好久没有来，生了一场大病，刚痊愈，我会努力的为大家看日志，解决问题的，就是希望高手可以帮助我，使我更快速的成长，在这里谢谢斑竹：猫叔and小聪。也希望他们可以帮我解决下面这个问题，让我了解这个问题出在哪里。

Trojan.Clicker.Agent.aty这个病毒，原理也很简单，就是一个广告病毒，病毒运行后释放c:\Windows\system32\jdsthu1.exe这个文件，并运行，安装一个搜索工具栏，在C:\Program Files\下面，其中的soso.dll报告病毒，具体他是如何运行的，我就不知道了，很简单就可以删除。但是问题也就出来了，他在一个小时左右会重复下载（我费劲九牛二虎之力也没有找到为什么下载），这也是我的问题，为什么会重复下载，而且下载的文件是C:\WINDOWS\explorer.exe。这个文件来执行的，现在计算机隔一定时间，就被释放病毒，然后我就收工删除，虽然不麻烦，但是很犯人，还有就是同样道理释放一个c:\windows\system32\media\services.exe这个文件，病毒名Trojan.VB.ui，和那个现象一样，只要C:\WINDOWS\explorer.exe被启动一次，这两个病毒就同时被释放，而且C:\WINDOWS\explorer.exe此文件大小和安装的时候一样，没有被修改，怀疑是DLL，但是找不出，连启动都是正常，没有任何异常（全部找的原地方）

顶起来，希望猫叔可以看到

看过你的帖子，好像不能用，我的是DLL文件，怎么用阿，病毒原理我也能搞明白，删除方法也有，就是他一小时恢复一次，我不知道哪里没有删除干净，还是病毒从网上自动下载（日志已经没有用处，正常的不能再正常了）

【回复“鸟儿天上飞”的帖子】哈哈，这个不算是病毒，说流氓软件比较好，在查资料的时候中的，一个网页木马，最开始只是这么认为，删除后居然还恢复，这个让我头疼，而且找不到恢复原因，虚拟机下也进行了实验，那个是撤头撤尾的流氓软件，而且按照添加的报告，只添加了流氓部分，没有添加下载部分，实在搞不明白了。

REGSHOT  记录文件
个人注释:
日期时间:2007/1/6 17:14:09  ,  2007/1/6 17:14:20
计算机名:QWE-716E520DF7A , QWE-716E520DF7A
用户名称:qwe , qwe

----------------------------------
添加主键:44
----------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F0E8CF5-F8BF-4645-8BA5-B77F8440A2FE}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F0E8CF5-F8BF-4645-8BA5-B77F8440A2FE}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F0E8CF5-F8BF-4645-8BA5-B77F8440A2FE}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F0E8CF5-F8BF-4645-8BA5-B77F8440A2FE}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F0E8CF5-F8BF-4645-8BA5-B77F8440A2FE}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F0E8CF5-F8BF-4645-8BA5-B77F8440A2FE}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FD0FCC2-3CBF-4D9D-8515-C48EB7C922F9}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FD0FCC2-3CBF-4D9D-8515-C48EB7C922F9}\Implemented Categories
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FD0FCC2-3CBF-4D9D-8515-C48EB7C922F9}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FD0FCC2-3CBF-4D9D-8515-C48EB7C922F9}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FD0FCC2-3CBF-4D9D-8515-C48EB7C922F9}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FD0FCC2-3CBF-4D9D-8515-C48EB7C922F9}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FD0FCC2-3CBF-4D9D-8515-C48EB7C922F9}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FD0FCC2-3CBF-4D9D-8515-C48EB7C922F9}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FD0FCC2-3CBF-4D9D-8515-C48EB7C922F9}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{921BCA06-B9C9-49A7-8F0E-26084B438CF4}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{921BCA06-B9C9-49A7-8F0E-26084B438CF4}\1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{921BCA06-B9C9-49A7-8F0E-26084B438CF4}\1.0\0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{921BCA06-B9C9-49A7-8F0E-26084B438CF4}\1.0\0\win32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{921BCA06-B9C9-49A7-8F0E-26084B438CF4}\1.0\FLAGS
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{921BCA06-B9C9-49A7-8F0E-26084B438CF4}\1.0\HELPDIR
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ToolBand.XBTP07744
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ToolBand.XBTP07744\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ToolBand.XBTP07744\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ToolBand.XBTP07744.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ToolBand.XBTP07744.1\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\XBTB07744.IEToolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\XBTB07744.IEToolbar\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\XBTB07744.IEToolbar\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\XBTB07744.IEToolbar.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\XBTB07744.IEToolbar.1\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\XBTB07744.XBTB07744
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\XBTB07744.XBTB07744\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\XBTB07744.XBTB07744\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\XBTB07744.XBTB07744.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\XBTB07744.XBTB07744.1\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6F0E8CF5-F8BF-4645-8BA5-B77F8440A2FE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XBTB07744.XBTB07744Toolbar
HKEY_USERS\S-1-5-21-861567501-1844237615-839522115-1003\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_USERS\S-1-5-21-861567501-1844237615-839522115-1003\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN
HKEY_USERS\S-1-5-21-861567501-1844237615-839522115-1003\Software\XBTB07744
HKEY_USERS\S-1-5-21-861567501-1844237615-839522115-1003\Software\XBTB07744\Toolbar
HKEY_USERS\S-1-5-21-861567501-1844237615-839522115-1003\Software\XBTB07744\Toolbar\tb_items

REGSHOT  记录文件
个人注释:
日期时间:2007/1/6 17:14:09  ,  2007/1/6 17:14:20
计算机名:QWE-716E520DF7A , QWE-716E520DF7A
用户名称:qwe , qwe

----------------------------------
添加主键:44
----------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F0E8CF5-F8BF-4645-8BA5-B77F8440A2FE}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F0E8CF5-F8BF-4645-8BA5-B77F8440A2FE}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F0E8CF5-F8BF-4645-8BA5-B77F8440A2FE}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F0E8CF5-F8BF-4645-8BA5-B77F8440A2FE}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F0E8CF5-F8BF-4645-8BA5-B77F8440A2FE}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F0E8CF5-F8BF-4645-8BA5-B77F8440A2FE}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FD0FCC2-3CBF-4D9D-8515-C48EB7C922F9}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FD0FCC2-3CBF-4D9D-8515-C48EB7C922F9}\Implemented Categories
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FD0FCC2-3CBF-4D9D-8515-C48EB7C922F9}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FD0FCC2-3CBF-4D9D-8515-C48EB7C922F9}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FD0FCC2-3CBF-4D9D-8515-C48EB7C922F9}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FD0FCC2-3CBF-4D9D-8515-C48EB7C922F9}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FD0FCC2-3CBF-4D9D-8515-C48EB7C922F9}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FD0FCC2-3CBF-4D9D-8515-C48EB7C922F9}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FD0FCC2-3CBF-4D9D-8515-C48EB7C922F9}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{921BCA06-B9C9-49A7-8F0E-26084B438CF4}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{921BCA06-B9C9-49A7-8F0E-26084B438CF4}\1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{921BCA06-B9C9-49A7-8F0E-26084B438CF4}\1.0\0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{921BCA06-B9C9-49A7-8F0E-26084B438CF4}\1.0\0\win32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{921BCA06-B9C9-49A7-8F0E-26084B438CF4}\1.0\FLAGS
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{921BCA06-B9C9-49A7-8F0E-26084B438CF4}\1.0\HELPDIR
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ToolBand.XBTP07744
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ToolBand.XBTP07744\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ToolBand.XBTP07744\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ToolBand.XBTP07744.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ToolBand.XBTP07744.1\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\XBTB07744.IEToolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\XBTB07744.IEToolbar\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\XBTB07744.IEToolbar\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\XBTB07744.IEToolbar.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\XBTB07744.IEToolbar.1\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\XBTB07744.XBTB07744
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\XBTB07744.XBTB07744\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\XBTB07744.XBTB07744\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\XBTB07744.XBTB07744.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\XBTB07744.XBTB07744.1\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6F0E8CF5-F8BF-4645-8BA5-B77F8440A2FE}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XBTB07744.XBTB07744Toolbar
HKEY_USERS\S-1-5-21-861567501-1844237615-839522115-1003\Software\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_USERS\S-1-5-21-861567501-1844237615-839522115-1003\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN
HKEY_USERS\S-1-5-21-861567501-1844237615-839522115-1003\Software\XBTB07744
HKEY_USERS\S-1-5-21-861567501-1844237615-839522115-1003\Software\XBTB07744\Toolbar
HKEY_USERS\S-1-5-21-861567501-1844237615-839522115-1003\Software\XBTB07744\Toolbar\tb_items

----------------------------------
添加键值:77
----------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F0E8CF5-F8BF-4645-8BA5-B77F8440A2FE}\VersionIndependentProgID\: "ToolBand.XBTP07744"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F0E8CF5-F8BF-4645-8BA5-B77F8440A2FE}\TypeLib\: "{921BCA06-B9C9-49a7-8F0E-26084B438CF4}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F0E8CF5-F8BF-4645-8BA5-B77F8440A2FE}\ProgID\: "ToolBand.XBTP07744.1"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F0E8CF5-F8BF-4645-8BA5-B77F8440A2FE}\InprocServer32\: "C:\PROGRA~1\搜阉索鞴工~1\soso.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F0E8CF5-F8BF-4645-8BA5-B77F8440A2FE}\InprocServer32\ThreadingModel: "Apartment"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F0E8CF5-F8BF-4645-8BA5-B77F8440A2FE}\: "XBTP07744 Class"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FD0FCC2-3CBF-4D9D-8515-C48EB7C922F9}\VersionIndependentProgID\: "XBTB07744.XBTB07744"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FD0FCC2-3CBF-4D9D-8515-C48EB7C922F9}\TypeLib\: "{921BCA06-B9C9-49a7-8F0E-26084B438CF4}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FD0FCC2-3CBF-4D9D-8515-C48EB7C922F9}\ProgID\: "XBTB07744.XBTB07744.1"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FD0FCC2-3CBF-4D9D-8515-C48EB7C922F9}\InprocServer32\: "C:\Program Files\搜索工具栏\soso.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FD0FCC2-3CBF-4D9D-8515-C48EB7C922F9}\InprocServer32\ThreadingModel: "Apartment"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FD0FCC2-3CBF-4D9D-8515-C48EB7C922F9}\: "搜索工具栏"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{921BCA06-B9C9-49A7-8F0E-26084B438CF4}\1.0\0\win32\: "C:\Program Files\搜索工具栏\soso.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{921BCA06-B9C9-49A7-8F0E-26084B438CF4}\1.0\HELPDIR\: "C:\Program Files\搜索工具栏\"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{921BCA06-B9C9-49A7-8F0E-26084B438CF4}\1.0\FLAGS\: "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{921BCA06-B9C9-49A7-8F0E-26084B438CF4}\1.0\: "Softomate 1.0 Type Library"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ToolBand.XBTP07744\CurVer\: "ToolBand.XBTP07744.1"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ToolBand.XBTP07744\CLSID\: "{6F0E8CF5-F8BF-4645-8BA5-B77F8440A2FE}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ToolBand.XBTP07744\: "XBTP07744 Class"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ToolBand.XBTP07744.1\CLSID\: "{6F0E8CF5-F8BF-4645-8BA5-B77F8440A2FE}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ToolBand.XBTP07744.1\: "XBTP07744 Class"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\XBTB07744.IEToolbar\CurVer\: "XBTB07744.IEToolbar.1"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\XBTB07744.IEToolbar\CLSID\: "{8FD0FCC2-3CBF-4D9D-8515-C48EB7C922F9}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\XBTB07744.IEToolbar\: "IE Toolbar"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\XBTB07744.IEToolbar.1\CLSID\: "{8FD0FCC2-3CBF-4D9D-8515-C48EB7C922F9}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\XBTB07744.IEToolbar.1\: "IE Toolbar"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\XBTB07744.XBTB07744\CurVer\: "XBTB07744.XBTB07744.1"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\XBTB07744.XBTB07744\CLSID\: "{8FD0FCC2-3CBF-4D9D-8515-C48EB7C922F9}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\XBTB07744.XBTB07744\: "搜索工具栏"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\XBTB07744.XBTB07744.1\CLSID\: "{8FD0FCC2-3CBF-4D9D-8515-C48EB7C922F9}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\XBTB07744.XBTB07744.1\: "搜索工具栏"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{8FD0FCC2-3CBF-4D9D-8515-C48EB7C922F9}: 00
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6F0E8CF5-F8BF-4645-8BA5-B77F8440A2FE}\: "XBTP07744"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XBTB07744.XBTB07744Toolbar\DisplayName: "搜索"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\XBTB07744.XBTB07744Toolbar\UninstallString: 72 65 67 73 76 72 33 32 20 2F 75 20 2F 73 20 22 43 3A 5C 50 72 6F 67 72 61 6D 20 46 69 6C 65 73 5C CB D1 CB F7 B9 A4 BE DF C0 B8 5C 73 6F 73 6F 2E
HKEY_USERS\S-1-5-21-861567501-1844237615-839522115-1003\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe: 0x00000000
HKEY_USERS\S-1-5-21-861567501-1844237615-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:R:\wqfguh1.rkr: 01 00 00 00 06 00 00 00 50 C7 E0 15 B6 31 C7 01
HKEY_USERS\S-1-5-21-861567501-1844237615-839522115-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\E:\jdsthu1.exe: "jdsthu1"
HKEY_USERS\S-1-5-21-861567501-1844237615-839522115-1003\Software\XBTB07744\Toolbar\tb_items\Widthcombo11: 0x00000001
HKEY_USERS\S-1-5-21-861567501-1844237615-839522115-1003\Software\XBTB07744\Toolbar\corruptedMsg: ""
HKEY_USERS\S-1-5-21-861567501-1844237615-839522115-1003\Software\XBTB07744\Toolbar\uninstallMsg: ""
HKEY_USERS\S-1-5-21-861567501-1844237615-839522115-1003\Software\XBTB07744\Toolbar\updateMsg: ""
HKEY_USERS\S-1-5-21-861567501-1844237615-839522115-1003\Software\XBTB07744\Toolbar\autoUpdateMsg: ""
HKEY_USERS\S-1-5-21-861567501-1844237615-839522115-1003\Software\XBTB07744\Toolbar\versionError: ""
HKEY_USERS\S-1-5-21-861567501-1844237615-839522115-1003\Software\XBTB07744\Toolbar\connectionError: ""
HKEY_USERS\S-1-5-21-861567501-1844237615-839522115-1003\Software\XBTB07744\Toolbar\lastVersionMsg: ""
HKEY_USERS\S-1-5-21-861567501-1844237615-839522115-1003\Software\XBTB07744\Toolbar\contextMenuItemName: ""
HKEY_USERS\S-1-5-21-861567501-1844237615-839522115-1003\Software\XBTB07744\Toolbar\closeAllWindowsForUpdate: ""
HKEY_USERS\S-1-5-21-861567501-1844237615-839522115-1003\Software\XBTB07744\Toolbar\firstURL: ""
HKEY_USERS\S-1-5-21-861567501-1844237615-839522115-1003\Software\XBTB07744\Toolbar\serverpath: ""
HKEY_USERS\S-1-5-21-861567501-1844237615-839522115-1003\Software\XBTB07744\Toolbar\updateUrl: ""
HKEY_USERS\S-1-5-21-861567501-1844237615-839522115-1003\Software\XBTB07744\Toolbar\urlAfterUpdate: ""
HKEY_USERS\S-1-5-21-861567501-1844237615-839522115-1003\Software\XBTB07744\Toolbar\urlAfterUninstall: "http://www.kuaiso.com"
HKEY_USERS\S-1-5-21-861567501-1844237615-839522115-1003\Software\XBTB07744\Toolbar\contextSearch: "http://toolsbar.kuaiso.com/search.htm?st=1&dir=1&wd=%selection"
HKEY_USERS\S-1-5-21-861567501-1844237615-839522115-1003\Software\XBTB07744\Toolbar\OpenNew: "0"
HKEY_USERS\S-1-5-21-861567501-1844237615-839522115-1003\Software\XBTB07744\Toolbar\AutoComplete: "1"
HKEY_USERS\S-1-5-21-861567501-1844237615-839522115-1003\Software\XBTB07744\Toolbar\KeepHistory: "0"
HKEY_USERS\S-1-5-21-861567501-1844237615-839522115-1003\Software\XBTB07744\Toolbar\RunSearchAutomatically: "1"
HKEY_USERS\S-1-5-21-861567501-1844237615-839522115-1003\Software\XBTB07744\Toolbar\RunSearchDragAutomatically: "1"
HKEY_USERS\S-1-5-21-861567501-1844237615-839522115-1003\Software\XBTB07744\Toolbar\DescriptiveText: "1"
HKEY_USERS\S-1-5-21-861567501-1844237615-839522115-1003\Software\XBTB07744\Toolbar\ShowHighlightButton: "1"
HKEY_USERS\S-1-5-21-861567501-1844237615-839522115-1003\Software\XBTB07744\Toolbar\ShowFindButtons: "0"
HKEY_USERS\S-1-5-21-861567501-1844237615-839522115-1003\Software\XBTB07744\Toolbar\UpdateAutomatically: "2"
HKEY_USERS\S-1-5-21-861567501-1844237615-839522115-1003\Software\XBTB07744\Toolbar\EditWidthcombo1: "1"
HKEY_USERS\S-1-5-21-861567501-1844237615-839522115-1003\Software\XBTB07744\Toolbar\#EditWidthcombo1#: "Widthcombo11"
HKEY_USERS\S-1-5-21-861567501-1844237615-839522115-1003\Software\XBTB07744\Toolbar\PopStop: ""
HKEY_USERS\S-1-5-21-861567501-1844237615-839522115-1003\Software\XBTB07744\Toolbar\ErrorMsg: ""
HKEY_USERS\S-1-5-21-861567501-1844237615-839522115-1003\Software\XBTB07744\Toolbar\AlertMsg: ""
HKEY_USERS\S-1-5-21-861567501-1844237615-839522115-1003\Software\XBTB07744\Toolbar\FindWord: "Select %currentword on the page"
HKEY_USERS\S-1-5-21-861567501-1844237615-839522115-1003\Software\XBTB07744\Toolbar\AutoSearch: "http://toolsbar.kuaiso.com/search.htm?st=1&dir=1&wd=%s"
HKEY_USERS\S-1-5-21-861567501-1844237615-839522115-1003\Software\XBTB07744\Toolbar\AutoWild: ""
HKEY_USERS\S-1-5-21-861567501-1844237615-839522115-1003\Software\XBTB07744\Toolbar\CloseWindow: "1"
HKEY_USERS\S-1-5-21-861567501-1844237615-839522115-1003\Software\XBTB07744\Toolbar\OldAssitant1: "http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
HKEY_USERS\S-1-5-21-861567501-1844237615-839522115-1003\Software\XBTB07744\Toolbar\toolbar_id: "{15CD1708-BB55-4dfd-8A19-34D945B8194F}"
HKEY_USERS\S-1-5-21-861567501-1844237615-839522115-1003\Software\XBTB07744\Toolbar\toolbar_version: "<TOOLBAR name="鎼滅储宸ュ叿鏍? version="1.0"/>"
HKEY_USERS\S-1-5-21-861567501-1844237615-839522115-1003\Software\XBTB07744\Toolbar\firstTime: "1"
HKEY_USERS\S-1-5-21-861567501-1844237615-839522115-1003\Software\XBTB07744\Toolbar\TBShow: "1"

----------------------------------
修改键值:3
----------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed: E3 98 F1 71 FD 65 29 54 4D B1 F5 FC E7 FB 22 AC 0C 10 0A 51 28 CC 26 D6 C9 A0 BE 47 90 9A 9A 7A D8 30 69 A4 F7 68 04 90 EE 4D 3F BF BC 06 A3 51 F9 4A B3 7B 02 12 3E B7 82 E3 87 0F C1 13 3F 4A 02 4C 34 69 97 1E 4E 76 A8 80 43 DD 05 5B 7D 18
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed: 9A 94 31 1A 72 3A F0 BD 84 F5 16 DC 7F 40 7D E9 34 87 D1 5C 05 29 66 0B 86 D6 4E 35 90 FC 71 E0 61 EC 0E 30 80 2E 35 D8 94 49 89 E6 5C B3 09 5A EC 51 7A F1 B1 D0 3D B8 23 59 CD 85 C8 54 D9 F3 59 D4 57 8B 83 EB D6 BB 1E 25 0E F2 16 10 30 E9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant: "http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant: "http://toolsbar.kuaiso.com/search.html"
HKEY_USERS\S-1-5-21-861567501-1844237615-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU: 01 00 00 00 0F 00 00 00 E0 10 8D 08 B6 31 C7 01
HKEY_USERS\S-1-5-21-861567501-1844237615-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU: 01 00 00 00 10 00 00 00 50 C7 E0 15 B6 31 C7 01

----------------------------------
添加文件:7
----------------------------------
C:\Program Files\搜索工具栏\basis.xml
C:\Program Files\搜索工具栏\icons.bmp
C:\Program Files\搜索工具栏\soso.crc
C:\Program Files\搜索工具栏\soso.dll
C:\Program Files\搜索工具栏\soso_i.bmp
C:\Program Files\搜索工具栏\version.txt
C:\WINDOWS\Prefetch\JDSTHU1.EXE-18348511.pf

----------------------------------
修改文件:4
----------------------------------
C:\Documents and Settings\qwe\NTUSER.DAT.LOG
C:\WINDOWS\Prefetch\REGSVR32.EXE-25EEFE2F.pf
C:\WINDOWS\system32\config\software
C:\WINDOWS\system32\config\software.LOG

----------------------------------
添加目录:6
----------------------------------
C:\Program Files\搜索工具栏
C:\Program Files\搜索工具栏\.
C:\Program Files\搜索工具栏\..
C:\Program Files\搜索工具栏\Cache
C:\Program Files\搜索工具栏\Cache\.
C:\Program Files\搜索工具栏\Cache\..

----------------------------------
总计:141
----------------------------------

以上是病毒文件的修改，请对网络下载部分赐教，猫叔，但是我还是不明白病毒的原理阿，太让我头疼，向学习一下技术，怎么能让他不用你说的那种方法，病毒就删除了