A virus nest has been cleared, and almost all of them are in progress.

Finally, the bodies of the viruses are 30 m, which is terrible. I have been killed for a business day, so I have never touched the virus for a long time, and I am also unfamiliar with my skills.

All the bad things that can be done are done, and all the places that can be hidden are hidden. Main virus hiding location:
C:/Under the root directory of the System Disk
C:/Windows/
C:/Windows/System
C:/Windows/Fonts
C:/Windows/INF
C:/Windows/system32/config/
C:/Windows/system32
C:/Windows/system32/Drivers
C:/Windows/system32/INF/
C:/Windows/temp
C:/docume ~ 1/admini ~ 1/locals ~ 1/temp/
C:/Documents and Settings/all users/Start Menu/Program/start/
C:/program files/Internet Explorer/plugins/
C:/Windows/Downloaded Program Files/
C:/Windows/help/
C:/Documents and Settings/Administrator/Local Settings/temp
The receycled directory of each disk recycle bin under the root directory of each disk
And so on.

There is also a good directory c:/runauto...
Many virus icons use folder icons. Do not confuse them.
C:/Windows/zuoyu16.ini is a virus record that deletes the recorded files one by one.

Sort the files by creation time and modification time to retrieve all viruses.

Open the C:/Windows/system32/Drivers/etc/hosts file (which can be opened by a text editor or word processing software such as NotePad or word) and delete the content. If not, use Sreng to reset the hosts file.

C:/ntldr.exe
C:/discovery.exe
C:/recycled/dc1.exe
C:/Windows/sviq. exe
C:/Windows/system/fun.exe
C:/Windows/dc.exe
C:/Windows/INF/other.exe
C:/Windows/system32/config/win.exe
C:/Windows/fonts/cd8b450baadbfc0c4ab44b982b5c3781/system/soundma.exe
C:/program files/Internet Explorer/plugins/winsys8v. sys
C:/Windows/system32/15b1. dll
C:/Windows/Downloaded Program Files/461b. dll
C:/Windows/Downloaded Program Files/15b.exe
C:/program files/common files/cpush. dll

The following content is taken from scans by Sreng and autoruns. Some viruses may be missed during the deletion process, or non-virus files may not be written.

[HKEY_CURRENT_USER/software/Microsoft/Windows/CurrentVersion/run]
<Dc2k5> <C:/Windows/sviq. EXE> []
<Fun> <C:/Windows/system/fun.exe> []
<DC> <C:/Windows/dc.exe> []
[HKEY_CURRENT_USER/software/Microsoft/Windows NT/CurrentVersion/Windows]
<Load> <C:/Windows/INF/other.exe> []
<Run> <C:/Windows/system32/config/win.exe> []
[HKEY_LOCAL_MACHINE/software/Microsoft/Windows/CurrentVersion/run]
<Inudhya> <C:/Windows/fonts/cd8b450baadbfc0c4ab44b982b5c3781/system/soundma.exe> []
<Mfchlp32> <C:/Windows/mfchlp32.exe> []
<Tciocp32> <C:/Windows/tciocp32.exe> []
<Msccrt> <C:/Windows/msccrt.exe> []
<Fmsbbqi> <C:/Windows/fmsbbqi.exe> []
<Ravloa> <C:/Windows/system32/ravloa.exe> []
<Tbmonex> <C:/Windows/fonts/cd8b450baadbfc0c4ab44b982b5c3781/system/> [N/A]
<Dbghlp32> <C:/Windows/dbghlp32.exe> []
<Shaproc> <C:/Windows/shaproc.exe> []
<Igzwzslm> <C:/Windows/gwsmhxuq.exe> []
<Ptsshell> <C:/Windows/ptsshell.exe> []
<Wsockdrv32> <C:/Windows/wsockdrv32.exe> []
<Avpsrv> <C:/Windows/avpsrv. EXE> []
<Upxdnd> <C:/Windows/upxdnd.exe> []
<Lotushlp> <C:/Windows/lotushlp.exe> []
<Cmdbcs> <C:/Windows/cmdbcs.exe> []
[HKEY_LOCAL_MACHINE/software/Microsoft/Windows/CurrentVersion/runonce]
<Vymwvk44> <% SystemRoot %/system32/rundll32.exe % SystemRoot %/system32/vymwvk44.dll dllunregisterserver> [N/A]
[HKEY_LOCAL_MACHINE/software/Microsoft/Windows/CurrentVersion/policies/Explorer/run]
<Zuoyue> <C:/Windows/system32/INF/svch0st.exe C:/Windows/system32/lwizysy16_080414.dll Start> [N/A]
<Strong SCC> <rundll32.exe C:/Windows/system32/mycc080201.dll mymain> [N/A]
[HKEY_LOCAL_MACHINE/software/Microsoft/Windows/CurrentVersion/Explorer/shellexecutehooks]
<{AEB6717E-7E19-11d0-97EE-00C04FD91972}> <shell32.dll> [(verified) Microsoft Windows component Publisher]
<{32cd708b-60a7-4c00-9377-d73eaa495f0f}> <> [N/A]
<{6ce08af1-5f70-4c1a-8d1a-8aba31619e87}> <C:/Windows/system32/ayfkkfkk1055.dll> []
<{Fe0ebc25-107f-4fda-ada3-7238573f90ad}> <C:/Windows/system32/ayjhvjhv1015.dll> []
<{734bfbb9-34f7-441c-b064-b3590bbe34ea}> <C:/Windows/system32/txwwqwwq1006.dll> []
<{C4bf46a2-1c05-427d-992f-4e24f7d57f68}> <C:/Windows/system32/ttnnbnnb1047.dll> []
<{05922c2d-da84-48e8-a3e4-e797c58c39cf}> <C:/Windows/system32/ttezzezz1_6.dll> []
<{29fab913-d0cd-477b-a3f0-3d7c3a90116b}> <C:/Windows/system32/ttvufvuf1011.dll> []
<{79dae25e-7bee-4484-bb1a-f30c45d535d9}> <C:/Windows/system32/ttqacqac1035.dll> []
<{6167f471-ef2b-41dd-a5e5-c26acdb5c096}> <C:/program files/Internet Explorer/plugins/winsys8v. sys> []
<{B669b098-7a40-42da-91f5-f3cadf9319e1}> <C:/Windows/system32/txw.hrjh1021.dll> []
[HKEY_LOCAL_MACHINE/software/Microsoft/Active Setup/installed components/discoverr]
<N/A> <C:/Windows/system32/discovery.exe> []
[HKEY_LOCAL_MACHINE/software/Microsoft/Windows NT/CurrentVersion/Image File Execution options/] image hijacking
<C:/Windows/system32/discovery.exe> and <C:/xue.exe> hijack a lot of tool software.
========================================
Start folder
[WebSpeed]
<C:/Documents and Settings/all users/Start Menu/Program/start/webspeed.exe --> [N/A]> <n>
========================================
Service
[DCOM Service Process Manager/dcommanager] [stopped/auto start]
<C:/Windows/system32/svchost.exe-K netsvcs --> C:/Windows/INF/pcidevices8.inf> <Microsoft Corporation>
[Windows ptug runthem/ptug] [stopped/auto start]
<C:/Windows/system32/svchost.exe-K netsvcs --> C:/progra ~ 1/kopb/uyzl. dll> <>
[Remote Procedure Call System (rpcs)/rpcs] [stopped/auto start]
<C:/Windows/system32/rpcs.exe> <Microsoft Corporation>
[Perfor and alell/Transfer Service] [stopped/auto start]
<C:/Windows/system32/transfer sebvice.exe> <N/A>
========================================
Driver
[Cqit/cqit] [stopped/auto start]
</?? /C:/docume ~ 1/admini ~ 1/locals ~ 1/temp/tmp33.tmp> <N/A>
[DOHS/DOHS] [stopped/auto start]
</?? /C:/docume ~ 1/admini ~ 1/locals ~ 1/temp/tmpdf. tmp> <N/A>
[Fpids32/fpids32] [stopped/auto start]
</?? /C:/Windows/system32/Drivers/msosfpids32.sys> <N/A>
[Icafe Manager/icafe manager] [stopped/manual start]
</?? /C:/docume ~ 1/admini ~ 1/locals ~ 1/temp/usbhcid. sys> <N/A>
[Kbrhqjlb/kbrhqjlb] [running/boot start]
</Systemroot // SYSTEMROOT/system32/Drivers/kbrhqjlb. sys> <N/A>
[Mhfp/mhfp] [stopped/auto start]
</?? /C:/docume ~ 1/admini ~ 1/locals ~ 1/temp/tmp258.tmp> <N/A>
[Mnsf/mnsf] [stopped/auto start]
</?? /C:/docume ~ 1/admini ~ 1/locals ~ 1/temp/tmp265.tmp> <N/A>
[Msfpfis64/msfpfis64] [stopped/auto start]
</?? /C:/Windows/system32/Drivers/msosmsfpfis64.sys> <N/A>
[Zte usb/mx_98drv] [stopped/auto start]
[NPF/NPF] [stopped/manual start]
</?? /C:/Windows/system32/Drivers/ef. tmp> <N/A>
[Npkcrypt/npkcrypt] [stopped/auto start]
</?? /C:/program files/qq2006/npkcrypt. sys> <N/A>
[Ntptdb/ntptdb] [stopped/auto start]
</?? /C:/Documents and Settings/all users/Application Data/Microsoft/office/system/ntptdb. sys> <N/A>
[Ressdt/ressdt] [stopped/manual start]
</?? /C:/Windows/system32/ssdtdt. sys> <N/A>
[SC Manager/SC manager] [stopped/manual start]
</?? /C:/docume ~ 1/admini ~ 1/locals ~ 1/temp/usbcams3.sys> <N/A>
[Vymwvk4/vymwvk44] [running/boot start]
</SYSTEMROOT/system32/Drivers/vymwvk44.sys> <N/A>
[Kavell/kavell] [stopped/manual start]
</?? /C:/Windows/system32/kavell. sys> <N/A>
[Pid: 956] [C:/Windows/cmder.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:/Windows/system32/xbcvxb. dll] [N/A,]
[C:/Windows/system32/msepbe. dll] [N/A,]
[C:/Windows/system32/ayfkkfkk1055.dll] [N/A,]
[C:/Windows/system32/ayjhvjhv1015.dll] [N/A,]
[C:/Windows/system32/txwwqwwq1006.dll] [N/A,]
[C:/Windows/system32/ttnnbnnb1047.dll] [N/A,]
[C:/Windows/system32/ttezzezz1046.dll] [N/A,]
[C:/Windows/system32/ttvufvuf1011.dll] [N/A,]
[C:/Windows/system32/ttqacqac1035.dll] [N/A,]
[C:/program files/Internet Explorer/plugins/winsys8v. sys] [N/A,]
[C:/Windows/system32/txw.hrjh1021.dll] [N/A,]
[Pid: 1140] [C:/Windows/sviq. EXE] [, 1.00]
[C:/Windows/system32/xbcvxb. dll] [N/A,]
[C:/Windows/system32/msepbe. dll] [N/A,]
[C:/program files/Internet Explorer/plugins/winsys8v. sys] [N/A,]
[Pid: 1188] [C:/Windows/dc.exe] [, 1.00]
[Pid: 1416] [C:/Windows/system/fun.exe] [, 1.00]
========================================
Autorun. inf
[C:/]
[Autorun]
Opentracing discovery.exe
Shell/open = open (& O)
Shell/Open/commanderediscovery.exe
Shell/Open/default = 1
Shell/volume E = Resource Manager (& X)
Shell/cmde/commanderediscovery.exe
========================================
Process Privilege Scan
Special privilege: sedebugprivilege [pid = 1140, C:/Windows/sviq. EXE]
Special privilege: sedebugprivilege [pid = 1188, C:/Windows/DC. EXE]
Special privilege: sedebugprivilege [pid = 1416, C:/Windows/system/fun. EXE]
[Qqgame]
<C:/Documents and Settings/all users/Start Menu/Program/start/qqgame.exe --> [N/A]> <n>
========================================
Browser add-on
+ Brush class file not found: C:/Windows/system32/solid. dll
+ Cadlogic Object C:/program files/common files/cpush. dll
+ HTML doucment file not found: C:/Windows/system32/mseval. dll
+ Invoke class file not found: C:/Windows/system32/15b1. dll
+ Windows Word file not found: C:/Windows/system32/newtn. dll
+ {989d2feb-5411-4565-8988-1dd2c5263377} file not found: C:/Windows/system32/sysinfo. dll
HKLM/software/Microsoft/Internet Explorer/Toolbar
+ Msdxm. ocx file not found: C:/msdxm. ocx

HKLM/system/CurrentControlSet/services
+ Dcommanager manages the DCOM Service loading function. This service cannot be deleted. Microsoft Corporation C:/Windows/INF/pcidevices8.inf
+ Iprip file not found: C:/Windows/system32/wordms. dll
+ On the domain controller, kkdc enables users to log on to the network using the Kerberos authorization protocol. If the service is disabled on the domain controller, the user cannot log on to the network. If this service is disabled, any service dependent on it cannot enable file not found: C:/Windows/lsass.exe
+ Ms_2fax Fax 2 client file not found: C:/Windows/system32/5b211.exe
+ Ptug network management service. If the service is stopped, some network functions may fail to be implemented. C:/program files/kopb/uyzl. dll
HKLM/system/CurrentControlSet/services
+ Alcxwdm file not found: system32/Drivers/alcxwdm. sys
+ Cqit file not found: C:/example E ~ 1/admini ~ 1/locals ~ 1/temp/tmp33.tmp
+ DOHS file not found: C:/docume ~ 1/admini ~ 1/locals ~ 1/temp/tmpdf. tmp
+ Mhfp file not found: C:/docume ~ 1/admini ~ 1/locals ~ 1/temp/tmp258.tmp
+ Mnsf file not found: C:/docume ~ 1/admini ~ 1/locals ~ 1/temp/tmp265.tmp
+ Msfpfis64 C:/Windows/system32/Drivers/msosmsfpfis64.sys
+ NPF file not found: C:/Windows/system32/Drivers/5A. tmp
+ Npkcrypt file not found: C:/program files/qq2006/npkcrypt. sys
HKLM/software/Microsoft/command processor/Autorun
+ C:/Windows/system32/sashost.exe file not found: C:/Windows/system32/sashost.exe
HKLM/software/Microsoft/Windows NT/CurrentVersion/Windows/appinit_dlls
+ Atehhz. dllawef. dll file not found: atehhz. dllawef. dll
+ M file not found: m
+ Msoscqit01.dll C:/Windows/system32/msoscqit01.dll
+ Msosdohs00.dll C:/Windows/system32/msosdohs00.dll
+ Msosmhfp00.dll C:/Windows/system32/msosmhfp00.dll
+ Msosmnsf01.dll C:/Windows/system32/msosmnsf01.dll
+ Msosping01.dll C:/Windows/system32/msosping01.dll
HKLM/software/Microsoft/Windows/CurrentVersion/runonce
+ Eqaxsh54 run a DLL as an app Microsoft Corporation C:/Windows/system32/rundll32.exe
+ Vymwvk44 run a DLL as an app Microsoft Corporation C:/Windows/system32/rundll32.exe
C:/Documents and Settings/all users/Start Menu/Program/start
+ Adobe gamma loader. lnk Adobe gamma loader Adobe Systems, Inc. C:/program files/common files/Adobe/calibration/Adobe gamma loader.exe
+ Qqgame.exe C:/Documents and Settings/all users/"start" menu/Program/start/autorunsdisabled/qqgame.exe
+ Webspeed.exe C:/Documents and Settings/all users/Start Menu/Program/start/autorunsdisabled/webspeed.exe
Hkcu/software/Microsoft/Windows NT/CurrentVersion/Windows/load
+ C:/Windows/INF/other.exe file not found: C:/Windows/INF/other.exe
Hkcu/software/Microsoft/Windows NT/CurrentVersion/Windows/run
+ C:/Windows/system32/config/win.exe file not found: C:/Windows/system32/config/win.exe
HKLM/software/Microsoft/Windows/CurrentVersion/policies/Explorer/run
+ 011 file not found: C:/Windows/system32/011.dll
+ 461b Microsoft directmusic interactive engine Microsoft Corporation C:/Windows/Downloaded Program Files/461b. dll
+ Repeated SCC file not found: C:/Windows/system32/mycc080201.dll mymain
+ Repeated SCC file not found: C:/Windows/system32/mycc080201.dll mymain
+ Zuoyue run a DLL as an app Microsoft Corporation C:/Windows/system32/INF/svch0st.exe
+ Zuoyue run a DLL as an app Microsoft Corporation C:/Windows/system32/INF/svch0st.exe
Hkcu/software/Microsoft/Windows/CurrentVersion/run
+ Ctfmon.exe CTF loader Microsoft Corporation C:/Windows/system32/ctfmon.exe
+ DC file not found: C:/Windows/dc.exe
+ Dc2k5 file not found: C:/Windows/sviq. exe
+ Fun file not found: C:/Windows/system/fun.exe
+ Imscmig file not found: C:/Windows/imscmig.exe