瑞星卡卡安全论坛

手动，冰刃，木马清道夫，木马克星，瑞星。都不能删除` 每次重起 都会出现，麻烦高人指点怎么删除

进程中还有 ntfis.exe 这个进程

C:\WINDOWS\dataacess.dll 瑞星提示 这个病毒~ 反复杀了 好多次还是有

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [Microsoft Corporation]
    <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [Microsoft Corporation]
    <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [Microsoft Corporation]
    <NvCplDaemon><; RUNDLL32.EXE NvQTwk,NvCplDaemon initialize>  [N/A]
    <nwiz><; nwiz.exe /install>  [NVIDIA Corporation]
    <SoundMan><SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]
    <TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [N/A]
    <Logitech Utility><; Logi_MwX.Exe>  [Logitech Inc.]
    <rfw><; C:\Program Files\rising\rfw\Rfw.EXE>  [N/A]
    <flmpcLiveUp><; C:\Program Files\flmpc\MpcLiveUp.exe>  [风雷工作室]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <IMSCMig><; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
    <KernelFaultCheck><; %systemroot%\system32\dumprep 0 -k>  [N/A]
    <Windows木马防火墙><C:\ftc\Trojanwall.exe>  [风云谷]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [Microsoft Corporation]

服务
[Alerter / Alerter][Stopped/Disabled]
  <C:\WINDOWS\system32\svchost.exe -k LocalService-->%SystemRoot%\system32\alrsvc.dll><Microsoft Corporation>
[Application Layer Gateway Service / ALG][Running/Manual Start]
  <C:\WINDOWS\System32\alg.exe><Microsoft Corporation>
[Application Management / AppMgmt][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><Microsoft Corporation>
[Windows Audio / AudioSrv][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\audiosrv.dll><Microsoft Corporation>
[Background Intelligent Transfer Service / BITS][Running/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\qmgr.dll><Microsoft Corporation>
[Computer Browser / Browser][Stopped/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\browser.dll><Microsoft Corporation>
[CE5A60E4 / CE5A60E4][Stopped/Auto Start]
  <C:\WINDOWS\system32\CE5A60E4.EXE -service><N/A>
[Indexing Service / CiSvc][Stopped/Manual Start]
  <C:\WINDOWS\system32\cisvc.exe><Microsoft Corporation>
[ClipBook / ClipSrv][Stopped/Disabled]
  <C:\WINDOWS\system32\clipsrv.exe><Microsoft Corporation>
[COM+ System Application / COMSysApp][Stopped/Manual Start]
  <C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}><Microsoft Corporation>
[Cryptographic Services / CryptSvc][Running/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\cryptsvc.dll><Microsoft Corporation>
[DCOM Server Process Launcher / DcomLaunch][Running/Auto Start]
  <C:\WINDOWS\system32\svchost -k DcomLaunch-->%SystemRoot%\system32\rpcss.dll><Microsoft Corporation>
[DHCP Client / Dhcp][Running/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\dhcpcsvc.dll><Microsoft Corporation>
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
  <C:\WINDOWS\System32\dmadmin.exe /com><Microsoft Corp., Veritas Software>
[Logical Disk Manager / dmserver][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\dmserver.dll><Microsoft Corp.>
[DNS Client / Dnscache][Running/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k NetworkService-->%SystemRoot%\System32\dnsrslvr.dll><Microsoft Corporation>
[Event Log / Eventlog][Running/Auto Start]
  <C:\WINDOWS\system32\services.exe><Microsoft Corporation>
[COM+ Event System / EventSystem][Running/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\es.dll><Microsoft Corporation>
[Fast User Switching Compatibility / FastUserSwitchingCompatibility][Running/Manual Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\shsvcs.dll><Microsoft Corporation>
[File Replication / File Replication][Running/Auto Start]
  <C:\WINDOWS\system32\ntfis.exe><Microsoft Corporation>
[Help and Support / helpsvc][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><Microsoft Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[HTTP SSL / HTTPFilter][Stopped/Manual Start]
  <C:\WINDOWS\System32\svchost.exe -k HTTPFilter-->%SystemRoot%\System32\w3ssl.dll><Microsoft Corporation>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
  <"C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"><Macrovision Corporation>
[IMAPI CD-Burning COM Service / ImapiService][Stopped/Manual Start]
  <C:\WINDOWS\system32\imapi.exe><N/A>
[jsefusf / jsefusf][Stopped/Auto Start]
  <C:\WINDOWS\system32\jsefusf.exe -service><N/A>
[Server / lanmanserver][Running/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\srvsvc.dll><Microsoft Corporation>

[Workstation / lanmanworkstation][Running/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\wkssvc.dll><Microsoft Corporation>
[TCP/IP NetBIOS Helper / LmHosts][Running/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k LocalService-->%SystemRoot%\System32\lmhsvc.dll><Microsoft Corporation>
[Messenger / Messenger][Stopped/Disabled]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\msgsvc.dll><Microsoft Corporation>
[NetMeeting Remote Desktop Sharing / mnmsrvc][Stopped/Manual Start]
  <C:\WINDOWS\system32\mnmsrvc.exe><Microsoft Corporation>
[Distributed Transaction Coordinator / MSDTC][Stopped/Manual Start]
  <C:\WINDOWS\system32\msdtc.exe><Microsoft Corporation>
[Windows Installer / MSIServer][Stopped/Manual Start]
  <C:\WINDOWS\system32\msiexec.exe /V><Microsoft Corporation>
[Network DDE / NetDDE][Stopped/Disabled]
  <C:\WINDOWS\system32\netdde.exe><Microsoft Corporation>
[Network DDE DSDM / NetDDEdsdm][Stopped/Disabled]
  <C:\WINDOWS\system32\netdde.exe><Microsoft Corporation>
[Net Logon / Netlogon][Stopped/Manual Start]
  <C:\WINDOWS\system32\lsass.exe><Microsoft Corporation>
[Network Connections / Netman][Running/Manual Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\netman.dll><Microsoft Corporation>
[Network Location Awareness (NLA) / Nla][Running/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\mswsock.dll><Microsoft Corporation>
[NT LM Security Support Provider / NtLmSsp][Stopped/Manual Start]
  <C:\WINDOWS\system32\lsass.exe><Microsoft Corporation>
[Removable Storage / NtmsSvc][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\system32\ntmssvc.dll><Microsoft Corporation>
[NVIDIA Driver Helper Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Std pamv Service / pamv][Stopped/Auto Start]
  <C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\COMMON~1\hven\ufrx.dll,Service -s><Microsoft Corporation>
[PERSUYER Server / PERSUYER Server][Stopped/Auto Start]
  <C:\WINDOWS\PERSUYER Server.exe><N/A>
[Plug and Play / PlugPlay][Running/Auto Start]
  <C:\WINDOWS\system32\services.exe><Microsoft Corporation>
[IPSEC Services / PolicyAgent][Running/Auto Start]
  <C:\WINDOWS\system32\lsass.exe><Microsoft Corporation>
[Protected Storage / ProtectedStorage][Running/Auto Start]
  <C:\WINDOWS\system32\lsass.exe><Microsoft Corporation>
[Remote Access Auto Connection Manager / RasAuto][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\rasauto.dll><Microsoft Corporation>
[Remote Access Connection Manager / RasMan][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\rasmans.dll><Microsoft Corporation>
[Remote Desktop Help Session Manager / RDSessMgr][Stopped/Manual Start]
  <C:\WINDOWS\system32\sessmgr.exe><Microsoft Corporation>
[Routing and Remote Access / RemoteAccess][Stopped/Disabled]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\mprdim.dll><Microsoft Corporation>
[Remote Registry / RemoteRegistry][Running/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k LocalService-->%SystemRoot%\system32\regsvc.dll><Microsoft Corporation>
[Remote Procedure Call (RPC) Locator / RpcLocator][Stopped/Manual Start]
  <C:\WINDOWS\system32\locator.exe><Microsoft Corporation>
[Remote Procedure Call (RPC) / RpcSs][Running/Auto Start]
  <C:\WINDOWS\system32\svchost -k rpcss-->%SystemRoot%\system32\rpcss.dll><Microsoft Corporation>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[QoS RSVP / RSVP][Stopped/Manual Start]
  <C:\WINDOWS\system32\rsvp.exe><Microsoft Corporation>
[Security Accounts Manager / SamSs][Running/Auto Start]
  <C:\WINDOWS\system32\lsass.exe><Microsoft Corporation>
[Smart Card / SCardSvr][Stopped/Manual Start]
  <C:\WINDOWS\System32\SCardSvr.exe><Microsoft Corporation>
[Task Scheduler / Schedule][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\system32\schedsvc.dll><Microsoft Corporation>
[Secondary Logon / seclogon][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\seclogon.dll><Microsoft Corporation>
[System Event Notification / SENS][Running/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\system32\sens.dll><Microsoft Corporation>
[Windows Firewall/Internet Connection Sharing (ICS) / SharedAccess][Running/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\ipnathlp.dll><Microsoft Corporation>
[Shell Hardware Detection / ShellHWDetection][Running/Auto Start]

<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\shsvcs.dll><Microsoft Corporation>
[Print Spooler / Spooler][Running/Auto Start]
  <C:\WINDOWS\system32\spoolsv.exe><Microsoft Corporation>
[System Restore Service / srservice][Stopped/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\srsvc.dll><Microsoft Corporation>
[SSDP Discovery Service / SSDPSRV][Running/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k LocalService-->%SystemRoot%\System32\ssdpsrv.dll><Microsoft Corporation>
[Windows Image Acquisition (WIA) / stisvc][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k imgsvc-->%SystemRoot%\system32\wiaservc.dll><Microsoft Corporation>
[MS Software Shadow Copy Provider / SwPrv][Stopped/Manual Start]
  <C:\WINDOWS\system32\dllhost.exe /Processid:{8721A080-6AE2-4A89-81D2-8DB022C273C5}><Microsoft Corporation>
[Performance Logs and Alerts / SysmonLog][Stopped/Manual Start]
  <C:\WINDOWS\system32\smlogsvc.exe><Microsoft Corporation>
[Telephony / TapiSrv][Stopped/Manual Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\tapisrv.dll><Microsoft Corporation>
[Terminal Services / TermService][Running/Manual Start]
  <C:\WINDOWS\System32\svchost -k DComLaunch-->%SystemRoot%\System32\termsrv.dll><Microsoft Corporation>
[Themes / Themes][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\shsvcs.dll><Microsoft Corporation>
[Telnet / TlntSvr][Stopped/Disabled]
  <C:\WINDOWS\system32\tlntsvr.exe><Microsoft Corporation>
[Distributed Link Tracking Client / TrkWks][Running/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\system32\trkwks.dll><Microsoft Corporation>
[Windows User Mode Driver Framework / UMWdf][Running/Auto Start]
  <C:\WINDOWS\system32\wdfmgr.exe><Microsoft Corporation>
[Universal Plug and Play Device Host / upnphost][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k LocalService-->%SystemRoot%\System32\upnphost.dll><Microsoft Corporation>
[Uninterruptible Power Supply / UPS][Stopped/Manual Start]
  <C:\WINDOWS\System32\ups.exe><Microsoft Corporation>
[User Privilege Service / usprserv][Stopped/Manual Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs><Microsoft Corporation>
[Vsn vjvb Service / vjvb][Stopped/Auto Start]
  <C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\COMMON~1\bpyh\iwfo.dll,Service><Microsoft Corporation>
[Volume Shadow Copy / VSS][Stopped/Manual Start]
  <C:\WINDOWS\System32\vssvc.exe><Microsoft Corporation>
[Windows Time / W32Time][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\w32time.dll><Microsoft Corporation>
[WebClient / WebClient][Running/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k LocalService-->%SystemRoot%\System32\webclnt.dll><Microsoft Corporation>
[Windows Management Instrumentation / winmgmt][Running/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\system32\wbem\WMIsvc.dll><Microsoft Corporation>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\MsPMSNSv.dll><Microsoft Corporation>
[Windows Management Instrumentation Driver Extensions / Wmi][Stopped/Manual Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\advapi32.dll><Microsoft Corporation>
[WMI Performance Adapter / WmiApSrv][Stopped/Manual Start]
  <C:\WINDOWS\system32\wbem\wmiapsrv.exe><Microsoft Corporation>
[Security Center / wscsvc][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SYSTEMROOT%\system32\wscsvc.dll><Microsoft Corporation>
[Automatic Updates / wuauserv][Running/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\wuauserv.dll><Microsoft Corporation>
[Wireless Zero Configuration / WZCSVC][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\wzcsvc.dll><Microsoft Corporation>
[Network Provisioning Service / xmlprov][Stopped/Manual Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\xmlprov.dll><Microsoft Corporation>

浏览器加载项
[QQCycloneHelper Class]
  {00000000-12C9-4305-82F9-43058F20E8D2} <, N/A>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <F:\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\qq2004\QQ.EXE, TENCENT>
[FlashGet]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\flashget.exe, Amaze Soft>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[ClientATXCtrl Control]
  {1E15B1A7-95CA-4377-B893-697CD95951AE} <C:\WINDOWS\DOWNLO~1\CLIENT~1.OCX, Wayi>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[Rising Web Scan Object]
  {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[QQCycloneHelper Class]
  {00000000-12C9-4305-82F9-43058F20E8D2} <, N/A>
[ClientATXCtrl Control]
  {1E15B1A7-95CA-4377-B893-697CD95951AE} <C:\WINDOWS\DOWNLO~1\CLIENT~1.OCX, Wayi>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\Mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[IETag Factory]
  {38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, Microsoft Corporation>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[IETimeBehaviorFactory Class]
  {A4639D29-774E-11D3-A490-00C04F6843FB} <C:\PROGRA~1\COMMON~1\MICROS~1\MSORUN\MSORUN.DLL, Microsoft Corporation>
[IEAnimBehaviorFactory Class]
  {A4639D2F-774E-11D3-A490-00C04F6843FB} <C:\PROGRA~1\COMMON~1\MICROS~1\MSORUN\MSORUN.DLL, Microsoft Corporation>

Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\Mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[&使用超级旋风下载]
  <C:\Program Files\Tencent\QQDownload\geturl.htm, N/A>
[&使用超级旋风下载全部链接]
  <C:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>
[上传到QQ网络硬盘]
  <D:\qq2004\AddToNetDisk.htm, N/A>
[使用网际快车下载]
  <C:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <C:\Program Files\FlashGet\jc_all.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://F:\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
  <D:\qq2004\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\qq2004\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\qq2004\SendMMS.htm, N/A>

正在运行的进程
[PID: 440][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 512][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\ftc\Filehook.dll]  [Fygsoft and Microsoft, 2.0.0.0]
    [C:\ftc\SocketMon.dll]  [Fygsoft and Microsoft, 1.1.1.0]
[PID: 536][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\ftc\Filehook.dll]  [Fygsoft and Microsoft, 2.0.0.0]
    [C:\ftc\SocketMon.dll]  [Fygsoft and Microsoft, 1.1.1.0]
[PID: 580][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\ftc\Filehook.dll]  [Fygsoft and Microsoft, 2.0.0.0]
    [C:\ftc\SocketMon.dll]  [Fygsoft and Microsoft, 1.1.1.0]
[PID: 592][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\ftc\Filehook.dll]  [Fygsoft and Microsoft, 2.0.0.0]
    [C:\ftc\SocketMon.dll]  [Fygsoft and Microsoft, 1.1.1.0]
[PID: 740][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\ftc\Filehook.dll]  [Fygsoft and Microsoft, 2.0.0.0]
    [C:\ftc\SocketMon.dll]  [Fygsoft and Microsoft, 1.1.1.0]
[PID: 800][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\ftc\Filehook.dll]  [Fygsoft and Microsoft, 2.0.0.0]
    [C:\ftc\SocketMon.dll]  [Fygsoft and Microsoft, 1.1.1.0]
[PID: 868][C:\Program Files\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
    [C:\ftc\Filehook.dll]  [Fygsoft and Microsoft, 2.0.0.0]
    [C:\ftc\SocketMon.dll]  [Fygsoft and Microsoft, 1.1.1.0]
[PID: 884][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\ftc\Filehook.dll]  [Fygsoft and Microsoft, 2.0.0.0]
    [C:\ftc\SocketMon.dll]  [Fygsoft and Microsoft, 1.1.1.0]
[PID: 936][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\ftc\Filehook.dll]  [Fygsoft and Microsoft, 2.0.0.0]
    [C:\ftc\SocketMon.dll]  [Fygsoft and Microsoft, 1.1.1.0]
[PID: 1012][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\ftc\Filehook.dll]  [Fygsoft and Microsoft, 2.0.0.0]
    [C:\ftc\SocketMon.dll]  [Fygsoft and Microsoft, 1.1.1.0]

楼主可以尝试下在安全模式下删除imapi.exe ntfis.exe C:\WINDOWS\Prefetch下可能有imapi.* ntfis.*也一并删除,应该还有个imapi.sys找到也删(显示所有文件)。不行的话。把 ntfis. dataacess这二个禁止它启动

试过了 不行的

那是还有其他进程控制注册表里的那些项。你当初要在电脑正常时扫日志备份多好，就可以对照一下了。
记住了哦，这次搞正常了以后赶快备份一个日志哦。

引用:

【飘雪的季节的贴子】进程中还有 ntfis.exe 这个进程 ………………

请将imapi和ntfis发到我的邮箱：baohelin@yahoo.com.cn
打包，加密（密码：123）后再发。
帮你看看怎么杀。

会不会是Chouying蠕虫的新变种啊?

那两个东西删掉了~ 但是出现了： windows\system32\kmsfwh14.dll
windows\system32\Macromed\Flash\Flash9b.ocx
windows\system32\IMSC40A.IME 
windows\system32\driver\loxf_a.sys
就最后一个东西windows\system32\driver\loxf_a.sys  每次开机的时候 都说添加错误~