求助!中毒了!
而且看不懂日志,已经用SSR进行了扫描以及下载了xDelBox

麻烦看一下...不知道应该删除哪些

谢谢了!!! m(-_-)m

用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; QQDownload 1.7; Maxthon; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; MEGAUPLOAD 2.0)

<algs><; C:\Program Files\Internet Explorer\algs.exe>  [N/A]
    <explrer><C:\Program Files\Internet Explorer\explrer.exe>  [N/A]
[Windows XP SP2 Center / Windows XP SP2 Center][Stopped/Disabled]
  <C:\WINDOWS\system32\5.exe><N/A>
[COM+ Windows System / WinINI][Running/Auto Start]
  <C:\WINDOWS\system32\winini.exe><Microsoft Corporation>


这几个好像都不太正常吧...


驱动我还不会看.天月给看下...

C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\869WLTv5SB.dll
这个文件很怀疑，到底是什么呢？？？？签名看不懂。呵呵！！！
————————————————————————————————————————————
下面就是找出来的东东了：

启动项目
注册表
    <algs><; C:\Program Files\Internet Explorer\algs.exe>  [N/A]
    <explrer><C:\Program Files\Internet Explorer\explrer.exe>  [N/A]
    <{dc546cb1-0be7-4957-98c5-469b55a6923d}><ttQACQAC1038.dll>  [N/A]
    <{6ce08af1-5f70-4c1a-8d1a-8aba11619e87}><ayFKKFKK1055.dll>  [N/A]
    <{c4bf46a2-1c05-427d-992f-4e24f7d57f68}><ttNNBNNB1047.dll>  [N/A]
    <IFEO[enc98.EXE]><C:\WINDOWS\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
    <IFEO[ua80.EXE]><C:\WINDOWS\system32\svchost.exe>  [(Verified)Microsoft Windows Publisher]
==================================
服务
[APC Windows System Center / APCWSC][Stopped/Auto Start]
  <><N/A>

[Windows Presentation Foundation (WPF) / applications][Stopped/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k applications-->C:\WINDOWS\system32\UlptDUhyKmBxiG.dll><N/A>

[Google Updater Service / gusvc][Stopped/Manual Start]
  <><N/A>

[kernel32 / kernel32][Stopped/Disabled]
  <c:\windows\system32\KERNEL32.exe><N/A>

[mfc42 / mfc42][Stopped/Disabled]
  <><N/A>

[Secondary Logon / seclogon][Stopped/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->c:\windows\system32\com\gcrwigbegys.dll><N/A>

[Windows XP SP2 Center / Windows XP SP2 Center][Stopped/Disabled]
  <C:\WINDOWS\system32\5.exe><N/A>

[Windows Accounts Driver / windows_29][Stopped/Auto Start]
  <><N/A>

[COM+ Windows System / WinINI][Running/Auto Start]
  <C:\WINDOWS\system32\winini.exe><Microsoft Corporation>
==================================
驱动程序
[0mpe5wad / 0mpe5wad][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\0mpe5wad.sys><N/A>

[bdvirvh5m / bdvirvh5mj][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\bdvirvh5mj.sys><N/A>

[Cin61 / Cin61][Stopped/Boot Start]
  <\SystemRoot\System32\Drivers\Cin61.sys><N/A>

[eo40b7 / eo40b7][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\eo40b7.sys><N/A>

[wv6u2ttth / wv6u2ttthk][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\wv6u2ttthk.sys><N/A>
==================================
浏览器加载项
[Explore.Tp]
  {4DAE9566-953C-4DF1-8E9C-55B7890A3AE8} <C:\WINDOWS\SYSTEM32\usmt\vmxguebto.dll, N/A>
[]
  {FB3412B6-6D67-4650-B3B4-C2A90191A80F} <C:\WINDOWS\SYSTEM32\fbeoskmmgv.dll, N/A>
[Explore.Tp]
  {4DAE9566-953C-4DF1-8E9C-55B7890A3AE8} <C:\WINDOWS\SYSTEM32\usmt\vmxguebto.dll, N/A
[]
  {FB3412B6-6D67-4650-B3B4-C2A90191A80F} <C:\WINDOWS\SYSTEM32\fbeoskmmgv.dll, N/A>
==================================
正在运行的进程
    [C:\WINDOWS\SYSTEM32\fbeoskmmgv.dll]  [N/A, ]
[PID: 1960 / SYSTEM][C:\WINDOWS\system32\winini.exe]  [Microsoft Corporation, 5.2.3790.1830]
    [C:\WINDOWS\system32\mxcdcsrv16_080417.dll]  [N/A, ]
——————————————————————————————————————————————————
从下面这项看：怀疑系统userinit.exe文件已不是原来的了，可能被病毒恶意替换。
启动项目
注册表
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <Userinit><C:\WINDOWS\System32\userinit.exe,>  [(Verified)]

驱动啊..驱动...头痛啊....