【回复“53740575”的帖子】

【回复“53740575”的帖子】

威金...
重装吧..所有的.exe 文件全部感染..全盘格..

【回复“mopery”的帖子】
晕,,,,除了重装就没有其他的法子解决啊.怎么连瑞星正版的都杀不掉

没其他办法 所有.exe 文件全被感染了..而且要全盘格..

【回复“我无邪”的帖子】
【回复“我无邪”的帖子】
谢谢你的回复
ep2k_certd_bc.exe这个程序是网上银行的连接控件. 我刚才用你说的用SYSTEM RAPAIR EngineeR ，使用“系统修复，浏览器加载项”来删除以下选项。
C:\WINDOWS\system32\certInStall.dll
C:\WINDOWS\system32\safein.dll
C:\windows\system32\ep2pk11_bc.dll怎么都删不掉啊.还有那个rundl132.exe之前有出现过后面被我删了同时注册表里的相关信息我也删了现在我在进入注册表里去找怎么找不到,但是用智能扫描怎么又能扫描到rundl132.exe这个启动信息啦?还是我用MSCONFIG进去系统的启动也能看到但是就是找不到怎么回事啊.还有我刚才用SYSTEM RAPAIR EngineeR 点启动项目时就弹出一个警告框上面写着:注册表值UserInit被修改为非正常值（对于ＸＰ或更高的版本，默认值类似于＂Ｃ：ＷＩＮＤＯＷＳ＼ＳＹＳＴＥＭ３２＼ＵＳＥＲＩＮＩＴ．ＥＸＥ）请检查你的电脑可能存在病毒＂HKEY-LOCAL-MACHINE\sofewar\microsofwindows nt\currentversion\winlogon.这个又是什么东东啊．

【回复“我无邪”的帖子】注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <LDM><C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe>  [Logitech]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <High Definition Audio Property Page Shortcut><HDAShCut.exe>  [(Verified)Windows (R) Server 2003 DDK provider]
    <SoundMAXPnP><C:\Program Files\Analog Devices\Core\smax4pnp.exe>  [(Verified)Analog Devices, Inc.]
    <SoundMAX><"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray>  [Analog Devices, Inc.]
    <nwiz><nwiz.exe /install>  [N/A]
    <Logitech Hardware Abstraction Layer><KHALMNPR.EXE>  [(Verified)Logitech Inc.]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [Beijing Rising Technology Co., Ltd.]
    <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [Beijing Rising Technology Co., Ltd.]
    <StormCodec_Helper><"C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti>  [N/A]
    <RemoteControl><"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe">  [Cyberlink Corp.]
    <Device Detector><DevDetect.exe -autorun>  [N/A]
    <POPO2004><F:\popo\popo2004\Start.exe>  [网易(163.com)]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <RavStub><"C:\Program Files\Rising\Rav\ravstub.exe" /RUNONCE>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><userinit.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
    <{BA8C2B95-A7E9-464B-A0A5-FFE9B8A1C030}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\xiaran.dat>  [N/A]

==================================
启动文件夹
[Logitech SetPoint]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Logitech SetPoint.lnk --> C:\PROGRA~1\Logitech\SetPoint\SetPoint.exe [Logitech Inc.]><N>
[Logitech Desktop Messenger]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Logitech Desktop Messenger.lnk --> C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LDMConf.exe [Logitech]><N>
[Start]
  <C:\Documents and Settings\胡卓敏\「开始」菜单\程序\启动\Start.lnk --> F:\popo\popo2004\Start.exe [网易(163.com)]><N>
[CoralQQ]
  <C:\Documents and Settings\胡卓敏\「开始」菜单\程序\启动\CoralQQ.lnk --> D:\QQ\CoralQQ.exe [珊瑚虫工作室]><N>
[CoralQQ (2)]
  <C:\Documents and Settings\胡卓敏\「开始」菜单\程序\启动\CoralQQ (2).lnk --> D:\QQ\CoralQQ.exe [珊瑚虫工作室]><N>
[本地连接]
  <C:\Documents and Settings\胡卓敏\「开始」菜单\程序\启动\本地连接.lnk -->  [N/A]><N>
[迅雷5]
  <C:\Documents and Settings\胡卓敏\「开始」菜单\程序\启动\迅雷5.lnk --> C:\PROGRA~1\THUNDE~1\Thunder\Thunder.exe [Thunder Networking Technologies,LTD]><N>

==================================
服务
[ATK Keyboard Service / ATKKeyboardService]
  <C:\WINDOWS\ATKKBService.exe><ASUSTeK COMPUTER INC.>
[Human Interface Device Access / HidServ]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NVIDIA Display Driver Service / NVSvc]
  <C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation>
[Rising Proxy  Service / RfwProxySrv]
  <c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
  <c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
驱动程序
[ADI UAA Function Driver for High Definition Audio Service / ADIHdAudAddService]
  <system32\drivers\ADIHdAud.sys><Analog Devices, Inc.>
[AEAudio Service / AEAudioService]
  <system32\drivers\AEAudio.sys><Andrea Electronics Corporation>
[AsIO / AsIO]
  <system32\drivers\AsIO.sys><N/A>
[Enhanced Display Driver Helper Service / asuskbnt]
  <system32\drivers\atkkbnt.sys><ASUSTeK COMPUTER INC.>
[Rising TDI Base Driver / BaseTDI]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[Creative SBLive! Gameport / ctljystk]
  <System32\DRIVERS\ctljystk.sys><Creative Technology Ltd.>
[EagleNT / EagleNT]
  <\??\C:\WINDOWS\System32\drivers\EagleNT.sys><N/A>
[EIO / EIO]
  <\??\C:\WINDOWS\system32\drivers\EIO.sys><ASUSTeK Computer Inc.>
[Creative SB Live! (WDM) / emu10k]
  <system32\drivers\emu10k1m.sys><Creative Technology Ltd.>
[Creative Interface Manager Driver (WDM) / emu10k1]
  <system32\drivers\ctlfacem.sys><Creative Technology Ltd.>
[ExpScaner / ExpScaner]
  <\??\C:\Program Files\Rising\Rav\ExpScan.sys><>
[VIA Rhine-Family Fast Ethernet Adapter Driver Service / FETND5BV]
  <System32\DRIVERS\fetnd5bv.sys><VIA Technologies, Inc.>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS]
  <System32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[Microsoft UAA Function Driver for High Definition Audio Service / HdAudAddService]
  <system32\drivers\HdAudio.sys><Windows (R) Server 2003 DDK provider>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus]
  <System32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HookCont / HookCont]
  <\??\C:\Program Files\Rising\Rav\HOOKCONT.sys><Rising tech Co. ltd>
[HookReg / HookReg]
  <\??\C:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys]
  <\??\C:\Program Files\Rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl]
  <\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[Logitech SetPoint Keyboard Driver / L8042Kbd]
  <System32\DRIVERS\L8042Kbd.sys><Logitech, Inc.>
[Logitech SetPoint HID Mouse Filter Driver / LHidKe]
  <System32\DRIVERS\LHidKE.Sys><Logitech, Inc.>
[Logitech SetPoint USB Receiver device driver / LHidUsbK]
  <System32\Drivers\LHidUsbK.Sys><Logitech, Inc.>
[Logitech SetPoint Mouse Filter Driver / LMouKE]
  <System32\DRIVERS\LMouKE.Sys><Logitech, Inc.>
[MEMSCAN / MEMSCAN]
  <\??\C:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs]
  <\??\c:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[ATK0110 ACPI UTILITY / MTsensor]
  <System32\DRIVERS\ASACPI.sys><>
[npkcrypt / npkcrypt]
  <\??\D:\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[npkycryp / npkycryp]
  <\??\D:\QQ\npkycryp.sys><N/A>
[nv / nv]
  <System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20]
  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[RsFwDrv / RsFwDrv]
  <\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[Secdrv / Secdrv]
  <System32\DRIVERS\secdrv.sys><N/A>
[SenFilt Service / SenFiltService]
  <system32\drivers\Senfilt.sys><Sensaura>
[Creative SoundFont Manager Driver (WDM) / sfman]
  <system32\drivers\sfmanm.sys><Creative Technology Ltd.>

【回复“我无邪”的帖子】浏览器加载项
[ThunderIEHelper Class]
  {0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\System32\xunleibho_v13.dll, Thunder Networking Technologies,LTD>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[BandIE Class]
  {77FEF28E-EB96-44FF-B511-3185DEA48697} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[启动迅雷]
  {0062C9BD-B349-40DE-91A0-755F37ACD559} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[百度超级搜霸]
  {B580CF65-E151-49C3-B73F-70B13FCA8E86} <C:\PROGRA~1\baidu\bar\baidubar.dll, Baidu.com, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[&使用迅雷下载]
  <C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
  <C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[用比特精灵下载(&B)]
  <C:\Program Files\BitSpirit\bsurl.htm, N/A>