Trojan.PSW.Win32.GameOL.mpu
Trojan.PSW.Win32.GameOL.msi
无法彻底杀掉，用瑞星能查杀，但重启还有，已经杀了N次了


[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; QQDownload 1.7; TencentTraveler )

流程：
先用工具清理下系统 然后扫描完整SRE日志报告

清理系统临时文件和IE临时文件夹     
http://www.atribune.org/public-beta/ATF-Cleaner.exe
用金山清理专家清理恶意软件
http://www.duba.net/zt/ksc/down.shtml
下载windows清理助手清理一遍
http://www.arswp.com/download/arswp2/arswp2.zip

下载Sreng，解压缩运行

1.先把不相关的软件关闭（比如QQ 浏览器 播放软件之类...）
2.智能扫描(记得勾上数字签名选项）=》扫描=》保存报告
3.把日志SREngLOG.log中的报告完整复制粘贴上来，[全选(Ctrl+a) >>复制(Ctrl+c) >>粘贴(Ctrl+v)] 上来或者粘贴到记事本中以附件形式上传上来

SRE下载地址
http://www.kztechs.com/sreng/sreng928.zip
友情提示:如果下载后不能运行请删除已下载的,然后重新下载.下载后首先不要运行先将下载的SREng.exe重命名为SREng.com(SREng.scr\SREng.bat\SREng.pif)或者abc.exe运行

楼主可将可疑文件上报瑞星分析解决！

[CODE]

2008-04-06,20:48:04

System Repair Engineer 2.6.2.928
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <swg><C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe>  [(Verified)Google Inc]
    <Antispy ARP><C:\Program Files\Kingsoft\Antiarp\KASArp.EXE>  [(Verified)KINGSOFT CORPORATION]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Component Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <stup.exe><Rundll32.exe C:\PROGRA~1\TENCENT\SSPlus\SPlus1.dll,Rundll32 R>  [(Verified)Tencent Technology(Shenzhen) Company Limited]
    <CertificateRegistration><SafeSignCertReg.exe>  [A.E.T. Europe B.V.]
    <CloneCDElbyCDFL><"C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL>  [Elaborate Bytes AG]
    <Easy-PrintToolBox><C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon>  [CANON INC.]
    <NeroCheck><C:\WINDOWS\system32\\NeroCheck.exe>  [Ahead Software Gmbh]
    <BigDogPath><C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera>  [File is missing]
    <ssMgr_ccb><C:\Program Files\StarSec\ssMgr_ccb.exe -r>  []
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot>  [RealNetworks, Inc.]
    <TVTray><C:\PROGRA~1\10moons\天敏US~1\TVTray.exe>  [10moons]
    <NewsUpd><C:\Program Files\Creative\News\NewsUpd.EXE /q>  [Creative Technology Ltd.]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows XP Publisher]
    <nwiz><nwiz.exe /install>  []
    <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [(Verified)Microsoft Windows Component Publisher]
    <vtupdate><C:\WINDOWS\>  [File is missing]
    <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [(Verified)BEIJING RISING SCIENCE AND TECHNOLOGY CORPORATION LIMITED]
    <runeip><"C:\Program Files\Rising\AntiSpyware\runiep.exe" /startup>  [Beijing Rising Technology Co., Ltd.]
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [File is missing]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
    <fmsbbqi><C:\WINDOWS\fmsbbqi.exe>  []
    <mfchlp32><C:\WINDOWS\mfchlp32.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <KKDelay><C:\Program Files\Rising\AntiSpyware\RunOnce.exe>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <DXDLG32><DXDLG.exe>  [N/A]
    <MSDWG32><LYLoadbr.exe>  [N/A]
    <MSDCG32    ><LYLeador.exe>  [N/A]
    <MSDOG32><LYLoador.exe>  [N/A]
    <MSDSG32><LYLoadar.exe>  [N/A]
    <MSDMG32><LYLoadmr.exe>  [N/A]
    <MSDHG32><LYLoadhr.exe>  [N/A]
    <MSDQG32><LYLoadqr.exe>  [N/A]
    <zsmstc><rundll32.exe C:\WINDOWS\system32\mxcdcsrv16_080321.dll start>  [File is missing]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><mrjhtjd.dll,qrhhb.dll,xdfntt.dll,hgfhk.dll,hjaiq.dll,kduy.dll,frntrn.dll,dnteh.dll,chmfcmh.dll,jwlah.dll,crugd.dll,lariytrz.dll,thurh.dll,mgmgmm.dll,oqrthc.dll,ydgn.dll,dbfb.dll,fjnbv.dll,wmsat.dll,gmnait.dll,hfjg.dll,xdndn.dll,rgfjj.dll,dscef.dll,xfng.dll,njritc.dll,setrhes.dll,cdxbfxdb.dll,xfgnxfn.dll,gjkhj.dll,fxnfnh.dll,bjrvm.dll,ektvm.dll,fehom.dll,jyjlt.dll,ijatnaw.dll,sehhter.dll,fhjfg.dll,zdbdb.dll,rhs.dll,rdthr.dll,gjjte.dll,xgnfn.dll,xfgnhcgfm.dll,serger.dll,bnxnb.dll,fxgnfx.dll,jzijj.dll,xfgnfx.dll,serghjm.dll,thsddh.dll,xbcvxb.dll,zfdzb.dll,hkfgh.dll,drghszd.dll,fngn.dll,xdhdg.dll,zdbfbd.dll,fjyjy.dll,awef.dll,msepbe.dll,ieprot.dll>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}><C:\WINDOWS\system32\shlhook.dll>  [Beijing Rising Technology Co., Ltd.]
    <{C0595A7E-2E2F-4B34-A83A-019270A0A464}><C:\WINDOWS\system32\tdffdl.dll>  [File is missing]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
    <{c4bf46a2-1c05-427d-992f-4e24f7d57f68}><C:\WINDOWS\system32\ttNNBNNB1047.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3

日志不完全 请以附件形式上传

日志附件

1.建议使用XDelBox删除以下文件：(XDelBox1.3下载)
使用说明：删除时复制所有要删除文件的路径，在待删除文件列表里点击右键选择从剪贴板导入，导入后在要删除文件上点击右键，选择立刻重启删除，电脑会重启进入DOS界面进行删除操作。运行xdelbox前最好卸载所有可移动存储介质（包括U盘，MP3，手机存储卡等）。

c:\windows\mfchlp32.exe
c:\windows\fmsbbqi.exe
c:\windows\system32\fmsbbqi.dll
c:\windows\system32\mfchlp32.dll
lyloadqr.exe
lyloadhr.exe
lyloadmr.exe
lyloadar.exe
lyloador.exe
lyleador.exe
lyloadbr.exe
dxdlg.exe
mrjhtjd.dll,qrhhb.dll,xdfntt.dll,hgfhk.dll,hjaiq.dll,kduy.dll,frntrn.dll,dnteh.dll,chmfcmh.dll,jwlah.dll,crugd.dll,lariytrz.dll,thurh.dll,mgmgmm.dll,oqrthc.dll,ydgn.dll,dbfb.dll,fjnbv.dll,wmsat.dll,gmnait.dll,hfjg.dll,xdndn.dll,rgfjj.dll,dscef.dll,xfng.dll,njritc.dll,setrhes.dll,cdxbfxdb.dll,xfgnxfn.dll,gjkhj.dll,fxnfnh.dll,bjrvm.dll,ektvm.dll,fehom.dll,jyjlt.dll,ijatnaw.dll,sehhter.dll,fhjfg.dll,zdbdb.dll,rhs.dll,rdthr.dll,gjjte.dll,xgnfn.dll,xfgnhcgfm.dll,serger.dll,bnxnb.dll,fxgnfx.dll,jzijj.dll,xfgnfx.dll,serghjm.dll,thsddh.dll,xbcvxb.dll,zfdzb.dll,hkfgh.dll,drghszd.dll,fngn.dll,xdhdg.dll,zdbfbd.dll,fjyjy.dll,awef.dll,msepbe.dll,ieprot.dll

2.删除重启后使用SREng修复下面各项：

    启动项目 －－ 注册表之如下项删除：
[MSDQG32]    <LYLoadqr.exe>
[MSDHG32]    <LYLoadhr.exe>
[MSDMG32]    <LYLoadmr.exe>
[MSDSG32]    <LYLoadar.exe>
[MSDOG32]    <LYLoador.exe>
[MSDCG32    ]    <LYLeador.exe>
[MSDWG32]    <LYLoadbr.exe>
[DXDLG32]    <DXDLG.exe>
[mfchlp32]    <C:\WINDOWS\mfchlp32.exe>
[fmsbbqi]    <C:\WINDOWS\fmsbbqi.exe>
注意该项[AppInit_DLLs]修改：把<mrjhtjd.dll,qrhhb.dll,xdfntt.dll,hgfhk.dll,hjaiq.dll,kduy.dll,frntrn.dll,dnteh.dll,chmfcmh.dll,jwlah.dll,crugd.dll,lariytrz.dll,thurh.dll,mgmgmm.dll,oqrthc.dll,ydgn.dll,dbfb.dll,fjnbv.dll,wmsat.dll,gmnait.dll,hfjg.dll,xdndn.dll,rgfjj.dll,dscef.dll,xfng.dll,njritc.dll,setrhes.dll,cdxbfxdb.dll,xfgnxfn.dll,gjkhj.dll,fxnfnh.dll,bjrvm.dll,ektvm.dll,fehom.dll,jyjlt.dll,ijatnaw.dll,sehhter.dll,fhjfg.dll,zdbdb.dll,rhs.dll,rdthr.dll,gjjte.dll,xgnfn.dll,xfgnhcgfm.dll,serger.dll,bnxnb.dll,fxgnfx.dll,jzijj.dll,xfgnfx.dll,serghjm.dll,thsddh.dll,xbcvxb.dll,zfdzb.dll,hkfgh.dll,drghszd.dll,fngn.dll,xdhdg.dll,zdbfbd.dll,fjyjy.dll,awef.dll,msepbe.dll,ieprot.dll>修改为<>即清空

下载windows清理助手清理恶意软件
http://www.arswp.com/download.html

下载临时文件清理工具
http://www.dodudou.com/down/ATF-Cleaner-cn.exe

1.建议使用XDelBox删除以下文件--------------结果：只删除了前两个，其他的系统提示：无此文件
2.删除重启后使用SREng修复下面各项------------结果：系统警告：appinit_dlls 被修改为非正常值，....
我应该怎么处理？
用瑞星杀毒，没有发现病毒，但部分残留文件无法清除干净
注册表无法修改

引用:

【道长的贴子】1.建议使用XDelBox删除以下文件--------------结果：只删除了前两个，其他的系统提示：无此文件 2.删除重启后使用SREng修复下面各项------------结果：系统警告：appinit_dlls 被修改为非正常值，.... 我应该怎么处理？ 用瑞星杀毒，没有发现病毒，但部分残留文件无法清除干净 注册表无法修改 ………………

appinit_dlls值清空即可
最好用windows清理助手全面清理遍系统

用了，
在启动sre时出现“入口点错误”无法修复，或者说修复不了
appinit_dlls键值无法清空
windos清理助手可以清理出7个木马，但是无法清除，重启后扫描还有