我电脑之前的现象如此：
一切和金山或瑞星有关系的东西都无法打开，包括金山毒霸，防火墙，甚至金山词霸。我无法在google或任何网页输入‘金山’‘瑞星’这类词，如果输入，网页会自动关闭，此外有时上不了网。如果有幸可以上到，通过打开联网的那个小图标可以观察到电脑一直在往外大量输出某些信息（我意思是我不下载或浏览网页的情况下）。唯一尚能在安全模式打开的一种瑞星免费专杀软件可以发现一堆木马病毒或疑似木马病毒，但是瑞星无法杀死他们。而因为我无法登陆任何一间杀毒网站（一旦试图访问，网页会关闭），所以我无法使用在线杀毒或升级什么的。另外所有已经下载的html文件，无法打开（包括脱机的时候），电脑的运行速度明显降低，只要在联网状态，通常开机5分钟后，cpu就会以100%满负荷运行，哪怕我并没打开任何软件。再另外，有的时候有些其他的软件都无法打开

后来我下载了一个外国的免费杀毒软件ANTIVIR，杀掉了一些毒，电脑也稍微正常了些，但由于装了那个软件会更经常的让我上不了网，所以我就把它又拆了


然后继续用有时尚能打开的瑞星杀橙8月软件在安全模式下杀毒，结果还有2个疑似病毒在3个地方（比之前少多了）：
Trojan.PSW.LMir
Trojan.PSW.QQPass

但总而言之，还是有病毒没杀掉！！！！
最后是我的扫描HijackThis结果（正常模式下）：


Logfile of HijackThis v1.99.1
Scan saved at 23:27:08, on 2006-9-5
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\ASUS\ASUS Hotkey\Hotkey.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Bluewater\桌面\新建文件夹\New Folder\ha_hijackthis_1991\HijackThis.exe

O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\System32\xunleibho_v8.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yangling.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4A40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar0.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [RealUpdate] C:\Program Files\Common Files\update\update.exe
O4 - Global Startup: Hotkey.lnk = C:\Program Files\ASUS\ASUS Hotkey\Hotkey.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: IE-Bar.lnk = C:\Program Files\Common Files\IE-Bar\iebar.exe
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {8DE0FCD4-5EB5-11D3-AD25-00002100131B} - C:\POWERW~1\IEPlugin.dll
O9 - Extra button: 词霸 - {9A687CA6-D585-4947-9ED9-BE96071F5CD9} - C:\POWERW~1\XDictExB.dll
O9 - Extra button: 金山词霸 - {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} - C:\POWERW~1\IEPlugin.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe
O9 - Extra button: 易趣购物 - {DE607146-AC19-426e-868A-8D70ABDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=5 (file missing)
O9 - Extra 'Tools' menuitem: 易趣购物 - {DE607146-AC19-426e-868A-8D70ABDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=5 (file missing)
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O16 - DPF: DigiChat Applet - http://host8.digichat.com/DigiChat/DigiClasses/Client_IE.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: _{15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.35mb.com/applet/applet_l.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {52DF16E3-6C4F-4B22-8BAF-09263E463B48} (金山毒霸在线产品升级) - http://zs.kingsoft.com/KOSInit.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab
O18 - Protocol: dic - {C21F5C32-F57A-4A0D-8E0A-B672691C52D0} - C:\POWERW~1\XDictExB.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Alias Wavefront Help Server (AWHelpServer) - Unknown owner - C:\Program Files\AliasWavefront\Maya5.0\docs\Wrapper.exe" -s "C:\Program Files\AliasWavefront\Maya5.0\docs/Wrapper.conf (file missing)
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

希望高手支招

对了，在拆ANTIVIR之前，用它杀毒后的信息如下（安全模式）：

Starting the file scan:

C:\pagefile.sys
      [WARNING]  The file could not be opened!
C:\the.exe
      [DETECTION] Is the Trojan horse TR/NSAnti.C.3
C:\nxldr.dat
      [DETECTION] Is the Trojan horse TR/PSW.WOW.AD
C:\WINDOWS\update1.exe
      [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
C:\WINDOWS\SMSS.EXE
      [DETECTION] Is the Trojan horse TR/PSW.Lmir.bac
C:\WINDOWS\finder.com
      [DETECTION] Is the Trojan horse TR/PSW.Lmir.bac
C:\WINDOWS\explorer.com
      [DETECTION] Is the Trojan horse TR/PSW.Lmir.bac
C:\WINDOWS\1.com
      [DETECTION] Is the Trojan horse TR/PSW.Lmir.bac
C:\WINDOWS\BOOT.BIN.BAK
      [WARNING]  The file could not be opened!
C:\WINDOWS\LSASS.exe
      [DETECTION] Is the Trojan horse TR/PSW.Legendmir.BL
C:\WINDOWS\EXERT.exe
      [DETECTION] Is the Trojan horse TR/PSW.Legendmir.BL
C:\WINDOWS\ExERoute.exe
      [DETECTION] Is the Trojan horse TR/PSW.Lmir.bac
C:\WINDOWS\system32\wdfmgr32.log
      [DETECTION] Contains signature of the dropper DR/Delphi.Gen
C:\WINDOWS\system32\tfmfile.exe
      [DETECTION] Contains signature of the worm WORM/Viking.A
C:\WINDOWS\system32\cns.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Baido
C:\WINDOWS\system32\cns.dll
      [DETECTION] Is the Trojan horse TR/Dldr.Baido
C:\WINDOWS\system32\tdll.dll
      [DETECTION] Contains suspicious code HEUR/Malware
C:\WINDOWS\system32\dllwm.dll
      [DETECTION] Is the Trojan horse TR/PSW.Lineage.ahq
C:\WINDOWS\system32\msdll.dll
      [DETECTION] Contains suspicious code HEUR/Malware
C:\WINDOWS\system32\wintfm.dll
      [DETECTION] Contains signature of the worm WORM/Viking.A
C:\WINDOWS\system32\netcfgw.dll
      [DETECTION] Is the Trojan horse TR/Spy.Agent.ct.4.A
      [WARNING]  The file could not be deleted!
C:\WINDOWS\system32\rundll32.com
      [DETECTION] Is the Trojan horse TR/PSW.Lmir.bac
C:\WINDOWS\system32\finder.com
      [DETECTION] Is the Trojan horse TR/PSW.Lmir.bac
C:\WINDOWS\system32\command.pif
      [DETECTION] Is the Trojan horse TR/PSW.Lmir.bac
C:\WINDOWS\system32\MSCONFIG.COM
      [DETECTION] Is the Trojan horse TR/PSW.Lmir.bac
C:\WINDOWS\system32\dxdiag.com
      [DETECTION] Is the Trojan horse TR/PSW.Lmir.bac
C:\WINDOWS\system32\regedit.com
      [DETECTION] Is the Trojan horse TR/PSW.Lmir.bac
C:\WINDOWS\system32\msime.exe
      [DETECTION] Is the Trojan horse TR/PSW.Lmir.bam
C:\WINDOWS\system32\hookdll.dll
      [DETECTION] Is the Trojan horse TR/PSW.Hooker.L
C:\WINDOWS\system32\NTdHcP.exe
      [DETECTION] Contains a signature of the (dangerous) backdoor program BDS/Hupigon.DP Backdoor server programs
C:\WINDOWS\system32\KB8964225.log
      [DETECTION] Is the Trojan horse TR/PSW.WOW.AD
C:\WINDOWS\system32\config\system.LOG
      [WARNING]  The file could not be opened!
C:\WINDOWS\system32\config\software.LOG
      [WARNING]  The file could not be opened!
C:\WINDOWS\system32\config\default.LOG
      [WARNING]  The file could not be opened!
C:\WINDOWS\system32\config\SAM.LOG
      [WARNING]  The file could not be opened!
C:\WINDOWS\system32\config\SECURITY.LOG
      [WARNING]  The file could not be opened!
C:\WINDOWS\system32\config\DEFAULT
      [WARNING]  The file could not be opened!
C:\WINDOWS\system32\config\SECURITY
      [WARNING]  The file could not be opened!
C:\WINDOWS\system32\config\SOFTWARE
      [WARNING]  The file could not be opened!
C:\WINDOWS\system32\config\SYSTEM
      [WARNING]  The file could not be opened!
C:\WINDOWS\system32\config\SAM
      [WARNING]  The file could not be opened!
C:\WINDOWS\Debug\DebugProgram.exe
      [DETECTION] Is the Trojan horse TR/PSW.Lmir.bac
C:\WINDOWS\command\rundll32.exe
      [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
C:\Documents and Settings\Bluewater\ntuser.dat.LOG
      [WARNING]  The file could not be opened!
C:\Documents and Settings\Bluewater\ntuser.dat
      [WARNING]  The file could not be opened!
C:\Documents and Settings\Bluewater\Local Settings\Temp\g0ld.com
      [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
C:\Documents and Settings\Bluewater\Local Settings\Temp\1.exe
      [DETECTION] Contains signature of the dropper DR/Delphi.Gen
C:\Documents and Settings\Bluewater\Local Settings\Temp\theopen.exe
      [DETECTION] Is the Trojan horse TR/Click.Qhost.J
C:\Documents and Settings\Bluewater\Local Settings\Temp\3.exe
      [DETECTION] Is the Trojan horse TR/PSW.iGameHook.1
C:\Documents and Settings\Bluewater\Local Settings\Temp\Dns.Exe
      [DETECTION] Is the Trojan horse TR/Qhost.HE
C:\Documents and Settings\Bluewater\Local Settings\Temp\uprar.exe
      [DETECTION] Is the Trojan horse TR/Crypt.NSAnti.Gen
C:\Documents and Settings\Bluewater\Local Settings\Temp\foxrar.exe
      [DETECTION] Is the Trojan horse TR/PSW.WOW.EO.8
C:\Documents and Settings\Bluewater\Local Settings\Temp\2hujh.dll
      [DETECTION] Is the Trojan horse TR/RKit.Vanti.DF.22
C:\Documents and Settings\Bluewater\Local Settings\Temp\2.exe
      [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
C:\Documents and Settings\Bluewater\Local Settings\Temp\5.exe
      [DETECTION] Is the Trojan horse TR/Crypt.NSAnti.Gen
C:\Documents and Settings\Bluewater\Local Settings\Temp\CCG0.exe
      [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen
C:\Documents and Settings\Bluewater\Local Settings\Temporary Internet Files\Content.ie5\rbd7blgw\hjm[1]
      [DETECTION] Contains signature of the dropper DR/Delphi.Gen
C:\Documents and Settings\Bluewater\Local Settings\Temporary Internet Files\Content.IE5\RBD7BLGW\update4[1].jpg
      [DETECTION] Is the Trojan horse TR/Dldr.Delf.asv.3
C:\Documents and Settings\Bluewater\Local Settings\Temporary Internet Files\Content.IE5\8BTJI631\update6[1].jpg
      [DETECTION] Is the Trojan horse TR/PSW.Lmir.bam
C:\Documents and Settings\Bluewater\Local Settings\Temporary Internet Files\Content.IE5\TCG7HL0L\1[1].exe
      [DETECTION] Is the Trojan horse TR/NSAnti.C.3
C:\Documents and Settings\Bluewater\Local Settings\Temporary Internet Files\Content.IE5\SXK9MZGX\update3[1].jpg
      [DETECTION] Is the Trojan horse TR/PSW.Lmir.bac
C:\Documents and Settings\Bluewater\Local Settings\Temporary Internet Files\Content.IE5\CDEBG1MN\update2[1].jpg
      [DETECTION] Contains a signature of the (dangerous) backdoor program BDS/Hupigon.DP Backdoor server programs
C:\Documents and Settings\Bluewater\Local Settings\Temporary Internet Files\Content.IE5\CPE3IT0X\update7[1].jpg
      [DETECTION] Is the Trojan horse TR/PSW.Legendmir.BL
C:\Documents and Settings\Bluewater\Local Settings\Temporary Internet Files\Content.ie5\8rsbzve6\hjm[1]
      [DETECTION] Contains signature of the dropper DR/Delphi.Gen
C:\Documents and Settings\Bluewater\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
      [WARNING]  The file could not be opened!
C:\Documents and Settings\Bluewater\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
      [WARNING]  The file could not be opened!
C:\Program Files\svhost32.exe
      [DETECTION] Contains signature of the dropper DR/Delphi.Gen
C:\Program Files\Common Files\iexplore.pif
      [DETECTION] Is the Trojan horse TR/PSW.Lmir.bac
C:\Program Files\Common Files\INTEXPLORE.pif
      [DETECTION] Is the Trojan horse TR/PSW.Legendmir.BL
C:\Program Files\Common Files\update\update3.exe
      [DETECTION] Is the Trojan horse TR/PSW.Lmir.bac
C:\Program Files\Common Files\update\update4.exe
      [DETECTION] Is the Trojan horse TR/Dldr.Delf.asv.3
C:\Program Files\Common Files\update\update7.exe
      [DETECTION] Is the Trojan horse TR/PSW.Legendmir.BL
C:\Program Files\Internet Explorer\iexplore.com
      [DETECTION] Is the Trojan horse TR/PSW.Lmir.bac
C:\Program Files\Internet Explorer\INTEXPLORE.com
      [DETECTION] Is the Trojan horse TR/PSW.Legendmir.BL
C:\Program Files\Internet Explorer\PLUGINS\system.jmp
      [DETECTION] Contains signature of the dropper DR/Delphi.Gen
C:\Program Files\Internet Explorer\PLUGINS\system32.jmp
      [DETECTION] Is the Trojan horse TR/PSW.iGameHook.1
C:\Program Files\Internet Explorer\PLUGINS\system32.sys
      [DETECTION] Contains suspicious code HEUR/Malware
C:\Program Files\WinRAR\Default.SFX
      [DETECTION] Is the Trojan horse TR/Starter.M.2
C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe
      [DETECTION] Contains signature of the dropper DR/Dldr.Small.chq
C:\Program Files\Yahoo!\Assistant\Assist\yrepair.dll
      [DETECTION] Is the Trojan horse TR/Drop.ZSKiller.4
C:\Program Files\3721\ske\wmpns.dll
      [DETECTION] Is the Trojan horse TR/Dldr.ZSKiller.2
C:\Program Files\3721\ske\wmpns.cab
  [0] Archive type: CAB (Microsoft)
  --> wmpns.dll
      [DETECTION] Is the Trojan horse TR/Drop.ZSKiller.2
C:\Program Files\3721\ske\snpmw.dll
      [DETECTION] Is the Trojan horse TR/Drop.ZSKiller.2
C:\KAV2006\Update\Common\Update.EXE
      [DETECTION] Is the Trojan horse TR/Muldrop.1417.D
C:\DONGDONG\DONGDONG.DLL
      [DETECTION] Contains suspicious code HEUR/Malware
Start scanning boot sectors:


Starting the file scan:

D:\autorun.inf
      [DETECTION] Is the Trojan horse TR/PSW.WOW.CJ
D:\pagefile.pif
      [DETECTION] Is the Trojan horse TR/PSW.Lmir.bac
D:\command.com
      [DETECTION] Is the Trojan horse TR/PSW.Legendmir.BL
     

总而言之，真的希望高手帮忙了，谢了！

C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE 删除!就是它导致网络中断
C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe删除


02 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yangling.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL
O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4A40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar0.dll
O4 - HKLM\..\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
以上全部修复!还有金山词霸最好不要用,占内存,有时甚至导致系统运行相当的慢.

进入控制面版的添加删除程序中卸载IE-Bar
关闭所有浏览窗口以及一些不必要的程序
运行Hijackthis，扫描结束后在下列选项前打上勾，然后选"修复
O4 - HKCU\..\Run: [RealUpdate] C:\Program Files\Common Files\update\update.exe
删除
C:\Program Files\Common Files\update
重启后删除
C:\Program Files\Common Files\IE-Bar
请下载 System Repair Engineer，使用“智能扫描”，按下“扫描”按钮进行扫描，扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完，分次粘完，请不要修改。

你好，3楼，我意外在O4 - HKCU\..\Run: [RealUpdate] C:\Program Files\Common Files\update\update.exe
删除后就重起了，重起后删除了C:\Program Files\Common Files\update，
但我怎么也找不到C:\Program Files\Common Files\IE-Bar（包括在那个文件夹下使用搜索，又重起了2次也找不到）

另外你要的扫描结果：
006-09-06,01:19:58

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 1 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>  [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
    <run><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [Microsoft Corporation]
    <MSPY2002><C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC>  []
    <PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [Microsoft Corporation]
    <ATIPTA><C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe>  [ATI Technologies, Inc.]
    <SoundMan><SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]
    <SynTPLpr><C:\Program Files\Synaptics\SynTP\SynTPLpr.exe>  [Synaptics, Inc.]
    <SynTPEnh><C:\Program Files\Synaptics\SynTP\SynTPEnh.exe>  [Synaptics, Inc.]
    <HControl><C:\WINDOWS\ATK0100\HControl.exe>  []
    <Power_Gear><C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1>  []
    <NeroFilterCheck><C:\WINDOWS\system32\NeroCheck.exe>  [Ahead Software Gmbh]
    <StormCodec_Helper><"C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti>  []
    <yassistse><"C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe">  [Yahoo! China]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <KernelFaultCheck><C:\WINDOWS\System32\msime.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><EXPLORER.EXE>  [Microsoft Corporation]
    <Userinit><C:\WINDOWS\System32\userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{8A238B14-A6FF-11E0-9A84-00C04FD8DBD8}><C:\WINDOWS\System32\sysldr.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [Microsoft Corporation]
    <PHIME2002A><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [Microsoft Corporation]
    <PHIME2002ASync><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [Microsoft Corporation]
    <RealTray><; C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER>  []

==================================
启动文件夹
[Hotkey]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Hotkey.lnk><N>
[Adobe Gamma Loader]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Gamma Loader.lnk><N>
[Cisco Systems VPN Client]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Cisco Systems VPN Client.lnk><N>
[Adobe Reader Speed Launch]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Reader Speed Launch.lnk><N>

==================================
服务
[Ati HotKey Poller / Ati HotKey Poller]
  <C:\WINDOWS\System32\Ati2evxx.exe><N/A>
[Alias Wavefront Help Server / AWHelpServer]
  <"C:\Program Files\AliasWavefront\Maya5.0\docs\Wrapper.exe" -s "C:\Program Files\AliasWavefront\Maya5.0\docs/Wrapper.conf"><N/A>
[C-DillaSrv / C-DillaSrv]
  <C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE><C-Dilla Ltd>
[Cisco Systems, Inc. VPN Service / CVPND]
  <"C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe"><Cisco Systems, Inc.>
[Kingsoft Personal Firewall Service / KPfwSvc]
  <"C:\KAV2006\KPfwSvc.EXE"><Kingsoft Corporation>

==================================
浏览器加载项
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\System32\xunleibho_v8.dll, Thunder Networking Technologies,LTD>
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Yahoo!Photo]
  {33BBE430-0E42-4f12-B075-8D21ACB10DCB} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll, Yahoo! China>
[AntiFish Class]
  {38928D50-8A48-44C2-945F-D2F23F771410} <C:\PROGRA~1\Yahoo!\ASSIST~1\assist\yangling.dll, yahoo! china>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[DragSearch BHO]
  {62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL, yahoo! china>
[CibaCtrl Class]
  {8DE0FCD4-5EB5-11D3-AD25-00002100131B} <C:\POWERW~1\IEPlugin.dll, >
[金山词霸]
  {9A687CA6-D585-4947-9ED9-BE96071F5CD9} <C:\POWERW~1\XDictExB.dll, 金山软件股份有限公司>
[JoyoCtrl Class]
  {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} <C:\POWERW~1\IEPlugin.dll, >
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[FlashGet]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\Program Files\FlashGet\flashget.exe, Amaze Soft>
[易趣购物]
  {DE607146-AC19-426e-868A-8D70ABDF119A} <http://click2.ad4all.net/url2/urlmanage/url.asp?id=5, N/A>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\fgiebar.dll, Amaze Soft>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[雅虎助手]
  {406F94F0-504F-4A40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar0.dll, yahoo! china>
[Yahoo! Audio Conferencing]
  {2B323CD9-50E3-11D3-9466-00A0C9700498} <C:\WINDOWS\DOWNLO~1\yacscom.dll, Yahoo! Inc.>
[金山毒霸在线产品升级]
  {52DF16E3-6C4F-4B22-8BAF-09263E463B48} <C:\WINDOWS\System32\kingsoft\KOS\KOSInit.ocx, 金山软件股份有限公司>
[MsnMessengerSetupDownloadControl Class]
  {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} <C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[Rising Web Scan Object]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[使用网际快车下载]
  <C:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <C:\Program Files\FlashGet\jc_all.htm, N/A>

3楼，谢谢你了，但不知道为什么我另一部分内容无法贴出来！！！！我贴到了另个地方！

http://forum.ikaka.com/topic.asp?board=28&artid=8163864

请问各位高手，通常研究和消灭一种病毒需要多长时间？让我有个心理准备。。。

请问有其他人和我情况类似吗？
另外我记得中毒的时候防火墙显示有病毒，但说杀掉了我就没在意！其实根本就没杀掉！
此外我上的绝对是非色情的正常网站，真不明白为什么会中招！

各位高手，我想再问一个问题！我现在要是用MSN或QQ或SKYPE，特别是SKYPE和别人语音聊天的话，会否把病毒传染给对方？？？

聊天不应该会，你放心好了。

打开System Repair Engineer（也就是你的扫描日志软件SREng.exe），使用“系统修复，文件关联，勾选“全选”点“修复”使所有扩展名都恢复正常。
请到www.27814939.ys168.com,点“我的软件”下载KillBox.exe
重新启动电脑, 开机检测完后, 按[F8]键(可以一直按到启动菜单出来为止), 选择安全模式进入Windows
双击打开KillBox.exe，分别删除
C:\POWERW~1\IEPlugin.dll
C:\WINDOWS\System32\msime.exe
C:\WINDOWS\System32\sysldr.dll
C:\WINDOWS\System32\sysldr.dll
C:\WINDOWS\System32\netcfgw.dll
C:\WINDOWS\System32\netcfgw.exe
C:\WINDOWS\System32\netcfgw.dll

（删除时勾选“删除前先结束Explorer.EXE进程”不行再试着勾选"删除DLL文件前反注册此文件"

给菜鸟的东东—KillBox的使用技巧
http://forum.ikaka.com/topic.asp?board=28&artid=8160799

关闭所有浏览窗口以及一些不必要的程序
打开System Repair Engineer（也就是你的扫描日志软件SREng.exe），使用“系统修复，浏览器加载项”来删除以下选项。
C:\POWERW~1\IEPlugin.dll
打开System Repair Engineer（也就是你的扫描日志软件SREng.exe），使用“启动项目，注册表”来删除以下选项。
C:\WINDOWS\System32\msime.exe
C:\WINDOWS\System32\sysldr.dll
完后，重启，再直接进入安全模式，再按以上的方法再做一次。
完后，重启，再扫个日志粘上来。