如图，我用的是卡巴，老是提示发现木马，但无论如何删除不了。重新开机后提示还有。

用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; Maxthon)

我之后又用了大名鼎鼎的冰刃，还是删除不了，当时删除后就有了。我重启机器后，还是发现了这个。卡巴也发现报警。后来又用了可以删除并抑制再生的PowerRmv，还是不行。也用了号称删除驱动级病毒最厉害的unlocker，结果还是无功而返。

我查看了启动项，注册表等项，也没有发现可能的项目。我到底该如何删除这个可恶的木马呢？

各种删除软件用到最后，卡巴还是发现了这个可恶的木马！

呵呵，一直在用这个的。请看扫描日志：[code]2008-05-03,15:31:59
System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)
Windows 2000 Professional Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能
以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <Internat.exe><internat.exe>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <kis><"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe">  [Kaspersky Lab]
    <Synchronization Manager><mobsync.exe /logon>  [(Verified)Microsoft Windows 2000 Publisher]
    <nwiz><nwiz.exe /install>  [NVIDIA Corporation]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <pdfFactory Pro 分配器 v2><C:\WINNT\system32\spool\DRIVERS\W32X86\3\fppdis2a.exe>  [FinePrint Software, LLC]
    <runeip><"C:\Program Files\Rising\AntiSpyware\runiep.exe" /startup>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows 2000 Publisher]
    <Userinit><C:\WINNT\system32\UserInit.exe,,"C:\Program Files\HFEE\SVOHOST.EXE" un userinit.exe>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINNT\system32\shlhook.dll>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
    <WinlogonNotify: klogon><C:\WINNT\system32\klogon.dll>  [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Windows Media Player><C:\WINNT\system32\setup\wmpocm.exe /ShowWMP>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express 访问><"C:\WINNT\system32\shmgrate.exe" OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\wmp.inf,PerUserStub>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <Address Book 5><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
    <CRLUpdate><%SystemRoot%\system32\updcrl.exe -e -u %SystemRoot%\system32\verisignpub1.crl>  [N/A]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINNT\system32\ssstars.scr>  [(Verified)Microsoft Windows 2000 Publisher]
==================================
启动文件夹
N/A
==================================
服务
[卡巴斯基互联网安全套装 6.0 / AVP][Running/Auto Start]
  <"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r><Kaspersky Lab>
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[NVIDIA Driver Helper Service / NVSvc][Running/Auto Start]
  <C:\WINNT\system32\nvsvc32.exe><NVIDIA Corporation>
==================================
驱动程序
[Service for Avance AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Avance Logic, Inc.>
[bi47a2 / bi47a2g][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\bi47a2g.sys><N/A>
[PC-Cam / DCamUSBNW820][Stopped/Manual Start]
  <system32\DRIVERS\pccam.sys><N/A>
[dmboot / dmboot][Stopped/Disabled]
  <System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\dmio.sys><VERITAS Software Corp.>
[kl1 / kl1][Running/Boot Start]
  <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif][Running/System Start]
  <\??\C:\WINNT\system32\drivers\klif.sys><Kaspersky Lab>
[SURECOM EP-320X-S 100/10M Ethernet PCI Adapter / MTD80X][Running/Manual Start]
  <system32\DRIVERS\EP320XS.SYS><Myson Technology Inc>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[WAN Miniport (PPP over Ethernet Protocol) / RMSPPPOE][Running/Manual Start]
  <system32\DRIVERS\RMSPPPOE.SYS><Robert Schlabbach>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
[sptd / sptd][Stopped/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><Duplex Secure Ltd.>
[TSP / TSP][Stopped/Manual Start]
  <\??\C:\WINNT\system32\drivers\klif.sys><Kaspersky Lab>
[World Standard Teletext Codec / WSTCODEC][Stopped/Disabled]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
==================================
浏览器加载项
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 360.CN>
[Web反病毒保护]
  {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll, Kaspersky Lab>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[@msdxmLC.dll,-1@2052,电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINNT\system32\aliedit\aliedit.dll, >
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINNT\system32\wuweb.dll, Microsoft Corporation>
[WangWangObj Class]
  {6E213FC7-DD5A-4115-B7E6-D4C7838C361E} <C:\Program Files\Alisoft\WangWang\WangWangX4.dll, 阿里巴巴软件(上海)有限公司>
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360.cn>
[使用迅雷下载]
  <C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[使用迅雷下载全部链接]
  <C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
==================================

正在运行的进程
[PID: 176][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 208][\??\C:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 228][\??\C:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.00.2195.6997]
    [C:\WINNT\system32\klogon.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
    [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
[PID: 256][C:\WINNT\system32\services.exe]  [Microsoft Corporation, 5.00.2195.7035]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\WINNT\system32\dmserver.dll]  [VERITAS Software Corp., 2195.6605.297.3]
[PID: 268][C:\WINNT\system32\lsass.exe]  [Microsoft Corporation, 5.00.2195.7011]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
[PID: 440][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
[PID: 468][C:\WINNT\system32\spoolsv.exe]  [Microsoft Corporation, 5.00.2195.7059]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\WINNT\system32\fppmon2.dll]  [FinePrint Software, LLC, 2.15]
    [C:\WINNT\system32\fppr232.dll]  [FinePrint Software, LLC, 2.15]
[PID: 512][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\WINNT\system32\unimdm.tsp]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\system32\kmddsp.tsp]  [Microsoft Corporation, 5.00.2150.1]
    [C:\WINNT\system32\ndptsp.tsp]  [Microsoft Corporation, 5.00.2143.1]
    [C:\WINNT\system32\ipconf.tsp]  [Microsoft Corporation, 5.00.2143.1]
    [C:\WINNT\system32\h323.tsp]  [Microsoft Corporation, 5.00.2195.6901]
[PID: 540][C:\WINNT\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.13.10.2942]
[PID: 576][C:\WINNT\system32\regsvc.exe]  [Microsoft Corporation, 5.00.2195.6701]
[PID: 620][C:\WINNT\system32\MSTask.exe]  [Microsoft Corporation, 4.71.2195.6972]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
[PID: 664][C:\WINNT\System32\WBEM\WinMgmt.exe]  [Microsoft Corporation, 1.50.1085.0100]
[PID: 716][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\WINNT\system32\msadp32.acm]  [Microsoft Corporation, 5.00.2134.1]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
    [C:\WINNT\system32\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\klscav.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\pr_remote.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prloader.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prkernel.ppl]  [Kaspersky Lab, 6.0.0.299]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\params.ppl]  [Kaspersky Lab, 6.0.0.299]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\pxstub.ppl]  [Kaspersky Lab, 6.0.0.299]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\tempfile.ppl]  [Kaspersky Lab, 6.0.0.299]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\nfio.ppl]  [Kaspersky Lab, 6.0.0.299]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\fsdrvplgn.ppl]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 5, 1001]
    [C:\Program Files\Unlocker\UnlockerCOM.dll]  [N/A, ]
    [C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll]  [Nero AG, 2, 0, 4, 3]
    [C:\Program Files\Nero\Nero 7\Nero BackItUp\MFC71U.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [D:\Program Files\TechSmith\SnagIt 7\SnagItShellExt.dll]  [TechSmith 公司, 1.0.0.1]
    [C:\Program Files\ACD Systems\PicaView\Picaview.dll]  [ACD Systems, Ltd., 2, 0, 0, 84]
    [C:\Program Files\ACD Systems\PlugIns\IDE_ACDStd.apl]  [ACD Systems, Ltd., 1, 3, 1, 0598]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\shellex.dll]  [Kaspersky Lab, 6.0.0.299]
[PID: 2160][C:\Program Files\TENCENT\QQ\QQ.exe]  [TENCENT, 8,0,714,1791]
    [C:\Program Files\TENCENT\QQ\QQBaseClassInDll.dll]  [TENCENT, 8,0,714,1791]
    [C:\Program Files\TENCENT\QQ\QQHelperDll.dll]  [TENCENT, 8,0,714,1791]
    [C:\Program Files\TENCENT\QQ\BasicCtrlDll.dll]  [TENCENT, 8,0,713,1791]
    [C:\Program Files\TENCENT\QQ\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [C:\WINNT\system32\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\TENCENT\QQ\RICHED32.DLL]  [Microsoft Corporation, 5.00.2134.1]
    [C:\Program Files\TENCENT\QQ\RICHED20.dll]  [Microsoft Corporation, 5.31.23.1218]
    [C:\Program Files\TENCENT\QQ\QQAPI.dll]  [TENCENT, 8,0,713,1791]
    [C:\Program Files\TENCENT\QQ\LoginCtrl.dll]  [TENCENT, 8,0,714,1791]
    [C:\Program Files\TENCENT\QQ\LoginCtrlRes.dll]  [TENCENT, 8,0,713,1791]
    [C:\Program Files\TENCENT\QQ\QQRes.dll]  [TENCENT, 8,0,714,1791]
    [C:\Program Files\TENCENT\QQ\QQMainFrame.dll]  [N/A, ]
    [C:\Program Files\TENCENT\QQ\gdiplus.dll]  [Microsoft Corporation, 5.1.3102.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\TENCENT\QQ\UnReadMsgMgr.dll]  [N/A, ]
    [C:\Program Files\TENCENT\QQ\QQPlugin.dll]  [N/A, ]
    [C:\Program Files\TENCENT\QQ\CQQApplication.dll]  [N/A, ]
    [C:\Program Files\TENCENT\QQ\FlashAvatarDll.dll]  [, 1, 4, 0, 1]
    [C:\Program Files\TENCENT\QQ\NewSkin.dll]  [TENCENT, 8,0,713,1791]
    [C:\Program Files\TENCENT\QQ\MailSummary.dll]  [TENCENT, 8,0,713,1791]
    [C:\Program Files\TENCENT\QQ\QQSpace.dll]  [TENCENT, 8,0,713,1791]
    [C:\Program Files\TENCENT\QQ\vbscript.dll]  [Microsoft Corporation, 5.6.0.7426]
    [C:\Program Files\TENCENT\QQ\QQKnowledgeSearch.dll]  [TENCENT, 8,0,713,1791]
    [C:\Program Files\TENCENT\QQ\OEMApplication.dll]  [TENCENT, 8,0,713,1791]
    [C:\Program Files\TENCENT\QQ\QQGroupMng.dll]  [TENCENT, 8,0,713,1791]
    [C:\Program Files\TENCENT\QQ\QQAllInOne.dll]  [TENCENT, 8,0,713,1791]
    [C:\Program Files\TENCENT\QQ\SCCore.dll]  [TENCENT, 1, 6, 0, 2]
    [C:\Program Files\TENCENT\QQ\CameraDll.dll]  [TENCENT, 8,0,713,1791]
    [C:\Program Files\TENCENT\QQ\QQPet.dll]  [TENCENT, 8,0,713,1791]
    [C:\Program Files\TENCENT\QQ\UserDefinedHead.dll]  [TENCENT, 8,0,713,1791]
    [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
    [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
    [C:\Program Files\TENCENT\QQ\QRingMng.dll]  [N/A, ]
    [C:\Program Files\TENCENT\QQ\QQConfigPlugin.dll]  [TENCENT, 8,0,713,1791]
    [C:\Program Files\TENCENT\QQ\LongConnection.dll]  [TENCENT, 8,0,713,1791]
    [C:\Program Files\TENCENT\QQ\QQCustomFace.dll]  [N/A, ]
    [C:\Program Files\TENCENT\QQ\QQAvatar.dll]  [N/A, ]
    [C:\Program Files\TENCENT\QQ\PhoneAPI.dll]  [TENCENT, 8,0,713,1791]
    [C:\Program Files\TENCENT\QQ\DialerAllinOne.dll]  [tencent, 1, 4, 0, 0]
    [C:\Program Files\TENCENT\QQ\ImageOle.dll]  [TENCENT, 8,0,713,1791]
    [C:\Program Files\TENCENT\QQ\QQLiveQMng.dll]  [TENCENT, 8,0,713,1791]
    [C:\Program Files\TENCENT\QQ\QQSceneMng.dll]  [N/A, ]
    [C:\WINNT\system32\Macromed\Flash\Flash9d.ocx]  [Adobe Systems, Inc., 9,0,47,0]
    [C:\Program Files\TENCENT\QQ\BQQApplication.dll]  [N/A, ]
    [C:\WINNT\system32\WBJJU.IME]  [北京六合源软件技术有限公司, 2, 8, 0, 0]
    [C:\WINNT\system32\WbCodeU.dll]  [, 2, 8, 0, 0]
    [C:\Program Files\TENCENT\QQ\QQSysMsgMng.dll]  [N/A, ]
    [C:\Program Files\TENCENT\QQ\CommercesMng.dll]  [TENCENT, 8,0,713,1791]
    [C:\Program Files\TENCENT\QQ\PersonalDesktop.dll]  [TENCENT, 8,0,713,1791]
    [C:\Program Files\TENCENT\QQ\QQAddr.dll]  [深圳市腾讯计算机系统有限公司, 5, 0, 101, 330]
    [C:\Program Files\TENCENT\QQ\AddrSearch.dll]  [腾讯科技（深圳）有限公司, 2, 2, 1, 13]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\klscav.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\pr_remote.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prloader.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prkernel.ppl]  [Kaspersky Lab, 6.0.0.299]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\params.ppl]  [Kaspersky Lab, 6.0.0.299]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\pxstub.ppl]  [Kaspersky Lab, 6.0.0.299]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\tempfile.ppl]  [Kaspersky Lab, 6.0.0.299]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\nfio.ppl]  [Kaspersky Lab, 6.0.0.299]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\fsdrvplgn.ppl]  [Kaspersky Lab, 6.0.0.299]
    [C:\WINNT\system32\msadp32.acm]  [Microsoft Corporation, 5.00.2134.1]
    [C:\Program Files\TENCENT\QQ\QQDoctor\TSVulMdw.dat]  [TENCENT, 2007, 12, 18, 3]
    [C:\Program Files\TENCENT\QQ\QQMagicFace.dll]  [TENCENT, 8,0,713,1791]
    [C:\Program Files\TENCENT\QQ\GroupConnection.dll]  [TENCENT, 8,0,713,1791]
    [C:\WINNT\system32\devenum.dll]  [, ]
[PID: 3500][C:\Program Files\TENCENT\QQ\TXPlatform.exe]  [Tencent, 1, 0, 170, 0]
[PID: 3584][C:\Program Files\Maxthon\Maxthon.exe]  [Maxthon International Ltd., 1, 5, 9, 80]
    [C:\Program Files\Maxthon\maxzlib.dll]  [ , 1, 0, 0, 2]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\Maxthon\Services\RealTime\real_time.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
    [C:\WINNT\system32\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\klscav.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\pr_remote.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prloader.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prkernel.ppl]  [Kaspersky Lab, 6.0.0.299]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\params.ppl]  [Kaspersky Lab, 6.0.0.299]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\pxstub.ppl]  [Kaspersky Lab, 6.0.0.299]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\tempfile.ppl]  [Kaspersky Lab, 6.0.0.299]
    [C:\WINNT\system32\WBJJU.IME]  [北京六合源软件技术有限公司, 2, 8, 0, 0]
    [C:\WINNT\system32\WbCodeU.dll]  [, 2, 8, 0, 0]
    [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\nfio.ppl]  [Kaspersky Lab, 6.0.0.299]
    [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\fsdrvplgn.ppl]  [Kaspersky Lab, 6.0.0.299]
    [C:\WINNT\system32\msadp32.acm]  [Microsoft Corporation, 5.00.2134.1]
    [C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll]  [Nero AG, 2, 0, 0, 8]
    [C:\Program Files\Common Files\Ahead\lib\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Common Files\Ahead\lib\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Common Files\Ahead\lib\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
[PID: 3796][D:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe]  [TechSmith Corporation, 7.2.5.0]
    [D:\Program Files\TechSmith\SnagIt 7\LTFIL12n.DLL]  [LEAD Technologies, Inc., 12.1.0.061]
    [D:\Program Files\TechSmith\SnagIt 7\LTKRN12n.dll]  [LEAD Technologies, Inc., 12.1.0.061]
    [D:\Program Files\TechSmith\SnagIt 7\gdiplus.dll]  [Microsoft Corporation, 5.1.3102.1360 (xpsp2.040109-1800)]
    [D:\Program Files\TechSmith\SnagIt 7\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [D:\Program Files\TechSmith\SnagIt 7\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [D:\Program Files\TechSmith\SnagIt 7\SnagItres.dll]  [TechSmith 公司, 7.2.5.0]
    [C:\WINNT\system32\spool\DRIVERS\W32X86\3\UNIDRVUI.DLL]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
    [D:\Program Files\TechSmith\SnagIt 7\LTDIS12n.dll]  [LEAD Technologies, Inc., 12.1.0.061]
    [D:\Program Files\TechSmith\SnagIt 7\LFCMP12N.DLL]  [LEAD Technologies, Inc., 12.1.0.061]
[PID: 3828][D:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe]  [TechSmith Corporation, 1.0.0]
[PID: 876][D:\Program Files\sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [D:\Program Files\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
==================================
文件关联
.TXT  Error. [C:\WINNT\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINNT\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1      localhost
127.0.0.1  yu.8s7.net
127.0.0.1  1.jopanqc.com
127.0.0.1  2.joppnqq.com
127.0.0.1  wg.47255.com
127.0.0.1  1.joppnqq.com
127.0.0.1  xxx.m111.biz
127.0.0.1  1.jopenqc.com
127.0.0.1  1.jopenkk.com
127.0.0.1  xxx.vh7.biz
127.0.0.1  xxx.j41m.com
127.0.0.1  3.joppnqq.com
127.0.0.1  d.93se.com
127.0.0.1  www.868wg.com
127.0.0.1  xxx.mmma.biz
127.0.0.1  ilove.com
127.0.0.1  tp.shpzhan.cn
127.0.0.1  www.tomwg.com
127.0.0.1  www.cike007.cn
127.0.0.1  www.22aaa.com
127.0.0.1  xx.exiao01.com
127.0.0.1  www.exiao01.com
127.0.0.1  www.exiao01.com
127.0.0.1  new.749571.com
127.0.0.1  xtx.kv8.info
127.0.0.1  cao.kv8.info
127.0.0.1  1.jopmmqq.com
127.0.0.1  171817.171817.com
127.0.0.1  d2.llsging.com
127.0.0.1  down.malasc.cn
127.0.0.1  llboss.com
127.0.0.1  nx.51ylb.cn
127.0.0.1  my.531jx.cn
127.0.0.1  qqq.dzydhx.com
127.0.0.1  qqq.hao1658.com
127.0.0.1  www.333292.com
127.0.0.1  down.18dd.net
127.0.0.1  up.22x44.com
127.0.0.1  aaa.faba01.com
127.0.0.1  bad.tqdlt.cn
127.0.0.1  1.chsipo.com
127.0.0.1  c3.aishangai.net
127.0.0.1  c2.aishangai.net
127.0.0.1  xxx.188dm.com
127.0.0.1  x2.1a2b3c1.com
127.0.0.1  d1.163500.net
127.0.0.1  down.google-serv.cn
==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 540, C:\WINNT\SYSTEM32\NVSVC32.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3584, C:\PROGRAM FILES\MAXTHON\MAXTHON.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3796, D:\PROGRAM FILES\TECHSMITH\SNAGIT 7\SNAGIT32.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3828, D:\PROGRAM FILES\TECHSMITH\SNAGIT 7\TSCHELP.EXE]
==================================
API HOOK
RVA  错误： LoadLibraryA (危险等级: 高,  被下面模块所HOOK: \??\C:\WINNT\system32\drivers\klif.sys)
RVA  错误： LoadLibraryExA (危险等级: 高,  被下面模块所HOOK: \??\C:\WINNT\system32\drivers\klif.sys)
RVA  错误： LoadLibraryExW (危险等级: 高,  被下面模块所HOOK: \??\C:\WINNT\system32\drivers\klif.sys)
RVA  错误： LoadLibraryW (危险等级: 高,  被下面模块所HOOK: \??\C:\WINNT\system32\drivers\klif.sys)
RVA  错误： GetProcAddress (危险等级: 高,  被下面模块所HOOK: \??\C:\WINNT\system32\drivers\klif.sys)
==================================
隐藏进程
N/A
==================================[/code]

扫描日志贴完了，请高手们看看。

呵呵，我忘记说了，发帖之前我就删除过这个服务。但重启后又有了。

呵呵，没有注意还可以发TXT格式的，以为只能发图片格式的。谢谢了！

补充一下：[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows 2000 Publisher]
    <Userinit><C:\WINNT\system32\UserInit.exe,,"C:\Program Files\HFEE\SVOHOST.EXE" un userinit.exe>  [N/A]
其中：Userinit这个项目是我安装了高强度加密大师之后产生的，不是病毒。

还有，文件关联中的三个错误，我修复过，但重启之后又是出现这三个文件关联错误，也不知是怎么回事？