我用的是AVAST防护软件，刚刚更新拉QQ最新的版本，在安裝過程中，AVAST会显示在QQ安装文件下的LoginCtrl.dll里面包含有一个Win32..DELF-AHY [Trj]病毒，安装完以后，按道理出现一个QQ登陆框框，但是现实不是这样，他出现一个小窗口，显示说申请免费QQ号，还有选择靓号之类的广告！！而且关都关不掉！唯有从活动窗口把QQ。EXE这个关掉！请问一下我这种情况是不是中拉木马？该怎么办？大家推荐什么比较安全可靠的杀马程序？ 谢谢！

请下载 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完，分次粘完，请不要修改。

2006-05-30,20:44:01

System Repair Engineer 2.0.12.350 (2.0 RC 1)
    Windows XP Professional Service Pack 2 - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <Outlook><C:\Program Files\Common Files\System\Explore.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <ctfmon.exe><D:\WINDOWS\system32\ctfmon.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <msnmsgr><"D:\Program Files\MSN Messenger\msnmsgr.exe" /background>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <IMJPMIG8.1><"D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <PHIME2002ASync><D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <DAEMON Tools-1033><"D:\Program Files\D-Tools\daemon.exe"  -lang 1033>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <avast!><D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <explore><D:\WINDOWS\system32\mshost.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <OpwareSE2><"D:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe">
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <IESAddr><>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
  <explore><D:\WINDOWS\System\OLEWRK.EXE>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <shell><Explorer.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <Userinit><D:\WINDOWS\system32\userinit.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <AppInit_DLLs><>

==================================
启动文件夹
[Adobe Reader Speed Launch]
  <D:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Reader Speed Launch.lnk><N>
[Microsoft Office]
  <D:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk><N>
[腾讯QQ]
  <D:\Documents and Settings\LU Yong\「开始」菜单\程序\启动\腾讯QQ.lnk><N>

==================================
服务
[avast! iAVS4 Control Service / aswUpdSv]
  <"D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"><N/A>
[Ati HotKey Poller / Ati HotKey Poller]
  <D:\WINDOWS\System32\Ati2evxx.exe><ATI Technologies Inc.>
[avast! Antivirus / avast! Antivirus]
  <"D:\Program Files\Alwil Software\Avast4\ashServ.exe"><N/A>
[avast! Mail Scanner / avast! Mail Scanner]
  <"D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service><ALWIL Software>
[avast! Web Scanner / avast! Web Scanner]
  <"D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service><ALWIL Software>
[Remote Packet Capture Protocol v.0 (experimental) / rpcapd]
  <"D:\Program Files\WinPcap\rpcapd.exe" -d -f "D:\Program Files\WinPcap\rpcapd.ini"><N/A>

==================================

浏览器加载项
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[MyIEHelper Class]
  {16A770A0-0E87-4278-B748-2460D64A8386} <D:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_8888.dll, Microsoft Corporation>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <D:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[DragSearch BHO]
  {62EED7C6-9F02-42f9-B634-98E2899E147B} <D:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL, N/A>
[IeCatch2 Class]
  {A5366673-E8CA-11D3-9CD9-0090271D075B} <D:\PROGRA~1\FlashGet\jccatch.dll, Amaze Soft>
[Create Mobile Favorite]
  {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} <D:\Program Files\Microsoft ActiveSync\inetrepl.dll, Microsoft Corporation>
[Create Mobile Favorite]
  {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} <D:\Program Files\Microsoft ActiveSync\inetrepl.dll, Microsoft Corporation>
[TOL24]
  {345ff7d8-2364-4ef7-889b-7d3c1d0bd342} <http://www.TOL24.com, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[FlashGet]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <D:\PROGRA~1\FlashGet\flashget.exe, Amaze Soft>
[易趣购物]
  {DE607145-AC19-425e-866A-6D70ABDF119A} <http://click2.ad4all.net/url2/urlmanage/url.asp?id=5, N/A>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <D:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <D:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Easy-WebPrint]
  {327C2873-E90D-4c37-AA9D-10AC9BABA46C} <D:\Program Files\Canon\Easy-WebPrint\Toolband.dll, N/A>
[PowerList Control]
  {20C2C286-BDE8-441B-B73D-AFA22D914DA5} <D:\WINDOWS\DOWNLO~1\POWERL~1.OCX, PPStream.com>
[MsnMessengerSetupDownloadControl Class]
  {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} <D:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <D:\WINDOWS\System32\Macromed\Flash\Flash8a.ocx, Macromedia, Inc.>
[Ravonline]
  {DA984A6D-508E-11D6-AA49-0050FF3C628D} <D:\WINDOWS\DOWNLO~1\RsOnline.dll, Beijing Rising Tech. Co., Ltd.>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[MyIEHelper Class]
  {16A770A0-0E87-4278-B748-2460D64A8386} <D:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_8888.dll, Microsoft Corporation>
[Easy-WebPrint]
  {327C2873-E90D-4C37-AA9D-10AC9BABA46C} <D:\Program Files\Canon\Easy-WebPrint\Toolband.dll, N/A>
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\System32\msxml3.dll, N/A>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <D:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[DragSearch BHO]
  {62EED7C6-9F02-42F9-B634-98E2899E147B} <D:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL, N/A>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <D:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[IeCatch2 Class]
  {A5366673-E8CA-11D3-9CD9-0090271D075B} <D:\PROGRA~1\FlashGet\jccatch.dll, Amaze Soft>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <D:\WINDOWS\System32\Macromed\Flash\Flash8a.ocx, Macromedia, Inc.>
[Easy-WebPrint Add To Print List]
  <res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html, N/A>
[Easy-WebPrint High Speed Print]
  <res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html, N/A>
[Easy-WebPrint Preview]
  <res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html, N/A>
[Easy-WebPrint Print]
  <res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html, N/A>
[上传到QQ网络硬盘]
  <D:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[使用网际快车下载]
  <D:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <D:\Program Files\FlashGet\jc_all.htm, N/A>
[添加到QQ自定义面板]
  <D:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

==================================

正在运行的进程
[PID: 624][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 696][\??\D:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 720][\??\D:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [D:\WINDOWS\system32\Ati2evxx.dll]  <ATI Technologies Inc.><6.14.10.4117>
[PID: 764][D:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 776][D:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 932][D:\WINDOWS\System32\Ati2evxx.exe]  <ATI Technologies Inc.><6.14.10.4117>
    [D:\WINDOWS\System32\Ati2edxx.dll]  <ATI Technologies, Inc.><6, 14, 10, 2497>
[PID: 944][D:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1036][D:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1128][D:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1180][D:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1236][D:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1524][D:\WINDOWS\system32\spoolsv.exe]  <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
    [D:\WINDOWS\system32\CNMLM7K.DLL]  <CANON INC.><1.90.2.90>
    [D:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD7K.DLL]  <CANON INC.><1.90.2.90>
[PID: 1696][D:\WINDOWS\system32\Ati2evxx.exe]  <ATI Technologies Inc.><6.14.10.4117>
    [D:\WINDOWS\system32\Ati2edxx.dll]  <ATI Technologies, Inc.><6, 14, 10, 2497>
    [D:\Program Files\ScanSoft\OmniPageSE2.0\ophookSE2.dll]  <ScanSoft, Inc.><12.0>
[PID: 1796][D:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [D:\Program Files\ScanSoft\OmniPageSE2.0\ophookSE2.dll]  <ScanSoft, Inc.><12.0>
    [D:\PROGRA~1\FlashGet\jccatch.dll]  <Amaze Soft><1, 1, 4, 0>
    [D:\Program Files\Alwil Software\Avast4\AhAScr.dll]  <ALWIL Software><4, 7, 824, 0>
    [D:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
    [D:\Program Files\Alwil Software\Avast4\ashShell.dll]  <ALWIL Software><4, 7, 824, 0>
    [D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  <Adobe Systems Incorporated><7.0.7.2006011200>
    [D:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  <Adobe Systems, Inc.><7.0.0.0>
[PID: 1804][D:\WINDOWS\system32\ctfmon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [D:\Program Files\ScanSoft\OmniPageSE2.0\ophookSE2.dll]  <ScanSoft, Inc.><12.0>
[PID: 1960][D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe]  <N/A><N/A>
    [D:\Program Files\Alwil Software\Avast4\aswCmnS.dll]  <ALWIL Software><4, 7, 800, 0>
    [D:\Program Files\Alwil Software\Avast4\aswCmnOS.dll]  <ALWIL Software><4, 6, 763, 0>
    [D:\Program Files\Alwil Software\Avast4\aswCmnB.dll]  <ALWIL Software><4, 7, 817, 0>
[PID: 1972][D:\Program Files\Alwil Software\Avast4\ashServ.exe]  <N/A><4, 7, 824, 0>
    [D:\Program Files\Alwil Software\Avast4\aswAux.dll]  <ALWIL Software><4, 6, 763, 0>
    [D:\Program Files\Alwil Software\Avast4\aswCmnB.dll]  <ALWIL Software><4, 7, 817, 0>
    [D:\Program Files\Alwil Software\Avast4\aswCmnOS.dll]  <ALWIL Software><4, 6, 763, 0>
    [D:\Program Files\Alwil Software\Avast4\aswEngin.dll]  <ALWIL Software><4, 7, 824, 0>
    [D:\Program Files\Alwil Software\Avast4\aswScan.dll]  <ALWIL Software><4, 7, 824, 0>
    [D:\Program Files\Alwil Software\Avast4\aswCmnS.dll]  <ALWIL Software><4, 7, 800, 0>
    [D:\Program Files\Alwil Software\Avast4\ashBase.dll]  <ALWIL Software><4, 7, 824, 0>
    [D:\Program Files\Alwil Software\Avast4\ashTask.dll]  <ALWIL Software><4, 7, 817, 0>
    [D:\Program Files\Alwil Software\Avast4\aswInteg.dll]  <ALWIL Software><4, 6, 763, 0>
    [D:\Program Files\Alwil Software\Avast4\aswIdle.dll]  <ALWIL Software><4, 6, 665, 0>
    [D:\Program Files\Alwil Software\Avast4\Aavm4h.dll]  <ALWIL Software><4, 7, 824, 0>
    [D:\Program Files\Alwil Software\Avast4\ChineseS\Base.dll]  <ALWIL Software><4, 7, 800, 0>
    [D:\Program Files\Alwil Software\Avast4\UNACEV2.DLL]  <N/A><N/A>
    [D:\Program Files\Alwil Software\Avast4\AhResJs.dll]  <ALWIL Software><4, 7, 800, 0>
    [D:\Program Files\Alwil Software\Avast4\AhResMai.dll]  <ALWIL Software><4, 7, 824, 0>
    [D:\Program Files\Alwil Software\Avast4\ahResMes.dll]  <ALWIL Software><4, 7, 824, 0>
    [D:\Program Files\Alwil Software\Avast4\AhResNS.dll]  <ALWIL Software><4, 7, 824, 0>
    [D:\Program Files\Alwil Software\Avast4\AhResOut.dll]  <ALWIL Software><4, 7, 824, 0>
    [D:\Program Files\Alwil Software\Avast4\ahResP2P.dll]  <ALWIL Software><4, 7, 824, 0>
    [D:\Program Files\Alwil Software\Avast4\AhResStd.dll]  <ALWIL Software><4, 7, 824, 0>
    [D:\Program Files\Alwil Software\Avast4\AhResWS.dll]  <ALWIL Software><4, 7, 824, 0>
    [D:\Program Files\Alwil Software\Avast4\ashSSqlt.dll]  <ALWIL Software><4, 6, 763, 0>
[PID: 1984][D:\WINDOWS\system32\mshost.exe]  <MicroSoft Corporation><5. 0. 3700. 6690>
    [D:\Program Files\ScanSoft\OmniPageSE2.0\ophookSE2.dll]  <ScanSoft, Inc.><12.0>
[PID: 220][D:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>

请到www.27814939.ys168.com下载诺顿进程管理器终止所有D:\WINDOWS\System\OLEWRK.EXE，D:\WINDOWS\system32\mshost.exe，C:\Program Files\Common Files\System\Explore.exe的进程（不一定有，有则终止请注意目录）
运行System Repair Engineer，使用“启动项目，注册表”来删除以下选项。
（如果在注册表里无法识别那一下，可以选中一项后，点“编辑”这样会有很明细的路径）
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<explore><D:\WINDOWS\System\OLEWRK.EXE>
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<explore><D:\WINDOWS\system32\mshost.exe>
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<Outlook><C:\Program Files\Common Files\System\Explore.exe>
双击我的电脑--工具---文件夹选项--查看--单击选取"显示隐藏文件或文件夹"清除"隐藏受保护的操作系统文件（推荐）"复选框。在提示您确定更改时，单击“是”
删除
D:\WINDOWS\system32\mshost.exe
C:\Program Files\Common Files\System
D:\WINDOWS\System\OLEWRK.EXE（这项自己确定一下）