昨晚不知道是升级完瑞星还是插上U盘后,就提示WINDOWS文件夹保护之类的提示,说要我放入WIN SP2光盘进行文件修复,无奈之下一查毒,杀出N多病毒,却全是EXE文件(包括常用软件的EXE文件),而且每个盘都有,之后几乎9成软件用不了了,从隔离区恢复过来还是不行,经我这菜鸟上网乱找一气,不知道是灰鸽子还是什么病毒来的,现在好郁闷,希望大侠打救一下我~~~555~~~杀毒的话,还是能杀出其他EXE文件,不感再杀下去了~~

以下是我的hijackthis日志:
Logfile of HijackThis v1.99.1
Scan saved at 13:01:37, on 2007-9-9
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Rav\CCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Rav\Ravmond.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Rav\RavStub.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Word2003\Real\Update_OB\realsched.exe
C:\Rav\RavTask.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Rav\Ravmon.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
D:\foobar2000\foobar2000.exe
C:\360safe\360Safe.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\Documents and Settings\Naruto\My Documents\SREngPS.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
I:\HijackThis1.99.1\HijackThis.exe

O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: ThunderBHO - {06849E9E-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [TkBellExe] "C:\Word2003\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RavTask] "C:\Rav\RavTask.exe" -system
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\RunOnce: [RavStub] "C:\Rav\ravstub.exe" /RUNONCE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: 快捷方式 到 foobar2000.lnk = D:\foobar2000\foobar2000.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O8 - Extra context menu item: 添加到QQ表情 - D:\Tencent\qq\AddEmotion.htm
O9 - Extra button: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe (file missing)
O9 - Extra 'Tools' menuitem: 启动迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe (file missing)
O9 - Extra button: 浩方对战平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - D:\浩方对战平台\GameClient.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580
O16 - DPF: {20C2C286-BDE8-441B-B73D-AFA22D914DA5} - http://download.ppstream.com/bin/powerplayer.cab
O16 - DPF: {FD44D72B-E01D-435C-8CAB-EF68843C2A12} (Ming-WebReport Viewer) - http://210.76.65.189:8080/gd-eams/NetService/Reports/Viewer/MRViewer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{70F7D0CB-D0C4-423C-B23F-9C4BDE0F6D0F}: NameServer = 202.96.128.166,202.96.128.68
O17 - HKLM\System\CCS\Services\Tcpip\..\{87F45023-82DA-4D45-922A-082D406AE8D6}: NameServer = 202.96.128.86 202.96.128.166
O18 - Protocol: KuGoo3 - {6AC4FBC7-AA38-45EC-9634-D6D20B679EFC} - C:\PROGRA~1\KuGoo3\InExtend\KUGOO3~1.OCX
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Rav\CCenter.exe
O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Rav\Ravmond.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\system32\drivers\svchost.exe (file missing)

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Maxthon)
¼r„"_3ª{’Pbbs.ikaka.comJQÄXC“ۅu

SREngPS日志:
[CODE]

2007-09-09,12:45:11

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}><"C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe">  [Nero AG]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [NVIDIA Corporation]
    <nwiz><nwiz.exe /install>  [NVIDIA Corporation]
    <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [NVIDIA Corporation]
    <AudioDeck><C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1 >  [N/A]
    <TkBellExe><"C:\Word2003\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <StormCodec_Helper><"C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti>  []
    <NeroFilterCheck><C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe>  [Nero AG]
    <RavTask><"C:\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <DAEMON Tools-1033><"C:\Program Files\D-Tools\daemon.exe"  -lang 1033>  [DAEMON'S HOME]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <RavStub><"C:\Rav\ravstub.exe" /RUNONCE>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    <WinlogonNotify: WgaLogon><WgaLogon.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]

==================================
启动文件夹
[Adobe Reader Speed Launch]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Reader Speed Launch.lnk --> C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [N/A]><N>
[Adobe Reader Synchronizer]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Reader Synchronizer.lnk --> C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [N/A]><N>
[TabUserW.exe]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\TabUserW.exe.lnk --> C:\WINDOWS\system32\WTablet\TabUserW.exe [Wacom Technology, Corp.]><N>
[快捷方式 到 foobar2000]
  <C:\Documents and Settings\Naruto\「开始」菜单\程序\启动\快捷方式 到 foobar2000.lnk --> D:\FOOBAR~1\FOOBAR~1.EXE [N/A]><N>

==================================
服务
[Diskeeper / Diskeeper][Running/Auto Start]
  <"C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe"><Diskeeper Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"C:\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[TabletService / TabletService][Running/Auto Start]
  <C:\WINDOWS\system32\Tablet.exe><Wacom Technology, Corp.>
[Windows Media Player Network Sharing Service / WMPNetworkSvc][Stopped/Manual Start]
  <C:\Program Files\Windows Media Player\WMPNetwk.exe><Microsoft Corporation>
[Automatic Updates / wuauserv][Stopped/Auto Start]
  <C:\WINDOWS\system32\drivers\svchost.exe><N/A>
[Windows Driver Foundation - User-mode Driver Framework / WudfSvc][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup-->%SystemRoot%\System32\WUDFSvc.dll><Microsoft Corporation>

==================================
驱动程序
[BaseTDI / BaseTDI][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\basetdi.sys><Beijing Rising Technology Co., Ltd.>
[d347bus / d347bus][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\d347bus.sys><>
[d347prt / d347prt][Running/Boot Start]
  <\SystemRoot\System32\Drivers\d347prt.sys><>
[Creative AudioPCI (ES1371,ES1373) (WDM) / es1371][Running/Manual Start]
  <system32\drivers\es1371mp.sys><Creative Technology Ltd.>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\C:\Rav\ExpScan.sys><>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Running/Manual Start]
  <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[hfbibidd / hfbibidd][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\hfbibidd.sys><N/A>
[hheigjhj / hheigjhj][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\hheigjhj.sys><N/A>
[HookCont / HookCont][Running/Auto Start]
  <\??\C:\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\C:\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\C:\Rav\HookSys.sys><Rising>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\C:\Rav\MEMSCAN.sys><Beijing Rising Technology Co., Ltd.>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\D:\Tencent\qq\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Pen Class / PenClass][Running/Boot Start]
  <\SystemRoot\system32\drivers\PenClass.sys><Wacom Technology Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\C:\Rav\RSPPSYS.sys><Rising>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[ViaIde / ViaIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[Vinyl AC'97 Audio Controller (WDM) / VIAudio][Stopped/Manual Start]
  <system32\drivers\vinyl97.sys><VIA Technologies, Inc.>
[Windows Driver Foundation - User-mode Driver Framework Platform Driver / WudfPf][Stopped/Manual Start]
  <system32\DRIVERS\WudfPf.sys><Microsoft Corporation>
[Windows Driver Foundation - User-mode Driver Framework Reflector / WudfRd][Stopped/Manual Start]
  <system32\DRIVERS\wudfrd.sys><Microsoft Corporation>
[40687 / 40687][Running/]
  <2 - 系统找不到指定的文件。
><N/A>

==================================
浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
  {06849E9E-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, N/A>
[浩方对战平台]¼r„"_3ª{’Pbbs.ikaka.comJQÄXC“ۅu

{0A155D3C-68E2-4215-A47A-E800A446447A} <D:\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Office Genuine Advantage Validation Tool]
  {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} <C:\WINDOWS\system32\OGACheckControl.DLL, >
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft Corporation>
[Microsoft Genuine Advantage Self Support Tool]
  {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} <C:\WINDOWS\system32\SelfHelpControl.DLL, Microsoft Corporation>
[Ming-WebReport Viewer]
  {FD44D72B-E01D-435C-8CAB-EF68843C2A12} <C:\WINDOWS\DOWNLO~1\MRViewer.ocx, MingCybertech Co., Ltd.>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
  {06849E9E-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[Vod Class]
  {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <C:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DapPlayer_Now.dll, XunLei>
[使用迅雷下载]
  <C:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>
[添加到QQ表情]
  <D:\Tencent\qq\AddEmotion.htm, N/A>

==================================
正在运行的进程
[PID: 588 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 668 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 692 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WgaLogon.dll]  [Microsoft Corporation, 1.7.0018.5]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 736 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 748 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 900 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 964 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1052 / SYSTEM][C:\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 1068 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1108 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1228 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1288 / SYSTEM][C:\Rav\Ravmond.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 49]
    [C:\Rav\BWList.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [C:\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Rav\rfwctrl.dll]  [Beijing Rising Technology Co., Ltd., 5, 0, 0, 11]
    [C:\Rav\RsPPsys.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [C:\Rav\RSAPPMGR.DLL]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
    [C:\Rav\CfgDll.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 13]
    [C:\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
    [C:\Rav\RsLog.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 20]
    [C:\Rav\HOOKSYS.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 0]
    [C:\Rav\Scanner.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 15]
    [C:\Rav\libload.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
    [C:\Rav\VirusLib.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 15]
    [C:\Rav\regmon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 6]
    [C:\Rav\psapi.dll]  [Microsoft Corporation, 4.00]
    [C:\Rav\HookWeb.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 1]
    [C:\Rav\MemMon.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 14]
    [C:\Rav\expscan.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
    [C:\Rav\mPorts.dll]  [Beijing Rising Technology Co., Ltd., 4, 0, 0, 3]
    [C:\Rav\HookCont.dll]  [Rising, 19, 0, 0, 0]
    [C:\Rav\SpamEng.dll]  [, 18, 0, 0, 6]
    [C:\Rav\engine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 30]
    [C:\Rav\PostTrt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 17]
    [C:\Rav\UnExe.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 10]
    [C:\Rav\ScanExec.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 19]
    [C:\Rav\ScanEx.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 82]
    [C:\Rav\ExtFile.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 36]
    [C:\Rav\NvFile.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 11]
    [C:\Rav\ScanMac.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 17]
    [C:\Rav\ScanSct.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 20]
    [C:\Rav\ScanPack.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 24]
    [C:\Rav\RsVM.dll]  [, 19, 0, 0, 20]
    [C:\Rav\Uroutine.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 57]
[PID: 1544 / Naruto][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [C:\WINDOWS\system32\tabhook.dll]  [Wacom Technology, Corp., 4.84-6]
    [C:\WINDOWS\system32\WPDShServiceObj.dll]  [Microsoft Corporation, 5.2.5358.4827 (WMP_11.060509-2009)]
    [C:\WINDOWS\system32\PortableDeviceTypes.dll]  [Microsoft Corporation, 5.2.5358.4827 (WMP_11.060509-2009)]
    [C:\WINDOWS\system32\PortableDeviceApi.dll]  [Microsoft Corporation, 5.2.5358.4827 (WMP_11.060509-2009)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll]  [Nero AG, 2, 0, 0, 8]
    [C:\Program Files\Common Files\Ahead\lib\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Common Files\Ahead\lib\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Common Files\Ahead\lib\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 8.0.0.0]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.CHS]  [Adobe Systems, Inc., 8.0.0.0]
    [C:\WINDOWS\system32\nvcpl.dll]  [NVIDIA Corporation, 6.14.10.7641]
    [C:\WINDOWS\system32\nvshell.dll]  [NVIDIA Corporation, 6.14.10.10513]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.2.9]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 3, 11]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll]  [, 1, 0, 0, 4]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 6]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 8.0.0.2006102200]
    [C:\Word2003\msohev.dll]  [Microsoft Corporation, 11.0.5510]
[PID: 1648 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1752 / SYSTEM][C:\Rav\RavStub.exe]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 4]
    [C:\Rav\RsCommX.dll]  [rising, 18, 0, 0, 1]
    [C:\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 1952 / SYSTEM][C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe]  [Diskeeper Corporation, 10.0.593.0]
    [C:\Program Files\Diskeeper Corporation\Diskeeper\DkLib.dll]  [Diskeeper Corporation, 10.0.593.0]
    [C:\Program Files\Diskeeper Corporation\Diskeeper\Tab.dll]  [Diskeeper? Corporation., 1.0.37.0]
    [C:\Program Files\Diskeeper Corporation\Diskeeper\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]¼r„"_3ª{’Pbbs.ikaka.comJQÄXC“ۅu

日志不全

注意：删除病毒可能会具有一定的危险性 所以强烈建议操作前要把重要资料转移至非系统分区！
打开sreng
“启动项目”-“服务”-“Win32服务应用程序”中点“隐藏经认证的微软项目”，选中以下项目，点“删除服务”，再点“设置”，在弹出的框中点“否”：
<C:\WINDOWS\system32\drivers\svchost.exe><N/A>


用SRENG扫描工具删除以下驱动程序

<\SystemRoot\system32\drivers\hfbibidd.sys><N/A>
<\SystemRoot\system32\drivers\hheigjhj.sys><N/A>

重启计算机进入安全模式下删除
<\SystemRoot\system32\drivers\hfbibidd.sys><N/A>
<\SystemRoot\system32\drivers\hheigjhj.sys><N/A>

<C:\WINDOWS\system32\drivers\svchost.exe><N/A>

¼r„"_3ª{’Pbbs.ikaka.comJQÄXC“ۅu