病毒怎么也删不完，重装都不行，哭啊 bbs.ikaka.com

gubinyang - 2007-7-3 20:38:00

每次都能杀出很多种来
主要是Trojan.PSW.Win32.OnlineGames
哭啊　求高人指点2007-07-03,15:47:36

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Publisher]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows Publisher]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows Publisher]
<NVMixerTray><"C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"> [NVIDIA Corporation]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [(Verified)Microsoft Windows Publisher]
<nwiz><nwiz.exe /install> []
<NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<BIE><Rundll32 C:\WINDOWS\DOWNLO~1\BDPlugin.dll,Rundll32> []
<runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe> [Beijing Rising Technology Co., Ltd.]
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<TIMHost><C:\WINDOWS\TIMHost.exe> []
<Microsoft Autorun1><C:\WINDOWS\system32\nwizdh.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<KKDelay><C:\Program Files\Rising\AntiSpyware\RunOnce.exe> [Beijing Rising Technology Co., Ltd.]
<GrpConv><grpconv.exe -o> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><wdapri.dll> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{BC207F7D-3E63-4ACA-99B5-FB5F8428200C}><C:\WINDOWS\DOWNLO~1\BDPlugin.dll> []
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
<{13BB17C9-1BA1-1F8E-236F-273D2B2E2F14}><C:\WINDOWS\system32\k1183443700123qso.dll> []
<{754FB7D8-B8FE-4810-B363-A788CD060F1F}><C:\Program Files\Internet Explorer\PLUGINS\System64.Sys> []
<{1F12545B-1212-1314-5679-4512ACEF8901}><C:\WINDOWS\system32\wdapri.dll> []

gubinyang - 2007-7-3 20:39:00

==================================
启动文件夹
N/A

==================================
服务
[Local Connection Manager / BARCASE][Running/Auto Start]
<C:\WINDOWS\SYSTEM32\RUNDLLFOROUR.EXE C:\WINDOWS\SYSTEM32\WBEM\NFXKB.DLL,DllRegisterServer 1087><Microsoft Corporation>
[DB6E781C / DB6E781C][Stopped/Auto Start]
<C:\WINDOWS\system32\7ACD71BC.EXE -k><Microsoft Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Windows jtpu RunThem / jtpu][Running/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\PROGRA~1\eokp\oyuz.dll><N/A>
[Fax 2Client / ms_2fax][Running/Auto Start]
<C:\WINDOWS\system32\44811.exe><N/A>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
<"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[COM+ Error Report / Templates][Running/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\tkvas.dll><Microsoft Corporation>
[Remote Debug Service / RemoteDbg][Stopped/Auto Start]
<C:\WINDOWS\system32\rundll32.exe RemoteDbg.dll,input><Microsoft Corporation>
[Win32 Display Driver / Win32DDS][Stopped/Auto Start]
<C:\WINDOWS\system32\rundll32.exe windds32.dll,input><Microsoft Corporation>
[Wireless Service / WZCSRVC][Stopped/Auto Start]
<C:\WINDOWS\system32\rundll32.exe netsrvcs.dll,input><Microsoft Corporation>
[WMI Performance API / WMIApiSrv][Stopped/Auto Start]
<C:\WINDOWS\system32\rundll32.exe WMIApiSrv.dll,input><Microsoft Corporation>

==================================
驱动程序
[BaseTDI / BaseTDI][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\basetdi.sys><Beijing Rising Technology Co., Ltd.>
[ExpScaner / ExpScaner][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[HookCont / HookCont][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[MEMSCAN / MEMSCAN][Stopped/Auto Start]
<\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><N/A>
[nv / nv][Running/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Service for NVIDIA(R) nForce(TM) Audio Enumerator / nvax][Running/Manual Start]
<system32\drivers\nvax.sys><NVIDIA Corporation>
[Service for NVIDIA(R) nForce(TM) Audio / nvnforce][Running/Manual Start]
<system32\drivers\nvapu.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
<\??\C:\Program Files\Rising\Rav\RSPPSYS.sys><Rising>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[RsAntiSpyware / RsAntiSpyware][Stopped/Boot Start]
<\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>

==================================
浏览器加载项
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX, >
[BDHlprObj Class]
{CA92B524-BC8A-4610-BD2C-6BD3E28155D0} <C:\WINDOWS\DOWNLO~1\BDHelper.dll, >
[DragSearch BHO]
{EF1D17A9-089F-40cc-8D64-7324CDEBA0DB} <C:\PROGRA~1\YiSou\yisoub.dll, >
[ff Class]
{FAAAC0F6-94BE-4466-934B-7C53666A2F41} <C:\WINDOWS\system32\d441.dll, TODO: <公司名>>
[番茄花园]
{6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.tomatolei.com, N/A>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[一搜工具条]
{115F6E46-FCBC-41ed-B3B5-3BDDD4AAB5E5} <C:\Program Files\YiSou\yisou.dll, 3721>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX, >
[BDHlprObj Class]
{CA92B524-BC8A-4610-BD2C-6BD3E28155D0} <C:\WINDOWS\DOWNLO~1\BDHelper.dll, >
[DragSearch BHO]
{EF1D17A9-089F-40CC-8D64-7324CDEBA0DB} <C:\PROGRA~1\YiSou\yisoub.dll, >
[ff Class]
{FAAAC0F6-94BE-4466-934B-7C53666A2F41} <C:\WINDOWS\system32\d441.dll, TODO: <公司名>>
[!搜一搜(&S)]
<res://C:\Program Files\YiSou\yisou.dll/232, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>

gubinyang - 2007-7-3 20:42:00

==================================
正在运行的进程
[PID: 432][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 488][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\60FB05AC.DLL] [Microsoft Corporation, ]
[PID: 512][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\wdapri.dll] [N/A, ]
[C:\WINDOWS\system32\60FB05AC.DLL] [Microsoft Corporation, ]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 560][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\wdapri.dll] [N/A, ]
[C:\WINDOWS\system32\60FB05AC.DLL] [Microsoft Corporation, ]
[PID: 572][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\wdapri.dll] [N/A, ]
[C:\WINDOWS\system32\60FB05AC.DLL] [Microsoft Corporation, ]
[PID: 1504][C:\WINDOWS\system32\Rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] [, 1, 0, 1, 1]
[C:\WINDOWS\system32\k1183443700123qso.dll] [N/A, ]
[C:\WINDOWS\system32\60FB05AC.DLL] [Microsoft Corporation, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
[c:\progra~1\eokp\rbxc.dll] [N/A, ]
[c:\progra~1\eokp\wgch.dll] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\System64.Sys] [N/A, ]
[PID: 1828][C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe] [NVIDIA Corporation, 1.0.451]
[C:\WINDOWS\system32\k1183443700123qso.dll] [N/A, ]
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] [, 1, 0, 1, 1]
[C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerZHC.dll] [NVIDIA Corporation, 1.0.451]
[c:\progra~1\eokp\rbxc.dll] [N/A, ]
[c:\progra~1\eokp\wgch.dll] [N/A, ]
[C:\Program Files\Common Files\NVIDIA Shared\Audio\NVAudioMod.dll] [NVIDIA Corporation, 1.0.451]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
[C:\Program Files\Internet Explorer\PLUGINS\System64.Sys] [N/A, ]
[PID: 1868][C:\WINDOWS\system32\RUNDLL32.EXE] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\NvMcTray.dll] [NVIDIA Corporation, 6.14.10.9147]
[C:\WINDOWS\system32\nvapi.dll] [N/A, ]
[C:\WINDOWS\system32\k1183443700123qso.dll] [N/A, ]
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] [, 1, 0, 1, 1]
[c:\progra~1\eokp\rbxc.dll] [N/A, ]
[c:\progra~1\eokp\wgch.dll] [N/A, ]
[C:\WINDOWS\system32\NVRSZHC.DLL] [NVIDIA Corporation, 6.14.10.9147]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
[C:\Program Files\Internet Explorer\PLUGINS\System64.Sys] [N/A, ]
[PID: 316][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\wdapri.dll] [N/A, ]
[C:\WINDOWS\system32\k1183443700123qso.dll] [N/A, ]
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] [, 1, 0, 1, 1]
[c:\progra~1\eokp\rbxc.dll] [N/A, ]
[c:\progra~1\eokp\wgch.dll] [N/A, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
[C:\Program Files\Internet Explorer\PLUGINS\System64.Sys] [N/A, ]
[PID: 2708][C:\Program Files\Rising\Rav\RSAGENT.EXE] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 12]
[C:\WINDOWS\system32\k1183443700123qso.dll] [N/A, ]
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] [, 1, 0, 1, 1]
[c:\progra~1\eokp\rbxc.dll] [N/A, ]
[c:\progra~1\eokp\wgch.dll] [N/A, ]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
[C:\Program Files\Internet Explorer\PLUGINS\System64.Sys] [N/A, ]
[PID: 2732][C:\WINDOWS\msagent\AgentSvr.exe] [Microsoft Corporation, 2.00.0.3422]
[C:\WINDOWS\system32\wdapri.dll] [N/A, ]
[C:\WINDOWS\system32\k1183443700123qso.dll] [N/A, ]
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] [, 1, 0, 1, 1]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[c:\progra~1\eokp\rbxc.dll] [N/A, ]
[c:\progra~1\eokp\wgch.dll] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\System64.Sys] [N/A, ]
[PID: 2896][C:\WINDOWS\system32\wscntfy.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\k1183443700123qso.dll] [N/A, ]
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] [, 1, 0, 1, 1]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
[c:\progra~1\eokp\rbxc.dll] [N/A, ]
[c:\progra~1\eokp\wgch.dll] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\System64.Sys] [N/A, ]
[PID: 3176][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\k1183443700123qso.dll] [N/A, ]
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] [, 1, 0, 1, 1]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
[c:\progra~1\eokp\rbxc.dll] [N/A, ]
[c:\progra~1\eokp\wgch.dll] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\System64.Sys] [N/A, ]
[PID: 3340][C:\WINDOWS\explorer.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\wdapri.dll] [N/A, ]
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] [, 1, 0, 1, 1]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
[C:\WINDOWS\system32\60FB05AC.DLL] [Microsoft Corporation, ]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\dh2104.dll] [N/A, ]
[c:\progra~1\eokp\rbxc.dll] [N/A, ]
[c:\progra~1\eokp\wgch.dll] [N/A, ]
[C:\WINDOWS\system32\TIMHost.dll] [N/A, ]
[C:\Program Files\Internet Explorer\PLUGINS\System64.Sys] [N/A, ]
[C:\WINDOWS\system32\nvcpl.dll] [NVIDIA Corporation, 6.14.10.9147]
[C:\WINDOWS\system32\NVRSZHC.DLL] [NVIDIA Corporation, 6.14.10.9147]
[C:\WINDOWS\system32\nvapi.dll] [N/A, ]
[C:\WINDOWS\system32\nvshell.dll] [, ]
[c:\windows\system32\tkvas.dll] [Microsoft Corporation, 5.1.2600.0]
[C:\WINDOWS\DOWNLO~1\BDHelper.dll] [, 1, 0, 0, 5]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\PROGRA~1\YiSou\yisoub.dll] [, 1, 1, 2, 4]
[C:\WINDOWS\system32\d441.dll] [TODO: <公司名>, 1.0.0.1]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[C:\WINDOWS\system32\k1183443700123qso.dll] [N/A, ]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[PID: 3616][C:\WINDOWS\system32\rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\RemoteDbg.dll] [N/A, ]
[C:\WINDOWS\system32\windds32.dll] [N/A, ]
[C:\WINDOWS\system32\WMIApiSrv.dll] [N/A, ]
[C:\WINDOWS\system32\netsrvcs.dll] [N/A, ]
[C:\WINDOWS\system32\2d1.dll] [ , 1, 0, 0, 3]
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] [, 1, 0, 1, 1]
[C:\Program Files\Internet Explorer\PLUGINS\System64.Sys] [N/A, ]
[PID: 2952][C:\WINDOWS\system32\NOTEPAD.EXE] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\wdapri.dll] [N/A, ]
[C:\WINDOWS\system32\RemoteDbg.dll] [N/A, ]
[C:\WINDOWS\system32\windds32.dll] [N/A, ]
[C:\WINDOWS\system32\WMIApiSrv.dll] [N/A, ]
[C:\WINDOWS\system32\netsrvcs.dll] [N/A, ]
[C:\WINDOWS\system32\k1183443700123qso.dll] [N/A, ]
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] [, 1, 0, 1, 1]
[C:\Program Files\Internet Explorer\PLUGINS\System64.Sys] [N/A, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]
[PID: 3324][C:\Documents and Settings\ying\My Documents\sreng2\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]
[C:\WINDOWS\system32\wdapri.dll] [N/A, ]
[C:\WINDOWS\system32\RemoteDbg.dll] [N/A, ]
[C:\WINDOWS\system32\windds32.dll] [N/A, ]
[C:\WINDOWS\system32\WMIApiSrv.dll] [N/A, ]
[C:\WINDOWS\system32\netsrvcs.dll] [N/A, ]
[C:\WINDOWS\system32\k1183443700123qso.dll] [N/A, ]
[C:\WINDOWS\DOWNLO~1\BDPlugin.dll] [, 1, 0, 1, 1]
[C:\Program Files\Internet Explorer\PLUGINS\System64.Sys] [N/A, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 5]

gubinyang - 2007-7-3 20:45:00

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
[C:\]
[AutoRun]
open=auto.exe
shellexecute=auto.exe
shell\Auto\command=auto.exe
[D:\]
[AutoRun]
open=auto.exe
shellexecute=auto.exe
shell\Auto\command=auto.exe
[E:\]
[AutoRun]
open=auto.exe
shellexecute=auto.exe
shell\打开(&O)\command=SysAuto.exe
shell\Auto\command=auto.exe
[F:\]
[AutoRun]
open=auto.exe
shellexecute=auto.exe
shell\Auto\command=auto.exe

==================================
HOSTS 文件
127.0.0.1 localhost

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================

[/CODE]

newcenturymoon - 2007-7-3 20:46:00

额又是auto.exe 加我qq 463216947帮你弄

gubinyang - 2007-7-4 12:55:00

回楼上我加了你你一直不在
我的电脑不能上Q了
我发到你邮箱里了拜托了啊

gubinyang - 2007-7-4 12:59:00

置顶的那个我用不了
说的那些都找不到
呜呜哭

gubinyang - 2007-7-4 13:06:00

显示所有的文件和文件夹那一项一直不能点
我用卡卡修复也不好用

天月来了 - 2007-7-4 13:47:00

如果愿意再重装的话，就可以轻松搞定。

可以在新系统安装完毕，进入的第一次，绝不使用原机任何文件，绝不打开任何磁盘，绝不使用U盘。

然后直接去网上的自己的邮箱里下载先备份上传的解压缩工具WinRAR，下载到桌面，安装后，立即用WinRAR打开各个磁盘，手工在WinRAR中删除各盘根目录下的文件：

Autorun.inf
auto.exe

然后安装并升级杀软至最新版本，全盘杀毒。

至于U盘，可以在插入电脑前，按住“Shift”键不放手，直至系统检测完毕.
再用WinRAR打开U盘，删除根目录下的同样文件，就可以了。但是里面的所有文件，也得再彻底杀毒。

HOSTのS - 2007-7-4 13:58:00

http://forum.ikaka.com/topic.asp?board=28&artid=8330695

haohe的fans - 2007-7-4 15:00:00

中auto.exe的人真多

gubinyang - 2007-7-4 15:32:00

回八楼
怎么用WinRAR打开各个磁盘啊
不好意思，我只会用这个软件压缩文件
重装可以的，但不明白你的意思。

九楼那个我看过了
但我的电脑不能显示隐藏文件或文件夹，怎么改都不行，他就不让你看。而且3FC3578B / 3FC3578B
E539E00C / E539E00C
Win32 Debug Service / MSDebugsvc
这些我电脑里都没有啊

电脑菜鸟４ - 2007-7-4 15:39:00

我的也和你一样呀自已也不会搞郁闷呀

姚魔 - 2007-7-4 16:26:00

【回复“电脑菜鸟４”的帖子】

昨天我也中老~还好弄好了=,=

看看我昨天的帖子吧~删了个什么文件就对了=.=

天月来了 - 2007-7-4 19:08:00

引用:

【gubinyang的贴子】回八楼
怎么用WinRAR打开各个磁盘啊
不好意思，我只会用这个软件压缩文件
重装可以的，但不明白你的意思。

………………

你在开始菜单里找到WinRAR启动，然后还不知道怎么做吗？？？

真晕！！！

天月来了 - 2007-7-4 19:11:00

引用:

【姚魔的贴子】【回复“电脑菜鸟４”的帖子】

昨天我也中老~还好弄好了=,=

看看我昨天的帖子吧~删了个什么文件就对了=.=
………………

和你那不一样，别乱说。

呵呵！！！！

gubinyang - 2007-7-6 21:10:00

我的问题目前好像是解决了，今天一直没有病毒出现，我也不知道是不是就真的干净了
虽然奋战了两天但还是很高兴！！！
小女子非常感谢newcenturymoon 和天月来了，非常感谢！！

瑞星卡卡安全论坛