机子中了厉害的毒．．．高手急救啊 bbs.ikaka.com

毒啊毒啊毒 - 2007-3-30 16:04:00

不小心怎么就中了这个毒．就是一点盘里的一些程序　瑞星就会发现好多毒　然后就杀了．然后再点这些程序又会出现一样的这些毒．．有时候哪个杀毒框就一直出现不段说发现某某毒在杀．．．．汗是什么毒啊．．
等下我把日志给大家看看　希望高手帮忙啊！！！

毒啊毒啊毒 - 2007-3-30 16:06:00

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<333><C:\Syswm1i\svchost.exe> [N/A]
<4><C:\SysWsj7\svchost.exe> [N/A]
<66><C:\SysDayN6\svchost.exe> [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<联想标准功能键盘 Ver1.0.0.1><C:\Program Files\联想\联想标准功能键盘\SkDaemond.exe> [联想]
<StateChange><C:\Program Files\lenovo\StateChange\QuakeII.exe> [联想]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [(Verified)Microsoft Windows Publisher]
<RavTask><"E:\瑞星杀毒\Rising\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<KKDelay><C:\Program Files\Rising\AntiSpyware\RunOnce.exe> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]

==================================
启动文件夹
[星空极速]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\星空极速.lnk --> C:\PROGRA~1\ChinaNet\VNETCL~1.EXE []><N>

==================================
服务
[9EE248AC / 9EE248AC][Stopped/Auto Start]
<C:\WINDOWS\system32\9EE248AC.EXE -service><Microsoft Corporation>
[DetectorSvc / DetectorSvc][Stopped/Manual Start]
<><N/A>
[AMD PowerNow! (tm) Technology Service / GemServ][Stopped/Auto Start]
<><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[LexBce Server / LexBceS][Running/Auto Start]
<C:\WINDOWS\system32\LEXBCES.EXE><Lexmark International, Inc.>
[Norton AntiVirus Auto Protect Service / navapsvc][Stopped/Manual Start]
<""><N/A>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"E:\瑞星杀毒\Rising\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
<"E:\瑞星杀毒\Rising\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Symantec Network Drivers Service / SNDSrvc][Stopped/Manual Start]
<><N/A>
[SymWMI Service / SymWSC][Stopped/Auto Start]
<><N/A>
[Windows User Mode Driver Framework / UMWdf][Running/Auto Start]
<C:\WINDOWS\system32\wdfmgr.exe><Microsoft Corporation>

毒啊毒啊毒 - 2007-3-30 16:08:00

正在运行的进程
[PID: 512][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 592][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 616][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\9EE248AC.DLL] [Microsoft Corporation, ]
[PID: 660][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 672][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 816][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 876][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 956][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1000][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1152][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1376][C:\WINDOWS\system32\LEXBCES.EXE] [Lexmark International, Inc., 9.42]
[C:\WINDOWS\system32\lexp2p32.dll] [Lexmark International, Inc., 9.42]
[C:\WINDOWS\system32\lex2kusb.dll] [Lexmark International, Inc., 9.42]
[PID: 1412][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\LEXLMPM.DLL] [Lexmark International, Inc., 96.9.42]
[C:\WINDOWS\system32\LexBce.dll] [Lexmark International, Inc., 9.42]
[C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.1897.0]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\LVCMPP5C.dll] [Lenovo (Beijing) Ltd., 1.0.1.14]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.1897.0]
[C:\WINDOWS\system32\LVCMpwr.dll] [Lenovo (Beijing) Ltd., 1, 0, 1, 0]
[PID: 1420][C:\WINDOWS\system32\LEXPPS.EXE] [Lexmark International, Inc., 9.42]
[C:\WINDOWS\system32\LEXBCE.DLL] [Lexmark International, Inc., 9.42]
[PID: 1992][C:\WINDOWS\system32\nvsvc32.exe] [NVIDIA Corporation, 6.14.10.7184]
[PID: 2032][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 180][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: DNSRV(bld4act)]
[PID: 504][C:\WINDOWS\system32\4DE07D56.exe] [N/A, ]
[C:\WINDOWS\system32\MSVBVM60.DLL] [Microsoft Corporation, 6.00.9690]
[C:\WINDOWS\system32\vb6chs.dll] [Microsoft Corporation, 6.00.8169]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1828][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 264][C:\WINDOWS\system32\wscntfy.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1628][C:\Program Files\联想\联想标准功能键盘\SkDaemond.exe] [联想, 1, 0, 0, 1]
[C:\Program Files\联想\联想标准功能键盘\Ctrdev.dll] [-, 1, 0, 0, 0]
[C:\Program Files\联想\联想标准功能键盘\SKUtil.DLL] [Silitek Corp., 1, 0, 7, 0]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2428][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2664][C:\Program Files\ChinaNet\VnetClient.exe] [, 2006, 6, 30, 11]
[C:\Program Files\ChinaNet\Communicate.dll] [GDCN, 2006, 2, 15, 1]
[C:\Program Files\ChinaNet\DialModule.dll] [GDCN, 2006, 7, 25, 15]
[C:\Program Files\ChinaNet\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
[C:\PROGRA~1\ChinaNet\CLIENT~1.DLL] [, 2004, 2, 28, 1]
[C:\PROGRA~1\ChinaNet\PLUGIN~1.OCX] [, 2006, 6, 2, 14]
[C:\PROGRA~1\ChinaNet\sign.dll] [0, 2004, 12, 1, 1]
[C:\PROGRA~1\ChinaNet\ADVERT~1.OCX] [, 2006, 2, 20, 1]
[C:\PROGRA~1\ChinaNet\VnetBs.ocx] [, 2004, 11, 18, 1]
[C:\PROGRA~1\ChinaNet\VnetSkin.ocx] [GDDC, 2005, 12, 21, 1]
[C:\PROGRA~1\ChinaNet\DialogStyle.dll] [, 1, 0, 0, 1]
[C:\PROGRA~1\ChinaNet\BDSearch.ocx] [gdcn, 2005, 12, 22, 1]
[C:\PROGRA~1\ChinaNet\PageFram.ocx] [Workgroup, 2006, 9, 21, 21]
[C:\PROGRA~1\ChinaNet\AccPage.ocx] [, 6, 12, 6, 11]
[C:\PROGRA~1\ChinaNet\AccountMgr.dll] [, 2006, 5, 26, 11]
[C:\PROGRA~1\ChinaNet\Timer.ocx] [, 2006, 12, 5, 17]
[C:\PROGRA~1\ChinaNet\PLUGIN~2.OCX] [, 2006, 4, 4, 1]
[C:\PROGRA~1\ChinaNet\NEWMES~1.DLL] [, 2006, 12, 5, 11]
[C:\PROGRA~1\ChinaNet\PassCtrl.dll] [GDCN, 2006, 3, 1, 16]
[C:\WINDOWS\system32\wpcap.dll] [Politecnico di Torino, 3, 0, 0, 18]
[C:\WINDOWS\system32\pthreadVC.dll] [N/A, ]
[C:\WINDOWS\system32\packet.dll] [Politecnico di Torino, 3, 0, 0, 18]
[C:\PROGRA~1\ChinaNet\PlugPush.dll] [, 2004, 12, 21, 1]
[C:\PROGRA~1\ChinaNet\ALLINT~1.DLL] [, 2006, 7, 19, 14]
[C:\PROGRA~1\ChinaNet\VNETLO~1.OCX] [, 2005, 10, 9, 1]
[C:\PROGRA~1\ChinaNet\StatNum.dll] [, 2006, 3, 1, 1]
[C:\PROGRA~1\ChinaNet\VNETON~1.OCX] [, 2005, 3, 2, 1]
[C:\PROGRA~1\ChinaNet\ALLFUN~1.DLL] [GDCN, 2006, 8, 23, 16]
[C:\PROGRA~1\ChinaNet\VnetOptLog.dll] [ , 2006, 5, 10, 14]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\PROGRA~1\ChinaNet\DlgSkin.ocx] [, 2005, 11, 14, 1]
[C:\WINDOWS\system32\Macromed\Flash\Flash8a.ocx] [Macromedia, Inc., 8,0,24,0]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[E:\瑞星杀毒\Rising\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18,

毒啊毒啊毒 - 2007-3-30 16:08:00

[PID: 2608][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\PROGRA~1\SINA\UCWEBC~1\UC\UCddt\DDTONG~1.DLL] [北京新浪信息技术有限公司, 1, 2, 1, 5]
[D:\PROGRA~1\SINA\UCWEBC~1\UC\UCddt\ddtinit.dll] [北京新浪信息技术有限公司, 1, 2, 1, 7]
[D:\PROGRA~1\SINA\UCWEBC~1\UC\UCddt\DDTUpdate.dll] [北京新浪信息技术有限公司, 1, 2, 1, 1]
[D:\PROGRA~1\SINA\UCWEBC~1\UC\UCddt\ddtnews.ocx] [北京新浪信息技术有限公司, 1, 1, 1, 5]
[D:\PROGRA~1\SINA\UCWEBC~1\UC\UCddt\ddtcomm.dll] [北京新浪信息技术有限公司, 1, 1, 0, 3]
[D:\PROGRA~1\SINA\UCWEBC~1\UC\UCddt\ddtwea.ocx] [北京新浪信息技术有限公司, 1, 1, 0, 7]
[C:\WINDOWS\system32\KakaTool.dll] [Beijing Rising Technology Co., Ltd., 2, 0, 3, 0]
[C:\WINDOWS\system32\xunleibho_v5.dll] [, 4, 3, 3, 30]
[c:\PROGRA~1\chinanet\VNETTR~1.DLL] [, 2005, 4, 6, 1]
[c:\PROGRA~1\chinanet\Communicate.dll] [GDCN, 2006, 2, 15, 1]
[C:\PROGRA~1\ChinaNet\CLIENT~1.DLL] [, 2004, 2, 28, 1]
[D:\PROGRA~1\SINA\UCWEBC~1\UC\UCddt\ddtkillw.ocx] [北京新浪信息技术有限公司, 1, 1, 0, 5]
[C:\PROGRA~1\FLASHGET\jccatch.dll] [Amaze Soft, 1, 1, 4, 0]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[D:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[E:\瑞星杀毒\Rising\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\WINDOWS\system32\Macromed\Flash\Flash8a.ocx] [Macromedia, Inc., 8,0,24,0]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[C:\WINDOWS\system32\xpsp3res.dll] [Microsoft Corporation, 5.1.2600.2937 (xpsp_sp2_gdr.060623-0002)]
[C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL] [Microsoft Corporation, 11.0.5510]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[PID: 4060][C:\WINDOWS\system32\4DE07D56.exe] [N/A, ]
[C:\WINDOWS\system32\MSVBVM60.DLL] [Microsoft Corporation, 6.00.9690]
[C:\WINDOWS\system32\vb6chs.dll] [Microsoft Corporation, 6.00.8169]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 2092][C:\WINDOWS\system32\4DE07D56.exe] [N/A, ]
[C:\WINDOWS\system32\MSVBVM60.DLL] [Microsoft Corporation, 6.00.9690]
[C:\WINDOWS\system32\vb6chs.dll] [Microsoft Corporation, 6.00.8169]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 3476][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 3240][C:\WINDOWS\explorer.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\9EE248AC.DLL] [Microsoft Corporation, ]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\msccrt.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\PROGRA~1\FLASHGET\jccatch.dll] [Amaze Soft, 1, 1, 4, 0]
[C:\WINDOWS\system32\xunleibho_v5.dll] [, 4, 3, 3, 30]
[D:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[C:\WINDOWS\system32\mp3infp.dll] [win32lab.com, 2.50.5.0]
[C:\WINDOWS\system32\ffdshow.ax] [, 1.0.2.24]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[E:\Downloads\暴风播放器\Storm Codec\Codecs\TTL2Dec.dll] [N/A, ]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[E:\瑞星杀毒\Rising\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[PID: 2444][C:\WINDOWS\system32\4DE07D56.exe] [N/A, ]
[C:\WINDOWS\system32\MSVBVM60.DLL] [Microsoft Corporation, 6.00.9690]
[C:\WINDOWS\system32\vb6chs.dll] [Microsoft Corporation, 6.00.8169]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[PID: 1748][D:\Program Files\Thunder Network\Thunder\Thunder.exe] [Thunder Networking Technologies,LTD, 5.1.5.189]
[D:\Program Files\Thunder Network\Thunder\UpdateDownload.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
[D:\Program Files\Thunder Network\Thunder\download_interface.dll] [Thunder Networking Technologies,LTD, 1, 0, 2, 74]
[D:\Program Files\Thunder Network\Thunder\log4cplus.dll] [, 1, 0, 2, 1]
[D:\Program Files\Thunder Network\Thunder\stlport_vc646.dll] [STLport Consulting, Inc., 4.6.2003.1031]
[D:\Program Files\Thunder Network\Thunder\msgmanage.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 15]
[D:\Program Files\Thunder Network\Thunder\historyinfo_manage.dll] [Thunder Networking Technologies,LTD, 5, 2, 0, 148]
[D:\Program Files\Thunder Network\Thunder\iEmbed.dll] [Thunder Networking Technologies,LTD, 1, 1, 0, 22]
[D:\Program Files\Thunder Network\Thunder\RegisterDll.dll] [Thunder Networking Technologies,LTD, 1, 2, 0, 7]
[D:\Program Files\Thunder Network\Thunder\FloatBar.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[E:\瑞星杀毒\Rising\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[D:\Program Files\Thunder Network\Thunder\iTargetAd.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 59]
[C:\WINDOWS\system32\Macromed\Flash\Flash8a.ocx] [Macromedia, Inc., 8,0,24,0]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[PID: 3548][D:\Program Files\BT\BitComet\Downloads\小电影\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 10]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

毒啊毒啊毒 - 2007-3-30 17:20:00

哎　机子过不久　瑞星就会发现这类的毒然后杀　过１个小时又一样．．到底怎么办啊．．怎么彻底删除掉啊．．．．

病毒名称处理结果发现日期扫描方式路径文件
Trojan.PSW.RocOnline.bo删除成功2007-03-30 17:00文件监控C:\Documents and Settings\gogo\Local Settings\Temporary Internet Files\Content.IE5\05CVKL8Zmoyu0328[1].exe
Trojan.PSW.WoWar.adi删除成功2007-03-30 17:01文件监控C:\Documents and Settings\gogo\Local Settings\Temporary Internet Files\Content.IE5\A6DS9K00wow0328[1].exe
Trojan.PSW.WoWar.adi删除成功2007-03-30 17:01文件监控C:\WINDOWS\system32kdjs2.exe
Trojan.PSW.OnlineGames.xz删除成功2007-03-30 17:01文件监控C:\Documents and Settings\gogo\Local Settings\Temporary Internet Files\Content.IE5\05CVKL8Zjt0327[1].exe>>fsg2.0
Trojan.PSW.OnlineGames.xz删除成功2007-03-30 17:01文件监控C:\WINDOWS\system32kdjs4.exe>>fsg2.0
Trojan.Spy.Agent.cxt删除成功2007-03-30 17:01文件监控C:\Documents and Settings\gogo\Local Settings\Temporary Internet Files\Content.IE5\A6DS9K00wm0328[1].exe>>fsg2.0
Trojan.Spy.Agent.cxt删除成功2007-03-30 17:01文件监控C:\WINDOWS\system32kdjs5.exe>>fsg2.0
Trojan.PSW.CabalOnLine.r删除成功2007-03-30 17:01文件监控C:\DOCUME~1\gogo\LOCALS~1\Tempupxdnd.dll
Trojan.Spy.Agent.cxt删除成功2007-03-30 17:01文件监控C:\Documents and Settings\gogo\Local Settings\Temporary Internet Files\Content.IE5\A6DS9K00wmsj0328[1].exe>>fsg2.0
Trojan.Spy.Agent.cxt删除成功2007-03-30 17:01文件监控C:\WINDOWS\system32kdjs9.exe>>fsg2.0

毒啊毒啊毒 - 2007-3-30 18:37:00

顶啊！高手指教啊！！！！！万分感谢！！

毒啊毒啊毒 - 2007-3-30 18:39:00

顶上去啊希望有知道原因能解决的帮小弟啊.小弟我不会装系统也不会恢复系统哎..能有不重装系统解决的办法吗

梦·梦· - 2007-3-30 18:43:00

开始-所有程序-附件-系统工具-系统还原
试下看看,我昨天也中了跟你一样的毒.

毒啊毒啊毒 - 2007-3-30 18:46:00

那你是怎么解决的啊.把系统还原一次吗?
可我系统还原是关闭的啊.还不起啊..怎么办!!

梦·梦· - 2007-3-30 18:53:00

打开我的电脑，空白处点右健属性-系统还原-设置
都打开监视，然后还原

毒啊毒啊毒 - 2007-3-30 19:13:00

试了还不起啊.我以前没设置还原点.没有还原点啊..怎么办兄弟!!!

梦·梦· - 2007-3-30 19:21:00

Trojan.PSW是特洛依盗号木马，他的变种有很多的，几乎各种游戏它都有木马，它有时候是在我们下载客户端的时候带来的，也可能是在别的情况下带了的，这个病毒一般不是很容易清除。下面是我的方法：
在安全模式下启动机子（最好是在断网），进入注册表，找到HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run和HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run两项，这里面的是我们的机子运行的程序，根据病毒的路径找到他们的藏身地，删除，并把RUN里面的各项也删除（一般全是些没用的东西）。最好还到启动项里去看看，有些服务是病毒加上去的。
我从上面的那个朋友复制过来的，你试下看看

毒啊毒啊毒 - 2007-3-30 19:24:00

先谢谢这位朋友了．不过我不会编辑注册表．．晕死了．不晓得怎么办了．．
瑞星咋就这么没用啊．．一个病毒也杀不了．．亏我用了几年了．．今天碰到倒霉的毒了．．
帮我啊．．．．

梦·梦· - 2007-3-30 19:24:00

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run里面不要都删了,有几个是有用的，瑞星什么的

梦·梦· - 2007-3-30 19:26:00

开始-运行-regedit照上面的找

瑞星卡卡安全论坛