NIC\Cdn\cdnspie.dll]  [, 2, 0, 0, 0]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [cnnic, 2, 0, 0, 1]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 0, 5, 1023]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\yscrblock.dll]  [Yahoo! China, 3, 0, 2, 1003]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ykern.dll]  [Yahoo! China, 3, 1, 9, 1025]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\yalive.dll]  [yahoo! china, 3, 5, 9, 1111]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]  [Yahoo! China, 3, 0, 2, 1011]
    [C:\WINDOWS\system32\KakaTool.dll]  [Beijing Rising Technology Co., Ltd., 2, 0, 3, 0]
    [C:\WINDOWS\system32\xunleibho_v8.dll]  [Thunder Networking Technologies,LTD, 4, 5, 1, 33]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.0.2004121400]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\DeskAdTop\deskipn.dll]  [, 1, 0, 0, 1]
    [C:\PROGRA~1\CNNIC\Cdn\cdniehlp.dll]  [, 2, 0, 0, 2]
    [D:\My Documents\QQIEHelper.dll]  [深圳市腾讯计算机系统有限公司, 1, 1, 0, 5]
    [C:\WINDOWS\system32\msibm\cfsbho.dll]  [, 1.0.0.1]
    [C:\WINDOWS\system32\NTDLL32.dll]  [Microsoft Corporation, 5.1.2600.2180]
    [C:\WINDOWS\system32\webpageparser.dll]  [N/A, ]
    [C:\WINDOWS\system32\Charset.dll]  [N/A, ]
    [C:\WINDOWS\system32\CreateDomTree.dll]  [N/A, ]
    [C:\WINDOWS\system32\IEHelper.dll]  [Mass Effect Network, 5.1.2600.0]
    [C:\Program Files\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [, 2, 0, 0, 2]
    [C:\Program Files\HuaCi\huaci\Mouse1.dll]  [中搜在线, 1, 0, 0, 1]
    [C:\WINDOWS\system32\cdnns.dll]  [CNNIC, 2, 0, 0, 0]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
    [C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL]  [Microsoft Corporation, 11.0.5510]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\yclickon.dll]  [YAHOO Corporation Limited, 3, 0, 3, 1004]
[PID: 3468][C:\Program Files\Thunder\Thunder.exe]  [Thunder Networking Technologies,LTD, 5.0.4.96]
    [C:\Program Files\Thunder\UpdateDownload.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 1]
    [C:\Program Files\Thunder\download_interface.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 1]
    [C:\Program Files\Thunder\log4cplus.dll]  [, 1, 0, 2, 1]
    [C:\Program Files\Thunder\stlport_vc646.dll]  [STLport Consulting, Inc., 4.6.2003.1031]
    [C:\Program Files\Thunder\historyinfo_manage.dll]  [Thunder Networking Technologies,LTD, 5, 0, 0, 73]
    [C:\Program Files\CNNIC\Cdn\cdnspie.dll]  [, 2, 0, 0, 0]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [cnnic, 2, 0, 0, 1]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 0, 5, 1023]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ykern.dll]  [Yahoo! China, 3, 1, 9, 1025]
    [C:\Program Files\Thunder\iThunder.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 30]
    [C:\Program Files\Thunder\RegisterDll.dll]  [Thunder Networking Technologies,LTD, 1, 0, 1, 4]
    [C:\WINDOWS\system32\cdnns.dll]  [CNNIC, 2, 0, 0, 0]
    [C:\Program Files\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [, 2, 0, 0, 2]
    [C:\Program Files\HuaCi\huaci\Mouse1.dll]  [中搜在线, 1, 0, 0, 1]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\yclickon.dll]  [YAHOO Corporation Limited, 3, 0, 3, 1004]
[PID: 2164][C:\Program Files\Rising\Rav\RsAgent.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 12]
    [C:\Program Files\CNNIC\Cdn\cdnspie.dll]  [, 2, 0, 0, 0]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [cnnic, 2, 0, 0, 1]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 0, 5, 1023]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ykern.dll]  [Yahoo! China, 3, 1, 9, 1025]
    [C:\Program Files\Rising\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Program Files\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [, 2, 0, 0, 2]
[PID: 3996][C:\WINDOWS\msagent\AgentSvr.exe]  [Microsoft Corporation, 2.00.0.3424]
    [C:\Program Files\CNNIC\Cdn\cdnspie.dll]  [, 2, 0, 0, 0]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [cnnic, 2, 0, 0, 1]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 0, 5, 1023]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ykern.dll]  [Yahoo! China, 3, 1, 9, 1025]
    [C:\Program Files\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [, 2, 0, 0, 2]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 3504][C:\Documents and Settings\hynh\桌面\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\Program Files\CNNIC\Cdn\cdnspie.dll]  [, 2, 0, 0, 0]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [cnnic, 2, 0, 0, 1]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  [Yahoo! China, 3, 0, 5, 1023]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ykern.dll]  [Yahoo! China, 3, 1, 9, 1025]
    [C:\Program Files\Rising\KakaToolBar\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [, 2, 0, 0, 2]
    [C:\Program Files\HuaCi\huaci\Mouse1.dll]  [中搜在线, 1, 0, 0, 1]
    [C:\WINDOWS\system32\cdnns.dll]  [CNNIC, 2, 0, 0, 0]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

下载ICESWORD：http://www.onlinedown.net/soft/4523.htm
下载Winsockfix：http://www.onlinedown.net/soft/35272.htm


如下项目：
注册表启动项:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<sys91><C:\Documents and Settings\All Users\Documents\I5921.exe> []
<sys92><D:\My Documents\My Pictures\I22355.exe> []
<sys61><D:\My Documents\F6444.exe> []
<sys62><C:\Documents and Settings\All Users\「开始」菜单\程序\管理工具\F15701.exe> []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<wk><C:\WINDOWS\14afa28.exe> [软告工作室]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<wk><C:\WINDOWS\14aia28.exe> [软告工作室]
<sys91><C:\Documents and Settings\All Users\Documents\I5921.exe> []
<sys92><D:\My Documents\My Pictures\I22355.exe> []
<sys61><D:\My Documents\F6444.exe> []
<sys62><C:\Documents and Settings\All Users\「开始」菜单\程序\管理工具\F15701.exe> []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><C:\WINDOWS\system32\NTDLL32.dll> [Microsoft Corporation] 默认值为空

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{E568441B-9EF3-49F8-9A67-4141AC41ADD4}><> [N/A]
<{4BAB150F-DD97-476D-9C1E-41B6CDC0CA7A}><C:\PROGRA~1\Yahoo!\ASSIST~1\yclickon.dll> [(Verified)"beijing yahoo consulting and service co., ltd."]

启动文件夹:
[ydekie]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\ydekie.lnk --> C:\PROGRA~1\Bitland\ydekiej.exe [N/A]><N>
[sys91]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\sys91.lnk --> C:\DOCUME~1\ALLUSE~1\DOCUME~1\I5921.exe [N/A]><N>
[sys92]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\sys92.lnk --> D:\MYDOCU~1\MYPICT~1\I22355.exe [N/A]><N>
[sys61]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\sys61.lnk --> D:\MYDOCU~1\F6444.exe [N/A]><N>
[sys62]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\sys62.lnk --> C:\DOCUME~1\ALLUSE~1\「开始~1\程序\管理工具\F15701.exe [N/A]><N>
[WNSO]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\WNSO.lnk --> C:\PROGRA~1\COMMON~1\RGGZS\WNSO.exe [软告工作室]><N>
[WanSo]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\WanSo.lnk --> C:\WINDOWS\system32\rundll32.exe [Microsoft Corporation]><N>
[ruango]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\ruango.lnk --> C:\WINDOWS\system32\MSRundll.exe [Microsoft Corporation]><N>



以上项目在sreng的启动程序里删
==========================================================================================
在SERng中 点 启动项目 --> 服务 --> 驱动程序或者服务 进入后 （勾选 隐藏已认证的微软项目），用鼠标左键在对应要修复的项上单击 然后点“设置” 按钮即可（注意到最后弹出的窗口中要点 “NO 否”才是确认删除驱动。）
删除如下项目：
[onmlrhqu / onmlrhqu][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\onmlrhqu.sys><Yahoo! China Corporation>

==========================================================================================
用冰刃强制删除以下文件:
C:\Documents and Settings\All Users\Documents\I5921.exe
D:\My Documents\My Pictures\I22355.exe
D:\My Documents\F6444.exe
C:\Documents and Settings\All Users\「开始」菜单\程序\管理工具\F15701.exe
C:\PROGRA~1\COMMON~1\RGGZS\WNSO.exe
C:\PROGRA~1\Bitland\ydekiej.exe
C:\WINDOWS\14afa28.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\yclickon.dll
C:\WINDOWS\System32\DRIVERS\onmlrhqu.sys
==========================================================================================
在注册表里搜索onmlrhqu 找到的所有项删,删不掉的用冰刃
==========================================================================================
清空临时文件夹里面的所有东西，包括
C:\Documents and Settings\<用户名>\Local Settings\Temp
C:\WINDOWS\TEMP
Internet临时文件夹（控制面板--〉“Internet选项”---〉“删除文件”---〉勾选“包括临时文件夹”--〉确定）
==========================================================================================
如果发现无法上网请用刚才下载的WINSOCKFIX修复

NTDLL32.dll是系统文件，可以删除吗

楼主几年没维护电脑了，

里面好乱，

最好还有安全卫士杀下流氓软件

引用:

【我的快乐天使蛋蛋的贴子】NTDLL32.dll是系统文件，可以删除吗 ………………

NTDLL.dll是系统文件
NTDLL32.dll是病毒