瑞星卡卡安全论坛

中了灰鸽子病毒!!!麻烦看下哪个是,谢谢
O16 - DPF: {52DF16E3-6C4F-4B22-8BAF-09263E463B48} (金山毒霸在线产品升级) - http://www.duba.net/cab/KOSInit.cab
O16 - DPF: {9BDBC41E-C335-4263-83C0-ECE78EE28A33} (SysMonOCX Control) - http://www.ahn.com.cn/aspservice/plugin/myfirewall20.cab
O16 - DPF: {C37FBD87-3AA7-4640-9A8D-19AFC10B15B2} (Netease Chat Control) - http://room.chat.163.com/xchat/chat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1388E751-2B7F-44CB-9622-02F55CFB0DD8}: NameServer = 202.103.224.68
O17 - HKLM\System\CCS\Services\Tcpip\..\{B4A9F879-453E-491D-B7CE-9542544265E2}: NameServer = 202.103.224.68 202.103.225.68
O17 - HKLM\System\CS1\Services\Tcpip\..\{1388E751-2B7F-44CB-9622-02F55CFB0DD8}: NameServer = 202.103.224.68
O17 - HKLM\System\CS2\Services\Tcpip\..\{1388E751-2B7F-44CB-9622-02F55CFB0DD8}: NameServer = 202.103.224.68
O20 - AppInit_DLLs: KB235780M.LOG
O23 - Service: P4P Service - Sohu.com Inc. - C:\Program Files\Common Files\Sogou PXP\p2psvr.exe
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - d:\1\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - d:\1\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - D:\1\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\1\Rising\Rav\Ravmond.exe
O23 - Service: Internet Explorrer (安全程度) - Unknown owner - C:\WINDOWS\IE.exe

O23 - Service: Internet Explorrer (安全程度) - Unknown owner - C:\WINDOWS\IE.exe

鸽子

O23 - Service: Internet Explorrer (安全程度) - Unknown owner - C:\WINDOWS\IE.exe
这项怀疑是鸽子，另下面这项估计也不是什么好玩意
O20 - AppInit_DLLs: KB235780M.LOG

你可以到我的“网络优盘”里下载一个叫“灰鸽子专杀”文件它在专杀工具文件夹下，自己找去吧
↑〖稳得起网络优盘〗↓
http://free.ys168.com/?zgrhcf

谢谢哈,2楼说的020那个可以删吗?

那个应该是橙色八月，找找专杀试试。

恩,谢谢了

找到
C:\WINDOWS\IE.exe
QQ289039676 传给我


修复
O23 - Service: Internet Explorrer (安全程度) - Unknown owner - C:\WINDOWS\IE.exe

我修复了,可是一重起它怎么还在啊?

谁能教我怎么删?

重启进入安全模式，展开注册表，以“安全程度”为关键字搜索注册表，将找到的“安全程度”键删除；设置显示隐藏文件，在C:\WINDOWS\下找IE.exe，IE.dll,IEkey.dll.删除

问个很笨的问题,注册表怎么开

运行  regedit  确定

点开始--运行--在对话框中输入“regedit" --确定
注意：注册表操作是一项危险性较高的作业，不要胡乱删，不清楚的不要删或改动。

我点删除,可他不让删怎么办?

我找到这个
service        REG_SZ      安全程度
然后右键点删除,结果无法删除.

瑞星能杀灰鸽子，谁放给你，放个给它

1.一定要在安全模式下操作。
2.如果实在是不能成功删除，请下载工具IceSword来删除吧置顶帖里有。

瑞星杀不了的..........
只要重起他又在,要是知道谁放的我早放回给他了

IceSword这个在哪下?
我删除是在安全模式下的,IE.EXE找到以删除,
注册表的一定要删吗?

IceSword没必要  用他杀鸽子大材小用  附：hijackthis下载地址 http://forum.ikaka.com/topic.asp?board=28&artid=8105899  扫出全部日志

你说的这个我有,可我不知道怎么删,
扫描都是会

晕  让我看看日志啊

我不是放上去了吗?
O11 - Options group: [!CNS]  中文上网
O16 - DPF: {52DF16E3-6C4F-4B22-8BAF-09263E463B48} (金山毒霸在线产品升级) - http://www.duba.net/cab/KOSInit.cab
O16 - DPF: {9BDBC41E-C335-4263-83C0-ECE78EE28A33} (SysMonOCX Control) - http://www.ahn.com.cn/aspservice/plugin/myfirewall20.cab
O16 - DPF: {C37FBD87-3AA7-4640-9A8D-19AFC10B15B2} (Netease Chat Control) - http://room.chat.163.com/xchat/chat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1388E751-2B7F-44CB-9622-02F55CFB0DD8}: NameServer = 202.103.224.68
O17 - HKLM\System\CCS\Services\Tcpip\..\{B4A9F879-453E-491D-B7CE-9542544265E2}: NameServer = 202.103.224.68 202.103.225.68
O17 - HKLM\System\CS1\Services\Tcpip\..\{1388E751-2B7F-44CB-9622-02F55CFB0DD8}: NameServer = 202.103.224.68
O17 - HKLM\System\CS2\Services\Tcpip\..\{1388E751-2B7F-44CB-9622-02F55CFB0DD8}: NameServer = 202.103.224.68
O20 - AppInit_DLLs: KB235780M.LOG
O23 - Service: P4P Service - Sohu.com Inc. - C:\Program Files\Common Files\Sogou PXP\p2psvr.exe
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - d:\1\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - d:\1\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - D:\1\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\1\Rising\Rav\Ravmond.exe
O23 - Service: Internet Explorrer (安全程度) - Unknown owner - C:\WINDOWS\IE.exe (file missing)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
D:\1\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
D:\1\Rising\Rav\Ravmond.exe
d:\1\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
d:\1\RfwMain.exe
D:\1\Rising\Rav\RavStub.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Common Files\Sogou PXP\p2psvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\1\Rising\Rav\RavTask.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe
D:\1\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\ctfmon.exe
D:\1\Rising\Rav\RsAgent.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\杀毒软件\ha_hijackthis_1991\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - E:\新建文件夹 (2)\QQIEHelper.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\111\ComDlls\XunLeiBHO_002.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\CnsHook.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RfwMain] "D:\1\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [RavTask] "D:\1\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [BigDogPath] rem C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [YLive.exe] rem C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - HKLM\..\RunOnce: [RavStub] "D:\1\Rising\Rav\ravstub.exe" /RUNONCE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &使用迅雷下载 - D:\111\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - D:\111\Program\GetAllUrl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - E:\新建文件夹 (2)\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - E:\新建文件夹 (2)\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\新建文件夹 (2)\AddEmotion.htm
O8 - Extra context menu item: 添加到雅虎订阅(&Y) - res://C:\Program Files\Yahoo!\Assistant\Assist\yrss.dll/YRSSMENUEXT
O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\新建文件夹 (2)\SendMMS.htm
O9 - Extra button: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - D:\111\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - D:\111\Thunder.exe
O9 - Extra button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - D:\浩方\浩方对战平台\GameClient.exe (file missing)
O9 - Extra button: 游一游 - {29269350-EC07-4274-821F-F2E0E2697149} - http://act.youyy.com/YoyyLink.html (file missing)
O9 - Extra button: Yahoo 3.5G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail (file missing)
O9 - Extra button: 名品折扣 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=http://www.taobao.com/vertical/mall/pro.php?allyesPara=816 (file missing)
O9 - Extra button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist (file missing)
O9 - Extra button: 雅虎WIDGET - {6354ABE6-05F1-49ed-B850-E423120EC338} - http://cn.widget.yahoo.com/index.htm?source=Cns (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\新建文件夹 (2)\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\新建文件夹 (2)\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - E:\新建文件夹 (2)\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - E:\新建文件夹 (2)\QQIEHelper.dll
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O11 - Options group: [!CNS]  中文上网
O16 - DPF: {52DF16E3-6C4F-4B22-8BAF-09263E463B48} (金山毒霸在线产品升级) - http://www.duba.net/cab/KOSInit.cab
O16 - DPF: {9BDBC41E-C335-4263-83C0-ECE78EE28A33} (SysMonOCX Control) - http://www.ahn.com.cn/aspservice/plugin/myfirewall20.cab
O16 - DPF: {C37FBD87-3AA7-4640-9A8D-19AFC10B15B2} (Netease Chat Control) - http://room.chat.163.com/xchat/chat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1388E751-2B7F-44CB-9622-02F55CFB0DD8}: NameServer = 202.103.224.68
O17 - HKLM\System\CCS\Services\Tcpip\..\{B4A9F879-453E-491D-B7CE-9542544265E2}: NameServer = 202.103.224.68 202.103.225.68
O17 - HKLM\System\CS1\Services\Tcpip\..\{1388E751-2B7F-44CB-9622-02F55CFB0DD8}: NameServer = 202.103.224.68
O17 - HKLM\System\CS2\Services\Tcpip\..\{1388E751-2B7F-44CB-9622-02F55CFB0DD8}: NameServer = 202.103.224.68
O20 - AppInit_DLLs: KB235780M.LOG
O23 - Service: P4P Service - Sohu.com Inc. - C:\Program Files\Common Files\Sogou PXP\p2psvr.exe
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - d:\1\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - d:\1\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - D:\1\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\1\Rising\Rav\Ravmond.exe
O23 - Service: Internet Explorrer (安全程度) - Unknown owner - C:\WINDOWS\IE.exe (file missing)

这是刚扫描出的,不知道是不是已经删掉了呢,
帮忙看下

１.鸽子没弄干净，不过暂时没有威胁了。
鸽子的服务项在注册表位置：HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\安全程度
2.还有个也是难缠的“橙色八月”呢。用专杀吧，瑞星的首页上有。

我用了橙色八月,可没查出来

请斑竹杀吧，帮你顶一下

这个是现在刚扫描出的
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
D:\1\Rising\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
D:\1\Rising\Rav\Ravmond.exe
d:\1\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\1\Rising\Rav\RavStub.exe
d:\1\RfwMain.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Common Files\Sogou PXP\p2psvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\1\Rising\Rav\RavTask.exe
D:\1\Rising\Rav\Ravmon.exe
C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
D:\杀毒软件\ha_hijackthis_1991\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - E:\新建文件夹 (2)\QQIEHelper.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - D:\111\ComDlls\XunLeiBHO_002.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\CnsHook.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RfwMain] "D:\1\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [RavTask] "D:\1\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [BigDogPath] rem C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [YLive.exe] rem C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &使用迅雷下载 - D:\111\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - D:\111\Program\GetAllUrl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - E:\新建文件夹 (2)\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - E:\新建文件夹 (2)\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\新建文件夹 (2)\AddEmotion.htm
O8 - Extra context menu item: 添加到雅虎订阅(&Y) - res://C:\Program Files\Yahoo!\Assistant\Assist\yrss.dll/YRSSMENUEXT
O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\新建文件夹 (2)\SendMMS.htm
O9 - Extra button: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - D:\111\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - D:\111\Thunder.exe
O9 - Extra button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - D:\浩方\浩方对战平台\GameClient.exe (file missing)
O9 - Extra button: 游一游 - {29269350-EC07-4274-821F-F2E0E2697149} - http://act.youyy.com/YoyyLink.html (file missing)
O9 - Extra button: Yahoo 3.5G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail (file missing)
O9 - Extra button: 名品折扣 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=http://www.taobao.com/vertical/mall/pro.php?allyesPara=816 (file missing)
O9 - Extra button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist (file missing)
O9 - Extra button: 雅虎WIDGET - {6354ABE6-05F1-49ed-B850-E423120EC338} - http://cn.widget.yahoo.com/index.htm?source=Cns (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\新建文件夹 (2)\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - E:\新建文件夹 (2)\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - E:\新建文件夹 (2)\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - E:\新建文件夹 (2)\QQIEHelper.dll
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O11 - Options group: [!CNS]  中文上网
O16 - DPF: {52DF16E3-6C4F-4B22-8BAF-09263E463B48} (金山毒霸在线产品升级) - http://www.duba.net/cab/KOSInit.cab
O16 - DPF: {9BDBC41E-C335-4263-83C0-ECE78EE28A33} (SysMonOCX Control) - http://www.ahn.com.cn/aspservice/plugin/myfirewall20.cab
O16 - DPF: {C37FBD87-3AA7-4640-9A8D-19AFC10B15B2} (Netease Chat Control) - http://room.chat.163.com/xchat/chat.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1388E751-2B7F-44CB-9622-02F55CFB0DD8}: NameServer = 202.103.224.68
O17 - HKLM\System\CS1\Services\Tcpip\..\{1388E751-2B7F-44CB-9622-02F55CFB0DD8}: NameServer = 202.103.224.68
O17 - HKLM\System\CS2\Services\Tcpip\..\{1388E751-2B7F-44CB-9622-02F55CFB0DD8}: NameServer = 202.103.224.68
O20 - AppInit_DLLs: KB235780M.LOG
O23 - Service: P4P Service - Sohu.com Inc. - C:\Program Files\Common Files\Sogou PXP\p2psvr.exe
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - d:\1\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - d:\1\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - D:\1\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\1\Rising\Rav\Ravmond.exe

这下该删完了吧