[font_size=6]麻烦看看我杀完毒后的日志，看还有没有问题！谢谢！新日志在5楼
HijackThis_815汉化版扫描日志 V1.99.1
保存于      16:41:46, 日期 2087-10-18
操作系统：  Windows XP SP2 (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Kaspersky6.0\avp.exe
C:\Windows\system32\MVDKRZG.EXE
C:\WINDOWS\system32\svchosts.exe
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\windows\system32\wbem\lsass.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Kaspersky6.0\avp.exe
C:\WINDOWS\system32\wdfmgr32.exe
C:\Program Files\Common Files\{A06CE1C0-085A-2052-0323-050220040056}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\internet explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
I:\HijackThis1991zww.bat

R3 - URLSearchHook: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
R3 - URLSearchHook: 16ad - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4c9cntos.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,rundll32.exe C:\WINDOWS\system32\winsys16_070121.dll start
O2 - BHO: IEMonitor Class - {08A312BB-5409-49FC-9347-54BB7D069AC6} - C:\WINDOWS\system32\IESHEL~1.DLL
O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Common Files\CPUSH\cpush0.dll
O2 - BHO: (no name) - {13B80B13-6D02-424C-88E4-5EABF0883CA0} - C:\WINDOWS\system32\vabqsiecziutw.dll
O2 - BHO: SafeMe Internet Explorer Helper - {3AE06CEE-58A6-4F5F-AF89-6C5350842F16} - C:\WINDOWS\system32\SafeHelper12.dll
O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O2 - BHO: ui Class - {4CEB0B7C-0729-412b-8627-0088FB4F6D9F} - C:\WINDOWS\system32\BHO04.dll
O2 - BHO: rgvi - {5D8D2854-28B7-4674-B4A8-4E7CAB720E13} - C:\PROGRA~1\xper\baiv.dll
O2 - BHO:  - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\xper\.dll (file missing)
O2 - BHO: 实用搜索 - {6CFD436C-7AAD-4e50-992F-C0C87A94CAD2} - C:\Program Files\superutilbar\superutilbar.dll
O2 - BHO: QOYGQ - {BFCDA400-6B71-47D9-85BA-51484FCEADE7} - C:\WINDOWS\system32\DJQXGNTAHOVCIPW.DLL
O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{306CE~1\Bar888.dll
O2 - BHO: IEHlprObj Class - {DE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\POPNTS.DLL
O2 - BHO: 16ad - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4c9cntos.dll
O3 - IE工具栏增项: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O3 - IE工具栏增项: 16ad - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4c9cntos.dll
O3 - IE工具栏增项: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{306CE~1\Bar888.dll
O3 - IE工具栏增项: 实用搜索工具条2.0 - {03465FF5-00AE-411a-9C34-960ED566EC03} - C:\Program Files\superutilbar\superutilbar.dll
O4 - 启动项HKLM\\Run: [kav] "D:\Kaspersky6.0\avp.exe"
O4 - 启动项HKLM\\Run: [Desktop] "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\NTService32.dll",Run
O4 - 启动项HKLM\\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - 启动项HKLM\\Run: [{A06CE1C0-085A-2052-0323-050220040056}] "C:\Program Files\Common Files\{A06CE1C0-085A-2052-0323-050220040056}\Update.exe" te-110-12-0000173
O4 - 启动项HKLM\\Run: [wdfmgr32] C:\WINDOWS\system32\wdfmgr32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - IE右键菜单中的新增项目: 雅虎搜索 - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/246
O9 - 浏览器额外的按钮: Web反病毒保护 - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Kaspersky6.0\scieplugin.dll
O9 - 浏览器额外的按钮: 番茄花园 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.tomatolei.com (file missing)
O9 - 浏览器额外的“工具”菜单项: 番茄花园 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.tomatolei.com (file missing)
O9 - 浏览器额外的按钮: 易趣购物 - {BE9C13C3-9E46-4db1-BC05-BD8DA44599F2} - http://adfarm.mediaplex.com/ad/ck/4080-22910-9640-151?cn=song;icon;hp&mpro=http://www.ebay.com.cn (file missing)
O9 - 浏览器额外的“工具”菜单项: 易趣购物 - {BE9C13C3-9E46-4db1-BC05-BD8DA44599F2} - http://adfarm.mediaplex.com/ad/ck/4080-22910-9640-151?cn=song;icon;hp&mpro=http://www.ebay.com.cn (file missing)
O10 - 未知的文件在 Winsock LSP: c:\windows\system32\srvdll04.dll
O10 - 未知的文件在 Winsock LSP: c:\windows\system32\srvdll04.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tomatolei.com
O20 - Winlogon Notify: cryptimg - C:\WINDOWS\SYSTEM32\cryptig.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: ScCardLogn - C:\WINDOWS\ScNotify.dll
O21 - SSODL: SysChunk - {6C5DC6D8-C9AF-43E6-A412-6AA7C582E5C5} - C:\WINDOWS\system32\syschunk.dll
O23 - NT 服务: 卡巴斯基反病毒软件6.0 (AVP) - Kaspersky Lab - D:\Kaspersky6.0\avp.exe
O23 - NT 服务: WinCheckWeb (CheckWeb) - Unknown owner - C:\Windows\system32\MVDKRZG.EXE
O23 - NT 服务: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e te-110-12-0000173 (file missing)
O23 - NT 服务: Provisioning Transaction Service (ttt_14) - Unknown owner - C:\WINDOWS\system32\win.exe
O23 - NT 服务: Windows NT Service32 - Unknown owner - C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\NTService32.dll",Start (file missing)

稍候发布sreng日志！

SREng 扫描日志！

[CODE]

2007-10-18,17:03:14

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <bgswitch><; C:\WINDOWS\system32\bgswitch.exe>  [N/A]
    <updatereal><; C:\WINDOWS\realupdate.exe other>  [N/A]
    <winsamps><; C:\WINDOWS\winamps.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <kav><"D:\Kaspersky6.0\avp.exe">  [Kaspersky Lab]
    <Desktop><"C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\NTService32.dll",Run>  []
    <MSConfig><C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto>  [(Verified)Microsoft Corporation]
    <{A06CE1C0-085A-2052-0323-050220040056}><; "C:\Program Files\Common Files\{A06CE1C0-085A-2052-0323-050220040056}\Update.exe" te-110-12-0000173>  [N/A]
    <wdfmgr32><; C:\WINDOWS\system32\wdfmgr32.exe>  [N/A]
    <ba9ro><; rundll32.exe C:\WINDOWS\flvk9clgk715.dll _start@16>  [N/A]
    <bm0od68j5><; rundll32.exe C:\WINDOWS\08aqga63v.dll _start@16>  [N/A]
    <IEBarUp><; RunDll32 "C:\WINDOWS\system32\IeBar1.dll",Run>  [Microsoft Corporation]
    <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <IpWins><; C:\Program Files\Ipwindows\ipwins.exe>  [N/A]
    <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <sdafdsafds><; D;]XJOEPXT]ufnq]te266/fyf>  [N/A]
    <System><; C:\Program Files\Common Files\System\Updaterun.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,rundll32.exe C:\WINDOWS\system32\winsys16_070121.dll start>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{48B783AE-8F87-4046-8154-7D82FBCE42D2}><C:\WINDOWS\system32\dsfhw.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <SysChunk><C:\WINDOWS\system32\syschunk.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptimg]
    <WinlogonNotify: cryptimg><cryptig.dll>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
    <WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll>  [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCardLogn]
    <WinlogonNotify: ScCardLogn><C:\WINDOWS\ScNotify.dll>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{B63BFF8C-2E25-4CCC-9A01-68807F567AA7}><C:\WINDOWS\system32\WsReource.dll>  []

==================================
启动文件夹
N/A

==================================
服务
[卡巴斯基反病毒软件6.0 / AVP][Running/Auto Start]
  <D:\Kaspersky6.0\avp.exe -r><Kaspersky Lab>
[WinCheckWeb / CheckWeb][Running/Auto Start]
  <C:\Windows\system32\MVDKRZG.EXE><N/A>
[COM+ Messages / COM+ Messages][Running/Auto Start]
  <"C:\WINDOWS\system32\svchosts.exe" -e te-110-12-0000173><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Logical Disk Manager Administrator Service / Logical Disk Manager Administrator Service][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\ntxml.dll><>
[Messenger / Messenger][Running/Auto Start]
  <C:\WINDOWS\System32\svchost -k DcomLaunch-->C:\WINDOWS\system32\msgsvc32.dll><Microsoft Corporation>
[Indexing Data / MOBILL][Running/Auto Start]
  <C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\KFEAS.DLL,Export 1087><N/A>
[WindowsNt Workstation / NTWorkStan][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k NTWorkStan-->c:\windows\system32\ntworkstan.dll><Microsoft Corporation>
[RestoreServices / RestoreServices][Running/Auto Start]
  <C:\WINDOWS\system32\Svchost.exe -k RestoreServices-->C:\WINDOWS\system32\drivers\restore.dll><Microsoft Corporation All rights reserved>
[Security / Security][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\oivbj.dll><Microsoft Corporation>
[SQLServer Supports / sqlservech][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k sqlservech-->c:\windows\system32\sqlservech.dll><Microsoft Corporation>
[Provisioning Transaction Service / ttt_14][Running/Auto Start]
  <C:\WINDOWS\system32\win.exe><N/A>
[Vsn ujyl Service / ujyl][Running/Auto Start]
  <C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\xper\ewly.dll,Service><Microsoft Corporation>
[Windows NT Service32 / Windows NT Service32][Stopped/Auto Start]
  <"C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\NTService32.dll",Start><Microsoft Corporation>
[Windows Media Connect Service / WmdmPmSp][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\WmdmPmSp.dll><LINKMEDIA Tech>
[WindowsNt Network Engine / wnttech][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k wnttech-->c:\windows\system32\wnttech.dll><Microsoft Corporation>

==================================
驱动程序
[acpidisk / acpidisk][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\acpidisk.sys><N/A>
[adpu64 / adpu64][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\adpu64.sys><N/A>
[ast / ast][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\ast.sys><N/A>
[fdyqmml / fdyqmml][Running/Boot Start]
  <\SystemRoot\system32\drivers\fdyqmml.sys><N/A>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Running/Manual Start]
  <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[kl1 / kl1][Running/Boot Start]
  <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[kxsmp / kxsmp][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\kxsmp.sys><N/A>
[msprotect / msprotect][Running/System Start]
  <system32\DRIVERS\msprotect.sys><Windows (R) 2000 DDK provider>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[rl_hlp / rl_hlp][Running/Boot Start]
  <\SystemRoot\system32\drivers\rl_hlp.sys><N/A>
[S3SavageNB / S3SavageNB][Running/Manual Start]
  <system32\DRIVERS\s3gnbm.sys><S3 Graphics, Inc.>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[SVKP / SVKP][Running/Auto Start]
  <\??\C:\WINDOWS\system32\SVKP.sys><AntiCracking>
[ViaIde / ViaIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>

==================================
浏览器加载项
[IEMonitor Class]
  {08A312BB-5409-49FC-9347-54BB7D069AC6} <C:\WINDOWS\system32\IESHEL~1.DLL, >
[CAdLogic Object]
  {11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\CPUSH\cpush0.dll, N/A>
[]
  {13B80B13-6D02-424C-88E4-5EABF0883CA0} <C:\WINDOWS\system32\vabqsiecziutw.dll, N/A>
[SafeMe Internet Explorer Helper]
  {3AE06CEE-58A6-4F5F-AF89-6C5350842F16} <C:\WINDOWS\system32\SafeHelper12.dll, LINKMEDIA Tech>
[雅虎助手]
  {406F94F0-504F-4a40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, Yahoo!>
[ui Class]
  {4CEB0B7C-0729-412b-8627-0088FB4F6D9F} <C:\WINDOWS\system32\BHO04.dll, >
[rgvi]
  {5D8D2854-28B7-4674-B4A8-4E7CAB720E13} <C:\PROGRA~1\xper\baiv.dll, >
[]
  {6671A431-5C3D-463d-A7CF-5587F9B7E191} <C:\PROGRA~1\xper\.dll, N/A>
[实用搜索]
  {6CFD436C-7AAD-4e50-992F-C0C87A94CAD2} <C:\Program Files\superutilbar\superutilbar.dll, www.shiyongsousuo.com>
[QOYGQ]
  {BFCDA400-6B71-47D9-85BA-51484FCEADE7} <C:\WINDOWS\system32\DJQXGNTAHOVCIPW.DLL, N/A>
[Bar888]
  {C1B4DEC2-2623-438e-9CA2-C9043AB28508} <C:\PROGRA~1\COMMON~1\{306CE~1\Bar888.dll, N/A>
[IEHlprObj Class]
  {DE7C3CF0-4B15-11D1-ABED-709549C10000} <C:\WINDOWS\POPNTS.DLL, >
[16ad]
  {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} <C:\WINDOWS\system32\4c9cntos.dll, N/A>
[Web反病毒保护]
  {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <D:\Kaspersky6.0\scieplugin.dll, Kaspersky Lab>
[番茄花园]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.tomatolei.com, N/A>
[易趣购物]
  {BE9C13C3-9E46-4db1-BC05-BD8DA44599F2} <http://adfarm.mediaplex.com/ad/ck/4080-22910-9640-151?cn=song;icon;hp&mpro=http://www.ebay.com.cn, N/A>
[雅虎助手]
  {406F94F0-504F-4a40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, Yahoo!>
[16ad]
  {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} <C:\WINDOWS\system32\4c9cntos.dll, N/A>
[Bar888]
  {C1B4DEC2-2623-438e-9CA2-C9043AB28508} <C:\PROGRA~1\COMMON~1\{306CE~1\Bar888.dll, N/A>
[实用搜索工具条2.0]
  {03465FF5-00AE-411a-9C34-960ED566EC03} <C:\Program Files\superutilbar\superutilbar.dll, www.shiyongsousuo.com>
[实用搜索工具条2.0]
  {03465FF5-00AE-411A-9C34-960ED566EC03} <C:\Program Files\superutilbar\superutilbar.dll, www.shiyongsousuo.com>
[IEMonitor Class]
  {08A312BB-5409-49FC-9347-54BB7D069AC6} <C:\WINDOWS\system32\IESHEL~1.DLL, >
[CAdLogic Object]
  {11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\CPUSH\cpush0.dll, N/A>
[]
  {13B80B13-6D02-424C-88E4-5EABF0883CA0} <C:\WINDOWS\system32\vabqsiecziutw.dll, N/A>
[SafeMe Internet Explorer Helper]
  {3AE06CEE-58A6-4F5F-AF89-6C5350842F16} <C:\WINDOWS\system32\SafeHelper12.dll, LINKMEDIA Tech>
[雅虎助手]
  {406F94F0-504F-4A40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, Yahoo!>
[ui Class]
  {4CEB0B7C-0729-412B-8627-0088FB4F6D9F} <C:\WINDOWS\system32\BHO04.dll, >
[rgvi]
  {5D8D2854-28B7-4674-B4A8-4E7CAB720E13} <C:\PROGRA~1\xper\baiv.dll, >
[]
  {6671A431-5C3D-463D-A7CF-5587F9B7E191} <C:\PROGRA~1\xper\.dll, N/A>
[实用搜索]
  {6CFD436C-7AAD-4E50-992F-C0C87A94CAD2} <C:\Program Files\superutilbar\superutilbar.dll, www.shiyongsousuo.com>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[QOYGQ]
  {BFCDA400-6B71-47D9-85BA-51484FCEADE7} <C:\WINDOWS\system32\DJQXGNTAHOVCIPW.DLL, N/A>
[Bar888]
  {C1B4DEC2-2623-438E-9CA2-C9043AB28508} <C:\PROGRA~1\COMMON~1\{306CE~1\Bar888.dll, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\Flash85.ocx, Macromedia, Inc.>
[IEHlprObj Class]
  {DE7C3CF0-4B15-11D1-ABED-709549C10000} <C:\WINDOWS\POPNTS.DLL, >
[16ad]
  {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} <C:\WINDOWS\system32\4c9cntos.dll, N/A>
[雅虎搜索]
  <res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/246, N/A>

==================================
正在运行的进程
[PID: 420][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 488][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 512][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\klogon.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\WINDOWS\system32\winlib .dll]  [N/A, N/A]
[PID: 560][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 572][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SrvDll04.dll]  [N/A, N/A]
[PID: 720][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SrvDll04.dll]  [N/A, N/A]
[PID: 768][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 820][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\windows\system32\ntxml.dll]  [, 1, 0, 0, 1]
    [c:\windows\system32\wmdmpmsp.dll]  [LINKMEDIA Tech, 1, 5, 0, 4]
    [C:\WINDOWS\system32\SrvDll04.dll]  [N/A, N/A]
[PID: 860][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 960][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SrvDll04.dll]  [N/A, N/A]
[PID: 1100][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1232][C:\Windows\system32\MVDKRZG.EXE]  [N/A, N/A]
    [C:\WINDOWS\system32\SrvDll04.dll]  [N/A, N/A]
[PID: 1372][C:\WINDOWS\system32\svchosts.exe]  [N/A, N/A]
[PID: 1420][C:\WINDOWS\SYSTEM32\RUNDLL32.EXE]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1448][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SrvDll04.dll]  [N/A, N/A]
[PID: 1476][C:\WINDOWS\system32\Svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\windows\system32\drivers\restore.dll]  [Microsoft Corporation All rights reserved, 1, 0, 0, 1]
[PID: 1496][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SrvDll04.dll]  [N/A, N/A]
[PID: 1512][C:\WINDOWS\system32\win.exe]  [N/A, N/A]
[PID: 1588][C:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRA~1\xper\ewly.dll]  [, 1, 2, 0, 8]
[PID: 1636][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 1700][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 196][c:\windows\system32\wbem\lsass.exe]  [Microsoft, 1.0.0.0]
    [C:\WINDOWS\system32\SrvDll04.dll]  [N/A, N/A]
[PID: 448][C:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\sdmAgent30.dll]  [LINKMEDIA Tech, 1, 5, 0, 8]
[PID: 164][C:\WINDOWS\system32\RUNDLL32.EXE]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\dsssvc.dll]  [, 5.1.1800.2813]
[PID: 916][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2088][C:\Program Files\Common Files\{A06CE1C0-085A-2052-0323-050220040056}\Update.exe]  [N/A, N/A]
    [C:\Program Files\Common Files\{A06CE1C0-085A-2052-0323-050220040056}\System.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\SrvDll04.dll]  [N/A, N/A]
[PID: 2096][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2220][C:\program files\internet explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\winsys32_070121.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\SrvDll04.dll]  [N/A, N/A]
[PID: 3032][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3516][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3940][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 4764][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 5908][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 4832][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 4448][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2308][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2464][C:\WINDOWS\explorer.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
    [D:\Kaspersky6.0\shellex.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\WINDOWS\system32\IESHEL~1.DLL]  [, 5.1.2600.0]
    [C:\WINDOWS\Downloaded Program Files\800175\ExDLL.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\webpageparser.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\Charset.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\CreateDomTree.dll]  [N/A, N/A]
    [C:\WINDOWS\Downloaded Program Files\800175\fshook.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\vabqsiecziutw.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\SrvDll04.dll]  [N/A, N/A]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll]  [Yahoo!, 2, 1, 0, 1038]
    [C:\PROGRA~1\xper\baiv.dll]  [, 1, 2, 0, 8]
    [C:\Program Files\superutilbar\superutilbar.dll]  [www.shiyongsousuo.com, 2, 1, 8, 24]
    [C:\WINDOWS\system32\DJQXGNTAHOVCIPW.DLL]  [N/A, N/A]
    [C:\PROGRA~1\COMMON~1\{306CE~1\Bar888.dll]  [N/A, 1, 0, 0, 1]
    [C:\WINDOWS\system32\syschunk.dll]  [, 5, 1, 100, 2500]
    [C:\WINDOWS\system32\WsReource.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\dsfhw.dll]  [, 1, 0, 0, 1]
    [C:\Windows\system32\LTZHQXE.DLL]  [N/A, 1.0.0.1]
[PID: 4068][C:\WINDOWS\system32\dwwin.exe]  [Microsoft Corporation, 10.0.5815]
    [I:\SREng.bat]  [Smallfrogs Studio, 2.3.13.690]
    [C:\WINDOWS\system32\SrvDll04.dll]  [N/A, N/A]
[PID: 2304][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
IP
    C:\WINDOWS\system32\SrvDll04.dll(N/A, N/A)
UDP_CHAIN
    C:\WINDOWS\system32\SrvDll04.dll(N/A, N/A)

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
N/A

==================================


[/CODE]

好多毒,有的你杀了,瑞星+kaka安全助手+360safe能搞定,看了头疼了

多谢，马上去

麻烦看看杀完后的日志还有问题么？

HijackThis_815汉化版扫描日志 V1.99.1
保存于      20:52:55, 日期 2007-10-18
操作系统：  Windows XP SP2 (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\360safe\safemon\360tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\RavMon.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\Program Files\Rising\Rav\RavStub.exe
C:\Documents and Settings\开轩\桌面\HijackThis1991zww.bat

O2 - BHO: NavigatMon Class - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - C:\Program Files\360safe\safemon\safemon.dll
O4 - 启动项HKLM\\Run: [kav] "D:\Kaspersky6.0\avp.exe"
O4 - 启动项HKLM\\Run: [360Safetray] C:\Program Files\360safe\safemon\360tray.exe
O4 - 启动项HKLM\\Run: [runeip] C:\Program Files\Rising\AntiSpyware\runiep.exe
O4 - 启动项HKLM\\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - 启动项HKLM\\RunOnce: [KKDelay] C:\Program Files\Rising\AntiSpyware\RunOnce.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - 浏览器额外的按钮: Web反病毒保护 - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Kaspersky6.0\scieplugin.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/
O21 - SSODL: SysChunk - {6C5DC6D8-C9AF-43E6-A412-6AA7C582E5C5} - C:\WINDOWS\system32\syschunk.dll (file missing)
O23 - NT 服务: 卡巴斯基反病毒软件6.0 (AVP) - Kaspersky Lab - D:\Kaspersky6.0\avp.exe
O23 - NT 服务: WinCheckWeb (CheckWeb) - Unknown owner - C:\Windows\system32\MVDKRZG.EXE
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - NT 服务: Provisioning Transaction Service (ttt_14) - Unknown owner - C:\WINDOWS\system32\win.exe (file missing)