我的笔记本最近中了“熊猫烧香”病毒的一个变种（病毒主程序为ncscv32.exe，图标变为Word）经过趋势、金山等专杀杀毒后可以把病毒清除，但是在重起机器后桌面无法显示（任务栏没有出现，桌面图标不能显示，只能用任务管理器打开，且输入“explorer.exe”后进程中的“explorer.exe”一闪就没,桌面还是不能显示），还有IE打不开，难道是和IE有关？？并且也尝试使用替换shdocvw.dll browseui.dll comctl32.dll comdlg32.dll mlang.dll oleaut32.dll shell32.dll shlwapi.dll urlmon.dll wininet.dll setupapi.dll，还是不行！之前已经有好多朋友在网上发过类似的帖子，但是最后都没有解决，看来是个顽疾！但是咱们这可是不一样呀，高手云集，希望朋友们帮帮忙一起商量解决这个问题，谢谢兄弟姐妹们了！

有没有好的解决办法呀？555

难道就没有人能解答吗？

引用:

【花花公子与小赖虫的贴子】想问下安全模式能进入吗?? ………………

安全模式也不能进入，都是用任务管理器才能打开！

引用:

【烂笔头1的贴子】我以前也有打不开过，我是用sreng修复的，运行sreng2时它会提示你哪个值不正常，就照着改一下， ………………

我也试过sreng2了，提示的不正常值都改过了，但还是不行！！现在笔记本还是在家放着，为了彻底将这个问题搞清楚，所以就不重装系统，而且也想帮大家把这个事弄明白了！

这是用hijackthis工具搜集的日志：
Logfile of HijackThis v1.99.1
Scan saved at 上午 11:29:27, on 2007/1/31
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\WINDOWS\TEMP\MKBBB1.EXE
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\system32\msiexec.exe
C:\sichijackthis\Hijackthis\HijackThis.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: (no name) - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - (no file)
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: 孵俁寯蚴敜鱉9 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Program Files\Herosoft\Hero 9\STHSDVD.EXE (file missing)
O9 - Extra 'Tools' menuitem: 孵俁寯蚴敜鱉9 - {367E0A21-8601-4986-9C9A-153BF5ACA118} - C:\Program Files\Herosoft\Hero 9\STHSDVD.EXE (file missing)
O9 - Extra button: (no name) - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-40971 - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
O9 - Extra button: 棵啪 - {9A687CA6-D585-4947-9ED9-BE96071F5CD9} - C:\PROGRA~1\Kingsoft\POWERW~2\XDictExB.dll
O9 - Extra button: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-205 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Microsoft\Rights Management Add-on\RMARes.dll,-40970 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\google\google desktop search\googledesktopnetwork1.dll' missing
O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} (MMCPlayer Class) - http://p3p.sogou.com/MMCShell.cab
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) - https://www.sz1.cmbchina.com/download/CMBEdit.cab
O16 - DPF: {564376A6-3381-4BD3-8148-EE31B132E89A} (HyCryptoAPI Class) - http://ksfoa:7001/include/ActiveX/HyCAPI.cab
O16 - DPF: {5F4D222D-5EEE-40A8-8810-5642B4E4F441} (KENCAPI Class) - https://www16.masterlink.com.tw/trade2000/FSCAPIATL.cab
O16 - DPF: {650BBB86-3D77-49BA-A4B2-2455E44EB031} (PasswordMD5ClientCOMCtrl Class) - https://netbank.chb.com.tw/Security/PasswordMD5ClientCOM.cab
O16 - DPF: {653C447E-F3A0-4206-BACF-37AEDDA9D2E5} (EnumCert Class) - http://132.147.70.100:7001/include/ActiveX/HyEnumCert.cab
O16 - DPF: {723D961D-E7DC-4D2B-B695-17A81663EAE8} (Crypt Class) - https://trade1.masterlink.com.tw/trade/WCrypt.cab
O16 - DPF: {8B6CF9FA-47D6-4BBC-B5F9-725391D4827C} (SignedData Class) - http://132.147.70.100:7001/include/ActiveX/P7Signing.cab
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B7CF8DF2-672C-4F74-944D-0F4E75DE576D} (SignMessage Class) - http://132.147.70.100:7001/include/ActiveX/HySignMessage.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dxzb.tinghsin.com.cn
O17 - HKLM\Software\..\Telephony: DomainName = dxzb.tinghsin.com.cn
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B6C2289-F6B4-4B8D-8FD6-6838C849E1CC}: NameServer = 132.147.70.6
O17 - HKLM\System\CCS\Services\Tcpip\..\{A4171E96-6FC9-4D24-BDEC-A2EF003C5C56}: NameServer = 132.147.70.6
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = dxzb.tinghsin.com.cn
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = dxzb.tinghsin.com.cn
O18 - Protocol: dic - {C21F5C32-F57A-4A0D-8E0A-B672691C52D0} - C:\PROGRA~1\Kingsoft\POWERW~2\XDictExB.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: rmh - {23C585BB-48FF-4865-8934-185F0A7EB84C} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
O18 - Filter: application/msword - {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
O18 - Filter hijack: application/octet-stream - {F969FE8E-1937-45AD-AF42-8A4D11CBDC2A} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
O18 - Filter: application/vnd-viewer - {CD4527E8-4FC7-48DB-9806-10537B501237} - (no file)
O18 - Filter: application/vnd.ms-excel - {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
O18 - Filter: application/vnd.ms-powerpoint - {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
O18 - Filter: application/x-microsoft-rpmsg-message - {DFF82902-0B96-3B98-6F62-D655E146A23A} - C:\Program Files\Microsoft\Rights Management Add-on\RMAFilt.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: OfficeScanNT 妗奀禸鏡 (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT 跺?滅鳶? (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: OfficeScanNT 淈泭最唗 (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

谁可以分析一下日志吗？

引用:

【zhangmaj的贴子】C:\WINDOWS\TEMP\MKBBB1.EXE删除 然后用诊断模式试试 进去后清理下流氓软件 再不行扫SR2 ………………

这个“C:\WINDOWS\TEMP\MKBBB1.EXE”不是病毒。是趋势科技Watchdog文件，用于终止那些尝试终止实时扫描进程的恶意进程，以保证实时扫描进程正常运行。

引用:

【☆寒星☆的贴子】我滴个妈呀累死我了!你看看可以了吧 实在没法在给我说声或者去找人修理吧 ………………

哈哈哈，太谢谢你的热心了，年前忙，一直没时间来看看。过年好啊：）
现在机器已经重装系统了，因为过年这几天出门要用，你说的基本上我以前都试过了，都好象不行，等再出现这种现象再和你及大家讨论解决方法吧！在此也谢谢大家的热心，祝大家在新的一年里，身体健康，工作顺利：）