瑞星卡卡安全论坛

在C,D,E,F根目录下有sos.exe和autorun.inf,我尝试右击打开,删除后还是会创建(好像这种无论是右击还是双击打开都会运行病毒的).IceSword.exe,sreng,regedit,msconfig改名后可以运行,HOST文件被修改,卡卡,瑞星,咔吧司机等反病毒站均被列入其中,系统时间也被改成了 2004年1月22日.
C:\WINDOWS\system32\fqwyio.exe
C:\WINDOWS\system32\severe.exe
C:\WINDOWS\system32\drivers\conime.exe
这些进程相互监视运行,因此不知道如何删除
实在是没办法了

扫sreng 日志
下载 System Repair Engineer，
http://www.kztechs.com/sreng/download.html
1 解压缩sreng2.zip
2 运行SREng.exe
3 智能扫描=》扫描=》保存报告
4 把日志中的报告完整拷贝贴上来，不要修改
友情提示：
扫描前关闭所有手工打开的软件和窗口，扫描后将日志发上来。但请不要用附件形式贴。
注意在没有进一步提示前，勿要胡乱修复，否则系统可能变的情况更糟。
         
如果发现SREng.exe运行无反应或者不能运行或者扫描出错,你可以将SREng.exe重命名为SREng.com(SREng.scr\SREng.bat\SREng.pif)或者abc.exe运行.

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [Microsoft Corporation]
    <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [Microsoft Corporation]
    <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [Microsoft Corporation]
    <PPHIDPAD><; D:\WINPENJR\win32\pphidpad.exe>  []
    <KAVPersonal50><"D:\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize>  [Kaspersky Lab]
    <MSConfig><; C:\WINDOWS\pchealth\helpctr\binaries\msconf.scr /auto>  []
    <360Safetray><; D:\360safe\safemon\360tray.exe>  [奇虎网]
    <runeip><; C:\Program Files\Rising\AntiSpyware\runiep.exe>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\Windows\system32\userinit.exe,>  [Microsoft Corporation]
    <UIHost><logonui.exe>  [Microsoft Corporation]

==================================
启动文件夹
服务
[Adobe LM Service / Adobe LM Service]
  <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[kavsvc / kavsvc]
  <"D:\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe"><Kaspersky Lab>

==================================
浏览器加载项
[NavigatMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <D:\360safe\safemon\safemon.dll, >
[微软]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.microsoft.com/china/index.htm, N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, N/A>
[CEditCtrl Object]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com>
[163Uploader Control]
  {8686F2A6-DC01-4E8F-BDE3-DCC7DBBAD6AE} <C:\WINDOWS\system32\163UPL~1.OCX, 广州网易互动娱乐有限公司>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[金山毒霸在线产品升级]
  {E847C78C-C210-4195-8799-FBF3BF89797D} <C:\PROGRA~1\KOS\KOSInit.OCX, 金山软件股份有限公司>
[iTrusPTA Class]
  {1E0DFFCF-27FF-4574-849B-55007349FEDA} <C:\WINDOWS\system32\aliedit\pta.dll, >
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\Mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[CEditCtrl Object]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com>
[金山毒霸在线杀毒]
  {577A1997-6FD0-4972-B234-885DA583F9CE} <C:\PROGRA~1\KOS\KOSClean.OCX, 金山软件股份有限公司>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[WangWangObj Class]
  {6E213FC7-DD5A-4115-B7E6-D4C7838C361E} <E:\淘宝网\淘宝旺旺\WangWangX4.dll, 阿里软件（中国）有限公司>
[Active Desktop Mover]
  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[163Uploader Control]
  {8686F2A6-DC01-4E8F-BDE3-DCC7DBBAD6AE} <C:\WINDOWS\system32\163UPL~1.OCX, 广州网易互动娱乐有限公司>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\Mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[NavigatMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <D:\360safe\safemon\safemon.dll, >
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
  {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[金山毒霸在线产品升级]
  {E847C78C-C210-4195-8799-FBF3BF89797D} <C:\PROGRA~1\KOS\KOSInit.OCX, 金山软件股份有限公司>
[上传到QQ网络硬盘]
  <E:\qq\AddToNetDisk.htm, N/A>
[使用影音传送带下载]
  <C:\Program Files\Xi\NetTransport 2\NTAddLink.html, N/A>
[使用影音传送带下载全部链接]
  <C:\Program Files\Xi\NetTransport 2\NTAddList.html, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
  <E:\qq\AddPanel.htm, N/A>
[添加到QQ表情]
  <E:\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <E:\qq\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 452][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 504][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 528][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 572][C:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 584][C:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 728][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 788][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 856][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 912][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 988][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1232][C:\WINDOWS\system32\spoolsv.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\vprproc.dll]  <Windows (R) 2000 DDK provider><5.00.2195.1620>
[PID: 1336][C:\WINDOWS\Explorer.exe]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\fqwyio.dll]  <N/A><N/A>
    [D:\360safe\safemon\safemon.dll]  <><1, 0, 0, 1004>
    [E:\qq\TMDlls\DShared.dll]  <Tencent><1.5.0.0>
    [C:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
    [D:\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll]  <Kaspersky Lab><5.0.388.1>
[PID: 1408][C:\WINDOWS\system32\drivers\conime.exe]  <N/A><N/A>
    [D:\360safe\safemon\safemon.dll]  <><1, 0, 0, 1004>
    [C:\WINDOWS\system32\fqwyio.dll]  <N/A><N/A>
    [E:\qq\TMDlls\DShared.dll]  <Tencent><1.5.0.0>
[PID: 1464][D:\360safe\safemon\360tray.exe]  <奇虎网><1, 0, 1, 1004>
    [C:\WINDOWS\system32\fqwyio.dll]  <N/A><N/A>
    [D:\360safe\safemon\safemon.dll]  <><1, 0, 0, 1004>
    [D:\360safe\safemon\SafeKrnl.dll]  <奇虎网><1, 0, 0, 3001>
    [D:\360safe\AntiAdwa.dll]  <360Safe.com><2, 2, 5, 1000>
    [E:\qq\TMDlls\DShared.dll]  <Tencent><1.5.0.0>
[PID: 1528][C:\WINDOWS\system32\ctfmon.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\fqwyio.dll]  <N/A><N/A>
    [E:\qq\TMDlls\DShared.dll]  <Tencent><1.5.0.0>
[PID: 1548][C:\WINDOWS\system32\fqwyio.exe]  <N/A><N/A>
    [C:\WINDOWS\system32\fqwyio.dll]  <N/A><N/A>
    [E:\qq\TMDlls\DShared.dll]  <Tencent><1.5.0.0>
    [D:\360safe\safemon\safemon.dll]  <><1, 0, 0, 1004>
[PID: 1556][C:\WINDOWS\system32\severe.exe]  <N/A><N/A>
    [C:\WINDOWS\system32\fqwyio.dll]  <N/A><N/A>
    [D:\360safe\safemon\safemon.dll]  <><1, 0, 0, 1004>
    [E:\qq\TMDlls\DShared.dll]  <Tencent><1.5.0.0>
[PID: 1604][D:\写字板\win32\PPHIDPAD.EXE]  <N/A><N/A>
    [C:\WINDOWS\system32\fqwyio.dll]  <N/A><N/A>
    [E:\qq\TMDlls\DShared.dll]  <Tencent><1.5.0.0>
[PID: 1896][C:\WINDOWS\system32\conime.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\WINDOWS\system32\fqwyio.dll]  <N/A><N/A>
    [E:\qq\TMDlls\DShared.dll]  <Tencent><1.5.0.0>
[PID: 2032][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 160][C:\WINDOWS\system32\wdfmgr.exe]  <Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)>
[PID: 1428][E:\TTPLAY\TTPlayer.exe]  <Alen Soft><4, 6, 8, 0>
    [E:\TTPLAY\ttpcomm.dll]  <N/A><N/A>
    [D:\360safe\safemon\safemon.dll]  <><1, 0, 0, 1004>
    [C:\WINDOWS\system32\fqwyio.dll]  <N/A><N/A>
    [E:\TTPLAY\ttpres.dll]  <Alen Soft><4, 6, 8, 0>
    [E:\TTPLAY\AddIn\ttp_asf.dll]  <N/A><N/A>
    [E:\TTPLAY\AddIn\ttp_aac.dll]  <N/A><N/A>
    [E:\TTPLAY\AddIn\ttp_ac3dts.dll]  <N/A><N/A>
    [E:\qq\TMDlls\DShared.dll]  <Tencent><1.5.0.0>
    [E:\TTPLAY\AddIn\ttp_lrcsh.dll]  <N/A><N/A>
[PID: 640][C:\WINDOWS\System32\alg.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 3744][E:\qq\TMDlls\TM.exe]  <腾讯公司><0, 0, 0, 0>
    [E:\qq\TMDlls\BasicCtrlDll.dll]  <Tencent><6, 0, 200, 320>
    [E:\qq\TMDlls\QQHelperDll.dll]  <><1, 0, 0, 1>
    [E:\qq\TMDlls\BaseUIClass.dll]  <><1, 0, 0, 1>
    [E:\qq\TMDlls\BaseCtrlClass.dll]  <><1, 0, 0, 1>
    [E:\qq\TMDlls\QQBaseClassInDll.dll]  <><1, 0, 0, 1>
    [E:\qq\TMDlls\QQZip.dll]  <tencent><0, 3, 2, 4>
    [D:\360safe\safemon\safemon.dll]  <><1, 0, 0, 1004>
    [C:\WINDOWS\system32\fqwyio.dll]  <N/A><N/A>
    [E:\qq\TMDlls\ImageOle.dll]  <TODO: <Company name>><1.0.0.1>
    [E:\qq\TMDlls\QQAPI.dll]  <><1, 0, 0, 1>
    [E:\qq\TMDlls\TIMProxy.dll]  <tencent><0, 3, 2, 4>
    [E:\qq\TMDlls\CQQApplication.dll]  <N/A><N/A>
    [E:\qq\TMDlls\QQRes.dll]  <N/A><N/A>
    [E:\qq\TMDlls\LoginCtrl.dll]  <><1, 0, 0, 1>
    [E:\qq\TMDlls\npkcntc.dll]  <INCA Internet Co., Ltd.><2006, 6, 27, 1>
    [E:\qq\TMDlls\npkpdb.dll]  <INCA Internet Co., Ltd.><2003, 10, 1, 1>
    [E:\qq\TMDlls\HostingMgr.dll]  <><1, 0, 0, 1>
    [E:\qq\TMDlls\WizardCtrl.dll]  <Tencent><1, 0, 0, 1>
    [E:\qq\TMDlls\QQMainFrame.dll]  <TENCENT><1, 0, 0, 1>
    [C:\WINDOWS\system32\msdmo.dll]  <N/A><N/A>
    [E:\qq\TMDlls\NewSkin.dll]  <><1, 0, 0, 1>
    [E:\qq\TMDlls\MailSummary.dll]  <><1, 0, 0, 1>
    [E:\qq\TMDlls\FrameBar.dll]  <><1, 0, 0, 1>
    [E:\qq\TMDlls\QQConfigPlugin.dll]  <><1, 0, 0, 1>
    [E:\qq\TMDlls\CameraDll.dll]  <><1, 0, 0, 1>
    [E:\qq\TMDlls\UserRelationWeight.dll]  <><1, 0, 0, 1>
    [E:\qq\TMDlls\CommercesMng.dll]  <><1, 0, 0, 1>
    [E:\qq\TMDlls\InstantSession.dll]  <><1, 0, 0, 1>
    [E:\qq\TMDlls\MiscCtrl.dll]  <><1, 0, 0, 1>
    [E:\qq\TMDlls\QQSpace.dll]  <><1, 0, 0, 1>
    [E:\qq\TMDlls\CustomFace.dll]  <><1, 0, 0, 1>
    [E:\qq\TMDlls\LongConnection.dll]  <tencent><5, 0, 200, 160>
    [E:\qq\TMDlls\QQGroupMng.dll]  <><1, 0, 0, 1>
    [E:\qq\TMDlls\GroupConnection.dll]  <Tencent><0, 3, 3, 5>
    [E:\qq\TMDlls\QQAddr.dll]  <深圳市腾讯计算机系统有限公司><0, 3, 0, 44>
    [E:\qq\TMDlls\QQFileTransfer.dll]  <Tencent><0, 3, 3, 5>
    [E:\qq\TMDlls\RemoteHelp.dll]  <><1, 0, 0, 1>
    [E:\qq\TMDlls\VqqAllinOne.dll]  <Tencent><1, 5, 0, 1>
    [E:\qq\TMDlls\tencent-proto1.dll]  <Tencent><1.5.0.0>
    [E:\qq\TMDlls\tencent-comlib.dll]  <Tencent><1.5.0.0>
    [E:\qq\TMDlls\tencent-proto2.dll]  <Tencent><1.5.0.0>
    [E:\qq\TMDlls\DShared.dll]  <Tencent><1.5.0.0>
    [E:\qq\TMDlls\InPlus.dll]  <Tencent><1.5.0.0>
    [C:\WINDOWS\system32\UNISPIM.IME]  <北京清华紫光软件股份有限公司><3.0.0.3045>
    [E:\qq\TMDlls\MUserApplication.dll]  <N/A><N/A>
    [E:\qq\TMDlls\QQMMSender.dll]  <N/A><N/A>
    [D:\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrchpg.dll]  <Kaspersky Lab><5.0.1.18>
    [D:\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrch_ag.dll]  <Kaspersky Lab><5.0.388.1>
    [D:\Kaspersky Lab\Kaspersky Anti-Virus Personal\FSSync.dll]  <Kaspersky Lab><5.0.388.0>
    [D:\Kaspersky Lab\Kaspersky Anti-Virus Personal\pr_rmt.dll]  <Kaspersky Lab><5.0.388.0>
    [D:\Kaspersky Lab\Kaspersky Anti-Virus Personal\ccclient.dll]  <Kaspersky Lab><5.0.388.1>
    [D:\Kaspersky Lab\Kaspersky Anti-Virus Personal\klipc.dll]  <Kaspersky Lab><5.0.388.0>
    [D:\Kaspersky Lab\Kaspersky Anti-Virus Personal\KLUtil.dll]  <Kaspersky Lab><5.0.388.1>
    [D:\Kaspersky Lab\Kaspersky Anti-Virus Personal\rpt.dll]  <Kaspersky Lab><5.0.388.2>
    [D:\Kaspersky Lab\Kaspersky Anti-Virus Personal\CCIFACE.dll]  <Kaspersky Lab><5.0.388.1>
    [D:\Kaspersky Lab\Kaspersky Anti-Virus Personal\prloader.dll]  <Kaspersky Lab><5.0.388.0>
    [D:\Kaspersky Lab\Kaspersky Anti-Virus Personal\prkernel.ppl]  <Kaspersky Lab><5.0.388.0>
    [d:\kaspersky lab\kaspersky anti-virus personal\prstring.ppl]  <Kaspersky Lab><5.0.388.0>
    [d:\kaspersky lab\kaspersky anti-virus personal\pr_srv.ppl]  <Kaspersky Lab><5.0.388.0>
    [d:\kaspersky lab\kaspersky anti-virus personal\pr_clnt.ppl]  <Kaspersky Lab><5.0.388.0>
    [C:\Documents and Settings\new\桌面\SREn.scr]  <Smallfrogs Studio><2.0.21.505>
    [D:\360safe\safemon\safemon.dll]  <><1, 0, 0, 1004>
    [E:\qq\TMDlls\DShared.dll]  <Tencent><1.5.0.0>
    [C:\WINDOWS\system32\fqwyio.dll]  <N/A><N/A>

==================================
文件关联
.TXT  Error. [Notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

http://202.38.64.10/~jfpan/download/IceSword120_cn.zip
下载icesword 解压后打开icesword.exe
找到上面菜单栏 文件 设置 把禁止进线程创建的钩挑上 确定 然后切换到 查看－进程列表中找到如下进程C:\WINDOWS\system32\fqwyio.exe
C:\WINDOWS\system32\severe.exe
C:\WINDOWS\system32\drivers\conime.exe
右键单击 结束进程
然后找到左下角的 文件 按钮 找到C:\WINDOWS\system32\fqwyio.exe
C:\WINDOWS\system32\severe.exe
C:\WINDOWS\system32\drivers\conime.exe
右键单击 删除
找到C:\WINDOWS\system32\fqwyio.dll右键单击 强制删除