【回复“轩辕小聪”的帖子】[D:\Program Files\CNNIC\Cdn\imaoe.dll]  <CNNIC><2, 2, 0, 1>
    [D:\Program Files\CNNIC\Cdn\cdnforie.dll]  <CNNIC><1, 0, 0, 10>
    [D:\Program Files\CNNIC\Cdn\cdndet.dll]  <CNNIC><2, 2, 0, 3>
    [D:\Program Files\Thunder Network\Thunder\iEmbed.dll]  <Thunder Networking Technologies,LTD><1, 1, 0, 22>
    [D:\Program Files\Thunder Network\Thunder\RegisterDll.dll]  <Thunder Networking Technologies,LTD><1, 2, 0, 7>
    [D:\Program Files\Thunder Network\Thunder\FloatBar.dll]  <Thunder Networking Technologies,LTD><1, 0, 0, 2>
    [D:\WINDOWS\System32\cdnns.dll]  <CNNIC><2, 0, 0, 0>
    [D:\Program Files\Thunder Network\Thunder\Plugins\TingTing\TingTing.dll]  <Thunder Networking Technologies,LTD><1, 1, 0, 8>
    [D:\Program Files\Thunder Network\Thunder\iTargetAd.dll]  <Thunder Networking Technologies,LTD><1, 0, 0, 59>
    [D:\WINDOWS\System32\Macromed\Flash\Flash8.ocx]  <Macromedia, Inc.><8,0,22,0>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 0, 1013>
[PID: 2920][D:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe]  < ><2, 0, 0, 1002>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 0, 1013>
    [D:\Program Files\CNNIC\Cdn\cdnspie.dll]  <><2, 1, 0, 4>
    [D:\Program Files\CNNIC\Cdn\imaoe.dll]  <CNNIC><2, 2, 0, 1>
    [D:\Program Files\CNNIC\Cdn\cdnforie.dll]  <CNNIC><1, 0, 0, 10>
    [D:\Program Files\CNNIC\Cdn\cdndet.dll]  <CNNIC><2, 2, 0, 3>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\YAlive.dll]  <><2, 1, 1, 1039>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]  < ><2, 0, 1, 1007>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\ynotifier.dll]  <><1, 0, 0, 5>
[PID: 3104][D:\Program Files\Internet Explorer\iexplore.exe]  <Microsoft Corporation><6.00.2800.1106 (xpsp1.020828-1920)>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 0, 1013>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\yscrblock.dll]  <Yahoo><1, 0, 1, 1000>
    [D:\Program Files\CNNIC\Cdn\cdnspie.dll]  <><2, 1, 0, 4>
    [D:\Program Files\CNNIC\Cdn\imaoe.dll]  <CNNIC><2, 2, 0, 1>
    [D:\Program Files\CNNIC\Cdn\cdnforie.dll]  <CNNIC><1, 0, 0, 10>
    [D:\Program Files\CNNIC\Cdn\cdndet.dll]  <CNNIC><2, 2, 0, 3>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\YAlive.dll]  <><2, 1, 1, 1039>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]  < ><2, 0, 1, 1007>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasbar.dll]  <Yahoo!><2, 1, 7, 1047>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\assist\yphtb.dll]  <Yahoo! China><1, 1, 2, 1034>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\assist\yaswiper.dll]  <Yahoo><1, 0, 1, 1004>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasiesec.dll]  <Yahoo><1, 0, 2, 1003>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasnoad.dll]  <><1, 1, 2, 1004>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\assist\yzsNetProto.dll]  <Yahoo><1, 0, 0, 1>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\assist\yrss.dll]  <Yahoo! China><1, 0, 1, 1015>
    [D:\WINDOWS\System32\xunleibho_v14.dll]  <Thunder Networking Technologies,LTD><4, 6, 0, 62>
    [D:\WINDOWS\DOWNLO~1\sazpjai.dll]  <N/A><N/A>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\assist\yangling.dll]  <Yahoo.><1, 0, 2, 1002>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL]  <><1, 2, 7, 1006>
    [D:\DOCUME~1\admin\APPLIC~1\GIGANO~1\IE_HEL~1.DLL]  <N/A><N/A>
    [D:\PROGRA~1\SUPERR~1\MagicSet\HAOKAN~1.DLL]  <超级兔子><1.0.7.7>
    [D:\WINDOWS\System32\cdnns.dll]  <CNNIC><2, 0, 0, 0>
    [D:\WINDOWS\System32\Macromed\Flash\Flash8.ocx]  <Macromedia, Inc.><8,0,22,0>
    [D:\WINDOWS\System32\PYJJ4.IME]  <加加在线><4.0.0.7>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\assist\yrepair.dll]  <Yahoo><1, 0, 6, 1319>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\assist\yasfsks.dll]  <3721.com><2, 1, 1, 87>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\assist\yoptimum.dll]  <Yahoo><1, 0, 1, 1001>
    [d:\progra~1\yahoo!\assist~1\assist\yadfil~1.dll]  < ><1, 0, 2, 1001>
[PID: 3388][D:\Program Files\Rising\Rav\RsAgent.exe]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 12>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 0, 1013>
    [D:\Program Files\CNNIC\Cdn\cdnspie.dll]  <><2, 1, 0, 4>
    [D:\Program Files\CNNIC\Cdn\imaoe.dll]  <CNNIC><2, 2, 0, 1>
    [D:\Program Files\CNNIC\Cdn\cdnforie.dll]  <CNNIC><1, 0, 0, 10>
    [D:\Program Files\CNNIC\Cdn\cdndet.dll]  <CNNIC><2, 2, 0, 3>
    [D:\Program Files\Rising\Rav\RsCommX.dll]  <rising><18, 0, 0, 1>
[PID: 3364][D:\WINDOWS\msagent\AgentSvr.exe]  <Microsoft Corporation><2.00.0.3422>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 0, 1013>
    [D:\Program Files\CNNIC\Cdn\cdnspie.dll]  <><2, 1, 0, 4>
    [D:\Program Files\CNNIC\Cdn\imaoe.dll]  <CNNIC><2, 2, 0, 1>
    [D:\Program Files\CNNIC\Cdn\cdnforie.dll]  <CNNIC><1, 0, 0, 10>
    [D:\Program Files\CNNIC\Cdn\cdndet.dll]  <CNNIC><2, 2, 0, 3>
[PID: 3904][C:\Program Files\TTPlayer\TTPlayer.exe]  <N/A><4, 6, 7, 0>
    [C:\Program Files\TTPlayer\ttpcomm.dll]  <N/A><N/A>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 0, 1013>
    [D:\Program Files\CNNIC\Cdn\cdnspie.dll]  <><2, 1, 0, 4>
    [D:\Program Files\CNNIC\Cdn\imaoe.dll]  <CNNIC><2, 2, 0, 1>
    [D:\Program Files\CNNIC\Cdn\cdnforie.dll]  <CNNIC><1, 0, 0, 10>
    [D:\Program Files\CNNIC\Cdn\cdndet.dll]  <CNNIC><2, 2, 0, 3>
    [C:\Program Files\TTPlayer\ttpres.dll]  <N/A><4, 6, 7, 0>
    [D:\WINDOWS\System32\cdnns.dll]  <CNNIC><2, 0, 0, 0>
    [C:\Program Files\TTPlayer\AddIn\ttp_lrcsh.dll]  <N/A><N/A>
    [C:\Program Files\TTPlayer\AddIn\ttp_asf.dll]  <N/A><N/A>
    [C:\Program Files\TTPlayer\AddIn\ttp_aac.dll]  <N/A><N/A>
    [C:\Program Files\TTPlayer\AddIn\ttp_ac3dts.dll]  <N/A><N/A>
[PID: 2716][D:\WINDOWS\system32\NOTEPAD.EXE]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 0, 1013>
    [D:\Program Files\CNNIC\Cdn\cdnspie.dll]  <><2, 1, 0, 4>
    [D:\Program Files\CNNIC\Cdn\imaoe.dll]  <CNNIC><2, 2, 0, 1>
    [D:\Program Files\CNNIC\Cdn\cdnforie.dll]  <CNNIC><1, 0, 0, 10>
    [D:\Program Files\CNNIC\Cdn\cdndet.dll]  <CNNIC><2, 2, 0, 3>
[PID: 2768][D:\WINDOWS\system32\NOTEPAD.EXE]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 0, 1013>
    [D:\Program Files\CNNIC\Cdn\cdnspie.dll]  <><2, 1, 0, 4>
    [D:\Program Files\CNNIC\Cdn\imaoe.dll]  <CNNIC><2, 2, 0, 1>
    [D:\Program Files\CNNIC\Cdn\cdnforie.dll]  <CNNIC><1, 0, 0, 10>
    [D:\Program Files\CNNIC\Cdn\cdndet.dll]  <CNNIC><2, 2, 0, 3>
[PID: 3736][D:\Program Files\Microsoft Office\Office\EXCEL.EXE]  <Microsoft Corporation><9.0.2823>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 0, 1013>
    [D:\Program Files\CNNIC\Cdn\cdnspie.dll]  <><2, 1, 0, 4>
    [D:\Program Files\CNNIC\Cdn\imaoe.dll]  <CNNIC><2, 2, 0, 1>
    [D:\Program Files\CNNIC\Cdn\cdnforie.dll]  <CNNIC><1, 0, 0, 10>
    [D:\Program Files\CNNIC\Cdn\cdndet.dll]  <CNNIC><2, 2, 0, 3>
    [D:\Program Files\Rising\Rav\RsPlugIn.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 1>
    [D:\Program Files\Rising\Rav\RsGuiLib.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 24>
    [D:\Program Files\Rising\Rav\PngDll.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 692][C:\新建文件夹 (2)\sreng2\SREng.exe]  <Smallfrogs Studio><2.0.12.350>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 0, 1013>
    [D:\Program Files\CNNIC\Cdn\cdnspie.dll]  <><2, 1, 0, 4>
    [D:\Program Files\CNNIC\Cdn\imaoe.dll]  <CNNIC><2, 2, 0, 1>
    [D:\Program Files\CNNIC\Cdn\cdnforie.dll]  <CNNIC><1, 0, 0, 10>
    [D:\Program Files\CNNIC\Cdn\cdndet.dll]  <CNNIC><2, 2, 0, 3>
    [D:\WINDOWS\System32\cdnns.dll]  <CNNIC><2, 0, 0, 0>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["D:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

晕倒，再看了你的日志以后，我简直要把我自己给骂死，怎么会漏了这一项呢？
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<WindowsUpdateNT><D:\WINDOWS\System\svwhost.exe /s>
用SREng删除此项，然后删除D:\WINDOWS\System\svwhost.exe

这样可不可以，病毒文件删不掉，先把该文件改个名字，然后重启，再删文件，就可以删掉了，我刚才就这样处理了一个，现在在杀毒没有了。

[Internet Protect Service / NHLscA]
<D:\WINDOWS\SYSTEM32\RUNDLL32.EXE D:\WINDOWS\SYSTEM32\WBEM\IRJIT.DLL,Export 1087><N/A>
这一项参考http://forum.ikaka.com/topic.asp?board=28&artid=7946351处理，不过跟Rootkit无关。

【回复“xhsd2005”的帖子】
大哥，昨天，帮了我，今天真心谢谢您！！！！！

引用:

【无风02的贴子】这样可不可以，病毒文件删不掉，先把该文件改个名字，然后重启，再删文件，就可以删掉了，我刚才就这样处理了一个，现在在杀毒没有了。 ...........................

很多时候连重命名也是不行的。

我也不懂，自己瞎搞，不知到这是不是一个办法，

【回复“轩辕小聪”的帖子】进如注册表在编辑里怎么找不着IRJIT.DLL

【回复“轩辕小聪”的帖子】注册表找不到IRJIT.DLL

引用:

【xhsd2005的贴子】【回复“轩辕小聪”的帖子】你说的没错，后个文件是下午才产生的，我装着双系统呢，９８和ＸＰ，是不是双系统有更好的杀毒方法？我一直在ＸＰ，现已搜着，两个一起删吗？ ...........................

如果是双系统，你在98可以删除任何XP里的东东。