未知家族病毒分析
扫描结果:
无可疑文件


系统活动进程
C:\WINNT\SYSTEM32\SMSS.EXE
C:\WINNT\SYSTEM32\CSRSS.EXE
C:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
C:\PROGRAM FILES\RISING\RFW\OLEMON.DLL

C:\WINNT\SYSTEM32\WINLOGON.EXE
C:\WINNT\SYSTEM32\AWGINA.DLL
C:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
C:\PROGRAM FILES\RISING\RFW\OLEMON.DLL

C:\WINNT\SYSTEM32\SERVICES.EXE
C:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
C:\PROGRAM FILES\RISING\RFW\OLEMON.DLL

C:\WINNT\SYSTEM32\LSASS.EXE
C:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
C:\PROGRAM FILES\RISING\RFW\OLEMON.DLL

C:\PROGRAM FILES\RISING\RFW\RFWSTUB.EXE
C:\WINNT\SYSTEM32\MSVCP71.DLL
C:\WINNT\SYSTEM32\MSVCR71.DLL
C:\PROGRAM FILES\RISING\RFW\RSCOMMON.DLL
C:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
C:\PROGRAM FILES\RISING\RFW\OLEMON.DLL

C:\PROGRAM FILES\RISING\RAV\RAVSTUB.EXE
C:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
C:\PROGRAM FILES\RISING\RFW\OLEMON.DLL
C:\PROGRAM FILES\RISING\RAV\PROCCOM.DLL
C:\PROGRAM FILES\RISING\RAV\RSCOMMX2.DLL
C:\PROGRAM FILES\RISING\RAV\RSCOMMON.DLL

C:\WINNT\SYSTEM32\SVCHOST.EXE
C:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
C:\PROGRAM FILES\RISING\RFW\OLEMON.DLL

C:\WINNT\SYSTEM32\SPOOLSV.EXE
C:\WINNT\SYSTEM32\AWMON.DLL
C:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
C:\PROGRAM FILES\RISING\RFW\OLEMON.DLL

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
C:\PROGRAM FILES\RISING\RFW\OLEMON.DLL
C:\WINNT\SYSTEM32\SKGUSR.DLL
C:\WINNT\SYSTEM32\GHOKXW.DLL
C:\WINNT\SYSTEM32\QAIZEL.DLL
C:\WINNT\SYSTEM32\EWLRZT.DLL
C:\PROGRAM FILES\360SAFE\SAFEMON\SAFEMON.DLL
C:\PROGRAM FILES\RISING\RAV\RAVSCRCH.DLL

C:\PROGRAM FILES\SYMANTEC\PCANYWHERE\AWHOST32.EXE
C:\PROGRAM FILES\SYMANTEC\PCANYWHERE\UTIL.DLL
C:\WINNT\SYSTEM32\MSVCP60.DLL
C:\PROGRAM FILES\SYMANTEC\PCANYWHERE\TRAYICON.DLL
C:\PROGRAM FILES\SYMANTEC\PCANYWHERE\INSTDATA.DLL
C:\PROGRAM FILES\SYMANTEC\PCANYWHERE\AWCFGMGR.DLL
C:\PROGRAM FILES\SYMANTEC\PCANYWHERE\S32PCAG.DLL
C:\PROGRAM FILES\SYMANTEC\PCANYWHERE\AWSES32.DLL
C:\PROGRAM FILES\SYMANTEC\PCANYWHERE\AWOFRWRK.DLL
C:\PROGRAM FILES\SYMANTEC\PCANYWHERE\AWIO.DLL
C:\PROGRAM FILES\SYMANTEC\PCANYWHERE\DUNDATA.DLL
C:\PROGRAM FILES\SYMANTEC\PCANYWHERE\POWERMGR.DLL
C:\PROGRAM FILES\SYMANTEC\PCANYWHERE\PCACMNDG.DLL
C:\PROGRAM FILES\SYMANTEC\PCANYWHERE\AWGUI32.DLL
C:\PROGRAM FILES\SYMANTEC\PCANYWHERE\AWDS32.DLL
C:\PROGRAM FILES\SYMANTEC\PCANYWHERE\AWCM32.DLL
C:\PROGRAM FILES\SYMANTEC\PCANYWHERE\CRYPTO.DLL
C:\PROGRAM FILES\SYMANTEC\PCANYWHERE\AWTIME32.DLL
C:\PROGRAM FILES\SYMANTEC\PCANYWHERE\AWHK32.DLL
C:\PROGRAM FILES\SYMANTEC\PCANYWHERE\PCAIME.DLL
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\EHANDRES.DLL
C:\PROGRAM FILES\SYMANTEC\PCANYWHERE\AWRES-HOST.DLL
C:\PROGRAM FILES\SYMANTEC\PCANYWHERE\AWIORESOURCES.DLL
C:\PROGRAM FILES\SYMANTEC\PCANYWHERE\AWHPILOT.DLL
C:\PROGRAM FILES\SYMANTEC\PCANYWHERE\AWLOG32.DLL
C:\PROGRAM FILES\SYMANTEC\PCANYWHERE\SNMPUTIL.DLL
C:\PROGRAM FILES\SYMANTEC\PCANYWHERE\LIBSNMP.DLL
C:\PROGRAM FILES\SYMANTEC\PCANYWHERE\AWCONN32.DLL
C:\PROGRAM FILES\SYMANTEC\PCANYWHERE\AW32TCP.DLL
C:\WINNT\SYSTEM32\SKGUSR.DLL
C:\WINNT\SYSTEM32\GHOKXW.DLL
C:\WINNT\SYSTEM32\QAIZEL.DLL
C:\WINNT\SYSTEM32\EWLRZT.DLL
C:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
C:\PROGRAM FILES\RISING\RFW\OLEMON.DLL

C:\WINNT\SYSTEM32\SVCHOST.EXE
C:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
C:\PROGRAM FILES\RISING\RFW\OLEMON.DLL

C:\WINNT\SYSTEM32\SVCHOST.EXE
C:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
C:\PROGRAM FILES\RISING\RFW\OLEMON.DLL

C:\WINNT\SYSTEM32\MMC.EXE
C:\PROGRAM FILES\RISING\RFW\IJT_BASE.DLL
C:\PROGRAM FILES\RISING\RFW\OLEMON.DLL
C:\PROGRAM FILES\360SAFE\SAFEMON\SAFEMON.DLL
C:\WINNT\SYSTEM32\SKGUSR.DLL
C:\WINNT\SYSTEM32\GHOKXW.DLL
C:\WINNT\SYSTEM32\QAIZEL.DLL
C:\WINNT\SYSTEM32\EWLRZT.DLL
C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\SQLMMC.DLL
C:\WINNT\SYSTEM32\SQLUNIRL.DLL
C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\SQLRESLD.DLL
C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\RESOURCES\2052\SQLMMC.RLL
C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\SQLNS.DLL
C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\SQLGUI.DLL
C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\W95SCM.DLL
C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\SQLSVC.DLL
C:\WINNT\SYSTEM32\ODBCBCP.DLL
C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\SEMSFC.DLL
C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\SEMCOMN.DLL
C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\RESOURCES\2052\SQLSVC.RLL
C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\RESOURCES\2052\SQLGUI.RLL
C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\RESOURCES\2052\SEMSFC.RLL
C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\RESOURCES\2052\SEMCOMN.RLL
C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\RESOURCES\2052\SQLNS.RLL
C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\SQLDMO.DLL
C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\RESOURCES\2052\SQLDMO.RLL
C:\WINNT\SYSTEM32\SQLSRV32.DLL
C:\WINNT\SYSTEM32\SQLSRV32.RLL
C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\SEMDLL.DLL
C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\SEMCROS.DLL
C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\SEMMAP.DLL
C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\SEMEXEC.DLL
C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\SEMWIZ.DLL
C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\SEMSYS.DLL
C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\SEMWEBWZ.DLL
C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\SEMOBJ.DLL
C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\SEMREPL.DLL
C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\RESOURCES\2052\SEMMAP.RLL
C:\WINNT\SYSTEM32\MAPI32.DLL
C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\RESOURCES\2052\SEMCROS.RLL
C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\RESOURCES\2052\SEMEXEC.RLL
C:\PROGRAM FILES\MICROSOFT SQL SERVER\80\TOOLS\BINN\RESOURCES\2052\SEMSYS.RLL
C:\PROGRAM FILES\

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)

普通自启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
RavTask = "C:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE" -SYSTEM
RfwMain = "C:\PROGRAM FILES\RISING\RFW\RFWMAIN.EXE" -STARTUP

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Internat.exe = INTERNAT.EXE


系统文件关联
.exe ==> exefile = "%1" %*
.com ==> comfile = "%1" %*
.cmd ==> cmdfile = "%1" %*
.bat ==> batfile = "%1" %*
.txt ==> txtfile = %SystemRoot%\system32\NOTEPAD.EXE %1
.scr ==> scrfile = "%1" /S
.reg ==> regfile = regedit.exe "%1"
.doc ==> WordPad.Document.1 = "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"

其它启动项
WIN.INI
无信息

SYSTEM.INI
SHELL = Explorer.exe


Winlogon 启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
crypt32chain = CRYPT32.DLL
cryptnet = CRYPTNET.DLL
cscdll = CSCDLL.DLL
sclgntfy = SCLGNTFY.DLL
SensLogn = WLNOTIFY.DLL
termsrv = WLNOTIFY.DLL
wzcnotif = WZCDLG.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit = C:\WINNT\SYSTEM32\USERINIT.EXE,
shell = EXPLORER.EXE


IE - BHO
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} = C:\Program Files\360safe\safemon\safemon.dll


Winsock SPI
MSAFD Tcpip [TCP/IP] = C:\WINNT\SYSTEM32\MSAFD.DLL
MSAFD Tcpip [UDP/IP] = C:\WINNT\SYSTEM32\MSAFD.DLL
MSAFD Tcpip [RAW/IP] = C:\WINNT\SYSTEM32\MSAFD.DLL
RSVP UDP Service Provider = C:\WINNT\SYSTEM32\RSVPSP.DLL
RSVP TCP Service Provider = C:\WINNT\SYSTEM32\RSVPSP.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{9F9F4A9D-458B-4CF2-A398-4B52AF0E934D}] SEQPACKET 0 = C:\WINNT\SYSTEM32\MSAFD.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{9F9F4A9D-458B-4CF2-A398-4B52AF0E934D}] DATAGRAM 0 = C:\WINNT\SYSTEM32\MSAFD.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{AA4578C7-D753-4C78-ACFE-9E1C79C3F6FD}] SEQPACKET 1 = C:\WINNT\SYSTEM32\MSAFD.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{AA4578C7-D753-4C78-ACFE-9E1C79C3F6FD}] DATAGRAM 1 = C:\WINNT\SYSTEM32\MSAFD.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{C504B259-47C6-40FB-8FAC-0882838181BB}] SEQPACKET 2 = C:\WINNT\SYSTEM32\MSAFD.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{C504B259-47C6-40FB-8FAC-0882838181BB}] DATAGRAM 2 = C:\WINNT\SYSTEM32\MSAFD.DLL

系统服务项
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
Alerter = C:\WINNT\SYSTEM32\SERVICES.EXE
AppMgmt = C:\WINNT\SYSTEM32\SERVICES.EXE
awhost32 = C:\PROGRAM FILES\SYMANTEC\PCANYWHERE\AWHOST32.EXE
BITS = C:\WINNT\SYSTEM32\SVCHOST.EXE -K BITSGROUP
bjolehv = C:\WINNT\SYSTEM32\SVCHOST.EXE -K BJOLEHV
bndufm = C:\WINNT\SYSTEM32\SVCHOST.EXE -K BNDUFM
Browser = C:\WINNT\SYSTEM32\SERVICES.EXE
cisvc = C:\WINNT\SYSTEM32\CISVC.EXE
ClipSrv = C:\WINNT\SYSTEM32\CLIPSRV.EXE
cnnbuwv = C:\WINNT\SYSTEM32\SVCHOST.EXE -K CNNBUWV
Computer Management = C:\WINNT\SYSTEM32\283744064700.EXE
cztnxu = C:\WINNT\SYSTEM32\SVCHOST.EXE -K CZTNXU
Dfs = C:\WINNT\SYSTEM32\DFSSVC.EXE
Dhcp = C:\WINNT\SYSTEM32\SERVICES.EXE
dmadmin = C:\WINNT\SYSTEM32\DMADMIN.EXE /COM
dmserver = C:\WINNT\SYSTEM32\SERVICES.EXE
Dnscache = C:\WINNT\SYSTEM32\SERVICES.EXE
dvkmzc = C:\WINNT\SYSTEM32\SVCHOST.EXE -K DVKMZC
elklrg = C:\WINNT\SYSTEM32\SVCHOST.EXE -K ELKLRG
Eventlog = C:\WINNT\SYSTEM32\SERVICES.EXE
EventSystem = C:\WINNT\SYSTEM32\SVCHOST.EXE -K NETSVCS
Fax = C:\WINNT\SYSTEM32\FAXSVC.EXE
gcvdbhv = C:\WINNT\SYSTEM32\SVCHOST.EXE -K GCVDBHV
huaaefv = C:\WINNT\SYSTEM32\SVCHOST.EXE -K HUAAEFV
IISADMIN = C:\WINNT\SYSTEM32\INETSRV\INETINFO.EXE
IsmServ = C:\WINNT\SYSTEM32\ISMSERV.EXE
kdc = C:\WINNT\SYSTEM32\LSASS.EXE
lanmanserver = C:\WINNT\SYSTEM32\SERVICES.EXE
lanmanworkstation = C:\WINNT\SYSTEM32\SERVICES.EXE
LicenseService = C:\WINNT\SYSTEM32\LLSSRV.EXE
LmHosts = C:\WINNT\SYSTEM32\SERVICES.EXE
lxneqa = C:\WINNT\SYSTEM32\SVCHOST.EXE -K LXNEQA
Messenger = C:\WINNT\SYSTEM32\SERVICES.EXE
mnmsrvc = C:\WINNT\SYSTEM32\MNMSRVC.EXE
MSDTC = C:\WINNT\SYSTEM32\MSDTC.EXE
MSFTPSVC = C:\WINNT\SYSTEM32\INETSRV\INETINFO.EXE
MSIServer = C:\WINNT\SYSTEM32\MSIEXEC.EXE /V
MSSEARCH = "C:\PROGRAM FILES\COMMON FILES\SYSTEM\MSSEARCH\BIN\MSSEARCH.EXE"
MSSQLSERVER = C:\PROGRA~1\MICROS~3\MSSQL\BINN\SQLSERVR.EXE
muvihov = C:\WINNT\SYSTEM32\SVCHOST.EXE -K MUVIHOV
NetDDE = C:\WINNT\SYSTEM32\NETDDE.EXE
NetDDEdsdm = C:\WINNT\SYSTEM32\NETDDE.EXE
Netlogon = C:\WINNT\SYSTEM32\LSASS.EXE
Netman = C:\WINNT\SYSTEM32\SVCHOST.EXE -K NETSVCS
NntpSvc = C:\WINNT\SYSTEM32\INETSRV\INETINFO.EXE
NtFrs = C:\WINNT\SYSTEM32\NTFRS.EXE
NtLmSsp = C:\WINNT\SYSTEM32\LSASS.EXE
NtmsSvc = C:\WINNT\SYSTEM32\SVCHOST.EXE -K NETSVCS
PlugPlay = C:\WINNT\SYSTEM32\SERVICES.EXE
PolicyAgent = C:\WINNT\SYSTEM32\LSASS.EXE
ppxktt = C:\WINNT\SYSTEM32\SVCHOST.EXE -K PPXKTT
ProtectedStorage = C:\WINNT\SYSTEM32\SERVICES.EXE
puqdsu = C:\WINNT\SYSTEM32\SVCHOST.EXE -K PUQDSU
qaizel = C:\WINNT\SYSTEM32\SVCHOST.EXE -K QAIZEL
RasMan = C:\WINNT\SYSTEM32\SVCHOST.EXE -K NETSVCS
rdrlfmv = C:\WINNT\SYSTEM32\SVCHOST.EXE -K RDRLFMV
RemoteAccess = C:\WINNT\SYSTEM32\SVCHOST.EXE -K NETSVCS
RemoteRegistry = C:\WINNT\SYSTEM32\REGSVC.EXE
RfwProxySrv = C:\PROGRAM FILES\RISING\RFW\RFWPROXY.EXE
RfwService = C:\PROGRAM FILES\RISING\RFW\RFWSRV.EXE
RpcLocator = C:\WINNT\SYSTEM32\LOCATOR.EXE
RpcServ = C:\WINNT\SYSTEM32\SVCHOST.EXE -K RPCSERV
RpcServer = C:\WINNT\SYSTEM32\SVCHOST.EXE -K RPCSERVER
RpcSs = C:\WINNT\SYSTEM32\SVCHOST -K RPCSS
RPCSSss = C:\WINNT\SYSTEM32\SVCHOST.EXE -K RPCSSSS
RsCCenter = "C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE"
RsRavMon = "C:\PROGRAM FILES\RISING\RAV\RAVMOND.EXE"
RSVP = C:\WINNT\SYSTEM32\RSVP.EXE -S
rxqdhv = C:\WINNT\SYSTEM32\SVCHOST.EXE -K RXQDHV
SamSs = C:\WINNT\SYSTEM32\LSASS.EXE
SCardDrv = C:\WINNT\SYSTEM32\SCARDSVR.EXE
SCardSvr = C:\WINNT\SYSTEM32\SCARDSVR.EXE
Schedule = C:\WINNT\SYSTEM32\MSTASK.EXE
seclogon = C:\WINNT\SYSTEM32\SERVICES.EXE
SENS = C:\WINNT\SYSTEM32\SVCHOST.EXE -K NETSVCS
Serv-U = D:\PROGRAM FILES\RHINOSOFT.COM\SERV-U\SERVUDAEMON.EXE
SharedAccess = C:\WINNT\SYSTEM32\

这里官网下载费尔木马强力清除助手,勾选“抑制文件再生”删除。
http://dl.filseclab.com/down/powerrmv.zip


删除：
c:\winnt\system32\skgusr.dll
c:\winnt\system32\ghokxw.dll
c:\winnt\system32\qaizel.dll
c:\winnt\system32\ewlrzt.dll

删除完以后，立即重启电脑。
然后进系统扫SRENG日志来

扫SRENG日志发论坛来
http://www.kztechs.com/sreng/download.html
下载System Repair Engineer
1 解压缩sreng2.zip（建议解压到系统Windows文件夹里）
2 运行SREng.exe  ((将SREng.exe改名为123.com运行))
3 智能扫描=》扫描=》保存报告
4 把报告保存后，直接将日志内容彻底复制到一个空记事本里，然后再保存，就可以以附件的形式发论坛来了。
一定以附件形式发这论坛来。
点击我这贴右下角的“引用”然后就应该知道怎么发了。

你可以打开日志后，在左上角的“编辑”里选择“全选”再选择“复制”
就可以彻底复制日志内容到另一个空记事本保存了

引用:

【天月来了的贴子】这里官网下载费尔木马强力清除助手,勾选“抑制文件再生”删除。 删除： c:\winnt\system32\skgusr.dll c:\winnt\system32\ghokxw.dll c:\winnt\system32\qaizel.dll c:\winnt\system32\ewlrzt.dll 删除完以后，立即重启电脑。 然后进系统扫SRENG日志来 扫SRENG日志发论坛来 下载System Repair Engineer 1 解压缩sreng2.zip（建议解压到系统Windows文件夹里） 2 运行SREng.exe  ((将SREng.exe改名为123.com运行)) 3 智能扫描=》扫描=》保存报告 4 把报告保存后，直接将日志内容彻底复制到一个空记事本里，然后再保存，就可以以附件的形式发论坛来了。 一定以附件形式发这论坛来。 点击我这贴右下角的“引用”然后就应该知道怎么发了。 你可以打开日志后，在左上角的“编辑”里选择“全选”再选择“复制” 就可以彻底复制日志内容到另一个空记事本保存了 ………………

没有你说的文件啊。

引用:

【天月来了的贴子】这里官网下载费尔木马强力清除助手,勾选“抑制文件再生”删除。 删除： c:\winnt\system32\skgusr.dll c:\winnt\system32\ghokxw.dll c:\winnt\system32\qaizel.dll c:\winnt\system32\ewlrzt.dll 删除完以后，立即重启电脑。 然后进系统扫SRENG日志来 扫SRENG日志发论坛来 下载System Repair Engineer 1 解压缩sreng2.zip（建议解压到系统Windows文件夹里） 2 运行SREng.exe  ((将SREng.exe改名为123.com运行)) 3 智能扫描=》扫描=》保存报告 4 把报告保存后，直接将日志内容彻底复制到一个空记事本里，然后再保存，就可以以附件的形式发论坛来了。 一定以附件形式发这论坛来。 点击我这贴右下角的“引用”然后就应该知道怎么发了。 你可以打开日志后，在左上角的“编辑”里选择“全选”再选择“复制” 就可以彻底复制日志内容到另一个空记事本保存了 ………………

你叫我删除的文件没有。我扫描了日志

在安全糢式下
删除服务

[Remoterse Procedure Call (RPCS) / RpcServ][Others/Auto Start]
  <C:\WINNT\system32\svchost.exe -k RpcServ-->%SystemRoot%\System32\wwggmn.dll><N/A>
[Remoter Procedure Call (RPCS) / RpcServer][Running/Auto Start]
  <C:\WINNT\system32\svchost.exe -k RpcServer-->%SystemRoot%\System32\typcoa.dll><N/A>
[RPCSSss / RPCSSss][Running/Auto Start]
  <C:\WINNT\system32\SVCHOST.EXE -k RPCSSss-->%SystemRoot%\System32\jgkwdy.dll><N/A>
[muvihov / muvihov][Others/Auto Start]
  <C:\WINNT\system32\svchost.exe -k muvihov-->%SystemRoot%\System32\muviho.dll><N/A>
[ppxktt / ppxktt][Stopped/Auto Start]
  <C:\WINNT\system32\SvChOsT.EXE -k ppxktt-->%SystemRoot%\System32\zoyeox.dll><N/A>
[puqdsu / puqdsu][Running/Auto Start]
  <C:\WINNT\system32\SVchOst.Exe -k puqdsu-->%SystemRoot%\System32\ghokxw.dll><N/A>
[qaizel / qaizel][Stopped/Auto Start]
  <C:\WINNT\system32\svchost.exe -k qaizel-->%SystemRoot%\System32\qaizel.dll><N/A>
[Remote Access Auto Connection Manager / RasAuto][Stopped/]
  <2 - 系统找不到指定的文件。
><N/A>
[rdrlfmv / rdrlfmv][Others/Auto Start]
  <C:\WINNT\system32\svchost.exe -k rdrlfmv-->%SystemRoot%\System32\rdrlfm.dll><N/A>

[dvkmzc / dvkmzc][Running/Auto Start]
  <C:\WINNT\system32\SvCHOsT.eXE -k dvkmzc-->%SystemRoot%\System32\ewlrzt.dll><N/A>
[elklrg / elklrg][Stopped/Auto Start]
  <C:\WINNT\system32\SVchOst.Exe -k elklrg-->%SystemRoot%\System32\bfkjkk.dll><N/A>
[gcvdbhv / gcvdbhv][Others/Auto Start]
  <C:\WINNT\system32\svchost.exe -k gcvdbhv-->%SystemRoot%\System32\gcvdbh.dll><N/A>
[huaaefv / huaaefv][Others/Auto Start]
  <C:\WINNT\system32\svchost.exe -k huaaefv-->%SystemRoot%\System32\huaaef.dll><N/A>
[lxneqa / lxneqa][Stopped/Auto Start]
  <C:\WINNT\system32\SvChOsT.EXE -k lxneqa-->%SystemRoot%\System32\rmsfye.dll><N/A>

[bjolehv / bjolehv][Others/Auto Start]
  <C:\WINNT\system32\svchost.exe -k bjolehv-->%SystemRoot%\System32\bjoleh.dll><N/A>
[bndufm / bndufm][Stopped/Disabled]
  <C:\WINNT\system32\SVchOst.Exe -k bndufm-->%SystemRoot%\System32\yucvfm.dll><N/A>
[cnnbuwv / cnnbuwv][Others/Auto Start]
  <C:\WINNT\system32\svchost.exe -k cnnbuwv-->%SystemRoot%\System32\cnnbuw.dll><N/A>
[Computer Management / Computer Management][Stopped/Auto Start]
  <C:\WINNT\system32\283744064700.exe><N/A>
[cztnxu / cztnxu][Stopped/Auto Start]
  <C:\WINNT\system32\SvChOsT.EXE -k cztnxu-->%SystemRoot%\System32\zquxcf.dll><N/A>


删除文件
C:\WINNT\system32\setup.exe
\SystemRoot\System32\Drivers\dtscsi.sys
c:\winnt\system32\bazojt.dll
c:\winnt\system32\skgusr.dll
c:\winnt\system32\ghokxw.dll
c:\winnt\system32\ewlrzt.dll
C:\WINNT\system32\SvCHOsT.eXE
c:\winnt\system32\typcoa.dll
c:\winnt\system32\jgkwdy.dll
c:\winnt\system32\skgusr.dll

修复文件关联 HOST表

建议删除文件用 XDELBOX1.6

搞定后删除注册表相应项目

全盘杀毒

请问是在注册里删除吗?

搞定后删除注册表相应项目
是的