瑞星实时监控发现病毒
文件路径  C:\WINDOWS\system32\drivers\nwupspx.sys
病毒名称  Trojan.DL.Agent.lqt
病毒来源  本机
随即便点了杀毒和删除选项，之后显示文件删除失败
于是便进入文件夹，想手动删除该文件
右键-删除 系统显示:无法删除nwupspx，无效的文件句柄

下面附上HijackThis扫描后的日志，麻烦大侠们帮小弟看看，机器里还有什么病毒，应该怎么样去删除它，先在这里谢谢大侠们了！！！！

Logfile of HijackThis v1.99.1
Scan saved at 20:34:52, on 2006-9-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\program files\rising\rfw\rfwsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\program files\rising\rfw\RfwMain.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\Program Files\Tencent\qq\QQ.exe
C:\Program Files\Tencent\qq\TIMPlatform.exe
C:\Program Files\Rising\Rav\CCenter.exe
C:\Program Files\Rising\Rav\RavTask.exe
C:\Program Files\Rising\Rav\RavMon.exe
C:\Program Files\Rising\Rav\Ravmond.exe
C:\Program Files\Rising\Rav\RavStub.exe
F:\ha_hijackthis_1991\HijackThis.exe

O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: DDOC - {A64E86D2-203D-4145-AA9B-2425BAF568E9} - C:\WINDOWS\system32\xenroer.dll
O2 - BHO: Letscool System Helper - {F0C15012-7DBD-4068-95A2-0A82DB03AC35} - C:\WINDOWS\system32\CoolBho.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup
O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: 上传到QQ网络硬盘 - C:\Program Files\Tencent\qq\AddToNetDisk.htm
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - C:\Program Files\Tencent\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - C:\Program Files\Tencent\qq\SendMMS.htm
O9 - Extra button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - D:\浩方对战平台\GameClient.exe
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O16 - DPF: {0400AC1C-EEF0-4638-A501-31D5A0DC2002} (VTPlug3 Class) - http://s5.liaoliao.com:1995/VTrans.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (CEditCtrl Object) - https://img.alipay.com/download/aliedit.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133701518500
O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://s5.liaoliao.com:1995/talk.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E97BD6B0-4AB6-4743-A0B4-138FA9885C49}: NameServer = 218.2.135.1 61.147.37.1
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Rising Proxy  Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

修复
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: DDOC - {A64E86D2-203D-4145-AA9B-2425BAF568E9} - C:\WINDOWS\system32\xenroer.dll
删除
C:\WINDOWS\system32\xenroer.dll

试着用SSM 禁用后删除..

或者用瑞星2006光盘DOS模式杀毒...

这个病毒不知如何删除
你的这个日志也看不出问题
但看到它也找不到相应的进程
试试这个日志
请到www.27814939.ys168.com,点“我的软件”下载autoruns.exe，运行后，点“选项”选择“隐藏微软选项”退出，再重新运行。点“文件”“保存”把日志粘上帖子来。

等待楼主的Autoruns日志

如果没有瑞星2006光盘请，安照楼上的二位说法在“安全模式”下进行，查杀！

实在是有劳几位大侠了
下面是autoruns.exe的日志


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ ATIPTAATI Desktop Control PanelATI Technologies, Inc.c:\program files\ati technologies\ati control panel\atiptaxx.exe

+ RavTaskRavTimerBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravtask.exe

+ RfwMainRising Personal FireWall Main ProgramBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\rfwmain.exe

+ SoundMAXSoundMAX Control CenterAnalog Devices, Inc.c:\program files\analog devices\soundmax\smax4.exe

+ SoundMAXPnPSMax4PNP MFC ApplicationAnalog Devices, Inc.c:\program files\analog devices\soundmax\smax4pnp.exe

HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components

+ 0找不到文件:About:Home

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

+ Rising Execute File Exts hookRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\windows\system32\ravext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ Display Panning CPL Extension找不到文件:deskpan.dll

+ HyperTerminal Icon ExtHyperTerminal Applet LibraryHilgraeve, Inc.c:\windows\system32\hticons.dll

+ iTunesiTunes Mini Player DLLApple Computer, Inc.c:\program files\itunes\itunesminiplayer.dll

+ NeroDigitalIconHandlerNero Digital Shell ExtensionNero AGc:\program files\common files\ahead\lib\nerodigitalext.dll

+ NeroDigitalPropSheetHandlerNero Digital Shell ExtensionNero AGc:\program files\common files\ahead\lib\nerodigitalext.dll

+ PhoneBrowserPhone BrowserNokiac:\program files\nokia\nokia pc suite 6\phonebrowser.dll

+ RISINGRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\windows\system32\ravext.dll

+ Shell Extensions for RealOne PlayerRealPlayer Shell ExtensionsRealNetworks, Inc.c:\program files\real\realplayer\rpshell.dll

+ WinRAR shell extensionc:\program files\winrar\rarext.dll

HKLM\Software\Classes\Folder\Shellex\ColumnHandlers

+ NeroDigitalColumnHandler ClassNero Digital Shell ExtensionNero AGc:\program files\common files\ahead\lib\nerodigitalext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

+ DDOCxenroller Modulec:\windows\system32\xenroer.dll

+ Letscool System HelperLetscool Network IE HelperLETSCOOL Network Technologyc:\windows\system32\coolbho.dll

+ QQBrowserHelperObject ClassQQIEHelper Module深圳市腾讯计算机系统有限公司c:\program files\tencent\qq\qqiehelper.dll

HKLM\Software\Microsoft\Internet Explorer\Extensions

+ 浩方对战平台浩方对战平台上海浩方在线信息技术有限公司d:\浩方对战平台\gameclient.exe

计划任务

+ DDD_Install_Program.job找不到文件:C:\DOCUME~1\gjkjyjy\LOCALS~1\Temp\remotesetup.exe

+ DM_Install_Program.job找不到文件:C:\DOCUME~1\gjkjyjy\LOCALS~1\Temp\104002.exe

HKLM\System\CurrentControlSet\Services

+ Ati HotKey PollerATI External Event Utility EXE ModuleATI Technologies Inc.c:\windows\system32\ati2evxx.exe

+ ATI SmartATI Smartc:\windows\system32\ati2sgag.exe

+ RfwServiceRising Personal Firewall ServiceBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\rfwsrv.exe

+ RsCCenterCCenterBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ccenter.exe

+ RsRavMonRavMondBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravmond.exe

HKLM\System\CurrentControlSet\Services

+ aeaudioAndrea Audio Noise Cancellation DriverAndrea Electronics Corporationc:\windows\system32\drivers\aeaudio.sys

+ ati2mtagATI Radeon WindowsNT Miniport DriverATI Technologies Inc.c:\windows\system32\drivers\ati2mtag.sys

+ BaseTDIbasetdiBeijing Rising Technology Co., Ltd.c:\windows\system32\drivers\basetdi.sys

+ bcm4sbxpBroadcom Corporation NDIS 5.1 ethernet driverBroadcom Corporationc:\windows\system32\drivers\bcm4sbxp.sys

+ dtscsic:\windows\system32\drivers\dtscsi.sys

+ ExpScanerExpScan.sysc:\program files\rising\rav\expscan.sys

+ GEARAspiWDMCDRom Class Filter DriverGEAR Software Inc.c:\windows\system32\drivers\gearaspiwdm.sys

+ GMSIPCI找不到文件:G:\INSTALL\GMSIPCI.SYS

+ HOOKAPIHOOKAPI Driver瑞星软件有限公司c:\program files\rising\rav\hookapi.sys

+ HookContTDI HOOK DriverRising tech Co. ltdc:\program files\rising\rav\hookcont.sys

+ HookRegc:\program files\rising\rav\hookreg.sys

+ HookSysHooksysRisingc:\program files\rising\rav\hooksys.sys

+ HookUrlHookUrlBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\hookurl.sys

+ HSF_DPHSF_DP driverConexant Systems, Inc.c:\windows\system32\drivers\hsfdpsp2.sys

+ HSFHWBS2HSF_HWB2 WDM driverConexant Systems, Inc.c:\windows\system32\drivers\hsfbs2s2.sys

+ mdmxsdkDiagnostic Interface DRIVERConexantc:\windows\system32\drivers\mdmxsdk.sys

+ MEMSCANMemScan Driver瑞星软件有限公司c:\program files\rising\rav\memscan.sys

+ MidiSynSoundMAX Wavetable Synthesizer (WDM) Analog Devices, Inc.c:\windows\system32\drivers\midisyn.sys

+ mProcRsRising Personal FireWall  mprocrs.sysBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\mprocrs.sys

+ MSICPL找不到文件:G:\install4\MSICPL.sys

+ Nokia USB GenericNokia USB Phone Generic ClientNokiac:\windows\system32\drivers\nmwcdc.sys

+ Nokia USB ModemNokia USB Phone Modem ClientNokiac:\windows\system32\drivers\nmwcdcm.sys

+ Nokia USB Phone ParentNokia USB Phone Bus DriverNokiac:\windows\system32\drivers\nmwcd.sys

+ npkcryptnProtect KeyCrypt DriverINCA Internet Co., Ltd.c:\program files\tencent\qq\npkcrypt.sys

+ NTACCESS找不到文件:G:\NTACCESS.sys

+ nwupspxc:\windows\system32\drivers\nwupspx.sys

+ ProcServc:\windows\system32\drivers\procserv.sys

+ PtilinkDirect Parallel Link DriverParallel Technologies, Inc.c:\windows\system32\drivers\ptilink.sys

+ RsFwDrvnt_fwdrvBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\rsfwdrv.sys

+ SecdrvSafeDisc driverMacrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.c:\windows\system32\drivers\secdrv.sys

+ senfiltSensaura WDM 3D Audio DriverSensaurac:\windows\system32\drivers\senfilt.sys

+ SetupNTGLM7X找不到文件:G:\NTGLM7X.sys

+ smwdmSoundMAX Integrated Digital Audio Analog Devices, Inc.c:\windows\system32\drivers\smwdm.sys

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

+ AtiExtEventATI External Event Utility DLL ModuleATI Technologies Inc.c:\windows\system32\ati2evxx.dll

刚刚看错了
进入安全模式下
瑞星能查到毒，但是还是删除文件失败
手动也无法删除，显示，无效的文件句柄

autoruns.exe，点全部，删除以下项
c:\windows\system32\drivers\nwupspx.sys
C:\DOCUME~1\gjkjyjy\LOCALS~1\Temp\104002.exe
C:\DOCUME~1\gjkjyjy\LOCALS~1\Temp\remotesetup.exe
删除
C:\DOCUME~1\gjkjyjy\LOCALS~1\Temp删除这个文件夹所有的东东
请到www.27814939.ys168.com,点“我的软件”下载IceSword.rar，用它来删除c:\windows\system32\drivers\nwupspx.sys
声明，这是一成功者的经验。