瑞星卡卡安全论坛

今天我的电脑里不知何出来一个叫娱乐心空－激情无限的小图标，自已就安装在了开始栏和任务栏里，删也删不掉，该怎么办啊。急，在线等！

用Autoruns保存一个日志发上来
日志保存方法:选择File->Save菜单项
保存日志时注意选择Options->Hide Microsoft Entries菜单项(设置了这项后点工具栏的刷新按钮)

工具的下载、使用参考http://forum.ikaka.com/topic.asp?board=28&artid=7318038第14楼

具体如何扫，能教一下吗？我是菜鸟

注意看回复

对不起我还是看不太明白在哪里打开“日志保存方法:选择File->Save菜单项”

工具的菜单

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ hp 1000 firmwarefwdlZenographicsd:\program files\fwdl.exe

+ InCDFile not found: ;D:\Program

+ NeroFilterCheckNeroCheckAhead Software Gmbhc:\windows\system32\nerocheck.exe

+ RavMonRavMon Rising realtime monitor Beijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravmon.exe

+ RavTimerRavTimerBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravtimer.exe

+ Super Rabbit SafeEditFile not found: ;D:\Program

+ TkBellExeRealNetworks SchedulerRealNetworks, Inc.c:\program files\common files\real\update_ob\realsched.exe

+ zcomFile not found: C:\Program Files\zcom\zPlatform.exe MIN

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

+ MsnMsgrFile not found: ;"C:\Program

HKLM\System\CurrentControlSet\Services

+ InCDsrvHelper service for the InCD filesystem driverAhead Software AGd:\program files\incd\incdsrv.exe

+ RsCCenterCCenterrisingc:\program files\rising\rav\ccenter.exe

+ RsRavMonRavMonBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravmond.exe

+ StdServiceAOL Corp.c:\windows\system32\stdsver.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ Display Panning CPL ExtensionFile not found: deskpan.dll

+ HyperTerminal Icon ExtHyperTerminal Applet LibraryHilgraeve, Inc.c:\windows\system32\hticons.dll

+ RISINGRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\windows\system32\ravext.dll

+ Shell Extension for CDRWUDF Shell Extension DLLAhead Software AGd:\program files\incd\incdshx.dll

+ Shell Extensions for RealOne PlayerRealOne Player Shell ExtensionsRealNetworksc:\program files\real\realone player\rpshellext.dll

+ WinRAR shell extensiond:\program files\winrar\rarext.dll

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ Web 文件夹c:\program files\common files\microsoft shared\web folders\msonsext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

+ IeCatch2 Classjccatch ModuleAmaze Softd:\program files\flashget\jccatch.dll

+ MMSAssist BHOMMSAssistc:\program files\mmsassist\mmsassist.dll

+ QQBrowserHelperObject ClassQQIEHelper Module深圳市腾讯计算机系统有限公司d:\program files\tencent\qq\qqiehelper.dll

+ std softwareAOL Corp.c:\windows\system32\stdup.dll

+ ThunderIEHelper Classxunleibho BHOc:\windows\system32\xunleibho_v8.dll

HKLM\Software\Microsoft\Internet Explorer\Toolbar

+ FlashGet BarFlashGet IE BarAmaze Softd:\program files\flashget\fgiebar.dll

HKLM\Software\Microsoft\Internet Explorer\Extensions

+ &FlashGetFlashGetAmaze Softd:\program files\flashget\flashget.exe

+ 腾讯QQQQTENCENTd:\program files\tencent\qq\qq.exe

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors

+ EPSON V5 2KMonitorEPSON Bidirectional MonitorSEIKO EPSON CORPORATIONc:\windows\system32\ebpmon2.dll

+ hpZJLanguageMonitorHP1Zenographicsc:\windows\system32\zlmhp1.dll

是把这个扫上来吗？

HKLM\System\CurrentControlSet\Services
+ StdServiceAOL Corp.c:\windows\system32\stdsver.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ std softwareAOL Corp.c:\windows\system32\stdup.dll

禁用重启试试
关于工具不懂的去看工具使用的帖子

禁用重启如何操做？是把HKLM\System\CurrentControlSet\Services
+ StdServiceAOL Corp.c:\windows\system32\stdsver.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ std softwareAOL Corp.c:\windows\system32\stdup.dll
这两项在Autoruns里关掉吗（把前面的对勾去掉就可以吗）？

用最新版Hijackthis1.99.1扫描一个log贴上来。

hijackThis下载地址见置顶贴
[必读]本版说明及常用小软件下载
http://forum.ikaka.com/topic.asp?board=67&artid=5188931