瑞星卡卡安全论坛

这是个什么病毒啊？ 现在还没有办法解决吗？？ 有多少人中了这个了？
我的瑞星起不来了，不能进安全模式， 不能显示隐藏文件。。
怎么办啊？？
[CODE]

2007-05-30,08:10:13

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <MsnMsgr><; "C:\Program Files\MSN Messenger\msnmsgr.exe" /background>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <kocmbcd><C:\WINDOWS\system32\iywdqdf.exe>  []
    <hhsonxn><C:\WINDOWS\system32\dmecvcm.exe>  []
    <NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <cmdbcs><C:\WINDOWS\cmdbcs.exe>  []
    <mppds><; C:\WINDOWS\mppds.exe>  []
    <upxdnd><; C:\WINDOWS\upxdnd.exe>  []
    <MsIMMs32><; C:\WINDOWS\MsIMMs32.exe>  []
    <runeip><; >  [N/A]
    <RavTask><; >  [N/A]
    <Alcmtr><; ALCMTR.EXE>  [Realtek Semiconductor Corp.]
    <AlcWzrd><; ALCWZRD.EXE>  [RealTek Semicoductor Corp.]
    <CdnCtr><; C:\Program Files\CNNIC\Cdn\cdnup.exe>  [N/A]
    <DAEMON Tools-1033><; "E:\D-Tools\daemon.exe"  -lang 1033>  [DAEMON'S HOME]
    <iResearchiClick><; "E:\iClick\iResearchiClick.exe" -d 150>  [iResearch]
    <NvMediaCenter><; RunDLL32.exe NvMCTray.dll,NvTaskbarInit>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <nwiz><; nwiz.exe /install>  []
    <RTHDCPL><; RTHDCPL.EXE>  [Realtek Semiconductor Corp.]
    <SoundMan><; SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]
    <switch><; c:\windows\system32\壁纸自动换.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{91B1E846-2BEF-4345-8848-7699C7C9935F}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysWFGQQ2.dll>  []

==================================
启动文件夹
[腾讯QQ]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\腾讯QQ.lnk --> E:\Tencent\QQ\QQ.exe [TENCENT]><N>


附件: 880327200753083249.jpg

==================================
服务
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Machine Debug Manager / MDM][Running/Auto Start]
  <"C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"><Microsoft Corporation>
[Microsoft Search / MSSEARCH][Running/Auto Start]
  <"C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe"><Microsoft Corporation>
[MSSQLSERVER / MSSQLSERVER][Stopped/Manual Start]
  <e:\MICROS~1\MSSQL\binn\sqlservr.exe><Microsoft Corporation>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Rising Process Communication Center / RsCCenter][Stopped/Disabled]
  <"e:\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Disabled]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><N/A>
[SQLSERVERAGENT / SQLSERVERAGENT][Stopped/Manual Start]
  <e:\MICROS~1\MSSQL\binn\sqlagent.exe><Microsoft Corporation>

==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[AliIde / AliIde][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD K8 Processor Driver / AmdK8][Stopped/Manual Start]
  <System32\DRIVERS\amdk8.sys><Advanced Micro Devices>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[BIOS / BIOS][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\BIOS.sys><BIOSTAR Group>
[cdnprot / cdnprot][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\cdnprot.sys><N/A>
[CmdIde / CmdIde][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\E:\RISING\RAV\ExpScan.sys><>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
  <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HookCont / HookCont][Running/Auto Start]
  <\??\E:\RISING\RAV\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\E:\RISING\RAV\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\E:\RISING\RAV\HookSys.sys><Rising>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Stopped/Manual Start]
  <system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\E:\RISING\RAV\MEMSCAN.sys><瑞星软件有限公司>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\E:\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[npkycryp / npkycryp][Stopped/Manual Start]
  <\??\E:\Tencent\QQ\npkycryp.sys><N/A>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[NVIDIA nForce Networking Controller Driver / NVENETFD][Running/Manual Start]
  <system32\DRIVERS\NVENETFD.sys><NVIDIA Corporation>
[NVIDIA Network Bus Enumerator / nvnetbus][Running/Manual Start]
  <system32\DRIVERS\nvnetbus.sys><NVIDIA Corporation>
[pnpshark / pnpshark][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\pnpshark.sys><>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Disabled]
  <\??\E:\RISING\RAV\RSPPSYS.sys><Rising>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[st3shark / st3shark][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\st3shark.sys><>

==================================
浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <E:\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[IeHelper Class]
  {0D42E1BD-09DD-4873-A826-9C7E793EB7B6} <e:\Thunder\Components\ResWorker\DSIeHelper.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
  {5C3853CE-C7E0-4946-B3FA-1ABDB6F48108} <E:\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, N/A>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <e:\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[名品折扣]
  {59BC54A2-56B3-44a0-93E5-432D58746E26} <http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=http://www.taobao.com/vertical/mall/pro.php?allyesPara=816, N/A>
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, N/A>
[雅虎WIDGET]
  {6354ABE6-05F1-49ed-B850-E423120EC338} <http://cn.widget.yahoo.com/index.htm?source=Cns, N/A>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <e:\Tencent\QQ\QQ.EXE, TENCENT>
[情景聊天]
  {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg, N/A>
[MeadCo ScriptX]
  {1663ed61-23eb-11d2-b92f-008048fdd814} <C:\WINDOWS\system32\MCScripX.dll, Mead & Co Limited>
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, >
[Rising Web Scan Object]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <E:\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[IeHelper Class]
  {0D42E1BD-09DD-4873-A826-9C7E793EB7B6} <e:\Thunder\Components\ResWorker\DSIeHelper.dll, Thunder Networking Technologies,LTD>
[MeadCo ScriptX]
  {1663ED61-23EB-11D2-B92F-008048FDD814} <C:\WINDOWS\system32\MCScripX.dll, Mead & Co Limited>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[HtmlDlgSafeHelper Class]
  {3050F819-98B5-11CF-BB82-00AA00BDCE0B} <C:\WINDOWS\system32\mshtmled.dll, Microsoft Corporation>
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, >
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Thunder Browser Helper]
  {5C3853CE-C7E0-4946-B3FA-1ABDB6F48108} <E:\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, N/A>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[WMIObjectBroker Class]
  {7F5B7F63-F06F-4331-8A26-339E03C0AE3D} <C:\Program Files\Common Files\Microsoft Shared\WMI\wmiscriptutils.dll, Microsoft Corporation>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <E:\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Tencent Safety Online Base Module]
  {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <C:\WINDOWS\system32\TSOBase\TSOBase.ocx, Tencent Corporation>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[Rising Web Scan Object]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[上传到QQ网络硬盘]
  <E:\Tencent\QQ\AddToNetDisk.htm, N/A>
[使用迅雷下载]
  <E:\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <E:\Thunder\Program\getallurl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
  <E:\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <E:\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <E:\Tencent\QQ\SendMMS.htm, N/A>
[访问通用网址]
  <C:\Program Files\CNNIC\Cdn\cnnic.htm, N/A>

==================================
正在运行的进程
[PID: 596][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 668][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 692][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 736][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 748][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 896][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 960][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1092][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1144][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1276][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1420][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\vprproc.dll]  [Windows (R) 2000 DDK provider, 5.00.2195.1620]
[PID: 1588][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\nvcpl.dll]  [NVIDIA Corporation, 6.14.10.9148]
    [C:\WINDOWS\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.9148]
    [C:\WINDOWS\system32\nvapi.dll]  [N/A, ]
    [C:\WINDOWS\system32\nvshell.dll]  [, ]
    [e:\Thunder\Components\ResWorker\DSIeHelper.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
    [e:\Thunder\Components\ResWorker\DataProcessor.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 1]
    [E:\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 2, 17]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysWFGQQ2.dll]  [N/A, ]
[PID: 1668][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysWFGQQ2.dll]  [N/A, ]
[PID: 2364][C:\WINDOWS\system32\iywdqdf.exe]  [N/A, ]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysWFGQQ2.dll]  [N/A, ]
[PID: 2392][C:\WINDOWS\system32\dmecvcm.exe]  [N/A, ]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysWFGQQ2.dll]  [N/A, ]
[PID: 2452][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [E:\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.0.4]
    [e:\Thunder\Components\ResWorker\DSIeHelper.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
    [e:\Thunder\Components\ResWorker\DataProcessor.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 1]
    [E:\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 2, 17]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [e:\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sohu.com Inc., 2, 0, 0, 1]
    [C:\WINDOWS\system32\dllMergeDict.dll]  [N/A, ]
    [e:\SogouInput\Plugin\SgImeWord.dll]  [, 1, 0, 0, 31]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysWFGQQ2.dll]  [N/A, ]
[PID: 2540][C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2572][C:\WINDOWS\system32\NOTEPAD.EXE]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2964][F:\12331.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysWFGQQ2.dll]  [N/A, ]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
[D:\]
[AutoRun]
open=kocmbcd.exe
shell\open=打开(&O)
shell\open\Command=kocmbcd.exe
shell\open\Default=1
shell\explore=资源管理器(&X)
shell\explore\Command=kocmbcd.exe
[E:\]
[AutoRun]
open=kocmbcd.exe
shell\open=打开(&O)
shell\open\Command=kocmbcd.exe
shell\open\Default=1
shell\explore=资源管理器(&X)
shell\explore\Command=kocmbcd.exe
[F:\]
[AutoRun]
open=kocmbcd.exe
shell\open=打开(&O)
shell\open\Command=kocmbcd.exe
shell\open\Default=1
shell\explore=资源管理器(&X)
shell\explore\Command=kocmbcd.exe

==================================
HOSTS 文件
127.0.0.1      localhost
0.0.0.0 182838.com
0.0.0.0 204.177.92.68
0.0.0.0 asiafriendfinder.com
0.0.0.0 asqin123.51.net
0.0.0.0 babe520.5188.org
0.0.0.0 music.feifa.com
0.0.0.0 music.v111.com
0.0.0.0 www.jpbeauty.com
0.0.0.0 beautishow.com
0.0.0.0 goodmovies88.com
0.0.0.0 hothack.home.chinaren.com
0.0.0.0 hualiao.net
0.0.0.0 iplus.allyes.com
0.0.0.0 jjkafei.longcity.net
0.0.0.0 kaomm.8m.cn
0.0.0.0 l3iaoliao.com
0.0.0.0 lingaonbvm.myrice.com
0.0.0.0 lovejava.boy.net.cn
0.0.0.0 love7liao.com
0.0.0.0 asqin123.51.net
0.0.0.0 babe520.5188.org
0.0.0.0 music.feifa.com
0.0.0.0 jjkafei.longcity.net
0.0.0.0 kaomm.8m.cn
0.0.0.0 l3iaoliao.com
0.0.0.0 l3iaoliao.com
0.0.0.0 lingaonbvm.myrice.com
0.0.0.0 lovejava.boy.net.cn
0.0.0.0 love7liao.com
0.0.0.0 babe520.5188.org
0.0.0.0 music.feifa.com
0.0.0.0 music.v111.com
0.0.0.0 babe520.5188.org
0.0.0.0 music.feifa.com
0.0.0.0 jjkafei.longcity.net
0.0.0.0 kaomm.8m.cn
0.0.0.0 l3iaoliao.com
0.0.0.0 l3iaoliao.com
0.0.0.0 lingaonbvm.myrice.com
0.0.0.0 lovejava.boy.net.cn
0.0.0.0 love7liao.com
0.0.0.0 babe520.5188.org
0.0.0.0 music.feifa.com
0.0.0.0 music.v111.com
219.153.32.215 auto.search.msn.com

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

和我的机器症状很相似啊

该用户帖子内容已被屏蔽

该用户帖子内容已被屏蔽

Sreng删除以下注册表值
<kocmbcd><C:\WINDOWS\system32\iywdqdf.exe> []
<hhsonxn><C:\WINDOWS\system32\dmecvcm.exe> []
<cmdbcs><C:\WINDOWS\cmdbcs.exe> []
<mppds><; C:\WINDOWS\mppds.exe> []
<upxdnd><; C:\WINDOWS\upxdnd.exe> []
<MsIMMs32><; C:\WINDOWS\MsIMMs32.exe> []
<{91B1E846-2BEF-4345-8848-7699C7C9935F}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\SysWFGQQ2.dll> []


重置HOSTS 文件

如果可以的话,请用autoruns选中镜象劫持抓张图上来。

这三步不会啊。。。。:(

完蛋了  又出现这种情况~~~

附件: 880327200753090238.jpg

该用户帖子内容已被屏蔽

该用户帖子内容已被屏蔽

该用户帖子内容已被屏蔽

太多了~~~~

附件: 880327200753093148.jpg

都是被iywdqdf感染了吧？？？ 而且还不能删除它， 用IceSword 删除它 还是马上就有了~~

附件: 880327200753093334.jpg

该用户帖子内容已被屏蔽

非常感谢 Jokkkka的帮助， 这个病毒好像是杀了，可是机器中还有别的病毒呢。。还是无法安装瑞星。。。提示说：瑞星通用库(RSCENTER) 错误。


还有时不时要把AoutRuns里的“镜像劫持” 里面的文件都删除啊？？

附件: 8803272007530101454.jpg

该用户帖子内容已被屏蔽

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <msnmsgr><; "C:\Program Files\MSN Messenger\msnmsgr.exe" /background>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <MSConfig><C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto>  [(Verified)Microsoft Windows Publisher]
    <runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
    <Alcmtr><; ALCMTR.EXE>  [Realtek Semiconductor Corp.]
    <AlcWzrd><; ALCWZRD.EXE>  [RealTek Semicoductor Corp.]
    <CdnCtr><; C:\Program Files\CNNIC\Cdn\cdnup.exe>  [N/A]
    <DAEMON Tools-1033><; "E:\D-Tools\daemon.exe"  -lang 1033>  [DAEMON'S HOME]
    <iResearchiClick><; "E:\iClick\iResearchiClick.exe" -d 150>  [iResearch]
    <Kvsc3><; C:\WINDOWS\Kvsc3.exe>  []
    <NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <NvMediaCenter><; RunDLL32.exe NvMCTray.dll,NvTaskbarInit>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <nwiz><; nwiz.exe /install>  []
    <RTHDCPL><; RTHDCPL.EXE>  [Realtek Semiconductor Corp.]
    <SoundMan><; SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]
    <switch><; c:\windows\system32\壁纸自动换.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]

服务
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Machine Debug Manager / MDM][Running/Auto Start]
  <"C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"><Microsoft Corporation>
[Microsoft Search / MSSEARCH][Running/Auto Start]
  <"C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe"><Microsoft Corporation>
[MSSQLSERVER / MSSQLSERVER][Stopped/Manual Start]
  <e:\MICROS~1\MSSQL\binn\sqlservr.exe><Microsoft Corporation>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Rising Process Communication Center / RsCCenter][Stopped/Auto Start]
  <"e:\Rising\Rav\CCenter.exe"><N/A>
[SQLSERVERAGENT / SQLSERVERAGENT][Stopped/Manual Start]
  <e:\MICROS~1\MSSQL\binn\sqlagent.exe><Microsoft Corporation>

==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[AliIde / AliIde][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD K8 Processor Driver / AmdK8][Stopped/Manual Start]
  <System32\DRIVERS\amdk8.sys><Advanced Micro Devices>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><N/A>
[BIOS / BIOS][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\BIOS.sys><BIOSTAR Group>
[cdnprot / cdnprot][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\cdnprot.sys><N/A>
[CmdIde / CmdIde][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[ExpScaner / ExpScaner][Stopped/Auto Start]
  <\??\E:\RISING\RAV\ExpScan.sys><N/A>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
  <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HookCont / HookCont][Stopped/Auto Start]
  <\??\E:\RISING\RAV\HOOKCONT.sys><N/A>
[HookReg / HookReg][Stopped/Auto Start]
  <\??\E:\RISING\RAV\HookReg.sys><N/A>
[HookSys / HookSys][Stopped/Auto Start]
  <\??\E:\RISING\RAV\HookSys.sys><N/A>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Stopped/Manual Start]
  <system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[MEMSCAN / MEMSCAN][Stopped/Auto Start]
  <\??\E:\RISING\RAV\MEMSCAN.sys><N/A>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\E:\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[npkycryp / npkycryp][Stopped/Manual Start]
  <\??\E:\Tencent\QQ\npkycryp.sys><N/A>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[NVIDIA nForce Networking Controller Driver / NVENETFD][Running/Manual Start]
  <system32\DRIVERS\NVENETFD.sys><NVIDIA Corporation>
[NVIDIA Network Bus Enumerator / nvnetbus][Running/Manual Start]
  <system32\DRIVERS\nvnetbus.sys><NVIDIA Corporation>
[pnpshark / pnpshark][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\pnpshark.sys><>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RSPPSYS / RSPPSYS][Stopped/Auto Start]
  <\??\E:\RISING\RAV\RSPPSYS.sys><N/A>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[st3shark / st3shark][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\st3shark.sys><>
[RsAntiSpyware / RsAntiSpyware][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>

浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <E:\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[IeHelper Class]
  {0D42E1BD-09DD-4873-A826-9C7E793EB7B6} <e:\Thunder\Components\ResWorker\DSIeHelper.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
  {5C3853CE-C7E0-4946-B3FA-1ABDB6F48108} <E:\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, N/A>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <e:\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[名品折扣]
  {59BC54A2-56B3-44a0-93E5-432D58746E26} <http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=http://www.taobao.com/vertical/mall/pro.php?allyesPara=816, N/A>
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, N/A>
[雅虎WIDGET]
  {6354ABE6-05F1-49ed-B850-E423120EC338} <http://cn.widget.yahoo.com/index.htm?source=Cns, N/A>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <e:\Tencent\QQ\QQ.EXE, TENCENT>
[情景聊天]
  {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg, N/A>
[MeadCo ScriptX]
  {1663ed61-23eb-11d2-b92f-008048fdd814} <C:\WINDOWS\system32\MCScripX.dll, Mead & Co Limited>
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, >
[Rising Web Scan Object]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <E:\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[IeHelper Class]
  {0D42E1BD-09DD-4873-A826-9C7E793EB7B6} <e:\Thunder\Components\ResWorker\DSIeHelper.dll, Thunder Networking Technologies,LTD>
[MeadCo ScriptX]
  {1663ED61-23EB-11D2-B92F-008048FDD814} <C:\WINDOWS\system32\MCScripX.dll, Mead & Co Limited>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[HtmlDlgSafeHelper Class]
  {3050F819-98B5-11CF-BB82-00AA00BDCE0B} <C:\WINDOWS\system32\mshtmled.dll, Microsoft Corporation>
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, >
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Thunder Browser Helper]
  {5C3853CE-C7E0-4946-B3FA-1ABDB6F48108} <E:\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, N/A>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[WMIObjectBroker Class]
  {7F5B7F63-F06F-4331-8A26-339E03C0AE3D} <C:\Program Files\Common Files\Microsoft Shared\WMI\wmiscriptutils.dll, Microsoft Corporation>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <E:\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Tencent Safety Online Base Module]
  {C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <C:\WINDOWS\system32\TSOBase\TSOBase.ocx, Tencent Corporation>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[Rising Web Scan Object]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[上传到QQ网络硬盘]
  <E:\Tencent\QQ\AddToNetDisk.htm, N/A>
[使用迅雷下载]
  <E:\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <E:\Thunder\Program\getallurl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
  <E:\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <E:\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <E:\Tencent\QQ\SendMMS.htm, N/A>
[访问通用网址]
  <C:\Program Files\CNNIC\Cdn\cnnic.htm, N/A>

=================================
正在运行的进程
[PID: 596][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 656][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 680][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 732][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 744][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 896][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 956][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1044][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1124][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1596][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\nvcpl.dll]  [NVIDIA Corporation, 6.14.10.9148]
    [C:\WINDOWS\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.9148]
    [C:\WINDOWS\system32\nvapi.dll]  [N/A, ]
    [C:\WINDOWS\system32\nvshell.dll]  [, ]
    [e:\Thunder\Components\ResWorker\DSIeHelper.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
    [e:\Thunder\Components\ResWorker\DataProcessor.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 1]
    [C:\WINDOWS\system32\dfshim.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\system32\mscoree.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [E:\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 2, 17]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1108][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1180][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 864][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [E:\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.0.4]
    [e:\Thunder\Components\ResWorker\DSIeHelper.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
    [e:\Thunder\Components\ResWorker\DataProcessor.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 1]
    [E:\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 2, 17]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2836][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [E:\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.0.4]
    [e:\Thunder\Components\ResWorker\DSIeHelper.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
    [e:\Thunder\Components\ResWorker\DataProcessor.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 1]
    [E:\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 2, 17]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
[PID: 3376][F:\12331.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]

==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

=================================
正在运行的进程
[PID: 596][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 656][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 680][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 732][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 744][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 896][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 956][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1044][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1124][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1596][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\nvcpl.dll]  [NVIDIA Corporation, 6.14.10.9148]
    [C:\WINDOWS\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.9148]
    [C:\WINDOWS\system32\nvapi.dll]  [N/A, ]
    [C:\WINDOWS\system32\nvshell.dll]  [, ]
    [e:\Thunder\Components\ResWorker\DSIeHelper.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
    [e:\Thunder\Components\ResWorker\DataProcessor.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 1]
    [C:\WINDOWS\system32\dfshim.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\system32\mscoree.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [E:\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 2, 17]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1108][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1180][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 864][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [E:\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.0.4]
    [e:\Thunder\Components\ResWorker\DSIeHelper.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
    [e:\Thunder\Components\ResWorker\DataProcessor.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 1]
    [E:\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 2, 17]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2836][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [E:\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.0.4]
    [e:\Thunder\Components\ResWorker\DSIeHelper.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
    [e:\Thunder\Components\ResWorker\DataProcessor.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 1]
    [E:\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 2, 17]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
[PID: 3376][F:\12331.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]

==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

就是瑞星无法使用 出现：“瑞星通用库(RSCENTER) 错误”

安装后不能使用。。。

彻底卸载瑞星，去下载最新版本的安装包安装，你原机里的瑞星都不要了。

再试试。

引用:

【悠悠十夜的贴子】就是瑞星无法使用 出现：“瑞星通用库(RSCENTER) 错误” 安装后不能使用。。。 ………………

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Kvsc3><; C:\WINDOWS\Kvsc3.exe> []

你的病毒没杀净

杀完了。。。。

进不去安全模式，进去蓝屏。。。。

我也中了此病毒，不过我用以下办法杀掉了，楼主可以看看。

先准备以下工具：
1、System Repair Engineer，简称 SREng，一款计算机安全辅助和系统维护辅助软件。主要用于发现、发掘潜在的系统故障和大多数由于计算机病毒造成的破坏，并提供一系列的修改建议和自动修复方法。
下载地址：http://download.kztechs.com/files/sreng2.zip
2、超级兔子清理王，最好用绿色版，因为该病毒可能会导致注册版不能使用。
绿色版下载地址：http://wznetcom.onlinedown.net/down/winspeed798.zip

下载完后拔掉网线，或者关闭猫。

将下面内容复制到记事本，另存为，选择保存类型为所有文件，输入文件名"杀iywdqdf和dmecvcm病毒.bat"，记得要加.bat。

taskkill /f /IM kocmbcd.exe
taskkill /f /IM iywdqdf.exe
taskkill /f /IM dmecvcm.exe

del /F/A:s a h r c:\autorun.inf
del /F/A:s a h r c:\kocmbcd.exe
del /F/A:s a h r d:\autorun.inf
del /F/A:s a h r d:\kocmbcd.exe
del /F/A:s a h r e:\autorun.inf
del /F/A:s a h r e:\kocmbcd.exe
del /F/A:s a h r f:\autorun.inf
del /F/A:s a h r f:\kocmbcd.exe
del /F/A:s a h r g:\autorun.inf
del /F/A:s a h r g:\kocmbcd.exe
del /F/A:s a h r h:\autorun.inf
del /F/A:s a h r h:\kocmbcd.exe
del /F/A:s a h r i:\autorun.inf
del /F/A:s a h r i:\kocmbcd.exe
del /F/A:s a h r j:\autorun.inf
del /F/A:s a h r j:\kocmbcd.exe
del /F/A:s a h r k:\autorun.inf
del /F/A:s a h r k:\kocmbcd.exe
del /F/A:s a h r l:\autorun.inf
del /F/A:s a h r l:\kocmbcd.exe
del /F/A:s a h r m:\autorun.inf
del /F/A:s a h r m:\kocmbcd.exe
del /F/A:s a h r n:\autorun.inf
del /F/A:s a h r n:\kocmbcd.exe
del /F/A:s a h r o:\autorun.inf
del /F/A:s a h r o:\kocmbcd.exe

del /F/A:s a h r c:\windows\system32\kocmbcd.exe
del /F/A:s a h r c:\windows\system32\iywdqdf.exe
del /F/A:s a h r c:\windows\system32\dmecvcm.exe
del /F/A:s a h r c:\windows\system32\systemdate.ini
del /F/A:s a h r d:\systemdate.ini
del /F/A:s a h r d:\systemfile.com

regedit 杀iywdqdf和dmecvcm病毒.reg
pause

保存好后双击运行，这时你打开任务管理器，你会发现iywdqdf和dmecvcm进程不见了，打开winrar，转到各个盘的根目录，你会发现kocmbcd.exe和autorun.inf文件被删除了，再转到c:\windows\system32\目录下，你会发现iywdqdf.exe和dmecvcm.exe文件被删除了，这时再双击一个盘符打开会提示选择程序，这没关系，这是正常的，表明病毒文件被删除了，这时你再运行杀毒软件，系统会提示找不到文件，这也是正常的，但是还不能运行杀毒软件。如果没有出现上述情况，请手动删除，或再与我联系，我qq391611007。

到这里，如果上述现象都发生了，那么表明病毒就快被我们杀掉了，但是这时千万不要重启电脑，或是进入安全模式杀毒，不然上述工作白费了，重启后一切依旧。

下面运行超级兔子清理王，点击清理系统，清理注册表，“扫描错误的类”复选框上打钩，单击下一步，等待稍描完毕，单击清除。
在点击清理文件，点击全面清理，下一步，扫描完毕，清除。
完成后退出超级兔子清理王。

再运行sreng2，单击启动项目，点注册表，保留ctfmon.exe,msconfig,avp（杀毒软件自启动项，不同的软件各不相同），其他的全部删除，特别是以不同颜色标记的一定要删除，放心删吧，不会给系统带来任何影响，反而会提高启动速度。再单击服务，win32服务应用程序，点击状态，进行排序，找到Stopped/Auto Start，看其映像文件路径，选择性删除，这就需要一定的系统服务知识，这里不好讲清楚，不过我删时也没怎么发现可疑的服务，所以这里可以先放过，但具体情况具体对待。再单击系统修复，点击高级修复，自动修复。再点击浏览器加载项，把那些没有名字没有映像文件路径的全部删除，还有一些比较典型的恶意软件的加载项删除，自己把握。

到这里病毒基本上被杀掉了，保险一点可以重做超级兔子清理王那一步，也可以把那一步放到后面。然后重启，你会发现不会再有系统时间无效的提示了，杀毒软件可以用了，由于这个病毒类是P2P软件性质，主要是下载各种木马病毒，并自动加载到启动项，所以杀完毒后的第一件事是插上网线，升级杀毒软件，运行360安全卫士，清除恶意软件，其中会有不下于8个的病毒木马，然后修复系统漏洞，在然后用杀毒软件进行全盘杀毒，你会发现有不少于50个病毒，呵呵，现在你可以放松一下了，你的电脑恢复正常了。


问题补充：

系统时间可以改回去，这没大关系，主要是为了让杀毒软件失效。

该病毒主要通过优盘传播，自动复制文件到各盘的根目录，并设置属性为系统，隐藏。不过用winrar就能看见，方法很简单，程序-winrar，或者直接双击一个压缩文件，一直点击向上的按钮就行了，到了根目下，随便就可以进入每个盘了，文件一目了然，如果双击.bat文件不能删除，你可以手动删除，可以参考.bat。

该病毒会开启系统的默认共享，共享每个盘，可以在右健我的电脑-管理-共享文件夹-共享里查看，这是为了入侵你的电脑作准备，下面是关闭默认共享的几个办法，都能用。
关闭系统默认共享
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters]
"autosharewks"=dword:00000000
和
net share ipc$ /delete
net share admin$ /delete
net share c$ /delete
net share d$ /delete
net share e$ /delete
net share f$ /delete
net share g$ /delete
net share h$ /delete
pause
另存为.bat件，方法同上述。

另外为了防止远程ipc攻击，可以先关闭ipc$空连接进行枚举，最终的最有效的方法是禁止server服务，但同时你就不能共享资源了。
禁止ipc$空连接进行枚举
运行regedit，找到如下组键[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA]把RestrictAnonymous = DWORD的键值改为：00000001

无法进入安全模式是因为该病毒组织了，就是为了防止我们在安全模式下杀它，这也是他可恶的地方。还有根本没必要重装系统，此病毒只是为了窃取我们的帐号等信息，不会破坏文件，如果文件也被破坏了，那是因为它下载了许多病毒，还有如果你的优盘也中病毒了，不要紧，只要不双击打开、右健打开或在资源管理器里打开，就不会中病毒，那怎样打开呢，在地址栏下拉菜单里进入每个盘就行了，中了毒的盘把.bat文件复制到根目录下双击运行就可杀毒了。

有疑问，请联系，我qq 391611007