中招后浏览器会出现一个名位SOFA搜索条，收藏夹里被添加两个网站：
http://www.kuaiso.com/
http://u.7town.com/Pub/mms/7/index.html?uid=19612

在系统进程里出现名为：2F769174.exe的进程

程序模块如下：
[2F769174.exe]
PID = 0x418
CommandLine = C:\WINDOWS\system32\2F769174.exe snmh-9:cde?{zod`je'khk*eoc.
    2F769174.exe
    0x400000
    C:\WINDOWS\system32\2F769174.exe
   
   
   
    2007-01-21 08:19:45

    ntdll.dll
    0x7c920000
    C:\WINDOWS\system32\ntdll.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    NT Layer DLL
    2005-05-02 04:30:00

    kernel32.dll
    0x7c800000
    C:\WINDOWS\system32\kernel32.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Windows NT BASE API Client DLL
    2005-05-02 04:30:00

    MSVBVM60.DLL
    0x73390000
    C:\WINDOWS\system32\msvbvm60.dll
    6.00.9690
    Microsoft Corporation
    Visual Basic Virtual Machine
    2005-05-02 04:30:00

    USER32.dll
    0x77d10000
    C:\WINDOWS\system32\user32.dll
    5.1.2600.2622 (xpsp.050301-1521)
    Microsoft Corporation
    Windows XP USER API Client DLL
    2005-05-02 04:30:00

    GDI32.dll
    0x77ef0000
    C:\WINDOWS\system32\gdi32.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    GDI Client DLL
    2005-05-02 04:30:00

    ADVAPI32.dll
    0x77da0000
    C:\WINDOWS\system32\advapi32.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Advanced Windows 32 Base API
    2005-05-02 04:30:00

    RPCRT4.dll
    0x77e50000
    C:\WINDOWS\system32\rpcrt4.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Remote Procedure Call Runtime
    2005-05-02 04:30:00

    ole32.dll
    0x76990000
    C:\WINDOWS\system32\ole32.dll
    5.1.2600.2595 (xpsp.041130-1728)
    Microsoft Corporation
    Microsoft OLE for Windows
    2005-05-02 04:30:00

    msvcrt.dll
    0x77be0000
    C:\WINDOWS\system32\msvcrt.dll
    7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Windows NT CRT DLL
    2005-05-02 04:30:00

    OLEAUT32.dll
    0x770f0000
    C:\WINDOWS\system32\oleaut32.dll
    5.1.2600.2180
    Microsoft Corporation
   
    2005-05-02 04:30:00

    IMM32.DLL
    0x76300000
    C:\WINDOWS\system32\imm32.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Windows XP IMM32 API Client DLL
    2005-05-02 04:30:00

    LPK.DLL
    0x62c20000
    C:\WINDOWS\system32\lpk.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Language Pack
    2005-05-02 04:30:00

    USP10.dll
    0x73fa0000
    C:\WINDOWS\system32\usp10.dll
    1.0420.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Uniscribe Unicode script processor
    2005-05-02 04:30:00

    uxtheme.dll
    0x5adc0000
    C:\WINDOWS\system32\uxtheme.dll
    6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Microsoft UxTheme Library
    2005-05-02 04:30:00

    MSCTF.dll
    0x74680000
    C:\WINDOWS\system32\MSCTF.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    MSCTF Server DLL
    2005-05-02 04:30:00

    msctfime.ime
    0x73640000
    C:\WINDOWS\system32\MSCTFIME.IME
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Microsoft Text Frame Work Service IME
    2005-05-02 04:30:00

    asycfilt.dll
    0x70e20000
    C:\WINDOWS\system32\asycfilt.dll
    5.1.2600.2180
    Microsoft Corporation
   
    2005-05-02 04:30:00

    ieprot.dll
    0x10000000
    C:\Program Files\Rising\KakaToolBar\ieprot.dll
    1, 0, 0, 8
    Beijing Rising Technology Co., Ltd.
    IE Protector
    2007-01-10 21:19:11

    SHELL32.dll
    0x7d590000
    C:\WINDOWS\system32\shell32.dll
    6.00.2900.2620 (xpsp.050225-1825)
    Microsoft Corporation
    Windows Shell Common Dll
    2005-05-02 04:30:00

    SHLWAPI.dll
    0x77f40000
    C:\WINDOWS\system32\shlwapi.dll
    6.00.2900.2627 (xpsp.050309-1719)
    Microsoft Corporation
    Shell Light-weight Utility Library
    2005-05-02 04:30:00

    comctl32.dll
    0x77180000
    C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
    6.0 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    User Experience Controls Library
    2005-05-02 04:30:00

    comctl32.dll
    0x5d170000
    C:\WINDOWS\system32\comctl32.dll
    5.82 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Common Controls Library
    2005-05-02 04:30:00

    wininet.dll
    0x76680000
    C:\WINDOWS\system32\wininet.dll
    6.00.2900.2627 (xpsp.050309-1719)
    Microsoft Corporation
    Internet Extensions for Win32
    2005-05-02 04:30:00

    CRYPT32.dll
    0x765e0000
    C:\WINDOWS\system32\crypt32.dll
    5.131.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Crypto API32
    2005-05-02 04:30:00

    MSASN1.dll
    0x76db0000
    C:\WINDOWS\system32\msasn1.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    ASN.1 Runtime APIs
    2005-05-02 04:30:00

    Secur32.dll
    0x77fc0000
    C:\WINDOWS\system32\secur32.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Security Support Provider Interface
    2005-05-02 04:30:00

    urlmon.dll
    0x75c60000
    C:\WINDOWS\system32\urlmon.dll
    6.00.2900.2627 (xpsp.050309-1719)
    Microsoft Corporation
    OLE32 Extensions for Win32
    2005-05-02 04:30:00

    VERSION.dll
    0x77bd0000
    C:\WINDOWS\system32\version.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Version Checking and File Installation Libraries
    2005-05-02 04:30:00

    mlang.dll
    0x74cf0000
    C:\WINDOWS\system32\mlang.dll
    6.00.2900.2530 (xpsp.040919-1030)
    Microsoft Corporation
    Multi Language Support DLL
    2005-05-02 04:30:00

    wsock32.dll
    0x71a40000
    C:\WINDOWS\system32\wsock32.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Windows Socket 32-Bit DLL
    2005-05-02 04:30:00

    WS2_32.dll
    0x71a20000
    C:\WINDOWS\system32\ws2_32.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Windows Socket 2.0 32-Bit DLL
    2005-05-02 04:30:00

    WS2HELP.dll
    0x71a10000
    C:\WINDOWS\system32\ws2help.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Windows Socket 2.0 Helper for Windows NT
    2005-05-02 04:30:00

    mswsock.dll
    0x719c0000
    C:\WINDOWS\system32\mswsock.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Microsoft Windows Sockets 2.0 Service Provider
    2005-05-02 04:30:00

    hnetcfg.dll
    0x60fd0000
    C:\WINDOWS\system32\hnetcfg.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Home Networking Configuration Manager
    2005-05-02 04:30:00

    wshtcpip.dll
    0x71a00000
    C:\WINDOWS\system32\wshtcpip.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Windows Sockets Helper DLL
    2005-05-02 04:30:00

    RASAPI32.DLL
    0x76eb0000
    C:\WINDOWS\system32\rasapi32.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Remote Access API
    2005-05-02 04:30:00

    rasman.dll
    0x76e60000
    C:\WINDOWS\system32\rasman.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Remote Access Connection Manager
    2005-05-02 04:30:00

    NETAPI32.dll
    0x5fdd0000
    C:\WINDOWS\system32\netapi32.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Net Win32 API DLL
    2005-05-02 04:30:00

    TAPI32.dll
    0x76e80000
    C:\WINDOWS\system32\tapi32.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Microsoft(R) Windows(TM) Telephony API Client DLL
    2005-05-02 04:30:00

    rtutils.dll
    0x76e50000
    C:\WINDOWS\system32\rtutils.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Routing Utilities
    2005-05-02 04:30:00

    WINMM.dll
    0x76b10000
    C:\WINDOWS\system32\winmm.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    MCI API DLL
    2005-05-02 04:30:00

    USERENV.dll
    0x759d0000
    C:\WINDOWS\system32\userenv.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Userenv
    2005-05-02 04:30:00

    DNSAPI.dll
    0x76ef0000
    C:\WINDOWS\system32\dnsapi.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    DNS Client API DLL
    2005-05-02 04:30:00

    rasadhlp.dll
    0x76f90000
    C:\WINDOWS\system32\rasadhlp.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Remote Access AutoDial Helper
    2005-05-02 04:30:00

    oleacc.dll
    0x74be0000
    C:\WINDOWS\system32\oleacc.dll
    4.2.5406.0 (xpclient.010817-1148)
    Microsoft Corporation
    Active Accessibility Core Component
    2005-05-02 04:30:00

    MSVCP60.dll
    0x75ff0000
    C:\WINDOWS\system32\msvcp60.dll
    6.02.3104.0
    Microsoft Corporation
    Microsoft (R) C++ Runtime Library
    2005-05-02 04:30:00

    xpsp2res.dll
    0x20000000
    C:\WINDOWS\system32\xpsp2res.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Service Pack 2 Messages
    2005-05-02 04:30:00

    CLBCATQ.DLL
    0x76fa0000
    C:\WINDOWS\system32\clbcatq.dll
    2001.12.4414.258
    Microsoft Corporation
   
    2005-05-02 04:30:00

    COMRes.dll
    0x77020000
    C:\WINDOWS\system32\comres.dll
    2001.12.4414.258
    Microsoft Corporation
   
    2005-05-02 04:30:00

    SXS.DLL
    0x75e00000
    C:\WINDOWS\system32\sxs.dll
    5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
    Microsoft Corporation
    Fusion 2.5
    2005-05-02 04:30:00

用卡卡安全助手卸载掉插件，然后手动删除2F769174.exe，本以为没事了，谁知道过了一会又出来了，谁知道怎么可以彻底清楚

请下载SREng2（最新版） ，使用“智能扫描”，按下“扫描”按钮进行扫描，
扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告
日志文件内容复制-粘贴上来,,日志一次粘不完，分次粘完，请不要修改。

下载地址
http://www.kztechs.com/sreng/

你等等问问红夜鬼那能帮助你啊

人的机器上不是只有那一个非法进程,还有至少两个!!