瑞星卡卡安全论坛

双击硬盘符总是出现通讯簿,请教高手,附上日志,赐教.谢谢

用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)

附件: SREngLOG.log

用winrar看下盘根目录下是否有autorun.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.EXE]
    <IFEO[360rpt.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safe.EXE]
    <IFEO[360safe.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.EXE]
    <IFEO[360tray.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ANTIARP.EXE]
    <IFEO[ANTIARP.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ast.EXE]
    <IFEO[Ast.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AutoRunKiller.EXE]
    <IFEO[AutoRunKiller.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.EXE]
    <IFEO[AvMonitor.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVP.EXE]
    <IFEO[AVP.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.EXE]
    <IFEO[CCenter.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Frameworkservice.EXE]
    <IFEO[Frameworkservice.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFUpd.EXE]
    <IFEO[GFUpd.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GuardField.EXE]
    <IFEO[GuardField.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IceSword.EXE]
    <IFEO[IceSword.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.EXE]
    <IFEO[Iparmor.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASARP.EXE]
    <IFEO[KASARP.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavstart.EXE]
    <IFEO[kavstart.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kmailmon.EXE]
    <IFEO[kmailmon.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRegEx.EXE]
    <IFEO[KRegEx.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonxp.KXP]
    <IFEO[KVMonxp.KXP]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.EXE]
    <IFEO[KVSrvXP.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVWSC.EXE]
    <IFEO[KVWSC.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kwatch.EXE]
    <IFEO[kwatch.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Mmsk.EXE]
    <IFEO[Mmsk.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.EXE]
    <IFEO[Navapsvc.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.EXE]
    <IFEO[nod32krn.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nod32kui.EXE]
    <IFEO[Nod32kui.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAV.EXE]
    <IFEO[RAV.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavStub.EXE]
    <IFEO[RavStub.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Regedit.EXE]
    <IFEO[Regedit.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwmain.EXE]
    <IFEO[rfwmain.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwProxy.EXE]
    <IFEO[rfwProxy.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.EXE]
    <IFEO[rfwsrv.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwstub.EXE]
    <IFEO[rfwstub.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Runiep.EXE]
    <IFEO[Runiep.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VPC32.EXE]
    <IFEO[VPC32.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VPTRAY.EXE]
    <IFEO[VPTRAY.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WOPTILITIES.EXE]
    <IFEO[WOPTILITIES.EXE]><C:\WINDOWS\system32\dllcache\wuauclt.exe>  [(Verified)Microsoft Windows Publisher]
使用sreng删除劫持项,用winrar删除盘根目录下的autorun.inf 。将C:\WINDOWS\system32\dllcache\wuauclt.exe拷贝到c:\windows\system32下。

c盘根目录下有autorun.inf文件,请教如何处理?

手动删除，其他盘一样，删除后别忘重启电脑。

升级病毒库，安全模式查毒，
或者手动清除：
假设autorun.inf文件夹是在D盘，操作如下： 打开“开始”，选择“运行”，输入“CMD”，打开命令行窗口，在命令行窗口中输入一下命令：
第一步：输入D: 然后回车
第二步：输入rmdir /s autorun.inf 然后回车
第三步：当出现提示时，按“Y”，并回车
其他盘照此方法执行即可！！

c盘可以进入了,d盘还是不行,:default3: :default3: 如何操作?多谢

少删除了个文件,现在没问题了,多谢了:default69: :default69:

如果有autorun.inf这个文件
"开始"-"运行"-"winrar"
然后在各个盘符下面把这个文件删除掉