前几天莫名其妙中了个毒 杀不掉，攻击瑞星，系统备份文件被删除，等等 今天用金山杀毒后进不了系统 重装系统后又进不了其他盘！郁闷死。。附日志高手救救我
Logfile of HijackThis v1.99.1
Scan saved at 21:43:59, on 2008-1-3
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ssdpsr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\conime.exe
D:\检测\HijackThis.exe

O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\Helper\superfinderusa.dll
O3 - Toolbar: 电台(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=about:blank
O17 - HKLM\System\CCS\Services\Tcpip\..\{0DCF85EA-2272-4C32-B38C-B0E2981920EF}: NameServer = 222.85.85.85 222.88.88.88
O17 - HKLM\System\CS1\Services\Tcpip\..\{0DCF85EA-2272-4C32-B38C-B0E2981920EF}: NameServer = 222.85.85.85 222.88.88.88
O23 - Service: FCI - Unknown owner - C:\WINDOWS\System32\fci.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)

重新装完系统之后,不要点其他磁盘,直接安装杀毒软件并升级到最新,进行全盘杀毒.

建议,下载 SREng：
http://www.kztechs.com/sreng/download.html
方法：
1、解压-->运行SREng.exe（如果不能运行，改名为111.exe、111.bat、111.scr、111.com或111.pif）；
2、智能扫描-->扫描-->保存报告；
3、将日志粘贴到帖子上或用附件传上。

[CODE]

2008-01-03,22:42:38

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 1 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\System32\CTFMON.EXE>  [(Verified)Microsoft Windows XP Publisher]
    <MsnMsgr><"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background>  [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows XP Publisher]
    <PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows XP Publisher]
    <PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows XP Publisher]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <nwiz><nwiz.exe /install>  [NVIDIA Corporation]
    <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit>  [NVIDIA Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows XP Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player 6.4><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub.NT>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger><rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\msmsgs.inf,BLC.Install.PerUser>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player 8><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]

==================================
启动文件夹
N/A

==================================
服务
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation>
[SSDP Discovery Center Service / SSDPCSR][Running/Auto Start]
  <"C:\WINDOWS\system32\ssdpsr.exe"><Microsoft Corporation>
[FCI / FCI][Stopped/Auto Start]
  <C:\WINDOWS\System32\fci.exe><N/A>
[MSN RAV / MSN RAV][Running/Auto Start]
  <"C:\WINDOWS\system\msnrav.exe"><N/A>

==================================
驱动程序
[aeaudio / aeaudio][Running/Manual Start]
  <system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[aslm75 / aslm75][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\aslm75.sys><N/A>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Running/Manual Start]
  <System32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[nv / nv][Running/Manual Start]
  <System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[smwdm / smwdm][Running/Manual Start]
  <system32\drivers\smwdm.sys><Analog Devices, Inc.>
[VIA AGP Filter / viaagp1][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\viaagp1.sys><VIA Technologies, Inc.>
[viasraid / viasraid][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\viasraid.sys><VIA Technologies inc,.ltd>

==================================
浏览器加载项
[e404mgr Class]
  {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} <C:\Program Files\Helper\superfinderusa.dll, >
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\MSMSGS.EXE, Microsoft Corporation>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>

正在运行的进程
[PID: 588 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 664 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\DOCUME~1\樊文龙\LOCALS~1\Temp\rsv9.tmp]  [Beijing Rising Tech. Co., Ltd., 1, 3, 0, 0]
[PID: 688 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\DOCUME~1\樊文龙\LOCALS~1\Temp\rsv9.tmp]  [Beijing Rising Tech. Co., Ltd., 1, 3, 0, 0]
[PID: 732 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\DOCUME~1\樊文龙\LOCALS~1\Temp\rsv9.tmp]  [Beijing Rising Tech. Co., Ltd., 1, 3, 0, 0]
[PID: 744 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\DOCUME~1\樊文龙\LOCALS~1\Temp\rsv9.tmp]  [Beijing Rising Tech. Co., Ltd., 1, 3, 0, 0]
[PID: 916 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\DOCUME~1\樊文龙\LOCALS~1\Temp\rsv9.tmp]  [Beijing Rising Tech. Co., Ltd., 1, 3, 0, 0]
[PID: 1044 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\DOCUME~1\樊文龙\LOCALS~1\Temp\rsv9.tmp]  [Beijing Rising Tech. Co., Ltd., 1, 3, 0, 0]
[PID: 1160 / NETWORK SERVICE][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\DOCUME~1\樊文龙\LOCALS~1\Temp\rsv9.tmp]  [Beijing Rising Tech. Co., Ltd., 1, 3, 0, 0]
[PID: 1268 / LOCAL SERVICE][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\DOCUME~1\樊文龙\LOCALS~1\Temp\rsv9.tmp]  [Beijing Rising Tech. Co., Ltd., 1, 3, 0, 0]
[PID: 1488 / 樊文龙][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\nvcpl.dll]  [NVIDIA Corporation, 6.14.10.5664]
    [C:\WINDOWS\System32\nvshell.dll]  [NVIDIA Corporation, 6.14.10.5664]
    [C:\WINDOWS\System32\NVWRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.5664]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Helper\superfinderusa.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\System32\msadp32.acm]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\DOCUME~1\樊文龙\LOCALS~1\Temp\rsv9.tmp]  [Beijing Rising Tech. Co., Ltd., 1, 3, 0, 0]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
[PID: 1556 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\DOCUME~1\樊文龙\LOCALS~1\Temp\rsv9.tmp]  [Beijing Rising Tech. Co., Ltd., 1, 3, 0, 0]
[PID: 1712 / 樊文龙][C:\WINDOWS\System32\RUNDLL32.EXE]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\NvMcTray.dll]  [NVIDIA Corporation, 6.14.10.5664]
    [C:\WINDOWS\System32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.5664]
    [C:\DOCUME~1\樊文龙\LOCALS~1\Temp\rsv9.tmp]  [Beijing Rising Tech. Co., Ltd., 1, 3, 0, 0]
[PID: 1720 / 樊文龙][C:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\DOCUME~1\樊文龙\LOCALS~1\Temp\rsv9.tmp]  [Beijing Rising Tech. Co., Ltd., 1, 3, 0, 0]
[PID: 944 / 樊文龙][C:\WINDOWS\system32\ntvdm.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\DOCUME~1\樊文龙\LOCALS~1\Temp\rsv9.tmp]  [Beijing Rising Tech. Co., Ltd., 1, 3, 0, 0]
[PID: 1144 / SYSTEM][C:\WINDOWS\System32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.5664]
    [C:\DOCUME~1\樊文龙\LOCALS~1\Temp\rsv9.tmp]  [Beijing Rising Tech. Co., Ltd., 1, 3, 0, 0]
[PID: 468 / 樊文龙][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\macromed\flash\swflash.ocx]  [Macromedia, Inc., 5,0,44,0]
    [C:\Program Files\Helper\superfinderusa.dll]  [, 1, 0, 0, 1]
    [C:\DOCUME~1\樊文龙\LOCALS~1\Temp\rsv9.tmp]  [Beijing Rising Tech. Co., Ltd., 1, 3, 0, 0]
[PID: 536 / SYSTEM][C:\WINDOWS\system32\ssdpsr.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\DOCUME~1\樊文龙\LOCALS~1\Temp\rsv9.tmp]  [Beijing Rising Tech. Co., Ltd., 1, 3, 0, 0]
[PID: 3084 / 樊文龙][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\DOCUME~1\樊文龙\LOCALS~1\Temp\rsv9.tmp]  [Beijing Rising Tech. Co., Ltd., 1, 3, 0, 0]
[PID: 3668 / 樊文龙][C:\WINDOWS\System32\conime.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\DOCUME~1\樊文龙\LOCALS~1\Temp\rsv9.tmp]  [Beijing Rising Tech. Co., Ltd., 1, 3, 0, 0]
[PID: 2336 / SYSTEM][C:\WINDOWS\system\msnrav.exe]  [N/A, ]
[PID: 2428 / 樊文龙][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 3912 / 樊文龙][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 3328 / 樊文龙][D:\专杀\金山2008_setup.exe]  [Kingsoft Corporation, 2007, 11, 28, 1900]
    [C:\DOCUME~1\樊文龙\LOCALS~1\Temp\rsv9.tmp]  [Beijing Rising Tech. Co., Ltd., 1, 3, 0, 0]
[PID: 3548 / 樊文龙][D:\qq安全\qqedit.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\DOCUME~1\樊文龙\LOCALS~1\Temp\rsv9.tmp]  [Beijing Rising Tech. Co., Ltd., 1, 3, 0, 0]
[PID: 2740 / 樊文龙][C:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\DOCUME~1\樊文龙\LOCALS~1\Temp\rsv9.tmp]  [Beijing Rising Tech. Co., Ltd., 1, 3, 0, 0]
[PID: 3844 / 樊文龙][C:\新建文件夹\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\DOCUME~1\樊文龙\LOCALS~1\Temp\rsv9.tmp]  [Beijing Rising Tech. Co., Ltd., 1, 3, 0, 0]
[PID: 1832 / 樊文龙][C:\新建文件夹\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\DOCUME~1\樊文龙\LOCALS~1\Temp\rsv9.tmp]  [Beijing Rising Tech. Co., Ltd., 1, 3, 0, 0]
    [C:\新建文件夹\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

Winsock 提供者
N/A

==================================
Autorun.inf
[D:\]
[Autorun]
open=soS.Exe
shell\open=打开(&o)
shell\open\ComMand=soS.Exe
shell\open\Default=1
shell\explore=资源管理器(&X)
shell\explore\Command=soS.Exe
[E:\]
[Autorun]
open=soS.Exe
shell\open=打开(&o)
shell\open\ComMand=soS.Exe
shell\open\Default=1
shell\explore=资源管理器(&X)
shell\explore\Command=soS.Exe
[F:\]
[Autorun]
open=soS.Exe
shell\open=打开(&o)
shell\open\ComMand=soS.Exe
shell\open\Default=1
shell\explore=资源管理器(&X)
shell\explore\Command=soS.Exe

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 3548, D:\QQ安全\QQEDIT.EXE]

==================================
API HOOK
入口点错误：RegCreateKeyExA (危险等级: 高,  被下面模块所HOOK: 0x00D8373D)
入口点错误：RegCreateKeyExW (危险等级: 高,  被下面模块所HOOK: 0x00D8380D)
入口点错误：Process32NextW (危险等级: 高,  被下面模块所HOOK: 0x00D83A7D)
入口点错误：Module32FirstW (危险等级: 高,  被下面模块所HOOK: 0x00D83B4D)
入口点错误：TerminateProcess (危险等级: 高,  被下面模块所HOOK: 0x00D8429D)
入口点错误：CreateProcessA (危险等级: 高,  被下面模块所HOOK: 0x00D838DD)
入口点错误：CreateProcessW (危险等级: 高,  被下面模块所HOOK: 0x00D839AD)
入口点错误：FindWindowA (危险等级: 高,  被下面模块所HOOK: 0x00D83C1D)
入口点错误：FindWindowExA (危险等级: 高,  被下面模块所HOOK: 0x00D83DBD)
入口点错误：FindWindowExW (危险等级: 高,  被下面模块所HOOK: 0x00D83E8D)
入口点错误：FindWindowW (危险等级: 高,  被下面模块所HOOK: 0x00D83CED)
入口点错误：SendMessageA (危险等级: 高,  被下面模块所HOOK: 0x00D83F5D)
入口点错误：SendMessageW (危险等级: 高,  被下面模块所HOOK: 0x00D8402D)

==================================
隐藏进程
N/A

==================================


[/CODE]

***注意：操作期间切勿双击分区盘符，应使用资源管理器（或WinRAR）或者右键打开以浏览个分区***

1，用XDelBox软件以抑制再生方式删除以下文件：
删除文件
C:\WINDOWS\System32\fci.exe
C:\WINDOWS\system\msnrav.exe
C:\WINDOWS\system32\drivers\aslm75.sys
C:\Program Files\Helper\superfinderusa.dll
C:\WINDOWS\system\msnrav.exe
c:\autorun.inf
d:\autorun.inf
e:\autorun.inf
f:\autorun.inf
c:\soS.Exe
d:\soS.Exe
e:\soS.Exe
f:\soS.Exe

2，重起删除文件后用SRE修复以下：
删除服务
[FCI / FCI]
[MSN RAV / MSN RAV]
删除驱动程序
[aslm75 / aslm75]
删除浏览器加载项
[e404mgr Class]
{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a}
修复API HOOK（打开SRE--系统修复--高级修复--API HOOK检查--查看详情--修复入口点错误）


3，更新杀毒软件至最新，进行全盘杀毒