  {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/, N/A>
[]
  {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair, N/A>
[]
  {FD00D911-7529-4084-9946-A29F1BDF4FE5} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean, N/A>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[雅虎助手]
  {406F94F0-504F-4a40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, Yahoo!>
[WebActivater Control]
  {3D8F74EE-8692-4F8F-B8D2-7522E732519E} <C:\WINDOWS\System32\WEBACT~1.OCX, QQ>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\System32\wuweb.dll, Microsoft Corporation>
[OAPrint.OAClass]
  {811ECB2D-AC14-11D5-966D-0050BA63530B} <C:\WINDOWS\Downloaded Program Files\OAPrint.dll, zt>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[Ravonline]
  {DA984A6D-508E-11D6-AA49-0050FF3C628D} <C:\WINDOWS\Downloaded Program Files\RsOnline.dll, Beijing Rising Tech. Co., Ltd.>
[Easy-WebPrint打印]
  <res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html, N/A>
[Easy-WebPrint添加到打印列表]
  <res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html, N/A>
[Easy-WebPrint预览]
  <res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html, N/A>
[Easy-WebPrint高速打印]
  <res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html, N/A>
[上传到QQ网络硬盘]
  <C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
  <C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[添加到雅虎订阅(&Y)]
  <res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrss.dll/YRSSMENUEXT, N/A>
[用QQ彩信发送该图片]
  <C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>
[雅虎搜索]
  <res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/246, N/A>

==================================
正在运行的进程
[PID: 436][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 492][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 516][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.1557 (xpsp2_gdr.040517-1325)>
[PID: 568][C:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 580][C:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 740][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 788][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 884][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 940][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
[PID: 1060][C:\KAV2006\KWatch.EXE]  <Kingsoft Corporation><2005, 9, 27, 51>
    [C:\KAV2006\KAVIPC2.DLL]  <Kingsoft Corporation><2004, 12, 28, 20>
    [C:\KAV2006\KAEPlat.DLL]  <Kingsoft Corp.><2005, 12, 29, 56>
    [C:\KAV2006\KAEMem.DAT]  <Kingsoft><2006, 4, 12, 13>
    [C:\KAV2006\KAEUnpack.DAT]  <Kingsoft Corp.><2006, 3, 21, 17>
[PID: 1140][C:\WINDOWS\system32\spoolsv.exe]  <Microsoft Corporation><5.1.2600.1699 (xpsp2.050610-1533)>
    [C:\WINDOWS\system32\CNMLM5y.DLL]  <CANON INC.><1.80.2.50>
    [C:\WINDOWS\system32\CNAB4LMK.DLL]  <CANON INC.><1.01.0.003>
    [C:\WINDOWS\system32\CNAB4SMK.DLL]  <CANON INC.><1.01.0.003>
    [C:\WINDOWS\system32\CNAB4PTU.DLL]  <CANON INC.><1.01.0.003>
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD5y.DLL]  <CANON INC.><1.80.2.50>
    [C:\WINDOWS\system32\CNAB4EMU.DLL]  <CANON INC.><1.01.0.003>
[PID: 1424][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.2800.1106 (xpsp1.020828-1920)>
    [C:\WINDOWS\Downloaded Program Files\Mrgg.dll]  <Tencent><4, 0, 6, 61>
    [C:\WINDOWS\Downloaded Program Files\Lwbwvu.dll]  <Tencent><4, 0, 6, 61>
    [C:\PROGRA~1\3721\helper.dll]  <><1, 0, 9, 1324>
    [C:\PROGRA~1\3721\alrex.dll]  <><1, 0, 1, 1001>
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 1>
    [C:\KAV2006\KASocket.dll]  <Kingsoft Corporation><2005, 2, 22, 233>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\YAlive.dll]  <><2, 0, 5, 1031>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]  < ><2, 0, 1, 1007>
    [C:\PROGRA~1\3721\autolive.dll]  <><1, 1, 2, 1023>
    [C:\WINDOWS\System32\Aktgtm.dll]  <N/A><N/A>
    [C:\WINDOWS\System32\Tcmvn.dll]  <N/A><N/A>
    [C:\WINDOWS\System32\Eaocx.dll]  <N/A><N/A>
    [C:\WINDOWS\System32\Oexka.dll]  <N/A><N/A>
    [C:\WINDOWS\System32\Ubugib.dll]  <N/A><N/A>
    [C:\WINDOWS\System32\Hkser.dll]  <N/A><N/A>
    [C:\WINDOWS\System32\Mcrj.dll]  <N/A><N/A>
    [C:\WINDOWS\System32\Dmefr.dll]  <N/A><N/A>
    [C:\WINDOWS\System32\Xttudb.dll]  <N/A><N/A>
    [C:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll]  <Yahoo! China><1, 1, 3, 1035>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll]  <Yahoo!><2, 1, 8, 1048>
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL]  <><1, 2, 7, 1006>
[PID: 1484][C:\WINDOWS\System32\alg.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 1528][C:\KAV2006\KPfwSvc.EXE]  <Kingsoft Corporation><2005, 9, 5, 28>
[PID: 1612][C:\WINDOWS\System32\wdfmgr.exe]  <Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)>
[PID: 1624][C:\WINDOWS\System32\CNAB4RPK.EXE]  <CANON INC.><1.01.0.003>
[PID: 112][C:\WINDOWS\System32\Rundll32.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 1>
    [C:\PROGRA~1\3721\helper.dll]  <><1, 0, 9, 1324>
    [C:\WINDOWS\Downloaded Program Files\Mrgg.dll]  <Tencent><4, 0, 6, 61>
    [C:\WINDOWS\DOWNLO~1\CnsMinIO.dll]  <北京三七二一科技有限公司><1, 0, 3, 4>
    [C:\WINDOWS\DOWNLO~1\cnsio.dll]  <北京三七二一科技有限公司><1, 0, 2, 5>
    [C:\KAV2006\KASocket.dll]  <Kingsoft Corporation><2005, 2, 22, 233>
[PID: 328][C:\WINDOWS\system32\rundll32.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
    [C:\PROGRA~1\3721\helper.dll]  <><1, 0, 9, 1324>
    [C:\WINDOWS\Downloaded Program Files\Mrgg.dll]  <Tencent><4, 0, 6, 61>
    [C:\PROGRA~1\3721\autolive.dll]  <><1, 1, 2, 1023>
    [C:\KAV2006\KASocket.dll]  <Kingsoft Corporation><2005, 2, 22, 233>
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 1>
[PID: 356][C:\KAV2006\KAVStart.exe]  <Kingsoft Corporation><2006, 4, 10, 196>
    [C:\PROGRA~1\3721\helper.dll]  <><1, 0, 9, 1324>
    [C:\WINDOWS\Downloaded Program Files\Mrgg.dll]  <Tencent><4, 0, 6, 61>
    [C:\KAV2006\KAVIPC2.DLL]  <Kingsoft Corporation><2004, 12, 28, 20>
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 1>
    [C:\KAV2006\PopSprt3.dll]  <Kingsoft Corporation><2005, 12, 6, 30>
    [C:\KAV2006\KAVPassp.dll]  <Kingsoft Corporation><2006, 5, 22, 239>
    [C:\KAV2006\KASocket.dll]  <Kingsoft Corporation><2005, 2, 22, 233>
[PID: 832][C:\KAV2006\KMailMon.EXE]  <Kingsoft Corporation><2005, 10, 8, 85>
    [C:\KAV2006\KAntiSpm.dll]  <N/A><1, 0, 0, 2>
    [C:\KAV2006\KAVIPC2.DLL]  <Kingsoft Corporation><2004, 12, 28, 20>
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 1>
    [C:\PROGRA~1\3721\helper.dll]  <><1, 0, 9, 1324>
    [C:\WINDOWS\Downloaded Program Files\Mrgg.dll]  <Tencent><4, 0, 6, 61>
    [C:\KAV2006\KAECall2.DLL]  <Kingsoft Corporation><2004, 12, 28, 7>
    [C:\KAV2006\KAEPlat.DLL]  <Kingsoft Corp.><2005, 12, 29, 56>
    [C:\KAV2006\KAEMem.DAT]  <Kingsoft><2006, 4, 12, 13>
    [C:\KAV2006\KAEUnpack.DAT]  <Kingsoft Corp.><2006, 3, 21, 17>
    [C:\KAV2006\KAConfig.DLL]  <Kingsoft Corporation><2005, 3, 23, 30>
    [C:\KAV2006\KASocket.dll]  <Kingsoft Corporation><2005, 2, 22, 233>
[PID: 1996][C:\WINDOWS\System32\ctfmon.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 1>
    [C:\PROGRA~1\3721\helper.dll]  <><1, 0, 9, 1324>
    [C:\WINDOWS\Downloaded Program Files\Mrgg.dll]  <Tencent><4, 0, 6, 61>
    [C:\KAV2006\KASocket.dll]  <Kingsoft Corporation><2005, 2, 22, 233>
[PID: 2028][C:\KAV2006\KPFW32.EXE]  <Kingsoft Corporation><2006, 1, 17, 609>
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 1>
    [C:\PROGRA~1\3721\helper.dll]  <><1, 0, 9, 1324>
    [C:\WINDOWS\Downloaded Program Files\Mrgg.dll]  <Tencent><4, 0, 6, 61>
    [C:\KAV2006\KASocket.dll]  <Kingsoft Corporation><2005, 2, 22, 233>
    [C:\KAV2006\KAVIPC2.DLL]  <Kingsoft Corporation><2004, 12, 28, 20>
    [C:\KAV2006\KAConfig.DLL]  <Kingsoft Corporation><2005, 3, 23, 30>
    [C:\KAV2006\FiltList.dll]  <N/A><N/A>
    [C:\KAV2006\KAVPassp.DLL]  <Kingsoft Corporation><2006, 5, 22, 239>
    [C:\KAV2006\KAEPlat.DLL]  <Kingsoft Corp.><2005, 12, 29, 56>
    [C:\KAV2006\KAEMem.DAT]  <Kingsoft><2006, 4, 12, 13>
    [C:\KAV2006\KAEUnpack.DAT]  <Kingsoft Corp.><2006, 3, 21, 17>
    [C:\KAV2006\KAScript.DLL]  <Kingsoft Corporation><2006, 2, 10, 60>
[PID: 2100][G:\SREng.exe]  <Smallfrogs Studio><2.0.12.350>
    [C:\WINDOWS\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 1>
    [C:\PROGRA~1\3721\helper.dll]  <><1, 0, 9, 1324>
    [C:\WINDOWS\Downloaded Program Files\Mrgg.dll]  <Tencent><4, 0, 6, 61>
    [C:\KAV2006\KASocket.dll]  <Kingsoft Corporation><2005, 2, 22, 233>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  Error. [winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

因同事工作急用，在线等高手帮忙，谢谢

关闭所有浏览窗口以及一些不必要的程序
运行Hijackthis，扫描结束后在下列选项前打上勾，然后选"修复""
如果你知道是什么，就不必修复
R3 - URLSearchHook: (no name) - {982CB676-38F0-4D9A-BB72-D9371ABE876E} - (no file)
R3 - URLSearchHook: (no name) - {BAB1AC41-6FF7-4F2E-A04E-5C592CCFEA7D} - (no file)
R3 - URLSearchHook: (no name) - {70B8D49F-84E9-4601-8657-0D41828E67FB} - C:\WINDOWS\System32\Hkser.dll
R3 - URLSearchHook: (no name) - {CE66C91D-47AB-4932-948B-C9F079AAA22D} - C:\WINDOWS\System32\Dmefr.dll
R3 - URLSearchHook: (no name) - {6B39C0AE-1ACA-41B4-985A-B8A4DE10535A} - C:\WINDOWS\System32\Ubugib.dll
R3 - URLSearchHook: (no name) - {5BF6CFD7-458F-4B3C-9DA9-F2ED15952393} - C:\WINDOWS\System32\Oexka.dll
R3 - URLSearchHook: (no name) - {23B0B958-B9D9-4250-AA48-AB12CE4C85D9} - C:\WINDOWS\System32\Aktgtm.dll
R3 - URLSearchHook: (no name) - {44FC0DE4-15CA-45DC-9E00-50C60569404F} - C:\WINDOWS\System32\Eaocx.dll
O2 - BHO: SohuDAIEHelper - {0CA51D02-7739-43EA-8D9A-1E8AD4327B03} - C:\Program Files\P4P\sodaie.dll (file missing)
O2 - BHO: (no name) - {23B0B958-B9D9-4250-AA48-AB12CE4C85D9} - C:\WINDOWS\System32\Aktgtm.dll
O2 - BHO: (no name) - {3C9C6737-213F-4555-919B-032CC81CDCCF} - C:\WINDOWS\System32\Tcmvn.dll
O2 - BHO: (no name) - {44FC0DE4-15CA-45DC-9E00-50C60569404F} - C:\WINDOWS\System32\Eaocx.dll
O2 - BHO: (no name) - {5BF6CFD7-458F-4B3C-9DA9-F2ED15952393} - C:\WINDOWS\System32\Oexka.dll
O2 - BHO: (no name) - {6B39C0AE-1ACA-41B4-985A-B8A4DE10535A} - C:\WINDOWS\System32\Ubugib.dll
O2 - BHO: (no name) - {70B8D49F-84E9-4601-8657-0D41828E67FB} - C:\WINDOWS\System32\Hkser.dll
O2 - BHO: (no name) - {789BD0AD-8638-4986-A50F-F766A5479BE8} - C:\WINDOWS\System32\Mcrj.dll
O2 - BHO: (no name) - {CE66C91D-47AB-4932-948B-C9F079AAA22D} - C:\WINDOWS\System32\Dmefr.dll
O2 - BHO: (no name) - {FA7D1FCF-952B-4863-AA20-CBF1F0E4EB61} - C:\WINDOWS\System32\Xttudb.dll
O21 - SSODL: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - (no file)
O23 - Service: ClipManage (8NASCAR) - - (no file)
进入控制面版的添加删除程序中卸载，搜搜地址栏搜索(QQ搜索小助手)这个流氓软件

谢谢我无邪指导，问题已解决。但在处理时发现，打开IE时导致CPU占用内存100%，主要是因为Kwatch.exe占用大量内存（同事装的金山毒霸，这是其文件实时监控程序），不知道是否是因为安装的某个浏览器插件与金山的监控程序发生了冲突所至？因为在用Hijackthis修复之前，结束Kwatch.exe进程后能正常上网。请有空赐教。谢谢

我曾见过买咖啡与百度有冲突，导致开机就百分百
这应该是垃圾软件与金山冲突的缘故