瑞星每次都杀出了很多trojan.dl.delf.eai病毒，但每次开机杀毒又有。
而且主页被good.allxun.com窜改。通过卡卡助手改不过来。请高手指教，下面是用卡卡扫描的日志：

Logfile of Kaka v2. 0. 0. 9 Scan Module v2. 0. 0. 1
Scan saved at 13:11:57, on 2006-11-08
Platform: Microsoft Windows XP Professional Service Pack 2 (Build 2600)
MSIE: Internet Explorer v6.00 SP2; (6.00.2900.2180 (xpsp_sp2_rtm.040803-2158))


Running processes:
[smss.exe]
CommandLine =

[csrss.exe]
CommandLine = C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

[winlogon.exe]
CommandLine = winlogon.exe

[services.exe]
CommandLine = C:\WINDOWS\system32\services.exe

[lsass.exe]
CommandLine = C:\WINDOWS\system32\lsass.exe

[svchost.exe]
CommandLine = C:\WINDOWS\system32\svchost -k DcomLaunch

[svchost.exe]
CommandLine = C:\WINDOWS\system32\svchost -k rpcss

[CCenter.exe]
CommandLine = "d:\Program Files\Rising\Rav\CCenter.exe"

[svchost.exe]
CommandLine = C:\WINDOWS\system32\svchost.exe -k netsvcs

[svchost.exe]
CommandLine = C:\WINDOWS\system32\svchost.exe -k NetworkService

[svchost.exe]
CommandLine = C:\WINDOWS\system32\svchost.exe -k LocalService

[rfwsrv.exe]
CommandLine = "d:\program files\rising\rfw\rfwsrv.exe"

[spoolsv.exe]
CommandLine = C:\WINDOWS\system32\spoolsv.exe

[rundllfromwin2000.exe]
CommandLine = C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE C:\WINDOWS\SYSTEM32\WBEM\ADFEZZ14.DLL,Export 1087

[cisrv.exe]
CommandLine = C:\WINDOWS\system32\cisrv.exe

[pmsgr.exe]
CommandLine = c:\windows\pmsgr.exe

[rfwmain.exe]
CommandLine =  -StartUp

[RavTask.exe]
CommandLine = "D:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE" -SYSTEM

[WangWang.exe]
CommandLine = "D:\Program Files\淘宝网\淘宝旺旺\WangWang.EXE"

[Mixer.exe]
CommandLine = "C:\WINDOWS\Mixer.exe" /startup

[ctfmon.exe]
CommandLine = "C:\WINDOWS\system32\ctfmon.exe"

[QQ.exe]
CommandLine = "D:\Program Files\Tencent\QQ\QQ.exe"

[iexplore.exe]
CommandLine = "C:\Program Files\Internet Explorer\IEXPLORE.EXE"

[TIMPlatform.exe]
CommandLine = "d:\Program Files\Tencent\QQ\TIMPlatform.exe" -Embedding

[Thunder.exe]
CommandLine = "d:\Program Files\Thunder Network\Thunder\Thunder.exe"

[EXCEL.EXE]
CommandLine = "C:\Program Files\Microsoft Office\Office10\excel.exe"  /e

[RsAgent.exe]
CommandLine = "D:\Program Files\Rising\Rav\RsAgent.exe"

[AgentSvr.exe]
CommandLine = C:\WINDOWS\msagent\AgentSvr.exe -Embedding

[Rav.exe]
CommandLine = "d:\Program Files\Rising\Rav\RAV.EXE"

[RavMon.exe]
CommandLine = "d:\Program Files\Rising\Rav\RAVMON.EXE"

[RavMonD.exe]
CommandLine = "d:\Program Files\Rising\Rav\Ravmond.exe"

[Explorer.EXE]
CommandLine = C:\WINDOWS\explorer.exe

[system.exe]
CommandLine = "C:\WINDOWS\system32\system.exe"

[iexplore.exe]
CommandLine = "C:\Program Files\Internet Explorer\iexplore.exe" http://viruslist.rising.com.cn/v.asp?q=Trojan.DL.Delf.eai

[iexplore.exe]
CommandLine = "C:\Program Files\Internet Explorer\iexplore.exe" http://www.ikaka.com/?tag=Unknown&exp=0

[KkScan.exe]
CommandLine = "d:\Program Files\Rising\KakaToolBar\KkScan.exe"

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=good.allxun.com
R3 - URLSearchHook: YOK Search Class - {88351CEF-BAC0-4A9B-8380-31A173E2926F} - C:\Program Files\YOK.com\SuperSearch\YOK_SuperSearch.dll
F0 - system.ini: Shell=
O1 - Hosts: 127.0.0.1 LOCALHOST
O1 - Hosts: 127.0.0.1 WWW.POWERNUM123.COM
O1 - Hosts: 127.0.0.1 WWW.POWERNUM123.COM.CN
O1 - Hosts: 127.0.0.1 POWERNUM123.COM
O1 - Hosts: 127.0.0.1 POWERNUM123.COM.CN
O1 - Hosts: 127.0.0.1 WWW.CHEBL.COM
O1 - Hosts: 127.0.0.1 WWW.CHEBL.CN
O1 - Hosts: 127.0.0.1 WWW.CHEBL.COM.CN
O1 - Hosts: 127.0.0.1 CHEBL.COM
O1 - Hosts: 127.0.0.1 CHEBL.COM.CN
O1 - Hosts: 127.0.0.1 CHEBL.CN
O1 - Hosts: 127.0.0.1 WWW.CHEBULUO.COM.CN
O1 - Hosts: 127.0.0.1 WWW.CHEBULUO.COM
O1 - Hosts: 127.0.0.1 WWW.CHEBULUO.CN
O1 - Hosts: 127.0.0.1 CHEBULUO.COM.CN
O1 - Hosts: 127.0.0.1 CHEBULUO.COM
O1 - Hosts: 127.0.0.1 CHEBULUO.CN
O1 - Hosts: 127.0.0.1 WWW.17SP.COM
O1 - Hosts: 127.0.0.1 WWW.17SP.COM.CN
O1 - Hosts: 127.0.0.1 17SP.COM
O1 - Hosts: 127.0.0.1 17SP.COM.CN
O1 - Hosts: 127.0.0.1 WWW.FEIKONG.COM
O1 - Hosts: 127.0.0.1 WWW.FEIKONG.COM.CN
O1 - Hosts: 127.0.0.1 WWW.FEIKONG.CN
O1 - Hosts: 127.0.0.1 FEIKONG.COM
O1 - Hosts: 127.0.0.1 FEIKONG.COM.CN
O1 - Hosts: 127.0.0.1 FEIKONG.CN
O1 - Hosts: 127.0.0.1 WWW.HACONG.COM
O1 - Hosts: 127.0.0.1 HACONG.COM
O1 - Hosts: 127.0.0.1 WWW.XBXBXBXB.COM
O1 - Hosts: 127.0.0.1 WWW.SOBT.COM
O1 - Hosts: 127.0.0.1 WWW.SOBT.COM.CN
O1 - Hosts: 127.0.0.1 WWW.SOBT.CN
O1 - Hosts: 127.0.0.1 WWW.SOBT.NET
O1 - Hosts: 127.0.0.1 SOBT.COM
O1 - Hosts: 127.0.0.1 SOBT.COM.CN
O1 - Hosts: 127.0.0.1 SOBT.CN
O1 - Hosts: 127.0.0.1 SOBT.NET
O1 - Hosts: 127.0.0.1 WWW.XBXBXBXBXB.COM
O1 - Hosts: 127.0.0.1 XBXBXBXB.COM
O1 - Hosts: 127.0.0.1 XBXBXBXBXB.COM
O1 - Hosts: 127.0.0.1 WWW.NFSINFO.COM
O1 - Hosts: 127.0.0.1 NFSINFO.COM
O1 - Hosts: 127.0.0.1 CRMEASE.COM
O1 - Hosts: 127.0.0.1 HONGBANGZHU.COM
O1 - Hosts: 127.0.0.1 LINUX007.COM
O1 - Hosts: 127.0.0.1 LOSPLE.COM
O1 - Hosts: 127.0.0.1 LOSTEMPLE.COM
O1 - Hosts: 127.0.0.1 WWW.CRMEASE.COM
O1 - Hosts: 127.0.0.1 WWW.HONGBANGZHU.COM
O1 - Hosts: 127.0.0.1 WWW.LINUX007.COM
O1 - Hosts: 127.0.0.1 WWW.LOSPLE.COM
O1 - Hosts: 127.0.0.1 WWW.LOSTEMPLE.COM
O1 - Hosts: 127.0.0.1 SMARTALLYES.COM
O1 - Hosts: 127.0.0.1 51CPM.NET
O1 - Hosts: 127.0.0.1 51CPM.COM
O1 - Hosts: 127.0.0.1 YIQILAI.COM
O1 - Hosts: 127.0.0.1 UPDATE.SMARTALLYES.COM
O1 - Hosts: 127.0.0.1 MDMDMDMDMD.COM
O1 - Hosts: 127.0.0.1 WWW.SMARTALLYES.COM
O1 - Hosts: 127.0.0.1 WWW.51CPM.NET
O1 - Hosts: 127.0.0.1 WWW.51CPM.COM
O1 - Hosts: 127.0.0.1 WWW.YIQILAI.COM
O1 - Hosts: 127.0.0.1 WWW.MDMDMDMDMD.COM
O1 - Hosts: 127.0.0.1 QUANTUMBIZS.COM
O1 - Hosts: 127.0.0.1 WWW.QUANTUMBIZS.COM
O1 - Hosts: 127.0.0.1 PDSHN.COM
O1 - Hosts: 127.0.0.1 WWW.PDSHN.COM
O1 - Hosts: 127.0.0.1 PKPKPK.COM
O1 - Hosts: 127.0.0.1 WWW.PKPKPK.COM
O1 - Hosts: 127.0.0.1 PKPKPK.NET
O1 - Hosts: 127.0.0.1 WWW.PKPKPK.NET
O1 - Hosts: 127.0.0.1 OOOOOS.COM
O1 - Hosts: 127.0.0.1 WWW.OOOOOS.COM
O1 - Hosts: 127.0.0.1 CCTV06.COM
O1 - Hosts: 127.0.0.1 WWW.CCTV06.COM
O1 - Hosts: 127.0.0.1 FEIXIN.ORG
O1 - Hosts: 127.0.0.1 WWW.FEIXIN.ORG
O1 - Hosts: 127.0.0.1 PENGK.COM
O1 - Hosts: 127.0.0.1 WWW.PENGK.COM
O1 - Hosts: 127.0.0.1 QQYE.COM
O1 - Hosts: 127.0.0.1 WWW.QQYE.COM
O1 - Hosts: 127.0.0.1 XIA3.COM
O1 - Hosts: 127.0.0.1 WWW.XIA3.COM
O1 - Hosts: 127.0.0.1 XIAZAI1.COM
O1 - Hosts: 127.0.0.1 WWW.XIAZAI1.COM
O1 - Hosts: 127.0.0.1 CCWINFO.NET
O1 - Hosts: 127.0.0.1 WWW.CCWINFO.NET
O1 - Hosts: 127.0.0.1 DDPDDP.COM
O1 - Hosts: 127.0.0.1 WWW.DDPDDP.COM
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v8.dll
O2 - BHO:  - {003169BC-AB68-482F-AEA6-B51A47BDDB83} - C:\WINDOWS\system32\ATIAngetser.dll (file missing)
O2 - BHO: MyIEHelper Class - {16B770A0-0E87-4278-B748-2460D64A8386} -  (file missing)
O2 - BHO:  (file missing)
O2 - BHO:  (file missing)
O2 - BHO: raObject Class - {46F194EB-B7DB-4B7A-BD42-5FF39FD17664} - C:\PROGRA~1\pcast\hbcast.dll
O2 - BHO:  (file missing)
O2 - BHO:  (file missing)
O2 - BHO: Shockwave Flash 0bject - {5DEC5988-D0D5-4F03-B89E-97845B875F0D} - C:\WINDOWS\system32\dsnap.dll
O2 - BHO: YokToolbarBho Class - {75FE2B5A-D3A4-4EFA-AC11-ADC9C9459688} - C:\Program Files\YOK.com\SuperSearch\YOK_SuperSearch.dll
O2 - BHO: WinSC Class - {9ACEEE31-1440-471B-AA46-72B061FE7D61} - C:\WINDOWS\system32\SCIntruder.dll (file missing)
O2 - BHO:  - {A653063A-12A7-667B-BE19-B371F03F36FC} - c:\WINDOWS\system32\system.dll
O2 - BHO: IEHlprObj Class - {DE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\POPNT.DLL
O3 - Toolbar: YOK超级搜索 - {F869BB38-FFEF-4589-B986-610B7AD0ADA2} - C:\Program Files\YOK.com\SuperSearch\YOK_SuperSearch.dll
O3 - Toolbar: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\KakaTool.dll

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Run: [RavTask] "d:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [Alitalk] D:\PROGRA~1\阿里巴巴\贸易通\AliTalk.exe -hideframe
O4 - HKLM\..\Run: [WangWang] "D:\Program Files\淘宝网\淘宝旺旺\WangWang.EXE"
O4 - HKLM\..\Run: [RfwMain] "d:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [system] C:\WINDOWS\system32\system.exe
O4 - HKLM\..\RunServices: [system] C:\WINDOWS\system32\system.exe
O4 - Startup: 腾讯QQ.lnk = D:\Program Files\Tencent\QQ\QQ.exe
O8 - Extra context menu item: &使用迅雷下载 - d:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - d:\Program Files\Thunder Network\Thunder\getAllurl.htm
O8 - Extra context menu item: YOK搜索 - C:\Program Files\YOK.com\SuperSearch\yoksch.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - D:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - D:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - D:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra Button: 酷标 - {1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} - C:\Program Files\coolsign\coolsign.dll (file missing)
O9 - Extra Button: (no name) - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108}? -
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra Button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - d:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - d:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra Button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6}? - d:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6}? - d:\Program Files\Tencent\QQ\QQIEHelper.dll
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\WSD_SOCK32.dll
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\WSD_SOCK32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) - https://www.sz1.cmbchina.com/download/CMBEdit.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096088341547
O17 - HKLM\System\CCS\Services\Tcpip\..\{8413269A-C923-41E2-99B1-11E06553A279}: NameServer = 211.88.5.38
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll
O18 - Protocol: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O21 - SSODL: NetWork - {FC055E7D-8144-4706-8586-2F1C49FCDD2A} - C:\WINDOWS\system32\cmspl.dll
O23 - Service: DNS Cache (DATEING) -  - C:\WINDOWS\system32\rundllfromwin2000.exe c:\windows\system32\wbem\adfezz14.dll,export 1087
O23 - Service: Human Interface Device Access (HidServ) -  - C:\WINDOWS\system32\svchost.exe -k netsvcs
O23 - Service: MessageService (MessageService) -  - C:\WINDOWS\system32\svchost.exe -k messageservice
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - d:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - d:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - "d:\Program Files\Rising\Rav\CCenter.exe"
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - "d:\Program Files\Rising\Rav\Ravmond.exe"