XP的图片收藏莫名其妙地不见了？怎么回事？//原来就是百度搜霸的问题，怎样清除这个流氓软

muramasa

这是一个好老的木马程序了
在你的其他重要文件没丢失之前
备份好了格了重装吧

手动删除很麻烦，说了你可能不太容易操作

下载反间谍反木马反病毒软件有效
但我强烈建议你先格之
然后重装新系统
再交叉使用至少两种杀毒软件和反间谍木马的软件

旅行的意义

同情~看来只能重装了~

日界线西

阿。。。又要格式化。。。。晕倒

日界线西

谢谢楼上的回答

at_wfg

用这个工具把扫描结果发上来System Repair Engineer

日界线西

重装了系统，但是这两天又染上同样的这个木马了。。。不知道在什么地方碰到的。有没有比较好的杀这个木马的软件，可以推荐一下吗？

日界线西

用了楼上的推荐的程序，System Repair Engineer。扫描提示，注册表UIHost被修改为非正常值（正常值为logonui.exe），请检查可能存在的病毒。

请问下面我应该怎么办呢？

at_wfg

Post by 日界线西
用了楼上的推荐的程序，System Repair Engineer。扫描提示，注册表UIHost被修改为非正常值（正常值为logonui.exe），请检查可能存在的病毒。

请问下面我应该怎么办呢？

SREng有自动修复功能，先尝试修复。
另外，把扫描结果发上来。

日界线西

以下是全部的扫描报告，会可以看出什么吗？再问

2. 2007-08-26,10:55:45
3. System Repair Engineer 2.5.16.900
4. Smallfrogs ([url=http://www.KZTechs.com]http://www.KZTechs.com[/url])
5. Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
6. 以下内容被选中：
7.     所有的启动项目（包括注册表、启动文件夹、服务等）
8.     浏览器加载项
9.     正在运行的进程（包括进程模块信息）
10.     文件关联
11.     Winsock 提供者
12.     Autorun.inf
13.     HOSTS 文件
14.     进程特权扫描
16. 启动项目
17. 注册表
18. [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
19.     <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
20. [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
21.     <load><>  [N/A]
22. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
23.     <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
24.     <xpconfig><xpconfig.exe>  []
25.     <ieconfig><ieconfig.exe>  []
26.     <BIE><RUNDLL32.EXE C:\PROGRA~1\baidu\iexp\BDSrHook.dll,Rundll32>  []
27.     <SoundMan><SOUNDMAN.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
28.     <IgfxTray><C:\WINDOWS\system32\igfxtray.exe>  [(Verified)Microsoft Windows Publisher]
29.     <HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Microsoft Windows Publisher]
30.     <kav><"D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe">  [Kaspersky Lab]
31.     <QuickTime Task><"D:\Program Files\QuickTime\qttask.exe" -atboottime>  [Apple Computer, Inc.]
32. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
33.     <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
34.     <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
35. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
36.     <AppInit_DLLs><>  [N/A]
37. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
38.     <UIHost><"\Program Files\Logonui\logonui.exe">  [N/A]
39. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
40.     <WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll>  [Kaspersky Lab]
41. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
42.     <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
43. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
44.     <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
45. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
46.     <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
47. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
48.     <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
49. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
50.     <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
51. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
52.     <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
53. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
54.     <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
55. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
56.     <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
57. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
58.     <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [Microsoft Corporation]
59. ==================================
60. 启动文件夹
61. [Adobe Reader Speed Launch]
62.   <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Reader Speed Launch.lnk --> C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [Adobe Systems Incorporated]><N>
63. ==================================
64. 服务
65. [Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
66.   <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
67. [卡巴斯基反病毒软件6.0 / AVP][Running/Auto Start]
68.   <"D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r><Kaspersky Lab>
69. [Human Interface Device Access / HidServ][Stopped/Disabled]
70.   <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
71. [InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
72.   <"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
73. ==================================
74. 驱动程序
75. [a320raid / a320raid][Running/Boot Start]
76.   <\SystemRoot\System32\DRIVERS\a320raid.sys><Adaptec, Inc.>
77. [aar1210 / aar1210][Running/Boot Start]
78.   <\SystemRoot\System32\DRIVERS\aar1210.sys><Adaptec, Inc.>
79. [abp480n5 / abp480n5][Running/Boot Start]
80.   <\SystemRoot\System32\DRIVERS\abp480n5.sys><Microsoft Corporation>
81. [adpu160m / adpu160m][Running/Boot Start]
82.   <\SystemRoot\System32\DRIVERS\adpu160m.sys><Microsoft Corporation>
83. [adpu320 / adpu320][Running/Boot Start]
84.   <\SystemRoot\System32\DRIVERS\adpu320.sys><Adaptec, Inc.>
85. [adsrsvc / adsrsvc][Running/Boot Start]
86.   <\SystemRoot\system32\drivers\adsrsvc.sys><>
87. [ACARD AEC6210UF UltraDMA33 Controller / aec6210][Running/Boot Start]
88.   <\SystemRoot\System32\DRIVERS\aec6210.sys><ACARD Technology Corp.>
89. [ACARD AEC6260 UltraDMA-66 Controller / aec6260][Running/Boot Start]
90.   <\SystemRoot\System32\DRIVERS\aec6260.sys><ACARD Technology Corp.>
91. [aec6280 / aec6280][Running/Boot Start]
92.   <\SystemRoot\System32\DRIVERS\aec6280.sys><ACARD Technology Corp.>
93. [AEC6890 / AEC6890][Running/Boot Start]
94.   <\SystemRoot\System32\DRIVERS\AEC6890.sys><ACARD Technology Corp.>
95. [aec68x5 / aec68x5][Running/Boot Start]
96.   <\SystemRoot\System32\DRIVERS\aec68x5.sys><ACARD Technology Corp.>
97. [aha154x / aha154x][Running/Boot Start]
98.   <\SystemRoot\System32\DRIVERS\aha154x.sys><Microsoft Corporation>
99. [aic78u2 / aic78u2][Running/Boot Start]
100.   <\SystemRoot\System32\DRIVERS\aic78u2.sys><Microsoft Corporation>
101. [aic78xx / aic78xx][Running/Boot Start]
102.   <\SystemRoot\System32\DRIVERS\aic78xx.sys><Microsoft Corporation>
103. [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
104.   <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
105. [AliIde / AliIde][Stopped/Boot Start]
106.   <\SystemRoot\System32\DRIVERS\aliide.sys><N/A>
107. [asc / asc][Running/Boot Start]
108.   <\SystemRoot\System32\DRIVERS\asc.sys><Advanced System Products, Inc.>
109. [asc3550 / asc3550][Running/Boot Start]
110.   <\SystemRoot\System32\DRIVERS\asc3550.sys><Advanced System Products, Inc.>
111. [BdGuard / BdGuard][Running/Boot Start]
112.   <\SystemRoot\system32\drivers\BDGuard.SYS><N/A>
113. [CmdIde / CmdIde][Running/Boot Start]
114.   <\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
115. [dac2w2k / dac2w2k][Running/Boot Start]
116.   <\SystemRoot\System32\DRIVERS\dac2w2k.sys><Mylex Corporation>
117. [dpti2o / dpti2o][Stopped/Boot Start]
118.   <\SystemRoot\System32\DRIVERS\dpti2o.sys><N/A>
119. [Intel(R) PRO Network Connection Driver / E100B][Stopped/Manual Start]
120.   <system32\DRIVERS\e100b325.sys><Intel Corporation>
121. [fasttrak / fasttrak][Running/Boot Start]
122.   <\SystemRoot\System32\DRIVERS\fasttrak.sys><Promise Technology, Inc.>
123. [fasttx2k / fasttx2k][Running/Boot Start]
124.   <\SystemRoot\System32\DRIVERS\fasttx2k.sys><Promise Technology, Inc.>
125. [fasttx2k2 / fasttx2k2][Running/Boot Start]
126.   <\SystemRoot\System32\DRIVERS\fasttx2k2.sys><Promise Technology, Inc.>
127. [Hpt366 / Hpt366][Running/Boot Start]
128.   <\SystemRoot\System32\DRIVERS\Hpt366.sys><Microsoft Corporation>
129. [HPT371 / HPT371][Running/Boot Start]
130.   <\SystemRoot\System32\DRIVERS\HPT371.sys><HighPoint Technologies, Inc.>
131. [hpt374 / hpt374][Running/Boot Start]
132.   <\SystemRoot\System32\DRIVERS\hpt374.sys><HighPoint Technologies, Inc.>
133. [hpt3xx / hpt3xx][Running/Boot Start]
134.   <\SystemRoot\System32\DRIVERS\hpt3xx.sys><HighPoint Technologies, Inc.>
135. [hptmv / hptmv][Running/Boot Start]
136.   <\SystemRoot\System32\DRIVERS\hptmv.sys><HighPoint Technologies, Inc.>
137. [hptpro / hptpro][Stopped/Boot Start]
138.   <\SystemRoot\System32\DRIVERS\hptpro.sys><HighPoint Technologies, Inc.>
139. [ialm / ialm][Running/Manual Start]
140.   <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
141. [Intel Integrated RAID / iaStor][Running/Boot Start]
142.   <\SystemRoot\system32\drivers\iaStor.sys><Intel Corporation>
143. [ini910u / ini910u][Running/Boot Start]
144.   <\SystemRoot\System32\DRIVERS\ini910u.sys><Microsoft Corporation>
145. [ITERAID_Service_Install / iteraid][Running/Boot Start]
146.   <\SystemRoot\System32\DRIVERS\iteraid.sys><Integrated Technology Express, Inc.>
147. [kl1 / kl1][Running/Boot Start]
148.   <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
149. [klif / klif][Running/System Start]
150.   <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
151. [m5228 / m5228][Running/Boot Start]
152.   <\SystemRoot\System32\DRIVERS\m5228.sys><ALi Corporation.>
153. [m5281 / m5281][Running/Boot Start]
154.   <\SystemRoot\system32\drivers\m5281.sys><ALi Corporation>
155. [MegaIDE / MegaIDE][Running/Boot Start]
156.   <\SystemRoot\System32\DRIVERS\MegaIDE.sys><LSI Logic Corporation.>
157. [mraid2k / mraid2k][Running/Boot Start]
158.   <\SystemRoot\System32\DRIVERS\mraid2k.sys><American Megatrends, Inc.>
159. [mraid35x / mraid35x][Running/Boot Start]
160.   <\SystemRoot\System32\DRIVERS\mraid35x.sys><American Megatrends Inc.>
161. [SiI 680 ATA Controller / Pnp680][Running/Boot Start]
162.   <\SystemRoot\System32\DRIVERS\pnp680.sys><Silicon Image, Inc.>
163. [Silicon Image SiI 0680 Medley Raid Controller / Pnp680r][Running/Boot Start]
164.   <\SystemRoot\System32\DRIVERS\pnp680r.sys><Silicon Image, Inc>
165. [Direct Parallel Link Driver / Ptilink][Running/Manual Start]
166.   <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
167. [PxHelp20 / PxHelp20][Running/Boot Start]
168.   <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
169. [ql1080 / ql1080][Running/Boot Start]
170.   <\SystemRoot\System32\DRIVERS\ql1080.sys><QLogic Corporation>
171. [ql10wnt / ql10wnt][Running/Boot Start]
172.   <\SystemRoot\System32\DRIVERS\ql10wnt.sys><Microsoft Corporation>
173. [ql12160 / ql12160][Running/Boot Start]
174.   <\SystemRoot\System32\DRIVERS\ql12160.sys><QLogic Corporation>
175. [ql1280 / ql1280][Running/Boot Start]
176.   <\SystemRoot\System32\DRIVERS\ql1280.sys><QLogic Corporation>
177. [Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver / RTL8023xp][Running/Manual Start]
178.   <system32\DRIVERS\Rtlnicxp.sys><Realtek Semiconductor Corporation>
179. [Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
180.   <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
181. [Secdrv / Secdrv][Stopped/Manual Start]
182.   <system32\DRIVERS\secdrv.sys><N/A>
183. [SiI-3512 SATALink Controller / SI3112][Running/Boot Start]
184.   <\SystemRoot\System32\DRIVERS\SI3112.sys><Silicon Image, Inc.>
185. [Silicon Image SiI 3512 SATARaid Controller / SI3112r][Running/Boot Start]
186.   <\SystemRoot\system32\drivers\SI3112r.sys><Silicon Image, Inc>
187. [SiI-3114 SATALink Controller / SI3114][Running/Boot Start]
188.   <\SystemRoot\System32\DRIVERS\SI3114.sys><Silicon Image, Inc.>
189. [SiI-3114 SATARaid Controller / SI3114r][Running/Boot Start]
190.   <\SystemRoot\System32\DRIVERS\SI3114R.sys><Silicon Image, Inc>
191. [SiI-3124 SATALink Controller / SI3124][Running/Boot Start]
192.   <\SystemRoot\System32\DRIVERS\SI3124.sys><Silicon Image, Inc.>
193. [SiI-3124 SATARaid Controller / SI3124r][Running/Boot Start]
194.   <\SystemRoot\System32\DRIVERS\SI3124R.sys><Silicon Image, Inc>
195. [SATALink driver accelerator / SiFilter][Running/Boot Start]
196.   <\SystemRoot\System32\DRIVERS\SiWinAcc.sys><Silicon Image, Inc.>
197. [SiSRaid / SiSRaid][Running/Boot Start]
198.   <\SystemRoot\System32\DRIVERS\SiSRaid.sys><Silicon Integrated Systems>
199. [SiSRaid1 / SiSRaid1][Running/Boot Start]
200.   <\SystemRoot\System32\DRIVERS\SiSRaid1.sys><Silicon Integrated Systems>
201. [SiSV / SiSV][Stopped/Manual Start]
202.   <system32\DRIVERS\SiSV.sys><Silicon Integrated Systems Corporation>
203. [sparrow / sparrow][Running/Boot Start]
204.   <\SystemRoot\System32\DRIVERS\sparrow.sys><Adaptec, Inc.>
205. [sptd / sptd][Running/Boot Start]
206.   <\SystemRoot\System32\Drivers\sptd.sys><N/A>
207. [sptrak / sptrak][Running/Boot Start]
208.   <\SystemRoot\System32\DRIVERS\sptrak.sys><Promise Technology, Inc.>
209. [symc810 / symc810][Running/Boot Start]
210.   <\SystemRoot\System32\DRIVERS\symc810.sys><Symbios Logic Inc.>
211. [symc8xx / symc8xx][Running/Boot Start]
212.   <\SystemRoot\System32\DRIVERS\symc8xx.sys><LSI Logic>
213. [sym_hi / sym_hi][Running/Boot Start]
214.   <\SystemRoot\System32\DRIVERS\sym_hi.sys><LSI Logic>
215. [sym_u3 / sym_u3][Running/Boot Start]
216.   <\SystemRoot\System32\DRIVERS\sym_u3.sys><LSI Logic>
217. [UlSata / UlSata][Running/Boot Start]
218.   <\SystemRoot\System32\DRIVERS\ulsata.sys><Promise Technology, Inc.>
219. [ultra / ultra][Running/Boot Start]
220.   <\SystemRoot\System32\DRIVERS\ultra.sys><Promise Technology, Inc.>
221. [ViaIde / ViaIde][Running/Boot Start]
222.   <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
223. [viamraid / viamraid][Running/Boot Start]
224.   <\SystemRoot\system32\DRIVERS\viamraid.sys><VIA Technologies inc,.ltd>
225. [VIA ATA/ATAPI Host Controller / viapdsk][Running/Boot Start]
226.   <\SystemRoot\System32\DRIVERS\viapdsk.sys><VIA Technologies, Inc.>
227. [viaraid / viaraid][Running/Boot Start]
228.   <\SystemRoot\System32\DRIVERS\viaraid.sys><VIA Technologies inc,.ltd>
229. [viasraid / viasraid][Running/Boot Start]
230.   <\SystemRoot\system32\drivers\viasraid.sys><VIA Technologies inc,.ltd>
231. [vmscsi / vmscsi][Running/Boot Start]
232.   <\SystemRoot\system32\drivers\vmscsi.sys><VMware, Inc.>
233. ==================================
234. 浏览器加载项
235. [WebThunder Browser Helper]
236.   {00000AAA-A363-466E-BEF5-9BB68697AA7F} <D:\Program Files\Thunder Network\WebThunder\WebThunderBHO_Now.dll, Thunder Networking Technologies,LTD>
237. [BdSearchHook Class]
238.   {02496EBD-8455-48db-B3C7-5DAC97D9F5A7} <C:\PROGRA~1\baidu\iexp\BDSrHook.dll, >
239. [Adobe PDF Reader Link Helper]
240.   {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
241. [BandIE Class]
242.   {77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
243. [Windows Live Sign-in Helper]
244.   {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
245. [Windows Live Toolbar Helper]
246.   {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation>
247. [百度首页]
248.   {02496EBD-8455-48db-B3C7-5DAC97D9F5A7} <[url=http://baidu.com/index.php?tn=wz500_dg]http://baidu.com/index.php?tn=wz500_dg[/url], N/A>
249. [Web反病毒保护]
250.   {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll, Kaspersky Lab>
251. [信息检索(&R)]
252.   {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
253. [启动Web迅雷]
254.   {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <[url=http://my.xunlei.com]http://my.xunlei.com[/url], N/A>
255. [QQ]
256.   {c95fe080-8f5d-11d2-a20b-00aa003c157b} <, N/A>
257. [Messenger]
258.   {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
259. [百度超级搜霸]
260.   {B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
261. [Windows Live Toolbar]
262.   {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation>
263. [Windows Genuine Advantage Validation Tool]
264.   {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation>
265. [WUWebControl Class]
266.   {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
267. [WebThunder Browser Helper]
268.   {00000AAA-A363-466E-BEF5-9BB68697AA7F} <D:\Program Files\Thunder Network\WebThunder\WebThunderBHO_Now.dll, Thunder Networking Technologies,LTD>
269. [BdSearchHook Class]
270.   {02496EBD-8455-48DB-B3C7-5DAC97D9F5A7} <C:\PROGRA~1\baidu\iexp\BDSrHook.dll, >
271. [WebThunder Class]
272.   {03507A1A-E0C5-4404-AA26-205385C0892D} <, N/A>
273. [Adobe PDF Reader Link Helper]
274.   {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
275. [Vod Class]
276.   {2EEDA47E-8D5C-4d7e-B4B6-E16E19218555} <D:\Program Files\Thunder Network\WebThunder\DownAndPlay\DapPlayer1.1.0.46.dll, XunLei>
277. [BandIE Class]
278.   {77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
279. [Windows Live Sign-in Helper]
280.   {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
281. [百度超级搜霸]
282.   {B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
283. [Windows Live Toolbar]
284.   {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation>
285. [Windows Live Toolbar Helper]
286.   {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation>
287. [Shockwave Flash Object]
288.   {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>
289. [&Windows Live Search]
290.   <res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm, N/A>
291. [使用Web迅雷下载]
292.   <D:\Program Files\Thunder Network\WebThunder\GetUrl.htm, N/A>
293. [使用Web迅雷下载全部链接]
294.   <D:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm, N/A>
295. [导出到 Microsoft Office Excel(&X)]
296.   <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
297. [添加到QQ自定义面板]
298.   <, N/A>
299. [添加到QQ表情]
300.   <, N/A>
301. [用QQ彩信发送该图片]
302.   <, N/A>
303. ==================================
304. 正在运行的进程
305. [PID: 588 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
306. [PID: 648 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
307. [PID: 676 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
308.     [C:\WINDOWS\system32\klogon.dll]  [Kaspersky Lab, 6.0.0.299]
309. [PID: 720 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
310. [PID: 732 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
311. [PID: 892 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
312. [PID: 948 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
313. [PID: 1024 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
314. [PID: 1152 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
315. [PID: 1212 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
316. [PID: 1396 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
317.     [C:\WINDOWS\system32\mdimon.dll]  [Microsoft Corporation, 11.3.1897.0]
318.     [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll]  [Microsoft Corporation, 11.3.1897.0]
319. [PID: 1768 / Administrator][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
320.     [C:\PROGRA~1\baidu\iexp\BDSrHook.dll]  [, 1, 0, 0, 45]
321.     [D:\Program Files\Thunder Network\WebThunder\WebThunderBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 2, 10]
322.     [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.9.2006121800]
323.     [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
324.     [C:\PROGRA~1\baidu\bar\baidubar.dll]  [Baidu.com, Inc., 2, 0, 2, 145]
325.     [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
326.     [C:\WINDOWS\system32\igfxpph.dll]  [Intel Corporation, 3.0.0.3865]
327.     [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.3865]
328. [PID: 244 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
329. [PID: 612 / Administrator][C:\WINDOWS\system32\RUNDLL32.EXE]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
330.     [C:\PROGRA~1\baidu\iexp\BDSrHook.dll]  [, 1, 0, 0, 45]
331. [PID: 628 / Administrator][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5.1.0.34]
332.     [C:\PROGRA~1\baidu\iexp\BDSrHook.dll]  [, 1, 0, 0, 45]
333. [PID: 696 / Administrator][C:\WINDOWS\system32\igfxtray.exe]  [Intel Corporation, 3.0.0.3865]
334.     [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.3865]
335.     [C:\PROGRA~1\baidu\iexp\BDSrHook.dll]  [, 1, 0, 0, 45]
336.     [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3.0.0.3865]
337.     [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.3865]
338.     [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.3865]
339.     [C:\WINDOWS\system32\igfxress.dll]  [Intel Corporation, 3.0.0.3865]
340. [PID: 852 / Administrator][C:\WINDOWS\system32\hkcmd.exe]  [Intel Corporation, 3.0.0.3865]
341.     [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.3865]
342.     [C:\PROGRA~1\baidu\iexp\BDSrHook.dll]  [, 1, 0, 0, 45]
343.     [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3.0.0.3865]
344.     [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.3865]
345.     [C:\WINDOWS\system32\igfxhk.dll]  [Intel Corporation, 3.0.0.3865]
346.     [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.3865]
347. [PID: 1116 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
348.     [C:\PROGRA~1\baidu\iexp\BDSrHook.dll]  [, 1, 0, 0, 45]
349. [PID: 1800 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
350. [PID: 2564 / Administrator][C:\Program Files\MSN Messenger\msnmsgr.exe]  [Microsoft Corporation, 8.1.0178.00]
351.     [C:\PROGRA~1\baidu\iexp\BDSrHook.dll]  [, 1, 0, 0, 45]
352.     [C:\WINDOWS\system32\msdmo.dll]  [, ]
353.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
354.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll]  [Kaspersky Lab, 6.0.0.299]
355.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\pr_remote.dll]  [Kaspersky Lab, 6.0.0.299]
356.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll]  [Kaspersky Lab, 6.0.0.299]
357.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl]  [Kaspersky Lab, 6.0.0.299]
358.     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl]  [Kaspersky Lab, 6.0.0.299]
359.     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl]  [Kaspersky Lab, 6.0.0.299]
360.     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl]  [Kaspersky Lab, 6.0.0.299]
361.     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl]  [Kaspersky Lab, 6.0.0.299]
362.     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl]  [Kaspersky Lab, 6.0.0.299]
363. [PID: 3796 / SYSTEM][C:\Program Files\MSN Messenger\usnsvc.exe]  [Microsoft Corporation, 8.1.0178.00]
364. [PID: 2288 / Administrator][D:\Program Files\Maxthon2\Maxthon.exe]  [Maxthon International ltd., 2, 0, 1, 5462]
365.     [D:\Program Files\Maxthon2\mxpp.dll]  [Maxthon, 1, 0, 0, 12]
366.     [D:\Program Files\Maxthon2\MxSk.dll]  [Maxthon, 1, 0, 0, 100]
367.     [D:\Program Files\Maxthon2\MxProxy2.dll]  [, 1, 0, 0, 2233]
368.     [D:\Program Files\Maxthon2\MxFav.dll]  [Maxthon, 1, 0, 0, 9]
369.     [D:\Program Files\Maxthon2\maxzlib.dll]  [, 1.2.3]
370.     [D:\Program Files\Maxthon2\mxtool.dll]  [, 1, 0, 0, 1]
371.     [D:\Program Files\Maxthon2\mxfeedU.dll]  [, 1, 0, 45, 45]
372.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
373.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll]  [Kaspersky Lab, 6.0.0.299]
374.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\pr_remote.dll]  [Kaspersky Lab, 6.0.0.299]
375.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll]  [Kaspersky Lab, 6.0.0.299]
376.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl]  [Kaspersky Lab, 6.0.0.299]
377.     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl]  [Kaspersky Lab, 6.0.0.299]
378.     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl]  [Kaspersky Lab, 6.0.0.299]
379.     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl]  [Kaspersky Lab, 6.0.0.299]
380.     [C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx]  [Adobe Systems, Inc., 9,0,47,0]
381.     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl]  [Kaspersky Lab, 6.0.0.299]
382.     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl]  [Kaspersky Lab, 6.0.0.299]
383.     [C:\PROGRA~1\baidu\iexp\BDSrHook.dll]  [, 1, 0, 0, 45]
384. [PID: 1908 / Administrator][D:\Program Files\Thunder Network\WebThunder\WebThunder.exe]  [深圳市迅雷网络技术有限公司, 1, 9, 3, 150]
385.     [D:\Program Files\Thunder Network\WebThunder\RegisterDll.dll]  [Thunder Networking Technologies,LTD, 2, 13, 4, 58]
386.     [D:\Program Files\Thunder Network\WebThunder\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
387.     [C:\PROGRA~1\baidu\iexp\BDSrHook.dll]  [, 1, 0, 0, 45]
388.     [D:\Program Files\Thunder Network\WebThunder\TaskManager.dll]  [Thunder Networking Technologies,LTD, 1, 1, 2, 26]
389.     [D:\Program Files\Thunder Network\WebThunder\download_interface.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 46]
390.     [D:\Program Files\Thunder Network\WebThunder\stlport_vc646.dll]  [STLport Consulting, Inc., 4.6.2003.1031]
391.     [D:\Program Files\Thunder Network\WebThunder\asyn_dns.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 46]
392.     [D:\Program Files\Thunder Network\WebThunder\Inmedia\iEmbedShell.dll]  [　, 1, 0, 0, 19]
393.     [D:\Program Files\Thunder Network\WebThunder\InMedia\iEmbed10.dll]  [　, 3, 3, 1, 83]
394.     [D:\Program Files\Thunder Network\WebThunder\DownAndPlay\WebDownAndPlay.dll]  [xl, 1, 0, 0, 18]
395.     [D:\Program Files\Thunder Network\WebThunder\CacheServer.dll]  [, 1, 0, 0, 1]
396.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
397.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll]  [Kaspersky Lab, 6.0.0.299]
398.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\pr_remote.dll]  [Kaspersky Lab, 6.0.0.299]
399.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll]  [Kaspersky Lab, 6.0.0.299]
400.     [D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl]  [Kaspersky Lab, 6.0.0.299]
401.     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl]  [Kaspersky Lab, 6.0.0.299]
402.     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl]  [Kaspersky Lab, 6.0.0.299]
403.     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl]  [Kaspersky Lab, 6.0.0.299]
404.     [C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx]  [Adobe Systems, Inc., 9,0,47,0]
405.     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl]  [Kaspersky Lab, 6.0.0.299]
406.     [d:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl]  [Kaspersky Lab, 6.0.0.299]
407. [PID: 460 / Administrator][C:\TDdownload\sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
408.     [C:\PROGRA~1\baidu\iexp\BDSrHook.dll]  [, 1, 0, 0, 45]
409.     [C:\TDdownload\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
410. ==================================
411. 文件关联
412. .TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
413. .EXE  OK. ["%1" %*]
414. .COM  OK. ["%1" %*]
415. .PIF  OK. ["%1" %*]
416. .REG  OK. [regedit.exe "%1"]
417. .BAT  OK. ["%1" %*]
418. .SCR  OK. ["%1" /S]
419. .CHM  OK. ["C:\WINDOWS\hh.exe" %1]
420. .HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
421. .INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
422. .INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
423. .VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
424. .JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
425. .LNK  OK. [{00021401-0000-0000-C000-000000000046}]
426. ==================================
427. Winsock 提供者
428. N/A
429. ==================================
430. Autorun.inf
431. N/A
432. ==================================
433. HOSTS 文件
434. 127.0.0.1       localhost
435. ==================================
436. 进程特权扫描
437. 特殊特权被允许： SeLoadDriverPrivilege [PID = 2288, D:\PROGRAM FILES\MAXTHON2\MAXTHON.EXE]
438. ==================================
439. API HOOK
440. RVA  错误： LoadLibraryA (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
441. RVA  错误： LoadLibraryExA (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
442. RVA  错误： LoadLibraryExW (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
443. RVA  错误： LoadLibraryW (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
444. RVA  错误： GetProcAddress (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
445. ==================================
446. 隐藏进程
447. N/A
448. ==================================

复制代码

at_wfg

<BIE><RUNDLL32.EXE C:\PROGRA~1\baidu\iexp\BDSrHook.dll,Rundll32>
你装了百度搜霸？木马是这个引起的。该软件为流氓软件，可以使用360safe之类的流氓软件清除工具清除（不过该流氓软件比较顽固，可尝试多种工具清除，如果超级兔子和我网盘里的RogueDead等）。
另外，清除前，请用SREng去掉百度的启动项，重启后再清除。
好了，出去一下，回来看你的好消息。

日界线西

已经清除了，谢谢楼上的指点。现在卡巴司机不报错了。不过奇怪的是，为什么启动里面还是有BIE呢？而且百度搜霸还是没有卸载。。真是难卸载阿

at_wfg

虽然是很老的流氓软件，不过其顽固性不下3721，清除步骤如下：

这个百度IE插件用正常的卸载方法根本不能完全卸载，下面给大家介绍完全卸载这个
插件的详细方法。
由于这个百度IE插件是使用Rundll32.exe调用连接库的，系统无法终止Rundll32.exe进
程，所以我们必须先重新启动计算机，按 F8 进入安全模式（F8 只能按一次）之后，
单击 开始 -> 运行 regedit打开注册表，进入：
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
删除键：BIE 其键值为：Rundll32 C:\WINNT\DOWNLO~1\BDPlugin.dll,Rundll32（如果
是win98，这里的 C:\WINNT\DOWNLO~1\ 为 C:\WINDOWS\DOWNLO~1\）
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet
Explorer\AdvancedOptions\ACCESSIBILITY
删除键：BDSEARCH，此键在 Internet 选项 -> 高级 中加入了百度IE搜索伴侣的选
项。
HKEY_CLASSES_ROOT
删除键：BDHlprObj.BDHlprObj
删除键：BDHlprObj.BDHlprObj.1
删除键：BDHook.BDSrchHook
删除键：BDHook.BDSrchHook.1
删除键：BDHook.URLBDHook
删除键：BDHook.URLBDHook.1
删除键：BDPlugins.Interceptor
删除键：BDPlugins.Interceptor.1
HKEY_CLASSES_ROOT\CLSID
删除键：{BC207F7D-3E63-4ACA-99B5-FB5F8428200C}
删除键：{CA92B524-BC8A-4610-BD2C-6BD3E28155D0}
HKEY_CLASSES_ROOT\TypeLib
删除键：{CE7C3CE2-4B15-11D1-ABED-709549C10000}
HKEY_LOCAL_MACHINE\Software\CLASSES\CLSID
删除键：{BC207F7D-3E63-4ACA-99B5-FB5F8428200C}
删除键：{CA92B524-BC8A-4610-BD2C-6BD3E28155D0}
HKEY_LOCAL_MACHINE\Software\CLASSES\TypeLib
删除键：{CE7C3CE2-4B15-11D1-ABED-709549C10000}
HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units
删除键：{BC207F7D-3E63-4ACA-99B5-FB5F8428200C}
删除键：{CA92B524-BC8A-4610-BD2C-6BD3E28155D0}
删除完注册表中的项之后，还需要删除存储在硬盘中IE搜索伴侣的文件。
删除如下文件：C:\WINNT\DOWNLO~1 目录下（98下为 C:\WINDOWS\DOWNLO~1\ 下同）
BDEX.DLL 24576 12-25-02 11：43
BDPLUGIN.DLL 49152 12-25-02 11：44
BDSRHOOK.DLL 32768 12-25-02 11：45
BDHELPER.DLL 36864 12-25-02 11：52
BDSEARCH.INF 1507 12-28-02 9：48
以上文件全部删除，这样百度IE插件就基本上从你的计算机中全部清除了。最后，重新
启动计算机，进入正常模式就不再有百度插件的侵害了。

另外，可以去下载RogueDead工具，用来免疫流氓软件或添加hosts屏蔽。
点击下载
介绍如下：http://bbs.revefrance.com/viewthread.php?tid=116471