删除注册表：
wosa><C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\woso.exe> []
<ztsa><C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\ztso.exe> []
<mhsa><C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\mhso.exe> []
<fysa><C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\fyso.exe> []
<jtsa><C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\jtso.exe> []
<wlsa><C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\wlso.exe> []
<wgsa><C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\wgso.exe> []
<wmsa><C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\wmso.exe> []
<qjsa><C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\qjso.exe> []
<rxsa><C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\rxso.exe> []
<wdsa><C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\wdso.exe> []
<tlsa><C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\tlso.exe> []
<dasa><C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\daso.exe> []
删除文件：
[C:\WINDOWS\system32\TcpIpDog1.dll] [N/A, ]
[C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\daso0.dll] [N/A, ]
[C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\tlso0.dll] [N/A, ]
[C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\wdso0.dll] [N/A, ]
[C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\rxso0.dll] [N/A, ]
[C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\qjso0.dll] [N/A, ]
[C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\wmso0.dll] [N/A, ]
[C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\wgso0.dll] [N/A, ]
[C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\wlso0.dll] [N/A, ]
[C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\jtso0.dll] [N/A, ]
[C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\fyso0.dll] [N/A, ]
[C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\mhso0.dll] [N/A, ]
[C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\ztso0.dll] [N/A, ]
[C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\woso0.dll] [N/A, ]

清空临时文件夹。删后观察。
PS：江民+瑞星？？

C:\WINDOWS\system32\TcpIpDog1.dll
这个文件好像是宽带网客户端的应用程序扩展……不知道能删否……望高人解答。

【回复“shancat”的帖子】

建议用IceSword手工杀毒。
1、禁止进程创建。
2、结束下列被病毒模块插入的进程：
[PID: 1828][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 312][D:\Program Files\Rising\Rfw\RfwMain.exe] [Beijing Rising Technology Co., Ltd., 5, 0, 0, 72]
[PID: 612][d:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe] [Thunder Networking Technologies,LTD, 5, 6, 1, 292]
[PID: 3200][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3704][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3380][C:\WINDOWS\msagent\AgentSvr.exe] [Microsoft Corporation, 2.00.0.3424]
[PID: 4088][C:\Program Files\WinRAR\WinRAR.exe] [N/A, ]
[PID: 2780][C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\Rar$EX02.422\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]
3、删除下列病毒文件：
C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\woso.exe
C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\ztso.exe
C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\mhso.exe
C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\fyso.exe
C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\jtso.exe
C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\wlso.exe
C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\wgso.exe
C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\wmso.exe
C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\qjso.exe
C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\rxso.exe
C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\wdso.exe
C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\tlso.exe
C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\daso.exe
C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\daso0.dll
C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\tlso0.dll
C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\wdso0.dll
C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\rxso0.dll
C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\qjso0.dll
C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\wmso0.dll
C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\wgso0.dll
C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\wlso0.dll
C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\jtso0.dll
C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\fyso0.dll
C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\mhso0.dll
C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\ztso0.dll
C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\woso0.dll

4、取消IceSword的“禁止进程创建。
5、按Ctrl_Alt_Del，调出任务管理器。点击“文件”、“新建任务”，键入explorer.exe，按回车。
6、运行SRENG，删除下列启动项：
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<wosa><C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\woso.exe> []
<ztsa><C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\ztso.exe> []
<mhsa><C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\mhso.exe> []
<fysa><C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\fyso.exe> []
<jtsa><C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\jtso.exe> []
<wlsa><C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\wlso.exe> []
<wgsa><C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\wgso.exe> []
<wmsa><C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\wmso.exe> []
<qjsa><C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\qjso.exe> []
<rxsa><C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\rxso.exe> []
<wdsa><C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\wdso.exe> []
<tlsa><C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\tlso.exe> []
<dasa><C:\DOCUME~1\GAOSHA~1\LOCALS~1\Temp\daso.exe> []

引用:

【残破的翅膀的贴子】C:\WINDOWS\system32\TcpIpDog1.dll 这个文件好像是宽带网客户端的应用程序扩展……不知道能删否……望高人解答。 ………………

认识的就不用删。。。

江民是以前装的，没卸干净……
顺便问一下，怎么才能卸干净江民阿？
那个，以上的几位哥哥，是同一个人，还是几个人呢？（有两个鼬的头像，看上去好像是马甲……）我是听一个人的还是全听呢？

p.s.:大哥，晓组织那群叛忍里我唯一喜欢的就是鼬了~~~~

都听，

按照版主猫猫的做吧。

很容易的。

我按版主说的做了，可是竟然还不行……
好像是重启之后删除的一些文件又生成了，而且发现一个新状况，只要一打开文件或执行程序，监控就会禁用。不过，打开硬盘和文件夹的时候没有状况，再继续打开具体文件时就不行了。
唉，无奈了……
能在想想办法么？
叩谢！！！

我按版主说的做了，可是竟然还不行……
好像是重启之后删除的一些文件又生成了，而且发现一个新状况，只要一打开文件或执行程序，监控就会禁用。不过，打开硬盘和文件夹的时候没有状况，再继续打开具体文件时就不行了。
唉，无奈了……
能在想想办法么？
叩谢！！！

那你再自己扫一份日志，对比着看看~~

今天问题终于解决了！！！
谢谢各位！！！
太谢谢了~~~~~