重装下ie行不行咯

运行(双击)SRENG2，点“启动项目，服务，点“驱动程序”
勾选“隐藏微软服务”选中病毒服务
shivm
ugec
，选择“删除服务”
点“设置”选择“否”
重启按F８进入安全模式下
显示隐藏文件
删除：       
\SystemRoot\System32\DRIVERS\shivmc.sys
SystemRoot\System32\DRIVERS\ugecu.sys

大虾果然还是有的...感谢楼上鬼兄

不过要修改一下处理方式

去下一个金山清理专家吧，等下有用。

首先这两个文件就是病毒文件，和我原来想的一样，不过我原来用autoruns禁掉过这两个驱动，结果重启后蓝屏，懒了一下没有去安全模式删文件就将子滴后果。。。

那两个文件基本在安全模式下也是删不了的，因为是和explorer一起启动的，而且正常关机的时候貌似为重新回复

所以我的处理方式是，用autoruns删了两上服务，然后直接按reset重启电脑...是有点过份，不过没办法，这是不让关机过程重新中毒的一个好方法，除非你强行结束explorer进程-.-!

然后按F8进去安全模式...很慢，没办法...去小个便吃个泡面吧

安全模式下直接删两个文件也是删不掉滴，所以现在用上金山清理专家了，说实话这软件一般，但有个不错的功能：传说中的“文件粉碎机”！OK，直接把那两个文件粉碎了，灰飞烟灭了，再想复活就难啦。

现在去掉桌面上的IE快捷方式和快速驱动栏里的IE快捷方式后面那个小尾巴吧，重启电脑~~

一切恢复正常~~HOHO

这里再BS一下做这个恶意程序的家伙，没事找抽么

正常重启电脑，OK~

我的也是，但网站不同www.haol23.net/?a05，病毒文件也不同，请问那个是病毒？
[CODE]

2007-06-12,16:40:35

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <ccApp><; "C:\Program Files\Common Files\Symantec Shared\ccApp.exe">  [(Verified)Symantec Corporation]
    <vptray><; C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe>  [(Verified)Symantec Corporation]
    <WebThunder><; "C:\Program Files\Thunder Network\WebThunder\WebThunder.exe">  [(Verified)ShenZhen Thunder Networking Technologies Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <zchpjd><%systemroot%\system32\Rundll32.exe %systemroot%\system32\zchpjd.dll,DllUnregisterServer>  []
    <xynxmy><%systemroot%\system32\Rundll32.exe %systemroot%\system32\xynxmy.dll,DllUnregisterServer>  []
    <wzocob><%systemroot%\system32\Rundll32.exe %systemroot%\system32\wzocob.dll,DllUnregisterServer>  []
    <tmdydk><%systemroot%\system32\Rundll32.exe %systemroot%\system32\tmdydk.dll,DllUnregisterServer>  []
    <saopim><%systemroot%\system32\Rundll32.exe %systemroot%\system32\saopim.dll,DllUnregisterServer>  []
    <qrxmoe><%systemroot%\system32\Rundll32.exe %systemroot%\system32\qrxmoe.dll,DllUnregisterServer>  []
    <ksmvom><%systemroot%\system32\Rundll32.exe %systemroot%\system32\ksmvom.dll,DllUnregisterServer>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\UserInit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]

==================================
启动文件夹
N/A

==================================
服务
[7A12C566 / 7A12C566][Stopped/Auto Start]
  <C:\WINDOWS\system32\A8DC84A4.EXE -d><Microsoft Corporation>
[C-DillaCdaC11BA / C-DillaCdaC11BA][Running/Auto Start]
  <C:\WINDOWS\system32\drivers\CDAC11BA.EXE><Macrovision>
[Symantec Event Manager / ccEvtMgr][Running/Auto Start]
  <"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"><Symantec Corporation>
[Symantec Network Proxy / ccProxy][Running/Auto Start]
  <"C:\Program Files\Common Files\Symantec Shared\ccProxy.exe"><Symantec Corporation>
[Symantec Password Validation / ccPwdSvc][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"><Symantec Corporation>
[Symantec Settings Manager / ccSetMgr][Running/Auto Start]
  <"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"><Symantec Corporation>
[Symantec AntiVirus Definition Watcher / DefWatch][Running/Auto Start]
  <"C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe"><Symantec Corporation>
[DameWare Mini Remote Control / DWMRCS][Running/Auto Start]
  <C:\WINDOWS\SYSTEM32\DWRCS.EXE -service><DameWare Development LLC>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[IS Service / ISSVC][Stopped/Auto Start]
  <C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe><Symantec Corporation>
[Multi-user Cleanup Service / Multi-user Cleanup Service][Running/Auto Start]
  <C:\Program Files\lotus\notes\ntmulti.exe><IBM Corp>
[Intel(R) NMS / NMSSvc][Stopped/Auto Start]
  <C:\WINDOWS\System32\NMSSvc.exe><Intel Corporation>
[SavRoam / SavRoam][Running/Auto Start]
  <"C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe"><symantec>
[Symantec Network Drivers Service / SNDSrvc][Running/Auto Start]
  <"C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"><Symantec Corporation>
[SoundMAX Agent Service / SoundMAX Agent Service (default)][Running/Auto Start]
  <C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>
[Symantec SPBBCSvc / SPBBCSvc][Stopped/Manual Start]
  <C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe><Symantec Corporation>
[Symantec AntiVirus / Symantec AntiVirus][Running/Auto Start]
  <"C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe"><Symantec Corporation>
[Symantec SecurePort / SymSecurePort][Stopped/Auto Start]
  <"C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe"><Symantec Corporation>
[windows clint1 / wc1][Running/Auto Start]
  <c:\windows\system\wc1\wdfmgr.exe><>

==================================
驱动程序
[abp480n5 / abp480n5][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ABP480N5.SYS><Microsoft Corporation>
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[adpu160m / adpu160m][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\adpu160m.sys><Microsoft Corporation>
[aeaudio / aeaudio][Running/Manual Start]
  <system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[Aha154x / Aha154x][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\aha154x.sys><Microsoft Corporation>
[aic78u2 / aic78u2][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\aic78u2.sys><Microsoft Corporation>
[aic78xx / aic78xx][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\aic78xx.sys><Microsoft Corporation>
[AliIde / AliIde][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD AGP Bus Filter Driver / amdagp][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\amdagp.sys><Advanced Micro Devices, Inc.>
[asc / asc][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\asc.sys><Advanced System Products, Inc.>
[asc3350p / asc3350p][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\asc3350p.sys><Microsoft Corporation>
[asc3550 / asc3550][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\asc3550.sys><Advanced System Products, Inc.>
[cd20xrnt / cd20xrnt][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\cd20xrnt.sys><Microsoft Corporation>
[CdaC15BA / CdaC15BA][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS><Macrovision Europe Ltd>
[CmdIde / CmdIde][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[dac2w2k / dac2w2k][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\dac2w2k.sys><Mylex Corporation>
[dpti2o / dpti2o][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\dpti2o.sys><Microsoft Corporation>
[Intel(R) PRO Adapter Driver / E100B][Running/Manual Start]
  <System32\DRIVERS\e100b325.sys><Intel Corporation>
[Symantec Eraser Control driver / eeCtrl][Running/System Start]
  <\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys><Symantec Corporation>
[IBM Access Support / EGATHDRV][Stopped/Manual Start]
  <\??\C:\WINDOWS\System32\EGATHDRV.SYS><N/A>
[GWIOPM / GWIOPM][Stopped/Manual Start]
  <\??\C:\Program Files\Wopti\GWIOPM.sys><N/A>
[ialm / ialm][Running/Manual Start]
  <System32\DRIVERS\ialmnt5.sys><Intel Corporation>
[ini910u / ini910u][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ini910u.sys><Microsoft Corporation>
[ksmvo / ksmvom][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ksmvom.sys><N/A>
[mraid35x / mraid35x][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\mraid35x.sys><American Megatrends Inc.>
[NAVENG / NAVENG][Running/Manual Start]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070611.022\naveng.sys><Symantec Corporation>
[NAVEX15 / NAVEX15][Running/Manual Start]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070611.022\navex15.sys><Symantec Corporation>
[nmxhyd / nmxhyd][Running/Boot Start]
  <\SystemRoot\system32\drivers\nmxhyd.sys><N/A>
[nv / nv][Stopped/Manual Start]
  <System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[PMEM / PMEM][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\PMEMNT.SYS><Microsoft Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[ql1080 / ql1080][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ql1080.sys><QLogic Corporation>
[Ql10wnt / Ql10wnt][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ql10wnt.sys><Microsoft Corporation>
[ql12160 / ql12160][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ql12160.sys><QLogic Corporation>
[ql1280 / ql1280][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ql1280.sys><QLogic Corporation>
[qrxmo / qrxmoe][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\qrxmoe.sys><N/A>
[saopi / saopim][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\saopim.sys><N/A>
[SAVRT / SAVRT][Running/System Start]
  <\??\C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys><Symantec Corporation>
[SAVRTPEL / SAVRTPEL][Running/System Start]
  <\??\C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys><Symantec Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[SIS AGP Bus Filter / sisagp][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\sisagp.sys><Silicon Integrated Systems Corporation>
[smwdm / smwdm][Running/Manual Start]
  <system32\drivers\smwdm.sys><Analog Devices, Inc.>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
  <system32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[Sparrow / Sparrow][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\sparrow.sys><Adaptec, Inc.>
[SPBBCDrv / SPBBCDrv][Stopped/Manual Start]
  <\??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys><Symantec Corporation>
[symc810 / symc810][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\symc810.sys><Symbios Logic Inc.>
[symc8xx / symc8xx][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\symc8xx.sys><LSI Logic>
[SYMDNS / SYMDNS][Stopped/Manual Start]
  <\SystemRoot\System32\Drivers\SYMDNS.SYS><Symantec Corporation>
[SymEvent / SymEvent][Running/Manual Start]
  <\??\C:\Program Files\Symantec\SYMEVENT.SYS><Symantec Corporation>
[SYMFW / SYMFW][Stopped/Manual Start]
  <\SystemRoot\System32\Drivers\SYMFW.SYS><Symantec Corporation>
[SYMIDS / SYMIDS][Stopped/Manual Start]
  <\SystemRoot\System32\Drivers\SYMIDS.SYS><Symantec Corporation>
[SYMIDSCO / SYMIDSCO][Stopped/Manual Start]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\SCFIDS~1\20070607.003\symidsco.sys><Symantec Corporation>
[SYMNDIS / SYMNDIS][Stopped/Manual Start]
  <\SystemRoot\System32\Drivers\SYMNDIS.SYS><Symantec Corporation>
[SYMREDRV / SYMREDRV][Stopped/Manual Start]
  <\SystemRoot\System32\Drivers\SYMREDRV.SYS><Symantec Corporation>
[SYMTDI / SYMTDI][Stopped/System Start]
  <\SystemRoot\System32\Drivers\SYMTDI.SYS><Symantec Corporation>
[sym_hi / sym_hi][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\sym_hi.sys><LSI Logic>
[sym_u3 / sym_u3][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\sym_u3.sys><LSI Logic>
[tmdyd / tmdydk][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\tmdydk.sys><N/A>
[TosIde / TosIde][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\toside.sys><Microsoft Corporation>
[ultra / ultra][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ultra.sys><Promise Technology, Inc.>
[ViaIde / ViaIde][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\viaide.sys><Microsoft Corporation>
[wzoco / wzocob][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\wzocob.sys><N/A>
[xynxm / xynxmy][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\xynxmy.sys><N/A>
[zchpj / zchpjd][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\zchpjd.sys><N/A>
[Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Running/System Start]
  <system32\drivers\ialmsbw.sys><Intel Corporation>
[Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Running/Manual Start]
  <system32\drivers\ialmkchw.sys><Intel Corporation>

==================================
浏览器加载项
[WebThunder Browser Helper]
  {00000AAA-A363-466E-BEF5-9BB68697AA7F} <C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_Now.dll, Thunder Networking Technologies,LTD>
[启动Web迅雷]
  {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
[WebThunder Browser Helper]
  {00000AAA-A363-466E-BEF5-9BB68697AA7F} <C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_Now.dll, Thunder Networking Technologies,LTD>
[WebThunder Class]
  {03507A1A-E0C5-4404-AA26-205385C0892D} <, N/A>
[Web Browser Applet Control]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\msjava.dll, Microsoft Corporation>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\System32\shdocvw.dll, Microsoft Corporation>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\System32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation

>
[Adobe Acrobat Control for ActiveX]
  {CA8A9780-280D-11CF-A24D-444553540000} <C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\ActiveX\pdf.ocx, Adobe Systems Incorporated>
[AUDIO__MID Moniker Class]
  {CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[E&xport to Microsoft Excel]
  <res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000, N/A>
[使用Web迅雷下载]
  <C:\Program Files\Thunder Network\WebThunder\GetUrl.htm, N/A>
[使用Web迅雷下载全部链接]
  <C:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm, N/A>

==================================
正在运行的进程
[PID: 596][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 660][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 684][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.2]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 728][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.2]
[PID: 740][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.2]
[PID: 2416][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.2]
    [C:\WINDOWS\system32\AcSignIcon.dll]  [Autodesk, 16.0.0.86]
    [C:\WINDOWS\system32\zchpjd.dll]  [N/A, ]
    [C:\WINDOWS\system32\xynxmy.dll]  [N/A, ]
    [C:\WINDOWS\system32\wzocob.dll]  [N/A, ]
    [C:\WINDOWS\system32\tmdydk.dll]  [N/A, ]
    [C:\WINDOWS\system32\saopim.dll]  [N/A, ]
    [C:\WINDOWS\system32\qrxmoe.dll]  [N/A, ]
    [C:\WINDOWS\system32\ksmvom.dll]  [N/A, ]
    [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll]  [Autodesk, 16.0.0.86]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\igfxpph.dll]  [Intel Corporation, 3,0,0,1915]
    [C:\WINDOWS\System32\hccutils.DLL]  [Intel Corporation, 3,0,0,1915]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3,0,0,1915]
    [C:\Program Files\Microsoft Office\Office10\msohev.dll]  [Microsoft Corporation, 10.0.2609]
    [C:\PROGRA~1\WinZip\wzshlext.dll]  [, ]
    [C:\PROGRA~1\WINZIP\WZCAB2.DLL]  [Nico Mak Computing, Inc., 2, 0, 0, 0]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll]  [Symantec Corporation, 10.0.2.2000]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
[PID: 2620][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.2]
[PID: 2696][C:\WINDOWS\SYSTEM32\DWRCST.exe]  [DameWare Development, 5, 1, 3, 0]
    [C:\WINDOWS\SYSTEM32\SYNCOR11.DLL]  [SoundMAX, 1.2.2]
[PID: 3008][C:\Program Files\Thunder Network\WebThunder\WebThunder.exe]  [深圳市迅雷网络技术有限公司, 1, 8, 4, 130]
    [C:\Program Files\Thunder Network\WebThunder\RegisterDll.dll]  [Thunder Networking Technologies,LTD, 2, 13, 4, 58]
    [C:\Program Files\Thunder Network\WebThunder\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.2]
    [C:\Program Files\Thunder Network\WebThunder\TaskManager.dll]  [Thunder Networking Technologies,LTD, 1, 1, 1, 24]
    [C:\Program Files\Thunder Network\WebThunder\download_interface.dll]  [Thunder Networking Technologies,LTD, 2, 15, 2, 98]
    [C:\Program Files\Thunder Network\WebThunder\stlport_vc646.dll]  [STLport Consulting, Inc., 4.6.2003.1031]
    [C:\Program Files\Thunder Network\WebThunder\asyn_dns.dll]  [Thunder Networking Technologies,LTD, 2, 15, 2, 98]
    [C:\Program Files\Thunder Network\WebThunder\Inmedia\iEmbedShell.dll]  [　, 1, 0, 0, 19]
    [C:\Program Files\Thunder Network\WebThunder\InMedia\iEmbed10.dll]  [　, 3, 3, 1, 83]
    [C:\Program Files\Thunder Network\WebThunder\CacheServer.dll]  [, 1, 0, 0, 1]
[PID: 3052][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.2]
[PID: 3644][C:\Program Files\Microsoft Office\Office10\WINWORD.EXE]  [Microsoft Corporation, 10.0.6818]
    [C:\Program Files\Common Files\Microsoft Shared\office10\mso.dll]  [Microsoft Corporation, 10.0.6817]
    [C:\Program Files\Common Files\Microsoft Shared\office10\riched20.dll]  [Microsoft Corporation, 5.40.11.2212]
    [C:\WINDOWS\system32\UNISPIM5.IME]  [北京紫光华宇软件股份有限公司, 5.0.0.5076]
    [C:\Program Files\Common Files\Microsoft Shared\PROOF\1033\MSGR3SC.DLL]  [Microsoft Corporation, 3.0.1707.0]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBF322E.DLL]  [Hewlett-Packard Company, 4.3.2.192]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBF322G.DLL]  [Hewlett-Packard Company, 4.3.2.192]
[PID: 2100][D:\王\测试\其它\SOFE\杀毒\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.2]
[PID: 3708][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\AcSignIcon.dll]  [Autodesk, 16.0.0.86]
    [C:\Program Files\Microsoft Office\Office10\msohev.dll]  [Microsoft Corporation, 10.0.2609]
    [C:\WINDOWS\system32\SYNCOR11.DLL]  [SoundMAX, 1.2.2]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\Macromed\Common\SwSupport.dll]  [Macromedia, Inc., 8.5r321]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

运行SREng2,使用“启动项目”－－注册表－－删除
<zchpjd><%systemroot%\system32\Rundll32.exe %systemroot%\system32\zchpjd.dll,DllUnregisterServer> []
<xynxmy><%systemroot%\system32\Rundll32.exe %systemroot%\system32\xynxmy.dll,DllUnregisterServer> []
<wzocob><%systemroot%\system32\Rundll32.exe %systemroot%\system32\wzocob.dll,DllUnregisterServer> []
<tmdydk><%systemroot%\system32\Rundll32.exe %systemroot%\system32\tmdydk.dll,DllUnregisterServer> []
<saopim><%systemroot%\system32\Rundll32.exe %systemroot%\system32\saopim.dll,DllUnregisterServer> []
<qrxmoe><%systemroot%\system32\Rundll32.exe %systemroot%\system32\qrxmoe.dll,DllUnregisterServer> []
<ksmvom><%systemroot%\system32\Rundll32.exe %systemroot%\system32\ksmvom.dll,DllUnregisterServer> []

运行(双击)SRENG2，点“启动项目，服务，点“Win32服务应用程序”
勾选“隐藏微软服务”选中病毒服务
7A12C566
windows clint1
，选择“删除服务”
点“设置”选择“否”

运行(双击)SRENG2，点“启动项目，服务，点“驱动程序”
勾选“隐藏微软服务”选中病毒服务
ksmvo
nmxhyd
qrxmo
saopi
tmdyd
wzoco
xynxm
zchpj
，选择“删除服务”
点“设置”选择“否”

重启按F８进入安全模式下
显示隐藏文件
删除：       
\SystemRoot\System32\DRIVERS\wzocob.sys
\SystemRoot\System32\DRIVERS\xynxmy.sys
SystemRoot\System32\DRIVERS\zchpjd.sys
SystemRoot\System32\DRIVERS\tmdydk.sys
SystemRoot\System32\DRIVERS\saopim.sys
SystemRoot\System32\DRIVERS\qrxmoe.sys
SystemRoot\system32\drivers\nmxhyd.sys
SystemRoot\System32\DRIVERS\ksmvom.sys
c:\windows\system\wc1\wdfmgr.exe
C:\WINDOWS\system32\A8DC84A4.EXE
在安全模式下结束Explorer.EXE进程,再删除
C:\WINDOWS\system32\zchpjd.dll
[C:\WINDOWS\system32\xynxmy.dll
[C:\WINDOWS\system32\wzocob.dll
[C:\WINDOWS\system32\tmdydk.dll
[C:\WINDOWS\system32\saopim.dll
[C:\WINDOWS\system32\qrxmoe.dll
[C:\WINDOWS\system32\ksmvom.dll

kaka助手扛不住啊！阻止不了！还是病毒站了上风！

多谢红夜鬼1 指导，不过目前有一个问题，当我把Explorer.EXE进程结束后系统就当机，只剩下鼠标和任务管理器，桌面不能显示，见不到我的电脑也没办法删除那些.dll和.sys文件。如果不关闭Explorer.EXE进程，.dll和.sys文件也删不掉，系统提示文件正在使用。郁闷中。。。。

请高手继续指导，我在这谢过了