瑞星卡卡安全论坛

原来用的卡巴司机,昨天听说瑞星的免费一个月,就试了一下,没想到瑞星杀完毒后,机器起不来了,没办法一键还原了,然后电脑就中了毒,现在浏览器不打开就自动跳出网页,不停的跳,还显示网页上有木马,最后就不停的自动从起,没办法又还原了,现在进了安全模式下，在这里求助。。。。
哭了，大家快来救我！！！！

不知道，和我的情况有点象

装了卡卡了吗,到安全模式下御载卡卡,在御载卡卡,先把插件免疫里的免疫全部取消免疫,

不行再扫描日志上来

请下载SREng2（最新版） ，使用“智能扫描”，按下“扫描”按钮进行扫描，
扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告
日志文件内容复制-粘贴上来,,日志一次粘不完，分次粘完，请不要修改。

下载地址
http://www.kztechs.com/sreng/download.html

卸了卡卡就能管用？我现在刚还原的，还没装卡卡呢。。

请下载SREng2（最新版） ，使用“智能扫描”，按下“扫描”按钮进行扫描，
扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告
日志文件内容复制-粘贴上来,,日志一次粘不完，分次粘完，请不要修改。

下载地址
http://www.kztechs.com/sreng/download.html

扫日志也再安全模式下吗？

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <MsnMsgr><"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background>  [(Verified)Microsoft Corporation]
    <SyrxMy><C:\WINDOWS\system32\iexp1ore.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <SiSPower><Rundll32.exe SiSPower.dll,ModeAgent>  [Silicon Integrated Systems Corporation]
    <SoundMan><SOUNDMAN.EXE>  [(Verified)Realtek Semiconductor Corp.]
    <marsrmt><C:\Program Files\联想（Lenovo）\联想天骄遥控器（Mars）\marsrmt.exe>  [N/A]
    <SKDaemon><c:\Program Files\联想\联想标准键盘\skdaemon.exe>  [N/A]
    <DaemonBBPC><C:\Program Files\联想宽带通\DaemonBBPC.exe>  [N/A]
    <NeroFilterCheck><C:\WINDOWS\system32\NeroCheck.exe>  [Ahead Software Gmbh]
    <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <kav><"D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe">  [Kaspersky Lab]
    <C:\WINDOWS\sna1006.exe><C:\WINDOWS\sna1006.exe>  [N/A]
    <be1t><C:\WINDOWS\iexpiore.exe>  [N/A]
    <360Safetray><C:\Program Files\360safe\safemon\360tray.exe>  [奇虎网]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Corporation]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Corporation]
    <WebCheck><%SystemRoot%\system32\webcheck.dll>  [(Verified)Microsoft Corporation]
    <SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
    <WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll>  [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Corporation]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINDOWS\自然风光.scr>  [联想（北京）有限公司]

启动文件夹
[Utility Tray]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Utility Tray.lnk --> C:\WINDOWS\system32\sistray.exe [Silicon Integrated Systems Corporation]><N>
[Adobe Gamma Loader.exe]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Gamma Loader.exe.lnk --> C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.]><N>

==================================
服务
[7BA6FC1B / 7BA6FC1B]
  <C:\WINDOWS\system32\7BA6FC1B.EXE -service><Microsoft Corporation>
[DNS Cache / 8NASCAR]
  <C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\IKUKN.DLL,Export 1087><N/A>
[卡巴斯基反病毒6.0 / AVP]
  <"D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r><Kaspersky Lab>
[Brother Popup Suspend service for Resource manager / brmfrmps]
  <"C:\WINDOWS\system32\Brmfrmps.exe" -service ><Brother Industries, Ltd.>
[C8574A7C / C8574A7C]
  <C:\WINDOWS\system32\C8574A7C.EXE -service><Microsoft Corporation>
[Human Interface Device Access / HidServ]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Lenovo TV Recoding / Lenovo TV Recoding]
  <C:\Program Files\Lenovo\数码家电\lxRecSvr.exe><N/A>
[Remote Procedure Call System(11RPCS) / RpcS11]
  <C:\WINDOWS\system32\Rpcs11.exe><Microsoft Corporation>
[SCCMonitor / SCCMonitor]
  <"C:\Program Files\Lenovo\联想智能控制中心\SCC\SCCMonitor.exe"><N/A>
[Provisioning Transaction Service / ttt_14]
  <C:\WINDOWS\system32\win.exe><N/A>
[Vsn upjm Service / upjm]
  <C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\COMMON~1\xvps\esws.dll,Service><Microsoft Corporation>
[Windows Media Connect Service / WmdmPmSp]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\WmdmPmSp.dll><LINKMEDIA Tech>

==================================
驱动程序
[Service for WDM 3D Audio Driver / ALCXSENS]
  <system32\drivers\ALCXSENS.SYS><Sensaura>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Brother MFC Filter Driver / brfilt]
  <System32\Drivers\Brfilt.sys><Brother Industries Ltd.>
[Brother Multi Function Parallel Image driver / brparimg]
  <system32\DRIVERS\BrParImg.sys><Brother Industries Ltd.>
[Brother WDM Parallel Driver / BrParWdm]
  <System32\Drivers\BrParwdm.sys><Brother Industries Ltd.>
[Brother Serial driver / BrSerWDM]
  <System32\Drivers\BrSerWdm.sys><Brother Industries Ltd.>
[Brother MFC USB Fax Only Modem / BrUsbMdm]
  <System32\Drivers\BrUsbMdm.sys><Brother Industries Ltd.>
[Brother MFC USB Scanner driver / BrUsbScn]
  <System32\Drivers\BrUsbScn.sys><Brother Industries Ltd.>
[Conexant 23880 Video Capture / CX23880]
  <system32\drivers\cx88vid.sys><Conexant Systems, Inc.>
[Conexant 2388x Crossbar / CX88XBAR]
  <system32\drivers\CX88XBAR.sys><Conexant Systems, Inc.>
[Conexant 2388x Tuner / CXTUNE]
  <system32\drivers\CX88TUNE.sys><Conexant Systems, Inc.>
[FixDrv / FixDrv]
  <C:\WINDOWS\SYSTEM32\DRIVERS\FixDrv.SYS><N/A>
[HpaFilt / HpaFilt]
  <C:\WINDOWS\SYSTEM32\DRIVERS\HpaFilt.SYS><Lenovo Software inc.>
[kl1 / kl1]
  <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[PNDIO / PNDIO]
  <\??\C:\Program Files\lenovo\联想智能控制中心\SCC\pndio.sys><N/A>
[Direct Parallel Link Driver / Ptilink]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20]
  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver / RTL8023]
  <system32\DRIVERS\Rtlnic51.sys><Realtek Semiconductor Corporation>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv]
  <system32\DRIVERS\secdrv.sys><N/A>
[SiS315 / SiS315]
  <system32\DRIVERS\sisgrp.sys><Silicon Integrated Systems Corporation>
[SiSide / SiSide]
  <\SystemRoot\system32\DRIVERS\siside.sys><Silicon Integrated Systems Corp.>
[SiSkp / SiSkp]
  <system32\DRIVERS\srvkp.sys><Silicon Integrated Systems Corporation>
[Add Performance Filter Driver / sisperf]
  <\SystemRoot\system32\drivers\sisperf.sys><Silicon Integrated Systems Corp.>
[PS/2 Keyboard Filter Driver for WinXp / Skkbdf]
  <system32\DRIVERS\Skkbdf.sys><Silitek Corp.>
[SVKP / SVKP]
  <\??\C:\WINDOWS\system32\SVKP.sys><AntiCracking>
[TSP / TSP]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>

浏览器加载项
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[]
  {1F48640D-67C5-435F-9605-DD6135891AAC} <C:\WINDOWS\system32\yesnqabrfjsmkrt.dll, N/A>
[SafeMe Internet Explorer Helper]
  {3AE06CEE-58A6-4F5F-AF89-6C5350842F16} <C:\WINDOWS\system32\SafeHelper12.dll, LINKMEDIA Tech>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <d:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll, Thunder Networking Technologies,LTD>
[Navigator Class]
  {96FC3938-C6CA-475D-8D3B-45F323A6B62B} <C:\Documents and Settings\All Users\Application Data\Microsoft\Office\NAVDATA\webnav_2018.dll, >
[NavigatMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, N/A>
[rmgj]
  {C9B033C8-7F0F-4295-BE56-4A67BC8D4399} <C:\PROGRA~1\COMMON~1\xvps\bwtw.dll, >
[]
  {E9020D2E-DEC9-4EBE-B38D-E1E6AE13D13F} <C:\WINDOWS\system32\eblmvdegbmmvo.dll, N/A>
[联想宽带通]
  {06926B30-424E-4f1c-8EE3-543CD96573DD} <C:\Program Files\联想宽带通\bbpc.exe, >
[Web反病毒保护]
  {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll, Kaspersky Lab>
[联想]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.lenovo.com, N/A>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[]
  {1F48640D-67C5-435F-9605-DD6135891AAC} <C:\WINDOWS\system32\yesnqabrfjsmkrt.dll, N/A>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\Mshtml.dll, N/A>
[Microsoft Office Control]
  {4453D895-F2A1-4A38-A285-1EF9BD3F6D5D} <C:\PROGRA~1\MICROS~2\OFFICE11\AUTHZAX.DLL, Microsoft Corporation>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <d:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll, Thunder Networking Technologies,LTD>
[Navigator Class]
  {96FC3938-C6CA-475D-8D3B-45F323A6B62B} <C:\Documents and Settings\All Users\Application Data\Microsoft\Office\NAVDATA\webnav_2018.dll, >
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[rmgj]
  {C9B033C8-7F0F-4295-BE56-4A67BC8D4399} <C:\PROGRA~1\COMMON~1\xvps\bwtw.dll, >
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\flash.ocx, Macromedia, Inc.>
[]
  {E9020D2E-DEC9-4EBE-B38D-E1E6AE13D13F} <C:\WINDOWS\system32\eblmvdegbmmvo.dll, N/A>
[&使用迅雷下载]
  <d:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
  <d:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
正在运行的进程
[PID: 376][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 452][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 476][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\klogon.dll]  [Kaspersky Lab, 6.0.0.299]
[PID: 520][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 532][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 676][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 724][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 808][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 840][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 896][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1196][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1608][C:\Program Files\360safe\360Safe.exe]  [奇虎网, 3, 0, 1, 1002]
    [C:\Program Files\360safe\AntiAdwa.dll]  [360Safe.com, 2, 2, 1, 2000]
    [C:\Program Files\360safe\AntiEng.dll]  [360Safe.com, 3, 0, 1, 1001]
    [C:\Program Files\360safe\CleanHis.dll]  [奇虎网, 3, 0, 0, 1001]
    [C:\Program Files\360safe\AntiActi.dll]  [360Safe.com, 2, 0, 0, 3000]
    [C:\Program Files\360safe\safeext.dll]  [360Safe.com, 1, 0, 0, 1018]
    [C:\Program Files\360safe\live.dll]  [360safe.COM, 1, 0, 0, 1011]
    [C:\Program Files\360safe\LeakCheck.dll]  [360Safe.com, 2, 0, 0, 2001]
[PID: 1836][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1940][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2032][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\macromed\flash\flash.ocx]  [Macromedia, Inc., 6,0,79,0]
[PID: 328][F:\许莹\tools\sreng2\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
[D:\]
[autorun]
open=d:\mplay.com

==================================
HOSTS 文件
127.0.0.1      localhost

来帮忙呀，拜托了。
在安全模式下扫的，正常模式登陆不一会就死机。。

为什么我在安全模式下杀了毒了，进正常模式下就不行呢？

<SyrxMy><C:\WINDOWS\system32\iexp1ore.exe> [N/A]
<C:\WINDOWS\sna1006.exe><C:\WINDOWS\sna1006.exe> [N/A]
<be1t><C:\WINDOWS\iexpiore.exe> [N/A]
[7BA6FC1B / 7BA6FC1B]删除注册表及文件


<C:\WINDOWS\system32\7BA6FC1B.EXE -service><Microsoft Corporation>
[C8574A7C / C8574A7C]
<C:\WINDOWS\system32\C8574A7C.EXE -service><Microsoft Corporation>
不解

引用:

【yqlikaka的贴子】<SyrxMy><C:\WINDOWS\system32\iexp1ore.exe> [N/A] <C:\WINDOWS\sna1006.exe><C:\WINDOWS\sna1006.exe> [N/A] <be1t><C:\WINDOWS\iexpiore.exe> [N/A] [7BA6FC1B / 7BA6FC1B]删除注册表及文件 <C:\WINDOWS\system32\7BA6FC1B.EXE -service><Microsoft Corporation> [C8574A7C / C8574A7C] <C:\WINDOWS\system32\C8574A7C.EXE -service><Microsoft Corporation> 不解 ………………

我更不解了，你说什么？？！！