完全按照操作做了一遍，还是有病毒...

发现只有禁了这2个进程



以及



才能删除4b

郁闷死了

我机子中的毒和楼主的一样。缘分啊！

可用Autoruns再扫一份日志上来，注意隐藏系统进程

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ ATIPTAATI Desktop Control PanelATI Technologies, Inc.c:\program files\ati technologies\ati control panel\atiptaxx.exe

+ DAEMON ToolsVirtual DAEMON ManagerDT Soft Ltd.d:\program files\daemon tools\daemon.exe

+ Knight VFile not found: ;

+ RavTaskRavTimerBeijing Rising Technology Co., Ltd.d:\program files\rising\rav\ravtask.exe

+ SoundManRealtek Sound ManagerRealtek Semiconductor Corp.c:\windows\soundman.exe

+ StormCodec_Helperd:\program files\ringz studio\storm codec\stormset.exe

+ TkBellExeRealNetworks SchedulerRealNetworks, Inc.c:\program files\common files\real\update_ob\realsched.exe

C:\Documents and Settings\All Users\「开始」菜单\程序\启动

+ Adobe Reader Speed Launch.lnkAdobe Acrobat SpeedLauncherAdobe Systems Incorporatedd:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

C:\Documents and Settings\Administrator\「开始」菜单\程序\启动

+ reboot.exeReboot Setupc:\documents and settings\administrator\「开始」菜单\程序\启动\autorunsdisabled\reboot.exe

+ 腾讯QQ.lnkQQTENCENTd:\program files\tencent\qq\qq.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

+ bgswitchc:\windows\system32\bgswitch.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

+ Rising Execute File Exts hookRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\windows\system32\ravext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ Display Panning CPL ExtensionFile not found: deskpan.dll

+ HyperTerminal Icon ExtHyperTerminal Applet LibraryHilgraeve, Inc.c:\windows\system32\hticons.dll

+ RISINGRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\windows\system32\ravext.dll

+ RTX Shell MenuRTX Shell MenuTencentf:\games\tencent\rtx\rtxshl.dll

+ Shell Extensions for RealOne PlayerRealPlayer Shell ExtensionsRealNetworks, Inc.d:\program files\ringz studio\storm codec\rpshell.dll

+ WinRAR shell extensiond:\program files\winrar\rarext.dll

HKLM\Software\Classes\Folder\Shellex\ColumnHandlers

+ PDF Shell ExtensionPDF Shell ExtensionAdobe Systems, Inc.d:\program files\adobe\acrobat 7.0\activex\pdfshell.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

+ AcroIEHlprObj ClassAdobe Acrobat IE Helper Version 7.0 for ActiveXAdobe Systems Incorporatedd:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll

+ DragSearch BHODragSearchc:\program files\yisou\yisoub.dll

+ HBObject ClassHBHelper ModuleShanghai Henbang Technology Co., Ltdc:\program files\hbclient\hbhelper.dll

+ IeCatch2 Classjccatch ModuleAmaze Softd:\program files\flashget\jccatch.dll

+ QQBrowserHelperObject ClassQQIEHelper Module深圳市腾讯计算机系统有限公司d:\program files\tencent\qq\qqiehelper.dll

+ {3E422F49-1566-40D3-B43D-077EF739AC32}File not found: C:\WINDOWS\system32\NaviHelper.dll

+ 雅虎助手ToolBarYahoo!c:\program files\yahoo!\assistant\assist\yasbar.dll

HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks

+ yok_supersearch.dllwww.yok.comc:\program files\yok.com\supersearch\yok_supersearch.dll

HKLM\Software\Microsoft\Internet Explorer\Toolbar

+ FlashGet BarFlashGet IE BarAmaze Softd:\program files\flashget\fgiebar.dll

+ YOK Searchwww.yok.comc:\program files\yok.com\supersearch\yok_supersearch.dll

+ 雅虎助手ToolBarYahoo!c:\program files\yahoo!\assistant\assist\yasbar.dll

+ 一搜YiSou ToolBar 3721c:\program files\yisou\yisou.dll

HKLM\Software\Microsoft\Internet Explorer\Extensions

+ &FlashGetFlashGetAmaze Softd:\program files\flashget\flashget.exe

+ 番茄花园File not found: http://www.tomatolei.com

+ 浩方对战平台浩方对战平台上海浩方在线信息技术有限公司f:\games\浩方对战平台\gameclient.exe

+ 腾讯QQQQTENCENTd:\program files\tencent\qq\qq.exe

+ 易趣购物File not found: http://click2.ad4all.net/url2/urlmanage/url.asp?id=5

HKLM\System\CurrentControlSet\Services

+ Ati HotKey PollerATI External Event Utility EXE ModuleATI Technologies Inc.c:\windows\system32\ati2evxx.exe

+ RsCCenterCCenterBeijing Rising Technology Co., Ltd.d:\program files\rising\rav\ccenter.exe

+ RsRavMonRavMondBeijing Rising Technology Co., Ltd.d:\program files\rising\rav\ravmond.exe

HKLM\System\CurrentControlSet\Services

+ ALCXWDMRealtek AC'97 Audio Driver (WDM)Realtek Semiconductor Corp.c:\windows\system32\drivers\alcxwdm.sys

+ ati2mtagATI Radeon WindowsNT Miniport DriverATI Technologies Inc.c:\windows\system32\drivers\ati2mtag.sys

+ BaseTDIbasetdiBeijing Rising Technology Co., Ltd.c:\windows\system32\drivers\basetdi.sys

+ dtscsic:\windows\system32\drivers\dtscsi.sys

+ ExpScanerExpScan.sysd:\program files\rising\rav\expscan.sys

+ HookContTDI HOOK DriverRising tech Co. ltdd:\program files\rising\rav\hookcont.sys

+ HookRegd:\program files\rising\rav\hookreg.sys

+ HookSysHooksysRisingd:\program files\rising\rav\hooksys.sys

+ MEMSCANMemScan Driver瑞星软件有限公司d:\program files\rising\rav\memscan.sys

+ npkcryptnProtect KeyCrypt DriverINCA Internet Co., Ltd.d:\program files\tencent\qq\npkcrypt.sys

+ nvatabusNVIDIA? nForce(TM) IDE Performance DriverNVIDIA Corporationc:\windows\system32\drivers\nvatabus.sys

+ NVENETFDNVIDIA Networking Function Driver.NVIDIA Corporationc:\windows\system32\drivers\nvenetfd.sys

+ nvnetbusNVIDIA Networking Bus Driver.NVIDIA Corporationc:\windows\system32\drivers\nvnetbus.sys

+ paasweqFile not found: C:\WINDOWS\system32\27j08kbh.sys

+ PtilinkDirect Parallel Link DriverParallel Technologies, Inc.c:\windows\system32\drivers\ptilink.sys

+ QuakeDRVc:\windows\system32\drivers\quakedrv.sys

+ SecdrvSafeDisc driverMacrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.c:\windows\system32\drivers\secdrv.sys

+ sfdrv01StarForce Protection Environment DriverProtection Technologyc:\windows\system32\drivers\sfdrv01.sys

+ sfhlp02StarForce Protection Helper DriverProtection Technologyc:\windows\system32\drivers\sfhlp02.sys

+ sfsync03StarForce Protection Synchronization DriverProtection Technologyc:\windows\system32\drivers\sfsync03.sys

+ sfvfs02StarForce Protection VFS DriverProtection Technologyc:\windows\system32\drivers\sfvfs02.sys

+ sptdc:\windows\system32\drivers\sptd.sys

+ SSHDRV85Direct Port Access - Helper Driverc:\windows\system32\drivers\sshdrv85.sys

+ vbppdryuFile not found: C:\WINDOWS\system32\bwmxk.sys

+ vcddevVirtual Native Network DriverVNN B.J.c:\windows\system32\drivers\vcdvnic.sys

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

+ AtiExtEventATI External Event Utility DLL ModuleATI Technologies Inc.c:\windows\system32\ati2evxx.dll


已经hide microsoft entries

建议你备份后删除：
C:\WINDOWS\system32\27j08kbh.sys
c:\windows\system32\drivers\quakedrv.sys
C:\WINDOWS\system32\bwmxk.sys
c:\windows\system32\drivers\vcdvnic.sys

然后看看还有没有病毒提示

奇怪的是这4个文件都找不到，而且刚发现我system32下没有drivers文件夹
drivers在运行中直接进了，删除了这2个文件还是报病毒

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run           

+ ATIPTA    ATI Desktop Control Panel    ATI Technologies, Inc.    c:\program files\ati technologies\ati control panel\atiptaxx.exe

+ DAEMON Tools    Virtual DAEMON Manager    DT Soft Ltd.    d:\program files\daemon tools\daemon.exe

+ Knight V            File not found: ;

+ RavTask    RavTimer    Beijing Rising Technology Co., Ltd.    d:\program files\rising\rav\ravtask.exe

+ SoundMan    Realtek Sound Manager    Realtek Semiconductor Corp.    c:\windows\soundman.exe

+ StormCodec_Helper            d:\program files\ringz studio\storm codec\stormset.exe

+ TkBellExe    RealNetworks Scheduler    RealNetworks, Inc.    c:\program files\common files\real\update_ob\realsched.exe

C:\Documents and Settings\All Users\「开始」菜单\程序\启动           

+ Adobe Reader Speed Launch.lnk    Adobe Acrobat SpeedLauncher    Adobe Systems Incorporated    d:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

C:\Documents and Settings\Administrator\「开始」菜单\程序\启动           

+ reboot.exe    Reboot Setup        c:\documents and settings\administrator\「开始」菜单\程序\启动\autorunsdisabled\reboot.exe

+ 腾讯QQ.lnk    QQ    TENCENT    d:\program files\tencent\qq\qq.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run           

+ bgswitch            c:\windows\system32\bgswitch.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks           

+ Rising Execute File Exts hook    Rising Shell Ext Module    Beijing Rising Technology Co., Ltd.    c:\windows\system32\ravext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved           

+ Display Panning CPL Extension            File not found: deskpan.dll

+ HyperTerminal Icon Ext    HyperTerminal Applet Library    Hilgraeve, Inc.    c:\windows\system32\hticons.dll

+ RISING    Rising Shell Ext Module    Beijing Rising Technology Co., Ltd.    c:\windows\system32\ravext.dll

+ RTX Shell Menu    RTX Shell Menu    Tencent    f:\games\tencent\rtx\rtxshl.dll

+ Shell Extensions for RealOne Player    RealPlayer Shell Extensions    RealNetworks, Inc.    d:\program files\ringz studio\storm codec\rpshell.dll

+ WinRAR shell extension            d:\program files\winrar\rarext.dll

HKLM\Software\Classes\Folder\Shellex\ColumnHandlers           

+ PDF Shell Extension    PDF Shell Extension    Adobe Systems, Inc.    d:\program files\adobe\acrobat 7.0\activex\pdfshell.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects           

+ AcroIEHlprObj Class    Adobe Acrobat IE Helper Version 7.0 for ActiveX    Adobe Systems Incorporated    d:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll

+ DragSearch BHO    DragSearch        c:\program files\yisou\yisoub.dll

+ HBObject Class    HBHelper Module    Shanghai Henbang Technology Co., Ltd    c:\program files\hbclient\hbhelper.dll

+ IeCatch2 Class    jccatch Module    Amaze Soft    d:\program files\flashget\jccatch.dll

+ QQBrowserHelperObject Class    QQIEHelper Module    深圳市腾讯计算机系统有限公司    d:\program files\tencent\qq\qqiehelper.dll

+ 雅虎助手    ToolBar    Yahoo!    c:\program files\yahoo!\assistant\assist\yasbar.dll

HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks           

+ yok_supersearch.dll        www.yok.com    c:\program files\yok.com\supersearch\yok_supersearch.dll

HKLM\Software\Microsoft\Internet Explorer\Toolbar           

+ FlashGet Bar    FlashGet IE Bar    Amaze Soft    d:\program files\flashget\fgiebar.dll

+ YOK Search        www.yok.com    c:\program files\yok.com\supersearch\yok_supersearch.dll

+ 雅虎助手    ToolBar    Yahoo!    c:\program files\yahoo!\assistant\assist\yasbar.dll

+ 一搜    YiSou ToolBar     3721    c:\program files\yisou\yisou.dll

HKLM\Software\Microsoft\Internet Explorer\Extensions           

+ &FlashGet    FlashGet    Amaze Soft    d:\program files\flashget\flashget.exe

+ 番茄花园            File not found: http://www.tomatolei.com

+ 浩方对战平台    浩方对战平台    上海浩方在线信息技术有限公司    f:\games\浩方对战平台\gameclient.exe

+ 腾讯QQ    QQ    TENCENT    d:\program files\tencent\qq\qq.exe

+ 易趣购物            File not found: http://click2.ad4all.net/url2/urlmanage/url.asp?id=5

HKLM\System\CurrentControlSet\Services           

+ Ati HotKey Poller    ATI External Event Utility EXE Module    ATI Technologies Inc.    c:\windows\system32\ati2evxx.exe

+ RsCCenter    CCenter    Beijing Rising Technology Co., Ltd.    d:\program files\rising\rav\ccenter.exe

+ RsRavMon    RavMond    Beijing Rising Technology Co., Ltd.    d:\program files\rising\rav\ravmond.exe

HKLM\System\CurrentControlSet\Services           

+ ALCXWDM    Realtek AC'97 Audio Driver (WDM)    Realtek Semiconductor Corp.    c:\windows\system32\drivers\alcxwdm.sys

+ ati2mtag    ATI Radeon WindowsNT Miniport Driver    ATI Technologies Inc.    c:\windows\system32\drivers\ati2mtag.sys

+ BaseTDI    basetdi    Beijing Rising Technology Co., Ltd.    c:\windows\system32\drivers\basetdi.sys

+ dtscsi            c:\windows\system32\drivers\dtscsi.sys

+ ExpScaner    ExpScan.sys        d:\program files\rising\rav\expscan.sys

+ HookCont    TDI HOOK Driver    Rising tech Co. ltd    d:\program files\rising\rav\hookcont.sys

+ HookReg            d:\program files\rising\rav\hookreg.sys

+ HookSys    Hooksys    Rising    d:\program files\rising\rav\hooksys.sys

+ MEMSCAN    MemScan Driver    瑞星软件有限公司    d:\program files\rising\rav\memscan.sys

+ npkcrypt    nProtect KeyCrypt Driver    INCA Internet Co., Ltd.    d:\program files\tencent\qq\npkcrypt.sys

+ nvatabus    NVIDIA? nForce(TM) IDE Performance Driver    NVIDIA Corporation    c:\windows\system32\drivers\nvatabus.sys

+ NVENETFD    NVIDIA Networking Function Driver.    NVIDIA Corporation    c:\windows\system32\drivers\nvenetfd.sys

+ nvnetbus    NVIDIA Networking Bus Driver.    NVIDIA Corporation    c:\windows\system32\drivers\nvnetbus.sys

+ paasweq            File not found: C:\WINDOWS\system32\jccg.sys

+ Ptilink    Direct Parallel Link Driver    Parallel Technologies, Inc.    c:\windows\system32\drivers\ptilink.sys

+ QuakeDRV            File not found: system32\DRIVERS\quakedrv.sys

+ Secdrv    SafeDisc driver    Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.    c:\windows\system32\drivers\secdrv.sys

+ sfdrv01    StarForce Protection Environment Driver    Protection Technology    c:\windows\system32\drivers\sfdrv01.sys

+ sfhlp02    StarForce Protection Helper Driver    Protection Technology    c:\windows\system32\drivers\sfhlp02.sys

+ sfsync03    StarForce Protection Synchronization Driver    Protection Technology    c:\windows\system32\drivers\sfsync03.sys

+ sfvfs02    StarForce Protection VFS Driver    Protection Technology    c:\windows\system32\drivers\sfvfs02.sys

+ sptd            c:\windows\system32\drivers\sptd.sys

+ SSHDRV85    Direct Port Access - Helper Driver        c:\windows\system32\drivers\sshdrv85.sys

+ vbppdryu            File not found: C:\WINDOWS\system32\8kesu708.sys

+ vcddev            File not found: system32\DRIVERS\vcdvnic.sys

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify           

+ AtiExtEvent    ATI External Event Utility DLL Module    ATI Technologies Inc.    c:\windows\system32\ati2evxx.dll



这是现在的日志

其他进程也看不出毛病