Trojan.PSW.QQGame.l
清除成功
2006-07-31 15:43
手动扫描 services.exe>>C:\WINDOWS\system32\services.exe

病毒清除了，但是系统却极不正常，诸多后遗症
1。设备管理器一片空白
2。我的电脑每次小手电筒都要扫十几秒种才出来文件
3。声卡不能用了
4。USB盘也几乎不能用了
5。IE地址栏输入地址后回车没反应（MAXTHOR正常）
6。网络连接一片空白
7。USB打印机无法正常使用
8。压缩文件打开巨慢


从services.exe感染怀疑到“PLUG AND PLAY”服务出现问题，
查看系统服务，发现“PLUG AND PLAY”服务根本不在列表中，

得好心人指点：
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PlugPlay]
"Description"="使计算机在极少或没有用户输入的情况下能识别并适应硬件的更改。终止或禁用此服务会造成系统不稳定。"
"DisplayName"="Plug and Play"
"ErrorControl"=dword:00000001
"Group"="PlugPlay"
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,2e,00,65,00,78,00,65,00,00,00
"ObjectName"="LocalSystem"
"PlugPlayServiceType"=dword:00000003
"Start"=dword:00000002
"Type"=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PlugPlay\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\
23,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\
02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00


将上面红色的代码全部复制到记事本再将保存扩展名为“*.reg”的文件名，再找到它双击它即可。

另外不得不说得是，瑞星的专家门诊真是形同虚设，
从没一次能帮我解决过问题
除了告诉我升级病毒库就是修复系统，我要能修复还要问他做什么

电话热线倒是很诚恳，说是上报给我回复，倒现在还不是没音信，
那些工程师实在指望不过来

拜托  大哥看不懂啊

打开记事本，粘贴下面的内容
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PlugPlay]
"Description"="使计算机在极少或没有用户输入的情况下能识别并适应硬件的更改。终止或禁用此服务会造成系统不稳定。"
"DisplayName"="Plug and Play"
"ErrorControl"=dword:00000001
"Group"="PlugPlay"
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,65,00,72,00,76,00,69,00,63,00,65,00,73,00,2e,00,65,00,78,00,65,00,00,00
"ObjectName"="LocalSystem"
"PlugPlayServiceType"=dword:00000003
"Start"=dword:00000002
"Type"=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PlugPlay\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,\
23,02,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\
02,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
存盘退出，将文件名改为killvirus.reg
然后双击这个文件，点yes
重启系统

我部机中左qq的“电子玫瑰”病毒，我升级左瑞星，杀左毒，但是登陆qq时成日都话服务器超时，吾知点算啊。请各位帮下忙拉！吾该晒！

我部机中左qq的“电子玫瑰”病毒，我升级左瑞星，杀左毒，但是登陆qq时成日都话服务器超时，吾知点算啊。请帮下忙拉！吾该晒！

谢谢楼主的方法，已经试过了，系统恢复正常了，也有声音了，再次感谢！

不行啊大哥  还是不行  还是没有声音  拜托  还有没有别的方法啊  有的话QQ留言  我等你

你有没有把病毒杀掉啊，就是c:\windows\system32\mswdm.exe有没有清除掉?