已全部窗口关闭，C:\WINDOWS\system32\shdocvw.dll
存在，但删除不了，说拒绝访问。
在安全模式删也一样

“u88连锁加盟店”也还在右键菜单
如果启动项有勾：aupdate，开机还是会弹出http://www.u88.cn/shortcut/u88shortcut.htm

Logfile of HijackThis v1.99.1
Scan saved at 14:26:10, on 2006-8-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\SAV\DefWatch.exe
C:\WINDOWS\system32\CBA\pds.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SAV\Rtvscan.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
E:\QQ\QQ.exe
C:\Program Files\Tencent\QQ\TMDlls\TIMPlatform.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\Documents and Settings\dsd\桌面\hijackthis\HijackThis.exe
C:\Program Files\Kingsoft\FastAIT 2005\FastAIT.exe

R3 - URLSearchHook: (no name) - {BB936323-19FA-4521-BA29-ECA6A121BC78} - (no file)
O2 - BHO: dddmont Class - {00018593-C6BD-46F7-9349-DBA1AA674C90} - C:\Program Files\DuDu\Speed\dddiemon.dll
O2 - BHO: xBarHelper.MoveCatchPic - {0CF098A0-CBAC-4EFB-8451-3AFC201C7222} - C:\Program Files\xBar\xBarHelper.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL (file missing)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - C:\PROGRA~1\KuGoo3\KUGOO3~1.OCX
O2 - BHO: IEHlprObj Class - {C5E5DB7E-46B1-47E6-8447-2E517F269925} - C:\Program Files\Xplus\GETIE.dll (file missing)
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\DOWNLO~1\CnsHook.dll
O2 - BHO: (no name) - {E16BB625-16F1-4338-AA38-098F6873AC24} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: 金山快译(&K) - {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} - C:\Program Files\Kingsoft\FastAIT 2005\IEBand.dll
O3 - Toolbar: &u88连锁加盟网 - {3FFD59AA-280D-4AB3-B420-0CFF2B332316} - C:\Program Files\Internet Explorer\2052\WebBand.dll
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32
O4 - HKLM\..\RunServices: [services] C:\WINDOWS\services.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [KavPFW] "C:\KAV2005\KAVPFW.exe"
O4 - HKCU\..\RunServices: [services] C:\WINDOWS\services.exe
O8 - Extra context menu item: &使用DuDu下载 - res://C:\Program Files\DuDu\Speed\dddmext.dll/202
O8 - Extra context menu item: &使用DuDu下载全部链接 - res://C:\Program Files\DuDu\Speed\dddmext.dll/203
O8 - Extra context menu item: &使用DuDu下载选择链接 - res://C:\Program Files\DuDu\Speed\dddmext.dll/204
O8 - Extra context menu item: Google 搜索(&G) - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: U88连锁加盟网 - c:\Program Files\Internet Explorer\2052\contextmenu.htm
O8 - Extra context menu item: 使用KuGoo3下载(&K) - C:\Program Files\KuGoo3\KuGoo3DownX.htm
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 反向链接 - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: 发送到手机 - C:\Program Files\xBar\xBar.htm
O8 - Extra context menu item: 类似网页 - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: 缓存的网页快照 - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: 翻译英文字词(&T) - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O9 - Extra button: 免费精彩视频超流畅在线观看 - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - Extra 'Tools' menuitem: 播霸电视 - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - Extra button: (no name) - {3FFD59AA-280D-4AB3-B420-0CFF2B332316} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail (file missing)
O9 - Extra button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=taobao (file missing)
O9 - Extra button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist (file missing)
O9 - Extra button: (no name) - {9239E4EC-C9A6-11D2-A844-00C04F68D538} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O11 - Options group: [!CNS]  网络实名
O14 - IERESET.INF: START_PAGE_URL=about:blank
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) - https://www.sz1.cmbchina.com/download/CMBEdit.cab
O16 - DPF: {20C2C286-BDE8-441B-B73D-AFA22D914DA5} (PowerList Control) - http://download.ppstream.com/bin/powerplayer.cab
O16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} (WebActivater Control) - http://game.qq.com/QQGame2.cab
O16 - DPF: {87CCFDB0-C4BE-4BC2-A78C-9EAA7CF96667} (pcastup Class) - http://ps.itv.mop.com/dn/files/vodupdate_1.0.0.8_20051009.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://ps.itv.mop.com/dn/files/pCastCtl_1.0.0.87_20060601.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{158E1278-713A-40F6-BC36-4831499BF792}: NameServer = 202.96.128.143,202.96.128.68
O17 - HKLM\System\CCS\Services\Tcpip\..\{1A29D1F0-9E0F-48D0-9F7A-47A2E5385742}: NameServer = 202.96.128.143,202.96.128.68
O17 - HKLM\System\CCS\Services\Tcpip\..\{4F28A2AD-C6EC-4260-8B43-3E6D6D1A418C}: NameServer = 192.168.1.1,202.96.128.86
O17 - HKLM\System\CCS\Services\Tcpip\..\{515D1D66-2EAF-4E46-B43F-A8A09E247855}: NameServer = 202.96.128.68,202.96.128.143
O17 - HKLM\System\CCS\Services\Tcpip\..\{C09F141D-96E6-4FFC-9128-E6B4C88D92A3}: NameServer = 202.96.128.143,202.96.128.68
O17 - HKLM\System\CS1\Services\Tcpip\..\{158E1278-713A-40F6-BC36-4831499BF792}: NameServer = 202.96.128.143,202.96.128.68
O17 - HKLM\System\CS2\Services\Tcpip\..\{158E1278-713A-40F6-BC36-4831499BF792}: NameServer = 202.96.128.143,202.96.128.68
O18 - Protocol: mbox - {7DEE9D05-FA0A-4416-A6F3-6537D0EAB6A6} - C:\WINDOWS\system32\mbprot.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\SAV\DefWatch.exe
O23 - Service: Intel PDS - Intel? Corporation - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\SAV\Rtvscan.exe