Logfile of HijackThis v1.99.1
Scan saved at 12:45:58, on 2007-1-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
C:\Program Files\Yahoo!\Assistant\yAssistSe.exe
C:\Program Files\Common Files\System\wrtgesp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Tencent\QQDownload\QQDownload.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\kpldkdu.exe
C:\WINDOWS\system32\9a271.exe
C:\WINDOWS\system32\rundll32.exe
C:\Windows\system32\NRWAHLQU.EXE
F:\软件\杀毒软件\kakasetupv4.exe
C:\Program Files\Rising\AntiSpyware\runiep.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX02.234\HijackThis.exe

R3 - URLSearchHook: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll
O2 - BHO: ThunderBHO - {00000000-12C8-4305-82F9-43058F20E8D2} - F:\软件\迅雷5\ComDlls\xunleiBHO_Now.dll
O2 - BHO: QQCycloneHelper - {00000000-12C9-4305-82F9-43058F20E8D2} - C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - F:\软件\迅雷5\ComDlls\TDAtOnce_Now.dll
O2 - BHO: yPhtb - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\Program Files\Yahoo!\Assistant\Assist\yphtb.dll
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll
O2 - BHO: Anti Fish - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\Program Files\Yahoo!\Assistant\Assist\yAngling.dll
O2 - BHO: 腾讯QQ - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\WINDOWS\QQIEHelper.dll
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
O2 - BHO: MSURL Class - {6CDD9D1F-7501-4B0F-90CD-5ADA4F15E6E8} - C:\WINDOWS\system32\msurlpar.dll
O2 - BHO: NavigatMon Class - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - C:\Program Files\360safe\safemon\safemon.dll
O2 - BHO: ff Class - {BFD74C09-98E7-4498-A1F8-3500DC9D85DE} - C:\WINDOWS\system32\b9a1.dll
O2 - BHO: yFlashDl Class - {F166BC04-3C84-44cc-A6E9-2315EC4844B9} - C:\Program Files\Yahoo!\Assistant\Assist\yflashdl.dll
O2 - BHO: AssistHelper - {FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} - C:\Program Files\Yahoo!\Assistant\Assist\yassist.dll
O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4A40-8DFD-58B0666ABEBD} - C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll
O4 - HKLM\..\Run: [gsgmmj02] %systemroot%\system32\Rundll32.exe "%systemroot%\system32\gsgmmj02.dll",Start
O4 - HKLM\..\Run: [aipwxh18] %systemroot%\system32\Rundll32.exe "%systemroot%\system32\aipwxh18.dll",Start
O4 - HKLM\..\Run: [xrwbcm52] %systemroot%\system32\Rundll32.exe "%systemroot%\system32\xrwbcm52.dll",DllCanUnloadNow
O4 - HKLM\..\Run: [sqeize55] %systemroot%\system32\Rundll32.exe "%systemroot%\system32\sqeize55.dll",Start
O4 - HKLM\..\Run: [alowkq66] %systemroot%\system32\Rundll32.exe "%systemroot%\system32\alowkq66.dll",DllCanUnloadNow
O4 - HKLM\..\Run: [YLive.exe] ; C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [yassistse] ; C:\Program Files\Yahoo!\Assistant\yAssistSe.exe
O4 - HKLM\..\Run: [gfoptkv] C:\Program Files\Common Files\System\wrtgesp.exe
O4 - HKLM\..\Run: [phbqhyy] C:\Program Files\Common Files\Microsoft Shared\kpldkdu.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [dpkftw35] %systemroot%\system32\Rundll32.exe "%systemroot%\system32\dpkftw35.dll",Start
O4 - HKLM\..\Run: [ajmdrc17] ; %systemroot%\system32\Rundll32.exe "%systemroot%\system32\ajmdrc17.dll",Start
O4 - HKLM\..\Run: [acgoep89] ; %systemroot%\system32\Rundll32.exe "%systemroot%\system32\acgoep89.dll",DllCanUnloadNow
O4 - HKLM\..\Run: [360Safetray] ; C:\Program Files\360safe\safemon\360tray.exe
O4 - HKLM\..\Run: [MS32DLL] ; C:\WINDOWS\.MS32DLL.dll.vbs
O4 - HKLM\..\Run: [winboot] ; wscript.exe /E:vbs C:\WINDOWS\boot.ini
O4 - HKLM\..\Run: [kav] ; "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [runeip] ; "C:\Program Files\Rising\AntiSpyware\runiep.exe" /startup
O4 - HKLM\..\RunOnce: [KKDelay] ; C:\Program Files\Rising\AntiSpyware\RunOnce.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: QQ游戏启动加速程序.lnk = C:\Program Files\Tencent\QQGame\Accel.exe
O8 - Extra context menu item: &使用超级旋风下载 - C:\Program Files\Tencent\QQDownload\geturl.htm
O8 - Extra context menu item: &使用超级旋风下载全部链接 - C:\Program Files\Tencent\QQDownload\getAllurl.htm
O8 - Extra context menu item: 使用迅雷下载 - F:\软件\迅雷5\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - F:\软件\迅雷5\Program\getallurl.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 添加到雅虎订阅(&Y) - res://C:\Program Files\Yahoo!\Assistant\Assist\yrss.dll/YRSSMENUEXT
O8 - Extra context menu item: 珊瑚虫超级搜索 - C:\Program Files\yok\yoksch.htm
O8 - Extra context menu item: 雅虎搜索 - res://C:\Program Files\Yahoo!\Assistant\Assist\yasbar.dll/203
O9 - Extra button: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - F:\软件\迅雷5\Thunder.exe
O9 - Extra 'Tools' menuitem: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - F:\软件\迅雷5\Thunder.exe
O9 - Extra button: Web反病毒保护 - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/start.htm?source=yzs_icon&btn=yassistnew (file missing)
O9 - Extra button: 番茄花园 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.tomatolei.com (file missing)
O9 - Extra 'Tools' menuitem: 番茄花园 - {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} - http://www.tomatolei.com (file missing)
O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.microsoft.com/
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: 卡巴斯基反病毒6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Fax 2Client (ms_2fax) - Unknown owner - C:\WINDOWS\system32\9a271.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SysRisingUpdate (RisingUpdate) - Unknown owner - C:\Windows\system32\NRWAHLQU.EXE

症状与AV终 结 者相同,IE关键字限制......

AV的专杀没用,打开一闪就不见了

高手们,小弟等着呢

专杀没有用应该是被禁了。。。。。..

对,怎么杀呢?