[使用迅雷下载]
  <C:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>
[导出到 Microsoft Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
  <d:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[添加到雅虎订阅(&Y)]
  <res://C:\Program Files\Yahoo!\Assistant\Assist\yrss.dll/YRSSMENUEXT, N/A>
[雅虎搜索]
  <res://C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll/203, N/A>

==================================
正在运行的进程
[PID: 520 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 572 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 600 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4131]
    [C:\WINDOWS\system32\winlib .dll]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 648 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 660 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 820 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4131]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2500]
    [c:\progra~1\vllk\iyyx.dll]  [, 5, 0, 0, 4]
    [c:\progra~1\vllk\nddc.dll]  [ , 5, 0, 0, 4]
[PID: 836 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 900 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 968 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\windows\system32\vqoaa.dll]  [Microsoft Corporation, 5.1.2600.0]
[PID: 1060 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1092 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1256 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\hpzsnt09.dll]  [HP, 2.236.4.0]
[PID: 1428 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\progra~1\vllk\fvvu.dll]  [ , 5, 0, 0, 4]
    [c:\progra~1\vllk\iyyx.dll]  [, 5, 0, 0, 4]
    [c:\progra~1\vllk\nddc.dll]  [ , 5, 0, 0, 4]
    [c:\progra~1\vllk\kaaz.dll]  [ , 5, 0, 0, 4]
    [c:\progra~1\vllk\brrq.dll]  [, 5, 0, 0, 2]

[PID: 1448 / SYSTEM][C:\WINDOWS\SYSTEM32\RUNDLLFOROUR.EXE]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINDOWS\SYSTEM32\WBEM\SYUWQ.DLL]  [Microsoft Corporation, 5, 1, 2600, 2709]
[PID: 1508 / SYSTEM][C:\WINDOWS\system32\bc991.exe]  [N/A, ]
[PID: 1708 / Owner][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4131]
    [c:\progra~1\vllk\iyyx.dll]  [, 5, 0, 0, 4]
    [c:\progra~1\vllk\nddc.dll]  [ , 5, 0, 0, 4]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2500]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\C4A5A200.dll]  [N/A, ]
[PID: 1812 / SYSTEM][C:\Program Files\Lenovo\联想智能控制中心\SCC\SCCMonitor.exe]  [, ]
    [C:\Program Files\Lenovo\联想智能控制中心\SCC\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
[PID: 1880 / SYSTEM][C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe]  [Ulead Systems, Inc., 1, 0, 0, 4]
[PID: 444 / Owner][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5, 1, 0, 51]
    [c:\progra~1\vllk\iyyx.dll]  [, 5, 0, 0, 4]
    [c:\progra~1\vllk\nddc.dll]  [ , 5, 0, 0, 4]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\C4A5A200.dll]  [N/A, ]
[PID: 420 / Owner][C:\Program Files\Lenovo\Dinoks\DingolOKS.exe]  [Lenovo, 1, 2, 1, 0]
    [c:\progra~1\vllk\iyyx.dll]  [, 5, 0, 0, 4]
    [c:\progra~1\vllk\nddc.dll]  [ , 5, 0, 0, 4]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\C4A5A200.dll]  [N/A, ]
[PID: 508 / Owner][C:\Program Files\联想（Lenovo）\LenovoDingol\DingolVLR.exe]  [Bitland Information Technology Co.,Ltd., 1, 0, 0, 10]
    [c:\progra~1\vllk\iyyx.dll]  [, 5, 0, 0, 4]
    [c:\progra~1\vllk\nddc.dll]  [ , 5, 0, 0, 4]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\C4A5A200.dll]  [N/A, ]
[PID: 560 / Owner][C:\Program Files\Common Files\Lenovo\digitalsuit\commondll\MyDevice.exe]  [, 1, 0, 0, 1]
    [c:\progra~1\vllk\iyyx.dll]  [, 5, 0, 0, 4]
    [c:\progra~1\vllk\nddc.dll]  [ , 5, 0, 0, 4]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\C4A5A200.dll]  [N/A, ]
[PID: 712 / Owner][C:\Program Files\Lenovo\dvdburning\DMXLauncher.exe]  [N/A, ]
    [c:\progra~1\vllk\iyyx.dll]  [, 5, 0, 0, 4]
    [c:\progra~1\vllk\nddc.dll]  [ , 5, 0, 0, 4]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\C4A5A200.dll]  [N/A, ]
[PID: 1032 / Owner][C:\Program Files\Lenovo\联想智能控制中心\SCC\LenovoSmartControlCenter.exe]  [N/A, ]
    [C:\Program Files\Lenovo\联想智能控制中心\SCC\LxSimpleOsd.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Lenovo\联想智能控制中心\SCC\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Lenovo\联想智能控制中心\SCC\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [c:\progra~1\vllk\iyyx.dll]  [, 5, 0, 0, 4]
    [c:\progra~1\vllk\nddc.dll]  [ , 5, 0, 0, 4]
    [C:\Program Files\Lenovo\联想智能控制中心\SCC\Remled.dll]  [N/A, ]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\C4A5A200.dll]  [N/A, ]
[PID: 1328 / Owner][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\progra~1\vllk\iyyx.dll]  [, 5, 0, 0, 4]
    [c:\progra~1\vllk\nddc.dll]  [ , 5, 0, 0, 4]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\C4A5A200.dll]  [N/A, ]
[PID: 1300 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2208 / Owner][C:\WINDOWS\explorer.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\progra~1\vllk\iyyx.dll]  [, 5, 0, 0, 4]
    [c:\progra~1\vllk\nddc.dll]  [ , 5, 0, 0, 4]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\C4A5A200.dll]  [N/A, ]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.2.9]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 3, 11]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll]  [, 1, 0, 0, 4]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 6]
    [C:\WINDOWS\system32\ebc1.dll]  [TODO: <公司名>, 1.0.0.1]
    [C:\kav2005\KAVEXT.DLL]  [Kingsoft Corporation, 2005, 2, 21, 13]
    [C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ywiper.dll]  [Yahoo! China, 3, 0, 5, 1009]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\WINDOWS\SYSTEM32\WBEM\SYUWQ.DLL]  [Microsoft Corporation, 5, 1, 2600, 2709]
    [C:\Program Files\Lenovo\recordnow\shlext.dll]  [, 7.0.0.0]
    [C:\Program Files\Lenovo\recordnow\MSVCR70.dll]  [Microsoft Corporation, 7.00.9466.0]
    [C:\Program Files\Windows Live\Messenger\fsshext.8.5.1235.0517.dll]  [Microsoft Corporation, 8.5.1235.0517]
    [C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll]  [Microsoft Corporation, 12.0.6020.5000]
    [c:\windows\system32\vqoaa.dll]  [Microsoft Corporation, 5.1.2600.0]
    [C:\Program Files\Microsoft Office\Office12\msohevi.dll]  [Microsoft Corporation, 12.0.4518.1014]
[PID: 2780 / SYSTEM][C:\Program Files\Windows Live\Messenger\usnsvc.exe]  [Microsoft Corporation, 8.5.1235.0517]
    [C:\Program Files\Windows Live\Messenger\usnsvcps.dll]  [Microsoft Corporation, 8.5.1235.0517]
[PID: 2524 / Owner][C:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\8e1.dll]  [  , 1, 0, 0, 3]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\C4A5A200.dll]  [N/A, ]
    [c:\progra~1\vllk\iyyx.dll]  [, 5, 0, 0, 4]
    [c:\progra~1\vllk\nddc.dll]  [ , 5, 0, 0, 4]
[PID: 4080 / Owner][C:\Program Files\Lenovo\Dinoks\DingolOKS.exe]  [Lenovo, 1, 2, 1, 0]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\C4A5A200.dll]  [N/A, ]
    [c:\progra~1\vllk\iyyx.dll]  [, 5, 0, 0, 4]
    [c:\progra~1\vllk\nddc.dll]  [ , 5, 0, 0, 4]
[PID: 2660 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3044 / Owner][D:\Firefox_1.5.0.12RC2chs\Firefox_1.5.0.12RC2chs\Mozilla Firefox\firefox.exe]  [Mozilla Corporation, 1.8.0.12: 2007050813]
    [D:\Firefox_1.5.0.12RC2chs\Firefox_1.5.0.12RC2chs\Mozilla Firefox\js3250.dll]  [Netscape Communications Corporation, 4.0]
    [D:\Firefox_1.5.0.12RC2chs\Firefox_1.5.0.12RC2chs\Mozilla Firefox\nspr4.dll]  [Netscape Communications Corporation, 4.6.7]
    [D:\Firefox_1.5.0.12RC2chs\Firefox_1.5.0.12RC2chs\Mozilla Firefox\xpcom_core.dll]  [Mozilla Foundation, 1.8.0.12: 2007050813]
    [D:\Firefox_1.5.0.12RC2chs\Firefox_1.5.0.12RC2chs\Mozilla Firefox\plc4.dll]  [Netscape Communications Corporation, 4.6.7]
    [D:\Firefox_1.5.0.12RC2chs\Firefox_1.5.0.12RC2chs\Mozilla Firefox\plds4.dll]  [Netscape Communications Corporation, 4.6.7]
    [D:\Firefox_1.5.0.12RC2chs\Firefox_1.5.0.12RC2chs\Mozilla Firefox\smime3.dll]  [Mozilla Foundation, 3.11.5]
    [D:\Firefox_1.5.0.12RC2chs\Firefox_1.5.0.12RC2chs\Mozilla Firefox\nss3.dll]  [Mozilla Foundation, 3.11.5]
    [D:\Firefox_1.5.0.12RC2chs\Firefox_1.5.0.12RC2chs\Mozilla Firefox\softokn3.dll]  [Mozilla Foundation, 3.11.4]
    [D:\Firefox_1.5.0.12RC2chs\Firefox_1.5.0.12RC2chs\Mozilla Firefox\ssl3.dll]  [Mozilla Foundation, 3.11.5]
    [D:\Firefox_1.5.0.12RC2chs\Firefox_1.5.0.12RC2chs\Mozilla Firefox\xpcom_compat.dll]  [Mozilla Foundation, 1.8.0.12: 2007050813]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\C4A5A200.dll]  [N/A, ]
    [c:\progra~1\vllk\iyyx.dll]  [, 5, 0, 0, 4]
    [c:\progra~1\vllk\nddc.dll]  [ , 5, 0, 0, 4]
    [D:\Firefox_1.5.0.12RC2chs\Firefox_1.5.0.12RC2chs\Mozilla Firefox\components\jar50.dll]  [Mozilla Foundation, 1.8.0.12: 2007050813]
    [D:\Firefox_1.5.0.12RC2chs\Firefox_1.5.0.12RC2chs\Mozilla Firefox\freebl3.dll]  [Mozilla Foundation, 3.11.4]
    [D:\Firefox_1.5.0.12RC2chs\Firefox_1.5.0.12RC2chs\Mozilla Firefox\nssckbi.dll]  [Mozilla Foundation, 1.62]
[PID: 3604 / Owner][C:\WINDOWS\sreng2\abc.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\C4A5A200.dll]  [N/A, ]
    [c:\progra~1\vllk\iyyx.dll]  [, 5, 0, 0, 4]
    [c:\progra~1\vllk\nddc.dll]  [ , 5, 0, 0, 4]
    [C:\WINDOWS\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================

文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
[D:\]
[AutoRun]
open=C4A5A200.exe
shell\open=打开(&O)
shell\open\Command=C4A5A200.exe
shell\open\Default=1
shell\explore=资源管理器(&X)
shell\explore\Command=C4A5A200.exe
[E:\]
[AutoRun]
open=C4A5A200.exe
shell\open=打开(&O)
shell\open\Command=C4A5A200.exe
shell\open\Default=1
shell\explore=资源管理器(&X)
shell\explore\Command=C4A5A200.exe
[F:\]
[AutoRun]
open=C4A5A200.exe
shell\open=打开(&O)
shell\open\Command=C4A5A200.exe
shell\open\Default=1
shell\explore=资源管理器(&X)
shell\explore\Command=C4A5A200.exe
[L:\]
[AutoRun]
open=C4A5A200.exe
shell\open=打开(&O)
shell\open\Command=C4A5A200.exe
shell\open\Default=1
shell\explore=资源管理器(&X)
shell\explore\Command=C4A5A200.exe
[M:\]
[AutoRun]
open=C4A5A200.exe
shell\open=打开(&O)
shell\open\Command=C4A5A200.exe
shell\open\Default=1
shell\explore=资源管理器(&X)
shell\explore\Command=C4A5A200.exe

==================================
HOSTS 文件
127.0.0.1      localhost
127.0.0.1      www.jack.coyo.eu
127.0.0.1      www.51zc.com
127.0.0.1      www.caiyi8.com
127.0.0.1      vod.caiyi8.com

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 420, C:\PROGRAM FILES\LENOVO\DINOKS\DINGOLOKS.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 508, C:\PROGRAM FILES\联想（LENOVO）\LENOVODINGOL\DINGOLVLR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 560, C:\PROGRAM FILES\COMMON FILES\LENOVO\DIGITALSUIT\COMMONDLL\MYDEVICE.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 712, C:\PROGRAM FILES\LENOVO\DVDBURNING\DMXLAUNCHER.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1032, C:\PROGRAM FILES\LENOVO\联想智能控制中心\SCC\LENOVOSMARTCONTROLCENTER.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 4080, C:\PROGRAM FILES\LENOVO\DINOKS\DINGOLOKS.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3044, D:\FIREFOX_1.5.0.12RC2CHS\FIREFOX_1.5.0.12RC2CHS\MOZILLA FIREFOX\FIREFOX.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================

以上就是我所有的日志，麻烦帮我看一下！！谢谢谢谢！！！

ＳＲＥ２．５就是不同啊．．！！！呵

http://forum.ikaka.com/topic.asp?board=28&artid=8322881
看这贴子，有专杀．！

关键是你现在毒在内存的
兄弟！
你可能忘了给 内存杀毒
一般你重新装 就是 杀不了 内存的毒

试试吧，在专杀杀完以后：
这里下载冰刃（1.2版本）：http://forum.ikaka.com/topic.asp?board=67&artid=8283060
也一样下载到Windows文件夹里。然后改名。
然后断网，关闭一切能关闭的东西，包括防火墙，杀软，网页，QQ，已断网了，所有加入内存的软件，都尽量退出。

尽量进安全模式下，不能进就算了。呵呵1！！

用扫日志的SRENG工具删除下面注册表项。

启动项目
注册表
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<System><C:\Program Files\Common Files\system\Updaterun.exe> []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{5A20C4A5-C4A5-A200-A5A2-4A5204A5A200}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\C4A5A200.dll> []
————————————————————————————————————
用扫日志的SRENG工具将下面的各项启动类型改为“Disabled”

服务
[Windows aqqp RunThem / aqqp][Running/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\PROGRA~1\vllk\fvvu.dll>< >

[Intranet Messenger / DATEING][Running/Auto Start]
<C:\WINDOWS\SYSTEM32\RUNDLLFOROUR.EXE C:\WINDOWS\SYSTEM32\WBEM\SYUWQ.DLL,DllRegisterServer 1087><Microsoft Corporation>

[Windows Gateway / License][Running/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\vqoaa.dll><Microsoft Corporation>

[Fax 2Client / ms_2fax][Running/Auto Start]
<C:\WINDOWS\system32\bc991.exe><N/A>

[Windows Live Setup Service / WLSetupSvc][Stopped/Manual Start]
<"C:\Program Files\Windows Live\installer\WLSetupSvc.exe"><>

驱动程序
[acpidisk / acpidisk][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\acpidisk.sys><N/A>

[msqmx / msqmx][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\msqmx.sys><N/A>

[Virtual Drive / VirtualDrive][Stopped/Manual Start]
<\??\C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.797\Virtual Drive Manager1.2.3\vdd-x86.sys><N/A>
——————————————————————————————————————————————————————————
用扫日志的SRENG工具删除下面

浏览器加载项
[CAdLogic Object]
{11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\CPUSH\cpush0.dll, >
[Info cache]
{385AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll, 金泰丰(广州)科技有限公司>
[ff Class]
{FAAAC0F6-94BE-4466-934B-7C53666A2F41} <C:\WINDOWS\system32\ebc1.dll, TODO: <公司名>>
[CAdLogic Object]
{11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\CPUSH\cpush0.dll, >
[Info cache]
{385AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll, 金泰丰(广州)科技有限公司>
[ff Class]
{FAAAC0F6-94BE-4466-934B-7C53666A2F41} <C:\WINDOWS\system32\ebc1.dll, TODO: <公司名>>
[&访问通用网址]
<C:\Program Files\OCINS\cnrbtn.html, N/A>

HOSTS 文件
127.0.0.1 localhost
127.0.0.1 www.jack.coyo.eu
127.0.0.1 www.51zc.com
127.0.0.1 www.caiyi8.com
127.0.0.1 vod.caiyi8.com
——————————————————————————————————————————————————
冰刃改名运行，强制删除下面文件，（或者去这里下载xdelbox到Windows文件夹里，删除下面文件。http://www.i170.com/Attach/51FD704F-C0BD-41E7-B0E9-60673A888FD6 下载)
（删不了的改名，重启删）
C:\WINDOWS\system32\winlib .dll
[c:\windows\system32\vqoaa.dll
[c:\progra~1\vllk\fvvu.dll
c:\progra~1\vllk\iyyx.dll
c:\progra~1\vllk\nddc.dll
c:\progra~1\vllk\kaaz.dll
c:\progra~1\vllk\brrq.dll
C:\WINDOWS\SYSTEM32\RUNDLLFOROUR.EXE
C:\WINDOWS\SYSTEM32\WBEM\SYUWQ.DLL
C:\WINDOWS\system32\bc991.exe
C:\Program Files\Common Files\Microsoft Shared\MSINFO\C4A5A200.dll
C:\WINDOWS\system32\8e1.dll

包括各盘根目录下的文件：

Autorun.inf
C4A5A200.exe
————————————————————————————————————————————————————————————
重启电脑，去这里（http://forum.ikaka.com/topic.asp?board=67&artid=8283060）下载autoruns到Windows文件夹里，改名运行。
删除映像劫持里除了图中所示的，其他都删除。
——————————————————————————————————————————————————
重启电脑，不行，就再扫日志。
没异常，就安装并升级杀软至最新版本，全盘杀毒。

我中的和你 的一样,被我给干了