瑞星卡卡安全论坛

前段时间中了w32.looked.0和w32.looded.ah病毒，后面使用杀毒软件(12.1更新）杀了好几遍，现在查不到病毒了，但开机时老是自动运行C:\WINDOWS\uninstall\rundl132.exe.速度好慢，老半天才打开一个文件，只见硬盘响，不见文件开.哪位大虾指点一下？
扫描报告如下:
2006-12-12,08:28:13

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 非管理权限用户 - 受限功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background>  [Microsoft Corporation]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [Microsoft Corporation]
    <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [Microsoft Corporation]
    <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [Microsoft Corporation]
    <IMSCMig><; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [Microsoft Corporation]
    <ccApp><; "C:\Program Files\Common Files\Symantec Shared\ccApp.exe">  [Symantec Corporation]
    <vptray><; C:\PROGRA~1\SYMANT~1\VPTray.exe>  [Symantec Corporation]
    <load><C:\WINDOWS\uninstall\rundl132.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
    <WinlogonNotify: NavLogon><C:\WINDOWS\system32\NavLogon.dll>  [Symantec Corporation]

==================================
启动文件夹
[FortuneDate]
  <C:\Documents and Settings\saca201\「开始」菜单\程序\启动\FortuneDate.lnk><N>

==================================
服务
[Symantec Event Manager / ccEvtMgr]
  <"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"><Symantec Corporation>
[Symantec Settings Manager / ccSetMgr]
  <"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"><Symantec Corporation>
[Symantec AntiVirus Definition Watcher / DefWatch]
  <"C:\Program Files\Symantec AntiVirus\DefWatch.exe"><Symantec Corporation>
[LiveUpdate / LiveUpdate]
  <"C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"><Symantec Corporation>
[SavRoam / SavRoam]
  <"C:\Program Files\Symantec AntiVirus\SavRoam.exe"><symantec>
[Symantec Network Drivers Service / SNDSrvc]
  <"C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"><Symantec Corporation>
[Symantec SPBBCSvc / SPBBCSvc]
  <"C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"><Symantec Corporation>
[Symantec AntiVirus / Symantec AntiVirus]
  <"C:\Program Files\Symantec AntiVirus\Rtvscan.exe"><Symantec Corporation>
[VNC Server Version 4 / WinVNC4]
  <"C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service><RealVNC Ltd.>

==================================
浏览器加载项
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <D:\Office file\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <D:\Office file\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <D:\Office file\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\flash.ocx, Macromedia, Inc.>
[上传到QQ网络硬盘]
  <D:\Office file\QQ\AddToNetDisk.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
  <D:\Office file\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\Office file\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\Office file\QQ\SendMMS.htm, N/A>

正在运行的进程
[PID: 2084][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll]  <Adobe Systems Incorporated><6.0.0.2003051500>
[PID: 2244][C:\WINDOWS\system32\conime.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2464][C:\Program Files\Messenger\msmsgs.exe]  <Microsoft Corporation><4.7.3000>
[PID: 2472][C:\WINDOWS\system32\ctfmon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2516][D:\Tec Data\www file\SOFT\FortuneDate\FortuneDate\FortuneDate.exe]  <N/A><N/A>
    [D:\Tec Data\www file\SOFT\FortuneDate\FortuneDate\bdertl60.bpl]  <Borland Software Corporation><6.0.6.163>
    [D:\Tec Data\www file\SOFT\FortuneDate\FortuneDate\rtl60.bpl]  <Borland Software Corporation><6.0.6.163>
    [D:\Tec Data\www file\SOFT\FortuneDate\FortuneDate\dbrtl60.bpl]  <Borland Software Corporation><6.0.6.163>
    [D:\Tec Data\www file\SOFT\FortuneDate\FortuneDate\dclaxserver60.bpl]  <Borland Software Corporation><1.0.0.0>
    [D:\Tec Data\www file\SOFT\FortuneDate\FortuneDate\vcl60.bpl]  <Borland Software Corporation><6.0.6.163>
    [D:\Tec Data\www file\SOFT\FortuneDate\FortuneDate\vcldb60.bpl]  <Borland Software Corporation><6.0.6.163>
    [D:\Tec Data\www file\SOFT\FortuneDate\FortuneDate\dsnap60.bpl]  <Borland Software Corporation><6.0.6.163>
    [D:\Tec Data\www file\SOFT\FortuneDate\FortuneDate\HDSNDLL.dll]  <N/A><N/A>
    [D:\Tec Data\www file\SOFT\FortuneDate\FortuneDate\Print.bpl]  <><1.0.0.0>
    [D:\Tec Data\www file\SOFT\FortuneDate\FortuneDate\printbase.bpl]  <><1.0.0.0>
    [D:\Tec Data\www file\SOFT\FortuneDate\FortuneDate\tee60.bpl]  <Borland Software Corporation><6.0.6.163>
    [D:\Tec Data\www file\SOFT\FortuneDate\FortuneDate\uadl.bpl]  <><1.0.0.0>
    [D:\Tec Data\www file\SOFT\FortuneDate\FortuneDate\vcljpg60.bpl]  <Borland Software Corporation><6.0.6.163>
    [D:\Tec Data\www file\SOFT\FortuneDate\FortuneDate\VclSmp60.bpl]  <Borland Software Corporation><1.0.0.0>
    [D:\Tec Data\www file\SOFT\FortuneDate\FortuneDate\vclx60.bpl]  <Borland Software Corporation><6.0.6.163>
[PID: 2576][C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe]  <Adobe Systems Incorporated><6.0.0.2003051900>
    [C:\Program Files\Adobe\Acrobat 6.0\Reader\AGM.dll]  <Adobe Systems Incorporated><4.10.49>
    [C:\Program Files\Adobe\Acrobat 6.0\Reader\CoolType.dll]  <Adobe Systems Incorporated><4.13.41>
    [C:\Program Files\Adobe\Acrobat 6.0\Reader\JP2KLib.dll]  <Adobe system Incorporated><1.0.22891>
    [C:\Program Files\Adobe\Acrobat 6.0\Reader\OPP.dll]  <Adobe Systems Incorporated><1.02.05>
    [C:\Program Files\Adobe\Acrobat 6.0\Reader\BIB.dll]  <Adobe Systems Incorporated><1.1.14>
    [C:\Program Files\Adobe\Acrobat 6.0\Reader\ACE.dll]  <Adobe Systems Incorporated><2.03.24>
    [C:\WINDOWS\system32\ATMLIB.dll]  <Adobe Systems><5.1 Build 226>
    [C:\Program Files\Adobe\Acrobat 6.0\Reader\SPPlugins\ADMPlugin.apl]  <Adobe Systems Incorporated><3.00x75>
    [C:\Program Files\Adobe\Acrobat 6.0\Reader\SPPlugins\ExpressViews.apl]  <Adobe Systems Incorporated><6.0>
    [C:\Program Files\Adobe\Acrobat 6.0\Reader\plug_ins\Accessibility.api]  <Adobe Systems Incorporated><6.0.0.2003051500>
    [C:\Program Files\Adobe\Acrobat 6.0\Reader\plug_ins\AcroForm.api]  <Adobe Systems Incorporated><6.0.0.2003051500>
    [C:\Program Files\Adobe\Acrobat 6.0\Reader\plug_ins\Annotations\Annots.api]  <Adobe Systems Incorporated><6.0.0.2003051500>
    [C:\Program Files\Adobe\Acrobat 6.0\Reader\plug_ins\DigSig.api]  <Adobe Systems Incorporated><6.0.0.2003051500>
    [C:\Program Files\Adobe\Acrobat 6.0\Reader\plug_ins\eBook.api]  <Adobe Systems Incorporated><6.0.0.0>
    [C:\Program Files\Adobe\Acrobat 6.0\Reader\plug_ins\EScript.api]  <Adobe Systems Incorporated><6.0.0.2003051500>
    [C:\Program Files\Adobe\Acrobat 6.0\Reader\plug_ins\EWH32.api]  <Adobe Systems Incorporated><6.0.0.2003051500>
    [C:\Program Files\Adobe\Acrobat 6.0\Reader\plug_ins\HLS.api]  <Adobe Systems Incorporated><6.0.0.2003051500>
    [C:\Program Files\Adobe\Acrobat 6.0\Reader\plug_ins\IA32.api]  <Adobe Systems Incorporated><6.0.0.2003051500>
    [C:\Program Files\Adobe\Acrobat 6.0\Reader\plug_ins\ImageViewer\ImageViewer.API]  <Adobe Systems Inc.><5.0.0.38163>
    [C:\Program Files\Adobe\Acrobat 6.0\Reader\plug_ins\MakeAccessible.api]  <Adobe Systems Incorporated><6.0.0.2003051500>
    [C:\Program Files\Adobe\Acrobat 6.0\Reader\plug_ins\Multimedia\Multimedia.api]  <Adobe Systems Incorporated><6.0.0.2003051500>
    [C:\Program Files\Adobe\Acrobat 6.0\Reader\plug_ins\PDDom.api]  <Adobe Systems Incorporated><6.0.0.2003051500>
    [C:\Program Files\Adobe\Acrobat 6.0\Reader\plug_ins\PictureTasks\PictureTasks.api]  <Adobe Systems Incorporated><6.0.0.2003051500>
    [C:\Program Files\Adobe\Acrobat 6.0\Reader\plug_ins\PPKLite.api]  <Adobe Systems Incorporated><6.0.0.2003051500>
    [C:\Program Files\Adobe\Acrobat 6.0\Reader\plug_ins\printme.api]  <Electronics For Imaging, Inc.><6, 0, 16, 1>
    [C:\Program Files\Adobe\Acrobat 6.0\Reader\plug_ins\reflow.api]  <Adobe Systems Incorporated><6.0.0.2003051500>
    [C:\Program Files\Adobe\Acrobat 6.0\Reader\plug_ins\SaveAsRTF.api]  <Adobe Systems Incorporated><6.0.0.2003051500>
    [C:\Program Files\Adobe\Acrobat 6.0\Reader\plug_ins\Search.api]  <Adobe Systems Incorporated><6.0.0.2003051500>
    [C:\Program Files\Adobe\Acrobat 6.0\Reader\plug_ins\Search5.api]  <Adobe Systems Incorporated><6.0.0.2003051500>
    [C:\Program Files\Adobe\Acrobat 6.0\Reader\plug_ins\SendMail.api]  <Adobe Systems Incorporated><6.0.0.2003051500>
    [C:\Program Files\Adobe\Acrobat 6.0\Reader\plug_ins\Soap.api]  <Adobe Systems Incorporated><6.0.0.2003051500>
    [C:\Program Files\Adobe\Acrobat 6.0\Reader\plug_ins\Updater.api]  <Adobe Systems Incorporated><6.0.0.2003051500>
    [C:\Program Files\Adobe\Acrobat 6.0\Reader\esdupdate.dll]  <Adobe Systems><2, 0, 0, 21>
    [C:\Program Files\Adobe\Acrobat 6.0\Reader\plug_ins\weblink.api]  <Adobe Systems Incorporated><6.0.0.2003051500>
    [C:\Program Files\Adobe\Acrobat 6.0\Reader\plug_ins\XFA.api]  <Adobe Systems Incorporated><6.0.0.2003051500>
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\SDNT5UI.DLL]  <Zenographics, Inc.><5.60.709.0>
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\SDDM32.DLL]  <Zenographics, Inc.><5, 60, 1511, 0>
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ZSPOOL.dll]  <Zenographics, Inc.><5, 51, 709, 0>
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ZGDI32.dll]  <Zenographics, Inc.><5, 60, 709, 0>
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ZTAG32.dll]  <Zenographics, Inc.><5, 60, 1210, 0>
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\SDDMUI.DLL]  <Zenographics, Inc.><5, 60, 1520, 0>
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\SR32.dll]  <Zenographics, Inc.><5, 60, 1407, 0>
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\IMFNT5.DLL]  <Zenographics, Inc.><0, 3, 1418, 0>
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\Imf32.dll]  <Zenographics, Inc.><5, 60, 1204, 0>

[PID: 2652][C:\WINDOWS\system32\WISPTIS.EXE]  <Microsoft Corporation><1.0.2201.0 (xpsp1.020820-1800)>
[PID: 2688][D:\Tec Data\online v2\SocksOnlineV2.exe]  <N/A><N/A>
[PID: 2764][D:\Office file\QQ\QQ.exe]  <TENCENT><0, 0, 0, 0>
    [D:\Office file\QQ\CoralAssist.DLL]  <N/A><4.0.0 Build 20051112>
    [D:\Office file\QQ\CoralQQ.DLL]  <Coral Team><4.2.1 Build 20060127>
    [D:\Office file\QQ\IPSearcher.dll]  <N/A><1.0.0.4>
    [D:\Office file\QQ\QQBaseClassInDll.dll]  <><1, 0, 0, 1>
    [D:\Office file\QQ\QQHelperDll.dll]  <><1, 0, 0, 1>
    [D:\Office file\QQ\BasicCtrlDll.dll]  <Tencent><5, 0, 200, 14>
    [D:\Office file\QQ\QQAPI.dll]  <><1, 0, 0, 1>
    [D:\Office file\QQ\LoginCtrl.dll]  <><1, 0, 0, 1>
    [D:\Office file\QQ\npkcntc.dll]  <INCA Internet Co., Ltd.><2005, 9, 1, 1>
    [D:\Office file\QQ\npkpdb.dll]  <INCA Internet Co., Ltd.><2003, 10, 1, 1>
    [D:\Office file\QQ\QQRes.dll]  <tencent><1, 0, 0, 1>
    [D:\Office file\QQ\QQMainFrame.dll]  <N/A><N/A>
    [D:\Office file\QQ\CQQApplication.dll]  <N/A><N/A>
    [D:\Office file\QQ\NewSkin.dll]  <><1, 0, 0, 1>
    [D:\Office file\QQ\HostingMgr.dll]  <><1, 0, 0, 1>
    [D:\Office file\QQ\CameraDll.dll]  <><1, 0, 0, 1>
    [D:\Office file\QQ\MailSummary.dll]  <><1, 0, 0, 1>
    [D:\Office file\QQ\QQSpace.dll]  <><1, 0, 0, 1>
    [C:\WINDOWS\system32\msdmo.dll]  <N/A><N/A>
    [D:\Office file\QQ\QQGroupMng.dll]  <><1, 0, 0, 1>
    [D:\Office file\QQ\UserDefinedHead.dll]  <><1, 0, 0, 1>
    [D:\Office file\QQ\QQPlugin.dll]  <N/A><N/A>
    [D:\Office file\QQ\QQAllInOne.dll]  <N/A><N/A>
    [D:\Office file\QQ\SCCore.dll]  <N/A><N/A>
    [D:\Office file\QQ\QQCustomFace.dll]  <N/A><N/A>
    [D:\Office file\QQ\QQPet.dll]  <><1, 0, 0, 1>
    [D:\Office file\QQ\QQSysMsgMng.dll]  <N/A><N/A>
    [D:\Office file\QQ\QQConfigPlugin.dll]  <><1, 0, 0, 1>
    [D:\Office file\QQ\QRingMng.dll]  <N/A><N/A>
    [D:\Office file\QQ\PhoneAPI.dll]  <><1, 0, 0, 1>
    [D:\Office file\QQ\DialerAllinOne.dll]  <tencent><1, 4, 0, 0>
    [D:\Office file\QQ\LongConnection.dll]  <tencent><0, 3, 3, 8>
    [D:\Office file\QQ\QQAvatar.dll]  <N/A><N/A>
    [D:\Office file\QQ\FlashAvatarDll.dll]  <><1, 4, 0, 1>
    [C:\WINDOWS\system32\macromed\flash\flash.ocx]  <Macromedia, Inc.><6,0,79,0>
    [D:\Office file\QQ\QQMagicFace.dll]  <><1, 0, 0, 1>
    [D:\Office file\QQ\QQSceneMng.dll]  <N/A><N/A>
    [D:\Office file\QQ\GroupConnection.dll]  <Tencent><0, 3, 3, 5>
    [D:\Office file\QQ\BQQApplication.dll]  <N/A><N/A>
    [D:\Office file\QQ\CommercesMng.dll]  <><1, 0, 0, 1>
    [D:\Office file\QQ\PersonalDesktop.dll]  <深圳市腾讯计算机系统公司QQ工作小组><1, 0, 0, 2>
    [D:\Office file\QQ\QQUdpGetFileLib.dll]  <tencent><0, 2, 2, 3>
    [D:\Office file\QQ\QQAddr.dll]  <深圳市腾讯计算机系统有限公司><5, 0, 101, 141>
    [D:\Office file\QQ\ImageOle.dll]  <TODO: <Company name>><1.0.0.1>
    [D:\Office file\QQ\QQZip.dll]  <tencent><0, 3, 2, 4>
    [D:\Office file\QQ\QQPhoneHelper.dll]  <腾讯科技（深圳）有限公司><1, 1, 1, 30>
    [D:\Office file\QQ\ShareFiles.dll]  <N/A><N/A>
[PID: 3636][C:\Program Files\WinRAR\WinRAR.exe]  <Eugene Roshal><3.30>
[PID: 3728][C:\DOCUME~1\saca201\LOCALS~1\Temp\Rar$EX00.999\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

用SR删除启动--注册表项：

<load><C:\WINDOWS\uninstall\rundl132.exe> []
删除这个文件
清理注册表

在SR里面的注册表选项下：删除这个<load><C:\WINDOWS\uninstall\rundl132.exe>好几遍，重开几次机又有了.

再顶上去

必须删除原文件！

楼主，麻烦你在扫描的时候，关闭其他的所有进程，看的人眼花，而且用hijackthis再扫描并传上来。

用hijackthis扫描结果：

Running processes:
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\saca201\LOCALS~1\Temp\Rar$EX00.976\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\Office file\QQ\QQIEHelper.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IMSCMig] ; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [ccApp] ; "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] ; C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [load] C:\WINDOWS\uninstall\rundl132.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: FortuneDate.lnk = D:\Tec Data\www file\SOFT\FortuneDate\FortuneDate\FortuneDate.exe
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Office file\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Office file\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Office file\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Office file\QQ\SendMMS.htm
O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Office file\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Office file\QQ\QQIEHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = alltronics.local
O17 - HKLM\Software\..\Telephony: DomainName = alltronics.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = alltronics.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = alltronics.local
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)