Logfile of HijackThis v1.99.1
Scan saved at 22:24:20, on 2002-1-1
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\Program Files\Rising\Rav\CCenter.exe
D:\Program Files\Rising\Rav\Ravmond.exe
D:\WINNT\system32\spoolsv.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\System32\llssrv.exe
D:\WINNT\system32\nvsvc32.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\System32\msdtc.exe
D:\Program Files\Rising\Rav\RavStub.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\Explorer.EXE
D:\Program Files\Rising\Rav\RavTask.exe
D:\Program Files\Rising\Rav\Ravmon.exe
D:\WINNT\system32\internat.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
d:\program files\tencent\qq\qq.exe
D:\Program Files\Tencent\QQ\TIMPlatform.exe
D:\Program Files\CNNIC\Cdn\cdnup.exe
D:\Documents and Settings\Administrator\桌面\HijackThis.exe

O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - D:\Program Files\Common Files\CPUSH\cpush.dll
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - D:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O2 - BHO: QuickBtn - {D1BB7CF4-4463-4e91-88D7-ECC3CE0A13B7} - D:\Program Files\kuzhan\kuzhan.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RavTask] "D:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKCU\..\Run: [Internat.exe] internat.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: 腾讯QQ.lnk = D:\Program Files\Tencent\QQ\qqCfg.exe
O8 - Extra context menu item: &使用迅雷下载 - D:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - Extra context menu item: &使用迅雷下载全部链接 - D:\Program Files\Thunder Network\Thunder\getAllurl.htm
O8 - Extra context menu item: 上传到QQ网络硬盘 - d:\program files\tencent\qq\AddToNetDisk.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - d:\program files\tencent\qq\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - d:\program files\tencent\qq\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - d:\program files\tencent\qq\SendMMS.htm
O8 - Extra context menu item: 访问通用网址 - D:\Program Files\CNNIC\Cdn\cnnic.htm
O9 - Extra button: 酷站导航 - {1D901067-2529-4A9B-9B6B-7A1DB3A44CB5} - D:\Program Files\kuzhan\kuzhan.dll
O9 - Extra button: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - D:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra 'Tools' menuitem: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - D:\PROGRA~1\CNNIC\Cdn\cdnforie.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\Tencent\QQ\QQIEHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\Program Files\Tencent\QQ\QQIEHelper.dll (file missing)
O11 - Options group: [CDNCLIENT]  中文上网
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156858285500
O17 - HKLM\System\CCS\Services\Tcpip\..\{9212E217-D665-4CFE-AB02-FAAA722C2094}: NameServer = 202.96.128.86,202.96.128.166
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINNT\system32\nvsvc32.exe
O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - D:\Program Files\Rising\Rav\CCenter.exe
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\Program Files\Rising\Rav\Ravmond.exe


D:\Program Files\CNNIC\Cdn\cdnup.exe
中文上网
酷站导航
搜狐游戏(只是安装程序)
上面那几个怎么才能卸载掉啊?
我用了好多方法了,试过超级兔子,恶意软件清除,完美卸载在安全模式下卸载,都还是完全拿它们没法.删了又跑出来..
也用过正版瑞星,木马杀客,完美卸载的查杀软件查杀了系统.没有查杀到病毒.
各位,到低要怎么才能把它们卸载完啊.小弟在此跪求你们了..

跪求帮忙。。~~~

1。打开注册表。。彻底删除7046avpa相关的值
2。由于流氓将文件写入了后台申请数据处所以你是找不到文件本身的。。就算进去安全模式也找不到病毒文件，该病毒绑定了4个SETUP
INI设置为自动运行。。。所以开QQ或者开机就算你删除了它又自动安装。有点和流氓鸡毛信相似！
3。由于找不到文件所以请你进入安全模式下然后输入文件夹完整路径进入C:\Documents and Settings\All Users\Application Data\Tencent
这时能看见垃圾木马7046avpa.exe了。。。删除它和它绑定的所有文件及INI
4.这个时间在卸载中文上网和搜狐那2个绑定的文件！！！！！
5.卸载QQ。因为QQ启动文已经被绑定

引用:

【songwenhe的贴子】1。打开注册表。。彻底删除7046avpa相关的值 2。由于流氓将文件写入了后台申请数据处所以你是找不到文件本身的。。就算进去安全模式也找不到病毒文件，该病毒绑定了4个SETUP INI设置为自动运行。。。所以开QQ或者开机就算你删除了它又自动安装。有点和流氓鸡毛信相似！ 3。由于找不到文件所以请你进入安全模式下然后输入文件夹完整路径进入C:\Documents and Settings\All Users\Application Data\Tencent 这时能看见垃圾木马7046avpa.exe了。。。删除它和它绑定的所有文件及INI 4.这个时间在卸载中文上网和搜狐那2个绑定的文件！！！！！ 5.卸载QQ。因为QQ启动文已经被绑定 ………………

为什么新手也这么历害？~学习ing