看不到啊，关键是我把那些隐藏的文件夹删了。后悔啊！

用Autoruns保存一个日志发上来
日志保存方法:选择File->Save菜单项保存日志时注意选择Options->Hide Microsoft Entries菜单项(设置了这项后点工具栏的刷新按钮)

工具的下载、使用参考http://forum.ikaka.com/topic.asp?board=28&artid=7318038

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

+ RavTaskRavTimerBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravtask.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

+ Rising Execute File Exts hookRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\windows\system32\ravext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

+ Display Panning CPL ExtensionFile not found: deskpan.dll

+ HyperTerminal Icon ExtHyperTerminal Applet LibraryHilgraeve, Inc.c:\windows\system32\hticons.dll

+ RISINGRising Shell Ext ModuleBeijing Rising Technology Co., Ltd.c:\windows\system32\ravext.dll

+ WinRAR shell extensione:\program files\winrar\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

+ IEHandle ClassIEHandler for ScenicPlayer江苏科建教育软件有限责任公司c:\program files\common files\collegesoft\share components\tphandle.dll

HKLM\System\CurrentControlSet\Services

+ RfwProxySrvRising Personal Proxy ServiceBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\rfwproxy.exe

+ RfwServiceRising Personal Firewall ServiceBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\rfwsrv.exe

+ RsCCenterCCenterBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ccenter.exe

+ RsRavMonRavMondBeijing Rising Technology Co., Ltd.c:\program files\rising\rav\ravmond.exe

HKLM\System\CurrentControlSet\Services

+ ALCXSENSSensaura WDM 3D Audio DriverSensaura Ltdc:\windows\system32\drivers\alcxsens.sys

+ ALCXWDMRealtek AC'97 Audio Driver (WDM)Realtek Semiconductor Corp.c:\windows\system32\drivers\alcxwdm.sys

+ BaseTDIbasetdiBeijing Rising Technology Co., Ltd.c:\windows\system32\drivers\basetdi.sys

+ ExpScanerExpScan.sysc:\program files\rising\rav\expscan.sys

+ FETNDISNDIS 5.0 miniport driverVIA Technologies, Inc.              c:\windows\system32\drivers\fetnd5.sys

+ FETNDISBNDIS 5.0 miniport driverVIA Technologies, Inc.              c:\windows\system32\drivers\fetnd5b.sys

+ HOOKAPIHOOKAPI Driver瑞星软件有限公司c:\program files\rising\rav\hookapi.sys

+ HookContTDI HOOK DriverRising tech Co. ltdc:\program files\rising\rav\hookcont.sys

+ HookRegc:\program files\rising\rav\hookreg.sys

+ HookSysHooksysRisingc:\program files\rising\rav\hooksys.sys

+ HookUrlHookUrlBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\hookurl.sys

+ MEMSCANMemScan Driver瑞星软件有限公司c:\program files\rising\rav\memscan.sys

+ mProcRsRising Personal FireWall  mprocrs.sysBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\mprocrs.sys

+ npkcryptnProtect KeyCrypt DriverINCA Internet Co., Ltd.e:\program files\tencent\npkcrypt.sys

+ NTSIMNetwork Device Monitor UtilityVIA Technologies, Inc.              c:\windows\system32\ntsim.sys

+ PtilinkDirect Parallel Link DriverParallel Technologies, Inc.c:\windows\system32\drivers\ptilink.sys

+ RsFwDrvnt_fwdrvBeijing Rising Technology Co., Ltd.c:\program files\rising\rfw\rsfwdrv.sys

+ S3PsddrS3 ProSavage(DDR) & Twister Miniport DriverS3 Graphics, Inc.c:\windows\system32\drivers\s3gnbm.sys

+ S3SavageNBS3 ProSavage(DDR) & Twister Miniport DriverS3 Graphics, Inc.c:\windows\system32\drivers\s3gnbm.sys

+ SecdrvSafeDisc driverc:\windows\system32\drivers\secdrv.sys

+ viaagp1VIA NT AGP FilterVIA Technologies, Inc.c:\windows\system32\drivers\viaagp1.sys

+ ZSMC301bVideo streaming and Capture Device DriverVMc:\windows\system32\drivers\usbvm31b.sys

没人救救我吗？

有!帅哥来啦!!!!!!!!!!

救命啊！

引用:

【点挠矮子饼的贴子】看不到啊，关键是我把那些隐藏的文件夹删了。后悔啊！ ...........................

系统盘下的文件也删除了？

没有，不过好象被人远程登陆了一样，
我明明用的是本地用户啊
怎么显示网络用护呢？

HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed2006-2-11 10:4280 bytesData mismatch between Windows API and raw hive data.
用RootkitRevealer扫了半天就出来个这个东西

【回复“点挠矮子饼”的帖子】
用户名一样吗？

实在不行
重装系统算