卡巴斯基查出 c:\windows\ .exe是病毒，是空格.exe，删了一次就不见了，在启动项目里
没有这个文件，但过了几天在启动项目里出现这个文件，但在文件夹中找不到文件，而且现在卡巴斯基的实时监控不能完全启动了，防网络攻击启动失败，请问怎样解决？
请问这是病毒吗？怎样删除？

多谢!!!

请帮忙看看，再次多谢！！！

HijackThis_zww汉化版扫描日志 V1.99.1
保存于      15:21:18, 日期 2006-3-17
操作系统：  Windows XP SP2 (WinNT 5.01.2600)
浏览器：    Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程：         
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\windows\system32\ctfmon.exe
C:\windows\system32\svchost.exe
H:\已装\QQ\QQ.exe
C:\Program Files\Internet Explorer\IEXPLORE.exe
H:\已装\Cterm\Cterm.exe
H:\已装\QQ\QQ.exe
H:\已装\Real\RealPlayer\realplay.exe
C:\windows\system32\conime.exe
H:\已装\visual c++ 6.0\MSDev98\Bin\MSDEV.EXE
C:\Program Files\Internet Explorer\IEXPLORE.exe
H:\已装\wb\wnwb.exe
C:\Program Files\Internet Explorer\IEXPLORE.exe
C:\WINDOWS\system32\WISPTIS.EXE
H:\已装\winrar\WinRAR.exe
C:\windows\system32\notepad.exe
D:\temp\Rar$EX46.250\HijackThis1991zww.exe

R3 - URLSearchHook: SgUrlSearHook Class - {BAB1AC41-6FF7-4F2E-A04E-5C592CCFEA7D} - C:\windows\system32\socul.dll
R3 - URLSearchHook: SrchHook Class - {EED92A43-CFCE-4548-BD73-B0A405470ED5} - C:\PROGRA~1\CNNIC\Cdn\iesrch.dll
F2 - REG:system.ini: UserInit=C:\windows\system32\userinit.exe
O2 - BHO: QQBrowserHelperObject Class - {54EBD53A-9BC1-480B-966A-843A333CA162} - H:\已装\QQ\QQIEHelper.dll
O2 - BHO: BandIE Class - {77FEF28E-EB96-44FF-B511-3185DEA48697} - C:\PROGRA~1\baidu\bar\BaiduBar.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - H:\已装\酷狗\KuGoo3\KuGoo3DownXControl.ocx
O2 - BHO: 超级兔子上网精灵 - {FEDF637B-F631-4583-A210-33CC828D42DB} - G:\itolidiq\MYSOFT~1\MAGICS~1\MagicSet\HAOKAN~1.DLL
O3 - IE工具栏增项: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - G:\itolidiq\PROGRA~1\FLASHGET\fgiebar.dll
O3 - IE工具栏增项: 超级兔子上网精灵 - {FEDF637B-F631-4583-A210-33CC828D42DB} - G:\itolidiq\MYSOFT~1\MAGICS~1\MagicSet\HAOKAN~1.DLL
O3 - IE工具栏增项: 百度超级搜霸 - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - C:\PROGRA~1\baidu\bar\BaiduBar.dll
O4 - 启动项HKLM\\Run: [KAVPersonal50] "H:\已装\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Super Rabbit IEPro] G:\itolidiq\my software\magicset745\MagicSet\SRIECLI.EXE /LOAD
O8 - IE右键菜单中的新增项目: 使用网际快车下载 - G:\itolidiq\Program file\FlashGet\jc_link.htm
O8 - IE右键菜单中的新增项目: 使用网际快车下载全部链接 - G:\itolidiq\Program file\FlashGet\jc_all.htm
O8 - IE右键菜单中的新增项目: 导出到 Microsoft Office Excel(&X) - res://H:\已装\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - 浏览器额外的按钮: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - H:\已装\QQ\QQ.EXE
O9 - 浏览器额外的“工具”菜单项: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - H:\已装\QQ\QQ.EXE
O9 - 浏览器额外的按钮: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - H:\已装\QQ\QQIEHelper.dll
O9 - 浏览器额外的“工具”菜单项: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - H:\已装\QQ\QQIEHelper.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tomatolei.com
O23 - NT 服务: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - NT 服务: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - NT 服务: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - NT 服务: kavsvc - Kaspersky Lab - H:\已装\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe










启动项报告：      2006-3-17, 下午 03:22:00
启动项扫描器版本： 1.52.2
开始于：      D:\temp\Rar$EX46.250\HijackThis1991zww.EXE
系统检测：    Windows XP SP2 (WinNT 5.01.2600)
系统检测：    Internet Explorer v6.00 SP2 (6.00.2900.2180)
* 使用默认选项             
==================================================

当前运行的进程：         

C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\windows\system32\ctfmon.exe
C:\windows\system32\svchost.exe
H:\已装\QQ\QQ.exe
C:\Program Files\Internet Explorer\IEXPLORE.exe
H:\已装\Cterm\Cterm.exe
H:\已装\QQ\QQ.exe
H:\已装\Real\RealPlayer\realplay.exe
C:\windows\system32\conime.exe
H:\已装\visual c++ 6.0\MSDev98\Bin\MSDEV.EXE
C:\Program Files\Internet Explorer\IEXPLORE.exe
H:\已装\wb\wnwb.exe
C:\Program Files\Internet Explorer\IEXPLORE.exe
C:\WINDOWS\system32\WISPTIS.EXE
H:\已装\winrar\WinRAR.exe
C:\windows\system32\notepad.exe
D:\temp\Rar$EX46.250\HijackThis1991zww.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\windows\system32\userinit.exe

--------------------------------------------------

注册表中的启动项:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

KAVPersonal50 = "H:\已装\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize

--------------------------------------------------

注册表中的启动项:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\windows\system32\ctfmon.exe
Super Rabbit IEPro = G:\itolidiq\my software\magicset745\MagicSet\SRIECLI.EXE /LOAD

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[3721TRQua]
BigDogPath = C:\WINDOWS\VM_STI.EXE VIMICRO USB PC CAMERA

[OptionalComponents]
* 未找到值 *       

--------------------------------------------------

Load/Run keys from C:\windows\WIN.INI:

load=* 未找到INI相关项目值 *       
run=* 未找到INI相关项目值 *       

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=* 未找到相关注册表键值 *           
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=* 未找到相关注册表键值 *           
HKLM\..\Windows\CurrentVersion\WinLogon: load=* 未找到相关注册表键值 *           
HKLM\..\Windows\CurrentVersion\WinLogon: run=* 未找到相关注册表键值 *           
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=* 未找到相关注册表键值 *           
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=* 未找到相关注册表键值 *           
HKCU\..\Windows\CurrentVersion\WinLogon: load=* 未找到相关注册表键值 *         
HKCU\..\Windows\CurrentVersion\WinLogon: run=* 未找到相关注册表键值 *         
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=
HKLM\..\Windows NT\CurrentVersion\Windows: load=
HKLM\..\Windows NT\CurrentVersion\Windows: run=
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

外壳扩展和屏幕保护程序的键值  从            C:\windows\SYSTEM.INI:

Shell=* 未找到INI相关项目值 *       
SCRNSAVE.EXE=* 未找到INI相关项目值 *       
drivers=* 未找到INI相关项目值 *       

外壳扩展和屏幕保护程序的键值  从  注册表             

Shell=Explorer.exe
SCRNSAVE.EXE=* 未找到相关注册表键值 *           
drivers=* 未找到相关注册表键值 *           

Policies Shell key:

HKCU\..\Policies: Shell=* 未找到相关注册表键值 *           
HKLM\..\Policies: Shell=* 未找到相关注册表键值 *           

--------------------------------------------------


列举IE浏览器辅助对象(BHO模块):               

(no name) - H:\已装\QQ\QQIEHelper.dll - {54EBD53A-9BC1-480B-966A-843A333CA162}
(no name) - C:\PROGRA~1\baidu\bar\BaiduBar.dll - {77FEF28E-EB96-44FF-B511-3185DEA48697}
(no name) - (no file) - {A5366673-E8CA-11D3-9CD9-0090271D075B}
(no name) - H:\已装\酷狗\KuGoo3\KuGoo3DownXControl.ocx - {A9930D97-9CF0-42A0-A10D-4F28836579D5}
(no name) - G:\itolidiq\MYSOFT~1\MAGICS~1\MagicSet\HAOKAN~1.DLL - {FEDF637B-F631-4583-A210-33CC828D42DB}

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{946FD4B3-9B95-44A6-955D-C7742D50AE92}||C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{5464DB40-195E-4680-BFFD-1C21FFA171BE}||C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{1E6E3923-011C-4EAC-A428-C58F3F1C3091}|||5

--------------------------------------------------

列举 ShellServiceObjectDelayLoad 项目：           

PostBootReminder: C:\windows\system32\SHELL32.dll
CDBurn: C:\windows\system32\SHELL32.dll
WebCheck: C:\windows\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll

--------------------------------------------------
报告完毕，共 5,692 字节         
报告生成用时：0.015秒     

Command line options:
  /verbose  - to add additional info on each section
  /complete - to include empty sections and unsuspicious data
  /full    - to include several rarely-important sections
  /force9x  - to include Win9x-only startups even if running on WinNT
  /forcent  - to include WinNT-only startups even if running on Win9x
  /forceall - to include all Win9x and WinNT startups, regardless of platform
  /history  - to list version history only