[PID: 1856][H:\防毒杀毒\SRENG2\SRENGPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\WINDOWS\system32\ntdll.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\kernel32.dll]  [Microsoft Corporation, 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301)]
    [C:\WINDOWS\system32\USER32.dll]  [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)]
    [C:\WINDOWS\system32\GDI32.dll]  [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
    [C:\WINDOWS\system32\comdlg32.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.3199 (xpsp_sp2_gdr.070821-1257)]
    [C:\WINDOWS\system32\ADVAPI32.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\RPCRT4.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msvcrt.dll]  [Microsoft Corporation, 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3241 (xpsp_sp2_gdr.071025-1248)]
    [C:\WINDOWS\system32\WINSPOOL.DRV]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\oledlg.dll]  [Microsoft Corporation, 1.0 (xpsp_sp2_gdr.061016-0148)]
    [C:\WINDOWS\system32\ole32.dll]  [Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)]
    [C:\WINDOWS\system32\OLEAUT32.dll]  [Microsoft Corporation, 5.1.2600.2180]
    [C:\WINDOWS\system32\VERSION.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\CRYPT32.dll]  [Microsoft Corporation, 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\MSASN1.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WINMM.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WS2_32.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WS2HELP.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WININET.dll]  [Microsoft Corporation, 6.00.2900.3199 (xpsp_sp2_gdr.070821-1257)]
    [C:\WINDOWS\system32\IMM32.DLL]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\LPK.DLL]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\USP10.dll]  [Microsoft Corporation, 1.0420.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\avwlgmn.dll]  [N/A, ]
    [C:\WINDOWS\system32\wsock32.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\RICHED20.DLL]  [Microsoft Corporation, 5.30.23.1228]
    [C:\WINDOWS\system32\NTMARTA.DLL]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WLDAP32.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SAMLIB.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Secur32.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msctfime.ime]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\winabc.ime]  [Microsoft Corporation, 5.1.2600.2180]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\avwghmn.dll]  [N/A, ]
    [C:\WINDOWS\system32\ratbnpi.dll]  [N/A, ]
    [C:\WINDOWS\system32\sidjfzy.dll]  [N/A, ]
    [C:\WINDOWS\system32\gmtaiovciq.dll]  [N/A, ]
    [C:\WINDOWS\system32\kawdfzy.dll]  [N/A, ]
    [C:\WINDOWS\system32\sfc.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WINTRUST.dll]  [Microsoft Corporation, 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\IMAGEHLP.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [H:\防毒杀毒\SRENG2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
    [C:\WINDOWS\system32\RASAPI32.DLL]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\rasman.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\NETAPI32.dll]  [Microsoft Corporation, 5.1.2600.2976 (xpsp_sp2_gdr.060817-0106)]
    [C:\WINDOWS\system32\TAPI32.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\rtutils.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\USERENV.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\urlmon.dll]  [Microsoft Corporation, 6.00.2900.3199 (xpsp_sp2_gdr.070821-1257)]
    [C:\WINDOWS\System32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\DNSAPI.dll]  [Microsoft Corporation, 5.1.2600.2938 (xpsp_sp2_gdr.060626-0020)]
    [C:\WINDOWS\system32\iphlpapi.dll]  [Microsoft Corporation, 5.1.2600.2912 (xpsp_sp2_gdr.060519-0003)]
    [C:\WINDOWS\system32\rasadhlp.dll]  [Microsoft Corporation, 5.1.2600.2938 (xpsp_sp2_gdr.060626-0020)]
    [C:\WINDOWS\system32\xpsp2res.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\rsaenh.dll]  [Microsoft Corporation, 5.1.2600.2161 (xpsp.040706-1629)]
    [C:\WINDOWS\system32\Winsta.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\utildll.dll]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\SETUPAPI.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
进程特权扫描
特殊特权被允许： SeDebugPrivilege [PID = 1476, C:\PROGRAM FILES\RISING\RAV\RAV.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1476, C:\PROGRAM FILES\RISING\RAV\RAV.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

注意：删除病毒可能会具有一定的危险性 所以强烈建议操作前要把重要资料转移至非系统分区！
打开sreng
启动项目 注册表 删除如下项目
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><kawdfzy.dll> []清空此项
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{B0E4D1E9-3CE5-48A1-8DF0-6463E046E7EF}><C:\WINDOWS\system32\gmtaiovciq.dll> []
<{68847374-8323-FADC-B443-4732ABCD3786}><C:\WINDOWS\system32\sidjfzy.dll> []
<{7960356A-458E-DE24-BD50-268F589A56A7}><C:\WINDOWS\system32\avwlgmn.dll> []
<{E6650011-3344-6688-4899-345FABCD156E}><C:\WINDOWS\system32\ratbnpi.dll> []
<{68907901-1416-3389-9981-372178569986}><C:\WINDOWS\system32\kawdfzy.dll> []
<{AC87A354-ABC3-DEDE-FF33-3213FD7447CA}><C:\WINDOWS\system32\kvdxjma.dll> [N/A]
<{8A1247C1-53DA-FF43-ABD3-345F323A48D8}><C:\WINDOWS\system32\avwghmn.dll> []

“启动项目”-“服务”-“Win32服务应用程序”中点“隐藏经认证的微软项目”，
选中以下项目，点“删除服务”，再点“设置”，在弹出的框中点“否”：
[Windows Time / W32Time][Stopped/Auto Start]
<C:\WINDOWS\system32\svchost.exe -k netsvcs-->c:\windows\system32\wbem\wyrdcbvnb.dll><Microsoft Crop.>

用SRENG扫描工具删除以下驱动程序
[4ukg / 4ukg4][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\4ukg4.sys><N/A>
[6ynq2l / 6ynq2l][Stopped/Auto Start]
<\??\C:\WINDOWS\system32\drivers\6ynq2l.sys><N/A>
[RAS Asynchronous Media Driver / AsyncMac][Stopped/Auto Start]
<system32\DRIVERS\comint32.sys><N/A>
[comint32 / comint32][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\DRIVERS\comint32.sys><N/A>
[qniies8 / qniies88][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\qniies88.sys><N/A>

重启计算机进入安全模式下删除
<{B0E4D1E9-3CE5-48A1-8DF0-6463E046E7EF}><C:\WINDOWS\system32\gmtaiovciq.dll> []
<{68847374-8323-FADC-B443-4732ABCD3786}><C:\WINDOWS\system32\sidjfzy.dll> []
<{7960356A-458E-DE24-BD50-268F589A56A7}><C:\WINDOWS\system32\avwlgmn.dll> []
<{E6650011-3344-6688-4899-345FABCD156E}><C:\WINDOWS\system32\ratbnpi.dll> []
<{68907901-1416-3389-9981-372178569986}><C:\WINDOWS\system32\kawdfzy.dll> []
<{AC87A354-ABC3-DEDE-FF33-3213FD7447CA}><C:\WINDOWS\system32\kvdxjma.dll> [N/A]
<{8A1247C1-53DA-FF43-ABD3-345F323A48D8}><C:\WINDOWS\system32\avwghmn.dll> []
c:\windows\system32\wbem\wyrdcbvnb.dll><Microsoft Crop.>
<\SystemRoot\System32\DRIVERS\4ukg4.sys><N/A>
<\??\C:\WINDOWS\system32\drivers\6ynq2l.sys><N/A>
<system32\DRIVERS\comint32.sys><N/A>
<\??\C:\WINDOWS\system32\DRIVERS\comint32.sys><N/A>
<\SystemRoot\System32\DRIVERS\qniies88.sys><N/A>