[PID: 3748][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\cdnns.dll]  [CNNIC, 2, 0, 0, 0]
    [C:\PROGRA~1\baidu\bar\baidubar.dll]  [Baidu.com, Inc., 2, 0, 2, 124]
    [c:\program files\google\googletoolbar2.dll]  [Google Inc., 4, 0, 1601, 4978]
    [C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_016.dll]  [Thunder Networking Technologies,LTD, 6, 0, 0, 5]
    [E:\迅雷\ComDlls\XunLeiBHO_007.dll]  [Thunder Networking Technologies,LTD, 5, 0, 1, 4]
    [C:\PROGRA~1\CNNIC\Cdn\cdndrag.dll]  [CNNIC, 1.0.0.7]
    [C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 9]
    [C:\PROGRA~1\CNNIC\Cdn\cdnuplib.dll]  [CNNIC, 2, 5, 0, 11]
    [C:\WINDOWS\system\PDFAid.dll]  [adobe system, 1.0.0.1]
    [C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll]  [CNNIC, 1, 1, 0, 0]
[PID: 3340][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [CNNIC, 2, 2, 0, 1]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 9]
    [C:\Program Files\CNNIC\Cdn\cdnuplib.dll]  [CNNIC, 2, 5, 0, 11]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [CNNIC, 2, 5, 0, 0]
    [c:\program files\google\googletoolbar2.dll]  [Google Inc., 4, 0, 1601, 4978]
    [C:\PROGRA~1\baidu\bar\baidubar.dll]  [Baidu.com, Inc., 2, 0, 2, 124]
    [E:\迅雷\ComDlls\XunLeiBHO_007.dll]  [Thunder Networking Technologies,LTD, 5, 0, 1, 4]
    [C:\PROGRA~1\CNNIC\Cdn\cdndrag.dll]  [CNNIC, 1.0.0.7]
    [C:\WINDOWS\system\PDFAid.dll]  [adobe system, 1.0.0.1]
    [C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll]  [CNNIC, 1, 1, 0, 0]
    [C:\WINDOWS\system32\cdnns.dll]  [CNNIC, 2, 0, 0, 0]
    [C:\WINDOWS\system32\Gjzos.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\Myros.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\Msxos.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\Kav26.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\LgSyl.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\LgSym.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\LgSyzr.dll]  [N/A, N/A]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\WINDOWS\system32\JPWB.IME]  [常诚研制, 4.00.950]
[PID: 816][C:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system\WINS0C~1.DLL]  [mcsoft, 1, 0, 0, 0]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [CNNIC, 2, 2, 0, 1]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 9]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [CNNIC, 2, 5, 0, 0]
[PID: 5052][E:\m\魔卡少女樱\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]
    [C:\Program Files\CNNIC\Cdn\imaoe.dll]  [CNNIC, 2, 2, 0, 1]
    [C:\Program Files\CNNIC\Cdn\cdnforie.dll]  [CNNIC, 2, 1, 0, 9]
    [C:\Program Files\CNNIC\Cdn\cdndet.dll]  [CNNIC, 2, 5, 0, 0]
    [C:\WINDOWS\system32\Gjzos.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\Myros.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\Msxos.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\Kav26.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\LgSyl.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\LgSym.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\LgSyzr.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\cdnns.dll]  [CNNIC, 2, 0, 0, 0]

==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  Error. ["C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1"]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
N/A

==================================


[/CODE]

每次瑞星杀完了过一断时间又会出现病毒,反正现在开机要十几分钟,又不知道它在等什么

Trojan.PSW.ZhengTu.afq
Trojan.PSW.ZhengTu.afq
Trojan.PSW.XYOnline.lg
Trojan.PSW.WoWar.wu
Trojan.PSW.JHOnline.fbd
Trojan.PSW.XYOnline.lg
Trojan.PSW.WLOnline.eg
Trojan.PSW.YBOnline.at
Trojan.PSW.WLOnline.eg
Trojan.PSW.YBOnline.at
Trojan.PSW.XYOnline.lg
Trojan.Tiny.d
Trojan.Tiny.d
Dropper.Agent.fij
Trojan.DL.Agent.blq
Dropper.Agent.fij
Trojan.DL.Agent.blq
Trojan.DL.Agent.bsd
Trojan.Agent.zwu
Trojan.PSW.LMir.lxq
Trojan.PSW.LMir.lxq
Dropper.Agent.fij
Trojan.DL.Agent.blq
Trojan.DL.Agent.bsd
Trojan.Agent.zwu
Trojan.DL.Agent.htu
Trojan.PSW.LMir.lxq
Trojan.PSW.LMir.lxq
Trojan.PSW.LMir.lxq
瑞星杳到的

手工删除：

一个名字为LoadHW.exe的可执行程序调用了这个dll文件 然后自行终止 并把msitinit.dll加载到explorer.exe中运行，所以江民没有删掉病毒，重启后还存在。运行regedit，找到HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce 删除它，再找到HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Npf，删除它，trojan.psw病毒测试删除

RUNONCE下什么都没啊

NPF里的文件都删吗?不懂呀

贴出来

我已经贴出来了呀,是不是我贴的不对呀,我是照着别的贴子里的方法贴的呀

运行Sreng 删除注册表
9zgyi16q><C:\WINDOWS\iexp1ore.exe> [N/A]
<8ihxr5rm9><C:\WINDOWS\iexpl0re.exe> [N/A]
<u7mktvlme><C:\WINDOWS\winlog0n.exe> [N/A]
<xrl807r0y><C:\WINDOWS\svch0st.exe> [N/A]
<0dy5b59hh><C:\WINDOWS\crasos.exe> [N/A]
<h1><C:\WINDOWS\rundl132.exe> [N/A]
<2er3x24mwxdgdql><C:\WINDOWS\c0nime.exe> [N/A]
stup.exe><; C:\PROGRA~1\TENCENT\Adplus\stup.exe> [N/A]
<task32.exe><; C:\WINDOWS\system32\task32.exe> [N/A]
<WinampAgent><; C:\Program Files\Winamp\winampa.exe> [N/A]
<wpsautoupdate><; C:\Program Files\Kingsoft\WPS Office 2005 PersonalTrial\Office6\wpsupdate.exe InstallAfterReStart> [N/A]
<yassistse><; "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"> [N/A]
<YLive.exe><; C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<twin><C:\WINDOWS\system32\twunk32.exe> [N/A]

用超级兔子清除流氓件..
再扫一份日志来吧...
太多了流氓软件...

哪有超级兔子