【回复“Flyingsteps”的帖子】
您的log贴完整了吗？
O23 - Service: www.jiaozhu.net - Unknown owner - C:\WINDOWS\system32\

请您另开一贴……

HijackThis@Qoo的扫描日志  V1.97.7
Scan saved at 12:17:19, on 2005-10-18
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\program files\rising\rfw\RfwMain.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
C:\PROGRA~1\RISING\RAV\RAVMON.EXE
D:\迅雷\ThunderMini.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\System32\ctfmon.exe
D:\珊瑚虫版QQ\QQ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
D:\珊瑚虫版QQ\TIMPlatform.exe
D:\珊瑚虫版QQ\qqpet\qqpet.exe
F:\幻想\qqfo_b5b26_dl.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\新建文件夹\bind5071.exe
D:\新建文件夹\HijackThis.exe

O2 - BHO: (no name) - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\System32\xunleibho_v8.dll
O2 - BHO: (no name) - {0C7C23EF-A848-485B-873C-0ED954731014} - C:\Program Files\TENCENT\AddrPlus\IEHelp.dll (file missing)
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL (file missing)
O2 - BHO: (no name) - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\BaiduBar.dll
O2 - BHO: YiSou - {EF1D17A9-089F-40cc-8D64-7324CDEBA0DB} - C:\PROGRA~1\YiSou\yisoub.dll (file missing)
O3 - Toolbar: ????? - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ????? - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\BaiduBar.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RavTimer] C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] C:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [yassistse] "D:\3721\Yahoo!\Assistant\yassistse.exe"
O4 - HKLM\..\Run: [thunder_mini] D:\
O4 - HKLM\..\Run: [MS-4011 Memory Patch] D:\
O4 - HKLM\..\Run: [ExFilter] Rundll32.exe "C:\PROGRA~1\CNNIC\Cdn\cdnspie.dll",ExecFilter solo
O4 - HKLM\..\Run: [DTService] rundll32.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX1\DTSERV~1.DLL,Load
O4 - HKLM\..\Run: [sysupate] C:\WINDOWS\System32\NtSysUpdate.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AutoInsQyule] C:\Program Files\Qyule\QyuleInstall.exe
O4 - HKCU\..\Run: [3e55004d0d14f4009287983275fd0788] "C:\KAV2005\Setup\Duba2005IS.EXE" -t 1
O4 - Startup: NTUSER.DAT
O4 - Startup: ntuser.dat.LOG
O4 - Startup: ntuser.ini
O4 - Global Startup: ntuser.pol
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: &使用迷你迅雷下载 - D:\
O11 - Options group: [TBH]  QQ
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37906.3573842593
O17 - HKLM\System\CCS\Services\Tcpip\..\{4D22C268-E63A-427D-8CE0-BB54DC6F6268}: NameServer = 202.99.160.68
O17 - HKLM\System\CCS\Services\Tcpip\..\{B0A2478D-9B61-498F-8325-F9EF7C6FA039}: NameServer = 202.99.160.68 202.99.168.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{4D22C268-E63A-427D-8CE0-BB54DC6F6268}: NameServer = 202.99.160.68
O17 - HKLM\System\CS2\Services\Tcpip\..\{4D22C268-E63A-427D-8CE0-BB54DC6F6268}: NameServer = 202.99.160.68

HijackThis@Qoo的扫描日志  V1.97.7
Scan saved at 12:17:19, on 2005-10-18
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\program files\rising\rfw\RfwMain.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
C:\PROGRA~1\RISING\RAV\RAVMON.EXE
D:\迅雷\ThunderMini.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\System32\ctfmon.exe
D:\珊瑚虫版QQ\QQ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
D:\珊瑚虫版QQ\TIMPlatform.exe
D:\珊瑚虫版QQ\qqpet\qqpet.exe
F:\幻想\qqfo_b5b26_dl.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\新建文件夹\bind5071.exe
D:\新建文件夹\HijackThis.exe

O2 - BHO: (no name) - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\System32\xunleibho_v8.dll
O2 - BHO: (no name) - {0C7C23EF-A848-485B-873C-0ED954731014} - C:\Program Files\TENCENT\AddrPlus\IEHelp.dll (file missing)
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL (file missing)
O2 - BHO: (no name) - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\BaiduBar.dll
O2 - BHO: YiSou - {EF1D17A9-089F-40cc-8D64-7324CDEBA0DB} - C:\PROGRA~1\YiSou\yisoub.dll (file missing)
O3 - Toolbar: ????? - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ????? - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\BaiduBar.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RavTimer] C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] C:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [yassistse] "D:\3721\Yahoo!\Assistant\yassistse.exe"
O4 - HKLM\..\Run: [thunder_mini] D:\
O4 - HKLM\..\Run: [MS-4011 Memory Patch] D:\
O4 - HKLM\..\Run: [ExFilter] Rundll32.exe "C:\PROGRA~1\CNNIC\Cdn\cdnspie.dll",ExecFilter solo
O4 - HKLM\..\Run: [DTService] rundll32.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX1\DTSERV~1.DLL,Load
O4 - HKLM\..\Run: [sysupate] C:\WINDOWS\System32\NtSysUpdate.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AutoInsQyule] C:\Program Files\Qyule\QyuleInstall.exe
O4 - HKCU\..\Run: [3e55004d0d14f4009287983275fd0788] "C:\KAV2005\Setup\Duba2005IS.EXE" -t 1
O4 - Startup: NTUSER.DAT
O4 - Startup: ntuser.dat.LOG
O4 - Startup: ntuser.ini
O4 - Global Startup: ntuser.pol
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: &使用迷你迅雷下载 - D:\
O11 - Options group: [TBH]  QQ
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37906.3573842593
O17 - HKLM\System\CCS\Services\Tcpip\..\{4D22C268-E63A-427D-8CE0-BB54DC6F6268}: NameServer = 202.99.160.68
O17 - HKLM\System\CCS\Services\Tcpip\..\{B0A2478D-9B61-498F-8325-F9EF7C6FA039}: NameServer = 202.99.160.68 202.99.168.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{4D22C268-E63A-427D-8CE0-BB54DC6F6268}: NameServer = 202.99.160.68
O17 - HKLM\System\CS2\Services\Tcpip\..\{4D22C268-E63A-427D-8CE0-BB54DC6F6268}: NameServer = 202.99.160.68


还是有那个病毒啊  怎么办呢？？谢谢拉

【回复“吸血8啃骨”的帖子】
请关闭所有IE界面，重新使用HijackThis扫描一次，选中下面建议修复的项目，让HijackThis修复，修复前请允许HijackThis保留备份。（如果楼主知道是安全的可以不必勾选）
O4 - HKLM\..\Run: [sysupate] C:\WINDOWS\System32\NtSysUpdate.exe
O4 - HKCU\..\Run: [AutoInsQyule] C:\Program Files\Qyule\QyuleInstall.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present

然后打开我的电脑→再点工具→打开文件夹选项→查看→把隐藏受保护的系统文件（推荐）和隐藏已知文件类型的扩展名的勾去掉→再显示所有文件→找到以下文件并删除：
C:\WINDOWS\System32\NtSysUpdate.exe
删除文件夹C:\Program Files\Qyule

问题仍在请用新版HijackThis1.99.1 扫个日志上来
HijackThis下载地址请参考：
【必读】本版说明及常用小软件下载
http://forum.ikaka.com/topic.asp?board=67&artid=5188931

点修复后出来的文件有用呗？？

C:\WINDOWS\System32\stdup.dll
C:\WINDOWS\System32\qylhelper.dll
winreups.exe（请用开始菜单中的搜索功能查找）

这些东西我这都没有

我是新手啊  望大家多多指导啊  小弟在此谢谢大家了！~！~

【回复“吸血8啃骨”的帖子】
请用新版HijackThis1.99.1 扫个日志上来

HijackThis下载地址请参考：
【必读】本版说明及常用小软件下载
http://forum.ikaka.com/topic.asp?board=67&artid=5188931

HijackThis_zww汉化版扫描日志 V1.99.1
保存于      18:23:15, 日期 2005-10-18
操作系统：  Windows XP SP1 (WinNT 5.01.2600)
浏览器：    Unable to get Internet Explorer version!

当前运行的进程：         
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRAM FILES\RISING\RAV\Ravmond.exe
C:\PROGRAM FILES\RISING\RAV\RavStub.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\program files\rising\rfw\RfwMain.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
C:\PROGRA~1\RISING\RAV\RAVMON.EXE
D:\迅雷\ThunderMini.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\System32\ctfmon.exe
D:\珊瑚虫版QQ\QQ.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
D:\珊瑚虫版QQ\TIMPlatform.exe
D:\珊瑚虫版QQ\qqpet\qqpet.exe
D:\新建文件夹\HijackThis1991汉化版\HijackThis1991zww.exe

F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\System32\xunleibho_v8.dll
O2 - BHO: Tencent Browser Helper - {0C7C23EF-A848-485B-873C-0ED954731014} - C:\Program Files\TENCENT\AddrPlus\IEHelp.dll (file missing)
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL (file missing)
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\BaiduBar.dll
O2 - BHO: YiSou - {EF1D17A9-089F-40cc-8D64-7324CDEBA0DB} - C:\PROGRA~1\YiSou\yisoub.dll (file missing)
O3 - IE工具栏增项: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - IE工具栏增项: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\BaiduBar.dll
O4 - 启动项HKLM\\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [SoundMan] SOUNDMAN.EXE
O4 - 启动项HKLM\\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - 启动项HKLM\\Run: [nwiz] nwiz.exe /install
O4 - 启动项HKLM\\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - 启动项HKLM\\Run: [RavTimer] C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - 启动项HKLM\\Run: [RavMon] C:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - 启动项HKLM\\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - 启动项HKLM\\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - 启动项HKLM\\Run: [yassistse] "D:\3721\Yahoo!\Assistant\yassistse.exe"
O4 - 启动项HKLM\\Run: [thunder_mini] D:\迅雷\ThunderMini.exe
O4 - 启动项HKLM\\Run: [MS-4011 Memory Patch] D:\新建文件夹\RavSasser.exe -Patch
O4 - 启动项HKLM\\Run: [ExFilter] Rundll32.exe "C:\PROGRA~1\CNNIC\Cdn\cdnspie.dll",ExecFilter solo
O4 - 启动项HKLM\\Run: [DTService] rundll32.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX1\DTSERV~1.DLL,Load
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [3e55004d0d14f4009287983275fd0788] "C:\KAV2005\Setup\Duba2005IS.EXE" -t 1
O4 - Startup: 腾讯QQ珊瑚虫版.lnk = ?
O4 - Startup: 娱乐心空.lnk = C:\Program Files\yulexk\Run.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - IE右键菜单中的新增项目: &使用迷你迅雷下载 - D:\迅雷\geturl.htm
O11 - Options group: [TBH]  QQ地址栏搜索插件
O17 - HKLM\System\CCS\Services\Tcpip\..\{4D22C268-E63A-427D-8CE0-BB54DC6F6268}: NameServer = 202.99.160.68
O17 - HKLM\System\CCS\Services\Tcpip\..\{B0A2478D-9B61-498F-8325-F9EF7C6FA039}: NameServer = 202.99.160.68 202.99.168.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{4D22C268-E63A-427D-8CE0-BB54DC6F6268}: NameServer = 202.99.160.68
O17 - HKLM\System\CS2\Services\Tcpip\..\{4D22C268-E63A-427D-8CE0-BB54DC6F6268}: NameServer = 202.99.160.68
O23 - NT 服务: Microsoft_Service (MicrosoftService) - Unknown owner - C:\WINDOWS\MicrosoftService.exe
O23 - NT 服务: Remote Access Manager (NtmSgitRs) - Unknown owner - C:\WINDOWS\system32\drivers\etc\svchost.exe
O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - c:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - rising - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe


呵呵 这次对了吧 帮忙再看看哪错了  谢谢了 !~!~

点  修复  后出来个文件  那东西可以删吗??

【回复“吸血8啃骨”的帖子】

重新启动到安全模式（进入安全模式的方法:重新启动电脑, 开机自动检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式(Safe Mode)进入Windows。）

开始→控制面板→性能和维护→管理工具→服务→查找: Microsoft_Service、Remote Access Manager→右击→属性→启动类型→禁止→应用→停止→确定。

请关闭所有IE界面，重新使用HijackThis扫描一次，选中下面建议修复的项目，让HijackThis修复，修复前请允许HijackThis保留备份。（如果楼主知道是安全的可以不必勾选）
F2 - REG:system.ini: UserInit=userinit.exe,
O4 - 启动项HKLM\\Run: [DTService] rundll32.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX1\DTSERV~1.DLL,Load
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O23 - NT 服务: Microsoft_Service (MicrosoftService) - Unknown owner - C:\WINDOWS\MicrosoftService.exe
O23 - NT 服务: Remote Access Manager (NtmSgitRs) - Unknown owner - C:\WINDOWS\system32\drivers\etc\svchost.exe

然后打开我的电脑→再点工具→打开文件夹选项→查看→把隐藏受保护的系统文件（推荐）和隐藏已知文件类型的扩展名的勾去掉→再显示所有文件→找到以下文件并删除：(如果有的话)
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX1\DTSERV~1.DLL
C:\WINDOWS\system32\drivers\etc\svchost.exe
C:\WINDOWS\MicrosoftService.exe
C:\WINDOWS\MicrosoftService.dll
C:\WINDOWS\MicrosoftService_hook.dll
C:\WINDOWS\MicrosoftServicekey.dll

清空IE临时文件(打开IE浏览器——工具——internet选项——删除文件，把“删除所有脱机内容”选上)