中了威金还有很多鸟病毒 求大家看看帮帮忙哈
谢谢了
CODE]

2007-04-06,22:54:50

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <RaidTool><C:\Program Files\VIA\RAID\raid_tool.exe>  [VIA Technologies]
    <StormCodec_Helper><"C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti>  []
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [N/A]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <BigDogPath><C:\WINDOWS\VM_STI.EXE USB PC Camera 301P>  [N/A]
    <RavTask><"D:\杀毒\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <jkeulc11><%systemroot%\system32\Rundll32.exe "%systemroot%\system32\jkeulc11.dll",Start>  []
    <360Safetray><C:\Program Files\360safe\safemon\360Tray.exe /start>  [奇虎网]
    <360tray.exe><C:\Program Files\safe360\360tray.exe>  [N/A]
    <upxndnd><C:\DOCUME~1\bo\LOCALS~1\Temp\upxndnd.exe>  []
    <cmddbcs><C:\WINDOWS\cmddbcs.exe>  []
    <bkyljm49><%systemroot%\system32\Rundll32.exe "%systemroot%\system32\bkyljm49.dll",Start>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <twin><C:\WINDOWS\system32\ctfnom.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]

==================================
启动文件夹
[QQ游戏启动加速程序]
  <C:\Documents and Settings\bo\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> E:\QQGAME\Accel.exe [深圳市腾讯计算机系统有限公司]><N>
[腾讯QQ珊瑚虫版]
  <C:\Documents and Settings\bo\「开始」菜单\程序\启动\腾讯QQ珊瑚虫版.lnk --> E:\qq\CoralQQ.exe [珊瑚虫工作室]><N>

==================================
服务
[34FDBFA4 / 34FDBFA4][Stopped/Auto Start]
  <C:\WINDOWS\system32\34FDBFA4.EXE -service><N/A>
[Background Intelligent Transfer Service / BITS][Stopped/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\dhcpcsc32.dll><N/A>
[FD0E3A9E / FD0E3A9E][Stopped/Auto Start]
  <C:\WINDOWS\system32\FD0E3A9E.EXE -service><Microsoft Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NT Data Provider / Mercha2][Running/Auto Start]
  <C:\WINDOWS\SYSTEM32\RUNDLL2000.EXE C:\WINDOWS\SYSTEM32\WBEM\INBJJ.DLL,Export 1087><Microsoft Corporation>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"D:\杀毒\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
  <"D:\杀毒\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Application Accelerator / Tech][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\psxul.dll><Microsoft Corporation>
[Vsn vvkh Service / vvkh][Stopped/Auto Start]
  <C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\COMMON~1\byqn\ifxu.dll,Service><Microsoft Corporation>
[SysWinStartForMedia / WinStartForMedia][Stopped/Auto Start]
  <C:\Windows\system32\WBGKQVAFJOTX.EXE><N/A>
[Portable Media / WmdmPWD][Running/Auto Start]
  <C:\WINDOWS\system32\Svchost.exe -k WmdmPWD-->C:\WINDOWS\system32\MDserivces\services\svchost.dll><Microsoft Corporation>

==================================
驱动程序
[85828 / 85828][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\Drivers\85796.sys><Driver>
[atznkd7 / atznkd72][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\atznkd72.sys><N/A>
[BaseTDI / BaseTDI][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\basetdi.sys><Beijing Rising Technology Co., Ltd.>
[bkyljm4 / bkyljm49][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\bkyljm49.sys><Microsoft Corporation>
[bqoupkn / bqoupkn][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\bqoupkn.sys><N/A>
[diaicbfg / diaicbfg][Stopped/System Start]
  <\??\C:\WINDOWS\system32\drivers\diaicbfg.sys><N/A>
[didigech / didigech][Stopped/System Start]
  <\??\C:\WINDOWS\system32\drivers\didigech.sys><N/A>
[EagleNT / EagleNT][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\EagleNT.sys><N/A>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\D:\杀毒\Rising\Rav\ExpScan.sys><>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Running/Manual Start]
  <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[HookCont / HookCont][Running/Auto Start]
  <\??\D:\杀毒\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
  <\??\D:\杀毒\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\D:\杀毒\Rising\Rav\HookSys.sys><Rising>
[iigbiibf / iigbiibf][Stopped/System Start]
  <\??\C:\WINDOWS\system32\drivers\iigbiibf.sys><N/A>
[jkeulc1 / jkeulc11][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\jkeulc11.sys><Microsoft Corporation>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\D:\杀毒\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[msdirectx / msdirectx][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\msdirectx.sys><N/A>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
  <system32\drivers\npf.sys><CACE Technologies>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\E:\qq\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[nw_pfr / nw_pfr][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\nw_pfr.sys><N/A>
[pacdcacm / pacdcacm][Stopped/Manual Start]
  <system32\DRIVERS\pacdcacm.sys><Panasonic>
[ppcrjf73 / ppcrjf73][Stopped/Boot Start]
  <\SystemRoot\system32\\drivers\\system32\\drivers\\%s.sys.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
  <\??\D:\杀毒\RISING\RAV\RSPPSYS.sys><Rising>
[rs_mtq / rs_mtq][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\rs_mtq.sys><N/A>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[udxzld1 / udxzld19][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\udxzld19.sys><N/A>
[ViaIde / ViaIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[viamraid / viamraid][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\viamraid.sys><VIA Technologies inc,.ltd>
[VIA AC'97 Audio Controller (WDM) / VIAudio][Running/Manual Start]
  <system32\drivers\viaudio.sys><VIA Technologies, Inc.>
[VIA USB Host Controller Lower Filter / vulfnths][Stopped/Manual Start]
  <\SystemRoot\System32\Drivers\vulfnth.sys><VIA Technologies, Inc.>
[VIA USB Roothub Lower Filter / vulfntrs][Running/Manual Start]
  <\SystemRoot\System32\Drivers\vulfntr.sys><VIA Technologies, Inc.>
[wcwtvm33 / wcwtvm33][Stopped/Boot Start]
  <\SystemRoot\system32\\drivers\\system32\\drivers\\%s.sys.sys><N/A>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[xlnrcr61 / xlnrcr61][Stopped/Boot Start]
  <\SystemRoot\system32\\drivers\\xlnrcr61.sys><N/A>
[USB PC Camera 301P / ZSMC301b][Running/Manual Start]
  <System32\Drivers\usbVM31b.sys><VM>
[52250 / 52250][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\Drivers\51906.sys><Driver>
[xpsp1tdi / xpsp1tdi][Running/]
  <2 - 系统找不到指定的文件。
><N/A>
[VideoCapPCI2 / VideoCapPCI2][Running/]
  <2 - 系统找不到指定的文件。
><N/A>
[xpsp1reg / xpsp1reg][Running/]
  <2 - 系统找不到指定的文件。
><N/A>
[VideoCapUSB2 / VideoCapUSB2][Running/]
  <2 - 系统找不到指定的文件。
><N/A>

==================================

浏览器加载项
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <D:\迅雷\Thunder.exe, Thunder Networking Technologies,LTD>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <E:\qq\QQ.EXE, N/A>
[MMCPlayer Class]
  {05C1004E-2596-48E5-8E26-39362985EEB9} <C:\WINDOWS\Downloaded Program Files\MMCShell.dll, Sohu.com Inc.>
[Downloader Class]
  {5932517A-3326-4439-A708-1C98EDB5C549} <C:\WINDOWS\system32\iMopDl.dll, >
[PowerPlayer Control]
  {5EC7C511-CD0F-42E6-830C-1BD9882F3458} <D:\新0170~1\PPStream\POWERP~1.DLL, PPStream Inc.>
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, >
[BoBo_V2 Control]
  {A8C3B40D-5384-44AD-ACC4-504B4D8A85F5} <C:\WINDOWS\DOWNLO~1\BOBO_A~1.OCX, 17BoBo.com>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[BoBoControl Class]
  {EC0978ED-24E3-403C-AB7A-060E388553E6} <C:\WINDOWS\system32\BoBo_ActiveX_V3.ocx, 广州易播信息科技有限公司>
[]
  {60610E76-3595-4A29-B52A-4E643A4CCA41} <C:\WINDOWS\system32\dhcpcsc32.dll, N/A>
[Thunder Browser Helper]
  {751B92D0-ED75-4F1C-B484-BD353F205F83} <D:\迅雷\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[vshe]
  {751B92D1-ED75-4F1C-B484-BD353F205F83} <C:\PROGRA~1\COMMON~1\byqn\fcur.dll, N/A>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[UZDINSWBGKO]
  {A9ECA386-BFF3-428D-B4DA-BC6869B1B32D} <C:\WINDOWS\system32\YBGKQVZEJOTXC.DLL, N/A>
[NavigatMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, >
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[WinMyFavor Class]
  {F7F49040-389C-4F1F-A825-06D5328EAE59} <C:\WINDOWS\system32\MyFavor32.dll, N/A>
[&使用迅雷下载]
  <D:\迅雷\Program\geturl.htm, N/A>
[上传到QQ网络硬盘]
  <E:\qq\AddToNetDisk.htm, N/A>
[使用Web迅雷下载]
  <, N/A>
[使用Web迅雷下载全部链接]
  <, N/A>
[添加到QQ自定义面板]
  <E:\qq\AddPanel.htm, N/A>
[添加到QQ表情]
  <E:\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <E:\qq\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 580][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 628][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 652][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\FD0E3A9E.DLL]  [Microsoft Corporation, ]
[PID: 696][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 708][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 868][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 948][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1060][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\windows\system32\psxul.dll]  [Microsoft Corporation, 5.1.2600.0]
[PID: 1620][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1692][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\FD0E3A9E.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\system32\udxzld19.dll]  [Microsoft Corporation, 1, 1, 1, 1036]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\jkeulc11.dll]  [, 1, 1, 1, 1006]
    [C:\WINDOWS\system32\bkyljm49.dll]  [, 1, 1, 1, 1006]
    [C:\Program Files\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1004]
    [E:\解压缩\rarext.dll]  [N/A, ]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
    [D:\杀毒\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 508][C:\Program Files\VIA\RAID\raid_tool.exe]  [VIA Technologies, 5, 2, 2, 0]
    [C:\Program Files\VIA\RAID\drvInterface.dll]  [, 5, 2, 2, 0]
[PID: 1152][C:\Program Files\360safe\safemon\360Tray.exe]  [奇虎网, 1, 0, 1, 1004]
    [C:\Program Files\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1004]
    [C:\Program Files\360safe\safemon\SafeKrnl.dll]  [奇虎网, 1, 0, 0, 3001]
    [C:\Program Files\360safe\AntiAdwa.dll]  [360Safe.com, 2, 2, 5, 1000]
    [C:\WINDOWS\system32\bkyljm49.dll]  [, 1, 1, 1, 1006]
    [C:\WINDOWS\system32\jkeulc11.dll]  [, 1, 1, 1, 1006]
[PID: 1352][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\bkyljm49.dll]  [, 1, 1, 1, 1006]
    [C:\Program Files\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1004]
    [C:\WINDOWS\system32\jkeulc11.dll]  [, 1, 1, 1, 1006]
[PID: 760][C:\Program Files\Messenger\msmsgs.exe]  [Microsoft Corporation, 4.7.3000]
    [C:\WINDOWS\system32\bkyljm49.dll]  [, 1, 1, 1, 1006]
    [C:\Program Files\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1004]
    [C:\WINDOWS\system32\jkeulc11.dll]  [, 1, 1, 1, 1006]
[PID: 3176][C:\DOCUME~1\bo\LOCALS~1\Temp\Rar$EX00.454\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\WINDOWS\system32\bkyljm49.dll]  [, 1, 1, 1, 1006]
    [C:\Program Files\360safe\safemon\safemon.dll]  [, 1, 0, 0, 1004]
    [C:\WINDOWS\system32\jkeulc11.dll]  [, 1, 1, 1, 1006]

==================================

文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
入口点错误：CreateProcessA (危险等级: 一般,  被下面模块所HOOK: C:\Program Files\360safe\safemon\safemon.dll)
入口点错误：CreateProcessW (危险等级: 一般,  被下面模块所HOOK: C:\Program Files\360safe\safemon\safemon.dll)

==================================
隐藏进程
    [2060] C:\Program Files\Common Files\VideoCap2.exe
    [2076] C:\Program Files\Common Files\xp1update.exe
    [2132] C:\Program Files\Internet Explorer\IEXPLORE.EXE

==================================


[/CODE]

<upxndnd><C:\DOCUME~1\bo\LOCALS~1\Temp\upxndnd.exe> []
<cmddbcs><C:\WINDOWS\cmddbcs.exe> []
中招，杀毒（木马）。

打开sreng （就是你扫日志的软件）
启动项目  注册表 删除如下项目 (如果有哪项你认识或者确认不是病毒 请不要删除)
<upxndnd><C:\DOCUME~1\bo\LOCALS~1\Temp\upxndnd.exe> []
<cmddbcs><C:\WINDOWS\cmddbcs.exe> []
<bkyljm49><%systemroot%\system32\Rundll32.exe "%systemroot%\system32\bkyljm49.dll",Start> []
<twin><C:\WINDOWS\system32\ctfnom.exe> [N/A]


“启动项目”-“服务”-“Win32服务应用程序”中点“隐藏经认证的微软项目”，
选中以下项目，点“删除服务”，再点“设置”，在弹出的框中点“否”：
[34FDBFA4 / 34FDBFA4
NT Data Provider / Mercha2
FD0E3A9E / FD0E3A9E
Application Accelerator / Tech
SysWinStartForMedia / WinStartForMedia
双击我的电脑，工具，文件夹选项，查看，单击选取"显示隐藏文件或文件夹" 并清除"隐藏受保护的操作系统文件（推荐）"前面的钩。在提示确定更改时，单击“是” 然后确定
然后删除
C:\WINDOWS\system32\34FDBFA4.EXE
C:\WINDOWS\system32\FD0E3A9E.EXE
C:\WINDOWS\system32\psxul.dll
C:\WINDOWS\system32\MDserivces\services\svchost.dll
C:\WINDOWS\cmddbcs.exe
清空C:\DOCUME~1\bo\LOCALS~1\Temp
如果装有QQ请把QQ 安装文件夹中的Timplatform.exe删除 把Timplatfrom.exe重命名为Timplatform.exe