今天回家发现机器中了木马，本来想进安全模式查杀病毒，可是在一点击“安全模式”几个字后就重起电脑了。然后格掉C盘重装了系统，在把卖咖啡（McAfee）升级完毕后又弹出木马警告！！



只要我一点击取消就是下面





下面是日志

Logfile of HijackThis v1.99.1
Scan saved at 22:20:58, on 2006-11-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Documents and Settings\new\桌面\Hijackthis\HijackThis.exe
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\CTFMON.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\new\桌面\viking\VIKING杀虫剂.com
C:\Documents and Settings\new\桌面\Hijackthis\HijackThis.exe

O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [StormCodec_Helper] ; "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: 壁纸自动换.lnk = C:\WINDOWS\system32\bgswitch.exe
O8 - Extra context menu item: 使用影音传送带下载 - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: 使用影音传送带下载全部链接 - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: 微软 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.microsoft.com/china/index.htm (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{6885AFC0-5CCB-4878-AC60-380E4BB8AC2A}: NameServer = 61.139.2.69
O23 - Service: McAfee Framework 服务 (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

网页病毒~~你是不是看什么不该看的网页了~~?  :)

断网,关闭IE,,清空临时文件夹~用你的咖啡再查杀一次~

IE》属性》删除文件（包括脱机文件）》确定
并清理下面文件夹中的内容
C:\Documents and Settings\***(你的用户名)\Local Settings\Temp
c:\windows\temp

还是不行啊，我现在还是进不了安全模式，一进就蓝屏

引用:

【影子110的贴子】网页病毒~~你是不是看什么不该看的网页了~~?  :) 断网,关闭IE,,清空临时文件夹~用你的咖啡再查杀一次~ IE》属性》删除文件（包括脱机文件）》确定 并清理下面文件夹中的内容 C:\Documents and Settings\***(你的用户名)\Local Settings\Temp c:\windows\temp ………………

不用进入安全模式,(如果能进入安全模式当然更好了~)

另,请先下载下面这个软件~并用它扫个日志~
SREng
http://www.kztechs.com/

2006-11-24,23:36:46

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINDOWS\system32\BLISS.SCR>  [Microsoft]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <Cmaudio><; RunDll32 cmicnfg.cpl,CMICtrlWnd>  [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><; C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [NVIDIA Corporation]
    <NvMediaCenter><; RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [NVIDIA Corporation]
    <nwiz><; nwiz.exe /install>  [NVIDIA Corporation]
    <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [N/A]
    <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [N/A]
    <StormCodec_Helper><; "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti>  [N/A]

==================================
启动文件夹
N/A

==================================
服务
[Human Interface Device Access / HidServ]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[kavsvc / kavsvc]
  <"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe"><Kaspersky Lab>
[NVIDIA Display Driver Service / NVSvc]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>

==================================
驱动程序
[a320raid / a320raid]
  <\SystemRoot\System32\DRIVERS\a320raid.sys><Adaptec, Inc.>
[AAC / AAC]
  <\SystemRoot\System32\DRIVERS\AAC.SYS><Adaptec, Inc.>
[aar1210 / aar1210]
  <\SystemRoot\System32\DRIVERS\aar1210.sys><Adaptec, Inc.>
[abp480n5 / abp480n5]
  <\SystemRoot\System32\DRIVERS\abp480n5.sys><Microsoft Corporation>
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[adpu160m / adpu160m]
  <\SystemRoot\System32\DRIVERS\adpu160m.sys><Microsoft Corporation>
[adpu320 / adpu320]
  <\SystemRoot\System32\DRIVERS\adpu320.sys><Adaptec, Inc.>
[ACARD AEC6210UF UltraDMA33 Controller / aec6210]
  <\SystemRoot\System32\DRIVERS\aec6210.sys><ACARD Technology Corp.>
[ACARD AEC6260 UltraDMA-66 Controller / aec6260]
  <\SystemRoot\System32\DRIVERS\aec6260.sys><ACARD Technology Corp.>
[aec6280 / aec6280]
  <\SystemRoot\System32\DRIVERS\aec6280.sys><ACARD Technology Corp.>
[AEC6290 / AEC6290]
  <\SystemRoot\System32\DRIVERS\AEC6290.SYS><ACARD Technology Corp.>
[AEC67160 / AEC67160]
  <\SystemRoot\System32\DRIVERS\AEC67160.SYS><ACARD Technology Corp.>
[AEC671X / AEC671X]
  <\SystemRoot\System32\DRIVERS\AEC671X.SYS><ACARD Technology Corp.>
[AEC6880 / AEC6880]
  <\SystemRoot\System32\DRIVERS\AEC6880.SYS><ACARD Technology Corp.>
[AEC6890 / AEC6890]
  <\SystemRoot\System32\DRIVERS\AEC6890.sys><ACARD Technology Corp.>
[aec68x5 / aec68x5]
  <\SystemRoot\System32\DRIVERS\aec68x5.sys><ACARD Technology Corp.>
[Aha154x / Aha154x]
  <\SystemRoot\System32\DRIVERS\aha154x.sys><Microsoft Corporation>
[aic78u2 / aic78u2]
  <\SystemRoot\System32\DRIVERS\aic78u2.sys><Microsoft Corporation>
[aic78xx / aic78xx]
  <\SystemRoot\System32\DRIVERS\aic78xx.sys><Microsoft Corporation>
[AliIde / AliIde]
  <\SystemRoot\System32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD K8 Processor Driver / AmdK8]
  <System32\DRIVERS\amdk8.sys><Microsoft Corporation>
[arc / arc]
  <\SystemRoot\system32\drivers\arc.sys><Adaptec, Inc.>
[asc / asc]
  <\SystemRoot\System32\DRIVERS\asc.sys><Advanced System Products, Inc.>
[asc3550 / asc3550]
  <\SystemRoot\System32\DRIVERS\asc3550.sys><Advanced System Products, Inc.>
[cd20xrnt / cd20xrnt]
  <C:\WINDOWS\SYSTEM32\DRIVERS\cd20xrnt.SYS><Microsoft Corporation>
[CmdIde / CmdIde]
  <\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[C-Media WDM Audio Interface / cmuda]
  <system32\drivers\cmuda.sys><C-Media Inc>
[dac2w2k / dac2w2k]
  <\SystemRoot\System32\DRIVERS\dac2w2k.sys><Mylex Corporation>
[dpti2o / dpti2o]
  <\SystemRoot\System32\DRIVERS\dpti2o.sys><Microsoft Corporation>
[elxstor / elxstor]
  <\SystemRoot\system32\drivers\elxstor.sys><Emulex>
[FASTSX / FASTSX]
  <\SystemRoot\System32\DRIVERS\FASTSX.SYS><Promise Technology, Inc.>
[fasttrak / fasttrak]
  <\SystemRoot\System32\DRIVERS\fasttrak.sys><Promise Technology, Inc.>
[fasttx2k / fasttx2k]
  <\SystemRoot\System32\DRIVERS\fasttx2k.sys><Promise Technology, Inc.>
[fasttx2k2 / fasttx2k2]
  <\SystemRoot\System32\DRIVERS\fasttx2k2.sys><Promise Technology, Inc.>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS]
  <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[HpCISSs / HpCISSs]
  <\SystemRoot\system32\drivers\hpcisss.sys><Hewlett-Packard Company>
[Hpt366 / Hpt366]
  <\SystemRoot\System32\DRIVERS\Hpt366.sys><Microsoft Corporation>
[HPT371 / HPT371]
  <\SystemRoot\System32\DRIVERS\HPT371.sys><HighPoint Technologies, Inc.>
[hpt374 / hpt374]
  <\SystemRoot\System32\DRIVERS\hpt374.sys><HighPoint Technologies, Inc.>
[hpt3xx / hpt3xx]
  <\SystemRoot\System32\DRIVERS\hpt3xx.sys><HighPoint Technologies, Inc.>
[hptmv / hptmv]
  <\SystemRoot\System32\DRIVERS\hptmv.sys><HighPoint Technologies, Inc.>
[hptpro / hptpro]
  <\SystemRoot\System32\DRIVERS\hptpro.sys><HighPoint Technologies, Inc.>
[Intel Integrated RAID / iaStor]
  <\SystemRoot\system32\drivers\iaStor.sys><Intel Corporation>
[iirsp / iirsp]
  <\SystemRoot\system32\drivers\iirsp.sys><Intel Corp./ICP vortex GmbH>
[ini910u / ini910u]
  <\SystemRoot\System32\DRIVERS\ini910u.sys><Microsoft Corporation>
[ITERAID_Service_Install / iteraid]
  <\SystemRoot\System32\DRIVERS\iteraid.sys><Integrated Technology Express, Inc.>
[Kl1 / Kl1]
  <\SystemRoot\System32\drivers\kl1.sys><Kaspersky Lab>
[Klif / Klif]
  <System32\drivers\klif.sys><Kaspersky Labs>
[Klmc / Klmc]
  <System32\drivers\klmc.sys><Kaspersky Lab>
[LSI_SAS / LSI_SAS]
  <\SystemRoot\system32\drivers\lsi_sas.sys><LSI Logic>
[LSI_SCSI / LSI_SCSI]
  <\SystemRoot\system32\drivers\lsi_scsi.sys><LSI Logic>
[m5228 / m5228]
  <\SystemRoot\System32\DRIVERS\m5228.sys><ALi Corporation.>
[m5281 / m5281]
  <\SystemRoot\system32\drivers\m5281.sys><ALi Corporation>
[MegaIDE / MegaIDE]
  <\SystemRoot\System32\DRIVERS\MegaIDE.sys><LSI Logic Corporation.>
[megasas / megasas]
  <\SystemRoot\system32\drivers\megasas.sys><LSI Logic Corporation>
[mraid2k / mraid2k]
  <\SystemRoot\System32\DRIVERS\mraid2k.sys><American Megatrends, Inc.>
[mraid35x / mraid35x]
  <\SystemRoot\System32\DRIVERS\mraid35x.sys><American Megatrends Inc.>
[nfrd960 / nfrd960]
  <\SystemRoot\system32\drivers\nfrd960.sys><IBM Corporation>
[npkcrypt / npkcrypt]
  <\??\C:\Program Files\QQ2005\npkcrypt.sys><N/A>
[nv / nv]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Intel SCSI Controller / NvAtaBus]
  <\SystemRoot\System32\DRIVERS\NVATABUS.SYS><NVIDIA Corporation>
[NVIDIA nForce Networking Controller Driver / NVENET]
  <system32\DRIVERS\NVENET.sys><NVIDIA Corporation>
[NVIDIA nForce(tm) RAID Class Driver / nvraid]
  <\SystemRoot\system32\DRIVERS\nvraid.sys><NVIDIA Corporation>
[NVIDIA nForce AGP Bus Filter / nv_agp]
  <\SystemRoot\system32\DRIVERS\nv_agp.sys><NVIDIA Corporation>
[PNP649R / PNP649R]
  <\SystemRoot\System32\DRIVERS\PNP649R.SYS><CMD Technology, Inc.>
[SiI 680 ATA Controller / Pnp680]
  <\SystemRoot\System32\DRIVERS\pnp680.sys><Silicon Image, Inc.>
[Silicon Image SiI 0680 Medley Raid Controller / Pnp680r]
  <\SystemRoot\System32\DRIVERS\pnp680r.sys><Silicon Image, Inc>
[Direct Parallel Link Driver / Ptilink]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[ql1080 / ql1080]
  <\SystemRoot\System32\DRIVERS\ql1080.sys><QLogic Corporation>
[Ql10wnt / Ql10wnt]
  <\SystemRoot\System32\DRIVERS\ql10wnt.sys><Microsoft Corporation>
[ql12160 / ql12160]
  <\SystemRoot\System32\DRIVERS\ql12160.sys><QLogic Corporation>
[ql1280 / ql1280]
  <\SystemRoot\System32\DRIVERS\ql1280.sys><QLogic Corporation>
[QLogic Fibre Channel SCSI Miniport Driver / ql2300]
  <\SystemRoot\system32\drivers\ql2300.sys><QLogic Corporation>
[RAIDSRC / RAIDSRC]
  <\SystemRoot\System32\DRIVERS\RAIDSRC.SYS><Intel/ICP>
[RsAntiSpyware / RsAntiSpyware]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[S150SX8 / S150SX8]
  <\SystemRoot\System32\DRIVERS\S150SX8.SYS><Promise Technology, Inc.>
[Secdrv / Secdrv]
  <system32\DRIVERS\secdrv.sys><N/A>
[SiI-3512 SATALink Controller / SI3112]
  <\SystemRoot\System32\DRIVERS\SI3112.sys><Silicon Image, Inc.>
[Silicon Image SiI 3512 SATARaid Controller / SI3112r]
  <\SystemRoot\system32\drivers\SI3112r.sys><Silicon Image, Inc>
[SiI-3114 SATALink Controller / SI3114]
  <\SystemRoot\System32\DRIVERS\SI3114.sys><Silicon Image, Inc.>
[SiI-3114 SATARaid Controller / SI3114r]
  <\SystemRoot\System32\DRIVERS\SI3114R.sys><Silicon Image, Inc>
[SiI-3124 SATALink Controller / SI3124]
  <\SystemRoot\System32\DRIVERS\SI3124.sys><Silicon Image, Inc.>
[SiI-3124 SATARaid Controller / SI3124r]
  <\SystemRoot\System32\DRIVERS\SI3124R.sys><Silicon Image, Inc>
[SATALink driver accelerator / SiFilter]
  <\SystemRoot\System32\DRIVERS\SiWinAcc.sys><Silicon Image, Inc.>
[SISIDE / SISIDE]
  <\SystemRoot\System32\DRIVERS\SISIDE.SYS><Silicon Integrated Systems Corp.>
[SiSRaid / SiSRaid]
  <\SystemRoot\System32\DRIVERS\SiSRaid.sys><Silicon Integrated Systems>
[SiSRaid1 / SiSRaid1]
  <\SystemRoot\System32\DRIVERS\SiSRaid1.sys><Silicon Integrated Systems>
[SISRAIDS / SISRAIDS]
  <\SystemRoot\System32\DRIVERS\SISRAIDS.SYS><Silicon Integrated Systems Corp>
[Sparrow / Sparrow]
  <\SystemRoot\System32\DRIVERS\sparrow.sys><Adaptec, Inc.>
[sptrak / sptrak]
  <\SystemRoot\System32\DRIVERS\sptrak.sys><Promise Technology, Inc.>
[symc810 / symc810]
  <\SystemRoot\System32\DRIVERS\symc810.sys><Symbios Logic Inc.>
[symc8xx / symc8xx]
  <\SystemRoot\System32\DRIVERS\symc8xx.sys><LSI Logic>
[SYMMPI / SYMMPI]
  <\SystemRoot\System32\DRIVERS\SYMMPI.SYS><LSI Logic>
[sym_hi / sym_hi]
  <\SystemRoot\System32\DRIVERS\sym_hi.sys><LSI Logic>
[sym_u3 / sym_u3]
  <\SystemRoot\System32\DRIVERS\sym_u3.sys><LSI Logic>
[TCP/IP Protocol Driver / Tcpip]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[TosIde / TosIde]
  <\SystemRoot\System32\DRIVERS\toside.sys><Microsoft Corporation>
[UlSata / UlSata]
  <\SystemRoot\System32\DRIVERS\ulsata.sys><Promise Technology, Inc.>
[ULSATAS / ULSATAS]
  <\SystemRoot\System32\DRIVERS\ULSATAS.SYS><Promise Technology, Inc.>
[ultra / ultra]
  <\SystemRoot\System32\DRIVERS\ultra.sys><Promise Technology, Inc.>

==================================
浏览器加载项
[NTIECatcher Class]
  {C56CB6B0-0D96-11D6-8C65-B2868B609932} <C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll, Xi>
[微软]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.microsoft.com/china/index.htm, N/A>
[访问瑞星网站]
  {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E444} <http://www.rising.com.cn/?u=RSTB, N/A>
[访问卡卡社区]
  {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E445} <http://www.ikaka.com/?u=RSTB, N/A>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft? Corporation>
[卡卡上网安全助手]
  {AFF6E516-CBE5-4F8A-9C2F-38A68013E766} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[NTIECatcher Class]
  {C56CB6B0-0D96-11D6-8C65-B2868B609932} <C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll, Xi>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\Flash85.ocx, Macromedia, Inc.>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[使用影音传送带下载]
  <C:\Program Files\Xi\NetTransport 2\NTAddLink.html, N/A>
[使用影音传送带下载全部链接]
  <C:\Program Files\Xi\NetTransport 2\NTAddList.html, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
正在运行的进程
[PID: 612][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 668][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 692][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 736][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 748][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 900][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 968][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1064][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1112][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1216][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1476][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\drivers\3sh2rg.sys]  [N/A, N/A]
    [C:\WINDOWS\system32\xm7wl.dll]  [N/A, N/A]
    [C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll]  [Xi, 1.91.12]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll]  [Kaspersky Lab, 5.0.383.1]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrchpg.dll]  [Kaspersky Lab, 5.0.1.18]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrch_ag.dll]  [Kaspersky Lab, 5.0.383.1]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\FSSync.dll]  [Kaspersky Lab, 5.0.383.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\pr_rmt.dll]  [Kaspersky Lab, 5.0.383.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\ccclient.dll]  [Kaspersky Lab, 5.0.383.1]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\klipc.dll]  [Kaspersky Lab, 5.0.383.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\KLUtil.dll]  [Kaspersky Lab, 5.0.383.1]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\rpt.dll]  [Kaspersky Lab, 5.0.383.2]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\CCIFACE.dll]  [Kaspersky Lab, 5.0.383.1]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\prloader.dll]  [Kaspersky Lab, 5.0.383.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\prkernel.ppl]  [Kaspersky Lab, 5.0.383.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus personal\prstring.ppl]  [Kaspersky Lab, 5.0.383.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus personal\pr_srv.ppl]  [Kaspersky Lab, 5.0.383.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus personal\pr_clnt.ppl]  [Kaspersky Lab, 5.0.383.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus personal\tempfile.ppl]  [Kaspersky Lab, 5.0.383.0]
    [C:\WINDOWS\system32\macromed\flash\Flash85.ocx]  [Macromedia, Inc., 8,5,0,133]
[PID: 1556][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1728][C:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\xm7wl.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\drivers\3sh2rg.sys]  [N/A, N/A]
[PID: 1756][C:\WINDOWS\system32\zod2nc.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\drivers\3sh2rg.sys]  [N/A, N/A]
    [C:\WINDOWS\system32\xm7wl.dll]  [N/A, N/A]
[PID: 2000][C:\WINDOWS\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.6681]
[PID: 2040][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 1340][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 388][C:\WINDOWS\system32\wuauclt.exe]  [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
    [C:\WINDOWS\system32\xm7wl.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\drivers\3sh2rg.sys]  [N/A, N/A]
[PID: 2036][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\xm7wl.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\drivers\3sh2rg.sys]  [N/A, N/A]
    [C:\WINDOWS\system32\kakatool.dll]  [Beijing Rising Technology Co., Ltd., 2, 0, 2, 1]
    [C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll]  [Xi, 1.91.12]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrchpg.dll]  [Kaspersky Lab, 5.0.1.18]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrch_ag.dll]  [Kaspersky Lab, 5.0.383.1]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\FSSync.dll]  [Kaspersky Lab, 5.0.383.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\pr_rmt.dll]  [Kaspersky Lab, 5.0.383.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\ccclient.dll]  [Kaspersky Lab, 5.0.383.1]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\klipc.dll]  [Kaspersky Lab, 5.0.383.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\KLUtil.dll]  [Kaspersky Lab, 5.0.383.1]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\rpt.dll]  [Kaspersky Lab, 5.0.383.2]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\CCIFACE.dll]  [Kaspersky Lab, 5.0.383.1]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\prloader.dll]  [Kaspersky Lab, 5.0.383.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\prkernel.ppl]  [Kaspersky Lab, 5.0.383.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus personal\prstring.ppl]  [Kaspersky Lab, 5.0.383.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus personal\pr_srv.ppl]  [Kaspersky Lab, 5.0.383.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus personal\pr_clnt.ppl]  [Kaspersky Lab, 5.0.383.0]
    [c:\program files\kaspersky lab\kaspersky anti-virus personal\tempfile.ppl]  [Kaspersky Lab, 5.0.383.0]
    [C:\WINDOWS\system32\macromed\flash\Flash85.ocx]  [Macromedia, Inc., 8,5,0,133]
[PID: 3124][C:\Documents and Settings\new\桌面\sreng2\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]
    [C:\WINDOWS\system32\xm7wl.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\drivers\3sh2rg.sys]  [N/A, N/A]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
61.141.31.11 www.kzdh.com
61.141.31.11 www.7255.com
61.141.31.11 www.7322.com
61.141.31.11 www.7939.com
61.141.31.11 www.piaoxue.com
61.141.31.11 www.feixu.net
61.141.31.11 www.6781.com
61.141.31.11 www.7b.com.cn
61.141.31.11 7b.com.cn
61.141.31.11 www.918188.com
61.141.31.11 hao.allxue.com
61.141.31.11 good.allxue.com
61.141.31.11 baby.allxue.com
61.141.31.11 www.allxue.com
61.141.31.11 about.lank.la
61.141.31.11 www.x114x.com
61.141.31.11 www.37ss.com
61.141.31.11 www.7k.cc
61.141.31.11 www.73ss.com
125.91.14.230 www.hao123.com
61.141.31.11 www.81915.com
61.141.31.11 222.88.90.22
61.141.31.11 www.9991.com
61.141.31.11 www.my123.com
61.141.31.11 www.haokan123.com
61.141.31.11 www.5566.net
61.141.31.11 www.gjj.cc
61.141.31.11 www.2345.com
61.141.31.11 dl.hao318.com
61.141.31.11 www.123wa.com
61.141.31.11 www.ku886.com
61.141.31.11 www.5icrack.com
61.141.31.11 www.jjol.cn
127.0.0.1 www.rising.com.cn
127.0.0.1 tool.ikaka.com
127.0.0.1 www.ikaka.com
127.0.0.1 update.rising.com.cn
127.0.0.1 online.rising.com.cn
127.0.0.1 up.rising.com.cn
127.0.0.1 go.rising.com.cn
127.0.0.1 it.rising.com.cn
127.0.0.1 rising.com.cn
127.0.0.1 ikaka.com

==================================

哪位高手来帮忙看一下

不能进安全模式
http://newcenturysun.hits.io/safeboot_winxp.zip下载这个 解压后 双击导入注册表