日志??那里的日志  我用金山找到一个机器狗了已经删掉了  我用置顶的帖子找到  建立安全环境工具  可是那时还没吧毒搞掉  在杀毒的时候又被关了  等下在远程协助下可以不...我怕还有毒.....  等下搞好瑞星又要删掉金山..

昨天搜索电器网站，结果我也是中了差不多的病毒了。进程中一大串 cho*.tmp ，还巨占cpu，瑞星杀毒不能打开，一打开自己就关了。用上述方法不行，可能操作太菜吧！
老大救命啊！

听话就能救命



解决问题需要配合

1.扫日志前建议清理助手清理系统
http://www.arswp.com/download.html
升级清理助手，全盘扫描，只清理高危险项目,其他项目请自己判断
同时观察清理助手是否报告系统文件被替换。

如清理无效
2.扫日志前关闭无用进程，如QQ，迅雷及播放器程序

3.到官方下载SReng
下载地址
http://www.kztechs.com/sreng/download.html
SREng/智能扫描
等扫描完成,保存日志(LOG格式)

PS：如主程序SREng**.exe无法运行,导致无法扫描日志
将主程序改名为小狮子.bat
或小狮子.scr

4.为了对病毒准确定位和判断，找出替换文件的病毒，必须同时上传金山清理专家日志
下载金山清理专家
http://www.duba.net/qing/
金山清理专家-在线系统诊断（隐藏安全项）-导出诊断报告-（全选）-导出报告


5.2份日志/报告以附件上传（点击我回的贴的右下角的“引用”，然后就应该知道怎么以附件发了），贴到反病毒/反流氓软件论坛.已发帖请跟贴，勿另开新帖。

如以上工具不能打开或正常运行，短消息call我

result.txt是这样的，但我不懂操作注册表之类的高级东东。有没有简捷点的工具啊！


[2.8.1.8.0815 - 2.8.22.8.1023]
2008-10-25 20:19
[Trojan]
C:\WINDOWS\SYSTEM32\5102A80.SYS
HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_5102A80
HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\5102A80
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_5102A80
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\5102A80

[2.8.1.8.0815 - 2.8.22.8.1023]
2008-10-25 20:19
[nwiuu/dfssvrTrojan Horse]
C:\WINDOWS\SYSTEM32\22D75360.DLL

[2.8.1.8.0815 - 2.8.22.8.1023]
2008-10-25 20:19
[BaiduSearchPartner]
C:\WINDOWS\SYSTEM32\DRIVERS\BDGUARD.SYS
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BDGUARD

[2.8.1.8.0815 - 2.8.22.8.1023]
2008-10-25 20:19
[BaiduSuperSoBa]
C:\DOCUMENTS AND SETTINGS\ALL USERS\「开始」菜单\程序\百度工具栏\
C:\DOCUMENTS AND SETTINGS\ALL USERS\「开始」菜单\程序\百度工具栏\伴侣导航.URL
C:\DOCUMENTS AND SETTINGS\ALL USERS\「开始」菜单\程序\百度工具栏\帮助指南.URL
C:\DOCUMENTS AND SETTINGS\ALL USERS\「开始」菜单\程序\百度工具栏\广告拦截.URL
C:\DOCUMENTS AND SETTINGS\ALL USERS\「开始」菜单\程序\百度工具栏\垃圾清理.URL
C:\DOCUMENTS AND SETTINGS\ALL USERS\「开始」菜单\程序\百度工具栏\屏蔽列表.URL
C:\DOCUMENTS AND SETTINGS\ALL USERS\「开始」菜单\程序\百度工具栏\系统加速.URL
C:\DOCUMENTS AND SETTINGS\ALL USERS\「开始」菜单\程序\百度工具栏\修复功能.URL
C:\DOCUMENTS AND SETTINGS\ALL USERS\「开始」菜单\程序\百度工具栏\隐私保护.URL
C:\DOCUMENTS AND SETTINGS\ALL USERS\「开始」菜单\程序\百度工具栏\自定义按钮.URL
C:\DOCUMENTS AND SETTINGS\RAYLINECN\LOCAL SETTINGS\APPLICATION DATA\BAIDU\
C:\PROGRAM FILES\BAIDU\BAR\
C:\PROGRAM FILES\BAIDU\BAR\BAIDUBAR.DAT
C:\PROGRAM FILES\BAIDU\BAR\BAIDUBAR.DLL
C:\PROGRAM FILES\BAIDU\BAR\BANG.INI
C:\PROGRAM FILES\BAIDU\BAR\BDGDINS.DLL
C:\PROGRAM FILES\BAIDU\BAR\LOADMOVIE.SWF
C:\PROGRAM FILES\BAIDU\BAR\LOGEX.DAT
C:\PROGRAM FILES\BAIDU\BAR\MEDIALOG.DAT
C:\PROGRAM FILES\BAIDU\BAR\NAMEDSITES.DAT
C:\WINDOWS\SOSUO.COL
C:\WINDOWS\SYSTEM32\BDGUARD.DAT
C:\WINDOWS\SYSTEM32\BDGUARDS.DAT
C:\WINDOWS\SYSTEM32\IEXP_LOG.TXT
HKEY_CLASSES_ROOT\BAIDUBAR.BAIDU
HKEY_CLASSES_ROOT\BAIDUBAR.BAIDU.1
HKEY_CLASSES_ROOT\BAIDUBAR.TOOL
HKEY_CLASSES_ROOT\BAIDUBAR.TOOL.1
HKEY_CLASSES_ROOT\BAIDUBAREX.BANDIE
HKEY_CLASSES_ROOT\BAIDUBAREX.BANDIE.1
HKEY_CLASSES_ROOT\BAIDUBAREX.BDHOMEPAGE
HKEY_CLASSES_ROOT\BAIDUBAREX.BDHOMEPAGE.1
HKEY_CLASSES_ROOT\BAIDUBAREX.DROPTARGET
HKEY_CLASSES_ROOT\BAIDUBAREX.DROPTARGET.1
HKEY_CLASSES_ROOT\CLSID\{77FEF28E-EB96-44FF-B511-3185DEA48697}
HKEY_CLASSES_ROOT\CLSID\{7C76C055-ED6E-4535-A70F-CD476E727F67}
HKEY_CLASSES_ROOT\CLSID\{A7F05EE4-0426-454F-8013-C41E3596E9E9}
HKEY_CLASSES_ROOT\CLSID\{B580CF65-E151-49C3-B73F-70B13FCA8E86}
HKEY_CLASSES_ROOT\CLSID\{E5D5D4A1-17F0-41D7-B1C6-0979F91E6F46}
HKEY_CLASSES_ROOT\CLSID\{FE14F22E-BE14-4F08-A80F-F27BC3A67B2D}
HKEY_CLASSES_ROOT\INTERFACE\{464C8A26-31E9-411C-9583-5B858E631DCC}
HKEY_CLASSES_ROOT\INTERFACE\{89FDCC4B-8D91-49B0-81A6-18BCFF582735}
HKEY_CLASSES_ROOT\INTERFACE\{96249369-D3DC-4AE6-8A3B-E7109D46E98D}
HKEY_CLASSES_ROOT\INTERFACE\{A294F8EB-86D9-4C4A-8B3E-909253761C64}
HKEY_CLASSES_ROOT\MIMEFILTER.ADFILTER
HKEY_CLASSES_ROOT\MIMEFILTER.ADFILTER.1
HKEY_CLASSES_ROOT\TYPELIB\{6AFC2761-1253-427C-9A56-385B4609BE1D}
HKEY_CURRENT_USER\SOFTWARE\BAIDU\BAIDUBAR
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{77FEF28E-EB96-44FF-B511-3185DEA48697}
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B580CF65-E151-49C3-B73F-70B13FCA8E86}
HKEY_LOCAL_MACHINE\SOFTWARE\BAIDU\BAIDUBAR
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\BAIDUBAREX.BANDIE
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\BAIDUBAREX.BANDIE.1
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\BAIDUBAREX.DROPTARGET
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{77FEF28E-EB96-44FF-B511-3185DEA48697}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{7C76C055-ED6E-4535-A70F-CD476E727F67}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{A7F05EE4-0426-454F-8013-C41E3596E9E9}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{B580CF65-E151-49C3-B73F-70B13FCA8E86}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{E5D5D4A1-17F0-41D7-B1C6-0979F91E6F46}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{FE14F22E-BE14-4F08-A80F-F27BC3A67B2D}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{464C8A26-31E9-411C-9583-5B858E631DCC}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{89FDCC4B-8D91-49B0-81A6-18BCFF582735}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{96249369-D3DC-4AE6-8A3B-E7109D46E98D}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{A294F8EB-86D9-4C4A-8B3E-909253761C64}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{6AFC2761-1253-427C-9A56-385B4609BE1D}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{B580CF65-E151-49C3-B73F-70B13FCA8E86}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{77FEF28E-EB96-44FF-B511-3185DEA48697}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SOBAR
HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_BDGUARD
HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\BDGUARD
HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET002\ENUM\ROOT\LEGACY_BDGUARD
HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET002\SERVICES\BDGUARD
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_BDGUARD

[2.8.1.8.0815 - 2.8.22.8.1023]
2008-10-25 20:19
[3721Keyword]
K:\SETUP\桌面\小程序\IEREPAIRER.EXE

[2.8.1.8.0815 - 2.8.22.8.1023]
2008-10-25 20:19
[Trojan.psw.avx]
C:\WINDOWS\SYSTEM32\3D144530.DLL
C:\WINDOWS\SYSTEM32\43ACDCC5.DLL
C:\WINDOWS\SYSTEM32\4BF9CBA3.CFG
C:\WINDOWS\SYSTEM32\4BF9CBA3.DLL
C:\WINDOWS\SYSTEM32\9FD8DB.SYS
C:\WINDOWS\SYSTEM32\D7C79813.DLL
C:\WINDOWS\SYSTEM32\DE02F764.DLL
C:\WINDOWS\SYSTEM32\GDIPRO.DLL
C:\WINDOWS\SYSTEM32\SYS05020.ADD
C:\WINDOWS\SYSTEM32\SYS05020.DLL
HKEY_CLASSES_ROOT\CLSID\{22D75360-199D-4F79-880D-82E766675F06}
HKEY_CLASSES_ROOT\CLSID\{A8FC611B-71F6-4B4D-BD3A-BFBCCDE96F57}
HKEY_CLASSES_ROOT\CLSID\{D7C79813-9233-4AE0-832C-99B2E8019673}
HKEY_CLASSES_ROOT\CLSID\{E3367679-4775-4244-A62E-4CFE58FC850B}
HKEY_CLASSES_ROOT\CLSID\{E4814792-EFA3-4C20-93D0-8B130A59F9A8}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{22D75360-199D-4F79-880D-82E766675F06}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{A8FC611B-71F6-4B4D-BD3A-BFBCCDE96F57}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{D7C79813-9233-4AE0-832C-99B2E8019673}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{E3367679-4775-4244-A62E-4CFE58FC850B}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{E4814792-EFA3-4C20-93D0-8B130A59F9A8}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{22D75360-199D-4F79-880D-82E766675F06}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{A8FC611B-71F6-4B4D-BD3A-BFBCCDE96F57}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{D7C79813-9233-4AE0-832C-99B2E8019673}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{E3367679-4775-4244-A62E-4CFE58FC850B}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{E4814792-EFA3-4C20-93D0-8B130A59F9A8}
HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_9FD8DB
HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\9FD8DB
HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET002\SERVICES\9FD8DB
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_9FD8DB
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\9FD8DB

[2.8.1.8.0815 - 2.8.22.8.1023]
2008-10-25 20:19
[Trojan.msosiocp.dosjisn]
C:\WINDOWS\SYSTEM32\HBQQXX.DLL
C:\WINDOWS\SYSTEM32\HBWD.DLL
C:\WINDOWS\SYSTEM32\HBWOW.DLL
HKEY_CLASSES_ROOT\CLSID\{4BF9CBA3-8DEE-41A1-8BDB-FC28D30E949F}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{4BF9CBA3-8DEE-41A1-8BDB-FC28D30E949F}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{4BF9CBA3-8DEE-41A1-8BDB-FC28D30E949F}

[2.8.1.8.0815 - 2.8.22.8.1023]
2008-10-25 20:19
[Trojan.ytewcxzsw.wrew2ds]
C:\WINDOWS\SYSTEM32\122B901E.DLL
C:\WINDOWS\SYSTEM32\4901228.SYS
C:\WINDOWS\SYSTEM32\E3367679.DLL
C:\WINDOWS\SYSTEM32\E4814792.DLL
HKEY_CLASSES_ROOT\CLSID\{3D144530-43DA-47CC-B7C7-A3A9F3B9A6B2}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{3D144530-43DA-47CC-B7C7-A3A9F3B9A6B2}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{3D144530-43DA-47CC-B7C7-A3A9F3B9A6B2}
HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_4901228
HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\4901228
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_4901228
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\4901228

[2.8.1.8.0815 - 2.8.22.8.1023]
2008-10-25 20:19
[Trojan.bndmss.wmel32]
HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\HBKERNEL32
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\HBKERNEL32

[2.8.1.8.0815 - 2.8.22.8.1023]
2008-10-25 20:19
[Trojan.upnpsrv]
HKEY_CLASSES_ROOT\CLSID\{122B901E-493F-4AD9-BC69-7DE8C3E52FCC}
HKEY_CLASSES_ROOT\CLSID\{43ACDCC5-9009-4AF4-B80A-93BC656EF298}
HKEY_CLASSES_ROOT\CLSID\{DE02F764-C51A-4788-9597-D78ECC2AC08F}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{122B901E-493F-4AD9-BC69-7DE8C3E52FCC}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{43ACDCC5-9009-4AF4-B80A-93BC656EF298}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{DE02F764-C51A-4788-9597-D78ECC2AC08F}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{122B901E-493F-4AD9-BC69-7DE8C3E52FCC}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{43ACDCC5-9009-4AF4-B80A-93BC656EF298}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{DE02F764-C51A-4788-9597-D78ECC2AC08F}

[2.8.1.8.0815 - 2.8.22.8.1023]
2008-10-25 20:19
[Unknown Trojan Horse/Virus]
C:\WINDOWS\SYSTEM32\12B02216.DLL
C:\WINDOWS\SYSTEM32\9F684DE8.DLL
C:\WINDOWS\SYSTEM32\A8FC611B.DLL
C:\WINDOWS\SYSTEM32\CABA599D.DLL
C:\WINDOWS\SYSTEM32\DLLCACHE\PRINTUI.DLL
HKEY_CLASSES_ROOT\CLSID\{12B02216-AC3F-42A7-8313-449771237061}
HKEY_CLASSES_ROOT\CLSID\{9F684DE8-3E87-4174-9033-E02A3DFD8B61}
HKEY_CLASSES_ROOT\CLSID\{CABA599D-5089-4865-9420-E41FA3C1F55F}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{12B02216-AC3F-42A7-8313-449771237061}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{9F684DE8-3E87-4174-9033-E02A3DFD8B61}
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{CABA599D-5089-4865-9420-E41FA3C1F55F}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{12B02216-AC3F-42A7-8313-449771237061}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{9F684DE8-3E87-4174-9033-E02A3DFD8B61}
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\SHELLEXECUTEHOOKS\{CABA599D-5089-4865-9420-E41FA3C1F55F}

[2.8.1.8.0815 - 2.8.22.8.1023]
2008-10-25 20:19
[Maybe Useless object]
C:\WINDOWS\SYSTEM32\DRIVERS\HBKERNEL32.SYS

SReng的扫面报告：

操作前强烈要求先断网
1.建议使用XDelBox删除以下文件：(Xdelbox1.8下载地址：  http://www.dodudou.com/down/inde ... C8%ED%BC%FE&order=0）
使用说明：先勾选抑制再生，删除时复制所有要删除文件的路径，在待删除文件列表里点击右键选择从剪贴板导入不检查路径，导入后在要删除文件上点击右键，选择立刻重启删除(不论文件是否存在，继续操作重启删除
)，电脑会重启进入DOS界面进行删除操作。运行xdelbox前最好卸载所有可移动存储介质（包括U盘，MP3，手机存储卡等）。

C:\WINDOWS\system32\alivin.exe
c:\docume~1\raylin~1\locals~1\temp\cho20.tmp
c:\docume~1\raylin~1\locals~1\temp\cho1e.tmp
c:\windows\system32\122b901e.dll
c:\windows\system32\12b02216.dll
c:\windows\system32\3d144530.dll
c:\windows\system32\43acdcc5.dll
c:\windows\system32\9f684de8.dll
c:\windows\system32\a8fc611b.dll
c:\windows\system32\alivin.dll
c:\windows\system32\caba599d.dll
c:\windows\system32\d7c79813.dll
c:\windows\system32\de02f764.dll
c:\windows\system32\e3367679.dll
c:\windows\system32\sys05020.dll
c:\program files\internet explorer\53u1ttme.2ys
c:\windows\system32\08223b03.dll
c:\windows\system32\22d75360.dll
c:\windows\system32\3474a8c2.dll
c:\windows\system32\495271ca.dll
c:\windows\system32\4bf9cba3.dll
c:\windows\system32\8566f82e.dll
c:\windows\system32\9ca963ca.dll
c:\windows\system32\b3721c07.dll
c:\windows\system32\da63e650.dll
c:\windows\system32\e4814792.dll
c:\windows\system32\weiai.exe
c:\windows\system32\drivers\aliimz.sys
c:\windows\system32\c551839.sys
c:\windows\system32\9fd8db.sys
c:\windows\system32\5102a80.sys
c:\windows\system32\4901228.sys
c:\windows\system32\drivers\hbkernel32.sys
c:\windows\system32\drivers\bdguard.sys
c:\docume~1\raylin~1\locals~1\temp\_tmp.bat
c:\windows\system32\drivers\hbkernel32.sys
c:\windows\system32\drivers\bdguard.sys

2.删除重启后使用SREng修复下面各项：

    启动项目 －－ 注册表之如下项删除：
[HBService32]    <; System.exe>
[smsjdmtj.dll]    <>
[twtfmlrx.dll]    <>
[yxpbggde.dll]    <>
[bhvacjkw.dll]    <>
[npyobxbc.dll]    <>
[qrenxbib.dll]    <>
[zdcwjwnt.dll]    <>
[thjbzsmc.dll]    <>
[qtpcoyre.dll]    <>
[fcnwyetu.dll]    <>
[mujvkmtc.dll]    <>
[ospsnwxh.dll]    <>
[lgmtlreq.dll]    <>
[btkouzru.dll]    <>
[ycfdhbpu.dll]    <>
[issmaxjs.dll]    <>
[oxdyjbcy.dll]    <>
[hodeloum.dll]    <>
[{9CA963CA-107C-4089-B0AB-31380F90D7E3}]    <9CA963CA.dll>
[{495271CA-D0C6-4052-ABE6-5B01C73CDFB0}]    <495271CA.dll>
[{08223B03-1B38-4A33-A83A-A4D3CC1D6E4E}]    <08223B03.dll>
[{8566F82E-03A4-416E-AEAC-66600D8881F1}]    <8566F82E.dll>
[{B3721C07-62B3-411A-9DC7-F5F27E3E21FF}]    <B3721C07.dll>
[{DA63E650-537C-4042-87BB-9D19D844680B}]    <DA63E650.dll>
[{3474A8C2-BEF9-46C8-983A-A26A0030EC30}]    <3474A8C2.dll>
[{3D144530-43DA-47CC-B7C7-A3A9F3B9A6B2}]    <3D144530.dll>
[{D7C79813-9233-4AE0-832C-99B2E8019673}]    <D7C79813.dll>
[{4BF9CBA3-8DEE-41A1-8BDB-FC28D30E949F}]    <4BF9CBA3.dll>
[{122B901E-493F-4AD9-BC69-7DE8C3E52FCC}]    <122B901E.dll>
[{22D75360-199D-4F79-880D-82E766675F06}]    <22D75360.dll>
[{A8FC611B-71F6-4B4D-BD3A-BFBCCDE96F57}]    <A8FC611B.dll>
[{E3367679-4775-4244-A62E-4CFE58FC850B}]    <E3367679.dll>
[{E4814792-EFA3-4C20-93D0-8B130A59F9A8}]    <E4814792.dll>
[{43ACDCC5-9009-4AF4-B80A-93BC656EF298}]    <43ACDCC5.dll>
[{DE02F764-C51A-4788-9597-D78ECC2AC08F}]    <DE02F764.dll>
[{CABA599D-5089-4865-9420-E41FA3C1F55F}]    <CABA599D.dll>
[{CABA599D-5089-4865-9420-E41FA3C1F55F}]    <CABA599D.dll>
[{9F684DE8-3E87-4174-9033-E02A3DFD8B61}]    <9F684DE8.dll>
[{12B02216-AC3F-42A7-8313-449771237061}]    <12B02216.dll>
[weiai]    <; C:\WINDOWS\system32\weiai.exe>

    启动项目 －－ 服务－－ 驱动程序之如下项删除：
(选中有问题的驱动/服务后，点"删除服务"，点"设置"按钮即可。注意弹出的窗口中要点"否NO"才是确认删除服务）

[aliimz / aliimz]    <System32\Drivers\aliimz.sys>
[c551839 / c551839]    <\??\C:\WINDOWS\system32\c551839.sys>
[9fd8db / 9fd8db]    <\??\C:\WINDOWS\system32\9fd8db.sys>
[5102a80 / 5102a80]    <\??\C:\WINDOWS\system32\5102a80.sys>
[4901228 / 4901228]    <\??\C:\WINDOWS\system32\4901228.sys>
[HBKernel32 Driver / HBKernel32]    <\SystemRoot\system32\drivers\HBKernel32.sys>
[BdGuard / BdGuard]    <\SystemRoot\system32\drivers\BDGuard.SYS>
[roljj / roljj]    <\??\C:\DOCUME~1\RAYLIN~1\LOCALS~1\Temp\_tmp.bat>
[HBKernel32 Driver / HBKernel32]    <\SystemRoot\system32\drivers\HBKernel32.sys>
[BdGuard / BdGuard]    <\SystemRoot\system32\drivers\BDGuard.SYS>

**************以上分析报告由SREngLog分析助手提供******************

金山清理专家的报告：