大家救我,昨天在安全模式下用瑞星杀了.但是,现在一启动后仍然有很多不明进程.大家救我.
C:\WINDOWS\SYSTEM32\WUAUCLT.EXE
C:\WINDOWS\SYSTEM32\TASKMGR.EXE
C:\DOWNLOADS\RSDETECT.EXE
E:\SOFT\LONGATOR\LONGATOR\LONGATOR.EXE
C:\WINDOWS\SYSTEM32\CTFMON.EXE
C:\WINDOWS\SYSTEM32\ALG.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\LSASS.EXE
C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\SYSTEM32\CSRSS.EXE
C:\PROGRAM FILES\NETSOFT\P2POVER\P2POVER.EXE
C:\WINDOWS\SYSTEM32\SMSS.EXE
C:\WINDOWS\SYSTEM32\SLSERV.EXE
C:\PROGRAM FILES\EZBUTTON\CPLBCL50.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM32\RUNDLL2000.EXE

普通自启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
CplBCL50 = C:\PROGRAM FILES\EZBUTTON\CPLBCL50.EXE
P2POver = C:\PROGRAM FILES\NETSOFT\P2POVER\P2POVER.EXE
apcm = (NULL)
apsvc = (NULL)
RavTask = "C:\PROGRAM FILES\RISING\RAV\RAVTASK.EXE" -SYSTEM
TkBellExe = "C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE" -OSBOOT
System = C:\PROGRAM FILES\COMMON FILES\SYSTEM\UPDATERUN.EXE
spoolsv = C:\WINDOWS\SYSTEM32\SPOOLSV\SPOOLSV.EXE -PRINTER

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ctfmon.exe = C:\WINDOWS\SYSTEM32\CTFMON.EXE


AppInit_DLLs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs =


系统文件关联
.exe ==> exefile = "%1" %*
.com ==> comfile = "%1" %*
.cmd ==> cmdfile = "%1" %*
.bat ==> batfile = "%1" %*
.txt ==> txtfile = C:\WINDOWS\notepad.exe %1
.scr ==> scrfile = "%1" /S
.reg ==> regfile = regedit.exe "%1"
.doc ==> Word.Document.8 = "C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE" /n /dde

其它启动项
WIN.INI
无信息

SYSTEM.INI
SHELL = Explorer.exe


Winlogon 启动项
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
crypt32chain = CRYPT32.DLL
cryptnet = CRYPTNET.DLL
cscdll = CSCDLL.DLL
igfxcui = IGFXSRVC.DLL
ScCertProp = WLNOTIFY.DLL
Schedule = WLNOTIFY.DLL
sclgntfy = SCLGNTFY.DLL
SensLogn = WLNOTIFY.DLL
termsrv = WLNOTIFY.DLL
wlballoon = WLNOTIFY.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit = C:\WINDOWS\SYSTEM32\USERINIT.EXE,
shell = EXPLORER.EXE


IE - BHO
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{0E674588-66B7-4E19-9D0E-2053B800F69F} = C:\WINDOWS\system32\wmpdrm.dll
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} = C:\Program Files\FlashGet\jccatch.dll
{6CFD436C-7AAD-4e50-992F-C0C87A94CAD2} = C:\Program Files\superutilbar\superutilbar.dll
{77FEF28E-EB96-44FF-B511-3185DEA48697} = C:\Program Files\baidu\bar\BDBar_tmp\BaiduBar.dll


Winsock SPI
MSAFD Irda [IrDA] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [TCP/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [UDP/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD Tcpip [RAW/IP] = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
RSVP UDP Service Provider = C:\WINDOWS\SYSTEM32\RSVPSP.DLL
RSVP TCP Service Provider = C:\WINDOWS\SYSTEM32\RSVPSP.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{3F322167-6A03-4D2B-80AF-BCC51617839A}] SEQPACKET 0 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{3F322167-6A03-4D2B-80AF-BCC51617839A}] DATAGRAM 0 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{BD4ACDB1-5A61-4194-8D83-B801E0DAD81C}] SEQPACKET 1 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{BD4ACDB1-5A61-4194-8D83-B801E0DAD81C}] DATAGRAM 1 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{4AEB534F-8AD0-4AF1-B308-1DAC9FB727DB}] SEQPACKET 2 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL
MSAFD NetBIOS [\Device\NetBT_Tcpip_{4AEB534F-8AD0-4AF1-B308-1DAC9FB727DB}] DATAGRAM 2 = C:\WINDOWS\SYSTEM32\MSWSOCK.DLL