文件名：test.exe
文件路径：test.exe>c:\program files\internet explorer\test.exe
病毒名：Trojan.PSW.Misc.w

请问该如何清除，多谢！

请问“结束c:\program files\internet explorer\test.exe进程”
如何操作，
又是如何进入注册表呢？谢谢！

我在任务管理器没有发现test.exe进程，后面按照你所说的步骤进行了，可是重新启动后还是在那里发现了同样的病毒，怎么办啊？

反复操作了几次，这次启动后终于没有发现了，看看明天怎么样，如果还是有问题，我再发日志，第一次上这个论坛，感觉大家很热心，谢谢啊！

还是有毒啊

请看日志：
ProcessPIDCPUDescriptionCompany Name
System Idle Process095.38
Interruptsn/aHardware Interrupts
DPCsn/a1.54Deferred Procedure Calls
System4
  SMSS.EXE536Windows NT Session ManagerMicrosoft Corporation
  CSRSS.EXE604Client Server Runtime ProcessMicrosoft Corporation
  WINLOGON.EXE628Windows NT Logon ApplicationMicrosoft Corporation
    SERVICES.EXE6721.54Services and Controller appMicrosoft Corporation
    SVCHOST.EXE856Generic Host Process for Win32 ServicesMicrosoft Corporation
    CCenter.exe956CCenterBeijing Rising Technology Co., Ltd.
    SVCHOST.EXE972Generic Host Process for Win32 ServicesMicrosoft Corporation
      wuauclt.exe420Automatic UpdatesMicrosoft Corporation
    SVCHOST.EXE11281.54Generic Host Process for Win32 ServicesMicrosoft Corporation
    SVCHOST.EXE1140Generic Host Process for Win32 ServicesMicrosoft Corporation
    RavMonD.exe1160RavMondBeijing Rising Technology Co., Ltd.
      RavStub.exe1456Rising RavStubBeijing Rising Technology Co., Ltd.
    SPOOLSV.EXE1372Spooler SubSystem AppMicrosoft Corporation
    CDANTSRV.EXE1856C-Dilla RTS ServiceC-Dilla Ltd
    MDM.EXE1920Machine Debug ManagerMicrosoft Corporation
    NVSVC32.EXE1960NVIDIA Driver Helper Service, Version 56.72NVIDIA Corporation
    LSASS.EXE684LSA Shell (Export Version)Microsoft Corporation
EXPLORER.EXE1708Windows ExplorerMicrosoft Corporation
RUNDLL32.EXE312Run a DLL as an AppMicrosoft Corporation
realsched.exe432RealNetworks SchedulerRealNetworks, Inc.
Rfw.exe440Rising Personal FireWall Main ProgramBeijing Rising Technology Corporation Limited
RavTask.exe448RavTimerBeijing Rising Technology Co., Ltd.
  RavMon.exe688RavMonBeijing Rising Technology Co., Ltd.
RUNDLL32.EXE496Run a DLL as an AppMicrosoft Corporation
RUNDLL32.EXE508Run a DLL as an AppMicrosoft Corporation
qttask.exe516Apple Computer, Inc.
ctfmon.exe584CTF LoaderMicrosoft Corporation
LFMonitor.exe600SendFaxMonitor Microsoft 基础类应用程序
LFClient.exe588LANFax Suite客户端程序北京华录北方电子有限责任公司
acad.exe728AutoCAD ApplicationAutodesk, Inc.
TBrowser.exe416Tencent ExplorerTencent
autoruns.exe2504Autostart program viewerSysinternals - www.sysinternals.com
NOTEPAD.EXE3536记事本Microsoft Corporation
procexp.exe748Sysinternals Process ExplorerSysinternals
conime.exe3128Console IMEMicrosoft Corporation

我是用ProcessExplorer导出的，可以吗？

如何用“System Repair Engineer 2.0.12.350”导出日志呢？

这是用“autoruns”导出的，是日志吗？
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ CnsMin3721北京三七二一科技有限公司d:\windows\downloaded program files\cnsmin.dll

+ KAVRUNKAVRunkingsoftc:\kav2002\kavrun.exe

+ NvCplDaemonNVIDIA Display Properties ExtensionNVIDIA Corporationd:\windows\system32\nvcpl.dll

+ NvMediaCenterNVIDIA Media Center LibraryNVIDIA Corporationd:\windows\system32\nvmctray.dll

+ nwizNVIDIA nView Wizard, Version 56.72 NVIDIA Corporationd:\windows\system32\nwiz.exe

+ QuickTime TaskApple Computer, Inc.d:\program files\quicktime\qttask.exe

+ RavTaskRavTimerBeijing Rising Technology Co., Ltd.d:\program files\rising\rav\ravtask.exe

+ rfwRising Personal FireWall Main ProgramBeijing Rising Technology Corporation Limitedd:\program files\rising\rfw\rfw.exe

+ TkBellExeRealNetworks SchedulerRealNetworks, Inc.d:\program files\common files\real\update_ob\realsched.exe

+ vptrayFile not found: D:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

+ WinsSystemaasdfasasdfasdfc:\program files\internet explorer\syssmss.exe

+ WinsSystemaasdfasasdfasdfc:\program files\internet explorer\syssmss.exe

D:\Documents and Settings\All Users\「开始」菜单\程序\启动

+ Adobe Gamma Loader.lnkAdobe Gamma LoaderAdobe Systems, Inc.d:\program files\common files\adobe\calibration\adobe gamma loader.exe

+ LANFax Client.lnkLANFax Suite客户端程序北京华录北方电子有限责任公司d:\program files\lanfax suite\lanfax client\lfclient.exe

+ LANFax 发传真监视器.lnkSendFaxMonitor Microsoft 基础类应用程序d:\program files\lanfax suite\lanfax client\lfmonitor.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

+ Winpatch AutoUpdated:\windows\downloaded program files\#.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

+ cnshook.dll3721 CNS Module北京三七二一科技有限公司d:\windows\downloaded program files\cnshook.dll

+ cnsmin.dll3721北京三七二一科技有限公司d:\windows\downloaded program files\cnsmin.dll

+ Rising Execute File Exts hookRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.d:\windows\system32\ravext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ RISINGRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.d:\windows\system32\ravext.dll

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ 金山毒霸金山毒霸右键菜单支持程序Kingsoft Corp.c:\kav2002\kavext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

+ 3721中文邮CesWeb Moduled:\program files\3721\ces\cesweb.dll

+ AcroIEHlprObj ClassAcroIEHelper Moduled:\program files\adobe\acrobat 5.0\reader\activex\acroiehelper.ocx

+ CnsHook Class3721 CNS Module北京三七二一科技有限公司d:\windows\downloaded program files\cnshook.dll

+ Google Toolbar HelperGoogle IE 客户端工具栏Google Inc.d:\program files\google\googletoolbar2.dll

+ IeCatch2 Classjccatch ModuleAmaze Softd:\program files\flashget\jccatch.dll

+ Infofo 工具栏珊瑚虫 Infofo 工具栏珊瑚虫工作室 泰格工作室c:\program files\infofo bar\infofobar.dll

+ ShowBarObject ClassAlibabaIEToolBarAlibabad:\windows\system32\alibabatoolbar\__new\bar.dll

+ 上网助手Assist Moduled:\program files\3721\assist\assist.dll

HKLM\Software\Microsoft\Internet Explorer\Toolbar

+ FlashGet BarFlashGet IE BarAmaze Softd:\program files\flashget\fgiebar.dll

+ 上网助手Assist Moduled:\program files\3721\assist\assist.dll

HKLM\Software\Microsoft\Internet Explorer\Extensions

+ &FlashGetFlashGetAmaze Softd:\program files\flashget\flashget.exe

+ &NetAntsNetAnts d:\program files\netants\netants.exe

+ 3721中文邮File not found: http://cmail.3721.com?fb=client

+ @shdoclc.dll,-864d:\windows\web\related.htm

+ Yahoo 1G电邮File not found: http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail

+ 清理上网记录File not found: http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean

+ 情景聊天File not found: http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/

+ 腾讯QQQQTENCENTc:\program files\tencent\qq\qq.exe

+ 修复浏览器File not found: http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair

+ 寻宝乐趣多File not found: http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=taobao

+ 雅虎助手File not found: http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist

+ 易趣购物File not found: http://adfarm.mediaplex.com/ad/ck/4080-23171-9517-195?cn=song;icon;hp&mpro=http://www.ebay.com.cn

HKLM\System\CurrentControlSet\Services

+ C-DillaSrvC-Dilla RTS ServiceC-Dilla Ltdd:\windows\system32\drivers\cdantsrv.exe

+ DefWatchFile not found: D:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe

+ Norton AntiVirus ServerFile not found: D:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe

+ NVSvcProvides system and desktop level support to the NVIDIA display driverNVIDIA Corporationd:\windows\system32\nvsvc32.exe

+ RsCCenterCCenterBeijing Rising Technology Co., Ltd.d:\program files\rising\rav\ccenter.exe

+ RsRavMonRavMondBeijing Rising Technology Co., Ltd.d:\program files\rising\rav\ravmond.exe

HKLM\System\CurrentControlSet\Services

+ ac97intcIntel(r) Integrated Controller Hub Audio DriverIntel Corporationd:\windows\system32\drivers\ac97intc.sys

+ BaseTDIbasetdiBeijing Rising Technology Co., Ltd.d:\windows\system32\drivers\basetdi.sys

+ C-DillaC-Dilla Windows NT RTSMacrovisiond:\windows\system32\drivers\cdant.sys

+ ExpScanerExpScan.sysd:\program files\rising\rav\expscan.sys

+ FETNDISBNDIS 5.0 miniport driverVIA Technologies, Inc.              d:\windows\system32\drivers\fetnd5b.sys

+ HookContTDI HOOK DriverRising tech Co. ltdd:\program files\rising\rav\hookcont.sys

+ HookRegd:\program files\rising\rav\hookreg.sys

+ HookSysHooksysRisingd:\program files\rising\rav\hooksys.sys

+ IPHOOKIP HOOK DriverBeijing Rising Technology Corporation Limitedd:\program files\rising\rfw\iphook.sys

+ kmsinputd:\windows\system32\drivers\kmsinput.sys

+ MEMSCANMemScan Driver瑞星软件有限公司d:\program files\rising\rav\memscan.sys

+ NAVAPFile not found: D:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP.sys

+ NAVAPELFile not found: D:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS

+ NAVENGAV EngineSymantec Corporationd:\program files\common files\symantec shared\virusdefs\20031217.004\naveng.sys

+ NAVEX15AV EngineSymantec Corporationd:\program files\common files\symantec shared\virusdefs\20031217.004\navex15.sys

+ New0d:\windows\system32\new.sys

+ NTSIMNetwork Device Monitor UtilityVIA Technologies, Inc.              d:\windows\system32\ntsim.sys

+ nvNVIDIA Compatible Windows 2000 Miniport Driver, Version 56.72 NVIDIA Corporationd:\windows\system32\drivers\nv4_mini.sys

+ PtilinkDirect Parallel Link DriverParallel Technologies, Inc.d:\windows\system32\drivers\ptilink.sys

+ SecdrvSafeDisc driverd:\windows\system32\drivers\secdrv.sys

+ Sentineld:\windows\system32\drivers\sentinel.sys

+ SymEventSymantec Event LibrarySymantec Corporationd:\program files\symantec\symevent.sys

+ TDIHOOKTDI HOOK DriverBeijing Rising Technology Corporation Limitedd:\program files\rising\rfw\tdihook.sys

+ TOODISUSBTOODISUSBTooDisd:\windows\system32\drivers\toodis.sys

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify

+ NavLogond:\windows\system32\navlogon.dll

HKCU\Control Panel\Desktop\Scrnsave.exe

+ D:\WINDOWS\System32\JAPANE~1.SCRScreensaver for SSA2TopThinks, INC.d:\windows\system32\japanese cats.scr

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors

+ adimonHeidi? OLE to ADI Port MonitorAutodesk, Inc.d:\windows\system32\adimon.dll

+ HP Master MonitorWin32 Master MonitorHewlett-Packardd:\windows\system32\hpbmmon.dll