亲戚来我家玩 给我捣鼓出病毒了 登陆QQ时显示有 但是杀完还是有
发日志 大家看看 帮帮忙

用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)

1建议使用XDelBox(下载地址：http://bbs.ikaka.com/attachment.aspx?attachmentid=446806）
删除以下文件：（使用说明：删除时复制所有要删除文件的路径，在待删除文件列表里点击右键选择剪贴板导入不检查路径，导入后记得勾选抑制其再生，在要删除文件上点击右键，选择立刻重启删除，电脑会重启进入DOS界面进行删除操作。运行xdelbox前最好卸载所有可移动存储设备）
C:\WINDOWS\system32\csrss.dll
C:\WINDOWS\system32\sh05029.dll
C:\WINDOWS\system32\sh07006.dll
C:\WINDOWS\system32\fkelemdk.dll
C:\WINDOWS\system32\ojmmnkgl.dll
C:\WINDOWS\system32\nikbkphk.dll
C:\WINDOWS\system32\ampbbmih.dll
C:\WINDOWS\system32\gppjonal.dll
C:\WINDOWS\system32\pkfclncd.dll
C:\WINDOWS\system32\acpepbph.dll
C:\WINDOWS\system32\jgjonacl.dll
C:\WINDOWS\system32\aohcekgl.dll
C:\WINDOWS\system32\mhknflbp.dll
C:\WINDOWS\system32\imbfaomo.dll
C:\WINDOWS\system32\kiljjkpm.dll
C:\WINDOWS\system32\fhfnfnla.dll
C:\WINDOWS\system32\fjhagdlg.dll
C:\WINDOWS\system32\b770ca2.sys
C:\WINDOWS\System32\Drivers\msiffei.sys

删除重启后使用SREng修复下面各项：
启动项目 －－ 注册表之如下项删除：
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe]
    <IFEO[360rpt.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe]
    <IFEO[360Safe.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safebox.exe]
    <IFEO[360safebox.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe]
    <IFEO[360tray.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\adam.exe]
    <IFEO[adam.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AgentSvr.exe]
    <IFEO[AgentSvr.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiArp.exe]
    <IFEO[AntiArp.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AppSvc32.exe]
    <IFEO[AppSvc32.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arswp.exe]
    <IFEO[arswp.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AST.exe]
    <IFEO[AST.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe]
    <IFEO[autoruns.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe]
    <IFEO[avconsol.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe]
    <IFEO[avgnt.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe]
    <IFEO[avgrssvc.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe]
    <IFEO[AvMonitor.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com]
    <IFEO[avp.com]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe]
    <IFEO[avp.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe]
    <IFEO[CCenter.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe]
    <IFEO[ccSvcHst.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DrvAnti.exe]
    <IFEO[DrvAnti.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EGHOST.exe]
    <IFEO[EGHOST.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FileDsty.exe]
    <IFEO[FileDsty.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\filemon.exe]
    <IFEO[filemon.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FTCleanerShell.exe]
    <IFEO[FTCleanerShell.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FYFireWall.exe]
    <IFEO[FYFireWall.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFRing3.exe]
    <IFEO[GFRing3.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFUpd.exe]
    <IFEO[GFUpd.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe]
    <IFEO[HijackThis.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IceSword.exe]
    <IFEO[IceSword.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iparmo.exe]
    <IFEO[iparmo.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.exe]
    <IFEO[Iparmor.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\isPwdSvc.exe]
    <IFEO[isPwdSvc.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kabaload.exe]
    <IFEO[kabaload.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe]
    <IFEO[KASMain.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe]
    <IFEO[KASTask.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe]
    <IFEO[KAV32.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe]
    <IFEO[KAVDX.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPF.exe]
    <IFEO[KAVPF.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.exe]
    <IFEO[KAVPFW.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVSetup.exe]
    <IFEO[KAVSetup.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe]
    <IFEO[KAVStart.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KISLnchr.exe]
    <IFEO[KISLnchr.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMailMon.exe]
    <IFEO[KMailMon.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMFilter.exe]
    <IFEO[KMFilter.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe]
    <IFEO[KPFW32.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe]
    <IFEO[KPFW32X.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPfwSvc.exe]
    <IFEO[KPfwSvc.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Kregex.exe]
    <IFEO[Kregex.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRepair.com]
    <IFEO[KRepair.com]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KsLoader.exe]
    <IFEO[KsLoader.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvDetect.exe]
    <IFEO[KvDetect.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvfwMcl.exe]
    <IFEO[KvfwMcl.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvol.exe]
    <IFEO[kvol.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvolself.exe]
    <IFEO[kvolself.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.exe]
    <IFEO[KVSrvXP.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvupload.exe]
    <IFEO[kvupload.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvwsc.exe]
    <IFEO[kvwsc.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KvXP.kxp]
    <IFEO[KvXP.kxp]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch.exe]
    <IFEO[KWatch.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch9x.exe]
    <IFEO[KWatch9x.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatchX.exe]
    <IFEO[KWatchX.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MagicSet.exe]
    <IFEO[MagicSet.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcconsol.exe]
    <IFEO[mcconsol.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McNASvc.exe]
    <IFEO[McNASvc.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\McProxy.exe]
    <IFEO[McProxy.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Mcshield.exe]
    <IFEO[Mcshield.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcsysmon.exe]
    <IFEO[mcsysmon.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmqczj.exe]
    <IFEO[mmqczj.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmsk.exe]
    <IFEO[mmsk.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MpfSrv.exe]
    <IFEO[MpfSrv.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe]
    <IFEO[Navapsvc.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.exe]
    <IFEO[Navapw32.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVSetup.exe]
    <IFEO[NAVSetup.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe]
    <IFEO[nod32.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe]
    <IFEO[nod32krn.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32kui.exe]
    <IFEO[nod32kui.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NPFMntor.exe]
    <IFEO[NPFMntor.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFW.exe]
    <IFEO[PFW.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFWLiveUpdate.exe]
    <IFEO[PFWLiveUpdate.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ProcessSafe.exe]
    <IFEO[ProcessSafe.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe]
    <IFEO[procexp.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QHSET.exe]
    <IFEO[QHSET.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQKav.exe]
    <IFEO[QQKav.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ras.exe]
    <IFEO[Ras.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rav.exe]
    <IFEO[Rav.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMon.exe]
    <IFEO[RavMon.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMonD.exe]
    <IFEO[RavMonD.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavStub.exe]
    <IFEO[RavStub.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTask.exe]
    <IFEO[RavTask.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RawCopy.exe]
    <IFEO[RawCopy.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegClean.exe]
    <IFEO[RegClean.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regmon.exe]
    <IFEO[regmon.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegTool.exe]
    <IFEO[RegTool.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwcfg.exe]
    <IFEO[rfwcfg.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwmain.exe]
    <IFEO[rfwmain.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwProxy.exe]
    <IFEO[rfwProxy.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.exe]
    <IFEO[rfwsrv.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwstub.exe]
    <IFEO[rfwstub.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsAgent.exe]
    <IFEO[RsAgent.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rsaupd.exe]
    <IFEO[Rsaupd.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RStray.exe]
    <IFEO[RStray.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe]
    <IFEO[rstrui.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rtvscan.exe]
    <IFEO[Rtvscan.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\runiep.exe]
    <IFEO[runiep.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeboxTray.exe]
    <IFEO[safeboxTray.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safelive.exe]
    <IFEO[safelive.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe]
    <IFEO[scan32.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\shcfg32.exe]
    <IFEO[shcfg32.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SmartUp.exe]
    <IFEO[SmartUp.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SREng.exe]
    <IFEO[SREng.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SuperKiller.exe]
    <IFEO[SuperKiller.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvc.exe]
    <IFEO[symlcsvc.exe]><ntsd -d>  [N/A]

1.下载安天专杀工具AVLPK清理该病毒，AVLPK下载地址：http://www.antiy.com/cn/download/avlpk.htm
2.360顽固木马专杀大全
http://www.360.cn/killer/360compkill.html

3.清理助手下载
安装后，升级清理助手，全盘扫描
清理系统

接上贴。
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\symlcsvc.exe]
    <IFEO[symlcsvc.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SysSafe.exe]
    <IFEO[SysSafe.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe]
    <IFEO[taskmgr.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojanDetector.exe]
    <IFEO[TrojanDetector.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Trojanwall.exe]
    <IFEO[Trojanwall.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojDie.exe]
    <IFEO[TrojDie.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UIHost.exe]
    <IFEO[UIHost.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAgent.exe]
    <IFEO[UmxAgent.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxAttachment.exe]
    <IFEO[UmxAttachment.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxCfg.exe]
    <IFEO[UmxCfg.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxFwHlp.exe]
    <IFEO[UmxFwHlp.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UmxPol.exe]
    <IFEO[UmxPol.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\upiea.exe]
    <IFEO[upiea.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\UpLive.exe]
    <IFEO[UpLive.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\USBCleaner.exe]
    <IFEO[USBCleaner.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsstat.exe]
    <IFEO[vsstat.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\webscanx.exe]
    <IFEO[webscanx.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WoptiClean.exe]
    <IFEO[WoptiClean.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zxsweep.exe]
    <IFEO[zxsweep.exe]><ntsd -d>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <qtfstqywi><C:\WINDOWS\system32\loanoltrd.dll>  [File is missing]
    <F4E5E6D4><C:\WINDOWS\system32\fkelemdk.dll>  []
    <83667405><C:\WINDOWS\system32\ojmmnkgl.dll>  []
    <724B4914><C:\WINDOWS\system32\nikbkphk.dll>  []
    <A69BB621><C:\WINDOWS\system32\ampbbmih.dll>  []
    <099387A5><C:\WINDOWS\system32\gppjonal.dll>  []
    <94FC57CD><C:\WINDOWS\system32\pkfclncd.dll>  []
    <B5634A80><C:\WINDOWS\system32\blmjkaog.dll>  [File is missing]
    <AC9E9B91><C:\WINDOWS\system32\acpepbph.dll>  []
    <30387AC5><C:\WINDOWS\system32\jgjonacl.dll>  []
    <A81CE405><C:\WINDOWS\system32\aohcekgl.dll>  []
    <6147F5B9><C:\WINDOWS\system32\mhknflbp.dll>  []
    <26BFA868><C:\WINDOWS\system32\imbfaomo.dll>  []
    <42533496><C:\WINDOWS\system32\kiljjkpm.dll>  []
    <F1F7F75A><C:\WINDOWS\system32\fhfnfnla.dll>  []
    <F31A0D50><C:\WINDOWS\system32\fjhagdlg.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{F4E5E6D4-F6AA-4D10-AFCA-269F7CDBCD2F}><C:\WINDOWS\system32\fkelemdk.dll>  []
    <{83667405-8B37-416D-B817-73C5E7C69285}><C:\WINDOWS\system32\ojmmnkgl.dll>  []
    <{724B4914-AB2F-41D9-9F5C-90B2EAB91CE0}><C:\WINDOWS\system32\nikbkphk.dll>  []
    <{A69BB621-CAF9-41D8-88C5-FA91907888A5}><C:\WINDOWS\system32\ampbbmih.dll>  []
    <{099387A5-6299-4D6F-8D03-F85E03B550D2}><C:\WINDOWS\system32\gppjonal.dll>  []
    <{94FC57CD-2B5B-49E4-8CA0-7A9F4367F131}><C:\WINDOWS\system32\pkfclncd.dll>  []
    <{AC9E9B91-E9FB-4B14-930F-7B264BC61842}><C:\WINDOWS\system32\acpepbph.dll>  []
    <{30387AC5-99E6-4590-A51E-DD814904DD5B}><C:\WINDOWS\system32\jgjonacl.dll>  []
    <{A81CE405-91D1-4328-ADBE-0E952F2E0A9B}><C:\WINDOWS\system32\aohcekgl.dll>  []
    <{6147F5B9-DD2C-4926-A8B1-CBC617AD3063}><C:\WINDOWS\system32\mhknflbp.dll>  []
    <{DFB3DAC5-B0B5-4B05-BFCF-FB42737778FA}><DFB3DAC5.dll>  []
    <{26BFA868-6019-4A65-AFBC-5D05C3599CB6}><C:\WINDOWS\system32\imbfaomo.dll>  []
    <{42533496-F0DF-4614-A59E-B36B81877D20}><C:\WINDOWS\system32\kiljjkpm.dll>  []
    <{F1F7F75A-B21D-47F7-8E22-FA285E830B36}><C:\WINDOWS\system32\fhfnfnla.dll>  []
    <{F31A0D50-B062-4758-B571-01F3239A71E3}><C:\WINDOWS\system32\fjhagdlg.dll>  []
    <{B5634A80-9862-4C85-ACD5-E2F2D2809D8D}><C:\WINDOWS\system32\blmjkaog.dll>  [File is missing]
3用sreng修改<AppInit_DLLs>键值为空<>。
4系统文件c:\windows\system32\rpcss.dll被感染。
开始——运行——dllcache
在里面找到rpcss.dll替换原来c:\windows\system32里的。
5下载工具修复劫持。
http://bbs.ikaka.com/attachment.aspx?attachmentid=435625下载镜像劫持修复工具

1.格式不规范
2.少了几个驱动

下载usp10和psapi文件简易清理器.rar

这里下载手工清理木马群工具包，并解压至C盘文件夹里。（全部工具内附操作说明）：
http://bbs.ikaka.com/attachment.aspx?attachmentid=480689

可以这贴里找相同系统里的rpcss.dll下载：
http://bbs.ikaka.com/showtopic-8417665.aspx


再断网操作以下部分：

  用工具包内的“SmtRpl替换文件工具”（有使用说明）
将C:\WINDOWS\system32\里的rpcss.dll替换回正常的系统文件.


  用工具包内的“XDELBOX删除文件工具”去删除下列文件：（使用说明：删除时复制所有要删除文件的路径，在待删除文件列表里点击右键选择粘贴.在要删除文件上点击右键，选择立刻重启删除，电脑会重启进入DOS界面进行删除操作。运行xdelbox前最好卸载所有可移动存储设备）

c:\windows\system32\fjhagdlg.dll
c:\windows\system32\fhfnfnla.dll
c:\windows\system32\kiljjkpm.dll
c:\windows\system32\imbfaomo.dll
c:\windows\system32\mhknflbp.dll
c:\windows\system32\aohcekgl.dll
c:\windows\system32\jgjonacl.dll
c:\windows\system32\acpepbph.dll
c:\windows\system32\pkfclncd.dll
c:\windows\system32\gppjonal.dll
c:\windows\system32\ampbbmih.dll
c:\windows\system32\nikbkphk.dll
c:\windows\system32\ojmmnkgl.dll
c:\windows\system32\fkelemdk.dll
c:\windows\anymie360.exe
c:\windows\system32\anymie360.exe
c:\windows\system32\loanoltrd.dll
c:\windows\system32\blmjkaog.dll
c:\windows\system32\csrss.dll
c:\windows\system32\sh05029.dll
c:\windows\system32\sh07006.dll
c:\windows\system32\anymie360.dll
c:\windows\system32\dfb3dac5.dll
c:\windows\system32\xdva214.sys
c:\windows\system32\drivers\msiffei.sys
c:\windows\system32\b770ca2.sys

删除重启后使用SREng修复下面各项：

启动项目 －－ 注册表之如下项删除：

[F31A0D50]    <C:\WINDOWS\system32\fjhagdlg.dll>
[F1F7F75A]    <C:\WINDOWS\system32\fhfnfnla.dll>
[42533496]    <C:\WINDOWS\system32\kiljjkpm.dll>
[26BFA868]    <C:\WINDOWS\system32\imbfaomo.dll>
[6147F5B9]    <C:\WINDOWS\system32\mhknflbp.dll>
[A81CE405]    <C:\WINDOWS\system32\aohcekgl.dll>
[30387AC5]    <C:\WINDOWS\system32\jgjonacl.dll>
[AC9E9B91]    <C:\WINDOWS\system32\acpepbph.dll>
[94FC57CD]    <C:\WINDOWS\system32\pkfclncd.dll>
[099387A5]    <C:\WINDOWS\system32\gppjonal.dll>
[A69BB621]    <C:\WINDOWS\system32\ampbbmih.dll>
[724B4914]    <C:\WINDOWS\system32\nikbkphk.dll>
[83667405]    <C:\WINDOWS\system32\ojmmnkgl.dll>
[F4E5E6D4]    <C:\WINDOWS\system32\fkelemdk.dll>
[{F31A0D50-B062-4758-B571-01F3239A71E3}]    <C:\WINDOWS\system32\fjhagdlg.dll>
[{F1F7F75A-B21D-47F7-8E22-FA285E830B36}]    <C:\WINDOWS\system32\fhfnfnla.dll>
[{42533496-F0DF-4614-A59E-B36B81877D20}]    <C:\WINDOWS\system32\kiljjkpm.dll>
[{26BFA868-6019-4A65-AFBC-5D05C3599CB6}]    <C:\WINDOWS\system32\imbfaomo.dll>
[{DFB3DAC5-B0B5-4B05-BFCF-FB42737778FA}]    <DFB3DAC5.dll>
[{6147F5B9-DD2C-4926-A8B1-CBC617AD3063}]    <C:\WINDOWS\system32\mhknflbp.dll>
[{A81CE405-91D1-4328-ADBE-0E952F2E0A9B}]    <C:\WINDOWS\system32\aohcekgl.dll>
[{30387AC5-99E6-4590-A51E-DD814904DD5B}]    <C:\WINDOWS\system32\jgjonacl.dll>
[{AC9E9B91-E9FB-4B14-930F-7B264BC61842}]    <C:\WINDOWS\system32\acpepbph.dll>
[{94FC57CD-2B5B-49E4-8CA0-7A9F4367F131}]    <C:\WINDOWS\system32\pkfclncd.dll>
[{099387A5-6299-4D6F-8D03-F85E03B550D2}]    <C:\WINDOWS\system32\gppjonal.dll>
[{A69BB621-CAF9-41D8-88C5-FA91907888A5}]    <C:\WINDOWS\system32\ampbbmih.dll>
[{724B4914-AB2F-41D9-9F5C-90B2EAB91CE0}]    <C:\WINDOWS\system32\nikbkphk.dll>
[{83667405-8B37-416D-B817-73C5E7C69285}]    <C:\WINDOWS\system32\ojmmnkgl.dll>
[{F4E5E6D4-F6AA-4D10-AFCA-269F7CDBCD2F}]    <C:\WINDOWS\system32\fkelemdk.dll>
注意该项[AppInit_DLLs]修改：把<fkelemdk.dll,ojmmnkgl.dll,nikbkphk.dll,ampbbmih.dll,gppjonal.dll,pkfclncd.dll,blmjkaog.dll,acpepbph.dll,jgjonacl.dll,aohcekgl.dll,mhknflbp.dll,imbfaomo.dll,kiljjkpm.dll,fhfnfnla.dll,fjhagdlg.dll>修改为<>即清空
[Alcmtr]    <anymie360.exe>
[qtfstqywi]    <C:\WINDOWS\system32\loanoltrd.dll>
[{B5634A80-9862-4C85-ACD5-E2F2D2809D8D}]    <C:\WINDOWS\system32\blmjkaog.dll>
[B5634A80]    <C:\WINDOWS\system32\blmjkaog.dll>


启动项目 －－ 服务－－ 驱动程序之如下项删除:
SREng-在"启动项目->服务－>驱动程序中"选中"隐藏已认证的微软项目"然后删除下面名称的驱动程序(选中有问题的驱动后，点"删除服务"，点“设置”按钮即可。注意弹出的窗口中要点 "否NO"才是确认删除服务）(不能删除的就禁用:启动类型改为disabled,点中修改启动类型，点设置):

[XDva214 / XDva214]    <\??\C:\WINDOWS\system32\XDva214.sys>
[msiffei / msiffei]    <System32\Drivers\msiffei.sys>
[b770ca2 / b770ca2]    <\??\C:\WINDOWS\system32\b770ca2.sys>

工具里的映像劫持工具清理下劫持。

usp10和psapi文件简易清理器清理下系统



用W i n d o w s 清理助手 ，清理系统。
W i n d o w s 清理助手 下载：http://www.arswp.com/

谢谢提醒，不小心看漏了。

[Alcmtr]    <anymie360.exe>
是usp10.dll特征
注意下


IFEO
还是建议用
映像劫持工具的


删除以下文件：（使用说明：删除时复制所有要删除文件的路径，在待删除文件列表里点击右键选择剪贴板导入不检查路径，导入后记得勾选抑制其再生，在要删除文件上点击右键，选择立刻重启删除，电脑会重启进入DOS界面进行删除操作。运行xdelbox前最好卸载所有可移动存储设备）

天月的XDELBOx不用说这么多的
不信你下载工具自己用用看

看不懂

日志看的不多，谢谢指点。