我的电脑中了pqc888木马一号怎么杀???????,我用了一刀斩杀不掉,金山清理专家也不行,怎么杀啊????????????

用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

点击下载System Repair Engineer系统扫描工具软件
建议直接下载保存到系统文件夹内
扫描和上传日志的方法：
1、解压缩所下载的"sreng980.rar"压缩包；
2、打开已经解压缩的"SREng980"文件夹，双击运行其中的"我爱新郎.com"；
3、依次按“智能扫描”、选中“检查进程模块的数字签名”、“扫描”、“保存报告”，将日志保存到桌面上；
4、把保存在桌面上的日志文件以附件形式传上来,请不要更改日志内容.
友情提示：
1、扫描日志前请先关闭所有打开的软件（如QQ、迅雷等程序和IE窗口,注意，是关闭而不是最小化窗口）
2、注意在没有进一步提示前，请勿用SRENG工具胡乱修复，否则系统可能变的情况更糟。

[CODE]
2008-05-10,13:36:17
System Repair Engineer 2.6.8.980
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\windows\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <miniqqlive><"E:\QQ直播\MiniQQLive.exe">  [Tencent]
    <Antispy ARP><E:\金山清理专家\Antiarp\KASArp.EXE>  [(Verified)KINGSOFT CORPORATION]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><C:\windows/system/wincirl.com>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <SoundMan><SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]
    <BigDogPath><C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera>  [File is missing]
    <Thunder><"E:\迅雷\Thunder.exe" /s>  [Thunder Networking Technologies,LTD]
    <runeip><"E:\卡卡助手\runiep.exe" /startup>  [Beijing Rising Technology Co., Ltd.]
    <360Safetray><E:\奇虎360安全卫士\360safe\safemon\360Tray.exe /start>  [奇虎网]
    <360Safebox><"C:\Program Files\360Safebox\safeboxTray.exe" /r>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <Microsoft Agent><C:\WINDOWS\system32\SVCH0ST.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <KKDelay><E:\卡卡助手\RunOnce.exe>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe C:\windows/system32/SVCH0ST.EXE>  []
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    <WinlogonNotify: WgaLogon><WgaLogon.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
==================================
启动文件夹
[星空极速]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\星空极速.lnk --> C:\PROGRA~1\ChinaNet\VNETCL~1.EXE []><N>
[Stardock ObjectDock]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\Stardock ObjectDock.lnk --> C:\WINDOWS\OBJECT~1\OBJECT~1.EXE [Stardock]><N>
[腾讯QQ]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\腾讯QQ.lnk --> E:\QQ2008\QQ.exe [TENCENT]><N>
[QQ游戏启动加速程序]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> E:\QQGame\Accel.exe [深圳市腾讯计算机系统有限公司]><N>

服务
[Human Intexxxce Device Access / HidServ][Stopped/Disabled]
  <C:\windows\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Windows Media Player Network Sharing Service / WMPNetworkSvc][Stopped/Manual Start]
  <"C:\Program Files\Windows Media Player\WMPNetwk.exe"><Microsoft Corporation>

==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AMD K8 Processor Driver / AmdK8][Stopped/Manual Start]
  <System32\DRIVERS\amdk8.sys><Advanced Micro Devices>
[ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter / AN983][Running/Manual Start]
  <system32\DRIVERS\AN983.sys><ADMtek Incorporated.>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
  <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[Kingsoft AntiARP NIDS Driver / KAntiarp][Running/Manual Start]
  <system32\DRIVERS\kantiarp.sys><Kingsoft Corporation>
[KAVBootC / KAVBootC][Running/Boot Start]
  <\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>
[KAVSafe / KAVSafe][Running/Auto Start]
  <\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys><Kingsoft Corporation>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
  <system32\drivers\npf.sys><N/A>
[npkcrypt / npkcrypt][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\npkcrypt.sys><N/A>
[npkycryp / npkycryp][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\npkycryp.sys><N/A>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Service for NVIDIA(R) nForce(TM) MIDI UART / nvmpu401][Running/Manual Start]
  <system32\drivers\nvmpu401.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
  <\??\C:\Program Files\360Safebox\SafeBoxKrnl.sys><360安全中心>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[Windows Driver Foundation - User-mode Driver Framework Reflector / WudfRd][Stopped/Manual Start]
  <system32\DRIVERS\wudfrd.sys><Microsoft Corporation>
[VIMICRO USB PC Camera / ZSMC302][Running/Manual Start]
  <System32\Drivers\usbVM31b.sys><VM>

==================================
浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <E:\迅雷\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Kingsoft Trojan Webshield]
  {4E8A5278-C04E-4FE3-BF78-8A7CCD6EF333} <E:\金山清理专家\Kingsoft Antispy\IEBuddy.DLL, Kingsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <E:\迅雷\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <E:\奇虎360安全卫士\360safe\safemon\safemon.dll, 360.CN>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <E:\迅雷\Thunder.exe, Thunder Networking Technologies,LTD>
[IEBuddyExtControl Class]
  {3AECD3C1-7085-4731-96DC-47B6CF7EF749} <E:\金山清理专家\Kingsoft Antispy\IEBuddyExt.DLL, Kingsoft Corporation>
[访问瑞星网站]
  {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E444} <http://www.rising.com.cn/?u=RSTB, N/A>
[访问卡卡社区]
  {FF2DE7A6-ECB1-4CBC-9C0E-D92A9E66E445} <http://www.ikaka.com/?u=RSTB, N/A>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <E:\迅雷\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Web Browser Applet Control]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\msjava.dll, Microsoft Corporation>
[GerneralPeerID Class]
  {0A47E819-F82E-4D5D-B806-6A9EA94D68CD} <E:\迅雷\Components\InMedia\peerid.dll, >
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[IEBuddyExtControl Class]
  {3AECD3C1-7085-4731-96DC-47B6CF7EF749} <E:\金山清理专家\Kingsoft Antispy\IEBuddyExt.DLL, Kingsoft Corporation>
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, N/A>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <E:\迅雷\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[Kingsoft Trojan Webshield]
  {4E8A5278-C04E-4FE3-BF78-8A7CCD6EF333} <E:\金山清理专家\Kingsoft Antispy\IEBuddy.DLL, Kingsoft Corporation>
[XMP Class]
  {6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
[XDRM]
  {693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[MediaComm Class]
  {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <E:\迅雷\Components\InMedia\MediaAddin15.dll, Thunder Networking Technologies,LTD>
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <E:\奇虎360安全卫士\360safe\live.dll, 360.cn>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <E:\迅雷\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[RMGetLicense Class]
  {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[Thunder DapCtrl]
  {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.1.6.5710.37.576.dll, ShenZhen Thunder Networking Technologies Ltd.>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <E:\奇虎360安全卫士\360safe\safemon\safemon.dll, 360.CN>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[卡卡上网安全助手]

{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[Thunder DapPlayer]
  {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <E:\迅雷\Components\DownAndPlay\DapPlayer3.0.44.68.903.dll, ShenZhen Thunder Networking Technologies Ltd.>
[XPPlayer Class]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\pplayer.dll_1_work, Thunder>
[使用迅雷下载]
  <E:\迅雷\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <E:\迅雷\Program\getallurl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
  <E:\QQ2008\AddEmotion.htm, N/A>

==================================
正在运行的进程
[PID: 544 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 608 / SYSTEM][\??\C:\windows\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 632 / SYSTEM][\??\C:\windows\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\windows\system32\WgaLogon.dll]  [Microsoft Corporation, 1.7.0018.7]
    [C:\windows\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 676 / SYSTEM][C:\windows\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\windows\AppPatch\AcAdProc.dll]  [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)]
[PID: 688 / SYSTEM][C:\windows\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 836 / SYSTEM][C:\windows\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 900 / NETWORK SERVICE][C:\windows\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 944 / SYSTEM][C:\windows\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\wups2.dll]  [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[PID: 1012 / NETWORK SERVICE][C:\windows\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1092 / LOCAL SERVICE][C:\windows\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1316 / SYSTEM][C:\windows\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1436 / Administrator][C:\windows\Explorer.exe]  [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
    [C:\WINDOWS\system32\shlhook.dll]  [Beijing Rising Technology Co., Ltd., 4.0.0.9]
    [E:\奇虎360安全卫士\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 0, 1006]
    [C:\WINDOWS\system32\WPDShServiceObj.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\PortableDeviceTypes.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\windows\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\PortableDeviceApi.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\ObjectDock\DockShellHook.dll]  [N/A, ]
    [E:\迅雷\Components\ResWorker\DsBho_00.dll]  [, 1, 0, 0, 17]
    [E:\迅雷\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
    [E:\迅雷\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.16]
    [E:\迅雷\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 61]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
[PID: 1552 / SYSTEM][C:\windows\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1924 / Administrator][C:\windows\system32\SVCH0ST.EXE]  [N/A, ]
    [C:\windows\system32\MSVBVM60.DLL]  [Microsoft Corporation, 6.00.9690]
    [C:\WINDOWS\ObjectDock\DockShellHook.dll]  [N/A, ]
    [E:\奇虎360安全卫士\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 0, 1006]
[PID: 1932 / Administrator][C:\windows\system\wincirl.com]  [N/A, ]
    [C:\windows\system32\MSVBVM60.DLL]  [Microsoft Corporation, 6.00.9690]
    [E:\奇虎360安全卫士\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 0, 1006]
    [C:\WINDOWS\ObjectDock\DockShellHook.dll]  [N/A, ]
[PID: 1948 / Administrator][C:\windows\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5, 1, 0, 58]
[PID: 1956 / Administrator][C:\WINDOWS\VM_STI.EXE]  [BIGDOG, 4, 2, 610, 4]
    [C:\windows\system32\msdmo.dll]  [, ]
    [C:\windows\system32\VM31bPrp.Ax]  [Vimicro, 1.00.01.00]
[PID: 1972 / Administrator][E:\卡卡助手\runiep.exe]  [Beijing Rising Technology Co., Ltd., 5.0.0.16]
    [E:\卡卡助手\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [E:\卡卡助手\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\windows\system32\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 17]
    [C:\WINDOWS\ObjectDock\DockShellHook.dll]  [N/A, ]
    [E:\奇虎360安全卫士\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 0, 1006]
[PID: 1996 / Administrator][E:\迅雷\Program\Thunder5.exe]  [Thunder Networking Technologies,LTD, 5.7.7.441]
    [E:\迅雷\Program\BugReport.dll]  [迅雷网络, 1, 0, 1, 4]
    [E:\奇虎360安全卫士\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 0, 1006]
    [E:\迅雷\Program\TaskManager.dll]  [Thunder Networking Technologies,LTD, 1, 3, 1, 56]
    [E:\迅雷\Program\download_intexxxce.dll]  [Thunder Networking Technologies,LTD, 2, 21, 2, 217]
    [E:\迅雷\Program\stlport_vc646.dll]  [STLport Consulting, Inc., 4.6.2003.1031]
    [E:\迅雷\Program\asyn_dns.dll]  [Thunder Networking Technologies,LTD, 2, 21, 2, 217]
    [E:\迅雷\Program\streammedialib.dll]  [, 1, 3, 2, 124]
    [E:\迅雷\Program\al.dll]  [, 1, 0, 1, 3]
    [E:\迅雷\Program\xldc.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 14]
    [E:\迅雷\Program\bd.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 6]
    [E:\迅雷\Program\XLNet.Dll]  [Thunder Networking Technologies,LTD, 1, 3, 4, 18]
    [C:\WINDOWS\ObjectDock\DockShellHook.dll]  [N/A, ]
    [E:\迅雷\Components\InMedia\XLIPC.DLL]  [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
    [E:\迅雷\Program\ATL71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [E:\迅雷\Components\Security\XLSafeUI.dll]  [深圳市迅雷网络技术有限公司, 1, 0, 7, 71]
    [E:\迅雷\Plugins\XLSafeHost\XLSafeHost.dll]  [深圳市迅雷网络技术有限公司, 1, 0, 7, 57]
    [E:\迅雷\ComDlls\ThunderAgent_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 4, 23]
    [E:\迅雷\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 61]
    [E:\迅雷\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.16]
    [E:\迅雷\Components\Tips\XLIPC.DLL]  [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
    [C:\windows\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\PortableDeviceApi.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\windows\system32\javacypt.dll]  [Microsoft Corporation, 5.00.3810]
    [C:\windows\system32\msjava.dll]  [Microsoft Corporation, 5.00.3810]
    [C:\windows\system32\VMHELPER.DLL]  [Microsoft Corporation, 5.00.3810]
[PID: 2028 / Administrator][C:\windows\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [E:\奇虎360安全卫士\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 0, 1006]
    [C:\WINDOWS\ObjectDock\DockShellHook.dll]  [N/A, ]
[PID: 388 / LOCAL SERVICE][C:\windows\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 500 / Administrator][E:\金山清理专家\Antiarp\KASArp.EXE]  [Kingsoft Corporation, 2008,01,24,160]
    [E:\奇虎360安全卫士\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 0, 1006]
    [E:\金山清理专家\Antiarp\kantiarpdevc.dll]  [Kingsoft Corporation, 2007,12,18,123]
    [E:\金山清理专家\Antiarp\NetConfig.dll]  [Kingsoft Corporation, 2007,12,18,123]
[PID: 1040 / Administrator][C:\WINDOWS\ObjectDock\objectdock.exe]  [Stardock, v1.90.534u]
    [C:\WINDOWS\ObjectDock\CrashRpt.dll]  [, 3.0.2.2]
    [C:\WINDOWS\ObjectDock\dbghelp.dll]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\ObjectDock\zlib.dll]  [, 1.1.3]
    [E:\奇虎360安全卫士\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 0, 1006]
    [C:\WINDOWS\ObjectDock\ODImg.dll]  [N/A, ]
    [C:\WINDOWS\ObjectDock\DockShellHook.dll]  [N/A, ]
[PID: 3532 / Administrator][C:\windows\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\ObjectDock\DockShellHook.dll]  [N/A, ]
    [E:\奇虎360安全卫士\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 0, 1006]
[PID: 384 / Administrator][F:\Behead.exe]  [, 3, 0, 0, 0]
    [C:\WINDOWS\ObjectDock\DockShellHook.dll]  [N/A, ]
    [E:\奇虎360安全卫士\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 0, 1006]
    [C:\windows\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 2092 / Administrator][C:\Program Files\ChinaNet\VnetClient.exe]  [, 2006, 10, 11, 9]
    [C:\Program Files\ChinaNet\Communicate.dll]  [GDCN, 2006, 2, 15, 1]
    [C:\Program Files\ChinaNet\DialModule.dll]  [GDCN, 2006, 7, 25, 15]
    [C:\Program Files\ChinaNet\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [C:\WINDOWS\ObjectDock\DockShellHook.dll]  [N/A, ]
    [E:\奇虎360安全卫士\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 0, 1006]
    [C:\PROGRA~1\ChinaNet\CLIENT~1.DLL]  [, 2004, 2, 28, 1]
    [C:\PROGRA~1\ChinaNet\PLUGIN~1.OCX]  [, 2006, 6, 2, 14]
    [C:\PROGRA~1\ChinaNet\sign.dll]  [0, 2004, 12, 1, 1]
    [C:\PROGRA~1\ChinaNet\WEBPLU~1.DLL]  [, 2005, 8, 18, 1]
    [C:\PROGRA~1\ChinaNet\ADVERT~1.OCX]  [, 2006, 10, 19, 16]
    [C:\PROGRA~1\ChinaNet\VnetBs.ocx]  [, 2004, 11, 18, 1]
    [C:\PROGRA~1\ChinaNet\VnetSkin.ocx]  [GDDC, 2006, 9, 6, 15]
    [C:\PROGRA~1\ChinaNet\DialogStyle.dll]  [, 1, 0, 0, 1]
    [C:\PROGRA~1\ChinaNet\BDSearch.ocx]  [gdcn, 2006, 9, 7, 14]
    [C:\PROGRA~1\ChinaNet\PageFram.ocx]  [Workgroup, 2006, 9, 21, 18]
    [C:\PROGRA~1\ChinaNet\ACCOUN~1.OCX]  [Workgroup, 2006, 9, 26, 14]
    [C:\PROGRA~1\ChinaNet\AccountMgr.dll]  [, 2006, 9, 26, 9]
    [C:\PROGRA~1\ChinaNet\Gif89a.dll]  [, 2005, 6, 21, 1]
    [C:\PROGRA~1\ChinaNet\NOTIFY~1.OCX]  [Workgroup, 2006, 9, 15, 16]
    [C:\PROGRA~1\ChinaNet\IcosBar.ocx]  [Workgroup, 2006, 9, 25, 9]
    [C:\PROGRA~1\ChinaNet\Timer.ocx]  [, 2006, 9, 8, 17]
    [C:\PROGRA~1\ChinaNet\PLUGIN~2.OCX]  [, 2006, 4, 4, 1]
    [C:\PROGRA~1\ChinaNet\NEWMES~1.DLL]  [, 2006, 9, 23, 16]
    [C:\PROGRA~1\ChinaNet\PassCtrl.dll]  [GDCN, 2006, 3, 1, 16]
    [C:\windows\system32\wpcap.dll]  [Politecnico di Torino, 3, 0, 0, 18]
    [C:\windows\system32\pthreadVC.dll]  [N/A, ]
    [C:\windows\system32\packet.dll]  [Politecnico di Torino, 3, 0, 0, 18]
    [C:\PROGRA~1\ChinaNet\PlugPush.dll]  [, 2004, 12, 21, 1]
    [C:\PROGRA~1\ChinaNet\ALLINT~1.DLL]  [, 2006, 10, 16, 20]
    [C:\PROGRA~1\ChinaNet\VNETLO~1.OCX]  [, 2005, 10, 9, 1]
    [C:\PROGRA~1\ChinaNet\StatNum.dll]  [, 2006, 3, 1, 1]
    [C:\PROGRA~1\ChinaNet\VNETON~1.OCX]  [, 2005, 3, 2, 1]
    [C:\PROGRA~1\ChinaNet\ALLFUN~1.DLL]  [GDCN, 2006, 10, 17, 9]
    [C:\PROGRA~1\ChinaNet\VnetOptLog.dll]  [ , 2006, 9, 18, 10]
    [C:\PROGRA~1\ChinaNet\Favorite.ocx]  [, 1, 0, 0, 1]
    [C:\PROGRA~1\ChinaNet\VNETSE~1.OCX]  [, 2006, 9, 26, 9]
    [C:\PROGRA~1\ChinaNet\DlgSkin.ocx]  [, 2006, 8, 29, 15]
    [C:\Program Files\ChinaNet\Base64.dll]  [N/A, ]
    [C:\windows\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\windows\system32\javacypt.dll]  [Microsoft Corporation, 5.00.3810]
    [C:\windows\system32\msjava.dll]  [Microsoft Corporation, 5.00.3810]
    [C:\windows\system32\VMHELPER.DLL]  [Microsoft Corporation, 5.00.3810]
[PID: 1448 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\ObjectDock\DockShellHook.dll]  [N/A, ]
    [E:\奇虎360安全卫士\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 0, 1006]
    [C:\WINDOWS\system32\kakatool.dll]  [Beijing Rising Technology Co., Ltd., 5.0.0.1]
    [E:\迅雷\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.16]
    [E:\金山清理专家\Kingsoft Antispy\IEBuddy.DLL]  [Kingsoft Corporation, 2008,04,15,2]
    [E:\金山清理专家\Kingsoft Antispy\IEBuddyExt.DLL]  [Kingsoft Corporation, 2008,04,28,28]
    [E:\金山清理专家\Kingsoft Antispy\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [E:\金山清理专家\Kingsoft Antispy\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [E:\金山清理专家\Kingsoft Antispy\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [E:\金山清理专家\Kingsoft Antispy\kis.dll]  [Ki

[E:\金山清理专家\Kingsoft Antispy\dump.dll]  [Kingsoft Corporation, 2006, 2, 16, 8]
    [E:\金山清理专家\Kingsoft Antispy\KANTray.dll]  [Kingsoft Corporation, 2008,04,15,2]
    [E:\迅雷\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 61]
    [E:\迅雷\Components\ResWorker\DsBho_00.dll]  [, 1, 0, 0, 17]
    [E:\迅雷\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\windows\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\windows\system32\WINWB86.IME]  [Microsoft Corporation, 4.00.950]
[PID: 328 / Administrator][C:\windows\system32\wuauclt.exe]  [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
    [C:\WINDOWS\ObjectDock\DockShellHook.dll]  [N/A, ]
    [E:\奇虎360安全卫士\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 0, 1006]
    [C:\WINDOWS\system32\wups2.dll]  [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[PID: 2372 / Administrator][C:\新建文件夹\sreng980\我爱新郎.com]  [Smallfrogs Studio, 2.6.8.980]
[PID: 1088 / Administrator][C:\新建文件夹\sreng980\SRE9b4eb966.EXE]  [Smallfrogs Studio, 2.6.8.980]
    [C:\WINDOWS\ObjectDock\DockShellHook.dll]  [N/A, ]
    [E:\奇虎360安全卫士\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 0, 1006]

==================================
文件关联
.TXT  Error. [C:\windows\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\windows\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost
127.0.0.1  yu.8s7.net
127.0.0.1  1.jopanqc.com
127.0.0.1  2.joppnqq.com
127.0.0.1  wg.47255.com
127.0.0.1  1.joppnqq.com
127.0.0.1  xxx.m111.biz
127.0.0.1  1.jopenqc.com
127.0.0.1  1.jopenkk.com
127.0.0.1  xxx.vh7.biz
127.0.0.1  xxx.j41m.com
127.0.0.1  3.joppnqq.com
127.0.0.1  d.93se.com
127.0.0.1  www.868wg.com
127.0.0.1  xxx.mmma.biz
127.0.0.1  ilove.com
127.0.0.1  tp.shpzhan.cn
127.0.0.1  www.tomwg.com
127.0.0.1  www.cike007.cn
127.0.0.1  www.22aaa.com
127.0.0.1  xx.exiao01.com
127.0.0.1  www.exiao01.com
127.0.0.1  www.exiao01.com
127.0.0.1  new.749571.com
127.0.0.1  xtx.kv8.info
127.0.0.1  cao.kv8.info
127.0.0.1  1.jopmmqq.com
127.0.0.1  171817.171817.com
127.0.0.1  d2.llsging.com
127.0.0.1  down.malasc.cn
127.0.0.1  llboss.com
127.0.0.1  nx.51ylb.cn
127.0.0.1  my.531jx.cn
127.0.0.1  qqq.dzydhx.com
127.0.0.1  qqq.hao1658.com
127.0.0.1  www.333292.com
127.0.0.1  down.18dd.net
127.0.0.1  up.22x44.com
127.0.0.1  aaa.faba01.com
127.0.0.1  bad.tqdlt.cn
127.0.0.1  1.chsipo.com
127.0.0.1  c3.aishangai.net
127.0.0.1  c2.aishangai.net
127.0.0.1  xxx.188dm.com
127.0.0.1  x2.1a2b3c1.com
127.0.0.1  d1.163500.net
127.0.0.1  down.google-serv.cn

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 632, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1948, C:\WINDOWS\SOUNDMAN.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1956, C:\WINDOWS\VM_STI.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1972, E:\卡卡助手\RUNIEP.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1996, E:\迅雷\PROGRAM\THUNDER5.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1040, C:\WINDOWS\OBJECTDOCK\OBJECTDOCK.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 384, F:\BEHEAD.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 384, F:\BEHEAD.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2092, C:\PROGRAM FILES\CHINANET\VNETCLIENT.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2372, C:\新建文件夹\SRENG980\我爱新郎.COM]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

日志不完整  请直接将日志文件以附件形式上传  确保日志内容完整

请问附件怎么传啊?谢谢指教

1.用XDelBox勾选抑制再生后删除以下文件：(XDelBox1.7支持奥运版下载)
使用说明：删除时复制所有要删除文件的路径，在待删除文件列表里点击右键选择从剪贴板导入不检查路径，导入后在要删除文件上点击右键，选择立刻重启删除，电脑会重启进入DOS界面进行删除操作。运行xdelbox前最好卸载所有可移动存储介质（包括U盘，MP3，手机存储卡等）。

c:\windows\system\wincirl.com
c:\windows\system32\svch0st.exe
c:\windows/system/wincirl.com
c:\windows/system32/svch0st.exe
c:\windows\system32\svchost.exe -k netsvc
c:\program files\windows media player\wmpnetwk.e
c:\windows\system32\drivers\npf.sys

2.删除重启后使用SREng修复下面各项：

    启动项目 －－ 注册表之如下项删除：
注意该项[load]修改：把<load><C:\windows/system/wincirl.com>编辑为<load><>即清空他的值
[Microsoft Agent] 
注意该项[shell]修改：把<Explorer.exe C:\windows/system32/SVCH0ST.EXE>修改为<Explorer.exe>即清除Explorer.exe后面的内容

    启动项目 －－　启动文件夹之如下项删除：
[QQ游戏启动加速程序] 
[Windows Media Player Network Sharing Service / WMPNetworkSvc]   

    启动项目 －－ 服务－－ 驱动程序之如下项删除：
[Netgroup Packet Filter / NPF]   

全部做完后  下载以下软件清理一次并更新杀毒软件至最新，全盘扫描一次：

清理系统临时文件和IE临时文件夹
http://www.atribune.org/public-beta/ATF-Cleaner.exe
用金山清理专家清理恶意软件
http://www.duba.net/zt/ksc/down.shtml
下载 windows清理助手清理一遍
http://www.arswp.com/download/arswp2/arswp2.zip

请在删除文件只后  将XDelBox目录下的backups文件夹打包传上来 谢谢！